diff --git a/docs/source/cloud-setup/cloud-permissions/aws.rst b/docs/source/cloud-setup/cloud-permissions/aws.rst index 63035f28058..cee56477f27 100644 --- a/docs/source/cloud-setup/cloud-permissions/aws.rst +++ b/docs/source/cloud-setup/cloud-permissions/aws.rst @@ -117,22 +117,35 @@ AWS accounts can be attached with a policy that limits the permissions of the ac "Resource": "*" } -5. Click **Next: Tags** and follow the instructions to finish creating the policy. You can give the policy a descriptive name, such as ``minimal-skypilot-policy``. -6. Go back to the previous window and click on the refresh button, and you can now search for the policy you just created. +5. **Optional**: To enable open ports on AWS cluster, you need to add the following permissions to the policy above as well. + +.. code-block:: json + + { + "Effect": "Allow", + "Action": [ + "ec2:DeleteSecurityGroup", + "ec2:ModifyInstanceAttribute" + ], + "Resource": "arn:aws:ec2:*::*" + } + +6. Click **Next: Tags** and follow the instructions to finish creating the policy. You can give the policy a descriptive name, such as ``minimal-skypilot-policy``. +7. Go back to the previous window and click on the refresh button, and you can now search for the policy you just created. .. image:: ../../images/screenshots/aws/aws-add-policy.png :width: 80% :align: center :alt: AWS Add Policy -7. **Optional**: If you would like to have your users access S3 buckets: You can additionally attach S3 access, such as the "AmazonS3FullAccess" policy. +8. **Optional**: If you would like to have your users access S3 buckets: You can additionally attach S3 access, such as the "AmazonS3FullAccess" policy. .. image:: ../../images/screenshots/aws/aws-s3-policy.png :width: 80% :align: center :alt: AWS Add S3 Policy -8. Click on **Next** and follow the instructions to create the user. +9. Click on **Next** and follow the instructions to create the user. With the steps above you are almost ready to have the users in your organization to use SkyPilot with the minimal permissions.