[Plone-testing-team] S3 bucket account management for collective repositories
Asko Soukka
asko.soukka at iki.fi
Sat Mar 1 19:37:25 UTC 2014
Asko Soukka wrote:
> - each collective repository will get its own AWS identity
> - each collective repository will get its own S3 bucket
> - the identity will be given push permissions to the bucket
Oh, actually this could be done automatically, because the master robot
account only needs permissions to 1) create new user 2) create new
bucket and 3) set policy for the bucket. So, it cannot give any AWS
permissions beyound S3 and will be pretty safe.
Also, because encrypted keys will work only for the repository, which
they have been encrypted for, we can just publish the keys somewhere and
don't need to touch the repositories.
So, probably, I just:
add a new file (e.g. buckets.txt) into collective.github.com -repository
add a Jenkins job, which reads the file and setups requested S3 buckets
with credentials and publishes encrypted keys somewhere (e.g. in a S3
bucket :)
-Asko
More information about the Plone-testing-team
mailing list