fedora-infrastructure

Clone
Source Code
GIT

#10859 Access for creating EFS volumes
Closed: Fixed 2 years ago by mobrien. Opened 2 years ago by frostyx.

Closed: Fixed
Reopen Issue

Can you please grant me access for creating Amazon EFS volumes?

I am getting the following error:

User: arn:aws:sts::125523088429:assumed-role/aws-copr/frostyx is not authorized to perform: elasticfilesystem:CreateFileSystem on the specified resource.

We are slowly reaching the max storage capacity in EC2 and we are considering EFS as one of the alternatives, so I want to make some experiments that will help us decide.

Describe what you would like us to do:

Please grant me access for creating EFS volumes.
Ideally, please give the permission also to @praiskup and @msuchy as they might want to play with it as well.

When do you need this to be done by? (YYYY/MM/DD)

I don't want to hurry anybody, but ideally, this week.
We don't have much disk space left.

Metadata Update from @zlopez:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: aws, copr
2 years ago

Metadata Update from @zlopez:
- Issue tagged with: low-gain, low-trouble
2 years ago

I have created an efs filesystem for you and assigned permissions so you should have access to it.

Let me know if you need any more help with it

Metadata Update from @mobrien:
- Issue untagged with: low-gain, low-trouble
2 years ago

Thank you very much @mobrien,
I can see it and I am able to access it.

Metadata Update from @frostyx:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)
2 years ago

@mobrien, can you please also give us rights also for editing the storage? I tried to update the "Transition into IA" value and got:

User: arn:aws:sts::125523088429:assumed-role/aws-copr/frostyx is not authorized to perform: elasticfilesystem:PutLifecycleConfiguration on the specified resource.

Metadata Update from @frostyx:
- Issue status updated to: Open (was: Closed)
2 years ago

Also, I was able to mount the EFS volume using an IP address
but when I am trying to use amazon-efs-utils
https://github.com/aws/efs-utils

I am getting the following error

Failed to resolve "fs-0a8b96e95ba37498e.efs.us-east-1.amazonaws.com". The file system mount target ip address cannot be found, please pass mount target ip address via mount options.                                                  
User: arn:aws:iam::125523088429:user/copr is not authorized to perform: elasticfilesystem:DescribeMountTargets on the specified resource

I am indeed able to workaround this by passing mounttargetip=... but the DescribeMountTargets permission would be nice.

I have updated the policy to give you a bit more control over the filesystems. You won't be able to delete but should be able to do most other actions. Let me know if you face any issues

Log in to comment on this ticket.

Metadata
None

copr aws

None
None
Waiting on Assignee
Powered by Pagure 5.14.1
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.