You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Feature Proposal: Running one instance of Felix against multiple AWS accounts.
Description: Many people own and operate multiple AWS accounts, as is best practice. It may be team separation, environment separation, service separation, etc. But folks following that pattern just as often may establish an "infrastructure" or "shared services" account.
It would be great if we could run Felix in the "shared services" account and have it operate on multiple other accounts.
Proposal: Have Felix take in a list of accounts, roles, and/or external ids from the parameter store (/felix/accounts/[account id]/role and /felix/accounts/[account id]/externalid). Felix will assume roles in those accounts and perform rotation in there as well as the 'local' account.
Open questions:
For simplicity of concept, should Felix operate via switchrole even in the "local" account? Or for simplicity of getting started, should it use its main execution role by default?
Do we use the settings from the "local" account for all executions in all accounts? Offer a way to override settings in the other accounts either in that account's parameter store or in the local parameter store under the /felix/accounts/[account id] path?
The text was updated successfully, but these errors were encountered:
Feature Proposal: Running one instance of Felix against multiple AWS accounts.
Description: Many people own and operate multiple AWS accounts, as is best practice. It may be team separation, environment separation, service separation, etc. But folks following that pattern just as often may establish an "infrastructure" or "shared services" account.
It would be great if we could run Felix in the "shared services" account and have it operate on multiple other accounts.
Proposal: Have Felix take in a list of accounts, roles, and/or external ids from the parameter store (
/felix/accounts/[account id]/roleand/felix/accounts/[account id]/externalid). Felix will assume roles in those accounts and perform rotation in there as well as the 'local' account.Open questions:
/felix/accounts/[account id]path?The text was updated successfully, but these errors were encountered: