Describe what you need us to do: I need to run the clean-amis.py script. But the current account does not permission to deregister the AMIs.
Can we add the DeregisterImage capability to the production keys? Just to be on the safer side, we can also create a new user like aws-fedimg-delete that would just have the DeregisterImage permission
aws-fedimg-delete
When do you need this? (YYYY/MM/DD) ASAP
When is this no longer needed or useful? (YYYY/MM/DD) No expiry
If we cannot complete your request, what is the impact? AMIs will keep on accumulating
@smooge can you look into this?
@sayanchowdhury Please note that we have had such a user for a few years by now: image-delete. That user does have DeregisterImage permissions.
image-delete
Metadata Update from @puiterwijk: - Issue close_status updated to: Invalid - Issue status updated to: Closed (was: Open)
Can I get the ansible private vars, I will update the script with the vars to use those credentials?
Metadata Update from @sayanchowdhury: - Issue status updated to: Open (was: Closed)
It appears these already exist:
ec2_image_delete_access_key_id
and
ec2_image_delete_access_key
Can you give those a try with your script and let us know if they don't work for some reason?
@kevin the account needs DeleteSnapshotpermission also.
DeleteSnapshot
Should be granted.
Hopefully this is all working now... please re-open or file a new ticket if there's still any issues.
:baby_chick:
Metadata Update from @kevin: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
@sayanchowdhury - can you confirm this is working when you get back?
@dustymabe Yes, this was working.
Login to comment on this ticket.