Hi All, I have been setting up many different environments on AWS, GCE, Azure (...), but my most used cloud by far until now has been AWS.
The way I have operated until now is to create an admin group in IAM, then adding users in it for my demos, and use their credentials in the environment file. This means Juju has "full power" on my AWS environment, to the extend it could create additional users. Furthermore, if I share my environment with someone, I am "giving" my AWS account away essentially. Not cool. Hence I tried to find the minimum policy (or group of policies) I should apply to make it work without giving away too much power. Juju seems to work fine with PowerUser perms, which is everything minus user management. A good start, but still too much for me. Then when I tried to restrict further, * FullEC2Access: not sufficient, fails to bootstrap * FullEC2 + FullS3: not sufficient, fails to bootstrap The error I get is : ERROR failed to bootstrap environment: cannot start bootstrap instance: recording instance in provider-state: cannot write file "provider-state" to control bucket: The specified bucket does not exist ==> Is there a recommended set of policies somewhere? I'd love to see that in the docs as well, with advice for each cloud. Thanks, Sam
-- Juju mailing list Juju@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju