Would it be an acceptable solution if we add SSO or do you also want access to the actual AWS account and all machines?
Yes, the build jobs are automatically getting created for new branches. -Marco Am 05.01.2018 7:35 nachm. schrieb "Marco de Abreu" < [email protected]>: I totally agree, this is not the way it should work in an Apache Project. It's running on an isengard account, meaning it is only accessible for Amazon employees. The problem is that a compromised account could cause damage up to 170,000$ per day. There are alarms in place to notice those cases, but we still have to be very careful. These high limits have been chosen due to auto scaling being added within the next week's. I'd be happy to introduce a committer into the CI process and all the necessary steps as well as granting them permission. The only restriction being that it has to be and Amazon employee and access to console, master and slave only being possible from the Corp network. There is no open ticket. What would you like to request? -Marco Am 05.01.2018 7:22 nachm. schrieb "Chris Olivier" <[email protected]>: Like John and other mentors were saying, it's not proper for CI to be a closed/inaccessible environment. Is it running on an Isengard account or in PROD or CORP or just generic EC2? I think that we should remedy this. It's very strange that no committers have access at all. Is there a ticket open to IPSEC? On Fri, Jan 5, 2018 at 10:17 AM, Marco de Abreu < [email protected]> wrote: > Hello Chris, > > At the moment this is not possible due Amazon AppSec (Application security) > restrictions which does not permit user data and credentials on these > machines. > > I have been thinking about adding single sign on bound to GitHub, but we > would have to check back with AppSec. > > Is the reason for your request still the ability to start and stop running > builds? > > Best regards, > Marco > > Am 05.01.2018 7:11 nachm. schrieb "Chris Olivier" <[email protected]>: > > Marco, > > Are all committers able to get login access to the Jenkins Server? If not, > why? > > -Chris >
