Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Categories
- 244K All Categories
- 22 >> Start Here <<
- 12 New Members
- 8 FAQs
- 87.4K Gear
- 39.8K Guitar
- 3.4K Acoustics
- 1.3K Bass
- 14.8K Amps
- 17.4K FX
- 302 Digital & Modelling
- 769 Other Instruments
- 8.3K Making & Modding
- 426 Gear Reviews
- 107 Guitar Reviews
- 74 Amp Reviews
- 119 FX Reviews
- 87 Other Reviews
- 751 Made in the UK
- 977 Theory
- 1.9K Technique
- 2.2K Live
- 3.2K Studio & Recording
- 2.1K Making Music
- 226 Events
- 15 Guitar Show 2018
- 846 Plug My Stuff
- 106.3K Classifieds
- 41.5K Guitars £
- 2.9K Acoustics £
- 142 LH Guitars £
- 908 Basses £
- 10.7K Parts £
- 18.5K Amps £
- 34.4K FX £
- 2.8K Studio & Rec £
- 6.2K Misc £
- 466 Personnel
- 55.2K Chat
- 36.9K Off Topic
- 1.1K Tributes
- 6.6K Music
In this Discussion
Become a Subscriber!
Subscribe to our Patreon, and get image uploads with no ads on the site!
Anyone have a reasonable handle on AWS EC2?
Got a t2.micro instance, and need to grant someone else permission to start/stop it, so they don't keep bugging me with requests.
Want to do it reasonably properly, but not over the top. I've created them a dedicated IAM user account, and granted Full EC2 permissions to it, but when they log in they can't see the existing instance in the list.
So obviously I need to give them permissions to manipulate that particular instance.
All the docs go on about creating IAM Roles, but with a few dire warnings. After a long day and a few beers, that looks like a convoluted way of achieving a simple goal, but ...
Is there a dummy's guide to all this? We're not talking megacorp needing details full on role-based control for a massive instructure. Just one mate letting another mate turn something off and on without buggering up other stuff.
0
LOL 0
Wow! 0
Wisdom
LOL 0 Wow! 0 Wisdom Base theme by DesignModo & ported to Powered by Vanilla by Chris Ireland, modified by the "theFB" team.
Comments
One gotcha that springs to mind, have they selected the correct region ? They won't see the instances if not.
Trading feedback here
And yes, the custom policy JSON is basically the only sensible way to do it (for limited values of "sensible").
Oh, and don't think about getting clever with the "Version" field in the JSON - change that, and nothing will work.
AWS is possibly the most convoluted, bloated, unintuitive bit of tech I've ever come across. If it wasn't for the fact that it's basically the only game in town when you need FCA-approved security (other than DIY), I'd never touch the damn thing.
It does feel like a system that is deliberately obfuscated for no good reason. Possibly because it's too big, and no-one has thought to document it in ascending (or descending) levels of complexity from "Simple task primers with worked examples" down to "here's the heavy shit the clever people can do". It almost makes me think fondly of official Microsoft documentation. Almost.
All of this is just to run a FoundryVTT server for mates to play D&D once a week. I've got through my first bag (free year) so need to have a way for the DM to start and stop the thing for himself, rather than having it running 24/7. Not that it would cost much if it did, but ...