This repository has been archived by the owner on Aug 21, 2024. It is now read-only.
Refactor AWS config to be clearer #8047
Assignees
Comments
5 tasks
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The storing and naming of some of the AWS IAM roles in the engine config is sub-par.
config.aws.keys is the S3-access user, which should really be under config.aws.s3
The ECR/EKS-access user is not stored anywhere in the config. We are just using process.env.AWS_ACCESS_KEY/AWS_SECRET in the code to get those values. The environment variables should also be renamed to something like EKS_AWS_ACCESS_KEY/EKS_AWS_SECRET to more clearly indicate which keys they are.
findBuilderTags in project-helper.ts is using the raw process.env.AWS_ACCESS_KEY/AWS_SECRET. It should use the new stored EKS user keys. Also check if that's used anywhere else.
The main documentation should be updated to not call the EKS user 'Github-Actions-User'. The user should be named around EKS to show that's what it has access to. This is roughly how it's named in the CF templates, albeit there it's called ECRUser, and that should probably be changed to EKSUser.
The text was updated successfully, but these errors were encountered: