Update README.md to explain Incubator

[robinglov]

Overview

As someone who wants to learn more about this project, I want to know how to use Incubator and Terraform for overview of the project and to be pointed to the resources that would help me contribute.

Action Items

• Document training meetings and review to make them usable for Wiki.
• Pilot instructions with new people.

Resources/Instructions

Ops Wiki
Terraform Installation
Terraform Incubator
CICD resource

[Tyson-miller]

I added some things to this documentation that I believe would suffice to get people set up and ready to develop in this repository with Terraform. It would be nice if some new people went through it and tried to get set up + added notes wherever they got stuck.

[robinglov]

I added some things to this documentation that I believe would suffice to get people set up and ready to develop in this repository with Terraform. It would be nice if some new people went through it and tried to get set up + added notes wherever they got stuck.

This looks great! We'll start thinking about who would be good to take this on.

[robinglov]

@Tyson-miller In step 1 the command below didn't return anything.

which aws

The below seemed to work.

aws --version
>> aws-cli/2..15.15

Is this the desired result or did I do something incorrectly?

[robinglov]

User needs iam:ListAccessKeys to get Access Key

Help text for Administrator:

User: arn:aws:iam::035866691871:user/robin_glover
Service: iam
Action: ListSigningCertificates
On resource(s): user
Context: because no identity-based policy allows the iam:ListSigningCertificates action

[Tyson-miller]

@Tyson-miller In step 1 the command below didn't return anything.

which aws

The below seemed to work.

aws --version
>> aws-cli/2..15.15

Is this the desired result or did I do something incorrectly?

Interesting yeah that's another way to confirm you have it installed correctly and it's probably better. Updated the documentation accordingly

[Tyson-miller]

User needs iam:ListAccessKeys to get Access Key

Help text for Administrator:

User: arn:aws:iam::035866691871:user/robin_glover Service: iam Action: ListSigningCertificates On resource(s): user Context: because no identity-based policy allows the iam:ListSigningCertificates action

We have a custom IAM policy called SelfManageCredentials which allows people to create access keys. This policy is currently assigned to the ops-group User Group so if users are put in that group then they can create access keys, if not then they won't be able to. I imagine this will change with our IAM re-working but I'll add something to the documentation for now to note that

[ExperimentsInHonesty]

@Tyson-miller Thanks for the note

We have a custom IAM policy called SelfManageCredentials which allows people to create access keys. This policy is currently assigned to the ops-group User Group so if users are put in that group then they can create access keys, if not then they won't be able to. I imagine this will change with our IAM re-working but I'll add something to the documentation for now to note that

It sounds like the process for getting people onboarded has been built or is being built, but I can't find any documentation on it, other than this comment. Where is the documentation for how team members get added to SelfManageCredentials and what happens. I know there is a google doc: IAM Groups and Policies, where we have been working out the details, and I have now made a wiki page DevOps wiki, Permission levels for team members, were we can add information.

Do you know of any other documentation?

[robinglov]

@Tyson-miller Joey has volunteered to help out with this. I'm taking you off the issue, but let me know if you want to keep working on it.