Closed
Bug 1299183
Opened 8 years ago
Closed 8 years ago
Expose S3 bucket to Telemetry team [Stage environment]
Categories
(Cloud Services Graveyard :: Metrics: Pipeline, defect)
Cloud Services Graveyard
Metrics: Pipeline
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: peterbe, Unassigned)
References
Details
Attachments
(1 file)
We have an S3 bucket that needs to be exposed/granted to the Telemetry team (led by Mark Reid) so he can point his tools to suck down its content. The bucket is located in Oregon ("us-west-2"?) and it's called org-allizom-telemetry-crashes JP, cc'ed, is the master of our IAM and best to direct technical questions to.
Comment 1•8 years ago
|
||
Mark, how can I transfer creds to you? Lastpass?
Comment 2•8 years ago
|
||
:jp for this we want to have a bucket policy that allows access from the dev IAM, something like: { "Version": "2008-10-17", "Statement": [ { "Sid": "MozSvcDevAccountAccessList", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::927034868273:root" }, "Action": [ "S3:ListBucket", "S3:GetBucketLocation" ], "Resource": "arn:aws:s3:::__S3_BUCKET__" }, { "Sid": "MozSvcDevAccountAccessGet", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::927034868273:root" }, "Action": "S3:Get*", "Resource": "arn:aws:s3:::__S3_BUCKET__/*" } ] } 927034868273 is the correct account number to use. Once that's in place, :mreid we'll need to update the atmo instance IAM role to also have read access to the same bucket.
Comment 3•8 years ago
|
||
Fair, we can do it like that. In socorro-land we've generally granted by IAM group rather than bucket policy, but since we're tying into an existing system, that is much nicer.
Comment 4•8 years ago
|
||
Cool, please let me know when this is in effect on the socorro side so I can add the read policy on the telemetry side.
Comment 5•8 years ago
|
||
I've setup the bucket policy, so we should be set to update the IAM role.
Comment 7•8 years ago
|
||
Comment 8•8 years ago
|
||
r=whd. Access is working. Example notebook: https://gist.github.com/mreid-moz/31ac995e3180c156db61e5f1c0ee745b
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(mreid)
Resolution: --- → FIXED
Updated•6 years ago
|
Product: Cloud Services → Cloud Services Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•