Merge pull request 2i2c-org#3504 from sgibson91/docs/nasa-smce/regene…

…rate-creds
sgibson91 · Dec 6, 2023 · 22f1f79 · 22f1f79
2 parents e34af74 + 8d496b3
commit 22f1f79
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/docs/hub-deployment-guide/new-cluster/smce.md b/docs/hub-deployment-guide/new-cluster/smce.md
@@ -48,3 +48,19 @@ the `hub-continuous-deployer` user belongs to. It should *not* contain the user
 
 Once this exemption has been processed, you can continue as usual with deployment of the hub.
 
+## Preparing for routine regeneration of the `hub-continuous-deployer` access credentials
+
+The `hub-continuous-deployer` has an access key and secret associated with it, this is how it
+authenticates with AWS to perform actions. SMCE accounts have a 60 day password/access key
+regeneration policy and so we need to prepare to regularly regenerate this access key.
+
+We track which clusters have had their `hub-continuous-deployer` access key regenerated
+and when in this issue <https://github.com/2i2c-org/infrastructure/issues/2434> which
+also includes the steps for regeneration. Make sure to add the new cluster to this issue.
+
+```{warning}
+We only receive **5 days notice** that a password/access key will expire via email!
+
+Also it is unclear who receives this email: all engineers or just the engineer who
+setup the cluster?
+```