Permissions for using EBS encryption
If planning to use encryption, ensure that the IAM role (if using role-based credential) or IAM user (if using key-based credential) that you are using for the Cloudbreak credential has the following permissions.
Note | |
---|---|
If you created your CredentialRole according to Cloudbreak 2.8 (or newer) documentation, these permissions are already included. However, if you created your CredentialRole according to the documentation for a Cloudbreak version earlier than 2.8, you must update your CbPolicy. |
EC2 permissions
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": [
"ec2:CopyImage",
"ec2:CreateSnapshot",
"ec2:DeleteSnapshot",
"ec2:DescribeSnapshots",
"ec2:CreateVolume",
"ec2:DeleteVolume",
"ec2:DescribeVolumes",
"ec2:DeregisterImage",
],
"Resource": "*"
}
}
KMS permissions
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": [
"kms:ListKeys",
"kms:ListKeyPolicies",
"kms:ListAliases"
],
"Resource": "*"
}
}