Can I delete and re-create the elasticbamboo security group within AWS

Hello,

Can you please let me know if I am able to delete and recrease the 'elasticbamboo' security group within AWS.
The reason is I wish to manage ALL security groups via Cloudformation and remove security group creation permissions from the bamboo accounts.

The question can be also viewwed as, if I create 'elasticbamboo' security group within AWS before installing bamboo will it break everything?

References: https://confluence.atlassian.com/display/BAMBOO/Elastic+Bamboo+Security

Cheers,

Danny.

1 answer

1 accepted

This widget could not be displayed.

You can delete and recreate it. Note that Bamboo will ensure that it has the correct permissions in that group, so you either have to recreate the permission or leave the permissions for group update for the Bamboo account.

Sorry for hijacking the question, however I think Daniel's question is missing a few bits:

My understanding is, when you create a SG in AWS using CloudFormation you won't have control over the GroupName, it will be something like "stackname-logicalid-xxxxxxxxxxxx-elasticbamboo-xxxxxxxxxxxx".

How does Bamboo identify the right SG to attach?

  • Does it look for a GroupName of "elasticbamboo" exactly?
  • Does it store the id of the SG it creates?

Is there a way to tell Bamboo to use a different SG from the one it creates?

Is there a way to tell Bamboo to use a more than one SG?

It has to be called elasticbamboo. There's one more group used by Bamboo - ControlledByBamboo, you can't tell it to use more groups.

Thanks Przemek, however the solution still isn't clear for me.

So it uses the GroupName exactly, and does not care about the id of the group?

And there's no way to tell Bamboo to use a different group, or a collection of groups?

You say there's a group called ControlledByBamboo however I can't find documentation about it https://confluence.atlassian.com/dosearchsite.action?where=BAMBOO&spaceSearch=true&queryString=ControlledByBamboo

At this stage I'm thinking of modifying the Security Groups attached to the elastic image on boot is probably the best option, would you agree?

I'm thinking something like:
aws ec2 modify-instance-attribute --instance-id i-123 --groups sg-456 sg-789

Yes, it uses the group name. No, there's no way to use a different group.

ControlledByBamboo is not really meant to be used, so it's not documented.

If instance attr modification works, it sounds like a plan. Bamboo doesn't care about the instance security groups after the launch request is placed.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Tuesday in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

143 views 1 3
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you