Skip to content

Add policy to ec2 on-launch that allows it to read from s3 #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
khashf wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add policy to ec2 on-launch that allows it to read from s3 #48

khashf wants to merge 1 commit into from

Conversation

@khashf
Copy link
Contributor

@khashf khashf commented Mar 19, 2018

Given that the policy of s3 also allow other services (include ec2) read from its buckets and files

@khashf
Add policy to ec2 on-launch that allows it to read from s3
4702dec 
Given that policy of s3 also allow other services (include ec2) read from its buckets and  files
@khashf khashf requested a review from MikeTheCanuck March 19, 2018 06:02
@MikeTheCanuck
Copy link
Contributor

MikeTheCanuck commented Mar 22, 2018

Hey @DingoEatingFuzz - would these additions help you with assigning the role I'd requested to the EC2 box for PostgreSQL?

@iant01
Copy link
Contributor

iant01 commented Mar 22, 2018

The ec2 role to permit S3 access should be narrowed to just the archive bucket if its purpose is to enable the ec2 instance to access the database dumps to use in initializing the database. If one or two other buckets need to be accessed, use a conditional to restrict to just the ones needed. Right now the role provides access to all current and future buckets in the account

@khashf khashf self-assigned this Mar 26, 2018
@DingoEatingFuzz
Copy link
Contributor

DingoEatingFuzz commented Mar 28, 2018

Hey @khashf, I dig the intent here to codify the process of creating roles and policies as well as codifying the details of said roles and policies. However, I don't think bash is the best tool for it.

We'd be better off taking the same infrastructure as code spirit and applying it to purpose-built tool/spec like Cloud Formation or Terraform.

Since we already have some Cloud Formation in use, it makes sense to continue going down that route.

@MikeTheCanuck MikeTheCanuck mentioned this pull request Mar 31, 2018
Closed
3 tasks
@khashf khashf mentioned this pull request Apr 12, 2018
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MikeTheCanuck MikeTheCanuck Awaiting requested review from MikeTheCanuck

@DingoEatingFuzz DingoEatingFuzz Awaiting requested review from DingoEatingFuzz

At least 1 approving review is required to merge this pull request.

Assignees

@khashf khashf

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@khashf @MikeTheCanuck @iant01 @DingoEatingFuzz