Advanced Cluster Options
Also available as:
PDF

Permissions for using EBS encryption

If planning to use encryption, ensure that the IAM role (if using role-based credential) or IAM user (if using key-based credential) that you are using for the Cloudbreak credential has the following permissions.

EC2 permissions

{
  "Version": "2012-10-17",
  "Statement": {
    "Effect": "Allow",
    "Action": [
      "ec2:CopyImage",
      "ec2:CreateSnapshot",
      "ec2:DeleteSnapshot",
      "ec2:DescribeSnapshots",
      "ec2:CreateVolume",
      "ec2:DeleteVolume",
      "ec2:DescribeVolumes",
      "ec2:DeregisterImage",
    ],
    "Resource": "*"
  }
}

KMS permissions

{
  "Version": "2012-10-17",
  "Statement": {
    "Effect": "Allow",
    "Action": [
      "kms:ListKeys",
      "kms:ListKeyPolicies",
      "kms:ListAliases"
    ],
    "Resource": "*"
  }
}