By using AWS re:Post, you agree to the Terms of Use
/IAMS user can't access Cloud9 IDE/

IAMS user can't access Cloud9 IDE


As a root user, I created an environment in Cloud9, then created IAMS users and gave them RW access to the environment, which I can see has worked when I click the Share button on the upper left corner of the environment, but when they log in and go to Cloud9 they can see the card for the environment but 'Open IDE' is grayed out and they can't access it. Sigh.

1 Answers

Generally it's against best practices to use root credentials to create and share environments because read/write members can use the environment owner's AWS access credentials. See here for more information. Specifically this section:

For EC2 environments, read/write members can use the environment owner's AWS access credentials, instead of their own credentials, to make calls from the environment to AWS services. To prevent this, the environment owner can disable AWS managed temporary credentials for the environment. However, this also prevents the environment owner from making calls. For more information, see AWS Managed Temporary Credentials.

As for your question, what's the IAM policy look like for your IAM user(s)? Are you using an AWS Managed Policy like AWSCloud9User or are you using a custom policy? If using a custom policy, ensure it includes the permissions similar to those listed out in the AWSCloud9User as those will be required to see and access environments, whether they are shared or not.

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions