Lightning AI BYOC IAM policy - 2022-12-22

lai-iam-policy-v1.json

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "autoscaling:*",
        "cloudwatch:*",
        "ec2:*",
        "ecr:*",
        "eks:*",
        "elasticloadbalancing:*",
        "events:*",
        "guardduty:*",
        "iam:*",
        "logs:*",
        "route53resolver:*",
        "s3:*",
        "sns:*",
        "sqs:*",
        "tag:GetResources",
        "resource-groups:SearchResources",
        "codebuild:*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "iam:CreateServiceLinkedRole",
      "Resource": "*",
      "Condition": {
        "StringLike": {
          "iam:AWSServiceName": [
            "guardduty.amazonaws.com",
            "malware-protection.guardduty.amazonaws.com"
          ]
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": "iam:CreateServiceLinkedRole",
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "iam:AWSServiceName": [
            "autoscaling.amazonaws.com",
            "ec2scheduled.amazonaws.com",
            "elasticloadbalancing.amazonaws.com",
            "spot.amazonaws.com",
            "spotfleet.amazonaws.com",
            "transitgateway.amazonaws.com"
          ]
        }
      }
    }
  ]
}