Skip to content

Instantly share code, notes, and snippets.

@MrTrustor
Created September 16, 2016 18:08
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save MrTrustor/33ffbf72149998a6a6a4c1b3310a0334 to your computer and use it in GitHub Desktop.
Save MrTrustor/33ffbf72149998a6a6a4c1b3310a0334 to your computer and use it in GitHub Desktop.
IAM policy that provides full access to AWS services and resources except IAM, CloudTrail and CloudTrail logs
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"NotAction": [
"iam:*",
"cloudtrail:*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"iam:ChangePassword",
"iam:GetAccountPasswordPolicy",
"iam:PassRole",
"iam:AddRoleToInstanceProfile"
],
"Resource": "*"
},
{
"Action": [
"s3:DeleteBucket",
"s3:DeleteBucketPolicy",
"s3:DeleteObject",
"s3:PutBucketAcl",
"s3:PutBucketCORS",
"s3:PutBucketPolicy",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Effect": "Deny",
"Resource": [
"arn:aws:s3:::mycloudtrailbucket",
"arn:aws:s3:::mycloudtrailbucket/*"
]
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment