A set of policies, used to create an initial ci user

createAndExecuteRoles.yaml

Version: 2012-10-17
Statement:
  - Effect: Allow
    Action:
      - 'cloudformation:CreateChangeSet'
      - 'cloudformation:DescribeChangeSet'
      - 'cloudformation:ExecuteChangeSet'
      - 'cloudformation:DescribeStacks'
    Resource:
      - 'arn:aws:cloudformation:<region>:<account_no>:stack/<roles_permission_stack_name>/*'
  - Effect: Allow
    Action:
      - 'cloudformation:ValidateTemplate'
      - 'cloudformation:GetTemplateSummary'
    Resource: '*'
  - Effect: Allow
    Action:
      - 'iam:UpdateAssumeRolePolicy'
      - 'iam:DeleteAccessKey'
      - 'iam:DeletePolicy'
      - 'iam:CreateRole'
      - 'iam:AttachRolePolicy'
      - 'iam:PutRolePolicy'
      - 'iam:CreateUser'
      - 'iam:CreateAccessKey'
      - 'iam:ListInstanceProfilesForRole'
      - 'iam:DetachRolePolicy'
      - 'iam:DeleteRolePolicy'
      - 'iam:ListAttachedRolePolicies'
      - 'iam:ListRolePolicies'
      - 'iam:ListAccessKeys'
      - 'iam:GetRole'
      - 'iam:DeleteUserPolicy'
      - 'iam:ListRoles'
      - 'iam:DeleteRole'
      - 'iam:CreateServiceLinkedRole'
      - 'iam:PutUserPolicy'
      - 'iam:UpdateRole'
      - 'iam:DeleteServiceLinkedRole'
      - 'iam:GetUser'
      - 'iam:GetRolePolicy'
      - 'iam:DeletePolicyVersion'
    Resource:
      - 'arn:aws:iam::<account_no>:user/<desired_ci_name>'
      - 'arn:aws:iam::<account_no>:role/<desired_ci_roles>'