Granting IAM users required permissions for Amazon EC2 Auto Scaling resources - Amazon EC2 Auto Scaling

Granting IAM users required permissions for Amazon EC2 Auto Scaling resources

By default, AWS Identity and Access Management (IAM) users don't have permission to create or modify Amazon EC2 Auto Scaling resources, or perform tasks using the Amazon EC2 Auto Scaling API. To allow IAM users to create or modify resources and perform tasks, an IAM administrator with the account must create IAM policies that grant IAM users permissions for the specific resources and API actions they will need to use, and then attach those policies to the IAM users or groups that require those permissions.

In general, to perform an Amazon EC2 Auto Scaling action, an IAM user must have only the matching action included in a policy, but doesn't need to be explicitly granted permission to manage Amazon EC2 instances. In some cases, however, an action might require that you include additional related actions in your policy. For example, if an IAM user calls UpdateAutoScalingGroup to update an Auto Scaling group to use a launch template (by specifying the LaunchTemplate parameter), the IAM user must also have permissions for the specific launch template resources and API actions they need.

When you create or edit a policy using the visual editor in the IAM console, you receive warnings and prompts to help you choose all of the required actions for your policy.

For certain API actions, you can control when users are allowed to use those actions based on conditions that have to be fulfilled, or specific resources that users are allowed to use. For example, you can grant users permission to pass an IAM role to EC2 instances, but only if the name of the role matches the one specified in a policy statement attached to the user.

For more information about the Amazon EC2 Auto Scaling actions, ARNs, and condition keys that you can use in an IAM policy statement, see Actions, Resources, and Condition Keys for Amazon EC2 Auto Scaling in the Service Authorization Reference.

For more information and for example policies, see Identity and Access Management for Amazon EC2 Auto Scaling in the Amazon EC2 Auto Scaling User Guide.