Resource: Amazon Batch managed policy
Amazon Batch provides a managed policy that you can attach to users. This policy provides permission to use Amazon Batch resources and API operations. You can apply this policy directly, or you can use it as a starting point for creating your own policies. For more information about each API operation mentioned in these policies, see Actions in the Amazon Batch API Reference.
AWSBatchFullAccess
This policy allows full administrator access to Amazon Batch.
{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "batch:*", "cloudwatch:GetMetricStatistics", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeKeyPairs", "ec2:DescribeVpcs", "ec2:DescribeImages", "ec2:DescribeLaunchTemplates", "ec2:DescribeLaunchTemplateVersions", "ecs:DescribeClusters", "ecs:Describe*", "ecs:List*", "eks:DescribeCluster", "eks:ListClusters", "logs:Describe*", "logs:Get*", "logs:TestMetricFilter", "logs:FilterLogEvents", "iam:ListInstanceProfiles", "iam:ListRoles" ], "Resource":"*" }, { "Effect":"Allow", "Action":[ "iam:PassRole" ], "Resource":[ "arn:aws-cn:iam::*:role/AWSBatchServiceRole", "arn:aws-cn:iam::*:role/service-role/AWSBatchServiceRole", "arn:aws-cn:iam::*:role/ecsInstanceRole", "arn:aws-cn:iam::*:instance-profile/ecsInstanceRole", "arn:aws-cn:iam::*:role/iaws-ec2-spot-fleet-role", "arn:aws-cn:iam::*:role/aws-ec2-spot-fleet-role", "arn:aws-cn:iam::*:role/AWSBatchJobRole*" ] }, { "Effect":"Allow", "Action":[ "iam:CreateServiceLinkedRole" ], "Resource":"arn:aws-cn:iam::*:role/*Batch*", "Condition": { "StringEquals": { "iam:AWSServiceName": "batch.amazonaws.com" } } } ] }