Loading...

XML

Word

Printable

Type: Bug
Resolution: Not a Bug
Priority: Normal
Fix Version/s: None
Affects Version/s: 4.13.z, 4.12.z, 4.11.z, 4.10.z, 4.9.z
Component/s: Documentation / Installer
Labels:
- triaged
- waiting-for-input

Severity:
Informational
Regression:
No
Story Points:
0
Sprint:
OSDOCS Sprint 238, OSDOCS Sprint 239, OSDOCS Sprint 241, OSDOCS Sprint 242, OSDOCS Sprint 243, OSDOCS Sprint 244
sprint_count:
6
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:
N/A
Release Note Type:
Release Note Not Required

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

Several of the Objects we have in the manual for AWS are no longer in AWS IAM Policy roles specially for the S3 part.

Version-Release number of selected component (if applicable):

How reproducible:

Its a documentation issue

Steps to Reproduce:

1. Add roles direct from site to AWS IAM Policy generator using json. 
2. Roles comes up as replaced by new Roles 

A complete updated Json file provided here.

Actual results:

Roles missing giving errors when trying to add them.

Expected results:

Roles being added without problems.

Additional info:

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "ec2",
			"Effect": "Allow",
			"Action": [
				"ec2:AuthorizeSecurityGroupEgress",
				"ec2:AuthorizeSecurityGroupIngress",
				"ec2:CopyImage",
				"ec2:CreateNetworkInterface",
				"ec2:AttachNetworkInterface",
				"ec2:CreateSecurityGroup",
				"ec2:CreateTags",
				"ec2:CreateVolume",
				"ec2:DeleteSecurityGroup",
				"ec2:DeleteSnapshot",
				"ec2:DeleteTags",
				"ec2:DeregisterImage",
				"ec2:DescribeAccountAttributes",
				"ec2:DescribeAddresses",
				"ec2:DescribeAvailabilityZones",
				"ec2:DescribeDhcpOptions",
				"ec2:DescribeImages",
				"ec2:DescribeInstanceAttribute",
				"ec2:DescribeInstanceCreditSpecifications",
				"ec2:DescribeInstances",
				"ec2:DescribeInstanceTypes",
				"ec2:DescribeInternetGateways",
				"ec2:DescribeKeyPairs",
				"ec2:DescribeNatGateways",
				"ec2:DescribeNetworkAcls",
				"ec2:DescribeNetworkInterfaces",
				"ec2:DescribePrefixLists",
				"ec2:DescribeRegions",
				"ec2:DescribeRouteTables",
				"ec2:DescribeSecurityGroups",
				"ec2:DescribeSubnets",
				"ec2:DescribeTags",
				"ec2:DescribeVolumes",
				"ec2:DescribeVpcAttribute",
				"ec2:DescribeVpcClassicLink",
				"ec2:DescribeVpcClassicLinkDnsSupport",
				"ec2:DescribeVpcEndpoints",
				"ec2:DescribeVpcs",
				"ec2:GetEbsDefaultKmsKeyId",
				"ec2:ModifyInstanceAttribute",
				"ec2:ModifyNetworkInterfaceAttribute",
				"ec2:RevokeSecurityGroupEgress",
				"ec2:RevokeSecurityGroupIngress",
				"ec2:RunInstances",
				"ec2:TerminateInstances",
				"ec2:AllocateAddress",
				"ec2:AssociateAddress",
				"ec2:AssociateDhcpOptions",
				"ec2:AssociateRouteTable",
				"ec2:AttachInternetGateway",
				"ec2:CreateDhcpOptions",
				"ec2:CreateInternetGateway",
				"ec2:CreateNatGateway",
				"ec2:CreateRoute",
				"ec2:CreateRouteTable",
				"ec2:CreateSubnet",
				"ec2:CreateVpc",
				"ec2:CreateVpcEndpoint",
				"ec2:ModifySubnetAttribute",
				"ec2:ModifyVpcAttribute"
			],
			"Resource": [
				"*"
			]
		},
		{
			"Sid": "IAM",
			"Effect": "Allow",
			"Action": [
				"iam:AddRoleToInstanceProfile",
				"iam:CreateInstanceProfile",
				"iam:CreateRole",
				"iam:DeleteInstanceProfile",
				"iam:DeleteRole",
				"iam:DeleteRolePolicy",
				"iam:GetInstanceProfile",
				"iam:GetRole",
				"iam:GetRolePolicy",
				"iam:GetUser",
				"iam:ListInstanceProfilesForRole",
				"iam:ListRoles",
				"iam:ListUsers",
				"iam:PassRole",
				"iam:PutRolePolicy",
				"iam:RemoveRoleFromInstanceProfile",
				"iam:SimulatePrincipalPolicy",
				"iam:TagRole",
				"iam:CreateServiceLinkedRole"
			],
			"Resource": [
				"*"
			]
		},
		{
			"Sid": "Route53",
			"Effect": "Allow",
			"Action": [
				"route53:ChangeResourceRecordSets",
				"route53:ChangeTagsForResource",
				"route53:CreateHostedZone",
				"route53:DeleteHostedZone",
				"route53:GetChange",
				"route53:GetHostedZone",
				"route53:ListHostedZones",
				"route53:ListHostedZonesByName",
				"route53:ListResourceRecordSets",
				"route53:ListTagsForResource",
				"route53:UpdateHostedZoneComment"
			],
			"Resource": [
				"*"
			]
		},
		{
			"Sid": "S3",
			"Effect": "Allow",
			"Action": [
				"s3:CreateBucket",
				"s3:CreateBucket",
				"s3:DeleteBucket",
				"s3:GetAccelerateConfiguration",
				"s3:GetBucketAcl",
				"s3:GetBucketCors",
				"s3:GetBucketLocation",
				"s3:GetBucketLogging",
				"s3:GetBucketObjectLockConfiguration",
				"s3:GetReplicationConfiguration",
				"s3:GetBucketRequestPayment",
				"s3:GetBucketTagging",
				"s3:GetBucketVersioning",
				"s3:GetBucketWebsite",
				"s3:GetEncryptionConfiguration",
				"s3:GetLifecycleConfiguration",
				"s3:GetReplicationConfiguration",
				"s3:ListBucket",
				"s3:PutBucketAcl",
				"s3:PutBucketTagging",
				"s3:PutEncryptionConfiguration",
				"s3:DeleteObject",
				"s3:GetObject",
				"s3:GetObjectAcl",
				"s3:GetObjectTagging",
				"s3:GetObjectVersion",
				"s3:PutObject",
				"s3:PutObjectAcl",
				"s3:PutObjectTagging"
			],
			"Resource": [
				"*"
			]
		},
		{
			"Sid": "DeleteObjects",
			"Effect": "Allow",
			"Action": [
				"autoscaling:DescribeAutoScalingGroups",
				"ec2:DeletePlacementGroup",
				"ec2:DeleteNetworkInterface",
				"ec2:DeleteVolume",
				"elasticloadbalancing:DeleteTargetGroup",
				"elasticloadbalancing:DescribeTargetGroups",
				"iam:DeleteAccessKey",
				"iam:DeleteUser",
				"iam:ListAttachedRolePolicies",
				"iam:ListInstanceProfiles",
				"iam:ListRolePolicies",
				"iam:ListUserPolicies",
				"s3:DeleteObject",
				"s3:ListBucketVersions",
				"tag:GetResources",
			    "iam:UntagRole",
				"iam:DeleteAccessKey",
				"iam:DeleteUser",
				"iam:DeleteUserPolicy",
				"iam:GetUserPolicy",
				"iam:ListAccessKeys",
				"iam:PutUserPolicy",
				"iam:TagUser",
				"s3:PutBucketPublicAccessBlock",
				"s3:GetBucketPublicAccessBlock",
				"s3:PutLifecycleConfiguration",
				"s3:ListBucket",
				"s3:ListBucketMultipartUploads",
				"s3:AbortMultipartUpload",
				"iam:CreateAccessKey",
				"iam:CreateUser"
			],
			"Resource": [
				"*"
			]
		},
		{
			"Sid": "ELB",
			"Effect": "Allow",
			"Action": [
				"elasticloadbalancing:AddTags",
				"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
				"elasticloadbalancing:AttachLoadBalancerToSubnets",
				"elasticloadbalancing:ConfigureHealthCheck",
				"elasticloadbalancing:CreateLoadBalancer",
				"elasticloadbalancing:CreateLoadBalancerListeners",
				"elasticloadbalancing:DeleteLoadBalancer",
				"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
				"elasticloadbalancing:DescribeInstanceHealth",
				"elasticloadbalancing:DescribeLoadBalancerAttributes",
				"elasticloadbalancing:DescribeLoadBalancers",
				"elasticloadbalancing:DescribeTags",
				"elasticloadbalancing:ModifyLoadBalancerAttributes",
				"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
				"elasticloadbalancing:SetLoadBalancerPoliciesOfListener",
				"elasticloadbalancing:AddTags",
				"elasticloadbalancing:CreateListener",
				"elasticloadbalancing:CreateLoadBalancer",
				"elasticloadbalancing:CreateTargetGroup",
				"elasticloadbalancing:DeleteLoadBalancer",
				"elasticloadbalancing:DeregisterTargets",
				"elasticloadbalancing:DescribeListeners",
				"elasticloadbalancing:DescribeLoadBalancerAttributes",
				"elasticloadbalancing:DescribeLoadBalancers",
				"elasticloadbalancing:DescribeTargetGroupAttributes",
				"elasticloadbalancing:DescribeTargetHealth",
				"elasticloadbalancing:ModifyLoadBalancerAttributes",
				"elasticloadbalancing:ModifyTargetGroup",
				"elasticloadbalancing:ModifyTargetGroupAttributes",
				"elasticloadbalancing:RegisterTargets"
			],
			"Resource": [
				"*"
			]
		},
		{
			"Sid": "ec2delete",
			"Effect": "Allow",
			"Action": [
				"ec2:DeleteDhcpOptions",
				"ec2:DeleteInternetGateway",
				"ec2:DeleteNatGateway",
				"ec2:DeleteRoute",
				"ec2:DeleteRouteTable",
				"ec2:DeleteSubnet",
				"ec2:DeleteVpc",
				"ec2:DeleteVpcEndpoints",
				"ec2:DetachInternetGateway",
				"ec2:DisassociateRouteTable",
				"ec2:ReleaseAddress",
				"ec2:ReplaceRouteTableAssociation",
				"tag:UntagResources"
			],
			"Resource": [
				"*"
			]
		},
		{
			"Sid": "Optional",
			"Effect": "Allow",
			"Action": [
				"ec2:DescribeInstanceTypeOfferings",
				"servicequotas:ListAWSDefaultServiceQuotas"
			],
			"Resource": [
				"*"
			]
		}
	]
}

Assignee:: Servesha Dudhgaonkar

Reporter:: Kim Borup

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2023/05/11 8:47 AM

Updated:: 2023/11/06 11:33 AM

Resolved:: 2023/11/06 11:33 AM

Details

Description

Attachments

Activity

People

Dates

Hide