Reputation: 5860
How do you create cloudwatch alarms to reboot instances?
I am trying to use EC2 recover action in my account but I am unable to do so. Whenever I try to create an alarm with action to reboot EC2 instance it gives the following error:
A system administrator must provision SWF permissions for your IAM user so that the IAM user can perform this action.
Unfortunately I am the administrator here, and can't get this to work. My user has AmazonEC2FullAccess and CloudWatchFullAccess.
Docs say:
If you want to use an IAM role to stop, terminate, or reboot an instance using an alarm action, you can only use the EC2ActionsAccess role.
But I don't know what should this role say? Couldn't find a sample role anywhere.
Refer: https://groups.google.com/forum/#!topic/terraform-tool/N8s8MvFD_Rs
Upvotes: 2
Views: 948
Answers (2)
Reputation: 3048
Need to add policy for you IAM user to allow access to the swf, something like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"swf:*"
],
"Resource": "*"
}
]
}
Please note: swf doesn't support resource based restrictions.
Upvotes: 2
Reputation: 3349
This should work:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstances",
"ec2:StopInstances",
"ec2:TerminateInstances"
],
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}
Note that according to this, "You can't assign a role to an existing instance; you can only specify a role when you launch a new instance."
Upvotes: 1
Related Questions
- How do you add swap to an EC2 instance?
- AWS CloudWatch Alarms to multiple EC2 instances
- What is exactly "Assume" a role in AWS?
- Add/attach AWS IAM Role to EC2 instance via terraform
- AWS ECR docker pull failed with IAM permission
- AWS Assume Role: "Invalid information in one or more fields."
- CloudWatch Reboot Alarm Action failed to execute
- AWS health check status alarm reboot