Skip to content

Instantly share code, notes, and snippets.

@nathanmalishev
Last active January 25, 2019 17:19
Show Gist options
  • Save nathanmalishev/37b46f41d56b0d48fa5c0db1541336a1 to your computer and use it in GitHub Desktop.
Save nathanmalishev/37b46f41d56b0d48fa5c0db1541336a1 to your computer and use it in GitHub Desktop.
A set of policies, used to create an initial ci user
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- 'cloudformation:CreateChangeSet'
- 'cloudformation:DescribeChangeSet'
- 'cloudformation:ExecuteChangeSet'
- 'cloudformation:DescribeStacks'
Resource:
- 'arn:aws:cloudformation:<region>:<account_no>:stack/<roles_permission_stack_name>/*'
- Effect: Allow
Action:
- 'cloudformation:ValidateTemplate'
- 'cloudformation:GetTemplateSummary'
Resource: '*'
- Effect: Allow
Action:
- 'iam:UpdateAssumeRolePolicy'
- 'iam:DeleteAccessKey'
- 'iam:DeletePolicy'
- 'iam:CreateRole'
- 'iam:AttachRolePolicy'
- 'iam:PutRolePolicy'
- 'iam:CreateUser'
- 'iam:CreateAccessKey'
- 'iam:ListInstanceProfilesForRole'
- 'iam:DetachRolePolicy'
- 'iam:DeleteRolePolicy'
- 'iam:ListAttachedRolePolicies'
- 'iam:ListRolePolicies'
- 'iam:ListAccessKeys'
- 'iam:GetRole'
- 'iam:DeleteUserPolicy'
- 'iam:ListRoles'
- 'iam:DeleteRole'
- 'iam:CreateServiceLinkedRole'
- 'iam:PutUserPolicy'
- 'iam:UpdateRole'
- 'iam:DeleteServiceLinkedRole'
- 'iam:GetUser'
- 'iam:GetRolePolicy'
- 'iam:DeletePolicyVersion'
Resource:
- 'arn:aws:iam::<account_no>:user/<desired_ci_name>'
- 'arn:aws:iam::<account_no>:role/<desired_ci_roles>'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment