Skip to content

Instantly share code, notes, and snippets.

@spark2ignite
Last active Sep 29, 2021
Embed
What would you like to do?
DoiT CMP IAM Policy for AWS
{
"Statement": [
{
"Sid": "OrganizationAccountAccessRole",
"Effect": "Allow",
"Action": ["sts:AssumeRole"],
"Resource": "arn:aws:iam::*:role/OrganizationAccountAccessRole"
},
{
"Sid": "Organizations",
"Effect": "Allow",
"Action": [
"organizations:ListAccounts*",
"organizations:ListHandshakes*",
"organizations:DescribeOrganization",
"organizations:DescribeAccount",
"organizations:DescribeCreateAccountStatus",
"organizations:DescribeHandshake",
"organizations:CreateAccount",
"organizations:InviteAccountToOrganization"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Sid": "HealthKnownIssues",
"Action": [
"health:EnableHealthServiceAccessForOrganization",
"health:DescribeEventsForOrganization",
"health:DescribeEvents"
],
"Resource": "*"
},
{
"Sid": "BillingPipeline",
"Effect": "Allow",
"Action": [
"iam:GetRole",
"ec2:DescribeReservedInstances",
"savingsplans:Describe*",
"ce:List*",
"ce:Describe*",
"ce:Get*"
],
"Resource": "*"
},
{
"Sid": "S3Bucket",
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": "arn:aws:s3:::XXX_MPA_S3_CUR_BUCKET"
},
{
"Sid": "S3Object",
"Effect": "Allow",
"Action": ["s3:GetObject"],
"Resource": "arn:aws:s3:::XXX_MPA_S3_CUR_BUCKET/*"
}
],
"Version": "2012-10-17"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment