[StarCluster] User security

Jennifer Staab jstaab at cs.unc.edu
Fri Nov 14 13:00:32 EST 2014 

In practice I have found consolidated billing nice because it separates 
charges out by account so you know whom is using what and how much it 
costs on a monthly basis without much hassle from the AWS console.  You 
can share AMIs and Snapshots between accounts and with CloudFormation 
you could pretty easily share a similar architecture between accounts. 
Deleting and consolidating accounts is pretty simple in practice. With 
Starcluster you just need to adjust the config for a specific account, 
Starcluster users from different accounts could not change attributes 
associated nor have access to the information of the other account(s).  
As Hugh said it all depends on what you want to do and how trusted your 
users are that share an AWS account.

Good Luck,

-Jennifer

On 11/13/14 10:18 AM, MacMullan, Hugh wrote:
>
> It really depends on what you're looking to do. Are these PAYING 
> CUSTOMERS who you MUST (contractually) keep apart? Or are they members 
> of a team and you just want them to keep from accidentally hurting 
> each other? You'll have to work throught the ramifications of the 
> answers to these questions yourself, and probably learn about IAM User 
> in the process. I DON'T use IAM User generally, except in a casual 
> "team" world, so can't really answer your question in any detailed way.
>
> Good luck,
>
> -Hugh
>
> *From:*Ramon Ramirez-Linan [mailto:rlinan at navteca.com]
> *Sent:* Thursday, November 13, 2014 10:10 AM
> *To:* MacMullan, Hugh
> *Cc:* starcluster at mit.edu
> *Subject:* Re: [StarCluster] User security
>
> We only have the option of using the separate IAM users.
>
> What is a good way of doing it? Limit access to EC2 based on tags? or 
> what other options ?
>
> Ramon
>
> On Wed, Nov 12, 2014 at 5:38 PM, MacMullan, Hugh 
> <hughmac at wharton.upenn.edu <mailto:hughmac at wharton.upenn.edu>> wrote:
>
>     Separate IAM User accounts, or separate AWS accounts with
>     Consolidated Billing are good approaches.
>
>     -Hugh
>
>     > On Nov 12, 2014, at 17:21, "Ramon Ramirez-Linan"
>     <rlinan at navteca.com <mailto:rlinan at navteca.com>> wrote:
>     >
>     > Hello,
>     >
>     > What is the best way to implement security between the users so
>     they can not stop each others clusters (stop, detroy see, etc)
>     >
>     > I am having the issue that when any user run starcluster
>     listclusters they see all the clusters currently running on the
>     AWS account.
>     >
>     > Also I am curious about how starclusters find the information of
>     current running clusters
>     >
>     > Thanks
>     >
>     > Ramon
>     > _______________________________________________
>     > StarCluster mailing list
>     > StarCluster at mit.edu <mailto:StarCluster at mit.edu>
>     > http://mailman.mit.edu/mailman/listinfo/starcluster
>
>
>
> _______________________________________________
> StarCluster mailing list
> StarCluster at mit.edu
> http://mailman.mit.edu/mailman/listinfo/starcluster

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/starcluster/attachments/20141114/7afba02c/attachment.htm

More information about the StarCluster mailing list