AWS Identity and Access Management
User Guide

Actions, Resources, and Condition Keys for EC2 Auto Scaling

EC2 Auto Scaling (service prefix: autoscaling) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.

References:

Actions Defined by EC2 Auto Scaling

You can specify the following actions in the Action element of an IAM policy statement. By using policies, you define the permissions for anyone performing an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions. For details about the columns in the following table, see The Actions Table.

Actions Description Access Level Resource Types (*required) Condition Keys Dependent Actions
AttachInstances Attaches one or more EC2 instances to the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

AttachLoadBalancerTargetGroups Attaches one or more target groups to the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

autoscaling:TargetGroupARNs

AttachLoadBalancers Attaches one or more load balancers to the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

autoscaling:LoadBalancerNames

BatchDeleteScheduledAction Deletes the specified scheduled actions. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

BatchPutScheduledUpdateGroupAction Creates or updates multiple scheduled scaling actions for an Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

CompleteLifecycleAction Completes the lifecycle action for the specified token or instance with the specified result. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

CreateAutoScalingGroup Creates an Auto Scaling group with the specified name and attributes. Tagging

autoScalingGroup*

autoscaling:ResourceTag/tag-key

autoscaling:LaunchConfigurationName

autoscaling:LoadBalancerNames

autoscaling:MaxSize

autoscaling:MinSize

autoscaling:TargetGroupARNs

autoscaling:VPCZoneIdentifiers

aws:RequestTag/

CreateLaunchConfiguration Creates a launch configuration. Write

launchConfiguration*

autoscaling:ImageId

autoscaling:InstanceType

autoscaling:SpotPrice

CreateOrUpdateTags Creates or updates tags for the specified Auto Scaling group. Tagging

autoScalingGroup*

autoscaling:ResourceTag/tag-key

aws:RequestTag/

DeleteAutoScalingGroup Deletes the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

DeleteLaunchConfiguration Deletes the specified launch configuration. Write

launchConfiguration*

DeleteLifecycleHook Deletes the specified lifecycle hook. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

DeleteNotificationConfiguration Deletes the specified notification. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

DeletePolicy Deletes the specified Auto Scaling policy. Permissions management

autoScalingGroup*

autoscaling:ResourceTag/tag-key

DeleteScheduledAction Deletes the specified scheduled action. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

DeleteTags Deletes the specified tags. Tagging

autoScalingGroup*

autoscaling:ResourceTag/tag-key

aws:RequestTag/

DescribeAccountLimits Describes the current Auto Scaling resource limits for your AWS account. List
DescribeAdjustmentTypes Describes the policy adjustment types for use with PutScalingPolicy. List
DescribeAutoScalingGroups Describes one or more Auto Scaling groups. If a list of names is not provided, the call describes all Auto Scaling groups. List
DescribeAutoScalingInstances Describes one or more Auto Scaling instances. If a list is not provided, the call describes all instances. List
DescribeAutoScalingNotificationTypes Describes the notification types that are supported by Auto Scaling. List
DescribeLaunchConfigurations Describes one or more launch configurations. If you omit the list of names, then the call describes all launch configurations. List
DescribeLifecycleHookTypes Describes the available types of lifecycle hooks. List
DescribeLifecycleHooks Describes the lifecycle hooks for the specified Auto Scaling group. List
DescribeLoadBalancerTargetGroups Describes the target groups for the specified Auto Scaling group. List
DescribeLoadBalancers Describes the load balancers for the specified Auto Scaling group. List
DescribeMetricCollectionTypes Describes the available CloudWatch metrics for Auto Scaling. List
DescribeNotificationConfigurations Describes the notification actions associated with the specified Auto Scaling group. List
DescribePolicies Describes the policies for the specified Auto Scaling group. List
DescribeScalingActivities Describes one or more scaling activities for the specified Auto Scaling group. List
DescribeScalingProcessTypes Describes the scaling process types for use with ResumeProcesses and SuspendProcesses. List
DescribeScheduledActions Describes the actions scheduled for your Auto Scaling group that haven't run. List
DescribeTags Describes the specified tags. Read
DescribeTerminationPolicyTypes Describes the termination policies supported by Auto Scaling. List
DetachInstances Removes one or more instances from the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

DetachLoadBalancerTargetGroups Detaches one or more target groups from the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

autoscaling:TargetGroupARNs

DetachLoadBalancers Removes one or more load balancers from the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

autoscaling:LoadBalancerNames

DisableMetricsCollection Disables monitoring of the specified metrics for the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

EnableMetricsCollection Enables monitoring of the specified metrics for the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

EnterStandby Moves the specified instances into Standby mode. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

ExecutePolicy Executes the specified policy. Permissions management

autoScalingGroup*

autoscaling:ResourceTag/tag-key

ExitStandby Moves the specified instances out of Standby mode. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

PutLifecycleHook Creates or updates a lifecycle hook for the specified Auto Scaling Group. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

PutNotificationConfiguration Configures an Auto Scaling group to send notifications when specified events take place. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

PutScalingPolicy Creates or updates a policy for an Auto Scaling group. Permissions management

autoScalingGroup*

autoscaling:ResourceTag/tag-key

PutScheduledUpdateGroupAction Creates or updates a scheduled scaling action for an Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

autoscaling:MaxSize

autoscaling:MinSize

RecordLifecycleActionHeartbeat Records a heartbeat for the lifecycle action associated with the specified token or instance. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

ResumeProcesses Resumes the specified suspended Auto Scaling processes, or all suspended process, for the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

SetDesiredCapacity Sets the size of the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

SetInstanceHealth Sets the health status of the specified instance. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

SetInstanceProtection Updates the instance protection settings of the specified instances. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

SuspendProcesses Suspends the specified Auto Scaling processes, or all processes, for the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

TerminateInstanceInAutoScalingGroup Terminates the specified instance and optionally adjusts the desired group size. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

UpdateAutoScalingGroup Updates the configuration for the specified Auto Scaling group. Write

autoScalingGroup*

autoscaling:ResourceTag/tag-key

autoscaling:LaunchConfigurationName

autoscaling:MaxSize

autoscaling:MinSize

autoscaling:VPCZoneIdentifiers

Resources Defined by EC2 Auto Scaling

The following resource types are defined by this service and can be used in the Resource element of IAM permission policy statements. Each action in the Actions table identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the table. For details about the columns in the following table, see The Resource Types Table.

Resource Types ARN Condition Keys
autoScalingGroup arn:${Partition}:autoscaling:${Region}:${Account}:autoScalingGroup:${GroupId}:autoScalingGroupName/${GroupFriendlyName}

autoscaling:ResourceTag/tag-key

launchConfiguration arn:${Partition}:autoscaling:${Region}:${Account}:launchConfiguration:${Id}:launchConfigurationName/${LaunchConfigurationName}

Condition Keys for EC2 Auto Scaling

EC2 Auto Scaling defines the following condition keys that can be used in the Condition element of an IAM policy. You can use these keys to further refine the conditions under which the policy statement applies. For details about the columns in the following table, see The Condition Keys Table.

To view the global condition keys that are available to all services, see Available Global Condition Keys in the IAM Policy Reference.

Condition Keys Description Type
autoscaling:ImageId The AMI used to create the instance. String
autoscaling:InstanceType The type of instance, in terms of the hardware resources available. String
autoscaling:LaunchConfigurationName The name of a launch configuration. String
autoscaling:LoadBalancerNames The name of the load balancer. String
autoscaling:MaxSize The maximum scaling size. Numeric
autoscaling:MinSize The minimum scaling size. Numeric
autoscaling:ResourceTag/tag-key The value of a tag attached to a resource. String
autoscaling:SpotPrice The spot price associated with an instance. Numeric
autoscaling:TargetGroupARNs The ARN of a target group. ARN
autoscaling:VPCZoneIdentifiers The identifier of a VPC zone. String
aws:RequestTag/ The value of a tag associated with the request. String