Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow all AWS Backup actions whilst assuming the sandbox role #6080

Merged
merged 1 commit into from
Jan 30, 2024
Merged

Allow all AWS Backup actions whilst assuming the sandbox role #6080

merged 1 commit into from
Jan 30, 2024

Conversation

georgepstaylor
Copy link
Contributor

@georgepstaylor georgepstaylor commented Jan 30, 2024
edited
Loading

A reference to the issue / Description of it

Currently unable to manage AWS Backups in a sandbox account

We manage custom backup plans for certain resources and in the sandbox account where we have been testing the creation of backup vaults we are unable to remove them with terraform because the vaults are not empty. We are also unable to remove the recovery points in the console or via the cli because the current IAM policy doesn't allow any actions other than starting a restore job. In other environment types, we'd be happy to raise an ask request, but in sandbox it feels appropriate that we could do this ourselves.

How does this PR fix the problem?

Adds wildcard iam perms to allow all actions

How has this been tested?

Please describe the tests that you ran and provide instructions to reproduce.

{Please write here}

Deployment Plan / Instructions

Will this deployment impact the platform and / or services on it?

{Please write here}

Checklist (check x in [ ] of list items)

  • I have performed a self-review of my own code
  • All checks have passed
  • I have made corresponding changes to the documentation
  • Plan and discussed how it should be deployed to PROD (If needed)

Additional comments (if any)

{Please write here}

@georgepstaylor georgepstaylor requested a review from a team as a code owner January 30, 2024 10:50
@github-actions GitHub Actions
Copy link
Contributor

Trivy Scan Success

Show Output ```hcl

Trivy will check the following folders:

</details> #### `Checkov Scan` Success
<details><summary>Show Output</summary>

```hcl

*****************************

Checkov will check the following folders:

CTFLint Scan Success

Show Output 
*****************************

Setting default tflint config...
Running tflint --init...
Installing "terraform" plugin...
Installed "terraform" (source: github.com/terraform-linters/tflint-ruleset-terraform, version: 0.5.0)
tflint will check the following folders:

Trivy Scan Success

Show Output 
*****************************

Trivy will check the following folders:

ep-93
ep-93 approved these changes Jan 30, 2024
View reviewed changes
Copy link
Contributor

@ep-93 ep-93 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved!

@georgepstaylor georgepstaylor merged commit b11ff73 into main Jan 30, 2024
13 checks passed
@georgepstaylor georgepstaylor deleted the sandbox-aws-backup branch January 30, 2024 11:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ep-93 ep-93 ep-93 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@georgepstaylor @ep-93