Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

create ci-staging aws account #635

Merged
merged 1 commit into from
Dec 3, 2024
Merged

create ci-staging aws account #635

merged 1 commit into from
Dec 3, 2024

Conversation

marcoieni
Copy link
Member

@marcoieni marcoieni commented Dec 3, 2024

We want to test running github actions into aws, so I created a new aws account.

Name

Do you like the name of the account or is it too minimal?

I also considered ci-runners-{staging, prod}

Plan

12:21:59.778 STDOUT terraform: Terraform will perform the following actions:
12:21:59.778 STDOUT terraform:   # aws_organizations_account.ci_staging will be created
12:21:59.778 STDOUT terraform:   + resource "aws_organizations_account" "ci_staging" {
12:21:59.778 STDOUT terraform:       + arn               = (known after apply)
12:21:59.778 STDOUT terraform:       + close_on_deletion = false
12:21:59.778 STDOUT terraform:       + create_govcloud   = false
12:21:59.778 STDOUT terraform:       + email             = "admin+ci-staging@rust-lang.org"
12:21:59.778 STDOUT terraform:       + govcloud_id       = (known after apply)
12:21:59.778 STDOUT terraform:       + id                = (known after apply)
12:21:59.778 STDOUT terraform:       + joined_method     = (known after apply)
12:21:59.778 STDOUT terraform:       + joined_timestamp  = (known after apply)
12:21:59.778 STDOUT terraform:       + name              = "ci-staging"
12:21:59.778 STDOUT terraform:       + parent_id         = (known after apply)
12:21:59.778 STDOUT terraform:       + status            = (known after apply)
12:21:59.778 STDOUT terraform:       + tags_all          = (known after apply)
12:21:59.778 STDOUT terraform:     }
12:21:59.778 STDOUT terraform: Plan: 1 to add, 0 to change, 0 to destroy.

Copy link
Member

@jdno jdno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The name is fine for me. Maybe we want to move the CI caches there eventually as well...

@marcoieni
Copy link
Member Author

applied

@marcoieni marcoieni merged commit 1a00203 into master Dec 3, 2024
3 checks passed
@marcoieni marcoieni deleted the create-aws-ci-account branch December 3, 2024 11:51
@Mark-Simulacrum
Copy link
Member

I might add rustc or something to the account names; if we do this it seems likely we'll want to limit to partition by account any different repos.

@marcoieni
Copy link
Member Author

are you proposing to have one account per repo? Sounds a bit too much 🤔

Probably I misunderstood. We can discuss in zulip, too 👍

@Mark-Simulacrum
Copy link
Member

At the very least I would isolate our user-facing builds (i.e., rustc dist) in its own account. Long-term even if we don't pursue CodeBuild I'd expect us to move the S3 buckets and what not related to rustc dist into said account, and accounts provide a default isolation boundary that takes intentional effort to break (unlike e.g. just being careful with permissions).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants