Moving AWS auth from IAM users to salsa.debian.org

To: debian-cloud@lists.debian.org, elbrus@debian.org, lucas@debian.org, terceiro@debian.org, tianon@debian.org
Subject: Moving AWS auth from IAM users to salsa.debian.org
From: Bastian Blank <waldi@debian.org>
Date: Sat, 21 Jan 2023 23:58:26 +0100
Message-id: <[🔎] Y8xuEjQOtFe0i9aj@shell.thinkmo.de>
Mail-followup-to: debian-cloud@lists.debian.org, elbrus@debian.org, lucas@debian.org, terceiro@debian.org, tianon@debian.org

Hi folks

You are receiving this e-mail, because you have somewhat used IAM
users to access Debian AWS accounts.

The cloud team intents to deprecate the use of IAM users for accessing
the (new) Debian AWS accounts.  In the future, logins to those AWS
accounts will be done via a Debian IdP (currently salsa.debian.org).

Login to AWS with federated users (SAML or OpenID Connect) requires an
additional piece of software.

I provide an implementation in form of a web browser extension (Chromium
only, supporting Firefox is not possible).  This extension allows login
to the web console or provide access token for programatic access.  You
can get this here
https://salsa.debian.org/cloud-admin-team/webext-debian-aws-login.

In addition it would be possible to write a standlone tool to support
AWS login with federated users with the help of any existing browser.
But I don't intend to implement that for now.

Please verify that this login works for you.  I would like to remove
existing users in a few weeks.

Regards,
Bastian

-- 
Worlds are conquered, galaxies destroyed -- but a woman is always a woman.
		-- Kirk, "The Conscience of the King", stardate 2818.9

Reply to:

Prev by Date: amazon-ec2-net-utils_2.3.0-2_source.changes ACCEPTED into unstable
Next by Date: Re: help wanted, standing up mirroring sync proxies on public cloud
Previous by thread: amazon-ec2-net-utils_2.3.0-2_source.changes ACCEPTED into unstable
Next by thread: Processing of aws-crt-python_0.16.8+dfsg-1_source.changes
Index(es):
- Date
- Thread