AWS OpsWorks Stacks Permissions Levels
Important
The AWS OpsWorks Stacks service reached end of life on May 26, 2024 and has been disabled for both new and existing customers.
We strongly recommend customers migrate their workloads to other solutions as soon as possible. If you have questions about migration, reach out to the AWS Support Team on AWS re:Post
This section lists the actions that are allowed by the Show, Deploy, and Manage permissions levels on the AWS OpsWorks Stacks Permissions page. It also includes a list of actions that you can grant permissions only by applying an IAM policy to the user.
- Show
-
The Show level allows
Describe
commands, with the following exceptions:XYZ
DescribePermissions DescribeUserProfiles DescribeMyUserProfile DescribeStackProvisioningParameters
If an administrative user has enabled self-management for the user, Show users can also use
DescribeMyUserProfile
andUpdateMyUserProfile
. For more information on self management, see Editing User Settings. - Deploy
-
The following actions are allowed by the Deploy level, in addition to the actions allowed by the Show level.
CreateDeployment UpdateApp
- Manage
-
The following actions are allowed by the Manage level, in addition to the actions allowed by the Deploy and Show levels.
AssignInstance AssignVolume AssociateElasticIp AttachElasticLoadBalancer CreateApp CreateInstance CreateLayer DeleteApp DeleteInstance DeleteLayer DeleteStack DeregisterElasticIp DeregisterInstance DeregisterRdsDbInstance DeregisterVolume DescribePermissions DetachElasticLoadBalancer DisassociateElasticIp GrantAccess GetHostnameSuggestion RebootInstance RegisterElasticIp RegisterInstance RegisterRdsDbInstance RegisterVolume SetLoadBasedAutoScaling SetPermission SetTimeBasedAutoScaling StartInstance StartStack StopInstance StopStack UnassignVolume UpdateElasticIp UpdateInstance UpdateLayer UpdateRdsDbInstance UpdateStack UpdateVolume
- Permissions That Require an IAM Policy
-
You must grant permissions for the following actions by applying an appropriate IAM policy to the user. For some examples, see Example Policies.
CloneStack CreateStack CreateUserProfile DeleteUserProfile DescribeUserProfiles UpdateUserProfile