Skip to content

Instantly share code, notes, and snippets.

@gene1wood

gene1wood/aws_iam_managed_policies_2019-02-12.json

Last active May 19, 2020 02:08
Show Gist options
  • Star 11 You must be signed in to star a gist
  • Fork 5 You must be signed in to fork a gist
  • Save gene1wood/d7a74f9cfd9762254c4ec90fd8fa3b84 to your computer and use it in GitHub Desktop.
Save gene1wood/d7a74f9cfd9762254c4ec90fd8fa3b84 to your computer and use it in GitHub Desktop.
Download ZIP
Script to export all AWS IAM managed policies as well as the resulting list of all managed policies
Raw
aws_iam_managed_policies_2019-02-12.json
[
{
"Document": {
"Statement": [
{
"Action": [
"directconnect:Describe*",
"ec2:DescribeVpnGateways"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI23HZ27SI6FQMGNQ2",
"PolicyName": "AWSDirectConnectReadOnlyAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"glacier:DescribeJob",
"glacier:DescribeVault",
"glacier:GetDataRetrievalPolicy",
"glacier:GetJobOutput",
"glacier:GetVaultAccessPolicy",
"glacier:GetVaultLock",
"glacier:GetVaultNotifications",
"glacier:ListJobs",
"glacier:ListMultipartUploads",
"glacier:ListParts",
"glacier:ListTagsForVault",
"glacier:ListVaults"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI2D5NJKMU274MET4E",
"PolicyName": "AmazonGlacierReadOnlyAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"aws-marketplace:*",
"cloudformation:CreateStack",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:DescribeStacks",
"cloudformation:List*",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DeleteSecurityGroup",
"ec2:DescribeAccountAttributes",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVpcs",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CopyImage",
"ec2:DeregisterImage",
"ec2:DescribeSnapshots",
"ec2:DeleteSnapshot",
"ec2:CreateImage",
"ec2:DescribeInstanceStatus",
"ssm:GetAutomationExecution",
"ssm:UpdateDocumentDefaultVersion",
"ssm:CreateDocument",
"ssm:StartAutomationExecution",
"ssm:ListDocuments",
"ssm:UpdateDocument",
"ssm:DescribeDocument",
"sns:ListTopics",
"sns:GetTopicAttributes",
"sns:CreateTopic",
"iam:GetRole",
"iam:GetInstanceProfile",
"iam:ListRoles",
"iam:ListInstanceProfiles"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*image-build*"
]
},
{
"Action": [
"sns:Publish",
"sns:setTopicAttributes"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:*image-build*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"ec2.amazonaws.com",
"ssm.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI2DV5ULJSO2FYVPYG",
"PolicyName": "AWSMarketplaceFullAccess",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeInternetGateways",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DeleteNetworkInterface",
"ec2:DescribeAccountAttributes",
"ds:AuthorizeApplication",
"ds:DescribeDirectories",
"ds:GetDirectoryLimits",
"ds:ListAuthorizedApplications",
"ds:UnauthorizeApplication",
"logs:DescribeLogStreams",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogGroups",
"acm:GetCertificate",
"acm:DescribeCertificate"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI2SV25KUCYQYS5N74",
"PolicyName": "ClientVPNServiceRolePolicy",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"sso-directory:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AWSSSODirectoryAdministrator"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI2TCZRD7WRD5D2E2Q",
"PolicyName": "AWSSSODirectoryAdministrator",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"iot1click:Describe*",
"iot1click:Get*",
"iot1click:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI35VTLD3EBNY2JGXS",
"PolicyName": "AWSIoT1ClickReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeVpcs",
"ec2:DescribeVpcClassicLink",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSubnets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "elasticloadbalancing:Describe*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
"cloudwatch:Describe*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "autoscaling:Describe*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sns:ListSubscriptions",
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI3A7GDXOYQV3VUQMK",
"PolicyName": "AutoScalingConsoleReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"s3:CreateBucket",
"s3:ListBucket",
"s3:DeleteBucket",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:GetObjectVersion",
"s3:GetBucketPolicy",
"s3:PutBucketPolicy",
"s3:DeleteBucketPolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::dms-*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI3CCUQ4U5WNC5F6B6",
"PolicyName": "AmazonDMSRedshiftS3Role",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"iam:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI3CH5UUWZN4EKGILO",
"PolicyName": "AWSQuickSightListIAM",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"health:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI3CUMPCPEUPCSXC4Y",
"PolicyName": "AWSHealthFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"a4b:Send*",
"a4b:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:a4b:*:*:gateway/*"
},
{
"Action": [
"sqs:ReceiveMessage",
"sqs:DeleteMessage"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sqs:*:*:dd-*",
"arn:aws:sqs:*:*:sd-*"
]
},
{
"Action": [
"a4b:List*",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogGroups",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI3LZ7YP7KHLG4DT2Q",
"PolicyName": "AlexaForBusinessGatewayExecution",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"elastictranscoder:Read*",
"elastictranscoder:List*",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:ListObjects",
"iam:ListRoles",
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI3R3CR6KVEWD4DPFY",
"PolicyName": "AmazonElasticTranscoder_ReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"rds:*",
"application-autoscaling:DeleteScalingPolicy",
"application-autoscaling:DeregisterScalableTarget",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:RegisterScalableTarget",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricStatistics",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DeleteAlarms",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
"sns:ListSubscriptions",
"sns:ListTopics",
"sns:Publish",
"logs:DescribeLogStreams",
"logs:GetLogEvents"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "pi:*",
"Effect": "Allow",
"Resource": "arn:aws:pi:*:*:metrics/rds/*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": [
"rds.amazonaws.com",
"rds.application-autoscaling.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI3R4QMOG6Q5A4VWVG",
"PolicyName": "AmazonRDSFullAccess",
"VersionId": "v6"
},
{
"Document": {
"Statement": [
{
"Action": [
"support:*",
"acm:DescribeCertificate",
"acm:GetCertificate",
"acm:List*",
"apigateway:GET",
"appstream:Get*",
"autoscaling:Describe*",
"aws-marketplace:ViewSubscriptions",
"cloudformation:Describe*",
"cloudformation:Get*",
"cloudformation:List*",
"cloudformation:EstimateTemplateCost",
"cloudfront:Get*",
"cloudfront:List*",
"cloudsearch:Describe*",
"cloudsearch:List*",
"cloudtrail:DescribeTrails",
"cloudtrail:GetTrailStatus",
"cloudtrail:LookupEvents",
"cloudtrail:ListTags",
"cloudtrail:ListPublicKeys",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"codecommit:BatchGetRepositories",
"codecommit:Get*",
"codecommit:List*",
"codedeploy:Batch*",
"codedeploy:Get*",
"codedeploy:List*",
"codepipeline:AcknowledgeJob",
"codepipeline:AcknowledgeThirdPartyJob",
"codepipeline:ListActionTypes",
"codepipeline:ListPipelines",
"codepipeline:PollForJobs",
"codepipeline:PollForThirdPartyJobs",
"codepipeline:GetPipelineState",
"codepipeline:GetPipeline",
"cognito-identity:List*",
"cognito-identity:LookupDeveloperIdentity",
"cognito-identity:Describe*",
"cognito-idp:Describe*",
"cognito-sync:Describe*",
"cognito-sync:GetBulkPublishDetails",
"cognito-sync:GetCognitoEvents",
"cognito-sync:GetIdentityPoolConfiguration",
"cognito-sync:List*",
"config:DescribeConfigurationRecorders",
"config:DescribeConfigurationRecorderStatus",
"config:DescribeConfigRuleEvaluationStatus",
"config:DescribeConfigRules",
"config:DescribeDeliveryChannels",
"config:DescribeDeliveryChannelStatus",
"config:GetResourceConfigHistory",
"config:ListDiscoveredResources",
"datapipeline:DescribeObjects",
"datapipeline:DescribePipelines",
"datapipeline:GetPipelineDefinition",
"datapipeline:ListPipelines",
"datapipeline:QueryObjects",
"datapipeline:ReportTaskProgress",
"datapipeline:ReportTaskRunnerHeartbeat",
"devicefarm:List*",
"devicefarm:Get*",
"directconnect:Describe*",
"discovery:Describe*",
"discovery:ListConfigurations",
"dms:Describe*",
"dms:List*",
"ds:DescribeDirectories",
"ds:DescribeSnapshots",
"ds:GetDirectoryLimits",
"ds:GetSnapshotLimits",
"ds:ListAuthorizedApplications",
"dynamodb:DescribeLimits",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"ec2:Describe*",
"ec2:DescribeHosts",
"ec2:describeIdentityIdFormat",
"ec2:DescribeIdFormat",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeNatGateways",
"ec2:DescribeReservedInstancesModifications",
"ec2:DescribeTags",
"ec2:GetFlowLogsCount",
"ecr:GetRepositoryPolicy",
"ecr:BatchCheckLayerAvailability",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecs:Describe*",
"ecs:List*",
"elasticache:Describe*",
"elasticache:List*",
"elasticbeanstalk:Check*",
"elasticbeanstalk:Describe*",
"elasticbeanstalk:List*",
"elasticbeanstalk:RequestEnvironmentInfo",
"elasticbeanstalk:RetrieveEnvironmentInfo",
"elasticbeanstalk:ValidateConfigurationSettings",
"elasticfilesystem:Describe*",
"elasticloadbalancing:Describe*",
"elasticmapreduce:Describe*",
"elasticmapreduce:List*",
"elastictranscoder:List*",
"elastictranscoder:ReadJob",
"elasticfilesystem:DescribeFileSystems",
"es:Describe*",
"es:List*",
"es:ESHttpGet",
"es:ESHttpHead",
"events:DescribeRule",
"events:List*",
"events:TestEventPattern",
"firehose:Describe*",
"firehose:List*",
"gamelift:List*",
"gamelift:Describe*",
"glacier:ListVaults",
"glacier:DescribeVault",
"glacier:DescribeJob",
"glacier:Get*",
"glacier:List*",
"iam:GenerateCredentialReport",
"iam:GenerateServiceLastAccessedDetails",
"iam:Get*",
"iam:List*",
"importexport:GetStatus",
"importexport:ListJobs",
"importexport:GetJobDetail",
"inspector:Describe*",
"inspector:List*",
"inspector:GetAssessmentTelemetry",
"inspector:LocalizeText",
"iot:Describe*",
"iot:Get*",
"iot:List*",
"kinesisanalytics:DescribeApplication",
"kinesisanalytics:DiscoverInputSchema",
"kinesisanalytics:GetApplicationState",
"kinesisanalytics:ListApplications",
"kinesis:Describe*",
"kinesis:Get*",
"kinesis:List*",
"kms:Describe*",
"kms:Get*",
"kms:List*",
"lambda:List*",
"lambda:Get*",
"logs:Describe*",
"logs:TestMetricFilter",
"machinelearning:Describe*",
"machinelearning:Get*",
"mobilehub:GetProject",
"mobilehub:List*",
"mobilehub:ValidateProject",
"mobilehub:VerifyServiceRole",
"opsworks:Describe*",
"rds:Describe*",
"rds:ListTagsForResource",
"redshift:Describe*",
"route53:Get*",
"route53:List*",
"route53domains:CheckDomainAvailability",
"route53domains:GetDomainDetail",
"route53domains:GetOperationDetail",
"route53domains:List*",
"s3:List*",
"sdb:GetAttributes",
"sdb:List*",
"sdb:Select*",
"servicecatalog:SearchProducts",
"servicecatalog:DescribeProduct",
"servicecatalog:DescribeProductView",
"servicecatalog:ListLaunchPaths",
"servicecatalog:DescribeProvisioningParameters",
"servicecatalog:ListRecordHistory",
"servicecatalog:DescribeRecord",
"servicecatalog:ScanProvisionedProducts",
"ses:Get*",
"ses:List*",
"sns:Get*",
"sns:List*",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
"sqs:ListQueues",
"sqs:ReceiveMessage",
"ssm:List*",
"ssm:Describe*",
"storagegateway:Describe*",
"storagegateway:List*",
"swf:Count*",
"swf:Describe*",
"swf:Get*",
"swf:List*",
"waf:Get*",
"waf:List*",
"workspaces:Describe*",
"workdocs:Describe*",
"workmail:Describe*",
"workmail:Get*",
"workspaces:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI3V4GSSN5SJY3P2RO",
"PolicyName": "SupportUser",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": "ec2:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "elasticloadbalancing:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "cloudwatch:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "autoscaling:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"autoscaling.amazonaws.com",
"ec2scheduled.amazonaws.com",
"elasticloadbalancing.amazonaws.com",
"spot.amazonaws.com",
"spotfleet.amazonaws.com",
"transitgateway.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI3VAJF5ZCRZ7MCQE6",
"PolicyName": "AmazonEC2FullAccess",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": [
"secretsmanager:*",
"cloudformation:CreateChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStacks",
"cloudformation:ExecuteChangeSet",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"kms:DescribeKey",
"kms:ListAliases",
"kms:ListKeys",
"lambda:ListFunctions",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"lambda:AddPermission",
"lambda:CreateFunction",
"lambda:GetFunction",
"lambda:InvokeFunction",
"lambda:UpdateFunctionConfiguration"
],
"Effect": "Allow",
"Resource": "arn:aws:lambda:*:*:function:SecretsManager*"
},
{
"Action": [
"serverlessrepo:CreateCloudFormationChangeSet"
],
"Effect": "Allow",
"Resource": "arn:aws:serverlessrepo:*:*:applications/SecretsManager*"
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::awsserverlessrepo-changesets*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI3VG7CI5BIQZQ6G2E",
"PolicyName": "SecretsManagerReadWrite",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"iot:AddThingToThingGroup",
"iot:AttachPrincipalPolicy",
"iot:AttachThingPrincipal",
"iot:CreateCertificateFromCsr",
"iot:CreatePolicy",
"iot:CreateThing",
"iot:DescribeCertificate",
"iot:DescribeThing",
"iot:DescribeThingGroup",
"iot:DescribeThingType",
"iot:DetachThingPrincipal",
"iot:GetPolicy",
"iot:ListPolicyPrincipals",
"iot:ListPrincipalPolicies",
"iot:ListPrincipalThings",
"iot:ListThingGroupsForThing",
"iot:ListThingPrincipals",
"iot:RegisterCertificate",
"iot:RegisterThing",
"iot:RemoveThingFromThingGroup",
"iot:UpdateCertificate",
"iot:UpdateThing",
"iot:UpdateThingGroupsForThing"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI3YQXTC5XAEVTJNEU",
"PolicyName": "AWSIoTThingsRegistration",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"rds:DescribeAccountAttributes",
"rds:DescribeCertificates",
"rds:DescribeDBClusterParameterGroups",
"rds:DescribeDBClusterParameters",
"rds:DescribeDBClusterSnapshotAttributes",
"rds:DescribeDBClusterSnapshots",
"rds:DescribeDBClusters",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeDBLogFiles",
"rds:DescribeDBParameterGroups",
"rds:DescribeDBParameters",
"rds:DescribeDBSubnetGroups",
"rds:DescribeEventCategories",
"rds:DescribeEventSubscriptions",
"rds:DescribeEvents",
"rds:DescribeOrderableDBInstanceOptions",
"rds:DescribePendingMaintenanceActions",
"rds:DownloadDBLogFilePortion",
"rds:ListTagsForResource"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:ListKeys",
"kms:ListRetirableGrants",
"kms:ListAliases",
"kms:ListKeyPolicies"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:DescribeLogStreams",
"logs:GetLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*",
"arn:aws:logs:*:*:log-group:/aws/docdb/*:log-stream:*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI477RMVACLTLWY5RQ",
"PolicyName": "AmazonDocDBReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"elasticbeanstalk:Check*",
"elasticbeanstalk:Describe*",
"elasticbeanstalk:List*",
"elasticbeanstalk:RequestEnvironmentInfo",
"elasticbeanstalk:RetrieveEnvironmentInfo",
"ec2:Describe*",
"elasticloadbalancing:Describe*",
"autoscaling:Describe*",
"cloudwatch:Describe*",
"cloudwatch:List*",
"cloudwatch:Get*",
"s3:Get*",
"s3:List*",
"sns:Get*",
"sns:List*",
"cloudformation:Describe*",
"cloudformation:Get*",
"cloudformation:List*",
"cloudformation:Validate*",
"cloudformation:Estimate*",
"rds:Describe*",
"sqs:Get*",
"sqs:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI47KNGXDAXFD4SDHG",
"PolicyName": "AWSElasticBeanstalkReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"mq:*",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DetachNetworkInterface",
"ec2:DescribeInternetGateways",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeNetworkInterfacePermissions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/amazonmq/*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI4CMO533EBV3L2GW4",
"PolicyName": "AmazonMQApiFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"mediastore:Get*",
"mediastore:List*",
"mediastore:Describe*"
],
"Condition": {
"Bool": {
"aws:SecureTransport": "true"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI4EFXRATQYOFTAEFM",
"PolicyName": "AWSElementalMediaStoreReadOnly",
"VersionId": "v1"
},
{
"Document": {
"Statement": {
"Action": [
"acm:DescribeCertificate",
"acm:ListCertificates",
"acm:GetCertificate",
"acm:ListTagsForCertificate"
],
"Effect": "Allow",
"Resource": "*"
},
"Version": "2012-10-17"
},
"PolicyId": "ANPAI4GSWX6S4MESJ3EWC",
"PolicyName": "AWSCertificateManagerReadOnly",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"athena:BatchGetQueryExecution",
"athena:CancelQueryExecution",
"athena:GetCatalogs",
"athena:GetExecutionEngine",
"athena:GetExecutionEngines",
"athena:GetNamespace",
"athena:GetNamespaces",
"athena:GetQueryExecution",
"athena:GetQueryExecutions",
"athena:GetQueryResults",
"athena:GetQueryResultsStream",
"athena:GetTable",
"athena:GetTables",
"athena:ListQueryExecutions",
"athena:RunQuery",
"athena:StartQueryExecution",
"athena:StopQueryExecution"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"glue:CreateDatabase",
"glue:DeleteDatabase",
"glue:GetDatabase",
"glue:GetDatabases",
"glue:UpdateDatabase",
"glue:CreateTable",
"glue:DeleteTable",
"glue:BatchDeleteTable",
"glue:UpdateTable",
"glue:GetTable",
"glue:GetTables",
"glue:BatchCreatePartition",
"glue:CreatePartition",
"glue:DeletePartition",
"glue:BatchDeletePartition",
"glue:UpdatePartition",
"glue:GetPartition",
"glue:GetPartitions",
"glue:BatchGetPartition"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload",
"s3:CreateBucket",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-athena-query-results-*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI4JB77JXFQXDWNRPM",
"PolicyName": "AWSQuicksightAthenaAccess",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"route53:GetHostedZone",
"route53:ListHostedZonesByName",
"route53:ChangeResourceRecordSets",
"route53:CreateHealthCheck",
"route53:GetHealthCheck",
"route53:DeleteHealthCheck",
"route53:UpdateHealthCheck",
"servicediscovery:Get*",
"servicediscovery:List*",
"servicediscovery:RegisterInstance",
"servicediscovery:DeregisterInstance",
"servicediscovery:DiscoverInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI4P5Z5HXVWJ75WQBC",
"PolicyName": "AWSCloudMapRegisterInstanceAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"aws-marketplace:ListBuilds",
"aws-marketplace:StartBuild",
"aws-marketplace:DescribeBuilds"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:TerminateInstances",
"Condition": {
"StringLike": {
"ec2:ResourceTag/marketplace-image-build:build-id": "*"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"ec2.amazonaws.com",
"ssm.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/*Automation*",
"arn:aws:iam::*:role/*Instance*"
]
},
{
"Action": [
"ssm:GetAutomationExecution",
"ssm:CreateDocument",
"ssm:StartAutomationExecution",
"ssm:ListDocuments",
"ssm:UpdateDocument",
"ssm:UpdateDocumentDefaultVersion",
"ssm:DescribeDocument",
"ec2:DeregisterImage",
"ec2:CopyImage",
"ec2:DescribeSnapshots",
"ec2:DescribeSecurityGroups",
"ec2:DescribeImages",
"ec2:DescribeSubnets",
"ec2:DeleteSnapshot",
"ec2:CreateImage",
"ec2:RunInstances",
"ec2:DescribeInstanceStatus",
"sns:GetTopicAttributes",
"iam:GetRole",
"iam:GetInstanceProfile"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*image-build*"
]
},
{
"Action": [
"ec2:CreateTags"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*::image/*",
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sns:*:*:*image-build*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI4QBMJWC3BNHBHN6I",
"PolicyName": "AWSMarketplaceImageBuildFullAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"codecommit:BatchGet*",
"codecommit:Get*",
"codecommit:List*",
"codecommit:Create*",
"codecommit:DeleteBranch",
"codecommit:Describe*",
"codecommit:Put*",
"codecommit:Post*",
"codecommit:Merge*",
"codecommit:Test*",
"codecommit:Update*",
"codecommit:GitPull",
"codecommit:GitPush"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"events:DeleteRule",
"events:DescribeRule",
"events:DisableRule",
"events:EnableRule",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"events:ListTargetsByRule"
],
"Effect": "Allow",
"Resource": "arn:aws:events:*:*:rule/codecommit*",
"Sid": "CloudWatchEventsCodeCommitRulesAccess"
},
{
"Action": [
"sns:Subscribe",
"sns:Unsubscribe"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:codecommit*",
"Sid": "SNSTopicAndSubscriptionAccess"
},
{
"Action": [
"sns:ListTopics",
"sns:ListSubscriptionsByTopic",
"sns:GetTopicAttributes"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "SNSTopicAndSubscriptionReadAccess"
},
{
"Action": [
"lambda:ListFunctions"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "LambdaReadOnlyListAccess"
},
{
"Action": [
"iam:ListUsers"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "IAMReadOnlyListAccess"
},
{
"Action": [
"iam:ListAccessKeys",
"iam:ListSSHPublicKeys",
"iam:ListServiceSpecificCredentials",
"iam:ListAccessKeys",
"iam:GetSSHPublicKey"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}",
"Sid": "IAMReadOnlyConsoleAccess"
},
{
"Action": [
"iam:DeleteSSHPublicKey",
"iam:GetSSHPublicKey",
"iam:ListSSHPublicKeys",
"iam:UpdateSSHPublicKey",
"iam:UploadSSHPublicKey"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}",
"Sid": "IAMUserSSHKeys"
},
{
"Action": [
"iam:CreateServiceSpecificCredential",
"iam:UpdateServiceSpecificCredential",
"iam:DeleteServiceSpecificCredential",
"iam:ResetServiceSpecificCredential"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}",
"Sid": "IAMSelfManageServiceSpecificCredentials"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI4UIINUVGB5SEC57G",
"PolicyName": "AWSCodeCommitPowerUser",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"codecommit:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"events:DeleteRule",
"events:DescribeRule",
"events:DisableRule",
"events:EnableRule",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"events:ListTargetsByRule"
],
"Effect": "Allow",
"Resource": "arn:aws:events:*:*:rule/codecommit*",
"Sid": "CloudWatchEventsCodeCommitRulesAccess"
},
{
"Action": [
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:Subscribe",
"sns:Unsubscribe",
"sns:SetTopicAttributes"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:codecommit*",
"Sid": "SNSTopicAndSubscriptionAccess"
},
{
"Action": [
"sns:ListTopics",
"sns:ListSubscriptionsByTopic",
"sns:GetTopicAttributes"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "SNSTopicAndSubscriptionReadAccess"
},
{
"Action": [
"lambda:ListFunctions"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "LambdaReadOnlyListAccess"
},
{
"Action": [
"iam:ListUsers"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "IAMReadOnlyListAccess"
},
{
"Action": [
"iam:ListAccessKeys",
"iam:ListSSHPublicKeys",
"iam:ListServiceSpecificCredentials",
"iam:ListAccessKeys",
"iam:GetSSHPublicKey"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}",
"Sid": "IAMReadOnlyConsoleAccess"
},
{
"Action": [
"iam:DeleteSSHPublicKey",
"iam:GetSSHPublicKey",
"iam:ListSSHPublicKeys",
"iam:UpdateSSHPublicKey",
"iam:UploadSSHPublicKey"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}",
"Sid": "IAMUserSSHKeys"
},
{
"Action": [
"iam:CreateServiceSpecificCredential",
"iam:UpdateServiceSpecificCredential",
"iam:DeleteServiceSpecificCredential",
"iam:ResetServiceSpecificCredential"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}",
"Sid": "IAMSelfManageServiceSpecificCredentials"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI4VCZ3XPIZLQ5NZV2",
"PolicyName": "AWSCodeCommitFullAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"iam:CreateServiceSpecificCredential",
"iam:ListServiceSpecificCredentials",
"iam:UpdateServiceSpecificCredential",
"iam:DeleteServiceSpecificCredential",
"iam:ResetServiceSpecificCredential"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI4VT74EMXK2PMQJM2",
"PolicyName": "IAMSelfManageServiceSpecificCredentials",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeSpotInstanceRequests",
"ec2:ModifyInstanceAttribute",
"ec2:TerminateInstances",
"ec2:CancelSpotInstanceRequests",
"ec2:DeleteNetworkInterface",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeVolumeStatus",
"ec2:DescribeVolumes",
"ec2:DetachVolume",
"ec2:DeleteVolume"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI4YEZURRMKACW56EA",
"PolicyName": "AmazonEMRCleanupPolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloud9:GetUserSettings",
"cloud9:UpdateUserSettings",
"iam:GetUser",
"iam:ListUsers"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloud9:DescribeEnvironmentMemberships"
],
"Condition": {
"Null": {
"cloud9:EnvironmentId": "true",
"cloud9:UserArn": "true"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI54ULAIPVT5HFTYGK",
"PolicyName": "AWSCloud9EnvironmentMember",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"sagemaker:DescribeEndpoint",
"sagemaker:DescribeEndpointConfig",
"sagemaker:UpdateEndpointWeightsAndCapacities",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI5DBEBNRZQ4SXYTAW",
"PolicyName": "AWSApplicationAutoscalingSageMakerEndpointPolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"waf:UpdateWebACL",
"waf:DeleteWebACL",
"waf:GetWebACL",
"waf:GetRuleGroup",
"waf:ListSubscribedRuleGroups",
"waf-regional:UpdateWebACL",
"waf-regional:DeleteWebACL",
"waf-regional:GetWebACL",
"waf-regional:GetRuleGroup",
"waf-regional:ListSubscribedRuleGroups",
"waf-regional:ListResourcesForWebACL",
"waf-regional:AssociateWebACL",
"waf-regional:DisassociateWebACL",
"elasticloadbalancing:SetWebACL"
],
"Effect": "Allow",
"Resource": [
"arn:aws:waf:*:*:webacl/*",
"arn:aws:waf-regional:*:*:webacl/*",
"arn:aws:waf:*:*:rulegroup/*",
"arn:aws:waf-regional:*:*:rulegroup/*",
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*"
]
},
{
"Action": [
"waf:CreateWebACL",
"waf-regional:CreateWebACL",
"waf:GetChangeToken",
"waf-regional:GetChangeToken"
],
"Effect": "Allow",
"Resource": [
"arn:aws:waf:*",
"arn:aws:waf-regional:*"
]
},
{
"Action": [
"waf:PutPermissionPolicy",
"waf:GetPermissionPolicy",
"waf:DeletePermissionPolicy",
"waf-regional:PutPermissionPolicy",
"waf-regional:GetPermissionPolicy",
"waf-regional:DeletePermissionPolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:waf:*:*:webacl/*",
"arn:aws:waf:*:*:rulegroup/*",
"arn:aws:waf-regional:*:*:webacl/*",
"arn:aws:waf-regional:*:*:rulegroup/*"
]
},
{
"Action": [
"cloudfront:GetDistribution",
"cloudfront:UpdateDistribution",
"cloudfront:ListDistributionsByWebACLId"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"config:DeleteConfigRule",
"config:DescribeComplianceByConfigRule",
"config:DescribeConfigRuleEvaluationStatus",
"config:DescribeConfigRules",
"config:GetComplianceDetailsByConfigRule",
"config:PutConfigRule",
"config:StartConfigRulesEvaluation"
],
"Effect": "Allow",
"Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/fms.amazonaws.com/*"
},
{
"Action": [
"config:DescribeConfigurationRecorders",
"config:DescribeConfigurationRecorderStatus",
"config:PutConfigurationRecorder",
"config:StartConfigurationRecorder",
"config:PutDeliveryChannel",
"config:DescribeDeliveryChannels",
"config:DescribeDeliveryChannelStatus",
"config:GetComplianceSummaryByConfigRule",
"config:GetDiscoveredResourceCounts"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS"
]
},
{
"Action": [
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
"organizations:ListAccounts"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI62NTGYJB446ACUEA",
"PolicyName": "FMSServiceRolePolicy",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": [
"sqs:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI65L554VRJ33ECQS6",
"PolicyName": "AmazonSQSFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"a4b:Get*",
"a4b:List*",
"a4b:Describe*",
"a4b:Search*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI6BKSTB4XMLPBFFJ2",
"PolicyName": "AlexaForBusinessReadOnlyAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudformation:DescribeChangeSet",
"cloudformation:DescribeStackResources",
"cloudformation:DescribeStacks",
"cloudformation:GetTemplate",
"cloudformation:ListStackResources",
"cloudwatch:*",
"cognito-identity:ListIdentityPools",
"cognito-sync:GetCognitoEvents",
"cognito-sync:SetCognitoEvents",
"dynamodb:*",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"events:*",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:ListAttachedRolePolicies",
"iam:ListRolePolicies",
"iam:ListRoles",
"iam:PassRole",
"iot:AttachPrincipalPolicy",
"iot:AttachThingPrincipal",
"iot:CreateKeysAndCertificate",
"iot:CreatePolicy",
"iot:CreateThing",
"iot:CreateTopicRule",
"iot:DescribeEndpoint",
"iot:GetTopicRule",
"iot:ListPolicies",
"iot:ListThings",
"iot:ListTopicRules",
"iot:ReplaceTopicRule",
"kinesis:DescribeStream",
"kinesis:ListStreams",
"kinesis:PutRecord",
"kms:ListAliases",
"lambda:*",
"logs:*",
"s3:*",
"sns:ListSubscriptions",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"sns:Publish",
"sns:Subscribe",
"sns:Unsubscribe",
"sqs:ListQueues",
"sqs:SendMessage",
"tag:GetResources",
"xray:PutTelemetryRecords",
"xray:PutTraceSegments"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI6E2CYYMI4XI7AA5K",
"PolicyName": "AWSLambdaFullAccess",
"VersionId": "v8"
},
{
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:PutMetricFilter",
"logs:PutRetentionPolicy",
"logs:GetLogEvents",
"logs:DeleteLogStream"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI6R6Z2FHHGS454W7W",
"PolicyName": "AWSIoTLogging",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ssm:DescribeAssociation",
"ssm:GetDeployablePatchSnapshotForInstance",
"ssm:GetDocument",
"ssm:DescribeDocument",
"ssm:GetManifest",
"ssm:GetParameters",
"ssm:ListAssociations",
"ssm:ListInstanceAssociations",
"ssm:PutInventory",
"ssm:PutComplianceItems",
"ssm:PutConfigurePackageResult",
"ssm:UpdateAssociationStatus",
"ssm:UpdateInstanceAssociationStatus",
"ssm:UpdateInstanceInformation"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2messages:AcknowledgeMessage",
"ec2messages:DeleteMessage",
"ec2messages:FailMessage",
"ec2messages:GetEndpoint",
"ec2messages:GetMessages",
"ec2messages:SendReply"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:PutMetricData"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeInstanceStatus"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ds:CreateComputer",
"ds:DescribeDirectories"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:PutObject",
"s3:GetObject",
"s3:GetEncryptionConfiguration",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts",
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI6TL3SMY22S4KMMX6",
"PolicyName": "AmazonEC2RoleforSSM",
"VersionId": "v8"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:CreateTags",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DetachNetworkInterface"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI7QIUU4GC66SF26WE",
"PolicyName": "AWSCloudHSMRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeSecurityGroups"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI7T4V2HZTS72QVO52",
"PolicyName": "AWSEnhancedClassicNetworkingMangementPolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "iam:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI7XKCFMBPM3QQRRVQ",
"PolicyName": "IAMFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"inspector:*",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"sns:ListTopics",
"events:DescribeRule",
"events:ListRuleNamesByTarget"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"inspector.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "inspector.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/inspector.amazonaws.com/AWSServiceRoleForAmazonInspector"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAI7Y6NTA27NWNA5U5E",
"PolicyName": "AmazonInspectorFullAccess",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": "elasticache:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "elasticache.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/elasticache.amazonaws.com/AWSServiceRoleForElastiCache"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIA2V44CPHAUAAECKG",
"PolicyName": "AmazonElastiCacheFullAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"awsconnector:RegisterConnector",
"awsconnector:GetConnectorHealth"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:GetUser",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::connector-platform-upgrade-info/*",
"arn:aws:s3:::connector-platform-upgrade-info",
"arn:aws:s3:::connector-platform-upgrade-bundles/*",
"arn:aws:s3:::connector-platform-upgrade-bundles",
"arn:aws:s3:::connector-platform-release-notes/*",
"arn:aws:s3:::connector-platform-release-notes",
"arn:aws:s3:::prod.agentless.discovery.connector.upgrade/*",
"arn:aws:s3:::prod.agentless.discovery.connector.upgrade"
]
},
{
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::import-to-ec2-connector-debug-logs/*"
]
},
{
"Action": [
"SNS:Publish"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:metrics-sns-topic-for-*"
},
{
"Action": [
"Discovery:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "Discovery"
},
{
"Action": [
"arsenal:RegisterOnPremisesAgent"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "arsenal"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIA3DIL7BYQ35ISM4K",
"PolicyName": "AWSAgentlessDiscoveryService",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"xray:PutTraceSegments",
"xray:PutTelemetryRecords",
"xray:GetSamplingRules",
"xray:GetSamplingTargets",
"xray:GetSamplingStatisticSummaries"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIAACM4LMYSRGBCTM6",
"PolicyName": "AWSXrayWriteOnlyAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"pricing:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIADJ4GBYNHKABML3Q",
"PolicyName": "AWSPriceListServiceFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudhsm:Describe*",
"ec2:CreateNetworkInterface",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:DescribeSecurityGroups",
"ec2:RevokeSecurityGroupEgress",
"ec2:DeleteSecurityGroup"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIADMJEHVVYK5AUQOO",
"PolicyName": "AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "autoscaling:Describe*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIAFWUVLC2LPLSFTFG",
"PolicyName": "AutoScalingReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"forecast:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "forecast.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIAKOTFNTUECQVU7C4",
"PolicyName": "AmazonForecastFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"worklink:Describe*",
"worklink:List*"
],
"Effect": "Allow",
"Resource": "arn:aws:worklink:*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIANQMFGU4EUUZKFQ4",
"PolicyName": "AmazonWorkLinkReadOnly",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"translate:*",
"comprehend:DetectDominantLanguage",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIAPOAEI2VFQYUK5RY",
"PolicyName": "TranslateFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "autoscaling:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "cloudwatch:PutMetricAlarm",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeImages",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribePlacementGroups",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeSubnets",
"ec2:DescribeVpcClassicLink"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "autoscaling.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIAWRCSJDDXDXGPCFU",
"PolicyName": "AutoScalingFullAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIAZKXZ27TAJ4PVWGK",
"PolicyName": "AmazonEC2RoleforAWSCodeDeploy",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"fms:GetAdminAccount",
"waf:Get*",
"waf:List*",
"waf-regional:Get*",
"waf-regional:List*",
"organizations:DescribeOrganization"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIB2IVAQ4XXNHHA3DW",
"PolicyName": "AWSFMMemberReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:DescribeSecurityGroups",
"ec2:RevokeSecurityGroupEgress",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DescribeNetworkInterfaces",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DescribeTags",
"ec2:DescribeInstances",
"ec2:DescribeSubnets",
"elasticmapreduce:ListInstances",
"elasticmapreduce:DescribeCluster"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"aws:elasticmapreduce:editor-id",
"aws:elasticmapreduce:job-flow-id"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:network-interface/*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIBI5CIE6OHUIGLYVG",
"PolicyName": "AmazonElasticMapReduceEditorsRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:UpdateAutoScalingGroup",
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateRoute",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DeleteRoute",
"ec2:DeleteSecurityGroup",
"ec2:DeleteVolume",
"ec2:DescribeInstances",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeVpcs",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume",
"ec2:RevokeSecurityGroupIngress",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
"elasticloadbalancing:AttachLoadBalancerToSubnets",
"elasticloadbalancing:ConfigureHealthCheck",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:CreateLoadBalancerListeners",
"elasticloadbalancing:CreateLoadBalancerPolicy",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:DeleteListener",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:DeleteLoadBalancerListeners",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroupAttributes",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:DetachLoadBalancerFromSubnets",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:ModifyLoadBalancerAttributes",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:ModifyTargetGroupAttributes",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer",
"elasticloadbalancing:SetLoadBalancerPoliciesOfListener",
"kms:DescribeKey"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIBTLDQMIC6UOIGFWA",
"PolicyName": "AmazonEKSClusterPolicy",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeVpcs",
"eks:DescribeCluster"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIBVMOY52IPQ6HD3PO",
"PolicyName": "AmazonEKSWorkerNodePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"dynamodb:DescribeTable",
"iam:ListSAMLProviders",
"lambda:ListFunctions",
"sns:ListTopics",
"lex:GetIntent",
"lex:GetIntents",
"lex:GetSlotType",
"lex:GetSlotTypes",
"lex:GetBot",
"lex:GetBots",
"lex:GetBotAlias",
"lex:GetBotAliases",
"mobilehub:ExportProject",
"mobilehub:GenerateProjectParameters",
"mobilehub:GetProject",
"mobilehub:SynchronizeProject",
"mobilehub:GetProjectSnapshot",
"mobilehub:ListProjectSnapshots",
"mobilehub:ListAvailableConnectors",
"mobilehub:ListAvailableFeatures",
"mobilehub:ListAvailableRegions",
"mobilehub:ListProjects",
"mobilehub:ValidateProject",
"mobilehub:VerifyServiceRole",
"mobilehub:DescribeBundle",
"mobilehub:ExportBundle",
"mobilehub:ListBundles"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*/aws-my-sample-app*.zip"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIBXVYVL3PWQFBZFGW",
"PolicyName": "AWSMobileHub_ReadOnly",
"VersionId": "v10"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:Describe*",
"ec2:RebootInstances",
"ec2:StopInstances",
"ec2:TerminateInstances",
"ec2:CreateSnapshot"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudWatchEventsBuiltInTargetExecutionAccess"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIC5AQ5DATYSNF4AUM",
"PolicyName": "CloudWatchEventsBuiltInTargetExecutionAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:AttachClassicLinkVpc",
"ec2:CancelSpotInstanceRequests",
"ec2:CreateFleet",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:Describe*",
"ec2:DetachClassicLinkVpc",
"ec2:ModifyInstanceAttribute",
"ec2:RequestSpotInstances",
"ec2:RunInstances",
"ec2:TerminateInstances"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "EC2InstanceManagement"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": "ec2.amazonaws.com*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "EC2InstanceProfileManagement"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "spot.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "EC2SpotManagement"
},
{
"Action": [
"elasticloadbalancing:Register*",
"elasticloadbalancing:Deregister*",
"elasticloadbalancing:Describe*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ELBManagement"
},
{
"Action": [
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarms",
"cloudwatch:PutMetricAlarm"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CWManagement"
},
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "SNSManagement"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIC5D2V7MRWBMHGD7G",
"PolicyName": "AutoScalingServiceRolePolicy",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"elastictranscoder:*",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:ListObjects",
"iam:ListRoles",
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"elastictranscoder.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAICFT6XVF3RSR4E7JG",
"PolicyName": "AmazonElasticTranscoder_FullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"clouddirectory:List*",
"clouddirectory:Get*",
"clouddirectory:LookupPolicy",
"clouddirectory:BatchRead"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAICMSZQGR3O62KMD6M",
"PolicyName": "AmazonCloudDirectoryReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:PutMetricData",
"ec2:DescribeTags",
"logs:PutLogEvents",
"logs:DescribeLogStreams",
"logs:DescribeLogGroups",
"logs:CreateLogStream",
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ssm:GetParameter",
"ssm:PutParameter"
],
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAICMXPKT7EBAF6KR3O",
"PolicyName": "CloudWatchAgentAdminPolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"opsworks:*",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeKeyPairs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeLoadBalancers",
"iam:GetRolePolicy",
"iam:ListInstanceProfiles",
"iam:ListRoles",
"iam:ListUsers",
"iam:PassRole"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAICN26VXMXASXKOQCG",
"PolicyName": "AWSOpsWorksFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudformation:DescribeStackResource",
"cloudformation:SignalResource"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:ListMultipartUploadParts",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::aws-opsworks-cm-*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAICSU3OSHCURP2WIZW",
"PolicyName": "AWSOpsWorksCMInstanceProfileRole",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"batch:SubmitJob"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAICVHHZ6XHNMA6VE3Q",
"PolicyName": "AWSBatchServiceEventTargetRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"codepipeline:GetPipeline",
"codepipeline:GetPipelineState",
"codepipeline:GetPipelineExecution",
"codepipeline:ListPipelineExecutions",
"codepipeline:ListPipelines",
"codepipeline:PutApprovalResult"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAICXNWK42SQ6LMDXM2",
"PolicyName": "AWSCodePipelineApproverAccess",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"arsenal:RegisterOnPremisesAgent"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAICZIOVAGC6JPF3WHC",
"PolicyName": "AWSApplicationDiscoveryAgentAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"acm:ListCertificates",
"athena:List*",
"aws-marketplace:ViewSubscriptions",
"autoscaling:Describe*",
"batch:ListJobs",
"clouddirectory:ListAppliedSchemaArns",
"clouddirectory:ListDevelopmentSchemaArns",
"clouddirectory:ListDirectories",
"clouddirectory:ListPublishedSchemaArns",
"cloudformation:List*",
"cloudformation:DescribeStacks",
"cloudfront:List*",
"cloudhsm:ListAvailableZones",
"cloudhsm:ListLunaClients",
"cloudhsm:ListHapgs",
"cloudhsm:ListHsms",
"cloudsearch:List*",
"cloudsearch:DescribeDomains",
"cloudtrail:DescribeTrails",
"cloudtrail:LookupEvents",
"cloudwatch:List*",
"cloudwatch:Get*",
"codebuild:ListBuilds*",
"codebuild:ListProjects",
"codecommit:List*",
"codedeploy:List*",
"codedeploy:Get*",
"codepipeline:ListPipelines",
"codestar:List*",
"codestar:Verify*",
"cognito-idp:List*",
"cognito-identity:ListIdentities",
"cognito-identity:ListIdentityPools",
"cognito-sync:ListDatasets",
"connect:List*",
"config:List*",
"config:Describe*",
"datapipeline:ListPipelines",
"datapipeline:DescribePipelines",
"datapipeline:GetAccountLimits",
"dax:DescribeClusters",
"dax:DescribeDefaultParameters",
"dax:DescribeEvents",
"dax:DescribeParameterGroups",
"dax:DescribeParameters",
"dax:DescribeSubnetGroups",
"dax:DescribeTable",
"dax:ListTables",
"dax:ListTags",
"devicefarm:List*",
"directconnect:Describe*",
"discovery:List*",
"dms:List*",
"ds:DescribeDirectories",
"dynamodb:DescribeBackup",
"dynamodb:DescribeContinuousBackups",
"dynamodb:DescribeGlobalTable",
"dynamodb:DescribeGlobalTableSettings",
"dynamodb:DescribeLimits",
"dynamodb:DescribeReservedCapacity",
"dynamodb:DescribeReservedCapacityOfferings",
"dynamodb:DescribeStream",
"dynamodb:DescribeTable",
"dynamodb:DescribeTimeToLive",
"dynamodb:ListBackups",
"dynamodb:ListGlobalTables",
"dynamodb:ListStreams",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeBundleTasks",
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeConversionTasks",
"ec2:DescribeCustomerGateways",
"ec2:DescribeDhcpOptions",
"ec2:DescribeExportTasks",
"ec2:DescribeFlowLogs",
"ec2:DescribeHost*",
"ec2:DescribeIdentityIdFormat",
"ec2:DescribeIdFormat",
"ec2:DescribeImage*",
"ec2:DescribeImport*",
"ec2:DescribeInstance*",
"ec2:DescribeInternetGateways",
"ec2:DescribeKeyPairs",
"ec2:DescribeMovingAddresses",
"ec2:DescribeNatGateways",
"ec2:DescribeNetwork*",
"ec2:DescribePlacementGroups",
"ec2:DescribePrefixLists",
"ec2:DescribeRegions",
"ec2:DescribeReserved*",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshot*",
"ec2:DescribeSpot*",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVolume*",
"ec2:DescribeVpc*",
"ec2:DescribeVpnGateways",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecs:List*",
"ecs:Describe*",
"elasticache:Describe*",
"elasticbeanstalk:DescribeApplicationVersions",
"elasticbeanstalk:DescribeApplications",
"elasticbeanstalk:DescribeEnvironments",
"elasticbeanstalk:ListAvailableSolutionStacks",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticfilesystem:DescribeFileSystems",
"elasticmapreduce:List*",
"elastictranscoder:List*",
"es:DescribeElasticsearchDomain",
"es:DescribeElasticsearchDomains",
"es:ListDomainNames",
"events:ListRuleNamesByTarget",
"events:ListRules",
"events:ListTargetsByRule",
"firehose:List*",
"firehose:DescribeDeliveryStream",
"gamelift:List*",
"glacier:List*",
"greengrass:List*",
"iam:List*",
"iam:GetAccountSummary",
"iam:GetLoginProfile",
"importexport:ListJobs",
"inspector:List*",
"iot:List*",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kms:ListKeys",
"lambda:List*",
"lex:GetBotAliases",
"lex:GetBotChannelAssociations",
"lex:GetBots",
"lex:GetBotVersions",
"lex:GetIntents",
"lex:GetIntentVersions",
"lex:GetSlotTypes",
"lex:GetSlotTypeVersions",
"lex:GetUtterancesView",
"lightsail:GetBlueprints",
"lightsail:GetBundles",
"lightsail:GetInstances",
"lightsail:GetInstanceSnapshots",
"lightsail:GetKeyPair",
"lightsail:GetRegions",
"lightsail:GetStaticIps",
"lightsail:IsVpcPeered",
"logs:Describe*",
"machinelearning:Describe*",
"mobilehub:ListAvailableFeatures",
"mobilehub:ListAvailableRegions",
"mobilehub:ListProjects",
"opsworks:Describe*",
"opsworks-cm:Describe*",
"organizations:List*",
"mobiletargeting:GetApplicationSettings",
"mobiletargeting:GetCampaigns",
"mobiletargeting:GetImportJobs",
"mobiletargeting:GetSegments",
"polly:Describe*",
"polly:List*",
"rds:Describe*",
"redshift:DescribeClusters",
"redshift:DescribeEvents",
"redshift:ViewQueriesInConsole",
"route53:List*",
"route53:Get*",
"route53domains:List*",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"sagemaker:Describe*",
"sagemaker:List*",
"sdb:List*",
"servicecatalog:List*",
"ses:List*",
"shield:List*",
"states:ListActivities",
"states:ListStateMachines",
"sns:List*",
"sqs:ListQueues",
"ssm:ListAssociations",
"ssm:ListDocuments",
"storagegateway:ListGateways",
"storagegateway:ListLocalDisks",
"storagegateway:ListVolumeRecoveryPoints",
"storagegateway:ListVolumes",
"swf:List*",
"trustedadvisor:Describe*",
"waf:List*",
"waf-regional:List*",
"workdocs:DescribeAvailableDirectories",
"workdocs:DescribeInstances",
"workmail:Describe*",
"workspaces:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAID22R6XPJATWOFDK6",
"PolicyName": "ViewOnlyAccess",
"VersionId": "v7"
},
{
"Document": {
"Statement": [
{
"Action": [
"crowd:GetTask"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "CrowdApiReadOnlyAccess"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAID5UNRAAANDGAW4CY",
"PolicyName": "AmazonMechanicalTurkCrowdReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CancelSpotInstanceRequests",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
"ec2:DeleteTags",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeAccountAttributes",
"ec2:DescribeDhcpOptions",
"ec2:DescribeImages",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribePrefixLists",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeSpotPriceHistory",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcEndpointServices",
"ec2:DescribeVpcs",
"ec2:DetachNetworkInterface",
"ec2:ModifyImageAttribute",
"ec2:ModifyInstanceAttribute",
"ec2:RequestSpotInstances",
"ec2:RevokeSecurityGroupEgress",
"ec2:RunInstances",
"ec2:TerminateInstances",
"ec2:DeleteVolume",
"ec2:DescribeVolumeStatus",
"ec2:DescribeVolumes",
"ec2:DetachVolume",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:ListInstanceProfiles",
"iam:ListRolePolicies",
"iam:PassRole",
"s3:CreateBucket",
"s3:Get*",
"s3:List*",
"sdb:BatchPutAttributes",
"sdb:Select",
"sqs:CreateQueue",
"sqs:Delete*",
"sqs:GetQueue*",
"sqs:PurgeQueue",
"sqs:ReceiveMessage",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms",
"application-autoscaling:RegisterScalableTarget",
"application-autoscaling:DeregisterScalableTarget",
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:DeleteScalingPolicy",
"application-autoscaling:Describe*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "spot.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIDI2BQT2LKXZG36TW",
"PolicyName": "AmazonElasticMapReduceRole",
"VersionId": "v9"
},
{
"Document": {
"Statement": [
{
"Action": "elasticloadbalancing:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeVpcClassicLink",
"ec2:DescribeInstances",
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeRouteTables",
"cognito-idp:DescribeUserPoolClient"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIDPMLA3IUIOQCISJ4",
"PolicyName": "ElasticLoadBalancingFullAccess",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"route53domains:Get*",
"route53domains:List*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIDRINP6PPTRXYVQCI",
"PolicyName": "AmazonRoute53DomainsReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ssm:DescribeAutomationExecutions",
"ssm:GetAutomationExecution",
"ssm:SendAutomationSignal"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIDSSXIRWBSLWWIORC",
"PolicyName": "AmazonSSMAutomationApproverAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:GetMetricStatistics",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeLoadBalancers",
"iam:GetRolePolicy",
"iam:ListInstanceProfiles",
"iam:ListRoles",
"iam:ListUsers",
"iam:PassRole",
"opsworks:*",
"rds:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIDUTMOKHJFAPJV45W",
"PolicyName": "AWSOpsWorksRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"securityhub:Get*",
"securityhub:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIEBAQNOFUCLFJ3UHG",
"PolicyName": "AWSSecurityHubReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"organizations:ListAccounts",
"organizations:DescribeOrganization",
"organizations:ListAWSServiceAccessForOrganization"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIEHGYAUTHXSXZAW2E",
"PolicyName": "AWSConfigRoleForOrganizations",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"appstream:UpdateFleet",
"appstream:DescribeFleets"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"cloudwatch:DescribeAlarms"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIEL3HJCCWFVHA6KPG",
"PolicyName": "ApplicationAutoScalingForAmazonAppStreamAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ecr:*",
"cloudtrail:LookupEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIESRL7KD7IIVF6V4W",
"PolicyName": "AmazonEC2ContainerRegistryFullAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"ds:DescribeDirectories",
"fsx:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": [
"fsx.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": [
"s3.data-source.lustre.fsx.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIEUV6Z2X4VNZRVB5I",
"PolicyName": "AmazonFSxFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"swf:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIFE3AV6VE7EANYBVM",
"PolicyName": "SimpleWorkflowFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*-greengrass-updates/*"
],
"Sid": "AllowsIotToAccessGreengrassOTAUpdateArtifacts"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIFGE66SKIK3GW5UC2",
"PolicyName": "GreengrassOTAUpdateArtifactAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": "s3:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIFIR6V6BVTRAHWINE",
"PolicyName": "AmazonS3FullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"storagegateway:List*",
"storagegateway:Describe*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeSnapshots"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIFKCTUVOPD5NICXJK",
"PolicyName": "AWSStorageGatewayReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"aws-portal:*Billing",
"awsbillingconsole:*Billing",
"aws-portal:*Usage",
"awsbillingconsole:*Usage",
"aws-portal:*PaymentMethods",
"awsbillingconsole:*PaymentMethods",
"budgets:ViewBudget",
"budgets:ModifyBudget",
"cur:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIFTHXT6FFMIRT7ZEA",
"PolicyName": "Billing",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:GetObjectMetadata"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::s3-analytics-export-shared-*"
]
},
{
"Action": [
"s3:GetAnalyticsConfiguration",
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIFWG3L3WDMR4I7ZJW",
"PolicyName": "QuickSightAccessForS3StorageManagementAnalyticsReadOnly",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:DescribeImages",
"ecr:BatchGetImage"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIFYZPA37OOHVIH7KQ",
"PolicyName": "AmazonEC2ContainerRegistryReadOnly",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"s3:GetObject",
"robomaker:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "VisualEditor0"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "robomaker.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIG7WQVUX3AGSKGBAO",
"PolicyName": "AWSRoboMakerFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:*",
"dynamodb:*",
"ec2:Describe*",
"elasticmapreduce:Describe*",
"elasticmapreduce:ListBootstrapActions",
"elasticmapreduce:ListClusters",
"elasticmapreduce:ListInstanceGroups",
"elasticmapreduce:ListInstances",
"elasticmapreduce:ListSteps",
"kinesis:CreateStream",
"kinesis:DeleteStream",
"kinesis:DescribeStream",
"kinesis:GetRecords",
"kinesis:GetShardIterator",
"kinesis:MergeShards",
"kinesis:PutRecord",
"kinesis:SplitShard",
"rds:Describe*",
"s3:*",
"sdb:*",
"sns:*",
"sqs:*",
"glue:CreateDatabase",
"glue:UpdateDatabase",
"glue:DeleteDatabase",
"glue:GetDatabase",
"glue:GetDatabases",
"glue:CreateTable",
"glue:UpdateTable",
"glue:DeleteTable",
"glue:GetTable",
"glue:GetTables",
"glue:GetTableVersions",
"glue:CreatePartition",
"glue:BatchCreatePartition",
"glue:UpdatePartition",
"glue:DeletePartition",
"glue:BatchDeletePartition",
"glue:GetPartition",
"glue:GetPartitions",
"glue:BatchGetPartition",
"glue:CreateUserDefinedFunction",
"glue:UpdateUserDefinedFunction",
"glue:DeleteUserDefinedFunction",
"glue:GetUserDefinedFunction",
"glue:GetUserDefinedFunctions"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIGALS5RCDLZLB3PGS",
"PolicyName": "AmazonElasticMapReduceforEC2Role",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:DeleteAlarms",
"cloudwatch:Describe*",
"cloudwatch:DisableAlarmActions",
"cloudwatch:EnableAlarmActions",
"cloudwatch:Get*",
"cloudwatch:List*",
"cloudwatch:PutMetricAlarm",
"datapipeline:ActivatePipeline",
"datapipeline:CreatePipeline",
"datapipeline:DeletePipeline",
"datapipeline:DescribeObjects",
"datapipeline:DescribePipelines",
"datapipeline:GetPipelineDefinition",
"datapipeline:ListPipelines",
"datapipeline:PutPipelineDefinition",
"datapipeline:QueryObjects",
"dynamodb:*",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"elasticache:*",
"iam:ListRoles",
"iam:GetRole",
"kms:ListKeys",
"lambda:CreateEventSourceMapping",
"lambda:CreateFunction",
"lambda:DeleteEventSourceMapping",
"lambda:DeleteFunction",
"lambda:GetFunctionConfiguration",
"lambda:ListEventSourceMappings",
"lambda:ListFunctions",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:FilterLogEvents",
"logs:GetLogEvents",
"logs:Create*",
"logs:PutLogEvents",
"logs:PutMetricFilter",
"rds:*",
"redshift:*",
"s3:CreateBucket",
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:Get*",
"sns:List*",
"sns:SetTopicAttributes",
"sns:Subscribe",
"sns:Unsubscribe"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject*",
"s3:Get*",
"s3:List*",
"s3:PutAccelerateConfiguration",
"s3:PutBucketTagging",
"s3:PutBucketVersioning",
"s3:PutBucketWebsite",
"s3:PutLifecycleConfiguration",
"s3:PutReplicationConfiguration",
"s3:PutObject*",
"s3:Replicate*",
"s3:RestoreObject"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:PassRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/rds-monitoring-role",
"arn:aws:iam::*:role/rdbms-lambda-access",
"arn:aws:iam::*:role/lambda_exec_role",
"arn:aws:iam::*:role/lambda-dynamodb-*",
"arn:aws:iam::*:role/lambda-vpc-execution-role",
"arn:aws:iam::*:role/DataPipelineDefaultRole",
"arn:aws:iam::*:role/DataPipelineDefaultResourceRole"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIGBMAW4VUQKOQNVT6",
"PolicyName": "DatabaseAdministrator",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"redshift:Describe*",
"redshift:ViewQueriesInConsole",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeInternetGateways",
"sns:Get*",
"sns:List*",
"cloudwatch:Describe*",
"cloudwatch:List*",
"cloudwatch:Get*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIGD46KSON64QBSEZM",
"PolicyName": "AmazonRedshiftReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "ec2:Describe*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "elasticloadbalancing:Describe*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
"cloudwatch:Describe*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "autoscaling:Describe*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIGDT4SV4GSETWTBZK",
"PolicyName": "AmazonEC2ReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:PutMetricData",
"ec2:DescribeTags",
"logs:PutLogEvents",
"logs:DescribeLogStreams",
"logs:DescribeLogGroups",
"logs:CreateLogStream",
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ssm:GetParameter"
],
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIGOPKN7KRDAKTLG4I",
"PolicyName": "CloudWatchAgentServerPolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"xray:GetSamplingRules",
"xray:GetSamplingTargets",
"xray:GetSamplingStatisticSummaries",
"xray:BatchGetTraces",
"xray:GetServiceGraph",
"xray:GetTraceGraph",
"xray:GetTraceSummaries",
"xray:GetGroups",
"xray:GetGroup"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIH4OFXWPS6ZX6OPGQ",
"PolicyName": "AWSXrayReadOnlyAccess",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetHealth",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:GetConsoleOutput",
"ec2:AssociateAddress",
"ec2:DescribeAddresses",
"ec2:DescribeSecurityGroups",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeScalingActivities",
"autoscaling:DescribeNotificationConfigurations",
"sns:Publish"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"logs:DescribeLogStreams",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*:log-stream:*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIH5EFJNMOGUUTKLFE",
"PolicyName": "AWSElasticBeanstalkEnhancedHealth",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"wellarchitected:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIH6HSBHM3VSYC5SKA",
"PolicyName": "WellArchitectedConsoleFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"elasticmapreduce:Describe*",
"elasticmapreduce:List*",
"elasticmapreduce:ViewEventsFromAllClustersInConsole",
"s3:GetObject",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"sdb:Select",
"cloudwatch:GetMetricStatistics"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIHP6NH2S6GYFCOINC",
"PolicyName": "AmazonElasticMapReduceReadOnlyAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"ds:Check*",
"ds:Describe*",
"ds:Get*",
"ds:List*",
"ds:Verify*",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"sns:ListTopics",
"sns:GetTopicAttributes",
"sns:ListSubscriptions",
"sns:ListSubscriptionsByTopic",
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
"organizations:ListAWSServiceAccessForOrganization"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIHWYO6WSDNCG64M2W",
"PolicyName": "AWSDirectoryServiceReadOnlyAccess",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": "sso.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO",
"Sid": "AWSSSOMasterAccountAdministrator"
},
{
"Action": [
"ds:DescribeTrusts",
"ds:UnauthorizeApplication",
"ds:DescribeDirectories",
"ds:AuthorizeApplication",
"iam:ListPolicies",
"organizations:EnableAWSServiceAccess",
"organizations:ListRoots",
"organizations:ListAccounts",
"organizations:ListOrganizationalUnitsForParent",
"organizations:ListAccountsForParent",
"organizations:DescribeOrganization",
"organizations:ListChildren",
"organizations:DescribeAccount",
"organizations:ListParents",
"sso:*",
"sso-directory:DescribeDirectory",
"ds:CreateAlias"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AWSSSOMemberAccountAdministrator"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIHXAQZIS3GOYIETUC",
"PolicyName": "AWSSSOMasterAccountAdministrator",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeImages"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIHZREZOWNSSA6FWQO",
"PolicyName": "AmazonGuardDutyServiceRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeCustomerGateways",
"ec2:DescribeDhcpOptions",
"ec2:DescribeEgressOnlyInternetGateways",
"ec2:DescribeFlowLogs",
"ec2:DescribeInternetGateways",
"ec2:DescribeMovingAddresses",
"ec2:DescribeNatGateways",
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeNetworkInterfacePermissions",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribePrefixLists",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroupReferences",
"ec2:DescribeSecurityGroups",
"ec2:DescribeStaleSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcClassicLink",
"ec2:DescribeVpcClassicLinkDnsSupport",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcEndpointConnectionNotifications",
"ec2:DescribeVpcEndpointConnections",
"ec2:DescribeVpcEndpointServiceConfigurations",
"ec2:DescribeVpcEndpointServicePermissions",
"ec2:DescribeVpcEndpointServices",
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeVpcs",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIICZJNOJN36GTG6CM",
"PolicyName": "AmazonVPCReadOnlyAccess",
"VersionId": "v6"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:DescribeStacks"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/awseb-*",
"arn:aws:cloudformation:*:*:stack/eb-*"
],
"Sid": "AllowCloudformationReadOperationsOnElasticBeanstalkStacks"
},
{
"Action": [
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeNotificationConfigurations",
"autoscaling:DescribeScalingActivities",
"autoscaling:PutNotificationConfiguration",
"ec2:DescribeInstanceStatus",
"ec2:AssociateAddress",
"ec2:DescribeAddresses",
"ec2:DescribeInstances",
"ec2:DescribeSecurityGroups",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:DescribeTargetGroups",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
"sns:Publish"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "AllowOperations"
},
{
"Action": [
"logs:DescribeLogStreams",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*:log-stream:*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIID62QSI3OSIPQXTM",
"PolicyName": "AWSElasticBeanstalkServiceRolePolicy",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:ModifyInstanceAttribute",
"ec2:StopInstances",
"ec2:StartInstances",
"ec2:TerminateInstances"
],
"Condition": {
"ForAllValues:StringLike": {
"ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": [
"ec2:RunInstances",
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIIIAAMVUCBR2OLXZO",
"PolicyName": "ServerMigrationServiceLaunchRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ecs:DescribeServices",
"ecs:CreateTaskSet",
"ecs:UpdateServicePrimaryTaskSet",
"ecs:DeleteTaskSet",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:ModifyRule",
"lambda:InvokeFunction",
"cloudwatch:DescribeAlarms",
"sns:Publish",
"s3:GetObject",
"s3:GetObjectMetadata",
"s3:GetObjectVersion"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"ecs-tasks.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIIL3KXEKRGEN2HFIO",
"PolicyName": "AWSCodeDeployRoleForECS",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"events:DescribeRule",
"events:ListRuleNamesByTarget",
"events:ListRules",
"events:ListTargetsByRule",
"events:TestEventPattern",
"events:DescribeEventBus"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudWatchEventsReadOnlyAccess"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIILJPXXA6F7GYLYBS",
"PolicyName": "CloudWatchEventsReadOnlyAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:DisableReplication"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:*"
],
"Sid": "LambdaCreateDeletePermission"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLikeIfExists": {
"iam:PassedToService": "lambda.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "IamPassRolePermission"
},
{
"Action": [
"cloudfront:ListDistributionsByLambdaFunction"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "CloudFrontListDistributions"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIIQFXZNNLL3E2HKTG",
"PolicyName": "AWSLambdaReplicator",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"execute-api:Invoke",
"execute-api:ManageConnections"
],
"Effect": "Allow",
"Resource": "arn:aws:execute-api:*:*:*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIIWAX2NOOQJ4AIEQ6",
"PolicyName": "AmazonAPIGatewayInvokeFullAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"iam:AttachRolePolicy",
"iam:CreateRole",
"iam:DeleteRole",
"iam:DeleteRolePolicy",
"iam:DetachRolePolicy",
"iam:GetRole",
"iam:ListRolePolicies",
"iam:PutRolePolicy",
"iam:ListAttachedRolePolicies",
"iam:UpdateRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-reserved/sso.amazonaws.com/*"
]
},
{
"Action": [
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "ListRolesInTheAccount"
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus",
"iam:DeleteRole",
"iam:GetRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO"
],
"Sid": "AllowDeletionOfServiceLinkedRoleForSSO"
},
{
"Action": [
"iam:CreateSAMLProvider",
"iam:GetSAMLProvider",
"iam:UpdateSAMLProvider",
"iam:DeleteSAMLProvider"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:saml-provider/AWSSSO_*"
]
},
{
"Action": [
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
"organizations:ListAccounts"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIJ52KSWOD4GI54XP2",
"PolicyName": "AWSSSOServiceRolePolicy",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:GetLifecycleConfiguration",
"s3:PutLifecycleConfiguration",
"s3:GetBucketPolicy",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-license-manager-service-*"
],
"Sid": "S3BucketPermissions"
},
{
"Action": [
"s3:AbortMultipartUpload",
"s3:PutObject",
"s3:GetObject",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-license-manager-service-*"
],
"Sid": "S3ObjectPermissions1"
},
{
"Action": [
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-license-manager-service-*/resource_sync/*"
],
"Sid": "S3ObjectPermissions2"
},
{
"Action": [
"athena:GetQueryExecution",
"athena:GetQueryResults",
"athena:StartQueryExecution"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "AthenaPermissions"
},
{
"Action": [
"glue:GetTable",
"glue:GetPartition",
"glue:GetPartitions"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "GluePermissions"
},
{
"Action": [
"organizations:DescribeOrganization",
"organizations:ListAccounts",
"organizations:DescribeAccount",
"organizations:ListChildren",
"organizations:ListParents",
"organizations:ListAccountsForParent",
"organizations:ListRoots",
"organizations:ListAWSServiceAccessForOrganization"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "OrganizationPermissions"
},
{
"Action": [
"ram:GetResourceShares",
"ram:GetResourceShareAssociations",
"ram:TagResource"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "RAMPermissions1"
},
{
"Action": [
"ram:CreateResourceShare"
],
"Condition": {
"StringEquals": {
"aws:RequestTag/Service": "LicenseManager"
}
},
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "RAMPermissions2"
},
{
"Action": [
"ram:AssociateResourceShare",
"ram:DisassociateResourceShare",
"ram:UpdateResourceShare",
"ram:DeleteResourceShare"
],
"Condition": {
"StringEquals": {
"ram:ResourceTag/Service": "LicenseManager"
}
},
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "RAMPermissions3"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIJE2NOZW2BDEHYUH2",
"PolicyName": "AWSLicenseManagerMasterAccountRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"kinesisanalytics:Describe*",
"kinesisanalytics:Get*",
"kinesisanalytics:List*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kinesis:DescribeStream",
"kinesis:ListStreams"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"firehose:DescribeDeliveryStream",
"firehose:ListDeliveryStreams"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "logs:GetLogEvents",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:ListPolicyVersions",
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIJIEXZAFUK43U7ARK",
"PolicyName": "AmazonKinesisAnalyticsReadOnly",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "mobileanalytics:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIJIKLU2IJ7WJ6DZFG",
"PolicyName": "AmazonMobileAnalyticsFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"apigateway:GET",
"apigateway:GetRestApis",
"apigateway:GetResources",
"apigateway:POST",
"apigateway:TestInvokeMethod",
"cloudfront:GetDistribution",
"devicefarm:CreateProject",
"devicefarm:ListJobs",
"devicefarm:ListRuns",
"devicefarm:GetProject",
"devicefarm:GetRun",
"devicefarm:ListArtifacts",
"devicefarm:ListProjects",
"devicefarm:ScheduleRun",
"dynamodb:DescribeTable",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"iam:ListSAMLProviders",
"lambda:ListFunctions",
"sns:ListTopics",
"lex:GetIntent",
"lex:GetIntents",
"lex:GetSlotType",
"lex:GetSlotTypes",
"lex:GetBot",
"lex:GetBots",
"lex:GetBotAlias",
"lex:GetBotAliases",
"mobilehub:CreateProject",
"mobilehub:DeleteProject",
"mobilehub:UpdateProject",
"mobilehub:ExportProject",
"mobilehub:ImportProject",
"mobilehub:SynchronizeProject",
"mobilehub:GenerateProjectParameters",
"mobilehub:GetProject",
"mobilehub:GetProjectSnapshot",
"mobilehub:ListProjectSnapshots",
"mobilehub:DeleteProjectSnapshot",
"mobilehub:ListAvailableConnectors",
"mobilehub:ListAvailableFeatures",
"mobilehub:ListAvailableRegions",
"mobilehub:ListProjects",
"mobilehub:ValidateProject",
"mobilehub:VerifyServiceRole",
"mobilehub:DescribeBundle",
"mobilehub:ExportBundle",
"mobilehub:ListBundles"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*/aws-my-sample-app*.zip"
},
{
"Action": [
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*-mobilehub-*/*"
},
{
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*-mobilehub-*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIJLU43R6AGRBK76DM",
"PolicyName": "AWSMobileHub_FullAccess",
"VersionId": "v13"
},
{
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:PutLogEvents",
"logs:GetLogEvents",
"logs:FilterLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIK4GFO7HLKYN64ASK",
"PolicyName": "AmazonAPIGatewayPushToCloudWatchLogs",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:*",
"datapipeline:DescribeObjects",
"datapipeline:EvaluateExpression",
"dynamodb:BatchGetItem",
"dynamodb:DescribeTable",
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:UpdateTable",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CancelSpotInstanceRequests",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:Describe*",
"ec2:ModifyImageAttribute",
"ec2:ModifyInstanceAttribute",
"ec2:RequestSpotInstances",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:DeleteSecurityGroup",
"ec2:RevokeSecurityGroupEgress",
"ec2:DescribeNetworkInterfaces",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DetachNetworkInterface",
"elasticmapreduce:*",
"iam:GetInstanceProfile",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:ListAttachedRolePolicies",
"iam:ListRolePolicies",
"iam:ListInstanceProfiles",
"iam:PassRole",
"rds:DescribeDBInstances",
"rds:DescribeDBSecurityGroups",
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"s3:CreateBucket",
"s3:DeleteObject",
"s3:Get*",
"s3:List*",
"s3:Put*",
"sdb:BatchPutAttributes",
"sdb:Select*",
"sns:GetTopicAttributes",
"sns:ListTopics",
"sns:Publish",
"sns:Subscribe",
"sns:Unsubscribe",
"sqs:CreateQueue",
"sqs:Delete*",
"sqs:GetQueue*",
"sqs:PurgeQueue",
"sqs:ReceiveMessage"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": [
"elasticmapreduce.amazonaws.com",
"spot.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIKCP6XS3ESGF4GLO2",
"PolicyName": "AWSDataPipelineRole",
"VersionId": "v6"
},
{
"Document": {
"Statement": [
{
"Action": [
"autoscaling:Describe*",
"cloudwatch:*",
"logs:*",
"sns:*",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:GetRole"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "events.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIKEABORKUXN6DEAZU",
"PolicyName": "CloudWatchFullAccess",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"mq:Describe*",
"mq:List*",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIKI5JRHKAFHXQJKMO",
"PolicyName": "AmazonMQApiReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"s3:ListBucket",
"s3:GetObject",
"s3:ListObjects"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::deeplens*/*",
"arn:aws:s3:::deeplens*"
],
"Sid": "DeepLensS3ObjectAccess"
},
{
"Action": [
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:PutLogEvents",
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/greengrass/*",
"Sid": "DeepLensGreenGrassCloudWatchAccess"
},
{
"Action": [
"deeplens:*"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "DeepLensAccess"
},
{
"Action": [
"kinesisvideo:DescribeStream",
"kinesisvideo:CreateStream",
"kinesisvideo:GetDataEndpoint",
"kinesisvideo:PutMedia"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "DeepLensKinesisVideoAccess"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIKIEE4PRM54V4G3ZG",
"PolicyName": "AWSDeepLensLambdaFunctionAccessPolicy",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": "guardduty:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "guardduty.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIKUTKSN4KC63VDQUM",
"PolicyName": "AmazonGuardDutyFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ds:DescribeDirectories",
"ds:AuthorizeApplication",
"ds:UnauthorizeApplication"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIL4KBY57XWMYUHKUU",
"PolicyName": "AmazonRDSDirectoryServiceAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"codepipeline:GetPipeline",
"codepipeline:GetPipelineState",
"codepipeline:GetPipelineExecution",
"codepipeline:ListPipelineExecutions",
"codepipeline:ListActionTypes",
"codepipeline:ListPipelines",
"iam:ListRoles",
"s3:GetBucketPolicy",
"s3:GetObject",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"codecommit:ListBranches",
"codecommit:ListRepositories",
"codedeploy:GetApplication",
"codedeploy:GetDeploymentGroup",
"codedeploy:ListApplications",
"codedeploy:ListDeploymentGroups",
"elasticbeanstalk:DescribeApplications",
"elasticbeanstalk:DescribeEnvironments",
"lambda:GetFunctionConfiguration",
"lambda:ListFunctions",
"opsworks:DescribeApps",
"opsworks:DescribeLayers",
"opsworks:DescribeStacks"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAILFKZXIBOTNC5TO2Q",
"PolicyName": "AWSCodePipelineReadOnlyAccess",
"VersionId": "v6"
},
{
"Document": {
"Statement": [
{
"Action": [
"a4b:Get*",
"a4b:List*",
"a4b:Describe*",
"a4b:Search*",
"acm:Describe*",
"acm:Get*",
"acm:List*",
"apigateway:GET",
"application-autoscaling:Describe*",
"autoscaling-plans:Describe*",
"autoscaling-plans:GetScalingPlanResourceForecastData",
"appstream:Describe*",
"appstream:Get*",
"appstream:List*",
"appsync:Get*",
"appsync:List*",
"athena:List*",
"athena:Batch*",
"athena:Get*",
"autoscaling:Describe*",
"batch:List*",
"batch:Describe*",
"cloud9:Describe*",
"cloud9:List*",
"clouddirectory:List*",
"clouddirectory:BatchRead",
"clouddirectory:Get*",
"clouddirectory:LookupPolicy",
"cloudformation:Describe*",
"cloudformation:Get*",
"cloudformation:List*",
"cloudformation:Estimate*",
"cloudformation:Preview*",
"cloudfront:Get*",
"cloudfront:List*",
"cloudhsm:List*",
"cloudhsm:Describe*",
"cloudhsm:Get*",
"cloudsearch:Describe*",
"cloudsearch:List*",
"cloudtrail:Describe*",
"cloudtrail:Get*",
"cloudtrail:List*",
"cloudtrail:LookupEvents",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"codebuild:BatchGet*",
"codebuild:List*",
"codecommit:BatchGet*",
"codecommit:Describe*",
"codecommit:Get*",
"codecommit:GitPull",
"codecommit:List*",
"codedeploy:BatchGet*",
"codedeploy:Get*",
"codedeploy:List*",
"codepipeline:List*",
"codepipeline:Get*",
"codestar:List*",
"codestar:Describe*",
"codestar:Get*",
"codestar:Verify*",
"cognito-identity:Describe*",
"cognito-identity:Get*",
"cognito-identity:List*",
"cognito-identity:Lookup*",
"cognito-sync:List*",
"cognito-sync:Describe*",
"cognito-sync:Get*",
"cognito-sync:QueryRecords",
"cognito-idp:AdminGet*",
"cognito-idp:AdminList*",
"cognito-idp:List*",
"cognito-idp:Describe*",
"cognito-idp:Get*",
"config:Deliver*",
"config:Describe*",
"config:Get*",
"config:List*",
"connect:List*",
"connect:Describe*",
"connect:GetFederationToken",
"datasync:Describe*",
"datasync:List*",
"datapipeline:Describe*",
"datapipeline:EvaluateExpression",
"datapipeline:Get*",
"datapipeline:List*",
"datapipeline:QueryObjects",
"datapipeline:Validate*",
"dax:BatchGetItem",
"dax:Describe*",
"dax:GetItem",
"dax:ListTags",
"dax:Query",
"dax:Scan",
"directconnect:Describe*",
"devicefarm:List*",
"devicefarm:Get*",
"discovery:Describe*",
"discovery:List*",
"discovery:Get*",
"dlm:Get*",
"dms:Describe*",
"dms:List*",
"dms:Test*",
"ds:Check*",
"ds:Describe*",
"ds:Get*",
"ds:List*",
"ds:Verify*",
"dynamodb:BatchGet*",
"dynamodb:Describe*",
"dynamodb:Get*",
"dynamodb:List*",
"dynamodb:Query",
"dynamodb:Scan",
"ec2:Describe*",
"ec2:Get*",
"ec2messages:Get*",
"ecr:BatchCheck*",
"ecr:BatchGet*",
"ecr:Describe*",
"ecr:Get*",
"ecr:List*",
"ecs:Describe*",
"ecs:List*",
"eks:DescribeCluster",
"eks:ListClusters",
"elasticache:Describe*",
"elasticache:List*",
"elasticbeanstalk:Check*",
"elasticbeanstalk:Describe*",
"elasticbeanstalk:List*",
"elasticbeanstalk:Request*",
"elasticbeanstalk:Retrieve*",
"elasticbeanstalk:Validate*",
"elasticfilesystem:Describe*",
"elasticloadbalancing:Describe*",
"elasticmapreduce:Describe*",
"elasticmapreduce:List*",
"elasticmapreduce:View*",
"elastictranscoder:List*",
"elastictranscoder:Read*",
"es:Describe*",
"es:List*",
"es:Get*",
"es:ESHttpGet",
"es:ESHttpHead",
"events:Describe*",
"events:List*",
"events:Test*",
"firehose:Describe*",
"firehose:List*",
"fsx:Describe*",
"fsx:List*",
"gamelift:List*",
"gamelift:Get*",
"gamelift:Describe*",
"gamelift:RequestUploadCredentials",
"gamelift:ResolveAlias",
"gamelift:Search*",
"glacier:List*",
"glacier:Describe*",
"glacier:Get*",
"greengrass:Get*",
"greengrass:List*",
"guardduty:Get*",
"guardduty:List*",
"health:Describe*",
"health:Get*",
"health:List*",
"iam:Generate*",
"iam:Get*",
"iam:List*",
"iam:Simulate*",
"importexport:Get*",
"importexport:List*",
"inspector:Describe*",
"inspector:Get*",
"inspector:List*",
"inspector:Preview*",
"inspector:LocalizeText",
"iot:Describe*",
"iot:Get*",
"iot:List*",
"iotanalytics:Describe*",
"iotanalytics:List*",
"iotanalytics:Get*",
"iotanalytics:SampleChannelData",
"kafka:Describe*",
"kafka:List*",
"kafka:Get*",
"kinesisanalytics:Describe*",
"kinesisanalytics:Discover*",
"kinesisanalytics:Get*",
"kinesisanalytics:List*",
"kinesisvideo:Describe*",
"kinesisvideo:Get*",
"kinesisvideo:List*",
"kinesis:Describe*",
"kinesis:Get*",
"kinesis:List*",
"kms:Describe*",
"kms:Get*",
"kms:List*",
"lambda:List*",
"lambda:Get*",
"lex:Get*",
"lightsail:Get*",
"lightsail:Is*",
"lightsail:Download*",
"logs:Describe*",
"logs:Get*",
"logs:FilterLogEvents",
"logs:ListTagsLogGroup",
"logs:StartQuery",
"logs:TestMetricFilter",
"machinelearning:Describe*",
"machinelearning:Get*",
"mobileanalytics:Get*",
"mobilehub:Describe*",
"mobilehub:Export*",
"mobilehub:Generate*",
"mobilehub:Get*",
"mobilehub:List*",
"mobilehub:Validate*",
"mobilehub:Verify*",
"mobiletargeting:Get*",
"mq:Describe*",
"mq:List*",
"opsworks:Describe*",
"opsworks:Get*",
"opsworks-cm:Describe*",
"organizations:Describe*",
"organizations:List*",
"pi:DescribeDimensionKeys",
"pi:GetResourceMetrics",
"polly:Describe*",
"polly:Get*",
"polly:List*",
"polly:SynthesizeSpeech",
"rekognition:CompareFaces",
"rekognition:Detect*",
"rekognition:List*",
"rekognition:Search*",
"rds:Describe*",
"rds:List*",
"rds:Download*",
"redshift:Describe*",
"redshift:GetReservedNodeExchangeOfferings",
"redshift:View*",
"resource-groups:Describe*",
"resource-groups:Get*",
"resource-groups:List*",
"resource-groups:Search*",
"robomaker:BatchDescribe*",
"robomaker:Describe*",
"robomaker:List*",
"route53:Get*",
"route53:List*",
"route53:Test*",
"route53domains:Check*",
"route53domains:Get*",
"route53domains:List*",
"route53domains:View*",
"s3:Get*",
"s3:List*",
"s3:Head*",
"sagemaker:Describe*",
"sagemaker:List*",
"sdb:Get*",
"sdb:List*",
"sdb:Select*",
"secretsmanager:List*",
"secretsmanager:Describe*",
"secretsmanager:GetResourcePolicy",
"securityhub:Get*",
"securityhub:List*",
"serverlessrepo:List*",
"serverlessrepo:Get*",
"serverlessrepo:SearchApplications",
"servicecatalog:List*",
"servicecatalog:Scan*",
"servicecatalog:Search*",
"servicecatalog:Describe*",
"servicediscovery:Get*",
"servicediscovery:List*",
"ses:Get*",
"ses:List*",
"ses:Describe*",
"shield:Describe*",
"shield:Get*",
"shield:List*",
"snowball:Get*",
"snowball:Describe*",
"snowball:List*",
"sns:Get*",
"sns:List*",
"sns:Check*",
"sqs:Get*",
"sqs:List*",
"sqs:Receive*",
"ssm:Describe*",
"ssm:Get*",
"ssm:List*",
"states:List*",
"states:Describe*",
"states:GetExecutionHistory",
"storagegateway:Describe*",
"storagegateway:List*",
"sts:Get*",
"swf:Count*",
"swf:Describe*",
"swf:Get*",
"swf:List*",
"tag:Get*",
"transcribe:Get*",
"transcribe:List*",
"trustedadvisor:Describe*",
"waf:Get*",
"waf:List*",
"waf-regional:List*",
"waf-regional:Get*",
"workdocs:Describe*",
"workdocs:Get*",
"workdocs:CheckAlias",
"worklink:Describe*",
"worklink:List*",
"workmail:Describe*",
"workmail:Get*",
"workmail:List*",
"workmail:Search*",
"workspaces:Describe*",
"xray:BatchGet*",
"xray:Get*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAILL3HVNFSB6DCOWYQ",
"PolicyName": "ReadOnlyAccess",
"VersionId": "v45"
},
{
"Document": {
"Statement": [
{
"Action": [
"appsync:GraphQL",
"appsync:GetGraphqlApi",
"appsync:ListGraphqlApis",
"appsync:ListApiKeys"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAILMPWRRZN27MPE3VM",
"PolicyName": "AWSAppSyncInvokeFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"machinelearning:CreateBatchPrediction",
"machinelearning:DeleteBatchPrediction",
"machinelearning:DescribeBatchPredictions",
"machinelearning:GetBatchPrediction",
"machinelearning:UpdateBatchPrediction"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAILOI4HTQSFTF3GQSC",
"PolicyName": "AmazonMachineLearningBatchPredictionsAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"iotsitewise:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAILUK3XBM6TZ5Q3PX2",
"PolicyName": "AWSIoTSiteWiseFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"a4b:*",
"kms:DescribeKey"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAILUT3JGG7WRIMVNH2",
"PolicyName": "AlexaForBusinessFullAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeImages",
"ec2:DescribeSubnets",
"ec2:RequestSpotInstances",
"ec2:DescribeInstanceStatus",
"ec2:RunInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:CreateTags"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:spot-instances-request/*"
]
},
{
"Action": [
"ec2:TerminateInstances"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:ec2spot:fleet-request-id": "*"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAILWCVTZD57EMYWMBO",
"PolicyName": "AWSEC2SpotFleetServiceRolePolicy",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"rekognition:CompareFaces",
"rekognition:DetectFaces",
"rekognition:DetectLabels",
"rekognition:ListCollections",
"rekognition:ListFaces",
"rekognition:SearchFaces",
"rekognition:SearchFacesByImage",
"rekognition:DetectText",
"rekognition:GetCelebrityInfo",
"rekognition:RecognizeCelebrities",
"rekognition:DetectModerationLabels",
"rekognition:GetLabelDetection",
"rekognition:GetFaceDetection",
"rekognition:GetContentModeration",
"rekognition:GetPersonTracking",
"rekognition:GetCelebrityRecognition",
"rekognition:GetFaceSearch",
"rekognition:DescribeStreamProcessor",
"rekognition:ListStreamProcessors"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAILWSUHXUY4ES43SA4",
"PolicyName": "AmazonRekognitionReadOnlyAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"codedeploy:Batch*",
"codedeploy:Get*",
"codedeploy:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAILZHHKCKB4NE7XOIQ",
"PolicyName": "AWSCodeDeployReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudsearch:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIM6OOWKQ7L7VBOZOC",
"PolicyName": "CloudSearchFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-license-manager-service-*"
],
"Sid": "S3BucketPermissions1"
},
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "S3BucketPermissions2"
},
{
"Action": [
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-license-manager-service-*"
],
"Sid": "S3ObjectPermissions"
},
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sns:*:*:aws-license-manager-service-*"
],
"Sid": "SNSAccountPermissions"
},
{
"Action": [
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "SNSTopicPermissions"
},
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeImages",
"ec2:DescribeHosts"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "EC2Permissions"
},
{
"Action": [
"ssm:ListInventoryEntries",
"ssm:GetInventory",
"ssm:CreateAssociation"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "SSMPermissions"
},
{
"Action": [
"organizations:ListAWSServiceAccessForOrganization",
"organizations:DescribeOrganization"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "OrganizationPermissions"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIM7JPETWHTYNBQSZE",
"PolicyName": "AWSLicenseManagerServiceRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "cloudhsm:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIMBQYQZM7F63DA2UU",
"PolicyName": "AWSCloudHSMFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeSpotFleetRequests",
"ec2:ModifySpotFleetRequest"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"cloudwatch:DescribeAlarms",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIMFFRMIOBGDP2TAVE",
"PolicyName": "AmazonEC2SpotFleetAutoscaleRole",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeAddresses",
"ec2:DescribeInstances",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcs",
"ec2:DescribeInternetGateways",
"ec2:DescribeAccountAttributes",
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeVpcClassicLink",
"ec2:CreateSecurityGroup",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:ModifyNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:AssociateAddress",
"ec2:DisassociateAddress",
"ec2:AttachNetworkInterface",
"ec2:DetachNetworkInterface",
"ec2:AssignPrivateIpAddresses",
"ec2:AssignIpv6Addresses",
"ec2:UnassignIpv6Addresses",
"logs:CreateLogDelivery",
"logs:GetLogDelivery",
"logs:UpdateLogDelivery",
"logs:DeleteLogDelivery",
"logs:ListLogDeliveries"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIMHWGGSRHLOQUICJQ",
"PolicyName": "AWSElasticLoadBalancingServiceRolePolicy",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"codebuild:StartBuild",
"codebuild:StopBuild",
"codebuild:BatchGet*",
"codebuild:Get*",
"codebuild:List*",
"codecommit:GetBranch",
"codecommit:GetCommit",
"codecommit:GetRepository",
"codecommit:ListBranches",
"cloudwatch:GetMetricStatistics",
"events:DescribeRule",
"events:ListTargetsByRule",
"events:ListRuleNamesByTarget",
"logs:GetLogEvents",
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ssm:PutParameter"
],
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:parameter/CodeBuild/*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIMKTMR34XSBQW45HS",
"PolicyName": "AWSCodeBuildDeveloperAccess",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:RevokeSecurityGroupIngress"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIML5LIBUZBVCSF7PI",
"PolicyName": "ElastiCacheServiceRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"glue:CreateDatabase",
"glue:CreatePartition",
"glue:CreateTable",
"glue:DeleteDatabase",
"glue:DeletePartition",
"glue:DeleteTable",
"glue:GetDatabase",
"glue:GetDatabases",
"glue:GetPartition",
"glue:GetPartitions",
"glue:GetTable",
"glue:GetTableVersions",
"glue:GetTables",
"glue:UpdateDatabase",
"glue:UpdatePartition",
"glue:UpdateTable",
"glue:CreateBookmark",
"glue:GetBookmark",
"glue:UpdateBookmark",
"glue:GetMetric",
"glue:PutMetric",
"glue:CreateConnection",
"glue:CreateJob",
"glue:DeleteConnection",
"glue:DeleteJob",
"glue:GetConnection",
"glue:GetConnections",
"glue:GetDevEndpoint",
"glue:GetDevEndpoints",
"glue:GetJob",
"glue:GetJobs",
"glue:UpdateJob",
"glue:BatchDeleteConnection",
"glue:UpdateConnection",
"glue:GetUserDefinedFunction",
"glue:UpdateUserDefinedFunction",
"glue:GetUserDefinedFunctions",
"glue:DeleteUserDefinedFunction",
"glue:CreateUserDefinedFunction",
"glue:BatchGetPartition",
"glue:BatchDeletePartition",
"glue:BatchCreatePartition",
"glue:BatchDeleteTable",
"glue:UpdateDevEndpoint",
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListAllMyBuckets",
"s3:GetBucketAcl"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::crawler-public*",
"arn:aws:s3:::aws-glue*"
]
},
{
"Action": [
"s3:PutObject",
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-glue*"
]
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"aws-glue-service-resource"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:instance/*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIMRC6VZUHJYCTKWFI",
"PolicyName": "AWSGlueServiceNotebookRole",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeImages",
"ec2:DescribeSubnets",
"ec2:RequestSpotInstances",
"ec2:TerminateInstances",
"ec2:DescribeInstanceStatus",
"iam:PassRole"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"elasticloadbalancing:RegisterInstancesWithLoadBalancer"
],
"Effect": "Allow",
"Resource": [
"arn:aws:elasticloadbalancing:*:*:loadbalancer/*"
]
},
{
"Action": [
"elasticloadbalancing:RegisterTargets"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIMRTKHWK7ESSNETSW",
"PolicyName": "AmazonEC2SpotFleetRole",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"s3:List*",
"dynamodb:DescribeTable",
"rds:DescribeDBInstances",
"rds:DescribeDBSecurityGroups",
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"sns:ListTopics",
"iam:ListRoles",
"iam:GetRolePolicy",
"iam:GetInstanceProfile",
"iam:ListInstanceProfiles",
"datapipeline:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:PassRole",
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/DataPipelineDefaultResourceRole",
"arn:aws:iam::*:role/DataPipelineDefaultRole"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIMXGLVY6DVR24VTYS",
"PolicyName": "AWSDataPipeline_PowerUser",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"events:PutTargets",
"events:RemoveTargets",
"events:PutRule",
"events:DeleteRule",
"events:DescribeRule"
],
"Effect": "Allow",
"Resource": [
"arn:aws:events:*:*:rule/awscodestar-*"
],
"Sid": "ProjectEventRules"
},
{
"Action": [
"cloudformation:*Stack*",
"cloudformation:CreateChangeSet",
"cloudformation:ExecuteChangeSet",
"cloudformation:DeleteChangeSet",
"cloudformation:GetTemplate"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/awscodestar-*",
"arn:aws:cloudformation:*:*:stack/awseb-*",
"arn:aws:cloudformation:*:*:stack/aws-cloud9-*",
"arn:aws:cloudformation:*:aws:transform/CodeStar*"
],
"Sid": "ProjectStack"
},
{
"Action": [
"cloudformation:GetTemplateSummary",
"cloudformation:DescribeChangeSet"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ProjectStackTemplate"
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::awscodestar-*/*"
],
"Sid": "ProjectQuickstarts"
},
{
"Action": [
"s3:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-codestar-*",
"arn:aws:s3:::aws-codestar-*/*",
"arn:aws:s3:::elasticbeanstalk-*",
"arn:aws:s3:::elasticbeanstalk-*/*"
],
"Sid": "ProjectS3Buckets"
},
{
"Action": [
"codestar:*",
"codecommit:*",
"codepipeline:*",
"codedeploy:*",
"codebuild:*",
"ec2:RunInstances",
"autoscaling:*",
"cloudwatch:Put*",
"ec2:*",
"elasticbeanstalk:*",
"elasticloadbalancing:*",
"iam:ListRoles",
"logs:*",
"sns:*",
"cloud9:CreateEnvironmentEC2",
"cloud9:DeleteEnvironment",
"cloud9:DescribeEnvironment*",
"cloud9:ListEnvironments"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ProjectServices"
},
{
"Action": [
"iam:AttachRolePolicy",
"iam:CreateRole",
"iam:DeleteRole",
"iam:DeleteRolePolicy",
"iam:DetachRolePolicy",
"iam:GetRole",
"iam:PassRole",
"iam:PutRolePolicy",
"iam:SetDefaultPolicyVersion",
"iam:CreatePolicy",
"iam:DeletePolicy",
"iam:AddRoleToInstanceProfile",
"iam:CreateInstanceProfile",
"iam:DeleteInstanceProfile",
"iam:RemoveRoleFromInstanceProfile"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/CodeStarWorker*",
"arn:aws:iam::*:policy/CodeStarWorker*",
"arn:aws:iam::*:instance-profile/awscodestar-*"
],
"Sid": "ProjectWorkerRoles"
},
{
"Action": [
"iam:AttachUserPolicy",
"iam:DetachUserPolicy"
],
"Condition": {
"ArnEquals": {
"iam:PolicyArn": [
"arn:aws:iam::*:policy/CodeStar_*"
]
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "ProjectTeamMembers"
},
{
"Action": [
"iam:CreatePolicy",
"iam:DeletePolicy",
"iam:CreatePolicyVersion",
"iam:DeletePolicyVersion",
"iam:ListEntitiesForPolicy",
"iam:ListPolicyVersions",
"iam:GetPolicy",
"iam:GetPolicyVersion"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:policy/CodeStar_*"
],
"Sid": "ProjectRoles"
},
{
"Action": [
"iam:ListAttachedRolePolicies"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-codestar-service-role",
"arn:aws:iam::*:role/service-role/aws-codestar-service-role"
],
"Sid": "InspectServiceRole"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "cloud9.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "IAMLinkRole"
},
{
"Action": [
"config:DescribeConfigRules"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "DescribeConfigRuleForARN"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIN6D4M2KD3NBOC4M4",
"PolicyName": "AWSCodeStarServiceRole",
"VersionId": "v8"
},
{
"Document": {
"Statement": [
{
"Action": [
"transcribe:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*transcribe*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAINAV45F5NT5RMFO7K",
"PolicyName": "AmazonTranscribeFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ds:*",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"ec2:DescribeSecurityGroups",
"sns:GetTopicAttributes",
"sns:ListSubscriptions",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"iam:ListRoles",
"organizations:ListAccountsForParent",
"organizations:ListRoots",
"organizations:ListAccounts",
"organizations:DescribeOrganization",
"organizations:DescribeAccount",
"organizations:ListOrganizationalUnitsForParent",
"organizations:ListAWSServiceAccessForOrganization"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:SetTopicAttributes",
"sns:Subscribe",
"sns:Unsubscribe"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:DirectoryMonitoring*"
},
{
"Action": [
"organizations:EnableAWSServiceAccess",
"organizations:DisableAWSServiceAccess"
],
"Condition": {
"ForAllValues:StringLike": {
"organizations:ServicePrincipal": [
"ds.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:security-group/*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAINAW5ANUWTH3R4ANI",
"PolicyName": "AWSDirectoryServiceFullAccess",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"s3:GetObjectVersion",
"s3:PutObject",
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::afr-ota*"
},
{
"Action": [
"signer:StartSigningJob",
"signer:DescribeSigningJob",
"signer:GetSigningProfile",
"signer:PutSigningProfile"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:ListBucket",
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iot:DeleteJob"
],
"Effect": "Allow",
"Resource": "arn:aws:iot:*:*:job/AFR_OTA*"
},
{
"Action": [
"iot:DeleteStream"
],
"Effect": "Allow",
"Resource": "arn:aws:iot:*:*:stream/AFR_OTA*"
},
{
"Action": [
"iot:CreateStream",
"iot:CreateJob"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAINC2TXHAYDOK3SWMU",
"PolicyName": "AmazonFreeRTOSOTAUpdate",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"dynamodb:*",
"dax:*",
"application-autoscaling:DeleteScalingPolicy",
"application-autoscaling:DeregisterScalableTarget",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:RegisterScalableTarget",
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarmHistory",
"cloudwatch:DescribeAlarms",
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"cloudwatch:PutMetricAlarm",
"datapipeline:ActivatePipeline",
"datapipeline:CreatePipeline",
"datapipeline:DeletePipeline",
"datapipeline:DescribeObjects",
"datapipeline:DescribePipelines",
"datapipeline:GetPipelineDefinition",
"datapipeline:ListPipelines",
"datapipeline:PutPipelineDefinition",
"datapipeline:QueryObjects",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"iam:GetRole",
"iam:ListRoles",
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:ListSubscriptions",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"sns:Subscribe",
"sns:Unsubscribe",
"sns:SetTopicAttributes",
"lambda:CreateFunction",
"lambda:ListFunctions",
"lambda:ListEventSourceMappings",
"lambda:CreateEventSourceMapping",
"lambda:DeleteEventSourceMapping",
"lambda:GetFunctionConfiguration",
"lambda:DeleteFunction"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"application-autoscaling.amazonaws.com",
"dax.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"replication.dynamodb.amazonaws.com",
"dax.amazonaws.com",
"dynamodb.application-autoscaling.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAINUGF2JSOSUY76KYA",
"PolicyName": "AmazonDynamoDBFullAccess",
"VersionId": "v8"
},
{
"Document": {
"Statement": [
{
"Action": [
"ses:Get*",
"ses:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAINV2XPFRMWJJNSCGI",
"PolicyName": "AmazonSESReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"redshift:GetClusterCredentials",
"redshift:ListSchemas",
"redshift:ListTables",
"redshift:ListDatabases",
"redshift:ExecuteQuery",
"redshift:FetchResults",
"redshift:CancelQuery",
"redshift:DescribeClusters",
"redshift:DescribeQuery",
"redshift:DescribeTable",
"redshift:ViewQueriesFromConsole",
"redshift:DescribeSavedQueries",
"redshift:CreateSavedQuery",
"redshift:DeleteSavedQueries",
"redshift:ModifySavedQuery"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAINVFHHP7CWVHTGBGM",
"PolicyName": "AmazonRedshiftQueryEditor",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"waf:Get*",
"waf:List*",
"waf-regional:Get*",
"waf-regional:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAINZVDMX2SBF7EU2OC",
"PolicyName": "AWSWAFReadOnlyAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"sqs:SendMessage",
"sqs:GetQueueUrl",
"sns:Publish"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIO2VMUPGDC5PZVXVA",
"PolicyName": "AutoScalingNotificationAccessRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"mechanicalturk:Get*",
"mechanicalturk:Search*",
"mechanicalturk:List*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIO5IY3G3WXSX5PPRM",
"PolicyName": "AmazonMechanicalTurkReadOnly",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"kinesis:Get*",
"kinesis:List*",
"kinesis:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIOCMTDT5RLKZ2CAJO",
"PolicyName": "AmazonKinesisReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"xray:PutTraceSegments",
"xray:PutTelemetryRecords",
"xray:GetSamplingRules",
"xray:GetSamplingTargets",
"xray:GetSamplingStatisticSummaries"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIOE47HSUE5AVBNEDM",
"PolicyName": "AWSXRayDaemonWriteAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"servicediscovery:Get*",
"servicediscovery:List*",
"servicediscovery:DiscoverInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIOHISHKLCJTVQQL5E",
"PolicyName": "AWSCloudMapReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:/aws/cloudfront/*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIOI7RPKLCNINBTRP4",
"PolicyName": "AWSCloudFrontLogger",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "codedeploy:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIONKN3TJZUKXCHXWC",
"PolicyName": "AWSCodeDeployFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"dynamodb:DescribeTable",
"dynamodb:CreateBackup"
],
"Effect": "Allow",
"Resource": "arn:aws:dynamodb:*:*:table/*"
},
{
"Action": [
"dynamodb:DescribeBackup",
"dynamodb:DeleteBackup"
],
"Effect": "Allow",
"Resource": "arn:aws:dynamodb:*:*:table/*/backup/*"
},
{
"Action": [
"rds:AddTagsToResource",
"rds:ListTagsForResource",
"rds:DescribeDBSnapshots",
"rds:CreateDBSnapshot",
"rds:CopyDBSnapshot",
"rds:DescribeDBInstances"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"rds:DeleteDBSnapshot"
],
"Effect": "Allow",
"Resource": [
"arn:aws:rds:*:*:snapshot:awsbackup:*"
]
},
{
"Action": [
"storagegateway:CreateSnapshot"
],
"Effect": "Allow",
"Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*"
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteSnapshot"
],
"Effect": "Allow",
"Resource": "arn:aws:ec2:*::snapshot/*"
},
{
"Action": [
"ec2:DescribeSnapshots"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"elasticfilesystem:Backup"
],
"Effect": "Allow",
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
},
{
"Action": [
"ec2:CreateSnapshot",
"ec2:DeleteSnapshot",
"ec2:DescribeVolumes",
"ec2:DescribeSnapshots"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*:*:volume/*"
]
},
{
"Action": [
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIOOYZSLZZXWFJJ5N2",
"PolicyName": "AWSBackupServiceRolePolicyForBackup",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterfacePermission",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeSecurityGroups",
"greengrass:CreateDeployment",
"greengrass:CreateGroupVersion",
"greengrass:CreateFunctionDefinition",
"greengrass:CreateFunctionDefinitionVersion",
"greengrass:GetDeploymentStatus",
"greengrass:GetGroup",
"greengrass:GetGroupVersion",
"greengrass:GetCoreDefinitionVersion",
"greengrass:GetFunctionDefinitionVersion",
"greengrass:GetAssociatedRole",
"lambda:CreateFunction"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"lambda:UpdateFunctionCode",
"lambda:GetFunction",
"lambda:UpdateFunctionConfiguration"
],
"Effect": "Allow",
"Resource": "arn:aws:lambda:*:*:function:aws-robomaker-*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEqualsIfExists": {
"iam:PassedToService": "lambda.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIOSFFLBBLCTKS3ATC",
"PolicyName": "AWSRoboMakerServiceRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:Describe*",
"ec2:Describe*",
"ec2:RebootInstances",
"ec2:StopInstances",
"ec2:TerminateInstances"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIOWD4E3FVSORSZTGU",
"PolicyName": "CloudWatchActionsEC2Access",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"dynamodb:DescribeStream",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:ListStreams",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIP7WNAGMIPYNW4WQG",
"PolicyName": "AWSLambdaDynamoDBExecutionRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"route53:CreateHostedZone",
"route53domains:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIPAFBMIYUILMOKL6G",
"PolicyName": "AmazonRoute53DomainsFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"elasticache:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIPDACSNQHSENWAKM2",
"PolicyName": "AmazonElastiCacheReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ModifyVpcEndpoint",
"ec2:RevokeSecurityGroupIngress",
"ec2:CreateVpcEndpoint",
"ec2:DescribeVpcEndpoints",
"ec2:DeleteVpcEndpoints",
"ec2:AssignPrivateIpAddresses",
"ec2:UnassignPrivateIpAddresses"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/rds/*",
"arn:aws:logs:*:*:log-group:/aws/docdb/*"
]
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*",
"arn:aws:logs:*:*:log-group:/aws/docdb/*:log-stream:*"
]
},
{
"Action": [
"kinesis:CreateStream",
"kinesis:PutRecord",
"kinesis:PutRecords",
"kinesis:DescribeStream",
"kinesis:SplitShard",
"kinesis:MergeShards",
"kinesis:DeleteStream",
"kinesis:UpdateShardCount"
],
"Effect": "Allow",
"Resource": [
"arn:aws:kinesis:*:*:stream/aws-rds-das-*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIPEU5ZOBJWKWHUIBA",
"PolicyName": "AmazonRDSServiceRolePolicy",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": [
"athena:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"glue:CreateDatabase",
"glue:DeleteDatabase",
"glue:GetDatabase",
"glue:GetDatabases",
"glue:UpdateDatabase",
"glue:CreateTable",
"glue:DeleteTable",
"glue:BatchDeleteTable",
"glue:UpdateTable",
"glue:GetTable",
"glue:GetTables",
"glue:BatchCreatePartition",
"glue:CreatePartition",
"glue:DeletePartition",
"glue:BatchDeletePartition",
"glue:UpdatePartition",
"glue:GetPartition",
"glue:GetPartitions",
"glue:BatchGetPartition"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload",
"s3:CreateBucket",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-athena-query-results-*"
]
},
{
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::athena-examples*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIPJMLMD4C7RYZ6XCK",
"PolicyName": "AmazonAthenaFullAccess",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"crowd:*"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "CrowdApiFullAccess"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "crowd.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIPM7C67S54NPAHQ4Q",
"PolicyName": "AmazonMechanicalTurkCrowdFullAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
"elasticfilesystem:Describe*",
"kms:ListAliases"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIPN5S4NE5JJOKVC4Y",
"PolicyName": "AmazonElasticFileSystemReadOnlyAccess",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"servicediscovery:DiscoverInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIPRD7PYYQVYPDME4K",
"PolicyName": "AWSCloudMapDiscoverInstanceAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*"
},
{
"Action": [
"acm:ListCertificates",
"cloudfront:*",
"iam:ListServerCertificates",
"waf:ListWebACLs",
"waf:GetWebACL"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIPRV52SH6HDCCFY6U",
"PolicyName": "CloudFrontFullAccess",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"connect:*",
"ds:CreateAlias",
"ds:AuthorizeApplication",
"ds:CreateIdentityPoolDirectory",
"ds:DeleteDirectory",
"ds:DescribeDirectories",
"ds:UnauthorizeApplication",
"firehose:DescribeDeliveryStream",
"firehose:ListDeliveryStreams",
"kinesis:DescribeStream",
"kinesis:ListStreams",
"kms:DescribeKey",
"kms:CreateGrant",
"kms:ListAliases",
"lex:GetBots",
"logs:CreateLogGroup",
"s3:CreateBucket",
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "connect.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:PutRolePolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIPZZCFFD55NYGBAJI",
"PolicyName": "AmazonConnectFullAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloud9:*",
"iam:GetUser",
"iam:ListUsers",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringLike": {
"iam:AWSServiceName": "cloud9.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIQ4KWP455WDTCBGWK",
"PolicyName": "AWSCloud9Administrator",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:RevokeSecurityGroupIngress",
"redshift:AuthorizeClusterSecurityGroupIngress",
"redshift:CreateClusterSecurityGroup",
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"redshift:ModifyCluster",
"redshift:RevokeClusterSecurityGroupIngress",
"s3:GetBucketLocation",
"s3:GetBucketPolicy",
"s3:GetObject",
"s3:PutBucketPolicy",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIQ5UDYYMNN42BM4AK",
"PolicyName": "AmazonMachineLearningRoleforRedshiftDataSource",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"elasticmapreduce:ListInstanceGroups",
"elasticmapreduce:ModifyInstanceGroups",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIQ6M5Z7LQY2YSG2JS",
"PolicyName": "AWSApplicationAutoscalingEMRInstanceGroupPolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"textract:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIQDD47A7H3GBVPWOQ",
"PolicyName": "AmazonTextractFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"iam:DeleteRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/organizations.amazonaws.com/*"
],
"Sid": "AllowDeletionOfServiceLinkedRoleForOrganizations"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowCreationOfServiceLinkedRoles"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIQH6ROMVVECFVRJPK",
"PolicyName": "AWSOrganizationsServiceTrustPolicy",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"rds:AddRoleToDBCluster",
"rds:AddSourceIdentifierToSubscription",
"rds:AddTagsToResource",
"rds:ApplyPendingMaintenanceAction",
"rds:CopyDBClusterParameterGroup",
"rds:CopyDBClusterSnapshot",
"rds:CopyDBParameterGroup",
"rds:CreateDBCluster",
"rds:CreateDBClusterParameterGroup",
"rds:CreateDBClusterSnapshot",
"rds:CreateDBInstance",
"rds:CreateDBParameterGroup",
"rds:CreateDBSubnetGroup",
"rds:CreateEventSubscription",
"rds:DeleteDBCluster",
"rds:DeleteDBClusterParameterGroup",
"rds:DeleteDBClusterSnapshot",
"rds:DeleteDBInstance",
"rds:DeleteDBParameterGroup",
"rds:DeleteDBSubnetGroup",
"rds:DeleteEventSubscription",
"rds:DescribeAccountAttributes",
"rds:DescribeCertificates",
"rds:DescribeDBClusterParameterGroups",
"rds:DescribeDBClusterParameters",
"rds:DescribeDBClusterSnapshotAttributes",
"rds:DescribeDBClusterSnapshots",
"rds:DescribeDBClusters",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeDBLogFiles",
"rds:DescribeDBParameterGroups",
"rds:DescribeDBParameters",
"rds:DescribeDBSecurityGroups",
"rds:DescribeDBSubnetGroups",
"rds:DescribeEngineDefaultClusterParameters",
"rds:DescribeEngineDefaultParameters",
"rds:DescribeEventCategories",
"rds:DescribeEventSubscriptions",
"rds:DescribeEvents",
"rds:DescribeOptionGroups",
"rds:DescribeOrderableDBInstanceOptions",
"rds:DescribePendingMaintenanceActions",
"rds:DescribeValidDBInstanceModifications",
"rds:DownloadDBLogFilePortion",
"rds:FailoverDBCluster",
"rds:ListTagsForResource",
"rds:ModifyDBCluster",
"rds:ModifyDBClusterParameterGroup",
"rds:ModifyDBClusterSnapshotAttribute",
"rds:ModifyDBInstance",
"rds:ModifyDBParameterGroup",
"rds:ModifyDBSubnetGroup",
"rds:ModifyEventSubscription",
"rds:PromoteReadReplicaDBCluster",
"rds:RebootDBInstance",
"rds:RemoveRoleFromDBCluster",
"rds:RemoveSourceIdentifierFromSubscription",
"rds:RemoveTagsFromResource",
"rds:ResetDBClusterParameterGroup",
"rds:ResetDBParameterGroup",
"rds:RestoreDBClusterFromSnapshot",
"rds:RestoreDBClusterToPointInTime"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
"kms:ListAliases",
"kms:ListKeyPolicies",
"kms:ListKeys",
"kms:ListRetirableGrants",
"logs:DescribeLogStreams",
"logs:GetLogEvents",
"sns:ListSubscriptions",
"sns:ListTopics",
"sns:Publish"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "rds.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIQKACUF6JJHALEG5K",
"PolicyName": "AmazonDocDBFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "mobileanalytics:GetReports",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIQLKQ4RXPUBBVVRDE",
"PolicyName": "AmazonMobileAnalyticsNon-financialReportAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"sns:AddPermission",
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:ListTopics",
"sns:SetTopicAttributes",
"sns:GetTopicAttributes"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:ListAllMyBuckets",
"s3:PutBucketPolicy",
"s3:ListBucket",
"s3:GetObject",
"s3:GetBucketLocation",
"s3:GetBucketPolicy"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "cloudtrail:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole",
"iam:ListRoles",
"iam:GetRolePolicy",
"iam:GetUser"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:ListKeys",
"kms:ListAliases"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"lambda:ListFunctions"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIQNUJTQYDRJPC3BNK",
"PolicyName": "AWSCloudTrailFullAccess",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": [
"cognito-identity:GetOpenIdTokenForDeveloperIdentity",
"cognito-identity:LookupDeveloperIdentity",
"cognito-identity:MergeDeveloperIdentities",
"cognito-identity:UnlinkDeveloperIdentity"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIQOKZ5BGKLCMTXH4W",
"PolicyName": "AmazonCognitoDeveloperAuthenticatedIdentities",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudtrail:DescribeTrails",
"ec2:Describe*",
"config:Put*",
"config:Get*",
"config:List*",
"config:Describe*",
"config:BatchGet*",
"cloudtrail:GetEventSelectors",
"cloudtrail:GetTrailStatus",
"cloudtrail:ListTags",
"s3:GetObject",
"iam:GetAccountAuthorizationDetails",
"iam:GetAccountPasswordPolicy",
"iam:GetAccountSummary",
"iam:GetGroup",
"iam:GetGroupPolicy",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:GetUser",
"iam:GetUserPolicy",
"iam:GenerateCredentialReport",
"iam:GetCredentialReport",
"iam:ListAttachedGroupPolicies",
"iam:ListAttachedRolePolicies",
"iam:ListAttachedUserPolicies",
"iam:ListEntitiesForPolicy",
"iam:ListGroupPolicies",
"iam:ListGroupsForUser",
"iam:ListInstanceProfilesForRole",
"iam:ListPolicyVersions",
"iam:ListRolePolicies",
"iam:ListUserPolicies",
"iam:ListVirtualMFADevices",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeTags",
"acm:DescribeCertificate",
"acm:ListCertificates",
"acm:ListTagsForCertificate",
"rds:DescribeDBInstances",
"rds:DescribeDBSecurityGroups",
"rds:DescribeDBSnapshotAttributes",
"rds:DescribeDBSnapshots",
"rds:DescribeDBSubnetGroups",
"rds:DescribeEventSubscriptions",
"rds:ListTagsForResource",
"rds:DescribeDBClusters",
"s3:GetAccelerateConfiguration",
"s3:GetBucketAcl",
"s3:GetBucketCORS",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketPolicy",
"s3:GetBucketRequestPayment",
"s3:GetBucketTagging",
"s3:GetBucketVersioning",
"s3:GetBucketWebsite",
"s3:GetLifecycleConfiguration",
"s3:GetReplicationConfiguration",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:GetEncryptionConfiguration",
"s3:GetBucketPublicAccessBlock",
"redshift:DescribeClusterParameterGroups",
"redshift:DescribeClusterParameters",
"redshift:DescribeClusterSecurityGroups",
"redshift:DescribeClusterSnapshots",
"redshift:DescribeClusterSubnetGroups",
"redshift:DescribeClusters",
"redshift:DescribeEventSubscriptions",
"redshift:DescribeLoggingStatus",
"dynamodb:DescribeLimits",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"cloudwatch:DescribeAlarms",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingPolicies",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeLifecycleHooks",
"autoscaling:DescribePolicies",
"autoscaling:DescribeScheduledActions",
"autoscaling:DescribeTags",
"lambda:GetFunction",
"lambda:GetPolicy",
"lambda:ListFunctions",
"lambda:GetAlias",
"lambda:ListAliases",
"waf-regional:GetWebACLForResource",
"waf-regional:GetWebACL",
"cloudfront:ListTagsForResource",
"guardduty:ListDetectors",
"guardduty:GetMasterAccount",
"guardduty:GetDetector",
"codepipeline:ListPipelines",
"codepipeline:GetPipeline",
"codepipeline:GetPipelineState",
"kms:ListKeys",
"kms:GetKeyRotationStatus",
"kms:DescribeKey",
"ssm:DescribeDocument",
"ssm:GetDocument",
"ssm:DescribeAutomationExecutions",
"ssm:GetAutomationExecution"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIQRXRDRGJUA33ELIO",
"PolicyName": "AWSConfigRole",
"VersionId": "v22"
},
{
"Document": {
"Statement": [
{
"Action": [
"ds:DescribeDirectories",
"ds:AuthorizeApplication",
"ds:UnauthorizeApplication",
"ds:DescribeTrusts",
"iam:ListPolicies",
"organizations:EnableAWSServiceAccess",
"organizations:DescribeOrganization",
"organizations:DescribeAccount",
"organizations:ListRoots",
"organizations:ListAccounts",
"organizations:ListAccountsForParent",
"organizations:ListParents",
"organizations:ListChildren",
"organizations:ListOrganizationalUnitsForParent",
"sso:*",
"sso-directory:DescribeDirectory",
"ds:CreateAlias"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AWSSSOMemberAccountAdministrator"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIQYHEY7KJWXZFNDPY",
"PolicyName": "AWSSSOMemberAccountAdministrator",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"appstream:UpdateFleet",
"appstream:DescribeFleets",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIRI724OWKP56ZG62M",
"PolicyName": "AWSApplicationAutoscalingAppStreamFleetPolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"acm-pca:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIRTQUC55CREAWFLBG",
"PolicyName": "AWSCertificateManagerPrivateCAFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"glue:*",
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListAllMyBuckets",
"s3:GetBucketAcl",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeRouteTables",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"iam:ListRolePolicies",
"iam:GetRole",
"iam:GetRolePolicy",
"cloudwatch:PutMetricData"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:CreateBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-glue-*"
]
},
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-glue-*/*",
"arn:aws:s3:::*/*aws-glue-*/*"
]
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::crawler-public*",
"arn:aws:s3:::aws-glue-*"
]
},
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:/aws-glue/*"
]
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"aws-glue-service-resource"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:instance/*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIRUJCPEBPMEZFAS32",
"PolicyName": "AWSGlueServiceRole",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeAvailabilityZones",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface",
"ec2:DescribeSubnets",
"ec2:AssociateAddress",
"ec2:DisassociateAddress",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:CreateBucket",
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:GetObjectVersion",
"s3:DeleteObjectVersion",
"s3:PutBucketPolicy",
"s3:PutEncryptionConfiguration"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::appstream2-36fb080bb8-*",
"arn:aws:s3:::appstream-app-settings-*",
"arn:aws:s3:::appstream-logs-*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAISBRZ7LMMCBYEF3SE",
"PolicyName": "AmazonAppStreamServiceAccess",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": [
"redshift:*",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeInternetGateways",
"sns:CreateTopic",
"sns:Get*",
"sns:List*",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"cloudwatch:PutMetricAlarm",
"cloudwatch:EnableAlarmActions",
"cloudwatch:DisableAlarmActions"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "redshift.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/redshift.amazonaws.com/AWSServiceRoleForRedshift"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAISEKCHH4YDB46B5ZO",
"PolicyName": "AmazonRedshiftFullAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:CreateLogGroup",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAISIP5WGJX7VKXRQZO",
"PolicyName": "AWSTransferLoggingAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"zocalo:Describe*",
"ds:DescribeDirectories",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAISRCSSJNS3QPKZJPM",
"PolicyName": "AmazonZocaloReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudhsm:Get*",
"cloudhsm:List*",
"cloudhsm:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAISVCBSY7YDBOT67KE",
"PolicyName": "AWSCloudHSMReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"comprehend:*",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:GetBucketLocation",
"iam:ListRoles",
"iam:GetRole"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAITBM2PMWNG2P7RZEQ",
"PolicyName": "ComprehendFullAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"ds:DescribeDirectories",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"fsx:*",
"kms:ListAliases",
"s3:HeadBucket"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": [
"fsx.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": [
"s3.data-source.lustre.fsx.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAITDDJ23Y5UZ2WCZRQ",
"PolicyName": "AmazonFSxConsoleFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"acm:Describe*",
"acm:Get*",
"acm:List*",
"acm:Request*",
"acm:Resend*",
"autoscaling:*",
"cloudtrail:DescribeTrails",
"cloudtrail:GetTrailStatus",
"cloudtrail:ListPublicKeys",
"cloudtrail:ListTags",
"cloudtrail:LookupEvents",
"cloudtrail:StartLogging",
"cloudtrail:StopLogging",
"cloudwatch:*",
"codecommit:BatchGetRepositories",
"codecommit:CreateBranch",
"codecommit:CreateRepository",
"codecommit:Get*",
"codecommit:GitPull",
"codecommit:GitPush",
"codecommit:List*",
"codecommit:Put*",
"codecommit:Test*",
"codecommit:Update*",
"codedeploy:*",
"codepipeline:*",
"config:*",
"ds:*",
"ec2:Allocate*",
"ec2:AssignPrivateIpAddresses*",
"ec2:Associate*",
"ec2:Allocate*",
"ec2:AttachInternetGateway",
"ec2:AttachNetworkInterface",
"ec2:AttachVpnGateway",
"ec2:Bundle*",
"ec2:Cancel*",
"ec2:Copy*",
"ec2:CreateCustomerGateway",
"ec2:CreateDhcpOptions",
"ec2:CreateFlowLogs",
"ec2:CreateImage",
"ec2:CreateInstanceExportTask",
"ec2:CreateInternetGateway",
"ec2:CreateKeyPair",
"ec2:CreateNatGateway",
"ec2:CreateNetworkInterface",
"ec2:CreatePlacementGroup",
"ec2:CreateReservedInstancesListing",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSecurityGroup",
"ec2:CreateSnapshot",
"ec2:CreateSpotDatafeedSubscription",
"ec2:CreateSubnet",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:CreateVpc",
"ec2:CreateVpcEndpoint",
"ec2:CreateVpnConnection",
"ec2:CreateVpnConnectionRoute",
"ec2:CreateVpnGateway",
"ec2:DeleteFlowLogs",
"ec2:DeleteKeyPair",
"ec2:DeleteNatGateway",
"ec2:DeleteNetworkInterface",
"ec2:DeletePlacementGroup",
"ec2:DeleteSnapshot",
"ec2:DeleteSpotDatafeedSubscription",
"ec2:DeleteSubnet",
"ec2:DeleteTags",
"ec2:DeleteVpc",
"ec2:DeleteVpcEndpoints",
"ec2:DeleteVpnConnection",
"ec2:DeleteVpnConnectionRoute",
"ec2:DeleteVpnGateway",
"ec2:DeregisterImage",
"ec2:Describe*",
"ec2:DetachInternetGateway",
"ec2:DetachNetworkInterface",
"ec2:DetachVpnGateway",
"ec2:DisableVgwRoutePropagation",
"ec2:DisableVpcClassicLinkDnsSupport",
"ec2:DisassociateAddress",
"ec2:DisassociateRouteTable",
"ec2:EnableVgwRoutePropagation",
"ec2:EnableVolumeIO",
"ec2:EnableVpcClassicLinkDnsSupport",
"ec2:GetConsoleOutput",
"ec2:GetHostReservationPurchasePreview",
"ec2:GetPasswordData",
"ec2:Import*",
"ec2:Modify*",
"ec2:MonitorInstances",
"ec2:MoveAddressToVpc",
"ec2:Purchase*",
"ec2:RegisterImage",
"ec2:Release*",
"ec2:Replace*",
"ec2:ReportInstanceStatus",
"ec2:Request*",
"ec2:Reset*",
"ec2:RestoreAddressToClassic",
"ec2:RunScheduledInstances",
"ec2:UnassignPrivateIpAddresses",
"ec2:UnmonitorInstances",
"ec2:UpdateSecurityGroupRuleDescriptionsEgress",
"ec2:UpdateSecurityGroupRuleDescriptionsIngress",
"elasticloadbalancing:*",
"events:*",
"iam:GetAccount*",
"iam:GetContextKeys*",
"iam:GetCredentialReport",
"iam:ListAccountAliases",
"iam:ListGroups",
"iam:ListOpenIDConnectProviders",
"iam:ListPolicies",
"iam:ListPoliciesGrantingServiceAccess",
"iam:ListRoles",
"iam:ListSAMLProviders",
"iam:ListServerCertificates",
"iam:Simulate*",
"iam:UpdateServerCertificate",
"iam:UpdateSigningCertificate",
"kinesis:ListStreams",
"kinesis:PutRecord",
"kms:CreateAlias",
"kms:CreateKey",
"kms:DeleteAlias",
"kms:Describe*",
"kms:GenerateRandom",
"kms:Get*",
"kms:List*",
"kms:Encrypt",
"kms:ReEncrypt*",
"lambda:Create*",
"lambda:Delete*",
"lambda:Get*",
"lambda:InvokeFunction",
"lambda:List*",
"lambda:PublishVersion",
"lambda:Update*",
"logs:*",
"rds:Describe*",
"rds:ListTagsForResource",
"route53:*",
"route53domains:*",
"ses:*",
"sns:*",
"sqs:*",
"trustedadvisor:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AcceptVpcPeeringConnection",
"ec2:AttachClassicLinkVpc",
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateVpcPeeringConnection",
"ec2:DeleteCustomerGateway",
"ec2:DeleteDhcpOptions",
"ec2:DeleteInternetGateway",
"ec2:DeleteNetworkAcl*",
"ec2:DeleteRoute",
"ec2:DeleteRouteTable",
"ec2:DeleteSecurityGroup",
"ec2:DeleteVolume",
"ec2:DeleteVpcPeeringConnection",
"ec2:DetachClassicLinkVpc",
"ec2:DetachVolume",
"ec2:DisableVpcClassicLink",
"ec2:EnableVpcClassicLink",
"ec2:GetConsoleScreenshot",
"ec2:RebootInstances",
"ec2:RejectVpcPeeringConnection",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "s3:*",
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:GetAccessKeyLastUsed",
"iam:GetGroup*",
"iam:GetInstanceProfile",
"iam:GetLoginProfile",
"iam:GetOpenIDConnectProvider",
"iam:GetPolicy*",
"iam:GetRole*",
"iam:GetSAMLProvider",
"iam:GetSSHPublicKey",
"iam:GetServerCertificate",
"iam:GetServiceLastAccessed*",
"iam:GetUser*",
"iam:ListAccessKeys",
"iam:ListAttached*",
"iam:ListEntitiesForPolicy",
"iam:ListGroupPolicies",
"iam:ListGroupsForUser",
"iam:ListInstanceProfiles*",
"iam:ListMFADevices",
"iam:ListPolicyVersions",
"iam:ListRolePolicies",
"iam:ListSSHPublicKeys",
"iam:ListSigningCertificates",
"iam:ListUserPolicies",
"iam:Upload*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:GetRole",
"iam:ListRoles",
"iam:PassRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/rds-monitoring-role",
"arn:aws:iam::*:role/ec2-sysadmin-*",
"arn:aws:iam::*:role/ecr-sysadmin-*",
"arn:aws:iam::*:role/lamdba-sysadmin-*",
"arn:aws:iam::*:role/lambda-sysadmin-*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAITJPEZXCYCBXANDSW",
"PolicyName": "SystemAdministrator",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"ecs:RunTask"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": "ecs-tasks.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAITKFNIUAG27VSYNZ4",
"PolicyName": "AmazonEC2ContainerServiceEventsRole",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"route53:Get*",
"route53:List*",
"route53:TestDNSAnswer"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAITOYK2ZAOQFXV2JNC",
"PolicyName": "AmazonRoute53ReadOnlyAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"discovery:ListConfigurations",
"discovery:DescribeConfigurations"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAITRMRLSV7JAL6YIGG",
"PolicyName": "AWSMigrationHubDiscoveryAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "ec2-reports:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIU6NBZVF2PCRW36ZW",
"PolicyName": "AmazonEC2ReportsAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ecs:DescribeServices",
"ecs:UpdateService"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"cloudwatch:DescribeAlarms",
"cloudwatch:PutMetricAlarm"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIUAP3EGGGXXCPDQKK",
"PolicyName": "AmazonEC2ContainerServiceAutoscaleRole",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"appsync:GraphQL",
"appsync:CreateResolver",
"appsync:CreateType",
"appsync:DeleteResolver",
"appsync:DeleteType",
"appsync:GetResolver",
"appsync:GetType",
"appsync:GetDataSource",
"appsync:GetSchemaCreationStatus",
"appsync:GetIntrospectionSchema",
"appsync:GetGraphqlApi",
"appsync:ListTypes",
"appsync:ListApiKeys",
"appsync:ListResolvers",
"appsync:ListDataSources",
"appsync:ListGraphqlApis",
"appsync:StartSchemaCreation",
"appsync:UpdateResolver",
"appsync:UpdateType"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIUCF5WVTOFQXFKY5E",
"PolicyName": "AWSAppSyncSchemaAuthor",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"a4b:RegisterDevice",
"a4b:CompleteRegistration",
"a4b:SearchDevices"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIUEFZFUTDTY4HGFU2",
"PolicyName": "AlexaForBusinessDeviceSetup",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeKeyPairs",
"ec2:DescribeImages",
"ec2:DescribeImageAttribute",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeSpotFleetInstances",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeSpotPriceHistory",
"ec2:DescribeVpcClassicLink",
"ec2:DescribeLaunchTemplateVersions",
"ec2:CreateLaunchTemplate",
"ec2:DeleteLaunchTemplate",
"ec2:RequestSpotFleet",
"ec2:CancelSpotFleetRequests",
"ec2:ModifySpotFleetRequest",
"ec2:TerminateInstances",
"ec2:RunInstances",
"autoscaling:DescribeAccountLimits",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:CreateLaunchConfiguration",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:SetDesiredCapacity",
"autoscaling:DeleteLaunchConfiguration",
"autoscaling:DeleteAutoScalingGroup",
"autoscaling:CreateOrUpdateTags",
"autoscaling:SuspendProcesses",
"autoscaling:PutNotificationConfiguration",
"autoscaling:TerminateInstanceInAutoScalingGroup",
"ecs:DescribeClusters",
"ecs:DescribeContainerInstances",
"ecs:DescribeTaskDefinition",
"ecs:DescribeTasks",
"ecs:ListClusters",
"ecs:ListContainerInstances",
"ecs:ListTaskDefinitionFamilies",
"ecs:ListTaskDefinitions",
"ecs:ListTasks",
"ecs:CreateCluster",
"ecs:DeleteCluster",
"ecs:RegisterTaskDefinition",
"ecs:DeregisterTaskDefinition",
"ecs:RunTask",
"ecs:StartTask",
"ecs:StopTask",
"ecs:UpdateContainerAgent",
"ecs:DeregisterContainerInstance",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogGroups",
"iam:GetInstanceProfile",
"iam:GetRole"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"ec2.amazonaws.com",
"ecs-tasks.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"spot.amazonaws.com",
"spotfleet.amazonaws.com",
"autoscaling.amazonaws.com",
"ecs.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateTags"
],
"Condition": {
"StringEquals": {
"ec2:CreateAction": "RunInstances"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIUETIXPCKASQJURFE",
"PolicyName": "AWSBatchServiceRole",
"VersionId": "v9"
},
{
"Document": {
"Statement": [
{
"Action": [
"s3:Get*",
"s3:List*",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::elasticbeanstalk-*",
"arn:aws:s3:::elasticbeanstalk-*/*"
],
"Sid": "BucketAccess"
},
{
"Action": [
"xray:PutTraceSegments",
"xray:PutTelemetryRecords"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "XRayAccess"
},
{
"Action": [
"logs:PutLogEvents",
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:DescribeLogGroups"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*"
],
"Sid": "CloudWatchLogsAccess"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIUF4325SJYOREKW3A",
"PolicyName": "AWSElasticBeanstalkWebTier",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": [
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
"sqs:ListDeadLetterSourceQueues",
"sqs:ListQueues"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIUGSSQY362XGCM6KW",
"PolicyName": "AmazonSQSReadOnlyAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"chime:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIUJFSAKUERNORYRWO",
"PolicyName": "AmazonChimeFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeAddresses",
"ec2:DescribeInstances",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcs",
"ec2:DescribeInternetGateways",
"ec2:DescribeAccountAttributes",
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeVpcClassicLink",
"ec2:CreateSecurityGroup",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:ModifyNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:AssociateAddress",
"ec2:DisassociateAddress",
"ec2:AttachNetworkInterface",
"ec2:DetachNetworkInterface",
"ec2:AssignPrivateIpAddresses",
"ec2:AssignIpv6Addresses",
"ec2:UnassignIpv6Addresses"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIUMWW3QP7DPZPNVU4",
"PolicyName": "AWSElasticLoadBalancingClassicServiceRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"mgh:CreateProgressUpdateStream"
],
"Effect": "Allow",
"Resource": "arn:aws:mgh:*:*:progressUpdateStream/DMS"
},
{
"Action": [
"mgh:AssociateCreatedArtifact",
"mgh:DescribeMigrationTask",
"mgh:DisassociateCreatedArtifact",
"mgh:ImportMigrationTask",
"mgh:ListCreatedArtifacts",
"mgh:NotifyMigrationTaskState",
"mgh:PutResourceAttributes",
"mgh:NotifyApplicationState",
"mgh:DescribeApplicationState",
"mgh:AssociateDiscoveredResource",
"mgh:DisassociateDiscoveredResource",
"mgh:ListDiscoveredResources"
],
"Effect": "Allow",
"Resource": "arn:aws:mgh:*:*:progressUpdateStream/DMS/*"
},
{
"Action": [
"mgh:ListMigrationTasks"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIUQB56VA4JHLN7G2W",
"PolicyName": "AWSMigrationHubDMSAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"wellarchitected:Get*",
"wellarchitected:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIUTK35NDTYF6T2GFY",
"PolicyName": "WellArchitectedConsoleReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "kinesis:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIVF32HAMOXCUYRAYE",
"PolicyName": "AmazonKinesisFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"guardduty:Get*",
"guardduty:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIVMCEDV336RWUSNHG",
"PolicyName": "AmazonGuardDutyReadOnlyAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:PutMetricData",
"ds:AuthorizeApplication",
"ds:UnauthorizeApplication",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"route53:AssociateVPCWithHostedZone"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIVQ24YKVRBV5IYQ5G",
"PolicyName": "AmazonFSxServiceRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:AttachNetworkInterface",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:Describe*",
"ec2:DetachNetworkInterface",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:Describe*",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:RegisterTargets",
"route53:ChangeResourceRecordSets",
"route53:CreateHealthCheck",
"route53:DeleteHealthCheck",
"route53:Get*",
"route53:List*",
"route53:UpdateHealthCheck",
"servicediscovery:DeregisterInstance",
"servicediscovery:Get*",
"servicediscovery:List*",
"servicediscovery:RegisterInstance",
"servicediscovery:UpdateInstanceCustomHealthStatus"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ECSTaskManagement"
},
{
"Action": [
"ec2:CreateTags"
],
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:network-interface/*",
"Sid": "ECSTagging"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIVUWKCAI7URU4WUEI",
"PolicyName": "AmazonECSServiceRolePolicy",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": [
"connect:Get*",
"connect:Describe*",
"connect:List*",
"ds:DescribeDirectories"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "connect:GetFederationTokens",
"Effect": "Deny",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIVZMH7VU6YYKRY6ZU",
"PolicyName": "AmazonConnectReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"machinelearning:Describe*",
"machinelearning:Get*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIW5VYBCGEX56JCINC",
"PolicyName": "AmazonMachineLearningReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"rekognition:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIWDAOK6AIFDVX6TT6",
"PolicyName": "AmazonRekognitionFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudhsm:CreateLunaClient",
"cloudhsm:GetClientConfiguration",
"cloudhsm:DeleteLunaClient",
"cloudhsm:DescribeLunaClient",
"cloudhsm:ModifyLunaClient",
"cloudhsm:DescribeHapg",
"cloudhsm:ModifyHapg",
"cloudhsm:GetConfig"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIWKFXRLQG2ROKKXLE",
"PolicyName": "RDSCloudHsmAuthorizationRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"machinelearning:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIWKW6AGSGYOQ5ERHC",
"PolicyName": "AmazonMachineLearningFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIWMBCKSKIEE64ZLYK",
"PolicyName": "AdministratorAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"machinelearning:Predict"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIWMCNQPRWMWT36GVQ",
"PolicyName": "AmazonMachineLearningRealTimePredictionOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIWN7WNO34HLMJPUQS",
"PolicyName": "AWSAppSyncPushToCloudWatchLogs",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"mgh:CreateProgressUpdateStream"
],
"Effect": "Allow",
"Resource": "arn:aws:mgh:*:*:progressUpdateStream/SMS"
},
{
"Action": [
"mgh:AssociateCreatedArtifact",
"mgh:DescribeMigrationTask",
"mgh:DisassociateCreatedArtifact",
"mgh:ImportMigrationTask",
"mgh:ListCreatedArtifacts",
"mgh:NotifyMigrationTaskState",
"mgh:PutResourceAttributes",
"mgh:NotifyApplicationState",
"mgh:DescribeApplicationState",
"mgh:AssociateDiscoveredResource",
"mgh:DisassociateDiscoveredResource",
"mgh:ListDiscoveredResources"
],
"Effect": "Allow",
"Resource": "arn:aws:mgh:*:*:progressUpdateStream/SMS/*"
},
{
"Action": [
"mgh:ListMigrationTasks"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIWQYYT6TSVIRJO4TY",
"PolicyName": "AWSMigrationHubSMSAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterfacePermission",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeSecurityGroups",
"greengrass:CreateDeployment",
"greengrass:CreateGroupVersion",
"greengrass:CreateFunctionDefinition",
"greengrass:CreateFunctionDefinitionVersion",
"greengrass:GetDeploymentStatus",
"greengrass:GetGroup",
"greengrass:GetGroupVersion",
"greengrass:GetCoreDefinitionVersion",
"greengrass:GetFunctionDefinitionVersion",
"greengrass:GetAssociatedRole",
"lambda:CreateFunction"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"lambda:UpdateFunctionCode",
"lambda:GetFunction",
"lambda:UpdateFunctionConfiguration"
],
"Effect": "Allow",
"Resource": "arn:aws:lambda:*:*:function:aws-robomaker-*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEqualsIfExists": {
"iam:PassedToService": "lambda.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIWR2IIOQ7JJGVQOPW",
"PolicyName": "AWSB9InternalServicePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"config:Get*",
"config:Describe*",
"config:Deliver*",
"config:List*",
"tag:GetResources",
"tag:GetTagKeys",
"cloudtrail:DescribeTrails",
"cloudtrail:GetTrailStatus",
"cloudtrail:LookupEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIWTTSFJ7KKJE3MWGA",
"PolicyName": "AWSConfigUserAccess",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"iot:AcceptCertificateTransfer",
"iot:AddThingToThingGroup",
"iot:AssociateTargetsWithJob",
"iot:AttachPolicy",
"iot:AttachPrincipalPolicy",
"iot:AttachThingPrincipal",
"iot:CancelCertificateTransfer",
"iot:CancelJob",
"iot:CancelJobExecution",
"iot:ClearDefaultAuthorizer",
"iot:CreateAuthorizer",
"iot:CreateCertificateFromCsr",
"iot:CreateJob",
"iot:CreateKeysAndCertificate",
"iot:CreateOTAUpdate",
"iot:CreatePolicy",
"iot:CreatePolicyVersion",
"iot:CreateRoleAlias",
"iot:CreateStream",
"iot:CreateThing",
"iot:CreateThingGroup",
"iot:CreateThingType",
"iot:CreateTopicRule",
"iot:DeleteAuthorizer",
"iot:DeleteCACertificate",
"iot:DeleteCertificate",
"iot:DeleteJob",
"iot:DeleteJobExecution",
"iot:DeleteOTAUpdate",
"iot:DeletePolicy",
"iot:DeletePolicyVersion",
"iot:DeleteRegistrationCode",
"iot:DeleteRoleAlias",
"iot:DeleteStream",
"iot:DeleteThing",
"iot:DeleteThingGroup",
"iot:DeleteThingType",
"iot:DeleteTopicRule",
"iot:DeleteV2LoggingLevel",
"iot:DeprecateThingType",
"iot:DescribeAuthorizer",
"iot:DescribeCACertificate",
"iot:DescribeCertificate",
"iot:DescribeCertificateTag",
"iot:DescribeDefaultAuthorizer",
"iot:DescribeEndpoint",
"iot:DescribeEventConfigurations",
"iot:DescribeIndex",
"iot:DescribeJob",
"iot:DescribeJobExecution",
"iot:DescribeRoleAlias",
"iot:DescribeStream",
"iot:DescribeThing",
"iot:DescribeThingGroup",
"iot:DescribeThingRegistrationTask",
"iot:DescribeThingType",
"iot:DetachPolicy",
"iot:DetachPrincipalPolicy",
"iot:DetachThingPrincipal",
"iot:DisableTopicRule",
"iot:EnableTopicRule",
"iot:GetEffectivePolicies",
"iot:GetIndexingConfiguration",
"iot:GetJobDocument",
"iot:GetLoggingOptions",
"iot:GetOTAUpdate",
"iot:GetPolicy",
"iot:GetPolicyVersion",
"iot:GetRegistrationCode",
"iot:GetTopicRule",
"iot:GetV2LoggingOptions",
"iot:ListAttachedPolicies",
"iot:ListAuthorizers",
"iot:ListCACertificates",
"iot:ListCertificates",
"iot:ListCertificatesByCA",
"iot:ListIndices",
"iot:ListJobExecutionsForJob",
"iot:ListJobExecutionsForThing",
"iot:ListJobs",
"iot:ListOTAUpdates",
"iot:ListOutgoingCertificates",
"iot:ListPolicies",
"iot:ListPolicyPrincipals",
"iot:ListPolicyVersions",
"iot:ListPrincipalPolicies",
"iot:ListPrincipalThings",
"iot:ListRoleAliases",
"iot:ListStreams",
"iot:ListTargetsForPolicy",
"iot:ListThingGroups",
"iot:ListThingGroupsForThing",
"iot:ListThingPrincipals",
"iot:ListThingRegistrationTaskReports",
"iot:ListThingRegistrationTasks",
"iot:ListThings",
"iot:ListThingsInThingGroup",
"iot:ListThingTypes",
"iot:ListTopicRules",
"iot:ListV2LoggingLevels",
"iot:RegisterCACertificate",
"iot:RegisterCertificate",
"iot:RegisterThing",
"iot:RejectCertificateTransfer",
"iot:RemoveThingFromThingGroup",
"iot:ReplaceTopicRule",
"iot:SearchIndex",
"iot:SetDefaultAuthorizer",
"iot:SetDefaultPolicyVersion",
"iot:SetLoggingOptions",
"iot:SetV2LoggingLevel",
"iot:SetV2LoggingOptions",
"iot:StartThingRegistrationTask",
"iot:StopThingRegistrationTask",
"iot:TestAuthorization",
"iot:TestInvokeAuthorizer",
"iot:TransferCertificate",
"iot:UpdateAuthorizer",
"iot:UpdateCACertificate",
"iot:UpdateCertificate",
"iot:UpdateCertificateTag",
"iot:UpdateEventConfigurations",
"iot:UpdateIndexingConfiguration",
"iot:UpdateRoleAlias",
"iot:UpdateStream",
"iot:UpdateThing",
"iot:UpdateThingGroup",
"iot:UpdateThingGroupsForThing",
"iot:UpdateAccountAuditConfiguration",
"iot:DescribeAccountAuditConfiguration",
"iot:DeleteAccountAuditConfiguration",
"iot:StartOnDemandAuditTask",
"iot:CancelAuditTask",
"iot:DescribeAuditTask",
"iot:ListAuditTasks",
"iot:CreateScheduledAudit",
"iot:UpdateScheduledAudit",
"iot:DeleteScheduledAudit",
"iot:DescribeScheduledAudit",
"iot:ListScheduledAudits",
"iot:ListAuditFindings",
"iot:CreateSecurityProfile",
"iot:DescribeSecurityProfile",
"iot:UpdateSecurityProfile",
"iot:DeleteSecurityProfile",
"iot:AttachSecurityProfile",
"iot:DetachSecurityProfile",
"iot:ListSecurityProfiles",
"iot:ListSecurityProfilesForTarget",
"iot:ListTargetsForSecurityProfile",
"iot:ListActiveViolations",
"iot:ListViolationEvents",
"iot:ValidateSecurityProfileBehaviors"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIWWGD4LM4EMXNRL7I",
"PolicyName": "AWSIoTConfigAccess",
"VersionId": "v8"
},
{
"Document": {
"Statement": [
{
"Action": [
"acm:Describe*",
"acm:List*",
"application-autoscaling:Describe*",
"appmesh:Describe*",
"appmesh:List*",
"appsync:List*",
"athena:List*",
"autoscaling:Describe*",
"batch:DescribeComputeEnvironments",
"batch:DescribeJobDefinitions",
"chime:List*",
"cloud9:Describe*",
"cloud9:ListEnvironments",
"clouddirectory:ListDirectories",
"cloudformation:DescribeStack*",
"cloudformation:GetTemplate",
"cloudformation:ListStack*",
"cloudformation:GetStackPolicy",
"cloudfront:Get*",
"cloudfront:List*",
"cloudhsm:ListHapgs",
"cloudhsm:ListHsms",
"cloudhsm:ListLunaClients",
"cloudsearch:DescribeDomains",
"cloudsearch:DescribeServiceAccessPolicies",
"cloudtrail:DescribeTrails",
"cloudtrail:GetEventSelectors",
"cloudtrail:GetTrailStatus",
"cloudtrail:ListTags",
"cloudtrail:LookupEvents",
"cloudwatch:Describe*",
"codebuild:ListProjects",
"codecommit:BatchGetRepositories",
"codecommit:GetBranch",
"codecommit:GetObjectIdentifier",
"codecommit:GetRepository",
"codecommit:List*",
"codedeploy:Batch*",
"codedeploy:Get*",
"codedeploy:List*",
"codepipeline:ListPipelines",
"codestar:Describe*",
"codestar:List*",
"cognito-identity:ListIdentityPools",
"cognito-idp:ListUserPools",
"cognito-sync:Describe*",
"cognito-sync:List*",
"comprehend:Describe*",
"comprehend:List*",
"config:Deliver*",
"config:Describe*",
"config:Get*",
"datapipeline:DescribeObjects",
"datapipeline:DescribePipelines",
"datapipeline:EvaluateExpression",
"datapipeline:GetPipelineDefinition",
"datapipeline:ListPipelines",
"datapipeline:QueryObjects",
"datapipeline:ValidatePipelineDefinition",
"datasync:Describe*",
"datasync:List*",
"dax:Describe*",
"dax:ListTags",
"directconnect:Describe*",
"dms:Describe*",
"dms:ListTagsForResource",
"ds:DescribeDirectories",
"dynamodb:DescribeContinuousBackups",
"dynamodb:DescribeGlobalTable",
"dynamodb:DescribeTable",
"dynamodb:DescribeTimeToLive",
"dynamodb:ListBackups",
"dynamodb:ListGlobalTables",
"dynamodb:ListStreams",
"dynamodb:ListTables",
"ec2:Describe*",
"ecr:DescribeRepositories",
"ecr:GetRepositoryPolicy",
"ecs:Describe*",
"ecs:List*",
"eks:DescribeCluster",
"eks:ListClusters",
"elasticache:Describe*",
"elasticbeanstalk:Describe*",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:Describe*",
"elasticmapreduce:Describe*",
"elasticmapreduce:ListClusters",
"elasticmapreduce:ListInstances",
"es:Describe*",
"es:ListDomainNames",
"events:DescribeEventBus",
"events:ListRules",
"firehose:Describe*",
"firehose:List*",
"fsx:Describe*",
"fsx:List*",
"gamelift:ListBuilds",
"gamelift:ListFleets",
"glacier:DescribeVault",
"glacier:GetVaultAccessPolicy",
"glacier:ListVaults",
"globalaccelerator:Describe*",
"globalaccelerator:List*",
"greengrass:List*",
"guardduty:Get*",
"guardduty:List*",
"iam:GenerateCredentialReport",
"iam:Get*",
"iam:List*",
"iam:SimulateCustomPolicy",
"iam:SimulatePrincipalPolicy",
"iot:Describe*",
"iot:List*",
"kinesis:DescribeStream",
"kinesis:ListStreams",
"kinesis:ListTagsForStream",
"kinesisanalytics:ListApplications",
"kms:Describe*",
"kms:Get*",
"kms:List*",
"lambda:GetAccountSettings",
"lambda:GetPolicy",
"lambda:List*",
"license-manager:List*",
"logs:Describe*",
"logs:ListTagsLogGroup",
"machinelearning:DescribeMLModels",
"mediaconnect:Describe*",
"mediaconnect:List*",
"mediastore:GetContainerPolicy",
"mediastore:ListContainers",
"opsworks-cm:DescribeServers",
"organizations:List*",
"organizations:Describe*",
"quicksight:Describe*",
"quicksight:List*",
"ram:List*",
"rds:Describe*",
"rds:DownloadDBLogFilePortion",
"rds:ListTagsForResource",
"redshift:Describe*",
"rekognition:Describe*",
"rekognition:List*",
"robomaker:Describe*",
"robomaker:List*",
"route53:Get*",
"route53:List*",
"route53domains:GetDomainDetail",
"route53domains:GetOperationDetail",
"route53domains:ListDomains",
"route53domains:ListOperations",
"route53domains:ListTagsForDomain",
"route53resolver:List*",
"s3:GetAccelerateConfiguration",
"s3:GetAnalyticsConfiguration",
"s3:GetBucket*",
"s3:GetEncryptionConfiguration",
"s3:GetInventoryConfiguration",
"s3:GetLifecycleConfiguration",
"s3:GetMetricsConfiguration",
"s3:GetObjectAcl",
"s3:GetObjectVersionAcl",
"s3:GetPublicAccessBlock",
"s3:GetReplicationConfiguration",
"s3:ListAllMyBuckets",
"sagemaker:Describe*",
"sagemaker:List*",
"sdb:DomainMetadata",
"sdb:ListDomains",
"securityhub:Get*",
"securityhub:List*",
"serverlessrepo:GetApplicationPolicy",
"serverlessrepo:List*",
"ses:GetIdentityDkimAttributes",
"ses:GetIdentityVerificationAttributes",
"ses:ListIdentities",
"ses:ListVerifiedEmailAddresses",
"shield:Describe*",
"shield:List*",
"snowball:ListClusters",
"snowball:ListJobs",
"sns:GetTopicAttributes",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"sqs:GetQueueAttributes",
"sqs:ListQueues",
"ssm:Describe*",
"ssm:ListDocuments",
"states:ListStateMachines",
"storagegateway:DescribeBandwidthRateLimit",
"storagegateway:DescribeCache",
"storagegateway:DescribeCachediSCSIVolumes",
"storagegateway:DescribeGatewayInformation",
"storagegateway:DescribeMaintenanceStartTime",
"storagegateway:DescribeNFSFileShares",
"storagegateway:DescribeSnapshotSchedule",
"storagegateway:DescribeStorediSCSIVolumes",
"storagegateway:DescribeTapeArchives",
"storagegateway:DescribeTapeRecoveryPoints",
"storagegateway:DescribeTapes",
"storagegateway:DescribeUploadBuffer",
"storagegateway:DescribeVTLDevices",
"storagegateway:DescribeWorkingStorage",
"storagegateway:List*",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:Describe*",
"transfer:List*",
"translate:List*",
"trustedadvisor:Describe*",
"waf:ListWebACLs",
"waf-regional:ListWebACLs",
"workspaces:Describe*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"apigateway:HEAD",
"apigateway:GET",
"apigateway:OPTIONS"
],
"Effect": "Allow",
"Resource": [
"arn:aws:apigateway:*::/restapis",
"arn:aws:apigateway:*::/restapis/*/authorizers",
"arn:aws:apigateway:*::/restapis/*/authorizers/*",
"arn:aws:apigateway:*::/restapis/*/resources",
"arn:aws:apigateway:*::/restapis/*/resources/*",
"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*",
"arn:aws:apigateway:*::/vpclinks"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIX2T3QCXHR2OGGCTO",
"PolicyName": "SecurityAudit",
"VersionId": "v25"
},
{
"Document": {
"Statement": [
{
"Action": [
"glue:GetTableVersions"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:AbortMultipartUpload",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-application-discovery-service-*",
"arn:aws:s3:::aws-application-discovery-service-*/*"
]
},
{
"Action": [
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/application-discovery-service/firehose:log-stream:*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIX6FHUTEUNXYDFZ7C",
"PolicyName": "AWSDiscoveryContinuousExportFirehosePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"mediaconvert:*",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:ListObjects"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"mediaconvert.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIXDREOCL6LV7RBJWC",
"PolicyName": "AWSElementalMediaConvertFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"robomaker:ListDeploymentJobs",
"robomaker:BatchDescribeSimulationJob",
"robomaker:DescribeFleet",
"robomaker:DescribeSimulationApplication",
"robomaker:DescribeRobotApplication",
"robomaker:ListFleets",
"robomaker:ListSimulationJobs",
"robomaker:DescribeDeploymentJob",
"robomaker:DescribeSimulationJob",
"robomaker:DescribeRobot",
"robomaker:ListRobots",
"robomaker:ListRobotApplications",
"robomaker:ListSimulationApplications"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "VisualEditor0"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIXFHP2ALXXGGECYJI",
"PolicyName": "AWSRoboMakerReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"resource-groups:Get*",
"resource-groups:List*",
"resource-groups:Search*",
"tag:Get*",
"cloudformation:DescribeStacks",
"cloudformation:ListStackResources",
"ec2:DescribeInstances",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeVolumes",
"ec2:DescribeVpcs",
"elasticache:DescribeCacheClusters",
"elasticache:DescribeSnapshots",
"elasticache:ListTagsForResource",
"elasticbeanstalk:DescribeEnvironments",
"elasticmapreduce:DescribeCluster",
"elasticmapreduce:ListClusters",
"glacier:ListVaults",
"glacier:DescribeVault",
"glacier:ListTagsForVault",
"kinesis:ListStreams",
"kinesis:DescribeStream",
"kinesis:ListTagsForStream",
"opsworks:DescribeStacks",
"opsworks:ListTags",
"rds:DescribeDBInstances",
"rds:DescribeDBSnapshots",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"redshift:DescribeTags",
"route53domains:ListDomains",
"route53:ListHealthChecks",
"route53:GetHealthCheck",
"route53:ListHostedZones",
"route53:GetHostedZone",
"route53:ListTagsForResource",
"storagegateway:ListGateways",
"storagegateway:DescribeGatewayInformation",
"storagegateway:ListTagsForResource",
"s3:ListAllMyBuckets",
"s3:GetBucketTagging",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTags",
"ssm:ListDocuments"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIXFKM2WGBJAEWMFEG",
"PolicyName": "AWSResourceGroupsReadOnlyAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"codestar:*",
"ec2:DescribeKeyPairs",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"cloud9:DescribeEnvironment*",
"cloud9:ValidateEnvironmentName"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarEC2"
},
{
"Action": [
"cloudformation:DescribeStack*",
"cloudformation:GetTemplateSummary"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/awscodestar-*"
],
"Sid": "CodeStarCF"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIXI233TFUGLZOJBEC",
"PolicyName": "AWSCodeStarFullAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"ssm:CancelCommand",
"ssm:GetCommandInvocation",
"ssm:ListCommandInvocations",
"ssm:ListCommands",
"ssm:SendCommand",
"ssm:GetAutomationExecution",
"ssm:GetParameters",
"ssm:StartAutomationExecution"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:SSM*",
"arn:aws:lambda:*:*:function:*:SSM*"
]
},
{
"Action": [
"states:DescribeExecution",
"states:StartExecution"
],
"Effect": "Allow",
"Resource": [
"arn:aws:states:*:*:stateMachine:SSM*",
"arn:aws:states:*:*:execution:SSM*"
]
},
{
"Action": [
"resource-groups:ListGroups",
"resource-groups:ListGroupResources"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"tag:GetResources"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"ssm.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIXJ26NUGBA3TCV7EC",
"PolicyName": "AmazonSSMServiceRolePolicy",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"s3:List*",
"dynamodb:DescribeTable",
"rds:DescribeDBInstances",
"rds:DescribeDBSecurityGroups",
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"sns:ListTopics",
"sns:Subscribe",
"iam:ListRoles",
"iam:GetRolePolicy",
"iam:GetInstanceProfile",
"iam:ListInstanceProfiles",
"datapipeline:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:PassRole",
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/DataPipelineDefaultResourceRole",
"arn:aws:iam::*:role/DataPipelineDefaultRole"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIXOFIG7RSBMRPHXJ4",
"PolicyName": "AWSDataPipeline_FullAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"rds:CreateDBCluster",
"rds:CreateDBInstance"
],
"Condition": {
"StringEquals": {
"rds:DatabaseEngine": "graphdb"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:rds:*"
]
},
{
"Action": [
"rds:AddRoleToDBCluster",
"rds:AddSourceIdentifierToSubscription",
"rds:AddTagsToResource",
"rds:ApplyPendingMaintenanceAction",
"rds:CopyDBClusterParameterGroup",
"rds:CopyDBClusterSnapshot",
"rds:CopyDBParameterGroup",
"rds:CreateDBClusterParameterGroup",
"rds:CreateDBClusterSnapshot",
"rds:CreateDBParameterGroup",
"rds:CreateDBSubnetGroup",
"rds:CreateEventSubscription",
"rds:DeleteDBCluster",
"rds:DeleteDBClusterParameterGroup",
"rds:DeleteDBClusterSnapshot",
"rds:DeleteDBInstance",
"rds:DeleteDBParameterGroup",
"rds:DeleteDBSubnetGroup",
"rds:DeleteEventSubscription",
"rds:DescribeAccountAttributes",
"rds:DescribeCertificates",
"rds:DescribeDBClusterParameterGroups",
"rds:DescribeDBClusterParameters",
"rds:DescribeDBClusterSnapshotAttributes",
"rds:DescribeDBClusterSnapshots",
"rds:DescribeDBClusters",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeDBLogFiles",
"rds:DescribeDBParameterGroups",
"rds:DescribeDBParameters",
"rds:DescribeDBSecurityGroups",
"rds:DescribeDBSubnetGroups",
"rds:DescribeEngineDefaultClusterParameters",
"rds:DescribeEngineDefaultParameters",
"rds:DescribeEventCategories",
"rds:DescribeEventSubscriptions",
"rds:DescribeEvents",
"rds:DescribeOptionGroups",
"rds:DescribeOrderableDBInstanceOptions",
"rds:DescribePendingMaintenanceActions",
"rds:DescribeValidDBInstanceModifications",
"rds:DownloadDBLogFilePortion",
"rds:FailoverDBCluster",
"rds:ListTagsForResource",
"rds:ModifyDBCluster",
"rds:ModifyDBClusterParameterGroup",
"rds:ModifyDBClusterSnapshotAttribute",
"rds:ModifyDBInstance",
"rds:ModifyDBParameterGroup",
"rds:ModifyDBSubnetGroup",
"rds:ModifyEventSubscription",
"rds:PromoteReadReplicaDBCluster",
"rds:RebootDBInstance",
"rds:RemoveRoleFromDBCluster",
"rds:RemoveSourceIdentifierFromSubscription",
"rds:RemoveTagsFromResource",
"rds:ResetDBClusterParameterGroup",
"rds:ResetDBParameterGroup",
"rds:RestoreDBClusterFromSnapshot",
"rds:RestoreDBClusterToPointInTime"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
"iam:PassRole",
"kms:ListAliases",
"kms:ListKeyPolicies",
"kms:ListKeys",
"kms:ListRetirableGrants",
"logs:DescribeLogStreams",
"logs:GetLogEvents",
"sns:ListSubscriptions",
"sns:ListTopics",
"sns:Publish"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "rds.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIXSDEYRCNJRC6ITFK",
"PolicyName": "NeptuneFullAccess",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"organizations:ListAccounts",
"organizations:ListAccountsForParent",
"organizations:ListChildren",
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
"organizations:ListRoots",
"organizations:ListParents"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"organizations:EnableAWSServiceAccess",
"organizations:DisableAWSServiceAccess"
],
"Condition": {
"ForAllValues:StringLike": {
"organizations:ServicePrincipal": [
"tag.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIXTWESBJAQILG6NY4",
"PolicyName": "TagGovernancePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:GetMetricData",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeScheduledActions",
"autoscaling:BatchPutScheduledUpdateGroupAction",
"autoscaling:BatchDeleteScheduledAction"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIXWLPZPD4RYBM3JSU",
"PolicyName": "AWSAutoScalingPlansEC2AutoScalingPolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"cloudwatch:DescribeAlarmHistory",
"cloudwatch:DescribeAlarms",
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"datapipeline:DescribeObjects",
"datapipeline:DescribePipelines",
"datapipeline:GetPipelineDefinition",
"datapipeline:ListPipelines",
"datapipeline:QueryObjects",
"dynamodb:BatchGetItem",
"dynamodb:DescribeTable",
"dynamodb:GetItem",
"dynamodb:ListTables",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:DescribeReservedCapacity",
"dynamodb:DescribeReservedCapacityOfferings",
"dynamodb:ListTagsOfResource",
"dynamodb:DescribeTimeToLive",
"dynamodb:DescribeLimits",
"dynamodb:ListGlobalTables",
"dynamodb:DescribeGlobalTable",
"dynamodb:DescribeBackup",
"dynamodb:ListBackups",
"dynamodb:DescribeContinuousBackups",
"dax:Describe*",
"dax:List*",
"dax:GetItem",
"dax:BatchGetItem",
"dax:Query",
"dax:Scan",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"iam:GetRole",
"iam:ListRoles",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"lambda:ListFunctions",
"lambda:ListEventSourceMappings",
"lambda:GetFunctionConfiguration"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIY2XFNA232XJ6J7X2",
"PolicyName": "AmazonDynamoDBReadOnlyAccess",
"VersionId": "v7"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateKeyPair",
"ec2:CreateSecurityGroup",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeImages",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribePlacementGroups",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeVpcClassicLink",
"ec2:ImportKeyPair"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "elasticloadbalancing:Describe*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
"cloudwatch:PutMetricAlarm",
"cloudwatch:Describe*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "autoscaling:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sns:ListSubscriptions",
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:ListRoles",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "autoscaling.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIYEN6FJGYYWJFFCZW",
"PolicyName": "AutoScalingConsoleFullAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": {
"Action": "mediapackage:*",
"Effect": "Allow",
"Resource": "*"
},
"Version": "2012-10-17"
},
"PolicyId": "ANPAIYI6IYR3JRFAVNQHC",
"PolicyName": "AWSElementalMediaPackageFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "kinesisvideo:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIZAN5AK7E7UVYIAZY",
"PolicyName": "AmazonKinesisVideoStreamsFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"sns:GetTopicAttributes",
"sns:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIZGQCQTFOFPMHSB6W",
"PolicyName": "AmazonSNSReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:RevokeSecurityGroupIngress"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/rds/*"
]
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIZHJJBU3675JOUEMQ",
"PolicyName": "AmazonRDSPreviewServiceRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:RunInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:RunInstances"
],
"Condition": {
"StringNotEquals": {
"ec2:InstanceMarketType": "spot"
}
},
"Effect": "Deny",
"Resource": [
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:CreateTags"
],
"Condition": {
"StringEquals": {
"ec2:CreateAction": "RunInstances"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIZJJBQNXQYVKTEXGM",
"PolicyName": "AWSEC2SpotServiceRolePolicy",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:*",
"cloudformation:CreateStack",
"cloudformation:DescribeStackEvents",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:CancelSpotInstanceRequests",
"ec2:CreateRoute",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DeleteRoute",
"ec2:DeleteTags",
"ec2:DeleteSecurityGroup",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeSpotPriceHistory",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
"ec2:DescribeRouteTables",
"ec2:DescribeNetworkAcls",
"ec2:CreateVpcEndpoint",
"ec2:ModifyImageAttribute",
"ec2:ModifyInstanceAttribute",
"ec2:RequestSpotInstances",
"ec2:RevokeSecurityGroupEgress",
"ec2:RunInstances",
"ec2:TerminateInstances",
"elasticmapreduce:*",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:ListRoles",
"iam:PassRole",
"kms:List*",
"s3:*",
"sdb:*",
"support:CreateCase",
"support:DescribeServices",
"support:DescribeSeverityLevels"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": [
"elasticmapreduce.amazonaws.com",
"elasticmapreduce.amazonaws.com.cn"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIZP5JFP3AMSGINBB2",
"PolicyName": "AmazonElasticMapReduceFullAccess",
"VersionId": "v6"
},
{
"Document": {
"Statement": [
{
"Action": [
"route53:GetHostedZone",
"route53:ListHostedZonesByName",
"route53:CreateHostedZone",
"route53:DeleteHostedZone",
"route53:ChangeResourceRecordSets",
"route53:CreateHealthCheck",
"route53:GetHealthCheck",
"route53:DeleteHealthCheck",
"route53:UpdateHealthCheck",
"ec2:DescribeVpcs",
"ec2:DescribeRegions",
"servicediscovery:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIZPIMAQZJS3WUXUJM",
"PolicyName": "AWSCloudMapFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateSnapshot",
"ec2:DeleteSnapshot",
"ec2:DescribeVolumes",
"ec2:DescribeSnapshots"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateTags"
],
"Effect": "Allow",
"Resource": "arn:aws:ec2:*::snapshot/*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIZRLOKFUFE7YXQOJS",
"PolicyName": "AWSDataLifecycleManagerServiceRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"s3:Get*",
"s3:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIZTJ4DXE7G6AGAE6M",
"PolicyName": "AmazonS3ReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"elasticbeanstalk:*",
"ec2:*",
"ecs:*",
"ecr:*",
"elasticloadbalancing:*",
"autoscaling:*",
"cloudwatch:*",
"s3:*",
"sns:*",
"cloudformation:*",
"dynamodb:*",
"rds:*",
"sqs:*",
"logs:*",
"iam:GetPolicyVersion",
"iam:GetRole",
"iam:PassRole",
"iam:ListRolePolicies",
"iam:ListAttachedRolePolicies",
"iam:ListInstanceProfiles",
"iam:ListRoles",
"iam:ListServerCertificates",
"acm:DescribeCertificate",
"acm:ListCertificates",
"codebuild:CreateProject",
"codebuild:DeleteProject",
"codebuild:BatchGetBuilds",
"codebuild:StartBuild"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:AddRoleToInstanceProfile",
"iam:CreateInstanceProfile",
"iam:CreateRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-elasticbeanstalk*",
"arn:aws:iam::*:instance-profile/aws-elasticbeanstalk*"
]
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringLike": {
"iam:AWSServiceName": "autoscaling.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling*"
]
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringLike": {
"iam:AWSServiceName": "elasticbeanstalk.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*"
]
},
{
"Action": [
"iam:AttachRolePolicy"
],
"Condition": {
"StringLike": {
"iam:PolicyArn": [
"arn:aws:iam::aws:policy/AWSElasticBeanstalk*",
"arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalk*"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAIZYX2YLLBW2LJVUFW",
"PolicyName": "AWSElasticBeanstalkFullAccess",
"VersionId": "v7"
},
{
"Document": {
"Statement": [
{
"Action": [
"workspaces:CreateWorkspaces",
"workspaces:DescribeWorkspaces",
"workspaces:RebootWorkspaces",
"workspaces:RebuildWorkspaces",
"workspaces:TerminateWorkspaces",
"workspaces:DescribeWorkspaceDirectories",
"workspaces:DescribeWorkspaceBundles",
"workspaces:ModifyWorkspaceProperties",
"workspaces:StopWorkspaces",
"workspaces:StartWorkspaces",
"workspaces:DescribeWorkspacesConnectionStatus",
"workspaces:CreateTags",
"workspaces:DeleteTags",
"workspaces:DescribeTags",
"kms:ListKeys",
"kms:ListAliases",
"kms:DescribeKey"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ26AU6ATUQCT5KVJU",
"PolicyName": "AmazonWorkSpacesAdmin",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"autoscaling:CompleteLifecycleAction",
"autoscaling:DeleteLifecycleHook",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLifecycleHooks",
"autoscaling:PutLifecycleHook",
"autoscaling:RecordLifecycleActionHeartbeat",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:EnableMetricsCollection",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribePolicies",
"autoscaling:DescribeScheduledActions",
"autoscaling:DescribeNotificationConfigurations",
"autoscaling:DescribeLifecycleHooks",
"autoscaling:SuspendProcesses",
"autoscaling:ResumeProcesses",
"autoscaling:AttachLoadBalancers",
"autoscaling:PutScalingPolicy",
"autoscaling:PutScheduledUpdateGroupAction",
"autoscaling:PutNotificationConfiguration",
"autoscaling:PutLifecycleHook",
"autoscaling:DescribeScalingActivities",
"autoscaling:DeleteAutoScalingGroup",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:TerminateInstances",
"tag:GetTags",
"tag:GetResources",
"sns:Publish",
"cloudwatch:DescribeAlarms",
"cloudwatch:PutMetricAlarm",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:DeregisterTargets"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ2NKMKD73QS5NBFLA",
"PolicyName": "AWSCodeDeployRole",
"VersionId": "v6"
},
{
"Document": {
"Statement": [
{
"Action": [
"ses:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ2P4NXCHAT7NDPNR4",
"PolicyName": "AmazonSESFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"logs:Describe*",
"logs:Get*",
"logs:List*",
"logs:StartQuery",
"logs:StopQuery",
"logs:TestMetricFilter",
"logs:FilterLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ2YIYDYSNNEHK3VKW",
"PolicyName": "CloudWatchLogsReadOnlyAccess",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ModifyVpcEndpoint",
"ec2:RevokeSecurityGroupIngress",
"ec2:CreateVpcEndpoint",
"ec2:DescribeVpcEndpoints",
"ec2:DeleteVpcEndpoints"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/rds/*"
]
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ36CJAE6OYAR4YEK4",
"PolicyName": "AmazonRDSBetaServiceRolePolicy",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"firehose:Describe*",
"firehose:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ36NT645INW4K24W6",
"PolicyName": "AmazonKinesisFirehoseReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"opsworks:AssignInstance",
"opsworks:CreateStack",
"opsworks:CreateLayer",
"opsworks:DeregisterInstance",
"opsworks:DescribeInstances",
"opsworks:DescribeStackProvisioningParameters",
"opsworks:DescribeStacks",
"opsworks:UnassignInstance"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:AddUserToGroup",
"iam:CreateAccessKey",
"iam:CreateGroup",
"iam:CreateUser",
"iam:ListInstanceProfiles",
"iam:PassRole",
"iam:PutUserPolicy"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ3AB5ZBFPCQGTVDU4",
"PolicyName": "AWSOpsWorksRegisterCLI",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"globalaccelerator:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ3NSRQKPB42BCNRT6",
"PolicyName": "GlobalAcceleratorFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarmHistory",
"cloudwatch:DescribeAlarms",
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"cloudwatch:PutMetricAlarm",
"dynamodb:*",
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:ListSubscriptions",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"sns:Subscribe",
"sns:Unsubscribe",
"sns:SetTopicAttributes"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "DDBConsole"
},
{
"Action": [
"lambda:*",
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "DDBConsoleTriggers"
},
{
"Action": [
"datapipeline:*",
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "DDBConsoleImportExport"
},
{
"Action": [
"iam:GetRolePolicy",
"iam:PassRole"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "IAMEDPRoles"
},
{
"Action": [
"ec2:CreateTags",
"ec2:DescribeInstances",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances",
"elasticmapreduce:*",
"datapipeline:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "EMR"
},
{
"Action": [
"s3:DeleteObject",
"s3:Get*",
"s3:List*",
"s3:Put*"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "S3"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ3ORT7KDISSXGHJXA",
"PolicyName": "AmazonDynamoDBFullAccesswithDataPipeline",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"iotanalytics:Describe*",
"iotanalytics:List*",
"iotanalytics:Get*",
"iotanalytics:SampleChannelData"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ3Z4LYBELMXGFLGMI",
"PolicyName": "AWSIoTAnalyticsReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:*",
"datapipeline:*",
"dynamodb:*",
"ec2:Describe*",
"elasticmapreduce:AddJobFlowSteps",
"elasticmapreduce:Describe*",
"elasticmapreduce:ListInstance*",
"elasticmapreduce:ModifyInstanceGroups",
"rds:Describe*",
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"s3:*",
"sdb:*",
"sns:*",
"sqs:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ3Z5I2WAJE5DN2J36",
"PolicyName": "AmazonEC2RoleforDataPipelineRole",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"logs:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ3ZGNWK2R5HW5BQFO",
"PolicyName": "CloudWatchLogsFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "securityhub:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "securityhub.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ4262VZCA4HPBZSO6",
"PolicyName": "AWSSecurityHubFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": {
"Action": [
"mediapackage:List*",
"mediapackage:Describe*"
],
"Effect": "Allow",
"Resource": "*"
},
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ42DVTPUHKXNYZQCO",
"PolicyName": "AWSElementalMediaPackageReadOnly",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ecs:Poll",
"ecs:StartTask",
"ecs:StopTask",
"ecs:DiscoverPollEndpoint",
"ecs:StartTelemetrySession",
"ecs:RegisterContainerInstance",
"ecs:DeregisterContainerInstance",
"ecs:DescribeContainerInstances",
"ecs:Submit*",
"ecs:DescribeTasks"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ECSAccess"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ45SBYG72SD6SHJEY",
"PolicyName": "AWSElasticBeanstalkMulticontainerDocker",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"personalize:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:PutMetricData"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*Personalize*",
"arn:aws:s3:::*personalize*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "personalize.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ45XBPPZNI3MMVAUK",
"PolicyName": "AmazonPersonalizeFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"mgh:*",
"discovery:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:GetRole"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "continuousexport.discovery.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*"
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ4A2SZKHUYHDYIGOK",
"PolicyName": "AWSMigrationHubFullAccess",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"fsx:Describe*",
"fsx:ListTagsForResource"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ4ICPKXR6KK32HT52",
"PolicyName": "AmazonFSxReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"iam:ChangePassword"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:user/${aws:username}"
]
},
{
"Action": [
"iam:GetAccountPasswordPolicy"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ4L4MM2A7QIEB56MS",
"PolicyName": "IAMUserChangePassword",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/lightsail.amazonaws.com/AWSServiceRoleForLightsail*"
},
{
"Action": [
"ec2:CopySnapshot",
"ec2:DescribeSnapshots",
"ec2:CopyImage",
"ec2:DescribeImages"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ4LZGPQLZWMVR4WMQ",
"PolicyName": "LightsailExportAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"apigateway:*"
],
"Effect": "Allow",
"Resource": "arn:aws:apigateway:*::/*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ4PT6VY5NLKTNUYSI",
"PolicyName": "AmazonAPIGatewayAdministrator",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeRouteTables",
"ec2:CreateRoute",
"ec2:DeleteRoute",
"ec2:ReplaceRoute"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeNetworkInterfaces",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DescribeNetworkInterfacePermissions",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:AssignPrivateIpAddresses",
"ec2:UnassignPrivateIpAddresses"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ53Y4ZY5OHP4CNRJC",
"PolicyName": "AmazonVPCCrossAccountNetworkInterfaceOperations",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"catalog-user:*",
"s3:GetObject",
"servicecatalog:DescribeProduct",
"servicecatalog:DescribeProductView",
"servicecatalog:DescribeProvisioningParameters",
"servicecatalog:ListLaunchPaths",
"servicecatalog:SearchProducts"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"servicecatalog:ListRecordHistory",
"servicecatalog:DescribeProvisionedProduct",
"servicecatalog:DescribeRecord",
"servicecatalog:ScanProvisionedProducts"
],
"Condition": {
"StringEquals": {
"servicecatalog:userLevel": "self"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ56OMCO72RI4J5FSA",
"PolicyName": "ServiceCatalogEndUserAccess",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudtrail:DescribeTrails",
"cloudtrail:GetEventSelectors",
"cloudtrail:GetTrailStatus",
"cloudtrail:ListTags",
"cloudtrail:LookupEvents",
"iam:ListAccountAliases",
"s3:GetBucket*",
"s3:ListBucket",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudtrail:CreateTrail",
"cloudtrail:StartLogging",
"cloudtrail:StopLogging",
"cloudtrail:UpdateTrail",
"cloudtrail:DeleteTrail",
"cloudtrail:PutEventSelectors"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudtrail:*:*:trail/AWSMacieTrail-DO-NOT-EDIT"
},
{
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:DeleteBucketPolicy",
"s3:DeleteBucketWebsite",
"s3:DeleteObject",
"s3:DeleteObjectTagging",
"s3:DeleteObjectVersion",
"s3:DeleteObjectVersionTagging",
"s3:DeleteReplicationConfiguration",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::awsmacie-*",
"arn:aws:s3:::awsmacietrail-*",
"arn:aws:s3:::*-awsmacietrail-*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ5DC6UBVKND7ADSKA",
"PolicyName": "AmazonMacieSetupRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"polly:DescribeVoices",
"polly:GetLexicon",
"polly:GetSpeechSynthesisTask",
"polly:ListLexicons",
"polly:ListSpeechSynthesisTasks",
"polly:SynthesizeSpeech"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ5FENL3CVPL2FPDLA",
"PolicyName": "AmazonPollyReadOnlyAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:PutResourcePolicy",
"secretsmanager:PutSecretValue",
"secretsmanager:DeleteSecret",
"secretsmanager:DescribeSecret",
"secretsmanager:TagResource"
],
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:*:*:secret:rds-db-credentials/*",
"Sid": "SecretsManagerDbCredentialsAccess"
},
{
"Action": [
"dbqms:CreateFavoriteQuery",
"dbqms:DescribeFavoriteQueries",
"dbqms:UpdateFavoriteQuery",
"dbqms:DeleteFavoriteQueries",
"dbqms:GetQueryString",
"dbqms:CreateQueryHistory",
"dbqms:DescribeQueryHistory",
"dbqms:UpdateQueryHistory",
"dbqms:DeleteQueryHistory",
"dbqms:DescribeQueryHistory",
"rds-data:ExecuteSql",
"secretsmanager:CreateSecret",
"secretsmanager:ListSecrets",
"secretsmanager:GetRandomPassword",
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "RDSDataServiceAccess"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ5HUMNZCSW4IC74T6",
"PolicyName": "AmazonRDSDataFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "mobileanalytics:PutEvents",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ5TAWBBQC2FAL3G6G",
"PolicyName": "AmazonMobileAnalyticsWriteOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeImages",
"ec2:DescribeSubnets",
"ec2:RequestSpotInstances",
"ec2:TerminateInstances",
"ec2:DescribeInstanceStatus",
"ec2:CreateTags"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"elasticloadbalancing:RegisterInstancesWithLoadBalancer"
],
"Effect": "Allow",
"Resource": [
"arn:aws:elasticloadbalancing:*:*:loadbalancer/*"
]
},
{
"Action": [
"elasticloadbalancing:RegisterTargets"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ5U6UMLCEYLX5OLC4",
"PolicyName": "AmazonEC2SpotFleetTaggingRole",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"autoscaling:*",
"cloudwatch:*",
"cloudformation:CreateStack",
"cloudformation:DescribeStackEvents",
"datapipeline:Describe*",
"datapipeline:ListPipelines",
"datapipeline:GetPipelineDefinition",
"datapipeline:QueryObjects",
"dynamodb:*",
"ec2:CancelSpotInstanceRequests",
"ec2:CancelSpotFleetRequests",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:Describe*",
"ec2:ModifyImageAttribute",
"ec2:ModifyInstanceAttribute",
"ec2:ModifySpotFleetRequest",
"ec2:RequestSpotInstances",
"ec2:RequestSpotFleet",
"elasticfilesystem:*",
"elasticmapreduce:*",
"es:*",
"firehose:*",
"iam:GetInstanceProfile",
"iam:GetRole",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:ListRoles",
"kinesis:*",
"kms:List*",
"lambda:Create*",
"lambda:Delete*",
"lambda:Get*",
"lambda:InvokeFunction",
"lambda:PublishVersion",
"lambda:Update*",
"lambda:List*",
"machinelearning:*",
"sdb:*",
"rds:*",
"sns:ListSubscriptions",
"sns:ListTopics",
"logs:DescribeLogStreams",
"logs:GetLogEvents",
"redshift:*",
"s3:CreateBucket",
"sns:CreateTopic",
"sns:Get*",
"sns:List*",
"sagemaker:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:Abort*",
"s3:DeleteObject",
"s3:Get*",
"s3:List*",
"s3:PutAccelerateConfiguration",
"s3:PutBucketLogging",
"s3:PutBucketNotification",
"s3:PutBucketTagging",
"s3:PutObject",
"s3:Replicate*",
"s3:RestoreObject"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:RunInstances",
"ec2:TerminateInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:PassRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/DataPipelineDefaultRole",
"arn:aws:iam::*:role/DataPipelineDefaultResourceRole",
"arn:aws:iam::*:role/EMR_EC2_DefaultRole",
"arn:aws:iam::*:role/EMR_DefaultRole",
"arn:aws:iam::*:role/kinesis-*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "sagemaker.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ5YHI2BQW7EQFYDXS",
"PolicyName": "DataScientist",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"aws-marketplace:MeterUsage"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ65YJPG7CC7LDXNA6",
"PolicyName": "AWSMarketplaceMeteringFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"s3:CreateBucket",
"s3:DeleteObject",
"s3:DeleteBucket",
"s3:GetObject",
"s3:HeadBucket",
"s3:ListBucket",
"s3:ListObjects",
"s3:PutBucketPolicy",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-opsworks-cm-*"
]
},
{
"Action": [
"ssm:DescribeInstanceInformation",
"ssm:GetCommandInvocation",
"ssm:ListCommandInvocations",
"ssm:ListCommands"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ssm:SendCommand"
],
"Condition": {
"StringLike": {
"ssm:resourceTag/aws:cloudformation:stack-name": "aws-opsworks-cm-*"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ssm:SendCommand"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ssm:*::document/*",
"arn:aws:s3:::aws-opsworks-cm-*"
]
},
{
"Action": [
"ec2:AllocateAddress",
"ec2:AssociateAddress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateImage",
"ec2:CreateSecurityGroup",
"ec2:CreateSnapshot",
"ec2:CreateTags",
"ec2:DeleteSecurityGroup",
"ec2:DeleteSnapshot",
"ec2:DeregisterImage",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeImages",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstances",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSubnets",
"ec2:DisassociateAddress",
"ec2:ReleaseAddress",
"ec2:RunInstances",
"ec2:StopInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:TerminateInstances"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:cloudformation:stack-name": "aws-opsworks-cm-*"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResources",
"cloudformation:DescribeStacks",
"cloudformation:UpdateStack"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/aws-opsworks-cm-*"
]
},
{
"Action": [
"iam:PassRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-opsworks-cm-*",
"arn:aws:iam::*:role/service-role/aws-opsworks-cm-*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ6I6MPGJE62URSHCO",
"PolicyName": "AWSOpsWorksCMServiceRole",
"VersionId": "v7"
},
{
"Document": {
"Statement": [
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus",
"iam:GetRole"
],
"Effect": "Allow",
"Resource": "arn:*:iam::*:role/aws-service-role/s3.data-source.lustre.fsx.amazonaws.com/AWSServiceRoleForFSxS3Access_*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ6IRP2YV2YPKWPPNQ",
"PolicyName": "FSxDeleteServiceLinkedRoleAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:CreateNetworkInterfacePermission",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DeleteNetworkInterface"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kinesis:PutRecord",
"kinesis:PutRecords"
],
"Effect": "Allow",
"Resource": "arn:aws:kinesis:*:*:stream/AmazonWorkLink-*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ6JTE3DI5JOULLNLS",
"PolicyName": "WorkLinkServiceRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"connect:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:DeleteRole"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect_*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ6R6FMTSRUJSKI72Y",
"PolicyName": "AmazonConnectServiceLinkedRolePolicy",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"aws-marketplace:CreatePrivateMarketplace",
"aws-marketplace:CreatePrivateMarketplaceProfile",
"aws-marketplace:UpdatePrivateMarketplaceProfile",
"aws-marketplace:StartPrivateMarketplace",
"aws-marketplace:StopPrivateMarketplace",
"aws-marketplace:AssociateProductsWithPrivateMarketplace",
"aws-marketplace:DisassociateProductsFromPrivateMarketplace",
"aws-marketplace:DescribePrivateMarketplaceProfile",
"aws-marketplace:DescribePrivateMarketplaceStatus",
"aws-marketplace:ListPrivateMarketplaceProducts",
"aws-marketplace:DescribePrivateMarketplaceProducts"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ6VRZDDCYDOVCOCEI",
"PolicyName": "AWSPrivateMarketplaceAdminFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "iam:GetUser",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:AbortMultipartUpload",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::import-to-ec2-*"
},
{
"Action": [
"ec2:CancelConversionTask",
"ec2:CancelExportTask",
"ec2:CreateImage",
"ec2:CreateInstanceExportTask",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DeleteTags",
"ec2:DeleteVolume",
"ec2:DescribeConversionTasks",
"ec2:DescribeExportTasks",
"ec2:DescribeImages",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstances",
"ec2:DescribeRegions",
"ec2:DescribeTags",
"ec2:DetachVolume",
"ec2:ImportInstance",
"ec2:ImportVolume",
"ec2:ModifyInstanceAttribute",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances",
"ec2:ImportImage",
"ec2:DescribeImportImageTasks",
"ec2:DeregisterImage",
"ec2:DescribeSnapshots",
"ec2:DeleteSnapshot",
"ec2:CancelImportTask",
"ec2:ImportSnapshot",
"ec2:DescribeImportSnapshotTasks"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"SNS:Publish"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:metrics-sns-topic-for-*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ6YATONJHICG3DJ3U",
"PolicyName": "AWSConnector",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"ecs:DescribeServices",
"ecs:CreateTaskSet",
"ecs:UpdateServicePrimaryTaskSet",
"ecs:DeleteTaskSet",
"cloudwatch:DescribeAlarms"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:CodeDeployTopic_*"
},
{
"Action": [
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:ModifyRule"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": "arn:aws:lambda:*:*:function:CodeDeployHook_*"
},
{
"Action": [
"s3:GetObject",
"s3:GetObjectMetadata",
"s3:GetObjectVersion"
],
"Condition": {
"StringEquals": {
"s3:ExistingObjectTag/UseWithCodeDeploy": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"ecs-tasks.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/ecsTaskExecutionRole",
"arn:aws:iam::*:role/ECSTaskExecution*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ6Z7L2IOXEFFOGD2M",
"PolicyName": "AWSCodeDeployRoleForECSLimited",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"elastictranscoder:Read*",
"elastictranscoder:List*",
"elastictranscoder:*Job",
"elastictranscoder:*Preset",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:ListObjects",
"iam:ListRoles",
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ7AUMMRQOVZRI734S",
"PolicyName": "AmazonElasticTranscoder_JobsSubmitter",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"backup:Get*",
"backup:List*",
"backup:Describe*",
"backup:CreateBackupSelection",
"backup:DeleteBackupSelection",
"backup:GetRecoveryPointRestoreMetadata",
"backup:StartBackupJob",
"backup:StartRestoreJob"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"rds:DescribeDBSnapshots",
"rds:ListTagsForResource",
"rds:DescribeDBInstances",
"rds:describeDBSnapshots",
"rds:describeDBEngineVersions",
"rds:describeOptionGroups",
"rds:describeOrderableDBInstanceOptions",
"rds:describeDBSubnetGroups"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"dynamodb:ListBackups",
"dynamodb:ListTables"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"elasticfilesystem:DescribeFilesystems"
],
"Effect": "Allow",
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
},
{
"Action": [
"ec2:DescribeSnapshots",
"ec2:DescribeVolumes",
"ec2:describeAvailabilityZones"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"tag:GetTagKeys",
"tag:GetTagValues",
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"storagegateway:DescribeCachediSCSIVolumes",
"storagegateway:DescribeStorediSCSIVolumes"
],
"Effect": "Allow",
"Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*"
},
{
"Action": [
"storagegateway:ListGateways"
],
"Effect": "Allow",
"Resource": "arn:aws:storagegateway:*:*:*"
},
{
"Action": [
"storagegateway:DescribeGatewayInformation",
"storagegateway:ListVolumes",
"storagegateway:ListLocalDisks"
],
"Effect": "Allow",
"Resource": "arn:aws:storagegateway:*:*:gateway/*"
},
{
"Action": [
"iam:ListRoles",
"iam:GetRole",
"iam:GetUser"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": "backup.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/*AwsBackup*"
},
{
"Action": [
"kms:ListKeys",
"kms:DescribeKey",
"kms:GenerateDataKey",
"kms:RetireGrant",
"kms:CreateGrant",
"kms:ListAliases",
"kms:Decrypt"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ7BHZKKS47SGORCJE",
"PolicyName": "AWSBackupOperatorPolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"ForAnyValue:StringEquals": {
"iam:AWSServiceName": "macie.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ7CVEIVL347MLOVKI",
"PolicyName": "AmazonMacieHandshakeRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"iotanalytics:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ7FB5ZEKQN445QGKY",
"PolicyName": "AWSIoTAnalyticsFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"batch:*",
"cloudwatch:GetMetricStatistics",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeKeyPairs",
"ec2:DescribeVpcs",
"ec2:DescribeImages",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeLaunchTemplateVersions",
"ecs:DescribeClusters",
"ecs:Describe*",
"ecs:List*",
"logs:Describe*",
"logs:Get*",
"logs:TestMetricFilter",
"logs:FilterLogEvents",
"iam:ListInstanceProfiles",
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/AWSBatchServiceRole",
"arn:aws:iam::*:role/service-role/AWSBatchServiceRole",
"arn:aws:iam::*:role/ecsInstanceRole",
"arn:aws:iam::*:instance-profile/ecsInstanceRole",
"arn:aws:iam::*:role/iaws-ec2-spot-fleet-role",
"arn:aws:iam::*:role/aws-ec2-spot-fleet-role",
"arn:aws:iam::*:role/AWSBatchJobRole*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ7K2KIWB3HZVK3CUO",
"PolicyName": "AWSBatchFullAccess",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": [
"application-autoscaling:DeleteScalingPolicy",
"application-autoscaling:DeregisterScalableTarget",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:RegisterScalableTarget",
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:CreateLaunchConfiguration",
"autoscaling:DeleteAutoScalingGroup",
"autoscaling:DeleteLaunchConfiguration",
"autoscaling:Describe*",
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStack*",
"cloudformation:UpdateStack",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms",
"cloudwatch:GetMetricStatistics",
"cloudwatch:PutMetricAlarm",
"codedeploy:CreateApplication",
"codedeploy:CreateDeployment",
"codedeploy:CreateDeploymentGroup",
"codedeploy:GetApplication",
"codedeploy:GetDeployment",
"codedeploy:GetDeploymentGroup",
"codedeploy:ListApplications",
"codedeploy:ListDeploymentGroups",
"codedeploy:ListDeployments",
"codedeploy:StopDeployment",
"codedeploy:GetDeploymentTarget",
"codedeploy:ListDeploymentTargets",
"codedeploy:GetDeploymentConfig",
"codedeploy:GetApplicationRevision",
"codedeploy:RegisterApplicationRevision",
"codedeploy:BatchGetApplicationRevisions",
"codedeploy:BatchGetDeploymentGroups",
"codedeploy:BatchGetDeployments",
"codedeploy:BatchGetApplications",
"codedeploy:ListApplicationRevisions",
"codedeploy:ListDeploymentConfigs",
"codedeploy:ContinueDeployment",
"sns:ListTopics",
"lambda:ListFunctions",
"ec2:AssociateRouteTable",
"ec2:AttachInternetGateway",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CancelSpotFleetRequests",
"ec2:CreateInternetGateway",
"ec2:CreateLaunchTemplate",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateVpc",
"ec2:DeleteLaunchTemplate",
"ec2:DeleteSubnet",
"ec2:DeleteVpc",
"ec2:Describe*",
"ec2:DetachInternetGateway",
"ec2:DisassociateRouteTable",
"ec2:ModifySubnetAttribute",
"ec2:ModifyVpcAttribute",
"ec2:RunInstances",
"ec2:RequestSpotFleet",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:CreateRule",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:DeleteListener",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:DeleteRule",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTargetGroups",
"ecs:*",
"events:DescribeRule",
"events:DeleteRule",
"events:ListRuleNamesByTarget",
"events:ListTargetsByRule",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"iam:ListAttachedRolePolicies",
"iam:ListInstanceProfiles",
"iam:ListRoles",
"logs:CreateLogGroup",
"logs:DescribeLogGroups",
"logs:FilterLogEvents",
"route53:GetHostedZone",
"route53:ListHostedZonesByName",
"route53:CreateHostedZone",
"route53:DeleteHostedZone",
"route53:GetHealthCheck",
"servicediscovery:CreatePrivateDnsNamespace",
"servicediscovery:CreateService",
"servicediscovery:GetNamespace",
"servicediscovery:GetOperation",
"servicediscovery:GetService",
"servicediscovery:ListNamespaces",
"servicediscovery:ListServices",
"servicediscovery:UpdateService",
"servicediscovery:DeleteService"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ssm:GetParametersByPath",
"ssm:GetParameters",
"ssm:GetParameter"
],
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:parameter/aws/service/ecs*"
},
{
"Action": [
"ec2:DeleteInternetGateway",
"ec2:DeleteRoute",
"ec2:DeleteRouteTable",
"ec2:DeleteSecurityGroup"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:cloudformation:stack-name": "EC2ContainerService-*"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": "ecs-tasks.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/ecsInstanceRole*"
]
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": [
"application-autoscaling.amazonaws.com",
"application-autoscaling.amazonaws.com.cn"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/ecsAutoscaleRole*"
]
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": [
"ecs.amazonaws.com",
"spot.amazonaws.com",
"spotfleet.amazonaws.com",
"ecs.application-autoscaling.amazonaws.com",
"autoscaling.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ7S7AN6YQPTJC7IFS",
"PolicyName": "AmazonECS_FullAccess",
"VersionId": "v15"
},
{
"Document": {
"Statement": [
{
"Action": [
"apigateway:GET"
],
"Effect": "Allow",
"Resource": [
"arn:aws:apigateway:*::/account",
"arn:aws:apigateway:*::/clientcertificates",
"arn:aws:apigateway:*::/clientcertificates/*",
"arn:aws:apigateway:*::/domainnames",
"arn:aws:apigateway:*::/domainnames/*",
"arn:aws:apigateway:*::/domainnames/*/basepathmappings",
"arn:aws:apigateway:*::/domainnames/*/basepathmappings/*",
"arn:aws:apigateway:*::/restapis",
"arn:aws:apigateway:*::/restapis/*",
"arn:aws:apigateway:*::/restapis/*/authorizers",
"arn:aws:apigateway:*::/restapis/*/authorizers/*",
"arn:aws:apigateway:*::/restapis/*/deployments",
"arn:aws:apigateway:*::/restapis/*/deployments/*",
"arn:aws:apigateway:*::/restapis/*/models",
"arn:aws:apigateway:*::/restapis/*/models/*",
"arn:aws:apigateway:*::/restapis/*/models/*/default_template",
"arn:aws:apigateway:*::/restapis/*/resources",
"arn:aws:apigateway:*::/restapis/*/resources/*",
"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration/responses/*",
"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/responses/*",
"arn:aws:apigateway:*::/restapis/*/stages/*/sdks/*",
"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*",
"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration",
"arn:aws:apigateway:*::/restapis/*/stages",
"arn:aws:apigateway:*::/restapis/*/stages/*"
]
},
{
"Action": [
"iam:DeleteRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport"
]
},
{
"Action": [
"a4b:getDevice",
"a4b:getProfile",
"a4b:getRoom",
"a4b:getRoomSkillParameter",
"a4b:getSkillGroup",
"a4b:searchDevices",
"a4b:searchProfiles",
"a4b:searchRooms",
"a4b:searchSkillGroups",
"acm-pca:describeCertificateAuthority",
"acm-pca:describeCertificateAuthorityAuditReport",
"acm-pca:getCertificate",
"acm-pca:getCertificateAuthorityCertificate",
"acm-pca:getCertificateAuthorityCsr",
"acm-pca:listCertificateAuthorities",
"acm-pca:listTags",
"acm:describeCertificate",
"acm:getCertificate",
"acm:listCertificates",
"acm:listTagsForCertificate",
"application-autoscaling:describeScalableTargets",
"application-autoscaling:describeScalingActivities",
"application-autoscaling:describeScalingPolicies",
"appstream:describeDirectoryConfigs",
"appstream:describeFleets",
"appstream:describeImageBuilders",
"appstream:describeImages",
"appstream:describeSessions",
"appstream:describeStacks",
"appstream:listAssociatedFleets",
"appstream:listAssociatedStacks",
"appstream:listTagsForResource",
"appsync:getFunction",
"appsync:getGraphqlApi",
"appsync:getIntrospectionSchema",
"appsync:getResolver",
"appsync:getSchemaCreationStatus",
"appsync:getType",
"appsync:listDataSources",
"appsync:listFunctions",
"appsync:listGraphqlApis",
"appsync:listResolvers",
"appsync:listTypes",
"athena:batchGetNamedQuery",
"athena:batchGetQueryExecution",
"athena:getNamedQuery",
"athena:getQueryExecution",
"athena:listNamedQueries",
"athena:listQueryExecutions",
"autoscaling-plans:describeScalingPlanResources",
"autoscaling-plans:describeScalingPlans",
"autoscaling-plans:getScalingPlanResourceForecastData",
"autoscaling:describeAccountLimits",
"autoscaling:describeAdjustmentTypes",
"autoscaling:describeAutoScalingGroups",
"autoscaling:describeAutoScalingInstances",
"autoscaling:describeAutoScalingNotificationTypes",
"autoscaling:describeLaunchConfigurations",
"autoscaling:describeLifecycleHooks",
"autoscaling:describeLifecycleHookTypes",
"autoscaling:describeLoadBalancers",
"autoscaling:describeLoadBalancerTargetGroups",
"autoscaling:describeMetricCollectionTypes",
"autoscaling:describeNotificationConfigurations",
"autoscaling:describePolicies",
"autoscaling:describeScalingActivities",
"autoscaling:describeScalingProcessTypes",
"autoscaling:describeScheduledActions",
"autoscaling:describeTags",
"autoscaling:describeTerminationPolicyTypes",
"batch:describeComputeEnvironments",
"batch:describeJobDefinitions",
"batch:describeJobQueues",
"batch:describeJobs",
"batch:listJobs",
"cloud9:describeEnvironmentMemberships",
"cloud9:describeEnvironments",
"cloud9:listEnvironments",
"clouddirectory:getDirectory",
"clouddirectory:listDirectories",
"cloudformation:describeAccountLimits",
"cloudformation:describeChangeSet",
"cloudformation:describeStackEvents",
"cloudformation:describeStackInstance",
"cloudformation:describeStackResource",
"cloudformation:describeStackResources",
"cloudformation:describeStacks",
"cloudformation:describeStackSet",
"cloudformation:describeStackSetOperation",
"cloudformation:estimateTemplateCost",
"cloudformation:getStackPolicy",
"cloudformation:getTemplate",
"cloudformation:getTemplateSummary",
"cloudformation:listChangeSets",
"cloudformation:listExports",
"cloudformation:listImports",
"cloudformation:listStackInstances",
"cloudformation:listStackResources",
"cloudformation:listStacks",
"cloudformation:listStackSetOperationResults",
"cloudformation:listStackSetOperations",
"cloudformation:listStackSets",
"cloudfront:getCloudFrontOriginAccessIdentity",
"cloudfront:getCloudFrontOriginAccessIdentityConfig",
"cloudfront:getDistribution",
"cloudfront:getDistributionConfig",
"cloudfront:getInvalidation",
"cloudfront:getStreamingDistribution",
"cloudfront:getStreamingDistributionConfig",
"cloudfront:listCloudFrontOriginAccessIdentities",
"cloudfront:listDistributions",
"cloudfront:listDistributionsByWebACLId",
"cloudfront:listInvalidations",
"cloudfront:listStreamingDistributions",
"cloudhsm:describeBackups",
"cloudhsm:describeClusters",
"cloudsearch:describeAnalysisSchemes",
"cloudsearch:describeAvailabilityOptions",
"cloudsearch:describeDomains",
"cloudsearch:describeExpressions",
"cloudsearch:describeIndexFields",
"cloudsearch:describeScalingParameters",
"cloudsearch:describeServiceAccessPolicies",
"cloudsearch:describeSuggesters",
"cloudsearch:listDomainNames",
"cloudtrail:describeTrails",
"cloudtrail:getEventSelectors",
"cloudtrail:getTrailStatus",
"cloudtrail:listPublicKeys",
"cloudtrail:listTags",
"cloudtrail:lookupEvents",
"cloudwatch:describeAlarmHistory",
"cloudwatch:describeAlarms",
"cloudwatch:describeAlarmsForMetric",
"cloudwatch:getDashboard",
"cloudwatch:getMetricData",
"cloudwatch:getMetricStatistics",
"cloudwatch:listDashboards",
"cloudwatch:listMetrics",
"codebuild:batchGetBuilds",
"codebuild:batchGetProjects",
"codebuild:listBuilds",
"codebuild:listBuildsForProject",
"codebuild:listCuratedEnvironmentImages",
"codebuild:listProjects",
"codecommit:batchGetRepositories",
"codecommit:getBranch",
"codecommit:getRepository",
"codecommit:getRepositoryTriggers",
"codecommit:listBranches",
"codecommit:listRepositories",
"codedeploy:batchGetApplications",
"codedeploy:batchGetDeployments",
"codedeploy:batchGetOnPremisesInstances",
"codedeploy:getApplication",
"codedeploy:getApplicationRevision",
"codedeploy:getDeployment",
"codedeploy:getDeploymentConfig",
"codedeploy:getDeploymentGroup",
"codedeploy:getDeploymentInstance",
"codedeploy:getOnPremisesInstance",
"codedeploy:listApplicationRevisions",
"codedeploy:listApplications",
"codedeploy:listDeploymentConfigs",
"codedeploy:listDeploymentGroups",
"codedeploy:listDeploymentInstances",
"codedeploy:listDeployments",
"codedeploy:listOnPremisesInstances",
"codepipeline:getJobDetails",
"codepipeline:getPipeline",
"codepipeline:getPipelineExecution",
"codepipeline:getPipelineState",
"codepipeline:listActionTypes",
"codepipeline:listPipelines",
"codestar:describeProject",
"codestar:listProjects",
"codestar:listResources",
"codestar:listTeamMembers",
"codestar:listUserProfiles",
"cognito-identity:describeIdentityPool",
"cognito-identity:getIdentityPoolRoles",
"cognito-identity:listIdentities",
"cognito-identity:listIdentityPools",
"cognito-idp:adminGetUser",
"cognito-idp:describeIdentityProvider",
"cognito-idp:describeResourceServer",
"cognito-idp:describeRiskConfiguration",
"cognito-idp:describeUserImportJob",
"cognito-idp:describeUserPool",
"cognito-idp:describeUserPoolClient",
"cognito-idp:describeUserPoolDomain",
"cognito-idp:getGroup",
"cognito-idp:getUICustomization",
"cognito-idp:getUser",
"cognito-idp:getUserPoolMfaConfig",
"cognito-idp:listGroups",
"cognito-idp:listIdentityProviders",
"cognito-idp:listResourceServers",
"cognito-idp:listUserImportJobs",
"cognito-idp:listUserPoolClients",
"cognito-idp:listUserPools",
"cognito-sync:describeDataset",
"cognito-sync:describeIdentityPoolUsage",
"cognito-sync:describeIdentityUsage",
"cognito-sync:getCognitoEvents",
"cognito-sync:getIdentityPoolConfiguration",
"cognito-sync:listDatasets",
"cognito-sync:listIdentityPoolUsage",
"config:describeConfigRuleEvaluationStatus",
"config:describeConfigRules",
"config:describeConfigurationRecorders",
"config:describeConfigurationRecorderStatus",
"config:describeDeliveryChannels",
"config:describeDeliveryChannelStatus",
"config:getResourceConfigHistory",
"config:listDiscoveredResources",
"datapipeline:describeObjects",
"datapipeline:describePipelines",
"datapipeline:getPipelineDefinition",
"datapipeline:listPipelines",
"datapipeline:queryObjects",
"dax:describeClusters",
"dax:describeDefaultParameters",
"dax:describeEvents",
"dax:describeParameterGroups",
"dax:describeParameters",
"dax:describeSubnetGroups",
"devicefarm:getAccountSettings",
"devicefarm:getDevice",
"devicefarm:getDevicePool",
"devicefarm:getDevicePoolCompatibility",
"devicefarm:getJob",
"devicefarm:getProject",
"devicefarm:getRemoteAccessSession",
"devicefarm:getRun",
"devicefarm:getSuite",
"devicefarm:getTest",
"devicefarm:getUpload",
"devicefarm:listArtifacts",
"devicefarm:listDevicePools",
"devicefarm:listDevices",
"devicefarm:listJobs",
"devicefarm:listProjects",
"devicefarm:listRemoteAccessSessions",
"devicefarm:listRuns",
"devicefarm:listSamples",
"devicefarm:listSuites",
"devicefarm:listTests",
"devicefarm:listUniqueProblems",
"devicefarm:listUploads",
"directconnect:describeConnections",
"directconnect:describeConnectionsOnInterconnect",
"directconnect:describeInterconnects",
"directconnect:describeLocations",
"directconnect:describeVirtualGateways",
"directconnect:describeVirtualInterfaces",
"dlm:getLifecyclePolicies",
"dlm:getLifecyclePolicy",
"dms:describeAccountAttributes",
"dms:describeConnections",
"dms:describeEndpoints",
"dms:describeEndpointTypes",
"dms:describeOrderableReplicationInstances",
"dms:describeRefreshSchemasStatus",
"dms:describeReplicationInstances",
"dms:describeReplicationSubnetGroups",
"ds:describeConditionalForwarders",
"ds:describeDirectories",
"ds:describeEventTopics",
"ds:describeSnapshots",
"ds:describeTrusts",
"ds:getDirectoryLimits",
"ds:getSnapshotLimits",
"ds:listIpRoutes",
"ds:listSchemaExtensions",
"ds:listTagsForResource",
"dynamodb:describeBackup",
"dynamodb:describeContinuousBackups",
"dynamodb:describeGlobalTable",
"dynamodb:describeLimits",
"dynamodb:describeStream",
"dynamodb:describeTable",
"dynamodb:describeTimeToLive",
"dynamodb:listBackups",
"dynamodb:listGlobalTables",
"dynamodb:listStreams",
"dynamodb:listTables",
"dynamodb:listTagsOfResource",
"ec2:acceptReservedInstancesExchangeQuote",
"ec2:cancelReservedInstancesListing",
"ec2:createReservedInstancesListing",
"ec2:describeAccountAttributes",
"ec2:describeAddresses",
"ec2:describeAvailabilityZones",
"ec2:describeBundleTasks",
"ec2:describeByoipCidrs",
"ec2:describeClassicLinkInstances",
"ec2:describeConversionTasks",
"ec2:describeCustomerGateways",
"ec2:describeDhcpOptions",
"ec2:describeElasticGpus",
"ec2:describeExportTasks",
"ec2:describeFlowLogs",
"ec2:describeHostReservationOfferings",
"ec2:describeHostReservations",
"ec2:describeHosts",
"ec2:describeIdentityIdFormat",
"ec2:describeIdFormat",
"ec2:describeImageAttribute",
"ec2:describeImages",
"ec2:describeImportImageTasks",
"ec2:describeImportSnapshotTasks",
"ec2:describeInstanceAttribute",
"ec2:describeInstances",
"ec2:describeInstanceStatus",
"ec2:describeInternetGateways",
"ec2:describeKeyPairs",
"ec2:describeLaunchTemplates",
"ec2:describeLaunchTemplateVersions",
"ec2:describeMovingAddresses",
"ec2:describeNatGateways",
"ec2:describeNetworkAcls",
"ec2:describeNetworkInterfaceAttribute",
"ec2:describeNetworkInterfaces",
"ec2:describePlacementGroups",
"ec2:describePrefixLists",
"ec2:describePublicIpv4Pools",
"ec2:describeRegions",
"ec2:describeReservedInstances",
"ec2:describeReservedInstancesListings",
"ec2:describeReservedInstancesModifications",
"ec2:describeReservedInstancesOfferings",
"ec2:describeRouteTables",
"ec2:describeScheduledInstances",
"ec2:describeSecurityGroups",
"ec2:describeSnapshotAttribute",
"ec2:describeSnapshots",
"ec2:describeSpotDatafeedSubscription",
"ec2:describeSpotFleetInstances",
"ec2:describeSpotFleetRequestHistory",
"ec2:describeSpotFleetRequests",
"ec2:describeSpotInstanceRequests",
"ec2:describeSpotPriceHistory",
"ec2:describeSubnets",
"ec2:describeTags",
"ec2:describeVolumeAttribute",
"ec2:describeVolumes",
"ec2:describeVolumesModifications",
"ec2:describeVolumeStatus",
"ec2:describeVpcAttribute",
"ec2:describeVpcClassicLink",
"ec2:describeVpcClassicLinkDnsSupport",
"ec2:describeVpcEndpointConnectionNotifications",
"ec2:describeVpcEndpointConnections",
"ec2:describeVpcEndpoints",
"ec2:describeVpcEndpointServiceConfigurations",
"ec2:describeVpcEndpointServicePermissions",
"ec2:describeVpcEndpointServices",
"ec2:describeVpcPeeringConnections",
"ec2:describeVpcs",
"ec2:describeVpnConnections",
"ec2:describeVpnGateways",
"ec2:getConsoleScreenshot",
"ec2:getReservedInstancesExchangeQuote",
"ec2:modifyReservedInstances",
"ec2:purchaseReservedInstancesOffering",
"ecr:batchCheckLayerAvailability",
"ecr:describeImages",
"ecr:describeRepositories",
"ecr:getRepositoryPolicy",
"ecr:listImages",
"ecs:describeClusters",
"ecs:describeContainerInstances",
"ecs:describeServices",
"ecs:describeTaskDefinition",
"ecs:describeTasks",
"ecs:listClusters",
"ecs:listContainerInstances",
"ecs:listServices",
"ecs:listTaskDefinitions",
"ecs:listTasks",
"eks:describeCluster",
"eks:listClusters",
"elasticache:describeCacheClusters",
"elasticache:describeCacheEngineVersions",
"elasticache:describeCacheParameterGroups",
"elasticache:describeCacheParameters",
"elasticache:describeCacheSecurityGroups",
"elasticache:describeCacheSubnetGroups",
"elasticache:describeEngineDefaultParameters",
"elasticache:describeEvents",
"elasticache:describeReplicationGroups",
"elasticache:describeReservedCacheNodes",
"elasticache:describeReservedCacheNodesOfferings",
"elasticache:describeSnapshots",
"elasticache:listAllowedNodeTypeModifications",
"elasticache:listTagsForResource",
"elasticbeanstalk:checkDNSAvailability",
"elasticbeanstalk:describeApplications",
"elasticbeanstalk:describeApplicationVersions",
"elasticbeanstalk:describeConfigurationOptions",
"elasticbeanstalk:describeConfigurationSettings",
"elasticbeanstalk:describeEnvironmentHealth",
"elasticbeanstalk:describeEnvironmentManagedActionHistory",
"elasticbeanstalk:describeEnvironmentManagedActions",
"elasticbeanstalk:describeEnvironmentResources",
"elasticbeanstalk:describeEnvironments",
"elasticbeanstalk:describeEvents",
"elasticbeanstalk:describeInstancesHealth",
"elasticbeanstalk:describePlatformVersion",
"elasticbeanstalk:listAvailableSolutionStacks",
"elasticbeanstalk:listPlatformVersions",
"elasticbeanstalk:validateConfigurationSettings",
"elasticfilesystem:describeFileSystems",
"elasticfilesystem:describeMountTargets",
"elasticfilesystem:describeMountTargetSecurityGroups",
"elasticfilesystem:describeTags",
"elasticloadbalancing:describeInstanceHealth",
"elasticloadbalancing:describeListenerCertificates",
"elasticloadbalancing:describeListeners",
"elasticloadbalancing:describeLoadBalancerAttributes",
"elasticloadbalancing:describeLoadBalancerPolicies",
"elasticloadbalancing:describeLoadBalancerPolicyTypes",
"elasticloadbalancing:describeLoadBalancers",
"elasticloadbalancing:describeRules",
"elasticloadbalancing:describeSSLPolicies",
"elasticloadbalancing:describeTags",
"elasticloadbalancing:describeTargetGroupAttributes",
"elasticloadbalancing:describeTargetGroups",
"elasticloadbalancing:describeTargetHealth",
"elasticmapreduce:describeCluster",
"elasticmapreduce:describeSecurityConfiguration",
"elasticmapreduce:describeStep",
"elasticmapreduce:listBootstrapActions",
"elasticmapreduce:listClusters",
"elasticmapreduce:listInstanceGroups",
"elasticmapreduce:listInstances",
"elasticmapreduce:listSecurityConfigurations",
"elasticmapreduce:listSteps",
"elastictranscoder:listJobsByPipeline",
"elastictranscoder:listJobsByStatus",
"elastictranscoder:listPipelines",
"elastictranscoder:listPresets",
"elastictranscoder:readPipeline",
"elastictranscoder:readPreset",
"es:describeElasticsearchDomain",
"es:describeElasticsearchDomainConfig",
"es:describeElasticsearchDomains",
"es:listDomainNames",
"es:listTags",
"events:describeEventBus",
"events:describeRule",
"events:listRuleNamesByTarget",
"events:listRules",
"events:listTargetsByRule",
"events:testEventPattern",
"firehose:describeDeliveryStream",
"firehose:listDeliveryStreams",
"glacier:describeJob",
"glacier:describeVault",
"glacier:getDataRetrievalPolicy",
"glacier:getVaultAccessPolicy",
"glacier:getVaultLock",
"glacier:getVaultNotifications",
"glacier:listJobs",
"glacier:listTagsForVault",
"glacier:listVaults",
"glue:batchGetPartition",
"glue:getCatalogImportStatus",
"glue:getClassifier",
"glue:getClassifiers",
"glue:getCrawler",
"glue:getCrawlerMetrics",
"glue:getCrawlers",
"glue:getDatabase",
"glue:getDatabases",
"glue:getDataflowGraph",
"glue:getDevEndpoint",
"glue:getDevEndpoints",
"glue:getJob",
"glue:getJobRun",
"glue:getJobRuns",
"glue:getJobs",
"glue:getMapping",
"glue:getPartition",
"glue:getPartitions",
"glue:getTable",
"glue:getTables",
"glue:getTableVersions",
"glue:getTrigger",
"glue:getTriggers",
"glue:getUserDefinedFunction",
"glue:getUserDefinedFunctions",
"greengrass:getConnectivityInfo",
"greengrass:getCoreDefinition",
"greengrass:getCoreDefinitionVersion",
"greengrass:getDeploymentStatus",
"greengrass:getDeviceDefinition",
"greengrass:getDeviceDefinitionVersion",
"greengrass:getFunctionDefinition",
"greengrass:getFunctionDefinitionVersion",
"greengrass:getGroup",
"greengrass:getGroupCertificateAuthority",
"greengrass:getGroupVersion",
"greengrass:getLoggerDefinition",
"greengrass:getLoggerDefinitionVersion",
"greengrass:getResourceDefinitionVersion",
"greengrass:getServiceRoleForAccount",
"greengrass:getSubscriptionDefinition",
"greengrass:getSubscriptionDefinitionVersion",
"greengrass:listCoreDefinitions",
"greengrass:listCoreDefinitionVersions",
"greengrass:listDeployments",
"greengrass:listDeviceDefinitions",
"greengrass:listDeviceDefinitionVersions",
"greengrass:listFunctionDefinitions",
"greengrass:listFunctionDefinitionVersions",
"greengrass:listGroups",
"greengrass:listGroupVersions",
"greengrass:listLoggerDefinitions",
"greengrass:listLoggerDefinitionVersions",
"greengrass:listResourceDefinitions",
"greengrass:listResourceDefinitionVersions",
"greengrass:listSubscriptionDefinitions",
"greengrass:listSubscriptionDefinitionVersions",
"guardduty:getDetector",
"guardduty:getFindings",
"guardduty:getFindingsStatistics",
"guardduty:getInvitationsCount",
"guardduty:getIPSet",
"guardduty:getMasterAccount",
"guardduty:getMembers",
"guardduty:getThreatIntelSet",
"guardduty:listDetectors",
"guardduty:listFindings",
"guardduty:listInvitations",
"guardduty:listIPSets",
"guardduty:listMembers",
"guardduty:listThreatIntelSets",
"health:describeAffectedEntities",
"health:describeEntityAggregates",
"health:describeEventAggregates",
"health:describeEventDetails",
"health:describeEvents",
"health:describeEventTypes",
"iam:getAccessKeyLastUsed",
"iam:getAccountAuthorizationDetails",
"iam:getAccountPasswordPolicy",
"iam:getAccountSummary",
"iam:getContextKeysForCustomPolicy",
"iam:getContextKeysForPrincipalPolicy",
"iam:getCredentialReport",
"iam:getGroup",
"iam:getGroupPolicy",
"iam:getInstanceProfile",
"iam:getLoginProfile",
"iam:getOpenIDConnectProvider",
"iam:getPolicy",
"iam:getPolicyVersion",
"iam:getRole",
"iam:getRolePolicy",
"iam:getSAMLProvider",
"iam:getServerCertificate",
"iam:getSSHPublicKey",
"iam:getUser",
"iam:getUserPolicy",
"iam:listAccessKeys",
"iam:listAccountAliases",
"iam:listAttachedGroupPolicies",
"iam:listAttachedRolePolicies",
"iam:listAttachedUserPolicies",
"iam:listEntitiesForPolicy",
"iam:listGroupPolicies",
"iam:listGroups",
"iam:listGroupsForUser",
"iam:listInstanceProfiles",
"iam:listInstanceProfilesForRole",
"iam:listMFADevices",
"iam:listOpenIDConnectProviders",
"iam:listPolicies",
"iam:listPolicyVersions",
"iam:listRolePolicies",
"iam:listRoles",
"iam:listSAMLProviders",
"iam:listServerCertificates",
"iam:listSigningCertificates",
"iam:listSSHPublicKeys",
"iam:listUserPolicies",
"iam:listUsers",
"iam:listVirtualMFADevices",
"iam:simulateCustomPolicy",
"iam:simulatePrincipalPolicy",
"importexport:getStatus",
"importexport:listJobs",
"inspector:describeAssessmentRuns",
"inspector:describeAssessmentTargets",
"inspector:describeAssessmentTemplates",
"inspector:describeCrossAccountAccessRole",
"inspector:describeResourceGroups",
"inspector:describeRulesPackages",
"inspector:getTelemetryMetadata",
"inspector:listAssessmentRunAgents",
"inspector:listAssessmentRuns",
"inspector:listAssessmentTargets",
"inspector:listAssessmentTemplates",
"inspector:listEventSubscriptions",
"inspector:listRulesPackages",
"inspector:listTagsForResource",
"iot:describeAuthorizer",
"iot:describeCACertificate",
"iot:describeCertificate",
"iot:describeDefaultAuthorizer",
"iot:describeEndpoint",
"iot:describeIndex",
"iot:describeJobExecution",
"iot:describeThing",
"iot:describeThingGroup",
"iot:getEffectivePolicies",
"iot:getIndexingConfiguration",
"iot:getLoggingOptions",
"iot:getPolicy",
"iot:getPolicyVersion",
"iot:getTopicRule",
"iot:getV2LoggingOptions",
"iot:listAttachedPolicies",
"iot:listAuthorizers",
"iot:listCACertificates",
"iot:listCertificates",
"iot:listCertificatesByCA",
"iot:listJobExecutionsForJob",
"iot:listJobExecutionsForThing",
"iot:listJobs",
"iot:listOutgoingCertificates",
"iot:listPolicies",
"iot:listPolicyPrincipals",
"iot:listPolicyVersions",
"iot:listPrincipalPolicies",
"iot:listPrincipalThings",
"iot:listRoleAliases",
"iot:listTargetsForPolicy",
"iot:listThingGroups",
"iot:listThingGroupsForThing",
"iot:listThingPrincipals",
"iot:listThingRegistrationTasks",
"iot:listThings",
"iot:listThingTypes",
"iot:listTopicRules",
"iot:listV2LoggingLevels",
"kafka:describeCluster",
"kafka:getBootstrapBrokers",
"kafka:listClusters",
"kafka:listNodes",
"kinesis:describeStream",
"kinesis:listStreams",
"kinesis:listTagsForStream",
"kinesisanalytics:describeApplication",
"kinesisanalytics:listApplications",
"kms:describeKey",
"kms:getKeyPolicy",
"kms:getKeyRotationStatus",
"kms:listAliases",
"kms:listGrants",
"kms:listKeyPolicies",
"kms:listKeys",
"kms:listResourceTags",
"kms:listRetirableGrants",
"lambda:getAccountSettings",
"lambda:getAlias",
"lambda:getEventSourceMapping",
"lambda:getFunction",
"lambda:getFunctionConfiguration",
"lambda:getPolicy",
"lambda:listAliases",
"lambda:listEventSourceMappings",
"lambda:listFunctions",
"lambda:listVersionsByFunction",
"lex:getBot",
"lex:getBotAlias",
"lex:getBotAliases",
"lex:getBotChannelAssociation",
"lex:getBotChannelAssociations",
"lex:getBots",
"lex:getBotVersions",
"lex:getBuiltinIntent",
"lex:getBuiltinIntents",
"lex:getBuiltinSlotTypes",
"lex:getIntent",
"lex:getIntents",
"lex:getIntentVersions",
"lex:getSlotType",
"lex:getSlotTypes",
"lex:getSlotTypeVersions",
"lightsail:getActiveNames",
"lightsail:getBlueprints",
"lightsail:getBundles",
"lightsail:getDomain",
"lightsail:getDomains",
"lightsail:getInstance",
"lightsail:getInstanceAccessDetails",
"lightsail:getInstanceMetricData",
"lightsail:getInstancePortStates",
"lightsail:getInstances",
"lightsail:getInstanceSnapshot",
"lightsail:getInstanceSnapshots",
"lightsail:getInstanceState",
"lightsail:getKeyPair",
"lightsail:getKeyPairs",
"lightsail:getOperation",
"lightsail:getOperations",
"lightsail:getOperationsForResource",
"lightsail:getRegions",
"lightsail:getStaticIp",
"lightsail:getStaticIps",
"logs:describeDestinations",
"logs:describeExportTasks",
"logs:describeLogGroups",
"logs:describeLogStreams",
"logs:describeMetricFilters",
"logs:describeSubscriptionFilters",
"logs:testMetricFilter",
"machinelearning:describeBatchPredictions",
"machinelearning:describeDataSources",
"machinelearning:describeEvaluations",
"machinelearning:describeMLModels",
"machinelearning:getBatchPrediction",
"machinelearning:getDataSource",
"machinelearning:getEvaluation",
"machinelearning:getMLModel",
"mediaconvert:describeEndpoints",
"mediaconvert:getJob",
"mediaconvert:getJobTemplate",
"mediaconvert:getPreset",
"mediaconvert:getQueue",
"mediaconvert:listJobs",
"mediaconvert:listJobTemplates",
"medialive:describeChannel",
"medialive:describeInput",
"medialive:describeInputSecurityGroup",
"medialive:describeOffering",
"medialive:describeReservation",
"medialive:describeSchedule",
"medialive:listChannels",
"medialive:listInputs",
"medialive:listInputSecurityGroups",
"medialive:listOfferings",
"mediapackage:describeChannel",
"mediapackage:describeOriginEndpoint",
"mediapackage:listChannels",
"mediapackage:listOriginEndpoints",
"mediastore:describeContainer",
"mediastore:getContainerPolicy",
"mediastore:listContainers",
"mobiletargeting:getApnsChannel",
"mobiletargeting:getApplicationSettings",
"mobiletargeting:getCampaign",
"mobiletargeting:getCampaignActivities",
"mobiletargeting:getCampaigns",
"mobiletargeting:getCampaignVersion",
"mobiletargeting:getCampaignVersions",
"mobiletargeting:getEndpoint",
"mobiletargeting:getGcmChannel",
"mobiletargeting:getImportJob",
"mobiletargeting:getImportJobs",
"mobiletargeting:getSegment",
"mobiletargeting:getSegmentImportJobs",
"mobiletargeting:getSegments",
"mobiletargeting:getSegmentVersion",
"mobiletargeting:getSegmentVersions",
"mq:describeBroker",
"mq:describeConfiguration",
"mq:describeConfigurationRevision",
"mq:describeUser",
"mq:listBrokers",
"mq:listConfigurationRevisions",
"mq:listConfigurations",
"mq:listUsers",
"opsworks-cm:describeAccountAttributes",
"opsworks-cm:describeBackups",
"opsworks-cm:describeEvents",
"opsworks-cm:describeNodeAssociationStatus",
"opsworks-cm:describeServers",
"opsworks:describeAgentVersions",
"opsworks:describeApps",
"opsworks:describeCommands",
"opsworks:describeDeployments",
"opsworks:describeEcsClusters",
"opsworks:describeElasticIps",
"opsworks:describeElasticLoadBalancers",
"opsworks:describeInstances",
"opsworks:describeLayers",
"opsworks:describeLoadBasedAutoScaling",
"opsworks:describeMyUserProfile",
"opsworks:describePermissions",
"opsworks:describeRaidArrays",
"opsworks:describeRdsDbInstances",
"opsworks:describeServiceErrors",
"opsworks:describeStackProvisioningParameters",
"opsworks:describeStacks",
"opsworks:describeStackSummary",
"opsworks:describeTimeBasedAutoScaling",
"opsworks:describeUserProfiles",
"opsworks:describeVolumes",
"opsworks:getHostnameSuggestion",
"polly:describeVoices",
"polly:getLexicon",
"polly:listLexicons",
"rds:describeAccountAttributes",
"rds:describeCertificates",
"rds:describeDBClusterParameterGroups",
"rds:describeDBClusterParameters",
"rds:describeDBClusters",
"rds:describeDBClusterSnapshots",
"rds:describeDBEngineVersions",
"rds:describeDBInstances",
"rds:describeDBParameterGroups",
"rds:describeDBParameters",
"rds:describeDBSecurityGroups",
"rds:describeDBSnapshotAttributes",
"rds:describeDBSnapshots",
"rds:describeDBSubnetGroups",
"rds:describeEngineDefaultClusterParameters",
"rds:describeEngineDefaultParameters",
"rds:describeEventCategories",
"rds:describeEvents",
"rds:describeEventSubscriptions",
"rds:describeOptionGroupOptions",
"rds:describeOptionGroups",
"rds:describeOrderableDBInstanceOptions",
"rds:describePendingMaintenanceActions",
"rds:describeReservedDBInstances",
"rds:describeReservedDBInstancesOfferings",
"rds:listTagsForResource",
"redshift:describeClusterParameterGroups",
"redshift:describeClusterParameters",
"redshift:describeClusters",
"redshift:describeClusterSecurityGroups",
"redshift:describeClusterSnapshots",
"redshift:describeClusterSubnetGroups",
"redshift:describeClusterVersions",
"redshift:describeDefaultClusterParameters",
"redshift:describeEventCategories",
"redshift:describeEvents",
"redshift:describeEventSubscriptions",
"redshift:describeHsmClientCertificates",
"redshift:describeHsmConfigurations",
"redshift:describeLoggingStatus",
"redshift:describeOrderableClusterOptions",
"redshift:describeReservedNodeOfferings",
"redshift:describeReservedNodes",
"redshift:describeResize",
"redshift:describeSnapshotCopyGrants",
"redshift:describeTableRestoreStatus",
"redshift:describeTags",
"rekognition:listCollections",
"rekognition:listFaces",
"robomaker:describeDeploymentJob",
"robomaker:describeFleet",
"robomaker:describeRobotApplication",
"robomaker:describeSimulationApplication",
"robomaker:describeSimulationJob",
"robomaker:listDeploymentJobs",
"robomaker:listFleets",
"robomaker:listRobotApplications",
"robomaker:listRobots",
"robomaker:listSimulationApplications",
"robomaker:listSimulationJobs",
"route53:getChange",
"route53:getCheckerIpRanges",
"route53:getGeoLocation",
"route53:getHealthCheck",
"route53:getHealthCheckCount",
"route53:getHealthCheckLastFailureReason",
"route53:getHealthCheckStatus",
"route53:getHostedZone",
"route53:getHostedZoneCount",
"route53:getReusableDelegationSet",
"route53:getTrafficPolicy",
"route53:getTrafficPolicyInstance",
"route53:getTrafficPolicyInstanceCount",
"route53:listGeoLocations",
"route53:listHealthChecks",
"route53:listHostedZones",
"route53:listHostedZonesByName",
"route53:listResourceRecordSets",
"route53:listReusableDelegationSets",
"route53:listTagsForResource",
"route53:listTagsForResources",
"route53:listTrafficPolicies",
"route53:listTrafficPolicyInstances",
"route53:listTrafficPolicyInstancesByHostedZone",
"route53:listTrafficPolicyInstancesByPolicy",
"route53:listTrafficPolicyVersions",
"route53domains:checkDomainAvailability",
"route53domains:getContactReachabilityStatus",
"route53domains:getDomainDetail",
"route53domains:getOperationDetail",
"route53domains:listDomains",
"route53domains:listOperations",
"route53domains:listTagsForDomain",
"route53domains:viewBilling",
"route53resolver:getResolverRulePolicy",
"route53resolver:listResolverEndpointIpAddresses",
"route53resolver:listResolverEndpoints",
"route53resolver:listResolverRuleAssociations",
"route53resolver:listResolverRules",
"route53resolver:listTagsForResource",
"s3:getAccelerateConfiguration",
"s3:getAnalyticsConfiguration",
"s3:getBucketAcl",
"s3:getBucketCORS",
"s3:getBucketLocation",
"s3:getBucketLogging",
"s3:getBucketNotification",
"s3:getBucketPolicy",
"s3:getBucketRequestPayment",
"s3:getBucketTagging",
"s3:getBucketVersioning",
"s3:getBucketWebsite",
"s3:getEncryptionConfiguration",
"s3:getInventoryConfiguration",
"s3:getLifecycleConfiguration",
"s3:getMetricsConfiguration",
"s3:getReplicationConfiguration",
"s3:headBucket",
"s3:listAllMyBuckets",
"s3:listBucketMultipartUploads",
"sagemaker:describeEndpoint",
"sagemaker:describeEndpointConfig",
"sagemaker:describeHyperParameterTuningJob",
"sagemaker:describeModel",
"sagemaker:describeNotebookInstance",
"sagemaker:describeNotebookInstanceLifecycleConfig",
"sagemaker:describeTrainingJob",
"sagemaker:describeTransformJob",
"sagemaker:listEndpointConfigs",
"sagemaker:listEndpoints",
"sagemaker:listHyperParameterTuningJobs",
"sagemaker:listModels",
"sagemaker:listNotebookInstanceLifecycleConfigs",
"sagemaker:listNotebookInstances",
"sagemaker:listTags",
"sagemaker:listTrainingJobs",
"sagemaker:listTrainingJobsForHyperParameterTuningJob",
"sagemaker:listTransformJobs",
"sdb:domainMetadata",
"sdb:listDomains",
"secretsmanager:describeSecret",
"secretsmanager:getResourcePolicy",
"secretsmanager:listSecrets",
"secretsmanager:listSecretVersionIds",
"servicecatalog:describeConstraint",
"servicecatalog:describePortfolio",
"servicecatalog:describeProduct",
"servicecatalog:describeProductAsAdmin",
"servicecatalog:describeProductView",
"servicecatalog:describeProvisioningArtifact",
"servicecatalog:describeProvisioningParameters",
"servicecatalog:describeRecord",
"servicecatalog:listAcceptedPortfolioShares",
"servicecatalog:listConstraintsForPortfolio",
"servicecatalog:listLaunchPaths",
"servicecatalog:listPortfolioAccess",
"servicecatalog:listPortfolios",
"servicecatalog:listPortfoliosForProduct",
"servicecatalog:listPrincipalsForPortfolio",
"servicecatalog:listProvisioningArtifacts",
"servicecatalog:listRecordHistory",
"servicecatalog:scanProvisionedProducts",
"servicecatalog:searchProducts",
"ses:describeActiveReceiptRuleSet",
"ses:describeReceiptRule",
"ses:describeReceiptRuleSet",
"ses:getIdentityDkimAttributes",
"ses:getIdentityMailFromDomainAttributes",
"ses:getIdentityNotificationAttributes",
"ses:getIdentityPolicies",
"ses:getIdentityVerificationAttributes",
"ses:getSendQuota",
"ses:getSendStatistics",
"ses:listIdentities",
"ses:listIdentityPolicies",
"ses:listReceiptFilters",
"ses:listReceiptRuleSets",
"ses:listVerifiedEmailAddresses",
"shield:describeAttack",
"shield:describeProtection",
"shield:describeSubscription",
"shield:listAttacks",
"shield:listProtections",
"sms:getConnectors",
"sms:getReplicationJobs",
"sms:getReplicationRuns",
"sms:getServers",
"snowball:describeAddress",
"snowball:describeAddresses",
"snowball:describeJob",
"snowball:getSnowballUsage",
"snowball:listJobs",
"sns:checkIfPhoneNumberIsOptedOut",
"sns:getEndpointAttributes",
"sns:getPlatformApplicationAttributes",
"sns:getSMSAttributes",
"sns:getSubscriptionAttributes",
"sns:getTopicAttributes",
"sns:listEndpointsByPlatformApplication",
"sns:listPhoneNumbersOptedOut",
"sns:listPlatformApplications",
"sns:listSubscriptions",
"sns:listSubscriptionsByTopic",
"sns:listTopics",
"sqs:getQueueAttributes",
"sqs:getQueueUrl",
"sqs:listDeadLetterSourceQueues",
"sqs:listQueues",
"ssm:describeActivations",
"ssm:describeAssociation",
"ssm:describeAutomationExecutions",
"ssm:describeAvailablePatches",
"ssm:describeDocument",
"ssm:describeDocumentPermission",
"ssm:describeEffectiveInstanceAssociations",
"ssm:describeEffectivePatchesForPatchBaseline",
"ssm:describeInstanceAssociationsStatus",
"ssm:describeInstanceInformation",
"ssm:describeInstancePatches",
"ssm:describeInstancePatchStates",
"ssm:describeInstancePatchStatesForPatchGroup",
"ssm:describeMaintenanceWindowExecutions",
"ssm:describeMaintenanceWindowExecutionTaskInvocations",
"ssm:describeMaintenanceWindowExecutionTasks",
"ssm:describeMaintenanceWindows",
"ssm:describeMaintenanceWindowTargets",
"ssm:describeMaintenanceWindowTasks",
"ssm:describeParameters",
"ssm:describePatchBaselines",
"ssm:describePatchGroups",
"ssm:describePatchGroupState",
"ssm:getAutomationExecution",
"ssm:getCommandInvocation",
"ssm:getDefaultPatchBaseline",
"ssm:getDeployablePatchSnapshotForInstance",
"ssm:getDocument",
"ssm:getInventory",
"ssm:getInventorySchema",
"ssm:getMaintenanceWindow",
"ssm:getMaintenanceWindowExecution",
"ssm:getMaintenanceWindowExecutionTask",
"ssm:getParameterHistory",
"ssm:getParameters",
"ssm:getPatchBaseline",
"ssm:getPatchBaselineForPatchGroup",
"ssm:listAssociations",
"ssm:listCommandInvocations",
"ssm:listCommands",
"ssm:listDocuments",
"ssm:listDocumentVersions",
"ssm:listInventoryEntries",
"ssm:listTagsForResource",
"states:describeActivity",
"states:describeExecution",
"states:describeStateMachine",
"states:getExecutionHistory",
"states:listActivities",
"states:listExecutions",
"states:listStateMachines",
"storagegateway:describeBandwidthRateLimit",
"storagegateway:describeCache",
"storagegateway:describeCachediSCSIVolumes",
"storagegateway:describeGatewayInformation",
"storagegateway:describeMaintenanceStartTime",
"storagegateway:describeNFSFileShares",
"storagegateway:describeSMBFileShares",
"storagegateway:describeSMBSettings",
"storagegateway:describeSnapshotSchedule",
"storagegateway:describeStorediSCSIVolumes",
"storagegateway:describeTapeArchives",
"storagegateway:describeTapeRecoveryPoints",
"storagegateway:describeTapes",
"storagegateway:describeUploadBuffer",
"storagegateway:describeVTLDevices",
"storagegateway:describeWorkingStorage",
"storagegateway:listFileShares",
"storagegateway:listGateways",
"storagegateway:listLocalDisks",
"storagegateway:listTagsForResource",
"storagegateway:listTapes",
"storagegateway:listVolumeInitiators",
"storagegateway:listVolumeRecoveryPoints",
"storagegateway:listVolumes",
"swf:describeActivityType",
"swf:describeDomain",
"swf:describeWorkflowExecution",
"swf:describeWorkflowType",
"swf:getWorkflowExecutionHistory",
"swf:listActivityTypes",
"swf:listClosedWorkflowExecutions",
"swf:listDomains",
"swf:listOpenWorkflowExecutions",
"swf:listWorkflowTypes",
"transfer:describeServer",
"transfer:describeUser",
"transfer:listServers",
"transfer:listTagsForResource",
"transfer:listUsers",
"waf-regional:getByteMatchSet",
"waf-regional:getChangeTokenStatus",
"waf-regional:getIPSet",
"waf-regional:getRule",
"waf-regional:getSqlInjectionMatchSet",
"waf-regional:getWebACL",
"waf-regional:getWebACLForResource",
"waf-regional:listByteMatchSets",
"waf-regional:listIPSets",
"waf-regional:listResourcesForWebACL",
"waf-regional:listRules",
"waf-regional:listSqlInjectionMatchSets",
"waf-regional:listWebACLs",
"waf:getByteMatchSet",
"waf:getChangeTokenStatus",
"waf:getIPSet",
"waf:getRule",
"waf:getSampledRequests",
"waf:getSizeConstraintSet",
"waf:getSqlInjectionMatchSet",
"waf:getWebACL",
"waf:getXssMatchSet",
"waf:listByteMatchSets",
"waf:listIPSets",
"waf:listRules",
"waf:listSizeConstraintSets",
"waf:listSqlInjectionMatchSets",
"waf:listWebACLs",
"waf:listXssMatchSets",
"workdocs:checkAlias",
"workdocs:describeAvailableDirectories",
"workdocs:describeInstances",
"workspaces:describeTags",
"workspaces:describeWorkspaceBundles",
"workspaces:describeWorkspaceDirectories",
"workspaces:describeWorkspaces",
"workspaces:describeWorkspacesConnectionStatus"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ7W6266ELXF5MISDS",
"PolicyName": "AWSSupportServiceRolePolicy",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"catalog-admin:DescribeConstraints",
"catalog-admin:DescribeListingForProduct",
"catalog-admin:DescribeListings",
"catalog-admin:DescribePortfolios",
"catalog-admin:DescribeProductVersions",
"catalog-admin:GetPortfolioCount",
"catalog-admin:GetPortfolios",
"catalog-admin:GetProductCounts",
"catalog-admin:ListAllPortfolioConstraints",
"catalog-admin:ListPortfolioConstraints",
"catalog-admin:ListPortfolios",
"catalog-admin:ListPrincipalConstraints",
"catalog-admin:ListProductConstraints",
"catalog-admin:ListResourceUsers",
"catalog-admin:ListTagsForResource",
"catalog-admin:SearchListings",
"catalog-user:*",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStacks",
"cloudformation:GetTemplateSummary",
"iam:GetGroup",
"iam:GetRole",
"iam:GetUser",
"iam:ListGroups",
"iam:ListRoles",
"iam:ListUsers",
"s3:GetObject",
"servicecatalog:DescribeTagOption",
"servicecatalog:GetTagOptionMigrationStatus",
"servicecatalog:ListResourcesForTagOption",
"servicecatalog:ListTagOptions",
"servicecatalog:AccountLevelDescribeRecord",
"servicecatalog:AccountLevelListRecordHistory",
"servicecatalog:AccountLevelScanProvisionedProducts",
"servicecatalog:DescribeProduct",
"servicecatalog:DescribeProductView",
"servicecatalog:DescribeProvisioningParameters",
"servicecatalog:DescribeProvisionedProduct",
"servicecatalog:DescribeRecord",
"servicecatalog:ListLaunchPaths",
"servicecatalog:ListRecordHistory",
"servicecatalog:ScanProvisionedProducts",
"servicecatalog:SearchProducts",
"servicecatalog:DescribeConstraint",
"servicecatalog:DescribeProductAsAdmin",
"servicecatalog:DescribePortfolio",
"servicecatalog:DescribeProvisioningArtifact",
"servicecatalog:ListAcceptedPortfolioShares",
"servicecatalog:ListConstraintsForPortfolio",
"servicecatalog:ListPortfolioAccess",
"servicecatalog:ListPortfolios",
"servicecatalog:ListPortfoliosForProduct",
"servicecatalog:ListPrincipalsForPortfolio",
"servicecatalog:ListProvisioningArtifacts",
"servicecatalog:SearchProductsAsAdmin"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ7XOUSS75M4LIPKO4",
"PolicyName": "ServiceCatalogAdminReadOnlyAccess",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": [
"rds:AddTagsToResource",
"rds:CreateDBInstance",
"rds:DeleteDBInstance",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:ModifyDBCluster",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": "rds.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ7XS52I27Q2JVKALU",
"PolicyName": "AWSApplicationAutoscalingRDSClusterPolicy",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateTags"
],
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"aws:ec2sri:scheduledInstanceId"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": [
"ec2:TerminateInstances"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:ec2sri:scheduledInstanceId": "*"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJ7Y4TT63D6QBKCY4O",
"PolicyName": "AWSServiceRoleForEC2ScheduledInstances",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:DescribeAlarms",
"lambda:UpdateAlias",
"lambda:GetAlias",
"sns:Publish"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*/CodeDeploy/*"
},
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion"
],
"Condition": {
"StringEquals": {
"s3:ExistingObjectTag/UseWithCodeDeploy": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": "arn:aws:lambda:*:*:function:CodeDeployHook_*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJA3RQZIKNOSJ4ZQSA",
"PolicyName": "AWSCodeDeployRoleForLambda",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"fms:Get*",
"fms:List*",
"waf:Get*",
"waf:List*",
"waf-regional:Get*",
"waf-regional:List*",
"organizations:DescribeOrganization"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJA3UKVVBN62QFIKLW",
"PolicyName": "AWSFMAdminReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:PutMetricData",
"ds:CreateComputer",
"ds:DescribeDirectories",
"ec2:DescribeInstanceStatus",
"logs:*",
"ssm:*",
"ec2messages:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "ssm.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*"
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJA7V6HI4ISQFMDYAG",
"PolicyName": "AmazonSSMFullAccess",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"codecommit:BatchGet*",
"codecommit:Get*",
"codecommit:Describe*",
"codecommit:List*",
"codecommit:GitPull"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"events:DescribeRule",
"events:ListTargetsByRule"
],
"Effect": "Allow",
"Resource": "arn:aws:events:*:*:rule/codecommit*",
"Sid": "CloudWatchEventsCodeCommitRulesReadOnlyAccess"
},
{
"Action": [
"sns:ListTopics",
"sns:ListSubscriptionsByTopic",
"sns:GetTopicAttributes"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "SNSSubscriptionAccess"
},
{
"Action": [
"lambda:ListFunctions"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "LambdaReadOnlyListAccess"
},
{
"Action": [
"iam:ListUsers"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "IAMReadOnlyListAccess"
},
{
"Action": [
"iam:ListAccessKeys",
"iam:ListSSHPublicKeys",
"iam:ListServiceSpecificCredentials",
"iam:ListAccessKeys",
"iam:GetSSHPublicKey"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}",
"Sid": "IAMReadOnlyConsoleAccess"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJACNSXR7Z2VLJW3D6",
"PolicyName": "AWSCodeCommitReadOnly",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"autoscaling:Describe*",
"autoscaling:UpdateAutoScalingGroup",
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStack*",
"cloudformation:UpdateStack",
"cloudwatch:GetMetricStatistics",
"ec2:Describe*",
"elasticloadbalancing:*",
"ecs:*",
"events:DescribeRule",
"events:DeleteRule",
"events:ListRuleNamesByTarget",
"events:ListTargetsByRule",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"iam:ListInstanceProfiles",
"iam:ListRoles",
"iam:PassRole"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJALOYVTPDZEMIACSM",
"PolicyName": "AmazonEC2ContainerServiceFullAccess",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"freertos:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJAN6PSDCOH6HXG2SE",
"PolicyName": "AmazonFreeRTOSFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:AmazonTextract*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJBDSAWESWLL34WASG",
"PolicyName": "AmazonTextractServiceRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cognito-identity:Describe*",
"cognito-identity:Get*",
"cognito-identity:List*",
"cognito-idp:Describe*",
"cognito-idp:AdminGetUser",
"cognito-idp:List*",
"cognito-sync:Describe*",
"cognito-sync:Get*",
"cognito-sync:List*",
"iam:ListOpenIdConnectProviders",
"iam:ListRoles",
"sns:ListPlatformApplications"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJBFTRZD2GQGJHSVQK",
"PolicyName": "AmazonCognitoReadOnly",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"logs:DescribeLogGroups"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "AllowDescribeOnAllLogGroups"
},
{
"Action": [
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:dms-tasks-*"
],
"Sid": "AllowDescribeOfAllLogStreamsOnDmsTasksLogGroup"
},
{
"Action": [
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:dms-tasks-*"
],
"Sid": "AllowCreationOfDmsTasksLogGroups"
},
{
"Action": [
"logs:CreateLogStream"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:dms-tasks-*:log-stream:dms-task-*"
],
"Sid": "AllowCreationOfDmsTaskLogStream"
},
{
"Action": [
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:dms-tasks-*:log-stream:dms-task-*"
],
"Sid": "AllowUploadOfLogEventsToDmsTaskLogStream"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJBG7UXZZXUJD3TDJE",
"PolicyName": "AmazonDMSCloudWatchLogsRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"mgh:*",
"discovery:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:GetRole"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "continuousexport.discovery.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*"
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJBNJEA6ZXM2SBOPDU",
"PolicyName": "AWSApplicationDiscoveryServiceFullAccess",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"servicediscovery:Get*",
"servicediscovery:List*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJBPMV2EFBFFKJ6SI4",
"PolicyName": "AmazonRoute53AutoNamingReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ds:DescribeDirectories",
"ds:DescribeTrusts",
"iam:ListPolicies",
"organizations:DescribeOrganization",
"organizations:DescribeAccount",
"organizations:ListParents",
"organizations:ListChildren",
"organizations:ListAccounts",
"organizations:ListRoots",
"organizations:ListAccountsForParent",
"organizations:ListOrganizationalUnitsForParent",
"sso:DescribePermissionsPolicies",
"sso:GetApplicationTemplate",
"sso:GetApplicationInstance",
"sso:GetPermissionSet",
"sso:GetProfile",
"sso:GetPermissionsPolicy",
"sso:GetSSOStatus",
"sso:GetSSOConfiguration",
"sso:GetTrust",
"sso:ListPermissionSets",
"sso:ListDirectoryAssociations",
"sso:ListProfiles",
"sso:ListApplicationInstances",
"sso:ListApplicationInstanceCertificates",
"sso:ListApplicationTemplates",
"sso:ListApplications",
"sso:ListProfileAssociations",
"sso:Search*",
"sso-directory:DescribeDirectory"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AWSSSOReadOnly"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJBSMEEZXFDMKMY43I",
"PolicyName": "AWSSSOReadOnly",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:AcceptVpcPeeringConnection",
"ec2:AcceptVpcEndpointConnections",
"ec2:AllocateAddress",
"ec2:AssignIpv6Addresses",
"ec2:AssignPrivateIpAddresses",
"ec2:AssociateAddress",
"ec2:AssociateDhcpOptions",
"ec2:AssociateRouteTable",
"ec2:AssociateSubnetCidrBlock",
"ec2:AssociateVpcCidrBlock",
"ec2:AttachClassicLinkVpc",
"ec2:AttachInternetGateway",
"ec2:AttachNetworkInterface",
"ec2:AttachVpnGateway",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateCustomerGateway",
"ec2:CreateDefaultSubnet",
"ec2:CreateDefaultVpc",
"ec2:CreateDhcpOptions",
"ec2:CreateEgressOnlyInternetGateway",
"ec2:CreateFlowLogs",
"ec2:CreateInternetGateway",
"ec2:CreateNatGateway",
"ec2:CreateNetworkAcl",
"ec2:CreateNetworkAcl",
"ec2:CreateNetworkAclEntry",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateTags",
"ec2:CreateVpc",
"ec2:CreateVpcEndpoint",
"ec2:CreateVpcEndpointConnectionNotification",
"ec2:CreateVpcEndpointServiceConfiguration",
"ec2:CreateVpcPeeringConnection",
"ec2:CreateVpnConnection",
"ec2:CreateVpnConnectionRoute",
"ec2:CreateVpnGateway",
"ec2:DeleteCustomerGateway",
"ec2:DeleteDhcpOptions",
"ec2:DeleteEgressOnlyInternetGateway",
"ec2:DeleteFlowLogs",
"ec2:DeleteInternetGateway",
"ec2:DeleteNatGateway",
"ec2:DeleteNetworkAcl",
"ec2:DeleteNetworkAclEntry",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DeleteRoute",
"ec2:DeleteRouteTable",
"ec2:DeleteSecurityGroup",
"ec2:DeleteSubnet",
"ec2:DeleteTags",
"ec2:DeleteVpc",
"ec2:DeleteVpcEndpoints",
"ec2:DeleteVpcEndpointConnectionNotifications",
"ec2:DeleteVpcEndpointServiceConfigurations",
"ec2:DeleteVpcPeeringConnection",
"ec2:DeleteVpnConnection",
"ec2:DeleteVpnConnectionRoute",
"ec2:DeleteVpnGateway",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeCustomerGateways",
"ec2:DescribeDhcpOptions",
"ec2:DescribeEgressOnlyInternetGateways",
"ec2:DescribeFlowLogs",
"ec2:DescribeInstances",
"ec2:DescribeInternetGateways",
"ec2:DescribeKeyPairs",
"ec2:DescribeMovingAddresses",
"ec2:DescribeNatGateways",
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeNetworkInterfacePermissions",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribePrefixLists",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroupReferences",
"ec2:DescribeSecurityGroups",
"ec2:DescribeStaleSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcClassicLink",
"ec2:DescribeVpcClassicLinkDnsSupport",
"ec2:DescribeVpcEndpointConnectionNotifications",
"ec2:DescribeVpcEndpointConnections",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcEndpointServiceConfigurations",
"ec2:DescribeVpcEndpointServicePermissions",
"ec2:DescribeVpcEndpointServices",
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeVpcs",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways",
"ec2:DetachClassicLinkVpc",
"ec2:DetachInternetGateway",
"ec2:DetachNetworkInterface",
"ec2:DetachVpnGateway",
"ec2:DisableVgwRoutePropagation",
"ec2:DisableVpcClassicLink",
"ec2:DisableVpcClassicLinkDnsSupport",
"ec2:DisassociateAddress",
"ec2:DisassociateRouteTable",
"ec2:DisassociateSubnetCidrBlock",
"ec2:DisassociateVpcCidrBlock",
"ec2:EnableVgwRoutePropagation",
"ec2:EnableVpcClassicLink",
"ec2:EnableVpcClassicLinkDnsSupport",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ModifySubnetAttribute",
"ec2:ModifyVpcAttribute",
"ec2:ModifyVpcEndpoint",
"ec2:ModifyVpcEndpointConnectionNotification",
"ec2:ModifyVpcEndpointServiceConfiguration",
"ec2:ModifyVpcEndpointServicePermissions",
"ec2:ModifyVpcPeeringConnectionOptions",
"ec2:ModifyVpcTenancy",
"ec2:MoveAddressToVpc",
"ec2:RejectVpcEndpointConnections",
"ec2:RejectVpcPeeringConnection",
"ec2:ReleaseAddress",
"ec2:ReplaceNetworkAclAssociation",
"ec2:ReplaceNetworkAclEntry",
"ec2:ReplaceRoute",
"ec2:ReplaceRouteTableAssociation",
"ec2:ResetNetworkInterfaceAttribute",
"ec2:RestoreAddressToClassic",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"ec2:UnassignIpv6Addresses",
"ec2:UnassignPrivateIpAddresses",
"ec2:UpdateSecurityGroupRuleDescriptionsEgress",
"ec2:UpdateSecurityGroupRuleDescriptionsIngress"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJBWPGNOVKZD3JI2P2",
"PolicyName": "AmazonVPCFullAccess",
"VersionId": "v7"
},
{
"Document": {
"Statement": [
{
"Action": [
"acm-pca:IssueCertificate",
"acm-pca:RevokeCertificate",
"acm-pca:GetCertificate"
],
"Effect": "Allow",
"Resource": "arn:aws:acm-pca:*:*:certificate-authority/*"
},
{
"Action": [
"acm-pca:ListCertificateAuthorities"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJBXCSJJULLMRWSNII",
"PolicyName": "AWSCertificateManagerPrivateCAUser",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"appsync:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"appsync.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJBYY36AJPXTTWIXCY",
"PolicyName": "AWSAppSyncAdministrator",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeImages",
"ec2:DescribeSubnets",
"ec2:RequestSpotInstances",
"ec2:DescribeInstanceStatus",
"ec2:RunInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "spot.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "EC2SpotManagement"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:CreateTags"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:spot-instances-request/*"
]
},
{
"Action": [
"ec2:TerminateInstances"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:ec2:fleet-id": "*"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJCL355O4TC27CPKVC",
"PolicyName": "AWSEC2FleetServiceRolePolicy",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"route53:GetHostedZone",
"route53:ListHostedZonesByName",
"route53:CreateHostedZone",
"route53:DeleteHostedZone",
"route53:ChangeResourceRecordSets",
"route53:CreateHealthCheck",
"route53:GetHealthCheck",
"route53:DeleteHealthCheck",
"route53:UpdateHealthCheck",
"ec2:DescribeVpcs",
"ec2:DescribeRegions",
"servicediscovery:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJCNJBBLMJN2ZMV62Y",
"PolicyName": "AmazonRoute53AutoNamingFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"importexport:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJCQCT4JGTLC6722MQ",
"PolicyName": "AWSImportExportFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:DescribeTable",
"dynamodb:Scan",
"dynamodb:DescribeStream",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:DescribeTimeToLive",
"application-autoscaling:RegisterScalableTarget",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:DescribeScalingPolicies"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"dynamodb.application-autoscaling.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJCUNRXL4BWASNJED2",
"PolicyName": "DynamoDBReplicationServiceRolePolicy",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"mechanicalturk:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJDGCL5BET73H5QIQC",
"PolicyName": "AmazonMechanicalTurkFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:DescribeImages",
"ecr:BatchGetImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:PutImage"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJDNE5PIHROIBGGDDW",
"PolicyName": "AmazonEC2ContainerRegistryPowerUser",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"sso-directory:Search*",
"sso-directory:Describe*",
"sso-directory:List*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AWSSSODirectoryReadOnly"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJDPMQELJXZD2NC6JG",
"PolicyName": "AWSSSODirectoryReadOnly",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"machinelearning:Add*",
"machinelearning:Create*",
"machinelearning:Delete*",
"machinelearning:Describe*",
"machinelearning:Get*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJDRUNIC2RYAMAT3CK",
"PolicyName": "AmazonMachineLearningCreateOnlyAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"kinesisvideo:Describe*",
"kinesisvideo:Get*",
"kinesisvideo:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJDS2DKUCYTEA7M6UA",
"PolicyName": "AmazonKinesisVideoStreamsReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudtrail:GetTrailStatus",
"cloudtrail:DescribeTrails",
"cloudtrail:LookupEvents",
"cloudtrail:ListTags",
"cloudtrail:ListPublicKeys",
"cloudtrail:GetEventSelectors",
"s3:ListAllMyBuckets",
"kms:ListAliases",
"lambda:ListFunctions"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJDU7KJADWBSEQ3E7S",
"PolicyName": "AWSCloudTrailReadOnlyAccess",
"VersionId": "v7"
},
{
"Document": {
"Statement": [
{
"Action": [
"firehose:PutRecord",
"firehose:PutRecordBatch"
],
"Effect": "Allow",
"Resource": [
"arn:aws:firehose:*:*:deliverystream/aws-waf-logs-*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJE43HAZMEH4CI6SU2",
"PolicyName": "WAFRegionalLoggingServiceRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"logs:*"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:*"
},
{
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJE5FX7FQZSU5XAKGO",
"PolicyName": "AWSLambdaExecute",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"glue:*",
"redshift:DescribeClusters",
"redshift:DescribeClusterSubnetGroups",
"iam:ListRoles",
"iam:ListRolePolicies",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:ListAttachedRolePolicies",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeRouteTables",
"ec2:DescribeVpcAttribute",
"ec2:DescribeKeyPairs",
"ec2:DescribeInstances",
"ec2:DescribeImages",
"ec2:CreateNetworkInterface",
"ec2:AttachNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DeleteNetworkInterface",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInternetGateways",
"ec2:DescribeNetworkInterfaces",
"rds:DescribeDBInstances",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"cloudformation:DescribeStacks",
"cloudformation:GetTemplateSummary",
"dynamodb:ListTables",
"kms:ListAliases",
"kms:DescribeKey",
"sagemaker:ListNotebookInstances",
"sagemaker:ListNotebookInstanceLifecycleConfigs",
"cloudformation:ListStacks",
"cloudwatch:GetMetricData",
"cloudwatch:ListDashboards"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-glue-*/*",
"arn:aws:s3:::*/*aws-glue-*/*",
"arn:aws:s3:::aws-glue-*"
]
},
{
"Action": [
"s3:CreateBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-glue-*"
]
},
{
"Action": [
"logs:GetLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:/aws-glue/*"
]
},
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:DeleteStack"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudformation:*:*:stack/aws-glue*/*"
},
{
"Action": [
"sagemaker:CreatePresignedNotebookInstanceUrl",
"sagemaker:CreateNotebookInstance",
"sagemaker:DeleteNotebookInstance",
"sagemaker:DescribeNotebookInstance",
"sagemaker:DescribeNotebookInstanceLifecycleConfig",
"sagemaker:DeleteNotebookInstanceLifecycleConfig",
"sagemaker:StartNotebookInstance",
"sagemaker:CreateNotebookInstanceLifecycleConfig",
"sagemaker:StopNotebookInstance",
"sagemaker:UpdateNotebookInstance",
"sagemaker:ListTags"
],
"Effect": "Allow",
"Resource": "arn:aws:sagemaker:*:*:notebook-instance/aws-glue-*"
},
{
"Action": [
"ec2:RunInstances"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:key-pair/*",
"arn:aws:ec2:*:*:image/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:volume/*"
]
},
{
"Action": [
"ec2:TerminateInstances",
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/aws:cloudformation:logical-id": "ZeppelinInstance"
},
"StringLike": {
"ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/aws-glue-*/*"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": [
"tag:GetResources"
],
"Condition": {
"StringEquals": {
"aws:TagKeys": "aws-glue-*"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"glue.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/AWSGlueServiceRole*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"ec2.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/AWSGlueServiceNotebookRole*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"sagemaker.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/AWSGlueServiceSageMakerNotebookRole*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"glue.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/service-role/AWSGlueServiceRole*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJELFOHJC42QS3ZSYY",
"PolicyName": "AWSGlueConsoleSageMakerNotebookFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"kafka:*",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeSecurityGroups",
"kms:DescribeKey",
"kms:CreateGrant"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "kafka.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/kafka.amazonaws.com/AWSServiceRoleForKafka*"
},
{
"Action": [
"iam:AttachRolePolicy",
"iam:PutRolePolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/kafka.amazonaws.com/AWSServiceRoleForKafka*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJERQQQTWI5OMENTQE",
"PolicyName": "AmazonMSKFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": {
"Action": [
"dynamodb:PutItem",
"kinesis:PutRecord",
"iot:Publish",
"s3:PutObject",
"sns:Publish",
"sqs:SendMessage*",
"cloudwatch:SetAlarmState",
"cloudwatch:PutMetricData",
"es:ESHttpPut",
"firehose:PutRecord"
],
"Effect": "Allow",
"Resource": "*"
},
"Version": "2012-10-17"
},
"PolicyId": "ANPAJEZ6FS7BUZVUHMOKY",
"PolicyName": "AWSIoTRuleActions",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DescribeInstances",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:ModifyNetworkInterfaceAttribute",
"iam:ListAttachedRolePolicies"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:vpc/*",
"arn:aws:ec2:*:*:subnet/*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJFCNXU6HPGCIVXYDI",
"PolicyName": "AmazonEKSServicePolicy",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"redshift:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJFEM6MLSLTW4ZNBW2",
"PolicyName": "AWSQuickSightDescribeRedshift",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "Stmt1480452973134"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJFEWZPHXKLCVHEUIC",
"PolicyName": "AmazonElasticsearchServiceRolePolicy",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"mq:Describe*",
"mq:List*",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJFH3NKGULDUU66D5C",
"PolicyName": "AmazonMQReadOnlyAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::import-to-ec2-*"
]
},
{
"Action": [
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJFLQOOJ6F5XNX4LAW",
"PolicyName": "VMImportExportRoleForAWSConnector",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"codepipeline:AcknowledgeJob",
"codepipeline:GetJobDetails",
"codepipeline:PollForJobs",
"codepipeline:PutJobFailureResult",
"codepipeline:PutJobSuccessResult"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJFW5Z32BTVF76VCYC",
"PolicyName": "AWSCodePipelineCustomActionAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"sqs:ReceiveMessage",
"sqs:DeleteMessage",
"sqs:GetQueueAttributes",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJFWJZI6JNND4TSELK",
"PolicyName": "AWSLambdaSQSQueueExecutionRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:RunInstances",
"ec2:CreateSecurityGroup",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeInstances",
"cloudformation:CreateStack",
"cloudformation:DescribeStacks",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:TerminateInstances",
"ec2:DeleteSecurityGroup",
"ec2:AuthorizeSecurityGroupIngress"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudformation:DeleteStack"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudformation:*:*:stack/aws-cloud9-*"
},
{
"Action": [
"ec2:CreateTags"
],
"Condition": {
"StringLike": {
"aws:RequestTag/Name": "aws-cloud9-*"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": [
"ec2:StartInstances",
"ec2:StopInstances"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:cloudformation:stack-name": "aws-cloud9-*"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJFXGCBXQIZATFZ4YG",
"PolicyName": "AWSCloud9ServiceRolePolicy",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"ecs:DescribeServices",
"ecs:UpdateService",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJFXLLV7AKH5PSFOYG",
"PolicyName": "AWSApplicationAutoscalingECSServicePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"opsworks:DescribeStackProvisioningParameters",
"opsworks:DescribeStacks",
"opsworks:RegisterInstance"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJG3LCPVNI4WDZCIMU",
"PolicyName": "AWSOpsWorksInstanceRegistration",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"clouddirectory:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJG3XQK77ATFLCF2CK",
"PolicyName": "AmazonCloudDirectoryFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJG4T4G4PV56DE72PY",
"PolicyName": "AmazonECSTaskExecutionRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"storagegateway:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeSnapshots",
"ec2:DeleteSnapshot"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJG5SSPAVOGK3SIDGU",
"PolicyName": "AWSStorageGatewayFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"iotevents:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJGA726P7LVUWJZ2LM",
"PolicyName": "AWSIoTEventsFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"lex:GetBot",
"lex:GetBotAlias",
"lex:GetBotAliases",
"lex:GetBots",
"lex:GetBotChannelAssociation",
"lex:GetBotChannelAssociations",
"lex:GetBotVersions",
"lex:GetBuiltinIntent",
"lex:GetBuiltinIntents",
"lex:GetBuiltinSlotTypes",
"lex:GetIntent",
"lex:GetIntents",
"lex:GetIntentVersions",
"lex:GetSlotType",
"lex:GetSlotTypes",
"lex:GetSlotTypeVersions",
"lex:GetUtterancesView"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJGBI5LSMAJNDGBNAM",
"PolicyName": "AmazonLexReadOnly",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"organizations:ListAccounts",
"organizations:ListAccountsForParent",
"organizations:ListChildren",
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
"organizations:ListRoots",
"organizations:ListParents"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"organizations:EnableAWSServiceAccess",
"organizations:DisableAWSServiceAccess"
],
"Condition": {
"ForAllValues:StringLike": {
"organizations:ServicePrincipal": [
"tagpolicies.tag.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJGGCZXCABSYJA7UBI",
"PolicyName": "TagPoliciesServiceRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"chime:ListAccounts",
"chime:GetAccount",
"chime:GetAccountSettings",
"chime:UpdateAccountSettings",
"chime:ListUsers",
"chime:GetUser",
"chime:GetUserByEmail",
"chime:InviteUsers",
"chime:SuspendUsers",
"chime:ActivateUsers",
"chime:UpdateUserLicenses",
"chime:ResetPersonalPIN",
"chime:LogoutUser",
"chime:ListDomains",
"chime:GetDomain",
"chime:ListDirectories",
"chime:ListGroups",
"chime:SubmitSupportRequest",
"chime:ListDelegates",
"chime:ListAccountUsageReportData",
"chime:GetMeetingDetail",
"chime:ListMeetingEvents",
"chime:ListMeetingsReportData",
"chime:GetUserActivityReportData",
"chime:UpdateUser",
"chime:BatchUpdateUser",
"chime:BatchSuspendUser",
"chime:BatchUnsuspendUser"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJGLHVUHNMQPSDGSOO",
"PolicyName": "AmazonChimeUserManagement",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": [
"kafka:Describe*",
"kafka:List*",
"kafka:Get*",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"kms:DescribeKey"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJGMUI3DP2EVP3VGYO",
"PolicyName": "AmazonMSKReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"datasync:*",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:ModifyNetworkInterfaceAttribute",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:DescribeMountTargets",
"iam:GetRole",
"iam:ListRoles",
"logs:CreateLogGroup",
"logs:DescribeLogGroups",
"s3:ListAllMyBuckets",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"datasync.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJGOHCDUQULZJKDGT4",
"PolicyName": "AWSDataSyncFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "iotanalytics:ExecuteQuery",
"Effect": "Allow",
"Resource": "arn:aws:iotanalytics:*:*:datastore-index/*"
},
{
"Action": [
"greengrass:CreateCoreDefinitionVersion",
"greengrass:CreateDeployment",
"greengrass:CreateFunctionDefinition",
"greengrass:CreateFunctionDefinitionVersion",
"greengrass:CreateGroupVersion",
"greengrass:CreateLoggerDefinition",
"greengrass:CreateLoggerDefinitionVersion",
"greengrass:CreateResourceDefinition",
"greengrass:CreateResourceDefinitionVersion",
"greengrass:GetAssociatedRole",
"greengrass:GetCoreDefinition",
"greengrass:GetCoreDefinitionVersion",
"greengrass:GetDeploymentStatus",
"greengrass:GetFunctionDefinition",
"greengrass:GetFunctionDefinitionVersion",
"greengrass:GetGroup",
"greengrass:GetGroupVersion",
"greengrass:GetLoggerDefinition",
"greengrass:GetLoggerDefinitionVersion",
"greengrass:GetResourceDefinition",
"greengrass:GetResourceDefinitionVersion",
"greengrass:ListCoreDefinitions",
"greengrass:UpdateCoreDefinition",
"greengrass:UpdateFunctionDefinition",
"greengrass:UpdateLoggerDefinition",
"greengrass:UpdateResourceDefinition"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"lambda:CreateAlias",
"lambda:CreateFunction",
"lambda:GetFunction",
"lambda:ListVersionsByFunction",
"lambda:UpdateFunctionCode",
"lambda:PublishVersion",
"lambda:UpdateAlias"
],
"Effect": "Allow",
"Resource": "arn:aws:lambda:*:*:function:AWSIoTSiteWise*"
},
{
"Action": [
"iot:GetThingShadow",
"iot:UpdateThingShadow"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLikeIfExists": {
"iam:PassedToService": "lambda.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJGQU4DZIQP6HLYQPE",
"PolicyName": "AWSServiceRoleForIoTSiteWise",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:DescribeAlarmHistory",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:ListMetrics",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"logs:GetLogEvents",
"logs:DescribeLogStreams",
"logs:DescribeLogGroups"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"events:DescribeRule"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"cloudFormation:CreateStack",
"cloudFormation:UpdateStack",
"cloudFormation:DeleteStack",
"cloudFormation:DescribeStacks",
"cloudFormation:ListStackResources"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/ApplicationInsights-*"
]
},
{
"Action": [
"tag:GetResources"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"resource-groups:ListGroupResources",
"resource-groups:GetGroupQuery"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"autoscaling:DescribeAutoScalingGroups"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJH3SHQERZRQMQOQ44",
"PolicyName": "CloudwatchApplicationInsightsServiceLinkedRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"autoscaling:DescribeAccountLimits",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLaunchConfigurations",
"cloudformation:DescribeAccountLimits",
"cloudformation:DescribeStacks",
"cloudformation:ListStacks",
"cloudfront:ListDistributions",
"cloudtrail:DescribeTrails",
"cloudtrail:GetTrailStatus",
"dynamodb:DescribeLimits",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"ec2:DescribeAddresses",
"ec2:DescribeReservedInstances",
"ec2:DescribeInstances",
"ec2:DescribeVpcs",
"ec2:DescribeInternetGateways",
"ec2:DescribeImages",
"ec2:DescribeVolumes",
"ec2:DescribeSecurityGroups",
"ec2:DescribeReservedInstancesOfferings",
"ec2:DescribeSnapshots",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways",
"ec2:DescribeLaunchTemplateVersions",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeLoadBalancerPolicyTypes",
"elasticloadbalancing:DescribeLoadBalancers",
"iam:GenerateCredentialReport",
"iam:GetAccountPasswordPolicy",
"iam:GetAccountSummary",
"iam:GetCredentialReport",
"iam:GetServerCertificate",
"iam:ListServerCertificates",
"kinesis:DescribeLimits",
"rds:DescribeAccountAttributes",
"rds:DescribeDBClusters",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeDBParameterGroups",
"rds:DescribeDBParameters",
"rds:DescribeDBSecurityGroups",
"rds:DescribeDBSnapshots",
"rds:DescribeDBSubnetGroups",
"rds:DescribeEngineDefaultParameters",
"rds:DescribeEvents",
"rds:DescribeOptionGroupOptions",
"rds:DescribeOptionGroups",
"rds:DescribeOrderableDBInstanceOptions",
"rds:DescribeReservedDBInstances",
"rds:DescribeReservedDBInstancesOfferings",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"redshift:DescribeReservedNodeOfferings",
"redshift:DescribeReservedNodes",
"route53:GetAccountLimit",
"route53:GetHealthCheck",
"route53:GetHostedZone",
"route53:ListHealthChecks",
"route53:ListHostedZones",
"route53:ListHostedZonesByName",
"route53:ListResourceRecordSets",
"s3:GetBucketAcl",
"s3:GetBucketPolicy",
"s3:GetBucketPolicyStatus",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketVersioning",
"s3:GetBucketPublicAccessBlock",
"s3:ListBucket",
"s3:ListObjects",
"s3:ListAllMyBuckets",
"ses:GetSendQuota",
"sqs:ListQueues",
"cloudwatch:GetMetricStatistics"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJH4QJ2WMHBOB47BUE",
"PolicyName": "AWSTrustedAdvisorServiceRolePolicy",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": [
"iot:DescribeAuthorizer",
"iot:DescribeCACertificate",
"iot:DescribeCertificate",
"iot:DescribeCertificateTag",
"iot:DescribeDefaultAuthorizer",
"iot:DescribeEndpoint",
"iot:DescribeEventConfigurations",
"iot:DescribeIndex",
"iot:DescribeJob",
"iot:DescribeJobExecution",
"iot:DescribeRoleAlias",
"iot:DescribeStream",
"iot:DescribeThing",
"iot:DescribeThingGroup",
"iot:DescribeThingRegistrationTask",
"iot:DescribeThingType",
"iot:GetEffectivePolicies",
"iot:GetIndexingConfiguration",
"iot:GetJobDocument",
"iot:GetLoggingOptions",
"iot:GetOTAUpdate",
"iot:GetPolicy",
"iot:GetPolicyVersion",
"iot:GetRegistrationCode",
"iot:GetTopicRule",
"iot:GetV2LoggingOptions",
"iot:ListAttachedPolicies",
"iot:ListAuthorizers",
"iot:ListCACertificates",
"iot:ListCertificates",
"iot:ListCertificatesByCA",
"iot:ListIndices",
"iot:ListJobExecutionsForJob",
"iot:ListJobExecutionsForThing",
"iot:ListJobs",
"iot:ListOTAUpdates",
"iot:ListOutgoingCertificates",
"iot:ListPolicies",
"iot:ListPolicyPrincipals",
"iot:ListPolicyVersions",
"iot:ListPrincipalPolicies",
"iot:ListPrincipalThings",
"iot:ListRoleAliases",
"iot:ListStreams",
"iot:ListTargetsForPolicy",
"iot:ListThingGroups",
"iot:ListThingGroupsForThing",
"iot:ListThingPrincipals",
"iot:ListThingRegistrationTaskReports",
"iot:ListThingRegistrationTasks",
"iot:ListThings",
"iot:ListThingsInThingGroup",
"iot:ListThingTypes",
"iot:ListTopicRules",
"iot:ListV2LoggingLevels",
"iot:SearchIndex",
"iot:TestAuthorization",
"iot:TestInvokeAuthorizer",
"iot:DescribeAccountAuditConfiguration",
"iot:DescribeAuditTask",
"iot:ListAuditTasks",
"iot:DescribeScheduledAudit",
"iot:ListScheduledAudits",
"iot:ListAuditFindings",
"iot:DescribeSecurityProfile",
"iot:ListSecurityProfiles",
"iot:ListSecurityProfilesForTarget",
"iot:ListTargetsForSecurityProfile",
"iot:ListActiveViolations",
"iot:ListViolationEvents",
"iot:ValidateSecurityProfileBehaviors"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJHENEMXGX4XMFOIOI",
"PolicyName": "AWSIoTConfigReadOnlyAccess",
"VersionId": "v7"
},
{
"Document": {
"Statement": [
{
"Action": [
"ses:Describe*",
"ses:Get*",
"workmail:Describe*",
"workmail:Get*",
"workmail:List*",
"workmail:Search*",
"lambda:ListFunctions"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJHF7J65E2QFKCWAJM",
"PolicyName": "AmazonWorkMailReadOnlyAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DeleteNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJHKIGMBQI4AEFFSYO",
"PolicyName": "AmazonDMSVPCManagementRole",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"kinesis:DescribeStream",
"kinesis:DescribeStreamSummary",
"kinesis:GetRecords",
"kinesis:GetShardIterator",
"kinesis:ListShards",
"kinesis:ListStreams",
"kinesis:SubscribeToShard",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJHOLKJPXV4GBRMJUQ",
"PolicyName": "AWSLambdaKinesisExecutionRole",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"rds:AddRoleToDBCluster",
"rds:AddSourceIdentifierToSubscription",
"rds:AddTagsToResource",
"rds:ApplyPendingMaintenanceAction",
"rds:CopyDBClusterParameterGroup",
"rds:CopyDBClusterSnapshot",
"rds:CopyDBParameterGroup",
"rds:CreateDBCluster",
"rds:CreateDBClusterParameterGroup",
"rds:CreateDBClusterSnapshot",
"rds:CreateDBInstance",
"rds:CreateDBParameterGroup",
"rds:CreateDBSubnetGroup",
"rds:CreateEventSubscription",
"rds:DeleteDBCluster",
"rds:DeleteDBClusterParameterGroup",
"rds:DeleteDBClusterSnapshot",
"rds:DeleteDBInstance",
"rds:DeleteDBParameterGroup",
"rds:DeleteDBSubnetGroup",
"rds:DeleteEventSubscription",
"rds:DescribeAccountAttributes",
"rds:DescribeCertificates",
"rds:DescribeDBClusterParameterGroups",
"rds:DescribeDBClusterParameters",
"rds:DescribeDBClusterSnapshotAttributes",
"rds:DescribeDBClusterSnapshots",
"rds:DescribeDBClusters",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeDBLogFiles",
"rds:DescribeDBParameterGroups",
"rds:DescribeDBParameters",
"rds:DescribeDBSecurityGroups",
"rds:DescribeDBSubnetGroups",
"rds:DescribeEngineDefaultClusterParameters",
"rds:DescribeEngineDefaultParameters",
"rds:DescribeEventCategories",
"rds:DescribeEventSubscriptions",
"rds:DescribeEvents",
"rds:DescribeOptionGroups",
"rds:DescribeOrderableDBInstanceOptions",
"rds:DescribePendingMaintenanceActions",
"rds:DescribeValidDBInstanceModifications",
"rds:DownloadDBLogFilePortion",
"rds:FailoverDBCluster",
"rds:ListTagsForResource",
"rds:ModifyDBCluster",
"rds:ModifyDBClusterParameterGroup",
"rds:ModifyDBClusterSnapshotAttribute",
"rds:ModifyDBInstance",
"rds:ModifyDBParameterGroup",
"rds:ModifyDBSubnetGroup",
"rds:ModifyEventSubscription",
"rds:PromoteReadReplicaDBCluster",
"rds:RebootDBInstance",
"rds:RemoveRoleFromDBCluster",
"rds:RemoveSourceIdentifierFromSubscription",
"rds:RemoveTagsFromResource",
"rds:ResetDBClusterParameterGroup",
"rds:ResetDBParameterGroup",
"rds:RestoreDBClusterFromSnapshot",
"rds:RestoreDBClusterToPointInTime"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:GetRole",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"ec2:AllocateAddress",
"ec2:AssignIpv6Addresses",
"ec2:AssignPrivateIpAddresses",
"ec2:AssociateAddress",
"ec2:AssociateRouteTable",
"ec2:AssociateSubnetCidrBlock",
"ec2:AssociateVpcCidrBlock",
"ec2:AttachInternetGateway",
"ec2:AttachNetworkInterface",
"ec2:CreateCustomerGateway",
"ec2:CreateDefaultSubnet",
"ec2:CreateDefaultVpc",
"ec2:CreateInternetGateway",
"ec2:CreateNatGateway",
"ec2:CreateNetworkInterface",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateVpc",
"ec2:CreateVpcEndpoint",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeCustomerGateways",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribePrefixLists",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroupReferences",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcs",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ModifySubnetAttribute",
"ec2:ModifyVpcAttribute",
"ec2:ModifyVpcEndpoint",
"kms:DescribeKey",
"kms:ListAliases",
"kms:ListKeyPolicies",
"kms:ListKeys",
"kms:ListKeysForService",
"kms:ListRetirableGrants",
"logs:DescribeLogStreams",
"logs:GetLogEvents",
"sns:ListSubscriptions",
"sns:ListTopics",
"sns:Publish"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "rds.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJHV6VMSNDDHJ3ESNI",
"PolicyName": "AmazonDocDBConsoleFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"tag:getResources",
"tag:getTagKeys",
"tag:getTagValues"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJHXQTPI5I5JKAIU74",
"PolicyName": "ResourceGroupsandTagEditorReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:AmazonRekognition*"
},
{
"Action": [
"kinesis:PutRecord",
"kinesis:PutRecords"
],
"Effect": "Allow",
"Resource": "arn:aws:kinesis:*:*:stream/AmazonRekognition*"
},
{
"Action": [
"kinesisvideo:GetDataEndpoint",
"kinesisvideo:GetMedia"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJI6Q3CUQAVBJ2CTE2",
"PolicyName": "AmazonRekognitionServiceRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:Automation*"
]
},
{
"Action": [
"ec2:CreateImage",
"ec2:CopyImage",
"ec2:DeregisterImage",
"ec2:DescribeImages",
"ec2:DeleteSnapshot",
"ec2:StartInstances",
"ec2:RunInstances",
"ec2:StopInstances",
"ec2:TerminateInstances",
"ec2:DescribeInstanceStatus",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:DescribeTags",
"cloudformation:CreateStack",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStacks",
"cloudformation:UpdateStack",
"cloudformation:DeleteStack"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ssm:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sns:*:*:Automation*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJIBQCTBCXD2XRNB6W",
"PolicyName": "AmazonSSMAutomationRole",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJILYY7JP6JLMQG56I",
"PolicyName": "CloudHSMServiceRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"comprehend:DetectDominantLanguage",
"comprehend:BatchDetectDominantLanguage",
"comprehend:DetectEntities",
"comprehend:BatchDetectEntities",
"comprehend:DetectKeyPhrases",
"comprehend:BatchDetectKeyPhrases",
"comprehend:DetectSentiment",
"comprehend:BatchDetectSentiment",
"comprehend:DetectSyntax",
"comprehend:BatchDetectSyntax",
"comprehend:DescribeTopicsDetectionJob",
"comprehend:ListTopicsDetectionJobs",
"comprehend:DescribeDominantLanguageDetectionJob",
"comprehend:ListDominantLanguageDetectionJobs",
"comprehend:DescribeEntitiesDetectionJob",
"comprehend:ListEntitiesDetectionJobs",
"comprehend:DescribeKeyPhrasesDetectionJob",
"comprehend:ListKeyPhrasesDetectionJobs",
"comprehend:DescribeSentimentDetectionJob",
"comprehend:ListSentimentDetectionJobs",
"comprehend:DescribeDocumentClassifier",
"comprehend:ListDocumentClassifiers",
"comprehend:DescribeDocumentClassificationJob",
"comprehend:ListDocumentClassificationJobs",
"comprehend:DescribeEntityRecognizer",
"comprehend:ListEntityRecognizers"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJIUV5K2YCHQBBAH7G",
"PolicyName": "ComprehendReadOnly",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": "states:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:ListRoles",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/service-role/StatesExecutionRole*"
},
{
"Action": "lambda:ListFunctions",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJIYC52YWRX6OSMJWK",
"PolicyName": "AWSStepFunctionsConsoleFullAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"iotanalytics:ListDatasets",
"iotanalytics:DescribeDataset",
"iotanalytics:GetDatasetContent"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJIZNDRUTKCN5HLZOE",
"PolicyName": "AWSQuickSightIoTAnalyticsAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"codebuild:BatchGet*",
"codebuild:Get*",
"codebuild:List*",
"codecommit:GetBranch",
"codecommit:GetCommit",
"codecommit:GetRepository",
"cloudwatch:GetMetricStatistics",
"events:DescribeRule",
"events:ListTargetsByRule",
"events:ListRuleNamesByTarget",
"logs:GetLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJIZZWN6557F5HVP2K",
"PolicyName": "AWSCodeBuildReadOnlyAccess",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"polly:SynthesizeSpeech"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJJ3NZRBBQKSESXXJC",
"PolicyName": "LexBotPolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"macie:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "macie.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJJF2N5FR6S5TZN5OA",
"PolicyName": "AmazonMacieFullAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"machinelearning:CreateRealtimeEndpoint",
"machinelearning:DeleteRealtimeEndpoint"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJJL3PC3VCSVZP6OCI",
"PolicyName": "AmazonMachineLearningManageRealTimeEndpointOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"kinesis:PutRecord"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudWatchEventsInvocationAccess"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJJXD6JKJLK2WDLZNO",
"PolicyName": "CloudWatchEventsInvocationAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"acm:ListCertificates",
"cloudfront:Get*",
"cloudfront:List*",
"iam:ListServerCertificates",
"route53:List*",
"waf:ListWebACLs",
"waf:GetWebACL"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJJZMNYOTZCNQP36LG",
"PolicyName": "CloudFrontReadOnlyAccess",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"iot:CreateThing",
"iot:DeleteThing",
"iot:DeleteThingShadow",
"iot:DescribeThing",
"iot:GetThingShadow",
"iot:UpdateThing",
"iot:UpdateThingShadow"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:*:*:thing/deeplens*"
],
"Sid": "DeepLensIoTThingAccess"
},
{
"Action": [
"iot:AttachThingPrincipal",
"iot:DetachThingPrincipal",
"iot:UpdateCertificate",
"iot:DeleteCertificate",
"iot:DetachPrincipalPolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:*:*:thing/deeplens*",
"arn:aws:iot:*:*:cert/*"
],
"Sid": "DeepLensIoTCertificateAccess"
},
{
"Action": [
"iot:CreateKeysAndCertificate",
"iot:CreatePolicy",
"iot:CreatePolicyVersion"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "DeepLensIoTCreateCertificateAndPolicyAccess"
},
{
"Action": [
"iot:AttachPrincipalPolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:*:*:policy/deeplens*",
"arn:aws:iot:*:*:cert/*"
],
"Sid": "DeepLensIoTAttachCertificatePolicyAccess"
},
{
"Action": [
"iot:GetThingShadow",
"iot:UpdateThingShadow"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:*:*:thing/deeplens*"
],
"Sid": "DeepLensIoTDataAccess"
},
{
"Action": [
"iot:DescribeEndpoint"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "DeepLensIoTEndpointAccess"
},
{
"Action": [
"deeplens:*"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "DeepLensAccess"
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::deeplens*"
],
"Sid": "DeepLensS3ObjectAccess"
},
{
"Action": [
"s3:DeleteBucket",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::deeplens*"
],
"Sid": "DeepLensS3Buckets"
},
{
"Action": [
"s3:CreateBucket"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "DeepLensCreateS3Buckets"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"greengrass.amazonaws.com",
"sagemaker.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "DeepLensIAMPassRoleAccess"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEqualsIfExists": {
"iam:PassedToService": "lambda.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/AWSDeepLens*",
"arn:aws:iam::*:role/service-role/AWSDeepLens*"
],
"Sid": "DeepLensIAMLambdaPassRoleAccess"
},
{
"Action": [
"greengrass:AssociateRoleToGroup",
"greengrass:AssociateServiceRoleToAccount",
"greengrass:CreateResourceDefinition",
"greengrass:CreateResourceDefinitionVersion",
"greengrass:CreateCoreDefinition",
"greengrass:CreateCoreDefinitionVersion",
"greengrass:CreateDeployment",
"greengrass:CreateFunctionDefinition",
"greengrass:CreateFunctionDefinitionVersion",
"greengrass:CreateGroup",
"greengrass:CreateGroupCertificateAuthority",
"greengrass:CreateGroupVersion",
"greengrass:CreateLoggerDefinition",
"greengrass:CreateLoggerDefinitionVersion",
"greengrass:CreateSubscriptionDefinition",
"greengrass:CreateSubscriptionDefinitionVersion",
"greengrass:DeleteCoreDefinition",
"greengrass:DeleteFunctionDefinition",
"greengrass:DeleteGroup",
"greengrass:DeleteLoggerDefinition",
"greengrass:DeleteSubscriptionDefinition",
"greengrass:DisassociateRoleFromGroup",
"greengrass:DisassociateServiceRoleFromAccount",
"greengrass:GetAssociatedRole",
"greengrass:GetConnectivityInfo",
"greengrass:GetCoreDefinition",
"greengrass:GetCoreDefinitionVersion",
"greengrass:GetDeploymentStatus",
"greengrass:GetDeviceDefinition",
"greengrass:GetDeviceDefinitionVersion",
"greengrass:GetFunctionDefinition",
"greengrass:GetFunctionDefinitionVersion",
"greengrass:GetGroup",
"greengrass:GetGroupCertificateAuthority",
"greengrass:GetGroupCertificateConfiguration",
"greengrass:GetGroupVersion",
"greengrass:GetLoggerDefinition",
"greengrass:GetLoggerDefinitionVersion",
"greengrass:GetResourceDefinition",
"greengrass:GetServiceRoleForAccount",
"greengrass:GetSubscriptionDefinition",
"greengrass:GetSubscriptionDefinitionVersion",
"greengrass:ListCoreDefinitionVersions",
"greengrass:ListCoreDefinitions",
"greengrass:ListDeployments",
"greengrass:ListDeviceDefinitionVersions",
"greengrass:ListDeviceDefinitions",
"greengrass:ListFunctionDefinitionVersions",
"greengrass:ListFunctionDefinitions",
"greengrass:ListGroupCertificateAuthorities",
"greengrass:ListGroupVersions",
"greengrass:ListGroups",
"greengrass:ListLoggerDefinitionVersions",
"greengrass:ListLoggerDefinitions",
"greengrass:ListSubscriptionDefinitionVersions",
"greengrass:ListSubscriptionDefinitions",
"greengrass:ResetDeployments",
"greengrass:UpdateConnectivityInfo",
"greengrass:UpdateCoreDefinition",
"greengrass:UpdateDeviceDefinition",
"greengrass:UpdateFunctionDefinition",
"greengrass:UpdateGroup",
"greengrass:UpdateGroupCertificateConfiguration",
"greengrass:UpdateLoggerDefinition",
"greengrass:UpdateSubscriptionDefinition",
"greengrass:UpdateResourceDefinition"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "DeepLensGreenGrassAccess"
},
{
"Action": [
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:GetFunction",
"lambda:GetFunctionConfiguration",
"lambda:ListFunctions",
"lambda:ListVersionsByFunction",
"lambda:PublishVersion",
"lambda:UpdateFunctionCode",
"lambda:UpdateFunctionConfiguration"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:deeplens*"
],
"Sid": "DeepLensLambdaAdminFunctionAccess"
},
{
"Action": [
"lambda:GetFunction",
"lambda:GetFunctionConfiguration",
"lambda:ListFunctions",
"lambda:ListVersionsByFunction"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:*"
],
"Sid": "DeepLensLambdaUsersFunctionAccess"
},
{
"Action": [
"sagemaker:CreateTrainingJob",
"sagemaker:DescribeTrainingJob",
"sagemaker:StopTrainingJob"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sagemaker:*:*:training-job/deeplens*"
],
"Sid": "DeepLensSageMakerWriteAccess"
},
{
"Action": [
"sagemaker:DescribeTrainingJob"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sagemaker:*:*:training-job/*"
],
"Sid": "DeepLensSageMakerReadAccess"
},
{
"Action": [
"acuity:CreateStream",
"acuity:DescribeStream",
"acuity:DeleteStream"
],
"Effect": "Allow",
"Resource": [
"arn:aws:acuity:*:*:stream/deeplens*/*"
],
"Sid": "DeepLensAcuityStreamAccess"
},
{
"Action": [
"acuity:GetDataEndpoint"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "DeepLensAcuityEndpointAccess"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJK2Z2S7FPJFCYGR72",
"PolicyName": "AWSDeepLensServiceRolePolicy",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:PutMetricFilter",
"logs:PutRetentionPolicy"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJK5GQB7CIK7KHY2GA",
"PolicyName": "AmazonSNSRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"directconnect:DescribeConnections",
"directconnect:DescribeDirectConnectGateways",
"directconnect:DescribeDirectConnectGatewayAssociations",
"directconnect:DescribeDirectConnectGatewayAttachments",
"directconnect:DescribeVirtualGateways",
"directconnect:DescribeVirtualInterfaces",
"directconnect:DescribeTags",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeCustomerGateways",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeInternetGateways",
"ec2:DescribeNatGateways",
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribePrefixLists",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeVpcs",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJKBMSBWLU2TGXHHUQ",
"PolicyName": "AmazonInspectorServiceRolePolicy",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"mobileanalytics:GetReports",
"mobileanalytics:GetFinancialReports"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJKJHO2R27TXKCWBU4",
"PolicyName": "AmazonMobileAnalyticsFinancialReportAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudformation:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/awseb-*",
"arn:aws:cloudformation:*:*:stack/eb-*"
],
"Sid": "AllowCloudformationOperationsOnElasticBeanstalkStacks"
},
{
"Action": [
"logs:DeleteLogGroup"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*"
],
"Sid": "AllowDeleteCloudwatchLogGroups"
},
{
"Action": [
"s3:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::elasticbeanstalk-*",
"arn:aws:s3:::elasticbeanstalk-*/*"
],
"Sid": "AllowS3OperationsOnElasticBeanstalkBuckets"
},
{
"Action": "ec2:RunInstances",
"Condition": {
"ArnLike": {
"ec2:LaunchTemplate": "arn:aws:ec2:*:*:launch-template/*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowLaunchTemplateRunInstances"
},
{
"Action": [
"autoscaling:AttachInstances",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:CreateLaunchConfiguration",
"autoscaling:DeleteLaunchConfiguration",
"autoscaling:DeleteAutoScalingGroup",
"autoscaling:DeleteScheduledAction",
"autoscaling:DescribeAccountLimits",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeLoadBalancers",
"autoscaling:DescribeNotificationConfigurations",
"autoscaling:DescribeScalingActivities",
"autoscaling:DescribeScheduledActions",
"autoscaling:DetachInstances",
"autoscaling:DeletePolicy",
"autoscaling:PutScalingPolicy",
"autoscaling:PutScheduledUpdateGroupAction",
"autoscaling:PutNotificationConfiguration",
"autoscaling:ResumeProcesses",
"autoscaling:SetDesiredCapacity",
"autoscaling:SuspendProcesses",
"autoscaling:TerminateInstanceInAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup",
"cloudwatch:PutMetricAlarm",
"ec2:AssociateAddress",
"ec2:AllocateAddress",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateLaunchTemplate",
"ec2:CreateLaunchTemplateVersion",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DeleteLaunchTemplate",
"ec2:DeleteLaunchTemplateVersions",
"ec2:CreateSecurityGroup",
"ec2:DeleteSecurityGroup",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeVpcClassicLink",
"ec2:DisassociateAddress",
"ec2:ReleaseAddress",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"ec2:TerminateInstances",
"ecs:CreateCluster",
"ecs:DeleteCluster",
"ecs:DescribeClusters",
"ecs:RegisterTaskDefinition",
"elasticbeanstalk:*",
"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
"elasticloadbalancing:ConfigureHealthCheck",
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:DeregisterTargets",
"iam:ListRoles",
"iam:PassRole",
"logs:CreateLogGroup",
"logs:PutRetentionPolicy",
"logs:DescribeLogGroups",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeOrderableDBInstanceOptions",
"s3:CopyObject",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectMetadata",
"s3:ListBucket",
"s3:listBuckets",
"s3:ListObjects",
"sns:CreateTopic",
"sns:GetTopicAttributes",
"sns:ListSubscriptionsByTopic",
"sns:Subscribe",
"sns:SetTopicAttributes",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
"codebuild:CreateProject",
"codebuild:DeleteProject",
"codebuild:BatchGetBuilds",
"codebuild:StartBuild"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "AllowOperations"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJKQ5SN74ZQ4WASXBM",
"PolicyName": "AWSElasticBeanstalkService",
"VersionId": "v15"
},
{
"Document": {
"Statement": [
{
"Action": [
"iam:GenerateCredentialReport",
"iam:GenerateServiceLastAccessedDetails",
"iam:Get*",
"iam:List*",
"iam:SimulateCustomPolicy",
"iam:SimulatePrincipalPolicy"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJKSO7NDY4T57MWDSQ",
"PolicyName": "IAMReadOnlyAccess",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"rds:Describe*",
"rds:ListTagsForResource",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:GetMetricStatistics",
"logs:DescribeLogStreams",
"logs:GetLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJKTTTYV2IIHKLZ346",
"PolicyName": "AmazonRDSReadOnlyAccess",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"iot:GetLoggingOptions",
"iot:GetV2LoggingOptions",
"iot:ListCACertificates",
"iot:ListCertificates",
"iot:DescribeCACertificate",
"iot:DescribeCertificate",
"iot:ListPolicies",
"iot:GetPolicy",
"iot:GetEffectivePolicies",
"cognito-identity:GetIdentityPoolRoles",
"iam:ListRolePolicies",
"iam:ListAttachedRolePolicies",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:GetRolePolicy"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJKUN6OAGIHZ66TRKO",
"PolicyName": "AWSIoTDeviceDefenderAudit",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cognito-identity:*",
"cognito-idp:*",
"cognito-sync:*",
"iam:ListRoles",
"iam:ListOpenIdConnectProviders",
"sns:ListPlatformApplications"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJKW5H2HNCPGCYGR6Y",
"PolicyName": "AmazonCognitoPowerUser",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"route53:GetHostedZone",
"route53:ListHostedZonesByName",
"route53:ChangeResourceRecordSets",
"route53:CreateHealthCheck",
"route53:GetHealthCheck",
"route53:DeleteHealthCheck",
"route53:UpdateHealthCheck",
"servicediscovery:Get*",
"servicediscovery:List*",
"servicediscovery:RegisterInstance",
"servicediscovery:DeregisterInstance"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJKXLG7EKP2O5SVZW6",
"PolicyName": "AmazonRoute53AutoNamingRegistrantAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
"ec2:ModifyNetworkInterfaceAttribute",
"elasticfilesystem:*",
"kms:DescribeKey",
"kms:ListAliases"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJKXTMNVQGIDNCKPBC",
"PolicyName": "AmazonElasticFileSystemFullAccess",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"lex:PostText"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJKYEISPO63JTBJWPY",
"PolicyName": "LexChannelPolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "iam:GetUser",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sms:SendMessage",
"sms:GetMessages"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutLifecycleConfiguration",
"s3:AbortMultipartUpload",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::sms-b-*",
"arn:aws:s3:::import-to-ec2-*",
"arn:aws:s3:::server-migration-service-upgrade",
"arn:aws:s3:::server-migration-service-upgrade/*",
"arn:aws:s3:::connector-platform-upgrade-info/*",
"arn:aws:s3:::connector-platform-upgrade-info",
"arn:aws:s3:::connector-platform-upgrade-bundles/*",
"arn:aws:s3:::connector-platform-upgrade-bundles",
"arn:aws:s3:::connector-platform-release-notes/*",
"arn:aws:s3:::connector-platform-release-notes"
]
},
{
"Action": "awsconnector:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"SNS:Publish"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:metrics-sns-topic-for-*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJKZRWXIPK5HSG3QDQ",
"PolicyName": "ServerMigrationConnector",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cognito-idp:DescribeUserPool",
"cognito-idp:CreateUserPoolClient",
"cognito-idp:DeleteUserPoolClient",
"cognito-idp:DescribeUserPoolClient",
"cognito-idp:AdminInitiateAuth",
"cognito-idp:AdminUserGlobalSignOut",
"cognito-idp:ListUserPoolClients",
"cognito-identity:DescribeIdentityPool",
"cognito-identity:UpdateIdentityPool",
"cognito-identity:SetIdentityPoolRoles",
"cognito-identity:GetIdentityPoolRoles"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": "cognito-identity.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJL2FUMODIGNDPTZHO",
"PolicyName": "AmazonESCognitoAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"fms:*",
"waf:*",
"waf-regional:*",
"elasticloadbalancing:SetWebACL",
"organizations:DescribeOrganization"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJLAGM5X6WSNPF4EAQ",
"PolicyName": "AWSFMAdminFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"chime:ListAccounts",
"chime:GetAccount",
"chime:GetAccountSettings",
"chime:ListUsers",
"chime:GetUser",
"chime:GetUserByEmail",
"chime:ListDomains",
"chime:GetDomain",
"chime:ListGroups",
"chime:ListDirectories",
"chime:ListCDRBucket",
"chime:GetCDRBucket",
"chime:ListDelegates",
"chime:GetAccountResource",
"chime:ValidateDelegate",
"chime:ListAccountUsageReportData",
"chime:GetUserActivityReportData"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJLBFZZFABRXVWRTCI",
"PolicyName": "AmazonChimeReadOnly",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"zocalo:*",
"ds:*",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateTags",
"ec2:CreateVpc",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJLCDXYRINDMUXEVL6",
"PolicyName": "AmazonZocaloFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudformation:DescribeChangeSet",
"cloudformation:DescribeStackResources",
"cloudformation:DescribeStacks",
"cloudformation:GetTemplate",
"cloudformation:ListStackResources",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"cognito-identity:ListIdentityPools",
"cognito-sync:GetCognitoEvents",
"dynamodb:BatchGetItem",
"dynamodb:DescribeStream",
"dynamodb:DescribeTable",
"dynamodb:GetItem",
"dynamodb:ListStreams",
"dynamodb:ListTables",
"dynamodb:Query",
"dynamodb:Scan",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"events:Describe*",
"events:List*",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:ListAttachedRolePolicies",
"iam:ListRolePolicies",
"iam:ListRoles",
"iot:DescribeEndpoint",
"iot:GetTopicRule",
"iot:ListPolicies",
"iot:ListThings",
"iot:ListTopicRules",
"kinesis:DescribeStream",
"kinesis:ListStreams",
"kms:ListAliases",
"lambda:Get*",
"lambda:List*",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:DescribeMetricFilters",
"logs:GetLogEvents",
"s3:Get*",
"s3:List*",
"sns:ListSubscriptions",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"sqs:ListQueues",
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJLDG7J3CGUHFN4YN6",
"PolicyName": "AWSLambdaReadOnlyAccess",
"VersionId": "v8"
},
{
"Document": {
"Statement": [
{
"Action": [
"iotsitewise:Describe*",
"iotsitewise:List*",
"iotsitewise:Get*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJLHEAFKME2QL64WKK",
"PolicyName": "AWSIoTSiteWiseReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"aws-portal:ViewUsage"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJLIB4VSBVO47ZSBB6",
"PolicyName": "AWSAccountUsageReportAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": {
"Action": [
"iot:CreateJob",
"signer:DescribeSigningJob"
],
"Effect": "Allow",
"Resource": "*"
},
"Version": "2012-10-17"
},
"PolicyId": "ANPAJLJYWX53STBZFPUEY",
"PolicyName": "AWSIoTOTAUpdate",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"mq:*",
"cloudformation:CreateStack",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DetachNetworkInterface",
"ec2:DescribeInternetGateways",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeNetworkInterfacePermissions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:CreateSecurityGroup",
"ec2:AuthorizeSecurityGroupIngress"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/amazonmq/*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJLKBROJNQYDDXOOGG",
"PolicyName": "AmazonMQFullAccess",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"aws-marketplace:GetEntitlements"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJLPIMQE4WMHDC2K7C",
"PolicyName": "AWSMarketplaceGetEntitlements",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"greengrass:List*",
"greengrass:Get*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJLSKLXFVTQTZ5GY3I",
"PolicyName": "AWSGreengrassReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ecs:CreateCluster",
"ecs:DeregisterContainerInstance",
"ecs:DiscoverPollEndpoint",
"ecs:Poll",
"ecs:RegisterContainerInstance",
"ecs:StartTelemetrySession",
"ecs:UpdateContainerInstancesState",
"ecs:Submit*",
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJLYJCVHC7TQHCSQDS",
"PolicyName": "AmazonEC2ContainerServiceforEC2Role",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": [
"appstream:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"application-autoscaling:DeleteScalingPolicy",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:RegisterScalableTarget"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricStatistics",
"cloudwatch:PutMetricAlarm"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:ListRoles",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": "application-autoscaling.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/service-role/ApplicationAutoScalingForAmazonAppStreamAccess"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "appstream.application-autoscaling.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/appstream.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_AppStreamFleet"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJLZZXU2YQVGL4QDNC",
"PolicyName": "AmazonAppStreamFullAccess",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"iot:Connect",
"iot:Publish",
"iot:Subscribe",
"iot:Receive",
"iot:GetThingShadow",
"iot:UpdateThingShadow",
"iot:DeleteThingShadow"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJM2KI2UJDR24XPS2K",
"PolicyName": "AWSIoTDataAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"worklink:*"
],
"Effect": "Allow",
"Resource": "arn:aws:worklink:*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJM4ITL7TEVURHCQSY",
"PolicyName": "AmazonWorkLinkFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"transcribe:Get*",
"transcribe:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJM6JONISXCAZKFCAO",
"PolicyName": "AmazonTranscribeReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"es:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJM6ZTCU24QL5PZCGC",
"PolicyName": "AmazonESFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudformation:CreateChangeSet",
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:ExecuteChangeSet"
],
"Condition": {
"ForAllValues:StringLikeIfExists": {
"cloudformation:ResourceTypes": [
"AWS::EC2::*"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
},
{
"Action": [
"cloudformation:DeleteChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResources",
"cloudformation:GetTemplate"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
},
{
"Action": [
"cloudformation:DescribeStacks",
"cloudformation:ValidateTemplate",
"cloudformation:DescribeStackResource",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:DeleteObject",
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutLifecycleConfiguration",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::sms-app-*"
},
{
"Action": [
"sms:CreateReplicationJob",
"sms:DeleteReplicationJob",
"sms:GetReplicationJobs",
"sms:GetReplicationRuns",
"sms:GetServers",
"sms:ImportServerCatalog",
"sms:StartOnDemandReplicationRun",
"sms:UpdateReplicationJob"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:CopyImage",
"ec2:Describe*",
"ec2:DeleteSnapshot",
"ec2:DeregisterImage",
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:GetRole",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:AssociatedResourceArn": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJMBH3M6BO63XFW2D4",
"PolicyName": "ServerMigrationServiceRole",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"glue:CreateDatabase",
"glue:UpdateDatabase",
"glue:CreateTable",
"glue:UpdateTable",
"firehose:CreateDeliveryStream",
"firehose:DescribeDeliveryStream",
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"firehose:DeleteDeliveryStream",
"firehose:PutRecord",
"firehose:PutRecordBatch",
"firehose:UpdateDestination"
],
"Effect": "Allow",
"Resource": "arn:aws:firehose:*:*:deliverystream/aws-application-discovery-service*"
},
{
"Action": [
"s3:CreateBucket",
"s3:ListBucket",
"s3:PutBucketLogging",
"s3:PutEncryptionConfiguration"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::aws-application-discovery-service*"
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::aws-application-discovery-service*/*"
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutRetentionPolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/application-discovery-service/firehose*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": "firehose.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/AWSApplicationDiscoveryServiceFirehose"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": "firehose.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/service-role/AWSApplicationDiscoveryServiceFirehose"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJMGMY3P6OEWOELRFE",
"PolicyName": "ApplicationDiscoveryServiceContinuousExportServiceRolePolicy",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"sumerian:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJMGUENPB56MXVVGBE",
"PolicyName": "AmazonSumerianFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"waf:*",
"waf-regional:*",
"elasticloadbalancing:SetWebACL"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJMIKIAFXZEGOLRH7C",
"PolicyName": "AWSWAFFullAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": "elasticloadbalancing:Describe*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeSecurityGroups"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJMO7B7SNFLQ6HH736",
"PolicyName": "ElasticLoadBalancingReadOnly",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"organizations:ListAccounts",
"organizations:DescribeOrganization"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJMVPXRWZJZWDTYDNC",
"PolicyName": "AWSArtifactAccountSync",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"firehose:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJMZQMTZ7FRBFHHAHI",
"PolicyName": "AmazonKinesisFirehoseFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"autoscaling:Describe*",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"logs:Get*",
"logs:List*",
"logs:Describe*",
"logs:TestMetricFilter",
"logs:FilterLogEvents",
"sns:Get*",
"sns:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJN23PDQP7SZQAE3QE",
"PolicyName": "CloudWatchReadOnlyAccess",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJNCQGXC42545SKXIK",
"PolicyName": "AWSLambdaBasicExecutionRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"tag:getResources",
"tag:getTagKeys",
"tag:getTagValues",
"tag:TagResources",
"tag:UntagResources",
"tag:AddResourceTags",
"tag:RemoveResourceTags"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJNOS54ZFXN4T2Y34A",
"PolicyName": "ResourceGroupsandTagEditorFullAccess",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"kms:CreateAlias",
"kms:CreateKey",
"kms:DeleteAlias",
"kms:Describe*",
"kms:GenerateRandom",
"kms:Get*",
"kms:List*",
"kms:TagResource",
"kms:UntagResource",
"iam:ListGroups",
"iam:ListRoles",
"iam:ListUsers"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJNPP7PPPPMJRV2SA4",
"PolicyName": "AWSKeyManagementServicePowerUser",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeSpotFleetRequests",
"ec2:ModifySpotFleetRequest",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJNRH3VE3WW4Q4RDTU",
"PolicyName": "AWSApplicationAutoscalingEC2SpotFleetRequestPolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"importexport:ListJobs",
"importexport:GetStatus"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJNTV4OG52ESYZHCNK",
"PolicyName": "AWSImportExportReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:DescribeAlarms",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstances",
"ec2:DescribeSnapshots",
"ec2:DescribeVolumeStatus",
"ec2:DescribeVolumes",
"ec2:RebootInstances",
"ec2:StopInstances",
"ec2:TerminateInstances",
"ec2:CreateSnapshot"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJNVASSNSIDZIP4X7I",
"PolicyName": "CloudWatchEventsServiceRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"s3:ListBucket",
"s3:Put*",
"s3:Get*",
"s3:*MultipartUpload*"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "1"
},
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "2"
},
{
"Action": [
"s3:*Policy*",
"sns:*Permission*",
"sns:*Delete*",
"s3:*Delete*",
"sns:*Remove*"
],
"Effect": "Deny",
"Resource": [
"*"
],
"Sid": "3"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJNW3WMKVXFJ2KPIQ2",
"PolicyName": "AmazonElasticTranscoderRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"glue:*",
"redshift:DescribeClusters",
"redshift:DescribeClusterSubnetGroups",
"iam:ListRoles",
"iam:ListUsers",
"iam:ListGroups",
"iam:ListRolePolicies",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:ListAttachedRolePolicies",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeRouteTables",
"ec2:DescribeVpcAttribute",
"ec2:DescribeKeyPairs",
"ec2:DescribeInstances",
"ec2:DescribeImages",
"rds:DescribeDBInstances",
"rds:DescribeDBClusters",
"rds:DescribeDBSubnetGroups",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"cloudformation:DescribeStacks",
"cloudformation:GetTemplateSummary",
"dynamodb:ListTables",
"kms:ListAliases",
"kms:DescribeKey",
"cloudwatch:GetMetricData",
"cloudwatch:ListDashboards"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-glue-*/*",
"arn:aws:s3:::*/*aws-glue-*/*",
"arn:aws:s3:::aws-glue-*"
]
},
{
"Action": [
"tag:GetResources"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:CreateBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-glue-*"
]
},
{
"Action": [
"logs:GetLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:/aws-glue/*"
]
},
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:DeleteStack"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudformation:*:*:stack/aws-glue*/*"
},
{
"Action": [
"ec2:RunInstances"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:key-pair/*",
"arn:aws:ec2:*:*:image/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:volume/*"
]
},
{
"Action": [
"ec2:TerminateInstances",
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/aws:cloudformation:logical-id": "ZeppelinInstance"
},
"StringLike": {
"ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/aws-glue-*/*"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"glue.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/AWSGlueServiceRole*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"ec2.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/AWSGlueServiceNotebookRole*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"glue.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/service-role/AWSGlueServiceRole*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJNZGDEOD7MISOVSVI",
"PolicyName": "AWSGlueConsoleFullAccess",
"VersionId": "v12"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:Describe*",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:Describe*",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:RegisterTargets"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJO53W2XHNACG7V77Q",
"PolicyName": "AmazonEC2ContainerServiceRole",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"devicefarm:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJO7KEDP4VYJPNT5UW",
"PolicyName": "AWSDeviceFarmFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ssm:Describe*",
"ssm:Get*",
"ssm:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJODSKQGGJTHRYZ5FC",
"PolicyName": "AmazonSSMReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"states:ListStateMachines",
"states:ListActivities",
"states:DescribeStateMachine",
"states:DescribeStateMachineForExecution",
"states:ListExecutions",
"states:DescribeExecution",
"states:GetExecutionHistory",
"states:DescribeActivity"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJONHB2TJQDJPFW5TM",
"PolicyName": "AWSStepFunctionsReadOnlyAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"aws-marketplace:ViewSubscriptions",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"aws-marketplace:ListBuilds",
"aws-marketplace:DescribeBuilds",
"iam:ListRoles",
"iam:ListInstanceProfiles",
"sns:GetTopicAttributes",
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJOOM6LETKURTJ3XZ2",
"PolicyName": "AWSMarketplaceRead-only",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"dynamodb:DescribeTable",
"dynamodb:UpdateTable",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJOVQMDI3JFCBW4LFO",
"PolicyName": "AWSApplicationAutoscalingDynamoDBTablePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"codepipeline:*",
"iam:ListRoles",
"iam:PassRole",
"s3:CreateBucket",
"s3:GetBucketPolicy",
"s3:GetObject",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:PutBucketPolicy",
"codecommit:ListBranches",
"codecommit:ListRepositories",
"codedeploy:GetApplication",
"codedeploy:GetDeploymentGroup",
"codedeploy:ListApplications",
"codedeploy:ListDeploymentGroups",
"elasticbeanstalk:DescribeApplications",
"elasticbeanstalk:DescribeEnvironments",
"lambda:GetFunctionConfiguration",
"lambda:ListFunctions",
"opsworks:DescribeApps",
"opsworks:DescribeLayers",
"opsworks:DescribeStacks",
"cloudformation:DescribeStacks",
"cloudformation:ListChangeSets"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJP5LH77KSAT2KHQGG",
"PolicyName": "AWSCodePipelineFullAccess",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloud9:ValidateEnvironmentName",
"cloud9:UpdateUserSettings",
"cloud9:GetUserSettings",
"iam:GetUser",
"iam:ListUsers",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloud9:CreateEnvironmentEC2",
"cloud9:CreateEnvironmentSSH"
],
"Condition": {
"Null": {
"cloud9:OwnerArn": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloud9:GetUserPublicKey"
],
"Condition": {
"Null": {
"cloud9:UserArn": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloud9:DescribeEnvironmentMemberships"
],
"Condition": {
"Null": {
"cloud9:EnvironmentId": "true",
"cloud9:UserArn": "true"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringLike": {
"iam:AWSServiceName": "cloud9.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJPFGFWQF67QVARP6U",
"PolicyName": "AWSCloud9User",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"iot:DeleteThingShadow",
"iot:GetThingShadow",
"iot:UpdateThingShadow"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:*:*:thing/GG_*",
"arn:aws:iot:*:*:thing/*-gcm",
"arn:aws:iot:*:*:thing/*-gda",
"arn:aws:iot:*:*:thing/*-gci"
],
"Sid": "AllowGreengrassAccessToShadows"
},
{
"Action": [
"iot:DescribeThing"
],
"Effect": "Allow",
"Resource": "arn:aws:iot:*:*:thing/*",
"Sid": "AllowGreengrassToDescribeThings"
},
{
"Action": [
"iot:DescribeCertificate"
],
"Effect": "Allow",
"Resource": "arn:aws:iot:*:*:cert/*",
"Sid": "AllowGreengrassToDescribeCertificates"
},
{
"Action": [
"greengrass:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowGreengrassToCallGreengrassServices"
},
{
"Action": [
"lambda:GetFunction",
"lambda:GetFunctionConfiguration"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowGreengrassToGetLambdaFunctions"
},
{
"Action": [
"secretsmanager:GetSecretValue"
],
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:*:*:secret:greengrass-*",
"Sid": "AllowGreengrassToGetGreengrassSecrets"
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*Greengrass*",
"arn:aws:s3:::*GreenGrass*",
"arn:aws:s3:::*greengrass*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*sagemaker*"
],
"Sid": "AllowGreengrassAccessToS3Objects"
},
{
"Action": [
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowGreengrassAccessToS3BucketLocation"
},
{
"Action": [
"sagemaker:DescribeTrainingJob"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sagemaker:*:*:training-job/*"
],
"Sid": "AllowGreengrassAccessToSageMakerTrainingJobs"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJPKEIMB6YMXDEVRTM",
"PolicyName": "AWSGreengrassResourceAccessRolePolicy",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudtrail:DescribeTrails",
"cloudtrail:GetEventSelectors",
"cloudtrail:GetTrailStatus",
"cloudtrail:ListTags",
"cloudtrail:LookupEvents",
"iam:ListAccountAliases",
"s3:Get*",
"s3:List*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudtrail:CreateTrail",
"cloudtrail:StartLogging",
"cloudtrail:StopLogging",
"cloudtrail:UpdateTrail",
"cloudtrail:DeleteTrail",
"cloudtrail:PutEventSelectors"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudtrail:*:*:trail/AWSMacieTrail-DO-NOT-EDIT"
},
{
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:DeleteBucketPolicy",
"s3:DeleteBucketWebsite",
"s3:DeleteObject",
"s3:DeleteObjectTagging",
"s3:DeleteObjectVersion",
"s3:DeleteObjectVersionTagging",
"s3:DeleteReplicationConfiguration",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::awsmacie-*",
"arn:aws:s3:::awsmacietrail-*",
"arn:aws:s3:::*-awsmacietrail-*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJPLHONRH2HP2H6TNQ",
"PolicyName": "AmazonMacieServiceRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"autoscaling:Describe*",
"ec2:AcceptVpcEndpointConnections",
"ec2:AllocateAddress",
"ec2:AssignIpv6Addresses",
"ec2:AssignPrivateIpAddresses",
"ec2:AssociateAddress",
"ec2:AssociateDhcpOptions",
"ec2:AssociateRouteTable",
"ec2:AssociateSubnetCidrBlock",
"ec2:AssociateVpcCidrBlock",
"ec2:AttachInternetGateway",
"ec2:AttachNetworkInterface",
"ec2:AttachVpnGateway",
"ec2:CreateCustomerGateway",
"ec2:CreateDefaultSubnet",
"ec2:CreateDefaultVpc",
"ec2:CreateDhcpOptions",
"ec2:CreateEgressOnlyInternetGateway",
"ec2:CreateFlowLogs",
"ec2:CreateInternetGateway",
"ec2:CreateNatGateway",
"ec2:CreateNetworkAcl",
"ec2:CreateNetworkAclEntry",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:CreatePlacementGroup",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateTags",
"ec2:CreateVpc",
"ec2:CreateVpcEndpoint",
"ec2:CreateVpcEndpointConnectionNotification",
"ec2:CreateVpcEndpointServiceConfiguration",
"ec2:CreateVpnConnection",
"ec2:CreateVpnConnectionRoute",
"ec2:CreateVpnGateway",
"ec2:DeleteEgressOnlyInternetGateway",
"ec2:DeleteFlowLogs",
"ec2:DeleteNatGateway",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DeletePlacementGroup",
"ec2:DeleteSubnet",
"ec2:DeleteTags",
"ec2:DeleteVpc",
"ec2:DeleteVpcEndpointConnectionNotifications",
"ec2:DeleteVpcEndpoints",
"ec2:DeleteVpcEndpointServiceConfigurations",
"ec2:DeleteVpnConnection",
"ec2:DeleteVpnConnectionRoute",
"ec2:DeleteVpnGateway",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeCustomerGateways",
"ec2:DescribeDhcpOptions",
"ec2:DescribeEgressOnlyInternetGateways",
"ec2:DescribeFlowLogs",
"ec2:DescribeInstances",
"ec2:DescribeInternetGateways",
"ec2:DescribeKeyPairs",
"ec2:DescribeMovingAddresses",
"ec2:DescribeNatGateways",
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeNetworkInterfacePermissions",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribePlacementGroups",
"ec2:DescribePrefixLists",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroupReferences",
"ec2:DescribeSecurityGroups",
"ec2:DescribeStaleSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcClassicLink",
"ec2:DescribeVpcClassicLinkDnsSupport",
"ec2:DescribeVpcEndpointConnectionNotifications",
"ec2:DescribeVpcEndpointConnections",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcEndpointServiceConfigurations",
"ec2:DescribeVpcEndpointServicePermissions",
"ec2:DescribeVpcEndpointServices",
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeVpcs",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways",
"ec2:DetachInternetGateway",
"ec2:DetachNetworkInterface",
"ec2:DetachVpnGateway",
"ec2:DisableVgwRoutePropagation",
"ec2:DisableVpcClassicLinkDnsSupport",
"ec2:DisassociateAddress",
"ec2:DisassociateRouteTable",
"ec2:DisassociateSubnetCidrBlock",
"ec2:DisassociateVpcCidrBlock",
"ec2:EnableVgwRoutePropagation",
"ec2:EnableVpcClassicLinkDnsSupport",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ModifySubnetAttribute",
"ec2:ModifyVpcAttribute",
"ec2:ModifyVpcEndpoint",
"ec2:ModifyVpcEndpointConnectionNotification",
"ec2:ModifyVpcEndpointServiceConfiguration",
"ec2:ModifyVpcEndpointServicePermissions",
"ec2:ModifyVpcPeeringConnectionOptions",
"ec2:ModifyVpcTenancy",
"ec2:MoveAddressToVpc",
"ec2:RejectVpcEndpointConnections",
"ec2:ReleaseAddress",
"ec2:ReplaceNetworkAclAssociation",
"ec2:ReplaceNetworkAclEntry",
"ec2:ReplaceRoute",
"ec2:ReplaceRouteTableAssociation",
"ec2:ResetNetworkInterfaceAttribute",
"ec2:RestoreAddressToClassic",
"ec2:UnassignIpv6Addresses",
"ec2:UnassignPrivateIpAddresses",
"ec2:UpdateSecurityGroupRuleDescriptionsEgress",
"ec2:UpdateSecurityGroupRuleDescriptionsIngress",
"directconnect:*",
"route53:*",
"route53domains:*",
"cloudfront:ListDistributions",
"elasticloadbalancing:*",
"elasticbeanstalk:Describe*",
"elasticbeanstalk:List*",
"elasticbeanstalk:RetrieveEnvironmentInfo",
"elasticbeanstalk:RequestEnvironmentInfo",
"sns:ListTopics",
"sns:ListSubscriptionsByTopic",
"sns:CreateTopic",
"cloudwatch:DescribeAlarms",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DeleteAlarms",
"cloudwatch:GetMetricStatistics",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:GetLogEvents"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AcceptVpcPeeringConnection",
"ec2:AttachClassicLinkVpc",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateVpcPeeringConnection",
"ec2:DeleteCustomerGateway",
"ec2:DeleteDhcpOptions",
"ec2:DeleteInternetGateway",
"ec2:DeleteNetworkAcl",
"ec2:DeleteNetworkAclEntry",
"ec2:DeleteRoute",
"ec2:DeleteRouteTable",
"ec2:DeleteSecurityGroup",
"ec2:DeleteVolume",
"ec2:DeleteVpcPeeringConnection",
"ec2:DetachClassicLinkVpc",
"ec2:DisableVpcClassicLink",
"ec2:EnableVpcClassicLink",
"ec2:GetConsoleScreenshot",
"ec2:RejectVpcPeeringConnection",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetBucketWebsiteConfiguration"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:GetRole",
"iam:ListRoles",
"iam:PassRole"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/flow-logs-*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJPNMADZFJCVPJVZA2",
"PolicyName": "NetworkAdministrator",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"iot1click:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJPQNJPDUDESCCAMIA",
"PolicyName": "AWSIoT1ClickFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "wam:AuthenticatePackager",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJPRL4KYETIH7XGTSS",
"PolicyName": "AmazonWorkSpacesApplicationManagerAdminAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:RevokeSecurityGroupIngress"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJPXIBTTZMBEFEX6UA",
"PolicyName": "AmazonDRSVPCManagement",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeAddresses",
"ec2:AssociateAddress",
"ec2:DisassociateAddress",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJPY2VXNRUYOY3SRZS",
"PolicyName": "AmazonRedshiftServiceLinkedRolePolicy",
"VersionId": "v2"
},
{
"Document": {
"Statement": {
"Action": [
"acm-pca:DescribeCertificateAuthority",
"acm-pca:DescribeCertificateAuthorityAuditReport",
"acm-pca:ListCertificateAuthorities",
"acm-pca:GetCertificateAuthorityCsr",
"acm-pca:GetCertificateAuthorityCertificate",
"acm-pca:GetCertificate",
"acm-pca:ListTags"
],
"Effect": "Allow",
"Resource": "*"
},
"Version": "2012-10-17"
},
"PolicyId": "ANPAJQAQT3WIXOXY7TD4A",
"PolicyName": "AWSCertificateManagerPrivateCAReadOnly",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"xray:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJQBYG45NSJMVQDB2K",
"PolicyName": "AWSXrayFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:PutMetricData"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "MetricsAccess"
},
{
"Action": [
"xray:PutTraceSegments",
"xray:PutTelemetryRecords"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "XRayAccess"
},
{
"Action": [
"sqs:ChangeMessageVisibility",
"sqs:DeleteMessage",
"sqs:ReceiveMessage",
"sqs:SendMessage"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "QueueAccess"
},
{
"Action": [
"s3:Get*",
"s3:List*",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::elasticbeanstalk-*",
"arn:aws:s3:::elasticbeanstalk-*/*"
],
"Sid": "BucketAccess"
},
{
"Action": [
"dynamodb:BatchGetItem",
"dynamodb:BatchWriteItem",
"dynamodb:DeleteItem",
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:UpdateItem"
],
"Effect": "Allow",
"Resource": [
"arn:aws:dynamodb:*:*:table/*-stack-AWSEBWorkerCronLeaderRegistry*"
],
"Sid": "DynamoPeriodicTasks"
},
{
"Action": [
"logs:PutLogEvents",
"logs:CreateLogStream"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*"
],
"Sid": "CloudWatchLogsAccess"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJQDLBRSJVKVF4JMSK",
"PolicyName": "AWSElasticBeanstalkWorkerTier",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"directconnect:*",
"ec2:DescribeVpnGateways"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJQF2QKZSK74KTIHOW",
"PolicyName": "AWSDirectConnectFullAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"codebuild:*",
"codecommit:GetBranch",
"codecommit:GetCommit",
"codecommit:GetRepository",
"codecommit:ListBranches",
"codecommit:ListRepositories",
"cloudwatch:GetMetricStatistics",
"ec2:DescribeVpcs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ecr:DescribeRepositories",
"ecr:ListImages",
"events:DeleteRule",
"events:DescribeRule",
"events:DisableRule",
"events:EnableRule",
"events:ListTargetsByRule",
"events:ListRuleNamesByTarget",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"logs:GetLogEvents",
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:DeleteLogGroup"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/codebuild/*:log-stream:*"
},
{
"Action": [
"ssm:PutParameter"
],
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:parameter/CodeBuild/*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJQJGIOIE3CD2TQXDS",
"PolicyName": "AWSCodeBuildAdminAccess",
"VersionId": "v6"
},
{
"Document": {
"Statement": [
{
"Action": "kinesisanalytics:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kinesis:CreateStream",
"kinesis:DeleteStream",
"kinesis:DescribeStream",
"kinesis:ListStreams",
"kinesis:PutRecord",
"kinesis:PutRecords"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"firehose:DescribeDeliveryStream",
"firehose:ListDeliveryStreams"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "logs:GetLogEvents",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:ListPolicyVersions",
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/service-role/kinesis-analytics*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJQOSKHTXP43R7P5AC",
"PolicyName": "AmazonKinesisAnalyticsFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudtrail:DescribeTrails",
"cloudtrail:GetTrailStatus",
"cloudtrail:GetEventSelectors",
"cloudwatch:DescribeAlarms",
"logs:DescribeMetricFilters",
"sns:ListSubscriptionsByTopic",
"config:DescribeConfigurationRecorders",
"config:DescribeConfigurationRecorderStatus",
"config:DescribeConfigRules",
"config:BatchGetResourceConfig"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"config:PutConfigRule",
"config:DeleteConfigRule",
"config:GetComplianceDetailsByConfigRule"
],
"Effect": "Allow",
"Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/*securityhub*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJQPCESDDYDLLSOGYO",
"PolicyName": "AWSSecurityHubServiceRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": {
"Action": [
"cloudformation:CreateChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:ExecuteChangeSet",
"cloudformation:DeleteChangeSet",
"cloudformation:ListChangeSets",
"cloudformation:DescribeStacks"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/awseb-*",
"arn:aws:cloudformation:*:*:stack/eb-*"
],
"Sid": "AllowCloudformationChangeSetOperationsOnElasticBeanstalkStacks"
},
"Version": "2012-10-17"
},
"PolicyId": "ANPAJQPH22XGBH2VV2LSW",
"PolicyName": "AWSElasticBeanstalkMaintenance",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"elasticloadbalancing:AddListenerCertificates",
"elasticloadbalancing:RemoveListenerCertificates",
"elasticloadbalancing:ModifyListener",
"xray:PutTraceSegments",
"xray:PutTelemetryRecords",
"xray:GetSamplingTargets",
"xray:GetSamplingRules"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJQQDZNLDBF2ULTWK6",
"PolicyName": "APIGatewayServiceRolePolicy",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"aws-portal:ViewBilling"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJQRYCWMFX5J3E333K",
"PolicyName": "AWSAccountActivityAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "glacier:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJQSTZJWB2AXXAKHVQ",
"PolicyName": "AmazonGlacierFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ds:DescribeDirectories",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"fsx:Describe*",
"fsx:ListTagsForResource",
"kms:DescribeKey"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJQUISIZNHGLA6YQFM",
"PolicyName": "AmazonFSxConsoleReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ds:AuthorizeApplication",
"ds:CheckAlias",
"ds:CreateAlias",
"ds:CreateDirectory",
"ds:CreateIdentityPoolDirectory",
"ds:CreateDomain",
"ds:DeleteAlias",
"ds:DeleteDirectory",
"ds:DescribeDirectories",
"ds:ExtendDirectory",
"ds:GetDirectoryLimits",
"ds:ListAuthorizedApplications",
"ds:UnauthorizeApplication",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateTags",
"ec2:CreateVpc",
"ec2:DeleteSecurityGroup",
"ec2:DeleteSubnet",
"ec2:DeleteVpc",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeDomains",
"ec2:DescribeRouteTables",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"kms:DescribeKey",
"kms:ListAliases",
"lambda:ListFunctions",
"route53:ChangeResourceRecordSets",
"route53:ListHostedZones",
"route53:ListResourceRecordSets",
"route53domains:CheckDomainAvailability",
"route53domains:ListDomains",
"ses:*",
"workmail:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJQVKNMT7SVATQ4AUY",
"PolicyName": "AmazonWorkMailFullAccess",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:RevokeSecurityGroupIngress"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJQWMGC67G4DWMREGM",
"PolicyName": "DAXServiceRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"comprehendmedical:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJR5SUEX6PPJ3K4RAO",
"PolicyName": "ComprehendMedicalFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"aws-marketplace:ViewSubscriptions",
"aws-marketplace:Subscribe",
"aws-marketplace:Unsubscribe"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJRDW2WIFN7QLUAKBQ",
"PolicyName": "AWSMarketplaceManageSubscriptions",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CopyImage",
"ec2:CreateImage",
"ec2:CreateKeypair",
"ec2:CreateSecurityGroup",
"ec2:CreateSnapshot",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DeleteKeypair",
"ec2:DeleteSecurityGroup",
"ec2:DeleteSnapshot",
"ec2:DeleteVolume",
"ec2:DeregisterImage",
"ec2:DescribeImageAttribute",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeRegions",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DetachVolume",
"ec2:GetPasswordData",
"ec2:ModifyImageAttribute",
"ec2:ModifyInstanceAttribute",
"ec2:ModifySnapshotAttribute",
"ec2:RegisterImage",
"ec2:RunInstances",
"ec2:StopInstances",
"ec2:TerminateInstances"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "EC2Access"
},
{
"Action": [
"s3:Get*",
"s3:List*",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::elasticbeanstalk-*",
"arn:aws:s3:::elasticbeanstalk-*/*"
],
"Sid": "BucketAccess"
},
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/platform/*",
"Sid": "CloudWatchLogsAccess"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJRVFXSS6LEIQGBKDY",
"PolicyName": "AWSElasticBeanstalkCustomPlatformforEC2Role",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"datasync:Describe*",
"datasync:List*",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:DescribeMountTargets",
"iam:GetRole",
"iam:ListRoles",
"logs:DescribeLogGroups",
"s3:ListAllMyBuckets",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJRYVEZEDR7ZEAGYLY",
"PolicyName": "AWSDataSyncReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DeleteNetworkInterface",
"ec2:CreateNetworkInterfacePermission"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "0"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJS2PBJSYV2EZW3MIQ",
"PolicyName": "AWSVPCTransitGatewayServiceRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"rds:DescribeAccountAttributes",
"rds:DescribeCertificates",
"rds:DescribeDBClusterParameterGroups",
"rds:DescribeDBClusterParameters",
"rds:DescribeDBClusterSnapshotAttributes",
"rds:DescribeDBClusterSnapshots",
"rds:DescribeDBClusters",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeDBLogFiles",
"rds:DescribeDBParameterGroups",
"rds:DescribeDBParameters",
"rds:DescribeDBSubnetGroups",
"rds:DescribeEventCategories",
"rds:DescribeEventSubscriptions",
"rds:DescribeEvents",
"rds:DescribeOrderableDBInstanceOptions",
"rds:DescribePendingMaintenanceActions",
"rds:DownloadDBLogFilePortion",
"rds:ListTagsForResource"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:ListKeys",
"kms:ListRetirableGrants",
"kms:ListAliases",
"kms:ListKeyPolicies"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:DescribeLogStreams",
"logs:GetLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*",
"arn:aws:logs:*:*:log-group:/aws/neptune/*:log-stream:*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJS5OQ5RXULC66WTGQ",
"PolicyName": "NeptuneReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"support:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJSNKQX2OW67GF4S7E",
"PolicyName": "AWSSupportAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:DescribeAlarms",
"elasticmapreduce:ListInstanceGroups",
"elasticmapreduce:ModifyInstanceGroups"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJSVXG6QHPE6VHDZ4Q",
"PolicyName": "AmazonElasticMapReduceforAutoScalingRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"mediaconvert:Get*",
"mediaconvert:List*",
"mediaconvert:DescribeEndpoints",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:ListObjects"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJSXYOBSLJN3JEDO42",
"PolicyName": "AWSElementalMediaConvertReadOnly",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"dynamodb:DescribeStream",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:ListStreams"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJTHQ3EKCQALQDYG5G",
"PolicyName": "AWSLambdaInvocation-DynamoDB",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStacks",
"cloudformation:SetStackPolicy",
"cloudformation:ValidateTemplate",
"cloudformation:UpdateStack",
"cloudformation:CreateChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:ExecuteChangeSet",
"cloudformation:ListChangeSets",
"cloudformation:DeleteChangeSet",
"cloudformation:TagResource",
"cloudformation:CreateStackSet",
"cloudformation:CreateStackInstances",
"cloudformation:UpdateStackSet",
"cloudformation:UpdateStackInstances",
"cloudformation:DeleteStackSet",
"cloudformation:DeleteStackInstances",
"cloudformation:DescribeStackSet",
"cloudformation:DescribeStackInstance",
"cloudformation:DescribeStackSetOperation",
"cloudformation:ListStackInstances",
"cloudformation:ListStackResources",
"cloudformation:ListStackSetOperations",
"cloudformation:ListStackSetOperationResults"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/SC-*",
"arn:aws:cloudformation:*:*:stack/StackSet-SC-*",
"arn:aws:cloudformation:*:*:changeSet/SC-*",
"arn:aws:cloudformation:*:*:stackset/SC-*"
]
},
{
"Action": [
"cloudformation:GetTemplateSummary",
"servicecatalog:DescribeProduct",
"servicecatalog:DescribeProductView",
"servicecatalog:DescribeProvisioningParameters",
"servicecatalog:ListLaunchPaths",
"servicecatalog:ProvisionProduct",
"servicecatalog:SearchProducts",
"ssm:DescribeDocument",
"ssm:GetAutomationExecution",
"config:DescribeConfigurationRecorders",
"config:DescribeConfigurationRecorderStatus"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"servicecatalog:DescribeProvisionedProduct",
"servicecatalog:DescribeRecord",
"servicecatalog:ListRecordHistory",
"servicecatalog:ScanProvisionedProducts",
"servicecatalog:TerminateProvisionedProduct",
"servicecatalog:UpdateProvisionedProduct",
"servicecatalog:SearchProvisionedProducts",
"servicecatalog:CreateProvisionedProductPlan",
"servicecatalog:DescribeProvisionedProductPlan",
"servicecatalog:ExecuteProvisionedProductPlan",
"servicecatalog:DeleteProvisionedProductPlan",
"servicecatalog:ListProvisionedProductPlans",
"servicecatalog:ListServiceActionsForProvisioningArtifact",
"servicecatalog:ExecuteProvisionedProductServiceAction"
],
"Condition": {
"StringEquals": {
"servicecatalog:userLevel": "self"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJTLLC4DGDMTZB54M4",
"PolicyName": "AWSServiceCatalogEndUserFullAccess",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": [
"iam:DeleteSSHPublicKey",
"iam:GetSSHPublicKey",
"iam:ListSSHPublicKeys",
"iam:UpdateSSHPublicKey",
"iam:UploadSSHPublicKey"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJTSHUA4UXGXU7ANUA",
"PolicyName": "IAMUserSSHKeys",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:DescribeScheduledActions",
"aws-marketplace:ViewSubscriptions",
"aws-marketplace:ViewSubscriptions",
"cloudwatch:DescribeAlarms",
"cognito-idp:DescribeUserPool",
"cognito-idp:DescribeUserPoolClient",
"cognito-idp:ListGroups",
"cognito-idp:ListIdentityProviders",
"cognito-idp:ListUserPoolClients",
"cognito-idp:ListUserPools",
"cognito-idp:ListUsers",
"cognito-idp:ListUsersInGroup",
"ecr:Describe*",
"sagemaker:Describe*",
"sagemaker:GetSearchSuggestions",
"sagemaker:List*",
"sagemaker:Search"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJTZ2FTFCQ6CFLQA2O",
"PolicyName": "AmazonSageMakerReadOnly",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": [
"iot:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJU2FPGG6PQWN72V2G",
"PolicyName": "AWSIoTFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"rds:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJU5J6OAMCJD3OO76O",
"PolicyName": "AWSQuickSightDescribeRDS",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
"organizations:DescribeOrganizationalUnit",
"organizations:ListAccounts",
"organizations:ListAccountsForParent",
"organizations:ListChildren",
"organizations:ListOrganizationalUnitsForParent",
"organizations:ListParents",
"organizations:ListRoots"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:DeleteRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/ram.amazonaws.com/*"
],
"Sid": "AllowDeletionOfServiceLinkedRoleForResourceAccessManager"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJU667A3V5UAXC4YNE",
"PolicyName": "AWSResourceAccessManagerServiceRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*/AWSLogs/*/Config/*"
},
{
"Action": [
"config:Put*",
"config:Get*",
"config:List*",
"config:Describe*",
"config:BatchGet*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJUB3KIKTA4PU4OYAA",
"PolicyName": "AWSConfigRulesExecutionRole",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudtrail:DescribeTrails",
"cloudtrail:GetEventSelectors",
"ec2:Describe*",
"config:Put*",
"config:Get*",
"config:List*",
"config:Describe*",
"config:BatchGet*",
"cloudtrail:GetTrailStatus",
"cloudtrail:ListTags",
"iam:GenerateCredentialReport",
"iam:GetCredentialReport",
"iam:GetAccountAuthorizationDetails",
"iam:GetAccountPasswordPolicy",
"iam:GetAccountSummary",
"iam:GetGroup",
"iam:GetGroupPolicy",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:GetUser",
"iam:GetUserPolicy",
"iam:ListAttachedGroupPolicies",
"iam:ListAttachedRolePolicies",
"iam:ListAttachedUserPolicies",
"iam:ListEntitiesForPolicy",
"iam:ListGroupPolicies",
"iam:ListGroupsForUser",
"iam:ListInstanceProfilesForRole",
"iam:ListPolicyVersions",
"iam:ListRolePolicies",
"iam:ListUserPolicies",
"iam:ListVirtualMFADevices",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeTags",
"acm:DescribeCertificate",
"acm:ListCertificates",
"acm:ListTagsForCertificate",
"rds:DescribeDBInstances",
"rds:DescribeDBSecurityGroups",
"rds:DescribeDBSnapshotAttributes",
"rds:DescribeDBSnapshots",
"rds:DescribeDBSubnetGroups",
"rds:DescribeEventSubscriptions",
"rds:ListTagsForResource",
"rds:DescribeDBClusters",
"s3:GetAccelerateConfiguration",
"s3:GetBucketAcl",
"s3:GetBucketCORS",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketPolicy",
"s3:GetBucketRequestPayment",
"s3:GetBucketTagging",
"s3:GetBucketVersioning",
"s3:GetBucketWebsite",
"s3:GetLifecycleConfiguration",
"s3:GetReplicationConfiguration",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:GetEncryptionConfiguration",
"s3:GetBucketPublicAccessBlock",
"redshift:DescribeClusterParameterGroups",
"redshift:DescribeClusterParameters",
"redshift:DescribeClusterSecurityGroups",
"redshift:DescribeClusterSnapshots",
"redshift:DescribeClusterSubnetGroups",
"redshift:DescribeClusters",
"redshift:DescribeEventSubscriptions",
"redshift:DescribeLoggingStatus",
"dynamodb:DescribeLimits",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"cloudwatch:DescribeAlarms",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingPolicies",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeLifecycleHooks",
"autoscaling:DescribePolicies",
"autoscaling:DescribeScheduledActions",
"autoscaling:DescribeTags",
"lambda:GetFunction",
"lambda:GetPolicy",
"lambda:ListFunctions",
"lambda:GetAlias",
"lambda:ListAliases",
"waf-regional:GetWebACLForResource",
"waf-regional:GetWebACL",
"cloudfront:ListTagsForResource",
"guardduty:ListDetectors",
"guardduty:GetMasterAccount",
"guardduty:GetDetector",
"codepipeline:ListPipelines",
"codepipeline:GetPipeline",
"codepipeline:GetPipelineState",
"kms:ListKeys",
"kms:GetKeyRotationStatus",
"kms:DescribeKey",
"ssm:DescribeDocument",
"ssm:GetDocument",
"ssm:DescribeAutomationExecutions",
"ssm:GetAutomationExecution"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJUCWFHNZER665LLQQ",
"PolicyName": "AWSConfigServiceRolePolicy",
"VersionId": "v8"
},
{
"Document": {
"Statement": [
{
"Action": [
"es:Describe*",
"es:List*",
"es:Get*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJUDMRLOQ7FPAR46FQ",
"PolicyName": "AmazonESReadOnlyAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"codedeploy:Batch*",
"codedeploy:CreateDeployment",
"codedeploy:Get*",
"codedeploy:List*",
"codedeploy:RegisterApplicationRevision"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJUWEPOMGLMVXJAPUI",
"PolicyName": "AWSCodeDeployDeployerAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:CreateNetworkInterfacePermission",
"ec2:AttachNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DetachNetworkInterface"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJUXPRZ76MAP2EVQJU",
"PolicyName": "KafkaServiceRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"polly:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJUZOYQU6XQYPR7EWS",
"PolicyName": "AmazonPollyFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ssm:GetAutomationExecution",
"ssm:GetParameters",
"ssm:ListCommands",
"ssm:SendCommand",
"ssm:StartAutomationExecution"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "Stmt1477803259000"
},
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:SSM*",
"arn:aws:lambda:*:*:function:*:SSM*"
],
"Sid": "Stmt1477803259001"
},
{
"Action": [
"states:DescribeExecution",
"states:StartExecution"
],
"Effect": "Allow",
"Resource": [
"arn:aws:states:*:*:stateMachine:SSM*",
"arn:aws:states:*:*:execution:SSM*"
],
"Sid": "Stmt1477803259002"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJV3JNYSTZ47VOXYME",
"PolicyName": "AmazonSSMMaintenanceWindowRole",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:PutRetentionPolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:RDS*"
],
"Sid": "EnableCreationAndManagementOfRDSCloudwatchLogGroups"
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams",
"logs:GetLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:RDS*:log-stream:*"
],
"Sid": "EnableCreationAndManagementOfRDSCloudwatchLogStreams"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJV7BS425S4PTSSVGK",
"PolicyName": "AmazonRDSEnhancedMonitoringRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:DescribeAlarms",
"cloudwatch:DescribeAlarmsForMetric",
"kms:DescribeKey",
"kms:ListAliases",
"lambda:GetPolicy",
"lambda:ListFunctions",
"lex:*",
"polly:DescribeVoices",
"polly:SynthesizeSpeech"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"lambda:AddPermission",
"lambda:RemovePermission"
],
"Condition": {
"StringLike": {
"lambda:Principal": "lex.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:lambda:*:*:function:AmazonLex*"
},
{
"Action": [
"iam:GetRole",
"iam:DeleteRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots",
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels"
]
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringLike": {
"iam:AWSServiceName": "lex.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots"
]
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots"
]
},
{
"Action": [
"iam:DetachRolePolicy"
],
"Condition": {
"StringLike": {
"iam:PolicyArn": "arn:aws:iam::aws:policy/aws-service-role/AmazonLexBotPolicy"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots"
]
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringLike": {
"iam:AWSServiceName": "channels.lex.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels"
]
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels"
]
},
{
"Action": [
"iam:DetachRolePolicy"
],
"Condition": {
"StringLike": {
"iam:PolicyArn": "arn:aws:iam::aws:policy/aws-service-role/LexChannelPolicy"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJVLXDHKVC23HRTKSI",
"PolicyName": "AmazonLexFullAccess",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJVTME3YLVNL72YR2K",
"PolicyName": "AWSLambdaVPCAccessExecutionRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"s3:Get*",
"s3:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJVV7PON3FPBL2PSGC",
"PolicyName": "AmazonMacieServiceRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"lex:PostContent",
"lex:PostText"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJVZGB5CM3N6YWJHBE",
"PolicyName": "AmazonLexRunBotsOnly",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"acm-pca:CreateCertificateAuthorityAuditReport",
"acm-pca:DescribeCertificateAuthority",
"acm-pca:DescribeCertificateAuthorityAuditReport",
"acm-pca:GetCertificateAuthorityCsr",
"acm-pca:GetCertificateAuthorityCertificate",
"acm-pca:GetCertificate",
"acm-pca:ListTags"
],
"Effect": "Allow",
"Resource": "arn:aws:acm-pca:*:*:certificate-authority/*"
},
{
"Action": [
"acm-pca:ListCertificateAuthorities"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJW77VE4UEBJ4PEXEY",
"PolicyName": "AWSCertificateManagerPrivateCAAuditor",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"sns:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJWEKLCXXUNT2SOLSG",
"PolicyName": "AmazonSNSFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "backup:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "backup-storage:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"rds:DescribeDBSnapshots",
"rds:ListTagsForResource",
"rds:DescribeDBInstances",
"rds:describeDBSnapshots",
"rds:describeDBEngineVersions",
"rds:describeOptionGroups",
"rds:describeOrderableDBInstanceOptions",
"rds:describeDBSubnetGroups"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"dynamodb:ListBackups",
"dynamodb:ListTables"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"elasticfilesystem:DescribeFilesystems"
],
"Effect": "Allow",
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
},
{
"Action": [
"ec2:DescribeSnapshots",
"ec2:DescribeVolumes",
"ec2:describeAvailabilityZones"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"tag:GetTagKeys",
"tag:GetTagValues",
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"storagegateway:DescribeCachediSCSIVolumes",
"storagegateway:DescribeStorediSCSIVolumes"
],
"Effect": "Allow",
"Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*"
},
{
"Action": [
"storagegateway:ListGateways"
],
"Effect": "Allow",
"Resource": "arn:aws:storagegateway:*:*:*"
},
{
"Action": [
"storagegateway:DescribeGatewayInformation",
"storagegateway:ListVolumes",
"storagegateway:ListLocalDisks"
],
"Effect": "Allow",
"Resource": "arn:aws:storagegateway:*:*:gateway/*"
},
{
"Action": [
"iam:ListRoles",
"iam:GetRole",
"iam:GetUser"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": "backup.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/*AwsBackup*"
},
{
"Action": [
"kms:ListKeys",
"kms:DescribeKey",
"kms:GenerateDataKey",
"kms:RetireGrant",
"kms:CreateGrant",
"kms:ListAliases",
"kms:Decrypt"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJWFPFHACTI7XN6M2C",
"PolicyName": "AWSBackupAdminPolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:AssignPrivateIpAddresses",
"ec2:AttachNetworkInterface",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeInstances",
"ec2:DescribeNetworkInterfaces",
"ec2:DetachNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateTags"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:network-interface/*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJWLAS474LDBXNNTM4",
"PolicyName": "AmazonEKS_CNI_Policy",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStacks",
"cloudformation:SetStackPolicy",
"cloudformation:UpdateStack",
"cloudformation:CreateChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:ExecuteChangeSet",
"cloudformation:ListChangeSets",
"cloudformation:DeleteChangeSet",
"cloudformation:ListStackResources",
"cloudformation:TagResource",
"cloudformation:CreateStackSet",
"cloudformation:CreateStackInstances",
"cloudformation:UpdateStackSet",
"cloudformation:UpdateStackInstances",
"cloudformation:DeleteStackSet",
"cloudformation:DeleteStackInstances",
"cloudformation:DescribeStackSet",
"cloudformation:DescribeStackInstance",
"cloudformation:DescribeStackSetOperation",
"cloudformation:ListStackInstances",
"cloudformation:ListStackSetOperations",
"cloudformation:ListStackSetOperationResults"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/SC-*",
"arn:aws:cloudformation:*:*:stack/StackSet-SC-*",
"arn:aws:cloudformation:*:*:changeSet/SC-*",
"arn:aws:cloudformation:*:*:stackset/SC-*"
]
},
{
"Action": [
"cloudformation:CreateUploadBucket",
"cloudformation:GetTemplateSummary",
"cloudformation:ValidateTemplate",
"iam:GetGroup",
"iam:GetRole",
"iam:GetUser",
"iam:ListGroups",
"iam:ListRoles",
"iam:ListUsers",
"servicecatalog:*",
"ssm:DescribeDocument",
"ssm:GetAutomationExecution",
"ssm:ListDocuments",
"ssm:ListDocumentVersions",
"config:DescribeConfigurationRecorders",
"config:DescribeConfigurationRecorderStatus"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "servicecatalog.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJWLJU4BZ7AQUJSBVM",
"PolicyName": "AWSServiceCatalogAdminFullAccess",
"VersionId": "v5"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudfront:List*",
"elasticloadbalancing:List*",
"route53:List*",
"cloudfront:Describe*",
"elasticloadbalancing:Describe*",
"route53:Describe*",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"cloudfront:GetDistribution*",
"globalaccelerator:ListAccelerators",
"globalaccelerator:DescribeAccelerator"
],
"Effect": "Allow",
"Resource": [
"arn:aws:elasticloadbalancing:*:*:*",
"arn:aws:cloudfront::*:*",
"arn:aws:route53:::hostedzone/*",
"arn:aws:cloudwatch:*:*:*:*",
"arn:aws:globalaccelerator::*:*"
],
"Sid": "DRTAccessProtectedResources"
},
{
"Action": [
"waf:*",
"waf-regional:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:waf:*",
"arn:aws:waf-regional:*"
],
"Sid": "DRTManageMitigations"
},
{
"Action": [
"shield:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "DRTManageProtections"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJWNCSZ4PARLO37VVY",
"PolicyName": "AWSShieldDRTAccessPolicy",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudsearch:Describe*",
"cloudsearch:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJWPLX7N7BCC3RZLHW",
"PolicyName": "CloudSearchReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"greengrass:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJWPV6OBK4QONH4J3O",
"PolicyName": "AWSGreengrassFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"rds:CreateDBCluster",
"rds:CreateDBInstance"
],
"Condition": {
"StringEquals": {
"rds:DatabaseEngine": "graphdb"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:rds:*"
]
},
{
"Action": [
"rds:AddRoleToDBCluster",
"rds:AddSourceIdentifierToSubscription",
"rds:AddTagsToResource",
"rds:ApplyPendingMaintenanceAction",
"rds:CopyDBClusterParameterGroup",
"rds:CopyDBClusterSnapshot",
"rds:CopyDBParameterGroup",
"rds:CreateDBClusterParameterGroup",
"rds:CreateDBClusterSnapshot",
"rds:CreateDBParameterGroup",
"rds:CreateDBSubnetGroup",
"rds:CreateEventSubscription",
"rds:DeleteDBCluster",
"rds:DeleteDBClusterParameterGroup",
"rds:DeleteDBClusterSnapshot",
"rds:DeleteDBInstance",
"rds:DeleteDBParameterGroup",
"rds:DeleteDBSubnetGroup",
"rds:DeleteEventSubscription",
"rds:DescribeAccountAttributes",
"rds:DescribeCertificates",
"rds:DescribeDBClusterParameterGroups",
"rds:DescribeDBClusterParameters",
"rds:DescribeDBClusterSnapshotAttributes",
"rds:DescribeDBClusterSnapshots",
"rds:DescribeDBClusters",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeDBLogFiles",
"rds:DescribeDBParameterGroups",
"rds:DescribeDBParameters",
"rds:DescribeDBSecurityGroups",
"rds:DescribeDBSubnetGroups",
"rds:DescribeEngineDefaultClusterParameters",
"rds:DescribeEngineDefaultParameters",
"rds:DescribeEventCategories",
"rds:DescribeEventSubscriptions",
"rds:DescribeEvents",
"rds:DescribeOptionGroups",
"rds:DescribeOrderableDBInstanceOptions",
"rds:DescribePendingMaintenanceActions",
"rds:DescribeValidDBInstanceModifications",
"rds:DownloadDBLogFilePortion",
"rds:FailoverDBCluster",
"rds:ListTagsForResource",
"rds:ModifyDBCluster",
"rds:ModifyDBClusterParameterGroup",
"rds:ModifyDBClusterSnapshotAttribute",
"rds:ModifyDBInstance",
"rds:ModifyDBParameterGroup",
"rds:ModifyDBSubnetGroup",
"rds:ModifyEventSubscription",
"rds:PromoteReadReplicaDBCluster",
"rds:RebootDBInstance",
"rds:RemoveRoleFromDBCluster",
"rds:RemoveSourceIdentifierFromSubscription",
"rds:RemoveTagsFromResource",
"rds:ResetDBClusterParameterGroup",
"rds:ResetDBParameterGroup",
"rds:RestoreDBClusterFromSnapshot",
"rds:RestoreDBClusterToPointInTime"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"ec2:AllocateAddress",
"ec2:AssignIpv6Addresses",
"ec2:AssignPrivateIpAddresses",
"ec2:AssociateAddress",
"ec2:AssociateRouteTable",
"ec2:AssociateSubnetCidrBlock",
"ec2:AssociateVpcCidrBlock",
"ec2:AttachInternetGateway",
"ec2:AttachNetworkInterface",
"ec2:CreateCustomerGateway",
"ec2:CreateDefaultSubnet",
"ec2:CreateDefaultVpc",
"ec2:CreateInternetGateway",
"ec2:CreateNatGateway",
"ec2:CreateNetworkInterface",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateVpc",
"ec2:CreateVpcEndpoint",
"ec2:CreateVpcEndpoint",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeCustomerGateways",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribePrefixLists",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroupReferences",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcs",
"ec2:DescribeVpcs",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ModifySubnetAttribute",
"ec2:ModifyVpcAttribute",
"ec2:ModifyVpcEndpoint",
"iam:ListRoles",
"iam:PassRole",
"kms:ListAliases",
"kms:ListKeyPolicies",
"kms:ListKeys",
"kms:ListRetirableGrants",
"logs:DescribeLogStreams",
"logs:GetLogEvents",
"sns:ListSubscriptions",
"sns:ListTopics",
"sns:Publish"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "rds.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJWTD4ELX2KRNICUVQ",
"PolicyName": "NeptuneConsoleFullAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudformation:Describe*",
"cloudformation:EstimateTemplateCost",
"cloudformation:Get*",
"cloudformation:List*",
"cloudformation:ValidateTemplate",
"cloudformation:DetectStackDrift",
"cloudformation:DetectStackResourceDrift"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJWVBEE4I2POWLODLW",
"PolicyName": "AWSCloudFormationReadOnlyAccess",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"route53:*",
"route53domains:*",
"cloudfront:ListDistributions",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticbeanstalk:DescribeEnvironments",
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetBucketWebsite",
"ec2:DescribeVpcs",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeRegions",
"sns:ListTopics",
"sns:ListSubscriptionsByTopic",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricStatistics"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "apigateway:GET",
"Effect": "Allow",
"Resource": "arn:aws:apigateway:*::/domainnames"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJWVDLG5RPST6PHQ3A",
"PolicyName": "AmazonRoute53FullAccess",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJX4DPCRGTC4NFDUXI",
"PolicyName": "AWSLambdaRole",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJXAW2Q3KPTURUT2QC",
"PolicyName": "AWSLambdaENIManagementAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJXFIK7WABAY5CPXM4",
"PolicyName": "AWSOpsWorksCloudWatchLogs",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"appstream:Get*",
"appstream:List*",
"appstream:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJXIFDGB4VBX23DX7K",
"PolicyName": "AmazonAppStreamReadOnlyAccess",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": "states:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJXKA6VP3UFBVHDPPA",
"PolicyName": "AWSStepFunctionsFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"cloudtrail:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudTrailFullAccess"
},
{
"Action": [
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
"organizations:ListAccounts",
"organizations:ListAWSServiceAccessForOrganization"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "AwsOrgsAccess"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJXQJ45EGU6U7NQBW4",
"PolicyName": "CloudTrailServiceRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"inspector:Describe*",
"inspector:Get*",
"inspector:List*",
"inspector:LocalizeText",
"inspector:Preview*",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"sns:ListTopics",
"events:DescribeRule",
"events:ListRuleNamesByTarget"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJXQNTHTEJ2JFRN2SE",
"PolicyName": "AmazonInspectorReadOnlyAccess",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"organizations:Describe*",
"organizations:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJY5RQATUV77PEPVOM",
"PolicyName": "AWSOrganizationsReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"translate:TranslateText",
"translate:GetTerminology",
"translate:ListTerminologies",
"comprehend:DetectDominantLanguage",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJYAMZMTQNWUDJKY2E",
"PolicyName": "TranslateReadOnly",
"VersionId": "v4"
},
{
"Document": {
"Statement": [
{
"Action": [
"acm:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJYCHABBP6VQIVBCBQ",
"PolicyName": "AWSCertificateManagerFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"iotevents:Describe*",
"iotevents:List*",
"iotevents:Get*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJYJFNAR7CN5JW52PG",
"PolicyName": "AWSIoTEventsReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterfacePermission",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeSecurityGroups",
"greengrass:CreateDeployment",
"greengrass:CreateGroupVersion",
"greengrass:CreateFunctionDefinition",
"greengrass:CreateFunctionDefinitionVersion",
"greengrass:GetDeploymentStatus",
"greengrass:GetGroup",
"greengrass:GetGroupVersion",
"greengrass:GetCoreDefinitionVersion",
"greengrass:GetFunctionDefinitionVersion",
"greengrass:GetAssociatedRole",
"lambda:CreateFunction"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"lambda:UpdateFunctionCode",
"lambda:GetFunction",
"lambda:UpdateFunctionConfiguration"
],
"Effect": "Allow",
"Resource": "arn:aws:lambda:*:*:function:aws-robomaker-*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEqualsIfExists": {
"iam:PassedToService": "lambda.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJYLVVUUQMAEEZ3ZNY",
"PolicyName": "AWSRoboMakerServicePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Effect": "Allow",
"NotAction": [
"iam:*",
"organizations:*"
],
"Resource": "*"
},
{
"Action": [
"iam:CreateServiceLinkedRole",
"iam:DeleteServiceLinkedRole",
"iam:ListRoles",
"organizations:DescribeOrganization"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJYRXTHIB4FOVS3ZXS",
"PolicyName": "PowerUserAccess",
"VersionId": "v3"
},
{
"Document": {
"Statement": [
{
"Action": [
"execute-api:Invoke",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJYTKXPX6DO32Z4XXA",
"PolicyName": "AWSApplicationAutoScalingCustomResourcePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"globalaccelerator:Describe*",
"globalaccelerator:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJYXHGCVENJKQZRNGU",
"PolicyName": "GlobalAcceleratorReadOnlyAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"sagemaker:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"application-autoscaling:DeleteScalingPolicy",
"application-autoscaling:DeleteScheduledAction",
"application-autoscaling:DeregisterScalableTarget",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:DescribeScheduledActions",
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:PutScheduledAction",
"application-autoscaling:RegisterScalableTarget",
"aws-marketplace:ViewSubscriptions",
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"cloudwatch:PutMetricAlarm",
"cloudwatch:PutMetricData",
"codecommit:BatchGetRepositories",
"codecommit:CreateRepository",
"codecommit:GetRepository",
"codecommit:ListBranches",
"codecommit:ListRepositories",
"cognito-idp:AdminAddUserToGroup",
"cognito-idp:AdminCreateUser",
"cognito-idp:AdminDeleteUser",
"cognito-idp:AdminDisableUser",
"cognito-idp:AdminEnableUser",
"cognito-idp:AdminRemoveUserFromGroup",
"cognito-idp:CreateGroup",
"cognito-idp:CreateUserPool",
"cognito-idp:CreateUserPoolClient",
"cognito-idp:CreateUserPoolDomain",
"cognito-idp:DescribeUserPool",
"cognito-idp:DescribeUserPoolClient",
"cognito-idp:ListGroups",
"cognito-idp:ListIdentityProviders",
"cognito-idp:ListUserPoolClients",
"cognito-idp:ListUserPools",
"cognito-idp:ListUsers",
"cognito-idp:ListUsersInGroup",
"cognito-idp:UpdateUserPool",
"cognito-idp:UpdateUserPoolClient",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:CreateVpcEndpoint",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DescribeDhcpOptions",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcs",
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:CreateRepository",
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer",
"ecr:Describe*",
"elastic-inference:Connect",
"glue:CreateJob",
"glue:DeleteJob",
"glue:GetJob",
"glue:GetJobRun",
"glue:GetJobRuns",
"glue:GetJobs",
"glue:ResetJobBookmark",
"glue:StartJobRun",
"glue:UpdateJob",
"groundtruthlabeling:*",
"iam:ListRoles",
"kms:DescribeKey",
"kms:ListAliases",
"lambda:ListFunctions",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:GetLogEvents",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ecr:SetRepositoryPolicy",
"ecr:CompleteLayerUpload",
"ecr:BatchDeleteImage",
"ecr:UploadLayerPart",
"ecr:DeleteRepositoryPolicy",
"ecr:InitiateLayerUpload",
"ecr:DeleteRepository",
"ecr:PutImage"
],
"Effect": "Allow",
"Resource": "arn:aws:ecr:*:*:repository/*sagemaker*"
},
{
"Action": [
"codecommit:GitPull",
"codecommit:GitPush"
],
"Effect": "Allow",
"Resource": [
"arn:aws:codecommit:*:*:*sagemaker*",
"arn:aws:codecommit:*:*:*SageMaker*",
"arn:aws:codecommit:*:*:*Sagemaker*"
]
},
{
"Action": [
"secretsmanager:CreateSecret",
"secretsmanager:DescribeSecret",
"secretsmanager:ListSecrets",
"secretsmanager:TagResource"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"secretsmanager:GetSecretValue"
],
"Condition": {
"StringEquals": {
"secretsmanager:ResourceTag/SageMaker": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"robomaker:CreateSimulationApplication",
"robomaker:DescribeSimulationApplication",
"robomaker:DeleteSimulationApplication"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"robomaker:CreateSimulationJob",
"robomaker:DescribeSimulationJob",
"robomaker:CancelSimulationJob"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*sagemaker*",
"arn:aws:s3:::*aws-glue*"
]
},
{
"Action": [
"s3:CreateBucket",
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject"
],
"Condition": {
"StringEqualsIgnoreCase": {
"s3:ExistingObjectTag/SageMaker": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:*SageMaker*",
"arn:aws:lambda:*:*:function:*sagemaker*",
"arn:aws:lambda:*:*:function:*Sagemaker*",
"arn:aws:lambda:*:*:function:*LabelingFunction*"
]
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "sagemaker.application-autoscaling.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "robomaker.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"sagemaker.amazonaws.com",
"glue.amazonaws.com",
"robomaker.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJZ5IWYMXO5QDB4QOG",
"PolicyName": "AmazonSageMakerFullAccess",
"VersionId": "v9"
},
{
"Document": {
"Statement": [
{
"Action": [
"firehose:PutRecord",
"firehose:PutRecordBatch"
],
"Effect": "Allow",
"Resource": [
"arn:aws:firehose:*:*:deliverystream/aws-waf-logs-*"
]
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJZ7N545GUNUHNTYOM",
"PolicyName": "WAFLoggingServiceRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"dynamodb:Scan",
"dynamodb:Query",
"dynamodb:UpdateItem",
"dynamodb:PutItem",
"dynamodb:GetItem",
"dynamodb:DeleteItem",
"dynamodb:BatchWriteItem"
],
"Effect": "Allow",
"Resource": "arn:aws:dynamodb:*:*:table/*"
},
{
"Action": [
"dynamodb:RestoreTableFromBackup"
],
"Effect": "Allow",
"Resource": "arn:aws:dynamodb:*:*:table/*/backup/*"
},
{
"Action": [
"ec2:CreateVolume",
"ec2:DeleteVolume"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*:*:volume/*"
]
},
{
"Action": [
"ec2:DescribeSnapshots",
"ec2:DescribeVolumes"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"storagegateway:DeleteVolume",
"storagegateway:DescribeCachediSCSIVolumes",
"storagegateway:DescribeStorediSCSIVolumes"
],
"Effect": "Allow",
"Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*"
},
{
"Action": [
"storagegateway:DescribeGatewayInformation",
"storagegateway:CreateStorediSCSIVolume",
"storagegateway:CreateCachediSCSIVolume"
],
"Effect": "Allow",
"Resource": "arn:aws:storagegateway:*:*:gateway/*"
},
{
"Action": [
"storagegateway:ListVolumes"
],
"Effect": "Allow",
"Resource": "arn:aws:storagegateway:*:*:*"
},
{
"Action": [
"rds:DescribeDBInstances",
"rds:DescribeDBSnapshots",
"rds:ListTagsForResource",
"rds:RestoreDBInstanceFromDBSnapshot",
"rds:DeleteDBInstance",
"rds:AddTagsToResource"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"elasticfilesystem:Restore",
"elasticfilesystem:CreateFilesystem",
"elasticfilesystem:DescribeFilesystems",
"elasticfilesystem:DeleteFilesystem"
],
"Effect": "Allow",
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJZCCL6F2WPVOUXZKI",
"PolicyName": "AWSBackupServiceRolePolicyForRestores",
"VersionId": "v2"
},
{
"Document": {
"Statement": [
{
"Action": [
"mediastore:*"
],
"Condition": {
"Bool": {
"aws:SecureTransport": "true"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJZFYFW2QXSNK7OH6Y",
"PolicyName": "AWSElementalMediaStoreFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "events:*",
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudWatchEventsFullAccess"
},
{
"Action": "iam:PassRole",
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/AWS_Events_Invoke_Targets",
"Sid": "IAMPassRoleForCloudWatchEvents"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJZLOYLNHESMYOJAFU",
"PolicyName": "CloudWatchEventsFullAccess",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": [
"license-manager:UpdateLicenseSpecificationsForResource"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "LicenseManagerPermissions"
},
{
"Action": [
"ssm:ListInventoryEntries",
"ssm:GetInventory",
"ssm:CreateAssociation",
"ssm:CreateResourceDataSync",
"ssm:DeleteResourceDataSync",
"ssm:ListResourceDataSync",
"ssm:ListAssociations"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "SSMPermissions"
},
{
"Action": [
"ram:AcceptResourceShareInvitation",
"ram:GetResourceShareInvitations"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "RAMPermissions"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJZTYEY2LEGBYAVUY4",
"PolicyName": "AWSLicenseManagerMemberAccountRolePolicy",
"VersionId": "v1"
},
{
"Document": {
"Statement": [
{
"Action": "organizations:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"PolicyId": "ANPAJZXBNRCJKNLQHSB5M",
"PolicyName": "AWSOrganizationsFullAccess",
"VersionId": "v1"
}
]
Raw
export_aws_managed_policies.py
import boto3
import json
client = boto3.client('iam')
paginator = client.get_paginator('list_policies')
response_iterator = paginator.paginate(Scope='AWS')
managed_policies = []
for response in response_iterator:
for policy in response['Policies']:
response_policy_version = client.get_policy_version(
PolicyArn=policy['Arn'],
VersionId=policy['DefaultVersionId']
)
managed_policies.append({
'Document': response_policy_version['PolicyVersion']['Document'],
'VersionId': response_policy_version['PolicyVersion']['VersionId'],
'PolicyName': policy['PolicyName'],
'PolicyId': policy['PolicyId']
})
with open('aws_iam_managed_policies.json', 'w') as f:
json.dump(managed_policies, f, sort_keys=True, indent=4, separators=(',', ': '))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment