Resources created for Amazon DevOps Agent activated from Amazon Web Services Support
Activation from the Support Center Console creates the following resources in
us-east-1. Replace ACCOUNT_ID with your
12-digit Amazon Web Services account ID. The role suffix is a
12-character identifier derived from the agent space.
Amazon Web Services service |
Resource type |
Resource name |
Trust scope |
Permissions granted |
|---|---|---|---|---|
Amazon DevOps Agent |
Agent space |
|
Not applicable |
Container for the account association, operator web app configuration, and data the agent generates while it operates. |
Amazon Identity and Access Management (IAM) |
Role |
|
Trusted by |
Grants the agent the read-only investigation permissions
across Amazon Web Services services that it needs to investigate resources in your
account. Permissions come from the Amazon-managed
|
Amazon Identity and Access Management (IAM) |
Role |
|
Trust policy scoped to a specific agent space, so only that agent space's operator web app can assume it. |
Grants the operator web app the permissions it needs for
chat, journal, recommendations, and Amazon Web Services Support integration. Permissions
come from the Amazon-managed
|
Amazon Identity and Access Management (IAM) |
Customer-managed policy |
|
Attached to the
|
Grants |
The Support Center Console activation doesn't create resources in any other Amazon Web Services Region.