FinOps Resources and Roles

Written By Marc Fleurant (Collaborator)

Updated at September 10th, 2024

Full List of Resources Deployed during the deployment of FinOps Center:

 

Logical

Services

accountbudgetlambdarole77006F98

AWS::IAM::Role

accountbudgetlambdaroleDefaultPolicy4FB21BEA

AWS::IAM::Policy

AccountBudgetTable0C66D07B

AWS::DynamoDB::Table

AccountMapping4D0F5AFB

AWS::DynamoDB::Table

AccountToElement1Mapping752D6570

AWS::DynamoDB::Table

AccountMapping4D0F5AFB

AWS::DynamoDB::Table

AccountToElement1Mapping752D6570

AWS::DynamoDB::Table

AccountToElement2MappingC5E21C49

AWS::DynamoDB::Table

AccountToElement3MappingA58D0E58

AWS::DynamoDB::Table

AccountToElement4Mapping7A6110D3

AWS::DynamoDB::Table

Admins

AWS::Cognito::UserPoolGroup

adminUser

AWS::Cognito::UserPoolUser

ApprovedBudgetsTableA2AC60E6

AWS::DynamoDB::Table

athenaexecutionrole33E3CAB2

AWS::IAM::Role

athenaexecutionroleDefaultPolicy7907B333

AWS::IAM::Policy

AthenaPolicyCADD8C34

AWS::IAM::ManagedPolicy

athenatemp87F857C8

AWS::S3::Bucket

AWS679f53fac002430cb0da5b7982bd22872D164C4C

AWS::Lambda::Function

AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2

AWS::IAM::Role

BucketNotificationsHandler050a0587b7544547bf325f094a3db8347ECC3691

AWS::Lambda::Function

BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC

AWS::IAM::Role

BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36

AWS::IAM::Policy

budgetApprovalLambdaHandlerD5A8C414

AWS::Lambda::Function

budgetApprovalLambdaHandlerServiceRole57D52BE3

AWS::IAM::Role

budgetApprovalLambdaHandlerServiceRoleDefaultPolicyDE143198

AWS::IAM::Policy

BudgetApprovalStateMachine749086CB

AWS::StepFunctions::StateMachine

BudgetApprovalStateMachineRole7D20BD03

AWS::IAM::Role

BudgetApprovalStateMachineRoleDefaultPolicyF89BE0F0

AWS::IAM::Policy

BudgetApprovalWorkflow471D8ADC

AWS::DynamoDB::Table

BudgetsFromSOR1281753B

AWS::DynamoDB::Table

budgetTriggerLambdaHandler47313A97

AWS::Lambda::Function

budgetTriggerLambdaHandlerServiceRoleB543531A

AWS::IAM::Role

budgetTriggerLambdaHandlerServiceRoleDefaultPolicyDD9AEFCA

AWS::IAM::Policy

BUManagers

AWS::Cognito::UserPoolGroup

CDKMetadata

AWS::CDK::Metadata

curExtractorLambdaHandler527EA93F

AWS::Lambda::Function

curExtractorLambdaHandlerAllowS3InvocationDD55202D

AWS::Lambda::Permission

CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536

AWS::Lambda::Function

CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265

AWS::IAM::Role

CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF

AWS::IAM::Policy

DepartmentManagers

AWS::Cognito::UserPoolGroup

Element1Mapping4380F9B0

AWS::DynamoDB::Table

Element2MappingE36F9FE4

AWS::DynamoDB::Table

Element3Mapping4C6A994A

AWS::DynamoDB::Table

Element4Mapping2FFF5F38

AWS::DynamoDB::Table

executionroleD9A39BE6

AWS::IAM::Role

executionroleDefaultPolicy497F11A3

AWS::IAM::Policy

FinancialAdmins

AWS::Cognito::UserPoolGroup

FinOpsCenterAccountBudgetLambdaHandler8229024E

AWS::Lambda::Function

FinOpsCenterAuthenticationLambdaHandler7B901A70

AWS::Lambda::Function

FinOpsCenterAuthenticationLambdaHandlerServiceRoleDefaultPolicy9C018194

AWS::IAM::Policy

FinOpsCenterAuthenticationLambdaHandlerServiceRoleF2924748

AWS::IAM::Role

FinOpsCenterBudgetAllocationApi830C7F83

AWS::AppSync::GraphQLApi

FinOpsCenterBudgetAllocationApiauthenticationLambdaDatasource22C76159

AWS::AppSync::DataSource

FinOpsCenterBudgetAllocationApiauthenticationLambdaDatasourceServiceRole8F2BC046

AWS::IAM::Role

FinOpsCenterBudgetAllocationApiauthenticationLambdaDatasourceServiceRoleDefaultPolicyABAF4045

AWS::IAM::Policy

FinOpsCenterBudgetAllocationApibudgetApprovalLambdaDatasourceA40E713B

AWS::AppSync::DataSource

FinOpsCenterBudgetAllocationApibudgetApprovalLambdaDatasourceServiceRole5098C713

AWS::IAM::Role

FinOpsCenterBudgetAllocationApibudgetApprovalLambdaDatasourceServiceRoleDefaultPolicy9EC99F1C

AWS::IAM::Policy

FinOpsCenterBudgetAllocationApicanCloseMonthResolver2E01B50A

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApichangePasswordResolver3C958E69

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApicompletePasswordChallengeResolver30910FB5

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApiconfirmPasswordResolverFDF56F2F

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApicreateAccountMappingResolver7B079C58

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApicreateAllocationResolver225FB95A

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApicreateBudgetResolver64D61C0E

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApicreateInvoiceResolver43BD5274

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApicreateOrUpdateDashboardResolverA81AB980

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApicreateOrUpdateSpaceDetailsResolver537D1657

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApicreateOrUpdateUserToBudgetAccessResolverE080EDB5

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApicreateUserMappingResolver7D63193A

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApicreateUserResolverA1E605E3

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApidefaultApiKey300A2538

AWS::AppSync::ApiKey

FinOpsCenterBudgetAllocationApideleteAllocationResolver4650763F

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApiforgotPasswordResolver42502E8F

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApigetAllBudgetsNewResolverC85C0932

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApigetAllBudgetsResolverB935009A

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApigetDashboardListResolver72B95653

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApigetInvoicesResolverC4F37F86

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApigetLastRunCurResolver24E9B10E

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApigetPeriodCardsForUserResolver2086F8FC

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApigetQuickSightDashboardUrlResolverE9D8DE12

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApigetSorListByYearResolverCD447711

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApigetSorMappingResolverDD843F7B

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApigetTimeCardsForUserResolver4FC1F4CD

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApigetUnallocatedAccountsResolver3432E36F

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApigetUsageActualsForUserResolverDBEAA204

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApigetUsageDetailsForUserNewResolver746CB582

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApigetUsageDetailsForUserResolver6EF10137

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApigetUsageStatsResolverAED9AFEA

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApigetUserMappingToBudgetsAndAccountsResolverAA475845

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApiinvoiceLambdaDatasource999FAA93

AWS::AppSync::DataSource

FinOpsCenterBudgetAllocationApiinvoiceLambdaDatasourceServiceRole833AADEB

AWS::IAM::Role

FinOpsCenterBudgetAllocationApiinvoiceLambdaDatasourceServiceRoleDefaultPolicyAD0CDF57

AWS::IAM::Policy

FinOpsCenterBudgetAllocationApilambdaDatasourceAB665C33

AWS::AppSync::DataSource

FinOpsCenterBudgetAllocationApilambdaDatasourceServiceRole7144E454

AWS::IAM::Role

FinOpsCenterBudgetAllocationApilambdaDatasourceServiceRoleDefaultPolicy440E4797

AWS::IAM::Policy

FinOpsCenterBudgetAllocationApilistAccountMappingResolver34043668

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApilistAccountsResolver56E8C48D

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApilistAllocationsResolver6165ADBD

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApilistGroupsResolverDCFF3E28

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApilistSpacesResolver60ED72B7

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApilistUserBudgetAllocationsResolver78C6B1CF

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApilistUserMappingResolverC3FFF016

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApilistUsersResolver8B930FB7

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApiloginUserResolver48621D0D

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApimonthCloseResolver17AA178F

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApiquickSightLambdaDatasource42753279

AWS::AppSync::DataSource

FinOpsCenterBudgetAllocationApiquickSightLambdaDatasourceServiceRole9A3B29C1

AWS::IAM::Role

FinOpsCenterBudgetAllocationApiquickSightLambdaDatasourceServiceRoleDefaultPolicy21D8C2A6

AWS::IAM::Policy

FinOpsCenterBudgetAllocationApireviewBudgetResolverB4A7AD9A

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApischedulerLambdaDatasourceDF97F9B9

AWS::AppSync::DataSource

FinOpsCenterBudgetAllocationApischedulerLambdaDatasourceServiceRole0E24BE0C

AWS::IAM::Role

FinOpsCenterBudgetAllocationApischedulerLambdaDatasourceServiceRoleDefaultPolicy8D806BF5

AWS::IAM::Policy

FinOpsCenterBudgetAllocationApiSchema6D45E612

AWS::AppSync::GraphQLSchema

FinOpsCenterBudgetAllocationApisorMappingResolver822F3A5B

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApiupdateAccountsWithOrganizationsInfoResolver91CC1D41

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApiupdateAllocationResolver8A725FFD

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApiupdateBudgetResolver2EDA782E

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApiupdateTimeCardStatusResolver66B4C127

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApiupdateUserRoleResolverBE9C313C

AWS::AppSync::Resolver

FinOpsCenterBudgetAllocationApiuploadSORResolver08F81E2F

AWS::AppSync::Resolver

FinOpsCenterQuickSightLambdaHandler796799F3

AWS::Lambda::Function

FinOpsCenterSchedulerLambdaHandler044C0558

AWS::Lambda::Function

FinOpsCenterSchedulerLambdaHandlerServiceRole44BD75A8

AWS::IAM::Role

FinOpsCenterSchedulerLambdaHandlerServiceRoleDefaultPolicyA6553EC0

AWS::IAM::Policy

FinOpsCenterScheduleRuleAllowEventRuleFinOpsCenterStackFinOpsCenterSchedulerLambdaHandler680625AE3E90D379

AWS::Lambda::Permission

FinOpsCenterScheduleRuleEDEF0E06

AWS::Events::Rule

FinOpsCenterSharedFunctionsLayer84909F55

AWS::Lambda::LayerVersion

GluePolicyCA7268D5

AWS::IAM::ManagedPolicy

invoiceLambdaHandler083AEC55

AWS::Lambda::Function

invoiceLambdaHandlerServiceRoleAD7C6EE6

AWS::IAM::Role

invoiceLambdaHandlerServiceRoleDefaultPolicy20D94148

AWS::IAM::Policy

InvoiceTableD753B0E0

AWS::DynamoDB::Table

LastUpdatedTableD54B2C25

AWS::DynamoDB::Table

PortfolioManagers

AWS::Cognito::UserPoolGroup

ProductManagers

AWS::Cognito::UserPoolGroup

QSManagedPolicyBC3B1016

AWS::IAM::ManagedPolicy

quicksightaccessrole80E5A653

AWS::IAM::Role

quicksightaccessroleDefaultPolicy15628D24

AWS::IAM::Policy

QuicksightTable0E76B5B0

AWS::DynamoDB::Table

S3NotificationResourceCustomResourcePolicy0EC084AF

AWS::IAM::Policy

S3NotificationResourceF98D77E7

Custom::AWS

S3Policy8FACFAB8

AWS::IAM::ManagedPolicy

SorElementToKeyMapper64C55F7A

AWS::DynamoDB::Table

SORExtractorLambda56652A5B

AWS::Lambda::Function

sorfiles6743E409

AWS::S3::Bucket

sorfilesAllowBucketNotificationsToFinOpsCenterStackSORExtractorLambdaA4B317F72869BA7F

AWS::Lambda::Permission

sorfilesNotifications4210B679

Custom::S3BucketNotifications

SpacesTable8A997355

AWS::DynamoDB::Table

staticContentDeploymentAwsCliLayer18F25694

AWS::Lambda::LayerVersion

staticContentDeploymentCustomResourceC4584F3F

Custom::CDKBucketDeployment

TimeCardsTable0247B46C

AWS::DynamoDB::Table

UsageAccountsTable883695CF

AWS::DynamoDB::Table

UsageAccountToServiceDailyTable3EF26074

AWS::DynamoDB::Table

UsageAccountToServiceTableD3843CFA

AWS::DynamoDB::Table

UsageDailyTable837F89FC

AWS::DynamoDB::Table

UsageMasterAccountsTableD91A7B5C

AWS::DynamoDB::Table

UsageTable28300137

AWS::DynamoDB::Table

UserBudgetAccessTable665F2C92

AWS::DynamoDB::Table

UserMappingABB16FE5

AWS::DynamoDB::Table

UserPool6BA7E5F2

AWS::Cognito::UserPool

UserPoolFinOpsCenterPoolweb6108E3D9

AWS::Cognito::UserPoolClient

 

During the installation of FinOps Center, the following roles are created in customers accounts:

Resource/Role

Purpose

athenaexecutionrole33E3CAB2

Lambda Execute Role for Athena queries

AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2, executionroleD9A39BE6

Lambda to Read files from s3 bucket

BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC

S3Bucket trigger for lambda on new file upload

budgetApprovalLambdaHandlerServiceRole57D52BE3

Lambda to write data to DynamoDB tables (BudgetApprovalWorkflow, ApprovedBudgetsTable)

budgetTriggerLambdaHandlerServiceRoleB543531A

Lambda to Write data to dynamodb table (BudgetApprovalWorkflow, ApprovedBudgetsTable)

BudgetApprovalStateMachineRole7D20BD03,

Lambda access to trigger step function

invoiceLambdaHandlerServiceRoleAD7C6EE6

Lambda access to write data dynamodb table (InvoiceTable)

quicksightaccessrole80E5A653

Lambda to get quicksight dashboard url programatically

FinOpsCenterFinopsInaBoxBudgetAllocationApilambdaDatasourceServiceRoleE3C454C3

Appsync to invoke lambda function named BudgetAllocationLambda

FinOpsCenterFinopsInaBoxBudgetAllocationApibudgetApprovalLambdaDatasourceServiceRole59BD64A6

Appsync to invoke lambda function named BudgetApprovalLambda

FinOpsCenterFinopsInaBoxBudgetAllocationApiquickSightLambdaDatasourceServiceRoleDC35C747

Appsync to invoke lambda function named QuicksightLambda

FinOpsCenterFinopsInaBoxBudgetAllocationApischedulerLambdaDatasourceServiceRole5D04EA71

Appsync to invoke lambda function named SchedulerLambda

FinOpsCenterFinopsInaBoxBudgetAllocationApiinvoiceLambdaDatasourceServiceRoleD85B21E4

appsync to invoke lambda function named InvoiceLambda

FinOpsCenterFinopsInaBoxBudgetAllocationApiauthenticationLambdaDatasourceServiceRole0DAF3D85

appsync to invoke lambda function named AuthenticationLambda

accountbudgetlambdarole77006F98

lambda access to write data dynamodb table (SorElementToKeyMapper, BudgetsFromSOR)

FinOpsCenterFinopsInaBoxSchedulerLambdaHandlerServiceRole1D4A6F1E

lambda access to write data dynamodb table (Scheduler)

FinOpsCenterFinopsInaBoxAuthenticationLambdaHandlerServiceRole3583A726

lambda access to Cognito

CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265

Lambda access to S3

athenaexecutionroleDefaultPolicy7907B333

Athena access for CUR Data Import

S3NotificationResourceCustomResourcePolicy0EC084AF

Bucket to trigger lambda on new items upload

executionroleDefaultPolicy497F11A3

 

BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36

Bucket to trigger lambda on new items upload

budgetApprovalLambdaHandlerServiceRoleDefaultPolicyDE143198

 

budgetTriggerLambdaHandlerServiceRoleDefaultPolicyDD9AEFCA

Bucket to trigger lambda on new items upload

BudgetApprovalStateMachineRoleDefaultPolicyF89BE0F0,

Step Function Execution

invoiceLambdaHandlerServiceRoleDefaultPolicy20D94148

Bucket to trigger lambda on new items upload

quicksightaccessroleDefaultPolicy15628D24

Access to QuickSight Assets

FinOpsCenterFinopsInaBoxBudgetAllocationApilambdaDatasourceServiceRoleDefaultPolicyECB450A3

Access to DynamoDB for Step Function

FinOpsCenterFinopsInaBoxBudgetAllocationApibudgetApprovalLambdaDatasourceServiceRoleDefaultPolicyBCD48E00

Step Function Execution

FinOpsCenterFinopsInaBoxBudgetAllocationApiquickSightLambdaDatasourceServiceRoleDefaultPolicyE116784C

Access to QuickSight Assets for Row Level Security

FinOpsCenterFinopsInaBoxBudgetAllocationApiquickSightLambdaDatasourceServiceRoleDefaultPolicyE116784C

Access to QuickSight Assets for Row Level Security

FinOpsCenterFinopsInaBoxBudgetAllocationApiquickSightLambdaDatasourceServiceRoleDefaultPolicyE116784C

Access to QuickSight Assets for Row Level Security

FinOpsCenterFinopsInaBoxBudgetAllocationApischedulerLambdaDatasourceServiceRoleDefaultPolicyC73BC128

Access to DynamoDB for Step Function

FinOpsCenterFinopsInaBoxBudgetAllocationApiinvoiceLambdaDatasourceServiceRoleDefaultPolicyF3F771EC

Access to DynamoDB for Step Function

FinOpsCenterFinopsInaBoxBudgetAllocationApiauthenticationLambdaDatasourceServiceRoleDefaultPolicyEDD13462

Access to Cognito for Authenticationo

accountbudgetlambdaroleDefaultPolicy4FB21BEA

Step Function Execution

FinOpsCenterFinopsInaBoxSchedulerLambdaHandlerServiceRoleDefaultPolicy0A59ABD5

Step Function Execution

FinOpsCenterFinopsInaBoxAuthenticationLambdaHandlerServiceRoleDefaultPolicy28CCCF9A

Access to Cognito for Authentication

CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF

Execution to Create S3 bucket for FinOps Center Deployment

QSManagedPolicyBC3B1016