I've used EC2 a bit here and there, but I havn't seen any method to wall off what on amazon you can use. Your amazon account gives you SSO access to everything amazon has.
At my work, I created an amazon account just for use with EC2, and have the email address for the account go to my groups distribution list. As far as the instance creation/management goes, if you use the ec2 command line tools (http://developer.amazonwebservices.com/connect/entry.jspa?externalID=351&categoryID=88) or something like elasticfox (http://developer.amazonwebservices.com/connect/entry.jspa?externalID=609) then you can manage/create/delete/modify EC2 instances and S3 buckets using your accounts AWS access key and AWS secret access key..which is different than your amazon.com credentials. So if you use any of those management tools, then you could pretty much separate the billing aspect of amazon from the management aspect. If you wanted to use amazons new web based EC2 management console though, then you wouldn't be able to separate them. - Mike On Wed, Dec 23, 2009 at 10:40 AM, Richard 'Doc' Kinne <[email protected]> wrote: > Hi Folks: > > Does anyone have any experience with the Amazon Elastic Cloud Computing > service? > > We're looking at creating an instance for an automatic image photometry > processor. Everything looks fine and from my standpoint it all makes sense, > but there is one thing that is bothering my Director and I can't answer yet. > > With regard to Amazon.com everything is keyed into your account and email > address. My Director, with his Amazon account, went through the process of > setting up an EC2 account. I did the same thing for the experience. Now > within our accounts we have a record of a credit card to pay for what we buy > at Amazon, be it books, 1.5TB hard drives, or the new coffee maker (my > Director is an addict. We joke that we don't have the have astronomy degrees > around here. It's more important to get certified on the coffee maker!). > > From what we've seen, to set up the instances you have to log into the > account to do that. That makes sense, as far as it goes, but what we see is > that once someone logs into the account they can then jump from Amazon area > to Amazon area and - potentially - use the credit card to perhaps get the > latest trashy romance novel, or - heaven help us all! - soap-on-a-rope or > something! > > We can't believe a mechanism is not in place to separate the instance > creation from the financial bill-paying side. We have a large problem > believing a large company wouldn't mandate that somehow. Now as far as I can > see, once an instance is created it can be managed in the usual sense - ssh > into the box and do what you want - but the creation part seems to give the > person the access to the credit card, and that seems to be a basic security > issue. > > Does anyone have any experience with EC2 and how have you dealt with this > problem, if you see it as such? > -- > Doc Kinne, [KQR] > American Association of Variable Star Observers > (From the Gmail Web Interface) > > _______________________________________________ > bblisa mailing list > [email protected] > http://www.bblisa.org/mailman/listinfo/bblisa > _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
