AWS OpsWorks henceforth supports resource-level permissions.

Amazon Web Service continues to improve the experience of its service. Henceforth those who use this service, they gain in flexibility.

If unfamiliar, Connectikpeople recalls that, AWS OpsWorks is an application management service that lets you provision resources, deploy and update software, automate common operational tasks, and monitor the state of your

environment.

With this recent update you can now:

• Grant users access to specific stacks, making management of multi-user environments easier. For example, you can give a user access to the staging and production stacks but not the secret stack.
• Set user-specific permissions for actions on each stack, allowing you to decide who can deploy new application versions or create new resources on a per-stack basis for example.
• Delegate management of each OpsWorks stack to a specific user or set of users.
• Control user-level SSH access to Amazon EC2 instances, allowing you to instantly grant or remove access to instances for individual users.

Regarding policies, Connectikpeople has captured:

• Deny: blocks the user’s access to this stack.
• IAM Policies Only: bases a user’s permissions exclusively on policies attached to the user in IAM.
• Show: combines the user’s IAM policies with permissions that provide read-only access to the stack’s resources.
• Deploy: combines the user’s IAM policies with Show permissions and permissions that let the user deploy new application versions.
• Manage: combines the user’s IAM policies with permissions that provide full control of this stack.

If unfamiliar, these policies aim to make it easy to quickly configure a user with the right permissions for the tasks they need to accomplish. You can also create a custom IAM policy to fine-tune their permissions. You can also optionally use the popular Chef automation platform to extend OpsWorks using your own custom recipes. Here is the OpsWorks documentation.