[Juju] Minimum policies for Juju to work on public clouds
Samuel Cozannet
samuel.cozannet at canonical.com
Sun Mar 6 16:18:57 UTC 2016
Yeah, I tried to add the VPC as well, but didn't work either. There is
something about the "bucket" created at the beginning, I thought S3 perms
would do, but no luck.
--
Samuel Cozannet
Cloud, Big Data and IoT Strategy Team
Business Development - Cloud and ISV Ecosystem
Changing the Future of Cloud
Ubuntu <http://ubuntu.com> / Canonical UK LTD <http://canonical.com> / Juju
<https://jujucharms.com>
samuel.cozannet at canonical.com
mob: +33 616 702 389
skype: samnco
Twitter: @SaMnCo_23
[image: View Samuel Cozannet's profile on LinkedIn]
<https://es.linkedin.com/in/scozannet>
On Sun, Mar 6, 2016 at 2:41 PM, Tom Barber <tom at analytical-labs.com> wrote:
> Do you need to offer up some VPC permissions as well on VPC default EC2
> accounts?
> On 6 Mar 2016 13:24, "Samuel Cozannet" <samuel.cozannet at canonical.com>
> wrote:
>
>> Hi All,
>>
>> I have been setting up many different environments on AWS, GCE, Azure
>> (...), but my most used cloud by far until now has been AWS.
>>
>> The way I have operated until now is to create an admin group in IAM,
>> then adding users in it for my demos, and use their credentials in the
>> environment file.
>> This means Juju has "full power" on my AWS environment, to the extend it
>> could create additional users. Furthermore, if I share my environment with
>> someone, I am "giving" my AWS account away essentially. Not cool.
>> Hence I tried to find the minimum policy (or group of policies) I should
>> apply to make it work without giving away too much power.
>>
>> Juju seems to work fine with PowerUser perms, which is everything minus
>> user management. A good start, but still too much for me.
>>
>> Then when I tried to restrict further,
>> * FullEC2Access: not sufficient, fails to bootstrap
>> * FullEC2 + FullS3: not sufficient, fails to bootstrap
>> The error I get is :
>> ERROR failed to bootstrap environment: cannot start bootstrap instance:
>> recording instance in provider-state: cannot write file "provider-state" to
>> control bucket: The specified bucket does not exist
>>
>> ==> Is there a recommended set of policies somewhere? I'd love to see
>> that in the docs as well, with advice for each cloud.
>>
>> Thanks,
>> Sam
>>
>>
>> --
>> Juju mailing list
>> Juju at lists.ubuntu.com
>> Modify settings or unsubscribe at:
>> https://lists.ubuntu.com/mailman/listinfo/juju
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju/attachments/20160306/fb00d63f/attachment.html>
More information about the Juju
mailing list