Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Terraform cloudposse/iam-system-user/aws module initialization… #47

Closed
wants to merge 4 commits into from
Closed

Update Terraform cloudposse/iam-system-user/aws module initialization… #47

wants to merge 4 commits into from

Conversation

andrelohmann
Copy link

… - added iam_access_key_max_age parameter

what

  • iam_access_key_max_age was added to the variables.tf file as a copy from cloudposse/iam-system-user/aws module
  • iam_access_key_max_age is handed over as a parameter in cloudposse/iam-system-user/aws module instatiation

why

  • iam_access_key_max_age defaults to 30 days now
  • every time the inheriting modules (e.g. terraform-aws-s3-bucket) are updated, this leads to a recreation of the s3 user as with an expired Access Key

@andrelohmann andrelohmann requested review from a team as code owners August 30, 2022 05:55
@andrelohmann andrelohmann mentioned this pull request Aug 30, 2022
Closed
Andre Lohmann added 2 commits August 30, 2022 08:18
Update Terraform cloudposse/iam-system-user/aws module initialization…
cb00100 
… - added iam_access_key_max_age parameter
Merge branch 'hotfix/add_iam_access_key_max_age_to_cloudposse-iam-sys…
68bec75 
…tem-user-aws' of github.com:andrelohmann/terraform-aws-iam-s3-user into hotfix/add_iam_access_key_max_age_to_cloudposse-iam-system-user-aws
@Nuru Nuru added wontfix This will not be worked on do not merge Do not merge this PR, doing so would cause problems labels Sep 4, 2022
@Nuru
Copy link
Contributor

Nuru commented Sep 4, 2022

Thank you for your contribution.

Unfortunately, we are removing this feature due to the confusion to the community of our terraform users that has been caused by requiring the cloudposse/awsutils Terraform provider to provide the feature. The error messages stemming from the missing provider block configuration are causing more of a support headache than it is worth. Since we implemented this feature, most CI/CD providers have implemented a better way to obtain short-lived CI/CD credentials (e.g. GitHub Actions and CircleCI both support OIDC with AWS, GCP, Azure, etc).

@Nuru Nuru closed this Sep 4, 2022
@andrelohmann
Copy link
Author

@Nuru sorry to ask again, I don't really get your comment.
What kind of feature are you talking about, that will be deprecated? The cloudposse/awsutils (and therefor the "context")? Or will the "iam_access_key_max_age" being deprecated, so that the generated AK/SK are no longer expiring?

@Nuru
Copy link
Contributor

Nuru commented Sep 7, 2022

What kind of feature are you talking about, that will be deprecated? The cloudposse/awsutils (and therefor the "context")? Or will the "iam_access_key_max_age" being deprecated, so that the generated AK/SK are no longer expiring?

@andrelohmann Both. See the v1.0.0 Release Notes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Gowiem Gowiem Awaiting requested review from Gowiem Gowiem was automatically assigned from cloudposse/contributors

@korenyoni korenyoni Awaiting requested review from korenyoni korenyoni was automatically assigned from cloudposse/contributors

Assignees
No one assigned
Labels
do not merge Do not merge this PR, doing so would cause problems wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@andrelohmann @Nuru @cloudpossebot