...
Code Block |
---|
{ "Version": "2012-10-17", "Statement": [ { "Sid": "BplmS3TaggingWkspStorageCostPolicy", "Effect": "Allow", "Action": [ "s3:GetBucketTagging", "s3:PutBucketTagging" ], "Resource": "arn:aws:s3:::*" }, { "Sid": "BplmNatGatewayTaggingPolicy", "Effect": "Allow", "Action": [ "ec2:DeleteTags", "ec2:CreateTags" ], "Resource": "arn:aws:ec2:*:<Databricks_Wksp_AWS_Account_Id>:natgateway/*" }, { "Sid": "BplmNatGatewayVpcsTaggingPolicy", "Effect": "Allow", "Action": [ "ec2:DescribeVpcs", "ec2:DescribeNatGateways" ], "Resource": "*" } ] } |
Trust policy for the IAM_Role_Cost_Tag_For_S3_And_NAT that allows the LHO Application IAM Role in the app-host AWS Account to assume the role:
...