Skip to content

migrations assume role support #31

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

migrations assume role support #31

wants to merge 1 commit into from

Conversation

edwardsb
Copy link
Contributor

No description provided.

@edwardsb
📝 (addons/migrations): Update documentation to reflect new features a…
2ff3063 
…nd usage

✨ (addons/migrations): Add support for assuming IAM role for ECS permissions in migration script
@edwardsb edwardsb requested a review from a team as a code owner April 20, 2025 04:50
@edwardsb
Copy link
Contributor Author

closes #28

@edwardsb edwardsb requested a review from rfairburn April 20, 2025 04:51
rfairburn
rfairburn previously approved these changes Apr 20, 2025
View reviewed changes
Copy link
Contributor

@rfairburn rfairburn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good assuming it has been tested end to end.

@edwardsb
Copy link
Contributor Author

Looks good assuming it has been tested end to end.

I still need to run through some test scenarios.

@harrisonravazzolo harrisonravazzolo mentioned this pull request Apr 21, 2025
Open
maxammann
maxammann reviewed Apr 21, 2025
View reviewed changes
addons/migrations/README.md
## Important Considerations

* **`local-exec`:** This provisioner runs commands on the machine executing Terraform. Ensure this machine has the necessary tools (bash, AWS CLI) and network access/credentials to interact with your AWS environment. This might require specific configuration in CI/CD pipelines.
* **IAM Permissions:** The credentials used by `local-exec` (either default AWS credentials or the assumed role specified by `assume_role_arn`) require sufficient IAM permissions to manage the specified ECS services and tasks.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be great if we document some permission set to execute the migration script. Also which sources it should taget. Potentially this module could provide the role even? Given that the migrate.sh script can change and depends on certain resources.

@maxammann
Copy link

Any update on this one? Even without the role creation this is really helpful already :)

@rfairburn
Copy link
Contributor

@edwardsb is this ready to merge?

@edwardsb edwardsb force-pushed the edwardsb-migration-assume-role branch from 30b2f53 to 2ff3063 Compare May 14, 2025 21:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maxammann maxammann maxammann left review comments

@rfairburn rfairburn rfairburn left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@edwardsb @maxammann @rfairburn