By default, IAM users do not have access to the Account Activity
or Usage Reports pages. However, as account owner you can grant IAM
users permission to see either or both. You can then activate access to the
billing pages, and those IAM users will have access to the billing pages
according to the permissions you grant. (You can deny them access to some
billing information.) http://docs.aws.amazon.com/awsaccountbilling/latest/about/ControllingAccessWebsite.html
Showing posts with label user. Show all posts
Showing posts with label user. Show all posts
Thursday, April 24, 2014
Wednesday, December 4, 2013
Oracle credentials encrypted and protected in S3
Having worked with Oracle Databases for a very long time, this blog post really caught my interest. This is great way to insure Oracle credentials are not in scripts, environment variables, programs or other places where they can be read by the naked eye.
This blog post describes how DB credentials could be stored encrypted in S3. The role (IAM role) on the EC2 instance would be used with its short-term security credentials to let the client pull the DB credentials from S3 as needed.
This blog post describes how DB credentials could be stored encrypted in S3. The role (IAM role) on the EC2 instance would be used with its short-term security credentials to let the client pull the DB credentials from S3 as needed.
http://blogs.aws.amazon.com/security/post/Tx610S2MLVZWEA/Using-IAM-roles-to-distribute-non-AWS-credentials-to-your-EC2-instances
Wednesday, August 14, 2013
AWS IAM user creation and access
IAM user set up can be found here:
http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_SettingUpUser.html
Give them 'Power User' if they need to create instances and fully utilize AWS services.
They will use a different URL (not aws.amazon.com) then you use to access your account. More here:
http://docs.aws.amazon.com/IAM/latest/UserGuide/WhatUsersNeedToKnow.html
http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_SettingUpUser.html
Give them 'Power User' if they need to create instances and fully utilize AWS services.
They will use a different URL (not aws.amazon.com) then you use to access your account. More here:
http://docs.aws.amazon.com/IAM/latest/UserGuide/WhatUsersNeedToKnow.html
Saturday, June 29, 2013
Inheriting the Oracle user environment
Here is the command:
sudo –H –u oracle logbash –login
You must have permissions to sudo to “oracle” directly for this to work. This is preferred rather than sudo’ing to root and then su’ing to oracle (su - oracle)
Wednesday, May 1, 2013
AWS getting started with groups and users
A common question is when first setting up and AWS environment is how to prevent developers, OS administrators, DBAs, architectures and all the different roles you may have in your organization from having the correct privileges. You use IAM group and users. You would create a developer group. Ignore roles to start with as these are for AWS services to access other services (example: EC2 accessing S3) and cross account access. Then add policies to the group (use policy generator or select a template). Then add each developer as individual users and adding them to the developer group.
Good resource for all of your questions….You can explicitly manage roles and policy
http://docs.aws.amazon.com/IAM/latest/UserGuide/cross-acct-access-walkthrough-creategroup.html
Nice blog entry here:
https://forums.aws.amazon.com/message.jspa?messageID=197920
Nice blog entry here:
https://forums.aws.amazon.com/message.jspa?messageID=197920
Thursday, April 25, 2013
Tuesday, April 16, 2013
User data to install Apache and PHP
One of the most basic components on an EC2 instance is Apache and PHP. Installing Apache and PHP is made easy with a short shell script, yum, and user data. Here is all that needs to be placed in the user data section of the EC2 instance:
#!/bin/sh
yum -y install httpd php
chkconfig httpd on
/etc/init.d/httpd start
Subscribe to:
Posts (Atom)