Example: Traffic Acquisition using VPC Mirroring and GwLB
Note: If you are using inline policy or basic authentication, then you must update the policy with the relevant IAM service. For more information, see Minimum Permissions Required for Inline Policies and Basic Authentication.
This policy allows you to acquire traffic using VPC mirroring with Gateway Load Balancer and authenticate using an IAM instance role.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"autoscaling:DescribeAutoScalingGroups",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:DescribeTargetHealth",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeInstances",
"ec2:DescribeAddresses",
"ec2:DescribeKeyPairs",
"ec2:DescribeSecurityGroups",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:DescribeImages",
"ec2:DescribeVolumes",
"ec2:CreateTrafficMirrorFilterRule",
"ec2:CreateTrafficMirrorTarget",
"ec2:CreateTrafficMirrorSession",
"ec2:CreateTrafficMirrorFilter",
"ec2:DeleteTrafficMirrorTarget",
"ec2:DeleteTrafficMirrorSession",
"ec2:DeleteTrafficMirrorFilter",
"ec2:DescribeTrafficMirrorSessions",
"ec2:DescribeTrafficMirrorTargets",
"ec2:DescribeTrafficMirrorFilters", "ec2:DescribeVpcEndpointServiceConfigurations",
"ec2:DescribeVpcEndpoints",
"ram:CreateResourceShare",
"ram:DeleteResourceShare","ram:GetResourceShareInvitations",
"ram:AcceptResourceShareInvitation",
"ram:DisassociateResourceShare",
"ram:DeleteResourceShare",
"iam:GetPolicyVersion",
"iam:GetPolicy",
"iam:ListAttachedRolePolicies",
"iam:ListRolePolicies",
"kms:ListAliases"
],
"Resource": "*"
}
]
}
For more information regarding policies and permissions, refer to AWS Documentation.
