-
Notifications
You must be signed in to change notification settings - Fork 8
6. Access management cheat sheet
Maksym Zaporozhets edited this page Jun 9, 2023
·
1 revision
Assuming that:
- GitLab group = AWS S3 bucket + IAM user group + IAM policy for this bucket
- User can access the client's projects (repositories) = User is present in the IAM user group
- GitLab project (repository) = A folder in the bucket
Note that IAM user group
IS NOT a team of developers
because GitLab (at least CE) does not have such entity and
ACL for it. GitLab groups incorporate a set of projects from the same client.
Thus, Grant access to the GitLab group
means Add IAM User to the IAM group
.
This schema may not match your needs. Create and document your own way to manage permissions if needed.
- Add respective devs to this GitLab group.
- Create S3 bucket for this GitLab group.
- Create a new IAM user group.
- Create a new IAM policy for this bucket.
- Attach this new IAM policy to the respective IAM group.
- Add IAM users to this new IAM group.
- Attach this new IAM policy to a special group for the CI/CD pipeline that builds DB images.
- Add a new trigger to the AWS Lambda.
- Add a
Database Image Builder
user to this new GitLab (sub)group.
Nothing to configure.
- Add this GitLab user to the respective GitLab groups.
- Create a new IAM user.
- Add this IAM user to the respective IAM group(s).
Add or remove users from the IAM user groups when you do the same in GitLab. And vice versa.
There are no teams
in GitLab. Just ensure that users are added to the proper GitLab groups and IAM user groups.
- docker:mysql:connect
- docker:mysql:export-db
- docker:mysql:import-db
- docker:mysql:upload-to-aws
- docker:mysql:generate-metadata
- docker:mysql:reconstruct-db
- docker:mysql:test-metadata
- magento:setup
- magento:reinstall
- magento:test-module-install
- magento:test-templates
- magento:test-dockerfiles
- MacOS and Docker Desktop support
- Bash aliases
- Install Symfony with Dockerizer
- Running-apps-with-existing-Docker-compositions
- Limitations
- Building MySQL images with DB: how it works
- Configure AWS Lambda
- Gitlab pipeline to build images
- Managing AWS S3 access
- Using AWS credentials with Dockerizer
- Access management cheat-sheet
- FAQ