AWS Auto Scaling
User Guide

Service-Linked Roles for AWS Auto Scaling

AWS Auto Scaling uses service-linked roles for the permissions that it requires to call other AWS services on your behalf. A service-linked role is a unique type of AWS Identity and Access Management (IAM) role that is linked directly to an AWS service.

Service-linked roles provide a secure way to delegate permissions to AWS services because only the linked service can assume a service-linked role. For more information, see Using Service-Linked Roles in the IAM User Guide.

Note

For information about the service-linked roles created by Amazon EC2 Auto Scaling and Application Auto Scaling, see Service-Linked Roles in the Amazon EC2 Auto Scaling User Guide and Service-Linked Roles in the Application Auto Scaling User Guide.

Service-Linked Role Permissions for AWS Auto Scaling

AWS Auto Scaling uses the following service-linked role to manage predictive scaling of Amazon EC2 Auto Scaling groups on your behalf.

The AWSServiceRoleForAutoScalingPlans_EC2AutoScaling role is predefined with permissions to make the following calls on your behalf:

  • cloudwatch:GetMetricData

  • autoscaling:DescribeAutoScalingGroups

  • autoscaling:DescribeScheduledActions

  • autoscaling:BatchPutScheduledUpdateGroupAction

  • autoscaling:BatchDeleteScheduledAction

This role trusts the autoscaling.amazonaws.com service to assume it.

You must configure permissions to allow an IAM entity (such as a user, group, or role) to create, edit, or delete a service-linked role. For more information, see Using Service-Linked Roles in the IAM User Guide.

Create Service-Linked Roles (Automatic)

AWS Auto Scaling creates the AWSServiceRoleForAutoScalingPlans_EC2AutoScaling role for you the first time that you create a scaling plan with predictive scaling enabled.

Important

Make sure that you have enabled the IAM permissions that allow an IAM entity (such as a user, group, or role) to create the service-linked role. Otherwise, the automatic creation fails. For more information, see Service-Linked Role Permissions in the IAM User Guide or the information about required user permissions in this guide.

Edit the Service-Linked Roles

With the AWSServiceRoleForAutoScalingPlans_EC2AutoScaling role created by AWS Auto Scaling, you can edit only its description and not its permissions. For more information, see Editing a Service-Linked Role in the IAM User Guide.

Delete the Service-Linked Roles

If you no longer use AWS Auto Scaling, we recommend that you delete the service-linked role. You can delete a service-linked role only after first deleting the related AWS resources. If a service-linked role is used with multiple scaling plans, you must delete all scaling plans with predictive scaling enabled before you can delete the role. This protects your scaling plans because you cannot inadvertently remove permissions to manage them. For more information, see Step 5: Clean Up.

You can use IAM to delete the service-linked role. For more information, see Deleting a Service-Linked Role in the IAM User Guide.

After you delete the AWSServiceRoleForAutoScalingPlans_EC2AutoScaling service-linked role, AWS Auto Scaling creates the role again when you create a scaling plan with predictive scaling enabled.

Supported Regions for AWS Auto Scaling Service-Linked Roles

AWS Auto Scaling supports using service-linked roles in all of the regions where the service is available. For more information, see AWS Regions and Endpoints.