diff --git a/aws/policy/compute.yaml b/aws/policy/compute.yaml index b512db9..f36e1cd 100644 --- a/aws/policy/compute.yaml +++ b/aws/policy/compute.yaml @@ -6,6 +6,7 @@ Statement: - Sid: AllowRunInstancesInstanceType Effect: Allow Action: + - autoscaling:AttachInstances - autoscaling:CreateAutoScalingGroup - autoscaling:CreateLaunchConfiguration - autoscaling:UpdateAutoScalingGroup @@ -110,6 +111,8 @@ Statement: Effect: Allow Action: - autoscaling:Describe* + - autoscaling:ResumeProcesses + - autoscaling:SuspendProcesses - ec2:Describe* - elasticloadbalancing:DeleteRule - elasticloadbalancing:DeleteListener @@ -128,7 +131,7 @@ Statement: Action: - autoscaling:EnableMetricsCollection - ec2:CreateVolume - - elasticloadbalancing:CreateLoadBalancer + - elasticloadbalancing:CreateLoadBalancer* - elasticloadbalancing:CreateRule Resource: - 'arn:aws:ec2:{{ aws_region }}:{{ aws_account_id }}:volume/*' @@ -150,6 +153,8 @@ Statement: - autoscaling:PutScheduledUpdateGroupAction - autoscaling:PutLifecycleHook - autoscaling:StartInstanceRefresh + - autoscaling:SetInstanceHealth + - autoscaling:SetInstanceProtection - autoscaling:TerminateInstanceInAutoScalingGroup - ec2:DeleteVolume - elasticloadbalancing:AddListenerCertificates @@ -160,13 +165,8 @@ Statement: - elasticloadbalancing:CreateAppCookieStickinessPolicy - elasticloadbalancing:CreateLBCookieStickinessPolicy - elasticloadbalancing:CreateListener - - elasticloadbalancing:CreateLoadBalancerListeners - - elasticloadbalancing:CreateLoadBalancerPolicy - elasticloadbalancing:CreateTargetGroup - - elasticloadbalancing:DeleteLoadBalancer - - elasticloadbalancing:DeleteLoadBalancerListeners - - elasticloadbalancing:DeleteLoadBalancerPolicy - - elasticloadbalancing:DeleteTargetGroup + - elasticloadbalancing:Delete* - elasticloadbalancing:DeregisterInstancesFromLoadBalancer - elasticloadbalancing:DetachLoadBalancerFromSubnets - elasticloadbalancing:DisableAvailabilityZonesForLoadBalancer @@ -175,8 +175,7 @@ Statement: - elasticloadbalancing:RemoveTags - elasticloadbalancing:RegisterInstancesWithLoadBalancer - elasticloadbalancing:RegisterTargets - - elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer - - elasticloadbalancing:SetLoadBalancerPoliciesOfListener + - elasticloadbalancing:SetLoadBalancer* - elasticloadbalancing:SetSecurityGroups - elasticloadbalancing:SetWebACL Resource: