Skip to article frontmatterSkip to article content
Site not loading correctly?

This may be due to an incorrect BASE_URL configuration. See the MyST Documentation for reference.

Regenerate credentials for NASA SMDE accounts

This document describes how we regenerate credentials for users and the deployer when they expire in NASA SMDC accounts.

Regenerate credentials for the deployer

  1. Set the cluster name as an environment variable

    export CLUSTER_NAME=...
  2. Authenticate yourself with https://aws.sciencecloud.nasa.gov/

  3. Navigate to the AWS terraform folder in the infrastructure repo.

    cd terraform/aws
  4. Initialise terraform.

    terraform init
  5. Select the correct workspace, either by using the terraform command or setting another environment variable.

    # Using terraform command
    terraform workspace select $CLUSTER_NAME
    
    # Using an environment variable
    export TF_WORKSPACE=$CLUSTER_NAME
  6. Replace the previous deployer credentials with new ones.

    terraform apply -replace=aws_iam_access_key.continuous_deployer -var-file=projects/$CLUSTER_NAME.tfvars
  7. Export the new credentials to a file and then encrypt them in-place with sops.

    terraform output -raw continuous_deployer_creds > ../../config/clusters/$CLUSTER_NAME/enc-deployer-credentials.secret.json
    sops -i -e ../../config/clusters/$CLUSTER_NAME/enc-deployer-credentials.secret.json
  8. git add the modified files and then commit them.

    git commit -m "nasa smce clusters: re-generate deployer credentials"

    You can then open a Pull Request and merge it.