Remove reliance on Evergreen instance profile credentials

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Works as Designed
    • Priority: Unknown
    • None
    • Affects Version/s: None
    • Component/s: Evergreen
    • Hide

      DRIVERS-3188:
      Summary of necessary driver changes
      On May 21st, DevProd plans to remove the AssumeRole policy from the evergreen_task_hosts_instance_role_production IAM Role.

      For drivers that are not already explicitly assuming a role using ec2.assume_role, they will need to do so for any tasks that require access to the drivers AWS Secrets Manager, or use the utility functions for MONGODB-AWS.

      For example:

      "my function":
  - command: ec2.assume_role
    params:
      role_arn: ${drivers_test_secrets_role}
  - command: subprocess.exec
    type: test
    params:
      binary: bash
      include_expansions_in_env: [AWS_SECRET_ACCESS_KEY, AWS_ACCESS_KEY_ID, AWS_SESSION_TOKEN]
      args: ["${DRIVERS_TOOLS}/.evergreen/auth_aws/setup.sh"]

      Context for other referenced/linked tickets

      Show
      DRIVERS-3188: Summary of necessary driver changes On May 21st, DevProd plans to remove the AssumeRole policy from the evergreen_task_hosts_instance_role_production IAM Role. For drivers that are not already explicitly assuming a role using ec2.assume_role , they will need to do so for any tasks that require access to the drivers AWS Secrets Manager, or use the utility functions for MONGODB-AWS. For example: "my function" : - command: ec2.assume_role params: role_arn: ${drivers_test_secrets_role} - command: subprocess.exec type: test params: binary: bash include_expansions_in_env: [AWS_SECRET_ACCESS_KEY, AWS_ACCESS_KEY_ID, AWS_SESSION_TOKEN] args: [ "${DRIVERS_TOOLS}/.evergreen/auth_aws/setup.sh" ] Context for other referenced/linked tickets   https://jira.mongodb.org/browse/DEVPROD-17413
    • None
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?
    • None
    • None
    • None
    • None
    • None
    • None

      This ticket was split from DRIVERS-3188, please see that ticket for a detailed description.

            Assignee:
            Unassigned
            Reporter:
            TPM Jira Automations Bot
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: