[BUILD-868] Make use of Jenkins-sre role in Jenkins SRE deployment pipelines Created: 07/Jul/22 Updated: 18/Jul/22 Resolved: 13/Jul/22 |
|
| Status: | Closed |
| Project: | Build |
| Component/s: | Pipelines |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Neutral |
| Reporter: | Roberto Gomez | Assignee: | Roberto Gomez |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Template: | |||||||||
| Acceptance criteria: |
Empty
|
||||||||
| Task DoR: |
[X]*
Modifiy pipeline for foundation-internal-base project
[X]*
Modify pipeline for mgnl-renovate-bot project
[X]*
Modify pipeline for magnolia-mgmt project
[X]*
Delete jenkins user in AWS magnolia-core-expeimental and magnolia-core-production
|
||||||||
| Team: | |||||||||
| Description |
|
As for now we are using a IAM user to make deployments into AWS accounts. This user privileges are managed in foundation-internal-base project. The problem with this approach is that the mentioned project needs to be manually deployed, and on top of that is not that good practice to use a IAM user for that. Thanks to Rubén from SRE Team we have now the AWS accounts enrolled in their AWS Control Tower setup, which means we can benefit from "good practices". Thus, we can start using the sre-platform platform role and other Jenkins SRE available functionality. To migrate the pipelines the following actions should be done:
The pipelines to modify are:
After thar the jennkins user (arn:aws:iam::347299396223:user/jenkins.sre.magnolia-cloud.com) should be removed from the two AWS accounts: magnolia-core-expeimental and magnolia-core-production.
|