mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
207 lines
4.1 KiB
Plaintext
207 lines
4.1 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * osd_planning/aws-ccs.adoc
|
|
|
|
:_mod-docs-content-type: REFERENCE
|
|
[id="ccs-aws-scp_{context}"]
|
|
= Minimum required service control policy (SCP)
|
|
|
|
[role="_abstract"]
|
|
Service control policy (SCP) management is the responsibility of the customer. These policies are maintained in the AWS Organization and control what services are available within the attached AWS accounts.
|
|
|
|
[cols="2a,2a,2a,2a",options="header"]
|
|
|
|
|===
|
|
| Required/optional
|
|
| Service
|
|
| Actions
|
|
| Effect
|
|
|
|
.15+| Required
|
|
|Amazon EC2 | All |Allow
|
|
|Amazon EC2 Auto Scaling | All |Allow
|
|
|Amazon S3| All |Allow
|
|
|Identity And Access Management | All |Allow
|
|
|Elastic Load Balancing | All |Allow
|
|
|Elastic Load Balancing V2| All |Allow
|
|
|Amazon CloudWatch | All |Allow
|
|
|Amazon CloudWatch Events | All |Allow
|
|
|Amazon CloudWatch Logs | All |Allow
|
|
|AWS Support | All |Allow
|
|
|AWS Key Management Service | All |Allow
|
|
|AWS Security Token Service | All |Allow
|
|
|AWS Resource Tagging | All |Allow
|
|
|AWS Route53 DNS | All |Allow
|
|
|AWS Service Quotas | ListServices
|
|
|
|
GetRequestedServiceQuotaChange
|
|
|
|
GetServiceQuota
|
|
|
|
RequestServiceQuotaIncrease
|
|
|
|
ListServiceQuotas
|
|
| Allow
|
|
|
|
|
|
.3+|Optional
|
|
|
|
| AWS Billing
|
|
| ViewAccount
|
|
|
|
Viewbilling
|
|
|
|
ViewUsage
|
|
| Allow
|
|
|
|
|AWS Cost and Usage Report
|
|
|All
|
|
|Allow
|
|
|
|
|AWS Cost Explorer Services
|
|
|All
|
|
|Allow
|
|
|
|
|
|
|===
|
|
|
|
// TODO: Need some sort of intro into whatever this is
|
|
[source,json]
|
|
----
|
|
{
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"ec2:*"
|
|
],
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"autoscaling:*"
|
|
],
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"s3:*"
|
|
],
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"iam:*"
|
|
],
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"elasticloadbalancing:*"
|
|
],
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"cloudwatch:*"
|
|
],
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"events:*"
|
|
],
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"logs:*"
|
|
],
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"support:*"
|
|
],
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"kms:*"
|
|
],
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"sts:*"
|
|
],
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"tag:*"
|
|
],
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"route53:*"
|
|
],
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"servicequotas:ListServices",
|
|
"servicequotas:GetRequestedServiceQuotaChange",
|
|
"servicequotas:GetServiceQuota",
|
|
"servicequotas:RequestServiceQuotaIncrease",
|
|
"servicequotas:ListServiceQuotas"
|
|
],
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
}
|
|
]
|
|
}
|
|
----
|