Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[#301] Add Michał Szałowski to SSH access list for environment management #302

Merged
merged 1 commit into from
Feb 27, 2024
Merged

[#301] Add Michał Szałowski to SSH access list for environment management #302

merged 1 commit into from
Feb 27, 2024

Conversation

placek
Copy link
Contributor

@placek placek commented Feb 26, 2024

This PR adds Michał Szałowski (@MSzalowski) to the list of users authorized for SSH access to all the environments, thereby expanding the secure access management system to include a team leader.

@placek placek self-assigned this Feb 26, 2024
@placek placek linked an issue Feb 26, 2024 that may be closed by this pull request
Implement a unified access management and onboarding policy for team members #301
Closed
3 tasks
@placek
Copy link
Contributor Author

placek commented Feb 26, 2024 

Terraform used the selected providers to generate the following execution plan. Resource
actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.govtool-beta-sanchonet.aws_instance.govtool will be updated in-place
  ~ resource "aws_instance" "govtool" {
        id                                   = "i-003b80532fbba9d25"
        tags                                 = {
            "Name"            = "govtool_beta_sanchonet"
            "app_env"         = "beta"
            "app_name"        = "govtool"
            "cardano_network" = "sanchonet"
        }
      ~ user_data                            = "4883c0fff532221d002ce1ad26c1de84da805eb3" -> "216fc82c5ba9bec5014e6a3e0ad799be5fe7b011"
        # (31 unchanged attributes hidden)

        # (8 unchanged blocks hidden)
    }

  # module.govtool-dev-sanchonet.aws_instance.govtool will be updated in-place
  ~ resource "aws_instance" "govtool" {
        id                                   = "i-0dcf40b1d8698f47a"
        tags                                 = {
            "Name"            = "govtool_dev_sanchonet"
            "app_env"         = "dev"
            "app_name"        = "govtool"
            "cardano_network" = "sanchonet"
        }
      ~ user_data                            = "4883c0fff532221d002ce1ad26c1de84da805eb3" -> "216fc82c5ba9bec5014e6a3e0ad799be5fe7b011"
        # (31 unchanged attributes hidden)

        # (8 unchanged blocks hidden)
    }

  # module.govtool-staging-sanchonet.aws_instance.govtool will be updated in-place
  ~ resource "aws_instance" "govtool" {
        id                                   = "i-0147d6939f20e7eb5"
        tags                                 = {
            "Name"            = "govtool_staging_sanchonet"
            "app_env"         = "staging"
            "app_name"        = "govtool"
            "cardano_network" = "sanchonet"
        }
      ~ user_data                            = "4883c0fff532221d002ce1ad26c1de84da805eb3" -> "216fc82c5ba9bec5014e6a3e0ad799be5fe7b011"
        # (31 unchanged attributes hidden)

        # (8 unchanged blocks hidden)
    }

  # module.govtool-test-sanchonet.aws_instance.govtool will be updated in-place
  ~ resource "aws_instance" "govtool" {
        id                                   = "i-09256507fec8d0c83"
        tags                                 = {
            "Name"            = "govtool_test_sanchonet"
            "app_env"         = "test"
            "app_name"        = "govtool"
            "cardano_network" = "sanchonet"
        }
      ~ user_data                            = "4883c0fff532221d002ce1ad26c1de84da805eb3" -> "216fc82c5ba9bec5014e6a3e0ad799be5fe7b011"
        # (31 unchanged attributes hidden)

        # (8 unchanged blocks hidden)
    }

Plan: 0 to add, 4 to change, 0 to destroy.

@placek placek requested a review from adgud February 26, 2024 14:10
@placek placek marked this pull request as ready for review February 26, 2024 14:10
@placek
Copy link
Contributor Author

placek commented Feb 26, 2024

It seems that our current configuration will not recreate instance since the default value of user_data_replace_on_change should be by default false and we are not setting it to true, but I think I will be much more confident once I use explicit statement of user_data_replace_on_change = false. What do you think @adgud ?

@placek
[#301] Add Michał Szałowski to SSH access list for environment manage…
2485564 
…ment

This commit updates the user_data.sh script within the Terraform modules
for govtool-EC2 instances. It adds Michał Szałowski to the list of users
authorized for SSH access, thereby expanding the secure access
management system to include a team leader. This change is a step
towards fulfilling the secure credential sharing acceptance criterion by
ensuring new team members like Michał have the necessary access to
sensitive environments.
@placek placek force-pushed the chore/301-implement-a-unified-access-management-and-onboarding-policy-for-team-members branch from 15cd70a to 2485564 Compare February 26, 2024 14:47
@adgud
Copy link
Contributor

adgud commented Feb 26, 2024

It seems that our current configuration will not recreate instance since the default value of user_data_replace_on_change should be by default false and we are not setting it to true, but I think I will be much more confident once I use explicit statement of user_data_replace_on_change = false. What do you think @adgud ?

You can update that, sure. It's known behaviour in EC2 but being more explicit won't hurt anyone.

@placek
Copy link
Contributor Author

placek commented Feb 27, 2024

Terraform plan apllied, @MSzalowski added to the .ssh/authorized_keys.

@placek placek merged commit c17c0c0 into develop Feb 27, 2024
@placek placek deleted the chore/301-implement-a-unified-access-management-and-onboarding-policy-for-team-members branch February 27, 2024 05:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MSzalowski MSzalowski MSzalowski approved these changes

@adgud adgud Awaiting requested review from adgud

@kickloop kickloop Awaiting requested review from kickloop

Assignees

@placek placek

Labels
🏗 Infrastructure
Projects
None yet
Milestone
Infrastructure management (DevOps)
Development

Successfully merging this pull request may close these issues.

Implement a unified access management and onboarding policy for team members
3 participants
@placek @adgud @MSzalowski