Amazon Batch managed policy

Amazon Batch provides a managed policy that you can attach to users that provides permission to use Amazon Batch resources and API operations. You can apply this policy directly, or you can use it as a starting point for creating your own policies. For more information about each API operation mentioned in these policies, see Actions in the Amazon Batch API Reference.

AWSBatchFullAccess

This policy allows full administrator access to Amazon Batch.

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Effect":"Allow",
      "Action":[
        "batch:*",
        "cloudwatch:GetMetricStatistics",
        "ec2:DescribeSubnets",
        "ec2:DescribeSecurityGroups",
        "ec2:DescribeKeyPairs",
        "ec2:DescribeVpcs",
        "ec2:DescribeImages",
        "ec2:DescribeLaunchTemplates",
        "ec2:DescribeLaunchTemplateVersions",
        "ecs:DescribeClusters",
        "ecs:Describe*",
        "ecs:List*",
        "eks:DescribeCluster",
        "eks:ListClusters",
        "logs:Describe*",
        "logs:Get*",
        "logs:TestMetricFilter",
        "logs:FilterLogEvents",
        "iam:ListInstanceProfiles",
        "iam:ListRoles"
      ],
      "Resource":"*"
    },
    {
      "Effect":"Allow",
      "Action":[
        "iam:PassRole"
      ],
      "Resource":[
        "arn:aws-cn:iam::*:role/AWSBatchServiceRole",
        "arn:aws-cn:iam::*:role/service-role/AWSBatchServiceRole",
        "arn:aws-cn:iam::*:role/ecsInstanceRole",
        "arn:aws-cn:iam::*:instance-profile/ecsInstanceRole",
        "arn:aws-cn:iam::*:role/iaws-ec2-spot-fleet-role",
        "arn:aws-cn:iam::*:role/aws-ec2-spot-fleet-role",
        "arn:aws-cn:iam::*:role/AWSBatchJobRole*"
      ]
    },
    {
      "Effect":"Allow",
      "Action":[
        "iam:CreateServiceLinkedRole"
      ],
      "Resource":"arn:aws-cn:iam::*:role/*Batch*",
      "Condition": {
        "StringEquals": {
          "iam:AWSServiceName": "batch.amazonaws.com"
          }
      }
    }
  ]
}