bjinwright/zappa-iam.json

## zappa-iam.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeSubnets",
                "ec2:Describe*"
            ],
            "Resource": [
                "*"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::your-function-bucket",
                "arn:aws:s3:::your-static-and-media-files-bucket"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::your-function-bucket/*",
                "arn:aws:s3:::your-static-and-media-files-bucket/yourblog-prod-static/*",
                "arn:aws:s3:::your-static-and-media-files-bucket/yourblog-prod-media/*",
                "arn:aws:s3:::your-static-and-media-files-bucket/yourblog-prod-static",
                "arn:aws:s3:::your-static-and-media-files-bucket/yourblog-prod-media"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "iam:GetRole",
                "iam:PassRole",
                "iam:PutRolePolicy"
            ],
            "Resource": [
                "*"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "iam:PassRole"
            ],
            "Resource": [
                "arn:aws:iam:::role/Zappa"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "apigateway:DELETE",
                "apigateway:GET",
                "apigateway:PATCH",
                "apigateway:POST",
                "apigateway:PUT"
            ],
            "Resource": [
                "arn:aws:apigateway:::yourblog-prod",
                "arn:aws:apigateway:us-east-1::/restapis/*",
                "arn:aws:apigateway:us-east-1::/restapis"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "lambda:AddPermission",
                "lambda:DeleteFunction",
                "lambda:GetFunction",
                "lambda:InvokeFunction",
                "lambda:GetPolicy",
                "lambda:ListVersionsByFunction",
                "lambda:UpdateFunctionCode",
                "lambda:RemovePermission",
                "lambda:UpdateFunctionConfiguration"
            ],
            "Resource": [
                "arn:aws:lambda:us-east-1:*:yourblog-prod"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "lambda:CreateFunction"
            ],
            "Resource": [
                "*"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "events:ListRules"
            ],
            "Resource": [
                "arn:aws:events:us-east-1:*:rule/*"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "events:PutRule",
                "events:PutTargets",
                "events:ListTargetsByRule",
                "events:DeleteRule",
                "events:RemoveTargets"
            ],
            "Resource": [
                "arn:aws:events:us-east-1:*:rule/yourblog-prod-zappa-keep-warm-handler.keep_warm_callback"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "cloudformation:*"
            ],
            "Resource": [
                "arn:aws:cloudformation:us-east-1:*:*"
            ],
            "Effect": "Allow"
        }
    ]
}
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Action": [
	"ec2:DescribeSecurityGroups",
	"ec2:DescribeSubnets",
	"ec2:Describe*"
	],
	"Resource": [
	"*"
	],
	"Effect": "Allow"
	},
	{
	"Action": [
	"s3:ListBucket"
	],
	"Resource": [
	"arn:aws:s3:::your-function-bucket",
	"arn:aws:s3:::your-static-and-media-files-bucket"
	],
	"Effect": "Allow"
	},
	{
	"Action": [
	"s3:*"
	],
	"Resource": [
	"arn:aws:s3:::your-function-bucket/*",
	"arn:aws:s3:::your-static-and-media-files-bucket/yourblog-prod-static/*",
	"arn:aws:s3:::your-static-and-media-files-bucket/yourblog-prod-media/*",
	"arn:aws:s3:::your-static-and-media-files-bucket/yourblog-prod-static",
	"arn:aws:s3:::your-static-and-media-files-bucket/yourblog-prod-media"
	],
	"Effect": "Allow"
	},
	{
	"Action": [
	"iam:GetRole",
	"iam:PassRole",
	"iam:PutRolePolicy"
	],
	"Resource": [
	"*"
	],
	"Effect": "Allow"
	},
	{
	"Action": [
	"iam:PassRole"
	],
	"Resource": [
	"arn:aws:iam:::role/Zappa"
	],
	"Effect": "Allow"
	},
	{
	"Action": [
	"apigateway:DELETE",
	"apigateway:GET",
	"apigateway:PATCH",
	"apigateway:POST",
	"apigateway:PUT"
	],
	"Resource": [
	"arn:aws:apigateway:::yourblog-prod",
	"arn:aws:apigateway:us-east-1::/restapis/*",
	"arn:aws:apigateway:us-east-1::/restapis"
	],
	"Effect": "Allow"
	},
	{
	"Action": [
	"lambda:AddPermission",
	"lambda:DeleteFunction",
	"lambda:GetFunction",
	"lambda:InvokeFunction",
	"lambda:GetPolicy",
	"lambda:ListVersionsByFunction",
	"lambda:UpdateFunctionCode",
	"lambda:RemovePermission",
	"lambda:UpdateFunctionConfiguration"
	],
	"Resource": [
	"arn:aws:lambda:us-east-1:*:yourblog-prod"
	],
	"Effect": "Allow"
	},
	{
	"Action": [
	"lambda:CreateFunction"
	],
	"Resource": [
	"*"
	],
	"Effect": "Allow"
	},
	{
	"Action": [
	"events:ListRules"
	],
	"Resource": [
	"arn:aws:events:us-east-1::rule/"
	],
	"Effect": "Allow"
	},
	{
	"Action": [
	"events:PutRule",
	"events:PutTargets",
	"events:ListTargetsByRule",
	"events:DeleteRule",
	"events:RemoveTargets"
	],
	"Resource": [
	"arn:aws:events:us-east-1:*:rule/yourblog-prod-zappa-keep-warm-handler.keep_warm_callback"
	],
	"Effect": "Allow"
	},
	{
	"Action": [
	"cloudformation:*"
	],
	"Resource": [
	"arn:aws:cloudformation:us-east-1::"
	],
	"Effect": "Allow"
	}
	]
	}