Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detailed list of permissions for AWS iam role too open #57

Open
JeffGiroux opened this issue Jan 6, 2021 · 2 comments
Open

Detailed list of permissions for AWS iam role too open #57

JeffGiroux opened this issue Jan 6, 2021 · 2 comments
Labels
documentation Improvements or additions to documentation enhancement New feature or request known issue Issue already in the backlog
Milestone
backlog

Comments

@JeffGiroux
Copy link

Do you already have an issue opened with F5 support?

no

Description

Looking for a more granular list of permissions for the AWS IAM role.

https://clouddocs.f5.com/products/extensions/f5-cloud-failover/latest/userguide/aws.html#create-and-assign-an-iam-role

Example currently...
EC2 Read/Write
S3 Read/Write
STS Assume Role

The Azure and GCP roles for CFE have more granular permissions listed. Can the same be done for the API calls needed in AWS?

Environment information

For bugs, enter the following information:

  • Cloud Failover Extension Version:
  • BIG-IP version:
  • Cloud provider:

Severity Level

For bugs, enter the bug severity level. Do not set any labels.

Severity: <Fill in level: 1 through 5>

Severity level definitions:

  1. Severity 1 (Critical) : Defect is causing systems to be offline and/or nonfunctional. immediate attention is required.
  2. Severity 2 (High) : Defect is causing major obstruction of system operations.
  3. Severity 3 (Medium) : Defect is causing intermittent errors in system operations.
  4. Severity 4 (Low) : Defect is causing infrequent interuptions in system operations.
  5. Severity 5 (Trival) : Defect is not causing any interuptions to system operations, but none-the-less is a bug.
@shyawnkarim
Copy link

This is a known issue and is currently in our backlog, internal ID AUTOSDK-2349.

@shyawnkarim shyawnkarim added documentation Improvements or additions to documentation enhancement New feature or request labels Jan 8, 2021
@shyawnkarim shyawnkarim added this to the backlog milestone Jan 8, 2021
@shyawnkarim shyawnkarim added the known issue Issue already in the backlog label Jan 8, 2021
@shyawnkarim
Copy link

STS:AssumeRole and EC2:ReplaceRoute are not needed for CFE. This will come in the next update but you can remove those for now in your deployments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation enhancement New feature or request known issue Issue already in the backlog
Projects
None yet
Milestone
backlog
Development

No branches or pull requests
2 participants
@shyawnkarim @JeffGiroux