Skip to content

Instantly share code, notes, and snippets.

@nulconaux

nulconaux/vantage_cross_account_connection.tf

Created November 30, 2021 14:48
Show Gist options
  • Save nulconaux/96bb6981976f9017467802df15afd809 to your computer and use it in GitHub Desktop.
Save nulconaux/96bb6981976f9017467802df15afd809 to your computer and use it in GitHub Desktop.
Download ZIP
console.vantage.sh
Raw
vantage_cross_account_connection.tf
resource "aws_iam_role" "vantage_cross_account_connection" {
name = "vantage_cross_account_connection"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "AROAZFRV7IUIVTOGNCJUN"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "919T-KuJTq0oPsCNtoUGUw"
}
}
}
]
}
EOF
inline_policy {
name = "vantage_read_only"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": "*",
"Action": [
"a4b:List*",
"a4b:Search*",
"access-analyzer:ListAnalyzedResources",
"access-analyzer:ListAnalyzers",
"access-analyzer:ListArchiveRules",
"access-analyzer:ListFindings",
"access-analyzer:ListTagsForResource",
"acm:Describe*",
"acm:List*",
"acm-pca:Describe*",
"acm-pca:List*",
"amplify:ListApps",
"amplify:ListBranches",
"amplify:ListDomainAssociations",
"amplify:ListJobs",
"application-autoscaling:Describe*",
"applicationinsights:Describe*",
"applicationinsights:List*",
"appmesh:Describe*",
"appmesh:List*",
"appstream:Describe*",
"appstream:List*",
"appsync:List*",
"autoscaling:Describe*",
"autoscaling-plans:Describe*",
"athena:List*",
"athena:Batch*",
"aws-portal:View*",
"backup:Describe*",
"backup:List*",
"batch:List*",
"batch:Describe*",
"budgets:Describe*",
"budgets:View*",
"cassandra:Select",
"ce:Get*",
"chatbot:Describe*",
"chime:List*",
"chime:Retrieve*",
"chime:Search*",
"chime:Validate*",
"cloud9:Describe*",
"cloud9:List*",
"clouddirectory:List*",
"clouddirectory:BatchRead",
"clouddirectory:LookupPolicy",
"cloudformation:Describe*",
"cloudformation:Detect*",
"cloudformation:List*",
"cloudformation:Estimate*",
"cloudfront:List*",
"cloudhsm:List*",
"cloudhsm:Describe*",
"cloudsearch:Describe*",
"cloudsearch:List*",
"cloudtrail:Describe*",
"cloudtrail:Get*",
"cloudtrail:List*",
"cloudtrail:LookupEvents",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"codeartifact:DescribeDomain",
"codeartifact:DescribePackageVersion",
"codeartifact:DescribeRepository",
"codeartifact:ListDomains",
"codeartifact:ListPackages",
"codeartifact:ListPackageVersionAssets",
"codeartifact:ListPackageVersionDependencies",
"codeartifact:ListPackageVersions",
"codeartifact:ListRepositories",
"codeartifact:ListRepositoriesInDomain",
"codebuild:DescribeCodeCoverages",
"codebuild:DescribeTestCases",
"codebuild:Get*",
"codebuild:List*",
"codebuild:BatchGetBuilds",
"codebuild:BatchGetProjects",
"codecommit:Describe*",
"codecommit:GitPull",
"codecommit:List*",
"codedeploy:List*",
"codeguru-profiler:Describe*",
"codeguru-profiler:List*",
"codeguru-reviewer:Describe*",
"codeguru-reviewer:List*",
"codepipeline:List*",
"codepipeline:Get*",
"codestar:List*",
"codestar:Describe*",
"codestar-notifications:describeNotificationRule",
"codestar-notifications:listEventTypes",
"codestar-notifications:listNotificationRules",
"codestar-notifications:listTagsForResource",
"codestar-notifications:ListTargets",
"compute-optimizer:DescribeRecommendationExportJobs",
"compute-optimizer:GetAutoScalingGroupRecommendations",
"compute-optimizer:GetEC2InstanceRecommendations",
"compute-optimizer:GetEC2RecommendationProjectedMetrics",
"compute-optimizer:GetEnrollmentStatus",
"compute-optimizer:GetRecommendationSummaries",
"cognito-identity:Describe*",
"cognito-identity:List*",
"cognito-identity:Lookup*",
"cognito-sync:List*",
"cognito-sync:Describe*",
"cognito-sync:QueryRecords",
"cognito-idp:AdminList*",
"cognito-idp:List*",
"cognito-idp:Describe*",
"config:Deliver*",
"config:Describe*",
"config:List*",
"config:SelectResourceConfig",
"connect:List*",
"connect:Describe*",
"dataexchange:List*",
"datasync:Describe*",
"datasync:List*",
"datapipeline:Describe*",
"datapipeline:EvaluateExpression",
"datapipeline:List*",
"datapipeline:Validate*",
"dax:Describe*",
"dax:ListTags",
"dax:Query",
"dax:Scan",
"detective:List*",
"devicefarm:List*",
"directconnect:Describe*",
"discovery:Describe*",
"discovery:List*",
"dms:Describe*",
"dms:List*",
"dms:Test*",
"ds:Check*",
"ds:Describe*",
"ds:List*",
"ds:Verify*",
"dynamodb:Describe*",
"dynamodb:List*",
"dynamodb:Query",
"dynamodb:Scan",
"ec2:Describe*",
"ec2:GetCapacityReservationUsage",
"ec2:GetEbsEncryptionByDefault",
"ec2:SearchTransitGatewayRoutes",
"ecr:BatchCheck*",
"ecr:BatchGet*",
"ecr:Describe*",
"ecr:List*",
"ecs:Describe*",
"ecs:List*",
"eks:DescribeCluster",
"eks:DescribeUpdate",
"eks:Describe*",
"eks:ListClusters",
"eks:ListUpdates",
"eks:List*",
"elasticache:Describe*",
"elasticache:List*",
"elasticbeanstalk:Check*",
"elasticbeanstalk:Describe*",
"elasticbeanstalk:List*",
"elasticbeanstalk:Request*",
"elasticbeanstalk:Retrieve*",
"elasticbeanstalk:Validate*",
"elasticfilesystem:Describe*",
"elasticloadbalancing:Describe*",
"elasticmapreduce:Describe*",
"elasticmapreduce:List*",
"elasticmapreduce:View*",
"elastictranscoder:List*",
"elastictranscoder:Read*",
"elemental-appliances-software:List*",
"es:Describe*",
"es:List*",
"es:ESHttpHead",
"events:Describe*",
"events:List*",
"events:Test*",
"firehose:Describe*",
"firehose:List*",
"fsx:Describe*",
"fsx:List*",
"freertos:Describe*",
"freertos:List*",
"gamelift:List*",
"gamelift:Describe*",
"gamelift:RequestUploadCredentials",
"gamelift:ResolveAlias",
"gamelift:Search*",
"glacier:List*",
"glacier:Describe*",
"globalaccelerator:Describe*",
"globalaccelerator:List*",
"glue:ListCrawlers",
"glue:ListDevEndpoints",
"glue:ListJobs",
"glue:ListMLTransforms",
"glue:ListTriggers",
"glue:ListWorkflows",
"greengrass:List*",
"guardduty:List*",
"health:Describe*",
"iam:Generate*",
"iam:Get*",
"iam:List*",
"iam:Simulate*",
"imagebuilder:List*",
"importexport:List*",
"inspector:Describe*",
"inspector:List*",
"inspector:Preview*",
"iot:Describe*",
"iot:List*",
"iotanalytics:Describe*",
"iotanalytics:List*",
"iotanalytics:SampleChannelData",
"iotsitewise:Describe*",
"iotsitewise:List*",
"kafka:Describe*",
"kafka:List*",
"kinesisanalytics:Describe*",
"kinesisanalytics:Discover*",
"kinesisanalytics:List*",
"kinesisvideo:Describe*",
"kinesisvideo:List*",
"kinesis:Describe*",
"kinesis:List*",
"kms:Describe*",
"kms:List*",
"lambda:List*",
"license-manager:List*",
"logs:Describe*",
"logs:Get*",
"logs:FilterLogEvents",
"logs:ListTagsLogGroup",
"logs:StartQuery",
"logs:StopQuery",
"logs:TestMetricFilter",
"machinelearning:Describe*",
"mediaconvert:DescribeEndpoints",
"mediaconvert:List*",
"mediapackage:List*",
"mediapackage:Describe*",
"mgh:Describe*",
"mgh:List*",
"mobilehub:Describe*",
"mobilehub:List*",
"mobilehub:Verify*",
"mobiletargeting:List*",
"mq:Describe*",
"mq:List*",
"opsworks:Describe*",
"opsworks-cm:List*",
"opsworks-cm:Describe*",
"organizations:Describe*",
"organizations:List*",
"outposts:List*",
"personalize:Describe*",
"personalize:List*",
"pi:DescribeDimensionKeys",
"polly:Describe*",
"polly:List*",
"polly:SynthesizeSpeech",
"qldb:ListLedgers",
"qldb:DescribeLedger",
"qldb:ListTagsForResource",
"ram:List*",
"rekognition:List*",
"rekognition:Search*",
"rds:Describe*",
"rds:List*",
"redshift:Describe*",
"redshift:View*",
"resource-groups:Get*",
"resource-groups:List*",
"resource-groups:Search*",
"robomaker:BatchDescribe*",
"robomaker:Describe*",
"robomaker:List*",
"route53:Get*",
"route53:List*",
"route53:Test*",
"route53domains:Check*",
"route53domains:Get*",
"route53domains:List*",
"route53domains:View*",
"route53resolver:Get*",
"route53resolver:List*",
"s3:List*",
"s3:GetBucketLocation",
"s3:GetBucketTagging",
"sagemaker:Describe*",
"sagemaker:List*",
"sagemaker:Search",
"schemas:Describe*",
"schemas:List*",
"schemas:Search*",
"sdb:List*",
"sdb:Select*",
"secretsmanager:List*",
"secretsmanager:Describe*",
"securityhub:Describe*",
"securityhub:List*",
"serverlessrepo:List*",
"serverlessrepo:SearchApplications",
"servicecatalog:List*",
"servicecatalog:Scan*",
"servicecatalog:Search*",
"servicecatalog:Describe*",
"servicediscovery:Get*",
"servicediscovery:List*",
"servicequotas:GetAssociationForServiceQuotaTemplate",
"servicequotas:GetAWSDefaultServiceQuota",
"servicequotas:GetRequestedServiceQuotaChange",
"servicequotas:GetServiceQuota",
"servicequotas:GetServiceQuotaIncreaseRequestFromTemplate",
"servicequotas:ListAWSDefaultServiceQuotas",
"servicequotas:ListRequestedServiceQuotaChangeHistory",
"servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota",
"servicequotas:ListServices",
"servicequotas:ListServiceQuotas",
"servicequotas:ListServiceQuotaIncreaseRequestsInTemplate",
"ses:List*",
"ses:Describe*",
"shield:Describe*",
"shield:List*",
"signer:DescribeSigningJob",
"signer:ListSigningJobs",
"signer:ListSigningPlatforms",
"signer:ListSigningProfiles",
"signer:ListTagsForResource",
"snowball:Describe*",
"snowball:List*",
"sns:List*",
"sns:Check*",
"sqs:List*",
"sqs:Receive*",
"ssm:Describe*",
"ssm:List*",
"sso:Describe*",
"sso:List*",
"sso:Search*",
"sso-directory:Describe*",
"sso-directory:List*",
"sso-directory:Search*",
"states:List*",
"states:Describe*",
"storagegateway:Describe*",
"storagegateway:List*",
"sts:GetCallerIdentity",
"sts:GetSessionToken",
"swf:Count*",
"swf:Describe*",
"swf:List*",
"synthetics:Describe*",
"synthetics:List*",
"tag:Get*",
"transfer:Describe*",
"transfer:List*",
"transfer:TestIdentityProvider",
"transcribe:List*",
"trustedadvisor:Describe*",
"waf:List*",
"wafv2:CheckCapacity",
"wafv2:Describe*",
"wafv2:List*",
"waf-regional:List*",
"worklink:Describe*",
"worklink:List*",
"workmail:Describe*",
"workmail:List*",
"workmail:Search*",
"workspaces:Describe*"
]
}
]
}
EOF
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment