Required AWS Policies to run BOTO Python library for ec2.py
Title says it thought a bit garbled. I am looking for the required policies /permissions (IAM) that I will need to grant to a user in
order to create a usable profile to run boto.
The root of this is that we use the ec2.py inventory script for
ansible, that will need to list ips in order to login with ansible.
I currently have a god level user (all access) that works fine, but I
will need to restrict these further down so we can create runable jobs
without wide open permissions. I image that we will need something with
describe-* but thats about as far as i've been able to figure out.
It all depends on what AWS services you will be using and what operations you will be performing. You need read only access (the operations that don't make any change) or power access?
You mentioned you will need to list ips. For you to use ansible's ec2.py script, you need read only access.
As a starting point, you can use EC2ReadOnlyAccess stock policy that comes with IAM which will solve your issue. If you want it more granular, copy paste the EC2ReadOnly policy and remove the ones that are not needed and save the policy.
Asked in February 2016Viewed 1,852 timesVoted 6Answered 1 times