I have a cluster of servers and on occasion there are a few updates, and those get checked, updated, but to keep from getting a complaint now and then I would like to remove the machine from the target group, update then add. I know I can do this in code-commit, etc. but for the sake of time, all of the work is in place, and the error is easy enough to follow;
An error occurred (AccessDenied) when calling the DeregisterTargets operation: User: arn:aws:sts::000000:assumed-role/role/serverID is not authorized to perform: elasticloadbalancing:DeregisterTargets
So I can add a simple permission to do that, but not finding what/where. Under permissions / EC2 I don't see any "deregister", under ELB there is a permission to DeregisterInstancesFromLoadBalancer, but when you mouse over says "Grants permission to deregister the specified instances from the specified load balancer" and I need to do this to a TargetGroup not an ELB.
So how can I grant the IAM role to remove that specific ID ? Thanks
AWS 官方已更新 2 年前