Allow IAM users or groups to access VPC Reachability Analyzer - Amazon Virtual Private Cloud

Allow IAM users or groups to access VPC Reachability Analyzer

Any IAM user that signs in to the AWS Management Console or AWS Command Line Interface (AWS CLI) must have permissions to access specific resources. You provide those permissions by using AWS Identity and Access Management (IAM), through policies.

The following procedure shows you how to attach an IAM policy to your IAM user or group that allows full access to Reachability Analyzer.

Note

We recommend creating a new IAM policy that grants only the permissions necessary to use Reachability Analyzer.

Create an IAM policy

Create an IAM policy that provides IAM users full access to Reachability Analyzer. Then attach the policy to your IAM user or group.

To create and attach an IAM policy (console)

  1. Sign in to the IAM console at https://console.aws.amazon.com/iam/ with administrator credentials.

  2. In the navigation pane, choose Policies.

  3. In the content pane, choose Create policy.

  4. Choose the JSON tab.

  5. Paste the following JSON policy document in the text field.

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:GetTransitGatewayRouteTablePropagations", "ec2:DescribeTransitGatewayPeeringAttachments", "ec2:SearchTransitGatewayRoutes", "ec2:DescribeTransitGatewayRouteTables", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGateways", "ec2:GetManagedPrefixListEntries", "ec2:DescribeManagedPrefixLists", "ec2:DescribeAvailabilityZones", "ec2:DescribeCustomerGateways", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:DescribeVpcEndpointServiceConfigurations", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "tiros:CreateQuery", "tiros:GetQueryAnswer", "tiros:GetQueryExplanation", "ec2:CreateNetworkInsightsPath", "ec2:DescribeNetworkInsightsPaths", "ec2:DeleteNetworkInsightsPath", "ec2:StartNetworkInsightsAnalysis", "ec2:DescribeNetworkInsightsAnalyses", "ec2:DeleteNetworkInsightsAnalysis", "ec2:CreateTags", "ec2:DeleteTags" ], "Resource": "*" } ] }
  6. When you are finished, choose Review policy.

  7. On the Review page, enter a name for the policy, for example, ReachabilityAnalyzerAccessPolicy. Optionally, enter a description for Description.

  8. In Summary, review the policy to see the permissions that it grants, and then choose Create policy.

  9. Attach the new policy to your IAM user or group.

    For information on attaching a policy to a user, see Changing permissions for an IAM user in the IAM User Guide. For information on attaching a policy to a group, see Attaching a policy to an IAM Group in the IAM User Guide.