Fume Role

Fume creates a role fume-role when you connect your cloud account.

Below are the permissions for the fume-role-policy.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "iam:*",
                "apigateway:*",
                "cloudfront:*",
                "cloudwatch:*",
                "logs:*",
                "route53domains:*",
                "route53:*",
                "s3:*",
                "lambda:*",
                "ecr:*",
                "ecr-public:*",
                "acm:*"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

Below are the trust relationships

{
    "Version": "2012-10-17",
        "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::751311555268:root"
            },
            "Action": "sts:AssumeRole"
        },
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "apigateway.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        },
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "lambda.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        },
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "datasync.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

You may view this role, its policy, and trust in your account here

Edit this page on GitHub
Go Migrating to Containers