#7725 Permission to DeregisterImage in the fedimg production keys
Closed: Fixed 24 days ago by kevin. Opened a month ago by sayanchowdhury.

Describe what you need us to do:
I need to run the clean-amis.py script. But the current account does not permission to deregister the AMIs.

Can we add the DeregisterImage capability to the production keys? Just to be on the safer side, we can also create a new user like aws-fedimg-delete that would just have the DeregisterImage permission

When do you need this? (YYYY/MM/DD)

When is this no longer needed or useful? (YYYY/MM/DD)
No expiry

If we cannot complete your request, what is the impact?
AMIs will keep on accumulating

@sayanchowdhury Please note that we have had such a user for a few years by now: image-delete. That user does have DeregisterImage permissions.

Metadata Update from @puiterwijk:
- Issue close_status updated to: Invalid
- Issue status updated to: Closed (was: Open)

a month ago

Can I get the ansible private vars, I will update the script with the vars to use those credentials?

Metadata Update from @sayanchowdhury:
- Issue status updated to: Open (was: Closed)

a month ago

It appears these already exist:




Can you give those a try with your script and let us know if they don't work for some reason?

@kevin the account needs DeleteSnapshotpermission also.

Hopefully this is all working now... please re-open or file a new ticket if there's still any issues.


Metadata Update from @kevin:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

24 days ago

@sayanchowdhury - can you confirm this is working when you get back?

Login to comment on this ticket.