Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Resource: Amazon Batch managed policy
Amazon Batch provides a managed policy that you can attach to users. This policy provides permission to use Amazon Batch resources
and API operations. You can apply this policy directly, or you can use it as a starting point for creating your own
policies. For more information about each API operation mentioned in these policies, see Actions in the
Amazon Batch API Reference.
AWSBatchFullAccess
This policy allows full administrator access to Amazon Batch.
- JSON
-
-
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"batch:*",
"cloudwatch:GetMetricStatistics",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeKeyPairs",
"ec2:DescribeVpcs",
"ec2:DescribeImages",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeLaunchTemplateVersions",
"ecs:DescribeClusters",
"ecs:Describe*",
"ecs:List*",
"eks:DescribeCluster",
"eks:ListClusters",
"logs:Describe*",
"logs:Get*",
"logs:TestMetricFilter",
"logs:FilterLogEvents",
"iam:ListInstanceProfiles",
"iam:ListRoles"
],
"Resource":"*"
},
{
"Effect":"Allow",
"Action":[
"iam:PassRole"
],
"Resource":[
"arn:aws-cn:iam::*:role/AWSBatchServiceRole",
"arn:aws-cn:iam::*:role/service-role/AWSBatchServiceRole",
"arn:aws-cn:iam::*:role/ecsInstanceRole",
"arn:aws-cn:iam::*:instance-profile/ecsInstanceRole",
"arn:aws-cn:iam::*:role/iaws-ec2-spot-fleet-role",
"arn:aws-cn:iam::*:role/aws-ec2-spot-fleet-role",
"arn:aws-cn:iam::*:role/AWSBatchJobRole*"
]
},
{
"Effect":"Allow",
"Action":[
"iam:CreateServiceLinkedRole"
],
"Resource":"arn:aws-cn:iam::*:role/*Batch*",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "batch.amazonaws.com"
}
}
}
]
}