AWS Permissions

Gmanfunky edited this page May 29, 2013 · 6 revisions

Table of Contents

AWS Permissions

These are currently the IAM permissions required for your AWS account:

EC2

  • ec2:DescribeAddresses
  • ec2:DescribeImages
  • ec2:DescribeInstances
  • ec2:DescribeReservedInstances
  • ec2:DescribeSecurityGroups
  • ec2:DescribeSnapshots
  • ec2:DescribeTags
  • ec2:DescribeVolumes

AutoScaling

  • autoscaling:DescribeAutoScalingGroups
  • autoscaling:DescribeLaunchConfigurations
  • autoscaling:DescribePolicies

CloudWatch

  • cloudwatch:DescribeAlarms

ElasticLoadBalancing (ELB)

  • elasticloadbalancing:DescribeLoadBalancers
  • elasticloadbalancing:DescribeInstanceHealth

S3

  • s3:ListBucket
  • s3:ListAllMyBuckets

SQS

  • sqs:ListQueues
  • sqs:GetQueueAttributes

Route53

  • route53:ListResourceRecordSets
  • route53:ListHostedZones

IAM

  • iam:ListVirtualMFADevices
  • iam:ListGroups
  • iam:ListUsers
  • iam:ListRoles
  • iam:ListGroupPolicies
  • iam:ListGroupsForUser
  • iam:ListAccessKeys
  • iam:ListUserPolicies

RDS

  • rds:DescribeDBInstances

Example Policy

{
      "Statement": [{
          "Action": [
              "autoscaling:DescribeAutoScalingGroups",
              "autoscaling:DescribeLaunchConfigurations",
              "autoscaling:DescribePolicies",
              "cloudwatch:DescribeAlarms",
              "ec2:DescribeAddresses",
              "ec2:DescribeImages",
              "ec2:DescribeInstances",
              "ec2:DescribeReservedInstances",
              "ec2:DescribeSecurityGroups",
              "ec2:DescribeSnapshots",
              "ec2:DescribeTags",
              "ec2:DescribeVolumes",
              "elasticloadbalancing:DescribeInstanceHealth",
              "elasticloadbalancing:DescribeLoadBalancers",
              "iam:ListAccessKeys",
              "iam:ListGroupPolicies",
              "iam:ListGroups",
              "iam:ListGroupsForUser",
              "iam:ListRoles",
              "iam:ListUserPolicies",
              "iam:ListUsers",
              "iam:ListVirtualMFADevices",
              "s3:ListBucket",
              "s3:ListAllMyBuckets",
              "route53:ListHostedZones",
              "route53:ListResourceRecordSets",
              "sqs:GetQueueAttributes",
              "sqs:ListQueues",
              "rds:DescribeDBInstances"
          ],
          "Effect": "Allow",
          "Resource": "*"
      }]
  }