Remove reliance on Evergreen instance profile credentials

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Unresolved
    • Priority: Unknown
    • None
    • Affects Version/s: None
    • Component/s: Evergreen
    • Hide

      DRIVERS-3188:
      Summary of necessary driver changes
      On May 21st, DevProd plans to remove the AssumeRole policy from the evergreen_task_hosts_instance_role_production IAM Role.

      For drivers that are not already explicitly assuming a role using ec2.assume_role, they will need to do so for any tasks that require access to the drivers AWS Secrets Manager, or use the utility functions for MONGODB-AWS.

      For example:

      "my function":
  - command: ec2.assume_role
    params:
      role_arn: ${drivers_test_secrets_role}
  - command: subprocess.exec
    type: test
    params:
      binary: bash
      include_expansions_in_env: [AWS_SECRET_ACCESS_KEY, AWS_ACCESS_KEY_ID, AWS_SESSION_TOKEN]
      args: ["${DRIVERS_TOOLS}/.evergreen/auth_aws/setup.sh"]

      Context for other referenced/linked tickets

      Show
      DRIVERS-3188: Summary of necessary driver changes On May 21st, DevProd plans to remove the AssumeRole policy from the evergreen_task_hosts_instance_role_production IAM Role. For drivers that are not already explicitly assuming a role using ec2.assume_role , they will need to do so for any tasks that require access to the drivers AWS Secrets Manager, or use the utility functions for MONGODB-AWS. For example: "my function" : - command: ec2.assume_role params: role_arn: ${drivers_test_secrets_role} - command: subprocess.exec type: test params: binary: bash include_expansions_in_env: [AWS_SECRET_ACCESS_KEY, AWS_ACCESS_KEY_ID, AWS_SESSION_TOKEN] args: [ "${DRIVERS_TOOLS}/.evergreen/auth_aws/setup.sh" ] Context for other referenced/linked tickets   https://jira.mongodb.org/browse/DEVPROD-17413
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      This ticket was split from DRIVERS-3188, please see that ticket for a detailed description.

            Assignee:
            Unassigned
            Reporter:
            TPM Jira Automations Bot
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: