Created
November 30, 2021 14:48
-
-
Save nulconaux/96bb6981976f9017467802df15afd809 to your computer and use it in GitHub Desktop.
console.vantage.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resource "aws_iam_role" "vantage_cross_account_connection" { | |
name = "vantage_cross_account_connection" | |
assume_role_policy = <<EOF | |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Principal": { | |
"AWS": "AROAZFRV7IUIVTOGNCJUN" | |
}, | |
"Action": "sts:AssumeRole", | |
"Condition": { | |
"StringEquals": { | |
"sts:ExternalId": "919T-KuJTq0oPsCNtoUGUw" | |
} | |
} | |
} | |
] | |
} | |
EOF | |
inline_policy { | |
name = "vantage_read_only" | |
policy = <<EOF | |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Resource": "*", | |
"Action": [ | |
"a4b:List*", | |
"a4b:Search*", | |
"access-analyzer:ListAnalyzedResources", | |
"access-analyzer:ListAnalyzers", | |
"access-analyzer:ListArchiveRules", | |
"access-analyzer:ListFindings", | |
"access-analyzer:ListTagsForResource", | |
"acm:Describe*", | |
"acm:List*", | |
"acm-pca:Describe*", | |
"acm-pca:List*", | |
"amplify:ListApps", | |
"amplify:ListBranches", | |
"amplify:ListDomainAssociations", | |
"amplify:ListJobs", | |
"application-autoscaling:Describe*", | |
"applicationinsights:Describe*", | |
"applicationinsights:List*", | |
"appmesh:Describe*", | |
"appmesh:List*", | |
"appstream:Describe*", | |
"appstream:List*", | |
"appsync:List*", | |
"autoscaling:Describe*", | |
"autoscaling-plans:Describe*", | |
"athena:List*", | |
"athena:Batch*", | |
"aws-portal:View*", | |
"backup:Describe*", | |
"backup:List*", | |
"batch:List*", | |
"batch:Describe*", | |
"budgets:Describe*", | |
"budgets:View*", | |
"cassandra:Select", | |
"ce:Get*", | |
"chatbot:Describe*", | |
"chime:List*", | |
"chime:Retrieve*", | |
"chime:Search*", | |
"chime:Validate*", | |
"cloud9:Describe*", | |
"cloud9:List*", | |
"clouddirectory:List*", | |
"clouddirectory:BatchRead", | |
"clouddirectory:LookupPolicy", | |
"cloudformation:Describe*", | |
"cloudformation:Detect*", | |
"cloudformation:List*", | |
"cloudformation:Estimate*", | |
"cloudfront:List*", | |
"cloudhsm:List*", | |
"cloudhsm:Describe*", | |
"cloudsearch:Describe*", | |
"cloudsearch:List*", | |
"cloudtrail:Describe*", | |
"cloudtrail:Get*", | |
"cloudtrail:List*", | |
"cloudtrail:LookupEvents", | |
"cloudwatch:Describe*", | |
"cloudwatch:Get*", | |
"cloudwatch:List*", | |
"codeartifact:DescribeDomain", | |
"codeartifact:DescribePackageVersion", | |
"codeartifact:DescribeRepository", | |
"codeartifact:ListDomains", | |
"codeartifact:ListPackages", | |
"codeartifact:ListPackageVersionAssets", | |
"codeartifact:ListPackageVersionDependencies", | |
"codeartifact:ListPackageVersions", | |
"codeartifact:ListRepositories", | |
"codeartifact:ListRepositoriesInDomain", | |
"codebuild:DescribeCodeCoverages", | |
"codebuild:DescribeTestCases", | |
"codebuild:Get*", | |
"codebuild:List*", | |
"codebuild:BatchGetBuilds", | |
"codebuild:BatchGetProjects", | |
"codecommit:Describe*", | |
"codecommit:GitPull", | |
"codecommit:List*", | |
"codedeploy:List*", | |
"codeguru-profiler:Describe*", | |
"codeguru-profiler:List*", | |
"codeguru-reviewer:Describe*", | |
"codeguru-reviewer:List*", | |
"codepipeline:List*", | |
"codepipeline:Get*", | |
"codestar:List*", | |
"codestar:Describe*", | |
"codestar-notifications:describeNotificationRule", | |
"codestar-notifications:listEventTypes", | |
"codestar-notifications:listNotificationRules", | |
"codestar-notifications:listTagsForResource", | |
"codestar-notifications:ListTargets", | |
"compute-optimizer:DescribeRecommendationExportJobs", | |
"compute-optimizer:GetAutoScalingGroupRecommendations", | |
"compute-optimizer:GetEC2InstanceRecommendations", | |
"compute-optimizer:GetEC2RecommendationProjectedMetrics", | |
"compute-optimizer:GetEnrollmentStatus", | |
"compute-optimizer:GetRecommendationSummaries", | |
"cognito-identity:Describe*", | |
"cognito-identity:List*", | |
"cognito-identity:Lookup*", | |
"cognito-sync:List*", | |
"cognito-sync:Describe*", | |
"cognito-sync:QueryRecords", | |
"cognito-idp:AdminList*", | |
"cognito-idp:List*", | |
"cognito-idp:Describe*", | |
"config:Deliver*", | |
"config:Describe*", | |
"config:List*", | |
"config:SelectResourceConfig", | |
"connect:List*", | |
"connect:Describe*", | |
"dataexchange:List*", | |
"datasync:Describe*", | |
"datasync:List*", | |
"datapipeline:Describe*", | |
"datapipeline:EvaluateExpression", | |
"datapipeline:List*", | |
"datapipeline:Validate*", | |
"dax:Describe*", | |
"dax:ListTags", | |
"dax:Query", | |
"dax:Scan", | |
"detective:List*", | |
"devicefarm:List*", | |
"directconnect:Describe*", | |
"discovery:Describe*", | |
"discovery:List*", | |
"dms:Describe*", | |
"dms:List*", | |
"dms:Test*", | |
"ds:Check*", | |
"ds:Describe*", | |
"ds:List*", | |
"ds:Verify*", | |
"dynamodb:Describe*", | |
"dynamodb:List*", | |
"dynamodb:Query", | |
"dynamodb:Scan", | |
"ec2:Describe*", | |
"ec2:GetCapacityReservationUsage", | |
"ec2:GetEbsEncryptionByDefault", | |
"ec2:SearchTransitGatewayRoutes", | |
"ecr:BatchCheck*", | |
"ecr:BatchGet*", | |
"ecr:Describe*", | |
"ecr:List*", | |
"ecs:Describe*", | |
"ecs:List*", | |
"eks:DescribeCluster", | |
"eks:DescribeUpdate", | |
"eks:Describe*", | |
"eks:ListClusters", | |
"eks:ListUpdates", | |
"eks:List*", | |
"elasticache:Describe*", | |
"elasticache:List*", | |
"elasticbeanstalk:Check*", | |
"elasticbeanstalk:Describe*", | |
"elasticbeanstalk:List*", | |
"elasticbeanstalk:Request*", | |
"elasticbeanstalk:Retrieve*", | |
"elasticbeanstalk:Validate*", | |
"elasticfilesystem:Describe*", | |
"elasticloadbalancing:Describe*", | |
"elasticmapreduce:Describe*", | |
"elasticmapreduce:List*", | |
"elasticmapreduce:View*", | |
"elastictranscoder:List*", | |
"elastictranscoder:Read*", | |
"elemental-appliances-software:List*", | |
"es:Describe*", | |
"es:List*", | |
"es:ESHttpHead", | |
"events:Describe*", | |
"events:List*", | |
"events:Test*", | |
"firehose:Describe*", | |
"firehose:List*", | |
"fsx:Describe*", | |
"fsx:List*", | |
"freertos:Describe*", | |
"freertos:List*", | |
"gamelift:List*", | |
"gamelift:Describe*", | |
"gamelift:RequestUploadCredentials", | |
"gamelift:ResolveAlias", | |
"gamelift:Search*", | |
"glacier:List*", | |
"glacier:Describe*", | |
"globalaccelerator:Describe*", | |
"globalaccelerator:List*", | |
"glue:ListCrawlers", | |
"glue:ListDevEndpoints", | |
"glue:ListJobs", | |
"glue:ListMLTransforms", | |
"glue:ListTriggers", | |
"glue:ListWorkflows", | |
"greengrass:List*", | |
"guardduty:List*", | |
"health:Describe*", | |
"iam:Generate*", | |
"iam:Get*", | |
"iam:List*", | |
"iam:Simulate*", | |
"imagebuilder:List*", | |
"importexport:List*", | |
"inspector:Describe*", | |
"inspector:List*", | |
"inspector:Preview*", | |
"iot:Describe*", | |
"iot:List*", | |
"iotanalytics:Describe*", | |
"iotanalytics:List*", | |
"iotanalytics:SampleChannelData", | |
"iotsitewise:Describe*", | |
"iotsitewise:List*", | |
"kafka:Describe*", | |
"kafka:List*", | |
"kinesisanalytics:Describe*", | |
"kinesisanalytics:Discover*", | |
"kinesisanalytics:List*", | |
"kinesisvideo:Describe*", | |
"kinesisvideo:List*", | |
"kinesis:Describe*", | |
"kinesis:List*", | |
"kms:Describe*", | |
"kms:List*", | |
"lambda:List*", | |
"license-manager:List*", | |
"logs:Describe*", | |
"logs:Get*", | |
"logs:FilterLogEvents", | |
"logs:ListTagsLogGroup", | |
"logs:StartQuery", | |
"logs:StopQuery", | |
"logs:TestMetricFilter", | |
"machinelearning:Describe*", | |
"mediaconvert:DescribeEndpoints", | |
"mediaconvert:List*", | |
"mediapackage:List*", | |
"mediapackage:Describe*", | |
"mgh:Describe*", | |
"mgh:List*", | |
"mobilehub:Describe*", | |
"mobilehub:List*", | |
"mobilehub:Verify*", | |
"mobiletargeting:List*", | |
"mq:Describe*", | |
"mq:List*", | |
"opsworks:Describe*", | |
"opsworks-cm:List*", | |
"opsworks-cm:Describe*", | |
"organizations:Describe*", | |
"organizations:List*", | |
"outposts:List*", | |
"personalize:Describe*", | |
"personalize:List*", | |
"pi:DescribeDimensionKeys", | |
"polly:Describe*", | |
"polly:List*", | |
"polly:SynthesizeSpeech", | |
"qldb:ListLedgers", | |
"qldb:DescribeLedger", | |
"qldb:ListTagsForResource", | |
"ram:List*", | |
"rekognition:List*", | |
"rekognition:Search*", | |
"rds:Describe*", | |
"rds:List*", | |
"redshift:Describe*", | |
"redshift:View*", | |
"resource-groups:Get*", | |
"resource-groups:List*", | |
"resource-groups:Search*", | |
"robomaker:BatchDescribe*", | |
"robomaker:Describe*", | |
"robomaker:List*", | |
"route53:Get*", | |
"route53:List*", | |
"route53:Test*", | |
"route53domains:Check*", | |
"route53domains:Get*", | |
"route53domains:List*", | |
"route53domains:View*", | |
"route53resolver:Get*", | |
"route53resolver:List*", | |
"s3:List*", | |
"s3:GetBucketLocation", | |
"s3:GetBucketTagging", | |
"sagemaker:Describe*", | |
"sagemaker:List*", | |
"sagemaker:Search", | |
"schemas:Describe*", | |
"schemas:List*", | |
"schemas:Search*", | |
"sdb:List*", | |
"sdb:Select*", | |
"secretsmanager:List*", | |
"secretsmanager:Describe*", | |
"securityhub:Describe*", | |
"securityhub:List*", | |
"serverlessrepo:List*", | |
"serverlessrepo:SearchApplications", | |
"servicecatalog:List*", | |
"servicecatalog:Scan*", | |
"servicecatalog:Search*", | |
"servicecatalog:Describe*", | |
"servicediscovery:Get*", | |
"servicediscovery:List*", | |
"servicequotas:GetAssociationForServiceQuotaTemplate", | |
"servicequotas:GetAWSDefaultServiceQuota", | |
"servicequotas:GetRequestedServiceQuotaChange", | |
"servicequotas:GetServiceQuota", | |
"servicequotas:GetServiceQuotaIncreaseRequestFromTemplate", | |
"servicequotas:ListAWSDefaultServiceQuotas", | |
"servicequotas:ListRequestedServiceQuotaChangeHistory", | |
"servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota", | |
"servicequotas:ListServices", | |
"servicequotas:ListServiceQuotas", | |
"servicequotas:ListServiceQuotaIncreaseRequestsInTemplate", | |
"ses:List*", | |
"ses:Describe*", | |
"shield:Describe*", | |
"shield:List*", | |
"signer:DescribeSigningJob", | |
"signer:ListSigningJobs", | |
"signer:ListSigningPlatforms", | |
"signer:ListSigningProfiles", | |
"signer:ListTagsForResource", | |
"snowball:Describe*", | |
"snowball:List*", | |
"sns:List*", | |
"sns:Check*", | |
"sqs:List*", | |
"sqs:Receive*", | |
"ssm:Describe*", | |
"ssm:List*", | |
"sso:Describe*", | |
"sso:List*", | |
"sso:Search*", | |
"sso-directory:Describe*", | |
"sso-directory:List*", | |
"sso-directory:Search*", | |
"states:List*", | |
"states:Describe*", | |
"storagegateway:Describe*", | |
"storagegateway:List*", | |
"sts:GetCallerIdentity", | |
"sts:GetSessionToken", | |
"swf:Count*", | |
"swf:Describe*", | |
"swf:List*", | |
"synthetics:Describe*", | |
"synthetics:List*", | |
"tag:Get*", | |
"transfer:Describe*", | |
"transfer:List*", | |
"transfer:TestIdentityProvider", | |
"transcribe:List*", | |
"trustedadvisor:Describe*", | |
"waf:List*", | |
"wafv2:CheckCapacity", | |
"wafv2:Describe*", | |
"wafv2:List*", | |
"waf-regional:List*", | |
"worklink:Describe*", | |
"worklink:List*", | |
"workmail:Describe*", | |
"workmail:List*", | |
"workmail:Search*", | |
"workspaces:Describe*" | |
] | |
} | |
] | |
} | |
EOF | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment