Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
AFS
/
infrastructure-notes
2
0
Салаа 0
Файлууд Асуудлууд 0 Хуулах хүсэлтүүд 0 Мэдлэгийн сан
Эх сурвалжийг харах

Updated key rotation notes

Fred Damstra [afs macbook] 3 жил өмнө
parent
04c8a99a16
commit
3af9cdf4ea
1 өөрчлөгдсөн 9 нэмэгдсэн , 5 устгасан
Өөрчлөлтийг ялгаж харах Өөрчлөлтийн статистик харах
  1. 9 5
      AWS Notes.md

+ 9 - 5
AWS Notes.md
Файл харах 

@@ -278,12 +278,16 @@ Keys should be rotated regularly (TODO: What does SSP say?).
 
 
 Note: You can save time by doing the rotations all at once. They're separated out for clarity:
 
 
+IMPORTANT: The apply when rotating keys gives an error:
 
+`LimitExceeded: Cannot exceed quota for AccessKeysPerUser: 2`.
 
+This will go away on the second apply. YOU WILL NEED TO APPLY THE MODULES TWICE.
 
+
 
 ## SES
 
 
 1) On the mailrelay servers in test and prod, `sudo cat /etc/postfix/sasl_passwd` and record the Key ID. You do not need the password.
 
-      test: AKIA2YA7U4A5KVCBMXIA
 
-      prod: AKIA2QD5QM6CJJ5H774N
 
-2) Edit `xdr-terraform-modules/base/mailrelay/ses.tf`. 
+      test: AKIA2YA7U4A5OCW3IQWA
 
+      prod: AKIA2QD5QM6CB5IKPLEN
 
+2) In `xdr-terraform-modules, edit `base/mailrelay/ses.tf`. 
   a) Increment both values of `resource "aws_iam_access_key" "ses_access_key-v3"` (e.g. change 3 to 4, and 4 to 5)
 
   b) Increment the value of the two outputs to be the new highest key.
 
 3) In `xdr-terraform-live`, run `update_module_refs --module 090-instance-mailrelay --newtag v4.3.11` (substituting appropriate tag)
 
@@ -309,7 +313,7 @@ salt mailrelay\* cmd.run 'echo Hi Fred | mail -s "Test" frederick.t.damstra@acce
 
 
 ## moose-hf
 
 
-1. In `xdr-terraform-modules`, edit `base/account_standards_c2/iam.moose-hf`
 
+1. In `xdr-terraform-modules`, edit `base/account_standards_c2/iam.moose-hf.tf`
 
   a. Increment the values for `aws_iam_access_key` by 1 (e.g. change `moose-hf-v0` to `moose-hf-v1`, and `moose-hf-v1` to `moose-hf-v2`)
 
   b. Update the `output "access_keys"` to the correct revisions.
 
 2. In `xdr-terraform-live`, run `update_module_refs --module 005-account-standards-c2 --newtag v4.4.1` (updating tag appropriately)
 
@@ -347,7 +351,7 @@ sudo salt-run fileserver.update
 
 salt salt\* state.sls salt_master.xdr_asset_inventory --output-diff test=true
 
 salt salt\* state.sls salt_master.xdr_asset_inventory --output-diff test=false
 
 # In one window, monitor for errors in the program you're about to run:
 
-tail -F /var/log/xdr_asset_inventory.log # check for errors
 
+sudo tail -F /var/log/xdr_asset_inventory.log # check for errors
 
 # In a second window, run the program:
 
 sudo /opt/xdr_asset_inventory/xdr_asset_inventory.sh
 
 ```