This repository has been archived by the owner on Jun 4, 2021. It is now read-only.
Use reduced privilege Amazon user #461
Labels
area/provisioning
kind/docs
kind/feature
kind/security
provider/amazon
status/help-wanted
For items we'd love help with
Comments
|
@tomchiverton AFAIK you can use the credentials of any IAM user when creating streisand hosts. It doesn't have to be the root account as long as that particular user has the appropriate permissions. Are you asking for some documentation on which permissions specifically this user should have? |
|
Exactly. Ideally an IAM role that can be imported.
I found that the built in 'full EC2' role is sufficient, but clearly over privileged still.
--
Tom
Sent from my phone.
…On 20 December 2016 22:50:19 GMT+00:00, David Wittman ***@***.***> wrote:
@tomchiverton AFAIK you can use the credentials of _any_ IAM user when
creating streisand hosts. It doesn't have to be the root account as
long as that particular user has the appropriate permissions.
Are you asking for some documentation on which permissions specifically
this user should have?
--
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub:
#461 (comment)
|
|
It may be a good idea to spell out how to create a specific IAM user with API keys specifically for streisand. I'm happy to help put together a low privilege policy if that would be useful. |
|
Yes, that would be awesome!
--
Tom
Sent from my phone.
…On 9 January 2017 14:58:02 GMT+00:00, Martin Lee ***@***.***> wrote:
It may be a good idea to spell out how to create a specific IAM user
with API keys specifically for streisand.
I'm happy to help put together a low privilege policy if that would be
useful.
--
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub:
#461 (comment)
|
|
Well, here's a starting point. Testing so far - I've used it to create an image in the default VPC & subnet. |
|
Closing in favour of StreisandEffect/discussions#11 |
cpu
pushed a commit
that referenced
this issue
Oct 29, 2017
Adds instructions for a lower privilege AWS user based on [this comment](#461 (comment)) by @MartinLeedotOrg.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Right now, the root account's API key is used. Instead the recommendation should be to create an IAM role with just the minimal privileges required.
I don't know enough Ansible to go through and dig out everything the scripts do to produce this list and at least add it to the docs.
The text was updated successfully, but these errors were encountered: