Give access to users to access SSM parameters

Question

Give access to users to access SSM parameters

Closed this issue 5 years ago · 2 comments

Standard users do not have permission to run the below command, they perhaps need access to allow them to get the sandbox hsm passwords.

aws ssm get-parameter --query Parameter.Value --output text --with-decryption --name /CLUSTER_NAME/hsm/users/cu/1/password

Answer 1 · 2019-07-17T10:14:43.000Z

From @blairboy362 in Slack yesterday:

That should be done from hijacked containers in the shared Concourse.

Looks like we need to write some docs. @smford Are you happy to do that? There's some info in the info pipeline config.

Answer 2 · 2019-07-17T15:57:36.000Z

Closing issue. The problem isn't permission related as originally thought when issue raised, instead the preferred method is to use hijacked containers. Documentation explaining method has been added via this pr to the documentation stored here