On Fri, Sep 13, 2019, at 5:17 PM, Paul Frields wrote: > Actually, I'd prefer we not expand use of that second "community-cloud" > account, Dusty. Especially since we seem to be in an uncertain state > for it pretty much constantly as our friends at AWS try to work out how > to get it into their community umbrella. > > Instead, Adam should make use of the existing Fedora AWS account where > we can delegate access via IAM and using roles. Check in with the infra > team -- they can follow an SOP > <https://docs.pagure.org/infra-docs/sysadmin-guide/sops/aws-access.html> to make roles, but you'll still need to work with them to tag some resources and set up a policy so you can play in the right sandbox. I think a related best practice here is to hand out credentials via STS: https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/prog-services-sts.html Particularly for things like "I just want to test this cloud-init package interactively"; no need to have a long-term credential there. _______________________________________________ cloud mailing list -- cloud@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to cloud-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/cloud@xxxxxxxxxxxxxxxxxxxxxxx