GetInfraDesk
DocsDashboard →
Documentation
📖 Overview🚀 Getting Started⚡ How Fixes Work↩ī¸ Rollback Guide🔐 IAM Permissions❓ FAQ
Need help?
Email us at support@getinfradesk.com

IAM Permissions

Full list of AWS permissions GetInfraDesk requires and why.

🔐 How access works
GetInfraDesk uses a cross-account IAM role created via CloudFormation. Your credentials are never stored. GetInfraDesk assumes the role temporarily using AWS STS AssumeRole with a unique External ID per account.
EC2
●ec2:DescribeInstances
●ec2:DescribeVolumes
●ec2:DescribeSnapshots
●ec2:DescribeAddresses
●ec2:DescribeRegions
●ec2:DescribeTags
●ec2:StopInstances
●ec2:StartInstances
●ec2:TerminateInstances
●ec2:CreateSnapshot
●ec2:DeleteVolume
●ec2:ModifyVolume
●ec2:ReleaseAddress
RDS
●rds:DescribeDBInstances
●rds:CreateDBSnapshot
●rds:ModifyDBInstance
●rds:DescribeDBSnapshots
Cost Explorer
●ce:GetCostAndUsage
●ce:GetCostForecast
●ce:GetDimensionValues
CloudWatch
●cloudwatch:GetMetricStatistics
●cloudwatch:ListMetrics
Lambda
●lambda:CreateFunction
●lambda:DeleteFunction
●lambda:InvokeFunction
●lambda:GetFunction
EventBridge
●scheduler:CreateSchedule
●scheduler:DeleteSchedule
●scheduler:GetSchedule
IAM
●iam:CreateRole
●iam:AttachRolePolicy
●iam:PassRole
●iam:GetRole
⚠ī¸ Update your IAM role
If GetInfraDesk shows a permission error, your IAM role may be outdated. Go to your dashboard → Account card → "↑ Update Role" to update to the latest permissions.