Permissions for @turbot/aws-elasticache
Taking a look at permissions and associated grant levels for each permission for ElastiCache:
Permission | Grant Level | Help |
---|---|---|
cloudwatch:DescribeAlarms | Metadata | Required for console access per http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/UsingIAM.html |
cloudwatch:GetMetricStatistics | Metadata | Required for console access per http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/UsingIAM.html |
ec2:DescribeAccountAttributes | Metadata | Required for console access per http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/UsingIAM.html |
ec2:DescribeAvailabilityZones | Metadata | Required for console access per http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/UsingIAM.html |
ec2:DescribeSecurityGroups | Metadata | Required for console access per http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/UsingIAM.html |
ec2:DescribeVpcs | Metadata | Required for console access per http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/UsingIAM.html |
elasticache:AddTagsToResource | Operator | Operators can manage tags and reboot the cluster. |
elasticache:AuthorizeCacheSecurityGroupIngress | Admin | "Administrators can manage network ingress to a cache security group. Applications using ElastiCache must be running on Amazon EC2 |
elasticache:BatchApplyUpdateAction | Admin | |
elasticache:BatchStopUpdateAction | Admin | |
elasticache:CompleteMigration | Admin | |
elasticache:CopySnapshot | Operator | "Operators can create snapshots |
elasticache:CreateCacheCluster | Admin | |
elasticache:CreateCacheParameterGroup | Admin | |
elasticache:CreateCacheSecurityGroup | Admin | Cache security groups are only used when you are creating a cluster outside of an Amazon Virtual Private Cloud (Amazon VPC). |
elasticache:CreateCacheSubnetGroup | Admin | "Administrators can manage custom subnet groups. Turbot managed subnet groups cannot be automatically protected |
elasticache:CreateGlobalReplicationGroup | Admin | |
elasticache:CreateReplicationGroup | Admin | |
elasticache:CreateSnapshot | Operator | "Operators can create snapshots |
elasticache:CreateUser | Admin | |
elasticache:CreateUserGroup | Admin | |
elasticache:DecreaseNodeGroupsInGlobalReplicationGroup | Operator | |
elasticache:DecreaseReplicaCount | Operator | Operators can decrease AmazonElastiCache replica count. |
elasticache:DeleteCacheCluster | Admin | |
elasticache:DeleteCacheParameterGroup | Admin | |
elasticache:DeleteCacheSecurityGroup | Admin | |
elasticache:DeleteCacheSubnetGroup | Admin | "Administrators can manage custom subnet groups. Turbot managed subnet groups cannot be automatically protected |
elasticache:DeleteGlobalReplicationGroup | Admin | |
elasticache:DeleteReplicationGroup | Admin | |
elasticache:DeleteSnapshot | Admin | "Operators can create snapshots |
elasticache:DeleteUser | Admin | |
elasticache:DeleteUserGroup | Admin | |
elasticache:DescribeCacheClusters | Metadata | "Metadata about the cache instance |
elasticache:DescribeCacheEngineVersions | Metadata | "Metadata about the cache instance |
elasticache:DescribeCacheParameterGroups | Metadata | "Metadata about the cache instance |
elasticache:DescribeCacheParameters | Metadata | "Metadata about the cache instance |
elasticache:DescribeCacheSecurityGroups | Metadata | "Metadata about the cache instance |
elasticache:DescribeCacheSubnetGroups | Metadata | "Metadata about the cache instance |
elasticache:DescribeEngineDefaultParameters | Metadata | "Metadata about the cache instance |
elasticache:DescribeEvents | Metadata | "Metadata about the cache instance |
elasticache:DescribeGlobalReplicationGroups | Metadata | |
elasticache:DescribeReplicationGroups | Metadata | "Metadata about the cache instance |
elasticache:DescribeReservedCacheNodes | Metadata | "Metadata about the cache instance |
elasticache:DescribeReservedCacheNodesOfferings | Metadata | "Metadata about the cache instance |
elasticache:DescribeServiceUpdates | Metadata | |
elasticache:DescribeSnapshots | Metadata | |
elasticache:DescribeUpdateActions | Metadata | |
elasticache:DescribeUserGroups | Metadata | |
elasticache:DescribeUsers | Metadata | |
elasticache:DisassociateGlobalReplicationGroup | Admin | |
elasticache:FailoverGlobalReplicationGroup | Admin | |
elasticache:IncreaseNodeGroupsInGlobalReplicationGroup | Operator | |
elasticache:IncreaseReplicaCount | Operator | Operators can increase AmazonElastiCache replica count. |
elasticache:ListAllowedNodeTypeModifications | Metadata | |
elasticache:ListTagsForResource | Metadata | |
elasticache:ModifyCacheCluster | Admin | |
elasticache:ModifyCacheParameterGroup | Admin | |
elasticache:ModifyCacheSubnetGroup | Admin | "Administrators can manage custom subnet groups. Turbot managed subnet groups cannot be automatically protected |
elasticache:ModifyGlobalReplicationGroup | Admin | |
elasticache:ModifyUser | Admin | |
elasticache:ModifyUserGroup | Admin | |
elasticache:ModifyReplicationGroup | Admin | |
elasticache:ModifyReplicationGroupShardConfiguration | Admin | |
elasticache:PurchaseReservedCacheNodesOffering | Owner | Reserved instances can only be purchased by owners. |
elasticache:RebalanceSlotsInGlobalReplicationGroup | Operator | |
elasticache:RebootCacheCluster | Operator | Operators can manage tags and reboot the cluster. |
elasticache:RemoveTagsFromResource | Operator | Operators can manage tags and reboot the cluster. |
elasticache:ResetCacheParameterGroup | Admin | |
elasticache:RevokeCacheSecurityGroupIngress | Admin | Revokes ingress from a cache security group. Use this operation to disallow access from an Amazon EC2 security group that had been previously authorized. |
elasticache:StartMigration | Admin | |
elasticache:TestFailover | Operator | |
sns:ListSubscriptions | Metadata | Required for console access per http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/UsingIAM.html |
sns:ListTopics | Metadata | Required for console access per http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/UsingIAM.html |