1P IAM-Role

You can see below our IAM-Role Policy for our agent and platform to help you manage your produtcs.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ec2:RebootInstances",
                "ec2:AuthorizeSecurityGroupEgress",
                "ec2:AuthorizeSecurityGroupIngress",
                "ec2:TerminateInstances",
                "ec2:StartInstances",
                "ec2:CreateSecurityGroup",
                "ec2:CreateTags",
                "ec2:DeleteSecurityGroup",
                "ec2:RunInstances",
                "ec2:StopInstances",
                "iam:get*",
                "iam:list*",
                "ec2:Describe*",
                "rds:Describe*",
                "s3:*",
                "cloudwatch:GetMetricStatistics",
                "eks:*",
                "cloudwatch:ListMetrics",
                "elasticache:Describe*"
            ],
            "Resource": "*"
        }
    ]
}

This policy Allows:

EC2 Provisioning, control and manage instances with TAG “1P”. Our agent doesn’t use Key pair.

RDS, Elasticache, EC2, IAM, Cloudwatch and S3 in list and get requests types

EKS Full Access (Optionally)

1P IAM-Role

You can see below our IAM-Role Policy for our agent and platform to help you manage your produtcs.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ec2:RebootInstances",
                "ec2:AuthorizeSecurityGroupEgress",
                "ec2:AuthorizeSecurityGroupIngress",
                "ec2:TerminateInstances",
                "ec2:StartInstances",
                "ec2:CreateSecurityGroup",
                "ec2:CreateTags",
                "ec2:DeleteSecurityGroup",
                "ec2:RunInstances",
                "ec2:StopInstances",
                "iam:get*",
                "iam:list*",
                "ec2:Describe*",
                "rds:Describe*",
                "s3:*",
                "cloudwatch:GetMetricStatistics",
                "eks:*",
                "cloudwatch:ListMetrics",
                "elasticache:Describe*"
            ],
            "Resource": "*"
        }
    ]
}

This policy Allows:

EC2 Provisioning, control and manage instances with TAG “1P”. Our agent doesn’t use Key pair.

RDS, Elasticache, EC2, IAM, Cloudwatch and S3 in list and get requests types

EKS Full Access (Optionally)

Share:

Leave a Comment

Your email address will not be published.

Quanto dói perder talentos em tecnologia?
Programa de Formação em Engenharia de Confiabilidade (SRE)

Experimente agora, grátis!