Layer7 API Management

  • Private Community

  • 1.  Root access for CA API GW Admin in AWS

    Posted Apr 03, 2018 09:21 AM

    Hi Team,

    We were setting up CA Gateway environment on AWS AMI.Our AWS admins don't want to provide access to the root user for Gateway.When we ask them the root permissions.They say what is the need for root access provide the provide justification.As of my knowledge i think we need root access for many admin tasks.Can anyone guide  me on this so I can provide the clear cut justification to them.



  • 2.  Re: Root access for CA API GW Admin in AWS

    Broadcom Employee
    Posted Apr 03, 2018 09:26 AM

    Hello Judith. To manage the gateway itself you would need the ssgconfig user instead. If security is the concern you can just add a new user, without root privileges, to access logs and other things from your server.

     

    Best regards,

     

    --


    Alan Cota.

    Sr. Principal Consultant

    CA API Management Presales

     

    CA Technologies | 5465 Legacy Drive, Suite 700, Plano, TX US 75024-3106

    Phone: +1 (214) 473-1039 | ext 11039

    Mobile: +1 (972) 439-4545

    alan.cota@ca.com<mailto:alan.cota@ca.com>

    <http://www.ca.com/>[id:image002.png@01D35939.11E53BC0]<https://twitter.com/CAinc>[id:image003.png@01D35939.11E53BC0]<http://www.slideshare.net/cainc>[id:image004.png@01D35939.11E53BC0]<https://www.facebook.com/CATechnologies>[id:image005.png@01D35939.11E53BC0]<http://www.youtube.com/user/catechnologies>[id:image006.png@01D35939.11E53BC0]<http://www.linkedin.com/company/ca-technologies>[id:image007.png@01D35939.11E53BC0]<https://plus.google.com/+CATechnologies>[id:image008.png@01D35939.11E53BC0]<http://www.ca.com/us/rss.aspx?intcmp=footernav>

    ca.com/talkapis<http://www.ca.com/talkapis>

    https://communities.ca.com/blogs/alancota



  • 3.  Re: Root access for CA API GW Admin in AWS

    Posted Apr 03, 2018 09:35 AM

    Hi Alan,

    Thanks for reply.To put it up clearly. I am configuring CA API Gateway.AWS team hase given access for ssg config user.But my question is when I request for  the root access of the Gateway,AWS team is denying that.Asking me to provide the justification for root access.But as a CA Gateway admin.To execute commands like start or stop and any other commands which comes under root.I need to have root permissions right.I need to provide justification for AWS team for providing me root access. I am looking for what all things I Can do as CA API Gateway root user.Does it cause any issues for administering the appliance.If I don't have the root privileges.



  • 4.  Re: Root access for CA API GW Admin in AWS
    Best Answer

    Posted Apr 03, 2018 10:49 AM

    Hello Judith,

     

    You can logon using the 'gateway' user (built-in) to perform some activities on the Gateway.  For example:

     

    • # /opt/SecureSpan/Gateway/runtime/bin/gateway.sh start
    • # /opt/SecureSpan/Gateway/runtime/bin/gateway.sh stop
    • # /opt/SecureSpan/Gateway/runtime/bin/gateway.sh run

     

    Can you check if you are able to complete the required tasks with the gateway user?

     

    Usually it's hard to have root access especially on AWS. Maybe, you can try to ask to put a dedicated users in the list of suoders to perform required activities.

     

    Regards, Roberto