MontyCloud DAY2 ensures a least-privileged permission model across our platform operations. Our aim is to ensure that our customers are in complete control of the permissions and have access to the granular scope of every operation.
The MontyCloud DAY2 IAM roles in the AWS Account are associated with the least permissions along with the AWS Managed policies recommended by AWS.
The following IAM roles are created in the AWS account and assist with each of the following only with prior consent.
The AWS services used by our features include the following:
Core Platform (Onboarding & Continuous Discovery)
CloudWatch Events, S3, CloudTrail, Resource Groups + TaggingServer Management
Systems Manager (Automation, Run Command, State Manager, Patch Policy, Resource Data Sync, Session Manager), S3, AMI, EC2Blueprints
CloudFormation, SSM (Automation), other resources and services vary based on the blueprint being launched.Application Management
CloudWatch Alarm, S3, CloudFormation, SSM (Automation)Compliance Bot
AWS Config, SSM (Parameter Store, Automation), CloudWatch Events, SNS
Write to support@montycloud.com if you want to understand the IAM permissions for the above features in detail.