This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Manage Resources

1: Manage Auto Scaling Resources

2: Manage CloudWatch Resources

3: Manage Compute Resources

4: Manage ELB Resources

5: Manage IAM Resources

6: Manage Walrus Resources

Manage Resources

This section includes tasks to help you manage your users’ cloud resources.

1 - Manage Auto Scaling Resources

You can list, delete, update, and suspend your Eucalyptus cloud’s Autoscaling resources by passing the option with the keyword with the appropriate command.The followings are some examples you can use to act on your Auto Scaling resources.

To show all launch configurations in your cloud, run the following command:

euscale-describe-launch-configs --show-long verbose

To show all Auto Scaling instances in your cloud, run the following command:

euscale-describe-auto-scaling-groups --show-long verbose

To show all Auto Scaling instances in your cloud, run the following command:

euscale-describe-auto-scaling-groups --show-long verbose

To delete an Auto Scaling resource in your cloud, first get the ARN of the resource, as in this example:

$ euscale-describe-launch-configs --show-long verbose
LAUNCH-CONFIG  TestLaunchConfig  emi-06663A57  m1.medium  2013-10-30T22:52:39.392Z  true
arn:aws:autoscaling::961915002812:launchConfiguration:5ac29caf-9aad-4bdb-b228-5f
ce841dc062:launchConfigurationName/TestLaunchConfig

Then run the following command with the ARN:

euscale-delete-launch-config
arn:aws:autoscaling::961915002812:launchConfiguration:5ac29caf-9aad-4bdb-b228-5f
ce841dc062:launchConfigurationName/TestLaunchConfig

2 - Manage CloudWatch Resources

To manage CloudWatch resources on a Eucalyptus cloud, use the option in any command that lists, deletes, modifies, or sets a CloudWatch resource.The following are examples of what you can do with your CloudWatch resources.

To list all alarms for the cloud, run the following command:

euwatch-describe-alarms verbose

3 - Manage Compute Resources

To manage compute resources on a Eucalyptus cloud, use the option in any command.The following are some examples you can use to view various compute resources.

To see all instances running on your cloud, enter the following command:

euca-describe-instances verbose

To see all volumes in your cloud, enter the following command:

euca-describe-volumes verbose

To see all keypairs in your cloud, enter the following command:

euca-describe-keypairs verbose

4 - Manage ELB Resources

To list and delete ELB resources on a Eucalyptus cloud, use the option with any command.The following are some examples.

To list all detailed configuration information for the load balancers in your cloud, run the following command:

eulb-describe-lbs verbose

To list the details of policies for all load balancers in your cloud, run the following command:

eulb-describe-lb-policies verbose

To list meta information for all load balancer policies in your cloud, run the following command:

eulb-describe-lb-policy-types verbose

To delete any load balancer or any load balancer resource on the cloud, instead of using the ELB name, use the DNS name. For example:

$ eulb-describe-lbs verbose
LOAD_BALANCER	MyLoadBalancer	MyLoadBalancer-961915002812.lb.foobar.eucalyptus-systems.com	2013-10-30T03:02:53.39Z

$ eulb-delete-lb MyLoadBalancer-961915002812.lb.foobar.eucalyptus-systems.com 
$ eulb-describe-lbs verbose

5 - Manage IAM Resources

To manage Euare (IAM) resources on your Eucalyptus cloud, use the option with any command that describes, adds, deletes, or modifies resources. This option allows you to assume the role of the admin user for a given account. You can also use a policy to control and limit instances to specific availability zones. The following are some examples.

To list all groups in an account, enter the following command:

euare-grouplistbypath --as-account <account-name>

Note

The as-account option is for the Euare service only. To run commands for an account with any service use the clcadmin-impersonate-user command.

To list all users in an account, enter the following command:

euare-userslistbypath --as-account <account-name>

To delete the login profile of a user in an account, enter the following command:

euare-userdelloginprofile --as-account <account-name> -u <user_name>

To modify the login profile of a user in an account, enter the following command:

euare-usermod --as-account <account-name> -u <user_name> -n
<new_user_name>

To restrict an image to a specific availability zone, edit and attach this sample policy to a user:

{
    "Statement":[
      {
        "Effect":"Allow",
        "Action":"ec2:*",
         "Resource":"*"
      },
      {
        "Effect": "Deny",
        "Action": [ "ec2:*" ],
        "Resource": "arn:aws:ec2:::availabilityzone/PARTI00",
        "Condition": {
          "ArnLike": {
            "ec2:TargetImage": "arn:aws:ec2:*:*:image/emi-239D37F2"
          }
        }
      }
    ]
  }

To restrict a user to actions only within a specific availability zone, edit and attach this sample policy to a user:

{
    "Version": "2012-10-17",
    "Statement": [{
      "Effect": "Allow",
      "Action": [ "ec2:TerminateInstances" ],
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "ec2:AvailabilityZone": "PARTI00"
        }
      }
    }]
  }

To deny actions at the account level, edit and attach this example policy to an account:

{
    "Statement": [ {
      "Effect": "Deny",
      "Action": [ "ec2:RunInstances" ],
      "Resource": "arn:aws:ec2:::availabilityzone/PARTI00",
      "Condition": {
          "ArnLike": {
              "ec2:TargetImage": "arn:aws:ec2:*:*:image/emi-239D37F2"
          }
      }
    } ]
  }

6 - Manage Walrus Resources

This topic explains Walrus resources.

Access Control Lists (ACLs) allow an account to explicitly grant access to a bucket or object to another account. ACLs only work between accounts, not IAM users. You specify accounts with the CanonicalID or the email address associated with the account (for Eucalyptus this is the email of the account admin).
These are set by the admin of an account to control the access of users within that specific account. This is how an admin controls what users in that specific account are allowed to do. Policies can specify allow/deny on specific S3 operations (e.g. s3:GetObject, or s3:PutObject). IAM policies are set by sending the policy to the IAM (Euare) endpoint, not S3 (Walrus).
These are IAM-like policies set by the bucket owner are not supported in Eucalyptus. For more information about bucket ACLs, go to Access Control List (ACL) Overview and Managing ACLs Using the REST API .

For more information about IAM policies, go to Using IAM Policies .