search

trackit / trackit2-home

TrackIt helps you to optimize your AWS cloud
https://trackit.io/
Apache License 2.0
48 stars 8 forks source link

start.sh script needs access to awscli credentials - what type of access? #60

Closed lfrancois closed 6 years ago

lfrancois commented 6 years ago

What type of permission do we need to get the system up and running? I didn't find anything about it in the documentation.

===> starting trackit
Traceback (most recent call last):
  File "./trackit2/scripts/awsenv", line 31, in <module>
    main(profile, cmd)
  File "./trackit2/scripts/awsenv", line 16, in main
    profile_config = get_profile_config(profile)
  File "./trackit2/scripts/awsenv", line 13, in get_profile_config
    return c[profile]
  File "/usr/lib/python3.5/configparser.py", line 956, in __getitem__
    raise KeyError(key)
KeyError: 'default'
schubev commented 6 years ago

It should work fine with just the following permission :

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AssumeRole",
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Resource": "*"
        }
    ]
}
schubev commented 6 years ago

Also when using AWS ElasticSearch you need to ensure the database policy allows the user or role.

lfrancois commented 6 years ago

https://github.com/trackit/trackit/pull/62