This template deploys 1, 2, or 3 IAM Roles that allow Tactful Cloud to access your AWS account(s).
Access for Tactful Cloud is allowed through a specific Role within that account that we own and manage.
Account ID: 209355795568
Role: SupportUser
- Console Access
Role: SupportRole
- Resource Automation
If required for security and auditing purposes, these details will be logged within your AWS CloudTrail Logs.
Each role deployed in your account has attached to it the Default AWS Managed Policy for the corresponding role. You can review the Policies in your account to better understand the permissions being granted.
The following permission levels can be deployed with this template.
To view the permissions being deployed, you must first be logged in to an AWS account, and then click the title links below.
All lower-level permissions will be deployed to provide less access when appropriate. (View Only is always deployed. Read-Only will be deployed if Administrator is deployed)
This is so Tactful Cloud will always use the lowest level of permissions to complete a task.
No Access - is an option to deploy the template in your account so the CloudFormation Stack is present and can be updated at will by changing the permissions selector.
​View Only - access role allows limited view/read access without the ability to do things like look at S3 Objects
​Read-Only - access role - allows read access to all resources in the account
​Administrator - access role - allows Full administration access to all resources in the account
To deploy these resources into your AWS account(s) you must follow these steps.
Be logged into the AWS Account
Be in the region you wish to deploy this stack. TactfulCloud recommends US EAST (N. Virginia) us-east-1
From the same browser session click the Launch Stack button below for the desired deployment
Acknowledge (Check Box) in the CloudFormation Review window that this stack will deploy IAM Resources
Click the Create Button
USER NOTICE: By deploying this template into your AWS Account(s) you inherently agree to allowing Tactful Cloud Support Personnel to access your accounts with these permissions. Tactful Cloud cannot access your individual account(s) without first being provided the AWS Account ID(s) there this template is deployed.
Or you can download the template from http://aws-support.tactfulcloud.com/iam/tactfulcloud-support-access.yml to deploy manually.
To change or remove permissions temporarily follow these steps from within the AWS Console:
Change the region to where this template was originally deployed
Click on the stack name tactfulcloud-support-access
if it was not changed.
Select Update
Follow the default prompts, selecting from the drop-down the new level of permissions you would like to provide.
Complete prompts until you update the template.
Permissions will be modified accordingly and any previous resources will be removed if permissions have been lowered.
To completely remove the resources deployed follow these steps from within the AWS Console:
Change the region to where this template was originally deployed
Click on the stack name tactfulcloud-support-access
if it was not changed.
Select Delete
Follow the default prompts, to complete the removal of the template and all related deployed resources