This topic describes how to activate Auto Scaling and grant the permissions for accessing Alibaba Cloud resources to Auto Scaling.

Background information

You must activate Auto Scaling and grant necessary permissions to Auto Scaling when you use Auto Scaling for the first time. If you have used Auto Scaling before, skip this topic to create a scaling group and a scaling configuration. For more information, see Step 2. Implement automatic scaling.

Step 1: Activate Auto Scaling

  1. Log on to the Auto Scaling console.
  2. Click Active Auto Scaling.
  3. Select I agree with Auto Scaling Agreement of Service and click Enable Now.

Step 2: Grant permissions to Auto Scaling

  1. Log on to the Auto Scaling console.
  2. Click Authorize.
  3. On the page that appears, select AliyunESSDefaultRole and click Confirm Authorization Policy.
    The Resource Access Management (RAM) role AliyunESSDefaultRole has the permissions specified in the AliyunESSRolePolicy policy. The content of the AliyunESSRolePolicy policy is updated from time to time. You can go to the RAM console to view the latest content of the policy. For more information, see View basic information about a policy. Currently, the policy is as follows:
    {
      "Version": "1",
      "Statement": [
        {
          "Action": [
            "ecs:CreateInstance",
            "ecs:RunInstances",
            "ecs:StartInstance",
            "ecs:AllocatePublicIpAddress",
            "ecs:StopInstance",
            "ecs:DeleteInstance",
            "ecs:DescribeInstances",
            "ecs:DescribeInstanceAttribute",
            "ecs:ModifyInstanceAttribute",
            "ecs:DescribeSecurityGroupAttribute",
            "ecs:DescribeImages",
            "ecs:DescribeSnapshots",
            "ecs:DescribeKeyPairs",
            "slb:DescribeLoadBalancerAttribute",
            "slb:RemoveBackendServers",
            "slb:DescribeHealthStatus",
            "slb:AddBackendServers",
            "slb:SetBackendServers",
            "rds:ModifySecurityIps",
            "rds:DescribeDBInstanceAttribute",
            "rds:DescribeTaskInfo",
            "rds:DescribeDBInstanceIPArrayList"
          ],
          "Resource": "*",
          "Effect": "Allow"
        },
        {
          "Action": [
            "vpc:DescribeVpcs",
            "vpc:DescribeVSwitches"
          ],
          "Resource": "*",
          "Effect": "Allow"
        },
        {
          "Action": [
            "mns:ListTopic",
            "mns:ListQueue",
            "mns:SendMessage",
            "mns:PublishMessage"
          ],
          "Resource": "*",
          "Effect": "Allow"
        },
        {
          "Action": "ram:PassRole",
          "Resource": "*",
          "Effect": "Allow",
          "Condition": {
            "StringEquals": {
              "acs:Service": "ecs.aliyuncs.com"
            }
          }
        }
      ]
    }
    For more information about each action, see the API documentation of the corresponding service. For example, the ecs:RunInstances action allows Auto Scaling to create one or more Elastic Compute Service (ECS) instances. For more information, see RunInstances.
    • ECS-related actions
      Action Description
      ecs:RunInstances Creates one or more ECS instances.
      ecs:CreateInstance Creates an ECS instance.
      ecs:StartInstance Starts an ECS instance.
      ecs:AllocatePublicIpAddress Allocates a public network IP address to an ECS instance.
      ecs:StopInstance Stops an ECS instance.
      ecs:DeleteInstance Deletes an ECS instance.
      ecs:DescribeInstances Queries ECS instances.
      ecs:DescribeInstanceAttribute Queries the attributes of an ECS instance.
      ecs:ModifyInstanceAttribute Modifies the attributes of an ECS instance.
      ecs:DescribeSecurityGroupAttribute Queries the attributes of a security group.
      ecs:DescribeSnapshots Queries all snapshots of an ECS instance or a disk.
      ecs:DescribeKeyPairs Queries one or more Secure Shell (SSH) key pairs.
    • SLB-related actions
      Action Description
      slb:DescribeLoadBalancerAttribute Queries the information about a Server Load Balancer (SLB) instance.
      slb:RemoveBackendServers Removes back-end servers from an SLB instance.
      slb:DescribeHealthStatus Performs a health check on back-end servers of an SLB instance.
      slb:AddBackendServers Adds back-end servers to an SLB instance.
      slb:SetBackendServers Sets the weights of back-end servers.
    • RDS-related actions
      Action Description
      rds:ModifySecurityIps Modifies the IP address whitelist of a Relational Database Service (RDS) instance.
      rds:DescribeDBInstanceAttribute Queries the details about an RDS instance.
      rds:DescribeTaskInfo Queries the information about an RDS task.
      rds:DescribeDBInstanceIPArrayList Queries the IP address whitelist of an RDS instance.
    • VPC-related actions
      Action Description
      vpc:DescribeVpcs Queries Virtual Private Clouds (VPCs).
      vpc:DescribeVSwitches Queries VSwitches.
    • MNS-related actions
      Action Description
      mns:ListTopic Queries all Message Service (MNS) topics under your account.
      mns:ListQueue Queries all MNS queues under your account.
      mns:SendMessage Sends a message.
      mns:PublishMessage Publishes a message.

What to do next

After you activate and grant permissions to Auto Scaling, you can create a scaling group and a scaling configuration. For more information, see Step 2. Implement automatic scaling.