Amazon Batch managed policy - Amazon Batch
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Batch managed policy

Amazon Batch provides a managed policy that you can attach to users that provides permission to use Amazon Batch resources and API operations. You can apply this policy directly, or you can use it as a starting point for creating your own policies. For more information about each API operation mentioned in these policies, see Actions in the Amazon Batch API Reference.


This policy allows full administrator access to Amazon Batch.

{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "batch:*", "cloudwatch:GetMetricStatistics", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeKeyPairs", "ec2:DescribeVpcs", "ec2:DescribeImages", "ec2:DescribeLaunchTemplates", "ec2:DescribeLaunchTemplateVersions", "ecs:DescribeClusters", "ecs:Describe*", "ecs:List*", "eks:DescribeCluster", "eks:ListClusters", "logs:Describe*", "logs:Get*", "logs:TestMetricFilter", "logs:FilterLogEvents", "iam:ListInstanceProfiles", "iam:ListRoles" ], "Resource":"*" }, { "Effect":"Allow", "Action":[ "iam:PassRole" ], "Resource":[ "arn:aws-cn:iam::*:role/AWSBatchServiceRole", "arn:aws-cn:iam::*:role/service-role/AWSBatchServiceRole", "arn:aws-cn:iam::*:role/ecsInstanceRole", "arn:aws-cn:iam::*:instance-profile/ecsInstanceRole", "arn:aws-cn:iam::*:role/iaws-ec2-spot-fleet-role", "arn:aws-cn:iam::*:role/aws-ec2-spot-fleet-role", "arn:aws-cn:iam::*:role/AWSBatchJobRole*" ] }, { "Effect":"Allow", "Action":[ "iam:CreateServiceLinkedRole" ], "Resource":"arn:aws-cn:iam::*:role/*Batch*", "Condition": { "StringEquals": { "iam:AWSServiceName": "" } } } ] }