Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-9709

Replace IAM users in quay accounts with IAM roles

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • quay.io
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected

      Problem statement:

      IAM users have access keys that are fundamentally insecure. Best practice is short-lived access with IAM roles which can be done with ROSA STS.

      Resources:

      https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/getting_started/rosa-sts-understanding-the-deployment-workflow 

      Implementation ideas:

      App-Interface has a lot of prior examples of IAM role usage.

      Acceptance Criteria:

      All the things that have to be done for the feature to be ready to release

      Default Acceptance Criteria:

      • All existing/affected SOPs have been updated
      • New SOPs have been written
      • The feature has both unit and end to end tests passing in all test pipelines and through upgrades
      • If the feature requires QE involvement, QE has signed off
      • The feature exposes metrics necessary to manage it (VALET/RED)
      • The feature has had a security review
      • Contract impact assessment
      • Documentation is complete

              Unassigned Unassigned
              rh-ee-rywallac Ryan Wallace
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: