Sign-inTry Buddy for free

AWS policies required by Buddy

This is the list of policies that need to be checked in order to make Buddy work properly with the AWS services.

CloudFront

cloudfront:ListDistributions
cloudfront:CreateInvalidation
cloudfront:GetInvalidation

CodeDeploy

codedeploy:ListApplications
codedeploy:ListDeploymentGroups
codedeploy:ListDeploymentConfigs
codedeploy:CreateDeployment
codedeploy:GetDeployment
codedeploy:GetDeploymentConfig
codedeploy:GetApplicationRevision
codedeploy:RegisterApplicationRevision
s3:ListBucket
s3:CreateBucket
s3:GetObject
s3:PutObject
s3:ListMultipartUploadParts
s3:AbortMultipartUpload
s3:ListBucketMultipartUploads

Encrypted S3 buckets

kms:Decrypt
kms:Encrypt
kms:GenerateDataKey

ECR

ecr:CreateRepository
ecr:DescribeRepositories
ecr:GetAuthorizationToken
ecr:BatchCheckLayerAvailability
ecr:CompleteLayerUpload
ecr:InitiateLayerUpload
ecr:PutImage
ecr:UploadLayerPart
ecr:GetDownloadUrlForLayer
ecr:BatchGetImage

ECS

ecs:ListClusters
ecs:ListServices
ecs:RegisterTaskDefinition
ecs:DescribeServices
ecs:UpdateService

If your tasks have roles, also the following policy is needed: iam:PassRole See here for more information.

EKS

eks:ListClusters
eks:DescribeCluster

Elastic Beanstalk

If you use auto-scaling or load balancing you may need additional permissions. If you’re not sure which permissions to set, check AWSElasticBeanstalkFullAcces. 
elasticbeanstalk:DescribeApplications
elasticbeanstalk:DescribeEnvironments
elasticbeanstalk:CreateApplicationVersion
elasticbeanstalk:DescribeApplicationVersions
elasticbeanstalk:UpdateApplication
elasticbeanstalk:UpdateEnvironment
elasticbeanstalk:UpdateApplicationVersion
s3:CreateBucket
s3:PutObject
s3:GetObject
s3:GetObjectAcl
s3:ListBucket
s3:ListBuckets
cloudformation:GetTemplate
cloudformation:ListStackResources

Elastic Beanstalk Monitoring

elasticbeanstalk:DescribeApplications
elasticbeanstalk:DescribeEnvironments
elasticbeanstalk:DescribeEnvironmentHealth

Lambda

lambda:ListFunctions
lambda:InvokeFunction
lambda:UpdateFunctionCode

S3

s3:ListAllMyBuckets
s3:GetObject
s3:PutObject
s3:PutObjectAcl (required for Public flag)
s3:DeleteObject
s3:ListBucket
s3:PutObjectTagging
s3:DeleteObjectTagging
s3:GetObjectTagging

Encrypted S3 buckets

kms:Decrypt
kms:Encrypt
kms:GenerateDataKey

Last modified on February 22, 2023

Get Started

Sign up for free and deploy your project in less than 10 minutes.

GitHubEmail