openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/modules/installation-aws-permissions-iam-roles.adoc
Brendan Daly 73e1a93c36 OSDOCS-16989_3:updating CQAs
2026-01-07 16:37:09 +00:00

59 lines
2.4 KiB
Plaintext
Raw Permalink Blame History

// Module included in the following assemblies:
//
// * installing/installing_aws/installing-aws-account.adoc
:_mod-docs-content-type: REFERENCE
[id="installation-aws-permissions-iam-roles_{context}"]
= Default permissions for IAM instance profiles
[role="_abstract"]
To ensure your cluster operates with the correct security permissions in {product-title}, review the default IAM instance profiles created by the installation program.
By default, the installation program creates IAM instance profiles for the bootstrap, control plane, and compute instances with the necessary permissions for the cluster to operate.
The following lists specify the default permissions for control plane and compute machines:
.Default IAM role permissions for control plane instance profiles
* `ec2:AttachVolume`
* `ec2:AuthorizeSecurityGroupIngress`
* `ec2:CreateSecurityGroup`
* `ec2:CreateTags`
* `ec2:CreateVolume`
* `ec2:DeleteSecurityGroup`
* `ec2:DeleteVolume`
* `ec2:Describe*`
* `ec2:DetachVolume`
* `ec2:ModifyInstanceAttribute`
* `ec2:ModifyVolume`
* `ec2:RevokeSecurityGroupIngress`
* `elasticloadbalancing:AddTags`
* `elasticloadbalancing:AttachLoadBalancerToSubnets`
* `elasticloadbalancing:ApplySecurityGroupsToLoadBalancer`
* `elasticloadbalancing:CreateListener`
* `elasticloadbalancing:CreateLoadBalancer`
* `elasticloadbalancing:CreateLoadBalancerPolicy`
* `elasticloadbalancing:CreateLoadBalancerListeners`
* `elasticloadbalancing:CreateTargetGroup`
* `elasticloadbalancing:ConfigureHealthCheck`
* `elasticloadbalancing:DeleteListener`
* `elasticloadbalancing:DeleteLoadBalancer`
* `elasticloadbalancing:DeleteLoadBalancerListeners`
* `elasticloadbalancing:DeleteTargetGroup`
* `elasticloadbalancing:DeregisterInstancesFromLoadBalancer`
* `elasticloadbalancing:DeregisterTargets`
* `elasticloadbalancing:Describe*`
* `elasticloadbalancing:DetachLoadBalancerFromSubnets`
* `elasticloadbalancing:ModifyListener`
* `elasticloadbalancing:ModifyLoadBalancerAttributes`
* `elasticloadbalancing:ModifyTargetGroup`
* `elasticloadbalancing:ModifyTargetGroupAttributes`
* `elasticloadbalancing:RegisterInstancesWithLoadBalancer`
* `elasticloadbalancing:RegisterTargets`
* `elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer`
* `elasticloadbalancing:SetLoadBalancerPoliciesOfListener`
* `kms:DescribeKey`
.Default IAM role permissions for compute instance profiles
* `ec2:DescribeInstances`
* `ec2:DescribeRegions`
View Git Blame Copy Permalink