All Delivery team members should have ssh access to the release instance
Problem Statement
The release instance is a one-off that enables us to test our deployments. We do not centrally manage the logs of this instance. Thus one of the few ways to troubleshoot this instance is to ensure that an Engineer is able to view the logs on the instance itself. At the moment, not all Engineers even have ssh access, thus must rely on an SRE for assistance.
Proposed Solution
In order to be able to access release instances, Delivery team(s) members should belong to a Chef Group that allows this particular access. The access should be provided with the principle of least privilege in mind and should be scoped to the only purpose of accessing logs.
Desired Outcome
- All Delivery team members should have appropriate access to view the service logs on the release instance.
- Entitlement to access release instance logs should be granted (adding new user to group) at onboarding time.
- Entitlement to access release instance logs should be revoked (adding new user to group) at offboarding time.
Milestones
-
Create a Delivery group with its own security requirements that allows release instance log access - issue -
Existing team members have revised access rights to be able to ssh into and have sudo capabilities on the release instance -
Baseline entitlements for Delivery team members for onboarding and offboarding are updated
Edited by Michele Bursi