Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(PRD) Granting AWS access via discord commands #245

Open
6 tasks
vikhyat187 opened this issue Sep 2, 2024 · 1 comment
Open
6 tasks

(PRD) Granting AWS access via discord commands #245

vikhyat187 opened this issue Sep 2, 2024 · 1 comment
Assignees
@vikhyat187
Labels
backend feature task A big ticket item that needs to come up as a feature PRD

Comments

@vikhyat187
Copy link

vikhyat187 commented Sep 2, 2024
edited
Loading

Overview

This ticket, lists all the requirements for the feature to grant AWS access via discord slash commands.

Requirments checklist

  • Super User Access: Only super users should have the ability to use the Discord command to grant AWS access to users.
  • Remove Access Control: Only super users should have the ability to use the Discord command to remove AWS access from users.
  • Granting Access: Access can be granted to a single user by specifying the user group they need to be added to. The user groups are pre-created in the AWS account.
  • Revoking Access: Access should be automatically revoked when a user leaves the Discord server.
  • User-Group Specification: The command should allow specifying any of the pre-created user groups in the AWS account.

Flow

  1. Super user runs the command grant-aws-access @vikhyat - This can be the first command which grants user the AWS access. This commands check if there exists a user with discordId if not create a new user.
  2. The second command can be to add user to the user group which has the required permissions. add-user-to-group @vikhyat <user-group name> - This command checks if the user with discordId exists if yes add the user to the user-group which has permissions, if the user group doesn't not exists, then throw error.
  3. When we hit the discord command, discord-slash-command service, will call website-backend to fetch the user details (discordId)
  4. Using this discordId we can check if the user already exists.
  5. We can have another Super user only command to remove the access remove-aws-access @vikhyat this will delete the user from our AWS account.
  6. Post creation of user in AWS, user will receive an email for setting up their password. (Need to do a quick POC for this)

Tasks list

Open questions

  • Should we create the AWS user using the discordId or the email Id, considering the user-name can be modified.
  • Can we use the email stored in user data, or we should have it as input in the discord command?
  • Should we focus on granting access to multiple users or this can be taken up in next phases?

Conclusion

This PRD outlines the process required to implement discord command, which can help in creating the AWS user and granting them permissions.
Please review and let me know if any changes are needed.
@vikhyat187 vikhyat187 self-assigned this Sep 3, 2024
@vikhyat187 vikhyat187 added feature task A big ticket item that needs to come up as a feature backend PRD labels Sep 6, 2024
@vikhyat187
Copy link
Author

Further Requirements discussed with Ankush on 19th Sep

  • We can have the discord command to grant the read only access for now in the MVP.
  • We can use the Identity center, instead of creating the IAM users.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vikhyat187 vikhyat187

Labels
backend feature task A big ticket item that needs to come up as a feature PRD
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vikhyat187