You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I host Atlantis in AWS ECS, using the module by Anton Babenko. My repo is a multi account setup each with its separate state.
Very simplified it looks something like this:
terraform/
accounts/
prod/
stage/
int/
The prod, stage and int accounts each have a deploy IAM role which is allowed to deploy to that particular account. I then grant sts:AssumeRole to anyone that should be allowed to deploy in that account.
My Atlantis IAM role is arn:aws:iam::1234567890:role/atlantis, and my goal is to have it assume the deploy role in the respective account, before running any plan or apply.
Is this possible to solve with a pre-workflow hook? I don't mind maintaining a server side config with role ARN's to assume for each of my accounts.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi,
I host Atlantis in AWS ECS, using the module by Anton Babenko. My repo is a multi account setup each with its separate state.
Very simplified it looks something like this:
The prod, stage and int accounts each have a deploy IAM role which is allowed to deploy to that particular account. I then grant
sts:AssumeRoleto anyone that should be allowed to deploy in that account.My Atlantis IAM role is
arn:aws:iam::1234567890:role/atlantis, and my goal is to have it assume the deploy role in the respective account, before running any plan or apply.Is this possible to solve with a pre-workflow hook? I don't mind maintaining a server side config with role ARN's to assume for each of my accounts.
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions