For best security, it is recommended to restrict the Amazon credentials that is registered with Skeddly to only those actions required. For example, if you are only using a Start Instance action to start your instances, then create an Amazon access key or IAM role using the Amazon Identity and Access Management tools that is limited to the following commands:
The Amazon commands required for each Skeddly action are listed in the documentation for each Skeddly action.
However, it is possible to let Skeddly generate a restrictive IAM policy document for you catered to the actions and options that you are using.
Generating a Custom IAM Policy Document
To generate a custom IAM policy document
- Go to the Identity and Access Management Console and create a new user or role for Skeddly to use. If you created a user, ensure you generate an access key and secret key.
- Register the new credentials with Skeddly.
- Create your actions and/or managed instances using those credentials.
- Return to the Credentials List.
- "View" your credentials that were registered above by clicking it's name in the credentials list.
- On the details page for your credentials, click "Create IAM Policy Document".
- Copy the JSON policy document to your clipboard.
- Return to the Identity and Access Management Console.
- Select your role or access key by clicking it's name in the list.
- Under the "Permissions" tab, click "+ Add inline policy".
- Expand "Custom Policy" and click "Select".
- Give the policy a name in the "Policy Name" field. It can be any name such as "Skeddly".
- Paste the JSON policy document that you copied from Skeddly into the "Policy Document" field.
- Click "Apply Policy".
- After you have generated your custom IAM policy document, if you add and/or modify any of your actions or managed instances, the document may be missing new required permissions. In this case, just generate a new document and update your credentials permissions.
- IAM policy updates take time to propagate throughout the Amazon AWS system. After updating your role or access key with a new policy document, please wait a few minutes before executing Skeddly actions.