Deployed IAM Resources

The following is the list of IAM roles and policies that are created by the Code Ocean VPC CloudFormation stack, along with their logical ID and description.

  • BackupRole: Provides AWS Backup permission to create backups and perform restores on your behalf across AWS services.

  • BackupCopyRole: Allows BackupCopyFunction lambda to call AWS services as part of AWS Backup snapshot copy automation. BackupCopyPolicy: Core set of permissions.

  • BackupEventBridgeRole: Allows EventBridge to call AWS services as part of AWS Backup snapshot copy automation.

  • BatchInstanceRole: Allows EC2 instances in a Code Ocean AWS Batch ECS cluster to access ECS and other required AWS services. BatchInstancePolicy: Core set of permissions.

  • BatchJobRole: Allows Code Ocean AWS Batch jobs to access to AWS services. BatchJobPolicy: Core set of permissions.

  • CleanupDnsRecordSetsRole: Allows AWS Lambda to call AWS services to delete internal code ocean dns records on CloudFormation stack deletion. CustomResourcePolicy: Core set of permissions.

  • JobsInstanceRole: Allows Code Ocean EC2 jobs instances to call AWS services. JobsInstancePolicy: Core set of permissions.

  • ServicesInstanceRole: Allows EC2 services instances to call AWS services. ServicesInstancePolicy: Core set of permissions. ServicesInstanceDedicatedMachinesAccess: Permissions to manage EC2 instances under the Dedicated Machine Code Ocean feature. ServicesAssumeRolePolicy: Permissions to assume the list of IAM roles configured through the Assumable Roles CloudFormation parameter.

  • S3BackupRole: Provides AWS S3 permissions to backup buckets. S3BackupReplicationPolicy: Core set of permissions.

  • WorkerInstanceRole: Allows EC2 worker instances to call AWS services. WorkerInstancePolicy: Core set of permissions. WorkerAssumeRolePolicy: Permissions to assume the list of IAM roles configured through the Assumable Roles CloudFormation parameter.

Last updated