Skip to content

Instantly share code, notes, and snippets.

@0xdabbad00

0xdabbad00/ViewOnlyAccess-expanded.txt

Created July 24, 2018 17:05
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save 0xdabbad00/4a4446cdd79af66cd1eb87ba084e7c19 to your computer and use it in GitHub Desktop.
Save 0xdabbad00/4a4446cdd79af66cd1eb87ba084e7c19 to your computer and use it in GitHub Desktop.
Download ZIP
ViewOnlyAccess IAM privileges expanded
Raw
ViewOnlyAccess-expanded.txt
acm:ListCertificates
application-autoscaling:DescribeScalableTargets
application-autoscaling:DescribeScalingActivities
application-autoscaling:DescribeScalingPolicies
application-autoscaling:DescribeScheduledActions
athena:ListNamedQueries
athena:ListQueryExecutions
autoscaling:DescribeAccountLimits
autoscaling:DescribeAdjustmentTypes
autoscaling:DescribeAutoScalingGroups
autoscaling:DescribeAutoScalingInstances
autoscaling:DescribeAutoScalingNotificationTypes
autoscaling:DescribeLaunchConfigurations
autoscaling:DescribeLifecycleHookTypes
autoscaling:DescribeLifecycleHooks
autoscaling:DescribeLoadBalancerTargetGroups
autoscaling:DescribeLoadBalancers
autoscaling:DescribeMetricCollectionTypes
autoscaling:DescribeNotificationConfigurations
autoscaling:DescribePolicies
autoscaling:DescribeScalingActivities
autoscaling:DescribeScalingProcessTypes
autoscaling:DescribeScheduledActions
autoscaling:DescribeTags
autoscaling:DescribeTerminationPolicyTypes
aws-marketplace:ViewSubscriptions
batch:ListJobs
clouddirectory:ListAppliedSchemaArns
clouddirectory:ListDevelopmentSchemaArns
clouddirectory:ListDirectories
clouddirectory:ListPublishedSchemaArns
cloudformation:DescribeStacks
cloudformation:ListChangeSets
cloudformation:ListExports
cloudformation:ListImports
cloudformation:ListStackInstances
cloudformation:ListStackResources
cloudformation:ListStackSetOperationResults
cloudformation:ListStackSetOperations
cloudformation:ListStackSets
cloudformation:ListStacks
cloudfront:ListCloudFrontOriginAccessIdentities
cloudfront:ListDistributions
cloudfront:ListDistributionsByWebACLId
cloudfront:ListInvalidations
cloudfront:ListStreamingDistributions
cloudfront:ListTagsForResource
cloudhsm:ListAvailableZones
cloudhsm:ListHapgs
cloudhsm:ListHsms
cloudhsm:ListLunaClients
cloudsearch:DescribeDomains
cloudsearch:ListDomainNames
cloudsearch:ListTags
cloudtrail:DescribeTrails
cloudtrail:LookupEvents
cloudwatch:GetMetricData
cloudwatch:ListDashboards
cloudwatch:ListMetrics
codebuild:ListBuilds
codebuild:ListBuildsForProject
codebuild:ListProjects
codecommit:ListBranches
codecommit:ListPullRequests
codecommit:ListRepositories
codedeploy:GetApplication
codedeploy:GetApplicationRevision
codedeploy:GetDeployment
codedeploy:GetDeploymentConfig
codedeploy:GetDeploymentGroup
codedeploy:GetDeploymentInstance
codedeploy:GetOnPremisesInstance
codedeploy:ListApplicationRevisions
codedeploy:ListApplications
codedeploy:ListDeploymentConfigs
codedeploy:ListDeploymentGroups
codedeploy:ListDeploymentInstances
codedeploy:ListDeployments
codedeploy:ListOnPremisesInstances
codepipeline:ListPipelines
codestar:ListProjects
codestar:ListResources
codestar:ListTeamMembers
codestar:ListUserProfiles
codestar:VerifyServiceRole
cognito-identity:ListIdentities
cognito-identity:ListIdentityPools
cognito-idp:ListDevices
cognito-idp:ListGroups
cognito-idp:ListUserImportJobs
cognito-idp:ListUserPoolClients
cognito-idp:ListUserPools
cognito-idp:ListUsers
cognito-idp:ListUsersInGroup
cognito-sync:ListDatasets
config:DescribeAggregateComplianceByConfigRules
config:DescribeAggregationAuthorizations
config:DescribeComplianceByConfigRule
config:DescribeComplianceByResource
config:DescribeConfigRuleEvaluationStatus
config:DescribeConfigRules
config:DescribeConfigurationAggregatorSourcesStatus
config:DescribeConfigurationAggregators
config:DescribeConfigurationRecorderStatus
config:DescribeConfigurationRecorders
config:DescribeDeliveryChannelStatus
config:DescribeDeliveryChannels
config:DescribePendingAggregationRequests
config:ListDiscoveredResources
connect:ListInstances
datapipeline:DescribePipelines
datapipeline:GetAccountLimits
datapipeline:ListPipelines
devicefarm:ListArtifacts
devicefarm:ListDevicePools
devicefarm:ListDevices
devicefarm:ListJobs
devicefarm:ListNetworkProfiles
devicefarm:ListOfferingTransactions
devicefarm:ListOfferings
devicefarm:ListProjects
devicefarm:ListRemoteAccessSessions
devicefarm:ListRuns
devicefarm:ListSamples
devicefarm:ListSuites
devicefarm:ListTests
devicefarm:ListUniqueProblems
devicefarm:ListUploads
directconnect:DescribeConnectionLoa
directconnect:DescribeConnections
directconnect:DescribeConnectionsOnInterconnect
directconnect:DescribeInterconnectLoa
directconnect:DescribeInterconnects
directconnect:DescribeLocations
directconnect:DescribeVirtualGateways
directconnect:DescribeVirtualInterfaces
discovery:ListConfigurations
discovery:ListServerNeighbors
dms:ListTagsForResource
ds:DescribeDirectories
dynamodb:ListTables
ec2:DescribeAccountAttributes
ec2:DescribeAddresses
ec2:DescribeAvailabilityZones
ec2:DescribeBundleTasks
ec2:DescribeClassicLinkInstances
ec2:DescribeConversionTasks
ec2:DescribeCustomerGateways
ec2:DescribeDhcpOptions
ec2:DescribeExportTasks
ec2:DescribeFlowLogs
ec2:DescribeHostReservationOfferings
ec2:DescribeHostReservations
ec2:DescribeHosts
ec2:DescribeIdFormat
ec2:DescribeIdentityIdFormat
ec2:DescribeImageAttribute
ec2:DescribeImages
ec2:DescribeImportImageTasks
ec2:DescribeImportSnapshotTasks
ec2:DescribeInstanceAttribute
ec2:DescribeInstanceCreditSpecifications
ec2:DescribeInstanceStatus
ec2:DescribeInstances
ec2:DescribeInternetGateways
ec2:DescribeKeyPairs
ec2:DescribeMovingAddresses
ec2:DescribeNatGateways
ec2:DescribeNetworkAcls
ec2:DescribeNetworkInterfaceAttribute
ec2:DescribeNetworkInterfacePermissions
ec2:DescribeNetworkInterfaces
ec2:DescribePlacementGroups
ec2:DescribePrefixLists
ec2:DescribeRegions
ec2:DescribeReservedInstances
ec2:DescribeReservedInstancesListings
ec2:DescribeReservedInstancesModifications
ec2:DescribeReservedInstancesOfferings
ec2:DescribeRouteTables
ec2:DescribeSecurityGroups
ec2:DescribeSnapshotAttribute
ec2:DescribeSnapshots
ec2:DescribeSpotDatafeedSubscription
ec2:DescribeSpotFleetInstances
ec2:DescribeSpotFleetRequestHistory
ec2:DescribeSpotFleetRequests
ec2:DescribeSpotInstanceRequests
ec2:DescribeSpotPriceHistory
ec2:DescribeSubnets
ec2:DescribeVolumeAttribute
ec2:DescribeVolumeStatus
ec2:DescribeVolumes
ec2:DescribeVolumesModifications
ec2:DescribeVpcAttribute
ec2:DescribeVpcClassicLink
ec2:DescribeVpcClassicLinkDnsSupport
ec2:DescribeVpcEndpointConnectionNotifications
ec2:DescribeVpcEndpointConnections
ec2:DescribeVpcEndpointServiceConfigurations
ec2:DescribeVpcEndpointServicePermissions
ec2:DescribeVpcEndpointServices
ec2:DescribeVpcEndpoints
ec2:DescribeVpcPeeringConnections
ec2:DescribeVpcs
ec2:DescribeVpnConnections
ec2:DescribeVpnGateways
ecr:DescribeRepositories
ecr:ListImages
ecs:DescribeClusters
ecs:DescribeContainerInstances
ecs:DescribeServices
ecs:DescribeTaskDefinition
ecs:DescribeTasks
ecs:ListClusters
ecs:ListContainerInstances
ecs:ListServices
ecs:ListTaskDefinitionFamilies
ecs:ListTaskDefinitions
ecs:ListTasks
elasticache:DescribeCacheClusters
elasticache:DescribeCacheEngineVersions
elasticache:DescribeCacheParameterGroups
elasticache:DescribeCacheParameters
elasticache:DescribeCacheSecurityGroups
elasticache:DescribeCacheSubnetGroups
elasticache:DescribeEngineDefaultParameters
elasticache:DescribeEvents
elasticache:DescribeReplicationGroups
elasticache:DescribeReservedCacheNodes
elasticache:DescribeReservedCacheNodesOfferings
elasticache:DescribeSnapshots
elasticbeanstalk:DescribeApplicationVersions
elasticbeanstalk:DescribeApplications
elasticbeanstalk:DescribeEnvironments
elasticbeanstalk:ListAvailableSolutionStacks
elasticfilesystem:DescribeFileSystems
elasticloadbalancing:DescribeListeners
elasticloadbalancing:DescribeLoadBalancers
elasticloadbalancing:DescribeTargetGroups
elasticloadbalancing:DescribeTargetHealth
elasticmapreduce:ListBootstrapActions
elasticmapreduce:ListClusters
elasticmapreduce:ListInstanceGroups
elasticmapreduce:ListInstances
elasticmapreduce:ListSecurityConfigurations
elasticmapreduce:ListSteps
elastictranscoder:ListJobsByPipeline
elastictranscoder:ListJobsByStatus
elastictranscoder:ListPipelines
elastictranscoder:ListPresets
es:DescribeElasticsearchDomain
es:DescribeElasticsearchDomainConfig
es:DescribeElasticsearchDomains
es:ListDomainNames
events:ListRuleNamesByTarget
events:ListRules
events:ListTargetsByRule
firehose:DescribeDeliveryStream
firehose:ListDeliveryStreams
gamelift:ListAliases
gamelift:ListBuilds
gamelift:ListFleets
glacier:ListJobs
glacier:ListMultipartUploads
glacier:ListParts
glacier:ListProvisionedCapacity
glacier:ListTagsForVault
glacier:ListVaults
iam:GetAccountSummary
iam:GetLoginProfile
iam:ListAccessKeys
iam:ListAccountAliases
iam:ListAttachedGroupPolicies
iam:ListAttachedRolePolicies
iam:ListAttachedUserPolicies
iam:ListEntitiesForPolicy
iam:ListGroupPolicies
iam:ListGroups
iam:ListGroupsForUser
iam:ListInstanceProfiles
iam:ListInstanceProfilesForRole
iam:ListMFADevices
iam:ListOpenIDConnectProviders
iam:ListPolicies
iam:ListPoliciesGrantingServiceAccess
iam:ListPolicyVersions
iam:ListRolePolicies
iam:ListRoles
iam:ListSAMLProviders
iam:ListSSHPublicKeys
iam:ListServerCertificates
iam:ListServiceSpecificCredentials
iam:ListSigningCertificates
iam:ListUserPolicies
iam:ListUsers
iam:ListVirtualMFADevices
importexport:ListJobs
inspector:ListAssessmentRunAgents
inspector:ListAssessmentRuns
inspector:ListAssessmentTargets
inspector:ListAssessmentTemplates
inspector:ListEventSubscriptions
inspector:ListFindings
inspector:ListRulesPackages
inspector:ListTagsForResource
iot:ListAttachedPolicies
iot:ListAuthorizers
iot:ListCACertificates
iot:ListCertificates
iot:ListCertificatesByCA
iot:ListIndices
iot:ListJobExecutionsForJob
iot:ListJobExecutionsForThing
iot:ListJobs
iot:ListOTAUpdateJobs
iot:ListOutgoingCertificates
iot:ListPolicies
iot:ListPolicyPrincipals
iot:ListPolicyVersions
iot:ListPrincipalPolicies
iot:ListPrincipalThings
iot:ListRoleAliases
iot:ListStreams
iot:ListTargetsForPolicy
iot:ListThingGroups
iot:ListThingGroupsForThing
iot:ListThingPrincipals
iot:ListThingRegistrationTaskReports
iot:ListThingRegistrationTasks
iot:ListThingTypes
iot:ListThings
iot:ListThingsInThingGroup
iot:ListTopicRules
iot:ListV2LoggingLevels
kinesis:ListStreams
kinesisanalytics:ListApplications
kms:ListKeys
lambda:ListAliases
lambda:ListEventSourceMappings
lambda:ListFunctions
lambda:ListTags
lambda:ListVersionsByFunction
lex:GetBotAliases
lex:GetBotChannelAssociations
lex:GetBotVersions
lex:GetBots
lex:GetIntentVersions
lex:GetIntents
lex:GetSlotTypeVersions
lex:GetSlotTypes
lex:GetUtterancesView
lightsail:GetBlueprints
lightsail:GetBundles
lightsail:GetInstanceSnapshots
lightsail:GetInstances
lightsail:GetKeyPair
lightsail:GetKeyPairs
lightsail:GetRegions
lightsail:GetStaticIps
lightsail:IsVpcPeered
logs:DescribeDestinations
logs:DescribeExportTasks
logs:DescribeLogGroups
logs:DescribeLogStreams
logs:DescribeMetricFilters
logs:DescribeResourcePolicies
logs:DescribeSubscriptionFilters
machinelearning:DescribeBatchPredictions
machinelearning:DescribeDataSources
machinelearning:DescribeEvaluations
machinelearning:DescribeMLModels
machinelearning:DescribeTags
mobilehub:ListAvailableFeatures
mobilehub:ListAvailableRegions
mobilehub:ListProjects
mobiletargeting:GetApplicationSettings
mobiletargeting:GetCampaigns
mobiletargeting:GetImportJobs
mobiletargeting:GetSegments
opsworks-cm:DescribeAccountAttributes
opsworks-cm:DescribeBackups
opsworks-cm:DescribeEvents
opsworks-cm:DescribeNodeAssociationStatus
opsworks-cm:DescribeServers
opsworks:DescribeAgentVersions
opsworks:DescribeApps
opsworks:DescribeCommands
opsworks:DescribeDeployments
opsworks:DescribeEcsClusters
opsworks:DescribeElasticIps
opsworks:DescribeElasticLoadBalancers
opsworks:DescribeInstances
opsworks:DescribeLayers
opsworks:DescribeLoadBasedAutoScaling
opsworks:DescribeMyUserProfile
opsworks:DescribePermissions
opsworks:DescribeRaidArrays
opsworks:DescribeRdsDbInstances
opsworks:DescribeServiceErrors
opsworks:DescribeStackProvisioningParameters
opsworks:DescribeStackSummary
opsworks:DescribeStacks
opsworks:DescribeTimeBasedAutoScaling
opsworks:DescribeUserProfiles
opsworks:DescribeVolumes
organizations:ListAWSServiceAccessForOrganization
organizations:ListAccounts
organizations:ListAccountsForParent
organizations:ListChildren
organizations:ListCreateAccountStatus
organizations:ListHandshakesForAccount
organizations:ListHandshakesForOrganization
organizations:ListOrganizationalUnitsForParent
organizations:ListParents
organizations:ListPolicies
organizations:ListPoliciesForTarget
organizations:ListRoots
organizations:ListTargetsForPolicy
polly:DescribeVoices
polly:ListLexicons
polly:ListSpeechSynthesisTasks
rds:DescribeAccountAttributes
rds:DescribeCertificates
rds:DescribeDBClusterParameterGroups
rds:DescribeDBClusterParameters
rds:DescribeDBClusterSnapshotAttributes
rds:DescribeDBClusterSnapshots
rds:DescribeDBClusters
rds:DescribeDBEngineVersions
rds:DescribeDBInstances
rds:DescribeDBLogFiles
rds:DescribeDBParameterGroups
rds:DescribeDBParameters
rds:DescribeDBSecurityGroups
rds:DescribeDBSnapshotAttributes
rds:DescribeDBSnapshots
rds:DescribeDBSubnetGroups
rds:DescribeEngineDefaultClusterParameters
rds:DescribeEngineDefaultParameters
rds:DescribeEventCategories
rds:DescribeEventSubscriptions
rds:DescribeEvents
rds:DescribeOptionGroupOptions
rds:DescribeOptionGroups
rds:DescribeOrderableDBInstanceOptions
rds:DescribePendingMaintenanceActions
rds:DescribeReservedDBInstances
rds:DescribeReservedDBInstancesOfferings
redshift:DescribeClusters
redshift:DescribeEvents
redshift:ViewQueriesInConsole
route53:GetAccountLimit
route53:GetChange
route53:GetCheckerIpRanges
route53:GetGeoLocation
route53:GetHealthCheck
route53:GetHealthCheckCount
route53:GetHealthCheckLastFailureReason
route53:GetHealthCheckStatus
route53:GetHostedZone
route53:GetHostedZoneCount
route53:GetHostedZoneLimit
route53:GetQueryLoggingConfig
route53:GetReusableDelegationSet
route53:GetReusableDelegationSetLimit
route53:GetTrafficPolicy
route53:GetTrafficPolicyInstance
route53:GetTrafficPolicyInstanceCount
route53:ListGeoLocations
route53:ListHealthChecks
route53:ListHostedZones
route53:ListHostedZonesByName
route53:ListQueryLoggingConfigs
route53:ListResourceRecordSets
route53:ListReusableDelegationSets
route53:ListTagsForResource
route53:ListTagsForResources
route53:ListTrafficPolicies
route53:ListTrafficPolicyInstances
route53:ListTrafficPolicyInstancesByHostedZone
route53:ListTrafficPolicyInstancesByPolicy
route53:ListTrafficPolicyVersions
route53:ListVPCAssociationAuthorizations
route53domains:ListDomains
route53domains:ListOperations
route53domains:ListTagsForDomain
s3:ListAllMyBuckets
s3:ListBucket
s3:ListBucketByTags
s3:ListBucketMultipartUploads
s3:ListBucketVersions
sagemaker:DescribeEndpoint
sagemaker:DescribeEndpointConfig
sagemaker:DescribeHyperParameterTuningJob
sagemaker:DescribeModel
sagemaker:DescribeNotebookInstance
sagemaker:DescribeNotebookInstanceLifecycleConfig
sagemaker:DescribeTrainingJob
sagemaker:ListEndpointConfigs
sagemaker:ListEndpoints
sagemaker:ListHyperParameterTuningJobs
sagemaker:ListModels
sagemaker:ListNotebookInstanceLifecycleConfigs
sagemaker:ListNotebookInstances
sagemaker:ListTags
sagemaker:ListTrainingJobs
sagemaker:ListTrainingJobsForHyperParameterTuningJob
sdb:ListDomains
servicecatalog:ListAcceptedPortfolioShares
servicecatalog:ListConstraintsForPortfolio
servicecatalog:ListLaunchPaths
servicecatalog:ListPortfolioAccess
servicecatalog:ListPortfolios
servicecatalog:ListPortfoliosForProduct
servicecatalog:ListPrincipalsForPortfolio
servicecatalog:ListProvisioningArtifacts
servicecatalog:ListRecordHistory
servicediscovery:ListInstances
servicediscovery:ListNamespaces
servicediscovery:ListOperations
servicediscovery:ListServices
ses:ListConfigurationSets
ses:ListCustomVerificationEmailTemplates
ses:ListIdentities
ses:ListIdentityPolicies
ses:ListReceiptFilters
ses:ListReceiptRuleSets
ses:ListTemplates
ses:ListVerifiedEmailAddresses
shield:ListAttacks
shield:ListProtections
sns:ListEndpointsByPlatformApplication
sns:ListPhoneNumbersOptedOut
sns:ListPlatformApplications
sns:ListSubscriptions
sns:ListSubscriptionsByTopic
sns:ListTopics
sqs:ListQueues
ssm:ListAssociations
ssm:ListDocuments
states:ListActivities
states:ListStateMachines
storagegateway:ListGateways
storagegateway:ListLocalDisks
storagegateway:ListVolumeRecoveryPoints
storagegateway:ListVolumes
swf:ListActivityTypes
swf:ListClosedWorkflowExecutions
swf:ListDomains
swf:ListOpenWorkflowExecutions
swf:ListWorkflowTypes
trustedadvisor:DescribeCheckItems
trustedadvisor:DescribeCheckRefreshStatuses
trustedadvisor:DescribeCheckSummaries
trustedadvisor:DescribeNotificationPreferences
waf-regional:ListActivatedRulesInRuleGroup
waf-regional:ListByteMatchSets
waf-regional:ListGeoMatchSets
waf-regional:ListIPSets
waf-regional:ListRateBasedRules
waf-regional:ListRegexMatchSets
waf-regional:ListRegexPatternSets
waf-regional:ListResourcesForWebACL
waf-regional:ListRuleGroups
waf-regional:ListRules
waf-regional:ListSizeConstraintSets
waf-regional:ListSqlInjectionMatchSets
waf-regional:ListSubscribedRuleGroups
waf-regional:ListWebACLs
waf-regional:ListXssMatchSets
waf:ListActivatedRulesInRuleGroup
waf:ListByteMatchSets
waf:ListGeoMatchSets
waf:ListIPSets
waf:ListRateBasedRules
waf:ListRegexMatchSets
waf:ListRegexPatternSets
waf:ListRuleGroups
waf:ListRules
waf:ListSizeConstraintSets
waf:ListSqlInjectionMatchSets
waf:ListSubscribedRuleGroups
waf:ListWebACLs
waf:ListXssMatchSets
workdocs:DescribeAvailableDirectories
workdocs:DescribeInstances
workmail:DescribeDirectories
workmail:DescribeKmsKeys
workmail:DescribeMailDomains
workmail:DescribeMailGroups
workmail:DescribeMailUsers
workmail:DescribeOrganizations
workspaces:DescribeTags
workspaces:DescribeWorkspaceBundles
workspaces:DescribeWorkspaceDirectories
workspaces:DescribeWorkspaces
workspaces:DescribeWorkspacesConnectionStatus
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment