Built-in Roles
Roles in Astran Continuity Cloud define levels of access and permissions. These built-in roles cannot be modified but can be easily assigned to manage access across different resources.
| Role Name | Description | Associated Policy |
|---|---|---|
| root | Unrestricted access to all resources. Full administrative privileges. | N/A |
| astran-admin | Full administrative access to all kits, S3 buckets, and IAM services. | AstranAdmin |
| astran-kit-creator | Create and modify kits, upload files but no deletion rights. | AstranKitCreator |
| astran-standard-user | Read-only access to kits and upload to executed checklists. | AstranStandardUser |
| astran-integration | Manage API keys and upload data for integrations. | AstranIntegration |
Built-in roles offer various levels of privileges. These roles are associated with predefined policies and are shared across all partitions. As such, these roles and policies cannot be modified or deleted, but they can be reused to manage permissions effectively.
Each role is evaluated within the context of the current account, ensuring that permissions are applied specifically to the resources belonging to that account.
root
The root role grants unrestricted access to all resources within an account. This role cannot be denied access or limited by any policies. The root user has full administrative privileges, similar to the root user in AWS IAM. This role is an internal role and does not appear in the listing of the Continuity Cloud Portal.
astran-admin
The astran-admin role is linked to the AstranAdmin built-in policy. It provides full administrative access to all kits, S3 buckets, and IAM (authorization services). Users with this role can manage and modify any resource within the account.
- ARN:
arn:astran:iam::astran:astran-admin - Policy:
arn:astran:iam::astran:policy/AstranAdmin
The role is typically assigned to the default-admin group.
astran-kit-creator
The astran-kit-creator role allows users to create and modify kits and upload files to S3 buckets. However, users with this role are not permitted to delete any files or resources. This role is connected to the AstranKitCreator policy.
- ARN:
arn:astran:iam::astran:astran-kit-creator - Policy:
arn:astran:iam::astran:policy/AstranKitCreator
The role is typically assigned to the default-kit-creator group.
astran-standard-user
The astran-standard-user role provides read-only access to kits and S3 buckets, allowing users to view the contents and upload data to executed checklists. Deletion and modification of kits are not allowed for this role. This role is tied to the AstranStandardUser policy.
- ARN:
arn:astran:iam::astran:astran-standard-user - Policy:
arn:astran:iam::astran:policy/AstranStandardUser
The role is typically assigned to the default-standard-user group.
astran-integration
The astran-integration role is designed for integration tasks. Users with this role can upload data to kits and buckets and manage API keys specifically for this role, but they cannot view or delete any content. This role is connected to the AstranIntegration policy.
- ARN:
arn:astran:iam::astran:astran-integration - Policy:
arn:astran:iam::astran:policy/AstranIntegration
The role is typically assigned to the default-integration group.