Closed
Bug 891711
Opened 11 years ago
Closed 11 years ago
Grant rfkelly iam:UploadServerCertificate and related permissions in moz-svc-dev aws environment
Categories
(Cloud Services :: Operations: Miscellaneous, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: rfkelly, Assigned: bobm)
Details
(Whiteboard: [qa-])
I'd like to set up our PiCL dev environment with some (plain old self-signed) SSL certificates, but apparently I need to upload them into IAM before the elastic load balancers can find them. If it's safe to do so, can I please have iam:UploadServerCertificate, iam:ListServerCertificates, iam:GetServerCertificate, iam:DeleteServerCertificate permissions in the dev AWS environment? (Or, I'm quite open to other ways of solving this, e.g. putting everything under an existing domain with a wildcard cert that's already uploaded. Whatever works.)
Assignee | ||
Updated•11 years ago
|
Assignee: nobody → bobm
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•11 years ago
|
||
Permissions added, please test.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 3•11 years ago
|
||
I still get a permission error: rfk@durian:tmp$ iam-servercertupload -b profileinthecloud.net.cert -k profileinthecloud.net.key -s profileinthecloud.net -v 403 AccessDenied User: arn:aws:iam::142069644989:user/rfkelly is not authorized to perform: iam:UploadServerCertificate on resource: arn:aws:iam::142069644989:server-certificate/profileinthecloud.net rfk@durian:tmp$
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment 4•11 years ago
|
||
Added the statement below to the dev-services-developers group: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:DeleteServerCertificate", "iam:UploadServerCertificate", "iam:List*", "iam:Get*" ], "Resource": "*" } ] }
Comment 5•11 years ago
|
||
Try now, :rfkelly. re-open if it's still broken. Thx!
Status: REOPENED → RESOLVED
Closed: 11 years ago → 11 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 6•11 years ago
|
||
Success! Thanks Mark.
You need to log in
before you can comment on or make changes to this bug.
Description
•