Created
January 11, 2021 18:14
-
-
Save Raynos/d34165abdb8336c451e239215f802e64 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"route53:*", | |
"route53domains:*", | |
"cloudfront:ListDistributions", | |
"elasticloadbalancing:DescribeLoadBalancers", | |
"elasticbeanstalk:DescribeEnvironments", | |
"s3:ListBucket", | |
"s3:GetBucketLocation", | |
"s3:GetBucketWebsite", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeVpcEndpoints", | |
"ec2:DescribeRegions", | |
"sns:ListTopics", | |
"sns:ListSubscriptionsByTopic", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:GetMetricStatistics" | |
], | |
"Resource": "*" | |
}, | |
{ | |
"Effect": "Allow", | |
"Action": "apigateway:GET", | |
"Resource": "arn:aws:apigateway:*::/domainnames" | |
}, | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"apigateway:*" | |
], | |
"Resource": "arn:aws:apigateway:*::/*" | |
}, | |
{ | |
"Action": [ | |
"logs:Describe*", | |
"logs:Get*", | |
"logs:List*", | |
"logs:StartQuery", | |
"logs:StopQuery", | |
"logs:TestMetricFilter", | |
"logs:FilterLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"s3:ListAllMyBuckets" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:s3:::*" | |
}, | |
{ | |
"Action": [ | |
"acm:ListCertificates", | |
"cloudfront:*", | |
"iam:ListServerCertificates", | |
"waf:ListWebACLs", | |
"waf:GetWebACL", | |
"wafv2:ListWebACLs", | |
"wafv2:GetWebACL", | |
"kinesis:ListStreams" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"kinesis:DescribeStream" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:kinesis:*:*:*" | |
}, | |
{ | |
"Action": [ | |
"iam:ListRoles" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:*" | |
}, | |
{ | |
"Action": [ | |
"dynamodb:*", | |
"dax:*", | |
"application-autoscaling:DeleteScalingPolicy", | |
"application-autoscaling:DeregisterScalableTarget", | |
"application-autoscaling:DescribeScalableTargets", | |
"application-autoscaling:DescribeScalingActivities", | |
"application-autoscaling:DescribeScalingPolicies", | |
"application-autoscaling:PutScalingPolicy", | |
"application-autoscaling:RegisterScalableTarget", | |
"cloudwatch:DeleteAlarms", | |
"cloudwatch:DescribeAlarmHistory", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:DescribeAlarmsForMetric", | |
"cloudwatch:GetMetricStatistics", | |
"cloudwatch:ListMetrics", | |
"cloudwatch:PutMetricAlarm", | |
"datapipeline:ActivatePipeline", | |
"datapipeline:CreatePipeline", | |
"datapipeline:DeletePipeline", | |
"datapipeline:DescribeObjects", | |
"datapipeline:DescribePipelines", | |
"datapipeline:GetPipelineDefinition", | |
"datapipeline:ListPipelines", | |
"datapipeline:PutPipelineDefinition", | |
"datapipeline:QueryObjects", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeSecurityGroups", | |
"iam:GetRole", | |
"iam:ListRoles", | |
"kms:DescribeKey", | |
"kms:ListAliases", | |
"sns:CreateTopic", | |
"sns:DeleteTopic", | |
"sns:ListSubscriptions", | |
"sns:ListSubscriptionsByTopic", | |
"sns:ListTopics", | |
"sns:Subscribe", | |
"sns:Unsubscribe", | |
"sns:SetTopicAttributes", | |
"lambda:CreateFunction", | |
"lambda:ListFunctions", | |
"lambda:ListEventSourceMappings", | |
"lambda:CreateEventSourceMapping", | |
"lambda:DeleteEventSourceMapping", | |
"lambda:GetFunctionConfiguration", | |
"lambda:DeleteFunction", | |
"resource-groups:ListGroups", | |
"resource-groups:ListGroupResources", | |
"resource-groups:GetGroup", | |
"resource-groups:GetGroupQuery", | |
"resource-groups:DeleteGroup", | |
"resource-groups:CreateGroup", | |
"tag:GetResources" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "cloudwatch:GetInsightRuleReport", | |
"Effect": "Allow", | |
"Resource": "arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": [ | |
"application-autoscaling.amazonaws.com", | |
"dax.amazonaws.com" | |
] | |
} | |
} | |
}, | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"iam:CreateServiceLinkedRole" | |
], | |
"Resource": "*", | |
"Condition": { | |
"StringEquals": { | |
"iam:AWSServiceName": [ | |
"replication.dynamodb.amazonaws.com", | |
"dax.amazonaws.com", | |
"dynamodb.application-autoscaling.amazonaws.com", | |
"contributorinsights.dynamodb.amazonaws.com" | |
] | |
} | |
} | |
}, | |
{ | |
"Effect": "Allow", | |
"Action": "s3:*", | |
"Resource": "*" | |
}, | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"acm:DescribeCertificate", | |
"acm:ListCertificates", | |
"acm:GetCertificate", | |
"acm:ListTagsForCertificate" | |
], | |
"Resource": "*" | |
}, | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"acm:DescribeCertificate", | |
"acm:ListCertificates", | |
"acm:GetCertificate", | |
"acm:ListTagsForCertificate" | |
], | |
"Resource": "*" | |
}, | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"cloudformation:DescribeChangeSet", | |
"cloudformation:DescribeStackResources", | |
"cloudformation:DescribeStacks", | |
"cloudformation:GetTemplate", | |
"cloudformation:ListStackResources", | |
"cloudwatch:*", | |
"cognito-identity:ListIdentityPools", | |
"cognito-sync:GetCognitoEvents", | |
"cognito-sync:SetCognitoEvents", | |
"dynamodb:*", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"events:*", | |
"iam:GetPolicy", | |
"iam:GetPolicyVersion", | |
"iam:GetRole", | |
"iam:GetRolePolicy", | |
"iam:ListAttachedRolePolicies", | |
"iam:ListRolePolicies", | |
"iam:ListRoles", | |
"iam:PassRole", | |
"iot:AttachPrincipalPolicy", | |
"iot:AttachThingPrincipal", | |
"iot:CreateKeysAndCertificate", | |
"iot:CreatePolicy", | |
"iot:CreateThing", | |
"iot:CreateTopicRule", | |
"iot:DescribeEndpoint", | |
"iot:GetTopicRule", | |
"iot:ListPolicies", | |
"iot:ListThings", | |
"iot:ListTopicRules", | |
"iot:ReplaceTopicRule", | |
"kinesis:DescribeStream", | |
"kinesis:ListStreams", | |
"kinesis:PutRecord", | |
"kms:ListAliases", | |
"lambda:*", | |
"logs:*", | |
"s3:*", | |
"sns:ListSubscriptions", | |
"sns:ListSubscriptionsByTopic", | |
"sns:ListTopics", | |
"sns:Publish", | |
"sns:Subscribe", | |
"sns:Unsubscribe", | |
"sqs:ListQueues", | |
"sqs:SendMessage", | |
"tag:GetResources", | |
"xray:PutTelemetryRecords", | |
"xray:PutTraceSegments" | |
], | |
"Resource": "*" | |
}, | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"route53:*", | |
"route53domains:*", | |
"cloudfront:ListDistributions", | |
"elasticloadbalancing:DescribeLoadBalancers", | |
"elasticbeanstalk:DescribeEnvironments", | |
"s3:ListBucket", | |
"s3:GetBucketLocation", | |
"s3:GetBucketWebsite", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeVpcEndpoints", | |
"ec2:DescribeRegions", | |
"sns:ListTopics", | |
"sns:ListSubscriptionsByTopic", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:GetMetricStatistics" | |
], | |
"Resource": "*" | |
}, | |
{ | |
"Effect": "Allow", | |
"Action": "apigateway:GET", | |
"Resource": "arn:aws:apigateway:*::/domainnames" | |
}, | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"iam:AttachRolePolicy", | |
"iam:CreateRole", | |
"iam:PassRole", | |
"iam:PutRolePolicy", | |
"iam:DeleteRolePolicy", | |
"acm:RequestCertificate" | |
], | |
"Resource": "*" | |
} | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment