Creating the IAM policy

When adding your AWS account manually an IAM Policy must be created. This is the JSON for the IAM Policy.

IAM policy for nOps Last Updated: 9/10/2021

JSON

{"Version": "2012-10-17", 
"Statement": [
{
"Action": [
"autoscaling:DescribeAutoScalingGroups",
"ce:GetCostAndUsage",
"ce:GetReservationPurchaseRecommendation", "ce:GetRightsizingRecommendation", "ce:GetSavingsPlansPurchaseRecommendation", "cloudformation:DescribeStackResources",
"cloudformation:DescribeStacks",
"cloudformation:GetTemplate",
"cloudfront:ListDistributions",
"cloudtrail:DescribeTrails",
"cloudtrail:GetTrailStatus",
"cloudtrail:LookupEvents",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"config:DescribeConfigurationRecorderStatus", "config:DescribeConfigurationRecorders", "config:DescribeDeliveryChannelStatus",
"config:DescribeDeliveryChannels",
"cur:DescribeReportDefinitions",
"cur:PutReportDefinition",
"dynamodb:DescribeContinuousBackups",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"ec2:DescribeAddresses",
"ec2:DescribeClientVpnConnections",
"ec2:DescribeImages",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstances",
"ec2:DescribeFlowLogs",
"ec2:DescribeNatGateways",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeReservedInstancesOfferings",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes",
"ec2:DescribeVpcs",
"ecs:DescribeClusters",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters", "elasticache:DescribeCacheSubnetGroups", "elasticache:DescribeReplicationGroups", "elasticfilesystem:DescribeFileSystems", "elasticloadbalancing:DescribeLoadBalancers",
"es:DescribeElasticsearchDomains",
"guardduty:ListDetectors",
"iam:GetAccessKeyLastUsed",
"iam:GetAccountPasswordPolicy",
"iam:GetAccountSummary",
"iam:GetLoginProfile",
"iam:GetRole",
"iam:ListAccessKeys",
"iam:ListAccountAliases",
"iam:ListAttachedGroupPolicies",
"iam:ListAttachedUserPolicies",
"iam:ListGroupsForUser",
"iam:ListMFADevices",
"iam:ListRoles",
"iam:ListUserPolicies",
"iam:ListUsers",
"inspector:ListAssessmentRuns",
"kms:ListKeys",
"lambda:GetFunction",
"lambda:GetPolicy",
"lambda:ListFunctions",
"rds:DescribeDBInstances",
"rds:DescribeDBSnapshots",
"rds:DescribePendingMaintenanceActions",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"s3:GetBucketAcl",
"s3:GetBucketLogging",
"s3:GetBucketPolicy",
"s3:GetBucketPolicyStatus",
"s3:GetBucketPublicAccessBlock",
"s3:GetBucketVersioning",
"s3:GetEncryptionConfiguration",
"s3:ListAllMyBuckets",
"ssm:ListComplianceSummaries",
"support:DescribeCases", "support:DescribeTrustedAdvisorCheckRefreshStatuses", "support:DescribeTrustedAdvisorCheckResult", "support:DescribeTrustedAdvisorChecks",
"tag:getResources",
"tag:getTagKeys",
"tag:getTagValues",
"wellarchitected:*",
"workspaces:DescribeWorkspaceDirectories",
"workspaces:DescribeWorkspaces"
],
"Effect": "Allow",
"Resource": "*"
}
]
}

Provide a name and description of the policy.

Click on ‘Create Policy’.

Go to Help Article: Adding Your AWS account with the Manual Setup

See the latest IAM Policy here : Get IAM Policy

Did this answer your question?