add minimal rule for aws

skypilot-org · Sep 18, 2023 · eca3c7a · eca3c7a
1 parent cf3e289
commit eca3c7a
Showing 1 changed file with 17 additions and 4 deletions.
diff --git a/docs/source/cloud-setup/cloud-permissions/aws.rst b/docs/source/cloud-setup/cloud-permissions/aws.rst
@@ -117,22 +117,35 @@ AWS accounts can be attached with a policy that limits the permissions of the ac
                 "Resource": "*"
             }
 
-5. Click **Next: Tags** and follow the instructions to finish creating the policy. You can give the policy a descriptive name, such as ``minimal-skypilot-policy``.
-6. Go back to the previous window and click on the refresh button, and you can now search for the policy you just created.
+5. **Optional**: To enable open ports on AWS cluster, you need to add the following permissions to the policy above as well.
+
+.. code-block:: json
+
+           {
+                "Effect": "Allow",
+                "Action": [
+                    "ec2:DeleteSecurityGroup",
+                    "ec2:ModifyInstanceAttribute"
+                ],
+                "Resource": "arn:aws:ec2:*:<account-ID-without-hyphens>:*"
+            }
+
+6. Click **Next: Tags** and follow the instructions to finish creating the policy. You can give the policy a descriptive name, such as ``minimal-skypilot-policy``.
+7. Go back to the previous window and click on the refresh button, and you can now search for the policy you just created.
 
 .. image:: ../../images/screenshots/aws/aws-add-policy.png
     :width: 80%
     :align: center
     :alt: AWS Add Policy
 
-7. **Optional**: If you would like to have your users access S3 buckets: You can additionally attach S3 access, such as the "AmazonS3FullAccess" policy.
+8. **Optional**: If you would like to have your users access S3 buckets: You can additionally attach S3 access, such as the "AmazonS3FullAccess" policy.
 
 .. image:: ../../images/screenshots/aws/aws-s3-policy.png
     :width: 80%
     :align: center
     :alt: AWS Add S3 Policy
 
-8. Click on **Next** and follow the instructions to create the user.
+9. Click on **Next** and follow the instructions to create the user.
 
 With the steps above you are almost ready to have the users in your organization to use SkyPilot with the minimal permissions.