For details on the attached policies see: https://gist.github.com/brianantonelli/e3fe950fffdd04275b306953a5742104
- AWS CloudWatch
- AWS vmimport
- Amazon Forecast
- AWS Transfer for SFTP
- AWS Service Catalog
- AWS Amplify
- AWS Kinesis Analytics
- Cross Account
- Amazon Elastic Transcoder
- Amazon CloudWatch Events
- AWS OpsWorks
- Amazon EC2
- Amazon RDS Role for Enhanced Monitoring
- AWS SWF
- CodePipeline
- Amazon EC2 Role for EC2 Container Service
- AWS Comprehend
- Amazon Elastic MapReduce
- Manheim Bento Management
- Amazon Machine Learning Role for Redshift Data Source
- AWS Glue Service
- Amazon EKS
- Service Catalog
- Amazon EC2 Container Service Role
- AutoScaling Notification Access
- AWS CloudHSM
- Amazon EC2 Container Service Task Role
- AWS Backup
- Amazon EC2 Role for Simple Systems Manager
- AWS AppSync
- Amazon Elastic MapReduce For Autoscaling
- DynamoDB Autoscaling
- Amazon Data Lifecycle Manager
- Amazon DAX
- Amazon API Gateway
- AWS IoT
- AWS Lambda Edge
- Amazon SNS
- Amazon EC2 Role for Data Pipeline
- Inner Account
- AWS Data Pipeline
- Amazon EC2 Container Service Autoscale Role
- Amazon RDS
- AWS CodeBuild
- AWS Glue Service Notebook
- AWS Batch Service
- Amazon Redshift
- AWS Elastic Beanstalk
- AWS Lambda
- AWS Greengrass Role
- AWS Config
- AWS Step Functions
- AWS Storage Gateway
- AWS Cloudformation Role
- S3
- Amazon Sagemaker
- AWS Directory Service
- Firehose
- Amazon Elasticsearch Service
- AWS CodeDeploy
- Kinesis Firehose
- Amazon EC2 Spot Fleet Role
- Amazon Elastic MapReduce for EC2
Brian, I've updated the supported service list in my fork if you'd like to pull those changes into your gist.