Skip to content
This repository has been archived by the owner on Nov 8, 2021. It is now read-only.

Commit

Permalink
fix tag enabled groups in multi account setup (#136)
Browse files Browse the repository at this point in the history
  • Loading branch information
@grusy @michaelwittig
grusy authored and michaelwittig committed Aug 17, 2018
1 parent 2aa0217 commit d49c103
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 3 deletions.
4 changes: 4 additions & 0 deletions iam_crossaccount_policy.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,5 +6,9 @@
"Resource": [
"arn:aws:iam::<YOUR_USERS_ACCOUNT_ID_HERE>:role/<YOUR_USERS_ACCOUNT_ROLE_NAME_HERE>"
]
},{
"Effect": "Allow",
"Action": "ec2:DescribeTags",
"Resource": "*"
}]
}
6 changes: 3 additions & 3 deletions import_users.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -234,9 +234,6 @@ function sync_accounts() {
# Check if local marker group exists, if not, create it
/usr/bin/getent group "${LOCAL_MARKER_GROUP}" >/dev/null 2>&1 || /usr/sbin/groupadd "${LOCAL_MARKER_GROUP}"

# setup the aws credentials if needed
setup_aws_credentials

# declare and set some variables
local iam_users
local sudo_users
Expand All @@ -249,6 +246,9 @@ function sync_accounts() {
get_iam_groups_from_tag
get_sudoers_groups_from_tag

# setup the aws credentials if needed
setup_aws_credentials

iam_users=$(get_clean_iam_users | sort | uniq)
if [[ -z "${iam_users}" ]]
then
Expand Down

1 comment on commit d49c103

@evan-ravenelle
Copy link
Contributor

@evan-ravenelle evan-ravenelle commented on d49c103 Sep 17, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI this change is here but it is not in the RPM linked in the installation instructions. I just spent about two hours troubleshooting the script and implementing this change myself when I came across this commit.

Please sign in to comment.