Amazon managed policies for Amazon EC2 Auto Scaling - Amazon EC2 Auto Scaling
Amazon EC2 Auto Scaling managed policiesAutoScalingServiceRolePolicy Amazon managed policyAmazon EC2 Auto Scaling updates to Amazon managed policies
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon managed policies for Amazon EC2 Auto Scaling

An Amazon managed policy is a standalone policy that is created and administered by Amazon. Amazon managed policies are designed to provide permissions for many common use cases so that you can start assigning permissions to users, groups, and roles.

Keep in mind that Amazon managed policies might not grant least-privilege permissions for your specific use cases because they're available for all Amazon customers to use. We recommend that you reduce permissions further by defining customer managed policies that are specific to your use cases.

You cannot change the permissions defined in Amazon managed policies. If Amazon updates the permissions defined in an Amazon managed policy, the update affects all principal identities (users, groups, and roles) that the policy is attached to. Amazon is most likely to update an Amazon managed policy when a new Amazon Web Service is launched or new API operations become available for existing services.

For more information, see Amazon managed policies in the IAM User Guide.

Amazon EC2 Auto Scaling managed policies

You can attach the following managed policies to your Amazon Identity and Access Management (IAM) identities (users or roles). Each policy provides access to all or some of the API actions for Amazon EC2 Auto Scaling.

  • AutoScalingFullAccess – Grants full access to Amazon EC2 Auto Scaling for IAM identities that need full Amazon EC2 Auto Scaling access from the Amazon CLI or SDKs, but not Amazon Web Services Management Console access.

  • AutoScalingReadOnlyAccess – Grants read-only access to Amazon EC2 Auto Scaling for IAM identities that are making calls only to the Amazon CLI or SDKs.

  • AutoScalingConsoleFullAccess – Grants full access to Amazon EC2 Auto Scaling using the Amazon Web Services Management Console. This policy works when you are using launch configurations, but not when you are using launch templates.

  • AutoScalingConsoleReadOnlyAccess – Grants read-only access to Amazon EC2 Auto Scaling using the Amazon Web Services Management Console. This policy works when you are using launch configurations, but not when you are using launch templates.

When you are using launch templates from the console, you need to grant additional permissions specific to launch templates, which are discussed in Launch template support. The Amazon EC2 Auto Scaling console needs permissions for ec2 actions so it can display information about launch templates and launch instances using launch templates.

AutoScalingServiceRolePolicy Amazon managed policy

You can't attach AutoScalingServiceRolePolicy to your IAM identities. This policy is attached to a service-linked role that allows Amazon EC2 Auto Scaling to launch and terminate instances. For more information, see Service-linked roles for Amazon EC2 Auto Scaling.

Amazon EC2 Auto Scaling updates to Amazon managed policies

View details about updates to Amazon managed policies for Amazon EC2 Auto Scaling since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the Amazon EC2 Auto Scaling Document history page.

Change Description Date

Amazon EC2 Auto Scaling adds permissions to its service-linked role

The AutoScalingServiceRolePolicy policy now grants permissions to call the Amazon EC2 GetSecurityGroupsForVpc API action to get all security groups for a VPC to improve validation, and the Amazon EC2 GetInstanceTypesFromInstanceRequirements API action to get information about which instance types meet a certain set of instance requirements. For more information, see Service-linked roles for Amazon EC2 Auto Scaling.

February 29, 2024

Amazon EC2 Auto Scaling adds permissions to its service-linked role

The AutoScalingServiceRolePolicy policy now grants permissions to the service to access the API actions it needs for an integration with VPC Lattice.

  • GetTargetGroup and ListTargetGroup actions. Required to retrieve information about VPC Lattice target groups.

  • RegisterTargets and DeregisterTargets actions. Required to register and deregister instances from VPC Lattice target groups.

  • ListTargets. Allows Amazon EC2 Auto Scaling to retrieve health information for instances registered to VPC Lattice target groups.

For more information, see Service-linked roles for Amazon EC2 Auto Scaling.

December 6, 2022

Amazon EC2 Auto Scaling adds permissions to its service-linked role

To support using an Amazon Systems Manager Parameter as an alias for an AMI ID when creating a launch template, the AutoScalingServiceRolePolicy policy now grants permission to call the Amazon Systems Manager GetParameters API action. For more information, see Service-linked roles for Amazon EC2 Auto Scaling.

March 28, 2022

Amazon EC2 Auto Scaling adds permissions to its service-linked role

To support predictive scaling, the AutoScalingServiceRolePolicy policy now includes permission to call the CloudWatch GetMetricData API action. For more information, see Service-linked roles for Amazon EC2 Auto Scaling.

May 19, 2021

Amazon EC2 Auto Scaling started tracking changes

Amazon EC2 Auto Scaling started tracking changes for its Amazon managed policies.

 May 19, 2021