v1.471.0
·
33 commits
to refs/heads/main
since this release
fix(`aws-team-roles`): Remove Deprecated Support and Billing Custom Policies @milldr (#1078)
what
Add missing custom policies names that are already defined with the included component- Removed the custom policies for support and billing
why
Thepolicy-support.tfandpolicy-billing.tffiles already contain these policies by default. We should include them as in the defaultsupplied_custom_policy_map- We should use the AWS managed Job Role policies instead. For example
billing:
<<: *user-template
enabled: false
role_description: "Role with view permissions in the billing console"
role_policy_arns:
- "arn:aws:iam::aws:policy/AWSBillingReadOnlyAccess"
aws_saml_login_enabled: false
max_session_duration: 3600 # 1 hour in seconds
trusted_teams:
- "devops"
- "managers"
billing_admin:
<<: *user-template
enabled: false
role_description: "Role with permissions for billing and cost management. This includes viewing account usage and viewing and modifying budgets and payment methods."
role_policy_arns:
- "arn:aws:iam::aws:policy/job-function/Billing"
aws_saml_login_enabled: false
trusted_teams:
- "devops"
- "managers"
support:
<<: *user-template
enabled: true
role_policy_arns:
- "arn:aws:iam::aws:policy/AWSSupportAccess"
- "arn:aws:iam::aws:policy/AWSTrustedAdvisorPriorityReadOnlyAccess"
role_description: "Role with permissions for accessing the AWS Support Service"
trusted_teams:
- "devops"
- "managers"
- "helpdesk"
references
- Customer engagement
- These changes were reverted in https://github.com/cloudposse/terraform-aws-components/pull/715/files#diff-cfffc34b5672fff580a9d0f4c45efc3d5a8326d66ad54f81c9569cfe5499b7c0R13-R14.
I believe this was a mistake. This was intentional
Contributors
milldr