Skip to content

Scoped down IAM policy for building AMIs #4440

Answered by vigh-m
rajivr asked this question in Q&A
Discussion options

You must be logged in to vote

Hi @rajivr , Thanks for reaching out. Just trying to understand the ask here, are you looking for a minimal IAM Policy which would allow you to publish and register a Bottlerocket AMI in your AWS Account?

If so, I was able to do this with a policy like below:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ebs:StartSnapshot",
                "ebs:CompleteSnapshot",
                "ebs:PutSnapshotBlock",
                "ec2:CreateSnapshot",
                "ec2:RegisterImage",
                "ec2:DescribeImages",
                "ec2:DescribeImageAttribute",
          …

Replies: 1 comment 1 reply

Comment options

You must be logged in to vote
1 reply
@rajivr
Comment options

Answer selected by rajivr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants