Roles - Githubissues

JohnTigue commented 1 year ago

There should be multiple roles for users within a BrainTrust deployment.

JohnTigue commented 1 year ago

For example, one imaginable role is Automatic1111User. This role should have permissions with regards to braintrust_hosting_automatic1111 instances:

Instantiate new instances
Start, stop, and reboot instances
View web server log messages
Modify the file system (say, to install models and extensions)
Via a web browser, get to a command line terminal
Connect via SSH

JohnTigue commented 1 year ago

If instances running braintrust_hosting_automatic1111 are tagged EC2InstancePurpose: Automatic1111, then the IAM policy for the above will look something like:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:Describe*",
                "ec2:GetConsole*"
            ],
            "Resource": "*"
        },
        {
            "Sid": "StartStopIfTags",
            "Effect": "Allow",
            "Action": [
                "ec2:StartInstances",
                "ec2:StopInstances",
                "ec2:RebootInstances",
                "ec2-instance-connect:SendSSHPublicKey"
            ],
            "Resource": "arn:aws:ec2:us-west-2:123456789012:instance/*",
            "Condition": {
                "StringEquals": {
                    "aws:ResourceTag/EC2InstancePurpose": "Automatic1111"
                }
            }
        }
    ]
}

MountaintopLotus / braintrust

Roles #106