I used to have access to the fedoraproject-updates-archive s3 bucket from the aws web console. I no longer have that access since we went away for username/password auth. I'd like to get that access back.
fedoraproject-updates-archive
https://s3.console.aws.amazon.com/s3/buckets/fedoraproject-updates-archive
In the next few weeks would be nice so I can delete the large amount of f32 rpms being stored.
Metadata Update from @mobrien: - Issue assigned to mobrien - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: low-gain, low-trouble, ops
Currently we allow login through SAML sign in which is linked to our auth system. I could create a new group with access for this, is there anyone else that requires this access? It is usually better to have more than one point of contact for these things.
hey @mobrien - can you add @jlebon as well?
I was gonna call this: aws-fcos-mgmt FWIW.
A new group has been created called aws-fcos-mgmt (thanks for the suggestion kevin) @dustymabe is the sponsor and @jlebon has also been added to the group.
aws-fcos-mgmt
I will close out the ticket, feel free to reopen if there are any issues
The group should allow console access to AWS and the S3 bucket fedoraproject-updates-archive
The SOP is here for accessing the console https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/aws-access.html#accessing-the-aws-console with the link for saml auth link here
Metadata Update from @mobrien: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
When I log in via SAML I'm still not able to see the bucket. Do I need to switch roles or something?
The console shows me as Federated Login: aws-atomic/dustymabe.
Federated Login: aws-atomic/dustymabe
Also, there used to be a fcos-builds-mgmt user for humans to manage the fcos-builds s3 bucket but I assume that user account is now gone. Can we add access for that to the aws-fcos-mgmt group too?
fcos-builds-mgmt
This should now be fixed, the changes have been pushed to ipsilon thanks to @abompard
hey @mobrien - thanks! Do you mind adding access for the fcos-builds-mgmt group to the fcos-builds s3 bucket? https://console.aws.amazon.com/s3/buckets/fcos-builds/?region=us-east-1&tab=overview
fcos-builds
Also, can you tell me what aws-atomic is used for now?
aws-atomic
Metadata Update from @dustymabe: - Assignee reset - Issue untagged with: low-gain, low-trouble, ops
Ok I have added the fcos-builds bucket too, let me know if it doesn't show. You may need to log out/in again I'm not sure.
aws-atomic has read only access to EC2. I would guess its just to check configurations and the like.
It works! Thanks!
What do you say we give that read-only access to EC2 to the fcos-builds-mgmt and we get rid of the aws-atomic group?
I attached the EC2 read only access to fcos-mgmt but there are 6 members of aws-atomic so I am hesitant to remove it without some +1's from other members of the group
I can almost guarantee you none of them are using it. If they are then we'll re-evaluate their need and either add them to fcos-builds-mgmt or some other more appropriate group.
Ok I will open a ticket to remove the group and tag all the members, then we can remove
https://pagure.io/fedora-infrastructure/issue/9919
Login to comment on this ticket.