AWS policies required by Buddy
This is the list of policies that need to be checked in order to make Buddy work properly with the AWS services.
CloudFront
cloudfront:ListDistributionscloudfront:CreateInvalidation
CodeDeploy
codedeploy:ListApplicationscodedeploy:ListDeploymentGroupscodedeploy:ListDeploymentConfigscodedeploy:CreateDeploymentcodedeploy:GetDeploymentcodedeploy:GetDeploymentConfigcodedeploy:GetApplicationRevisioncodedeploy:RegisterApplicationRevisions3:ListBuckets3:ListObjectss3:CreateBuckets3:PutObject
ECR
ecr:CreateRepositoryecr:DescribeRepositoriesecr:GetAuthorizationTokenecr:BatchCheckLayerAvailabilityecr:CompleteLayerUploadecr:InitiateLayerUploadecr:PutImageecr:UploadLayerPart
ECS
ecs:ListClustersecs:ListServicesecs:RegisterTaskDefinitionecs:DescribeServicesecs:UpdateService
If your tasks have roles, also the following policy is needed:
iam:PassRole
See here for more information.
EKS
eks:ListClusterseks:DescribeCluster
Elastic Beanstalk
If you use auto-scaling or load balancing you may need additional permissions. If you’re not sure which permissions to set, check
AWSElasticBeanstalkFullAcces
.
elasticbeanstalk:DescribeApplicationselasticbeanstalk:DescribeEnvironmentselasticbeanstalk:CreateApplicationVersionelasticbeanstalk:DescribeApplicationVersionselasticbeanstalk:UpdateApplicationelasticbeanstalk:UpdateEnvironmentelasticbeanstalk:UpdateApplicationVersions3:CreateBuckets3:PutObjects3:GetObjects3:GetObjectAcls3:ListBuckets3:ListBucketscloudformation:GetTemplatecloudformation:ListStackResources
Elastic Beanstalk Monitoring
elasticbeanstalk:DescribeApplicationselasticbeanstalk:DescribeEnvironmentselasticbeanstalk:DescribeEnvironmentHealth
Lambda
lambda:ListFunctionslambda:InvokeFunctionlambda:UpdateFunctionCode
S3
s3:ListAllMyBucketss3:GetObjects3:PutObjects3:PutObjectAcl (required for Public flag)s3:DeleteObjects3:ListBuckets3:PutObjectTaggings3:DeleteObjectTaggings3:GetObjectTagging