clogwog/CFNLambdaPolicy.txt

## CFNLambdaPolicy.txt
note: just replace [REGION] and [ACCOUNTNO] with your own account number


{
    "Statement": [
        {
            "Action": [
                "s3:GetObject",
                "s3:GetObjectVersion",
                "s3:GetBucketVersioning"
                ],
                "Resource" : "*",
                "Effect" : "Allow"
        },
        {
            "Action": [
                "s3:PutObject"
                ],
                "Resource" : [
                    "arn:aws:s3:::codepipeline*"
                ],
                "Effect" : "Allow"
        },
        {
            "Action": [
                "lambda:*"
                ],
                "Resource" : [
                    "arn:aws:lambda:[REGION]:[ACCOUNTNO]:function:*"
                ],
                "Effect" : "Allow"
        },
        {
            "Action": [
                "apigateway:*"
                ],
                "Resource" : [
                    "arn:aws:apigateway:[REGION]::*"
                ],
                "Effect" : "Allow"
        },
        {
            "Action": [
                "iam:GetRole",
                "iam:CreateRole",
                "iam:DeleteRole",
                "iam:PutRolePolicy"
                ],
                "Resource" : [
                    "arn:aws:iam::[ACCOUNTNO]:role/*"
                ],
                "Effect" : "Allow"
        },
        {
            "Action": [
                "iam:AttachRolePolicy",
                "iam:DeleteRolePolicy",
                "iam:DetachRolePolicy"
                ],
                "Resource" : [
                    "arn:aws:iam::[ACCOUNTNO]:role/*"
                ],
                "Effect" : "Allow"
        },
        {
            "Action": [
                "iam:PassRole"
                ],
                "Resource" : [
                    "*"
                ],
                "Effect" : "Allow"
        },
        {
            "Action": [
                "cloudformation:CreateChangeSet"
                ],
                "Resource" : [
                    "arn:aws:cloudformation:[REGION]:aws:transform/Serverless-216-10-31"
                ],
                "Effect" : "Allow"
        },
        {
            "Action": [
                "codedeploy:CreateApplication",
                "codedeploy:DeleteApplication",
                "codedeploy:RegisterApplicationRevision"
                ],
                "Resource" : [
                    "arn:aws:codedeploy:[REGION]:[ACCOUNTNO]:application:*"
                ],
                "Effect" : "Allow"
        },
        {
            "Action": [
                "codedeploy:CreateDeploymentGroup",
                "codedeploy:CreateDeployment",
                "codedeploy:GetDeployment"
                ],
                "Resource" : [
                    "arn:aws:codedeploy:[REGION]:[ACCOUNTNO]:deploymentgroup:*"
                ],
                "Effect" : "Allow"
        },
        {
            "Action": [
                "codedeploy:GetDeploymentConfig"
                ],
                "Resource" : [
                    "arn:aws:codedeploy:[REGION]:[ACCOUNTNO]:deploymentconfig:*"
                ],
                "Effect" : "Allow"
        }
        ],
        "Version": "2012-10-17"
}
	note: just replace [REGION] and [ACCOUNTNO] with your own account number


	{
	"Statement": [
	{
	"Action": [
	"s3:GetObject",
	"s3:GetObjectVersion",
	"s3:GetBucketVersioning"
	],
	"Resource" : "*",
	"Effect" : "Allow"
	},
	{
	"Action": [
	"s3:PutObject"
	],
	"Resource" : [
	"arn:aws:s3:::codepipeline*"
	],
	"Effect" : "Allow"
	},
	{
	"Action": [
	"lambda:*"
	],
	"Resource" : [
	"arn:aws:lambda:[REGION]:[ACCOUNTNO]:function:*"
	],
	"Effect" : "Allow"
	},
	{
	"Action": [
	"apigateway:*"
	],
	"Resource" : [
	"arn:aws:apigateway:[REGION]::*"
	],
	"Effect" : "Allow"
	},
	{
	"Action": [
	"iam:GetRole",
	"iam:CreateRole",
	"iam:DeleteRole",
	"iam:PutRolePolicy"
	],
	"Resource" : [
	"arn:aws:iam::[ACCOUNTNO]:role/*"
	],
	"Effect" : "Allow"
	},
	{
	"Action": [
	"iam:AttachRolePolicy",
	"iam:DeleteRolePolicy",
	"iam:DetachRolePolicy"
	],
	"Resource" : [
	"arn:aws:iam::[ACCOUNTNO]:role/*"
	],
	"Effect" : "Allow"
	},
	{
	"Action": [
	"iam:PassRole"
	],
	"Resource" : [
	"*"
	],
	"Effect" : "Allow"
	},
	{
	"Action": [
	"cloudformation:CreateChangeSet"
	],
	"Resource" : [
	"arn:aws:cloudformation:[REGION]:aws:transform/Serverless-216-10-31"
	],
	"Effect" : "Allow"
	},
	{
	"Action": [
	"codedeploy:CreateApplication",
	"codedeploy:DeleteApplication",
	"codedeploy:RegisterApplicationRevision"
	],
	"Resource" : [
	"arn:aws:codedeploy:[REGION]:[ACCOUNTNO]:application:*"
	],
	"Effect" : "Allow"
	},
	{
	"Action": [
	"codedeploy:CreateDeploymentGroup",
	"codedeploy:CreateDeployment",
	"codedeploy:GetDeployment"
	],
	"Resource" : [
	"arn:aws:codedeploy:[REGION]:[ACCOUNTNO]:deploymentgroup:*"
	],
	"Effect" : "Allow"
	},
	{
	"Action": [
	"codedeploy:GetDeploymentConfig"
	],
	"Resource" : [
	"arn:aws:codedeploy:[REGION]:[ACCOUNTNO]:deploymentconfig:*"
	],
	"Effect" : "Allow"
	}
	],
	"Version": "2012-10-17"
	}