amazon-genomics-cli icon indicating copy to clipboard operation
amazon-genomics-cli copied to clipboard
verified publisher icon aws

Consistently Tag Engine Batch jobs

Open markjschreiber opened this issue 3 years ago • 1 comments

Description

  • Engine tasks should be tagged with standard AGC tags.

  • With these tags in place the WES Adapter IAM roles can be updated to add conditions to reduce the scope of the batch:TerminateJob permission.

Use Case

Tagging improves debugging and accounting for workflows

Proposed Solution

If possible include the following tags:

application-name 
agc-user-email 
agc-user-id 
agc-context 
agc-project 
agc-version
agc-engine-name
agc-workflow-name

then update the wes adapter policy to include conditions. For example:

            new PolicyStatement({
              effect: Effect.ALLOW,
              actions: ["batch:TerminateJob"],
              resources: ["*"],
              conditions: { StringEquals: { "aws:ResourceTag/application-name": "agc" } },
            }),

Other information

markjschreiber avatar Apr 07 '22 13:04 markjschreiber

Greetings! Sorry to say but this is a very old issue that is probably not getting as much attention as it deserves. We encourage you to check if this is still an issue in the latest release and if you find that this is still a problem, please feel free to open a new one.

github-actions[bot] avatar Jul 07 '22 00:07 github-actions[bot]