The templates will create a few IAM roles and policies in order
to work properly. Also, the templates will create
management roles for Cloud One File Storage Security
to manage the deployed resources. Cloud One File
Storage Security allow users to control the created
permissions.
Warning: Cloud One File Storage Security still requires basic permissions to work. Make sure you allow the required permissions.
Control permissions with permissions boundary
The
PermissionsBoundary
parameter allows users to specify a managed policy
ARN as a permissions boundary. This will limit the
maximum number of permissions that the IAM roles
created by the Cloud One File Storage Security can
have.See Permissions boundaries for IAM entities
for more details.
Control permissions with additional policies
The
AdditionalIAMPolicies
parameter allows users to specify a
comma-delimited list of managed policy ARNs. This
list can be attached to the IAM roles created by
the Cloud One File Storage Security.