From d574836a9d02109f8350a929a0884cbc6569726c Mon Sep 17 00:00:00 2001 From: folarin oyenuga Date: Mon, 5 Aug 2024 12:20:30 +0100 Subject: [PATCH 1/2] update review date and spell checks --- .../source/rotate-user-aws-credentials.html.md.erb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/runbooks/source/rotate-user-aws-credentials.html.md.erb b/runbooks/source/rotate-user-aws-credentials.html.md.erb index 32fd49f6..9ae72416 100644 --- a/runbooks/source/rotate-user-aws-credentials.html.md.erb +++ b/runbooks/source/rotate-user-aws-credentials.html.md.erb @@ -1,16 +1,16 @@ --- title: Rotate User Credentials weight: 100 -last_reviewed_on: 2024-02-02 +last_reviewed_on: 2024-08-05 review_in: 6 months --- # Rotate User AWS Credentials -Most of the terraform modules supported by Cloud Platform uses IRSA and hence no long term credentials are created. If any other resources refer to credentials +Most of the terraform modules supported by Cloud Platform use IRSA, hence no long term credentials are created. If any other resources refer to credentials created by terraform sucn as IAM user, Cognito users, etc, then use this runbook if those AWS credentials have been exposed. -In this case, 'AWS credentials' refers to credentials created by terraform, for resources in the user's namespace. Use this runbook if a user's AWS credentials have been exposed. +In this case, 'AWS credentials' refer to credentials created by terraform, for resources in the user's namespace. Use this runbook if a user's AWS credentials have been exposed. We will make terraform destroy the compromised credentials, and then recreate them. For this example, we will use the case where an IAM user access key and secret in a namespace was exposed. @@ -26,7 +26,7 @@ git checkout main git pull ``` -Launch the tools-shell. This will have all the binary with correct versions needs for performing terraform operations +Launch the tools-shell. This will have all the binary with correct version needs for performing terraform operations ```bash make tools-shell @@ -43,7 +43,7 @@ The values are stored as secrets in `manager` cluster - `concourse-main` namespa aws eks --region eu-west-2 update-kubeconfig --name live ``` -## Set cluster related environment variables +## Set cluster-related environment variables ```bash export TF_VAR_vpc_name="live-1" @@ -76,7 +76,7 @@ terraform init \ -backend-config="dynamodb_table=cloud-platform-environments-terraform-lock" ``` -Note: Bucket key above is referencing to "live-1", as state is stored in "live-1.cloud-platform.service.justice.gov.uk" for namespaces in "live" cluster. +Note: The bucket key above is a reference to "live-1", as state is stored in "live-1.cloud-platform.service.justice.gov.uk" for namespaces in "live" cluster. ## Terraform Plan/Apply From 10aa3b90107c83fd5d0d604edb06845ae6d9c7e1 Mon Sep 17 00:00:00 2001 From: folarin oyenuga Date: Wed, 7 Aug 2024 11:45:27 +0100 Subject: [PATCH 2/2] update review date --- runbooks/source/debugging-aws-console-access.html.md.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/runbooks/source/debugging-aws-console-access.html.md.erb b/runbooks/source/debugging-aws-console-access.html.md.erb index d402d400..b7ee645f 100644 --- a/runbooks/source/debugging-aws-console-access.html.md.erb +++ b/runbooks/source/debugging-aws-console-access.html.md.erb @@ -1,7 +1,7 @@ --- title: Debugging AWS Console read-only access issues weight: 8605 -last_reviewed_on: 2024-02-07 +last_reviewed_on: 2024-08-07 review_in: 6 months ---