= Release AWS sandbox This role manages the release of an AWS "sandbox" account. The role will: . Create an AWS profile in `.aws/credentials` using the variables passed: `pool_manager_profile`, `pool_manager_aws_access_key_id` and secret. . call a downstream role, link:../aws-infra-sandbox[`aws-infra-sandbox`]. |============================================= | Variable name | type | Purpose | Mandatory ? | Default | `sandbox_name` | String | The name of the AWS account to release. | *Yes* | - | `pool_manager_aws_access_key_id` | String | The AWS access key of an IAM user that can query the dynamodb | *Yes* | - | `pool_manager_aws_private_access_key` | String | The AWS secret key of an IAM user that can query the dynamodb | *Yes* | - | `pool_manager_vault_password` | String | The passphrase to vault the AWS secret access key before storing it in the DB. You must pass this password in the other role linke:../infra-aws-get-sandbox[infra-aws-get-sandbox] when asking for a sandbox. | *Yes* | - | `ipa_user` | String | The admin user to access IPA. This is needed to ensure the DNS entries in IPA are correct to delegate to the AWS route53 zones. | *Yes* | - | `ipa_password` | String | The password to access IPA. Both `ipa_keytab_base64` and `ipa_password` cannot be set. | Yes (or `ipa_keytab_base64`) | - | `ipa_keytab_base64` | String | The Kerberos keytab in *base64* format to access IPA. Either set this one or `ipa_password`. Both `ipa_keytab_base64` and `ipa_password` cannot be set. | Yes (or `ipa_password`) | - | `nuke_sandbox` | String | This variable is set to true will make the role to run `aws-nuke` on the account. Every resources (except a few we need to keep) in that account will be deleted. | No | `true` | `pool_manager_profile` | String | The AWS profile name to be saved under `.aws/credentials`. | No | `pool-manager-admin` | `pool_region` | String | The aws region where the dynamodDB is located. You usally don't need to change it. | No | `us-east-1` | `pool_table` | String | The dynamodDB table name. You usally don't need to change it. | No | `accounts` |=============================================