ARGOS AWS IAM policy document required for ARGOS to successfully scan your AWS Accounts

policy.json

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Effect": "Allow",
			"Action": [
				"ec2:DescribeInstances",
				"ec2:DescribeInternetGateways",
				"ec2:DescribeNetworkAcls",
				"ec2:DescribeNetworkInterfaces",
				"ec2:DescribeRegions",
				"ec2:DescribeRouteTables",
				"ec2:DescribeSecurityGroups",
				"ec2:DescribeSubnets",
				"ec2:DescribeVolumes",
				"ec2:DescribeVpcs",
				"elasticloadbalancing:DescribeListeners",
				"elasticloadbalancing:DescribeLoadBalancerPolicies",
				"elasticloadbalancing:DescribeLoadBalancers",
				"kms:ListKeys",
				"lambda:ListFunctions",
				"s3:ListAllMyBuckets"
			],
			"Resource": "*"
		},
		{
			"Effect": "Allow",
			"Action": "kms:DescribeKey",
			"Resource": "*"
		},
		{
			"Effect": "Allow",
			"Action": "rds:DescribeDBClusters",
			"Resource": "*"
		},
		{
			"Effect": "Allow",
			"Action": "rds:DescribeDBInstances",
			"Resource": "*"
		},
		{
			"Effect": "Allow",
			"Action": "rds:DescribeDBSecurityGroups",
			"Resource": "*"
		},
		{
			"Effect": "Allow",
			"Action": "rds:DescribeDBSnapshots",
			"Resource": "*"
		},
		{
			"Effect": "Allow",
			"Action": "rds:DescribeDBSubnetGroups",
			"Resource": "*"
		},
		{
			"Effect": "Allow",
			"Action": "s3:GetBucketLocation",
			"Resource": "*"
		}
	]
}