To configure Scheduler permissions, you must apply an additional policy statement to the ProsperOps IAM role on all AWS accounts you wish to enable. We're firm believers in the security principle of least privilege, so our permission set includes the minimum amount of access we need to function, and nothing more.
At no point in time do we have access to:
- Delete resources
- Change resource types
- Access your sensitive data, whether local or in a managed storage/datastore service
ProsperOps requires the following inline policy to be added to the existing ProsperOps IAM role in AWS accounts where Scheduler will be utilized:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:StartInstances",
"ec2:StopInstances"
],
"Resource": "*"
}
]
}