Roles.md 855 B
FCM Roles and Policies
There are a number of roles required.
Roles
All Accounts
fcm-analysis-[functionname] - Permissions for the function, can be assumed by the master account fcm-lambda-analysis-[functionname].
fcm-remediation-[functionname] - Permissions for the function, can be assumed by the master account `fcm-lambda-remediation-[functionname].
Master Account
Master account has all of the "All Accounts" roles, plus:
fcm-lambda-analysis-[functionname] - Allows basic FCM lambda access and the ability to assumerole into the above roles in all accounts.
fcm-lambda-remediation-[functionname] - Allows basic FCM lambda access and the ability to assumerole into the above roles in all accounts.
Policies
All Accounts
Master Account
fcm-lambda-base - Basic lambda functionality (cloudwatch log groups, etc)