Enhancement | Add steps and example code when creating new Roles in the Ref-Arch

[marianod92]

When a new Role is created in the ref-arch to access AWS accounts, for example, a Developer role, the commands given in this document do not generate the records for that profile/role in the ~/.aws/[PROJECT]/config file.

While mitigating this issue, as a workaround it would be useful to add in the reference documentation how to manually edit the ~/.aws/[PROJECT]/config file.

[profile PROJECT-shared-developers]
output = json
region = us-east-2
role_arn = arn:aws:iam::ACCOUNT_ID:role/Developers
source_profile = PROJECT-security
mfa_serial = arn:aws:iam::ACCOUNT_ID:mfa/[YOUR_USERNAME]
[profile PROJECT-apps-devstg-developers]
output = json
region = us-east-2
role_arn = arn:aws:iam::ACCOUNT_ID:role/Developers
source_profile = PROJECT-security
mfa_serial = arn:aws:iam::ACCOUNT_ID:mfa/[YOUR_USERNAME]
[profile PROJECT-apps-prd-developers]
output = json
region = us-east-2
role_arn = arn:aws:iam::ACCOUNT_ID:role/Developers
source_profile = PROJECT-security
mfa_serial = arn:aws:iam::ACCOUNT_ID:mfa/[YOUR_USERNAME]
...

Below is an example block used for one of the configurations already running:

Also, if possible, it would be very useful to add the steps to create a new role (with code examples) and to add a user to an IAM group.

[diego-ojeda-binbash]

We will favor the SSO flow and thus will not tackle this issue soon (probably even discard it later on). The IAM approach will be reserved for Ref Arch bootstrapping and as a fallback mechanism mainly for DevOps as the rest of users will by default use the SSO flow.

Related issue: https://github.com/binbashar/le-ref-architecture-doc/issues/155

[exequielrafaela]

This feature will be supported in our next stable release => https://github.com/binbashar/leverage/pull/232