# FCM Roles and Policies

There are a number of roles required.

## Roles
### All Accounts
`fcm-analysis-[functionname]` - Permissions for the function, can be assumed by the master account `fcm-lambda-analysis-[functionname]`.
`fcm-remediation-[functionname]` - Permissions for the function, can be assumed by the master account `fcm-lambda-remediation-[functionname].

### Master Account
Master account has all of the "All Accounts" roles, plus:
`fcm-lambda-analysis-[functionname]` - Allows basic FCM lambda access and the ability to assumerole into the above roles in all accounts.
`fcm-lambda-remediation-[functionname]` - Allows basic FCM lambda access and the ability to assumerole into the above roles in all accounts.

## Policies

### All Accounts

### Master Account
`fcm-lambda-base` - Basic lambda functionality (cloudwatch log groups, etc)