Digital Developer Conference: a FREE half-day online conference focused on AI & Cloud – North America: Nov 2 – India: Nov 9 – Europe: Nov 14 – Asia Nov 23 Register now

Close outline
  • United States
IBM?
  • Site map
IBM?
  • Marketplace

  • Close
    Search
  • Sign in
    • Sign in
    • Register
  • IBM Navigation
IBM Developer Answers
  • Spaces
    • Blockchain
    • IBM Cloud platform
    • Internet of Things
    • Predictive Analytics
    • Watson
    • See all spaces
  • Tags
  • Users
  • Badges
  • FAQ
  • Help
Close

Name

Community

  • Learn
  • Develop
  • Connect

Discover IBM

  • ConnectMarketplace
  • Products
  • Services
  • Industries
  • Careers
  • Partners
  • Support
10.190.13.195

Refine your search by using the following advanced search options.

Criteria Usage
Questions with keyword1 or keyword2 keyword1 keyword2
Questions with a mandatory word, e.g. keyword2 keyword1 +keyword2
Questions excluding a word, e.g. keyword2 keyword1 -keyword2
Questions with keyword(s) and a specific tag keyword1 [tag1]
Questions with keyword(s) and either of two or more specific tags keyword1 [tag1] [tag2]
To search for all posts by a user or all posts with a specific tag, start typing and choose from the suggestion list. Do not use a plus or minus sign with a tag, e.g., +[tag1].
  • Ask a question

Privileges for IAM ibmdpuser when installing DSX Local in AWS?

50BGRPVGE8 gravatar image
Question by Kevin Pauli  (1) | Nov 30, 2017 at 05:22 PM pythoncplexdocplexclouddocplexdsxjupyter

I am attempting to install DSX Local in AWS.

According to https://datascience.ibm.com/docs/content/local/requirements.html I must create an IAM user and provide an access key/secret during the install. I created a new user and provided the credentials, however I get this message from the installer:

Waiter SystemStatusOk failed: You are not authorized to perform this operation. Could not access the aws cli using credentials provided.

I'm assuming this is because I have not given the IAM user the necessary privileges. The problem is the documentation doesn't say what privileges the user account needs to have. I follow the principle of least privilege and I want to know exactly what this installer intends to do with these credentials. I am NOT going to give this thing full admin access!

People who like this

  0
Comment
10 |3000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster

2 answers

  • Sort: 
0600014644 gravatar image

Answer by JohnWestrik (1) | Dec 05, 2017 at 01:52 PM

The IAM user needs to have privileges to associate the Elastic IP to any of the master node instances and DE-associate and re-associate to another master if the master node having the Elastic goes down for whatever reason. This gives HA ability within the product

Comment

People who like this

  0   Share
10 |3000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
0600014644 gravatar image

Answer by JohnWestrik (1) | Dec 07, 2017 at 12:44 PM

Just providing more details on exactly how to create a user with just the privileged needed in AWS Before creating the User or a Group, we will first create the IAM Policy for them. After creating IAM Policy you can easily create a User or a Group and attach the newly created policy to it.

To create a policy, you can follow the step mentioned below. 1. Goto IAM Management console @ https://urldefense.proofpoint.com/v2/url?u=https-3A__console.aws.amazon.com_iam_&d=DwICaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=H0nmrDQjWzWxiF1smUNPnCNKRQ9F9kraWkdSS-ufkEE&m=2cU6fJXvUBvD0uilQ_H8QJ1gJt3cdirTQ7bksVsvOAw&s=60hmOvWSy7Npf748rbhONngqYhqjYcSTqIxQ4nesO_o&e=. 2. In the navigation pane on the left, choose 'Policies'. If this is your first time choosing Policies, the Welcome to Managed Policies page appears. Choose 'Get Started'. 3. Choose 'Create policy'. 4. Select 'JSON' Editor. 5. Copy the below JSON syntax and paste it in the box. ===================================================== { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1375723773000", "Action": [ "ec2:AllocateAddress", "ec2:AssociateAddress", "ec2:DescribeAddresses", "ec2:DisassociateAddress" ], "Resource": [ "*" ], "Effect": "Allow" } ] } ===================================================== 6. Hit 'Review Policy'. 7. Give 'Name' and 'Description' to the policy. and Hit 'Create'

For more information on creating the IAM policy document. You can refer the documentation to the link [1].

After creating the IAM policy, now you are free to create a 'Users' or 'Groups' and attach the above IAM policy to it. For more information on Creating Users and Groups, you can refer the documentation in the link [2] and [3].

You can test the policy by executing the below command as an example ,

$ aws ec2 associate-address --instance xxxxxxxx --allocation-id eipalloc-xxxxxxxx --allow-reassociation --region us-east-1

Comment

People who like this

  0   Share
10 |3000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster

Follow this question

132 people are following this question.

Answers

Answers & comments

Related questions

How can I call CPLEX Optimization Studio from a Jupyter notebook? 2 Answers

How to read/write lp files with `docplex`? 3 Answers

Get the similar graph for solve progress in Docplex as we have in Cplex? 1 Answer

How to implement a UserCutCallback problem in DOcplex? (Adding cuts dynamically with a separation problem) 2 Answers

Pack function with decission variables in OPL (CPLEX) 1 Answer

  • Contact
  • Privacy
  • IBM Developer Terms of use
  • Accessibility
  • Report Abuse
  • Cookie Preferences

Powered by AnswerHub

Authentication check. Please ignore.
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Spaces
  • API Connect
  • Analytic Hybrid Cloud Core
  • Application Performance Management
  • Appsecdev
  • BPM
  • Blockchain
  • Business Transaction Intelligence
  • CAPI
  • CAPI SNAP
  • CICS
  • Cloud Analytics
  • Cloud Automation
  • Cloud Object Storage
  • Cloud marketplace
  • Collaboration
  • Content Services (ECM)
  • Continuous Testing
  • Courses
  • Customer Experience Analytics
  • DB2 LUW
  • Data and AI
  • DataPower
  • Decision Optimization
  • DevOps Build
  • DevOps Services
  • Developers IBM MX
  • Digital Commerce
  • Digital Experience
  • Finance
  • Global Entrepreneur Program
  • Hadoop
  • Hybrid Cloud Core
  • Hyper Protect
  • IBM Cloud platform
  • IBM Design
  • IBM Forms Experience Builder
  • IBM Maximo Developer
  • IBM StoredIQ
  • IBM StoredIQ-Cartridges
  • IIDR
  • ITOA
  • InformationServer
  • Integration Bus
  • Internet of Things
  • Kenexa
  • Linux on Power
  • LinuxONE
  • MDM
  • Mainframe
  • Messaging
  • Node.js
  • ODM
  • Open
  • PartnerWorld Developer Support
  • PowerAI
  • PowerVC
  • Predictive Analytics
  • Product Insights
  • PureData for Analytics
  • Push
  • QRadar App Development
  • Run Book Automation
  • Search Insights
  • Security Core
  • Storage
  • Storage Core
  • Streamsdev
  • Supply Chain Business Network
  • Supply Chain Insights
  • Swift
  • UBX Capture
  • Universal Behavior Exchange
  • UrbanCode
  • WASdev
  • WSRR
  • Watson
  • Watson Campaign Automation
  • Watson Content Hub
  • Watson Marketing Insights
  • dW Answers Help
  • dW Premium
  • developerWorks Sandbox
  • developerWorks Team
  • Watson Health
  • More
  • Tags
  • Questions
  • Users
  • Badges