Predictive scaling service-linked role - AWS Auto Scaling
Permissions granted by the service-linked role Create the service-linked role (automatic)Create the service-linked role (manual)Edit the service-linked roleDelete the service-linked roleSupported Regions

Predictive scaling service-linked role

AWS Auto Scaling uses service-linked roles for the permissions that it requires to call other AWS on your behalf when you work with a scaling plan. For more information, see Service-linked roles for scaling plans.

The following sections describe how to create and manage the service-linked role for predictive scaling. Start by configuring permissions to allow an IAM entity (such as a user, group, or role) to create, edit, or delete a service-linked role.

Permissions granted by the service-linked role

AWS Auto Scaling uses the service-linked role named AWSServiceRoleForAutoScalingPlans_EC2AutoScaling to call the following actions on your behalf when you enable predictive scaling:

  • cloudwatch:GetMetricData

  • autoscaling:DescribeAutoScalingGroups

  • autoscaling:DescribeScheduledActions

  • autoscaling:BatchPutScheduledUpdateGroupAction

  • autoscaling:BatchDeleteScheduledAction

AWSServiceRoleForAutoScalingPlans_EC2AutoScaling trusts the autoscaling-plans.amazonaws.com service to assume the role.

Create the service-linked role (automatic)

You don't need to manually create the AWSServiceRoleForAutoScalingPlans_EC2AutoScaling role. AWS creates this role for you when you create a scaling plan in your account and enable predictive scaling.

For AWS to create a service-linked role on your behalf, you must have the required permissions. For more information, see Service-linked role permissions in the IAM User Guide.

Create the service-linked role (manual)

To create the service-linked role manually, you can use the IAM console, IAM CLI, or IAM API. For more information, see Creating a service-linked role in the IAM User Guide.

To create a service-linked role (AWS CLI)

Use the following create-service-linked-role CLI command to create the service-linked role.

aws iam create-service-linked-role --aws-service-name autoscaling-plans.amazonaws.com

Edit the service-linked role

You can edit the description of AWSServiceRoleForAutoScalingPlans_EC2AutoScaling using IAM. For more information, see Editing a service-linked role in the IAM User Guide.

Delete the service-linked role

If you no longer need to use scaling plans, we recommend that you delete AWSServiceRoleForAutoScalingPlans_EC2AutoScaling.

You can delete a service-linked role only after you delete all scaling plans in your AWS account that have predictive scaling enabled. This ensures that you can't inadvertently remove permissions to access your scaling plans.

You can use the IAM console, IAM CLI, or IAM API to delete the service-linked role. For more information, see Deleting a service-linked role in the IAM User Guide.

After you delete the AWSServiceRoleForAutoScalingPlans_EC2AutoScaling service-linked role, AWS Auto Scaling creates the role again if you create a scaling plan with predictive scaling enabled.

Supported Regions

AWS Auto Scaling supports using service-linked roles in all of the AWS Regions where scaling plans available. For information about the Regional availability of scaling plans, see AWS Auto Scaling endpoints and quotas in the AWS General Reference.