sparse-intern-71089
09/17/2019, 3:10 PMbroad-dog-22463
09/17/2019, 3:12 PMquick-action-34599
09/17/2019, 3:12 PMinterpolate
statement above using encryptedSecret
but it wasn’t being logged outquick-action-34599
09/17/2019, 3:12 PMencryptedSecret
can only be used once?broad-dog-22463
09/17/2019, 3:12 PMbroad-dog-22463
09/17/2019, 3:13 PMquick-action-34599
09/17/2019, 3:13 PMquick-action-34599
09/17/2019, 3:13 PMexport const users = (async () => {
const ret = []
for (const [username, props] of entries(AUTO_USERS)) {
const key = await createUser(username, props);
pulumi.interpolate`Access Key [${username}]: ${key.id} / ${key.encryptedSecret}`;
ret.push({
username,
key: key.id,
secret: key.encryptedSecret,
})
}
return ret;
})()
async function createUser(username: string, props: object) {
const user = new aws.iam.User(username, {
name: username
});
const policy = new aws.iam.UserPolicyAttachment(`${username}-s3access`, {
user,
policyArn: aws.iam.AmazonS3FullAccess,
});
const accessKey = new aws.iam.AccessKey(`${username}-key`, {
user: user.name,
});
return accessKey;
}
broad-dog-22463
09/17/2019, 3:13 PMencryptedSecret
will only be used when a PGP key is suppliedbroad-dog-22463
09/17/2019, 3:13 PMpulumi stack export
and check for secret
?quick-action-34599
09/17/2019, 3:14 PMbroad-dog-22463
09/17/2019, 3:14 PMbroad-dog-22463
09/17/2019, 3:14 PMbroad-dog-22463
09/17/2019, 3:14 PMconst lbAccessKey = new aws.iam.AccessKey("lb", {
pgpKey: "keybase:some_person_that_exists",
user: lbUser.name,
});
quick-action-34599
09/17/2019, 3:14 PMquick-action-34599
09/17/2019, 3:14 PMbroad-dog-22463
09/17/2019, 3:14 PMquick-action-34599
09/17/2019, 3:14 PMbroad-dog-22463
09/17/2019, 3:14 PMbroad-dog-22463
09/17/2019, 3:15 PMbroad-dog-22463
09/17/2019, 3:15 PMbroad-dog-22463
09/17/2019, 3:15 PMquick-action-34599
09/17/2019, 3:15 PMbroad-dog-22463
09/17/2019, 3:15 PMbroad-dog-22463
09/17/2019, 3:15 PMquick-action-34599
09/17/2019, 3:16 PMquick-action-34599
09/17/2019, 3:16 PMbroad-dog-22463
09/17/2019, 3:16 PMquick-action-34599
09/17/2019, 3:16 PMkeybase
and wqs wondering why you’d be using a third-party tool to create AWS accountsquick-action-34599
09/17/2019, 3:16 PMbroad-dog-22463
09/17/2019, 3:16 PMbroad-dog-22463
09/17/2019, 3:17 PMquick-action-34599
09/17/2019, 3:17 PMbroad-dog-22463
09/17/2019, 3:18 PMbroad-dog-22463
09/17/2019, 3:19 PMbroad-dog-22463
09/17/2019, 3:19 PMquick-action-34599
09/17/2019, 3:20 PMquick-action-34599
09/17/2019, 3:20 PMquick-action-34599
09/17/2019, 3:21 PMquick-action-34599
09/17/2019, 3:21 PMbroad-dog-22463
09/17/2019, 3:22 PMbroad-dog-22463
09/17/2019, 3:22 PMbroad-dog-22463
09/17/2019, 3:23 PMpulumi stack output myOutputName | base64 --decode | keybase pgp decrypt
broad-dog-22463
09/17/2019, 3:23 PMquick-action-34599
09/17/2019, 3:25 PMquick-action-34599
09/17/2019, 3:25 PMquick-action-34599
09/17/2019, 3:26 PMquick-action-34599
09/17/2019, 3:44 PM