AWS DevOps Blog

Resource-based permissions for OpsWorks

by Chris Barclay | on | Permalink | Comments |  Share

We are pleased to announce that AWS OpsWorks now supports resource-level permissions. AWS OpsWorks is an application management service that lets you provision resources, deploy and update software, automate common operational tasks, and monitor the state of your environment. You can optionally use the popular Chef automation platform to extend OpsWorks using your own custom recipes.

With resource-level permissions you can now:

  • Grant users access to specific stacks, making management of multi-user environments easier. For example, you can give a user access to the staging and production stacks but not the secret stack.
  • Set user-specific permissions for actions on each stack, allowing you to decide who can deploy new application versions or create new resources on a per-stack basis for example.
  • Delegate management of each OpsWorks stack to a specific user or set of users.
  • Control user-level SSH access to Amazon EC2 instances, allowing you to instantly grant or remove access to instances for individual users.

To learn more about the AWS OpsWorks resource-level permissions, please see the AWS Blog. A simple user interface within OpsWorks lets you select a policy for each user on each stack depending on the level of control needed. A few clicks in the AWS Management Console are all it takes to get started.