#sig-k8s-infra AWS Accounts + Google Groups

- [#sig-k8s-infra AWS Accounts + Google Groups](#org021299b) - [Password Reset Process](#org4627455) <a id="org021299b"></a> # #sig-k8s-infra AWS Accounts + Google Groups Our terraform code creates org-accounts with an email address. Currently with a pattern similar to this [example](<https://github.com/kubernetes/k8s.io/blob/main/infra/aws/terraform/management-account/organization-accounts-capa-playground.tf#L21>): ```terraform module "k8s-infra-sandbox-capa" { source = "../modules/org-account" account_name = "k8s-infra-sandbox-capa" email = "k8s-infra-sandbox-capa@kubernetes.io" iam_user_access_to_billing = "ALLOW" parent_id = aws_organizations_organizational_unit.production.id } ``` These accounts are google groups ([used to manage permissions in GCP](<https://github.com/kubernetes/k8s.io/tree/main/groups#automation-of-google-groups-maintenance-for-k8s-infra-permissions>)) that also function as mailing lists managed and defined in [k/k8s.io groups/sig-k8s-infra/group.yaml](<https://github.com/kubernetes/k8s.io/blob/main/groups/sig-k8s-infra/groups.yaml#L466-L478>): Please ensure the group has setting **WhoCanPostMessage: “ANYONE<sub>CAN</sub><sub>POST</sub>”**, as the emails will come from Amazon. ```yaml - email-id: k8s-infra-sandbox-capa@kubernetes.io name: k8s-infra-sandbox-capa description: |- ACL for CAPA sandbox settings: WhoCanPostMessage: "ANYONE_CAN_POST" ReconcileMembers: "true" members: - ameukam@gmail.com - davanum@gmail.com - hh@cncf.io - atharvashinde179@gmail.com - ankita.swamy20@gmail.com - richmcase@gmail.com ``` Ensure you have access to a member email address of the group. A password reset link will be sent to everyone in the group. Communicate a clear expectation that a password reset link is forthcoming, so it can be expected, and only one person sets the password. <a id="org4627455"></a> # Password Reset Process - [ ] Ensure you are logged out of AWS Console - [ ] Visit <https://console.aws.amazon.com/console/home?nc2=h_ct&src=header-signin> - [ ] In the **Root user email address** put the email-id of the k8s AWS account - [ ] Click on **Forgot password** - [ ] Solve the CAPTCHA (good luck!) - [ ] Check your email and click on appropriate reset-password link - [ ] Generate a decent password with 1Password - [ ] Store in AWS CI accounts vault - [ ] Share entry with list (TODO: Figure out how to do that)