Open mcdonnnj opened 2 years ago
Additionally if a service account is necessary, I am already working on a configuration to create a user group with assume role permissions to the roles made with this configuration. The service account could then be created with our existing cisagov/cool-users-non-admin workflow and added to that group.
💡 Summary
Currently this configuration has both
production
andstaging
buckets defined in one configuration that is stored in thedefault
workspace. This was necessary because this configuration houses a service account that needs access to both buckets. We should remove the service account and update the configuration to store the details for a single bucket and use Terraform workspaces to house each environment's configuration.Motivation and context
The service account is no longer necessary and storing both bucket details in a single configuration is something of an anti-pattern. The suggested change would better align this configuration with how we normally handle these things.
Implementation notes
In addition to this configuration we also need to make appropriate changes to cisagov/cool-images-vmimport to reflect that each bucket's configuration will be housed in its own Terraform workspace (instead of everything in
default
).