Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cross account ASG access #320

Open
mightymouse2045 opened this issue Apr 7, 2023 · 11 comments · May be fixed by #730
Open

Cross account ASG access #320

mightymouse2045 opened this issue Apr 7, 2023 · 11 comments · May be fixed by #730
Labels
backlog Pull requests/issues that are backlog items help wanted Issues identified as good community contribution opportunities proposal An issue that proposes a feature request refined Issues that are ready to be prioritized
Milestone
v0.6.0

Comments

@mightymouse2045
Copy link

Hi - as you would be aware it is simple to specify an account when using the aws cli.

I would like to be able to configure the account as a variable as you have allowed for with the region. So in the IAM role that is assigned to the instance I can allow access to the EC2 ASG in the specified account to read and update the upstream with the IP's of the ASG in the account specified.

Is this something you could add fairly easily?
@mightymouse2045
Copy link
Author

mightymouse2045 commented Apr 7, 2023
edited

I have just tested this. An easy way to implement this would be to allow to specify an optional aws cli profile name under each upstream. This would then require the following:

  1. The user running the service (is it root or nginx?) - requires ~/.aws/config file with the following entry:

[profile someProfileName]
role_arn = arn:aws:iam::123456789012:role/marketingadminrole
credential_source = Ec2InstanceMetadata

  1. Update to the instance IAM role to allow assume role access to the role specified in the profile above
  2. Update the trust policy for the role in the other account to allow the nginx IAM role to assume it
  3. Your code would then have to be updated to allow specifying the profile to use, so when running the ec2 or autoscaling commands it would be listing the ec2 instances from the other account

@github-actions

This comment was marked as outdated.

Sign in to view
@github-actions github-actions bot added the stale Pull requests/issues with no activity label Jun 10, 2023
@github-actions

This comment was marked as outdated.

Sign in to view
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jun 18, 2023
@lucacome lucacome reopened this Jun 19, 2023
@lucacome lucacome added proposal An issue that proposes a feature request backlog candidate Pull requests/issues that are candidates to be backlog items and removed stale Pull requests/issues with no activity labels Jun 19, 2023
@github-actions

This comment was marked as outdated.

Sign in to view
@github-actions github-actions bot added the stale Pull requests/issues with no activity label Aug 19, 2023
@github-actions

This comment was marked as outdated.

Sign in to view
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Aug 26, 2023
@lucacome lucacome reopened this Aug 26, 2023
@lucacome lucacome removed the stale Pull requests/issues with no activity label Aug 26, 2023
@github-actions

This comment was marked as outdated.

Sign in to view
@github-actions github-actions bot added the stale Pull requests/issues with no activity label Oct 26, 2023
@lucacome lucacome removed the stale Pull requests/issues with no activity label Oct 26, 2023
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@github-actions github-actions bot added the stale Pull requests/issues with no activity label Dec 26, 2023
@github-actions GitHub Actions

This comment was marked as outdated.

Sign in to view
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jan 2, 2024
@mightymouse2045
Copy link
Author

any updates on this at all?

@lucacome lucacome removed the stale Pull requests/issues with no activity label Jun 20, 2024
@lucacome lucacome reopened this Jun 20, 2024
@mpstefan mpstefan added backlog Pull requests/issues that are backlog items refined Issues that are ready to be prioritized help wanted Issues identified as good community contribution opportunities and removed backlog candidate Pull requests/issues that are candidates to be backlog items labels Jul 17, 2024
@vepatel
Copy link
Contributor

vepatel commented Jul 17, 2024

Hey @mightymouse2045 we looked at this issue and would like to know if you'll be interested in creating a PR with documentation?

@lucacome lucacome linked a pull request Jul 27, 2024 that will close this issue
Draft
6 tasks
@lucacome
Copy link
Member

@mightymouse2045 I opened a PR for this #730, would you be able to test it?

@lucacome lucacome added this to the v0.6.0 milestone Aug 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backlog Pull requests/issues that are backlog items help wanted Issues identified as good community contribution opportunities proposal An issue that proposes a feature request refined Issues that are ready to be prioritized
Projects
None yet
Milestone
v0.6.0
Development

Successfully merging a pull request may close this issue.

Add profile option for AWS nginxinc/nginx-asg-sync
4 participants
@lucacome @mightymouse2045 @mpstefan @vepatel