- 最新
- 投票最多
- 评论最多
Hello,
It sounds like you may be encountering an IAM permissions issue when trying to create the second-step scaling configuration for your Auto Scaling group. Application Auto Scaling and EC2 Auto Scaling require specific IAM permissions to create and manage scaling configurations and resources.
A few things to check:
- Make sure the IAM user or role you are using to create the scaling configuration has the necessary permissions. For Application Auto Scaling, you'll need application-autoscaling: CreateScalingPlan and application-autoscaling: UpdateScalingPlan permissions at minimum. For EC2 Auto Scaling, ec2:CreateAutoScalingGroup and ec2:UpdateAutoScalingGroup are required.
- Confirm the IAM entity has permission to access the launch template referenced in the first scaling step. It needs ec2:DescribeLaunchTemplates permission.
- If using a service-linked role, ensure it has been created by successfully configuring scaling for the resource type previously.
- You can test with full admin permissions temporarily to validate it's a permissions issue.
For more info - https://docs.aws.amazon.com/solutions/latest/aws-innovation-sandbox/security.html https://docs.aws.amazon.com/autoscaling/application/userguide/security_iam_troubleshoot.html
Thanks
Abhinav
When creating an AutoScaling Group (ASG), your user or role must have permissions to create the instance which the ASG is configured to launch. This is to prevent an ASG being used for a permissions escalation attack.
One common permission missing is IAM:PassRole, which is needed if an EC2 Instance Role is included in the launch template. More information: https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-launch-template-permissions.html