Built-in Policies
Policies define what actions an identity (user or API Key) that assumed a group can grant on resources like kits and S3 buckets. Astran AlwaysReady® includes several pre-defined policies linked to specific groups.
| Policy Name | Description | Linked Group |
|---|---|---|
| AstranAdmin | Full access to all kits, S3 resources, and IAM services. | astran-admin-user |
| AstranKitCreator | Create and modify kits, upload files, but no deletion rights. | astran-kit-creator-user |
| AstranStandardUser | Read-only access to kits, can upload data to checklists. | astran-standard-user |
| AstranIntegration | Manage API keys for integrations and upload data, no delete permissions. | astran-integration-user |
| AstranS3ReadOnlyAccess | View-only access to all S3 resources. | astran-s3-read-only |
Built-in policies define the actions and permissions associated. These policies are essential for controlling access to resources such as kits and S3-compatible APIs. These policies cannot be updated.
AstranAdmin
The AstranAdmin policy grants full access to all kits, S3 resources, and IAM (authorization) services. This policy is attached to the astran-admin-user group.
- ARN:
arn:astran:iam::astran:policy/AstranAdmin
AstranKitCreator
The AstranKitCreator policy allows users to create and modify kits and upload files to S3 resources, but it prohibits deletion of any resources. This policy is linked to the astran-kit-creator-user group.
- ARN:
arn:astran:iam::astran:policy/AstranKitCreator
AstranStandardUser
The AstranStandardUser policy allows users to view all kits and S3 resources and upload data related to executed checklists, but they cannot delete or modify any resources. This policy is connected to the astran-standard-user group.
- ARN:
arn:astran:iam::astran:policy/AstranStandardUser
AstranIntegration
The AstranIntegration policy enables users to upload data to kits and S3 resources and manage API keys for integrations. However, users with this policy cannot delete any files. This policy is associated with the astran-integration-user group.
- ARN:
arn:astran:iam::astran:policy/AstranIntegration
AstranS3ReadOnlyAccess
The AstranS3ReadOnlyAccess policy provides read-only access to all S3 resources, allowing users to view data without making any changes.
- ARN:
arn:astran:iam::astran:policy/AstranS3ReadOnlyAccess