Skip to content

AST 1201 iam permissions

Create IAM User/Role and Assign Permissions

Create new IAM user or role for the ADP to Costpoint workflow with least-privilege permissions for AWS service access (Secrets Manager, S3, etc.) based on catalogued API usage.

Key details:

  • Use permissions list from TBD-01 assessment (AWS services only)
  • Create IAM policy with specific actions and resource ARNs
  • Include permissions for: AWS Secrets Manager access (for TBD-09 credentials), S3, other AWS services from PoC
  • Use IAM user with access keys (not role)
  • Store AWS credentials in Prefect AWS Credentials block (from prefect-aws) manually
  • Block naming convention: {customer-id}--aws-credentials
  • Document policy and credential storage location
  • Follow principle of least privilege
  • Note: This is for AWS service access, not ADP/Costpoint API credentials (see TBD-09)