AWS Auto Scaling
User Guide

Authentication and Access Control for AWS Auto Scaling

By default, IAM users don't have permission to create or modify AWS resources. To grant IAM users permission to create or modify AWS resources, you must create policies using AWS Identity and Access Management (IAM). IAM policies grant permissions to specific resources and API actions. You attach an IAM policy to the IAM users or groups that require the permissions it grants. For more information, see Access Management in the IAM User Guide.

AWS Auto Scaling Actions

You can specify any and all AWS Auto Scaling actions in an IAM policy. Use the following prefix with the name of the action: autoscaling-plans:. For example:

"Action": "autoscaling-plans:DescribeScalingPlans"

You can also use wildcards. For example, use autoscaling-plans:* to specify all AWS Auto Scaling actions.

"Action": "autoscaling-plans:*"

Use Describe* to specify all actions whose names start with Describe.

"Action": "autoscaling-plans:Describe*"

For a list of actions, see AWS Auto Scaling Actions.

AWS Auto Scaling Resources

When writing an IAM policy to control access to AWS Auto Scaling actions, you must use "*" as the resource. There are no supported Amazon Resource Names (ARNs) for AWS Auto Scaling resources.

AWS Auto Scaling Keys

For a list of context keys supported by each AWS service and a list of AWS-wide policy keys, see Actions, Resources, and Condition Keys for AWS Services and AWS Global Condition Context Keys in the IAM User Guide.

Example Policies

To create a scaling plan, users must have permission to use the actions in the following example policy.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "autoscaling-plans:*", "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "cloudformation:ListStackResources" ], "Resource": "*" } ] }

Users must have additional permissions for each type of scalable resource they must add to a scaling plan.

Auto Scaling groups

  • autoscaling:UpdateAutoScalingGroups

  • autoscaling:DescribeAutoScalingGroups

  • autoscaling:PutScalingPolicy

  • autoscaling:DescribePolicies

  • autoscaling:DeletePolicy

Resource types other than Auto Scaling groups

  • application-autoscaling:RegisterScalableTarget

  • application-autoscaling:DescribeScalableTargets

  • application-autoscaling:DeregisterScalableTarget

  • application-autoscaling:PutScalingPolicy

  • application-autoscaling:DescribeScalingPolicies

  • application-autoscaling:DeleteScalingPolicy

  • iam:CreateServiceLinkedRole

ECS services

  • ecs:DescribeServices

  • ecs:UpdateServices

Spot Fleet requests

  • ec2:DescribeSpotFleetRequests

  • ec2:ModifySpotFleetRequest

DynamoDB tables or global indexes

  • dynamodb:DescribeTable

  • dynamodb:UpdateTable

Aurora DB clusters

  • rds:AddTagsToResource

  • rds:CreateDBInstance

  • rds:DeleteDBInstance

  • rds:DescribeDBClusters

  • rds:DescribeDBInstances