Azure PostgreSQL Hyperscale Deployment on EKS using Terraform - unclear requirements for AWS IAM role permissions

[ischepin]

Scenario which you are working on https://azurearcjumpstart.io/azure_arc_jumpstart/azure_arc_data/eks/eks_postgres_hs_terraform/

Describe the bug This scenario requires you to create an access key for an existing user in AWS IAM. But in case of a new AWS account there are no users. When I create a new user, it doesn't have any permissions attached and scenario doesn't describe what permissions are required from this user.

To Reproduce Steps to reproduce the behavior:

1. Go to https://azurearcjumpstart.io/azure_arc_jumpstart/azure_arc_data/eks/eks_postgres_hs_terraform/#create-a-new-aws-iam-role--key

Expected behavior I can understand what permissions AWS user should have to complete the scenario

Actual behavior Permissions unclear, I've tried to guess that it needs full EC2 and EKS access but terraform apply failed because of no IAM access

[dkirby-ms]

Thanks @ischepin.

It looks like this scenario doesnt have the same guidance to show how to create the user and attach correct permissions. In the Azure Arc-enabled servers AWS scenarios we do show this, so we should mirror our approach from those scenarios in the AWS data services scenarios.

I also notice that we have the same missing explanation in the EKS kubernetes-only scenario. We should address all AWS based scenarios and align them to the EC2 onboarding scenarios guidance.

[likamrat]

This is related to #870 /cc @DCMattyG

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 21 days with no activity. It will be closed in 5 days if no further activity occurs.