Document changes to AWS IAM
Opened this issue · 3 comments
I was trying out Zero and, to avoid regrets later, I was running it with a "low privilege" user (dev).
This caused errors when TF tried to make changes to the Identity service (IAM) such as creating role or adding MFA (as expected).
Before making changes that may have possible "destructive" repercussions (eg, locking me out of my AWS account), it would be great if those changes were spelled out: at the moment, I can't find out any information (here, or on the Zero pages) and need to somehow "reverse engineer" the TF code (and, as I'm not a Terraform expert, it's hard for me to tell whether my guess are any closer to reality).
Would it be possible to have those changes documented somewhere?
(if that already exists, please feel free to point me to it, and I'd be happy to add that information to the online docs as appropriate too).
Thanks in advance.
(BTW - I really like Zero, looks like something that needed doing! 😄 thanks! 🚀 )
When running zero apply it will start making changes to various resources in AWS including IAM, but it won't affect the user account you're using to run it in any way. It creates new roles and policies, and attaches them to any new users you create, but there shouldn't be conflicts with other IAM users or anything else in the AWS account. That being said, it's probably best to run it in a fresh AWS account anyway if possible just to keep things nice and isolated.
Thanks, this is helpful.
Happy to add it to the docs if you would like me to?
That would be great, thanks!