# IAM Access Policies

Registering an IAM User in gopaddle requires different permissions assigned to the IAM user/role. Please find a complete list of fine-grained, region and account specific permissions required based on the capabilities used in gopaddle.

<table><thead><tr><th width="223">Capability</th><th width="212">AWS Services</th><th>IAM Permissions</th></tr></thead><tbody><tr><td>Creating EKS Cluster and managed Nodegroups</td><td><p></p><p>VPC</p></td><td><span data-gb-custom-inline data-tag="emoji" data-code="1f511">🔑</span> <a href="https://gp-cloudformation-roles.s3.amazonaws.com/gp-vpc-policy.json">https://gp-cloudformation-roles.s3.amazonaws.com/gp-vpc-policy.json</a></td></tr><tr><td></td><td>Subnet </td><td><span data-gb-custom-inline data-tag="emoji" data-code="1f511">🔑</span> <a href="https://gp-cloudformation-roles.s3.amazonaws.com/gp-subnet-policy.json">https://gp-cloudformation-roles.s3.amazonaws.com/gp-subnet-policy.json</a></td></tr><tr><td></td><td>Gateway </td><td><span data-gb-custom-inline data-tag="emoji" data-code="1f511">🔑</span> <a href="https://gp-cloudformation-roles.s3.amazonaws.com/gp-gateway-policy.json">https://gp-cloudformation-roles.s3.amazonaws.com/gp-gateway-policy.json</a></td></tr><tr><td></td><td>EKS and Nodegroup </td><td><span data-gb-custom-inline data-tag="emoji" data-code="1f511">🔑</span> <a href="https://gp-cloudformation-roles.s3.amazonaws.com/gp-eks-nodegroup-policy.json">https://gp-cloudformation-roles.s3.amazonaws.com/gp-eks-nodegroup-policy.json</a></td></tr><tr><td></td><td> Instance </td><td><span data-gb-custom-inline data-tag="emoji" data-code="1f511">🔑</span> <a href="https://gp-cloudformation-roles.s3.amazonaws.com/gp-instance-policy.json">https://gp-cloudformation-roles.s3.amazonaws.com/gp-instance-policy.json</a></td></tr><tr><td></td><td>Roles and Security Group</td><td><span data-gb-custom-inline data-tag="emoji" data-code="1f511">🔑</span> <a href="https://gp-cloudformation-roles.s3.amazonaws.com/gp-role-sg-policy.json">https://gp-cloudformation-roles.s3.amazonaws.com/gp-role-sg-policy.json</a></td></tr><tr><td></td><td>Cloudformation Template </td><td><span data-gb-custom-inline data-tag="emoji" data-code="1f511">🔑</span> <a href="https://gp-cloudformation-roles.s3.amazonaws.com/gp-stack-policy.json">https://gp-cloudformation-roles.s3.amazonaws.com/gp-stack-policy.json</a></td></tr><tr><td></td><td>Cloudwatch</td><td><span data-gb-custom-inline data-tag="emoji" data-code="1f511">🔑</span> <a href="https://gp-cloudformation-roles.s3.amazonaws.com/gp-cloudwatch-policy.json">https://gp-cloudformation-roles.s3.amazonaws.com/gp-cloudwatch-policy.json</a></td></tr><tr><td></td><td>Create Application Load Balancer </td><td><span data-gb-custom-inline data-tag="emoji" data-code="1f511">🔑</span> <a href="https://gp-cloudformation-roles.s3.amazonaws.com/gp-alb-policy.json">https://gp-cloudformation-roles.s3.amazonaws.com/gp-alb-policy.json</a></td></tr><tr><td>AWS ECR Registry </td><td>ECR</td><td><span data-gb-custom-inline data-tag="emoji" data-code="1f511">🔑</span> <a href="https://gp-cloudformation-roles.s3.amazonaws.com/gp-repository-policy.json">https://gp-cloudformation-roles.s3.amazonaws.com/gp-repository-policy.json</a></td></tr><tr><td>AWS SNS Amazon</td><td>SNS</td><td><span data-gb-custom-inline data-tag="emoji" data-code="1f511">🔑</span> <a href="https://gp-cloudformation-roles.s3.amazonaws.com/gp-sns-policy.json">https://gp-cloudformation-roles.s3.amazonaws.com/gp-sns-policy.json</a></td></tr></tbody></table>