Description
Config-Driven Security Template - edge-prod medium-10
Infrastructure Summary
Total Resources
44
IAM Groups
10
Managed Policies
22
Service Roles
5
Assumable Roles
6
Cross-Account Roles
1
Resources
IAM Groups (10)
| Logical ID | Group Name | Managed Policies | Inline Policies |
|---|---|---|---|
| DataScientistsGroup | edge-prod-b001-group-data-scientists | 5 | 1 |
| DataEngineersGroup | edge-prod-b001-group-data-engineers | 6 | 1 |
| MlopsEngineersGroup | edge-prod-b001-group-mlops-engineers | 7 | 1 |
| MlEngineersGroup | edge-prod-b001-group-ml-engineers | 7 | 1 |
| AiGovernanceGroup | edge-prod-b001-group-ai-governance | 5 | 1 |
| SecurityTeamGroup | edge-prod-b001-group-security-team | 3 | 1 |
| BusinessConsumersGroup | edge-prod-b001-group-business-consumers | 2 | 0 |
| PlatformAdministratorsGroup | edge-prod-b001-group-platform-administrators | 1 | 0 |
| OperationsSupportGroup | edge-prod-b001-group-operations-support | 8 | 0 |
| QaTestingGroup | edge-prod-b001-group-qa-testing | 6 | 1 |
Service Roles (5)
| Logical ID | Role Name | Trusted Service | Managed Policies | Inline Policies |
|---|---|---|---|---|
| SagemakerExecutionRole | edge-prod-b001-role-sagemaker-execution | sagemaker.amazonaws.com | 3 | 0 |
| LambdaMlPipelineRole | edge-prod-b001-role-lambda-ml-pipeline | lambda.amazonaws.com | 3 | 0 |
| CodebuildServiceRole | edge-prod-b001-role-codebuild-service | codebuild.amazonaws.com | 2 | 0 |
| GlueEtlRole | edge-prod-b001-role-glue-etl | glue.amazonaws.com | 1 | 0 |
| CiCdDeploymentRole | edge-prod-b001-role-ci-cd-deployment-role | codepipeline.amazonaws.com, codebuild.amazonaws.com | 5 | 0 |
Cross-Account Roles (7)
| Logical ID | Role Name | Trusted Account | Managed Policies | Inline Policies |
|---|---|---|---|---|
| AmlEngineerRole | edge-prod-b001-role-aml-engineer | arn:aws:iam::716716271756:root | 6 | 0 |
| AdataScientistRole | edge-prod-b001-role-adata-scientist | arn:aws:iam::716716271756:root | 4 | 0 |
| AdataEngineerRole | edge-prod-b001-role-adata-engineer | arn:aws:iam::716716271756:root | 3 | 0 |
| AqaTestingRole | edge-prod-b001-role-aqa-testing | arn:aws:iam::716716271756:root | 5 | 0 |
| ModelApproverRole | edge-prod-b001-role-model-approver | arn:aws:iam::716716271756:root | 0 | 1 |
| SecurityAdminRole | edge-prod-b001-role-security-admin | arn:aws:iam::716716271756:root | 0 | 1 |
| DeploymentRole | edge-prod-b001-xacct-deployment-role | arn:aws:iam::716716271756:root | 1 | 1 |
Outputs
S3Level2ProjectBucketsOnlyPolicyArn
ARN of S3Level2ProjectBucketsOnlyPolicy
Reference: S3Level2ProjectBucketsOnlyPolicy
SagemakerLevel1ProdReadOnlyInvokePolicyArn
ARN of SagemakerLevel1ProdReadOnlyInvokePolicy
Reference: SagemakerLevel1ProdReadOnlyInvokePolicy
EcrLevel1ReadOnlyPolicyArn
ARN of EcrLevel1ReadOnlyPolicy
Reference: EcrLevel1ReadOnlyPolicy
KmsLevel1ReadOnlyPolicyArn
ARN of KmsLevel1ReadOnlyPolicy
Reference: KmsLevel1ReadOnlyPolicy
BedrockLevel1InvokeOnlyPolicyArn
ARN of BedrockLevel1InvokeOnlyPolicy
Reference: BedrockLevel1InvokeOnlyPolicy
CombinedOpsServicesReadOnlyPolicyArn
ARN of CombinedOpsServicesReadOnlyPolicy
Reference: CombinedOpsServicesReadOnlyPolicy
SagemakerLevel3ProdInvokePolicyArn
ARN of SagemakerLevel3ProdInvokePolicy
Reference: SagemakerLevel3ProdInvokePolicy
EcrLevel2DevReadWritePolicyArn
ARN of EcrLevel2DevReadWritePolicy
Reference: EcrLevel2DevReadWritePolicy
SagemakerLevel4CiDeployOnlyPolicyArn
ARN of SagemakerLevel4CiDeployOnlyPolicy
Reference: SagemakerLevel4CiDeployOnlyPolicy
CombinedCMlopsServicesCPolicyArn
ARN of CombinedCMlopsServicesCPolicy
Reference: CombinedCMlopsServicesCPolicy
PipelineLevel3ProjectCiPolicyArn
ARN of PipelineLevel3ProjectCiPolicy
Reference: PipelineLevel3ProjectCiPolicy
S3Level3ProjectBucketsFullPolicyArn
ARN of S3Level3ProjectBucketsFullPolicy
Reference: S3Level3ProjectBucketsFullPolicy
SagemakerLevel1ReadOnlyPolicyArn
ARN of SagemakerLevel1ReadOnlyPolicy
Reference: SagemakerLevel1ReadOnlyPolicy
PipelineLevel1ReadOnlyPolicyArn
ARN of PipelineLevel1ReadOnlyPolicy
Reference: PipelineLevel1ReadOnlyPolicy
LambdaLevel1InvokeOnlyPolicyArn
ARN of LambdaLevel1InvokeOnlyPolicy
Reference: LambdaLevel1InvokeOnlyPolicy
SagemakerLevel2DevInvokePolicyArn
ARN of SagemakerLevel2DevInvokePolicy
Reference: SagemakerLevel2DevInvokePolicy
CombinedAMlopsServicesAPolicyArn
ARN of CombinedAMlopsServicesAPolicy
Reference: CombinedAMlopsServicesAPolicy
CombinedBMlopsServicesBPolicyArn
ARN of CombinedBMlopsServicesBPolicy
Reference: CombinedBMlopsServicesBPolicy
LambdaLevel2DeployManagePolicyArn
ARN of LambdaLevel2DeployManagePolicy
Reference: LambdaLevel2DeployManagePolicy
S3Level1ReadOnlyPolicyArn
ARN of S3Level1ReadOnlyPolicy
Reference: S3Level1ReadOnlyPolicy
EcrLevel3CiReadWritePolicyArn
ARN of EcrLevel3CiReadWritePolicy
Reference: EcrLevel3CiReadWritePolicy
PipelineLevel2ProjectDevPolicyArn
ARN of PipelineLevel2ProjectDevPolicy
Reference: PipelineLevel2ProjectDevPolicy
SagemakerExecutionRoleArn
ARN of SagemakerExecutionRole
GetAtt: SagemakerExecutionRole.Arn
LambdaMlPipelineRoleArn
ARN of LambdaMlPipelineRole
GetAtt: LambdaMlPipelineRole.Arn
CodebuildServiceRoleArn
ARN of CodebuildServiceRole
GetAtt: CodebuildServiceRole.Arn
GlueEtlRoleArn
ARN of GlueEtlRole
GetAtt: GlueEtlRole.Arn
CiCdDeploymentRoleArn
ARN of CiCdDeploymentRole
GetAtt: CiCdDeploymentRole.Arn
AmlEngineerRoleArn
ARN of AmlEngineerRole
GetAtt: AmlEngineerRole.Arn
AdataScientistRoleArn
ARN of AdataScientistRole
GetAtt: AdataScientistRole.Arn
AdataEngineerRoleArn
ARN of AdataEngineerRole
GetAtt: AdataEngineerRole.Arn
AqaTestingRoleArn
ARN of AqaTestingRole
GetAtt: AqaTestingRole.Arn
ModelApproverRoleArn
ARN of ModelApproverRole
GetAtt: ModelApproverRole.Arn
SecurityAdminRoleArn
ARN of SecurityAdminRole
GetAtt: SecurityAdminRole.Arn
DeploymentRoleArn
ARN of DeploymentRole
GetAtt: DeploymentRole.Arn
DataScientistsGroupArn
ARN of DataScientistsGroup
GetAtt: DataScientistsGroup.Arn
DataEngineersGroupArn
ARN of DataEngineersGroup
GetAtt: DataEngineersGroup.Arn
MlopsEngineersGroupArn
ARN of MlopsEngineersGroup
GetAtt: MlopsEngineersGroup.Arn
MlEngineersGroupArn
ARN of MlEngineersGroup
GetAtt: MlEngineersGroup.Arn
AiGovernanceGroupArn
ARN of AiGovernanceGroup
GetAtt: AiGovernanceGroup.Arn
SecurityTeamGroupArn
ARN of SecurityTeamGroup
GetAtt: SecurityTeamGroup.Arn
BusinessConsumersGroupArn
ARN of BusinessConsumersGroup
GetAtt: BusinessConsumersGroup.Arn
PlatformAdministratorsGroupArn
ARN of PlatformAdministratorsGroup
GetAtt: PlatformAdministratorsGroup.Arn
OperationsSupportGroupArn
ARN of OperationsSupportGroup
GetAtt: OperationsSupportGroup.Arn
QaTestingGroupArn
ARN of QaTestingGroup
GetAtt: QaTestingGroup.Arn
SecurityProfile
Deployed security profile
medium-10
StackName
CloudFormation stack name
Reference: AWS::StackName