What type of permissions to required, for the ACCESS_KEY and SECRET_KEY when setting up Promtail on EC2 machine?
Key / Role ARL will set on ec2_sd_config section of YML file
As per the doc to configure promtail on EC2, you need to do two things via aws CLI.
- Create EC2 instance
- Create IPv4 VPC and subnets
So your aws cli should have following IAM permission to do those actions.
-
Creating EC2 instance
- “ec2:RunInstances”
You can follow the AWS doc for permissions policies related to EC2 here
- “ec2:RunInstances”
-
Create IPv4 VPC and subnets
- “ec2:CreateVpc”,
- “ec2:CreateSubnet”,
- “ec2:DescribeAvailabilityZones”,
- “ec2:CreateRouteTable”,
- “ec2:CreateRoute”,
- “ec2:CreateInternetGateway”,
- “ec2:AttachInternetGateway”,
- “ec2:AssociateRouteTable”,
- “ec2:ModifyVpcAttribute”
You can follow the AWS doc for permissions policies related to VPC here
1 Like
Hi @kavikanagaraj ,
Thanks for the answer. Actually I want the permissions for the key which is using in ec2_sd_config section of promtail configuration (YML) file
Ah. sorry for the confusion. We also had discussion about this over the slack.
Looks like the correct permissions for the key using ec2_sd_config
"tag:GetResources",
"cloudwatch:ListTagsForResource",
"ec2:DescribeTags",
"ec2:DescribeInstances",
"ec2:DescribeRegions",
"elasticloadbalancing:DescribeTargetGroups"
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.