IAM Role Permissions | Teradata Vantage on AWS (DIY) - 2.2 - IAM Role Permissions - Teradata Vantage on AWS

Teradata Vantageā„¢ on AWS (DIY) Installation and Administration Guide

Product
Teradata Vantage on AWS
Release Number
2.2
Release Date
May 2021
Content Type
Administration
Configuration
Installation
Publication ID
B035-2800-041K
Language
English (United States)
The following IAM permissions are required by Vantage instances to interact with AWS services.
Permission High Level Purpose
"ec2:DescribeNetworkInterfaces", Deployment, Networking
"ec2:DescribeSubnets", Deployment, Networking
"ec2:CreateNetworkInterface", Deployment, Networking
"ec2:AttachNetworkInterface", Deployment, Networking
"ec2:DetachNetworkInterface", Deployment, Networking
"ec2:ModifyNetworkInterfaceAttribute", Deployment, Networking
"ec2:AssignPrivateIpAddresses", Deployment, Networking
"ec2:UnassignPrivateIpAddresses", Deployment, Networking
"ec2:AllocateAddress", Deployment, Networking
"ec2:AssociateAddress", Deployment, Networking
"ec2:DisassociateAddress", Deployment, Networking
"ec2:CreateTags", Teradata created Tags, monitoring
"ec2:DescribeTags", Teradata created Tags monitoring
"ec2:CreateVolume", EBS storage related
"ec2:ModifyVolume", EBS storage related
"ec2:DescribeVolumes", EBS storage related
"ec2:DescribeVolumeAttribute", EBS storage related
"ec2:DescribeVolumeStatus", EBS storage related
"ec2:DescribeInstances", EC2 compute related, monitoring
"ec2:DescribeInstanceStatus", EC2 compute related, monitoring
"ec2:ModifyInstanceAttribute", EC2 compute related, monitoring
"ec2:CreateImage", System restore image related
"ec2:CopyImage", System restore image related
"ec2:DeregisterImage", System restore image related
"ec2:DescribeImages", System restore image related
"ec2:DeleteSnapshot", System restore image related
"ec2:DescribeSnapshots", System restore image related
"ec2:RunInstances", Deployment, Monitoring
"ec2:TerminateInstances", Deployment, Monitoring
"ec2:StopInstances", Deployment, Monitoring
"ec2:StartInstances", Deployment, Monitoring
"ec2:ReleaseAddress", Deployment, Monitoring, Networking
"ec2:DeleteNetworkInterface", Deployment, Monitoring, Networking
"ec2:CreatePlacementGroup", Deployment
"ec2:DescribePlacementGroups", Deployment
"ec2:DeletePlacementGroup", Deployment
"ec2:CreateSnapshot", System restore image related
"ec2:RegisterImage", System restore image related
"iam:PassRole", Deployment
"iam:GetRole", Deployment
"iam:GetRolePolicy", Deployment
"states:StartExecution", Deployment
"states:StopExecution", Deployment
"lambda:CreateFunction", Deployment,
"lambda:DeleteFunction", Deployment,
"states:CreateStateMachine", Deployment
"states:DeleteStateMachine", Deployment,
"states:ListStateMachines", Deployment,
"lambda:InvokeFunction", Deployment,
"autoscaling:DescribeAutoScalingGroups", Deployment, Node failure Recovery
"autoscaling:DetachInstances", Deployment, Node failure Recovery
"autoscaling:DescribeLaunchConfigurations", Deployment, Node failure Recovery
"autoscaling:AttachInstances", Deployment, Node failure Recovery
"autoscaling:SuspendProcesses", Deployment, Node failure Recovery
"autoscaling:UpdateAutoScalingGroup", Deployment, Node failure Recovery
"autoscaling:CreateAutoScalingGroup", Deployment, Node failure Recovery
"autoscaling:CreateLaunchConfiguration", Deployment, Node failure Recovery
"autoscaling:DeleteLaunchConfiguration", Deployment, Node failure Recovery
"autoscaling:DeleteAutoScalingGroup", Deployment, Node failure Recovery
"autoscaling:DescribeTags", Deployment, Node failure Recovery
"kms:CreateKey", EBS Encryption
"kms:Decrypt", EBS Encryption
"kms:Encrypt", EBS Encryption
"kms:DisableKey", EBS Encryption
"kms:CreateAlias", EBS Encryption
"kms:ListAliases", EBS Encryption
"kms:ScheduleKeyDeletion" EBS Encryption