Skip to content

Instantly share code, notes, and snippets.

@rssnyder

rssnyder/autostopping-alb.json

Last active December 29, 2025 14:16
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save rssnyder/d87821874d9075810d8da7c2411cc2c8 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save rssnyder/d87821874d9075810d8da7c2411cc2c8 to your computer and use it in GitHub Desktop.
Download ZIP
ccm json perms
Raw
autostopping-alb.json
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"acm:ListCertificates",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:CreateRule",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:DeleteRule",
"elasticloadbalancing:SetRulePriorities",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:ModifyRule",
"elasticloadbalancing:SetSecurityGroups",
"cloudwatch:GetMetricStatistics",
"ec2:DescribeVpcs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"lambda:GetFunction",
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:AddPermission",
"iam:PassRole",
"iam:ListRoles",
"s3:ListBucket",
"s3:GetObject",
"s3:ListAllMyBuckets",
"s3:GetBucketLocation",
"elasticloadbalancing:DescribeLoadBalancerAttributes"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
Raw
autostopping-asg.json
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:UpdateAutoScalingGroup",
"ec2:DescribeSpotPriceHistory"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
Raw
autostopping-proxy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:DescribeInstanceTypeOfferings",
"ec2:DescribeKeyPairs",
"ec2:RunInstances",
"ec2:AllocateAddress",
"ec2:DescribeVpcs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:TerminateInstances",
"ec2:DescribeImages",
"ec2:AssociateAddress",
"ec2:DisassociateAddress",
"ec2:ReleaseAddress",
"ec2:ModifyInstanceAttribute",
"secretsmanager:GetSecretValue"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
Raw
autostopping-rds-asg.json
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"rds:DescribeDBInstances",
"rds:DescribeDBClusters",
"rds:ListTagsForResource",
"rds:StartDBInstance",
"rds:StopDBInstance",
"rds:StartDBCluster",
"rds:StopDBCluster",
"ecs:ListClusters",
"tag:GetResources",
"ecs:ListServices",
"ecs:ListTasks",
"ecs:DescribeServices",
"ecs:UpdateService",
"ecs:DescribeTaskDefinition",
"ecs:DescribeTasks"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
Raw
autostopping-vm.json
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
"ec2:CreateTags",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:DescribeVolumes",
"ec2:CreateImage",
"ec2:DescribeImages",
"ec2:TerminateInstances",
"ec2:DeregisterImage",
"ec2:DeleteSnapshot",
"ec2:RequestSpotInstances",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeAddresses",
"ec2:RunInstances",
"ec2:CancelSpotInstanceRequests"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
Raw
billing.json
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::<BUCKET NAME>",
"arn:aws:s3:::<BUCKET NAME>/*"
],
"Effect": "Allow"
},
{
"Action": [
"s3:ListBucket",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::ce-customer-billing-data-prod*",
"arn:aws:s3:::ce-customer-billing-data-prod*/*"
],
"Effect": "Allow"
},
{
"Action": [
"cur:DescribeReportDefinitions",
"organizations:Describe*",
"organizations:List*"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ec2:DescribeReservedInstancesOfferings",
"ce:GetSavingsPlansUtilization",
"ce:GetReservationUtilization",
"ec2:DescribeInstanceTypeOfferings",
"ce:GetDimensionValues",
"ce:GetSavingsPlansUtilizationDetails",
"ec2:DescribeReservedInstances",
"ce:GetReservationCoverage",
"ce:GetSavingsPlansCoverage",
"savingsplans:DescribeSavingsPlans",
"organizations:DescribeOrganization",
"ce:GetCostAndUsage"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
Raw
commitments.json
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:ModifyReservedInstances",
"ec2:GetReservedInstancesExchangeQuote",
"ec2:AcceptReservedInstancesExchangeQuote",
"ec2:DescribeReservedInstancesOfferings",
"ec2:DescribeReservedInstances",
"ec2:DescribeReservedInstancesModifications",
"ec2:DescribeInstanceTypeOfferings",
"ec2:PurchaseReservedInstancesOffering",
"ce:GetSavingsPlansCoverage",
"ce:GetReservationCoverage",
"ce:GetSavingsPlansUtilization",
"ce:GetDimensionValues",
"ce:GetReservationUtilization",
"ce:GetSavingsPlansUtilizationDetails",
"ce:GetCostAndUsage",
"savingsplans:DescribeSavingsPlansOfferings",
"savingsplans:CreateSavingsPlan",
"organizations:ListAccounts"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
Raw
events.json
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ecs:ListClusters*",
"ecs:DescribeClusters",
"ecs:ListServices",
"ecs:DescribeServices",
"ecs:DescribeContainerInstances",
"ecs:ListTasks",
"ecs:ListContainerInstances",
"ecs:DescribeTasks",
"ec2:DescribeInstances*",
"ec2:DescribeRegions",
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricData",
"ec2:DescribeVolumes",
"ec2:DescribeSnapshots",
"rds:DescribeDBSnapshots",
"rds:DescribeDBInstances",
"rds:DescribeDBClusters",
"rds:DescribeDBSnapshotAttributes",
"ce:GetRightsizingRecommendation"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
Raw
extra.md

you should attach the aws managed policy

arn:aws:iam::aws:policy/ReadOnlyAccess

Raw
getrole.json
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"iam:SimulatePrincipalPolicy"
],
"Resource": [
"arn:aws:iam::<AWS ACCOUNT ID>:role/<ROLE NAME>"
],
"Effect": "Allow"
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment