AWS Codestart Permissions to create a Project - aws-codestar

I have an IAM account from my work organization. When I try to create a project in CodeStar, I get a permissions denied error.
Could somebody please let me know what all permissions should the account owner / root give to an IAM user / group so that they can create a project in CodeStar

I think this link helps
https://docs.aws.amazon.com/codestar/latest/userguide/setting-up.html
Configure Permissions for IAM Users Complete these steps to set up IAM
user permissions.
To perform this step, sign in to the IAM console as a root user, an
IAM administrator user in the account, or an IAM user or federated
user with the associated AdministratorAccess managed policy or
equivalent. Attach the AWSCodeStarFullAccess managed policy to the IAM
user that is used to create the project.

Related

Call cPanel API's to grant access to a remote MySQL user from Kotlin

I want to call cPanel API's to grant access for a remote MySQL user, from Kotlin.
It is for a Register User functionality.
Basically I want from my Kotlin code to call cPanel API's to:
create that user on a remote MySQL database hosted on a VPS
set a password for that user
grant access to the database from everywhere
How can I please do that? I read cPanel documentation but is not very clear, for example I have:
https://api.docs.cpanel.net/openapi/cpanel/operation/Mysql-create_user/
https://hostname.example.com:2083/cpsess##########/execute/Mysql/create_user?name=dbuser&password=12345luggage
But calling this API result in a NULL response because I don't know where to specify credentials to login to the cPanel himself.
A working code sample is greatly appreciated.
Many thankx!

How to change approver for the request in OIM?

I need to update the approver user for some request in OIM? What is the best practices/solutions or APIs?
Go to
http://hostname:port_number/integration/worklistapp
hostname is the name of the host computer on which Oracle SOA Suite is installed
The port_number used at installation
Enter the user name and password.
You can use the preseeded user to log in as an administrator. If you have loaded the demo user community in the identity store, then you can use other users such as jstein or jcooper.
The user name and password must exist in the user community provided to JAZN. See Oracle Fusion Middleware Administrator's Guide for Oracle SOA Suite and Oracle Business Process Management Suite for the organizational hierarchy of the demo user community used in examples throughout this chapter.
Click Login.
Go to administrative task, search for the request, select the request and from left drop down select reassign. Provide the userID to whom request needs to be routed to. and click on OK.

Can you give a GCE instance permission to delete itself but not to delete other instances?

Is it possible to give a Google Compute Engine instance permission to delete itself without also giving it permission to delete other instances?
That is, I'd like instance name ABC to be able to run:
gcloud compute instances delete ABC
using it's own name, ABC, but no other name.
From the delete instance API docs, to delete any instance in the project you have to have:
compute.instances.delete permission
One of the following OAuth scopes:
https://www.googleapis.com/auth/compute or https://www.googleapis.com/auth/cloud-platform OAuth scope.
Which seems to me that you either have permission to delete any instance in the project or none at all.
No, the service account that assigned to the instance it's running the gcloud command not the instance.
Permissions are granted by setting policies that grant roles to a user, group, or service account as a member of your project.
Example: The role "compute Instance Admin" can create, modify, and delete virtual machine instances, that's means all the instances in your project. You cannot specify for a specific instance.
The gcloud command below can be applied for the ABC instance or any other instances in your project.
gcloud compute instances delete ABC --zone <zone>
The permission compute.instances.delete is in these roles:
Compute Admin
Compute Instance Admin
Project Editor
Project Owner
You can as well create a custom Role that have mixed permissions and assign it to a service account that will, but you need to be sure that you set every permission required for the action.
Scopes is to Select the type and level of API access that you grant grant to the VM.
By Default: read-only access to Storage and Service Management, write access to Stackdriver Logging and Monitoring, read/write access to Service Control
But you can select which Cloud APIs that the VM I mean the service account can access.

How to enable access to datastore for root user

I'm trying to use the nodejs lib for Datastore from a Compute Engine machine. The code runs well when I run it with my user on the Compute Engine machine. But when I run it with sudo I get an error of Request had insufficient authentication scopes. Looking at the setting of the machine, I found that the service account of the machine does not have access to Datastore - but no option to enable access!
How do I grant the root user access to Datastore?
Set IAM permissions for service accounts in "Developer Console -> IAM & Admin -> IAM".

Using mysql database table authenticated multiple site user / SSO

I have implement SOS concept between two php application. it application it available different domain.
I have required following condition.
1.When user is login any appplication to login this user with check user name and password into mysql database table
2.When user is login another application not reenter password direct login with this system.
3.When user logout at time both application can be logout.
-->my first application can be created Yii framework and another is moodle
please give idea to implement this concept in my both application
You can use external database authentication for Moodle -
https://docs.moodle.org/27/en/External_database_authentication
Log into Moodle as an admin then go to site admin -> plugins -> authentication -> manage authentication.
Enable the "external database plugin" and then update the settings to use the external database and map the fields for username, password, email etc.