Restrict Application Creation
How to restrict application creation in Spinnaker with Fiat Permissions
This document will show you how to create the AWS IAM roles from a Terraform Script. This document is based on the idea to automatize this mannual process Deploying to AWS from Spinnaker (using IAM instance roles) using a terraform script. That means you have two options to create the AWS IAM roles.
You should have a profile configured in your
In the file “terraform.tfvars” you need to set some variables in order to execute properly.
Download the terraform script from: https://github.com/armory/terraform.git and open the
Edit the terraform.tfvars and fill with the corresponding values.
Run the follow commands.
terraform init terraform plan -var-file=terraform.tfvars terraform apply -var-file=terraform.tfvars
After run the script the roles and policies should be created and the output of the script is the instructions that you will need to execute in order to enable the aws account in halyard.
Outputs: commands = Run this commands in order: export AWS_ACCOUNT_NAME=aws-dev-1 export ACCOUNT_ID=569630529054 export ROLE_NAME=role/SpinnakerManagedRoleTerraform hal config provider aws account add $AWS_ACCOUNT_NAME --account-id $ACCOUNT_ID --assume-role $ROLE_NAME hal config provider aws enable hal config provider aws account edit $AWS_ACCOUNT_NAME --regions us-east-1,us-west-2 hal deploy apply