On Mon, Sep 04, 2023 at 08:30:26AM +0200, Fabian Arrotin wrote:
On 03/09/2023 20:59, Miroslav Suchý wrote:
> According our SOP
>
https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/aws-access/#_ro...
>
> Users MUST tag resources with their FedoraGroup tag within one day,
> or the resource may be removed.
>
Hi Miroslav,
Thanks for the pointer, as I wasn't really aware of the *need* for that tag
but I'll tag all *centos.org resources in that shared fedora/centos account
to have the missing FedoraGroup=centos tag/value.
Yeah, I thought we established that a long time ago in order to make
sure we could set iam perms so that someone couldn't affect another
group's resources. Sorry if it wasn't documented/communicated.
BTW, just quickly checked the Fedora Communityshift Openshift cluster
(so
volumes, EFS, ec2, load-balancers, etc) and none is tagged with
FedoraGroup=fedora :-)
Yeah, but thats also in another account right? not the main one?
@Kevin : what about we try to have a common set of AWS
rules/policies/SOPs
for both project sharing resources within one or two accounts and
review/audit also permissions, rules, ACLs, etc ?
+1 for sure.
Anyhow, I can go through the fedora related ones this week and make sure
they are tagged.
Thanks for doing this Miroslav!
kevin