scrapoxy
scrapoxy copied to clipboard
fabienvauchelles
Required permissions for IAM user
Hello, first, thank you for this great tool.
I have one issue. I get the following error a couple of seconds after the start of Scrapoxy:
Error: Cannot update or adjust instances: UnauthorizedOperation: You are not authorized to perform this operation
I have created a separate IAM user for Scrapoxy, which has limited access rights. I added RunInstances as required.
My real problem is that I don't know exactly how the permission of this IAM user should look like. I could not find it in the documentation. I don't want to give administrator access to this user.
Could you please help me?
Regards, Endre
I am having the same issue. The documentation says to create an access key for the AWS account, but that would grant unrestricted access to the entire AWS account! Best practice is to create an Identity and Access Management (IAM) user with limited permissions, but we don't know what permissions Scrapoxy needs. Can this be added to the documentation?
Okay, so I searched for _ec2. in the Scrapoxy source code and that gave me a list of all the API calls that are being made to AWS EC2:
self._ec2.describeInstances(...)
self._ec2.runInstances(...)
self._ec2.createTags(...)
this._ec2.startInstances(...)
this._ec2.terminateInstances(...)
It looks like the permission needed by the IAM user are:
ec2:DescribeInstances
ec2:RunInstances
ec2:CreateTags
ec2:StartInstances
ec2:TerminateInstances
So, I set up an IAM user with the following permissions policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:RunInstances",
"ec2:CreateTags",
"ec2:StartInstances",
"ec2:TerminateInstances"
],
"Resource": "*"
}
]
}
Everything seems to be working so far. :)
