cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
47558 commits 47 branches 390 tags 440 MiB
Commit graph

7 commits

Author SHA1 Message Date
Will Thames
60fb9fc208 Fix EC2 test suite to work with testing policies (#44387) 
* Update testing policies to ensure all required permissions are present
* Tidy up security policies to reduce duplicate permissions
* Make roles static so that they can be present before CI is run,
  meaning that role creation permission is not required by the CI
  itself, only by someone setting up the roles prior to testing
* Move contents to cloudfront policy to network policy to ensure policy
  count (maximum of 10) stays low
* Maintain compute policy below 6144 bytes
 2019-07-04 15:25:19 -04:00
Ed Costello
2013d4abc4 Update setup-iam playbook to use aws_caller_info rather than deprecated (#57675) 
aws_caller_facts
 2019-06-11 09:23:56 -04:00
Will Thames
a1d3cf488d [cloud][test]Add missing IAM policy for cloudfront (#38248) 
Cloudfront needs CreateOriginAccessIdentity

Add profile parameter to setup-iam.yml. Could arguably just use
AWS_PROFILE but given that other tasks are using profile, should
be consistent.
 2018-04-05 14:06:04 -04:00
Ed Costello
645952c139 Add aws_caller_facts module and use it in setup-iam.yml (#36683) 
* Add aws_caller_facts module and use it in setup-iam.yml

This removes the dependency on having the command line AWS tools
installed.
 2018-02-28 16:30:34 +10:00
Will Thames
1ca0c0e7f7 Consolidate IAM policies into fewer, larger policies (#33122) 
Due to IAM limits allowing at most 10 policies per group,
need to reduce the number of total policies in use.
 2017-11-21 17:15:31 -05:00
Will Thames
f3bc8b84b6 [cloud] Fix setup_iam to use policy_name, not PolicyName (#26880) 
Update setup_iam.yml to work with latest iam_managed_policies
module, which correctly snakifies the results
 2017-07-28 07:50:07 -04:00
Will Thames
0ed1c3ba9c Split up testing IAM policies and automate creating them (#26223) 
* Split up testing IAM policies and automate creating them

Move to managed policies to avoid the 5KB limit on policies
for an IAM entity.

The policy file is templated, so need to make sure that there
is an easy mechanism to populate the templates and push the
new policies.

* Update IAM policies for ec2_scaling_policy tests

* Fix RouteTable policies

DescribeRouteTable should be plural
ModifyRouteTable does not exist, but ReplaceRouteTableAssociation
does.

* Some IAM policies do not allow specified Resources

Various IAM policies do not allow Resources
to be specified and should just use `*`. This differs
per service

* [Autoscaling](http://docs.aws.amazon.com/autoscaling/latest/userguide/control-access-using-iam.html#policy-auto-scaling-resources)
* [EC2](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/ec2-api-permissions.html#ec2-api-unsupported-resource-permissions)
* [ECR](http://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr-supported-iam-actions-resources.html)
* [ELB](http://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/load-balancer-authentication-access-control.html)

* Finish fixing AWS IAM resource specifications for testing

Update Lambda and RDS policies
 2017-07-14 14:50:55 +10:00