On Mon, Sep 04, 2023 at 08:30:26AM +0200, Fabian Arrotin wrote: > On 03/09/2023 20:59, Miroslav Suchý wrote: > > According our SOP > > https://docs.fedoraproject.org/en-US/infra/sysadmin_guide/aws-access/#_role_and_user_policies > > > > Users MUST tag resources with their FedoraGroup tag within one day, > > or the resource may be removed. > > > > Hi Miroslav, > > Thanks for the pointer, as I wasn't really aware of the *need* for that tag > but I'll tag all *centos.org resources in that shared fedora/centos account > to have the missing FedoraGroup=centos tag/value.
Yeah, I thought we established that a long time ago in order to make sure we could set iam perms so that someone couldn't affect another group's resources. Sorry if it wasn't documented/communicated. > BTW, just quickly checked the Fedora Communityshift Openshift cluster (so > volumes, EFS, ec2, load-balancers, etc) and none is tagged with > FedoraGroup=fedora :-) Yeah, but thats also in another account right? not the main one? > @Kevin : what about we try to have a common set of AWS rules/policies/SOPs > for both project sharing resources within one or two accounts and > review/audit also permissions, rules, ACLs, etc ? +1 for sure. Anyhow, I can go through the fedora related ones this week and make sure they are tagged. Thanks for doing this Miroslav! kevin
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
