Need IAM permissions for Session Manager added to Boskos-managed AWS accounts #984
Assignees
Labels
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
priority/backlog
Higher priority than priority/awaiting-more-evidence.
sig/k8s-infra
Categorizes an issue or PR as relevant to SIG K8s Infra.
Comments
|
/assign @justinsb |
|
Is there anything we can do to get this moving? We kind of missed an upgrade bug for Kubernetes 1.19 for a few reasons, but would have been compounded by not having the logs that SSM would have provided. |
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
k8s-ci-robot
added
the
lifecycle/stale
|
/lifecycle frozen |
k8s-ci-robot
added
lifecycle/frozen
|
/priority backlog |
k8s-ci-robot
added
the
priority/backlog
k8s-ci-robot
added
sig/k8s-infra
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Porting over from kubernetes/test-infra#17190 by @detiber
What would you like to be added:
Recently we removed creation of a Bastion host by default from cluster-api-provider-aws and would prefer to avoid creating one for the purposes of testing and would rather use ssh proxied over AWS Session Manager to connect to remote instances for retrieving logs during testing instead.
Will need one of the below done against each AWS subaccount users that is registered as an aws-account resource in Boskos:
Attach the AmazonSSMFullAccess policy
Create a policy with the permissions outlined in docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started-restrict-access.html and attach it, or add it as an inline policy
The text was updated successfully, but these errors were encountered: