Closed Bug 1047063 Opened 10 years ago Closed 10 years ago

Need read permissions to subnets

Categories

(Release Engineering :: General, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: dustin, Assigned: catlee)

References

Details

With both my own and buildduty's AWS credentials:

  File "/home/dustin/tmp/ve/lib/python2.7/site-packages/boto/vpc/__init__.py", line 1138, in get_all_subnets
    return self.get_list('DescribeSubnets', params, [('item', Subnet)])
  File "/home/dustin/tmp/ve/lib/python2.7/site-packages/boto/connection.py", line 1158, in get_list
    raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 401 Unauthorized
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>AuthFailure</Code><Message>AWS was not able to validate the provided access credentials</Message></Error></Errors><RequestID>626a3bda-46e8-41ae-b702-c345ea74eac8</RequestID></Response>

I'll need this access for an automated system (firewall-tests), so a role account with this permission (really, read access to everything ec2 and everything vpc).  But if that's harder than just adding a permission for my account, that'd be great.

This is blocking work on firewall tests.
Flags: needinfo?(catlee)
My account has the proper permissions now, which unblocks me, but as we automate this I'll need a role account, too.
I took care of this, creating a 'firewall-tests' user with

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeInstances",
                "ec2:DescribeSubnets",
                "ec2:DescribeSecurityGroups"
            ],
            "Resource": "*"
        }
    ]
}
Flags: needinfo?(catlee)
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
QA Contact: pmoore → mshal
You need to log in before you can comment on or make changes to this bug.