Understanding access to cloud resources in OpenOps
ec2:StopInstances
permission as shown in this guide.
If you have multiple AWS accounts and want one of them to define all the permissions that may be needed for workflows defined by OpenOps templates, consider installing the OpenOpsApp AWS Role Stack. Even if you don’t, you can download the stack and use it as a reference when configuring permissions for your workflows.
.env
file in your OpenOps installation directory. Inside the file, set the OPS_AWS_ENABLE_IMPLICIT_ROLE
variable to true
..env
file, restart the OpenOps containers:
arn:aws:iam::123456789012:role/OpenOpsExecutionRole
).dev
, prod
, billing
).--role
flag instead. For example, this command assigns the “Reader” role to the service principal:
appId
to Application (client) IDpassword
to Client Secrettenant
to Directory (tenant) ID.env
file in your OpenOps installation directory and set the following environment variables:
OPS_ENABLE_HOST_SESSION=true
to enable sharing of the host session with the OpenOps container.HOST_AZURE_CONFIG_DIR=/root/.azure
to define the path to the host machine’s Azure configuration folder that will be shared with the OpenOps container..env
file, restart the OpenOps containers:
.env
file in your OpenOps installation directory and set the following environment variables:
OPS_ENABLE_HOST_SESSION=true
to enable sharing of the host session with the OpenOps container.HOST_CLOUDSDK_CONFIG=/root/.config/gcloud
to define the path to the host machine’s Google Cloud configuration folder that will be shared with the OpenOps container..env
file, restart the OpenOps containers: