[FOLIO-2861] Update Jenkins' AWS permissions: Created: 03/Nov/20  Updated: 26/Jan/21  Resolved: 26/Jan/21

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Task Priority: P3
Reporter: John Malconian Assignee: John Malconian
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Sprint: DevOps: Sprint 101, DevOps: Sprint 100, DevOps: Sprint 105, DevOps: Sprint 103, DevOps: Sprint 102, DevOps: Sprint 104, DevOps Sprint 106
Development Team: FOLIO DevOps

 Description   

Stanislav Miroshnichenko wrote:

"Here is pipeline: https://jenkins-aws.indexdata.com/job/performance_framework/job/ptf-env/
The problem I faced is that there are not enough permissions for user 'id-jenkins':

  • Error revoking default egress rule for Security Group (sg-0a8fc867a9897be96): UnauthorizedOperation: You are not authorized to perform this operation
  • Error creating IAM policy ptf-eks-elb-sl-role-creation20201029122952693200000001: AccessDenied: User: arn:aws:iam::732722833398:user/id-jenkins is not authorized to perform: iam:CreatePolicy on resource: policy ptf-eks-elb-sl-role-creation20201029122952693200000001
  • Error reading IAM Role ptf-eks20201029122952694000000002: AccessDenied: User: arn:aws:iam::732722833398:user/id-jenkins is not authorized to perform: iam:GetRole on resource: role ptf-eks20201029122952694000000002
  • Error creating EIP: UnauthorizedOperation: You are not authorized to perform this operation
    You can see logs here: https://jenkins-aws.indexdata.com/job/performance_framework/job/ptf-env/49/console
    So, could you fix that permissions, please?"


 Comments   
Comment by John Malconian [ 06/Jan/21 ]

There is lot of additional permissions needed here, so instead of updating the Jenkins IAM account, I've created a new IAM account with the permissions needed to run this job. In the pipeline code, specify 'credentialsId: ptf-env-aws-user'. If you determine that you still require additional permissions, note them in this jira issue. I'll keep it open until you've verified that the existing permissions attached to this user are sufficient.

Comment by Jakub Skoczen [ 07/Jan/21 ]

Stanislav Miroshnichenko can you verify that this is complete?

Generated at Thu Feb 08 23:23:47 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.