Hello Fedora infra!
I am writing to ask for your guidance regarding how to best secure the rights to manage AWS resources within AWS Fedora Federation.
If you don't mind, could you please help me to understand what the best way to proceed would be?
I would like to request that I be granted the necessary right in order to manage AWS resources in a Fedora account.
So far, I have created an EKS cluster — but unfortunately, I cannot add any compute nodes to it. Also, I can't seem to create other resources, either.
If it would help, I can provide you with an example:
```
User: arn:aws:sts::125523088429:assumed-role/aws-fedora-ci/astepano is not authorized to perform: eks:TagResource on resource: arn:aws:eks:us-east-1:125523088429:cluster/astepano
User: arn:aws:sts::125523088429:assumed-role/aws-fedora-ci/astepano is not authorized to perform: eks:CreateNodegroup on resource: arn:aws:eks:us-east-1:125523088429:cluster/astepano
```
Could you please help me to figure out what the best way to proceed is?
It is very hard to predict which rights are necessary beforehand.
To give you a little bit of context, for example, I have the rights to manage EKS/EC2 -- but as you can see, AWS denies to act on my EKS cluster.
Also, for example, it would be good to create a PVC/network to not collide with testing-farm.
But unfortunately, I do not have the rights to create PVC/network/other resources.
Also, for some fedora-ci projects EKS is not necessary, ECS/Fargate will be enough.
I do not have rights to manage ECS/Fargate resources.
It would help me a lot if you could please suggest a way to fix this problem.
I don't think that opening a new ticket for each denial would be the most efficient or best approach — is there another good way that we could handle this?
I appreciate your insight.
--Andrei