By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

What EC2 permissions are needed to deregister-targets

0

I have a cluster of servers and on occasion there are a few updates, and those get checked, updated, but to keep from getting a complaint now and then I would like to remove the machine from the target group, update then add. I know I can do this in code-commit, etc. but for the sake of time, all of the work is in place, and the error is easy enough to follow;

An error occurred (AccessDenied) when calling the DeregisterTargets operation: User: arn:aws:sts::000000:assumed-role/role/serverID is not authorized to perform: elasticloadbalancing:DeregisterTargets

So I can add a simple permission to do that, but not finding what/where. Under permissions / EC2 I don't see any "deregister", under ELB there is a permission to DeregisterInstancesFromLoadBalancer, but when you mouse over says "Grants permission to deregister the specified instances from the specified load balancer" and I need to do this to a TargetGroup not an ELB.

So how can I grant the IAM role to remove that specific ID ? Thanks

Topics
Security, Identity, & Compliance
Tags
IAM Policies
Language
English
lraymond
asked a year ago409 views
2 Answers
0
Accepted Answer

How do you remove targets?
If you are an IAM user, you will need to attach "elasticloadbalancing:DeregisterTargets" to the IAM user's policy.

profile picture
EXPERT
Riku_Kobayashi
answered a year ago
profile picture
EXPERT
Gary Mclean
reviewed a month ago
0

Thanks, I do not see that as an option so after some digging, it's under the awsloadbalancing V2, but appreciate that help

lraymond
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content