Re: Moving AWS auth from IAM users to salsa.debian.org
On 21/01/23 at 23:58 +0100, Bastian Blank wrote:
> Hi folks
>
> You are receiving this e-mail, because you have somewhat used IAM
> users to access Debian AWS accounts.
>
> The cloud team intents to deprecate the use of IAM users for accessing
> the (new) Debian AWS accounts. In the future, logins to those AWS
> accounts will be done via a Debian IdP (currently salsa.debian.org).
>
> Login to AWS with federated users (SAML or OpenID Connect) requires an
> additional piece of software.
>
> I provide an implementation in form of a web browser extension (Chromium
> only, supporting Firefox is not possible). This extension allows login
> to the web console or provide access token for programatic access. You
> can get this here
> https://salsa.debian.org/cloud-admin-team/webext-debian-aws-login.
>
> In addition it would be possible to write a standlone tool to support
> AWS login with federated users with the help of any existing browser.
> But I don't intend to implement that for now.
>
> Please verify that this login works for you. I would like to remove
> existing users in a few weeks.
Hi,
Could this be postponed until after the bookworm release? I have little
time for Debian, and would like to focus on stuff that is relevant for
bookworm. I fear that this might my workflow for archive rebuilds (even
if it shouldn't, since I'm mostly using role-based auth from a VM).
Lucas
Reply to: