Cross Account Role (CAR) is one of the IAM roles set by Datacoral before installation into user account. To read about how the roles are used by Datacoral Installation click here
The cross account role is further divided into three policies
Will be enabled all the time (i.e. whole life-cycle on the installation)
Will contain the least privileged describe and list policies on resources like Lambda, dynamodb, cloudformation. In addition, there will be privileges to read and query cloudwatch logs specific to the Datacoral installation.
Will provide Datacoral following capabilities:
- Trigger or reprocess operation on the connector
- Addition/update/removal of kinesis stream
- Write to dynamodb
- EC2 autoscaling for managing instances of QE/metabase/fileuploader
- Redshift cluster management
Software Upgrade Policy
Customers can provision this policy during the datacoral software upgrade period and decommission it after the upgrade is done. This will allow tighter control over the resource creation in the customer account.