opswitchがAWSアカウント連携時に作成したIAM Roleの権限は以下になります。
EC2
- 先頭にDescribeが付く権限
- CreateSnapshot
- DeleteSnapshot
- CreateImage
- DeregisterImage
- CreateTags
- StartInstances
- StopInstances
- ModifyInstanceAttribute
- CopySnapshot
- CopyImage
RDS
- 先頭にDescribeが付く権限
- CreateDBSnapshot
- DeleteDBInstance
- DeleteDBSnapshot
- RestoreDBInstanceFromDBSnapshot
- ListTagsForResource
- AddTagsToResource
- StartDBInstance
- StopDBInstance
- CreateDBClusterSnapshot
- DeleteDBClusterSnapshot
- StartDBCluster
- StopDBCluster
- CopyDBSnapshot
- CopyDBClusterSnapshot
CloudFormation
- 先頭にDescribeが付く権限
- 先頭にGetが付く権限
- CreateStackSet
- CreateChangeSet