-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial SQS queue + user policy #377
Conversation
This looks like a good starting point. 👍 Can I help you with Terragrunt somehow? |
Co-authored-by: Jan David <[email protected]>
Hm, I'm not sure there's a good intermediate step, I can probably copy what I did for bors with some adjustments for the deployed-ref business... |
I'm also happy for you to just take this and run with it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let me just run with this for now and make a note to go over our documentation for Terragrunt.
I'm gonna merge this and continue in a separate branch so that we review new changes more easily. |
The SQS queue that was configured in rust-lang#377 has been deployed to the new staging account for crates.io that was created in rust-lang#374. Slight modifications were necessary to the configuration: - The resource and human-readable names of the SQS are now identical. - The `sid` for policies matches the naming rules of AWS. - The input variable has been changed, since the account number is not part of a bucket's ARN and can thus not be extracted from it. The infrastructure has been deployed with the same version of the Terraform provider for AWS as the other modules in simpleinfra to ensure future compatibility.
This adds a new terragrunt module for the new crates.io account(s) and puts the SQS queue and related IAM policies into the module. However, it does not yet wire up the account or try to deploy this -- I haven't connected those bits yet and getting terragrunt to cooperate with me is usually pretty finicky. Hopefully this helps as a starting point though.
Remaining steps:
Possibly:
IMO if we can, let's deploy this before we actually finish wiring up s3 -- crates.io can start reading from the queue and such early that way and kick the tires.
cc #372
r? @jdno cc @Turbo87