xavierdavidgarcia/onekloud-aws-metadata-access-policy

## onekloud-aws-metadata-access-policy
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "FullPolicy",
            "Action": [
                "aws-portal:ViewBilling",
                "aws-portal:ViewUsage",
                "autoscaling:Describe*",
                "cloudformation:DescribeStacks",
                "cloudformation:GetStackPolicy",
                "cloudformation:GetTemplate",
                "cloudformation:ListStackResources",
                "cloudfront:Get*",
                "cloudfront:List*",
                "cloudtrail:DescribeTrails",
                "cloudtrail:GetTrailStatus",
                "cloudwatch:Describe*",
                "cloudwatch:Get*",
                "cloudwatch:List*",
                "ec2:Describe*",
                "ec2:GetHostReservationPurchasePreview",
                "ec2:GetReservedInstancesExchangeQuote",
                "ecs:List*",
                "ecs:Describe*",
                "elasticache:Describe*",
                "elasticache:List*",
                "elasticache:Describe*",
                "elasticbeanstalk:Describe*",
                "elasticbeanstalk:List*",
                "elasticbeanstalk:RequestEnvironmentInfo",
                "elasticbeanstalk:RetrieveEnvironmentInfo",
                "elasticloadbalancing:Describe*",
                "elasticmapreduce:Describe*",
                "elasticmapreduce:List*",
                "elasticmapreduce:Describe*",
                "es:List*",
                "es:Describe*",
                "glacier:List*",
                "glacier:Describe*",
                "glacier:Get*",
                "iam:Get*",
                "iam:List*",
                "iam:GenerateCredentialReport",
                "lambda:List*",
                "rds:Describe*",
                "rds:ListTagsForResource",
                "redshift:Describe*",
                "route53:Get*",
                "route53:List*",
                "s3:List*"
            ],
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Sid": "CloudWatchLogsSpecific",
            "Effect": "Allow",
            "Action": [
                "logs:GetLogEvents",
                "logs:DescribeLogGroups",
                "logs:DescribeLogStreams"
            ],
            "Resource": [
                "arn:aws:logs:*:*:*"
            ]
        }
    ]
}
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "FullPolicy",
	"Action": [
	"aws-portal:ViewBilling",
	"aws-portal:ViewUsage",
	"autoscaling:Describe*",
	"cloudformation:DescribeStacks",
	"cloudformation:GetStackPolicy",
	"cloudformation:GetTemplate",
	"cloudformation:ListStackResources",
	"cloudfront:Get*",
	"cloudfront:List*",
	"cloudtrail:DescribeTrails",
	"cloudtrail:GetTrailStatus",
	"cloudwatch:Describe*",
	"cloudwatch:Get*",
	"cloudwatch:List*",
	"ec2:Describe*",
	"ec2:GetHostReservationPurchasePreview",
	"ec2:GetReservedInstancesExchangeQuote",
	"ecs:List*",
	"ecs:Describe*",
	"elasticache:Describe*",
	"elasticache:List*",
	"elasticache:Describe*",
	"elasticbeanstalk:Describe*",
	"elasticbeanstalk:List*",
	"elasticbeanstalk:RequestEnvironmentInfo",
	"elasticbeanstalk:RetrieveEnvironmentInfo",
	"elasticloadbalancing:Describe*",
	"elasticmapreduce:Describe*",
	"elasticmapreduce:List*",
	"elasticmapreduce:Describe*",
	"es:List*",
	"es:Describe*",
	"glacier:List*",
	"glacier:Describe*",
	"glacier:Get*",
	"iam:Get*",
	"iam:List*",
	"iam:GenerateCredentialReport",
	"lambda:List*",
	"rds:Describe*",
	"rds:ListTagsForResource",
	"redshift:Describe*",
	"route53:Get*",
	"route53:List*",
	"s3:List*"
	],
	"Effect": "Allow",
	"Resource": "*"
	},
	{
	"Sid": "CloudWatchLogsSpecific",
	"Effect": "Allow",
	"Action": [
	"logs:GetLogEvents",
	"logs:DescribeLogGroups",
	"logs:DescribeLogStreams"
	],
	"Resource": [
	"arn:aws:logs:::*"
	]
	}
	]
	}