Granting IAM users required permissions for Amazon EC2 Auto Scaling resources - Amazon EC2 Auto Scaling
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Granting IAM users required permissions for Amazon EC2 Auto Scaling resources

By default, Amazon Identity and Access Management (IAM) users don't have permission to create or modify Amazon EC2 Auto Scaling resources, or perform tasks using the Amazon EC2 Auto Scaling API. To allow IAM users to create or modify resources and perform tasks, an IAM administrator with the account must create IAM policies that grant IAM users permissions for the specific resources and API actions they will need to use, and then attach those policies to the IAM users or groups that require those permissions.

In general, to perform an Amazon EC2 Auto Scaling action, an IAM user must have only the matching action included in a policy, but doesn't need to be explicitly granted permission to manage Amazon EC2 instances. In some cases, however, an action might require that you include additional related actions in your policy. For example, if an IAM user calls CreateAutoScalingGroup to create an Auto Scaling group using a launch template, the IAM user must also have permissions for the related Amazon EC2 API actions they need. For more information, see Required API permissions for Amazon EC2 Auto Scaling in the Amazon EC2 Auto Scaling User Guide.

When you create or edit a policy using the visual editor in the IAM console, you receive warnings and prompts to help you choose all of the required actions for your policy.

For certain API actions, you can control when users are allowed to use those actions based on conditions that have to be fulfilled, or specific resources that users are allowed to use. For example, you can grant users permission to pass an IAM role to EC2 instances, but only if the name of the role matches the one specified in a policy statement attached to the user.

For a complete list of the Amazon EC2 Auto Scaling actions, ARNs, and condition keys that you can use to control access to your Amazon EC2 Auto Scaling resources, see Actions, Resources, and Condition Keys for Amazon EC2 Auto Scaling in the Service Authorization Reference.

For more information, see Identity and Access Management for Amazon EC2 Auto Scaling in the Amazon EC2 Auto Scaling User Guide.