Creating the IAM policy

  1. On the AWS Management Console, go to the ‘Identity and Access Management’ screen.
  2. From the left navigation panel choose ‘Policies’
  3. Click on ‘Create Policy’.
  4. Choose ‘Json Tab’
  5. Replace the existing Json script with the script given below and click on ‘Review Policy’. Make sure you replace [bucket_name] with your billing bucket name to ensure policy efficacy.

IAM policy for nOps Last Updated: 20 March 2020

JSON

{

"Version":"2012-10-17",

"Statement":[

{

"Action":[

"autoscaling:DescribeAutoScalingGroups",

"ce:GetCostAndUsage",

"ce:GetReservationPurchaseRecommendation",

"ce:GetRightsizingRecommendation",

"ce:GetSavingsPlansPurchaseRecommendation",

"cloudformation:DescribeStackResources",

"cloudformation:DescribeStacks",

"cloudformation:GetTemplate",

"cloudtrail:GetTrailStatus",

"cloudtrail:DescribeTrails",

"cloudtrail:LookupEvents",

"cloudwatch:GetMetricStatistics",

"cloudwatch:ListMetrics",

"config:DescribeConfigurationRecorderStatus",

"config:DescribeConfigurationRecorders",

"config:DescribeDeliveryChannelStatus",

"config:DescribeDeliveryChannels",

"cur:DescribeReportDefinitions",

"cur:PutReportDefinition",

"dynamodb:DescribeContinuousBackups",

"dynamodb:DescribeTable",

"dynamodb:ListTables",

"ec2:DescribeAddresses",

"ec2:DescribeInstanceStatus",

"ec2:DescribeInstances",

"ec2:DescribeNatGateways",

"ec2:DescribeNetworkInterfaces",

"ec2:DescribeRouteTables",

"ec2:DescribeSecurityGroups",

"ec2:DescribeSnapshots",

"ec2:DescribeSubnets",

"ec2:DescribeVolumes",

"ec2:DescribeVpcs",

"ecs:DescribeClusters",

"ecs:ListClusters",

"eks:ListClusters",

"elasticache:DescribeCacheClusters",

"elasticache:DescribeCacheSubnetGroups",

"elasticfilesystem:DescribeFileSystems",

"elasticloadbalancing:DescribeLoadBalancers",

"es:DescribeElasticsearchDomains",

"iam:GetAccessKeyLastUsed",

"iam:GetAccountSummary",

"iam:GetLoginProfile",

"iam:GetRole",

"iam:ListAccessKeys",

"iam:ListAccountAliases",

"iam:ListAttachedGroupPolicies",

"iam:ListAttachedUserPolicies",

"iam:ListGroupsForUser",

"iam:ListMFADevices",

"iam:ListRoles",

"iam:ListUserPolicies",

"iam:ListUsers",

"lambda:GetFunction",

"lambda:ListFunctions",

"rds:DescribeDBInstances",

"rds:DescribePendingMaintenanceActions",

"rds:ListTagsForResource",

"s3:GetBucketAcl",

"s3:GetBucketLogging",

"s3:GetBucketPolicy",

"s3:GetBucketPolicyStatus",

"s3:GetBucketPublicAccessBlock",

"s3:GetBucketVersioning",

"s3:GetEncryptionConfiguration",

"s3:HeadBucket",

"s3:ListAllMyBuckets",

"support:DescribeTrustedAdvisorCheckRefreshStatuses",

"support:DescribeTrustedAdvisorCheckResult",

"support:DescribeTrustedAdvisorChecks",

"tag:getResources",

"tag:getTagKeys",

"tag:getTagValues"

],

"Effect":"Allow",

"Resource":"*"

}

]

}

Provide a name and description to the policy.

Click on ‘Create Policy’.

]

}

Go to Help Article : Adding Your AWS account with the Manual Setup

Did this answer your question?