-
-
Save IngussNeilands/6e9de27fac8e710a29d7ead9850df47f to your computer and use it in GitHub Desktop.
Minimum IAM policy required by AWS for Packer to do its thing.
https://github.com/mitchellh/packer Permissions are broken out by API functionality and a resource array has been defined with a wild card for each group. For tighter security resource level permissions can be applied per this documentation: http://aws.typepad.com/aws/2013/07/resourc…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "Statement": [ | |
| { | |
| "Sid": "PackerSecurityGroupAccess", | |
| "Action": [ | |
| "ec2:CreateSecurityGroup", | |
| "ec2:DeleteSecurityGroup", | |
| "ec2:DescribeSecurityGroups", | |
| "ec2:AuthorizeSecurityGroupIngress", | |
| "ec2:RevokeSecurityGroupIngress" | |
| ], | |
| "Effect": "Allow", | |
| "Resource": [ | |
| "*" | |
| ] | |
| }, | |
| { | |
| "Sid": "PackerAMIAccess", | |
| "Action": [ | |
| "ec2:CreateImage", | |
| "ec2:RegisterImage", | |
| "ec2:DeregisterImage", | |
| "ec2:DescribeImages" | |
| ], | |
| "Effect": "Allow", | |
| "Resource": [ | |
| "*" | |
| ] | |
| }, | |
| { | |
| "Sid": "PackerSnapshotAccess", | |
| "Action": [ | |
| "ec2:CreateSnapshot", | |
| "ec2:DeleteSnaphot", | |
| "ec2:DescribeSnapshots" | |
| ], | |
| "Effect": "Allow", | |
| "Resource": [ | |
| "*" | |
| ] | |
| }, | |
| { | |
| "Sid": "PackerInstanceAccess", | |
| "Action": [ | |
| "ec2:RunInstances", | |
| "ec2:StartInstances", | |
| "ec2:StopInstances", | |
| "ec2:RebootInstances", | |
| "ec2:TerminateInstances", | |
| "ec2:DescribeInstances", | |
| "ec2:CreateTags" | |
| ], | |
| "Effect": "Allow", | |
| "Resource": [ | |
| "*" | |
| ] | |
| }, | |
| { | |
| "Sid": "PackerKeyPairAccess", | |
| "Action": [ | |
| "ec2:CreateKeyPair", | |
| "ec2:DeleteKeyPair", | |
| "ec2:DescribeKeyPairs" | |
| ], | |
| "Effect": "Allow", | |
| "Resource": [ | |
| "*" | |
| ] | |
| }, | |
| { | |
| "Sid": "PackerS3Access", | |
| "Action": [ | |
| "s3:Get*", | |
| "s3:List*", | |
| "s3:PutObject*", | |
| "s3:DeleteObject*" | |
| ], | |
| "Effect": "Allow", | |
| "Resource": [ | |
| "*" | |
| ] | |
| }, | |
| { | |
| "Sid": "PackerS3BucketAccess", | |
| "Action": [ | |
| "s3:ListAllMyBuckets", | |
| "s3:CreateBucket" | |
| ], | |
| "Effect": "Allow", | |
| "Resource": [ | |
| "*" | |
| ] | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment