CloudFormation Permissions
When the CloudFormation Template creates the stack in AWS, a role with the ReadOnlyAccess policy is attached. The following table identifies the access granted by the read-only policy. Most of the services listed are not accessed by Virtana Platform, but to keep setup simpler, Virtana Platform is provided universal read-only access.
Service | Access Level | Resource |
|---|---|---|
Config | Full: List Limited: Read | All resources |
Inspector | Full: List, Read | All resources |
Alexa for Business | Full: List Limited: Read | All resources |
Amplify | Limited: List, Read | All resources |
API Gateway | Full: Read | All resources |
App Mesh | Full: List Limited: Read | All resources |
Application Auto Scaling | Full: Read | All resources |
Application Discovery | Full: List, Read | All resources |
AppStream 2.0 | Full: Read Limited: Write | All resources |
AppSync | Full: List, Read | All resources |
Athena | Full: List, Read | All resources |
Auto Scaling | Full: Read | All resources |
Backup | Full: List Limited: Read | All resources |
Batch | Full: List, Read | All resources |
Certificate Manager | Full: List Limited: Read | All resources |
Certificate Manager Private... | Full: List, Read | All resources |
Cloud Directory | Full: List, Read | All resources |
Cloud Map | Full: List Limited: Read | All resources |
Cloud9 | Limited: Read | All resources |
CloudFormation | Full: List, Read | All resources |
CloudFront | Full: List, Read | All resources |
CloudHSM | Full: List, Read | All resources |
CloudSearch | Full: List Limited: Read | All resources |
CloudTrail | Full: List, Read | All resources |
CloudWatch | Full: List, Read | All resources |
CloudWatch Logs | Limited: List, Read | All resources |
CodeBuild | Full: List Limited: Read | All resources |
CodeCommit | Full: List Limited: Read | All resources |
CodeDeploy | Full: List, Read | All resources |
CodePipeline | Full: List, Read | All resources |
CodeStar | Full: List, Read | All resources |
Cognito Identity | Full: List, Read | All resources |
Cognito Sync | Full: List, Read | All resources |
Cognito User Pools | Full: List, Read | All resources |
Connect | Full: List Limited: Read | All resources |
Data Exchange | Full: List, Read Limited: Write | All resources |
Data Lifecycle Manager | Full: List Limited: Read | All resources |
Data Pipeline | Full: List, Read | All resources |
DataSync | Full: List, Read | All resources |
Device Farm | Full: List, Read | All resources |
Direct Connect | Full: List, Read | All resources |
Directory Service | Full: List, Read | All resources |
DMS | Full: List, Read | All resources |
DynamoDB | Full: List Limited: Read | All resources |
DynamoDBAccelerator | Full: List Limited: Read | All resources |
EC2 | Full: Read Limited: List | All resources |
EC2 Auto Scaling | Full: List, Read | All resources |
EC2 Messages | Full: Read | All resources |
EFS | Full: List Limited: Read | All resources |
EKS | Full: List, Read | All resources |
Elastic Beanstalk | Full: List, Read | All resources |
Elastic Container Registry | Full: List, Read | All resources |
Elastic Container Service | Full: List, Read | All resources |
Elastic Transcoder | Full: List, Read | All resources |
ElastiCache | Full: List, Read | All resources |
Elasticsearch Service | Full: List, Read | All resources |
ELB | Full: List, Read | All resources |
ELB v2 | Full: Read | All resources |
EMR | Full: List Limited: Read | All resources |
EventBridge | Full: List, Read | All resources |
Firehose | Full: List | All resources |
FSx | Full: Read | All resources |
GameLift | Full: List Limited: Read | All resources |
Glacier | Full: List, Read | All resources |
GlobalAccelerator | Full: List, Read | All resources |
Glue | Limited: Read | All resources |
GuardDuty | Full: List Limited: Read | All resources |
Health | Full: Read Limited: Permissions management | All resources |
IAM | Full: List, Read | All resources |
Import/Export | Full: List, Read | All resources |
loT | Full: List Limited: Read | All resources |
loT Analytics | Full: List Limited: Read | All resources |
loT Greengrass | Full: List, Read | All resources |
Kinesis | Full: List Limited: Read | All resources |
Kinesis Analytics | Full: List, Read | All resources |
Kinesis Analytics V2 | Full: List, Read | All resources |
Kinesis Video Streams | Full: List, Read | All resources |
KMS | Full: List, Read | All resources |
Lambda | Full: List, Read | All resources |
Lex | Full: List, Read | All resources |
Lightsail | Full: Read Limited: List | All resources |
Machine Learning | Full: List, Read | All resources |
MediaConvert | Full: List, Read | All resources |
MediaPackage | Full: Read | All resources |
Migration Hub | Full: List, Read | All resources |
Mobile Analytics | Full: Read | All resources |
Mobile Hub | Full: List, Read Limited: Write | All resources |
MQ | Full: List, Read | All resources |
MSK | Full: List, Read | All resources |
OpsWorks | Full: Read Limited: List | All resources |
OpsworksCM | Full: List | All resources |
Organizations | Full: List, Read | All resources |
Performance Insights | Full access | All resources |
Personalize | Full: List, Read Limited: Write | All resources |
Pinpoint | Limited: List, Read | All resources |
Pinpoint Email | Full: List, Read | All resources |
Polly | Full: List, Read | All resources |
RDS | Full: List, Read | All resources |
Redshift | Limited: List, Read | All resources |
Rekognition | Full: List Limited: Read | All resources |
Resource Access Manager | Full: List, Read | All resources |
Resource Group Tagging | Limited: Read | All resources |
Resource Groups | Full: List, Read | All resources |
RoboMaker | Full: List, Read | All resources |
Route 53 | Full: List, Read | All resources |
Route 53 Resolver | Full: List, Read | All resources |
Route53 Domains | Full: List, Read | All resources |
S3 | Full: List Limited: Read | All resources |
SageMaker | Full: List Limited: Read | All resources |
Secrets Manager | Full: List Limited: Read | All resources |
SecurityHub | Full: List, Read | All resources |
Serverless Application Rep... | Full: List, Read | All resources |
Service Catalog | Full: List Limited: Read | All resources |
Service Quotas | Full: Read | All resources |
SES | Full: List Limited: Read | All resources |
Shield | Full: List, Read | All resources |
SimpleDB | Full: List Limited: Read | All resources |
Snowball | Full: List, Read | All resources |
SNS | Full: List, Read | All resources |
SQS | Full: List, Read | All resources |
Step Functions | Full: List, Read | All resources |
Storage Gateway | Full: List, Read | All resources |
STS | Full: Read | All resources |
SWF | Full: List, Read | All resources |
Systems Manager | Full: List Limited: Read | All resources |
Transcribe | Full: List, Read | All resources |
Transfer | Full: List, Read | All resources |
Trusted Advisor | Full: Read | All resources |
WAF | Full: List, Read | All resources |
WAF Regional | Full: List, Read | All resources |
WorkDocs | Full: List Limited: Read | All resources |
WorkLink | Full: List, Read | All resources |
WorkMail | Full: List, Read | All resources |
Workspaces | Full: Read Limited: List | All resources |
X-Ray | Full: Read Limited: Permissions management | All resources |