Merge pull request #579 from rust-lang/chore-grant-jake-playground-ec…

…2-ssh-permissions chore: grant Jake playground ec2 ssh permissions
rust-lang · Sep 26, 2024 · 7244dc7 · 7244dc7
2 parents 78f1e4d + f373899
commit 7244dc7
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/terraform/playground/instance.tf b/terraform/playground/instance.tf
@@ -266,7 +266,8 @@ resource "aws_instance" "playground2" {
   }
 
   tags = {
-    Name = "play-2"
+    Name    = "play-2"
+    Service = "playground"
   }
 
   lifecycle {

diff --git a/terraform/team-members-access/infra-deploy-playground.tf b/terraform/team-members-access/infra-deploy-playground.tf
@@ -30,6 +30,29 @@ resource "aws_iam_group_policy" "infra_deploy_playground" {
           "arn:aws:ssm:us-west-1:890664054962:parameter/staging/ansible/all/*",
         ]
       },
+      {
+        "Effect" : "Allow",
+        "Action" : "ec2-instance-connect:SendSSHPublicKey",
+        "Resource" : [
+          "arn:aws:ec2:*:*:instance/*",
+        ],
+        "Condition" : {
+          "StringEquals" : {
+            "ec2:osuser" : "shep",
+            "ec2:ResourceTag/Service" : "playground"
+          }
+        }
+      },
+      {
+        "Effect" : "Allow",
+        "Action" : [
+          "ec2:DescribeInstances",
+          "ec2:DescribeVpcs"
+        ],
+        "Resource" : [
+          "arn:aws:ec2:*:*:instance/*",
+        ],
+      }
     ]
   })
 }