Red Hat Bugzilla – Bug 1304457
Detailed AWS Provider Rights
Last modified: 2018-02-23 02:09:02 EST
Description of problem:
When setting up AWS as a CloudProvider, instructions state that the AWS rights "[s]hould have privileged access, such as root or administrator". This is not feasible in all cases and more detailed breakdown of required rights is needed.
root or administrator rights are said to be required for AWS CloudProvider setup.
Explicit rights should be enumerated for AWS CloudProvider setup.
I was able to generate the following policy, that from my testing, appears to enable all required CloudForms functionality:
Note that policy is a composite of the following:
Josh, it sounds like we should publish this as the official policy. What are your thought?
Section Number and Name:
126.96.36.199 Adding Amazon EC2 Providers: security credentials
Describe the issue:
The AWS provider currently provides no requirements for privilege level on the authenticating access key, my security standards prevent me from giving cart blanch access to my AWS environment. Can you please enumerate the permissions required by CFME so that I can use least privilege when creating the CFME user for my AWS environment.
Suggestions for improvement:
Add a section indicating required permissions for the AWS provider.
Removing Les Williams from the CC list, and moving back to 'NEW' while assigned to the default assignee.
Thank you for raising this bug.
My apologies for the delay it has taken for us to respond, but we have had a strong need to focus on feature-related content over the past release or so, which has made it difficult for us to schedule time for requests such as this.
That said, we understand this is a topic of growing importance to customers, and I have started a conversation with engineering and product management to see how we can address this across the board.
I will let you know how we proceed.