{"id":3507,"date":"2016-10-13T14:35:00","date_gmt":"2016-10-13T18:35:00","guid":{"rendered":"https:\/\/www.redline13.com\/blog\/?p=3507"},"modified":"2016-10-13T14:35:00","modified_gmt":"2016-10-13T18:35:00","slug":"update-ec2-privileges-permissions","status":"publish","type":"post","link":"https:\/\/www.redline13.com\/blog\/2016\/10\/update-ec2-privileges-permissions\/","title":{"rendered":"Update: EC2 Privileges &#038; Permissions"},"content":{"rendered":"<p>A user recently reached out to us and asked:<\/p>\n<blockquote><p>We have some feedback regarding the ability to shutdown any instance in AWS. We perceive the &#8220;Show All Servers&#8221; with the ability to shut them down as a dangerous option. People who normally do not have access to terminate EC2 instances all of the sudden gain those privileges\u00a0once they are given access to RedLine13. Someone could by mistake terminate an important instance. It is possible to remove this ability?<\/p><\/blockquote>\n<p>Based on this feedback we have provided an update so users can now fine tune the permission to only grant access to RedLine13 tagged instances. We previously never required this permission, but have <a href=\"https:\/\/www.redline13.com\/Aws\/IAMSetup\" target=\"_blank\" rel=\"noopener\">updated our documentation<\/a> to more clearly outline why we use certain permissions:<\/p>\n<ul>\n<li><strong><span style=\"color: #d31d03;\">iam:SimulatePrincipalPolicy<\/span><\/strong>\n<ul>\n<li>used to test a policy for permissions<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #d31d03;\"><strong>ec2:CreateTags<\/strong><\/span>\n<ul>\n<li>allows our tags and you to create custom tags on agents<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #d31d03;\"><strong>ec2:DescribeInstances<\/strong><\/span>\n<ul>\n<li>required to know the data on the instances we launched<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #d31d03;\"><strong>ec2:DescribeSpotInstanceRequests<\/strong><\/span>\n<ul>\n<li>required to know the data on the instances launched<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #d31d03;\"><strong>ec2:RequestSpotInstances<\/strong><\/span>\n<ul>\n<li>used to run tests on spot instances<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #d31d03;\"><strong>ec2:RunInstances<\/strong><\/span>\n<ul>\n<li>used to run tests with on-demand instances<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #d31d03;\"><strong>ec2:StartInstances<\/strong><\/span>\n<ul>\n<li>used to start instances for load agents as load agents<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #d31d03;\"><strong>ec2:De<span style=\"color: #d31d03;\">scribeSubnet<\/span>s<\/strong><\/span>\n<ul>\n<li>used to show list of subnets in a drop down<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #d31d03;\"><strong>ec2:DescribeSecurityGroups<\/strong><\/span>\n<ul>\n<li>used to show your list of security groups when creating a test<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #d31d03;\"><strong>ec2:StopInstances<\/strong><\/span>\n<ul>\n<li>used to stop instances<\/li>\n<\/ul>\n<\/li>\n<li><span style=\"color: #d31d03;\"><strong>ec2:TerminateInstances<\/strong><\/span>\n<ul>\n<li>used to terminate instances from the UI or automated if we find unresponsive RedLine13 load agents<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Improving Fine Grain Controls<\/h2>\n<p>We have updated our security policy to be fine grained for terminating instances. The updated policy will only require these permissions on EC2 instances which are tagged by RedLine13.<\/p>\n<p>See full &#8211;\u00a0<a href=\"https:\/\/www.redline13.com\/Aws\/IAMSetup\" target=\"_blank\" rel=\"noopener\">IAM Setup Instructions<\/a><\/p>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"null\">},\n    {\n      \"Action\": [\n        \"ec2:StopInstances\",\n        \"ec2:TerminateInstances\"\n      ],\n      \"Effect\": \"Allow\",\n      \"Resource\": \"*\",\n      \"Condition\": {\n        \"StringEquals\": {\n          \"ec2:ResourceTag\/redline\": \"T\"\n        }\n      }\n    }<\/pre>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A user recently reached out to us and asked: We have some feedback regarding the ability to shutdown any instance in AWS. We perceive the &#8220;Show All Servers&#8221; with the ability to shut them down as a dangerous option. People who normally do not have access to terminate EC2 instances all of the sudden gain those privileges\u00a0once they are given access to RedLine13. Someone could by mistake terminate an important instance. It is possible to remove<a class=\"more-link\" href=\"https:\/\/www.redline13.com\/blog\/2016\/10\/update-ec2-privileges-permissions\/\">Read More &rarr;<\/a><\/p>\n","protected":false},"author":1,"featured_media":3511,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,2,50],"tags":[88,143,181,183,258,269,396,410,460,468,493,501],"class_list":{"0":"entry","1":"post","2":"publish","3":"author-user","4":"post-3507","6":"format-standard","7":"has-post-thumbnail","8":"category-aws-faq","9":"category-blog","10":"category-updates","11":"post_tag-aws","12":"post_tag-control","13":"post_tag-ec2","14":"post_tag-ec2-instance","15":"post_tag-iam","16":"post_tag-instance","17":"post_tag-permissions","18":"post_tag-privileges","19":"post_tag-server","20":"post_tag-shut-down","21":"post_tag-tagging","22":"post_tag-terminate"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.12 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Update: EC2 Privileges &amp; Permissions - RedLine13<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.redline13.com\/blog\/2016\/10\/update-ec2-privileges-permissions\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Update: EC2 Privileges &amp; Permissions - RedLine13\" \/>\n<meta property=\"og:description\" content=\"A user recently reached out to us and asked: We have some feedback regarding the ability to shutdown any instance in AWS. We perceive the &#8220;Show All Servers&#8221; with the ability to shut them down as a dangerous option. People who normally do not have access to terminate EC2 instances all of the sudden gain those privileges\u00a0once they are given access to RedLine13. Someone could by mistake terminate an important instance. It is possible to removeRead More &rarr;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.redline13.com\/blog\/2016\/10\/update-ec2-privileges-permissions\/\" \/>\n<meta property=\"og:site_name\" content=\"RedLine13\" \/>\n<meta property=\"article:published_time\" content=\"2016-10-13T18:35:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/10\/AWS-Update.png\" \/>\n\t<meta property=\"og:image:width\" content=\"901\" \/>\n\t<meta property=\"og:image:height\" content=\"469\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"RedLine13\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"RedLine13\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.redline13.com\/blog\/2016\/10\/update-ec2-privileges-permissions\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.redline13.com\/blog\/2016\/10\/update-ec2-privileges-permissions\/\"},\"author\":{\"name\":\"RedLine13\",\"@id\":\"https:\/\/www.redline13.com\/blog\/#\/schema\/person\/4acbcdcb8a9c72ec5a274e69c0ebea28\"},\"headline\":\"Update: EC2 Privileges &#038; Permissions\",\"datePublished\":\"2016-10-13T18:35:00+00:00\",\"dateModified\":\"2016-10-13T18:35:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.redline13.com\/blog\/2016\/10\/update-ec2-privileges-permissions\/\"},\"wordCount\":293,\"publisher\":{\"@id\":\"https:\/\/www.redline13.com\/blog\/#organization\"},\"keywords\":[\"AWS\",\"control\",\"ec2\",\"EC2 Instance\",\"IAM\",\"instance\",\"permissions\",\"privileges\",\"server\",\"shut down\",\"tagging\",\"terminate\"],\"articleSection\":[\"AWS FAQ\",\"Blog\",\"Updates\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.redline13.com\/blog\/2016\/10\/update-ec2-privileges-permissions\/\",\"url\":\"https:\/\/www.redline13.com\/blog\/2016\/10\/update-ec2-privileges-permissions\/\",\"name\":\"Update: EC2 Privileges & Permissions - RedLine13\",\"isPartOf\":{\"@id\":\"https:\/\/www.redline13.com\/blog\/#website\"},\"datePublished\":\"2016-10-13T18:35:00+00:00\",\"dateModified\":\"2016-10-13T18:35:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.redline13.com\/blog\/2016\/10\/update-ec2-privileges-permissions\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.redline13.com\/blog\/2016\/10\/update-ec2-privileges-permissions\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.redline13.com\/blog\/2016\/10\/update-ec2-privileges-permissions\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.redline13.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Update: EC2 Privileges &#038; Permissions\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.redline13.com\/blog\/#website\",\"url\":\"https:\/\/www.redline13.com\/blog\/\",\"name\":\"RedLine13\",\"description\":\"(Almost) Free Load Testing in the Cloud\",\"publisher\":{\"@id\":\"https:\/\/www.redline13.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.redline13.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.redline13.com\/blog\/#organization\",\"name\":\"RedLine13\",\"url\":\"https:\/\/www.redline13.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.redline13.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2013\/06\/cropped-rl13-header-logo.jpg\",\"contentUrl\":\"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2013\/06\/cropped-rl13-header-logo.jpg\",\"width\":300,\"height\":68,\"caption\":\"RedLine13\"},\"image\":{\"@id\":\"https:\/\/www.redline13.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.redline13.com\/blog\/#\/schema\/person\/4acbcdcb8a9c72ec5a274e69c0ebea28\",\"name\":\"RedLine13\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.redline13.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b4c9a289323b21a01c3e940f150eb9b8c542587f1abfd8f0e1cc1ffc5e475514?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b4c9a289323b21a01c3e940f150eb9b8c542587f1abfd8f0e1cc1ffc5e475514?s=96&d=mm&r=g\",\"caption\":\"RedLine13\"},\"sameAs\":[\"http:\/\/127.0.0.1\"],\"url\":\"https:\/\/www.redline13.com\/blog\/author\/user\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Update: EC2 Privileges & Permissions - RedLine13","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.redline13.com\/blog\/2016\/10\/update-ec2-privileges-permissions\/","og_locale":"en_US","og_type":"article","og_title":"Update: EC2 Privileges & Permissions - RedLine13","og_description":"A user recently reached out to us and asked: We have some feedback regarding the ability to shutdown any instance in AWS. We perceive the &#8220;Show All Servers&#8221; with the ability to shut them down as a dangerous option. People who normally do not have access to terminate EC2 instances all of the sudden gain those privileges\u00a0once they are given access to RedLine13. Someone could by mistake terminate an important instance. It is possible to removeRead More &rarr;","og_url":"https:\/\/www.redline13.com\/blog\/2016\/10\/update-ec2-privileges-permissions\/","og_site_name":"RedLine13","article_published_time":"2016-10-13T18:35:00+00:00","og_image":[{"width":901,"height":469,"url":"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2016\/10\/AWS-Update.png","type":"image\/png"}],"author":"RedLine13","twitter_card":"summary_large_image","twitter_misc":{"Written by":"RedLine13","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.redline13.com\/blog\/2016\/10\/update-ec2-privileges-permissions\/#article","isPartOf":{"@id":"https:\/\/www.redline13.com\/blog\/2016\/10\/update-ec2-privileges-permissions\/"},"author":{"name":"RedLine13","@id":"https:\/\/www.redline13.com\/blog\/#\/schema\/person\/4acbcdcb8a9c72ec5a274e69c0ebea28"},"headline":"Update: EC2 Privileges &#038; Permissions","datePublished":"2016-10-13T18:35:00+00:00","dateModified":"2016-10-13T18:35:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.redline13.com\/blog\/2016\/10\/update-ec2-privileges-permissions\/"},"wordCount":293,"publisher":{"@id":"https:\/\/www.redline13.com\/blog\/#organization"},"keywords":["AWS","control","ec2","EC2 Instance","IAM","instance","permissions","privileges","server","shut down","tagging","terminate"],"articleSection":["AWS FAQ","Blog","Updates"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.redline13.com\/blog\/2016\/10\/update-ec2-privileges-permissions\/","url":"https:\/\/www.redline13.com\/blog\/2016\/10\/update-ec2-privileges-permissions\/","name":"Update: EC2 Privileges & Permissions - RedLine13","isPartOf":{"@id":"https:\/\/www.redline13.com\/blog\/#website"},"datePublished":"2016-10-13T18:35:00+00:00","dateModified":"2016-10-13T18:35:00+00:00","breadcrumb":{"@id":"https:\/\/www.redline13.com\/blog\/2016\/10\/update-ec2-privileges-permissions\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.redline13.com\/blog\/2016\/10\/update-ec2-privileges-permissions\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.redline13.com\/blog\/2016\/10\/update-ec2-privileges-permissions\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.redline13.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Update: EC2 Privileges &#038; Permissions"}]},{"@type":"WebSite","@id":"https:\/\/www.redline13.com\/blog\/#website","url":"https:\/\/www.redline13.com\/blog\/","name":"RedLine13","description":"(Almost) Free Load Testing in the Cloud","publisher":{"@id":"https:\/\/www.redline13.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.redline13.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.redline13.com\/blog\/#organization","name":"RedLine13","url":"https:\/\/www.redline13.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.redline13.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2013\/06\/cropped-rl13-header-logo.jpg","contentUrl":"https:\/\/www.redline13.com\/blog\/wp-content\/uploads\/2013\/06\/cropped-rl13-header-logo.jpg","width":300,"height":68,"caption":"RedLine13"},"image":{"@id":"https:\/\/www.redline13.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.redline13.com\/blog\/#\/schema\/person\/4acbcdcb8a9c72ec5a274e69c0ebea28","name":"RedLine13","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.redline13.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b4c9a289323b21a01c3e940f150eb9b8c542587f1abfd8f0e1cc1ffc5e475514?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b4c9a289323b21a01c3e940f150eb9b8c542587f1abfd8f0e1cc1ffc5e475514?s=96&d=mm&r=g","caption":"RedLine13"},"sameAs":["http:\/\/127.0.0.1"],"url":"https:\/\/www.redline13.com\/blog\/author\/user\/"}]}},"_links":{"self":[{"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/posts\/3507","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/comments?post=3507"}],"version-history":[{"count":0,"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/posts\/3507\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/media\/3511"}],"wp:attachment":[{"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/media?parent=3507"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/categories?post=3507"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.redline13.com\/blog\/wp-json\/wp\/v2\/tags?post=3507"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}