wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-04-26 19:14:01 +02:00
Code Issues Projects Releases Wiki Activity

Update documentation to include minimum required IAM policy (#461)

Browse source 
* Updating documentation to include minimum required IAM polcy. Closes

* Slightly more concise
This commit is contained in:
Dan Guido 2017-04-20 18:15:31 -04:00 committed by GitHub
parent 76cdc69548
commit 22e145c241
2 changed files with 65 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
algo
View file

@ -232,14 +232,13 @@ EXTRA_VARS="do_access_token=$do_access_token do_server_name=$do_server_name do_r
ec2 () { ec2 () {
read -p " read -p "
Enter your aws_access_key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html) Enter your aws_access_key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html)
Note: Make sure to use either your root key (recommended) or an IAM user with an acceptable policy attached Note: Make sure to use an IAM user with an acceptable policy attached (see https://github.com/trailofbits/algo/blob/master/docs/deploy-with-ansible.md).
$ADDITIONAL_PROMPT $ADDITIONAL_PROMPT
[AKIA...]: " -rs aws_access_key [AKIA...]: " -rs aws_access_key
read -p " read -p "
Enter your aws_secret_key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html) Enter your aws_secret_key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html)
Note: Make sure to use either your root key (recommended) or an IAM user with an acceptable policy attached
$ADDITIONAL_PROMPT $ADDITIONAL_PROMPT
[ABCD...]: " -rs aws_secret_key [ABCD...]: " -rs aws_secret_key

64
docs/deploy-with-ansible.md
View file

@ -103,6 +103,70 @@ Additional tags:
- [encrypted](https://aws.amazon.com/blogs/aws/new-encrypted-ebs-boot-volumes/) (enabled by default) - [encrypted](https://aws.amazon.com/blogs/aws/new-encrypted-ebs-boot-volumes/) (enabled by default)
#### Minimum required IAM permissions for deployment:
```
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PreDeployment",
"Effect": "Allow",
"Action": [
"ec2:DescribeImages",
"ec2:DescribeKeyPairs",
"ec2:ImportKeyPair"
],
"Resource": [
"*"
]
},
{
"Sid": "DeployCloudFormationStack",
"Effect": "Allow",
"Action": [
"cloudformation:CreateStack",
"cloudformation:DescribeStacks",
"cloudformation:CreateStacks",
"cloudformation:DescribeStackEvents",
"cloudformation:ListStackResources"
],
"Resource": [
"*"
]
},
{
"Sid": "CloudFormationEC2Access",
"Effect": "Allow",
"Action": [
"ec2:CreateInternetGateway",
"ec2:DescribeVpcs",
"ec2:CreateVpc",
"ec2:DescribeInternetGateways",
"ec2:ModifyVpcAttribute",
"ec2:createTags",
"ec2:CreateSubnet",
"ec2:Associate*",
"ec2:CreateRouteTable",
"ec2:AttachInternetGateway",
"ec2:DescribeRouteTables",
"ec2:DescribeSubnets",
"ec2:ModifySubnetAttribute",
"ec2:CreateRoute",
"ec2:CreateSecurityGroup",
"ec2:DescribeSecurityGroups",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:RunInstances",
"ec2:DescribeInstances"
],
"Resource": [
"*"
]
}
]
}
```
### Google Compute Engine ### Google Compute Engine
Required variables: Required variables: