19 July 2012

I first used AWS Identity and Access Management (IAM) earlier this spring to give someone access to upload to only one of our S3 buckets. It is quite an impressive and robust system. As part of our emergency preparedness, however, I needed to give other staff the ability to reboot the web server in an emergency without giving them the ability to perform other costly or dangerous operations.

Rebooting our web server is obviously quite a powerful capability since it takes everything down. However, it is also a quick fix to a variety of problems that could pop up while I am unavailable. The configuration was pretty straightforward:

  1. Go to IAM in the AWS management console.
  2. Go to Groups and Create a New Group. Select a default template, like "Amazon EC2 Full Access".
  3. Go to Users and Create New Users. Uncheck "Generate an access key for each User".
  4. For each user, add them to the new group on the "Groups" tab and then set their passwords on the "Security Credentials" tab.
  5. On the IAM Dashboard, you can find the login link for these users under "AWS Account Alias".
  6. If you are not worried about further restricting access, you can stop.
  7. Otherwise, go to the AWS Policy Generator. It is very difficult to hand-write a detailed policy from scratch since I could not find any other page that exposed all of the possible action strings (though it might exist somewhere). In step 1, select "IAM Policy" and then build your policy. I used:
    1. "ec2:DescribeInstanceStatus"
    2. "ec2:DescribeInstances"
    3. "ec2:MonitorInstances"
    4. "ec2:RebootInstances"
  8. Generate the policy and copy the resulting JSON code. If you are familiar with JSON, you can probably read the policy well enough to understand it. Otherwise, you can trust the generator or read more of the available docs.
  9. Go back to the IAM Management Console, browse to the group, click on its Permissions tab and click "Manage" next to the default policy. Paste the JSON code and "Apply Policy".
  10. The user now has limited access to EC2. They cannot purchase reserved instances, take snapshots, launch instances, terminate instances or do anything other than look at the instances, determine whether they are frozen, and reboot them.

blog comments powered by Disqus