Yeah, I tried to add the VPC as well, but didn't work either. There is something about the "bucket" created at the beginning, I thought S3 perms would do, but no luck.
-- Samuel Cozannet Cloud, Big Data and IoT Strategy Team Business Development - Cloud and ISV Ecosystem Changing the Future of Cloud Ubuntu <http://ubuntu.com> / Canonical UK LTD <http://canonical.com> / Juju <https://jujucharms.com> [email protected] mob: +33 616 702 389 skype: samnco Twitter: @SaMnCo_23 [image: View Samuel Cozannet's profile on LinkedIn] <https://es.linkedin.com/in/scozannet> On Sun, Mar 6, 2016 at 2:41 PM, Tom Barber <[email protected]> wrote: > Do you need to offer up some VPC permissions as well on VPC default EC2 > accounts? > On 6 Mar 2016 13:24, "Samuel Cozannet" <[email protected]> > wrote: > >> Hi All, >> >> I have been setting up many different environments on AWS, GCE, Azure >> (...), but my most used cloud by far until now has been AWS. >> >> The way I have operated until now is to create an admin group in IAM, >> then adding users in it for my demos, and use their credentials in the >> environment file. >> This means Juju has "full power" on my AWS environment, to the extend it >> could create additional users. Furthermore, if I share my environment with >> someone, I am "giving" my AWS account away essentially. Not cool. >> Hence I tried to find the minimum policy (or group of policies) I should >> apply to make it work without giving away too much power. >> >> Juju seems to work fine with PowerUser perms, which is everything minus >> user management. A good start, but still too much for me. >> >> Then when I tried to restrict further, >> * FullEC2Access: not sufficient, fails to bootstrap >> * FullEC2 + FullS3: not sufficient, fails to bootstrap >> The error I get is : >> ERROR failed to bootstrap environment: cannot start bootstrap instance: >> recording instance in provider-state: cannot write file "provider-state" to >> control bucket: The specified bucket does not exist >> >> ==> Is there a recommended set of policies somewhere? I'd love to see >> that in the docs as well, with advice for each cloud. >> >> Thanks, >> Sam >> >> >> -- >> Juju mailing list >> [email protected] >> Modify settings or unsubscribe at: >> https://lists.ubuntu.com/mailman/listinfo/juju >> >>
-- Juju mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju
