Skip to content

AWS Batch user permissions requirements #3377

New issue
New issue
Open
Feature
Open
AWS Batch user permissions requirements#3377
Feature
Assignees
aj-emerich
Labels
area/docsIssues related to documentation, plugin examples, blueprints, and guideskind/customer-requestRequested by one or more customers
@paulgrainger85

Description

@paulgrainger85
paulgrainger85
opened on Nov 19, 2025

For the various task runners can we include the minimum role permissions required to create a job on them. For example, the below would be required for AWS Batch

We should have this for

  • AWS Batch
  • Google Cloud Run
  • Azure Batch

Kubernetes Task Runner already has the necessary role information in the plugin documentation

{
    "Statement": [
        {
            "Action": [
                "logs:DescribeLogGroups",
                "batch:TagResource",
                "batch:SubmitJob",
                "batch:RegisterJobDefinition",
                "batch:ListJobs",
                "batch:DescribeJobs",
                "batch:DescribeJobDefinitions",
                "batch:DescribeComputeEnvironments",
                "batch:DeregisterJobDefinition"
            ],
            "Effect": "Allow",
            "Resource": "*"
        },
          {
            "actions": ["iam:PassRole"],
            "resources": ["<executionRoleArn>", "<serviceRoleArn>", "<taskRoleArn>"],
            "effect": "Allow",
          },
        {
            "Action": "logs:StartLiveTail",
            "Effect": "Allow",
            "Resource": "arn:aws:logs:eu-central-1:<accountId>:log-group:/aws/batch/job"
        }
    ],
    "Version": "2012-10-17"
}

Metadata

Metadata

Assignees

Labels

area/docsIssues related to documentation, plugin examples, blueprints, and guideskind/customer-requestRequested by one or more customers

Type

Feature

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions