AWS Elastic Beanstalk (IAM)

aws devops

AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker.

Common permissions

elasticbeanstalk:DescribeApplicationselasticbeanstalk:DescribeEnvironmentselasticbeanstalk:DescribeEventselasticbeanstalk:DescribeEnvironmentHealthelasticbeanstalk:DescribeInstancesHealthelasticbeanstalk:ListTagsForResourceelasticbeanstalk:DescribeApplicationVersionselasticbeanstalk:DescribeConfigurationOptions

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "elasticbeanstalk:DescribeApplications",
        "elasticbeanstalk:DescribeEnvironments",
        "elasticbeanstalk:DescribeEvents",
        "elasticbeanstalk:DescribeEnvironmentHealth",
        "elasticbeanstalk:DescribeInstancesHealth",
        "elasticbeanstalk:ListTagsForResource",
        "elasticbeanstalk:DescribeApplicationVersions",
        "elasticbeanstalk:DescribeConfigurationOptions"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid elasticbeanstalk:* — grants full control including environment and application deletion.
Avoid elasticbeanstalk:DeleteApplication — can permanently remove an application and all its environments.

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/elasticbeanstalk/elasticbeanstalk.json ↗

API

full doc /v1/iam/elasticbeanstalk