Creation of Github team does not translate into IAM permissions in alpha, but does in dev

ministryofjustice / analytics-platform

Parent repository for the MOJ Analytics Platform

MIT License

14 stars 1 forks source link

Creation of Github team does not translate into IAM permissions in alpha, but does in dev #19

Closed RobinL closed 6 years ago

RobinL commented 6 years ago

What happened?

I created two new teams, dag_data_engineers_raw and dag_data_engineers_staging in Github

Two users were added to these teams in addition to me: isichei and anthonycody.

In IAM, I expected readwrite like alpha-dag-data-engineers-staging-readwrite policies to be attached to their respective roles alpha_user_isichei and alpha_user_anthonycody and alpha_user_robinl

They were assigned the right roles in dev but no roles were assigned to them or me in alpha.

xoen commented 6 years ago

As discussed in other channels:

This is caused by the default AWS limit of 10 (managed) policies that can be attached to an IAM role
Kerin requested an increased of this limit which should sort this
No code change is required

xoen commented 6 years ago

@RobinL confirmed the this limit was now increased so closing this.

xoen commented 6 years ago

Reopening as it seems like AWS didn't increase the limit yet.

xoen commented 6 years ago

Looks like AWS increased our limit to 20:

I have just heard back from the Service Team, and they have informed me that they were able to partially approve and process your IAM Groups and Users limit increase request, and your new limit is 20 Policies per Role.

Still not ideal as we may potentially still hit this limit for some users but closing this for now.