Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Cloud Computing: Mostly fog machines in other people's datacenters
 
  • Locked thread
fluppet
Feb 10, 2009
 Dropping several grand a day on infrastructure is fun

* # ¿ Feb 20, 2015 19:38
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 28, 2024 07:55
  • Quote
fluppet
Feb 10, 2009
 Any one off to the AWS London summit next month?

* # ¿ Mar 7, 2015 09:00
  • Quote
fluppet
Feb 10, 2009
 You can allow them to create users and attach those users to an existing group but not let them edit/create any permission themselves

* # ¿ Oct 14, 2015 16:01
  • Quote
fluppet
Feb 10, 2009
 i think your making this a little harder than it needs to be

code:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt0000000000001",
            "Effect": "Allow",
            "Action": [
                "iam:CreateAccessKey",
                "iam:CreateUser",
                "iam:ListUsers",
                "iam:ListGroupsForUser"
            ],
            "Resource": [
                "arn:aws:iam::accountnum:user/bar-*"
            ]
        },
        {
            "Sid": "Stmt0000000000001",
            "Effect": "Allow",
            "Action": [
                "iam:GetGroup",
                "iam:ListGroups"
            ],
            "Resource": [
                "arn:aws:iam::accountnum:group/foo-*"
            ]
        },
        {
            "Sid": "Stmt0000000000001",
            "Effect": "Allow",
            "Action": [
                "iam:AddUserToGroup"
            ],
            "Resource": [
                "arn:aws:iam::accountnum:group/foo-*"
            ]
        }
    ]
}
allows you to create iam accounts that have to have their name prefixed with bar- and add them to groups that start foo-

* # ¿ Oct 17, 2015 09:24
  • Quote
fluppet
Feb 10, 2009
 You'll need to use a s3 endpoint for this or lock it down to the public in addresses alternatively you could set up a set of app keys with get/put permission and lock it down that way

* # ¿ Oct 17, 2015 19:22
  • Quote
fluppet
Feb 10, 2009
 I've been given a set of AWS keys from a client but they don't seem to have the permissions i need to do what I'm supposed to be able to do, is there a quick and easy way to list the associated IAM permissions with a valid key?

* # ¿ Jan 20, 2016 10:10
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 28, 2024 07:55
  • Quote
fluppet
Feb 10, 2009
 I'd love to give spinnaker a shot but I'm currently at a place that's stuck with teamcity and haven't been able to get the pair to play nice

If you do get it working can we get a trip report?

* # ¿ Mar 20, 2016 14:41
  • Quote
  • Locked thread
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > Cloud Computing: Mostly fog machines in other people's datacenters