Skip to content
opswitch

Permissions of IAM Role created by opswitch (v.11.0)

The following IAM Role permissions were created by opswitch when linking AWS accounts. v.11.0 removes rds:DeleteDBInstance and rds:RestoreDBInstanceFromDBSnapshot permissions.

EC2

Section titled “EC2”
  • Permissions prefixed with Describe
  • CreateSnapshot
  • DeleteSnapshot
  • CreateImage
  • DeregisterImage
  • CreateTags
  • StartInstances
  • StopInstances
  • ModifyInstanceAttribute
  • CopySnapshot
  • CopyImage

EC2 Auto Scaling

Section titled “EC2 Auto Scaling”
  • DescribeAutoScalingGroups
  • UpdateAutoScalingGroup

ECS

Section titled “ECS”
  • DescribeServices
  • ListClusters
  • ListServices
  • UpdateService

RDS

Section titled “RDS”
  • Permissions prefixed with Describe
  • CreateDBSnapshot
  • DeleteDBSnapshot
  • ListTagsForResource
  • AddTagsToResource
  • StartDBInstance
  • StopDBInstance
  • CreateDBClusterSnapshot
  • DeleteDBClusterSnapshot
  • StartDBCluster
  • StopDBCluster
  • CopyDBSnapshot
  • CopyDBClusterSnapshot

WorkSpaces

Section titled “WorkSpaces”
  • StartWorkspaces
  • DescribeWorkspaces
  • DescribeTags

Redshift

Section titled “Redshift”
  • DescribeClusters
  • CreateTags

SSM

Section titled “SSM”
  • SendCommand
    • Allow all EC2 instances to execute the AWSEC2-CreateVssSnapshot document.
  • GetCommandInvocation

KMS

Section titled “KMS”
  • CreateGrant
  • ListAliases
  • ListKeyPolicies
  • ListKeys
  • GetKeyPolicy

CloudFormation

Section titled “CloudFormation”
  • Permissions prefixed with Describe
  • Permissions prefixed with Get
  • ListStacks
  • CreateChangeSet