Coversation with Yoni on 2023-02-07



Jon: I would also like those permissions. In general can you insure that Connor, David, and I all have the same set of permissions? Can you also send us some text describing what those permissions are?



Yoni: well I gave the three of you full access to cloudwatch. regarding a list
of all permissions y'all have, do you want a json dump? its not the most
intelligible


Jon: I want to understand the case where if I'm showing someone how to do
something and they have a permission error but I don't, why that is. I suppose
a json dump would give me a good feel for the complexity (which I suppose is
more than I expected)


e.g. for Jon
CloudwatchFullAcess


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "autoscaling:Describe*",
                "cloudwatch:*",
                "logs:*",
                "sns:*",
                "iam:GetPolicy",
                "iam:GetPolicyVersion",
                "iam:GetRole",
                "oam:ListSinks"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "iam:CreateServiceLinkedRole",
            "Resource": "arn:aws:iam::*:role/aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents*",
            "Condition": {
                "StringLike": {
                    "iam:AWSServiceName": "events.amazonaws.com"
                }
            }
        },
        {
            "Effect": "Allow",
            "Action": [
                "oam:ListAttachedLinks"
            ],
            "Resource": "arn:aws:oam:*:*:sink/*"
        }
    ]
}

EKSAcess

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "eks:DescribeCluster"
            ],
            "Resource": "arn:aws:eks:us-west-2:023300502152:cluster/*"
        }
    ]
}


Jon: 👍 that's not too bad. I can grok this.

Yoni: 
Actually @Jon Crall can you see this page? https://us-east-1.console.aws.amazon.com/iamv2/home?region=us-west-2#/users/details/JonCrall?section=permissions

then you can see it all first hand

> 👍 that's not too bad. I can grok this.

Thats not all, theres more



####

I was signing in incorrectly. Should sign in with a IAM user.

The alias is smart-kitware

My username is JonCrall
