-
Notifications
You must be signed in to change notification settings - Fork 807
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Need IAM permissions for Session Manager added to Boskos-managed AWS accounts #984
Comments
/assign @justinsb |
Is there anything we can do to get this moving? We kind of missed an upgrade bug for Kubernetes 1.19 for a few reasons, but would have been compounded by not having the logs that SSM would have provided. |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
/lifecycle frozen |
/priority backlog |
Porting over from kubernetes/test-infra#17190 by @detiber
What would you like to be added:
Recently we removed creation of a Bastion host by default from cluster-api-provider-aws and would prefer to avoid creating one for the purposes of testing and would rather use ssh proxied over AWS Session Manager to connect to remote instances for retrieving logs during testing instead.
Will need one of the below done against each AWS subaccount users that is registered as an aws-account resource in Boskos:
Attach the AmazonSSMFullAccess policy
Create a policy with the permissions outlined in docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started-restrict-access.html and attach it, or add it as an inline policy
The text was updated successfully, but these errors were encountered: