Complete Automation IAM Policy

The default AWS IAM Read Only policy does not include permissions for the Automation services supported by CloudCheckr. The policy below will have the additional permissions needed to perform Automation.

CloudCheckr will list the permissions needed to perform each Automation task under the Show Help button. You can add those permissions individually to your CloudCheckr policy or add all them using the policy below.

If you have any questions about this, or need assistance adding these permissions to AWS please contact support@cloudcheckr.com.

You can download the full Automation policy here, or copy below.

IMPORTANT: Please note that you may need to add this policy to an IAM Group within AWS, as if the policy has too many characters to be applied directly to a user.

Updated on 2017-08-18

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "FullAutomationPolicy",
            "Action": [
                "ec2:DeleteSecurityGroup",
                "ec2:DeleteSnapshot",
                "ec2:DeleteVolume",
                "ec2:TerminateInstances",
                "ec2:StopInstances",
                "ec2:StartInstances",
                "ec2:CreateTags",
                "s3:GetAcl",
                "s3:PutAcl",
                "ec2:ModifyInstanceAttribute"





            ],
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Sid": "CloudWatchLogsSpecific",
            "Effect": "Allow",
            "Action": [
                "logs:GetLogEvents",
                "logs:DescribeLogGroups",
                "logs:DescribeLogStreams"
            ],
            "Resource": [
                "arn:aws:logs:*:*:*"
            ]
        }
    ]
}