IAM user is not authorized to perform: application-autoscaling:DescribeScalableTargets

8,001

Solution 1

I need to add the following custom policy to one of my permission groups

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "application-autoscaling:*",
        "cloudwatch:DescribeAlarms",
        "cloudwatch:PutMetricAlarm"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

Source: http://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-auto-scaling.html#auto-scaling-IAM

Solution 2

Along with the above we need the add the IAM pass role to the policy. So the policy should look like below:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "cloudwatch:PutMetricAlarm",
                "iam:GetRole",
                "iam:PassRole",
                "application-autoscaling:*",
                "cloudwatch:DescribeAlarms"
            ],
            "Resource": "<RESOURCE-ARN>"
        }
    ]
}

Below is the reference URL:

[https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html][1]

Share:
8,001

Related videos on Youtube

Jason Lee
Author by

Jason Lee

Updated on September 18, 2022

Comments

  • Jason Lee
    Jason Lee about 1 year

    I am trying to add autoscaling to a cluster. However I encountered the following error:

    enter image description here

    I have already added the IAM user to these new security groups:

    enter image description here

    andenter image description here

    Altogether this user has the following permissions:

     AmazonSQSFullAccess
      AWSElasticBeanstalkFullAccess
      AmazonS3FullAccess
      CloudWatchFullAccess
      AmazonDynamoDBFullAccess
      CloudFrontFullAccess
      AmazonEC2FullAccess
      CloudWatchLogsFullAccess
      AmazonEC2ContainerServiceFullAccess
      AmazonEC2ContainerRegistryPowerUser
      IAMReadOnlyAccess
      AmazonEC2ContainerServiceAutoscaleRole
    

    What did I miss?

    EDIT:

    I have added

    AutoScalingFullAccess

    and

    ApplicationAutoScalingForAmazonAppStreamAccess

    but no cigar.