Closed phuonghuynh closed 3 years ago
PR https://github.com/interscript/infrastructure/pull/7 need to be merged also to enable this process.
Secrets variable required:
- (might be done) Push permission token:
INTERSCRIPT_CI_PAT
in -api and -infrastructure
Done.
- -infrastructure:
AWS_ACCESS_KEY_ID
andAWS_SECRET_ACCESS_KEY
What kind of permissions does this account need? I've now put in the website deployment user.
Free free to merge when ready.
I think only AWSLambda_FullAccess
XRay will be removed in PR https://github.com/interscript/infrastructure/pull/8
@phuonghuynh can you let me know if anything fails? We might need to setup a new AWS account for this.
PR to fix wrong git repository name merged, https://github.com/interscript/infrastructure/pull/9
@ronaldtse Auto workflow should work now, could you give it a try?
We might need to setup a new AWS account for this.
yes, a deploy-account needed as we restrict to allowed_account_ids = ["458282504429"]
for now, we can set AWSLambda_FullAccess
is enough, as described in the document
A Lambda function also has a policy, called an execution role, that grants it permission to access AWS services and resources. At a minimum, your function needs access to Amazon CloudWatch Logs for log streaming.
@ronaldtse after setting up AWS account, a manual release (push tag) on interscript is required to trigger this workflow as detailed in the description section
@phuonghuynh can you help setup the new account and also make the deploy work? Thanks!
Support auto release -api and aws-lambda -aws-lambda
Workflow:
.pr_reviewers
to approve statefile changed and manual merge to master branch of -infrastructureSecrets variable required:
INTERSCRIPT_CI_PAT
in -api and -infrastructureAWS_ACCESS_KEY_ID
andAWS_SECRET_ACCESS_KEY
.pr_reviewers
: static csv string Reviewers assigned when Pull Request sent in -infrastructure after applying AWS Lambda successfully.Related issue #12, #15, #3