scylladb / scylladb-cloud-doc-issues

A repo for Scylla Cloud docs issues
https://cloud.docs.scylladb.com/stable/
1 stars 1 forks source link

docs: Issue on page Deploy ScyllaDB Cloud to Your Own AWS Account #23

Open ylebi opened 1 month ago

ylebi commented 1 month ago

I would like to report an issue on page https://cloud.docs.scylladb.com/master/cloud-setup/scylla-cloud-byoa

Problem

Lab AWS account number is exposed to public. https://cloud.docs.scylladb.com/stable/cloud-setup/scylla-cloud-byoa.html#define-a-boundary-policy Copy the Policy ARN (output should be similar to the following example: arn:aws:iam::734708892259:policy/ScyllaCloudBoundary).

Suggest a fix

Instead of arn:aws:iam::734708892259:policy/ScyllaCloudBoundary use arn:aws:iam::123456789012:policy/ScyllaCloudBoundary not exposing real ScyllaDB AWS account-id.

annastuchlik commented 1 month ago

Thanks for reporting this. We should never expose actual data. I'll fix this asap.

annastuchlik commented 1 month ago

Fixed and published: https://cloud.docs.scylladb.com/stable/cloud-setup/scylla-cloud-byoa.html#define-a-boundary-policy

mixellent commented 1 month ago

@annastuchlik the number still appears in sections 9 and 12 > 10.

But I wonder if this is really Lab and not Production. Instead of putting just 123456.., shouldn't we put our actual AWS account production id? This id should be ok being public.

@scylladb-buff @ylebi WDYT?

ylebi commented 1 month ago

@annastuchlik the number still appears in sections 9 and 12 > 10.

But I wonder if this is really Lab and not Production. Instead of putting just 123456.., shouldn't we put our actual AWS account production id? This id should be ok being public.

@scylladb-buff @ylebi WDYT?

Please do not expose it to public. It’s the company private information.

This document shows an example of that information and should not expose real AWS Account ID.

mixellent commented 1 month ago

Then we should double check in Scylla cloud UI that the Scylla AWS arn is available there. Because otherwise the customer won't be able to set up BYOA against our account

annastuchlik commented 1 month ago

the number still appears in sections 9 and 12 > 10.

Reopening.

ylebi commented 1 month ago

Then we should double check in Scylla cloud UI that the Scylla AWS arn is available there. Because otherwise the customer won't be able to set up BYOA against our account

Can you send a screenshot or reference a link?

mixellent commented 1 month ago

One of the steps when creating BYOA cluster:

See Step 2 Image

ylebi commented 1 month ago

One of the steps when creating BYOA cluster:

See Step 2 Image

I don't see any issues with that page - there is 1234567890 for the account ID, which is OK.

mixellent commented 1 month ago

@ylebi This is just a screenshot from Figma. I expect that in the actual Production env it will show our Prod AWS Account ID

annastuchlik commented 1 month ago

@mixellent So are you OK with using an example ID in the docs? Or should we use the production AWS Account ID? @ylebi suggested an example, and I lean to that approach, but I'd like to check with you.

mixellent commented 1 month ago

@annastuchlik I don't have an issue putting a dummy value in our Doc if we know for sure that the user has everything they need to complete the BYOA process.

Let's ask @omrivardi for his input here. Omri - can you confirm that having the Scylla Production AWS Account ID only in the UI and not in the BYOA docs - OK in order for the user to complete the BYOA flow? (keeping in mind that BYOA can only be set up via UI, not via API/TF)

annastuchlik commented 3 weeks ago

Let's ask @omrivardi for his input here. Omri - can you confirm that having the Scylla Production AWS Account ID only in the UI and not in the BYOA docs - OK in order for the user to complete the BYOA flow? (keeping in mind that BYOA can only be set up via UI, not via API/TF)

@omrivardi Could you advise?