AWS policies required by Buddy
What are AWS policies
In short, the policies define permissions and access control for AWS resources, such as Amazon EC2 or S3, and are associated with entities such as users, groups, and roles.
Below you will find the list of identity-based policies (AWS IAM policies) which control access to the Amazon Web Services. Make sure to grant access to all policies listed for the particular service. Missing any required policies may deny access to the selected AWS service.
CloudFront
Amazon CloudFront is a content delivery network (CDN) service that lets you deliver static and dynamic content with low latency and high transfer speeds.
cloudfront:ListDistributions cloudfront:CreateInvalidation cloudfront:GetInvalidation CodeDeploy
AWS CodeDeploy is a service that automates code deployments to cloud instances and self-hosted servers.
codedeploy:ListApplications codedeploy:ListDeploymentGroups codedeploy:ListDeploymentConfigs codedeploy:CreateDeployment codedeploy:GetDeployment codedeploy:GetDeploymentConfig codedeploy:GetApplicationRevision codedeploy:RegisterApplicationRevision s3:ListBucket s3:CreateBucket s3:GetObject s3:PutObject s3:ListMultipartUploadParts s3:AbortMultipartUpload s3:ListBucketMultipartUploads Encrypted S3 buckets
kms:Decrypt kms:Encrypt kms:GenerateDataKey ECR
Amazon ECR is a fully managed Docker container registry service that simplifies storing, managing, and deployment of Docker container images.
ecr:CreateRepository ecr:DescribeRepositories ecr:GetAuthorizationToken ecr:BatchCheckLayerAvailability ecr:CompleteLayerUpload ecr:InitiateLayerUpload ecr:PutImage ecr:UploadLayerPart ecr:GetDownloadUrlForLayer ecr:BatchGetImage ECS
Amazon ECS is a high-performance container orchestration service that supports Docker containers and allows you to run and scale containerized applications.
ecs:ListClusters ecs:ListServices ecs:RegisterTaskDefinition ecs:DescribeServices ecs:UpdateService If your tasks have roles, also the following AWS IAM policy is needed:
defaultiam:PassRole
See here for more information.
EKS
Amazon EKS is a managed Kubernetes service that simplifies the process of deploying, managing, and scaling containerized applications.
eks:ListClusters eks:DescribeCluster Elastic Beanstalk
AWS Elastic Beanstalk is an orchestration service for deploying applications and managing applications in the Amazon cloud.
AWSElasticBeanstalkFullAcces. elasticbeanstalk:DescribeApplications elasticbeanstalk:DescribeEnvironments elasticbeanstalk:CreateApplicationVersion elasticbeanstalk:DescribeApplicationVersions elasticbeanstalk:UpdateApplication elasticbeanstalk:UpdateEnvironment elasticbeanstalk:UpdateApplicationVersion s3:CreateBucket s3:PutObject s3:GetObject s3:GetObjectAcl s3:ListBucket s3:ListBuckets cloudformation:GetTemplate cloudformation:ListStackResources Elastic Beanstalk Monitoring
Elastic Beanstalk Monitoring provides insights into the health and performance of your Elastic Beanstalk environment by collecting and displaying metrics about CPU utilization, latency, request count, and more.
elasticbeanstalk:DescribeApplications elasticbeanstalk:DescribeEnvironments elasticbeanstalk:DescribeEnvironmentHealth Lambda
AWS Lambda is a serverless compute service for running code without provisioning or managing servers.
lambda:ListFunctions lambda:InvokeFunction lambda:UpdateFunctionCode S3
Amazon S3 is an object storage service that provides industry-leading scalability, data availability, security, and performance.
s3:ListAllMyBuckets s3:GetObject s3:PutObject s3:PutObjectAcl (required for Public flag) s3:DeleteObject s3:ListBucket s3:PutObjectTagging s3:DeleteObjectTagging s3:GetObjectTagging s3:GetBucketLocation Encrypted S3 buckets
kms:Decrypt kms:Encrypt kms:GenerateDataKey Last modified on Nov 12, 2025