Setup OIDC Authentication for MCP #222
Comments
|
@sjoshi-jpl when creating tickets, please try to use the issue templates like those specified here: https://github.com/NASA-PDS/registry/issues/new/choose. they add a whole bunch of default labels so these tickets show up in downstream reports correctly. the issue templates don't work in the Zenhub interface, so they should not be used. |
|
@nutjob4life next up after NASA-PDS/registry-sweepers#61 |
|
Hi @jordanpadams, I'm going to add @sjoshi-jpl to this as well since I don't have the NGAP, MCP, or role-provisioning experience in IAM. Conceptually I think I know how this'll work, but together we'll be able to make progress on it. |
|
@sjoshi-jpl is updating the IAM role. |
|
Unable to create a new identity provider in MCP. Will need SA to create it for us. |
|
Status: Awaiting SA support on this topic |
|
Status: Ping from MCP they are working on it right now |
|
Setup complete for OIDC IdP and IAM role trust policy. However, still receiving error while using it. Working with MCP on a resolution. |
|
MOA signed and emailed back |
|
OIDC setup fully tested and functional |
|
I am closing this ticket. |
Work with MCP SA team to setup an IAM role for OIDC authentication. Similar to what we have in NGAP.
The role needs to be an AssumeRole that can be used for authenticating to MCP via GitHub Actions.
Based on the latest conversation with MCP SA team, we need to provide them with an IAM (least privilege) policy that will be attached to this role and grant our team access to deploy AWS resources. To do this, we need to come up with the list of services our PDS project uses in AWS and then define a set of permissions for each service.
The text was updated successfully, but these errors were encountered: