Enable upgrade and uninstall of node without providing AWS credentials

[IvanVlasic]

AWS credentials should be provided only during node install. Upgrade and uninstall should get necessary permissions through CLI role.

[IvanVlasic]

There's one potential issue with this approach that I've come across so far.

In order to update or delete Cloudformation stack CLI role has to have all necessary permissions for the execution of that action; this includes permissions like lambda function update or delete, configuration update, IAM role update, etc.

This means that we wouldn't be able to add changes to the Cloudformation stack in the future because cli role wouldn't have necessary permissions for those actions. This might or might not be the case in the future, but with this change we are preventing ourselves from ever being able to do that in the future.

The only way such changes could work is if we first did transitional release which would just update cli role through setup lambda, and then another release which would add changes to Cloudformation stack. Users would have to update both versions in correct order because cli role otherwise wouldn't have necessary permissions. This is neither something that is practical nor something that we should do.

[IvanVlasic]

Another issue that I'm not sure I see way around:

During uninstall, stack is deleted after entirety of node infrastructure is already destroyed. This includes CLI role as well so we don't have credentials that can be used to delete the stack since deleting CLI role invalidates all credentials generated by assuming it.

[ianic]

Thanks, great info. Will close because it is noop now.