Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS: Migrate AWS infra Terraform state files outside the AWS Org management account #4800

Open
deobieta opened this issue Feb 17, 2023 · 6 comments
Open

AWS: Migrate AWS infra Terraform state files outside the AWS Org management account #4800

deobieta opened this issue Feb 17, 2023 · 6 comments
Assignees
@deobieta
Labels
area/infra/aws Issues or PRs related to Kubernetes AWS infrastructure area/infra Infrastructure management, infrastructure design, code in infra/ lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra.

Comments

@deobieta
Copy link
Contributor

We are currently saving Terraform state files in buckets that live in the AWS management account.

What AWS account do we put the state buckets in?

Long term, it's good if we're not putting the state in the management account. The benefit: a Terraform run that doesn't involve the management account should be able to succeed without interacting with the management account.

Originally posted by @sftim in #4694 (comment)

In general we should stop creating resources inside the management account. Service Control Policies affect only member accounts in the organization. They have no effect on users or roles in the management account.

/area infra
/area infra/aws
/priority important-longterm
@k8s-ci-robot k8s-ci-robot added area/infra Infrastructure management, infrastructure design, code in infra/ area/infra/aws Issues or PRs related to Kubernetes AWS infrastructure priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. labels Feb 17, 2023
@ameukam
Copy link
Member

ameukam commented Feb 17, 2023

What AWS account do we put the state buckets in?

Let's put the states in the infra-shared-services account for the moment.

@deobieta
Copy link
Contributor Author

/assign

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 23, 2023
@ameukam
Copy link
Member

ameukam commented May 24, 2023

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 24, 2023
@ameukam ameukam added the sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. label Sep 4, 2023
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 27, 2024
@ameukam
Copy link
Member

ameukam commented Jan 27, 2024

/remove-lifecycle stale
/lifecycle frozen

@k8s-ci-robot k8s-ci-robot added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Jan 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@deobieta deobieta

Labels
area/infra/aws Issues or PRs related to Kubernetes AWS infrastructure area/infra Infrastructure management, infrastructure design, code in infra/ lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra.
Projects
AWS Infrastructure (SIG K8s Infra)
Status: 📋 Backlog
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ameukam @deobieta @k8s-ci-robot @k8s-triage-robot