@kevin if you would find a bit of fun time again with AWS perms pls, thanks!

@mobrien is this in your knowledgebase and if so, what are the side effects of allowing this?

Others.. the main sysadmins are going to be head down on trying to get this datacentre up and running for the next 3 months. Larger tasks needing focus and concentration out of that will be slower and delayed.

So, fedora-ci already has eka:* on it's clusters.

I can look at adding the other 2.

Can you explain what you are doing and what (if any) errors you get?

It could well be some other permission. I don't have any great way to tell...

I would be a little wary of the cloudformation:* permission as this would allow anyone who assumes it to delete any stack whether they created it or not.

It does however prevent them from creating/deleting resources in a stack which they do not have permissions to access, which can leave stacks in an UPDATE_ROLLBACK_FAILED state which could leave the stacks in a state where some infrastructure will be left running but likely in an unusable state.

The other 2 are generally ok.

We are going to look at this at 20UTC today in #fedora-admin.

We made a lot of progress, but aren't all the way there yet.

@mvadkert is going to work on things and then let us know in a new ticket if there's further things we need to adjust in policy.

Thanks for @mobrien's help today!