Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
ARGOS AWS IAM policy document required for ARGOS to successfully scan your AWS Accounts
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeInternetGateways",
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes",
"ec2:DescribeVpcs",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeLoadBalancers",
"kms:ListKeys",
"lambda:ListFunctions",
"s3:ListAllMyBuckets"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "kms:DescribeKey",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "rds:DescribeDBClusters",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "rds:DescribeDBInstances",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "rds:DescribeDBSecurityGroups",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "rds:DescribeDBSnapshots",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "rds:DescribeDBSubnetGroups",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "s3:GetBucketLocation",
"Resource": "*"
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment