AWS Required Roles/Permissions

Overview

The following roles should be attached to a group to which user accounts representing CB service accounts are added.

Considerations

A key and secret can then be generated for each user account.

Predefined Roles required:

AmazonEC2FullAccess
AWSPriceListServiceFullAccess
AWSS3FullAccess
AmazonVPCFullAccess

Custom role that I call “IAMCreateRole” that is used to enable remote execution for EC2 VMs

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "iam:CreateRole",
                "iam:AttachRolePolicy",
                "iam:CreateInstanceProfile",
                "iam:AddRoleToInstanceProfile"
            ],
            "Resource": "*"
        }
    ]
}

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.