IAM Permissions Reference | Deployment | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Query Examples Training API GraphQL API Search Archives Contacting Support

LogScale Self-Hosted Deployment

IAM Permissions Reference

The deploying user/role requires the following AWS permissions:

EKS Permissions:

eks:CreateCluster, eks:DeleteCluster, eks:DescribeCluster, eks:UpdateClusterConfig
eks:CreateNodegroup, eks:DeleteNodegroup, eks:DescribeNodegroup
eks:CreateAccessEntry, eks:DeleteAccessEntry, eks:AssociateAccessPolicy

S3 Permissions:

s3:CreateBucket, s3:DeleteBucket, s3:PutBucketPolicy, s3:GetBucketPolicy
s3:PutObject, s3:GetObject, s3:ListBucket (for state and data buckets)

Route53 Permissions:

route53:CreateHealthCheck, route53:DeleteHealthCheck, route53:GetHealthCheck, route53:UpdateHealthCheck
route53:ChangeResourceRecordSets, route53:ListResourceRecordSets

Lambda Permissions (for DR failover automation):

lambda:CreateFunction, lambda:DeleteFunction, lambda:UpdateFunctionCode
lambda:AddPermission, lambda:RemovePermission

Additional Permissions:

iam:CreateRole, iam:DeleteRole, iam:AttachRolePolicy, iam:DetachRolePolicy
sns:CreateTopic, sns:DeleteTopic, sns:Subscribe
cloudwatch:PutMetricAlarm, cloudwatch:DeleteAlarms
kms:CreateKey, kms:Decrypt, kms:Encrypt (for encryption key management)
ssm:PutParameter, ssm:GetParameter (for DR failover cooldown persistence)

Enter search term