resource Access Control Tags

This document is the reference point for tagging aws resource access controls. Please refer to Infra Tagging Guidance for the necessary context.

Overview

We define what it means to be the owner, admin, or user of a resource. Additionally, we define resource-specific requirements

comment

This is work in progress! In what follows, we define each role and its use-cases.

remove after this part after adding your modifications

Each subsection of this section should define an access level. Please use the following template to define your own.


Key	The key name
Value	Expected values
Example	Example value
Duties	Responsibilities of principals
Allowed Actions	Allowed actions (allowed aws api actions). You can give a summary and add a link to the policy
Use Cases	Use cases this role solve
Implications	Does the value imply something elsewhere?

Notes:

resource-specific: example How people connect to this instance, what happens?


Key	`ac:owner`
Value	On role’s `id:team` tag
Example	`ace-infra`
Duties	Dictate who should have access to which control.
Allowed Actions	No action (Notation Only)
Use Cases	On-call person knows who should ask to edit access levels
Implications	NA


Key	`ac:admin`
Value	delimitated list of roles `id:team` tags
Example	`:ace-infra:ace-data-engineering:`
Duties	Responsibilities of principals
Allowed Actions	Allowed actions (allowed aws api actions). You can give a summary and add a link to the policy
Use Cases	Use cases this role solve
Implications	Does the value imply something elsewhere?


Key	`ac:user`
Value	delimitated list of roles `id:team` tags
Example	`:ace-infra:ace-data-engineering:`
Duties	Responsibilities of principals
Allowed Actions	Allowed actions (allowed aws api actions). You can give a summary and add a link to the policy
Use Cases	Use cases this role solve
Implications	Does the value imply something elsewhere?

To be completed

Please refer to this for user-guides