matchilling/aws-cdk-bootstrap-permission.json

## aws-cdk-bootstrap-permission.json
{
  "Statement": [
    {
      "Action": [
        "cloudformation:DescribeStackEvents",
        "cloudformation:DeleteStack",
        "cloudformation:CreateChangeSet",
        "cloudformation:DescribeChangeSet",
        "cloudformation:ExecuteChangeSet",
        "cloudformation:DescribeStacks",
        "cloudformation:GetTemplate"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:cloudformation:*:###ACCOUNT_ID###:stack/CDKToolkit/*"
      ]
    },
    {
      "Action": [
        "iam:GetRole",
        "iam:UntagRole",
        "iam:GetPolicy",
        "iam:TagRole",
        "iam:CreateRole",
        "iam:DeleteRole",
        "iam:AttachRolePolicy",
        "iam:PutRolePolicy",
        "iam:TagPolicy",
        "iam:DetachRolePolicy",
        "iam:DeleteRolePolicy",
        "iam:UntagPolicy",
        "iam:UpdateRole",
        "iam:GetRolePolicy"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:iam::###ACCOUNT_ID###:policy/*",
        "arn:aws:iam::###ACCOUNT_ID###:role/cdk-*"
      ]
    },
    {
      "Action": [
        "s3:CreateBucket",
        "s3:DeleteBucket",
        "s3:DeleteBucketPolicy",
        "s3:GetBucketPolicy",
        "s3:PutBucketPolicy",
        "s3:PutBucketPublicAccessBlock",
        "s3:PutBucketVersioning",
        "s3:PutEncryptionConfiguration",
        "s3:PutLifecycleConfiguration"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::cdk-*"
      ]
    },
    {
      "Action": [
        "ssm:PutParameter",
        "ssm:DeleteParameter",
        "ssm:GetParameters",
        "ssm:GetParameter"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:ssm:*:###ACCOUNT_ID###:parameter/cdk-bootstrap/*"
      ]
    },
    {
      "Action": [
        "ecr:DeleteRepository",
        "ecr:DescribeRepositories",
        "ecr:PutLifecyclePolicy",
        "ecr:SetRepositoryPolicy"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:ecr:*:###ACCOUNT_ID###:repository/cdk-*"
      ]
    },
    {
      "Action": [
        "ecr:CreateRepository"
      ],
      "Effect": "Allow",
      "Resource": [
        "*"
      ]
    }
  ],
  "Version": "2012-10-17"
}
	{
	"Statement": [
	{
	"Action": [
	"cloudformation:DescribeStackEvents",
	"cloudformation:DeleteStack",
	"cloudformation:CreateChangeSet",
	"cloudformation:DescribeChangeSet",
	"cloudformation:ExecuteChangeSet",
	"cloudformation:DescribeStacks",
	"cloudformation:GetTemplate"
	],
	"Effect": "Allow",
	"Resource": [
	"arn:aws:cloudformation::###ACCOUNT_ID###:stack/CDKToolkit/"
	]
	},
	{
	"Action": [
	"iam:GetRole",
	"iam:UntagRole",
	"iam:GetPolicy",
	"iam:TagRole",
	"iam:CreateRole",
	"iam:DeleteRole",
	"iam:AttachRolePolicy",
	"iam:PutRolePolicy",
	"iam:TagPolicy",
	"iam:DetachRolePolicy",
	"iam:DeleteRolePolicy",
	"iam:UntagPolicy",
	"iam:UpdateRole",
	"iam:GetRolePolicy"
	],
	"Effect": "Allow",
	"Resource": [
	"arn:aws:iam::###ACCOUNT_ID###:policy/*",
	"arn:aws:iam::###ACCOUNT_ID###:role/cdk-*"
	]
	},
	{
	"Action": [
	"s3:CreateBucket",
	"s3:DeleteBucket",
	"s3:DeleteBucketPolicy",
	"s3:GetBucketPolicy",
	"s3:PutBucketPolicy",
	"s3:PutBucketPublicAccessBlock",
	"s3:PutBucketVersioning",
	"s3:PutEncryptionConfiguration",
	"s3:PutLifecycleConfiguration"
	],
	"Effect": "Allow",
	"Resource": [
	"arn:aws:s3:::cdk-*"
	]
	},
	{
	"Action": [
	"ssm:PutParameter",
	"ssm:DeleteParameter",
	"ssm:GetParameters",
	"ssm:GetParameter"
	],
	"Effect": "Allow",
	"Resource": [
	"arn:aws:ssm::###ACCOUNT_ID###:parameter/cdk-bootstrap/"
	]
	},
	{
	"Action": [
	"ecr:DeleteRepository",
	"ecr:DescribeRepositories",
	"ecr:PutLifecyclePolicy",
	"ecr:SetRepositoryPolicy"
	],
	"Effect": "Allow",
	"Resource": [
	"arn:aws:ecr::###ACCOUNT_ID###:repository/cdk-"
	]
	},
	{
	"Action": [
	"ecr:CreateRepository"
	],
	"Effect": "Allow",
	"Resource": [
	"*"
	]
	}
	],
	"Version": "2012-10-17"
	}