IAM Role AWS Permissions

To use CloudYali with your AWS account, you will need to grant certain IAM permissions. These permissions are read-only by default and can be found in the CloudFormation Stack file provided by CloudYali.

Please ensure that you review the list of permissions before granting them to ensure they meet your security and compliance requirements.

Permission Descriptions

Below is a line-by-line description of each permission requested.

Permission
a4b:Get*
a4b:List*
acm:Describe*
acm:Get*
acm:List*
acm-pca:List*
airflow:Get*
airflow:List*
amplify:List*
amplify:Get*
apigateway:Get*
appflow:List*
appflow:Describe*
application-autoscaling:Describe*
applicationinsights:Describe*
applicationinsights:List*
appmesh:Describe*
appmesh:List*
apprunner:Describe*
apprunner:List*
appstream:Describe*
appstream:Get*
appstream:List*
appsync:Get*
appsync:List*
aps:Describe*
aps:Get*
aps:List*
athena:List*
athena:Batch*
athena:Get*
autoscaling-plans:Describe*
autoscaling:Describe*
auditmanager:Get*
backup:Describe*
backup:Get*
backup:List*
batch:List*
batch:Describe*
braket:Get*
budgets:Describe*
ce:Describe*
ce:Get*
ce:List*
chatbot:Describe*
chatbot:Get*
chime:Get*
chime:List*
cloud9:Describe*
cloud9:List*
clouddirectory:List*
clouddirectory:Get*
cloudformation:Describe*
cloudformation:Get*
cloudformation:List*
cloudfront:Get*
cloudfront:List*
cloudhsm:List*
cloudhsm:Describe*
cloudhsm:Get*
cloudsearch:Describe*
cloudsearch:List*
cloudtrail:Describe*
cloudtrail:Get*
cloudtrail:List*
cloudtrail:LookupEvents
cloudwatch:Describe*
cloudwatch:Get*
cloudwatch:List*
codeartifact:Describe*
codeartifact:Get*
codeartifact:List*
codebuild:BatchGet*
codebuild:List*
codecommit:BatchGet*
codecommit:Get*
codecommit:List*
codedeploy:BatchGet*
codedeploy:Get*
codedeploy:List*
codeguru-profiler:Describe*
codeguru-profiler:Get*
codeguru-profiler:List*
codeguru-reviewer:Describe*
codeguru-reviewer:Get*
codeguru-reviewer:List*
codepipeline:List*
codepipeline:Get*
cloudshell:Get*
codestar:List*
codestar:Describe*
codestar:Get*
codestar-notifications:List*
cognito-identity:List*
cognito-identity:Describe*
cognito-identity:Lookup*
cognito-sync:List*
cognito-sync:Describe*
cognito-sync:Get*
cognito-sync:QueryRecords
cognito-idp:AdminGet*
cognito-idp:AdminList*
cognito-idp:List*
cognito-idp:Describe*
cognito-idp:Get*
comprehend:Describe*
comprehend:List*
comprehendmedical:Describe*
comprehendmedical:List*
compute-optimizer:Describe*
compute-optimizer:Get*
config:Describe*
config:Get*
config:List*
connect:List*
connect:Describe*
connect:Get*
dataexchange:List*
datapipeline:Describe*
datapipeline:Get*
datapipeline:List*
datasync:Describe*
datasync:List*
dax:Describe*
dax:Get*
dax:List*
deepcomposer:Get*
deepcomposer:List*
detective:Get*
detective:List*
devicefarm:List*
devicefarm:Get*
devops-guru:Describe*
devops-guru:List*
directconnect:Describe*
discovery:Describe*
discovery:List*
discovery:Get*
dlm:Get*
dlm:List*
dms:Describe*
dms:List*
ds:Check*
ds:Describe*
ds:Get*
ds:List*
ds:Verify*
dynamodb:Describe*
dynamodb:Get*
dynamodb:List*
ec2:Describe*
ec2:Get*
ec2messages:Get*
ecr:Describe*
ecr:Get*
ecr:List*
ecs:Describe*
ecs:List*
ecr-public:Describe*
ecr-public:List*
ecr-public:Get*
elastic-inference:Describe*
elastic-inference:List*
elasticfilesystem:Describe*
elasticfilesystem:List*
eks:Describe*
eks:List*
elasticache:Describe*
elasticache:List*
elasticbeanstalk:Describe*
elasticbeanstalk:List*
elasticfilesystem:Describe*
elasticloadbalancing:Describe*
elasticmapreduce:Describe*
elasticmapreduce:List*
elastictranscoder:List*
elemental-appliances-software:Get*
elemental-appliances-software:List*
es:Describe*
es:List*
es:Get*
events:Describe*
events:List*
firehose:Describe*
firehose:List*
fis:Get*
fis:List*
fms:Get*
fms:List*
forecast:Describe*
freertos:Describe*
freertos:List*
fsx:Describe*
fsx:List*
gamelift:List*
gamelift:Get*
gamelift:Describe*
geo:Describe*
geo:Get*
geo:List*
glacier:List*
glacier:Describe*
glacier:Get*
globalaccelerator:Describe*
globalaccelerator:List*
glue:Get*
glue:List*
grafana:Describe*
grafana:List*
greengrass:Describe*
greengrass:Get*
greengrass:List*
groundstation:Describe*
groundstation:Get*
groundstation:List*
guardduty:Describe*
guardduty:Get*
guardduty:List*
health:Describe*
healthlake:Describe*
healthlake:Get*
healthlake:List*
iam:Get*
iam:List*
imagebuilder:Get*
imagebuilder:List*
importexport:Get*
importexport:List*
inspector:Describe*
inspector:Get*
inspector:List*
iot:Describe*
iot:Get*
iot:List*
iotanalytics:Describe*
iotanalytics:List*
iotanalytics:Get*
iotevents:Describe*
iotevents:List*
iotfleethub:Describe*
iotsitewise:Describe*
iotsitewise:Get*
iotsitewise:List*
iotwireless:Get*
iotwireless:List*
ivs:Get*
ivs:List*
kafka:Describe*
kafka:Get*
kafka:List*
kendra:Describe*
kendra:List*
kinesis:Describe*
kinesis:Get*
kinesis:List*
kinesisanalytics:Describe*
kinesisanalytics:Discover*
kinesisanalytics:Get*
kinesisanalytics:List*
kinesisvideo:Describe*
kinesisvideo:Get*
kinesisvideo:List*
kms:Describe*
kms:Get*
kms:List*
lambda:List*
lambda:Get*
lex:Get*
lex:List*
license-manager:Get*
license-manager:List*
lightsail:Get*
logs:Describe*
logs:Get*
logs:FilterLogEvents
logs:List*
lookoutvision:Describe*
lookoutvision:List*
machinelearning:Describe*
machinelearning:Get*
macie:List*
macie2:Describe*
macie2:List*
macie2:Get*
mediaconnect:Describe*
mediaconnect:List*
mediaconvert:Describe*
mediaconvert:Get*
mediaconvert:List*
medialive:Describe*
medialive:List*
mediapackage:Describe*
mediapackage:List*
mediastore:Describe*
mediastore:Get*
mediastore:List*
mediatailor:Get*
mediatailor:List*
mgh:Describe*
mgh:Get*
mgh:List*
mgn:Describe*
mgn:Get*
mobileanalytics:Get*
mobilehub:Describe*
mobilehub:Get*
mobilehub:List*
mobiletargeting:Get*
mq:Describe*
mq:List*
network-firewall:Describe*
network-firewall:List*
networkmanager:Describe*
networkmanager:Get*
opsworks:Describe*
opsworks:Get*
opsworks-cm:Describe*
opsworks-cm:List*
organizations:Describe*
organizations:List*
outposts:Get*
outposts:List*
personalize:Describe*
personalize:Get*
personalize:List*
pi:Describe*
pi:Get*
polly:Describe*
polly:Get*
polly:List*
quicksight:Describe*
quicksight:Get*
quicksight:List*
qldb:Describe*
qldb:List*
ram:Get*
ram:List*
rekognition:List*
rds:Describe*
rds:List*
redshift:Describe*
resource-groups:Get*
resource-groups:List*
robomaker:Describe*
robomaker:Get*
robomaker:List*
route53:Get*
route53:List*
route53domains:Get*
route53domains:List*
route53resolver:List*
s3:Get*
s3:List*
sagemaker:Describe*
sagemaker:List*
savingsplans:Describe*
savingsplans:List*
schemas:Describe*
schemas:Get*
schemas:List*
sdb:Get*
sdb:List*
securityhub:Describe*
securityhub:Get*
securityhub:List*
secretsmanager:List*
serverlessrepo:List*
serverlessrepo:Get*
servicecatalog:List*
servicecatalog:Describe*
servicediscovery:Get*
servicediscovery:List*
servicequotas:Get*
servicequotas:List*
ses:Get*
ses:List*
ses:Describe*
signer:Describe*
signer:Get*
signer:List*
shield:Describe*
shield:List*
sms-voice:List*
sms-voice:Get*
snowball:Get*
snowball:Describe*
snowball:List*
sns:Get*
sns:List*
sqs:Get*
sqs:List*
ssm:Describe*
ssm:Get*
ssm:List*
ssm-contacts:Describe*
ssm-contacts:Get*
ssm-contacts:List*
ssm-incidents:Get*
ssm-incidents:List*
states:List*
states:Describe*
states:Get*
storagegateway:Describe*
storagegateway:List*
sts:Get*
sso-directory:Describe*
sso-directory:List*
sso:Describe*
sso:Get*
sso:List*
swf:Describe*
swf:Get*
swf:List*
synthetics:Describe*
synthetics:Get*
synthetics:List*
tag:Get*
timestream:Describe*
timestream:List*
transcribe:Get*
transcribe:List*
transfer:Describe*
transfer:List*
translate:Describe*
translate:Get*
translate:List*
trustedadvisor:Describe*
waf:Get*
waf:List*
wafv2:Describe*
wafv2:Get*
wafv2:List*
waf-regional:List*
waf-regional:Get*
workdocs:Describe*
workdocs:Get*
workmail:Describe*
workmail:Get*
workmail:List*
workspaces:Describe*
xray:BatchGet*
xray:Get*