Full List of Resources Deployed during the deployment of FinOps Center:
Logical |
Services |
---|---|
accountbudgetlambdarole77006F98 |
AWS::IAM::Role |
accountbudgetlambdaroleDefaultPolicy4FB21BEA |
AWS::IAM::Policy |
AccountBudgetTable0C66D07B |
AWS::DynamoDB::Table |
AccountMapping4D0F5AFB |
AWS::DynamoDB::Table |
AccountToElement1Mapping752D6570 |
AWS::DynamoDB::Table |
AccountMapping4D0F5AFB |
AWS::DynamoDB::Table |
AccountToElement1Mapping752D6570 |
AWS::DynamoDB::Table |
AccountToElement2MappingC5E21C49 |
AWS::DynamoDB::Table |
AccountToElement3MappingA58D0E58 |
AWS::DynamoDB::Table |
AccountToElement4Mapping7A6110D3 |
AWS::DynamoDB::Table |
Admins |
AWS::Cognito::UserPoolGroup |
adminUser |
AWS::Cognito::UserPoolUser |
ApprovedBudgetsTableA2AC60E6 |
AWS::DynamoDB::Table |
athenaexecutionrole33E3CAB2 |
AWS::IAM::Role |
athenaexecutionroleDefaultPolicy7907B333 |
AWS::IAM::Policy |
AthenaPolicyCADD8C34 |
AWS::IAM::ManagedPolicy |
athenatemp87F857C8 |
AWS::S3::Bucket |
AWS679f53fac002430cb0da5b7982bd22872D164C4C |
AWS::Lambda::Function |
AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2 |
AWS::IAM::Role |
BucketNotificationsHandler050a0587b7544547bf325f094a3db8347ECC3691 |
AWS::Lambda::Function |
BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC |
AWS::IAM::Role |
BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36 |
AWS::IAM::Policy |
budgetApprovalLambdaHandlerD5A8C414 |
AWS::Lambda::Function |
budgetApprovalLambdaHandlerServiceRole57D52BE3 |
AWS::IAM::Role |
budgetApprovalLambdaHandlerServiceRoleDefaultPolicyDE143198 |
AWS::IAM::Policy |
BudgetApprovalStateMachine749086CB |
AWS::StepFunctions::StateMachine |
BudgetApprovalStateMachineRole7D20BD03 |
AWS::IAM::Role |
BudgetApprovalStateMachineRoleDefaultPolicyF89BE0F0 |
AWS::IAM::Policy |
BudgetApprovalWorkflow471D8ADC |
AWS::DynamoDB::Table |
BudgetsFromSOR1281753B |
AWS::DynamoDB::Table |
budgetTriggerLambdaHandler47313A97 |
AWS::Lambda::Function |
budgetTriggerLambdaHandlerServiceRoleB543531A |
AWS::IAM::Role |
budgetTriggerLambdaHandlerServiceRoleDefaultPolicyDD9AEFCA |
AWS::IAM::Policy |
BUManagers |
AWS::Cognito::UserPoolGroup |
CDKMetadata |
AWS::CDK::Metadata |
curExtractorLambdaHandler527EA93F |
AWS::Lambda::Function |
curExtractorLambdaHandlerAllowS3InvocationDD55202D |
AWS::Lambda::Permission |
CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536 |
AWS::Lambda::Function |
CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265 |
AWS::IAM::Role |
CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF |
AWS::IAM::Policy |
DepartmentManagers |
AWS::Cognito::UserPoolGroup |
Element1Mapping4380F9B0 |
AWS::DynamoDB::Table |
Element2MappingE36F9FE4 |
AWS::DynamoDB::Table |
Element3Mapping4C6A994A |
AWS::DynamoDB::Table |
Element4Mapping2FFF5F38 |
AWS::DynamoDB::Table |
executionroleD9A39BE6 |
AWS::IAM::Role |
executionroleDefaultPolicy497F11A3 |
AWS::IAM::Policy |
FinancialAdmins |
AWS::Cognito::UserPoolGroup |
FinOpsCenterAccountBudgetLambdaHandler8229024E |
AWS::Lambda::Function |
FinOpsCenterAuthenticationLambdaHandler7B901A70 |
AWS::Lambda::Function |
FinOpsCenterAuthenticationLambdaHandlerServiceRoleDefaultPolicy9C018194 |
AWS::IAM::Policy |
FinOpsCenterAuthenticationLambdaHandlerServiceRoleF2924748 |
AWS::IAM::Role |
FinOpsCenterBudgetAllocationApi830C7F83 |
AWS::AppSync::GraphQLApi |
FinOpsCenterBudgetAllocationApiauthenticationLambdaDatasource22C76159 |
AWS::AppSync::DataSource |
FinOpsCenterBudgetAllocationApiauthenticationLambdaDatasourceServiceRole8F2BC046 |
AWS::IAM::Role |
FinOpsCenterBudgetAllocationApiauthenticationLambdaDatasourceServiceRoleDefaultPolicyABAF4045 |
AWS::IAM::Policy |
FinOpsCenterBudgetAllocationApibudgetApprovalLambdaDatasourceA40E713B |
AWS::AppSync::DataSource |
FinOpsCenterBudgetAllocationApibudgetApprovalLambdaDatasourceServiceRole5098C713 |
AWS::IAM::Role |
FinOpsCenterBudgetAllocationApibudgetApprovalLambdaDatasourceServiceRoleDefaultPolicy9EC99F1C |
AWS::IAM::Policy |
FinOpsCenterBudgetAllocationApicanCloseMonthResolver2E01B50A |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApichangePasswordResolver3C958E69 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApicompletePasswordChallengeResolver30910FB5 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApiconfirmPasswordResolverFDF56F2F |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApicreateAccountMappingResolver7B079C58 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApicreateAllocationResolver225FB95A |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApicreateBudgetResolver64D61C0E |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApicreateInvoiceResolver43BD5274 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApicreateOrUpdateDashboardResolverA81AB980 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApicreateOrUpdateSpaceDetailsResolver537D1657 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApicreateOrUpdateUserToBudgetAccessResolverE080EDB5 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApicreateUserMappingResolver7D63193A |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApicreateUserResolverA1E605E3 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApidefaultApiKey300A2538 |
AWS::AppSync::ApiKey |
FinOpsCenterBudgetAllocationApideleteAllocationResolver4650763F |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApiforgotPasswordResolver42502E8F |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApigetAllBudgetsNewResolverC85C0932 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApigetAllBudgetsResolverB935009A |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApigetDashboardListResolver72B95653 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApigetInvoicesResolverC4F37F86 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApigetLastRunCurResolver24E9B10E |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApigetPeriodCardsForUserResolver2086F8FC |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApigetQuickSightDashboardUrlResolverE9D8DE12 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApigetSorListByYearResolverCD447711 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApigetSorMappingResolverDD843F7B |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApigetTimeCardsForUserResolver4FC1F4CD |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApigetUnallocatedAccountsResolver3432E36F |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApigetUsageActualsForUserResolverDBEAA204 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApigetUsageDetailsForUserNewResolver746CB582 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApigetUsageDetailsForUserResolver6EF10137 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApigetUsageStatsResolverAED9AFEA |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApigetUserMappingToBudgetsAndAccountsResolverAA475845 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApiinvoiceLambdaDatasource999FAA93 |
AWS::AppSync::DataSource |
FinOpsCenterBudgetAllocationApiinvoiceLambdaDatasourceServiceRole833AADEB |
AWS::IAM::Role |
FinOpsCenterBudgetAllocationApiinvoiceLambdaDatasourceServiceRoleDefaultPolicyAD0CDF57 |
AWS::IAM::Policy |
FinOpsCenterBudgetAllocationApilambdaDatasourceAB665C33 |
AWS::AppSync::DataSource |
FinOpsCenterBudgetAllocationApilambdaDatasourceServiceRole7144E454 |
AWS::IAM::Role |
FinOpsCenterBudgetAllocationApilambdaDatasourceServiceRoleDefaultPolicy440E4797 |
AWS::IAM::Policy |
FinOpsCenterBudgetAllocationApilistAccountMappingResolver34043668 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApilistAccountsResolver56E8C48D |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApilistAllocationsResolver6165ADBD |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApilistGroupsResolverDCFF3E28 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApilistSpacesResolver60ED72B7 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApilistUserBudgetAllocationsResolver78C6B1CF |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApilistUserMappingResolverC3FFF016 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApilistUsersResolver8B930FB7 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApiloginUserResolver48621D0D |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApimonthCloseResolver17AA178F |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApiquickSightLambdaDatasource42753279 |
AWS::AppSync::DataSource |
FinOpsCenterBudgetAllocationApiquickSightLambdaDatasourceServiceRole9A3B29C1 |
AWS::IAM::Role |
FinOpsCenterBudgetAllocationApiquickSightLambdaDatasourceServiceRoleDefaultPolicy21D8C2A6 |
AWS::IAM::Policy |
FinOpsCenterBudgetAllocationApireviewBudgetResolverB4A7AD9A |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApischedulerLambdaDatasourceDF97F9B9 |
AWS::AppSync::DataSource |
FinOpsCenterBudgetAllocationApischedulerLambdaDatasourceServiceRole0E24BE0C |
AWS::IAM::Role |
FinOpsCenterBudgetAllocationApischedulerLambdaDatasourceServiceRoleDefaultPolicy8D806BF5 |
AWS::IAM::Policy |
FinOpsCenterBudgetAllocationApiSchema6D45E612 |
AWS::AppSync::GraphQLSchema |
FinOpsCenterBudgetAllocationApisorMappingResolver822F3A5B |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApiupdateAccountsWithOrganizationsInfoResolver91CC1D41 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApiupdateAllocationResolver8A725FFD |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApiupdateBudgetResolver2EDA782E |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApiupdateTimeCardStatusResolver66B4C127 |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApiupdateUserRoleResolverBE9C313C |
AWS::AppSync::Resolver |
FinOpsCenterBudgetAllocationApiuploadSORResolver08F81E2F |
AWS::AppSync::Resolver |
FinOpsCenterQuickSightLambdaHandler796799F3 |
AWS::Lambda::Function |
FinOpsCenterSchedulerLambdaHandler044C0558 |
AWS::Lambda::Function |
FinOpsCenterSchedulerLambdaHandlerServiceRole44BD75A8 |
AWS::IAM::Role |
FinOpsCenterSchedulerLambdaHandlerServiceRoleDefaultPolicyA6553EC0 |
AWS::IAM::Policy |
FinOpsCenterScheduleRuleAllowEventRuleFinOpsCenterStackFinOpsCenterSchedulerLambdaHandler680625AE3E90D379 |
AWS::Lambda::Permission |
FinOpsCenterScheduleRuleEDEF0E06 |
AWS::Events::Rule |
FinOpsCenterSharedFunctionsLayer84909F55 |
AWS::Lambda::LayerVersion |
GluePolicyCA7268D5 |
AWS::IAM::ManagedPolicy |
invoiceLambdaHandler083AEC55 |
AWS::Lambda::Function |
invoiceLambdaHandlerServiceRoleAD7C6EE6 |
AWS::IAM::Role |
invoiceLambdaHandlerServiceRoleDefaultPolicy20D94148 |
AWS::IAM::Policy |
InvoiceTableD753B0E0 |
AWS::DynamoDB::Table |
LastUpdatedTableD54B2C25 |
AWS::DynamoDB::Table |
PortfolioManagers |
AWS::Cognito::UserPoolGroup |
ProductManagers |
AWS::Cognito::UserPoolGroup |
QSManagedPolicyBC3B1016 |
AWS::IAM::ManagedPolicy |
quicksightaccessrole80E5A653 |
AWS::IAM::Role |
quicksightaccessroleDefaultPolicy15628D24 |
AWS::IAM::Policy |
QuicksightTable0E76B5B0 |
AWS::DynamoDB::Table |
S3NotificationResourceCustomResourcePolicy0EC084AF |
AWS::IAM::Policy |
S3NotificationResourceF98D77E7 |
Custom::AWS |
S3Policy8FACFAB8 |
AWS::IAM::ManagedPolicy |
SorElementToKeyMapper64C55F7A |
AWS::DynamoDB::Table |
SORExtractorLambda56652A5B |
AWS::Lambda::Function |
sorfiles6743E409 |
AWS::S3::Bucket |
sorfilesAllowBucketNotificationsToFinOpsCenterStackSORExtractorLambdaA4B317F72869BA7F |
AWS::Lambda::Permission |
sorfilesNotifications4210B679 |
Custom::S3BucketNotifications |
SpacesTable8A997355 |
AWS::DynamoDB::Table |
staticContentDeploymentAwsCliLayer18F25694 |
AWS::Lambda::LayerVersion |
staticContentDeploymentCustomResourceC4584F3F |
Custom::CDKBucketDeployment |
TimeCardsTable0247B46C |
AWS::DynamoDB::Table |
UsageAccountsTable883695CF |
AWS::DynamoDB::Table |
UsageAccountToServiceDailyTable3EF26074 |
AWS::DynamoDB::Table |
UsageAccountToServiceTableD3843CFA |
AWS::DynamoDB::Table |
UsageDailyTable837F89FC |
AWS::DynamoDB::Table |
UsageMasterAccountsTableD91A7B5C |
AWS::DynamoDB::Table |
UsageTable28300137 |
AWS::DynamoDB::Table |
UserBudgetAccessTable665F2C92 |
AWS::DynamoDB::Table |
UserMappingABB16FE5 |
AWS::DynamoDB::Table |
UserPool6BA7E5F2 |
AWS::Cognito::UserPool |
UserPoolFinOpsCenterPoolweb6108E3D9 |
AWS::Cognito::UserPoolClient |
During the installation of FinOps Center, the following roles are created in customers accounts:
Resource/Role |
Purpose |
athenaexecutionrole33E3CAB2 |
Lambda Execute Role for Athena queries |
AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2, executionroleD9A39BE6 |
Lambda to Read files from s3 bucket |
BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC |
S3Bucket trigger for lambda on new file upload |
budgetApprovalLambdaHandlerServiceRole57D52BE3 |
Lambda to write data to DynamoDB tables (BudgetApprovalWorkflow, ApprovedBudgetsTable) |
budgetTriggerLambdaHandlerServiceRoleB543531A |
Lambda to Write data to dynamodb table (BudgetApprovalWorkflow, ApprovedBudgetsTable) |
BudgetApprovalStateMachineRole7D20BD03, |
Lambda access to trigger step function |
invoiceLambdaHandlerServiceRoleAD7C6EE6 |
Lambda access to write data dynamodb table (InvoiceTable) |
quicksightaccessrole80E5A653 |
Lambda to get quicksight dashboard url programatically |
FinOpsCenterFinopsInaBoxBudgetAllocationApilambdaDatasourceServiceRoleE3C454C3 |
Appsync to invoke lambda function named BudgetAllocationLambda |
FinOpsCenterFinopsInaBoxBudgetAllocationApibudgetApprovalLambdaDatasourceServiceRole59BD64A6 |
Appsync to invoke lambda function named BudgetApprovalLambda |
FinOpsCenterFinopsInaBoxBudgetAllocationApiquickSightLambdaDatasourceServiceRoleDC35C747 |
Appsync to invoke lambda function named QuicksightLambda |
FinOpsCenterFinopsInaBoxBudgetAllocationApischedulerLambdaDatasourceServiceRole5D04EA71 |
Appsync to invoke lambda function named SchedulerLambda |
FinOpsCenterFinopsInaBoxBudgetAllocationApiinvoiceLambdaDatasourceServiceRoleD85B21E4 |
appsync to invoke lambda function named InvoiceLambda |
FinOpsCenterFinopsInaBoxBudgetAllocationApiauthenticationLambdaDatasourceServiceRole0DAF3D85 |
appsync to invoke lambda function named AuthenticationLambda |
accountbudgetlambdarole77006F98 |
lambda access to write data dynamodb table (SorElementToKeyMapper, BudgetsFromSOR) |
FinOpsCenterFinopsInaBoxSchedulerLambdaHandlerServiceRole1D4A6F1E |
lambda access to write data dynamodb table (Scheduler) |
FinOpsCenterFinopsInaBoxAuthenticationLambdaHandlerServiceRole3583A726 |
lambda access to Cognito |
CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265 |
Lambda access to S3 |
athenaexecutionroleDefaultPolicy7907B333 |
Athena access for CUR Data Import |
S3NotificationResourceCustomResourcePolicy0EC084AF |
Bucket to trigger lambda on new items upload |
executionroleDefaultPolicy497F11A3 |
|
BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36 |
Bucket to trigger lambda on new items upload |
budgetApprovalLambdaHandlerServiceRoleDefaultPolicyDE143198 |
|
budgetTriggerLambdaHandlerServiceRoleDefaultPolicyDD9AEFCA |
Bucket to trigger lambda on new items upload |
BudgetApprovalStateMachineRoleDefaultPolicyF89BE0F0, |
Step Function Execution |
invoiceLambdaHandlerServiceRoleDefaultPolicy20D94148 |
Bucket to trigger lambda on new items upload |
quicksightaccessroleDefaultPolicy15628D24 |
Access to QuickSight Assets |
FinOpsCenterFinopsInaBoxBudgetAllocationApilambdaDatasourceServiceRoleDefaultPolicyECB450A3 |
Access to DynamoDB for Step Function |
FinOpsCenterFinopsInaBoxBudgetAllocationApibudgetApprovalLambdaDatasourceServiceRoleDefaultPolicyBCD48E00 |
Step Function Execution |
FinOpsCenterFinopsInaBoxBudgetAllocationApiquickSightLambdaDatasourceServiceRoleDefaultPolicyE116784C |
Access to QuickSight Assets for Row Level Security |
FinOpsCenterFinopsInaBoxBudgetAllocationApiquickSightLambdaDatasourceServiceRoleDefaultPolicyE116784C |
Access to QuickSight Assets for Row Level Security |
FinOpsCenterFinopsInaBoxBudgetAllocationApiquickSightLambdaDatasourceServiceRoleDefaultPolicyE116784C |
Access to QuickSight Assets for Row Level Security |
FinOpsCenterFinopsInaBoxBudgetAllocationApischedulerLambdaDatasourceServiceRoleDefaultPolicyC73BC128 |
Access to DynamoDB for Step Function |
FinOpsCenterFinopsInaBoxBudgetAllocationApiinvoiceLambdaDatasourceServiceRoleDefaultPolicyF3F771EC |
Access to DynamoDB for Step Function |
FinOpsCenterFinopsInaBoxBudgetAllocationApiauthenticationLambdaDatasourceServiceRoleDefaultPolicyEDD13462 |
Access to Cognito for Authenticationo |
accountbudgetlambdaroleDefaultPolicy4FB21BEA |
Step Function Execution |
FinOpsCenterFinopsInaBoxSchedulerLambdaHandlerServiceRoleDefaultPolicy0A59ABD5 |
Step Function Execution |
FinOpsCenterFinopsInaBoxAuthenticationLambdaHandlerServiceRoleDefaultPolicy28CCCF9A |
Access to Cognito for Authentication |
CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF |
Execution to Create S3 bucket for FinOps Center Deployment |
QSManagedPolicyBC3B1016 |