docs: Issue on page Deploy ScyllaDB Cloud to Your Own AWS Account

[ylebi]

I would like to report an issue on page https://cloud.docs.scylladb.com/master/cloud-setup/scylla-cloud-byoa

Problem

Lab AWS account number is exposed to public. https://cloud.docs.scylladb.com/stable/cloud-setup/scylla-cloud-byoa.html#define-a-boundary-policy Copy the Policy ARN (output should be similar to the following example: arn:aws:iam::734708892259:policy/ScyllaCloudBoundary).

Suggest a fix

Instead of arn:aws:iam::734708892259:policy/ScyllaCloudBoundary use arn:aws:iam::123456789012:policy/ScyllaCloudBoundary not exposing real ScyllaDB AWS account-id.

[annastuchlik]

Thanks for reporting this. We should never expose actual data. I'll fix this asap.

[annastuchlik]

Fixed and published: https://cloud.docs.scylladb.com/stable/cloud-setup/scylla-cloud-byoa.html#define-a-boundary-policy

[mixellent]

@annastuchlik the number still appears in sections 9 and 12 > 10.

But I wonder if this is really Lab and not Production. Instead of putting just 123456.., shouldn't we put our actual AWS account production id? This id should be ok being public.

@scylladb-buff @ylebi WDYT?

[ylebi]

@annastuchlik the number still appears in sections 9 and 12 > 10.

But I wonder if this is really Lab and not Production. Instead of putting just 123456.., shouldn't we put our actual AWS account production id? This id should be ok being public.

@scylladb-buff @ylebi WDYT?

Please do not expose it to public. It’s the company private information.

This document shows an example of that information and should not expose real AWS Account ID.

[mixellent]

Then we should double check in Scylla cloud UI that the Scylla AWS arn is available there. Because otherwise the customer won't be able to set up BYOA against our account

[annastuchlik]

the number still appears in sections 9 and 12 > 10.

Reopening.

[ylebi]

Then we should double check in Scylla cloud UI that the Scylla AWS arn is available there. Because otherwise the customer won't be able to set up BYOA against our account

Can you send a screenshot or reference a link?

[mixellent]

One of the steps when creating BYOA cluster:

See Step 2

[ylebi]

One of the steps when creating BYOA cluster:

See Step 2

I don't see any issues with that page - there is 1234567890 for the account ID, which is OK.

[mixellent]

@ylebi This is just a screenshot from Figma. I expect that in the actual Production env it will show our Prod AWS Account ID

[annastuchlik]

@mixellent So are you OK with using an example ID in the docs? Or should we use the production AWS Account ID? @ylebi suggested an example, and I lean to that approach, but I'd like to check with you.

[mixellent]

@annastuchlik I don't have an issue putting a dummy value in our Doc if we know for sure that the user has everything they need to complete the BYOA process.

Let's ask @omrivardi for his input here. Omri - can you confirm that having the Scylla Production AWS Account ID only in the UI and not in the BYOA docs - OK in order for the user to complete the BYOA flow? (keeping in mind that BYOA can only be set up via UI, not via API/TF)

[annastuchlik]

Let's ask @omrivardi for his input here. Omri - can you confirm that having the Scylla Production AWS Account ID only in the UI and not in the BYOA docs - OK in order for the user to complete the BYOA flow? (keeping in mind that BYOA can only be set up via UI, not via API/TF)

@omrivardi Could you advise?