Skip to content
This repository has been archived by the owner on Jul 1, 2024. It is now read-only.

Feature/OIDC aws docs #2979

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Conversation

Yuhta28
Copy link

@Yuhta28 Yuhta28 commented Jun 4, 2023

Description

I read the doc of Configuring OpenID Connect for AWS.
This document introduced the procedure for creating OIDC providers and IAM roles from the console. I have changed the procedure to use CloudFormation template files because I think it is more efficient.

Checklist:

  • I have reviewed the style guide.
  • If blogging, I have reviewed the blogging guide.
  • I have manually confirmed that all new links work.
  • I added aliases (i.e., redirects) for all filename changes.
  • If making css changes, I rebuilt the bundle.

@susanev susanev requested a review from pgavlin June 4, 2023 05:45
@susanev
Copy link
Contributor

susanev commented Jun 4, 2023

@Yuhta28 thank you for the contribution, we will take a look as soon as we can!

@pgavlin can you take a look?

Copy link
Member

@pgavlin pgavlin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution!

I have two high-level pieces of feedback:

  1. I do not think that we should remove the existing documentation. Even though it is a manual process, I believe that it is important that the docs exist.
  2. I love the idea of automating this. Could we use a Pulumi YAML program rather than a CloudFormation template? Is there a benefit to the CF template over a Pulumi YAML program in this case?

@Yuhta28
Copy link
Author

Yuhta28 commented Jun 7, 2023

@pgavlin
Thanks for feedbacks.

First feedback

I agree with your point. I will revise the manual processto remain as well.

Second feedback

I have the reason why I shoud use the CloudFormation in this case. First, We don't need to install AWS CLI or download AWS IAM AccessKey and SecretKey on local. We believe that CloudFormation can be used more easily because it can be deployed simply by uploading a template file to AWS.
Second, if you manage multiple AWS accounts, you need to switch IAM AccessKey and SecretKey or AssumeRole and deploy Pulumi from local. I found it troublesome, so I recommended CloudFormation.

Next Action

I'm going to revise the doc with your first feedback. Please consider whether you agree with my opinion on your second feedback.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants