CodySwannGT/DevPermissionBoundaries

## DevPermissionBoundaries
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "iam:CreatePolicy",
                "iam:CreateGroup",
                "iam:AddUserToGroup",
                "iam:AttachGroupPolicy",
                "organizations:ListOrganizationalUnitsForParent",
                "organizations:CreateOrganizationalUnit",
                "organizations:MoveAccount"
            ],
            "Resource": [
                "arn:aws:organizations::*:account/o-*/*",
                "arn:aws:organizations::*:root/o-*/r-*",
                "arn:aws:organizations::*:ou/o-*/ou-*",
                "arn:aws:iam::*:policy/*",
                "arn:aws:iam::*:group/*"
            ]
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam:::role/*OrganizationAccountAccessRole"
        },
        {
            "Sid": "VisualEditor2",
            "Effect": "Allow",
            "Action": [
                "organizations:ListRoots",
                "organizations:ListAccounts",
                "organizations:DescribeOrganization",
                "iam:CreateAccountAlias",
                "organizations:CreateAccount",
                "organizations:DescribeCreateAccountStatus"
            ],
            "Resource": "*"
        }
    ]
}
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "VisualEditor0",
	"Effect": "Allow",
	"Action": [
	"iam:CreatePolicy",
	"iam:CreateGroup",
	"iam:AddUserToGroup",
	"iam:AttachGroupPolicy",
	"organizations:ListOrganizationalUnitsForParent",
	"organizations:CreateOrganizationalUnit",
	"organizations:MoveAccount"
	],
	"Resource": [
	"arn:aws:organizations:::account/o-/*",
	"arn:aws:organizations:::root/o-/r-*",
	"arn:aws:organizations:::ou/o-/ou-*",
	"arn:aws:iam:::policy/",
	"arn:aws:iam:::group/"
	]
	},
	{
	"Sid": "VisualEditor1",
	"Effect": "Allow",
	"Action": "sts:AssumeRole",
	"Resource": "arn:aws:iam:::role/*OrganizationAccountAccessRole"
	},
	{
	"Sid": "VisualEditor2",
	"Effect": "Allow",
	"Action": [
	"organizations:ListRoots",
	"organizations:ListAccounts",
	"organizations:DescribeOrganization",
	"iam:CreateAccountAlias",
	"organizations:CreateAccount",
	"organizations:DescribeCreateAccountStatus"
	],
	"Resource": "*"
	}
	]
	}