Importing Users into OpsWorks Stacks - AWS OpsWorks
Unix IDs and Users Created Outside OpsWorks Stacks

Importing Users into OpsWorks Stacks

Important

The AWS OpsWorks Stacks service reached end of life on May 26, 2024 and has been disabled for both new and existing customers. We strongly recommend customers migrate their workloads to other solutions as soon as possible. If you have questions about migration, reach out to the AWS Support Team on AWS re:Post or through AWS Premium Support.

Administrative users can import users into OpsWorks Stacks; they can also import OpsWorks Stacks users from one regional endpoint to another. When you import users to OpsWorks Stacks, you import them to one of the OpsWorks Stacks regional endpoints. If you want a user to be available in more than one Region, you must import the user to that Region.

While it's not explicitly possible to import federated users in the console, a federated user can implicitly create a user profile by choosing My Settings at the upper right of the OpsWorks Stacks console, and then choosing Users, also at the upper right. On the Users page, federated users—whose accounts are created by using the API or CLI, or implicitly through the console—can manage their accounts similarly to non-federated users.

To import users into OpsWorks Stacks

  1. Sign in to OpsWorks Stacks as an administrative user or as the account owner.

  2. Choose Users at the upper right to open the Users page.

    Users page showing us-east-1 users

  3. Choose Import IAM Users to <region name> to display the users that are available, but that have not yet been imported.

    Import commands on Users page

  4. Fill the Select all check box, or select one or more individual users. When you are finished, choose Import to OpsWorks.

    Note

    After you have imported a user into OpsWorks Stacks, if you use the IAM console or API to delete the user from your account, the user does not automatically lose SSH access that you have granted through OpsWorks Stacks. You must also delete the user from OpsWorks Stacks by opening the Users page, and choosing delete in the user's Actions column.

To import OpsWorks Stacks users from one Region to another

OpsWorks Stacks users are available within the regional endpoint in which they were created. You can create users in the Regions shown in Users and Regions.

You can import OpsWorks Stacks users from one Region to the Region to which your Users list is currently filtered. If you import a user to a Region that already has a user with the same name, the imported user replaces the existing user.

  1. Sign in to OpsWorks Stacks as an administrative user or as the account owner.

  2. Choose Users at the upper right to open the Users page. If you have OpsWorks Stacks users in more than one Region, use the Filter control to filter for the Region to which you want to import users.

    Users page showing us-east-1 users

  3. Choose Import OpsWorks Stacks users from another Region to <current region>.

    Users page showing us-west-2 users

  4. Select the Region from which you want to import OpsWorks Stacks users.

  5. Select one or more users to import, or select all users, and then choose Import to this region. Wait for OpsWorks Stacks to display the imported users in the Users list.

Unix IDs and Users Created Outside OpsWorks Stacks

OpsWorks assigns users on OpsWorks Stacks instances Unix ID (UID) values between 2000 and 4000. Because OpsWorks reserves the 2000-4000 range of UIDs, users that you create outside of OpsWorks (by using cookbook recipes, or by importing users into OpsWorks from IAM, for example) can have UIDs that are overwritten by OpsWorks Stacks for another user. This can result in users that you have created outside of OpsWorks Stacks not showing up in data bag search results, or being excluded from the OpsWorks Stacks built-in sync_remote_users operation.

External processes can also create users with UIDs that OpsWorks Stacks can overwrite. Some operating system packages, for example, can create a user as part of post-installation processes. When you or a software process creates a user on a Linux-based operating system without explicitly specifying a UID—which is the default—the UID assigned by OpsWorks Stacks is <highest existing OpsWorks UID> + 1.

As a best practice, create OpsWorks Stacks users and manage their access in the OpsWorks Stacks console, AWS CLI, or by using an AWS SDK. If you do create users on OpsWorks Stacks instances outside of OpsWorks, use UnixID values greater than 4000.