Granting IAM permissions for Amazon EC2 Auto Scaling actions
If you receive an AccessDeniedException
when calling an Amazon EC2 Auto Scaling API action,
it means that the AWS Identity and Access Management (IAM) credentials that you are using do not have the required
permissions to make that call.
By default, a brand new user in your AWS account has no permissions to do anything. An IAM administrator must create and assign IAM policies that give an IAM identity (such as a user or role) permission to perform Amazon EC2 Auto Scaling API actions. For more information, see Identity and Access Management for Amazon EC2 Auto Scaling in the Amazon EC2 Auto Scaling User Guide.
In general, to perform an Amazon EC2 Auto Scaling action, an IAM identity must have only the matching
action included in a policy, but doesn't need to be explicitly granted permission to manage
Amazon EC2 instances. However, there are some operations that require multiple actions in a
policy. These additional actions are called dependent actions. For
example, if you call CreateAutoScalingGroup
to create an Auto Scaling group with a
launch template, you must also have the Amazon EC2 API permissions necessary to complete this
action. For more information, see Amazon EC2 Auto Scaling API
permissions in the Amazon EC2 Auto Scaling User Guide.