To ensure correct access to VMware Cloud services for users in your AWS account, you must assign them specific permissions.

About this task

The following are the minimum AWS permissions needed to work correctly with VMware Cloud services. You assign these permissions to users in an individual account and in a master organization account.

  • AmazonEC2ReadOnlyAccess - Allows a user to collect data on Amazon Elastic Block Store (EBS) blocks and computes

  • AmazonS3ReadOnlyAccess - Allows a user to collect data on S3 buckets

  • AmazonVPCReadOnlyAccess - Allows a user to collect data on a Virtual Private Cloud (VPC)

  • CloudWatchLogsReadOnlyAccess - Allows a user to collect metrics from AWS

For more information on permissions in AWS, see http://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html.