AWS policies required by Buddy

This is the list of policies that need to be checked in order to make Buddy work properly with the AWS services.

CloudFront

cloudfront:ListDistributions
cloudfront:CreateInvalidation

CodeDeploy

codedeploy:ListApplications
codedeploy:ListDeploymentGroups
codedeploy:ListDeploymentConfigs
codedeploy:CreateDeployment
codedeploy:GetDeployment
codedeploy:GetDeploymentConfig
codedeploy:GetApplicationRevision
codedeploy:RegisterApplicationRevision
s3:ListBucket
s3:ListObjects
s3:CreateBucket
s3:PutObject

ECR

ecr:CreateRepository
ecr:DescribeRepositories
ecr:GetAuthorizationToken
ecr:BatchCheckLayerAvailability
ecr:CompleteLayerUpload
ecr:InitiateLayerUpload
ecr:PutImage
ecr:UploadLayerPart

ECS

ecs:ListClusters
ecs:ListServices
ecs:RegisterTaskDefinition
ecs:DescribeServices
ecs:UpdateService

If your tasks have roles, also the following policy is needed: iam:PassRole See here for more information.

EKS

eks:ListClusters
eks:DescribeCluster

Elastic Beanstalk

If you use auto-scaling or load balancing you may need additional permissions. If you’re not sure which permissions to set, check AWSElasticBeanstalkFullAcces.

elasticbeanstalk:DescribeApplications
elasticbeanstalk:DescribeEnvironments
elasticbeanstalk:CreateApplicationVersion
elasticbeanstalk:DescribeApplicationVersions
elasticbeanstalk:UpdateApplication
elasticbeanstalk:UpdateEnvironment
elasticbeanstalk:UpdateApplicationVersion
s3:CreateBucket
s3:PutObject
s3:GetObject
s3:GetObjectAcl
s3:ListBucket
s3:ListBuckets
cloudformation:GetTemplate
cloudformation:ListStackResources

Elastic Beanstalk Monitoring

elasticbeanstalk:DescribeApplications
elasticbeanstalk:DescribeEnvironments
elasticbeanstalk:DescribeEnvironmentHealth

Lambda

lambda:ListFunctions
lambda:InvokeFunction
lambda:UpdateFunctionCode

S3

s3:ListAllMyBuckets
s3:GetObject
s3:PutObject
s3:PutObjectAcl (required for Public flag)
s3:DeleteObject
s3:ListBucket
s3:PutObjectTagging
s3:DeleteObjectTagging
s3:GetObjectTagging