search

hackforla / devops-security

Management of Hack for L.A.'s AWS IAM resources
https://github.com/orgs/hackforla/projects/73/views/4
MIT License
0 stars 12 forks source link

Revert "add gha oidc module and invoke for incubator; add tyler for HomeUniteUs" #33

Closed chelseybeck closed 6 months ago

chelseybeck commented 6 months ago

Reverts hackforla/devops-security#28

Reverting b/c the Apply stage is failing due to lack of access to the GitHub action. Will move the user account creation to a new pr while we get those added

github-actions[bot] commented 6 months ago

Terraform plan in terraform

Plan: 0 to add, 0 to change, 3 to destroy. ```diff Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: - destroy Terraform will perform the following actions: # module.iam_oidc_gha_incubator.aws_iam_role.github_actions_oidc will be destroyed # (because aws_iam_role.github_actions_oidc is not in configuration) - resource "aws_iam_role" "github_actions_oidc" { - arn = "arn:aws:iam::035866691871:role/gha-incubator" -> null - assume_role_policy = jsonencode( { - Statement = [ - { - Action = "sts:AssumeRoleWithWebIdentity" - Condition = { - StringEquals = { - "token.actions.githubusercontent.com:aud" = "*****************" } - StringLike = { - "token.actions.githubusercontent.com:sub" = "******************************************************" } } - Effect = "Allow" - Principal = { - Federated = "arn:aws:iam::035866691871:oidc-provider/token.actions.githubusercontent.com" } }, ] - Version = "2012-10-17" } ) -> null - create_date = "2024-05-16T02:01:39Z" -> null - force_detach_policies = false -> null - id = "gha-incubator" -> null - managed_policy_arns = [ - "arn:aws:iam::aws:policy/AdministratorAccess", ] -> null - max_session_duration = 3600 -> null - name = "gha-incubator" -> null - path = "/" -> null - tags = {} -> null - tags_all = {} -> null - unique_id = "AROAQQWOSJEP6ON6DAODK" -> null } # module.iam_user_tylerthome.aws_iam_user.user will be destroyed # (because aws_iam_user.user is not in configuration) - resource "aws_iam_user" "user" { - arn = "arn:aws:iam::035866691871:user/tyler.thome" -> null - force_destroy = false -> null - id = "tyler.thome" -> null - name = "tyler.thome" -> null - path = "/" -> null - tags = { - "Access Level" = "1" - "Project" = "home-unite-us" } -> null - tags_all = { - "Access Level" = "1" - "Project" = "home-unite-us" } -> null - unique_id = "AIDAQQWOSJEP2DBAAAHP3" -> null } # module.iam_user_tylerthome.aws_iam_user_group_membership.user_group_membership will be destroyed # (because aws_iam_user_group_membership.user_group_membership is not in configuration) - resource "aws_iam_user_group_membership" "user_group_membership" { - groups = [ - "read-only-group", ] -> null - id = "terraform-20240516020139255000000001" -> null - user = "tyler.thome" -> null } Plan: 0 to add, 0 to change, 3 to destroy. ```

:memo: Plan generated in Write Terraform Plan to Pull Request #44