AWS CCF Issues
108 views
Skip to first unread message
RJ Hill
Jun 10, 2021, 2:52:42 PM6/10/21
to Cloud Carbon Footprint
Has anyone else had any issues getting the CloudFormation piece to work?
In both yaml files it has this ARN: arn:aws:iam::<REPLACE WITH CCF ACCOUNT ID>:role/CCFService but I have no idea what account has this CCFService role. Did I miss something somewhere?
I assume if it were supposed to be our account it would have been ${AWS::AccountId} like it is elsewhere in the yaml.
Thanks in advance for any help you can give!
Cloud Carbon Footprint
Jun 15, 2021, 5:36:30 PM6/15/21
to Cloud Carbon Footprint
Thanks for bringing this up! We have not updated these files in a while so we can create a new ticket to add to the queue to look into this and update the documentation.
Dan Lewis-Toakley
Jun 21, 2021, 9:54:28 PM6/21/21
to raymond...@gmail.com, Cloud Carbon Footprint
Hi RJ,
I've reviewed both yaml files and pushed some changes to hopefully improve their clarity.
To answer your question: that ARN refers to the user or role that has permission to assume the "ccf-athena" or "ccf" role (that has permission to query AWS APIs for the necessary usage data). For ThoughtWorks internal use, we have a role called "CCFService" that we've given permission to assume the "ccf-athena" role, but that is unlikely to be the case for you or others, so we've updated the templates to reflect that. The reason we didn't use ${AWS::AccountId} for this ARN is that the user/role that assumes "ccf-athena" may not exist in the same account where you upload and execute the cloud formation template.
Here is an example: let's say you have one AWS account "123456789", and you want the user "admin" to assume the "ccf-athena" role in the same account, then this ARN would be "arn:aws:iam::123456789:user/admin".
Hope that helps, and enables you to get things working. Let us know how you go and if you have any more issues.
Best,
Dan
--
You received this message because you are subscribed to the Google Groups "Cloud Carbon Footprint" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cloud-carbon-foot...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cloud-carbon-footprint/d7557d86-a23d-45d3-9492-21c8846e378bn%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
| Dan Lewis-Toakley | |
| dan.lewi...@thoughtworks.com | |
| Telephone | +1 917 254 5068 |
| Pronouns | He/Him |
 | |
Reply all
Reply to author
Forward
0 new messages