Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

Note

Ensure that role permissions may not update instantly. Changes may take 2-5 minutes to sync and apply.

Scaling Permissions

 Functionality

AWS (IAM Role)

AZURE

GCP

Increase Node

ec2:GetLaunchTemplateData
ec2:CreateLaunchTemplate
ec2:RunInstances

 Microsoft.Network/applicationGateways/write
(applicable only for Web Portal)

Microsoft.Network/networkSecurityGroups/read

Microsoft.Network/networkInterfaces/write

Microsoft.Network/virtualNetworks/subnets/join/action

Microsoft.Network/networkSecurityGroups/join/action
NOTE: Above-mentioned permissions are applicable only when existing Virtual Network is used.

compute.subnetworks.use
(applicable for Marketplace only when shared VPC is used)

compute.instances.create
compute.disks.create
compute.disks.use
compute.instances.setServiceAccount
compute.instances.use

Decrease Node

ec2:DeleteLaunchTemplate
ec2:TerminateInstances

 Microsoft.Network/applicationGateways/write
(applicable only for Web Portal)

Microsoft.Network/networkSecurityGroups/read

Microsoft.Network/networkInterfaces/write

Microsoft.Network/virtualNetworks/subnets/join/action

Microsoft.Network/networkSecurityGroups/join/action
NOTE: Above-mentioned permissions are applicable only when existing Virtual Network is used.

compute.subnetworks.use
(applicable for Marketplace only)

compute.instances.delete
compute.instances.detachDisk
compute.disks.delete

Increase Disk

ec2:CreateVolume
ec2:AttachVolume
ec2:ModifyInstanceAttribute

 Not applicable

compute.disks.create
compute.disks.use

Decrease Disk

ec2:DetachVolume
ec2:DeleteVolume

  Not applicable

 compute.instances.detachDisk
compute.disks.delete

Load Balancer/ TargetGroup Entry Addition

elasticloadbalancing:DescribeTargetGroups

elasticloadbalancing:RegisterTargets

  Not applicable

 compute.instanceGroups.get
compute.instanceGroups.update

Load Balancer/ Target Group Entry Deletion

elasticloadbalancing:DescribeTargetGroups

elasticloadbalancing:DeregisterTargets

  Not applicable

 compute.instanceGroups.get
compute.instanceGroups.update

Target Group health check/probe path modification

“elasticloadbalancing:ModifyTargetGroup “

  Not applicable

compute.instanceGroups.get
compute.instanceGroups.update

Read Also:

Managing Nodes and Services

  • No labels

Copyright Kyvos, Inc. All rights reserved.