Requirements

This topic describes the AWS platform permissions required to execute chaos experiments on your target environments.

Public cloud

AWS (Self-managed infrastructure with managed services)

Chaos agent deployment model	Centralized chaos agent on Kubernetes (leverage kube api and container-runtime API to inject faults on K8s microservices)
Connectivity requirements from agent	Outbound over port 443 to Harness from the Kubernetes cluster. Outbound to application health endpoints (ones which will be used for resilience validation) from the Kubernetes cluster. Outbound to cloud provider's public account endpoint.
Connectivity requirements from VM/cluster/app.	No settings required on the target cloud.
Access requirements for agent install	Install agent as a cluster-admin or as a user-mapped to a cluster role with these permissions. Go to architecture documentation for more details on how the Kubernetes Chaos Agent is used to inject chaos on cloud resources.
Access requirements for basic chaos experiments	AWS: IAM role mapped to policy for basic AWS EC2 chaos .
Access requirements for advanced chaos experiments	AWS: IAM role mapped to policy for advanced AWS chaos.
Supported chaos faults	Basic AWS EC2 faults with minimized permissions in policy. Advanced AWS faults across resource types with the superset policy. You can tune the policy based on the faults/resources in use. Above lists are for indicative purposes. Go to K8s agent versus native OS Agent based approach for chaos on Linux EC2 instances .