AWS Batch (IAM)

aws compute

AWS Batch enables you to run batch computing workloads on the AWS cloud, dynamically provisioning the optimal quantity and type of compute resources.

Common permissions

batch:ListJobsbatch:DescribeJobsbatch:DescribeJobQueuesbatch:DescribeComputeEnvironmentsbatch:ListTagsForResource

Least-privilege example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "batch:ListJobs",
        "batch:DescribeJobs",
        "batch:DescribeJobQueues",
        "batch:DescribeComputeEnvironments",
        "batch:ListTagsForResource"
      ],
      "Resource": "*"
    }
  ]
}

Warnings

Avoid batch:* — grants full control including delete and modify of job queues, compute environments, and jobs
Avoid batch:CreateComputeEnvironment and batch:CreateJobQueue unless you need to provision infrastructure

Resources

AWS referenceservicereference.us-east-1.amazonaws.com/v1/batch/batch.json ↗

API

full doc /v1/iam/batch