Code Ocean VPC Administration Guide
v3.6
v3.6
  • Code Ocean VPC Administration Guide
  • Overview
    • System Overview
    • System Capacity and Sizing
  • Installation Guide
    • Prerequisites
    • CloudFormation Deployment
    • Deployment Parameters
    • Deployed IAM Resources
    • Subdomain Delegation
    • Create an Admin Account
    • Upgrade Code Ocean
    • Remove Code Ocean
    • Least privileged deployment IAM role
  • Management Guide
    • User Management
      • Admin Signup
      • Adding/Removing an Administrator
      • Inviting New Users
      • Generating a Reset Password Link
      • Deactivate User
      • Exten Owndership
    • User Licenses Guide
    • Set up a User Banner Message
    • Enable Git Integration
    • Starter Environments
      • Deploy Base Image
      • Image Actions
      • Deploying Private Docker Base Images
    • Set up Custom Metadata
    • Authentication
    • SCIM Provisioning using Azure Active Directory
    • SCIM Provisioning using Okta
    • ACM Certificate Renewal
    • Deleting Released Capsules
    • Assumable Roles
    • Backup and restore
    • Public Collections
    • Download Settings
  • Troubleshooting Guide
    • Collecting Logs with the Support Bundle
    • Searching Logs in AWS CloudWatch
    • Detecting Drift in AWS CloudFormation Stacks
    • Alarms
Powered by GitBook
On this page

Was this helpful?

  1. Installation Guide

Deployed IAM Resources

The following is the list of IAM roles and policies that are created by the Code Ocean VPC CloudFormation stack, along with their logical ID and description.

  • BackupRole: Provides AWS Backup permission to create backups and perform restores on your behalf across AWS services.

  • BackupCopyRole: Allows BackupCopyFunction lambda to call AWS services as part of AWS Backup snapshot copy automation. BackupCopyPolicy: Core set of permissions.

  • BackupEventBridgeRole: Allows EventBridge to call AWS services as part of AWS Backup snapshot copy automation.

  • BatchInstanceRole: Allows EC2 instances in a Code Ocean AWS Batch ECS cluster to access ECS and other required AWS services. BatchInstancePolicy: Core set of permissions.

  • BatchJobRole: Allows Code Ocean AWS Batch jobs to access to AWS services. BatchJobPolicy: Core set of permissions.

  • CleanupDnsRecordSetsRole: Allows AWS Lambda to call AWS services to delete internal code ocean dns records on CloudFormation stack deletion. CustomResourcePolicy: Core set of permissions.

  • JobsInstanceRole: Allows Code Ocean EC2 jobs instances to call AWS services. JobsInstancePolicy: Core set of permissions.

  • ServicesInstanceRole: Allows EC2 services instances to call AWS services. ServicesInstancePolicy: Core set of permissions. ServicesInstanceDedicatedMachinesAccess: Permissions to manage EC2 instances under the Dedicated Machine Code Ocean feature. ServicesAssumeRolePolicy: Permissions to assume the list of IAM roles configured through the Assumable Roles CloudFormation parameter.

  • S3BackupRole: Provides AWS S3 permissions to backup buckets. S3BackupReplicationPolicy: Core set of permissions.

  • WorkerInstanceRole: Allows EC2 worker instances to call AWS services. WorkerInstancePolicy: Core set of permissions. WorkerAssumeRolePolicy: Permissions to assume the list of IAM roles configured through the Assumable Roles CloudFormation parameter.

PreviousDeployment ParametersNextSubdomain Delegation

Last updated 9 days ago

Was this helpful?