MIS: AD Admin Password Rotate #143

Workflow file for this run

.github/workflows/mis-ad-admin-rotate.yml at 959c36b

	name: "MIS: AD Admin Password Rotate"

	permissions:
	id-token: write
	contents: read

	on:
	schedule:
	- cron: '0 2 * * *' # Run at 2 AM UTC daily
	workflow_dispatch:
	inputs:
	environment:
	description: 'Environment to rotate password (dev/stage/preprod)'
	required: true
	type: choice
	options:
	- dev
	- stage
	- preprod

	jobs:
	rotate-passwords:
	strategy:
	matrix:
	env_name: ${{ github.event_name == 'schedule' && fromJson('["dev", "stage", "preprod"]') \|\| fromJson(format('["{0}"]', github.event.inputs.environment)) }}

	runs-on: ubuntu-latest
	environment: delius-mis-${{ matrix.env_name }}-preapproved

	steps:
	- name: Checkout code
	uses: actions/[email protected]

	- name: Configure AWS credentials
	uses: aws-actions/[email protected]
	with:
	role-to-assume: "arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/modernisation-platform-oidc-cicd"
	role-session-name: "mis-ad-admin-rotate-${{ github.run_number }}"
	aws-region: "eu-west-2"

	- name: Set environment-specific variables
	run: \|
	echo "DIRECTORY_NAME=delius-mis-${{ matrix.env_name }}" >> $GITHUB_ENV
	echo "SECRET_NAME=delius-mis-${{ matrix.env_name }}-ad-admin-password" >> $GITHUB_ENV

	- name: Generate new password
	run: \|
	NEW_PASSWORD=$(openssl rand -base64 32)
	echo "::add-mask::${NEW_PASSWORD}"
	echo "NEW_PASSWORD=${NEW_PASSWORD}" >> $GITHUB_ENV

	- name: Rotate Directory Service password
	run: \|
	aws ds reset-user-password \
	--directory-id $(aws ds describe-directories --query "DirectoryDescriptions[?Name=='${{ env.DIRECTORY_NAME }}.internal'].DirectoryId" --output text) \
	--user-name Admin \
	--new-password ${{ env.NEW_PASSWORD }}

	- name: Update AWS Secrets Manager
	run: \|
	aws secretsmanager put-secret-value \
	--secret-id ${{ env.SECRET_NAME }} \
	--secret-string ${{ env.NEW_PASSWORD }}

	- name: Clean up
	run: \|
	unset NEW_PASSWORD
	echo "NEW_PASSWORD=" >> $GITHUB_ENV

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

MIS: AD Admin Password Rotate #143

Workflow file

MIS: AD Admin Password Rotate #143

Jobs

Run details

Workflow file for this run