Datacoral cross account role policy

Cross Account Role (CAR) is one of the IAM roles set by Datacoral before installation into user account. To read about how the roles are used by Datacoral Installation click here

The cross account role is further divided into three policies

Monitoring Policy

Will be enabled all the time (i.e. whole life-cycle on the installation)

Will contain the least privileged describe and list policies on resources like Lambda, dynamodb, cloudformation. In addition, there will be privileges to read and query cloudwatch logs specific to the Datacoral installation.

Administration policy

Will provide Datacoral following capabilities:

  • Trigger or reprocess operation on the connector
  • Addition/update/removal of kinesis stream
  • Write to dynamodb
  • EC2 autoscaling for managing instances of QE/metabase/fileuploader
  • Redshift cluster management

Software Upgrade Policy

Customers can provision this policy during the datacoral software upgrade period and decommission it after the upgrade is done. This will allow tighter control over the resource creation in the customer account.