# FinOps Center Resources and Roles | **Logical** | **Services** | | --------------------------------------------------------------------------------------------------------- | -------------------------------- | | accountbudgetlambdarole77006F98 | AWS::IAM::Role | | accountbudgetlambdaroleDefaultPolicy4FB21BEA | AWS::IAM::Policy | | AccountBudgetTable0C66D07B | AWS::DynamoDB::Table | | AccountMapping4D0F5AFB | AWS::DynamoDB::Table | | AccountToElement1Mapping752D6570 | AWS::DynamoDB::Table | | AccountMapping4D0F5AFB | AWS::DynamoDB::Table | | AccountToElement1Mapping752D6570 | AWS::DynamoDB::Table | | AccountToElement2MappingC5E21C49 | AWS::DynamoDB::Table | | AccountToElement3MappingA58D0E58 | AWS::DynamoDB::Table | | AccountToElement4Mapping7A6110D3 | AWS::DynamoDB::Table | | Admins | AWS::Cognito::UserPoolGroup | | adminUser | AWS::Cognito::UserPoolUser | | ApprovedBudgetsTableA2AC60E6 | AWS::DynamoDB::Table | | athenaexecutionrole33E3CAB2 | AWS::IAM::Role | | athenaexecutionroleDefaultPolicy7907B333 | AWS::IAM::Policy | | AthenaPolicyCADD8C34 | AWS::IAM::ManagedPolicy | | athenatemp87F857C8 | AWS::S3::Bucket | | AWS679f53fac002430cb0da5b7982bd22872D164C4C | AWS::Lambda::Function | | AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2 | AWS::IAM::Role | | BucketNotificationsHandler050a0587b7544547bf325f094a3db8347ECC3691 | AWS::Lambda::Function | | BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC | AWS::IAM::Role | | BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36 | AWS::IAM::Policy | | budgetApprovalLambdaHandlerD5A8C414 | AWS::Lambda::Function | | budgetApprovalLambdaHandlerServiceRole57D52BE3 | AWS::IAM::Role | | budgetApprovalLambdaHandlerServiceRoleDefaultPolicyDE143198 | AWS::IAM::Policy | | BudgetApprovalStateMachine749086CB | AWS::StepFunctions::StateMachine | | BudgetApprovalStateMachineRole7D20BD03 | AWS::IAM::Role | | BudgetApprovalStateMachineRoleDefaultPolicyF89BE0F0 | AWS::IAM::Policy | | BudgetApprovalWorkflow471D8ADC | AWS::DynamoDB::Table | | BudgetsFromSOR1281753B | AWS::DynamoDB::Table | | budgetTriggerLambdaHandler47313A97 | AWS::Lambda::Function | | budgetTriggerLambdaHandlerServiceRoleB543531A | AWS::IAM::Role | | budgetTriggerLambdaHandlerServiceRoleDefaultPolicyDD9AEFCA | AWS::IAM::Policy | | BUManagers | AWS::Cognito::UserPoolGroup | | CDKMetadata | AWS::CDK::Metadata | | curExtractorLambdaHandler527EA93F | AWS::Lambda::Function | | curExtractorLambdaHandlerAllowS3InvocationDD55202D | AWS::Lambda::Permission | | CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536 | AWS::Lambda::Function | | CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265 | AWS::IAM::Role | | CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF | AWS::IAM::Policy | | DepartmentManagers | AWS::Cognito::UserPoolGroup | | Element1Mapping4380F9B0 | AWS::DynamoDB::Table | | Element2MappingE36F9FE4 | AWS::DynamoDB::Table | | Element3Mapping4C6A994A | AWS::DynamoDB::Table | | Element4Mapping2FFF5F38 | AWS::DynamoDB::Table | | executionroleD9A39BE6 | AWS::IAM::Role | | executionroleDefaultPolicy497F11A3 | AWS::IAM::Policy | | FinancialAdmins | AWS::Cognito::UserPoolGroup | | FinOpsCenterAccountBudgetLambdaHandler8229024E | AWS::Lambda::Function | | FinOpsCenterAuthenticationLambdaHandler7B901A70 | AWS::Lambda::Function | | FinOpsCenterAuthenticationLambdaHandlerServiceRoleDefaultPolicy9C018194 | AWS::IAM::Policy | | FinOpsCenterAuthenticationLambdaHandlerServiceRoleF2924748 | AWS::IAM::Role | | FinOpsCenterBudgetAllocationApi830C7F83 | AWS::AppSync::GraphQLApi | | FinOpsCenterBudgetAllocationApiauthenticationLambdaDatasource22C76159 | AWS::AppSync::DataSource | | FinOpsCenterBudgetAllocationApiauthenticationLambdaDatasourceServiceRole8F2BC046 | AWS::IAM::Role | | FinOpsCenterBudgetAllocationApiauthenticationLambdaDatasourceServiceRoleDefaultPolicyABAF4045 | AWS::IAM::Policy | | FinOpsCenterBudgetAllocationApibudgetApprovalLambdaDatasourceA40E713B | AWS::AppSync::DataSource | | FinOpsCenterBudgetAllocationApibudgetApprovalLambdaDatasourceServiceRole5098C713 | AWS::IAM::Role | | FinOpsCenterBudgetAllocationApibudgetApprovalLambdaDatasourceServiceRoleDefaultPolicy9EC99F1C | AWS::IAM::Policy | | FinOpsCenterBudgetAllocationApicanCloseMonthResolver2E01B50A | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApichangePasswordResolver3C958E69 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApicompletePasswordChallengeResolver30910FB5 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApiconfirmPasswordResolverFDF56F2F | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApicreateAccountMappingResolver7B079C58 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApicreateAllocationResolver225FB95A | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApicreateBudgetResolver64D61C0E | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApicreateInvoiceResolver43BD5274 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApicreateOrUpdateDashboardResolverA81AB980 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApicreateOrUpdateSpaceDetailsResolver537D1657 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApicreateOrUpdateUserToBudgetAccessResolverE080EDB5 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApicreateUserMappingResolver7D63193A | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApicreateUserResolverA1E605E3 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApidefaultApiKey300A2538 | AWS::AppSync::ApiKey | | FinOpsCenterBudgetAllocationApideleteAllocationResolver4650763F | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApiforgotPasswordResolver42502E8F | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApigetAllBudgetsNewResolverC85C0932 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApigetAllBudgetsResolverB935009A | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApigetDashboardListResolver72B95653 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApigetInvoicesResolverC4F37F86 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApigetLastRunCurResolver24E9B10E | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApigetPeriodCardsForUserResolver2086F8FC | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApigetQuickSightDashboardUrlResolverE9D8DE12 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApigetSorListByYearResolverCD447711 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApigetSorMappingResolverDD843F7B | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApigetTimeCardsForUserResolver4FC1F4CD | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApigetUnallocatedAccountsResolver3432E36F | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApigetUsageActualsForUserResolverDBEAA204 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApigetUsageDetailsForUserNewResolver746CB582 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApigetUsageDetailsForUserResolver6EF10137 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApigetUsageStatsResolverAED9AFEA | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApigetUserMappingToBudgetsAndAccountsResolverAA475845 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApiinvoiceLambdaDatasource999FAA93 | AWS::AppSync::DataSource | | FinOpsCenterBudgetAllocationApiinvoiceLambdaDatasourceServiceRole833AADEB | AWS::IAM::Role | | FinOpsCenterBudgetAllocationApiinvoiceLambdaDatasourceServiceRoleDefaultPolicyAD0CDF57 | AWS::IAM::Policy | | FinOpsCenterBudgetAllocationApilambdaDatasourceAB665C33 | AWS::AppSync::DataSource | | FinOpsCenterBudgetAllocationApilambdaDatasourceServiceRole7144E454 | AWS::IAM::Role | | FinOpsCenterBudgetAllocationApilambdaDatasourceServiceRoleDefaultPolicy440E4797 | AWS::IAM::Policy | | FinOpsCenterBudgetAllocationApilistAccountMappingResolver34043668 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApilistAccountsResolver56E8C48D | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApilistAllocationsResolver6165ADBD | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApilistGroupsResolverDCFF3E28 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApilistSpacesResolver60ED72B7 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApilistUserBudgetAllocationsResolver78C6B1CF | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApilistUserMappingResolverC3FFF016 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApilistUsersResolver8B930FB7 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApiloginUserResolver48621D0D | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApimonthCloseResolver17AA178F | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApiquickSightLambdaDatasource42753279 | AWS::AppSync::DataSource | | FinOpsCenterBudgetAllocationApiquickSightLambdaDatasourceServiceRole9A3B29C1 | AWS::IAM::Role | | FinOpsCenterBudgetAllocationApiquickSightLambdaDatasourceServiceRoleDefaultPolicy21D8C2A6 | AWS::IAM::Policy | | FinOpsCenterBudgetAllocationApireviewBudgetResolverB4A7AD9A | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApischedulerLambdaDatasourceDF97F9B9 | AWS::AppSync::DataSource | | FinOpsCenterBudgetAllocationApischedulerLambdaDatasourceServiceRole0E24BE0C | AWS::IAM::Role | | FinOpsCenterBudgetAllocationApischedulerLambdaDatasourceServiceRoleDefaultPolicy8D806BF5 | AWS::IAM::Policy | | FinOpsCenterBudgetAllocationApiSchema6D45E612 | AWS::AppSync::GraphQLSchema | | FinOpsCenterBudgetAllocationApisorMappingResolver822F3A5B | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApiupdateAccountsWithOrganizationsInfoResolver91CC1D41 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApiupdateAllocationResolver8A725FFD | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApiupdateBudgetResolver2EDA782E | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApiupdateTimeCardStatusResolver66B4C127 | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApiupdateUserRoleResolverBE9C313C | AWS::AppSync::Resolver | | FinOpsCenterBudgetAllocationApiuploadSORResolver08F81E2F | AWS::AppSync::Resolver | | FinOpsCenterQuickSightLambdaHandler796799F3 | AWS::Lambda::Function | | FinOpsCenterSchedulerLambdaHandler044C0558 | AWS::Lambda::Function | | FinOpsCenterSchedulerLambdaHandlerServiceRole44BD75A8 | AWS::IAM::Role | | FinOpsCenterSchedulerLambdaHandlerServiceRoleDefaultPolicyA6553EC0 | AWS::IAM::Policy | | FinOpsCenterScheduleRuleAllowEventRuleFinOpsCenterStackFinOpsCenterSchedulerLambdaHandler680625AE3E90D379 | AWS::Lambda::Permission | | FinOpsCenterScheduleRuleEDEF0E06 | AWS::Events::Rule | | FinOpsCenterSharedFunctionsLayer84909F55 | AWS::Lambda::LayerVersion | | GluePolicyCA7268D5 | AWS::IAM::ManagedPolicy | | invoiceLambdaHandler083AEC55 | AWS::Lambda::Function | | invoiceLambdaHandlerServiceRoleAD7C6EE6 | AWS::IAM::Role | | invoiceLambdaHandlerServiceRoleDefaultPolicy20D94148 | AWS::IAM::Policy | | InvoiceTableD753B0E0 | AWS::DynamoDB::Table | | LastUpdatedTableD54B2C25 | AWS::DynamoDB::Table | | PortfolioManagers | AWS::Cognito::UserPoolGroup | | ProductManagers | AWS::Cognito::UserPoolGroup | | QSManagedPolicyBC3B1016 | AWS::IAM::ManagedPolicy | | quicksightaccessrole80E5A653 | AWS::IAM::Role | | quicksightaccessroleDefaultPolicy15628D24 | AWS::IAM::Policy | | QuicksightTable0E76B5B0 | AWS::DynamoDB::Table | | S3NotificationResourceCustomResourcePolicy0EC084AF | AWS::IAM::Policy | | S3NotificationResourceF98D77E7 | Custom::AWS | | S3Policy8FACFAB8 | AWS::IAM::ManagedPolicy | | SorElementToKeyMapper64C55F7A | AWS::DynamoDB::Table | | SORExtractorLambda56652A5B | AWS::Lambda::Function | | sorfiles6743E409 | AWS::S3::Bucket | | sorfilesAllowBucketNotificationsToFinOpsCenterStackSORExtractorLambdaA4B317F72869BA7F | AWS::Lambda::Permission | | sorfilesNotifications4210B679 | Custom::S3BucketNotifications | | SpacesTable8A997355 | AWS::DynamoDB::Table | | staticContentDeploymentAwsCliLayer18F25694 | AWS::Lambda::LayerVersion | | staticContentDeploymentCustomResourceC4584F3F | Custom::CDKBucketDeployment | | TimeCardsTable0247B46C | AWS::DynamoDB::Table | | UsageAccountsTable883695CF | AWS::DynamoDB::Table | | UsageAccountToServiceDailyTable3EF26074 | AWS::DynamoDB::Table | | UsageAccountToServiceTableD3843CFA | AWS::DynamoDB::Table | | UsageDailyTable837F89FC | AWS::DynamoDB::Table | | UsageMasterAccountsTableD91A7B5C | AWS::DynamoDB::Table | | UsageTable28300137 | AWS::DynamoDB::Table | | UserBudgetAccessTable665F2C92 | AWS::DynamoDB::Table | | UserMappingABB16FE5 | AWS::DynamoDB::Table | | UserPool6BA7E5F2 | AWS::Cognito::UserPool | | UserPoolFinOpsCenterPoolweb6108E3D9 | AWS::Cognito::UserPoolClient | During the installation of FinOps Center, the following roles are created in customers accounts: | Resource/Role | Purpose | | --------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------- | | athenaexecutionrole33E3CAB2 | Lambda Execute Role for Athena queries | | AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2, executionroleD9A39BE6 | Lambda to Read files from s3 bucket | | BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC | S3Bucket trigger for lambda on new file upload | | budgetApprovalLambdaHandlerServiceRole57D52BE3 | Lambda to write data to DynamoDB tables (BudgetApprovalWorkflow, ApprovedBudgetsTable) | | budgetTriggerLambdaHandlerServiceRoleB543531A | Lambda to Write data to dynamodb table (BudgetApprovalWorkflow, ApprovedBudgetsTable) | | BudgetApprovalStateMachineRole7D20BD03, | Lambda access to trigger step function | | invoiceLambdaHandlerServiceRoleAD7C6EE6 | Lambda access to write data dynamodb table (InvoiceTable) | | quicksightaccessrole80E5A653 | Lambda to get quicksight dashboard url programatically | | FinOpsCenterFinopsInaBoxBudgetAllocationApilambdaDatasourceServiceRoleE3C454C3 | Appsync to invoke lambda function named BudgetAllocationLambda | | FinOpsCenterFinopsInaBoxBudgetAllocationApibudgetApprovalLambdaDatasourceServiceRole59BD64A6 | Appsync to invoke lambda function named BudgetApprovalLambda | | FinOpsCenterFinopsInaBoxBudgetAllocationApiquickSightLambdaDatasourceServiceRoleDC35C747 | Appsync to invoke lambda function named QuicksightLambda | | FinOpsCenterFinopsInaBoxBudgetAllocationApischedulerLambdaDatasourceServiceRole5D04EA71 | Appsync to invoke lambda function named SchedulerLambda | | FinOpsCenterFinopsInaBoxBudgetAllocationApiinvoiceLambdaDatasourceServiceRoleD85B21E4 | appsync to invoke lambda function named InvoiceLambda | | FinOpsCenterFinopsInaBoxBudgetAllocationApiauthenticationLambdaDatasourceServiceRole0DAF3D85 | appsync to invoke lambda function named AuthenticationLambda | | accountbudgetlambdarole77006F98 | lambda access to write data dynamodb table (SorElementToKeyMapper, BudgetsFromSOR) | | FinOpsCenterFinopsInaBoxSchedulerLambdaHandlerServiceRole1D4A6F1E | lambda access to write data dynamodb table (Scheduler) | | FinOpsCenterFinopsInaBoxAuthenticationLambdaHandlerServiceRole3583A726 | lambda access to Cognito | | CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265 | Lambda access to S3 | | athenaexecutionroleDefaultPolicy7907B333 | Athena access for CUR Data Import | | S3NotificationResourceCustomResourcePolicy0EC084AF | Bucket to trigger lambda on new items upload | | executionroleDefaultPolicy497F11A3 | | | BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36 | Bucket to trigger lambda on new items upload | | budgetApprovalLambdaHandlerServiceRoleDefaultPolicyDE143198 | | | budgetTriggerLambdaHandlerServiceRoleDefaultPolicyDD9AEFCA | Bucket to trigger lambda on new items upload | | BudgetApprovalStateMachineRoleDefaultPolicyF89BE0F0, | Step Function Execution | | invoiceLambdaHandlerServiceRoleDefaultPolicy20D94148 | Bucket to trigger lambda on new items upload | | quicksightaccessroleDefaultPolicy15628D24 | Access to QuickSight Assets | | FinOpsCenterFinopsInaBoxBudgetAllocationApilambdaDatasourceServiceRoleDefaultPolicyECB450A3 | Access to DynamoDB for Step Function | | FinOpsCenterFinopsInaBoxBudgetAllocationApibudgetApprovalLambdaDatasourceServiceRoleDefaultPolicyBCD48E00 | Step Function Execution | | FinOpsCenterFinopsInaBoxBudgetAllocationApiquickSightLambdaDatasourceServiceRoleDefaultPolicyE116784C | Access to QuickSight Assets for Row Level Security | | FinOpsCenterFinopsInaBoxBudgetAllocationApiquickSightLambdaDatasourceServiceRoleDefaultPolicyE116784C | Access to QuickSight Assets for Row Level Security | | FinOpsCenterFinopsInaBoxBudgetAllocationApiquickSightLambdaDatasourceServiceRoleDefaultPolicyE116784C | Access to QuickSight Assets for Row Level Security | | FinOpsCenterFinopsInaBoxBudgetAllocationApischedulerLambdaDatasourceServiceRoleDefaultPolicyC73BC128 | Access to DynamoDB for Step Function | | FinOpsCenterFinopsInaBoxBudgetAllocationApiinvoiceLambdaDatasourceServiceRoleDefaultPolicyF3F771EC | Access to DynamoDB for Step Function | | FinOpsCenterFinopsInaBoxBudgetAllocationApiauthenticationLambdaDatasourceServiceRoleDefaultPolicyEDD13462 | Access to Cognito for Authenticationo | | accountbudgetlambdaroleDefaultPolicy4FB21BEA | Step Function Execution | | FinOpsCenterFinopsInaBoxSchedulerLambdaHandlerServiceRoleDefaultPolicy0A59ABD5 | Step Function Execution | | FinOpsCenterFinopsInaBoxAuthenticationLambdaHandlerServiceRoleDefaultPolicy28CCCF9A | Access to Cognito for Authentication | | CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF | Execution to Create S3 bucket for FinOps Center Deployment | | QSManagedPolicyBC3B1016 | |