KEH-1706 - Credential Refactor (AWS)

[hadiqur]

What type of PR is this? (check all applicable)

• Refactor
• Feature
• Bug Fix
• Optimization
• Documentation Update

What

To ensure best practice:

• We create a general shared policy document in Terraform
• Create IAM User Group and attach it to policy
• Assign User to Group

This now means Digital Landscape will have its own credentials with its service-specific permissions

Testing

Have any new tests been added as part of this issue? If not, try to explain why test coverage is not needed here.

• Yes
• No
  Please write a brief description of why test coverage is not necessary here.
• Not as part of this ticket. (Could be done at a later point)

Documentation

Has any new documentation been written as part of this issue? We should try to keep documentation up to date
as new code is added, rather than leaving it for the future.

• Yes
• No
  Please write a brief description of why documentation is not necessary here.
• Not as part of this ticket. (Could be done at a later point)

Related issues

N/A

How to review

N/A

[TotalDwarf03]

This looks good to me - Good work.

The only thing left here is key rotation for the IAM user. This is a separate ticket though.

[sebtheo]

path and tags are optional.

[hadiqur]

Changed the path to /digital-landscape @sebtheo

[sebtheo]

Changed the path to /digital-landscape @sebtheo

Can you confirm these changes work on sdp-dev? @hadiqur :)

[hadiqur]

Changed the path to /digital-landscape @sebtheo

Can you confirm these changes work on sdp-dev? @hadiqur :)

Yep! We now have an IAM user for digital landscape with the relevant permissions (managed policies) attached via a user group - check AWS portal :)

They've also been attached to the task definition on ECS. In-line ones now removed

[hadiqur]

Small nit: Can you change this from users to -user-group to stay consistent with naming in dev please :)

Done, re-ran terraform apply.

[sebtheo]

Good job!