CloudForms AWS IAM policies

To enable Cloudforms to connect to the AWS provider you need to following policies:

  • AmazonEC2FullAccess
  • AWSConfigUserAccess
  • IAMReadOnlyAccess
  • IAMUserSSHKeys
  • AWSCloudFormationReadOnlyAccess

As well as two custom policies

CFMESNS

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "sns:*"
            ],
            "Resource": "arn:aws:sns:us-east-1:${AWS-ACCT_ID}:AWSConfig_topic"
        }
    ]
}

CFMESQS

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "sqs:*"
            ],
            "Resource": "arn:aws:sqs:us-east-1:${AWS-ACCT_ID}:manageiq-awsconfig-queue*"
        }
    ]
}

1 thought on “CloudForms AWS IAM policies”

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.