Allow github-actions role to assume required roles - Githubissues

ministryofjustice / modernisation-platform

A place for the core work of the Modernisation Platform • This repository is defined and managed in Terraform

https://user-guide.modernisation-platform.service.justice.gov.uk

MIT License

683 stars 291 forks source link

Allow github-actions role to assume required roles #2037

Closed davidkelliott closed 2 years ago

davidkelliott commented 2 years ago

User Story

The github-actions role created in #2036 needs to be able to assume the following roles:

same member account - :role/MemberInfrastrucutureAccess role - https://github.com/ministryofjustice/modernisation-platform/blob/main/terraform/environments/bootstrap/delegate-access/iam.tf#L33

core-vpc roles eg - :role/member-delegation-hmpps-test - https://github.com/ministryofjustice/modernisation-platform/blob/main/terraform/environments/core-vpc/vpc.tf#L256

core-network-services roles - :role/modify-dns-records https://github.com/ministryofjustice/modernisation-platform/blob/main/terraform/environments/core-network-services/iam.tf#L6

Value

Allows the role to be assumed by the github-actions role

Questions / Assumptions / Hypothesis

Definition of done

[ ] roles have been amended
[ ] another team member has reviewed
[ ] tests are green
[ ] UR test OR added to continual research plan

Reference

How to write good user stories

davidkelliott commented 2 years ago

https://github.com/ministryofjustice/modernisation-platform/issues/1975

dms1981 commented 2 years ago

Requires completion of #2035 to unblock this story