#7725 Permission to DeregisterImage in the fedimg production keys
Closed: Fixed 4 months ago by kevin. Opened 4 months ago by sayanchowdhury.

Describe what you need us to do:
I need to run the clean-amis.py script. But the current account does not permission to deregister the AMIs.

Can we add the DeregisterImage capability to the production keys? Just to be on the safer side, we can also create a new user like aws-fedimg-delete that would just have the DeregisterImage permission

When do you need this? (YYYY/MM/DD)
ASAP

When is this no longer needed or useful? (YYYY/MM/DD)
No expiry

If we cannot complete your request, what is the impact?
AMIs will keep on accumulating


@sayanchowdhury Please note that we have had such a user for a few years by now: image-delete. That user does have DeregisterImage permissions.

Metadata Update from @puiterwijk:
- Issue close_status updated to: Invalid
- Issue status updated to: Closed (was: Open)

4 months ago

Can I get the ansible private vars, I will update the script with the vars to use those credentials?

Metadata Update from @sayanchowdhury:
- Issue status updated to: Open (was: Closed)

4 months ago

It appears these already exist:

ec2_image_delete_access_key_id

and

ec2_image_delete_access_key

Can you give those a try with your script and let us know if they don't work for some reason?

@kevin the account needs DeleteSnapshotpermission also.

Hopefully this is all working now... please re-open or file a new ticket if there's still any issues.

:baby_chick:

Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

4 months ago

@sayanchowdhury - can you confirm this is working when you get back?

Login to comment on this ticket.

Metadata