Administrator
- Administrator
- All Products
ASK INFAPreview
Please log in to access Ask INFA.
ASK INFAPreview
{ "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "autoscaling:CreateAutoScalingGroup", "autoscaling:DeleteAutoScalingGroup", "autoscaling:TerminateInstanceInAutoScalingGroup", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeScalingActivities", "autoscaling:DescribeTags", "autoscaling:UpdateAutoScalingGroup", "autoscaling:CreateOrUpdateTags", "autoscaling:DeleteTags", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeLifecycleHooks", "autoscaling:ResumeProcesses", "autoscaling:SetDesiredCapacity", "autoscaling:SuspendProcesses" ], "Resource": "*" },
{ "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "ec2:DescribeAvailabilityZones", "ec2:DescribeImages", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", "ec2:DescribeSecurityGroups", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeLaunchTemplates", "ec2:DescribeTags", "ec2:AuthorizeSecurityGroupIngress", "ec2:DeleteLaunchTemplate", "ec2:ModifyInstanceAttribute", "ec2:DescribeVpcs" ], "Resource": "*" },
{ "Sid": "VisualEditor2", "Effect": "Allow", "Action": "ec2:RunInstances", "Resource": "*" },
{ "Sid": "VisualEditor3", "Effect": "Allow", "Action": [ "ec2:CreateKeyPair", "ec2:CreateTags", "ec2:CreateLaunchTemplate" ], "Resource": [ "arn:aws:ec2:*:<AWS account ID>:security-group/*", "arn:aws:ec2:*:<AWS account ID>:network-interface/*", "arn:aws:ec2:*:<AWS account ID>:launch-template/*", "arn:aws:ec2:*:<AWS account ID>:instance/*", "arn:aws:ec2:*:<AWS account ID>:subnet/*", "arn:aws:ec2:*:<AWS account ID>:volume/*", "arn:aws:ec2::*::image/*", "arn:aws:ec2:*:<AWS account ID>:key-pair/*" ] },
{ "Sid": "VisualEditor5", "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": [ "arn:aws:ec2:*:<AWS account ID>:network-interface/*", "arn:aws:ec2:*:<AWS account ID>:key-pair/*", "arn:aws:ec2:*:<AWS account ID>:launch-template/*", "arn:aws:ec2:*:<AWS account ID>:instance/*", "arn:aws:ec2:*:<AWS account ID>:volume/*", "arn:aws:ec2:*:<AWS account ID>:subnet/*" ], "Condition": { "StringEquals": { "ec2:CreateAction": [ "RunInstances", "CreateKeyPair", "CreateLaunchTemplate", "CreateLaunchTemplateVersion", "network-interface", "CreateTags", "CreateAutoScalingGroup" ] } } },
{ "Sid": "VisualEditor13", "Effect": "Allow", "Action": "iam:PassRole", "Resource": [ "arn:aws:iam::<AWS account ID>:role/<cluster installer role>", "arn:aws:iam::<AWS account ID>:role/<worker role>" ] },
{ "Sid": "VisualEditor21", "Effect": "Allow", "Action": [ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:ListSecrets", "secretsmanager:CreateSecret", "secretsmanager:TagResource", "secretsmanager:DeleteSecret", "secretsmanager:UpdateSecret" ], "Resource": "arn:aws:secretsmanager:*:<AWS account ID>:secret:*" },
{ "Sid": "VisualEditor10", "Effect": "Allow", "Action": [ "elasticfilesystem:CreateMountTarget", "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargets" ], "Resource": "*" },
{ "Sid": "VisualEditor11", "Effect": "Allow", "Action": [ "ec2:DescribeSubnets" ], "Resource": "*" },
{ "Sid": "EC2Management", "Effect": "Allow", "Action": [ "ec2:AssociateIamInstanceProfile", "ec2:CreateKeyPair", "ec2:CreateLaunchTemplate", "ec2:CreateLaunchTemplateVersion", "ec2:CreateTags", "ec2:DeleteLaunchTemplate", "ec2:DeleteTags", "ec2:ModifyLaunchTemplate", "ec2:RunInstances", "ec2:TerminateInstances", "iam:PassRole" ], "Resource": "*" }
