Change Developer role in FPR AWS multi account

Background

Count of FPR team is significantly increasing, and AWS IAM have some limitations, one of them is Role trust policy length max is 2048 characters.

To accommodate this things, we have created new Developer role with a number suffix. For example Developer_001 and Developer_002 . This format is similar with CRP and CRE in tvlk-prod account.

What do you need to do?

Kindly check your name in these files, in which file your name is stored :

fpr-stg account

fpr-prod account

For example :

in fpr-stg , if your name is in Developer_002 file, please change your Developer role name in AWS console and AWS CLI configuration, from Developer to Developer_002
in fpr-prod , if your name is in Developer_001 file, please change your Developer role name in AWS console and AWS CLI configuration, from Developer to Developer_001

Note :

AWS CLI configuration, you can change you role inside ~/.aws/config file in your local. format will be like this :

[profile <profile-name>]

role_arn = arn:aws:iam::<aws-account-ID>:role/Developer_001

source_profile = saml

role_session_name = <your-email-name>@traveloka.com

region = ap-southeast-1

AWS console role configuration, you can change your role when you will do switch role, or if you use AWS Extend Switch Roles browser extension you can follow AWS CLI configuration format and put it in AWS Extend Switch Roles configuration.

Plan

Going forward we will use Developer_001 and Developer_002 and we’re planning to remove the Developer role in fpr-stg and fpr-prod on 19 Feb 2021 at 15.00 (UTC+7), so kindly help to change your current Developer role before the day.

Please don’t hesitate to ask me or mention @fl-devops-eng if you have any questions

Change Developer role in FPR AWS multi account

Background

What do you need to do?

Plan

Reference