Snaptastic
Snaptastic copied to clipboard
Published
20 hours ago •
tschellenbach
tschellenbach
Add IAM policy describing required permissions
Using master-level keys for this in suboptimal. Better to create a specific IAM role for this purpose, which will require these permissions:
{
"Statement": [
{
"Sid": "Stmt1349790264045",
"Action": [
"ec2:AttachVolume",
"ec2:CreateSnapshot",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DeleteSnapshot",
"ec2:DeleteTags",
"ec2:DeleteVolume",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeSnapshots",
"ec2:DescribeVolumeAttribute",
"ec2:DescribeVolumeStatus",
"ec2:DescribeVolumes",
"ec2:DescribeRegions",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifySnapshotAttribute",
"ec2:ModifyVolumeAttribute"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Sid": "Stmt1349790290507",
"Action": [
"route53:ChangeResourceRecordSets"
],
"Effect": "Allow",
"Resource": [
"arn:aws:route53:::hostedzone/*"
]
}
]
}
I'll add this to the docs.
