Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Lightsail access rights #18

Closed
royere opened this issue Jun 23, 2017 · 1 comment
Closed

Lightsail access rights #18

royere opened this issue Jun 23, 2017 · 1 comment

Comments

@royere
Copy link

royere commented Jun 23, 2017

When doing a repokid update, I got the following warnings:
2017-06-23 12:29:58,030 WARNING: skipping lightsail:getinstancesnapshots [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,030 WARNING: skipping lightsail:allocatestaticip [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,030 WARNING: skipping lightsail:deletedomain [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,030 WARNING: skipping lightsail:openinstancepublicports [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,031 WARNING: skipping lightsail:getinstancestate [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,031 WARNING: skipping lightsail:getinstanceaccessdetails [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,031 WARNING: skipping lightsail:getdomains [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,031 WARNING: skipping lightsail:getblueprints [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,032 WARNING: skipping lightsail:getstaticip [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,032 WARNING: skipping iam:passrole [in /home/ec2-user/repokid/repokid/repokid.py:314] 2017-06-23 12:29:58,032 WARNING: skipping lightsail:importkeypair [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,032 WARNING: skipping lightsail:getoperation [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,033 WARNING: skipping lightsail:updatedomainentry [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,033 WARNING: skipping lightsail:getstaticips [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,033 WARNING: skipping lightsail:getinstancemetricdata [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,033 WARNING: skipping lightsail:createkeypair [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,033 WARNING: skipping lightsail:createdomainentry [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,034 WARNING: skipping lightsail:getinstances [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,034 WARNING: skipping lightsail:deletedomainentry [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,034 WARNING: skipping lightsail:deletekeypair [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,034 WARNING: skipping lightsail:releasestaticip [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,034 WARNING: skipping lightsail:getactivenames [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,034 WARNING: skipping lightsail:detachstaticip [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,035 WARNING: skipping lightsail:getbundles [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,035 WARNING: skipping lightsail:peervpc [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,035 WARNING: skipping lightsail:getoperations [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,035 WARNING: skipping lightsail:deleteinstance [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,036 WARNING: skipping lightsail:getregions [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,036 WARNING: skipping lightsail:closeinstancepublicports [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,036 WARNING: skipping lightsail:rebootinstance [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,036 WARNING: skipping lightsail:getkeypairs [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,036 WARNING: skipping lightsail:unpeervpc [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,037 WARNING: skipping lightsail:getinstance [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,037 WARNING: skipping lightsail:getinstancesnapshot [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,037 WARNING: skipping lightsail:createinstances [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,037 WARNING: skipping lightsail:deleteinstancesnapshot [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,037 WARNING: skipping lightsail:startinstance [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,038 WARNING: skipping lightsail:createinstancesnapshot [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,038 WARNING: skipping lightsail:getinstanceportstates [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,038 WARNING: skipping lightsail:stopinstance [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,039 WARNING: skipping lightsail:isvpcpeered [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,039 WARNING: skipping lightsail:getdomain [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,039 WARNING: skipping lightsail:createdomain [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,039 WARNING: skipping lightsail:getkeypair [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,039 WARNING: skipping lightsail:attachstaticip [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,040 WARNING: skipping lightsail:getoperationsforresource [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,040 WARNING: skipping lightsail:downloaddefaultkeypair [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,040 WARNING: skipping lightsail:createinstancesfromsnapshot [in /home/ec2-user/repokid/repokid/repokid.py:309] 2017-06-23 12:29:58,043 WARNING: Not sure about these services: [] [in /home/ec2-user/repokid/repokid/repokid.py:358]
I tried to find a list of access rights maybe to add in a document, but can't find anything, so I imagine it is not a static reference library that is used.
@mcpeak
Copy link
Contributor

mcpeak commented Jun 28, 2017

This is warning about the lightsail service because Access Advisor data isn't available for it, so we err on the side of caution and ignore it for the time being (https://github.com/Netflix/repokid/blob/master/repokid/repokid.py#L46). We will start trimming unused lightsail permissions when it is either supported properly by Access Advisor or when we add policy trimming based on CloudTrail data.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@patricksanders @mcpeak @royere