Minimum Permissions Required for Acquiring Traffic using the Customer Orchestrated Source
Prerequisites:
Before configuring the required permissions and previleges in AWS, you must install GigaVUE‑FM. For details, refer to Install GigaVUE-FM on AWS.
If you are using inline policy or basic authentication, then you must update the policy with the relevant IAM service. For details, see Minimum Permissions Required for Inline Policies and Basic Authentication.
These are the minimum permissions that are required to acquire traffic using the customer orchestrated, use a GigaVUE V Series Proxy and authenticate using an IAM instance role.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:RunInstances",
"ec2:TerminateInstances",
"ec2:AssociateAddress",
"ec2:DisassociateAddress",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeInstanceTypes",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeKeyPairs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVolumes",
"ec2:DescribeAddresses",
"ec2:RebootInstances",
"ec2:StartInstances",
"ec2:StopInstances",
“ec2:AssociateAddress”,
“ec2:DisassociateAddress”,
“ec2:RebootInstances”,
“ec2:StartInstances”,
“ec2:StopInstances”,
“ec2:RunInstances”,
“ec2:TerminateInstances”,
"iam:GetPolicyVersion",
"iam:GetPolicy",
"iam:ListAttachedRolePolicies",
"iam:ListRolePolicies",
"iam:ListAccountAliases",
"kms:ListAliases",
"kms:GenerateDataKeyWithoutPlaintext"
],
"Resource": "*"
}
]
}For more information regarding policies and permissions, refer to AWS Documentation.
What to do Next:
Configure the AWS credentials in GigaVUE‑FM to monitor workloads across multiple AWS accounts within one Monitoring Domain. For details, refer to Create AWS Credentials.
