Add support for EC2 Tags #74
Conversation
There was a problem hiding this comment.
Hi @sistemi-etime
I like the idea to fetch the configuration from the instance tags!
I added a few comments regarding documentation.
README.md
Outdated
| @@ -37,21 +37,6 @@ A picture is worth a thousand words: | |||
|
|
|||
| ## How to integrate this system into your environment | |||
|
|
|||
| ### Install via RPM | |||
There was a problem hiding this comment.
any reasons why you removed the rpm block?
There was a problem hiding this comment.
No. Sorry for mistake.
There was a problem hiding this comment.
no worries. can you re add the text block in a new commit?
README.md
Outdated
| @@ -94,6 +80,8 @@ one or more of the following lines: | |||
| ASSUMEROLE="IAM-role-arn" # IAM Role ARN for multi account. See below for more info | |||
| IAM_AUTHORIZED_GROUPS="GROUPNAMES" # Comma seperated list of IAM groups to import | |||
| SUDOERS_GROUPS="GROUPNAMES" # Comma seperated list of IAM groups that should have sudo access | |||
| IAM_AUTHORIZED_GROUPS_TAG="KeyTag" # Key Tag of EC2 that contains a Comma seperated list of IAM groups to import | |||
There was a problem hiding this comment.
if I understand this correctly, that IAM_AUTHORIZED_GROUPS_TAG will override IAM_AUTHORIZED_GROUPS, so I can only use one of the config values. right?
There was a problem hiding this comment.
Okay. Could you add this to the documentation?
README.md
Outdated
| @@ -94,6 +80,8 @@ one or more of the following lines: | |||
| ASSUMEROLE="IAM-role-arn" # IAM Role ARN for multi account. See below for more info | |||
| IAM_AUTHORIZED_GROUPS="GROUPNAMES" # Comma seperated list of IAM groups to import | |||
| SUDOERS_GROUPS="GROUPNAMES" # Comma seperated list of IAM groups that should have sudo access | |||
| IAM_AUTHORIZED_GROUPS_TAG="KeyTag" # Key Tag of EC2 that contains a Comma seperated list of IAM groups to import | |||
| SUDOERS_GROUPS_TAG="KeyTag" # Key Tag of EC2 that contains a Comma seperated list of IAM groups that should have sudo access | |||
There was a problem hiding this comment.
if I understand this correctly, that SUDOERS_GROUPS_TAG will override SUDOERS_GROUPS, so I can only use one of the config values. right?
There was a problem hiding this comment.
Okay. Could you add this to the documentation?
These changes add support for EC2 Tags.
The authorised groups are retrieved by a request to a specified key, saved on IAM_AUTHORIZED_GROUPS_TAG.
In this way, the befitting groups can be set from EC2 console/API, without edit the configuration in local instance.