Create a gist now

Instantly share code, notes, and snippets.

{
"Version": "2012-10-17",
"Statement": [{
"Action": "ec2:*",
"Effect": "Allow",
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:Region": [
"us-east-1",
"eu-west-1"
]
}
}
}, {
"Action": "s3:*",
"Effect": "Allow",
"Resource": "*"
}, {
"Effect": "Allow",
"Action": [
"rds:AddTagsToResource",
"rds:Create*",
"rds:Copy*",
"rds:DeleteDBInstance",
"rds:RebootDBInstance",
"rds:DownloadDBLogFilePortion",
"rds:ListTagsForResources",
"rds:ModifyDBInstance",
"rds:PromoteReadReplica",
"rds:RemoveTagsFromResource",
"rds:RestoreDBInstanceFromDBSnapshot",
"rds:DownloadDBLogFilePortion",
"rds:RestoreDBInstanceToPointInTime"
],
"Resource": [
"arn:aws:rds:us-east-1:<ACCOUND-ID>:*",
"arn:aws:rds:eu-west-1:<ACCOUND-ID>:*"
]
}, {
"Action": "vpc:*",
"Effect": "Allow",
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:Region": [
"us-east-1",
"eu-west-1"
]
}
}
}, {
"Action": "cloudformation:*",
"Effect": "Allow",
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:Region": [
"us-east-1",
"eu-west-1"
]
}
}
}, {
"Sid": "OnlyAllowCertainInstanceTypesToBeCreated",
"Effect": "Deny",
"Action": [
"ec2:RunInstances"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"ec2:InstanceType": [
"m2.xlarge",
"cg1.4xlarge",
"c3.4xlarge",
"c4.4xlarge",
"d2.xlarge",
"i2.xlarge",
"m3.2xlarge",
"r3.xlarge",
"m4.2xlarge",
"m2.2xlarge",
"c3.8xlarge",
"c4.8xlarge",
"cc2.8xlarge",
"g2.8xlarge",
"hi1.4xlarge",
"d2.2xlarge",
"i2.2xlarge",
"r3.2xlarge",
"m4.4xlarge",
"m2.4xlarge",
"hs1.8xlarge",
"d2.4xlarge",
"i2.4xlarge",
"r3.4xlarge",
"m4.10xlarge",
"cr1.8xlarge",
"d2.8xlarge",
"i2.8xlarge",
"r3.8xlarge"
]
}
}
}]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment