|
1 | 1 | # IAM Permissions Assignment for LSF Deployment |
2 | 2 |
|
3 | | -### Before deploying an IBM Cloud LSF cluster, specific IAM permissions must be assigned to either a user or an access group. This script automates that process. |
| 3 | +#### Before deploying an IBM Spectrum LSF cluster, specific IAM permissions must be assigned to either a user or an access group. The automation script enables this process. |
4 | 4 |
|
5 | | -How to run: |
| 5 | +User has the flexibility to run the specific scripts to gain the required IAM permissions to perform the LSF deployment. The automation ensures that if the user has a certain permissions, then the script will omit them and add only the required permissions to perform the deployment. |
| 6 | + |
| 7 | +For example, for the App configuration service, the user requires Administrator and Manager permissions. If the user already has the Administrator permission, then the script will omit this and provide only Manager permission. |
| 8 | + |
| 9 | +### Benefits of the scripts: |
| 10 | + |
| 11 | +#### Interactive input collection - The script prompts for the IBMid (admin email), Resource Group ID, Account ID, and target (User or Access Group). |
| 12 | + |
| 13 | +#### Permission check - The script verifies that the admin has account-level Administrator rights which is required to assign policies. |
| 14 | + |
| 15 | +#### Assigns required permissions for LSF deployment - This script grants the appropriate permissions across IBM Cloud services that LSF depends upon (for example, VPC, COS, DNS services, KMS, Secrets Manager, and Sysdig Monitoring). |
| 16 | + |
| 17 | +#### Avoids duplicates - The script skips the assignment if a matching policy already exists. |
| 18 | + |
| 19 | +You can get the scripts by performing gitclone on the branch: |
6 | 20 |
|
7 | 21 | ``` |
8 | | -ibmcloud login --apikey <YOUR_API_KEY> -g <RESOURCE_GROUP> |
| 22 | +git clone -b main https://github.com/terraform-ibm-modules/terraform-ibm-hpc.git |
| 23 | +``` |
9 | 24 |
|
10 | | -chmod +x permissions.sh |
| 25 | +1. Navigate to cd tools/access-management, you will get the permissions.sh file. |
| 26 | + |
| 27 | +2. Login to the IBM Cloud with your API key. Run the following command: |
11 | 28 |
|
| 29 | +``` |
| 30 | +ibmcloud login --apikey <YOUR_API_KEY> -g <RESOURCE_GROUP> |
| 31 | +chmod +x permissions.sh |
12 | 32 | ./permissions.sh |
13 | 33 | ``` |
| 34 | + |
| 35 | +3. Enter the admin email or IBMid. |
| 36 | + |
| 37 | +4. Enter the Resource group and Account ID. |
| 38 | + |
| 39 | +For the Account ID, login to the IBM Cloud account by using your unique credentials. Go to Manage > Account > Account settings. You will find the Account ID. |
| 40 | + |
| 41 | +5. You will be asked to assign the roles: |
| 42 | + |
| 43 | +``` |
| 44 | +Access Group - Select this option, if you want to assign the access to the entire access group. |
| 45 | +User - Select this option, if you want to assign the access to an individual user. |
| 46 | +Select the required option. |
| 47 | +``` |
| 48 | + |
| 49 | +6. Enter the target user email, if you select the option 2. |
| 50 | + |
| 51 | +7. User policy is successfully created. |
| 52 | + |
| 53 | +If the user skips to enter the RESOURCE_GROUP_ID or the ACCOUNT_ID, then script displays the error message: |
| 54 | + |
| 55 | +``` |
| 56 | +:x: RESOURCE_GROUP_ID is required. |
| 57 | +:x: ACCOUNT_ID is required. |
| 58 | +``` |
| 59 | + |
| 60 | +This script ensures the user or access group has all the required IAM permissions to successfully deploy an LSF environment. |
0 commit comments