Application Auto Scaling
API Reference (API Version 2016-02-06)

Service-Linked Roles for Application Auto Scaling

Application Auto Scaling uses service-linked roles for the permissions that it requires to call other AWS services on your behalf. For more information, see Using Service-Linked Roles in the IAM User Guide.

Permissions Granted by the Service-Linked Roles

Application Auto Scaling uses the following service-linked roles to make the specified calls on your behalf.


  • rds:AddTagsToResource

  • rds:CreateDBInstance

  • rds:DeleteDBInstance

  • rds:DescribeDBClusters

  • rds:DescribeDBInstance

  • cloudwatch:DeleteAlarms

  • cloudwatch:DescribeAlarms

  • cloudwatch:PutMetricAlarm

Create Service-Linked Roles

You don't need to manually create the service-linked roles for Application Auto Scaling. Application Auto Scaling creates the appropriate service-linked role for you when you call RegisterScalableTarget or PutScalingPolicy.

Edit the Service-Linked Roles

You can edit the description of the service-linked roles created for Application Auto Scaling using IAM. For more information, see Editing a Service-Linked Role in the IAM User Guide.

Delete the Service-Linked Roles

If you no longer need to use Application Auto Scaling with one type of AWS resource, we recommend that you delete the corresponding service-linked role.

You can delete a service-linked role only after first deleting its related resources. This protects your resources because you can't inadvertently remove permission to access them.

You can use the IAM console, the IAM CLI, or the IAM API to delete service-linked roles. For more information, see Deleting a Service-Linked Role in the IAM User Guide.

After you delete a service-linked role, Application Auto Scaling will create the role again if you need it.