Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update review date and spell checks #5962

Merged
merged 2 commits into from
Aug 7, 2024
Merged

update review date and spell checks #5962

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d574836
update review date and spell checks
Aug 5, 2024
10aa3b9
update review date
Aug 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion runbooks/source/debugging-aws-console-access.html.md.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: Debugging AWS Console read-only access issues
weight: 8605
last_reviewed_on: 2024-02-07
last_reviewed_on: 2024-08-07
review_in: 6 months
---

Expand Down
12 changes: 6 additions & 6 deletions runbooks/source/rotate-user-aws-credentials.html.md.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
---
title: Rotate User Credentials
weight: 100
last_reviewed_on: 2024-02-02
last_reviewed_on: 2024-08-05
review_in: 6 months
---

# Rotate User AWS Credentials

Most of the terraform modules supported by Cloud Platform uses IRSA and hence no long term credentials are created. If any other resources refer to credentials
Most of the terraform modules supported by Cloud Platform use IRSA, hence no long term credentials are created. If any other resources refer to credentials
created by terraform sucn as IAM user, Cognito users, etc, then use this runbook if those AWS credentials have been exposed.

In this case, 'AWS credentials' refers to credentials created by terraform, for resources in the user's namespace. Use this runbook if a user's AWS credentials have been exposed.
In this case, 'AWS credentials' refer to credentials created by terraform, for resources in the user's namespace. Use this runbook if a user's AWS credentials have been exposed.

We will make terraform destroy the compromised credentials, and then recreate them. For this example, we will use the case where an IAM user access key and secret in a namespace was exposed.

Expand All @@ -26,7 +26,7 @@ git checkout main
git pull
```

Launch the tools-shell. This will have all the binary with correct versions needs for performing terraform operations
Launch the tools-shell. This will have all the binary with correct version needs for performing terraform operations

```bash
make tools-shell
Expand All @@ -43,7 +43,7 @@ The values are stored as secrets in `manager` cluster - `concourse-main` namespa
aws eks --region eu-west-2 update-kubeconfig --name live
```

## Set cluster related environment variables
## Set cluster-related environment variables

```bash
export TF_VAR_vpc_name="live-1"
Expand Down Expand Up @@ -76,7 +76,7 @@ terraform init \
-backend-config="dynamodb_table=cloud-platform-environments-terraform-lock"
```

Note: Bucket key above is referencing to "live-1", as state is stored in "live-1.cloud-platform.service.justice.gov.uk" for namespaces in "live" cluster.
Note: The bucket key above is a reference to "live-1", as state is stored in "live-1.cloud-platform.service.justice.gov.uk" for namespaces in "live" cluster.

## Terraform Plan/Apply

Expand Down
Loading