Minimal IAM Permissions for Launchpad

Andrew.Mulder · May 2017

Launchpad for Data Fusion Community Edition requires AWS access keys. When creating access keys using IAM, what are the permissions that Launchpad requires? I know that the "AdministratorAccess" policy is sufficient, but is there a more minimal set of permissions that are recommended?

Eric.Helgeson · June 2017

Hi Andrew,

We use terraform.io to build the infrastructure in AWS - it does need to create, read, update, and delete these resources -

resource "aws_key_pair" "launchpad-provision"
resource "aws_instance" "master"
resource "aws_instance" "slave_1"
resource "aws_instance" "slave_2"
resource "aws_security_group" "datafusion-public"
resource "aws_security_group" "datafusion-private"
resource "aws_security_group" "datafusion-inter-private"
resource "aws_security_group" "datafusion-private-to-public"
resource "aws_vpc" "datafusion"
resource "aws_internet_gateway" "public"
resource "aws_subnet" "datafusion-public-subnet"
resource "aws_route_table" "public"
resource "aws_route_table_association" "public"
resource "aws_eip" "nat"
resource "aws_nat_gateway" "nat"

Terraform doesn't have a way to output a nice policy document, but this should get you started. Let me know if you come up with something or would like some help with it.

Thanks,
-Eric

Minimal IAM Permissions for Launchpad

Best Answer

Categories