Make build user support a single build environment #62
+145
−199
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We no longer want providers for Production and Staging because our planned future state prevents Production and Staging accounts from co-mingling in the same AWS organization.
… AMI-creation role in this module cisagov/ci-iam-user-tf-module is no longer useful in our target state with separate Production and Staging environments.
Also, make some more changes related to the removal of cisagov/ci-iam-user-tf-module.
dav3r
added
blocked
dv4harr10
approved these changes
Jan 14, 2025
For unknown reasons, terraform-docs is not including this provider. Re-running terraform-docs will remove it, but that change should be ignored. Co-authored-by: Jeremy Frasier <[email protected]>
10 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🗣 Description
This PR modifies the build user that is created by this module such that the user can only build AMIs in a single environment.
💭 Motivation and context
In the past, we had a single build user that was capable of building AMIs in both a staging and production environment. In our target (near-future) state, each packer repo will have one build user per environment (e.g. dev, staging, production, etc.)
This supports our overall goal of a COOL system where each environment's IAM users exist in an AWS account specific to that environment and no others.
Note
I am marking this PR as "blocked" until the related skeleton-packer PR (cisagov/skeleton-packer#393) has been reviewed and approved, to minimize the amount of time that our cisagov packer repos are out of sync with the latest changes in this module.
🧪 Testing
I used the version of the module in this PR to successfully create dev, staging, and production build users for cisagov/skeleton-packer#393.
✅ Pre-approval checklist
to reflect the changes in this PR.
✅ Post-merge checklist