search

cds-snc / dns

DNS Configuration for domains managed by CDS
18 stars 15 forks source link

Adding SSO role for notification admins #400

Closed sylviamclaughlin closed 1 month ago

sylviamclaughlin commented 1 month ago

Summary | Résumé

Add SSO role for Administrators that can assume the notify_prod_dns_manager role.

github-actions[bot] commented 1 month ago

DNS

✅   Terraform Init: success ✅   Terraform Validate: success ✅   Terraform Format: success ✅   Terraform Plan: success ✅   Conftest: success 

Plan: 0 to add, 1 to change, 0 to destroy
Show summary | CHANGE | NAME | |--------|----------------------------------------| | update | `aws_iam_role.notify_prod_dns_manager` |
Show plan ```terraform Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # aws_iam_role.notify_prod_dns_manager will be updated in-place ~ resource "aws_iam_role" "notify_prod_dns_manager" { ~ assume_role_policy = jsonencode( ~ { ~ Statement = [ ~ { ~ Principal = { ~ AWS = [ ~ "arn:aws:iam::296255494825:role/aws-reserved/sso.amazonaws.com/ca-central-1/AWSReservedSSO_AWSAdministratorAccess_dcf2167fdeb47617" -> "arn:aws:iam::296255494825:role/notification-terraform-apply", ~ "arn:aws:iam::296255494825:role/notification-terraform-apply" -> "arn:aws:iam::296255494825:role/aws-reserved/sso.amazonaws.com/ca-central-1/AWSReservedSSO_AWSAdministratorAccess_*", ] } # (2 unchanged attributes hidden) }, ] # (1 unchanged attribute hidden) } ) id = "notify_prod_dns_manager" name = "notify_prod_dns_manager" tags = {} # (11 unchanged attributes hidden) } Plan: 0 to add, 1 to change, 0 to destroy. ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" ```
Show Conftest results ```sh WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.Route53TerraformDeploy"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.notify_prod_dns_manager_policy"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.notify_prod_dns_manager"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_user.dns-github-deployer"] WARN - plan.json - main - Missing Common Tags: ["aws_route53_zone.alpha-canada-ca-public"] WARN - plan.json - main - Missing Common Tags: ["aws_route53_zone.cds-snc-ca-public"] WARN - plan.json - main - Missing Common Tags: ["aws_route53_zone.notification-canada-ca-public"] WARN - plan.json - main - Missing Common Tags: ["aws_route53_zone.platform-canada-ca-public"] 27 tests, 19 passed, 8 warnings, 0 failures, 0 exceptions ```