For best security, it is recommended to restrict the Amazon credentials that is registered with Skeddly to only those actions required. For example, if you are only using a Start Instance action to start your instances, then create an Amazon access key or IAM role using the Amazon Identity and Access Management tools that is limited to the following commands:

  • ec2:StartInstances
  • ec2:DescribeInstances

The Amazon commands required for each Skeddly action are listed in the documentation for each Skeddly action.

However, it is possible to let Skeddly generate a restrictive IAM policy document for you catered to the actions and options that you are using.

Generating a Custom IAM Policy Document

After you have created your actions:

1. Return to the Credentials List.
2. "View" your credentials for which you want to generate a policy by clicking it's name in the credentials list.
3. On the details page for your credentials, click "Create IAM Policy Document".
4. Copy the JSON policy document to your clipboard.
5. Return to the Identity and Access Management Console.
6. Select your role or access key by clicking it's name in the list.
7. Under the "Permissions" tab, click "+ Add inline policy".
8. Select the "JSON" tab.
9. Paste the JSON policy document that you copied from Skeddly into the policy window.
10. Click the "Review policy" button.
11. Give the policy a name in the "Name" field. It can be any name such as "Skeddly".
12. Click the "Create policy" button.

Important Notes

After you have generated your custom IAM policy document, if you add and/or modify any of your actions or managed instances, the document may be missing new required permissions. In this case, just generate a new document and update your credentials permissions.

IAM policy updates take time to propagate throughout the Amazon AWS system. After updating your role or access key with a new policy document, please wait a few minutes before executing Skeddly actions.

Did this answer your question?