Menu
AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for Auto Scaling

Auto Scaling (service prefix: autoscaling) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by Auto Scaling

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
AttachInstances Attaches one or more EC2 instances to the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/

AttachLoadBalancerTargetGroups Attaches one or more target groups to the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/

autoscaling:TargetGroupARNs

AttachLoadBalancers Attaches one or more load balancers to the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/

autoscaling:LoadBalancerNames

CompleteLifecycleAction Completes the lifecycle action for the specified token or instance with the specified result. Write

autoScalingGroup*

autoscaling:ResourceTag/

CreateAutoScalingGroup Creates an Auto Scaling group with the specified name and attributes. Tagging

autoScalingGroup*

autoscaling:ResourceTag/

autoscaling:LaunchConfigurationName

autoscaling:LoadBalancerNames

autoscaling:MaxSize

autoscaling:MinSize

autoscaling:TargetGroupARNs

autoscaling:VPCZoneIdentifiers

aws:RequestTag/

CreateLaunchConfiguration Creates a launch configuration. Write

launchConfiguration*

autoscaling:ImageId

autoscaling:InstanceType

autoscaling:SpotPrice

CreateOrUpdateTags Creates or updates tags for the specified Auto Scaling group. Tagging

autoScalingGroup*

autoscaling:ResourceTag/

aws:RequestTag/

DeleteAutoScalingGroup Deletes the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/

DeleteLaunchConfiguration Deletes the specified launch configuration. Write

launchConfiguration*

DeleteLifecycleHook Deletes the specified lifecycle hook. Write

autoScalingGroup*

autoscaling:ResourceTag/

DeleteNotificationConfiguration Deletes the specified notification. Write

autoScalingGroup*

autoscaling:ResourceTag/

DeletePolicy Deletes the specified Auto Scaling policy. Permissions management

autoScalingGroup*

autoscaling:ResourceTag/

DeleteScheduledAction Deletes the specified scheduled action. Write

autoScalingGroup*

autoscaling:ResourceTag/

DeleteTags Deletes the specified tags. Tagging

autoScalingGroup*

autoscaling:ResourceTag/

aws:RequestTag/

DescribeAccountLimits Describes the current Auto Scaling resource limits for your AWS account. List
DescribeAdjustmentTypes Describes the policy adjustment types for use with PutScalingPolicy. List
DescribeAutoScalingGroups Describes one or more Auto Scaling groups. If a list of names is not provided, the call describes all Auto Scaling groups. List
DescribeAutoScalingInstances Describes one or more Auto Scaling instances. If a list is not provided, the call describes all instances. List
DescribeAutoScalingNotificationTypes Describes the notification types that are supported by Auto Scaling. List
DescribeLaunchConfigurations Describes one or more launch configurations. If you omit the list of names, then the call describes all launch configurations. List
DescribeLifecycleHookTypes Describes the available types of lifecycle hooks. List
DescribeLifecycleHooks Describes the lifecycle hooks for the specified Auto Scaling group. List
DescribeLoadBalancerTargetGroups Describes the target groups for the specified Auto Scaling group. List
DescribeLoadBalancers Describes the load balancers for the specified Auto Scaling group. List
DescribeMetricCollectionTypes Describes the available CloudWatch metrics for Auto Scaling. List
DescribeNotificationConfigurations Describes the notification actions associated with the specified Auto Scaling group. List
DescribePolicies Describes the policies for the specified Auto Scaling group. List
DescribeScalingActivities Describes one or more scaling activities for the specified Auto Scaling group. List
DescribeScalingProcessTypes Describes the scaling process types for use with ResumeProcesses and SuspendProcesses. List
DescribeScheduledActions Describes the actions scheduled for your Auto Scaling group that haven't run. List
DescribeTags Describes the specified tags. Read
DescribeTerminationPolicyTypes Describes the termination policies supported by Auto Scaling. List
DetachInstances Removes one or more instances from the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/

DetachLoadBalancerTargetGroups Detaches one or more target groups from the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/

autoscaling:TargetGroupARNs

DetachLoadBalancers Removes one or more load balancers from the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/

autoscaling:LoadBalancerNames

DisableMetricsCollection Disables monitoring of the specified metrics for the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/

EnableMetricsCollection Enables monitoring of the specified metrics for the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/

EnterStandby Moves the specified instances into Standby mode. Write

autoScalingGroup*

autoscaling:ResourceTag/

ExecutePolicy Executes the specified policy. Permissions management

autoScalingGroup*

autoscaling:ResourceTag/

ExitStandby Moves the specified instances out of Standby mode. Write

autoScalingGroup*

autoscaling:ResourceTag/

PutLifecycleHook Creates or updates a lifecycle hook for the specified Auto Scaling Group. Write

autoScalingGroup*

autoscaling:ResourceTag/

PutNotificationConfiguration Configures an Auto Scaling group to send notifications when specified events take place. Write

autoScalingGroup*

autoscaling:ResourceTag/

PutScalingPolicy Creates or updates a policy for an Auto Scaling group. Permissions management

autoScalingGroup*

autoscaling:ResourceTag/

PutScheduledUpdateGroupAction Creates or updates a scheduled scaling action for an Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/

autoscaling:MaxSize

autoscaling:MinSize

RecordLifecycleActionHeartbeat Records a heartbeat for the lifecycle action associated with the specified token or instance. Write

autoScalingGroup*

autoscaling:ResourceTag/

ResumeProcesses Resumes the specified suspended Auto Scaling processes, or all suspended process, for the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/

SetDesiredCapacity Sets the size of the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/

SetInstanceHealth Sets the health status of the specified instance. Write

autoScalingGroup*

autoscaling:ResourceTag/

SetInstanceProtection Updates the instance protection settings of the specified instances. Write

autoScalingGroup*

autoscaling:ResourceTag/

SuspendProcesses Suspends the specified Auto Scaling processes, or all processes, for the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/

TerminateInstanceInAutoScalingGroup Terminates the specified instance and optionally adjusts the desired group size. Write

autoScalingGroup*

autoscaling:ResourceTag/

UpdateAutoScalingGroup Updates the configuration for the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/

autoscaling:LaunchConfigurationName

autoscaling:MaxSize

autoscaling:MinSize

autoscaling:VPCZoneIdentifiers

Resources Defined by Auto Scaling

The following resource types are defined by this service and can be used in the Resource element of IAM permission policy statements. Each action in the Actions table identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the table. For details about the columns in the following table, see The Resource Types Table.

Resource Types ARN Condition Keys
autoScalingGroup arn:${Partition}:autoscaling:${Region}:${Account}:autoScalingGroup:${GroupId}:autoScalingGroupName/${GroupFriendlyName}

autoscaling:ResourceTag/

launchConfiguration arn:${Partition}:autoscaling:${Region}:${Account}:launchConfiguration:${Id}:launchConfigurationName/${LaunchConfigurationName}

Condition Keys for Auto Scaling

Auto Scaling defines the following condition keys that can be used in the Condition element of an IAM policy. You can use these keys to further refine the conditions under which the policy statement applies. For details about the columns in the following table, see The Condition Keys Table.

To view the global condition keys that are available to all services, see Available Global Condition Keys in the IAM Policy Reference.

Condition Keys Description Type
autoscaling:ImageId The AMI used to create the instance. String
autoscaling:InstanceType The type of instance, in terms of the hardware resources available. String
autoscaling:LaunchConfigurationName The name of a launch configuration. String
autoscaling:LoadBalancerNames The name of the load balancer. String
autoscaling:MaxSize The maximum scaling size. Numeric
autoscaling:MinSize The minimum scaling size. Numeric
autoscaling:ResourceTag/ The value of a tag attached to a resource. String
autoscaling:SpotPrice The spot price associated with an instance. Numeric
autoscaling:TargetGroupARNs The ARN of a target group. ARN
autoscaling:VPCZoneIdentifiers The identifier of a VPC zone. String
aws:RequestTag/ The value of a tag associated with the request. String