QuingKhaos/TerraformInitOneLoginPolicy.json

## TerraformInitOneLoginPolicy.json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iam:CreateAccountAlias",
                "iam:ListAccountAliases",
                "iam:DeleteAccountAlias"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:CreateSAMLProvider",
                "iam:GetSAMLProvider",
                "iam:UpdateSAMLProvider"
            ],
            "Resource": [
                "arn:aws:iam::ACCOUNTID:saml-provider/OneLogin"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:CreateRole",
                "iam:GetRole",
                "iam:UpdateAssumeRolePolicy",
                "iam:AttachRolePolicy",
                "iam:ListAttachedRolePolicies",
                "iam:DetachRolePolicy"
            ],
            "Resource": [
                "arn:aws:iam::ACCOUNTID:role/OneLogin",
                "arn:aws:iam::ACCOUNTID:role/Administrator",
                "arn:aws:iam::ACCOUNTID:role/Developer",
                "arn:aws:iam::ACCOUNTID:role/Billing"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:CreatePolicy",
                "iam:GetPolicy",
                "iam:GetPolicyVersion"
            ],
            "Resource": [
                "arn:aws:iam::ACCOUNTID:policy/OneLoginExternalRole"
            ]
        }
    ]
}
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Effect": "Allow",
	"Action": [
	"iam:CreateAccountAlias",
	"iam:ListAccountAliases",
	"iam:DeleteAccountAlias"
	],
	"Resource": [
	"*"
	]
	},
	{
	"Effect": "Allow",
	"Action": [
	"iam:CreateSAMLProvider",
	"iam:GetSAMLProvider",
	"iam:UpdateSAMLProvider"
	],
	"Resource": [
	"arn:aws:iam::ACCOUNTID:saml-provider/OneLogin"
	]
	},
	{
	"Effect": "Allow",
	"Action": [
	"iam:CreateRole",
	"iam:GetRole",
	"iam:UpdateAssumeRolePolicy",
	"iam:AttachRolePolicy",
	"iam:ListAttachedRolePolicies",
	"iam:DetachRolePolicy"
	],
	"Resource": [
	"arn:aws:iam::ACCOUNTID:role/OneLogin",
	"arn:aws:iam::ACCOUNTID:role/Administrator",
	"arn:aws:iam::ACCOUNTID:role/Developer",
	"arn:aws:iam::ACCOUNTID:role/Billing"
	]
	},
	{
	"Effect": "Allow",
	"Action": [
	"iam:CreatePolicy",
	"iam:GetPolicy",
	"iam:GetPolicyVersion"
	],
	"Resource": [
	"arn:aws:iam::ACCOUNTID:policy/OneLoginExternalRole"
	]
	}
	]
	}