Deployed IAM Resources

The following is the list of IAM roles and policies that are created by the Code Ocean VPC CloudFormation stack, along with their logical ID and description.

  • BackupRole: Provides AWS Backup permission to create backups and perform restores on your behalf across AWS services.

  • BatchInstanceRole: Allows EC2 instances in a Code Ocean AWS Batch ECS cluster to access ECS and other required AWS services. BatchInstancePolicy: Core set of permissions.

  • BatchJobRole: Allows Code Ocean AWS Batch jobs to access to AWS services. BatchJobPolicy: Core set of permissions.

  • CleanupDnsRecordSetsRole: Allows AWS Lambda to call AWS services to delete internal code ocean dns records on cloudformation stack deletion. CustomResourcePolicy: Core set of permissions.

  • S3PipelineStagingReplicationRole: Allows S3 to replicate objects from the PipelineStaging bucket. S3PipelineStagingReplicationPolicy: Core set of permissions.

  • ServicesInstanceRole: Allows EC2 services instances to call AWS services. ServicesInstancePolicy: Core set of permissions. ServicesInstanceDedicatedMachinesAccess: Permissions to manage EC2 instances under the Dedicated Machine Code Ocean feature. ServicesAssumeRolePolicy: Permissions to assume the list of IAM roles configured through the Assumable Roles CloudFormation parameter.

  • WorkerInstanceRole: Allows EC2 worker instances to call AWS services. WorkerInstancePolicy: Core set of permissions. WorkerAssumeRolePolicy: Permissions to assume the list of IAM roles configured through the Assumable Roles CloudFormation parameter.