dragan
commented
5 years ago :shipit:
Closed nicklathe closed 5 years ago
dragan
commented
5 years ago :shipit:
nicklathe
commented
5 years ago Closing this PR as it was taken care of in #24.
In order to have Scipian abstract state from the user, it needs to use it's own backend in it's own AWS account. This PR makes changes to use it's own AWS IAM creds stored as a secret in it's own namespace when writing the backend.
This backend is exposed as a config map to the job when running Terraform. As a result, the RBAC rules in a Scipian cluster should disallow users of Scipian to read/create/update/delete or otherwise have any access to configmaps, as this would expose these secrets to Scipian users.