Remove reliance on Evergreen instance profile credentials

XMLWordPrintableJSON

    • 2
    • 1
    • Hide

      DRIVERS-3188:
      Summary of necessary driver changes
      On May 21st, DevProd plans to remove the AssumeRole policy from the evergreen_task_hosts_instance_role_production IAM Role.

      For drivers that are not already explicitly assuming a role using ec2.assume_role, they will need to do so for any tasks that require access to the drivers AWS Secrets Manager, or use the utility functions for MONGODB-AWS.

      For example:

      "my function":
  - command: ec2.assume_role
    params:
      role_arn: ${drivers_test_secrets_role}
  - command: subprocess.exec
    type: test
    params:
      binary: bash
      include_expansions_in_env: [AWS_SECRET_ACCESS_KEY, AWS_ACCESS_KEY_ID, AWS_SESSION_TOKEN]
      args: ["${DRIVERS_TOOLS}/.evergreen/auth_aws/setup.sh"]

      Context for other referenced/linked tickets

      Show
      DRIVERS-3188: Summary of necessary driver changes On May 21st, DevProd plans to remove the AssumeRole policy from the evergreen_task_hosts_instance_role_production IAM Role. For drivers that are not already explicitly assuming a role using ec2.assume_role , they will need to do so for any tasks that require access to the drivers AWS Secrets Manager, or use the utility functions for MONGODB-AWS. For example: "my function" : - command: ec2.assume_role params: role_arn: ${drivers_test_secrets_role} - command: subprocess.exec type: test params: binary: bash include_expansions_in_env: [AWS_SECRET_ACCESS_KEY, AWS_ACCESS_KEY_ID, AWS_SESSION_TOKEN] args: [ "${DRIVERS_TOOLS}/.evergreen/auth_aws/setup.sh" ] Context for other referenced/linked tickets   https://jira.mongodb.org/browse/DEVPROD-17413
    • Not Needed
    • None
    • Not Needed
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?
    • None
    • None
    • None
    • None
    • None
    • None

      This ticket was split from DRIVERS-3188, please see that ticket for a detailed description.

            Assignee:
            Bailey Pearson
            Reporter:
            TPM Jira Automations Bot
            Daria Pardue
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: