#8064 Please provide EC2 launching capabilities for FCOS
Closed: Fixed 4 years ago by jlebon. Opened 4 years ago by jlebon.

This is a follow-up to https://pagure.io/fedora-infrastructure/issue/7997.

We'd like to be able to launch the AMIs we uploaded so we can test them. Ideally attached to the existing fcos-builds-* IAM accounts, but if policy dictates a separate IAM that's fine too.

Thanks!


Yeah, I think I would prefer another account/policy, but could be talked out of it if it's too much more trouble for your side.

It just seems nicer to have a seperate test account that only has perms to test the images produced by the builder.

When do you need this by? I am out most of next week at flock, but can try and do it the week after or if it's urgent try and fit it in sometime.

Metadata Update from @kevin:
- Issue assigned to kevin
- Issue priority set to: Waiting on Assignee (was: Needs Review)

4 years ago

@jlebon we have a separate account that we've used for testing in Fedora in the past. Separate from the main account. Maybe we could update the launch permissions to include that account and we could use that other account to test with?

@kevin do note that before we do this, we really want to make sure that the auto-tagging is setup and permissions are setup correctly with those tags, so that the account can only manipulate its own VMs after spawning.

@kevin do note that before we do this, we really want to make sure that the auto-tagging is setup and permissions are setup correctly with those tags, so that the account can only manipulate its own VMs after spawning.

is this in the main account? If so I'd say let's not allow VM launches in there and leave that to the test account. In the test account we won't have to worry about autotagging IMHO.

When do you need this by?

It's not urgent, but we'd like to have it set up soon so we can hook up AMI testing as part of our pipeline.

@jlebon we have a separate account that we've used for testing in Fedora in the past. Separate from the main account. Maybe we could update the launch permissions to include that account and we could use that other account to test with?

Yup, matching what we do for testing other Fedora cloud images is fine with me!

@jlebon we have a separate account that we've used for testing in Fedora in the past. Separate from the main account. Maybe we could update the launch permissions to include that account and we could use that other account to test with?

Yup, matching what we do for testing other Fedora cloud images is fine with me!

@jlebon, can you confirm what we discussed yesterday on IRC should suffice? If so I think we can close this ticket out and work together on that solution.

Metadata Update from @jlebon:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

4 years ago

Login to comment on this ticket.

Metadata