Built-in Policies
Policies define what actions an identity (user or API Key) that assumed a role can take on resources like kits and S3 buckets. Astran Continuity Cloud includes several pre-defined policies linked to specific roles.
| Policy Name | Description | Linked Role |
|---|---|---|
| AstranAdmin | Full access to all kits, S3 resources, and IAM services. | astran-admin |
| AstranKitCreator | Create and modify kits, upload files, but no deletion rights. | astran-kit-creator |
| AstranStandardUser | Read-only access to kits, can upload data to checklists. | astran-standard-user |
| AstranIntegration | Manage API keys for integrations and upload data, no delete permissions. | astran-integration |
| AstranS3ReadOnlyAccess | View-only access to all S3 resources. | astran-s3-read-only |
Built-in policies define the actions and permissions associated with each role. These policies are essential for controlling access to resources such as kits and S3-compatible APIs. These policies cannot be updated.
AstranAdmin
The AstranAdmin policy grants full access to all kits, S3 resources, and IAM (authorization) services. This policy is attached to the astran-admin role.
- ARN:
arn:astran:iam::astran:policy/AstranAdmin
AstranKitCreator
The AstranKitCreator policy allows users to create and modify kits and upload files to S3 resources, but it prohibits deletion of any resources. This policy is linked to the astran-kit-creator role.
- ARN:
arn:astran:iam::astran:policy/AstranKitCreator
AstranStandardUser
The AstranStandardUser policy allows users to view all kits and S3 resources and upload data related to executed checklists, but they cannot delete or modify any resources. This policy is connected to the astran-standard-user role.
- ARN:
arn:astran:iam::astran:policy/AstranStandardUser
AstranIntegration
The AstranIntegration policy enables users to upload data to kits and S3 resources and manage API keys for integrations. However, users with this policy cannot delete any files. This policy is associated with the astran-integration role.
- ARN:
arn:astran:iam::astran:policy/AstranIntegration
AstranS3ReadOnlyAccess
The AstranS3ReadOnlyAccess policy provides read-only access to all S3 resources, allowing users to view data without making any changes.
- ARN:
arn:astran:iam::astran:policy/AstranS3ReadOnlyAccess