Skip to main content
OpenOps provides AWS CloudFormation templates to create IAM roles in your AWS account with the necessary permissions to connect to your AWS resources.

Available Stacks

OpenOpsApp Role Stack

Creates the OpenOpsApp role with permissions to run workflows from the OpenOps template catalog. The stack contains all the read permissions needed to execute all templates in our library; you can still restrict the scope to the permissions needed for the templates you are actually running. Write permissions are optional and only needed if you want to apply remediation actions directly to cloud resources. Create OpenOpsApp stack | Download template Parameters: AWS account ID, permission sets (optional)

Benchmark Role Stack

Creates a read-only OpenOpsBenchmarkRole specifically for running AWS cost optimization benchmarks. Includes Compute Optimizer permissions, resource read access (EC2, RDS, ELB, DynamoDB, CloudWatch, Cost Explorer, CloudTrail), and Pricing API access. Create Benchmark stack | Download template | View on GitHub Parameters: TrustedAccountId (required), ExternalId (optional, recommended for security)

Installation Steps

  1. Click the Create stack link for your desired stack above.
  2. On the Specify stack details page, enter the required parameters, then click Next.
  3. On the Configure stack options page, click Next.
  4. On the Review and create page, scroll down to the Capabilities section and acknowledge the creation of IAM roles: Capabilities
  5. Click Submit. The stack will be created with the configured permissions.
Note: The OpenOpsApp stack must be created in the us-east-1 region.

Modification

You’re welcome to download any stack template and modify specific permissions according to your needs. Notice that some AWS components in OpenOps workflows may not function properly as a result.

Support

Feel free to join our Slack community if you have any questions or need help with your installation.