dgozalo/jxboot-policies.json

## jxboot-policies.json

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "dynamodb:CreateTable",
                "s3:GetObject",
                "cloudformation:ListStacks",
                "cloudformation:DescribeStackEvents",
                "dynamodb:DescribeTable",
                "s3:CreateBucket",
                "kms:CreateKey",
                "s3:ListBucket",
                "s3:PutBucketVersioning",
                "cloudformation:DescribeStacks"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "iam:GetRole",
                "iam:GetPolicy",
                "ecr:CreateRepository",
                "iam:AttachUserPolicy",
                "iam:CreateRole",
                "iam:DeleteRole",
                "iam:AttachRolePolicy",
                "iam:CreateAccessKey",
                "iam:CreateOpenIDConnectProvider",
                "iam:CreatePolicy",
                "iam:DetachRolePolicy",
                "cloudformation:CreateStack",
                "cloudformation:DeleteStack",
                "ecr:DescribeRepositories",
                "iam:GetOpenIDConnectProvider"
            ],
            "Resource": [
                "arn:aws:iam::*:policy/CFN*",
                "arn:aws:iam::*:policy/*jenkins-x-vault*",
                "arn:aws:iam::*:oidc-provider/*",
                "arn:aws:iam::*:role/*addon-iamserviceaccoun*",
                "arn:aws:iam::*:user/*",
                "arn:aws:ecr:*:*:repository/*",
                "arn:aws:cloudformation:*:*:stack/JenkinsXPolicies*/*",
                "arn:aws:cloudformation:*:*:stack/*addon-iamserviceaccount*/*",
                "arn:aws:cloudformation:*:*:stack/*jenkins-x-vault*/*"
            ]
        },
        {
            "Sid": "VisualEditor2",
            "Effect": "Allow",
            "Action": [
                "iam:CreatePolicy",
                "iam:DetachRolePolicy",
                "iam:GetPolicy",
                "iam:CreateRole",
                "iam:AttachRolePolicy",
                "iam:GetOpenIDConnectProvider",
                "iam:CreateOpenIDConnectProvider"
            ],
            "Resource": [
                "arn:aws:iam::*:oidc-provider/*",
                "arn:aws:iam::*:role/*addon-iamserviceaccoun*",
                "arn:aws:iam::*:policy/CFN*"
            ]
        },
        {
            "Sid": "VisualEditor3",
            "Effect": "Allow",
            "Action": "eks:*",
            "Resource": [
                "arn:aws:eks:*:*:fargateprofile/*/*/*",
                "arn:aws:eks:*:*:cluster/*",
                "arn:aws:eks:*:*:nodegroup/*/*/*"
            ]
        }
    ]
}

	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "VisualEditor0",
	"Effect": "Allow",
	"Action": [
	"dynamodb:CreateTable",
	"s3:GetObject",
	"cloudformation:ListStacks",
	"cloudformation:DescribeStackEvents",
	"dynamodb:DescribeTable",
	"s3:CreateBucket",
	"kms:CreateKey",
	"s3:ListBucket",
	"s3:PutBucketVersioning",
	"cloudformation:DescribeStacks"
	],
	"Resource": "*"
	},
	{
	"Sid": "VisualEditor1",
	"Effect": "Allow",
	"Action": [
	"iam:GetRole",
	"iam:GetPolicy",
	"ecr:CreateRepository",
	"iam:AttachUserPolicy",
	"iam:CreateRole",
	"iam:DeleteRole",
	"iam:AttachRolePolicy",
	"iam:CreateAccessKey",
	"iam:CreateOpenIDConnectProvider",
	"iam:CreatePolicy",
	"iam:DetachRolePolicy",
	"cloudformation:CreateStack",
	"cloudformation:DeleteStack",
	"ecr:DescribeRepositories",
	"iam:GetOpenIDConnectProvider"
	],
	"Resource": [
	"arn:aws:iam:::policy/CFN",
	"arn:aws:iam:::policy/jenkins-x-vault*",
	"arn:aws:iam:::oidc-provider/",
	"arn:aws:iam:::role/addon-iamserviceaccoun*",
	"arn:aws:iam:::user/",
	"arn:aws:ecr:::repository/*",
	"arn:aws:cloudformation:::stack/JenkinsXPolicies/",
	"arn:aws:cloudformation:::stack/addon-iamserviceaccount/*",
	"arn:aws:cloudformation:::stack/jenkins-x-vault/*"
	]
	},
	{
	"Sid": "VisualEditor2",
	"Effect": "Allow",
	"Action": [
	"iam:CreatePolicy",
	"iam:DetachRolePolicy",
	"iam:GetPolicy",
	"iam:CreateRole",
	"iam:AttachRolePolicy",
	"iam:GetOpenIDConnectProvider",
	"iam:CreateOpenIDConnectProvider"
	],
	"Resource": [
	"arn:aws:iam:::oidc-provider/",
	"arn:aws:iam:::role/addon-iamserviceaccoun*",
	"arn:aws:iam:::policy/CFN"
	]
	},
	{
	"Sid": "VisualEditor3",
	"Effect": "Allow",
	"Action": "eks:*",
	"Resource": [
	"arn:aws:eks:::fargateprofile///*",
	"arn:aws:eks:::cluster/*",
	"arn:aws:eks:::nodegroup///*"
	]
	}
	]
	}