Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deployment Steps for Grant AWS command #2250

Open
4 tasks
vikhyat187 opened this issue Nov 15, 2024 · 2 comments
Open
4 tasks

Deployment Steps for Grant AWS command #2250

vikhyat187 opened this issue Nov 15, 2024 · 2 comments
Assignees
@prakashchoudhary07 @iamitprakash

Comments

@vikhyat187
Copy link
Contributor

vikhyat187 commented Nov 15, 2024
edited
Loading

This ticket, has the steps to set the ENV for /grant-aws-access discord command, this command grants AWS access of mentioned groupId to the user, so for granting this access programatically we needed the access keys, secret keys with permission to add user to the AWS account and add them to the mentioned group.

They are basically 4 ENVs

  • AWS_REGION
  • AWS_ACCESS_KEY
  • AWS_SECRET_KEY
  • IDENTITY_STORE_ID

Steps to fetch the first 3 variables

  1. In order to create a access and secret key with required permissions
  1. List of permissions for AWS access and secret keys
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "identitystore:ListUsers",
            "Resource": [
                "arn:aws:identitystore:::user/*",
                "arn:aws:identitystore::<account-no>:identitystore/*"
            ]
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "identitystore:CreateUser",
            "Resource": "arn:aws:identitystore::<account-no>:identitystore/*"
        },
        {
            "Sid": "VisualEditor2",
            "Effect": "Allow",
            "Action": "identitystore:CreateGroupMembership",
            "Resource": [
                "arn:aws:identitystore:::group/*",
                "arn:aws:identitystore:::user/*",
                "arn:aws:identitystore::<account-no>:identitystore/*"
            ]
        }
    ]
}
  1. To set the identity store Id
    a. click on the IAM Identity center and click on settings
    image
    b. Scroll down and we can find the identity store Id
    image
  2. Note : Important step
  • We need to check the AWS group is linked to an AWS account if not the users, will see a blank screen like this
image - To assign an AWS account to the group, we can go to **IAM Identity center** > Groups
image
- Selecting the group whose Group Id we have set in the discord slash commands, click on the **AWS Accounts** tab and assign to an AWS account, the user will see this like screen post assigning group to the AWS account. image

cc : @prakashchoudhary07
@VinuB-Dev VinuB-Dev mentioned this issue Nov 15, 2024
Closed
10 tasks
@prakashchoudhary07
Copy link
Contributor

hey quick question are we going to allow this for all resources?
Where and how can we restrict this?

@vikhyat187 vikhyat187 mentioned this issue Nov 20, 2024
Merged
10 tasks
@vikhyat187
Copy link
Contributor Author

Hi @prakashchoudhary07 point 4 in the description, can we check this please.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@prakashchoudhary07 prakashchoudhary07

@iamitprakash iamitprakash

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@prakashchoudhary07 @iamitprakash @vikhyat187