search

trevor-laher / OnDemandMinecraft

An AWS hosted Minecraft server that will only run when players are active. Players can start the server through a simple UI accessed through free Heroku server hosting.
MIT License
516 stars 69 forks source link

IAM's #16

Open Xerosigma opened 5 years ago

Xerosigma commented 5 years ago

What policies would I need to use IAM's instead of the root access key?

trevor-laher commented 5 years ago

Hi, I’ve never used the IAM service before but i think it could be possible to work. I believe some degree of root access is necessary, at least it would be necessary during setup for java installation and screen environment variable changes. I also think the auto shutdown script requires root access as it shuts down the entire instance via command line. I know it’s not a perfect solution, and a more organized user structure may work but I’m not sure! Based on the IAM policies it appears most of your configuration would be spent on the permission boundaries.

On Fri, Sep 13, 2019 at 11:28 AM Nestor E. Ledon notifications@github.com wrote:

What policies would I need to use IAM's instead of the root access key?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/trevor-laher/OnDemandMinecraft/issues/16?email_source=notifications&email_token=AFNUAI6AMXVV6WJDYCYN6MTQJOWTBA5CNFSM4IWRJDRKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HLIQBJQ, or mute the thread https://github.com/notifications/unsubscribe-auth/AFNUAI7VILZVK543EI4N2M3QJOWTBANCNFSM4IWRJDRA .

Xerosigma commented 5 years ago

Hi, I’ve never used the IAM service before but i think it could be possible to work. I believe some degree of root access is necessary, at least it would be necessary during setup for java installation and screen environment variable changes. I also think the auto shutdown script requires root access as it shuts down the entire instance via command line. I know it’s not a perfect solution, and a more organized user structure may work but I’m not sure! Based on the IAM policies it appears most of your configuration would be spent on the permission boundaries. On Fri, Sep 13, 2019 at 11:28 AM Nestor E. Ledon @.**> wrote: What policies would I need to use IAM's* instead of the root access key? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#16?email_source=notifications&email_token=AFNUAI6AMXVV6WJDYCYN6MTQJOWTBA5CNFSM4IWRJDRKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HLIQBJQ>, or mute the thread https://github.com/notifications/unsubscribe-auth/AFNUAI7VILZVK543EI4N2M3QJOWTBANCNFSM4IWRJDRA .

Thanks for the timely response. There's an "AdministratorAccess" policy that may do it. I'll kick it around when I have time. If I can get it to work I'll let you know. I'll submit a PR if changes need to be made to support it.

trevor-laher commented 5 years ago

Yeah that’d be awesome. Happy to have more contributors to make some improvements to the project. I’m trying to get most of the configuration and EC2 creation automated sometime soon.

On Fri, Sep 13, 2019 at 12:20 PM Nestor E. Ledon notifications@github.com wrote:

Hi, I’ve never used the IAM service before but i think it could be possible to work. I believe some degree of root access is necessary, at least it would be necessary during setup for java installation and screen environment variable changes. I also think the auto shutdown script requires root access as it shuts down the entire instance via command line. I know it’s not a perfect solution, and a more organized user structure may work but I’m not sure! Based on the IAM policies it appears most of your configuration would be spent on the permission boundaries. … <#m3522396718988557667> On Fri, Sep 13, 2019 at 11:28 AM Nestor E. Ledon @.**> wrote: What policies would I need to use IAM's* instead of the root access key? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#16 https://github.com/trevor-laher/OnDemandMinecraft/issues/16?email_source=notifications&email_token=AFNUAI6AMXVV6WJDYCYN6MTQJOWTBA5CNFSM4IWRJDRKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HLIQBJQ>, or mute the thread https://github.com/notifications/unsubscribe-auth/AFNUAI7VILZVK543EI4N2M3QJOWTBANCNFSM4IWRJDRA .

Thanks for the timely response. There's an "AdministratorAccess" policy that may do it. I'll kick it around when I have time. If I can get it to work I'll let you know. I'll submit a PR if changes need to be made to support it.

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/trevor-laher/OnDemandMinecraft/issues/16?email_source=notifications&email_token=AFNUAI5LWJI2OJ4XEN75IF3QJOZR5A5CNFSM4IWRJDRKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD6VODIA#issuecomment-531292576, or mute the thread https://github.com/notifications/unsubscribe-auth/AFNUAI7SIT6RH3LUD56JQV3QJOZR5ANCNFSM4IWRJDRA .

Xerosigma commented 5 years ago

IAM's seems to work fine so far. Will keep you posted on how specific I can get the policies.