Deployed IAM Resources
The following is the list of IAM roles and policies that are created by the Code Ocean VPC CloudFormation stack, along with their logical ID and description.
BackupRole: Provides AWS Backup permission to create backups and perform restores on your behalf across AWS services.
BatchInstanceRole: Allows EC2 instances in a Code Ocean AWS Batch ECS cluster to access ECS and other required AWS services. BatchInstancePolicy: Core set of permissions.
BatchJobRole: Allows Code Ocean AWS Batch jobs to access to AWS services. BatchJobPolicy: Core set of permissions.
CleanupDnsRecordSetsRole: Allows AWS Lambda to call AWS services to delete internal code ocean dns records on cloudformation stack deletion. CustomResourcePolicy: Core set of permissions.
S3PipelineStagingReplicationRole: Allows S3 to replicate objects from the PipelineStaging bucket. S3PipelineStagingReplicationPolicy: Core set of permissions.
ServicesInstanceRole: Allows EC2 services instances to call AWS services. ServicesInstancePolicy: Core set of permissions. ServicesInstanceDedicatedMachinesAccess: Permissions to manage EC2 instances under the Dedicated Machine Code Ocean feature. ServicesAssumeRolePolicy: Permissions to assume the list of IAM roles configured through the
Assumable Roles
CloudFormation parameter.WorkerInstanceRole: Allows EC2 worker instances to call AWS services. WorkerInstancePolicy: Core set of permissions. WorkerAssumeRolePolicy: Permissions to assume the list of IAM roles configured through the
Assumable Roles
CloudFormation parameter.