RBAC for Multi-Cloud (EC2, ARM, GCE)
Use Case: Multi-cloud self-service provisioning for developers across AWS, Azure Resource Manager, and GCE.
Who can use this feature? Businesses that build software and use more than one public and/or private clouds. An administrator can use Mist.io to create accounts for developers and manage their usage to control costs and enable self-service.
These instructions assume:
- You have a Mist.io account
- Clouds have been added to Mist.io
- A Team has been created
The Policy Engine is how permissions are set for a Team. The policy below shows that this Team can Create Resources on AWS EC2 N. Virginia, Azure Resource Manager, and GCE, but all other actions are denied. The policy is simple: Read a Cloud and Create Resources.
More advanced policies can be created. For example, you can grant or deny permission to all Mist.io features.
You can also give users Read only access or allow them to Edit Tags or Read Logs.
Use the multi-cloud provisioning policy at the beginning of this article to get going, the setup process should only take a few minutes. Next, you can invite members to join your team. Each Member will get their own Mist.io account, user name, and password. When they log in to their account, they will only be able to perform actions based on the Team Policy you have created.