AWS permissions control

The templates will create a few IAM roles and policies in order to work properly. Also, the templates will create management roles for Cloud One File Storage Security to manage the deployed resources. Cloud One File Storage Security allow users to control the created permissions.

Warning: Cloud One File Storage Security still requires basic permissions to work. Make sure you allow the required permissions.

Control permissions with permissions boundary

ThePermissionsBoundary parameter allows users to specify a managed policy ARN as a permissions boundary. This will limit the maximum number of permissions that the IAM roles created by the Cloud One File Storage Security can have.

See Permissions boundaries for IAM entities for more details.

Control permissions with additional policies

The AdditionalIAMPolicies parameter allows users to specify a comma-delimited list of managed policy ARNs. This list can be attached to the IAM roles created by the Cloud One File Storage Security.