The following IAM permissions are required by Vantage instances to interact with AWS services.
Permission | High Level Purpose |
---|---|
"ec2:DescribeNetworkInterfaces", | Deployment, Networking |
"ec2:DescribeSubnets", | Deployment, Networking |
"ec2:CreateNetworkInterface", | Deployment, Networking |
"ec2:AttachNetworkInterface", | Deployment, Networking |
"ec2:DetachNetworkInterface", | Deployment, Networking |
"ec2:ModifyNetworkInterfaceAttribute", | Deployment, Networking |
"ec2:AssignPrivateIpAddresses", | Deployment, Networking |
"ec2:UnassignPrivateIpAddresses", | Deployment, Networking |
"ec2:AllocateAddress", | Deployment, Networking |
"ec2:AssociateAddress", | Deployment, Networking |
"ec2:DisassociateAddress", | Deployment, Networking |
"ec2:CreateTags", | Teradata created Tags, monitoring |
"ec2:DescribeTags", | Teradata created Tags monitoring |
"ec2:CreateVolume", | EBS storage related |
"ec2:ModifyVolume", | EBS storage related |
"ec2:DescribeVolumes", | EBS storage related |
"ec2:DescribeVolumeAttribute", | EBS storage related |
"ec2:DescribeVolumeStatus", | EBS storage related |
"ec2:DescribeInstances", | EC2 compute related, monitoring |
"ec2:DescribeInstanceStatus", | EC2 compute related, monitoring |
"ec2:ModifyInstanceAttribute", | EC2 compute related, monitoring |
"ec2:CreateImage", | System restore image related |
"ec2:CopyImage", | System restore image related |
"ec2:DeregisterImage", | System restore image related |
"ec2:DescribeImages", | System restore image related |
"ec2:DeleteSnapshot", | System restore image related |
"ec2:DescribeSnapshots", | System restore image related |
"ec2:RunInstances", | Deployment, Monitoring |
"ec2:TerminateInstances", | Deployment, Monitoring |
"ec2:StopInstances", | Deployment, Monitoring |
"ec2:StartInstances", | Deployment, Monitoring |
"ec2:ReleaseAddress", | Deployment, Monitoring, Networking |
"ec2:DeleteNetworkInterface", | Deployment, Monitoring, Networking |
"ec2:CreatePlacementGroup", | Deployment |
"ec2:DescribePlacementGroups", | Deployment |
"ec2:DeletePlacementGroup", | Deployment |
"ec2:CreateSnapshot", | System restore image related |
"ec2:RegisterImage", | System restore image related |
"iam:PassRole", | Deployment |
"iam:GetRole", | Deployment |
"iam:GetRolePolicy", | Deployment |
"states:StartExecution", | Deployment |
"states:StopExecution", | Deployment |
"lambda:CreateFunction", | Deployment, |
"lambda:DeleteFunction", | Deployment, |
"states:CreateStateMachine", | Deployment |
"states:DeleteStateMachine", | Deployment, |
"states:ListStateMachines", | Deployment, |
"lambda:InvokeFunction", | Deployment, |
"autoscaling:DescribeAutoScalingGroups", | Deployment, Node failure Recovery |
"autoscaling:DetachInstances", | Deployment, Node failure Recovery |
"autoscaling:DescribeLaunchConfigurations", | Deployment, Node failure Recovery |
"autoscaling:AttachInstances", | Deployment, Node failure Recovery |
"autoscaling:SuspendProcesses", | Deployment, Node failure Recovery |
"autoscaling:UpdateAutoScalingGroup", | Deployment, Node failure Recovery |
"autoscaling:CreateAutoScalingGroup", | Deployment, Node failure Recovery |
"autoscaling:CreateLaunchConfiguration", | Deployment, Node failure Recovery |
"autoscaling:DeleteLaunchConfiguration", | Deployment, Node failure Recovery |
"autoscaling:DeleteAutoScalingGroup", | Deployment, Node failure Recovery |
"autoscaling:DescribeTags", | Deployment, Node failure Recovery |
"kms:CreateKey", | EBS Encryption |
"kms:Decrypt", | EBS Encryption |
"kms:Encrypt", | EBS Encryption |
"kms:DisableKey", | EBS Encryption |
"kms:CreateAlias", | EBS Encryption |
"kms:ListAliases", | EBS Encryption |
"kms:ScheduleKeyDeletion" | EBS Encryption |