Closed jiwachow closed 1 week ago
Hi @jiwachow Thanks for your issue. SeedFarmer (SF) was designed to create dedicated roles with least privilege policies. There are no unused or redundant roles created by SF.
Since IAM is global per account, there will be:
The toolchain roles and deployment roles are nominal in count (they do not scale up). But, there is a one-to-one role mapping per module created. That means if you have a deployment that has 20 modules, there will be 20 roles created. If you then use that same manifest and change the deployment name and deploy again (a unique deployment) you will have 20 more roles created. They delete on module destroy.
You can filter on the roles in the account in IAM as all seedfarmer roles tied to modules have a distinct pattern:
If you are working with AWS ProServe in an engagement, please reach out to the AWS lead at the engagement, and they will be able to contact us directly so we can further provide recommendations.
Hello,
We are using Seedfarmer extensively across multiple environments. Recently, we have encountered issues related to the maximum number of roles being created, which has necessitated increasing our role limits.
Our Situation:
We are hitting the maximum role limits in some environments. We need to understand how to better manage the number of roles that are created, needed, managed, and potentially unused by Seedfarmer. Our Questions:
What are the best practices for managing the number of roles created by Seedfarmer to avoid hitting the role limit? Are there any specific strategies or configurations within Seedfarmer that can help reduce the number of roles created? How can we identify and manage unused or redundant roles that are generated by Seedfarmer? Are there any tools or scripts recommended for auditing and managing roles in Seedfarmer environments? Any other suggestions or guidance to help us efficiently manage roles in our Seedfarmer deployments? Thank you in advance for your assistance.