Closed wadells closed 2 years ago
Instead of directly using a token associated with a long lived AWS user, we now use this token to assume a short lived role. The publishing logic has no access to the long lived credentials, and only uses the short lived role.
Uses the role provisioned in https://github.com/gravitational/cloud-terraform/pull/944 Uses the credentials provisioned in https://github.com/gravitational/cloud-terraform/pull/957
Contributes to https://github.com/gravitational/SecOps/issues/213
I published the tag 7.0.68-11709-dev.1 using this logic. See:
7.0.68-11709-dev.1
https://drone.platform.teleport.sh/gravitational/planet/158/1/4
I since deleted this tag, as it should have been a 9.0.0 tag :facepalm:
Instead of directly using a token associated with a long lived AWS user, we now use this token to assume a short lived role. The publishing logic has no access to the long lived credentials, and only uses the short lived role.
Uses the role provisioned in https://github.com/gravitational/cloud-terraform/pull/944 Uses the credentials provisioned in https://github.com/gravitational/cloud-terraform/pull/957
Contributes to https://github.com/gravitational/SecOps/issues/213
Testing Done
I published the tag
7.0.68-11709-dev.1
using this logic. See:https://drone.platform.teleport.sh/gravitational/planet/158/1/4
I since deleted this tag, as it should have been a 9.0.0 tag :facepalm: