Closed Bug 891711 Opened 11 years ago Closed 11 years ago

Grant rfkelly iam:UploadServerCertificate and related permissions in moz-svc-dev aws environment

Categories

(Cloud Services :: Operations: Miscellaneous, task)

x86_64
Windows 7
task
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: rfkelly, Assigned: bobm)

Details

(Whiteboard: [qa-])

I'd like to set up our PiCL dev environment with some (plain old self-signed) SSL certificates, but apparently I need to upload them into IAM before the elastic load balancers can find them.

If it's safe to do so, can I please have iam:UploadServerCertificate, iam:ListServerCertificates, iam:GetServerCertificate, iam:DeleteServerCertificate permissions in the dev AWS environment?

(Or, I'm quite open to other ways of solving this, e.g. putting everything under an existing domain with a wildcard cert that's already uploaded.  Whatever works.)
Adding myself and :bobm and :jlaz and :mmayo
Whiteboard: [qa-]
Assignee: nobody → bobm
Status: NEW → ASSIGNED
Permissions added, please test.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
I still get a permission error:

rfk@durian:tmp$ iam-servercertupload -b profileinthecloud.net.cert -k profileinthecloud.net.key -s profileinthecloud.net -v

403 AccessDenied User: arn:aws:iam::142069644989:user/rfkelly is not authorized to perform: iam:UploadServerCertificate on resource: arn:aws:iam::142069644989:server-certificate/profileinthecloud.net
rfk@durian:tmp$
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Added the statement below to the dev-services-developers group:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "iam:DeleteServerCertificate",
        "iam:UploadServerCertificate",
        "iam:List*",
        "iam:Get*"
      ],
      "Resource": "*"
    }
  ]
}
Try now, :rfkelly. re-open if it's still broken.  Thx!
Status: REOPENED → RESOLVED
Closed: 11 years ago11 years ago
Resolution: --- → FIXED
Success!  Thanks Mark.
You need to log in before you can comment on or make changes to this bug.