[BUILD-868] Make use of Jenkins-sre role in Jenkins SRE deployment pipelines Created: 07/Jul/22  Updated: 18/Jul/22  Resolved: 13/Jul/22

Status: Closed
Project: Build
Component/s: Pipelines
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Neutral
Reporter: Roberto Gomez Assignee: Roberto Gomez
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relation
is related to BUILD-837 Extra common logic to switch accounts... Closed
Template:
Acceptance criteria:
Empty
Task DoR:
[X]* Modifiy pipeline for foundation-internal-base project
[X]* Modify pipeline for mgnl-renovate-bot project
[X]* Modify pipeline for magnolia-mgmt project
[X]* Delete jenkins user in AWS magnolia-core-expeimental and magnolia-core-production
Team: Foundation

 Description   

As for now we are using a IAM user to make deployments into AWS accounts. This user privileges are managed in foundation-internal-base project. The problem with this approach is that the mentioned project needs to be manually deployed, and on top of that is not that good practice to use a IAM user for that. 

Thanks to Rubén from SRE Team we have now the AWS accounts enrolled in their AWS Control Tower setup, which means we can benefit from "good practices". Thus, we can start using the sre-platform platform role and other Jenkins SRE available functionality.

To migrate the pipelines the following actions should be done:

  1. Add the withAWS line to the pipeline
  2. Run terraform init command with the param: backend-config='role_arn=arn:aws:iam::<foundation_account_id>:role/sre-platform
  3. Modify the terraform provider 

The pipelines to modify are:

 

After thar the jennkins user (arn:aws:iam::347299396223:user/jenkins.sre.magnolia-cloud.com) should be removed from the two AWS accounts: magnolia-core-expeimental and magnolia-core-production.

 


Generated at Sun Feb 11 23:45:57 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.