What AWS permissions will I need in order to deploy a Cyral sidecar?

The user who deploys a Cyral sidecar using a Cyral-provided template must have sufficient AWS permissions to allow the Cyral deployment module to create IAM resources and EC2 resources. During deployment, the IAM role needed for the sidecar instances will be created automatically by the deployment module and attached to EC2 instances.

Note! While you can opt to deploy the sidecar using an AWS account that has more powerful administrator permissions, the more secure approach (and often the only approach allowed by your IT team) is to grant least privilege, which means deploying the sidecar with an account that has the minimum needed permissions.


See the following documents for lists of the required permissions:



Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.