[Juju] Minimum policies for Juju to work on public clouds
Samuel Cozannet
samuel.cozannet at canonical.com
Sun Mar 6 13:23:28 UTC 2016
Hi All,
I have been setting up many different environments on AWS, GCE, Azure
(...), but my most used cloud by far until now has been AWS.
The way I have operated until now is to create an admin group in IAM, then
adding users in it for my demos, and use their credentials in the
environment file.
This means Juju has "full power" on my AWS environment, to the extend it
could create additional users. Furthermore, if I share my environment with
someone, I am "giving" my AWS account away essentially. Not cool.
Hence I tried to find the minimum policy (or group of policies) I should
apply to make it work without giving away too much power.
Juju seems to work fine with PowerUser perms, which is everything minus
user management. A good start, but still too much for me.
Then when I tried to restrict further,
* FullEC2Access: not sufficient, fails to bootstrap
* FullEC2 + FullS3: not sufficient, fails to bootstrap
The error I get is :
ERROR failed to bootstrap environment: cannot start bootstrap instance:
recording instance in provider-state: cannot write file "provider-state" to
control bucket: The specified bucket does not exist
==> Is there a recommended set of policies somewhere? I'd love to see that
in the docs as well, with advice for each cloud.
Thanks,
Sam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju/attachments/20160306/c5b34abe/attachment.html>
More information about the Juju
mailing list