Infrastructure Management (IAM Role -- Assume Role Identity)
Role Name:
Tasks performed:
KMS management for Encrypted Disks
Access MarketPlace for CentOS 7 AMI
Setup SNS and Cloudwatch to send notifications to MCP
Create support tickets for quota increase.
Policy:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "support:*", "ec2:*", "sns:*", "kms:*", "logs:*", "cloudwatch:*" "events:*", "route53:*", "aws-marketplace:*", "iam:PassRole", "aws-portal:ViewAccount", "aws-portal:ViewBilling", "aws-portal:ViewUsage" ], "Resource": "*" }] } |
|
Application Service User
User:
Tasks performed:
Policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:*", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:*AccessKey*", "iam:ChangePassword", "iam:GetUser", "iam:*ServiceSpecificCredential*", "iam:*SigningCertificate*" ], "Resource": ["arn:aws:iam::*:user/${aws:username}"] } ] } |
Initial Setup User
Username:
Tasks performed:
Note: terraform user can be removed once BeBop on-boarding is done.
Policy:
{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "ec2:*", "sns:*", "kms:*", "logs:*", "cloudwatch:*", "events:*", "aws-marketplace:*", "iam:PassRole" ], "Resource": "*" }] } |
|
Roles Needed:
prometheus
Tasks performed:
IAM Policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:Describe*", "Resource": "*" } ] }
|
Trust Relationship:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } |
Did you find it helpful?
Yes
No
Send feedback Sorry we couldn't be helpful. Help us improve this article with your feedback.