Grant rfkelly iam:UploadServerCertificate and related permissions in moz-svc-dev aws environment

RESOLVED FIXED

Status

Cloud Services
Operations
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: rfkelly, Assigned: bobm)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [qa-])

(Reporter)

Description

5 years ago
I'd like to set up our PiCL dev environment with some (plain old self-signed) SSL certificates, but apparently I need to upload them into IAM before the elastic load balancers can find them.

If it's safe to do so, can I please have iam:UploadServerCertificate, iam:ListServerCertificates, iam:GetServerCertificate, iam:DeleteServerCertificate permissions in the dev AWS environment?

(Or, I'm quite open to other ways of solving this, e.g. putting everything under an existing domain with a wildcard cert that's already uploaded.  Whatever works.)
Adding myself and :bobm and :jlaz and :mmayo
Whiteboard: [qa-]
(Assignee)

Updated

5 years ago
Assignee: nobody → bobm
Status: NEW → ASSIGNED
(Assignee)

Comment 2

5 years ago
Permissions added, please test.
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
(Reporter)

Comment 3

5 years ago
I still get a permission error:

rfk@durian:tmp$ iam-servercertupload -b profileinthecloud.net.cert -k profileinthecloud.net.key -s profileinthecloud.net -v

403 AccessDenied User: arn:aws:iam::142069644989:user/rfkelly is not authorized to perform: iam:UploadServerCertificate on resource: arn:aws:iam::142069644989:server-certificate/profileinthecloud.net
rfk@durian:tmp$
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

Comment 4

5 years ago
Added the statement below to the dev-services-developers group:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "iam:DeleteServerCertificate",
        "iam:UploadServerCertificate",
        "iam:List*",
        "iam:Get*"
      ],
      "Resource": "*"
    }
  ]
}

Comment 5

5 years ago
Try now, :rfkelly. re-open if it's still broken.  Thx!
Status: REOPENED → RESOLVED
Last Resolved: 5 years ago5 years ago
Resolution: --- → FIXED
(Reporter)

Comment 6

5 years ago
Success!  Thanks Mark.
You need to log in before you can comment on or make changes to this bug.