Edit me

IAM Policy Minimum Permissions for the nOps Platform in YAML

The following yaml file shows the minimum permissions necessary for the nOps free platform.

NopsIntegrationPolicy:
    Type: AWS::IAM::Policy
    Properties:
      PolicyName: NopsIntegrationPolicy
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Action:
              - ce:GetSavingsPlansUtilizationDetails
              - ce:GetSavingsPlansUtilization
              - ce:GetSavingsPlansPurchaseRecommendation
              - ce:GetSavingsPlansCoverage
              - ce:GetReservationUtilization
              - ce:GetReservationPurchaseRecommendation
              - ce:GetReservationCoverage
              - ce:GetCostAndUsage
            Effect: Allow
            Resource: "*"
      Roles: [!Ref NopsIntegrationRole]

  NopsSystemBucketPolicy:
    Type: AWS::IAM::Policy
    Properties:
      PolicyName: NopsSystemBucketPolicy
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Action:
              - s3:*
            Resource:
              - !Sub "arn:aws:s3:::${SystemBucketID}"
              - !Sub "arn:aws:s3:::${SystemBucketID}/*"
              - !Sub "arn:aws:s3:::${SystemBucketID}-nops-${AWS::AccountId}"
              - !Sub "arn:aws:s3:::${SystemBucketID}-nops-${AWS::AccountId}/*"
      Roles: [!Ref NopsIntegrationRole]

Related articles
IAM permissions for the nOps platform
Back to top       Home
Tags: getting_started onboarding iam