Skip to content

feat: allow management account to read operation operation S3 bucket#107

Merged
maybSubin merged 4 commits intomainfrom
feat/#106
Aug 1, 2025
Merged

feat: allow management account to read operation operation S3 bucket#107
maybSubin merged 4 commits intomainfrom
feat/#106

Conversation

@maybSubin
Copy link
Contributor

@maybSubin maybSubin commented Jul 31, 2025
edited
Loading

#️⃣ Related Issues

#106

📝 Work Summary

  • management 계정이 operation 계정의 S3 state 버킷 읽기 가능하도록 버킷 정책 추가
  • management 계정이 operation 계정의 S3 state 버킷을 복호화할 수 있도록 KMS 키 정책 추가

🔄 코드 리뷰 반영

  • 리뷰 피드백에 따라 arn:aws:iam::...:root 하드코딩 제거
  • terraform_remote_state를 통해 operation 계정 ID 참조하기 위해, management S3 버킷에 operation 계정의 ReadOnly 권한을 부여하는 정책 추가

Screenshot (Optional)

💬 Review Notes (Optional)

Add any specific points you would like the reviewers to focus on.

@github-actions
Copy link

github-actions bot commented Jul 31, 2025

[Terraform Plan Summary]

항목
Status success
Directory operation-team-account/state/S3
Executed At 2025-07-31 09:39:33 UTC

Plan Output

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Plan Error (if any)

(no errors)

@github-actions
Copy link

github-actions bot commented Jul 31, 2025
edited
Loading

💰 Infracost report

Monthly estimate generated

This comment will be updated when code changes.

sh1220
sh1220 approved these changes Jul 31, 2025
View reviewed changes
Copy link
Contributor

@sh1220 sh1220 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

확인했습니다.
arn이 전체가 노출되는거는 organization쪽 state에서 값을 가져오는식으로 변경하는게 좋을것 같아요.

@github-actions
Copy link

github-actions bot commented Jul 31, 2025

[Terraform Plan Summary]

항목
Status success
Directory management-team-account/state/S3
Executed At 2025-07-31 14:34:03 UTC

Plan Output

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Plan Error (if any)

(no errors)

@github-actions
Copy link

github-actions bot commented Jul 31, 2025

[Terraform Plan Summary]

항목
Status success
Directory operation-team-account/state/S3
Executed At 2025-07-31 14:34:06 UTC

Plan Output

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Plan Error (if any)

(no errors)

@github-actions
Copy link

github-actions bot commented Jul 31, 2025

[Terraform Plan Summary]

항목
Status success
Directory operation-team-account/state/S3
Executed At 2025-07-31 14:35:58 UTC

Plan Output

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Plan Error (if any)

(no errors)

@maybSubin maybSubin merged commit 1f00ac1 into main Aug 1, 2025
5 of 6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sh1220 sh1220 sh1220 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@maybSubin @sh1220