-
Type:
Improvement
-
Status: Done
-
Priority:
High
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 1.5.0
-
Component/s: PMM Server
-
Labels:None
Message from AWS team:
A quick follow up, I've began testing your product "Percona Monitoring and Management Server 1.4.1". We've found that the webUI is open for anyone with access to the public DNS. According to our seller guide: "AMIs must not use default passwords for user interface access. It is recommended to use a randomization process such as using the instance_id from the AWS EC2 Metadata Service." In your case, the user is allowed to create a unique user id/password without first authenticating using randomized credentials; which is not allowed. Please modify your AMI to meet our requirements and re-submit your listing once complete. If you have any additional questions, please let us know. Sincerely, Bryan Coogler Technical Account Manager AWS Marketplace
In order to solve this quickly and effectively and ensure there is no confusion, please prefix an additional screen to the initial AMI web setup. The first screen should functionally match:
Please verify your EC2 Instance ID to continue initial setup:
Instance ID: _____________
[ Next ]
Upon Pressing [ Next ] if the instance ID matches the value retrieved from the EC2 metadata service, then continue on to the next step asking for initial user and password.
It is important that the screen that collects the initial user and password values cannot be access if the EC2 instance_id has not been validated.