ehime February 2016

Required AWS Policies to run BOTO Python library for ec2.py

Title says it thought a bit garbled. I am looking for the required policies /permissions (IAM) that I will need to grant to a user in order to create a usable profile to run boto.

The root of this is that we use the ec2.py inventory script for ansible, that will need to list ips in order to login with ansible.

I currently have a god level user (all access) that works fine, but I will need to restrict these further down so we can create runable jobs without wide open permissions. I image that we will need something with describe-* but thats about as far as i've been able to figure out.

Answers


helloV February 2016

It all depends on what AWS services you will be using and what operations you will be performing. You need read only access (the operations that don't make any change) or power access?

You mentioned you will need to list ips. For you to use ansible's ec2.py script, you need read only access.

As a starting point, you can use EC2ReadOnlyAccess stock policy that comes with IAM which will solve your issue. If you want it more granular, copy paste the EC2ReadOnly policy and remove the ones that are not needed and save the policy.

enter image description here

Post Status

Asked in February 2016
Viewed 1,852 times
Voted 6
Answered 1 times

Search




Leave an answer