Subscribe to Lumen Cloud Knowledge BaseContent
- Overview
- AWS Configuration Requirements
- AWS Managed Services Anywhere IAM Policy
- Supporting AWS Accounts in an Organization
Overview
This KB details the requirements of Lumen's Managed Services Anywhere (MSA) offering with customer provided AWS accounts.
AWS Configuration Requirements
- AWS IAM ARN with policy permissions applied
- Apply ARN to CAM provider that has been enabled for Managed Services Anywhere
- AWS Cost Explorer functionality enabled
- Enable AWS IAM profiles to access billing data
AWS Managed Services Anywhere IAM Policy
The below AWS IAM Policy is required for Managed Services Providers to provide access to review and take action on a customers behalf.
Customers are encouraged to create a separate IAM policy and add it to the existing Cloud Application Manager's Application Life Cycle management role as described here
Managed Services Anywhere AWS IAM Policy (as of May 7st, 2018)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"organizations:*",
"rds:*",
"cloudtrail:*",
"logs:*",
"autoscaling:*",
"ds:*",
"servicediscovery:*",
"cloudfront:*",
"route53domains:*",
"kms:*",
"events:*",
"directconnect:*",
"s3:*",
"cloudformation:*",
"elasticloadbalancing:*",
"autoscaling-plans:*",
"iam:*",
"trustedadvisor:*",
"cloudwatch:*",
"waf:*",
"ec2:*",
"waf-regional:*",
"ce:*",
"elasticache:*",
"acm:*",
"support:*",
"sts:AssumeRole"
],
"Resource": "*"
}
]
}
Supporting AWS Accounts in an Organization
- We support managed AWS accounts that are under an AWS Organization assuming the same requirements as independent accounts are meet at the Organizational account level.
