From 9cda5819b95200b7ce3585e3171a5606cb715cec Mon Sep 17 00:00:00 2001 From: Jill R <4121322+jillr@users.noreply.github.com> Date: Mon, 21 Oct 2019 14:01:19 -0700 Subject: [PATCH] Update AWS dev guide to recomment module_defaults and point to CI policy repo (#63589) --- .../rst/dev_guide/platforms/aws_guidelines.rst | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/docs/docsite/rst/dev_guide/platforms/aws_guidelines.rst b/docs/docsite/rst/dev_guide/platforms/aws_guidelines.rst index c0d706ade07..43e46dd1dd0 100644 --- a/docs/docsite/rst/dev_guide/platforms/aws_guidelines.rst +++ b/docs/docsite/rst/dev_guide/platforms/aws_guidelines.rst @@ -639,14 +639,14 @@ to your test in the following variables: * `aws_secret_key` * `security_token` -So all invocations of AWS modules in the test should set these parameters. To avoid duplication these -for every call, it's preferable to use `YAML Anchors `_. For example: +So all invocations of AWS modules in the test should set these parameters. To avoid duplicating these +for every call, it's preferable to use :ref:`module_defaults `. For example: .. code-block:: yaml - name: set connection information for all tasks - set_fact: - aws_connection_info: &aws_connection_info + module_defaults: + group/aws: aws_access_key: "{{ aws_access_key }}" aws_secret_key: "{{ aws_secret_key }}" security_token: "{{ security_token }}" @@ -656,12 +656,10 @@ for every call, it's preferable to use `YAML Anchors `_. To start from the least permissive IAM policy: @@ -711,7 +709,7 @@ To start from the least permissive IAM policy: 3) Add the action or resource that caused the failure to `an IAM policy `_. Wait a few minutes for your policy to update. 4) Run the tests again with this policy attached to your user or role. 5) If the tests still fail at the same place with the same error you will need to troubleshoot (see tips below). If the first test passes, repeat steps 2 and 3 for the next error. Repeat the process until the tests pass with a restrictive policy. -6) Share the minimum policy in a comment on your PR. +6) Open a pull request proposing the minimum required policy to the `testing policies `_. Troubleshooting IAM policies ^^^^^^^^^^^^^^^^^^^^^^^^^^^^