Skip to content

Commit

Permalink
Merge pull request #374 from jdno/crates-io-aws-accounts
Browse files Browse the repository at this point in the history
Create AWS accounts for crates.io
  • Loading branch information
jdno authored Dec 20, 2023
2 parents 4e44aeb + 33243e9 commit d168242
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 0 deletions.
10 changes: 10 additions & 0 deletions terragrunt/modules/aws-organization/accounts.tf
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,16 @@ resource "aws_organizations_account" "legacy" {
email = "[email protected]"
}

resource "aws_organizations_account" "crates_io_staging" {
name = "crates-io-staging"
email = "[email protected]"
}

resource "aws_organizations_account" "crates_io_prod" {
name = "crates-io-prod"
email = "[email protected]"
}

resource "aws_organizations_account" "docs_rs_staging" {
name = "docs-rs-staging"
email = "[email protected]"
Expand Down
31 changes: 31 additions & 0 deletions terragrunt/modules/aws-organization/groups.tf
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,13 @@ resource "aws_identitystore_group" "billing" {
description = "People with access to the billing portal"
}

resource "aws_identitystore_group" "crates_io" {
identity_store_id = local.identity_store_id

display_name = "crates-io"
description = "The crates.io team"
}

# The different permission sets a group may have assigned to it

resource "aws_ssoadmin_permission_set" "administrator_access" {
Expand Down Expand Up @@ -112,6 +119,30 @@ locals {
permissions : [aws_ssoadmin_permission_set.view_only_access] }
]
},
# crates-io Staging
{
account : aws_organizations_account.crates_io_staging,
groups : [
{ group : aws_identitystore_group.infra-admins,
permissions : [aws_ssoadmin_permission_set.view_only_access, aws_ssoadmin_permission_set.administrator_access] },
{ group : aws_identitystore_group.infra,
permissions : [aws_ssoadmin_permission_set.view_only_access, aws_ssoadmin_permission_set.administrator_access] },
{ group : aws_identitystore_group.crates_io,
permissions : [aws_ssoadmin_permission_set.view_only_access] },
]
},
# crates-io Production
{
account : aws_organizations_account.crates_io_prod,
groups : [
{ group : aws_identitystore_group.infra-admins,
permissions : [aws_ssoadmin_permission_set.view_only_access, aws_ssoadmin_permission_set.administrator_access] },
{ group : aws_identitystore_group.infra,
permissions : [aws_ssoadmin_permission_set.view_only_access] },
{ group : aws_identitystore_group.crates_io,
permissions : [aws_ssoadmin_permission_set.view_only_access] },
]
},
# docs-rs Staging
{
account : aws_organizations_account.docs_rs_staging,
Expand Down

0 comments on commit d168242

Please sign in to comment.