Architecture Available in v1.26.11+
Overview
ScaleOps AWS Cloud Node Integration provides deep integration with AWS services to optimize your Kubernetes workloads. The architecture leverages AWS APIs to gather real-time data about EC2 instances, Auto Scaling Groups, and EKS clusters.
Diagram
Permissions
The integration requires read-only permissions, with additional write permissions for Node Consolidation on EKS Managed Node Groups and Auto Scaling Groups. Use the following AWS IAM policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "EC2AndPricing",
"Effect": "Allow",
"Action": [
"ec2:CreateLaunchTemplate",
"ec2:DeleteLaunchTemplate",
"ec2:RunInstances",
"ec2:Describe*",
"ec2:Get*",
"ec2:List*",
"pricing:GetProducts",
"pricing:DescribeServices",
"pricing:GetAttributeValues"
],
"Resource": "*"
},
{
"Sid": "AutoScaling",
"Effect": "Allow",
"Action": [
"autoscaling:Describe*",
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:DeleteAutoScalingGroup",
"autoscaling:SetDesiredCapacity",
"autoscaling:TerminateInstanceInAutoScalingGroup"
],
"Resource": "*"
},
{
"Sid": "EKS",
"Effect": "Allow",
"Action": [
"eks:Describe*",
"eks:List*",
"eks:UpdateNodegroupConfig",
"eks:CreateNodegroup",
"eks:DeleteNodegroup",
"eks:TagResource"
],
"Resource": "*"
},
{
"Sid": "RDS",
"Effect": "Allow",
"Action": [
"rds:Describe*",
"rds:List*"
],
"Resource": "*"
},
{
"Sid": "S3",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation",
"s3:GetBucketTagging"
],
"Resource": "*"
},
{
"Sid": "SageMaker",
"Effect": "Allow",
"Action": [
"sagemaker:Describe*",
"sagemaker:List*"
],
"Resource": "*"
},
{
"Sid": "CostExplorer",
"Effect": "Allow",
"Action": [
"ce:GetCostAndUsage",
"ce:GetCostForecast",
"ce:GetReservationUtilization",
"ce:GetReservationCoverage",
"ce:GetSavingsPlansCoverage",
"ce:GetSavingsPlansUtilization",
"ce:GetSavingsPlansUtilizationDetails",
"ce:ListCostAllocationTags"
],
"Resource": "*"
},
{
"Sid": "Glue",
"Effect": "Allow",
"Action": [
"glue:GetDatabase*",
"glue:GetTable*",
"glue:GetJob*",
"glue:ListJobs",
"glue:ListCrawlers",
"glue:GetCrawler*"
],
"Resource": "*"
},
{
"Sid": "ELB",
"Effect": "Allow",
"Action": [
"elasticloadbalancing:Describe*"
],
"Resource": "*"
},
{
"Sid": "DynamoDB",
"Effect": "Allow",
"Action": [
"dynamodb:Describe*",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource"
],
"Resource": "*"
},
{
"Sid": "Lambda",
"Effect": "Allow",
"Action": [
"lambda:GetFunction",
"lambda:GetFunctionConfiguration",
"lambda:ListFunctions",
"lambda:ListTags"
],
"Resource": "*"
},
{
"Sid": "Bedrock",
"Effect": "Allow",
"Action": [
"bedrock:List*",
"bedrock:Get*"
],
"Resource": "*"
},
{
"Sid": "ECR",
"Effect": "Allow",
"Action": [
"ecr:DescribeRepositories",
"ecr:ListTagsForResource",
"ecr:GetRepositoryPolicy"
],
"Resource": "*"
},
{
"Sid": "Organizations",
"Effect": "Allow",
"Action": [
"organizations:Describe*",
"organizations:List*"
],
"Resource": "*"
},
{
"Sid": "Athena",
"Effect": "Allow",
"Action": [
"athena:GetDataCatalog",
"athena:GetDatabase",
"athena:GetTableMetadata",
"athena:GetWorkGroup",
"athena:ListDataCatalogs",
"athena:ListDatabases",
"athena:ListTableMetadata",
"athena:ListWorkGroups"
],
"Resource": "*"
},
{
"Sid": "CloudWatch",
"Effect": "Allow",
"Action": [
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"cloudwatch:DescribeAlarms"
],
"Resource": "*"
},
{
"Sid": "ElastiCache",
"Effect": "Allow",
"Action": [
"elasticache:Describe*",
"elasticache:List*"
],
"Resource": "*"
},
{
"Sid": "SavingsPlans",
"Effect": "Allow",
"Action": [
"savingsplans:DescribeSavingsPlans",
"savingsplans:DescribeSavingsPlansOfferings",
"savingsplans:DescribeSavingsPlanRates"
],
"Resource": "*"
},
{
"Sid": "IAM",
"Effect": "Allow",
"Action": [
"iam:SimulatePrincipalPolicy",
"iam:SimulateCustomPolicy",
"iam:GetRole",
"iam:ListAttachedRolePolicies"
],
"Resource": "*"
},
{
"Sid": "PassNodeRole",
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": "*",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"eks.amazonaws.com",
"ec2.amazonaws.com"
]
}
}
}
]
}