You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* initial commit, need check together with terraform-zero-modules/iam_users
* fix with review
* enhancement with map structure
* enhancement with user group for AWS access
* fix with template
* enhancements with shared state and k8s rules etc.
* refined modules-environemnt-root parameters etc. after review
* Tweaked documentation a bit
* remove unnecessary templating and use variables
* replace space with tab
* typo fix
* recover templating for terraform block
* typo comment fix
* use remote modules and fixes
* added tearndown steps for shared env
* refer to newer versions of modules
* add shared-remote-state generation
Co-authored-by: Bill Monkman <[email protected]>
Copy file name to clipboardExpand all lines: templates/terraform/README.md
+20Lines changed: 20 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -102,6 +102,26 @@
102
102
make update-k8s-conf
103
103
```
104
104
105
+
If a user has a role other than admin (dev, operations, etc.) they can specify it here as well:
106
+
```
107
+
ROLE=<role> make update-k8s-conf
108
+
```
109
+
110
+
## User Access
111
+
112
+
You may want to give memebers of your team access to the infrastructure.
113
+
Individual roles and permissions are defined in `environments/<env>/user_access.tf`, these will define the amount of access a user in that role has to both AWS and Kubernetes.
114
+
115
+
1. Add users in `environments/shared/main.tf` and specify the role they should have in each environment, then run:
116
+
```
117
+
make apply-shared-env
118
+
```
119
+
120
+
2. To do the assignment of users to roles in each environment, you must run this for each:
121
+
```
122
+
ENVIRONENT=<env> make apply-env
123
+
```
124
+
This should detect that there was a new user created, and put them into the necessary group.
allowed_account_ids=["<% index .Params `accountId` %>"]
42
+
project=local.project
43
+
region=local.region
44
+
allowed_account_ids=[local.account_id]
26
45
random_seed="<% index .Params `randomSeed` %>"
27
46
28
47
# ECR configuration
@@ -35,15 +54,15 @@ module "prod" {
35
54
eks_worker_asg_max_size=4
36
55
37
56
# EKS-Optimized AMI for your region: https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
38
-
# https://<% index .Params `region` %>.console.aws.amazon.com/systems-manager/parameters/%252Faws%252Fservice%252Feks%252Foptimized-ami%252F1.17%252Famazon-linux-2%252Frecommended%252Fimage_id/description?region=<% index .Params `region` %>
0 commit comments