On Sun, Sep 03, 2017 at 11:34:30PM +0200, Thomas Goirand wrote:
> BTW, how do I generate the @(#*$& image manifest? Uploading an image to
> amazon is such a pain ... :/
The manifest is created by ec2-bundle-vol. However, it sounds like
you're trying to generate what Amazon calls an "instance
On 08/10/2017 09:28 AM, kuLa wrote:
> Hi All,
>
> I'm recently fiddling a lot with permissions on the Debian AWS account and
> it's
> been pointed to me that it's worth considering updating IAM settings a bit.
>
> Having above in mind and that DDs are already trusted enough :-) I'm thinking
>
I just enabled almost full RO permissions for all DDs on Debian AWS account,
it's a hand crafted policy to accommodate concerns James presented.
I tested it as much as I could but if there is something what ppl think should
be changed pls let me know.
--
|_|0|_|
This snippet might be of use. This is what I use on my general
'all-users' group, to keep any users not specified out of my s3 ops
bucket with some private keys in it. You specify the blessed users by
IAM user ID, and everyone else is denied. I assume you could use a
similar pattern on other
On Thu, Aug 10, 2017 at 08:28:44AM +0100, kuLa wrote:
> I'm recently fiddling a lot with permissions on the Debian AWS account and
> it's
> been pointed to me that it's worth considering updating IAM settings a bit.
>
> Having above in mind and that DDs are already trusted enough :-) I'm
The only down side of this would be any secrets stored in any SSM
Parameter Store locations, but at this point in time I don't think three
are any; historically, people would store secrets into S3 buckets
(probably client-side encrypted, definitely server side encrypted).
These secrets could be
Hi
On Thu, Aug 10, 2017 at 08:28:44AM +0100, kuLa wrote:
> I'm recently fiddling a lot with permissions on the Debian AWS account and
> it's
> been pointed to me that it's worth considering updating IAM settings a bit.
> Having above in mind and that DDs are already trusted enough :-) I'm
Hi All,
I'm recently fiddling a lot with permissions on the Debian AWS account and it's
been pointed to me that it's worth considering updating IAM settings a bit.
Having above in mind and that DDs are already trusted enough :-) I'm thinking
about giving a full RO to all DDs which are having