Skip to content

Policy: ROSAInstallerPolicy

ARN: arn:aws:iam::aws:policy/service-role/ROSAInstallerPolicy

Allowed Actions

Actions Services
ec2:AuthorizeSecurityGroupEgress ec2
ec2:AuthorizeSecurityGroupIngress ec2
ec2:CreateSecurityGroup ec2
ec2:CreateSecurityGroup ec2
ec2:CreateTags ec2
ec2:CreateTags ec2
ec2:CreateTags ec2
ec2:DeleteSecurityGroup ec2
ec2:DescribeAvailabilityZones ec2
ec2:DescribeInstanceTypeOfferings ec2
ec2:DescribeInstanceTypes ec2
ec2:DescribeInstances ec2
ec2:DescribeInternetGateways ec2
ec2:DescribeRegions ec2
ec2:DescribeReservedInstancesOfferings ec2
ec2:DescribeRouteTables ec2
ec2:DescribeSecurityGroupRules ec2
ec2:DescribeSecurityGroups ec2
ec2:DescribeSubnets ec2
ec2:DescribeVpcAttribute ec2
ec2:DescribeVpcs ec2
ec2:GetConsoleOutput ec2
ec2:RevokeSecurityGroupEgress ec2
ec2:RevokeSecurityGroupIngress ec2
ec2:RunInstances ec2
ec2:RunInstances ec2
ec2:RunInstances ec2
ec2:TerminateInstances ec2
elasticloadbalancing:DescribeAccountLimits elasticloadbalancing
elasticloadbalancing:DescribeLoadBalancers elasticloadbalancing
iam:AddRoleToInstanceProfile iam
iam:CreateInstanceProfile iam
iam:DeleteInstanceProfile iam
iam:GetInstanceProfile iam
iam:GetOpenIDConnectProvider iam
iam:GetRole iam
iam:ListAttachedRolePolicies iam
iam:ListRolePolicies iam
iam:PassRole iam
iam:RemoveRoleFromInstanceProfile iam
iam:TagInstanceProfile iam
kms:CreateGrant kms
kms:DescribeKey kms
kms:GenerateDataKeyWithoutPlaintext kms
route53:ChangeResourceRecordSets route53
route53:ChangeTagsForResource route53
route53:CreateHostedZone route53
route53:DeleteHostedZone route53
route53:GetAccountLimit route53
route53:GetHostedZone route53
route53:ListHostedZones route53
route53:ListHostedZonesByName route53
route53:ListResourceRecordSets route53
secretsmanager:GetSecretValue secretsmanager
servicequotas:GetServiceQuota servicequotas