Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
AWS managed policies resource reference, found using https://github.com/SummitRoute/aws_managed_policies and: cat policies/* | jq '.PolicyVersion.Document.Statement[].Resource' | sed 's/ //' | sort | uniq
"*"
"arn:*:iam::*:role/aws-service-role/s3.data-source.lustre.fsx.amazonaws.com/AWSServiceRoleForFSxS3Access_*"
"arn:aws:a4b:*:*:gateway/*"
"arn:aws:acm-pca:*:*:certificate-authority/*"
"arn:aws:acuity:*:*:stream/deeplens*/*"
"arn:aws:apigateway:*::/*"
"arn:aws:apigateway:*::/account",
"arn:aws:apigateway:*::/clientcertificates",
"arn:aws:apigateway:*::/clientcertificates/*",
"arn:aws:apigateway:*::/domainnames"
"arn:aws:apigateway:*::/domainnames",
"arn:aws:apigateway:*::/domainnames/*",
"arn:aws:apigateway:*::/domainnames/*/basepathmappings",
"arn:aws:apigateway:*::/domainnames/*/basepathmappings/*",
"arn:aws:apigateway:*::/restapis",
"arn:aws:apigateway:*::/restapis/*",
"arn:aws:apigateway:*::/restapis/*/authorizers",
"arn:aws:apigateway:*::/restapis/*/authorizers/*",
"arn:aws:apigateway:*::/restapis/*/deployments",
"arn:aws:apigateway:*::/restapis/*/deployments/*",
"arn:aws:apigateway:*::/restapis/*/models",
"arn:aws:apigateway:*::/restapis/*/models/*",
"arn:aws:apigateway:*::/restapis/*/models/*/default_template",
"arn:aws:apigateway:*::/restapis/*/resources",
"arn:aws:apigateway:*::/restapis/*/resources/*",
"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*",
"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration",
"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration/responses/*",
"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/responses/*",
"arn:aws:apigateway:*::/restapis/*/stages",
"arn:aws:apigateway:*::/restapis/*/stages/*"
"arn:aws:apigateway:*::/restapis/*/stages/*/sdks/*",
"arn:aws:apigateway:*::/vpclinks"
"arn:aws:cloudformation:*:*:changeSet/SC-*",
"arn:aws:cloudformation:*:*:stack/ApplicationInsights-*"
"arn:aws:cloudformation:*:*:stack/SC-*",
"arn:aws:cloudformation:*:*:stack/StackSet-SC-*",
"arn:aws:cloudformation:*:*:stack/aws-cloud9-*"
"arn:aws:cloudformation:*:*:stack/aws-cloud9-*",
"arn:aws:cloudformation:*:*:stack/aws-glue*/*"
"arn:aws:cloudformation:*:*:stack/aws-opsworks-cm-*"
"arn:aws:cloudformation:*:*:stack/awscodestar-*"
"arn:aws:cloudformation:*:*:stack/awscodestar-*",
"arn:aws:cloudformation:*:*:stack/awseb-*",
"arn:aws:cloudformation:*:*:stack/eb-*"
"arn:aws:cloudformation:*:*:stack/sms-app-*/*"
"arn:aws:cloudformation:*:*:stackset/SC-*"
"arn:aws:cloudformation:*:aws:transform/CodeStar*"
"arn:aws:cloudfront::*:*",
"arn:aws:cloudtrail:*:*:trail/AWSMacieTrail-DO-NOT-EDIT"
"arn:aws:cloudwatch:*:*:*:*"
"arn:aws:codecommit:*:*:*SageMaker*",
"arn:aws:codecommit:*:*:*Sagemaker*"
"arn:aws:codecommit:*:*:*sagemaker*",
"arn:aws:config:*:*:config-rule/aws-service-rule/*securityhub*"
"arn:aws:config:*:*:config-rule/aws-service-rule/fms.amazonaws.com/*"
"arn:aws:dynamodb:*:*:table/*"
"arn:aws:dynamodb:*:*:table/*-stack-AWSEBWorkerCronLeaderRegistry*"
"arn:aws:dynamodb:*:*:table/*/backup/*"
"arn:aws:ec2:*:*:image/*",
"arn:aws:ec2:*:*:instance/*"
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:key-pair/*",
"arn:aws:ec2:*:*:network-interface/*"
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:security-group/*"
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:spot-instances-request/*"
"arn:aws:ec2:*:*:subnet/*"
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:volume/*"
"arn:aws:ec2:*:*:vpc/*",
"arn:aws:ec2:*::image/*",
"arn:aws:ec2:*::snapshot/*"
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ecr:*:*:repository/*sagemaker*"
"arn:aws:elasticfilesystem:*:*:file-system/*"
"arn:aws:elasticloadbalancing:*:*:*",
"arn:aws:elasticloadbalancing:*:*:loadbalancer/*"
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*"
"arn:aws:events:*:*:rule/awscodestar-*"
"arn:aws:events:*:*:rule/codecommit*"
"arn:aws:execute-api:*:*:*"
"arn:aws:firehose:*:*:deliverystream/aws-application-discovery-service*"
"arn:aws:firehose:*:*:deliverystream/aws-waf-logs-*"
"arn:aws:iam::*:instance-profile/aws-elasticbeanstalk*"
"arn:aws:iam::*:instance-profile/awscodestar-*"
"arn:aws:iam::*:instance-profile/ecsInstanceRole",
"arn:aws:iam::*:policy/CodeStarWorker*",
"arn:aws:iam::*:policy/CodeStar_*"
"arn:aws:iam::*:role/*Automation*",
"arn:aws:iam::*:role/*AwsBackup*"
"arn:aws:iam::*:role/*Instance*"
"arn:aws:iam::*:role/AWSApplicationDiscoveryServiceFirehose"
"arn:aws:iam::*:role/AWSBatchJobRole*"
"arn:aws:iam::*:role/AWSBatchServiceRole",
"arn:aws:iam::*:role/AWSDeepLens*",
"arn:aws:iam::*:role/AWSGlueServiceNotebookRole*"
"arn:aws:iam::*:role/AWSGlueServiceRole*"
"arn:aws:iam::*:role/AWSGlueServiceSageMakerNotebookRole*"
"arn:aws:iam::*:role/AWS_Events_Invoke_Targets"
"arn:aws:iam::*:role/CodeStarWorker*",
"arn:aws:iam::*:role/DataPipelineDefaultResourceRole"
"arn:aws:iam::*:role/DataPipelineDefaultResourceRole",
"arn:aws:iam::*:role/DataPipelineDefaultRole"
"arn:aws:iam::*:role/DataPipelineDefaultRole",
"arn:aws:iam::*:role/ECSTaskExecution*"
"arn:aws:iam::*:role/EMR_DefaultRole",
"arn:aws:iam::*:role/EMR_EC2_DefaultRole",
"arn:aws:iam::*:role/aws-codestar-service-role",
"arn:aws:iam::*:role/aws-ec2-spot-fleet-role",
"arn:aws:iam::*:role/aws-elasticbeanstalk*",
"arn:aws:iam::*:role/aws-opsworks-cm-*",
"arn:aws:iam::*:role/aws-reserved/sso.amazonaws.com/*"
"arn:aws:iam::*:role/aws-service-role/appstream.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_AppStreamFleet"
"arn:aws:iam::*:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling*"
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels"
"arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect*"
"arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect_*"
"arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*"
"arn:aws:iam::*:role/aws-service-role/elasticache.amazonaws.com/AWSServiceRoleForElastiCache"
"arn:aws:iam::*:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*"
"arn:aws:iam::*:role/aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents*"
"arn:aws:iam::*:role/aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS"
"arn:aws:iam::*:role/aws-service-role/inspector.amazonaws.com/AWSServiceRoleForAmazonInspector"
"arn:aws:iam::*:role/aws-service-role/kafka.amazonaws.com/AWSServiceRoleForKafka*"
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots"
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots",
"arn:aws:iam::*:role/aws-service-role/lightsail.amazonaws.com/AWSServiceRoleForLightsail*"
"arn:aws:iam::*:role/aws-service-role/organizations.amazonaws.com/*"
"arn:aws:iam::*:role/aws-service-role/ram.amazonaws.com/*"
"arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS"
"arn:aws:iam::*:role/aws-service-role/redshift.amazonaws.com/AWSServiceRoleForRedshift"
"arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint"
"arn:aws:iam::*:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot*"
"arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*"
"arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO"
"arn:aws:iam::*:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport"
"arn:aws:iam::*:role/ec2-sysadmin-*",
"arn:aws:iam::*:role/ecr-sysadmin-*",
"arn:aws:iam::*:role/ecsAutoscaleRole*"
"arn:aws:iam::*:role/ecsInstanceRole",
"arn:aws:iam::*:role/ecsInstanceRole*"
"arn:aws:iam::*:role/ecsTaskExecutionRole",
"arn:aws:iam::*:role/flow-logs-*"
"arn:aws:iam::*:role/iaws-ec2-spot-fleet-role",
"arn:aws:iam::*:role/kinesis-*"
"arn:aws:iam::*:role/lambda-dynamodb-*",
"arn:aws:iam::*:role/lambda-sysadmin-*"
"arn:aws:iam::*:role/lambda-vpc-execution-role",
"arn:aws:iam::*:role/lambda_exec_role",
"arn:aws:iam::*:role/lamdba-sysadmin-*",
"arn:aws:iam::*:role/rdbms-lambda-access",
"arn:aws:iam::*:role/rds-monitoring-role",
"arn:aws:iam::*:role/service-role/AWSApplicationDiscoveryServiceFirehose"
"arn:aws:iam::*:role/service-role/AWSBatchServiceRole",
"arn:aws:iam::*:role/service-role/AWSDeepLens*"
"arn:aws:iam::*:role/service-role/AWSGlueServiceRole*"
"arn:aws:iam::*:role/service-role/ApplicationAutoScalingForAmazonAppStreamAccess"
"arn:aws:iam::*:role/service-role/StatesExecutionRole*"
"arn:aws:iam::*:role/service-role/aws-codestar-service-role"
"arn:aws:iam::*:role/service-role/aws-opsworks-cm-*"
"arn:aws:iam::*:role/service-role/kinesis-analytics*"
"arn:aws:iam::*:saml-provider/AWSSSO_*"
"arn:aws:iam::*:user/${aws:username}"
"arn:aws:iot:*:*:cert/*"
"arn:aws:iot:*:*:job/AFR_OTA*"
"arn:aws:iot:*:*:policy/deeplens*",
"arn:aws:iot:*:*:stream/AFR_OTA*"
"arn:aws:iot:*:*:thing/*"
"arn:aws:iot:*:*:thing/*-gci"
"arn:aws:iot:*:*:thing/*-gcm",
"arn:aws:iot:*:*:thing/*-gda",
"arn:aws:iot:*:*:thing/GG_*",
"arn:aws:iot:*:*:thing/deeplens*"
"arn:aws:iot:*:*:thing/deeplens*",
"arn:aws:iotanalytics:*:*:datastore-index/*"
"arn:aws:kinesis:*:*:stream/AmazonRekognition*"
"arn:aws:kinesis:*:*:stream/AmazonWorkLink-*"
"arn:aws:kinesis:*:*:stream/aws-rds-das-*"
"arn:aws:lambda:*:*:function:*"
"arn:aws:lambda:*:*:function:*:SSM*"
"arn:aws:lambda:*:*:function:*LabelingFunction*"
"arn:aws:lambda:*:*:function:*SageMaker*",
"arn:aws:lambda:*:*:function:*Sagemaker*",
"arn:aws:lambda:*:*:function:*sagemaker*",
"arn:aws:lambda:*:*:function:AWSIoTSiteWise*"
"arn:aws:lambda:*:*:function:AmazonLex*"
"arn:aws:lambda:*:*:function:Automation*"
"arn:aws:lambda:*:*:function:CodeDeployHook_*"
"arn:aws:lambda:*:*:function:SSM*",
"arn:aws:lambda:*:*:function:SecretsManager*"
"arn:aws:lambda:*:*:function:aws-robomaker-*"
"arn:aws:lambda:*:*:function:deeplens*"
"arn:aws:logs:*:*:*"
"arn:aws:logs:*:*:/aws-glue/*"
"arn:aws:logs:*:*:/aws/cloudfront/*"
"arn:aws:logs:*:*:log-group:/aws/amazonmq/*"
"arn:aws:logs:*:*:log-group:/aws/application-discovery-service/firehose*"
"arn:aws:logs:*:*:log-group:/aws/application-discovery-service/firehose:log-stream:*"
"arn:aws:logs:*:*:log-group:/aws/codebuild/*:log-stream:*"
"arn:aws:logs:*:*:log-group:/aws/docdb/*"
"arn:aws:logs:*:*:log-group:/aws/docdb/*:log-stream:*"
"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*"
"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*:log-stream:*"
"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/platform/*"
"arn:aws:logs:*:*:log-group:/aws/greengrass/*"
"arn:aws:logs:*:*:log-group:/aws/neptune/*:log-stream:*"
"arn:aws:logs:*:*:log-group:/aws/rds/*"
"arn:aws:logs:*:*:log-group:/aws/rds/*",
"arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*"
"arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*",
"arn:aws:logs:*:*:log-group:RDS*"
"arn:aws:logs:*:*:log-group:RDS*:log-stream:*"
"arn:aws:logs:*:*:log-group:dms-tasks-*"
"arn:aws:logs:*:*:log-group:dms-tasks-*:log-stream:dms-task-*"
"arn:aws:mgh:*:*:progressUpdateStream/DMS"
"arn:aws:mgh:*:*:progressUpdateStream/DMS/*"
"arn:aws:mgh:*:*:progressUpdateStream/SMS"
"arn:aws:mgh:*:*:progressUpdateStream/SMS/*"
"arn:aws:pi:*:*:metrics/rds/*"
"arn:aws:rds:*"
"arn:aws:rds:*:*:snapshot:awsbackup:*"
"arn:aws:route53:::hostedzone/*",
"arn:aws:s3:::*"
"arn:aws:s3:::*-awsmacietrail-*"
"arn:aws:s3:::*-greengrass-updates/*"
"arn:aws:s3:::*-mobilehub-*"
"arn:aws:s3:::*-mobilehub-*/*"
"arn:aws:s3:::*/*aws-glue-*/*"
"arn:aws:s3:::*/*aws-glue-*/*",
"arn:aws:s3:::*/AWSLogs/*/Config/*"
"arn:aws:s3:::*/CodeDeploy/*"
"arn:aws:s3:::*/aws-my-sample-app*.zip"
"arn:aws:s3:::*GreenGrass*",
"arn:aws:s3:::*Greengrass*",
"arn:aws:s3:::*Personalize*",
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*aws-glue*"
"arn:aws:s3:::*greengrass*",
"arn:aws:s3:::*image-build*"
"arn:aws:s3:::*personalize*"
"arn:aws:s3:::*sagemaker*"
"arn:aws:s3:::*sagemaker*",
"arn:aws:s3:::*transcribe*"
"arn:aws:s3:::afr-ota*"
"arn:aws:s3:::appstream-app-settings-*",
"arn:aws:s3:::appstream-logs-*"
"arn:aws:s3:::appstream2-36fb080bb8-*",
"arn:aws:s3:::athena-examples*"
"arn:aws:s3:::aws-application-discovery-service*"
"arn:aws:s3:::aws-application-discovery-service*/*"
"arn:aws:s3:::aws-application-discovery-service-*",
"arn:aws:s3:::aws-application-discovery-service-*/*"
"arn:aws:s3:::aws-athena-query-results-*"
"arn:aws:s3:::aws-codestar-*",
"arn:aws:s3:::aws-codestar-*/*",
"arn:aws:s3:::aws-glue*"
"arn:aws:s3:::aws-glue-*"
"arn:aws:s3:::aws-glue-*/*",
"arn:aws:s3:::aws-license-manager-service-*"
"arn:aws:s3:::aws-license-manager-service-*/resource_sync/*"
"arn:aws:s3:::aws-opsworks-cm-*"
"arn:aws:s3:::awscodestar-*/*"
"arn:aws:s3:::awsmacie-*",
"arn:aws:s3:::awsmacietrail-*",
"arn:aws:s3:::awsserverlessrepo-changesets*"
"arn:aws:s3:::connector-platform-release-notes"
"arn:aws:s3:::connector-platform-release-notes",
"arn:aws:s3:::connector-platform-release-notes/*",
"arn:aws:s3:::connector-platform-upgrade-bundles",
"arn:aws:s3:::connector-platform-upgrade-bundles/*",
"arn:aws:s3:::connector-platform-upgrade-info",
"arn:aws:s3:::connector-platform-upgrade-info/*",
"arn:aws:s3:::crawler-public*",
"arn:aws:s3:::deeplens*"
"arn:aws:s3:::deeplens*/*",
"arn:aws:s3:::dms-*"
"arn:aws:s3:::elasticbeanstalk-*",
"arn:aws:s3:::elasticbeanstalk-*/*"
"arn:aws:s3:::import-to-ec2-*"
"arn:aws:s3:::import-to-ec2-*",
"arn:aws:s3:::import-to-ec2-connector-debug-logs/*"
"arn:aws:s3:::prod.agentless.discovery.connector.upgrade"
"arn:aws:s3:::prod.agentless.discovery.connector.upgrade/*",
"arn:aws:s3:::s3-analytics-export-shared-*"
"arn:aws:s3:::server-migration-service-upgrade",
"arn:aws:s3:::server-migration-service-upgrade/*",
"arn:aws:s3:::sms-app-*"
"arn:aws:s3:::sms-b-*",
"arn:aws:sagemaker:*:*:notebook-instance/aws-glue-*"
"arn:aws:sagemaker:*:*:training-job/*"
"arn:aws:sagemaker:*:*:training-job/deeplens*"
"arn:aws:secretsmanager:*:*:secret:greengrass-*"
"arn:aws:secretsmanager:*:*:secret:rds-db-credentials/*"
"arn:aws:serverlessrepo:*:*:applications/SecretsManager*"
"arn:aws:sns:*:*:*image-build*"
"arn:aws:sns:*:*:AmazonRekognition*"
"arn:aws:sns:*:*:AmazonTextract*"
"arn:aws:sns:*:*:Automation*"
"arn:aws:sns:*:*:CodeDeployTopic_*"
"arn:aws:sns:*:*:DirectoryMonitoring*"
"arn:aws:sns:*:*:aws-license-manager-service-*"
"arn:aws:sns:*:*:codecommit*"
"arn:aws:sns:*:*:metrics-sns-topic-for-*"
"arn:aws:sqs:*:*:dd-*",
"arn:aws:sqs:*:*:sd-*"
"arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*"
"arn:aws:ssm:*:*:parameter/CodeBuild/*"
"arn:aws:ssm:*:*:parameter/aws/service/ecs*"
"arn:aws:ssm:*::document/*",
"arn:aws:states:*:*:execution:SSM*"
"arn:aws:states:*:*:stateMachine:SSM*",
"arn:aws:storagegateway:*:*:*"
"arn:aws:storagegateway:*:*:gateway/*"
"arn:aws:storagegateway:*:*:gateway/*/volume/*"
"arn:aws:waf-regional:*"
"arn:aws:waf-regional:*:*:rulegroup/*"
"arn:aws:waf-regional:*:*:rulegroup/*",
"arn:aws:waf-regional:*:*:webacl/*",
"arn:aws:waf:*",
"arn:aws:waf:*:*:rulegroup/*",
"arn:aws:waf:*:*:webacl/*",
"arn:aws:worklink:*"
"arn:aws:cloudformation:*:*:stack/awseb-*",
"arn:aws:cloudformation:*:*:stack/eb-*"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.