Page MenuHomePhabricator

[services][terraform] Set up IAM for feature-flags service
ClosedPublic

Authored by bartek on Jul 26 2023, 2:08 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 5, 7:31 AM
Unknown Object (File)
Tue, Nov 5, 7:31 AM
Unknown Object (File)
Tue, Nov 5, 7:31 AM
Unknown Object (File)
Tue, Nov 5, 7:31 AM
Unknown Object (File)
Tue, Nov 5, 7:28 AM
Unknown Object (File)
Fri, Nov 1, 4:36 PM
Unknown Object (File)
Fri, Nov 1, 4:36 PM
Unknown Object (File)
Fri, Nov 1, 4:30 PM
Subscribers

Details

Summary

Sets up IAM for feature-flags service. Also this is example of how to set up IAM to give minimum required permissions to a service.

Created a role that:

  • Can be assumed by EC2 instances and ECS tasks - basically they are allowed to use it
  • Allows read operations on feature-flags DDB table

Depends on D8583

Test Plan

Tested together with next diff - they're live on AWS now.

Diff Detail

Repository
rCOMM Comm
Lint
Lint Not Applicable
Unit
Tests Not Applicable