Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create service account for Terraforming IAM resources #106

Closed
5 tasks done
Tracked by #30
chelseybeck opened this issue Jan 30, 2024 · 0 comments
Closed
5 tasks done
Tracked by #30

Create service account for Terraforming IAM resources #106

chelseybeck opened this issue Jan 30, 2024 · 0 comments

Comments

@chelseybeck
Copy link
Member

chelseybeck commented Jan 30, 2024

Overview

In order to manage AWS IAM resources as code, we need a service account to connect to AWS via a GitHub action

Action Items

  • Create user account devops-iam-github-action

    • add these permissions - required for Terraform to access the bucket that stores the state
    • IAM permissions - use existing customer-managed policy TerraformIAM
      • grants necessary permissions for the account to create and maintain IAM resources (users, groups, roles, and policies)
    • DynamoDB permissions - use existing customer-managed policy TerraformDynamoDBAccess
  • Generate access keys for this account and store them in GitHub Secrets

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Development

No branches or pull requests

3 participants