Deployed IAM Resources
The following is the list of IAM roles and policies that are created by the Code Ocean VPC CloudFormation stack, along with their logical ID and description.
BackupRole: Provides AWS Backup permission to create backups and perform restores on your behalf across AWS services.
BackupCopyRole: Allows BackupCopyFunction lambda to call AWS services as part of AWS Backup snapshot copy automation. BackupCopyPolicy: Core set of permissions.
BackupEventBridgeRole: Allows EventBridge to call AWS services as part of AWS Backup snapshot copy automation.
BatchInstanceRole: Allows EC2 instances in a Code Ocean AWS Batch ECS cluster to access ECS and other required AWS services. BatchInstancePolicy: Core set of permissions.
BatchJobRole: Allows Code Ocean AWS Batch jobs to access to AWS services. BatchJobPolicy: Core set of permissions.
CleanupDnsRecordSetsRole: Allows AWS Lambda to call AWS services to delete internal code ocean dns records on CloudFormation stack deletion. CustomResourcePolicy: Core set of permissions.
JobsInstanceRole: Allows Code Ocean EC2 jobs instances to call AWS services. JobsInstancePolicy: Core set of permissions.
ServicesInstanceRole: Allows EC2 services instances to call AWS services. ServicesInstancePolicy: Core set of permissions. ServicesInstanceDedicatedMachinesAccess: Permissions to manage EC2 instances under the Dedicated Machine Code Ocean feature. ServicesAssumeRolePolicy: Permissions to assume the list of IAM roles configured through the
Assumable Roles
CloudFormation parameter.S3BackupRole: Provides AWS S3 permissions to backup buckets. S3BackupReplicationPolicy: Core set of permissions.
WorkerInstanceRole: Allows EC2 worker instances to call AWS services. WorkerInstancePolicy: Core set of permissions. WorkerAssumeRolePolicy: Permissions to assume the list of IAM roles configured through the
Assumable Roles
CloudFormation parameter.
Last updated