Skip to main content
Version: 1.0.0

AWS IAM Permissions Guide


Zeet leverages AWS services to deliver its platform capabilities. Understanding the permissions required helps in setting up and using the platform efficiently. This guide delves deep into the AWS IAM permissions used by Zeet, starting with default permissions needed for initial cloud connections and then moving onto fine-grained permissions for advanced users.

1. Default Permissions

These permissions are essential for establishing the basic connection between Zeet and your AWS account.

1.1. Cloud Connection

  • Required Permissions:
    • Create IAM Role: Allows Zeet to establish an IAM role for managing resources.
    • Account Administrator: Ensures Zeet has adequate permissions to function smoothly.
    • Assumable by: Zeet Management Account

1.2. Platform Permissions (Default)


By default, all platform and deployment permissions, as detailed in the "Fine Grained Customization Permissions" section, are enabled. This streamlined configuration makes it easier for users to explore and get started with the platform.

2. Fine Grained Customization Permissions

For users who need more control over the permissions granted to Zeet. This section is relevant for Pro, Scale, and Enterprise plan users.


Only Pro, Scale, and Enterprise plan users can customize these permissions.

2.1. Cloud Connection

  • Customizable Permissions: Depending on the use case, users can decide which permissions to grant.
  • Assumable by: Zeet Management account

2.2. Platform Permissions by Use Case

Detailed permissions for specific use-cases:

2.2.1. Container App Management

Managing containerized applications requires permissions to various AWS services:

  • ECR: Allows Zeet to manage container repositories.
  • EKS: Lets Zeet interact with Kubernetes services.
  • EC2: Provides control over virtual servers in the cloud.
  • VPC: Ensures network-related configurations can be adjusted.
  • Route53: Allows domain name system service management.
  • Autoscaling: Enables dynamic adjustment of resources.
  • IAM: Manages AWS access.
  • STS: Grants temporary security credentials to containers.

2.2.2. Serverless App Management

For those looking to manage serverless applications:

  • CloudFormation: Required for AWS CDK Deployment
  • S3: Required for AWS CDK Deployment
  • ACM: Manages SSL/TLS certificates, (Only required if custom domain is used)
  • APIGateway: Manages http endpoint for serverless functions
  • Lambda: Manages serverless funcitons
  • ECR: Allows management of container repositories.
  • IAM: Manages AWS access.

2.2.3. RDS Management

Database management permissions include:

  • S3: Storage for Terraform states and modules.
  • RDS: Management of Amazon RDS databases.

2.2.4. Terraform Module Management

For infrastructure-as-code setups:

  • S3: Storage for Terraform states and modules.

Additional permissions for Terraform Module Management depend on the specific template utilized.

2.3. Zeet Dashboard and Monitoring

2.3.1. View Logs

  • CloudWatch: Allows historical log viewing on the dashboard.
  • Logs: Provides detailed log information.

2.3.2. View Metrics

  • CloudWatch: Enables monitoring of metrics related to services managed by zeet

2.3.3. Cloud Quota Monitoring

  • ServiceQuotas: Monitors AWS service quotas ensuring that limits are not breached.

2.3.4. Cluster Capacity Monitoring

For monitoring cluster capacity:

  • SNS: Sends notifications for capacity events.
  • SQS: Message queuing for capacity events.
  • CloudWatch: Monitors cluster capacity metrics.

2.3.5. AWS Secret Manager Integration

  • SecretsManager: Helps integrate and manage secrets safely.