Last active
May 16, 2017 18:26
-
-
Save pblittle/21ed58620121f60a7a51440705d1869e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Sid": "FullPolicy", | |
"Action": [ | |
"acm:DescribeCertificate", | |
"acm:ListCertificates", | |
"acm:GetCertificate", | |
"autoscaling:Describe*", | |
"cloudformation:DescribeStacks", | |
"cloudformation:GetStackPolicy", | |
"cloudformation:GetTemplate", | |
"cloudformation:ListStackResources", | |
"cloudfront:List*", | |
"cloudfront:GetDistributionConfig", | |
"cloudfront:GetStreamingDistributionConfig", | |
"cloudhsm:Describe*", | |
"cloudhsm:List*", | |
"cloudsearch:DescribeDomains", | |
"cloudsearch:DescribeServiceAccessPolicies", | |
"cloudsearch:DescribeStemmingOptions", | |
"cloudsearch:DescribeStopwordOptions", | |
"cloudsearch:DescribeSynonymOptions", | |
"cloudsearch:DescribeDefaultSearchField", | |
"cloudsearch:DescribeIndexFields", | |
"cloudsearch:DescribeRankExpressions", | |
"cloudtrail:DescribeTrails", | |
"cloudtrail:GetTrailStatus", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:GetMetricStatistics", | |
"cloudwatch:ListMetrics", | |
"config:DescribeConfigRules", | |
"config:GetComplianceDetailsByConfigRule", | |
"config:DescribeDeliveryChannels", | |
"config:DescribeDeliveryChannelStatus", | |
"config:DescribeConfigurationRecorders", | |
"config:DescribeConfigurationRecorderStatus", | |
"datapipeline:ListPipelines", | |
"datapipeline:GetPipelineDefinition", | |
"datapipeline:DescribePipelines", | |
"directconnect:DescribeLocations", | |
"directconnect:DescribeConnections", | |
"directconnect:DescribeVirtualInterfaces", | |
"dynamodb:ListTables", | |
"dynamodb:DescribeTable", | |
"ec2:DescribeAccountAttributes", | |
"ec2:DescribeAvailabilityZones", | |
"ec2:DescribeKeyPairs", | |
"ec2:DescribePlacementGroups", | |
"ec2:DescribeAddresses", | |
"ec2:DescribeReservedInstance*", | |
"ec2:DescribeSpotInstanceRequests", | |
"ec2:DescribeImages", | |
"ec2:DescribeImageAttribute", | |
"ec2:DescribeSnapshots", | |
"ec2:DescribeVolumes", | |
"ec2:DescribeTags", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeInstanceStatus", | |
"ec2:DescribeInstanceAttribute", | |
"ec2:DescribeVolumeStatus", | |
"ec2:DescribeInstances", | |
"ec2:GetConsoleOutput", | |
"ec2:DescribeDhcpOptions", | |
"ec2:DescribeCustomerGateways", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeVpcAttribute", | |
"ec2:DescribeVpcPeeringConnections", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeRouteTables", | |
"ec2:DescribeVpnConnections", | |
"ec2:DescribeNetworkAcls", | |
"ec2:DescribeInternetGateways", | |
"ec2:DescribeVpnGateways", | |
"ecs:ListClusters", | |
"ecs:DescribeClusters", | |
"ecs:ListContainerInstances", | |
"ecs:DescribeContainerInstances", | |
"ecs:ListServices", | |
"ecs:DescribeServices", | |
"ecs:ListTaskDefinitions", | |
"ecs:DescribeTaskDefinition", | |
"ecs:ListTasks", | |
"ecs:DescribeTasks", | |
"elasticache:DescribeCacheClusters", | |
"elasticache:DescribeReservedCacheNodes", | |
"elasticache:DescribeCacheSecurityGroups", | |
"elasticache:DescribeCacheParameterGroups", | |
"elasticache:DescribeCacheParameters", | |
"elasticache:DescribeCacheSubnetGroups", | |
"elasticbeanstalk:DescribeApplications", | |
"elasticbeanstalk:DescribeConfigurationSettings", | |
"elasticbeanstalk:DescribeEnvironments", | |
"elasticbeanstalk:DescribeEvents", | |
"elasticloadbalancing:DescribeLoadBalancers", | |
"elasticloadbalancing:DescribeInstanceHealth", | |
"elasticloadbalancing:DescribeLoadBalancerAttributes", | |
"elasticloadbalancing:DescribeTags", | |
"elasticmapreduce:DescribeJobFlows", | |
"elasticmapreduce:DescribeStep", | |
"elasticmapreduce:DescribeCluster", | |
"elasticmapreduce:DescribeTags", | |
"elasticmapreduce:ListSteps", | |
"elasticmapreduce:ListInstanceGroups", | |
"elasticmapreduce:ListBootstrapActions", | |
"elasticmapreduce:ListClusters", | |
"elasticmapreduce:ListInstances", | |
"es:ListDomainNames", | |
"es:DescribeElasticsearchDomains", | |
"glacier:List*", | |
"glacier:DescribeVault", | |
"glacier:GetVaultNotifications", | |
"glacier:DescribeJob", | |
"glacier:GetJobOutput", | |
"iam:Get*", | |
"iam:List*", | |
"iot:DescribeThing", | |
"iot:ListThings", | |
"iam:GenerateCredentialReport", | |
"kinesis:ListStreams", | |
"kinesis:DescribeStream", | |
"kinesis:GetShardIterator", | |
"kinesis:GetRecords", | |
"lambda:ListFunctions", | |
"rds:DescribeReservedDBInstances", | |
"rds:DescribeDBInstances", | |
"rds:DescribeDBSubnetGroups", | |
"rds:DescribeDBSecurityGroups", | |
"rds:DescribeDBParameterGroups", | |
"rds:DescribeDBSnapshots", | |
"rds:DescribeEvents", | |
"rds:DescribeEventSubscriptions", | |
"rds:DescribeDBEngineVersions", | |
"rds:DescribeOptionGroups", | |
"rds:ListTagsForResource", | |
"redshift:Describe*", | |
"redshift:ViewQueriesInConsole", | |
"route53:ListHealthChecks", | |
"route53:ListHostedZones", | |
"route53:ListResourceRecordSets", | |
"s3:GetBucketACL", | |
"s3:GetBucketLocation", | |
"s3:GetBucketLogging", | |
"s3:GetBucketPolicy", | |
"s3:GetBucketTagging", | |
"s3:GetBucketWebsite", | |
"s3:GetBucketNotification", | |
"s3:GetLifecycleConfiguration", | |
"s3:GetNotificationConfiguration", | |
"s3:GetObject", | |
"s3:GetObjectMetadata", | |
"s3:List*", | |
"ses:ListIdentities", | |
"ses:GetSendStatistics", | |
"ses:GetIdentityDkimAttributes", | |
"ses:GetIdentityVerificationAttributes", | |
"ses:GetSendQuota", | |
"sdb:ListDomains", | |
"sdb:DomainMetadata", | |
"support:*", | |
"swf:ListClosedWorkflowExecutions", | |
"swf:ListDomains", | |
"swf:ListActivityTypes", | |
"swf:ListWorkflowTypes", | |
"sns:GetSnsTopic", | |
"sns:GetTopicAttributes", | |
"sns:GetSubscriptionAttributes", | |
"sns:ListTopics", | |
"sns:ListSubscriptionsByTopic", | |
"sqs:ListQueues", | |
"sqs:GetQueueAttributes", | |
"workspaces:DescribeWorkspaceDirectories", | |
"workspaces:DescribeWorkspaceBundles", | |
"workspaces:DescribeWorkspaces" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Sid": "CloudWatchLogsSpecific", | |
"Effect": "Allow", | |
"Action": [ | |
"logs:GetLogEvents", | |
"logs:DescribeLogGroups", | |
"logs:DescribeLogStreams" | |
], | |
"Resource": [ | |
"arn:aws:logs:*:*:*" | |
] | |
} | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment