Can I delete and re-create the elasticbamboo security group within AWS

Hello,

Can you please let me know if I am able to delete and recrease the 'elasticbamboo' security group within AWS.
The reason is I wish to manage ALL security groups via Cloudformation and remove security group creation permissions from the bamboo accounts.

The question can be also viewwed as, if I create 'elasticbamboo' security group within AWS before installing bamboo will it break everything?

References: https://confluence.atlassian.com/display/BAMBOO/Elastic+Bamboo+Security

Cheers,

Danny.

1 answer

1 accepted

1 votes

You can delete and recreate it. Note that Bamboo will ensure that it has the correct permissions in that group, so you either have to recreate the permission or leave the permissions for group update for the Bamboo account.

Sorry for hijacking the question, however I think Daniel's question is missing a few bits:

My understanding is, when you create a SG in AWS using CloudFormation you won't have control over the GroupName, it will be something like "stackname-logicalid-xxxxxxxxxxxx-elasticbamboo-xxxxxxxxxxxx".

How does Bamboo identify the right SG to attach?

  • Does it look for a GroupName of "elasticbamboo" exactly?
  • Does it store the id of the SG it creates?

Is there a way to tell Bamboo to use a different SG from the one it creates?

Is there a way to tell Bamboo to use a more than one SG?

It has to be called elasticbamboo. There's one more group used by Bamboo - ControlledByBamboo, you can't tell it to use more groups.

Thanks Przemek, however the solution still isn't clear for me.

So it uses the GroupName exactly, and does not care about the id of the group?

And there's no way to tell Bamboo to use a different group, or a collection of groups?

You say there's a group called ControlledByBamboo however I can't find documentation about it https://confluence.atlassian.com/dosearchsite.action?where=BAMBOO&spaceSearch=true&queryString=ControlledByBamboo

At this stage I'm thinking of modifying the Security Groups attached to the elastic image on boot is probably the best option, would you agree?

I'm thinking something like:
aws ec2 modify-instance-attribute --instance-id i-123 --groups sg-456 sg-789

Yes, it uses the group name. No, there's no way to use a different group.

ControlledByBamboo is not really meant to be used, so it's not documented.

If instance attr modification works, it sounds like a plan. Bamboo doesn't care about the instance security groups after the launch request is placed.

Suggest an answer

Log in or Join to answer
Community showcase
Renan Battaglin
Published May 18, 2017 in Bamboo

FAQ: How to Upgrade Bamboo Server

Bamboo 5.9 will no longer be supported after June 12, 2017. What does this mean? As part of our End of Life policy, Atlassian supports major versions for two years after the first major iteratio...

1,066 views 0 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot