<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 07:54:31 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DOCS-7555] Document on IAM requirements for Cloud Manager Provisioning</title>
                <link>https://jira.mongodb.org/browse/DOCS-7555</link>
                <project id="10380" key="DOCS">Documentation</project>
                    <description>&lt;p&gt;Recently in a ticket a customer asked for additional information on why we require the specific IAM permissions we do.  This is a ticket to request we provide this in a public facing document to greater explain the need for these settings.&lt;/p&gt;



&lt;p&gt;Here&apos;s a complete list with annotation:&lt;/p&gt;


&lt;div class=&apos;table-wrap&apos;&gt;
&lt;table class=&apos;confluenceTable&apos;&gt;&lt;tbody&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:AttachVolume&quot;, &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&lt;b&gt;so we can add an EBS volume to the provisioned server&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:AuthorizeSecurityGroupIngress&quot;,&lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;so we can manage security groups required by Cloud Manager&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:CreateKeyPair&quot;, &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;So when you upload a new keypair via our app&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:CreateSecurityGroup&quot;, &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;to create security groups for our distribution&lt;/b&gt; &lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:CreateTags&quot;, &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;so we can tag the ec2 instances&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:CreateVolume&quot;, &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;so we can create the ebs volumes&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:DeleteKeyPair&quot;, &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;so we can remove any keys created for our cloud manager tool&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:DeleteSecurityGroup&quot;,&lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;  &lt;b&gt;so we can remove any security groups created by our tool&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:DeleteTags&quot;,&lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;  &lt;b&gt;so we can delete any tags when terminating&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:DeleteVolume&quot;, &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;so we can delete any volumes when terminating&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:DescribeAccountAttributes&quot;, &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;so we can list account details in our tool&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:DescribeAvailabilityZones&quot;,&lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;  &lt;b&gt;so we can list AZ details in our tool&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:DescribeInstanceAttribute&quot;,&lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;   &lt;b&gt;so we can list instance attribute details in our tool&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:DescribeInstanceStatus&quot;,  &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;so we can list status on the instance our tool&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:DescribeInstances&quot;, &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;so we can see available instances for use with our tool&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:DescribeKeyPairs&quot;,&lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;  &lt;b&gt;so we can see available keypairs to be injected into ec2&apos;s&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:DescribeRegions&quot;, &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;so we can see regions available for use&lt;/b&gt; &lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:DescribeSecurityGroups&quot;, &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;so we can list security groups to set for your distribution&lt;/b&gt; &lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:DescribeSubnets&quot;,  &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;so we can list subnets to set for your distribution&lt;/b&gt; &lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:DescribeTags&quot;,  &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;so we can list tags for instances associated with cloud manager&lt;/b&gt; &lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:DescribeVpcs&quot;, &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;so we can review available VPCs to build the distribution in&lt;/b&gt; &lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:DescribeVpcAttribute&quot;, &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;so we can see attributes of VPCs when adding information to the cloud manager web tool&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:DescribeVolumeStatus&quot;, &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;so the tool can validate the readiness of an attach or a detach&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:DescribeVolumes&quot;, &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;so the tool can see and ensure we have the correct volumes for your mongo server&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:DescribeVolumeAttribute&quot;, &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;so the tool can describe information on the EBS volume used&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:ImportKeyPair&quot;, &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;so when we are provided with an SSH key we can inject it for you to use&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:RunInstances&quot;, &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;so we can run the instance&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:StartInstances&quot;, &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;so we can start the server&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:StopInstances&quot;, &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;so we can stop the server&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:RebootInstances&quot;, &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; &lt;b&gt;so we can reboot the server&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;&quot;ec2:TerminateInstances&quot;&lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;  &lt;b&gt;so we can terminate the server from cloud manager&lt;/b&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;&lt;/table&gt;
&lt;/div&gt;


&lt;p&gt;I believe we should also state that to reduce the needs of the resource to a single VPC the details from Amazon should be sufficient: &lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://aws.amazon.com/premiumsupport/knowledge-center/iam-policy-restrict-vpc/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://aws.amazon.com/premiumsupport/knowledge-center/iam-policy-restrict-vpc/&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Thank you! &lt;/p&gt;</description>
                <environment></environment>
        <key id="276694">DOCS-7555</key>
            <summary>Document on IAM requirements for Cloud Manager Provisioning</summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="bgrabar">Bob Grabar</assignee>
                                    <reporter username="jay.gordon">Jay Gordon</reporter>
                        <labels>
                    </labels>
                <created>Fri, 1 Apr 2016 13:40:51 +0000</created>
                <updated>Wed, 11 Jan 2017 21:47:59 +0000</updated>
                            <resolved>Thu, 7 Apr 2016 15:15:01 +0000</resolved>
                                                    <fixVersion>01112017-cleanup</fixVersion>
                                    <component>Cloud Manager</component>
                        <due></due>
                            <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                    <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                                        </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Fri, 1 Apr 2016 17:14:15 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        7 years, 45 weeks, 5 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>jess.mokrzecki@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            7 years, 45 weeks, 5 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>bgrabar</customfieldvalue>
            <customfieldvalue>jay.gordon</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrmvtj:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hsjzqf:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrz31z:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                </customfields>
    </item>
</channel>
</rss>