Custom IAM Policy Doc for CloudMGR read-only mode

Follow

This IAM policy gives CloudMGR read-only access to EC2 resources and S3 billing bucket, allowing you to view your infrastructure and AWS billing data inside CloudMGR.

Under this read-only policy, CloudMGR will not have permission to apply any actions to your infrastructure and therefore you will not be able to use any of CloudMGR's infrastructure related functionality including:

  • Managing servers
  • Managing Tags
  • Using Schedules
  • Global Volume and Snapshot Management 
  • Changing Reserved Instance Configuration 

To access this functionality you will need to create a new IAM user with Power User configuration as per this support article.

 

Custom Policy Doc for a read-only CloudMGR account:


{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1441171720000", "Effect": "Allow", "Action": [ "ec2:DescribeRegions", "ec2:DescribeAccountAttributes", "ec2:DescribeInstances", "ec2:DescribeVolumes", "ec2:DescribeImages", "ec2:DescribeSnapshots", "ec2:DescribeSnapshotAttribute", "s3:ListAllMyBuckets",
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:GetObject",
"cloudwatch:GetMetricStatistics" ], "Resource": [ "*" ] } ] }

To use CloudMGR to be to apply actions to your infrastructure, please  

Please note that CloudMGR's infrastructure management functions which include performing actions and creating Schedules are not available in read-only mode.

Have more questions? Submit a request

Comments

Powered by Zendesk