Do you need to offer up some VPC permissions as well on VPC default EC2 accounts? On 6 Mar 2016 13:24, "Samuel Cozannet" <samuel.cozan...@canonical.com> wrote:
> Hi All, > > I have been setting up many different environments on AWS, GCE, Azure > (...), but my most used cloud by far until now has been AWS. > > The way I have operated until now is to create an admin group in IAM, then > adding users in it for my demos, and use their credentials in the > environment file. > This means Juju has "full power" on my AWS environment, to the extend it > could create additional users. Furthermore, if I share my environment with > someone, I am "giving" my AWS account away essentially. Not cool. > Hence I tried to find the minimum policy (or group of policies) I should > apply to make it work without giving away too much power. > > Juju seems to work fine with PowerUser perms, which is everything minus > user management. A good start, but still too much for me. > > Then when I tried to restrict further, > * FullEC2Access: not sufficient, fails to bootstrap > * FullEC2 + FullS3: not sufficient, fails to bootstrap > The error I get is : > ERROR failed to bootstrap environment: cannot start bootstrap instance: > recording instance in provider-state: cannot write file "provider-state" to > control bucket: The specified bucket does not exist > > ==> Is there a recommended set of policies somewhere? I'd love to see that > in the docs as well, with advice for each cloud. > > Thanks, > Sam > > > -- > Juju mailing list > Juju@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/juju > >
-- Juju mailing list Juju@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju
