1
AmazonSageMaker-ExecutionRole
AWS 서비스: sagemaker
AWS 머신러닝
s3권한, Cloudwatch , code commit , cognito-idp, ec2, fsx, glue,iam list role , kms, lambda list, log, robomaker , secretmanager , sns, ecr 연계됨
"iam:PassRole"
2
AmazonSSMRoleForAutomationAssumeQuickSetup
AWS 서비스: ssm
iam, ec2
"iam:PassRole",
3
AmazonSSMRoleForInstancesQuickSetup
AWS 서비스: ec2
ssm
ssmmessages
ec2message
4
AWS_Events_Invoke_Batch_Job_Queue
AWS 서비스: events
"batch:SubmitJob"
5
AWS_Events_Invoke_Event_Bus
AWS 서비스: events
"events:PutEvents"
6
AWS_InspectorEvents_Invoke_Assessment_Template
AWS 서비스: events
"inspector:StartAssessmentRun"
7
AWSBatchServiceRole
AWS 서비스: batch
"ec2:DescribeAccountAttributes",
"autoscaling:DescribeAccountLimits",
"ecs:DescribeClusters",
"logs:CreateLogGroup",
"iam:GetInstanceProfile",
"Action": "iam:PassRole",
"Action": "iam:CreateServiceLinkedRole",
8
AWSCloudFormationStackSetAdministrationRole
AWS 서비스: cloudformation
"Action": "sts:AssumeRole",
AWSCloudFormationStackSetExecutionRole
admin access
"Action": "*",
9
AWSServiceRoleForAccessAnalyzer
AWS 서비스: access-analyzer (서비스 연결 역할)
"ec2:DescribeAddresses",
"iam:GetRole",
"kms:DescribeKey",
"lambda:GetLayerVersionPolicy",
"organizations:DescribeAccount",
"s3:GetAccessPoint",
"sns:GetTopicAttributes",
"sqs:ListQueues"
10
AWSServiceRoleForAmazonEKS
AWS 서비스: eks (서비스 연결 역할)
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"iam:ListAttachedRolePolicies",
"logs:DescribeLogStreams"
11
AWSServiceRoleForAmazonEKSNodegroup
AWS 서비스: eks-nodegroup (서비스 연결 역할)
"ec2:RevokeSecurityGroupIngress",
"autoscaling:UpdateAutoScalingGroup",
"Action": "iam:CreateServiceLinkedRole",
"autoscaling:CreateOrUpdateTags",
"eks:cluster-name",
"Action": "iam:PassRole",
"ec2:CreateLaunchTemplate",
12
AWSServiceRoleForAmazonElasticFileSystem
AWS 서비스: elasticfilesystem (서비스 연결 역할)
"backup-storage:MountCapsule",
"ec2:CreateNetworkInterface",
"kms:DescribeKey"
"iam:CreateServiceLinkedRole"
13
AWSServiceRoleForAmazonGuardDuty
AWS 서비스: guardduty (서비스 연결 역할)
"ec2:DescribeInstances",
"organizations:ListAccounts",
"s3:GetBucketPublicAccessBlock",
14
AWSServiceRoleForAmazonInspector
AWS 서비스: inspector (서비스 연결 역할)
"directconnect:DescribeConnections",
"ec2:DescribeAvailabilityZones",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
15
AWSServiceRoleForAmazonMacie
AWS 서비스: macie (서비스 연결 역할)
"cloudtrail:DescribeTrails",
"iam:ListAccountAliases",
"organizations:DescribeAccount",
"s3:GetAccountPublicAccessBlock",
"cloudtrail:CreateTrail",
16
AWSServiceRoleForAmazonSSM
AWS 서비스: ssm (서비스 연결 역할)
"ssm:ListCommandInvocations",
"ec2:DescribeInstanceAttribute",
"lambda:InvokeFunction"
"resource-groups:ListGroups",
"cloudformation:DescribeStacks",
"tag:GetResources"
"config:SelectResourceConfig"
"support:DescribeTrustedAdvisorChecks",
"Action": "iam:PassRole",
17
AWSServiceRoleForApplicationAutoScaling_RDSCluster
AWS 서비스: rds.application-autoscaling (서비스 연결 역할)
"rds:AddTagsToResource",
"cloudwatch:PutMetricAlarm",
"iam:PassRole"
18
AWSServiceRoleForAutoScaling
AWS 서비스: autoscaling (서비스 연결 역할)
"ec2:AttachClassicLinkVpc",
"iam:PassRole"
"iam:CreateServiceLinkedRole"
"elasticloadbalancing:Register*",
"cloudwatch:DeleteAlarms",
"sns:Publish"
19
AWSServiceRoleForAWSCloud9
AWS 서비스: cloud9 (서비스 연결 역할)
"ec2:RunInstances",
"cloudformation:CreateStack",
"ssm:StartSession"
"iam:ListInstanceProfiles"
"iam:PassRole"
20
AWSServiceRoleForAWSLicenseManagerRole
AWS 서비스: license-manager (서비스 연결 역할)
"s3:GetBucketLocation",
"sns:Publish"
"ec2:DescribeInstances",
"ssm:ListInventoryEntries",
"organizations:ListAWSServiceAccessForOrganization",
"license-manager:GetServiceSettings",
21
AWSServiceRoleForBackup
AWS 서비스: backup (서비스 연결 역할)
"elasticfilesystem:Backup",
"tag:GetResources"
22
AWSServiceRoleForComputeOptimizer
AWS 서비스: compute-optimizer (서비스 연결 역할)
"compute-optimizer:*"
"organizations:DescribeOrganization",
"cloudwatch:GetMetricData"
23
AWSServiceRoleForConfig
AWS 서비스: config (서비스 연결 역할)
"acm:DescribeCertificate",
"application-autoscaling:DescribeScalableTargets",
"autoscaling:DescribeLifecycleHooks",
"backup:ListBackupPlans",
"cloudfront:ListTagsForResource",
"cloudformation:describeType",
"cloudtrail:GetEventSelectors",
"cloudwatch:DescribeAlarms",
"codepipeline:GetPipeline",
"config:BatchGet*",
"dax:DescribeClusters",
"dms:DescribeReplicationInstances",
"dynamodb:DescribeContinuousBackups",
"ec2:Describe*",
"eks:DescribeCluster",
"elasticache:DescribeCacheClusters",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeListeners",
"elasticmapreduce:DescribeCluster",
"es:DescribeElasticsearchDomain",
"guardduty:GetDetector",
"iam:GenerateCredentialReport",
"kms:DescribeKey",
"lambda:GetAlias",
"logs:DescribeLogGroups",
"organizations:DescribeOrganization",
"rds:DescribeDBClusters",
"redshift:DescribeClusterParameterGroups",
"s3:GetAccelerateConfiguration",
"sagemaker:DescribeEndpointConfig",
"secretsmanager:ListSecrets",
"shield:DescribeDRTAccess",
"sns:GetTopicAttributes",
"sqs:GetQueueAttributes",
"ssm:DescribeDocument",
"storagegateway:ListGateways",
"support:DescribeCases",
"waf:GetLoggingConfiguration",
"config:PutConfigRule",
"iam:GetRole"
"Action": "iam:PassRole",
"cloudformation:CreateStack",
24
AWSServiceRoleForEC2Spot
AWS 서비스: spot (서비스 연결 역할)
"ec2:DescribeInstances",
"iam:PassRole"
25
AWSServiceRoleForECS
AWS 서비스: ecs (서비스 연결 역할)
"ec2:AttachNetworkInterface",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"route53:ChangeResourceRecordSets",
"servicediscovery:DeregisterInstance",
"autoscaling:Describe*"
"cloudwatch:DeleteAlarms",
"logs:CreateLogGroup",
26
AWSServiceRoleForElastiCache
AWS 서비스: elasticache (서비스 연결 역할)
"ec2:CreateNetworkInterface",
"cloudwatch:PutMetricData",
"outposts:GetOutpost",
27
AWSServiceRoleForElasticLoadBalancing
AWS 서비스: elasticloadbalancing (서비스 연결 역할)
"ec2:DescribeAddresses",
"logs:CreateLogDelivery",
28
AWSServiceRoleForGlobalAccelerator
AWS 서비스: globalaccelerator (서비스 연결 역할)
"ec2:CreateNetworkInterface",
29
AWSServiceRoleForImageBuilder
AWS 서비스: imagebuilder (서비스 연결 역할)
"ec2:RunInstances"
"ssm:ListCommands",
"kms:Encrypt",
"Action": "sts:AssumeRole",
30
AWSServiceRoleForMigrationHub
AWS 서비스: migrationhub (서비스 연결 역할)
"discovery:ListConfigurations",
"ec2:DescribeInstanceAttribute"
31
AWSServiceRoleForNetworkManager
AWS 서비스: networkmanager (서비스 연결 역할)
"directconnect:DescribeConnections",
"ec2:DescribeCustomerGateways",
32
AWSServiceRoleForOrganizations
AWS 서비스: organizations (서비스 연결 역할)
"iam:DeleteRole"
"iam:CreateServiceLinkedRole"
33
AWSServiceRoleForRDS
AWS 서비스: rds (서비스 연결 역할)
"ec2:AuthorizeSecurityGroupIngress",
"sns:Publish"
"logs:CreateLogGroup"
"kinesis:CreateStream",
"cloudwatch:PutMetricData"
34
AWSServiceRoleForSecurityHub
AWS 서비스: securityhub (서비스 연결 역할)
"cloudtrail:DescribeTrails",
"logs:DescribeMetricFilters",
"sns:ListSubscriptionsByTopic",
"config:DescribeConfigurationRecorders",
"iam:GenerateCredentialReport",
35
AWSServiceRoleForSupport
AWS 서비스: support (서비스 연결 역할)
"apigateway:GET"
"iam:DeleteRole"
"a4b:getDevice",
"access-analyzer:getFinding",
"acm-pca:getCertificate",
"amplify:getApp",
"application-autoscaling:describeScalableTargets",
:
"workspaces:describeWorkspacesConnectionStatus"
36
AWSServiceRoleForTrustedAdvisor
AWS 서비스: trustedadvisor (서비스 연결 역할)
"autoscaling:DescribeAccountLimits",
"cloudformation:DescribeAccountLimits",
"dynamodb:DescribeLimits",
"ec2:DescribeAddresses",
"iam:GenerateCredentialReport",
"kinesis:DescribeLimits",
"rds:DescribeAccountAttributes",
"redshift:DescribeClusters",
"route53:GetHealthCheck",
"s3:GetBucketAcl",
"ses:GetSendQuota",
"sqs:ListQueues",
"cloudwatch:GetMetricStatistics",
"ce:GetReservationPurchaseRecommendation",
37
AWSServiceRoleForVPCTransitGateway
AWS 서비스: transitgateway (서비스 연결 역할)
"ec2:CreateNetworkInterface",
38
ecsInstanceRole
AWS 서비스: ec2
"ec2:DescribeTags",
"ecs:CreateCluster",
"ecr:GetAuthorizationToken",
"logs:CreateLogStream",
39
ecsTaskExecutionRole
AWS 서비스: ecs-tasks
"ecr:GetAuthorizationToken",
"logs:CreateLogStream",
40
eks-manage.role
AWS 서비스: eks
"autoscaling:DescribeAutoScalingGroups",
"ec2:AttachVolume",
"elasticloadbalancing:AddTags",
"kms:DescribeKey"
"ec2:CreateNetworkInterface",
"iam:ListAttachedRolePolicies",
"eks:UpdateClusterVersion"
"logs:CreateLogStream",
41
eksClusterRole
AWS 서비스: eks
"autoscaling:DescribeAutoScalingGroups",
"ec2:AuthorizeSecurityGroupIngress",
"elasticloadbalancing:AddTags",
"kms:DescribeKey"
"Action": "iam:CreateServiceLinkedRole",
42
eksServiceRole
AWS 서비스: eks
AmazonEKSClusterPolicy
AmazonEKSWorkerNodePolicy
AmazonEKSServicePolicy
AmazonEKS_CNI_Policy
AmazonEKSFargatePodExecutionRolePolicy
AmazonEKSClusterPolicy
"autoscaling:DescribeAutoScalingGroups",
"ec2:AttachVolume",
"elasticloadbalancing:AddTags",
"kms:DescribeKey"
43
AmazonEKSServicePolicy
"ec2:CreateNetworkInterface",
"iam:ListAttachedRolePolicies",
"eks:UpdateClusterVersion"
"Action": "route53:AssociateVPCWithHostedZone",
"logs:CreateLogStream",
"Action": "iam:CreateServiceLinkedRole",
44
AmazonEKS_CNI_Policy
"ec2:AssignPrivateIpAddresses",
45
AmazonEKSFargatePodExecutionRolePolicy
"ecr:GetAuthorizationToken",
46
Elastic_Transcoder_Default_Role
AWS 서비스: elastictranscoder
"s3:Put*",
"Action": "sns:Publish",
47
FirehosetoS3Role
AWS 서비스: firehose
"s3:AbortMultipartUpload",
48
flowlogsRole
AWS 서비스: vpc-flow-logs
"logs:CreateLogGroup",
VPC Flow-log가 cloudwatch log 에 저장된다.
cloudwatch log 를 미리 만들어야 한다.
감사합니다.