Last active
July 23, 2020 04:45
-
-
Save wwwy3y3/5c613c5cdb6e4d1b9be90969e950eaa0 to your computer and use it in GitHub Desktop.
CannerFlow Deployment JSON
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Sid": "CreateResource", | |
"Effect": "Allow", | |
"Action": [ | |
"rds:CreateDBSubnetGroup", | |
"rds:CreateDBInstance", | |
"rds:DescribeDBInstances", | |
"rds:ListTagsForResource", | |
"rds:ModifyDBInstance", | |
"rds:DescribeDBSubnetGroups", | |
"s3:GetBucketWebsite", | |
"s3:GetReplicationConfiguration", | |
"s3:GetLifecycleConfiguration", | |
"s3:GetBucketTagging", | |
"s3:ListBucket", | |
"s3:PutBucketTagging", | |
"s3:GetBucketVersioning", | |
"s3:GetBucketCORS", | |
"s3:CreateBucket", | |
"s3:GetBucketObjectLockConfiguration", | |
"s3:PutBucketCORS", | |
"s3:GetBucketLogging", | |
"s3:GetAccelerateConfiguration", | |
"s3:GetEncryptionConfiguration", | |
"s3:GetBucketRequestPayment", | |
"s3:GetBucketLocation", | |
"route53:ListHostedZones", | |
"route53:ListTagsForResource", | |
"route53:GetHostedZone", | |
"route53:ListResourceRecordSets", | |
"route53:CreateHostedZone", | |
"route53:ChangeResourceRecordSets", | |
"route53:GetChange", | |
"iam:PutRolePolicy", | |
"iam:GetRolePolicy", | |
"iam:AddRoleToInstanceProfile", | |
"iam:CreateInstanceProfile", | |
"iam:GetRole", | |
"iam:TagRole", | |
"iam:PassRole", | |
"iam:CreatePolicy", | |
"iam:GetPolicy", | |
"iam:CreateServiceLinkedRole", | |
"iam:UpdateAssumeRolePolicy", | |
"iam:GetPolicyVersion", | |
"iam:CreateRole", | |
"iam:AttachRolePolicy", | |
"iam:ListAttachedRolePolicies", | |
"iam:GetInstanceProfile", | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:AttachInternetGateway", | |
"ec2:CreateRoute", | |
"ec2:CreateInternetGateway", | |
"ec2:RevokeSecurityGroupEgress", | |
"ec2:DescribeVpcClassicLinkDnsSupport", | |
"ec2:CreateTags", | |
"ec2:RevokeSecurityGroupIngress", | |
"ec2:CreateSubnet", | |
"ec2:DescribeSubnets", | |
"ec2:CreateVpc", | |
"ec2:DescribeVpcAttribute", | |
"ec2:ModifySubnetAttribute", | |
"ec2:DescribeAvailabilityZones", | |
"ec2:DeleteLaunchTemplateVersions", | |
"ec2:DeleteLaunchTemplate", | |
"ec2:DescribeSecurityGroups", | |
"ec2:CreateLaunchTemplate", | |
"ec2:DescribeVpcs", | |
"ec2:AcceptVpcPeeringConnection", | |
"ec2:AssociateVpcCidrBlock", | |
"ec2:AssociateRouteTable", | |
"ec2:DescribeInternetGateways", | |
"ec2:GetLaunchTemplateData", | |
"ec2:ModifyVpcPeeringConnectionOptions", | |
"ec2:CreateVpcPeeringConnection", | |
"ec2:DescribeNetworkAcls", | |
"ec2:DescribeRouteTables", | |
"ec2:EnableVpcClassicLink", | |
"ec2:DescribeLaunchTemplates", | |
"ec2:DescribeVpcPeeringConnections", | |
"ec2:CreateRouteTable", | |
"ec2:DescribeVpcClassicLink", | |
"ec2:DeleteTags", | |
"ec2:CreateSecurityGroup", | |
"ec2:ModifyVpcAttribute", | |
"ec2:AuthorizeSecurityGroupEgress", | |
"ec2:DescribeTags", | |
"ec2:DeleteRoute", | |
"ec2:DescribeLaunchTemplateVersions", | |
"ec2:CreateLaunchTemplateVersion", | |
"ec2:DescribeImages", | |
"ec2:ModifyLaunchTemplate", | |
"ec2:EnableVpcClassicLinkDnsSupport", | |
"ec2:RunInstances", | |
"ec2:DescribeAccountAttributes", | |
"ec2:DescribeInstances", | |
"secretsManager:GetRandomPassword", | |
"secretsManager:TagResource", | |
"secretsManager:CreateSecret", | |
"secretsManager:UpdateSecret", | |
"secretsmanager:PutSecretValue", | |
"secretsmanager:GetSecretValue", | |
"acm:AddTagsToCertificate", | |
"acm:RequestCertificate", | |
"acm:ListTagsForCertificate", | |
"acm:DescribeCertificate", | |
"autoscaling:CreateLaunchConfiguration", | |
"autoscaling:DescribeAutoScalingGroups", | |
"autoscaling:UpdateAutoScalingGroup", | |
"autoscaling:DescribeTags", | |
"autoscaling:CreateOrUpdateTags", | |
"autoscaling:CreateAutoScalingGroup", | |
"autoscaling:DescribeLaunchConfigurations", | |
"autoscaling:DescribeScalingActivities", | |
"autoscaling:DescribeScheduledActions", | |
"autoscaling:ResumeProcesses", | |
"autoscaling:SuspendProcesses", | |
"elasticloadbalancing:CreateLoadBalancer", | |
"elasticloadbalancing:DescribeLoadBalancers", | |
"eks:CreateCluster", | |
"eks:DescribeCluster" | |
], | |
"Resource": "*" | |
}, | |
{ | |
"Sid": "CloudFormationLookUp", | |
"Effect": "Allow", | |
"Action": [ | |
"ec2:DescribeVpcs", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeRouteTables", | |
"ec2:DescribeVpnGateways" | |
], | |
"Resource": "*" | |
}, | |
{ | |
"Sid": "TaggingResource", | |
"Effect": "Allow", | |
"Action": "ec2:CreateTags", | |
"Resource": [ | |
"arn:aws:ec2:*:*:subnet/*", | |
"arn:aws:ec2:*:*:vpc/*" | |
] | |
}, | |
{ | |
"Sid": "CloudFormation", | |
"Effect": "Allow", | |
"Action": [ | |
"cloudformation:DescribeStacks", | |
"cloudformation:CreateChangeSet", | |
"cloudformation:DescribeChangeSet", | |
"cloudformation:DescribeStackEvents", | |
"cloudformation:GetTemplate", | |
"cloudformation:ExecuteChangeSet", | |
"cloudformation:DeleteStack", | |
"cloudformation:DeleteChangeSet", | |
"ssm:GetParameters" | |
], | |
"Resource": "*" | |
}, | |
{ | |
"Sid": "DeleteResource", | |
"Effect": "Allow", | |
"Action": [ | |
"route53:DeleteHostedZone", | |
"iam:DeleteInstanceProfile", | |
"iam:DeleteRole", | |
"iam:DeletePolicy", | |
"iam:DeleteRolePolicy", | |
"iam:DeleteServiceLinkedRole", | |
"iam:RemoveRoleFromInstanceProfile", | |
"iam:DetachRolePolicy", | |
"secretsManager:DeleteSecret", | |
"autoscaling:DeleteLaunchConfiguration", | |
"autoscaling:DeleteTags", | |
"autoscaling:DeleteAutoScalingGroup", | |
"eks:DeleteCluster", | |
"ec2:DeleteSecurityGroup", | |
"rds:DeleteDBSubnetGroup", | |
"elasticloadbalancing:DeleteLoadBalancer" | |
], | |
"Resource": "*" | |
} | |
] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment