Turbot created roles in AWS

Roles created when provisioning an account

When provisioning an account in Turbot, there are roles that will automatically be created in the account. While particular roles are created each time Turbot is provisioned, others are dependent on specific Turbot policies. Created roles are shown below. If the role creation is tied to a Turbot policy, that is listed in parenthesis.

Special for the Turbot Master Account:

  • turbot_console: AWS service: ec2 (Attached to turbot worker and web instances)

In all other accounts:

  • turbot_metadata: Cross Account Read Only Role to your Turbot Master Account
  • turbot_superuser: Cross Account Admin Role to your Turbot Master Account
  • turbot_config: (Only setup if AWS > Config > Configuration Recording is set to Enforce: Enabled to Turbot logs)
  • turbot_vpc_flow_logs: (Only setup if AWS > VPC > VPC Flow Logs Configuration is set to Enforce: Turbot managed logging)
  • ec2_instance_default: (Name of role is defined in AWS > EC2 > Default EC2 Instance Profile Name)
  • maintenance_window: (Only setup if AWS > IAM > Turbot Maintenance Window Role is set to Enforce: Manage role)
Was this article helpful?
0 out of 0 found this helpful