03-18-2020 03:42 PM
Greetings Everyone -
I've been running quite a few searches but haven't come across anything that absolutely answers my question so I thought I'd ask it to the collective experts. This is my first post, so please feel free to direct me if I'm not doing something correctly.
I've received a request to assist our DevOps group in creating a test zone that they can use to perform some POC work with Terraform, specifically the Infoblox Terraform Cloud Provider. Before I go further, I want to say that the POC was a success and that this is not a question of "How To". Instead, this is more of a review of "How Did I" and a question of "Is there a better way".
The configuration is as follows:
- Created a new root zone, let's call it "SomeRandomDomain.io" (because .io is where everyone is creating domains nowadays).
- Created a new admin account "SomeRandomUser".
- Created a new group called "SomeRandomGroup" and added SomeRandomUser to that group.
- For the group SomeRandomGroup, I granted permission to access the API (under the group permissions > Roles).
- I then granted SomeRandomGroup read/write permission to the SomeRandomDomain.io zone.
And that was that. The DevOps engineer I was working with confirmed that using the SomeRandomUser account, he was able to programmatically create a record in this zone. Now I'm intentionally leaving out the bits associated with the Infoblox Terraform Cloud Provider and the need to create specific Extensible Attributes because I think that's outside of the scope of this question. (Simply, the ITCP requires specific EA's to be present or it fails.)
Anyway, with regards to the information provided in the bullets above, what did I do wrong? Or what did I fail to consider? Is there a better way to provide security around the zone?
Thank you in advance for your time!