Skip to content

Instantly share code, notes, and snippets.

View nodomain's full-sized avatar

Fabian Fischer nodomain

24 followers · 9 following
View GitHub Profile
@nodomain
nodomain / terraform-0.13-auto-replace-provider.sh
Last active September 10, 2020 06:47
Terraform 0.13: Replace "namespaceless" providers in state with the HashiCorp namespace variant
terraform state pull | grep provider | grep registry.terraform.io/- | uniq | cut -d"\\" -f2 | cut -d"\"" -f2 | sort | uniq \
| while IFS= read -r line; do terraform state replace-provider -auto-approve ${line} ${line/-/hashicorp} ; done
@nodomain
nodomain / README.md
Created October 25, 2018 15:46 — forked from holyjak/README.md
IAM policy to allow Continuous Integration user to deploy to AWS Elastic Beanstalk

IAM policy to allow Continuous Integration user to deploy to AWS Elastic Beanstalk

IAM policy that we attach to CI users so that our CI server can deploy new versions of our applications to our EB environments without giving them too many permissions. When some permissions are missing, deploys may fail with the useless and misleading ERROR event log

Service:AmazonCloudFormation, Message:TemplateURL must reference a valid S3 object to which you have access.

(Notice that in many cases the error has nothing to do with S3 but can be caused by any missing permissions, for instance autoscaling:SuspendProcesse. Yes, it sucks.)

The policy can certainly be tightened more, it is not the most restrictive policy that works. As Kyle points out, the full EC2 rights are likely the biggest problem.