FinOps Center Resources and Roles
Logical
Services
accountbudgetlambdarole77006F98
AWS::IAM::Role
accountbudgetlambdaroleDefaultPolicy4FB21BEA
AWS::IAM::Policy
AccountBudgetTable0C66D07B
AWS::DynamoDB::Table
AccountMapping4D0F5AFB
AWS::DynamoDB::Table
AccountToElement1Mapping752D6570
AWS::DynamoDB::Table
AccountMapping4D0F5AFB
AWS::DynamoDB::Table
AccountToElement1Mapping752D6570
AWS::DynamoDB::Table
AccountToElement2MappingC5E21C49
AWS::DynamoDB::Table
AccountToElement3MappingA58D0E58
AWS::DynamoDB::Table
AccountToElement4Mapping7A6110D3
AWS::DynamoDB::Table
Admins
AWS::Cognito::UserPoolGroup
adminUser
AWS::Cognito::UserPoolUser
ApprovedBudgetsTableA2AC60E6
AWS::DynamoDB::Table
athenaexecutionrole33E3CAB2
AWS::IAM::Role
athenaexecutionroleDefaultPolicy7907B333
AWS::IAM::Policy
AthenaPolicyCADD8C34
AWS::IAM::ManagedPolicy
athenatemp87F857C8
AWS::S3::Bucket
AWS679f53fac002430cb0da5b7982bd22872D164C4C
AWS::Lambda::Function
AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2
AWS::IAM::Role
BucketNotificationsHandler050a0587b7544547bf325f094a3db8347ECC3691
AWS::Lambda::Function
BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC
AWS::IAM::Role
BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36
AWS::IAM::Policy
budgetApprovalLambdaHandlerD5A8C414
AWS::Lambda::Function
budgetApprovalLambdaHandlerServiceRole57D52BE3
AWS::IAM::Role
budgetApprovalLambdaHandlerServiceRoleDefaultPolicyDE143198
AWS::IAM::Policy
BudgetApprovalStateMachine749086CB
AWS::StepFunctions::StateMachine
BudgetApprovalStateMachineRole7D20BD03
AWS::IAM::Role
BudgetApprovalStateMachineRoleDefaultPolicyF89BE0F0
AWS::IAM::Policy
BudgetApprovalWorkflow471D8ADC
AWS::DynamoDB::Table
BudgetsFromSOR1281753B
AWS::DynamoDB::Table
budgetTriggerLambdaHandler47313A97
AWS::Lambda::Function
budgetTriggerLambdaHandlerServiceRoleB543531A
AWS::IAM::Role
budgetTriggerLambdaHandlerServiceRoleDefaultPolicyDD9AEFCA
AWS::IAM::Policy
BUManagers
AWS::Cognito::UserPoolGroup
CDKMetadata
AWS::CDK::Metadata
curExtractorLambdaHandler527EA93F
AWS::Lambda::Function
curExtractorLambdaHandlerAllowS3InvocationDD55202D
AWS::Lambda::Permission
CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536
AWS::Lambda::Function
CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265
AWS::IAM::Role
CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF
AWS::IAM::Policy
DepartmentManagers
AWS::Cognito::UserPoolGroup
Element1Mapping4380F9B0
AWS::DynamoDB::Table
Element2MappingE36F9FE4
AWS::DynamoDB::Table
Element3Mapping4C6A994A
AWS::DynamoDB::Table
Element4Mapping2FFF5F38
AWS::DynamoDB::Table
executionroleD9A39BE6
AWS::IAM::Role
executionroleDefaultPolicy497F11A3
AWS::IAM::Policy
FinancialAdmins
AWS::Cognito::UserPoolGroup
FinOpsCenterAccountBudgetLambdaHandler8229024E
AWS::Lambda::Function
FinOpsCenterAuthenticationLambdaHandler7B901A70
AWS::Lambda::Function
FinOpsCenterAuthenticationLambdaHandlerServiceRoleDefaultPolicy9C018194
AWS::IAM::Policy
FinOpsCenterAuthenticationLambdaHandlerServiceRoleF2924748
AWS::IAM::Role
FinOpsCenterBudgetAllocationApi830C7F83
AWS::AppSync::GraphQLApi
FinOpsCenterBudgetAllocationApiauthenticationLambdaDatasource22C76159
AWS::AppSync::DataSource
FinOpsCenterBudgetAllocationApiauthenticationLambdaDatasourceServiceRole8F2BC046
AWS::IAM::Role
FinOpsCenterBudgetAllocationApiauthenticationLambdaDatasourceServiceRoleDefaultPolicyABAF4045
AWS::IAM::Policy
FinOpsCenterBudgetAllocationApibudgetApprovalLambdaDatasourceA40E713B
AWS::AppSync::DataSource
FinOpsCenterBudgetAllocationApibudgetApprovalLambdaDatasourceServiceRole5098C713
AWS::IAM::Role
FinOpsCenterBudgetAllocationApibudgetApprovalLambdaDatasourceServiceRoleDefaultPolicy9EC99F1C
AWS::IAM::Policy
FinOpsCenterBudgetAllocationApicanCloseMonthResolver2E01B50A
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApichangePasswordResolver3C958E69
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApicompletePasswordChallengeResolver30910FB5
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApiconfirmPasswordResolverFDF56F2F
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApicreateAccountMappingResolver7B079C58
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApicreateAllocationResolver225FB95A
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApicreateBudgetResolver64D61C0E
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApicreateInvoiceResolver43BD5274
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApicreateOrUpdateDashboardResolverA81AB980
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApicreateOrUpdateSpaceDetailsResolver537D1657
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApicreateOrUpdateUserToBudgetAccessResolverE080EDB5
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApicreateUserMappingResolver7D63193A
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApicreateUserResolverA1E605E3
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApidefaultApiKey300A2538
AWS::AppSync::ApiKey
FinOpsCenterBudgetAllocationApideleteAllocationResolver4650763F
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApiforgotPasswordResolver42502E8F
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApigetAllBudgetsNewResolverC85C0932
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApigetAllBudgetsResolverB935009A
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApigetDashboardListResolver72B95653
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApigetInvoicesResolverC4F37F86
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApigetLastRunCurResolver24E9B10E
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApigetPeriodCardsForUserResolver2086F8FC
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApigetQuickSightDashboardUrlResolverE9D8DE12
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApigetSorListByYearResolverCD447711
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApigetSorMappingResolverDD843F7B
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApigetTimeCardsForUserResolver4FC1F4CD
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApigetUnallocatedAccountsResolver3432E36F
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApigetUsageActualsForUserResolverDBEAA204
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApigetUsageDetailsForUserNewResolver746CB582
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApigetUsageDetailsForUserResolver6EF10137
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApigetUsageStatsResolverAED9AFEA
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApigetUserMappingToBudgetsAndAccountsResolverAA475845
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApiinvoiceLambdaDatasource999FAA93
AWS::AppSync::DataSource
FinOpsCenterBudgetAllocationApiinvoiceLambdaDatasourceServiceRole833AADEB
AWS::IAM::Role
FinOpsCenterBudgetAllocationApiinvoiceLambdaDatasourceServiceRoleDefaultPolicyAD0CDF57
AWS::IAM::Policy
FinOpsCenterBudgetAllocationApilambdaDatasourceAB665C33
AWS::AppSync::DataSource
FinOpsCenterBudgetAllocationApilambdaDatasourceServiceRole7144E454
AWS::IAM::Role
FinOpsCenterBudgetAllocationApilambdaDatasourceServiceRoleDefaultPolicy440E4797
AWS::IAM::Policy
FinOpsCenterBudgetAllocationApilistAccountMappingResolver34043668
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApilistAccountsResolver56E8C48D
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApilistAllocationsResolver6165ADBD
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApilistGroupsResolverDCFF3E28
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApilistSpacesResolver60ED72B7
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApilistUserBudgetAllocationsResolver78C6B1CF
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApilistUserMappingResolverC3FFF016
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApilistUsersResolver8B930FB7
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApiloginUserResolver48621D0D
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApimonthCloseResolver17AA178F
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApiquickSightLambdaDatasource42753279
AWS::AppSync::DataSource
FinOpsCenterBudgetAllocationApiquickSightLambdaDatasourceServiceRole9A3B29C1
AWS::IAM::Role
FinOpsCenterBudgetAllocationApiquickSightLambdaDatasourceServiceRoleDefaultPolicy21D8C2A6
AWS::IAM::Policy
FinOpsCenterBudgetAllocationApireviewBudgetResolverB4A7AD9A
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApischedulerLambdaDatasourceDF97F9B9
AWS::AppSync::DataSource
FinOpsCenterBudgetAllocationApischedulerLambdaDatasourceServiceRole0E24BE0C
AWS::IAM::Role
FinOpsCenterBudgetAllocationApischedulerLambdaDatasourceServiceRoleDefaultPolicy8D806BF5
AWS::IAM::Policy
FinOpsCenterBudgetAllocationApiSchema6D45E612
AWS::AppSync::GraphQLSchema
FinOpsCenterBudgetAllocationApisorMappingResolver822F3A5B
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApiupdateAccountsWithOrganizationsInfoResolver91CC1D41
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApiupdateAllocationResolver8A725FFD
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApiupdateBudgetResolver2EDA782E
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApiupdateTimeCardStatusResolver66B4C127
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApiupdateUserRoleResolverBE9C313C
AWS::AppSync::Resolver
FinOpsCenterBudgetAllocationApiuploadSORResolver08F81E2F
AWS::AppSync::Resolver
FinOpsCenterQuickSightLambdaHandler796799F3
AWS::Lambda::Function
FinOpsCenterSchedulerLambdaHandler044C0558
AWS::Lambda::Function
FinOpsCenterSchedulerLambdaHandlerServiceRole44BD75A8
AWS::IAM::Role
FinOpsCenterSchedulerLambdaHandlerServiceRoleDefaultPolicyA6553EC0
AWS::IAM::Policy
FinOpsCenterScheduleRuleAllowEventRuleFinOpsCenterStackFinOpsCenterSchedulerLambdaHandler680625AE3E90D379
AWS::Lambda::Permission
FinOpsCenterScheduleRuleEDEF0E06
AWS::Events::Rule
FinOpsCenterSharedFunctionsLayer84909F55
AWS::Lambda::LayerVersion
GluePolicyCA7268D5
AWS::IAM::ManagedPolicy
invoiceLambdaHandler083AEC55
AWS::Lambda::Function
invoiceLambdaHandlerServiceRoleAD7C6EE6
AWS::IAM::Role
invoiceLambdaHandlerServiceRoleDefaultPolicy20D94148
AWS::IAM::Policy
InvoiceTableD753B0E0
AWS::DynamoDB::Table
LastUpdatedTableD54B2C25
AWS::DynamoDB::Table
PortfolioManagers
AWS::Cognito::UserPoolGroup
ProductManagers
AWS::Cognito::UserPoolGroup
QSManagedPolicyBC3B1016
AWS::IAM::ManagedPolicy
quicksightaccessrole80E5A653
AWS::IAM::Role
quicksightaccessroleDefaultPolicy15628D24
AWS::IAM::Policy
QuicksightTable0E76B5B0
AWS::DynamoDB::Table
S3NotificationResourceCustomResourcePolicy0EC084AF
AWS::IAM::Policy
S3NotificationResourceF98D77E7
Custom::AWS
S3Policy8FACFAB8
AWS::IAM::ManagedPolicy
SorElementToKeyMapper64C55F7A
AWS::DynamoDB::Table
SORExtractorLambda56652A5B
AWS::Lambda::Function
sorfiles6743E409
AWS::S3::Bucket
sorfilesAllowBucketNotificationsToFinOpsCenterStackSORExtractorLambdaA4B317F72869BA7F
AWS::Lambda::Permission
sorfilesNotifications4210B679
Custom::S3BucketNotifications
SpacesTable8A997355
AWS::DynamoDB::Table
staticContentDeploymentAwsCliLayer18F25694
AWS::Lambda::LayerVersion
staticContentDeploymentCustomResourceC4584F3F
Custom::CDKBucketDeployment
TimeCardsTable0247B46C
AWS::DynamoDB::Table
UsageAccountsTable883695CF
AWS::DynamoDB::Table
UsageAccountToServiceDailyTable3EF26074
AWS::DynamoDB::Table
UsageAccountToServiceTableD3843CFA
AWS::DynamoDB::Table
UsageDailyTable837F89FC
AWS::DynamoDB::Table
UsageMasterAccountsTableD91A7B5C
AWS::DynamoDB::Table
UsageTable28300137
AWS::DynamoDB::Table
UserBudgetAccessTable665F2C92
AWS::DynamoDB::Table
UserMappingABB16FE5
AWS::DynamoDB::Table
UserPool6BA7E5F2
AWS::Cognito::UserPool
UserPoolFinOpsCenterPoolweb6108E3D9
AWS::Cognito::UserPoolClient
During the installation of FinOps Center, the following roles are created in customers accounts:
Resource/Role
Purpose
athenaexecutionrole33E3CAB2
Lambda Execute Role for Athena queries
AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2, executionroleD9A39BE6
Lambda to Read files from s3 bucket
BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC
S3Bucket trigger for lambda on new file upload
budgetApprovalLambdaHandlerServiceRole57D52BE3
Lambda to write data to DynamoDB tables (BudgetApprovalWorkflow, ApprovedBudgetsTable)
budgetTriggerLambdaHandlerServiceRoleB543531A
Lambda to Write data to dynamodb table (BudgetApprovalWorkflow, ApprovedBudgetsTable)
BudgetApprovalStateMachineRole7D20BD03,
Lambda access to trigger step function
invoiceLambdaHandlerServiceRoleAD7C6EE6
Lambda access to write data dynamodb table (InvoiceTable)
quicksightaccessrole80E5A653
Lambda to get quicksight dashboard url programatically
FinOpsCenterFinopsInaBoxBudgetAllocationApilambdaDatasourceServiceRoleE3C454C3
Appsync to invoke lambda function named BudgetAllocationLambda
FinOpsCenterFinopsInaBoxBudgetAllocationApibudgetApprovalLambdaDatasourceServiceRole59BD64A6
Appsync to invoke lambda function named BudgetApprovalLambda
FinOpsCenterFinopsInaBoxBudgetAllocationApiquickSightLambdaDatasourceServiceRoleDC35C747
Appsync to invoke lambda function named QuicksightLambda
FinOpsCenterFinopsInaBoxBudgetAllocationApischedulerLambdaDatasourceServiceRole5D04EA71
Appsync to invoke lambda function named SchedulerLambda
FinOpsCenterFinopsInaBoxBudgetAllocationApiinvoiceLambdaDatasourceServiceRoleD85B21E4
appsync to invoke lambda function named InvoiceLambda
FinOpsCenterFinopsInaBoxBudgetAllocationApiauthenticationLambdaDatasourceServiceRole0DAF3D85
appsync to invoke lambda function named AuthenticationLambda
accountbudgetlambdarole77006F98
lambda access to write data dynamodb table (SorElementToKeyMapper, BudgetsFromSOR)
FinOpsCenterFinopsInaBoxSchedulerLambdaHandlerServiceRole1D4A6F1E
lambda access to write data dynamodb table (Scheduler)
FinOpsCenterFinopsInaBoxAuthenticationLambdaHandlerServiceRole3583A726
lambda access to Cognito
CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265
Lambda access to S3
athenaexecutionroleDefaultPolicy7907B333
Athena access for CUR Data Import
S3NotificationResourceCustomResourcePolicy0EC084AF
Bucket to trigger lambda on new items upload
executionroleDefaultPolicy497F11A3
BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36
Bucket to trigger lambda on new items upload
budgetApprovalLambdaHandlerServiceRoleDefaultPolicyDE143198
budgetTriggerLambdaHandlerServiceRoleDefaultPolicyDD9AEFCA
Bucket to trigger lambda on new items upload
BudgetApprovalStateMachineRoleDefaultPolicyF89BE0F0,
Step Function Execution
invoiceLambdaHandlerServiceRoleDefaultPolicy20D94148
Bucket to trigger lambda on new items upload
quicksightaccessroleDefaultPolicy15628D24
Access to QuickSight Assets
FinOpsCenterFinopsInaBoxBudgetAllocationApilambdaDatasourceServiceRoleDefaultPolicyECB450A3
Access to DynamoDB for Step Function
FinOpsCenterFinopsInaBoxBudgetAllocationApibudgetApprovalLambdaDatasourceServiceRoleDefaultPolicyBCD48E00
Step Function Execution
FinOpsCenterFinopsInaBoxBudgetAllocationApiquickSightLambdaDatasourceServiceRoleDefaultPolicyE116784C
Access to QuickSight Assets for Row Level Security
FinOpsCenterFinopsInaBoxBudgetAllocationApiquickSightLambdaDatasourceServiceRoleDefaultPolicyE116784C
Access to QuickSight Assets for Row Level Security
FinOpsCenterFinopsInaBoxBudgetAllocationApiquickSightLambdaDatasourceServiceRoleDefaultPolicyE116784C
Access to QuickSight Assets for Row Level Security
FinOpsCenterFinopsInaBoxBudgetAllocationApischedulerLambdaDatasourceServiceRoleDefaultPolicyC73BC128
Access to DynamoDB for Step Function
FinOpsCenterFinopsInaBoxBudgetAllocationApiinvoiceLambdaDatasourceServiceRoleDefaultPolicyF3F771EC
Access to DynamoDB for Step Function
FinOpsCenterFinopsInaBoxBudgetAllocationApiauthenticationLambdaDatasourceServiceRoleDefaultPolicyEDD13462
Access to Cognito for Authenticationo
accountbudgetlambdaroleDefaultPolicy4FB21BEA
Step Function Execution
FinOpsCenterFinopsInaBoxSchedulerLambdaHandlerServiceRoleDefaultPolicy0A59ABD5
Step Function Execution
FinOpsCenterFinopsInaBoxAuthenticationLambdaHandlerServiceRoleDefaultPolicy28CCCF9A
Access to Cognito for Authentication
CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF
Execution to Create S3 bucket for FinOps Center Deployment
QSManagedPolicyBC3B1016
Last updated