Granting IAM permissions for Amazon EC2 Auto Scaling actions

If you receive an AccessDeniedException when calling an Amazon EC2 Auto Scaling API action, it means that the AWS Identity and Access Management (IAM) credentials that you are using do not have the required permissions to make that call.

By default, a brand new user in your AWS account has no permissions to do anything. An IAM administrator must create and assign IAM policies that give an IAM identity (such as a user or role) permission to perform Amazon EC2 Auto Scaling API actions. For more information, see Identity and Access Management for Amazon EC2 Auto Scaling in the Amazon EC2 Auto Scaling User Guide.

In general, to perform an Amazon EC2 Auto Scaling action, an IAM identity must have only the matching action included in a policy, but doesn't need to be explicitly granted permission to manage Amazon EC2 instances. However, there are some operations that require multiple actions in a policy. These additional actions are called dependent actions. For example, if you call CreateAutoScalingGroup to create an Auto Scaling group with a launch template, you must also have the Amazon EC2 API permissions necessary to complete this action. For more information, see Amazon EC2 Auto Scaling API permissions in the Amazon EC2 Auto Scaling User Guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

SOAP API