testing

cds-snc · Sep 4, 2024 · f8239f5 · f8239f5
1 parent 0ab50c2
commit f8239f5
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 3 deletions.
diff --git a/scripts/aws-auth.yaml b/scripts/aws-auth.yaml
@@ -8,9 +8,33 @@ data:
     - groups:
       - system:bootstrappers
       - system:nodes
-      rolearn: arn:aws:iam::$ACCOUNT_ID:role/eks-worker-role
+      rolearn: arn:aws:iam::800095993820:role/eks-worker-role
       username: system:node:{{EC2PrivateDNSName}}
     - groups:
       - system:masters
-      rolearn: arn:aws:iam::$ACCOUNT_ID:role/$ROLE_NAME
+      rolearn: arn:aws:iam::800095993820:role/AWSReservedSSO_AWSAdministratorAccess_e6e62a284c3c35fc
       username: AWSAdministratorAccess:{{SessionName}}
+    - rolearn: arn:aws:iam::800095993820:role/notification-admin-apply
+      username: notification-admin-apply
+      groups:
+        - system:masters
+    - rolearn: arn:aws:iam::800095993820:role/notification-api-apply
+      username: notification-api-apply
+      groups:
+        - system:masters
+    - rolearn: arn:aws:iam::800095993820:role/notification-document-download-api-apply
+      username: notification-document-download-api-apply
+      groups:
+        - system:masters
+    - rolearn: arn:aws:iam::800095993820:role/notification-documentation-apply
+      username: notification-documentation-apply
+      groups:
+        - system:masters
+    - rolearn: arn:aws:iam::800095993820:role/notification-manifests-apply
+      username: notification-manifests-apply
+      groups:
+        - system:masters
+    - rolearn: arn:aws:iam::800095993820:role/ipv4-geolocate-webservice-apply
+      username: ipv4-geolocate-webservice-apply
+      groups:
+        - system:masters
diff --git a/scripts/kubernetesAWSAuthFix.sh b/scripts/kubernetesAWSAuthFix.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # This script updates the aws-auth config map in the newly created EKS cluster since AWS EKS doesn't create it properly when going through Github Actions
-export ROLE_NAME=$(aws iam list-roles | jq -r '.Roles[] | select(.RoleName|match("AWSReservedSSO_AWSAdministratorAccess_*")) | .RoleName')
+#export ROLE_NAME=$(aws iam list-roles | jq -r '.Roles[] | select(.RoleName|match("AWSReservedSSO_AWSAdministratorAccess_*")) | .RoleName')
 export ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
 
 envsubst < aws-auth.yaml | sponge aws-auth.yaml