AWS Required Roles/Permissions

The following roles should be attached to a group to which user accounts representing CB service accounts are added. A key and secret can then be generated for each user account.

Predefined Roles required:

AmazonEC2FullAccess
Billing

Inline Roles

 

{
    "Version": "2012-10-17",
    "Statement": [{
        "Effect": "Allow",
        "Action": [
                        "ce:*"
        ],
        "Resource": "*"
    }]
}

 

 

Have more questions? Submit a request

1 Comments

  • 1
    Avatar
    Lars Bjerke

    To supplement this KB, do you happen to have an example of a least privilege user_iam_policy to utilize all Cloudbolt's features? 

    ...or better yet a mapping of '<CloudBolt feature X> requires <service:setting>' so customers can create a policy of just the features required. 

     

    Thank you, 

    Lars

Please sign in to leave a comment.