Role Tags
We highly recommend establishing a set of role tags that will help ConsoleMe determine which users are authorized to get credentials and/or console access. These would be defined in your configuration YAML files (examples) under the cloud_credential_authorization_mapping
key.
Here's an example configuration:
Once this is set up, you'd define the list of users / groups that are authorized to access the role in your role tags. If multiple users or groups need access to a role, you must delimit them by a colon (:). Commas, unfortunately, are not valid characters in tag values.
Here's a role's tag set using the above configuration. This tag set would allow a group or user named consoleme_admins
and one named consoleme_users
to get access to this role by both the CLI and via ConsoleMe's web interface. The users usera@example.com
and userb@example.com
would have access to this role's credentials via the CLI only.
Make sure that ConsoleMe and your administrative users are the only ones able to manipulate these tags. We recommend using an SCP to restrict it.
Last updated