AWS policies required by Buddy
This is the list of policies that need to be checked in order to make Buddy work properly with the AWS services.
CloudFront
cloudfront:ListDistributions
cloudfront:CreateInvalidation
cloudfront:GetInvalidationCodeDeploy
codedeploy:ListApplications
codedeploy:ListDeploymentGroups
codedeploy:ListDeploymentConfigs
codedeploy:CreateDeployment
codedeploy:GetDeployment
codedeploy:GetDeploymentConfig
codedeploy:GetApplicationRevision
codedeploy:RegisterApplicationRevision
s3:ListBucket
s3:ListObjects
s3:CreateBucket
s3:PutObjectECR
ecr:CreateRepository
ecr:DescribeRepositories
ecr:GetAuthorizationToken
ecr:BatchCheckLayerAvailability
ecr:CompleteLayerUpload
ecr:InitiateLayerUpload
ecr:PutImage
ecr:UploadLayerPartECS
ecs:ListClusters
ecs:ListServices
ecs:RegisterTaskDefinition
ecs:DescribeServices
ecs:UpdateServiceIf your tasks have roles, also the following policy is needed:
iam:PassRole
See here for more information.
EKS
eks:ListClusters
eks:DescribeClusterElastic Beanstalk
If you use auto-scaling or load balancing you may need additional permissions. If you’re not sure which permissions to set, check
AWSElasticBeanstalkFullAcces.
elasticbeanstalk:DescribeApplications
elasticbeanstalk:DescribeEnvironments
elasticbeanstalk:CreateApplicationVersion
elasticbeanstalk:DescribeApplicationVersions
elasticbeanstalk:UpdateApplication
elasticbeanstalk:UpdateEnvironment
elasticbeanstalk:UpdateApplicationVersion
s3:CreateBucket
s3:PutObject
s3:GetObject
s3:GetObjectAcl
s3:ListBucket
s3:ListBuckets
cloudformation:GetTemplate
cloudformation:ListStackResourcesElastic Beanstalk Monitoring
elasticbeanstalk:DescribeApplications
elasticbeanstalk:DescribeEnvironments
elasticbeanstalk:DescribeEnvironmentHealthLambda
lambda:ListFunctions
lambda:InvokeFunction
lambda:UpdateFunctionCodeS3
s3:ListAllMyBuckets
s3:GetObject
s3:PutObject
s3:PutObjectAcl (required for Public flag)
s3:DeleteObject
s3:ListBucket
s3:PutObjectTagging
s3:DeleteObjectTagging
s3:GetObjectTagging