nirsky · June 4, 2020 07:53
diff --git a/ebs_roles_to_ec2.ts b/ebs_roles_to_ec2.ts
 import { Policy, PolicyStatement } from '@aws-cdk/aws-iam';

 // Give our EC2 instance the needed permissions to manage EBS
 const ec2PolicyEbs = new Policy(stack, 'ec2-policy-create-ebs', {
  policyName: 'REXRay-EBS',
  statements: [
    PolicyStatement.fromJson({
      Effect: 'Allow',
      Action: [
        'ec2:AttachVolume',
        'ec2:CreateVolume',
        'ec2:CreateSnapshot',
        'ec2:CreateTags',
        'ec2:DeleteVolume',
        'ec2:DeleteSnapshot',
        'ec2:DescribeAvailabilityZones',
        'ec2:DescribeInstances',
        'ec2:DescribeVolumes',
        'ec2:DescribeVolumeAttribute',
        'ec2:DescribeVolumeStatus',
        'ec2:DescribeSnapshots',
        'ec2:CopySnapshot',
        'ec2:DescribeSnapshotAttribute',
        'ec2:DetachVolume',
        'ec2:ModifySnapshotAttribute',
        'ec2:ModifyVolumeAttribute',
        'ec2:DescribeTags',
      ],
      Resource: '*',
    }),
  ],
 });

 // Attach policy to our AutoScalingGroup
 autoScalingGroup.role.attachInlinePolicy(ec2PolicyEbs);
	import { Policy, PolicyStatement } from '@aws-cdk/aws-iam';

	// Give our EC2 instance the needed permissions to manage EBS
	const ec2PolicyEbs = new Policy(stack, 'ec2-policy-create-ebs', {
	policyName: 'REXRay-EBS',
	statements: [
	PolicyStatement.fromJson({
	Effect: 'Allow',
	Action: [
	'ec2:AttachVolume',
	'ec2:CreateVolume',
	'ec2:CreateSnapshot',
	'ec2:CreateTags',
	'ec2:DeleteVolume',
	'ec2:DeleteSnapshot',
	'ec2:DescribeAvailabilityZones',
	'ec2:DescribeInstances',
	'ec2:DescribeVolumes',
	'ec2:DescribeVolumeAttribute',
	'ec2:DescribeVolumeStatus',
	'ec2:DescribeSnapshots',
	'ec2:CopySnapshot',
	'ec2:DescribeSnapshotAttribute',
	'ec2:DetachVolume',
	'ec2:ModifySnapshotAttribute',
	'ec2:ModifyVolumeAttribute',
	'ec2:DescribeTags',
	],
	Resource: '*',
	}),
	],
	});

	// Attach policy to our AutoScalingGroup
	autoScalingGroup.role.attachInlinePolicy(ec2PolicyEbs);