-
-
Save gene1wood/55b358748be3c314f956 to your computer and use it in GitHub Desktop.
{ | |
"APIGatewayServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/APIGatewayServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-22T18:22:01+00:00", | |
"DefaultVersionId": "v6", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"elasticloadbalancing:AddListenerCertificates", | |
"elasticloadbalancing:RemoveListenerCertificates", | |
"elasticloadbalancing:ModifyListener", | |
"xray:PutTraceSegments", | |
"xray:PutTelemetryRecords", | |
"xray:GetSamplingTargets", | |
"xray:GetSamplingRules", | |
"logs:CreateLogDelivery", | |
"logs:GetLogDelivery", | |
"logs:UpdateLogDelivery", | |
"logs:DeleteLogDelivery", | |
"logs:ListLogDeliveries" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"firehose:DescribeDeliveryStream", | |
"firehose:PutRecord", | |
"firehose:PutRecordBatch" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:firehose:*:*:deliverystream/amazon-apigateway-*" | |
}, | |
{ | |
"Action": [ | |
"acm:DescribeCertificate" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:acm:*:*:certificate/*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJQQDZNLDBF2ULTWK6", | |
"PolicyName": "APIGatewayServiceRolePolicy", | |
"UpdateDate": "2019-10-22T18:22:01+00:00", | |
"VersionId": "v6" | |
}, | |
"AWSAccountActivityAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSAccountActivityAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-02-06T18:41:18+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"aws-portal:ViewBilling" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJQRYCWMFX5J3E333K", | |
"PolicyName": "AWSAccountActivityAccess", | |
"UpdateDate": "2015-02-06T18:41:18+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSAccountUsageReportAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSAccountUsageReportAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-02-06T18:41:19+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"aws-portal:ViewUsage" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJLIB4VSBVO47ZSBB6", | |
"PolicyName": "AWSAccountUsageReportAccess", | |
"UpdateDate": "2015-02-06T18:41:19+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSAgentlessDiscoveryService": { | |
"Arn": "arn:aws:iam::aws:policy/AWSAgentlessDiscoveryService", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-08-02T01:35:11+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"awsconnector:RegisterConnector", | |
"awsconnector:GetConnectorHealth" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:GetUser", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject", | |
"s3:ListBucket" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::connector-platform-upgrade-info/*", | |
"arn:aws:s3:::connector-platform-upgrade-info", | |
"arn:aws:s3:::connector-platform-upgrade-bundles/*", | |
"arn:aws:s3:::connector-platform-upgrade-bundles", | |
"arn:aws:s3:::connector-platform-release-notes/*", | |
"arn:aws:s3:::connector-platform-release-notes", | |
"arn:aws:s3:::prod.agentless.discovery.connector.upgrade/*", | |
"arn:aws:s3:::prod.agentless.discovery.connector.upgrade" | |
] | |
}, | |
{ | |
"Action": [ | |
"s3:PutObject", | |
"s3:PutObjectAcl" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::import-to-ec2-connector-debug-logs/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"SNS:Publish" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:sns:*:*:metrics-sns-topic-for-*" | |
}, | |
{ | |
"Action": [ | |
"Discovery:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "Discovery" | |
}, | |
{ | |
"Action": [ | |
"arsenal:RegisterOnPremisesAgent" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "arsenal" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIA3DIL7BYQ35ISM4K", | |
"PolicyName": "AWSAgentlessDiscoveryService", | |
"UpdateDate": "2016-08-02T01:35:11+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSAppMeshEnvoyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSAppMeshEnvoyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-07-03T21:29:37+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"appmesh:StreamAggregatedResources" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4PMG6ZGSZZ", | |
"PolicyName": "AWSAppMeshEnvoyAccess", | |
"UpdateDate": "2019-07-03T21:29:37+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSAppMeshFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSAppMeshFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-03T22:28:34+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"appmesh:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:CreateServiceLinkedRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": [ | |
"appmesh.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/appmesh.amazonaws.com/AWSServiceRoleForAppMesh" | |
}, | |
{ | |
"Action": [ | |
"cloudformation:CreateStack", | |
"cloudformation:DeleteStack", | |
"cloudformation:DescribeStack*", | |
"cloudformation:UpdateStack" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:cloudformation:*:*:stack/AWSAppMesh-GettingStarted-*" | |
}, | |
{ | |
"Action": [ | |
"acm:ListCertificates", | |
"acm:DescribeCertificate" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4ILVZ5BWFU", | |
"PolicyName": "AWSAppMeshFullAccess", | |
"UpdateDate": "2019-10-03T22:28:34+00:00", | |
"VersionId": "v4" | |
}, | |
"AWSAppMeshPreviewEnvoyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSAppMeshPreviewEnvoyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-08-05T23:32:39+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"appmesh-preview:StreamAggregatedResources" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4NKURE3R2M", | |
"PolicyName": "AWSAppMeshPreviewEnvoyAccess", | |
"UpdateDate": "2019-08-05T23:32:39+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSAppMeshPreviewServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAppMeshPreviewServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-08-21T21:06:29+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"servicediscovery:DiscoverInstances" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CloudMapServiceDiscovery" | |
}, | |
{ | |
"Action": [ | |
"acm:DescribeCertificate" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "ACMCertificateVerification" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4FAQWKJYPJ", | |
"PolicyName": "AWSAppMeshPreviewServiceRolePolicy", | |
"UpdateDate": "2019-08-21T21:06:29+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSAppMeshReadOnly": { | |
"Arn": "arn:aws:iam::aws:policy/AWSAppMeshReadOnly", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-03T22:25:42+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"appmesh:Describe*", | |
"appmesh:List*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"cloudformation:DescribeStack*" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:cloudformation:*:*:stack/AWSAppMesh-GettingStarted-*" | |
}, | |
{ | |
"Action": [ | |
"acm:ListCertificates", | |
"acm:DescribeCertificate" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4HOPFCIWXP", | |
"PolicyName": "AWSAppMeshReadOnly", | |
"UpdateDate": "2019-10-03T22:25:42+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSAppMeshServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAppMeshServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-09-10T22:44:43+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"servicediscovery:DiscoverInstances" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CloudMapServiceDiscovery" | |
}, | |
{ | |
"Action": [ | |
"acm:DescribeCertificate" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "ACMCertificateVerification" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4B5IHMMEND", | |
"PolicyName": "AWSAppMeshServiceRolePolicy", | |
"UpdateDate": "2019-09-10T22:44:43+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSAppSyncAdministrator": { | |
"Arn": "arn:aws:iam::aws:policy/AWSAppSyncAdministrator", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-04T19:23:49+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"appsync:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringEquals": { | |
"iam:PassedToService": [ | |
"appsync.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringEquals": { | |
"iam:AWSServiceName": "appsync.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:DeleteServiceLinkedRole", | |
"iam:GetServiceLinkedRoleDeletionStatus" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/appsync.amazonaws.com/AWSServiceRoleForAppSync*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJBYY36AJPXTTWIXCY", | |
"PolicyName": "AWSAppSyncAdministrator", | |
"UpdateDate": "2019-11-04T19:23:49+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSAppSyncInvokeFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSAppSyncInvokeFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-03-20T21:21:20+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"appsync:GraphQL", | |
"appsync:GetGraphqlApi", | |
"appsync:ListGraphqlApis", | |
"appsync:ListApiKeys" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAILMPWRRZN27MPE3VM", | |
"PolicyName": "AWSAppSyncInvokeFullAccess", | |
"UpdateDate": "2018-03-20T21:21:20+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSAppSyncPushToCloudWatchLogs": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-04-09T19:38:55+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"logs:CreateLogGroup", | |
"logs:CreateLogStream", | |
"logs:PutLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIWN7WNO34HLMJPUQS", | |
"PolicyName": "AWSAppSyncPushToCloudWatchLogs", | |
"UpdateDate": "2018-04-09T19:38:55+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSAppSyncSchemaAuthor": { | |
"Arn": "arn:aws:iam::aws:policy/AWSAppSyncSchemaAuthor", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-03-20T21:21:06+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"appsync:GraphQL", | |
"appsync:CreateResolver", | |
"appsync:CreateType", | |
"appsync:DeleteResolver", | |
"appsync:DeleteType", | |
"appsync:GetResolver", | |
"appsync:GetType", | |
"appsync:GetDataSource", | |
"appsync:GetSchemaCreationStatus", | |
"appsync:GetIntrospectionSchema", | |
"appsync:GetGraphqlApi", | |
"appsync:ListTypes", | |
"appsync:ListApiKeys", | |
"appsync:ListResolvers", | |
"appsync:ListDataSources", | |
"appsync:ListGraphqlApis", | |
"appsync:StartSchemaCreation", | |
"appsync:UpdateResolver", | |
"appsync:UpdateType" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIUCF5WVTOFQXFKY5E", | |
"PolicyName": "AWSAppSyncSchemaAuthor", | |
"UpdateDate": "2018-03-20T21:21:06+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSApplicationAutoScalingCustomResourcePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoScalingCustomResourcePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-06-04T23:22:44+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"execute-api:Invoke", | |
"cloudwatch:PutMetricAlarm", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:DeleteAlarms" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJYTKXPX6DO32Z4XXA", | |
"PolicyName": "AWSApplicationAutoScalingCustomResourcePolicy", | |
"UpdateDate": "2018-06-04T23:22:44+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSApplicationAutoscalingAppStreamFleetPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingAppStreamFleetPolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-10-20T19:04:06+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"appstream:UpdateFleet", | |
"appstream:DescribeFleets", | |
"cloudwatch:PutMetricAlarm", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:DeleteAlarms" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIRI724OWKP56ZG62M", | |
"PolicyName": "AWSApplicationAutoscalingAppStreamFleetPolicy", | |
"UpdateDate": "2017-10-20T19:04:06+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSApplicationAutoscalingComprehendEndpointPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingComprehendEndpointPolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-14T18:39:07+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"comprehend:UpdateEndpoint", | |
"comprehend:DescribeEndpoint", | |
"cloudwatch:PutMetricAlarm", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:DeleteAlarms" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4HD4ODS6K6", | |
"PolicyName": "AWSApplicationAutoscalingComprehendEndpointPolicy", | |
"UpdateDate": "2019-11-14T18:39:07+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSApplicationAutoscalingDynamoDBTablePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingDynamoDBTablePolicy", | |
"AttachmentCount": 1, | |
"CreateDate": "2017-10-20T21:34:57+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"dynamodb:DescribeTable", | |
"dynamodb:UpdateTable", | |
"cloudwatch:PutMetricAlarm", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:DeleteAlarms" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJOVQMDI3JFCBW4LFO", | |
"PolicyName": "AWSApplicationAutoscalingDynamoDBTablePolicy", | |
"UpdateDate": "2017-10-20T21:34:57+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSApplicationAutoscalingEC2SpotFleetRequestPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingEC2SpotFleetRequestPolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-10-25T18:23:27+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:DescribeSpotFleetRequests", | |
"ec2:ModifySpotFleetRequest", | |
"cloudwatch:PutMetricAlarm", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:DeleteAlarms" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJNRH3VE3WW4Q4RDTU", | |
"PolicyName": "AWSApplicationAutoscalingEC2SpotFleetRequestPolicy", | |
"UpdateDate": "2017-10-25T18:23:27+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSApplicationAutoscalingECSServicePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingECSServicePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-10-25T23:53:08+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ecs:DescribeServices", | |
"ecs:UpdateService", | |
"cloudwatch:PutMetricAlarm", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:DeleteAlarms" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJFXLLV7AKH5PSFOYG", | |
"PolicyName": "AWSApplicationAutoscalingECSServicePolicy", | |
"UpdateDate": "2017-10-25T23:53:08+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSApplicationAutoscalingEMRInstanceGroupPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingEMRInstanceGroupPolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-10-26T00:57:39+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"elasticmapreduce:ListInstanceGroups", | |
"elasticmapreduce:ModifyInstanceGroups", | |
"cloudwatch:PutMetricAlarm", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:DeleteAlarms" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIQ6M5Z7LQY2YSG2JS", | |
"PolicyName": "AWSApplicationAutoscalingEMRInstanceGroupPolicy", | |
"UpdateDate": "2017-10-26T00:57:39+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSApplicationAutoscalingLambdaConcurrencyPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingLambdaConcurrencyPolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-21T20:04:17+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"lambda:PutProvisionedConcurrencyConfig", | |
"lambda:GetProvisionedConcurrencyConfig", | |
"lambda:DeleteProvisionedConcurrencyConfig", | |
"cloudwatch:PutMetricAlarm", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:DeleteAlarms" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4KIR2KPJCU", | |
"PolicyName": "AWSApplicationAutoscalingLambdaConcurrencyPolicy", | |
"UpdateDate": "2019-10-21T20:04:17+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSApplicationAutoscalingRDSClusterPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingRDSClusterPolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-08-07T19:14:24+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"rds:AddTagsToResource", | |
"rds:CreateDBInstance", | |
"rds:DeleteDBInstance", | |
"rds:DescribeDBClusters", | |
"rds:DescribeDBInstances", | |
"rds:ModifyDBCluster", | |
"cloudwatch:PutMetricAlarm", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:DeleteAlarms" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": "rds.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ7XS52I27Q2JVKALU", | |
"PolicyName": "AWSApplicationAutoscalingRDSClusterPolicy", | |
"UpdateDate": "2018-08-07T19:14:24+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSApplicationAutoscalingSageMakerEndpointPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingSageMakerEndpointPolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-02-06T19:58:21+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"sagemaker:DescribeEndpoint", | |
"sagemaker:DescribeEndpointConfig", | |
"sagemaker:UpdateEndpointWeightsAndCapacities", | |
"cloudwatch:PutMetricAlarm", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:DeleteAlarms" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI5DBEBNRZQ4SXYTAW", | |
"PolicyName": "AWSApplicationAutoscalingSageMakerEndpointPolicy", | |
"UpdateDate": "2018-02-06T19:58:21+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSApplicationDiscoveryAgentAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSApplicationDiscoveryAgentAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-05-11T21:38:47+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"arsenal:RegisterOnPremisesAgent" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAICZIOVAGC6JPF3WHC", | |
"PolicyName": "AWSApplicationDiscoveryAgentAccess", | |
"UpdateDate": "2016-05-11T21:38:47+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSApplicationDiscoveryServiceFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSApplicationDiscoveryServiceFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-19T21:21:26+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"mgh:*", | |
"discovery:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:GetRole" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringEquals": { | |
"iam:AWSServiceName": "continuousexport.discovery.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*" | |
}, | |
{ | |
"Action": [ | |
"iam:DeleteServiceLinkedRole", | |
"iam:GetServiceLinkedRoleDeletionStatus" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringEquals": { | |
"iam:AWSServiceName": [ | |
"migrationhub.amazonaws.com", | |
"dmsintegration.migrationhub.amazonaws.com", | |
"smsintegration.migrationhub.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJBNJEA6ZXM2SBOPDU", | |
"PolicyName": "AWSApplicationDiscoveryServiceFullAccess", | |
"UpdateDate": "2019-06-19T21:21:26+00:00", | |
"VersionId": "v4" | |
}, | |
"AWSArtifactAccountSync": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSArtifactAccountSync", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-04-10T23:04:33+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"organizations:ListAccounts", | |
"organizations:DescribeOrganization" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJMVPXRWZJZWDTYDNC", | |
"PolicyName": "AWSArtifactAccountSync", | |
"UpdateDate": "2018-04-10T23:04:33+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSAutoScalingPlansEC2AutoScalingPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAutoScalingPlansEC2AutoScalingPolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-08-23T22:46:59+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudwatch:GetMetricData", | |
"autoscaling:DescribeAutoScalingGroups", | |
"autoscaling:DescribeScheduledActions", | |
"autoscaling:BatchPutScheduledUpdateGroupAction", | |
"autoscaling:BatchDeleteScheduledAction" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIXWLPZPD4RYBM3JSU", | |
"PolicyName": "AWSAutoScalingPlansEC2AutoScalingPolicy", | |
"UpdateDate": "2018-08-23T22:46:59+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSB9InternalServicePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/AWSB9InternalServicePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-12-13T18:48:22+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:CreateNetworkInterfacePermission", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeSecurityGroups", | |
"greengrass:CreateDeployment", | |
"greengrass:CreateGroupVersion", | |
"greengrass:CreateFunctionDefinition", | |
"greengrass:CreateFunctionDefinitionVersion", | |
"greengrass:GetDeploymentStatus", | |
"greengrass:GetGroup", | |
"greengrass:GetGroupVersion", | |
"greengrass:GetCoreDefinitionVersion", | |
"greengrass:GetFunctionDefinitionVersion", | |
"greengrass:GetAssociatedRole", | |
"lambda:CreateFunction" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"lambda:UpdateFunctionCode", | |
"lambda:GetFunction", | |
"lambda:UpdateFunctionConfiguration" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:lambda:*:*:function:aws-robomaker-*" | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringEqualsIfExists": { | |
"iam:PassedToService": "lambda.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIWR2IIOQ7JJGVQOPW", | |
"PolicyName": "AWSB9InternalServicePolicy", | |
"UpdateDate": "2018-12-13T18:48:22+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSBackupAdminPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/AWSBackupAdminPolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-03-11T22:14:30+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "backup:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "backup-storage:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"rds:DescribeDBSnapshots", | |
"rds:ListTagsForResource", | |
"rds:DescribeDBInstances", | |
"rds:describeDBSnapshots", | |
"rds:describeDBEngineVersions", | |
"rds:describeOptionGroups", | |
"rds:describeOrderableDBInstanceOptions", | |
"rds:describeDBSubnetGroups" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"dynamodb:ListBackups", | |
"dynamodb:ListTables" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"elasticfilesystem:DescribeFilesystems" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*" | |
}, | |
{ | |
"Action": [ | |
"ec2:DescribeSnapshots", | |
"ec2:DescribeVolumes", | |
"ec2:describeAvailabilityZones" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"tag:GetTagKeys", | |
"tag:GetTagValues", | |
"tag:GetResources" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"storagegateway:DescribeCachediSCSIVolumes", | |
"storagegateway:DescribeStorediSCSIVolumes" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*" | |
}, | |
{ | |
"Action": [ | |
"storagegateway:ListGateways" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:storagegateway:*:*:*" | |
}, | |
{ | |
"Action": [ | |
"storagegateway:DescribeGatewayInformation", | |
"storagegateway:ListVolumes", | |
"storagegateway:ListLocalDisks" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:storagegateway:*:*:gateway/*" | |
}, | |
{ | |
"Action": [ | |
"iam:ListRoles", | |
"iam:GetRole", | |
"iam:GetUser" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": "backup.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/*AwsBackup*", | |
"arn:aws:iam::*:role/*AWSBackup*" | |
] | |
}, | |
{ | |
"Action": [ | |
"kms:ListKeys", | |
"kms:DescribeKey", | |
"kms:GenerateDataKey", | |
"kms:RetireGrant", | |
"kms:CreateGrant", | |
"kms:ListAliases", | |
"kms:Decrypt" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJWFPFHACTI7XN6M2C", | |
"PolicyName": "AWSBackupAdminPolicy", | |
"UpdateDate": "2019-03-11T22:14:30+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSBackupOperatorPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/AWSBackupOperatorPolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-03-11T22:18:12+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"backup:Get*", | |
"backup:List*", | |
"backup:Describe*", | |
"backup:CreateBackupSelection", | |
"backup:DeleteBackupSelection", | |
"backup:GetRecoveryPointRestoreMetadata", | |
"backup:StartBackupJob", | |
"backup:StartRestoreJob" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"rds:DescribeDBSnapshots", | |
"rds:ListTagsForResource", | |
"rds:DescribeDBInstances", | |
"rds:describeDBSnapshots", | |
"rds:describeDBEngineVersions", | |
"rds:describeOptionGroups", | |
"rds:describeOrderableDBInstanceOptions", | |
"rds:describeDBSubnetGroups" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"dynamodb:ListBackups", | |
"dynamodb:ListTables" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"elasticfilesystem:DescribeFilesystems" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*" | |
}, | |
{ | |
"Action": [ | |
"ec2:DescribeSnapshots", | |
"ec2:DescribeVolumes", | |
"ec2:describeAvailabilityZones" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"tag:GetTagKeys", | |
"tag:GetTagValues", | |
"tag:GetResources" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"storagegateway:DescribeCachediSCSIVolumes", | |
"storagegateway:DescribeStorediSCSIVolumes" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*" | |
}, | |
{ | |
"Action": [ | |
"storagegateway:ListGateways" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:storagegateway:*:*:*" | |
}, | |
{ | |
"Action": [ | |
"storagegateway:DescribeGatewayInformation", | |
"storagegateway:ListVolumes", | |
"storagegateway:ListLocalDisks" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:storagegateway:*:*:gateway/*" | |
}, | |
{ | |
"Action": [ | |
"iam:ListRoles", | |
"iam:GetRole", | |
"iam:GetUser" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": "backup.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/*AwsBackup*", | |
"arn:aws:iam::*:role/*AWSBackup*" | |
] | |
}, | |
{ | |
"Action": [ | |
"kms:ListKeys", | |
"kms:DescribeKey", | |
"kms:GenerateDataKey", | |
"kms:RetireGrant", | |
"kms:CreateGrant", | |
"kms:ListAliases", | |
"kms:Decrypt" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ7BHZKKS47SGORCJE", | |
"PolicyName": "AWSBackupOperatorPolicy", | |
"UpdateDate": "2019-03-11T22:18:12+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSBackupServiceRolePolicyForBackup": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-25T20:26:08+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"dynamodb:DescribeTable", | |
"dynamodb:CreateBackup" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:dynamodb:*:*:table/*" | |
}, | |
{ | |
"Action": [ | |
"dynamodb:DescribeBackup", | |
"dynamodb:DeleteBackup" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:dynamodb:*:*:table/*/backup/*" | |
}, | |
{ | |
"Action": [ | |
"rds:AddTagsToResource", | |
"rds:ListTagsForResource", | |
"rds:DescribeDBSnapshots", | |
"rds:CreateDBSnapshot", | |
"rds:CopyDBSnapshot", | |
"rds:DescribeDBInstances" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"rds:DeleteDBSnapshot" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:rds:*:*:snapshot:awsbackup:*" | |
] | |
}, | |
{ | |
"Action": [ | |
"storagegateway:CreateSnapshot", | |
"storagegateway:ListTagsForResource" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*" | |
}, | |
{ | |
"Action": [ | |
"ec2:CreateTags", | |
"ec2:DeleteSnapshot" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:ec2:*::snapshot/*" | |
}, | |
{ | |
"Action": [ | |
"ec2:DescribeSnapshots", | |
"ec2:DescribeTags" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"elasticfilesystem:Backup", | |
"elasticfilesystem:DescribeTags" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*" | |
}, | |
{ | |
"Action": [ | |
"ec2:CreateSnapshot", | |
"ec2:DeleteSnapshot", | |
"ec2:DescribeVolumes", | |
"ec2:DescribeSnapshots" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:ec2:*::snapshot/*", | |
"arn:aws:ec2:*:*:volume/*" | |
] | |
}, | |
{ | |
"Action": "kms:DescribeKey", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "kms:CreateGrant", | |
"Condition": { | |
"Bool": { | |
"kms:GrantIsForAWSResource": "true" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"tag:GetResources" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIOOYZSLZZXWFJJ5N2", | |
"PolicyName": "AWSBackupServiceRolePolicyForBackup", | |
"UpdateDate": "2019-06-25T20:26:08+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSBackupServiceRolePolicyForRestores": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForRestores", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-03T19:10:42+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"dynamodb:Scan", | |
"dynamodb:Query", | |
"dynamodb:UpdateItem", | |
"dynamodb:PutItem", | |
"dynamodb:GetItem", | |
"dynamodb:DeleteItem", | |
"dynamodb:BatchWriteItem", | |
"dynamodb:DescribeTable" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:dynamodb:*:*:table/*" | |
}, | |
{ | |
"Action": [ | |
"dynamodb:RestoreTableFromBackup" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:dynamodb:*:*:table/*/backup/*" | |
}, | |
{ | |
"Action": [ | |
"ec2:CreateVolume", | |
"ec2:DeleteVolume" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:ec2:*::snapshot/*", | |
"arn:aws:ec2:*:*:volume/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ec2:DescribeSnapshots", | |
"ec2:DescribeVolumes" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"storagegateway:DeleteVolume", | |
"storagegateway:DescribeCachediSCSIVolumes", | |
"storagegateway:DescribeStorediSCSIVolumes" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*" | |
}, | |
{ | |
"Action": [ | |
"storagegateway:DescribeGatewayInformation", | |
"storagegateway:CreateStorediSCSIVolume", | |
"storagegateway:CreateCachediSCSIVolume" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:storagegateway:*:*:gateway/*" | |
}, | |
{ | |
"Action": [ | |
"storagegateway:ListVolumes" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:storagegateway:*:*:*" | |
}, | |
{ | |
"Action": [ | |
"rds:DescribeDBInstances", | |
"rds:DescribeDBSnapshots", | |
"rds:ListTagsForResource", | |
"rds:RestoreDBInstanceFromDBSnapshot", | |
"rds:DeleteDBInstance", | |
"rds:AddTagsToResource" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"elasticfilesystem:Restore", | |
"elasticfilesystem:CreateFilesystem", | |
"elasticfilesystem:DescribeFilesystems", | |
"elasticfilesystem:DeleteFilesystem" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*" | |
}, | |
{ | |
"Action": "kms:DescribeKey", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"kms:Decrypt", | |
"kms:Encrypt", | |
"kms:GenerateDataKey", | |
"kms:ReEncryptTo", | |
"kms:ReEncryptFrom" | |
], | |
"Condition": { | |
"StringLike": { | |
"kms:ViaService": [ | |
"dynamodb.*.amazonaws.com", | |
"ec2.*.amazonaws.com", | |
"elasticfilesystem.*.amazonaws.com", | |
"rds.*.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "kms:CreateGrant", | |
"Condition": { | |
"Bool": { | |
"kms:GrantIsForAWSResource": "true" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJZCCL6F2WPVOUXZKI", | |
"PolicyName": "AWSBackupServiceRolePolicyForRestores", | |
"UpdateDate": "2019-10-03T19:10:42+00:00", | |
"VersionId": "v4" | |
}, | |
"AWSBatchFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSBatchFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-11-05T21:09:23+00:00", | |
"DefaultVersionId": "v5", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"batch:*", | |
"cloudwatch:GetMetricStatistics", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeKeyPairs", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeImages", | |
"ec2:DescribeLaunchTemplates", | |
"ec2:DescribeLaunchTemplateVersions", | |
"ecs:DescribeClusters", | |
"ecs:Describe*", | |
"ecs:List*", | |
"logs:Describe*", | |
"logs:Get*", | |
"logs:TestMetricFilter", | |
"logs:FilterLogEvents", | |
"iam:ListInstanceProfiles", | |
"iam:ListRoles" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/AWSBatchServiceRole", | |
"arn:aws:iam::*:role/service-role/AWSBatchServiceRole", | |
"arn:aws:iam::*:role/ecsInstanceRole", | |
"arn:aws:iam::*:instance-profile/ecsInstanceRole", | |
"arn:aws:iam::*:role/iaws-ec2-spot-fleet-role", | |
"arn:aws:iam::*:role/aws-ec2-spot-fleet-role", | |
"arn:aws:iam::*:role/AWSBatchJobRole*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ7K2KIWB3HZVK3CUO", | |
"PolicyName": "AWSBatchFullAccess", | |
"UpdateDate": "2018-11-05T21:09:23+00:00", | |
"VersionId": "v5" | |
}, | |
"AWSBatchServiceEventTargetRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSBatchServiceEventTargetRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-02-28T22:31:13+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"batch:SubmitJob" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAICVHHZ6XHNMA6VE3Q", | |
"PolicyName": "AWSBatchServiceEventTargetRole", | |
"UpdateDate": "2018-02-28T22:31:13+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSBatchServiceRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-08T19:31:12+00:00", | |
"DefaultVersionId": "v10", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:DescribeAccountAttributes", | |
"ec2:DescribeInstances", | |
"ec2:DescribeInstanceAttribute", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeKeyPairs", | |
"ec2:DescribeImages", | |
"ec2:DescribeImageAttribute", | |
"ec2:DescribeSpotInstanceRequests", | |
"ec2:DescribeSpotFleetInstances", | |
"ec2:DescribeSpotFleetRequests", | |
"ec2:DescribeSpotPriceHistory", | |
"ec2:DescribeVpcClassicLink", | |
"ec2:DescribeLaunchTemplateVersions", | |
"ec2:CreateLaunchTemplate", | |
"ec2:DeleteLaunchTemplate", | |
"ec2:RequestSpotFleet", | |
"ec2:CancelSpotFleetRequests", | |
"ec2:ModifySpotFleetRequest", | |
"ec2:TerminateInstances", | |
"ec2:RunInstances", | |
"autoscaling:DescribeAccountLimits", | |
"autoscaling:DescribeAutoScalingGroups", | |
"autoscaling:DescribeLaunchConfigurations", | |
"autoscaling:DescribeAutoScalingInstances", | |
"autoscaling:CreateLaunchConfiguration", | |
"autoscaling:CreateAutoScalingGroup", | |
"autoscaling:UpdateAutoScalingGroup", | |
"autoscaling:SetDesiredCapacity", | |
"autoscaling:DeleteLaunchConfiguration", | |
"autoscaling:DeleteAutoScalingGroup", | |
"autoscaling:CreateOrUpdateTags", | |
"autoscaling:SuspendProcesses", | |
"autoscaling:PutNotificationConfiguration", | |
"autoscaling:TerminateInstanceInAutoScalingGroup", | |
"ecs:DescribeClusters", | |
"ecs:DescribeContainerInstances", | |
"ecs:DescribeTaskDefinition", | |
"ecs:DescribeTasks", | |
"ecs:ListClusters", | |
"ecs:ListContainerInstances", | |
"ecs:ListTaskDefinitionFamilies", | |
"ecs:ListTaskDefinitions", | |
"ecs:ListTasks", | |
"ecs:CreateCluster", | |
"ecs:DeleteCluster", | |
"ecs:RegisterTaskDefinition", | |
"ecs:DeregisterTaskDefinition", | |
"ecs:RunTask", | |
"ecs:StartTask", | |
"ecs:StopTask", | |
"ecs:UpdateContainerAgent", | |
"ecs:DeregisterContainerInstance", | |
"logs:CreateLogGroup", | |
"logs:CreateLogStream", | |
"logs:PutLogEvents", | |
"logs:DescribeLogGroups", | |
"iam:GetInstanceProfile", | |
"iam:GetRole" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringEquals": { | |
"iam:PassedToService": [ | |
"ec2.amazonaws.com", | |
"ec2.amazonaws.com.cn", | |
"ecs-tasks.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringEquals": { | |
"iam:AWSServiceName": [ | |
"spot.amazonaws.com", | |
"spotfleet.amazonaws.com", | |
"autoscaling.amazonaws.com", | |
"ecs.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"ec2:CreateTags" | |
], | |
"Condition": { | |
"StringEquals": { | |
"ec2:CreateAction": "RunInstances" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIUETIXPCKASQJURFE", | |
"PolicyName": "AWSBatchServiceRole", | |
"UpdateDate": "2019-10-08T19:31:12+00:00", | |
"VersionId": "v10" | |
}, | |
"AWSCertificateManagerFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-01-21T17:02:36+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"acm:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJYCHABBP6VQIVBCBQ", | |
"PolicyName": "AWSCertificateManagerFullAccess", | |
"UpdateDate": "2016-01-21T17:02:36+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSCertificateManagerPrivateCAAuditor": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAAuditor", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-03-14T17:17:38+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"acm-pca:CreateCertificateAuthorityAuditReport", | |
"acm-pca:DescribeCertificateAuthority", | |
"acm-pca:DescribeCertificateAuthorityAuditReport", | |
"acm-pca:GetCertificateAuthorityCsr", | |
"acm-pca:GetCertificateAuthorityCertificate", | |
"acm-pca:GetCertificate", | |
"acm-pca:ListPermissions", | |
"acm-pca:ListTags" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:acm-pca:*:*:certificate-authority/*" | |
}, | |
{ | |
"Action": [ | |
"acm-pca:ListCertificateAuthorities" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJW77VE4UEBJ4PEXEY", | |
"PolicyName": "AWSCertificateManagerPrivateCAAuditor", | |
"UpdateDate": "2019-03-14T17:17:38+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSCertificateManagerPrivateCAFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-10-23T16:54:50+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"acm-pca:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIRTQUC55CREAWFLBG", | |
"PolicyName": "AWSCertificateManagerPrivateCAFullAccess", | |
"UpdateDate": "2018-10-23T16:54:50+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSCertificateManagerPrivateCAPrivilegedUser": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAPrivilegedUser", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-20T17:43:13+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"acm-pca:IssueCertificate" | |
], | |
"Condition": { | |
"StringLike": { | |
"acm-pca:TemplateArn": [ | |
"arn:aws:acm-pca:::template/*CACertificate*/V*" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:acm-pca:*:*:certificate-authority/*" | |
}, | |
{ | |
"Action": [ | |
"acm-pca:IssueCertificate" | |
], | |
"Condition": { | |
"StringNotLike": { | |
"acm-pca:TemplateArn": [ | |
"arn:aws:acm-pca:::template/*CACertificate*/V*" | |
] | |
} | |
}, | |
"Effect": "Deny", | |
"Resource": "arn:aws:acm-pca:*:*:certificate-authority/*" | |
}, | |
{ | |
"Action": [ | |
"acm-pca:RevokeCertificate", | |
"acm-pca:GetCertificate", | |
"acm-pca:ListPermissions" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:acm-pca:*:*:certificate-authority/*" | |
}, | |
{ | |
"Action": [ | |
"acm-pca:ListCertificateAuthorities" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4EQ6CWU5X5", | |
"PolicyName": "AWSCertificateManagerPrivateCAPrivilegedUser", | |
"UpdateDate": "2019-06-20T17:43:13+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSCertificateManagerPrivateCAReadOnly": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAReadOnly", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-03-14T17:17:21+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": { | |
"Action": [ | |
"acm-pca:DescribeCertificateAuthority", | |
"acm-pca:DescribeCertificateAuthorityAuditReport", | |
"acm-pca:ListCertificateAuthorities", | |
"acm-pca:GetCertificateAuthorityCsr", | |
"acm-pca:GetCertificateAuthorityCertificate", | |
"acm-pca:GetCertificate", | |
"acm-pca:ListPermissions", | |
"acm-pca:ListTags" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJQAQT3WIXOXY7TD4A", | |
"PolicyName": "AWSCertificateManagerPrivateCAReadOnly", | |
"UpdateDate": "2019-03-14T17:17:21+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSCertificateManagerPrivateCAUser": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAUser", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-20T17:42:37+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"acm-pca:IssueCertificate" | |
], | |
"Condition": { | |
"StringLike": { | |
"acm-pca:TemplateArn": [ | |
"arn:aws:acm-pca:::template/EndEntityCertificate/V*" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:acm-pca:*:*:certificate-authority/*" | |
}, | |
{ | |
"Action": [ | |
"acm-pca:IssueCertificate" | |
], | |
"Condition": { | |
"StringNotLike": { | |
"acm-pca:TemplateArn": [ | |
"arn:aws:acm-pca:::template/EndEntityCertificate/V*" | |
] | |
} | |
}, | |
"Effect": "Deny", | |
"Resource": "arn:aws:acm-pca:*:*:certificate-authority/*" | |
}, | |
{ | |
"Action": [ | |
"acm-pca:RevokeCertificate", | |
"acm-pca:GetCertificate", | |
"acm-pca:ListPermissions" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:acm-pca:*:*:certificate-authority/*" | |
}, | |
{ | |
"Action": [ | |
"acm-pca:ListCertificateAuthorities" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJBXCSJJULLMRWSNII", | |
"PolicyName": "AWSCertificateManagerPrivateCAUser", | |
"UpdateDate": "2019-06-20T17:42:37+00:00", | |
"VersionId": "v4" | |
}, | |
"AWSCertificateManagerReadOnly": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerReadOnly", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-04-21T15:08:16+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": { | |
"Action": [ | |
"acm:DescribeCertificate", | |
"acm:ListCertificates", | |
"acm:GetCertificate", | |
"acm:ListTagsForCertificate" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI4GSWX6S4MESJ3EWC", | |
"PolicyName": "AWSCertificateManagerReadOnly", | |
"UpdateDate": "2016-04-21T15:08:16+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSChatbotServiceLinkedRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSChatbotServiceLinkedRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-18T16:39:50+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"sns:ListSubscriptionsByTopic", | |
"sns:ListTopics", | |
"sns:Unsubscribe", | |
"sns:Subscribe", | |
"sns:ListSubscriptions" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"logs:PutLogEvents", | |
"logs:CreateLogStream", | |
"logs:DescribeLogStreams", | |
"logs:CreateLogGroup", | |
"logs:DescribeLogGroups" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:logs:*:*:log-group:/aws/chatbot/*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4ID4WRYKST", | |
"PolicyName": "AWSChatbotServiceLinkedRolePolicy", | |
"UpdateDate": "2019-11-18T16:39:50+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSCloud9Administrator": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCloud9Administrator", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-11-30T16:17:28+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloud9:*", | |
"iam:GetUser", | |
"iam:ListUsers", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeSubnets" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:CreateServiceLinkedRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": "cloud9.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIQ4KWP455WDTCBGWK", | |
"PolicyName": "AWSCloud9Administrator", | |
"UpdateDate": "2017-11-30T16:17:28+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSCloud9EnvironmentMember": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCloud9EnvironmentMember", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-11-30T16:18:28+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloud9:GetUserSettings", | |
"cloud9:UpdateUserSettings", | |
"iam:GetUser", | |
"iam:ListUsers" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"cloud9:DescribeEnvironmentMemberships" | |
], | |
"Condition": { | |
"Null": { | |
"cloud9:EnvironmentId": "true", | |
"cloud9:UserArn": "true" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI54ULAIPVT5HFTYGK", | |
"PolicyName": "AWSCloud9EnvironmentMember", | |
"UpdateDate": "2017-11-30T16:18:28+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSCloud9ServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSCloud9ServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-02-27T10:20:24+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:RunInstances", | |
"ec2:CreateSecurityGroup", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeInstances", | |
"cloudformation:CreateStack", | |
"cloudformation:DescribeStacks", | |
"cloudformation:DescribeStackEvents", | |
"cloudformation:DescribeStackResources" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"ec2:TerminateInstances", | |
"ec2:DeleteSecurityGroup", | |
"ec2:AuthorizeSecurityGroupIngress" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"cloudformation:DeleteStack" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:cloudformation:*:*:stack/aws-cloud9-*" | |
}, | |
{ | |
"Action": [ | |
"ec2:CreateTags" | |
], | |
"Condition": { | |
"StringLike": { | |
"aws:RequestTag/Name": "aws-cloud9-*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:ec2:*:*:instance/*" | |
}, | |
{ | |
"Action": [ | |
"ec2:StartInstances", | |
"ec2:StopInstances" | |
], | |
"Condition": { | |
"StringLike": { | |
"ec2:ResourceTag/aws:cloudformation:stack-name": "aws-cloud9-*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJFXGCBXQIZATFZ4YG", | |
"PolicyName": "AWSCloud9ServiceRolePolicy", | |
"UpdateDate": "2018-02-27T10:20:24+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSCloud9User": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCloud9User", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-07-02T08:46:37+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloud9:ValidateEnvironmentName", | |
"cloud9:UpdateUserSettings", | |
"cloud9:GetUserSettings", | |
"iam:GetUser", | |
"iam:ListUsers", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeSubnets" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"cloud9:CreateEnvironmentEC2", | |
"cloud9:CreateEnvironmentSSH" | |
], | |
"Condition": { | |
"Null": { | |
"cloud9:OwnerArn": "true" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"cloud9:GetUserPublicKey" | |
], | |
"Condition": { | |
"Null": { | |
"cloud9:UserArn": "true" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"cloud9:DescribeEnvironmentMemberships" | |
], | |
"Condition": { | |
"Null": { | |
"cloud9:EnvironmentId": "true", | |
"cloud9:UserArn": "true" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:CreateServiceLinkedRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": "cloud9.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJPFGFWQF67QVARP6U", | |
"PolicyName": "AWSCloud9User", | |
"UpdateDate": "2018-07-02T08:46:37+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSCloudFormationFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCloudFormationFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-07-26T21:50:35+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudformation:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4CRR3ZS723", | |
"PolicyName": "AWSCloudFormationFullAccess", | |
"UpdateDate": "2019-07-26T21:50:35+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSCloudFormationReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-13T17:40:07+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudformation:Describe*", | |
"cloudformation:EstimateTemplateCost", | |
"cloudformation:Get*", | |
"cloudformation:List*", | |
"cloudformation:ValidateTemplate", | |
"cloudformation:Detect*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJWVBEE4I2POWLODLW", | |
"PolicyName": "AWSCloudFormationReadOnlyAccess", | |
"UpdateDate": "2019-11-13T17:40:07+00:00", | |
"VersionId": "v4" | |
}, | |
"AWSCloudFrontLogger": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSCloudFrontLogger", | |
"AttachmentCount": 1, | |
"CreateDate": "2018-06-12T20:15:23+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"logs:CreateLogGroup", | |
"logs:CreateLogStream", | |
"logs:PutLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:logs:*:*:/aws/cloudfront/*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIOI7RPKLCNINBTRP4", | |
"PolicyName": "AWSCloudFrontLogger", | |
"UpdateDate": "2018-06-12T20:15:23+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSCloudHSMFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCloudHSMFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-02-06T18:39:51+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "cloudhsm:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIMBQYQZM7F63DA2UU", | |
"PolicyName": "AWSCloudHSMFullAccess", | |
"UpdateDate": "2015-02-06T18:39:51+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSCloudHSMReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCloudHSMReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-02-06T18:39:52+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudhsm:Get*", | |
"cloudhsm:List*", | |
"cloudhsm:Describe*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAISVCBSY7YDBOT67KE", | |
"PolicyName": "AWSCloudHSMReadOnlyAccess", | |
"UpdateDate": "2015-02-06T18:39:52+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSCloudHSMRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSCloudHSMRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-02-06T18:41:23+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:CreateNetworkInterface", | |
"ec2:CreateTags", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DescribeNetworkInterfaceAttribute", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"ec2:DetachNetworkInterface" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI7QIUU4GC66SF26WE", | |
"PolicyName": "AWSCloudHSMRole", | |
"UpdateDate": "2015-02-06T18:41:23+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSCloudMapDiscoverInstanceAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCloudMapDiscoverInstanceAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-11-29T00:02:42+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"servicediscovery:DiscoverInstances" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIPRD7PYYQVYPDME4K", | |
"PolicyName": "AWSCloudMapDiscoverInstanceAccess", | |
"UpdateDate": "2018-11-29T00:02:42+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSCloudMapFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCloudMapFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-11-28T23:57:31+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"route53:GetHostedZone", | |
"route53:ListHostedZonesByName", | |
"route53:CreateHostedZone", | |
"route53:DeleteHostedZone", | |
"route53:ChangeResourceRecordSets", | |
"route53:CreateHealthCheck", | |
"route53:GetHealthCheck", | |
"route53:DeleteHealthCheck", | |
"route53:UpdateHealthCheck", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeRegions", | |
"servicediscovery:*" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIZPIMAQZJS3WUXUJM", | |
"PolicyName": "AWSCloudMapFullAccess", | |
"UpdateDate": "2018-11-28T23:57:31+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSCloudMapReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCloudMapReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-11-28T23:45:26+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"servicediscovery:Get*", | |
"servicediscovery:List*", | |
"servicediscovery:DiscoverInstances" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIOHISHKLCJTVQQL5E", | |
"PolicyName": "AWSCloudMapReadOnlyAccess", | |
"UpdateDate": "2018-11-28T23:45:26+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSCloudMapRegisterInstanceAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCloudMapRegisterInstanceAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-11-29T00:04:57+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"route53:GetHostedZone", | |
"route53:ListHostedZonesByName", | |
"route53:ChangeResourceRecordSets", | |
"route53:CreateHealthCheck", | |
"route53:GetHealthCheck", | |
"route53:DeleteHealthCheck", | |
"route53:UpdateHealthCheck", | |
"servicediscovery:Get*", | |
"servicediscovery:List*", | |
"servicediscovery:RegisterInstance", | |
"servicediscovery:DeregisterInstance", | |
"servicediscovery:DiscoverInstances" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI4P5Z5HXVWJ75WQBC", | |
"PolicyName": "AWSCloudMapRegisterInstanceAccess", | |
"UpdateDate": "2018-11-29T00:04:57+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSCloudTrailFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCloudTrailFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-09-12T23:08:46+00:00", | |
"DefaultVersionId": "v8", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"sns:AddPermission", | |
"sns:CreateTopic", | |
"sns:DeleteTopic", | |
"sns:ListTopics", | |
"sns:SetTopicAttributes", | |
"sns:GetTopicAttributes" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"s3:CreateBucket", | |
"s3:DeleteBucket", | |
"s3:ListAllMyBuckets", | |
"s3:PutBucketPolicy", | |
"s3:ListBucket", | |
"s3:GetObject", | |
"s3:GetBucketLocation", | |
"s3:GetBucketPolicy" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "cloudtrail:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"logs:CreateLogGroup" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:ListRoles", | |
"iam:GetRolePolicy", | |
"iam:GetUser" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringEquals": { | |
"iam:PassedToService": "cloudtrail.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"kms:ListKeys", | |
"kms:ListAliases" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"lambda:ListFunctions" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIQNUJTQYDRJPC3BNK", | |
"PolicyName": "AWSCloudTrailFullAccess", | |
"UpdateDate": "2019-09-12T23:08:46+00:00", | |
"VersionId": "v8" | |
}, | |
"AWSCloudTrailReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCloudTrailReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-31T22:42:54+00:00", | |
"DefaultVersionId": "v8", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"s3:GetObject", | |
"s3:GetBucketLocation" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"cloudtrail:GetTrail", | |
"cloudtrail:GetTrailStatus", | |
"cloudtrail:DescribeTrails", | |
"cloudtrail:ListTrails", | |
"cloudtrail:LookupEvents", | |
"cloudtrail:ListTags", | |
"cloudtrail:ListPublicKeys", | |
"cloudtrail:GetEventSelectors", | |
"s3:ListAllMyBuckets", | |
"kms:ListAliases", | |
"lambda:ListFunctions" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJDU7KJADWBSEQ3E7S", | |
"PolicyName": "AWSCloudTrailReadOnlyAccess", | |
"UpdateDate": "2019-10-31T22:42:54+00:00", | |
"VersionId": "v8" | |
}, | |
"AWSCodeBuildAdminAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-05T22:12:30+00:00", | |
"DefaultVersionId": "v8", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"codebuild:*", | |
"codecommit:GetBranch", | |
"codecommit:GetCommit", | |
"codecommit:GetRepository", | |
"codecommit:ListBranches", | |
"codecommit:ListRepositories", | |
"cloudwatch:GetMetricStatistics", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ecr:DescribeRepositories", | |
"ecr:ListImages", | |
"events:DeleteRule", | |
"events:DescribeRule", | |
"events:DisableRule", | |
"events:EnableRule", | |
"events:ListTargetsByRule", | |
"events:ListRuleNamesByTarget", | |
"events:PutRule", | |
"events:PutTargets", | |
"events:RemoveTargets", | |
"logs:GetLogEvents", | |
"s3:GetBucketLocation", | |
"s3:ListAllMyBuckets" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"logs:DeleteLogGroup" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:logs:*:*:log-group:/aws/codebuild/*:log-stream:*" | |
}, | |
{ | |
"Action": [ | |
"ssm:PutParameter" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:ssm:*:*:parameter/CodeBuild/*" | |
}, | |
{ | |
"Action": [ | |
"codestar-notifications:CreateNotificationRule", | |
"codestar-notifications:DescribeNotificationRule", | |
"codestar-notifications:UpdateNotificationRule", | |
"codestar-notifications:DeleteNotificationRule", | |
"codestar-notifications:Subscribe", | |
"codestar-notifications:Unsubscribe" | |
], | |
"Condition": { | |
"StringLike": { | |
"codestar-notifications:NotificationsForResource": "arn:aws:codebuild:*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CodeStarNotificationsReadWriteAccess" | |
}, | |
{ | |
"Action": [ | |
"codestar-notifications:ListNotificationRules", | |
"codestar-notifications:ListEventTypes", | |
"codestar-notifications:ListTargets", | |
"codestar-notifications:ListTagsforResource" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CodeStarNotificationsListAccess" | |
}, | |
{ | |
"Action": [ | |
"sns:CreateTopic", | |
"sns:SetTopicAttributes" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:sns:*:*:codestar-notifications*", | |
"Sid": "CodeStarNotificationsSNSTopicCreateAccess" | |
}, | |
{ | |
"Action": [ | |
"sns:ListTopics", | |
"sns:GetTopicAttributes" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "SNSTopicListAccess" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJQJGIOIE3CD2TQXDS", | |
"PolicyName": "AWSCodeBuildAdminAccess", | |
"UpdateDate": "2019-11-05T22:12:30+00:00", | |
"VersionId": "v8" | |
}, | |
"AWSCodeBuildDeveloperAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-05T22:12:45+00:00", | |
"DefaultVersionId": "v7", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"codebuild:StartBuild", | |
"codebuild:StopBuild", | |
"codebuild:BatchGet*", | |
"codebuild:List*", | |
"codecommit:GetBranch", | |
"codecommit:GetCommit", | |
"codecommit:GetRepository", | |
"codecommit:ListBranches", | |
"cloudwatch:GetMetricStatistics", | |
"events:DescribeRule", | |
"events:ListTargetsByRule", | |
"events:ListRuleNamesByTarget", | |
"logs:GetLogEvents", | |
"s3:GetBucketLocation", | |
"s3:ListAllMyBuckets" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"ssm:PutParameter" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:ssm:*:*:parameter/CodeBuild/*" | |
}, | |
{ | |
"Action": [ | |
"codestar-notifications:CreateNotificationRule", | |
"codestar-notifications:DescribeNotificationRule", | |
"codestar-notifications:UpdateNotificationRule", | |
"codestar-notifications:Subscribe", | |
"codestar-notifications:Unsubscribe" | |
], | |
"Condition": { | |
"StringLike": { | |
"codestar-notifications:NotificationsForResource": "arn:aws:codebuild:*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CodeStarNotificationsReadWriteAccess" | |
}, | |
{ | |
"Action": [ | |
"codestar-notifications:ListNotificationRules", | |
"codestar-notifications:ListEventTypes", | |
"codestar-notifications:ListTargets", | |
"codestar-notifications:ListTagsforResource" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CodeStarNotificationsListAccess" | |
}, | |
{ | |
"Action": [ | |
"sns:ListTopics", | |
"sns:GetTopicAttributes" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "SNSTopicListAccess" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIMKTMR34XSBQW45HS", | |
"PolicyName": "AWSCodeBuildDeveloperAccess", | |
"UpdateDate": "2019-11-05T22:12:45+00:00", | |
"VersionId": "v7" | |
}, | |
"AWSCodeBuildReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCodeBuildReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-05T22:11:42+00:00", | |
"DefaultVersionId": "v6", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"codebuild:BatchGet*", | |
"codebuild:List*", | |
"codecommit:GetBranch", | |
"codecommit:GetCommit", | |
"codecommit:GetRepository", | |
"cloudwatch:GetMetricStatistics", | |
"events:DescribeRule", | |
"events:ListTargetsByRule", | |
"events:ListRuleNamesByTarget", | |
"logs:GetLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"codestar-notifications:DescribeNotificationRule" | |
], | |
"Condition": { | |
"StringLike": { | |
"codestar-notifications:NotificationsForResource": "arn:aws:codebuild:*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CodeStarNotificationsPowerUserAccess" | |
}, | |
{ | |
"Action": [ | |
"codestar-notifications:ListNotificationRules", | |
"codestar-notifications:ListEventTypes" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CodeStarNotificationsListAccess" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJIZZWN6557F5HVP2K", | |
"PolicyName": "AWSCodeBuildReadOnlyAccess", | |
"UpdateDate": "2019-11-05T22:11:42+00:00", | |
"VersionId": "v6" | |
}, | |
"AWSCodeCommitFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCodeCommitFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-05T23:00:26+00:00", | |
"DefaultVersionId": "v5", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"codecommit:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"events:DeleteRule", | |
"events:DescribeRule", | |
"events:DisableRule", | |
"events:EnableRule", | |
"events:PutRule", | |
"events:PutTargets", | |
"events:RemoveTargets", | |
"events:ListTargetsByRule" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:events:*:*:rule/codecommit*", | |
"Sid": "CloudWatchEventsCodeCommitRulesAccess" | |
}, | |
{ | |
"Action": [ | |
"sns:CreateTopic", | |
"sns:DeleteTopic", | |
"sns:Subscribe", | |
"sns:Unsubscribe", | |
"sns:SetTopicAttributes" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:sns:*:*:codecommit*", | |
"Sid": "SNSTopicAndSubscriptionAccess" | |
}, | |
{ | |
"Action": [ | |
"sns:ListTopics", | |
"sns:ListSubscriptionsByTopic", | |
"sns:GetTopicAttributes" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "SNSTopicAndSubscriptionReadAccess" | |
}, | |
{ | |
"Action": [ | |
"lambda:ListFunctions" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "LambdaReadOnlyListAccess" | |
}, | |
{ | |
"Action": [ | |
"iam:ListUsers" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "IAMReadOnlyListAccess" | |
}, | |
{ | |
"Action": [ | |
"iam:ListAccessKeys", | |
"iam:ListSSHPublicKeys", | |
"iam:ListServiceSpecificCredentials" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:user/${aws:username}", | |
"Sid": "IAMReadOnlyConsoleAccess" | |
}, | |
{ | |
"Action": [ | |
"iam:DeleteSSHPublicKey", | |
"iam:GetSSHPublicKey", | |
"iam:ListSSHPublicKeys", | |
"iam:UpdateSSHPublicKey", | |
"iam:UploadSSHPublicKey" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:user/${aws:username}", | |
"Sid": "IAMUserSSHKeys" | |
}, | |
{ | |
"Action": [ | |
"iam:CreateServiceSpecificCredential", | |
"iam:UpdateServiceSpecificCredential", | |
"iam:DeleteServiceSpecificCredential", | |
"iam:ResetServiceSpecificCredential" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:user/${aws:username}", | |
"Sid": "IAMSelfManageServiceSpecificCredentials" | |
}, | |
{ | |
"Action": [ | |
"codestar-notifications:CreateNotificationRule", | |
"codestar-notifications:DescribeNotificationRule", | |
"codestar-notifications:UpdateNotificationRule", | |
"codestar-notifications:DeleteNotificationRule", | |
"codestar-notifications:Subscribe", | |
"codestar-notifications:Unsubscribe" | |
], | |
"Condition": { | |
"StringLike": { | |
"codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CodeStarNotificationsReadWriteAccess" | |
}, | |
{ | |
"Action": [ | |
"codestar-notifications:ListNotificationRules", | |
"codestar-notifications:ListTargets", | |
"codestar-notifications:ListTagsforResource", | |
"codestar-notifications:ListEventTypes" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CodeStarNotificationsListAccess" | |
}, | |
{ | |
"Action": [ | |
"sns:CreateTopic", | |
"sns:SetTopicAttributes" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:sns:*:*:codestar-notifications*", | |
"Sid": "CodeStarNotificationsSNSTopicCreateAccess" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI4VCZ3XPIZLQ5NZV2", | |
"PolicyName": "AWSCodeCommitFullAccess", | |
"UpdateDate": "2019-11-05T23:00:26+00:00", | |
"VersionId": "v5" | |
}, | |
"AWSCodeCommitPowerUser": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCodeCommitPowerUser", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-05T22:52:28+00:00", | |
"DefaultVersionId": "v9", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"codecommit:BatchGet*", | |
"codecommit:BatchDescribe*", | |
"codecommit:Get*", | |
"codecommit:List*", | |
"codecommit:Create*", | |
"codecommit:DeleteBranch", | |
"codecommit:DeleteFile", | |
"codecommit:Describe*", | |
"codecommit:Put*", | |
"codecommit:Post*", | |
"codecommit:Merge*", | |
"codecommit:TagResource", | |
"codecommit:Test*", | |
"codecommit:UntagResource", | |
"codecommit:Update*", | |
"codecommit:GitPull", | |
"codecommit:GitPush" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"events:DeleteRule", | |
"events:DescribeRule", | |
"events:DisableRule", | |
"events:EnableRule", | |
"events:PutRule", | |
"events:PutTargets", | |
"events:RemoveTargets", | |
"events:ListTargetsByRule" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:events:*:*:rule/codecommit*", | |
"Sid": "CloudWatchEventsCodeCommitRulesAccess" | |
}, | |
{ | |
"Action": [ | |
"sns:Subscribe", | |
"sns:Unsubscribe" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:sns:*:*:codecommit*", | |
"Sid": "SNSTopicAndSubscriptionAccess" | |
}, | |
{ | |
"Action": [ | |
"sns:ListTopics", | |
"sns:ListSubscriptionsByTopic", | |
"sns:GetTopicAttributes" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "SNSTopicAndSubscriptionReadAccess" | |
}, | |
{ | |
"Action": [ | |
"lambda:ListFunctions" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "LambdaReadOnlyListAccess" | |
}, | |
{ | |
"Action": [ | |
"iam:ListUsers" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "IAMReadOnlyListAccess" | |
}, | |
{ | |
"Action": [ | |
"iam:ListAccessKeys", | |
"iam:ListSSHPublicKeys", | |
"iam:ListServiceSpecificCredentials" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:user/${aws:username}", | |
"Sid": "IAMReadOnlyConsoleAccess" | |
}, | |
{ | |
"Action": [ | |
"iam:DeleteSSHPublicKey", | |
"iam:GetSSHPublicKey", | |
"iam:ListSSHPublicKeys", | |
"iam:UpdateSSHPublicKey", | |
"iam:UploadSSHPublicKey" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:user/${aws:username}", | |
"Sid": "IAMUserSSHKeys" | |
}, | |
{ | |
"Action": [ | |
"iam:CreateServiceSpecificCredential", | |
"iam:UpdateServiceSpecificCredential", | |
"iam:DeleteServiceSpecificCredential", | |
"iam:ResetServiceSpecificCredential" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:user/${aws:username}", | |
"Sid": "IAMSelfManageServiceSpecificCredentials" | |
}, | |
{ | |
"Action": [ | |
"codestar-notifications:CreateNotificationRule", | |
"codestar-notifications:DescribeNotificationRule", | |
"codestar-notifications:UpdateNotificationRule", | |
"codestar-notifications:Subscribe", | |
"codestar-notifications:Unsubscribe" | |
], | |
"Condition": { | |
"StringLike": { | |
"codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CodeStarNotificationsReadWriteAccess" | |
}, | |
{ | |
"Action": [ | |
"codestar-notifications:ListNotificationRules", | |
"codestar-notifications:ListTargets", | |
"codestar-notifications:ListTagsforResource", | |
"codestar-notifications:ListEventTypes" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CodeStarNotificationsListAccess" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI4UIINUVGB5SEC57G", | |
"PolicyName": "AWSCodeCommitPowerUser", | |
"UpdateDate": "2019-11-05T22:52:28+00:00", | |
"VersionId": "v9" | |
}, | |
"AWSCodeCommitReadOnly": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCodeCommitReadOnly", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-05T22:56:54+00:00", | |
"DefaultVersionId": "v5", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"codecommit:BatchGet*", | |
"codecommit:BatchDescribe*", | |
"codecommit:Get*", | |
"codecommit:Describe*", | |
"codecommit:List*", | |
"codecommit:GitPull" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"events:DescribeRule", | |
"events:ListTargetsByRule" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:events:*:*:rule/codecommit*", | |
"Sid": "CloudWatchEventsCodeCommitRulesReadOnlyAccess" | |
}, | |
{ | |
"Action": [ | |
"sns:ListTopics", | |
"sns:ListSubscriptionsByTopic", | |
"sns:GetTopicAttributes" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "SNSSubscriptionAccess" | |
}, | |
{ | |
"Action": [ | |
"lambda:ListFunctions" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "LambdaReadOnlyListAccess" | |
}, | |
{ | |
"Action": [ | |
"iam:ListUsers" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "IAMReadOnlyListAccess" | |
}, | |
{ | |
"Action": [ | |
"iam:ListAccessKeys", | |
"iam:ListSSHPublicKeys", | |
"iam:ListServiceSpecificCredentials", | |
"iam:ListAccessKeys", | |
"iam:GetSSHPublicKey" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:user/${aws:username}", | |
"Sid": "IAMReadOnlyConsoleAccess" | |
}, | |
{ | |
"Action": [ | |
"codestar-notifications:DescribeNotificationRule" | |
], | |
"Condition": { | |
"StringLike": { | |
"codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CodeStarNotificationsReadOnlyAccess" | |
}, | |
{ | |
"Action": [ | |
"codestar-notifications:ListNotificationRules", | |
"codestar-notifications:ListEventTypes" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CodeStarNotificationsListAccess" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJACNSXR7Z2VLJW3D6", | |
"PolicyName": "AWSCodeCommitReadOnly", | |
"UpdateDate": "2019-11-05T22:56:54+00:00", | |
"VersionId": "v5" | |
}, | |
"AWSCodeDeployDeployerAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-05T22:59:06+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"codedeploy:Batch*", | |
"codedeploy:CreateDeployment", | |
"codedeploy:Get*", | |
"codedeploy:List*", | |
"codedeploy:RegisterApplicationRevision" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"codestar-notifications:CreateNotificationRule", | |
"codestar-notifications:DescribeNotificationRule", | |
"codestar-notifications:UpdateNotificationRule", | |
"codestar-notifications:Subscribe", | |
"codestar-notifications:Unsubscribe" | |
], | |
"Condition": { | |
"StringLike": { | |
"codestar-notifications:NotificationsForResource": "arn:aws:codedeploy:*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CodeStarNotificationsReadWriteAccess" | |
}, | |
{ | |
"Action": [ | |
"codestar-notifications:ListNotificationRules", | |
"codestar-notifications:ListTargets", | |
"codestar-notifications:ListTagsforResource", | |
"codestar-notifications:ListEventTypes" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CodeStarNotificationsListAccess" | |
}, | |
{ | |
"Action": [ | |
"sns:ListTopics" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "SNSTopicListAccess" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJUWEPOMGLMVXJAPUI", | |
"PolicyName": "AWSCodeDeployDeployerAccess", | |
"UpdateDate": "2019-11-05T22:59:06+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSCodeDeployFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCodeDeployFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-05T22:57:28+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "codedeploy:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"codestar-notifications:CreateNotificationRule", | |
"codestar-notifications:DescribeNotificationRule", | |
"codestar-notifications:UpdateNotificationRule", | |
"codestar-notifications:DeleteNotificationRule", | |
"codestar-notifications:Subscribe", | |
"codestar-notifications:Unsubscribe" | |
], | |
"Condition": { | |
"StringLike": { | |
"codestar-notifications:NotificationsForResource": "arn:aws:codedeploy:*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CodeStarNotificationsReadWriteAccess" | |
}, | |
{ | |
"Action": [ | |
"codestar-notifications:ListNotificationRules", | |
"codestar-notifications:ListTargets", | |
"codestar-notifications:ListTagsforResource", | |
"codestar-notifications:ListEventTypes" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CodeStarNotificationsListAccess" | |
}, | |
{ | |
"Action": [ | |
"sns:CreateTopic", | |
"sns:SetTopicAttributes" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:sns:*:*:codestar-notifications*", | |
"Sid": "CodeStarNotificationsSNSTopicCreateAccess" | |
}, | |
{ | |
"Action": [ | |
"sns:ListTopics" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "SNSTopicListAccess" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIONKN3TJZUKXCHXWC", | |
"PolicyName": "AWSCodeDeployFullAccess", | |
"UpdateDate": "2019-11-05T22:57:28+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSCodeDeployReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCodeDeployReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-05T23:01:32+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"codedeploy:Batch*", | |
"codedeploy:Get*", | |
"codedeploy:List*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"codestar-notifications:DescribeNotificationRule" | |
], | |
"Condition": { | |
"StringLike": { | |
"codestar-notifications:NotificationsForResource": "arn:aws:codedeploy:*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CodeStarNotificationsPowerUserAccess" | |
}, | |
{ | |
"Action": [ | |
"codestar-notifications:ListNotificationRules", | |
"codestar-notifications:ListEventTypes" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CodeStarNotificationsListAccess" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAILZHHKCKB4NE7XOIQ", | |
"PolicyName": "AWSCodeDeployReadOnlyAccess", | |
"UpdateDate": "2019-11-05T23:01:32+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSCodeDeployRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-09-23T21:47:54+00:00", | |
"DefaultVersionId": "v7", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"autoscaling:CompleteLifecycleAction", | |
"autoscaling:DeleteLifecycleHook", | |
"autoscaling:DescribeAutoScalingGroups", | |
"autoscaling:DescribeLifecycleHooks", | |
"autoscaling:PutLifecycleHook", | |
"autoscaling:RecordLifecycleActionHeartbeat", | |
"autoscaling:CreateAutoScalingGroup", | |
"autoscaling:UpdateAutoScalingGroup", | |
"autoscaling:EnableMetricsCollection", | |
"autoscaling:DescribeAutoScalingGroups", | |
"autoscaling:DescribePolicies", | |
"autoscaling:DescribeScheduledActions", | |
"autoscaling:DescribeNotificationConfigurations", | |
"autoscaling:DescribeLifecycleHooks", | |
"autoscaling:SuspendProcesses", | |
"autoscaling:ResumeProcesses", | |
"autoscaling:AttachLoadBalancers", | |
"autoscaling:PutScalingPolicy", | |
"autoscaling:PutScheduledUpdateGroupAction", | |
"autoscaling:PutNotificationConfiguration", | |
"autoscaling:PutLifecycleHook", | |
"autoscaling:DescribeScalingActivities", | |
"autoscaling:DeleteAutoScalingGroup", | |
"ec2:DescribeInstances", | |
"ec2:DescribeInstanceStatus", | |
"ec2:TerminateInstances", | |
"tag:GetResources", | |
"sns:Publish", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:PutMetricAlarm", | |
"elasticloadbalancing:DescribeLoadBalancers", | |
"elasticloadbalancing:DescribeInstanceHealth", | |
"elasticloadbalancing:RegisterInstancesWithLoadBalancer", | |
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer", | |
"elasticloadbalancing:DescribeTargetGroups", | |
"elasticloadbalancing:DescribeTargetHealth", | |
"elasticloadbalancing:RegisterTargets", | |
"elasticloadbalancing:DeregisterTargets" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ2NKMKD73QS5NBFLA", | |
"PolicyName": "AWSCodeDeployRole", | |
"UpdateDate": "2019-09-23T21:47:54+00:00", | |
"VersionId": "v7" | |
}, | |
"AWSCodeDeployRoleForECS": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCodeDeployRoleForECS", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-09-23T22:37:46+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ecs:DescribeServices", | |
"ecs:CreateTaskSet", | |
"ecs:UpdateServicePrimaryTaskSet", | |
"ecs:DeleteTaskSet", | |
"elasticloadbalancing:DescribeTargetGroups", | |
"elasticloadbalancing:DescribeListeners", | |
"elasticloadbalancing:ModifyListener", | |
"elasticloadbalancing:DescribeRules", | |
"elasticloadbalancing:ModifyRule", | |
"lambda:InvokeFunction", | |
"cloudwatch:DescribeAlarms", | |
"sns:Publish", | |
"s3:GetObject", | |
"s3:GetObjectVersion" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": [ | |
"ecs-tasks.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIIL3KXEKRGEN2HFIO", | |
"PolicyName": "AWSCodeDeployRoleForECS", | |
"UpdateDate": "2019-09-23T22:37:46+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSCodeDeployRoleForECSLimited": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCodeDeployRoleForECSLimited", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-09-23T22:10:29+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ecs:DescribeServices", | |
"ecs:CreateTaskSet", | |
"ecs:UpdateServicePrimaryTaskSet", | |
"ecs:DeleteTaskSet", | |
"cloudwatch:DescribeAlarms" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"sns:Publish" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:sns:*:*:CodeDeployTopic_*" | |
}, | |
{ | |
"Action": [ | |
"elasticloadbalancing:DescribeTargetGroups", | |
"elasticloadbalancing:DescribeListeners", | |
"elasticloadbalancing:ModifyListener", | |
"elasticloadbalancing:DescribeRules", | |
"elasticloadbalancing:ModifyRule" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"lambda:InvokeFunction" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:lambda:*:*:function:CodeDeployHook_*" | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject", | |
"s3:GetObjectVersion" | |
], | |
"Condition": { | |
"StringEquals": { | |
"s3:ExistingObjectTag/UseWithCodeDeploy": "true" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": [ | |
"ecs-tasks.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/ecsTaskExecutionRole", | |
"arn:aws:iam::*:role/ECSTaskExecution*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ6Z7L2IOXEFFOGD2M", | |
"PolicyName": "AWSCodeDeployRoleForECSLimited", | |
"UpdateDate": "2019-09-23T22:10:29+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSCodeDeployRoleForLambda": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-12-01T22:32:58+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudwatch:DescribeAlarms", | |
"lambda:UpdateAlias", | |
"lambda:GetAlias", | |
"sns:Publish" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject", | |
"s3:GetObjectVersion" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:s3:::*/CodeDeploy/*" | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject", | |
"s3:GetObjectVersion" | |
], | |
"Condition": { | |
"StringEquals": { | |
"s3:ExistingObjectTag/UseWithCodeDeploy": "true" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"lambda:InvokeFunction" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:lambda:*:*:function:CodeDeployHook_*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJA3RQZIKNOSJ4ZQSA", | |
"PolicyName": "AWSCodeDeployRoleForLambda", | |
"UpdateDate": "2017-12-01T22:32:58+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSCodePipelineApproverAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCodePipelineApproverAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-08-02T17:24:58+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"codepipeline:GetPipeline", | |
"codepipeline:GetPipelineState", | |
"codepipeline:GetPipelineExecution", | |
"codepipeline:ListPipelineExecutions", | |
"codepipeline:ListPipelines", | |
"codepipeline:PutApprovalResult" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAICXNWK42SQ6LMDXM2", | |
"PolicyName": "AWSCodePipelineApproverAccess", | |
"UpdateDate": "2017-08-02T17:24:58+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSCodePipelineCustomActionAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCodePipelineCustomActionAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-07-09T17:02:54+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"codepipeline:AcknowledgeJob", | |
"codepipeline:GetJobDetails", | |
"codepipeline:PollForJobs", | |
"codepipeline:PutJobFailureResult", | |
"codepipeline:PutJobSuccessResult" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJFW5Z32BTVF76VCYC", | |
"PolicyName": "AWSCodePipelineCustomActionAccess", | |
"UpdateDate": "2015-07-09T17:02:54+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSCodePipelineFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCodePipelineFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-05T23:04:28+00:00", | |
"DefaultVersionId": "v8", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"codepipeline:*", | |
"cloudformation:DescribeStacks", | |
"cloudformation:ListChangeSets", | |
"cloudtrail:CreateTrail", | |
"cloudtrail:DescribeTrails", | |
"cloudtrail:GetEventSelectors", | |
"cloudtrail:PutEventSelectors", | |
"cloudtrail:StartLogging", | |
"codebuild:BatchGetProjects", | |
"codebuild:CreateProject", | |
"codebuild:ListCuratedEnvironmentImages", | |
"codebuild:ListProjects", | |
"codecommit:GetBranch", | |
"codecommit:GetRepositoryTriggers", | |
"codecommit:ListBranches", | |
"codecommit:ListRepositories", | |
"codecommit:PutRepositoryTriggers", | |
"codecommit:GetReferences", | |
"codedeploy:GetApplication", | |
"codedeploy:BatchGetApplications", | |
"codedeploy:GetDeploymentGroup", | |
"codedeploy:BatchGetDeploymentGroups", | |
"codedeploy:ListApplications", | |
"codedeploy:ListDeploymentGroups", | |
"devicefarm:GetDevicePool", | |
"devicefarm:GetProject", | |
"devicefarm:ListDevicePools", | |
"devicefarm:ListProjects", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"ecr:DescribeRepositories", | |
"ecr:ListImages", | |
"ecs:ListClusters", | |
"ecs:ListServices", | |
"elasticbeanstalk:DescribeApplications", | |
"elasticbeanstalk:DescribeEnvironments", | |
"iam:ListRoles", | |
"iam:GetRole", | |
"lambda:GetFunctionConfiguration", | |
"lambda:ListFunctions", | |
"events:ListRules", | |
"events:ListTargetsByRule", | |
"events:DescribeRule", | |
"opsworks:DescribeApps", | |
"opsworks:DescribeLayers", | |
"opsworks:DescribeStacks", | |
"s3:GetBucketPolicy", | |
"s3:GetBucketVersioning", | |
"s3:GetObjectVersion", | |
"s3:ListAllMyBuckets", | |
"s3:ListBucket", | |
"sns:ListTopics", | |
"codestar-notifications:ListNotificationRules", | |
"codestar-notifications:ListTargets", | |
"codestar-notifications:ListTagsforResource", | |
"codestar-notifications:ListEventTypes" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject", | |
"s3:CreateBucket", | |
"s3:PutBucketPolicy" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:s3::*:codepipeline-*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringEquals": { | |
"iam:PassedToService": [ | |
"events.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/service-role/cwe-role-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringEquals": { | |
"iam:PassedToService": [ | |
"codepipeline.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"events:PutRule", | |
"events:PutTargets", | |
"events:DeleteRule", | |
"events:DisableRule", | |
"events:RemoveTargets" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:events:*:*:rule/codepipeline-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"codestar-notifications:CreateNotificationRule", | |
"codestar-notifications:DescribeNotificationRule", | |
"codestar-notifications:UpdateNotificationRule", | |
"codestar-notifications:DeleteNotificationRule", | |
"codestar-notifications:Subscribe", | |
"codestar-notifications:Unsubscribe" | |
], | |
"Condition": { | |
"StringLike": { | |
"codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CodeStarNotificationsReadWriteAccess" | |
}, | |
{ | |
"Action": [ | |
"sns:CreateTopic", | |
"sns:SetTopicAttributes" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:sns:*:*:codestar-notifications*", | |
"Sid": "CodeStarNotificationsSNSTopicCreateAccess" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJP5LH77KSAT2KHQGG", | |
"PolicyName": "AWSCodePipelineFullAccess", | |
"UpdateDate": "2019-11-05T23:04:28+00:00", | |
"VersionId": "v8" | |
}, | |
"AWSCodePipelineReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCodePipelineReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-05T23:01:50+00:00", | |
"DefaultVersionId": "v8", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"codepipeline:GetPipeline", | |
"codepipeline:GetPipelineState", | |
"codepipeline:GetPipelineExecution", | |
"codepipeline:ListPipelineExecutions", | |
"codepipeline:ListActionExecutions", | |
"codepipeline:ListActionTypes", | |
"codepipeline:ListPipelines", | |
"codepipeline:ListTagsForResource", | |
"iam:ListRoles", | |
"s3:GetBucketPolicy", | |
"s3:GetObject", | |
"s3:ListAllMyBuckets", | |
"s3:ListBucket", | |
"codecommit:ListBranches", | |
"codecommit:ListRepositories", | |
"codedeploy:GetApplication", | |
"codedeploy:GetDeploymentGroup", | |
"codedeploy:ListApplications", | |
"codedeploy:ListDeploymentGroups", | |
"elasticbeanstalk:DescribeApplications", | |
"elasticbeanstalk:DescribeEnvironments", | |
"lambda:GetFunctionConfiguration", | |
"lambda:ListFunctions", | |
"opsworks:DescribeApps", | |
"opsworks:DescribeLayers", | |
"opsworks:DescribeStacks", | |
"codestar-notifications:ListNotificationRules", | |
"codestar-notifications:ListEventTypes" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"codestar-notifications:DescribeNotificationRule" | |
], | |
"Condition": { | |
"StringLike": { | |
"codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CodeStarNotificationsPowerUserAccess" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAILFKZXIBOTNC5TO2Q", | |
"PolicyName": "AWSCodePipelineReadOnlyAccess", | |
"UpdateDate": "2019-11-05T23:01:50+00:00", | |
"VersionId": "v8" | |
}, | |
"AWSCodeStarFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSCodeStarFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-01-10T21:54:06+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"codestar:*", | |
"ec2:DescribeKeyPairs", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeSubnets", | |
"cloud9:DescribeEnvironment*", | |
"cloud9:ValidateEnvironmentName" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "CodeStarEC2" | |
}, | |
{ | |
"Action": [ | |
"cloudformation:DescribeStack*", | |
"cloudformation:GetTemplateSummary" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:cloudformation:*:*:stack/awscodestar-*" | |
], | |
"Sid": "CodeStarCF" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIXI233TFUGLZOJBEC", | |
"PolicyName": "AWSCodeStarFullAccess", | |
"UpdateDate": "2018-01-10T21:54:06+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSCodeStarNotificationsServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSCodeStarNotificationsServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-05T16:10:21+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"events:PutTargets", | |
"events:PutRule", | |
"events:DescribeRule" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:events:*:*:rule/awscodestarnotifications-*" | |
}, | |
{ | |
"Action": [ | |
"codecommit:GetCommentsForPullRequest", | |
"codecommit:GetCommentsForComparedCommit" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"codecommit:GetFile" | |
], | |
"Condition": { | |
"StringNotEquals": { | |
"aws:ResourceTag/ExcludeFileContentFromNotifications": "true" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4BGRXOB2GH", | |
"PolicyName": "AWSCodeStarNotificationsServiceRolePolicy", | |
"UpdateDate": "2019-11-05T16:10:21+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSCodeStarServiceRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeStarServiceRole", | |
"AttachmentCount": 1, | |
"CreateDate": "2019-04-24T19:25:28+00:00", | |
"DefaultVersionId": "v9", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"events:PutTargets", | |
"events:RemoveTargets", | |
"events:PutRule", | |
"events:DeleteRule", | |
"events:DescribeRule" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:events:*:*:rule/awscodestar-*" | |
], | |
"Sid": "ProjectEventRules" | |
}, | |
{ | |
"Action": [ | |
"cloudformation:*Stack*", | |
"cloudformation:CreateChangeSet", | |
"cloudformation:ExecuteChangeSet", | |
"cloudformation:DeleteChangeSet", | |
"cloudformation:GetTemplate" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:cloudformation:*:*:stack/awscodestar-*", | |
"arn:aws:cloudformation:*:*:stack/awseb-*", | |
"arn:aws:cloudformation:*:*:stack/aws-cloud9-*", | |
"arn:aws:cloudformation:*:aws:transform/CodeStar*" | |
], | |
"Sid": "ProjectStack" | |
}, | |
{ | |
"Action": [ | |
"cloudformation:GetTemplateSummary", | |
"cloudformation:DescribeChangeSet" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "ProjectStackTemplate" | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::awscodestar-*/*" | |
], | |
"Sid": "ProjectQuickstarts" | |
}, | |
{ | |
"Action": [ | |
"s3:*" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::aws-codestar-*", | |
"arn:aws:s3:::aws-codestar-*/*", | |
"arn:aws:s3:::elasticbeanstalk-*", | |
"arn:aws:s3:::elasticbeanstalk-*/*" | |
], | |
"Sid": "ProjectS3Buckets" | |
}, | |
{ | |
"Action": [ | |
"codestar:*", | |
"codecommit:*", | |
"codepipeline:*", | |
"codedeploy:*", | |
"codebuild:*", | |
"ec2:RunInstances", | |
"autoscaling:*", | |
"cloudwatch:Put*", | |
"ec2:*", | |
"elasticbeanstalk:*", | |
"elasticloadbalancing:*", | |
"iam:ListRoles", | |
"logs:*", | |
"sns:*", | |
"cloud9:CreateEnvironmentEC2", | |
"cloud9:DeleteEnvironment", | |
"cloud9:DescribeEnvironment*", | |
"cloud9:ListEnvironments" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "ProjectServices" | |
}, | |
{ | |
"Action": [ | |
"iam:AttachRolePolicy", | |
"iam:CreateRole", | |
"iam:DeleteRole", | |
"iam:DeleteRolePolicy", | |
"iam:DetachRolePolicy", | |
"iam:GetRole", | |
"iam:PassRole", | |
"iam:GetRolePolicy", | |
"iam:PutRolePolicy", | |
"iam:SetDefaultPolicyVersion", | |
"iam:CreatePolicy", | |
"iam:DeletePolicy", | |
"iam:AddRoleToInstanceProfile", | |
"iam:CreateInstanceProfile", | |
"iam:DeleteInstanceProfile", | |
"iam:RemoveRoleFromInstanceProfile" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/CodeStarWorker*", | |
"arn:aws:iam::*:policy/CodeStarWorker*", | |
"arn:aws:iam::*:instance-profile/awscodestar-*" | |
], | |
"Sid": "ProjectWorkerRoles" | |
}, | |
{ | |
"Action": [ | |
"iam:AttachUserPolicy", | |
"iam:DetachUserPolicy" | |
], | |
"Condition": { | |
"ArnEquals": { | |
"iam:PolicyArn": [ | |
"arn:aws:iam::*:policy/CodeStar_*" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "ProjectTeamMembers" | |
}, | |
{ | |
"Action": [ | |
"iam:CreatePolicy", | |
"iam:DeletePolicy", | |
"iam:CreatePolicyVersion", | |
"iam:DeletePolicyVersion", | |
"iam:ListEntitiesForPolicy", | |
"iam:ListPolicyVersions", | |
"iam:GetPolicy", | |
"iam:GetPolicyVersion" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:policy/CodeStar_*" | |
], | |
"Sid": "ProjectRoles" | |
}, | |
{ | |
"Action": [ | |
"iam:ListAttachedRolePolicies" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/aws-codestar-service-role", | |
"arn:aws:iam::*:role/service-role/aws-codestar-service-role" | |
], | |
"Sid": "InspectServiceRole" | |
}, | |
{ | |
"Action": [ | |
"iam:CreateServiceLinkedRole" | |
], | |
"Condition": { | |
"StringEquals": { | |
"iam:AWSServiceName": "cloud9.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "IAMLinkRole" | |
}, | |
{ | |
"Action": [ | |
"config:DescribeConfigRules" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "DescribeConfigRuleForARN" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIN6D4M2KD3NBOC4M4", | |
"PolicyName": "AWSCodeStarServiceRole", | |
"UpdateDate": "2019-04-24T19:25:28+00:00", | |
"VersionId": "v9" | |
}, | |
"AWSConfigMultiAccountSetupPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSConfigMultiAccountSetupPolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-13T18:22:26+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"config:PutConfigRule", | |
"config:DeleteConfigRule" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/config-multiaccountsetup.amazonaws.com/*" | |
}, | |
{ | |
"Action": [ | |
"organizations:ListAccounts", | |
"organizations:DescribeOrganization", | |
"organizations:ListAWSServiceAccessForOrganization" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"config:PutConformancePack", | |
"config:DeleteConformancePack", | |
"config:DescribeConformancePackStatus" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:config:*:*:conformance-pack/aws-service-conformance-pack/config-multiaccountsetup.amazonaws.com/*" | |
}, | |
{ | |
"Action": [ | |
"iam:GetRole" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms" | |
}, | |
{ | |
"Action": [ | |
"iam:CreateServiceLinkedRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": "config-conforms.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms" | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringEquals": { | |
"iam:PassedToService": "ssm.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4L5NAGNGTD", | |
"PolicyName": "AWSConfigMultiAccountSetupPolicy", | |
"UpdateDate": "2019-11-13T18:22:26+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSConfigRemediationServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSConfigRemediationServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-18T21:21:35+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ssm:GetDocument", | |
"ssm:DescribeDocument", | |
"ssm:StartAutomationExecution" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringEquals": { | |
"iam:PassedToService": "ssm.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4BC7ZOM6NP", | |
"PolicyName": "AWSConfigRemediationServiceRolePolicy", | |
"UpdateDate": "2019-06-18T21:21:35+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSConfigRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSConfigRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-21T21:58:25+00:00", | |
"DefaultVersionId": "v31", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"acm:DescribeCertificate", | |
"acm:ListCertificates", | |
"acm:ListTagsForCertificate", | |
"application-autoscaling:DescribeScalableTargets", | |
"application-autoscaling:DescribeScalingPolicies", | |
"autoscaling:DescribeAutoScalingGroups", | |
"autoscaling:DescribeLaunchConfigurations", | |
"autoscaling:DescribeLifecycleHooks", | |
"autoscaling:DescribePolicies", | |
"autoscaling:DescribeScheduledActions", | |
"autoscaling:DescribeTags", | |
"cloudfront:ListTagsForResource", | |
"cloudtrail:DescribeTrails", | |
"cloudtrail:GetEventSelectors", | |
"cloudtrail:GetTrailStatus", | |
"cloudtrail:ListTags", | |
"cloudwatch:DescribeAlarms", | |
"codepipeline:GetPipeline", | |
"codepipeline:GetPipelineState", | |
"codepipeline:ListPipelines", | |
"config:BatchGet*", | |
"config:Describe*", | |
"config:Get*", | |
"config:List*", | |
"config:Put*", | |
"config:Select*", | |
"dms:DescribeReplicationInstances", | |
"dynamodb:DescribeContinuousBackups", | |
"dynamodb:DescribeLimits", | |
"dynamodb:DescribeTable", | |
"dynamodb:ListTables", | |
"dynamodb:ListTagsOfResource", | |
"ec2:Describe*", | |
"elasticache:DescribeCacheClusters", | |
"elasticache:DescribeReplicationGroups", | |
"elasticfilesystem:DescribeFileSystems", | |
"elasticloadbalancing:DescribeListeners", | |
"elasticloadbalancing:DescribeLoadBalancerAttributes", | |
"elasticloadbalancing:DescribeLoadBalancerPolicies", | |
"elasticloadbalancing:DescribeLoadBalancers", | |
"elasticloadbalancing:DescribeRules", | |
"elasticloadbalancing:DescribeTags", | |
"elasticmapreduce:DescribeCluster", | |
"elasticmapreduce:DescribeSecurityConfiguration", | |
"elasticmapreduce:ListClusters", | |
"elasticmapreduce:ListInstances", | |
"es:DescribeElasticsearchDomain", | |
"es:DescribeElasticsearchDomains", | |
"es:ListDomainNames", | |
"es:ListTags", | |
"guardduty:GetDetector", | |
"guardduty:GetFindings", | |
"guardduty:GetMasterAccount", | |
"guardduty:ListDetectors", | |
"guardduty:ListFindings", | |
"iam:GenerateCredentialReport", | |
"iam:GetAccountAuthorizationDetails", | |
"iam:GetAccountPasswordPolicy", | |
"iam:GetAccountSummary", | |
"iam:GetCredentialReport", | |
"iam:GetGroup", | |
"iam:GetGroupPolicy", | |
"iam:GetPolicy", | |
"iam:GetPolicyVersion", | |
"iam:GetRole", | |
"iam:GetRolePolicy", | |
"iam:GetUser", | |
"iam:GetUserPolicy", | |
"iam:ListAttachedGroupPolicies", | |
"iam:ListAttachedRolePolicies", | |
"iam:ListAttachedUserPolicies", | |
"iam:ListEntitiesForPolicy", | |
"iam:ListGroupPolicies", | |
"iam:ListGroupsForUser", | |
"iam:ListInstanceProfilesForRole", | |
"iam:ListPolicyVersions", | |
"iam:ListRolePolicies", | |
"iam:ListUserPolicies", | |
"iam:ListVirtualMFADevices", | |
"kms:DescribeKey", | |
"kms:GetKeyPolicy", | |
"kms:GetKeyRotationStatus", | |
"kms:ListKeys", | |
"kms:ListResourceTags", | |
"lambda:GetAlias", | |
"lambda:GetFunction", | |
"lambda:GetPolicy", | |
"lambda:ListAliases", | |
"lambda:ListFunctions", | |
"logs:DescribeLogGroups", | |
"rds:DescribeDBClusters", | |
"rds:DescribeDBClusterSnapshotAttributes", | |
"rds:DescribeDBClusterSnapshots", | |
"rds:DescribeDBInstances", | |
"rds:DescribeDBSecurityGroups", | |
"rds:DescribeDBSnapshotAttributes", | |
"rds:DescribeDBSnapshots", | |
"rds:DescribeDBSubnetGroups", | |
"rds:DescribeEventSubscriptions", | |
"rds:ListTagsForResource", | |
"redshift:DescribeClusterParameterGroups", | |
"redshift:DescribeClusterParameters", | |
"redshift:DescribeClusterSecurityGroups", | |
"redshift:DescribeClusterSnapshots", | |
"redshift:DescribeClusterSubnetGroups", | |
"redshift:DescribeClusters", | |
"redshift:DescribeEventSubscriptions", | |
"redshift:DescribeLoggingStatus", | |
"s3:GetAccelerateConfiguration", | |
"s3:GetAccountPublicAccessBlock", | |
"s3:GetBucketAcl", | |
"s3:GetBucketCORS", | |
"s3:GetBucketLocation", | |
"s3:GetBucketLogging", | |
"s3:GetBucketNotification", | |
"s3:GetBucketObjectLockConfiguration", | |
"s3:GetBucketPolicy", | |
"s3:GetBucketPublicAccessBlock", | |
"s3:GetBucketRequestPayment", | |
"s3:GetBucketTagging", | |
"s3:GetBucketVersioning", | |
"s3:GetBucketWebsite", | |
"s3:GetEncryptionConfiguration", | |
"s3:GetLifecycleConfiguration", | |
"s3:GetObject", | |
"s3:GetReplicationConfiguration", | |
"s3:ListAllMyBuckets", | |
"s3:ListBucket", | |
"sagemaker:DescribeEndpointConfig", | |
"sagemaker:DescribeNotebookInstance", | |
"sagemaker:ListEndpointConfigs", | |
"sagemaker:ListNotebookInstances", | |
"secretsmanager:ListSecrets", | |
"secretsmanager:ListSecretVersionIds", | |
"shield:DescribeDRTAccess", | |
"shield:DescribeProtection", | |
"shield:DescribeSubscription", | |
"sns:GetTopicAttributes", | |
"sns:ListSubscriptions", | |
"sns:ListTagsForResource", | |
"sns:ListTopics", | |
"sqs:GetQueueAttributes", | |
"sqs:ListQueues", | |
"sqs:ListQueueTags", | |
"ssm:DescribeAutomationExecutions", | |
"ssm:DescribeDocument", | |
"ssm:GetAutomationExecution", | |
"ssm:GetDocument", | |
"support:DescribeCases", | |
"waf-regional:GetWebACL", | |
"waf-regional:GetWebACLForResource" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIQRXRDRGJUA33ELIO", | |
"PolicyName": "AWSConfigRole", | |
"UpdateDate": "2019-10-21T21:58:25+00:00", | |
"VersionId": "v31" | |
}, | |
"AWSConfigRoleForOrganizations": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-03-19T22:53:01+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"organizations:ListAccounts", | |
"organizations:DescribeOrganization", | |
"organizations:ListAWSServiceAccessForOrganization" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIEHGYAUTHXSXZAW2E", | |
"PolicyName": "AWSConfigRoleForOrganizations", | |
"UpdateDate": "2018-03-19T22:53:01+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSConfigRulesExecutionRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSConfigRulesExecutionRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-05-13T21:33:30+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"s3:GetObject" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:s3:::*/AWSLogs/*/Config/*" | |
}, | |
{ | |
"Action": [ | |
"config:Put*", | |
"config:Get*", | |
"config:List*", | |
"config:Describe*", | |
"config:BatchGet*", | |
"config:Select*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJUB3KIKTA4PU4OYAA", | |
"PolicyName": "AWSConfigRulesExecutionRole", | |
"UpdateDate": "2019-05-13T21:33:30+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSConfigServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSConfigServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-21T21:54:04+00:00", | |
"DefaultVersionId": "v17", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"acm:DescribeCertificate", | |
"acm:ListCertificates", | |
"acm:ListTagsForCertificate", | |
"application-autoscaling:DescribeScalableTargets", | |
"application-autoscaling:DescribeScalingPolicies", | |
"autoscaling:DescribeAutoScalingGroups", | |
"autoscaling:DescribeLaunchConfigurations", | |
"autoscaling:DescribeLifecycleHooks", | |
"autoscaling:DescribePolicies", | |
"autoscaling:DescribeScheduledActions", | |
"autoscaling:DescribeTags", | |
"cloudfront:ListTagsForResource", | |
"cloudtrail:DescribeTrails", | |
"cloudtrail:GetEventSelectors", | |
"cloudtrail:GetTrailStatus", | |
"cloudtrail:ListTags", | |
"cloudwatch:DescribeAlarms", | |
"codepipeline:GetPipeline", | |
"codepipeline:GetPipelineState", | |
"codepipeline:ListPipelines", | |
"config:BatchGet*", | |
"config:Describe*", | |
"config:Get*", | |
"config:List*", | |
"config:Put*", | |
"config:Select*", | |
"dms:DescribeReplicationInstances", | |
"dynamodb:DescribeContinuousBackups", | |
"dynamodb:DescribeLimits", | |
"dynamodb:DescribeTable", | |
"dynamodb:ListTables", | |
"dynamodb:ListTagsOfResource", | |
"ec2:Describe*", | |
"elasticache:DescribeCacheClusters", | |
"elasticache:DescribeReplicationGroups", | |
"elasticfilesystem:DescribeFileSystems", | |
"elasticloadbalancing:DescribeListeners", | |
"elasticloadbalancing:DescribeLoadBalancerAttributes", | |
"elasticloadbalancing:DescribeLoadBalancerPolicies", | |
"elasticloadbalancing:DescribeLoadBalancers", | |
"elasticloadbalancing:DescribeRules", | |
"elasticloadbalancing:DescribeTags", | |
"elasticmapreduce:DescribeCluster", | |
"elasticmapreduce:DescribeSecurityConfiguration", | |
"elasticmapreduce:ListClusters", | |
"elasticmapreduce:ListInstances", | |
"es:DescribeElasticsearchDomain", | |
"es:DescribeElasticsearchDomains", | |
"es:ListDomainNames", | |
"es:ListTags", | |
"guardduty:GetDetector", | |
"guardduty:GetFindings", | |
"guardduty:GetMasterAccount", | |
"guardduty:ListDetectors", | |
"guardduty:ListFindings", | |
"iam:GenerateCredentialReport", | |
"iam:GetAccountAuthorizationDetails", | |
"iam:GetAccountPasswordPolicy", | |
"iam:GetAccountSummary", | |
"iam:GetCredentialReport", | |
"iam:GetGroup", | |
"iam:GetGroupPolicy", | |
"iam:GetPolicy", | |
"iam:GetPolicyVersion", | |
"iam:GetRole", | |
"iam:GetRolePolicy", | |
"iam:GetUser", | |
"iam:GetUserPolicy", | |
"iam:ListAttachedGroupPolicies", | |
"iam:ListAttachedRolePolicies", | |
"iam:ListAttachedUserPolicies", | |
"iam:ListEntitiesForPolicy", | |
"iam:ListGroupPolicies", | |
"iam:ListGroupsForUser", | |
"iam:ListInstanceProfilesForRole", | |
"iam:ListPolicyVersions", | |
"iam:ListRolePolicies", | |
"iam:ListUserPolicies", | |
"iam:ListVirtualMFADevices", | |
"kms:DescribeKey", | |
"kms:GetKeyPolicy", | |
"kms:GetKeyRotationStatus", | |
"kms:ListKeys", | |
"kms:ListResourceTags", | |
"lambda:GetAlias", | |
"lambda:GetFunction", | |
"lambda:GetPolicy", | |
"lambda:ListAliases", | |
"lambda:ListFunctions", | |
"logs:DescribeLogGroups", | |
"rds:DescribeDBClusters", | |
"rds:DescribeDBClusterSnapshotAttributes", | |
"rds:DescribeDBClusterSnapshots", | |
"rds:DescribeDBInstances", | |
"rds:DescribeDBSecurityGroups", | |
"rds:DescribeDBSnapshotAttributes", | |
"rds:DescribeDBSnapshots", | |
"rds:DescribeDBSubnetGroups", | |
"rds:DescribeEventSubscriptions", | |
"rds:ListTagsForResource", | |
"redshift:DescribeClusterParameterGroups", | |
"redshift:DescribeClusterParameters", | |
"redshift:DescribeClusterSecurityGroups", | |
"redshift:DescribeClusterSnapshots", | |
"redshift:DescribeClusterSubnetGroups", | |
"redshift:DescribeClusters", | |
"redshift:DescribeEventSubscriptions", | |
"redshift:DescribeLoggingStatus", | |
"s3:GetAccelerateConfiguration", | |
"s3:GetAccountPublicAccessBlock", | |
"s3:GetBucketAcl", | |
"s3:GetBucketCORS", | |
"s3:GetBucketLocation", | |
"s3:GetBucketLogging", | |
"s3:GetBucketNotification", | |
"s3:GetBucketObjectLockConfiguration", | |
"s3:GetBucketPolicy", | |
"s3:GetBucketPublicAccessBlock", | |
"s3:GetBucketRequestPayment", | |
"s3:GetBucketTagging", | |
"s3:GetBucketVersioning", | |
"s3:GetBucketWebsite", | |
"s3:GetEncryptionConfiguration", | |
"s3:GetLifecycleConfiguration", | |
"s3:GetReplicationConfiguration", | |
"s3:ListAllMyBuckets", | |
"s3:ListBucket", | |
"sagemaker:DescribeEndpointConfig", | |
"sagemaker:DescribeNotebookInstance", | |
"sagemaker:ListEndpointConfigs", | |
"sagemaker:ListNotebookInstances", | |
"secretsmanager:ListSecrets", | |
"secretsmanager:ListSecretVersionIds", | |
"shield:DescribeDRTAccess", | |
"shield:DescribeProtection", | |
"shield:DescribeSubscription", | |
"sns:GetTopicAttributes", | |
"sns:ListSubscriptions", | |
"sns:ListTagsForResource", | |
"sns:ListTopics", | |
"sqs:GetQueueAttributes", | |
"sqs:ListQueues", | |
"sqs:ListQueueTags", | |
"ssm:DescribeAutomationExecutions", | |
"ssm:DescribeDocument", | |
"ssm:GetAutomationExecution", | |
"ssm:GetDocument", | |
"support:DescribeCases", | |
"waf-regional:GetWebACL", | |
"waf-regional:GetWebACLForResource" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJUCWFHNZER665LLQQ", | |
"PolicyName": "AWSConfigServiceRolePolicy", | |
"UpdateDate": "2019-10-21T21:54:04+00:00", | |
"VersionId": "v17" | |
}, | |
"AWSConfigUserAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSConfigUserAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-03-18T20:27:47+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"config:Get*", | |
"config:Describe*", | |
"config:Deliver*", | |
"config:List*", | |
"config:Select*", | |
"tag:GetResources", | |
"tag:GetTagKeys", | |
"cloudtrail:DescribeTrails", | |
"cloudtrail:GetTrailStatus", | |
"cloudtrail:LookupEvents" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIWTTSFJ7KKJE3MWGA", | |
"PolicyName": "AWSConfigUserAccess", | |
"UpdateDate": "2019-03-18T20:27:47+00:00", | |
"VersionId": "v4" | |
}, | |
"AWSConnector": { | |
"Arn": "arn:aws:iam::aws:policy/AWSConnector", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-09-28T19:50:38+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "iam:GetUser", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"s3:ListAllMyBuckets" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"s3:CreateBucket", | |
"s3:DeleteBucket", | |
"s3:DeleteObject", | |
"s3:GetBucketLocation", | |
"s3:GetObject", | |
"s3:ListBucket", | |
"s3:PutObject", | |
"s3:PutObjectAcl", | |
"s3:AbortMultipartUpload", | |
"s3:ListBucketMultipartUploads", | |
"s3:ListMultipartUploadParts" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:s3:::import-to-ec2-*" | |
}, | |
{ | |
"Action": [ | |
"ec2:CancelConversionTask", | |
"ec2:CancelExportTask", | |
"ec2:CreateImage", | |
"ec2:CreateInstanceExportTask", | |
"ec2:CreateTags", | |
"ec2:CreateVolume", | |
"ec2:DeleteTags", | |
"ec2:DeleteVolume", | |
"ec2:DescribeConversionTasks", | |
"ec2:DescribeExportTasks", | |
"ec2:DescribeImages", | |
"ec2:DescribeInstanceAttribute", | |
"ec2:DescribeInstanceStatus", | |
"ec2:DescribeInstances", | |
"ec2:DescribeRegions", | |
"ec2:DescribeTags", | |
"ec2:DetachVolume", | |
"ec2:ImportInstance", | |
"ec2:ImportVolume", | |
"ec2:ModifyInstanceAttribute", | |
"ec2:RunInstances", | |
"ec2:StartInstances", | |
"ec2:StopInstances", | |
"ec2:TerminateInstances", | |
"ec2:ImportImage", | |
"ec2:DescribeImportImageTasks", | |
"ec2:DeregisterImage", | |
"ec2:DescribeSnapshots", | |
"ec2:DeleteSnapshot", | |
"ec2:CancelImportTask", | |
"ec2:ImportSnapshot", | |
"ec2:DescribeImportSnapshotTasks" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"SNS:Publish" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:sns:*:*:metrics-sns-topic-for-*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ6YATONJHICG3DJ3U", | |
"PolicyName": "AWSConnector", | |
"UpdateDate": "2015-09-28T19:50:38+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSControlTowerServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSControlTowerServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-13T16:36:30+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudformation:CreateStack", | |
"cloudformation:CreateStackInstances", | |
"cloudformation:CreateStackSet", | |
"cloudformation:DeleteStack", | |
"cloudformation:DeleteStackInstances", | |
"cloudformation:DeleteStackSet", | |
"cloudformation:DescribeStackInstance", | |
"cloudformation:DescribeStacks", | |
"cloudformation:DescribeStackSet", | |
"cloudformation:DescribeStackSetOperation", | |
"cloudformation:GetTemplate", | |
"cloudformation:ListStackInstances", | |
"cloudformation:UpdateStack", | |
"cloudformation:UpdateStackInstances", | |
"cloudformation:UpdateStackSet" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:cloudformation:*:*:stack/AWSControlTower*/*", | |
"arn:aws:cloudformation:*:*:stack/StackSet-AWSControlTower*/*", | |
"arn:aws:cloudformation:*:*:stackset/AWSControlTower*:*" | |
] | |
}, | |
{ | |
"Action": [ | |
"cloudtrail:CreateTrail", | |
"cloudtrail:DeleteTrail", | |
"cloudtrail:GetTrailStatus", | |
"cloudtrail:StartLogging", | |
"cloudtrail:StopLogging", | |
"cloudtrail:UpdateTrail", | |
"logs:CreateLogStream", | |
"logs:PutLogEvents", | |
"logs:PutRetentionPolicy" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:logs:*:*:log-group:aws-controltower/CloudTrailLogs:*", | |
"arn:aws:cloudtrail:*:*:trail/aws-controltower*" | |
] | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::aws-controltower*/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"sts:AssumeRole" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/AWSControlTowerExecution" | |
] | |
}, | |
{ | |
"Action": [ | |
"cloudtrail:DescribeTrails", | |
"ec2:DescribeAvailabilityZones", | |
"iam:ListRoles", | |
"logs:CreateLogGroup", | |
"logs:DescribeLogGroups", | |
"organizations:CreateAccount", | |
"organizations:DescribeAccount", | |
"organizations:DescribeCreateAccountStatus", | |
"organizations:DescribeOrganization", | |
"organizations:DescribeOrganizationalUnit", | |
"organizations:DescribePolicy", | |
"organizations:ListAccounts", | |
"organizations:ListAccountsForParent", | |
"organizations:ListAWSServiceAccessForOrganization", | |
"organizations:ListChildren", | |
"organizations:ListOrganizationalUnitsForParent", | |
"organizations:ListParents", | |
"organizations:ListPoliciesForTarget", | |
"organizations:ListTargetsForPolicy", | |
"organizations:ListRoots", | |
"organizations:MoveAccount", | |
"servicecatalog:AssociatePrincipalWithPortfolio" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:GetRole", | |
"iam:GetUser", | |
"iam:ListAttachedRolePolicies", | |
"iam:GetRolePolicy" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/service-role/AWSControlTowerStackSetRole", | |
"arn:aws:iam::*:role/service-role/AWSControlTowerCloudTrailRole" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4MW35THVLF", | |
"PolicyName": "AWSControlTowerServiceRolePolicy", | |
"UpdateDate": "2019-06-13T16:36:30+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSDataExchangeFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSDataExchangeFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-13T19:27:59+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"dataexchange:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "s3:GetObject", | |
"Effect": "Allow", | |
"Resource": "arn:aws:s3:::*aws-data-exchange*" | |
}, | |
{ | |
"Action": "s3:GetObject", | |
"Condition": { | |
"StringEqualsIgnoreCase": { | |
"s3:ExistingObjectTag/AWSDataExchange": "true" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"s3:PutObject", | |
"s3:PutObjectAcl" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:s3:::*aws-data-exchange*" | |
}, | |
{ | |
"Action": [ | |
"s3:GetBucketLocation", | |
"s3:ListBucket", | |
"s3:ListAllMyBuckets" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"aws-marketplace:DescribeEntity", | |
"aws-marketplace:ListEntities", | |
"aws-marketplace:StartChangeSet", | |
"aws-marketplace:ListChangeSets", | |
"aws-marketplace:DescribeChangeSet", | |
"aws-marketplace:CancelChangeSet", | |
"aws-marketplace:GetAgreementApprovalRequest", | |
"aws-marketplace:ListAgreementApprovalRequests", | |
"aws-marketplace:AcceptAgreementApprovalRequest", | |
"aws-marketplace:RejectAgreementApprovalRequest", | |
"aws-marketplace:UpdateAgreementApprovalRequest" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"aws-marketplace:Subscribe", | |
"aws-marketplace:Unsubscribe", | |
"aws-marketplace:ViewSubscriptions", | |
"aws-marketplace:GetAgreementRequest", | |
"aws-marketplace:ListAgreementRequests", | |
"aws-marketplace:CancelAgreementRequest" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4MPDTDB3FH", | |
"PolicyName": "AWSDataExchangeFullAccess", | |
"UpdateDate": "2019-11-13T19:27:59+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSDataExchangeProviderFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSDataExchangeProviderFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-13T19:27:55+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"dataexchange:CreateDataSet", | |
"dataexchange:CreateRevision", | |
"dataexchange:Get*", | |
"dataexchange:Update*", | |
"dataexchange:List*", | |
"dataexchange:Delete*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"dataexchange:CreateJob", | |
"dataexchange:StartJob", | |
"dataexchange:CancelJob" | |
], | |
"Condition": { | |
"StringEquals": { | |
"dataexchange:JobType": [ | |
"IMPORT_ASSETS_FROM_S3", | |
"IMPORT_ASSET_FROM_SIGNED_URL", | |
"EXPORT_ASSETS_TO_S3", | |
"EXPORT_ASSET_TO_SIGNED_URL" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "s3:GetObject", | |
"Effect": "Allow", | |
"Resource": "arn:aws:s3:::*aws-data-exchange*" | |
}, | |
{ | |
"Action": "s3:GetObject", | |
"Condition": { | |
"StringEqualsIgnoreCase": { | |
"s3:ExistingObjectTag/AWSDataExchange": "true" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"s3:PutObject", | |
"s3:PutObjectAcl" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:s3:::*aws-data-exchange*" | |
}, | |
{ | |
"Action": [ | |
"s3:GetBucketLocation", | |
"s3:ListBucket", | |
"s3:ListAllMyBuckets" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"aws-marketplace:DescribeEntity", | |
"aws-marketplace:ListEntities", | |
"aws-marketplace:DescribeChangeSet", | |
"aws-marketplace:ListChangeSets", | |
"aws-marketplace:StartChangeSet", | |
"aws-marketplace:CancelChangeSet", | |
"aws-marketplace:GetAgreementApprovalRequest", | |
"aws-marketplace:ListAgreementApprovalRequests", | |
"aws-marketplace:AcceptAgreementApprovalRequest", | |
"aws-marketplace:RejectAgreementApprovalRequest", | |
"aws-marketplace:UpdateAgreementApprovalRequest" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4MQSUGZZPZ", | |
"PolicyName": "AWSDataExchangeProviderFullAccess", | |
"UpdateDate": "2019-11-13T19:27:55+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSDataExchangeReadOnly": { | |
"Arn": "arn:aws:iam::aws:policy/AWSDataExchangeReadOnly", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-13T19:27:37+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"dataexchange:Get*", | |
"dataexchange:List*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"aws-marketplace:ViewSubscriptions", | |
"aws-marketplace:GetAgreementRequest", | |
"aws-marketplace:ListAgreementRequests", | |
"aws-marketplace:GetAgreementApprovalRequest", | |
"aws-marketplace:ListAgreementApprovalRequests", | |
"aws-marketplace:DescribeEntity", | |
"aws-marketplace:ListEntities", | |
"aws-marketplace:DescribeChangeSet", | |
"aws-marketplace:ListChangeSets" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4DQNFEZURI", | |
"PolicyName": "AWSDataExchangeReadOnly", | |
"UpdateDate": "2019-11-13T19:27:37+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSDataExchangeSubscriberFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSDataExchangeSubscriberFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-13T19:27:52+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"dataexchange:Get*", | |
"dataexchange:List*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"dataexchange:CreateJob", | |
"dataexchange:StartJob", | |
"dataexchange:CancelJob" | |
], | |
"Condition": { | |
"StringEquals": { | |
"dataexchange:JobType": [ | |
"EXPORT_ASSETS_TO_S3", | |
"EXPORT_ASSET_TO_SIGNED_URL" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "s3:GetObject", | |
"Effect": "Allow", | |
"Resource": "arn:aws:s3:::*aws-data-exchange*" | |
}, | |
{ | |
"Action": [ | |
"s3:GetBucketLocation", | |
"s3:ListBucket", | |
"s3:ListAllMyBuckets" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"aws-marketplace:Subscribe", | |
"aws-marketplace:Unsubscribe", | |
"aws-marketplace:ViewSubscriptions", | |
"aws-marketplace:GetAgreementRequest", | |
"aws-marketplace:ListAgreementRequests", | |
"aws-marketplace:CancelAgreementRequest" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4MAWRW4GF7", | |
"PolicyName": "AWSDataExchangeSubscriberFullAccess", | |
"UpdateDate": "2019-11-13T19:27:52+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSDataLifecycleManagerServiceRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerServiceRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-05-29T16:44:12+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:CreateSnapshot", | |
"ec2:CreateSnapshots", | |
"ec2:DeleteSnapshot", | |
"ec2:DescribeInstances", | |
"ec2:DescribeVolumes", | |
"ec2:DescribeSnapshots" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"ec2:CreateTags" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:ec2:*::snapshot/*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIZRLOKFUFE7YXQOJS", | |
"PolicyName": "AWSDataLifecycleManagerServiceRole", | |
"UpdateDate": "2019-05-29T16:44:12+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSDataPipelineRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSDataPipelineRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-12-22T23:43:28+00:00", | |
"DefaultVersionId": "v6", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudwatch:*", | |
"datapipeline:DescribeObjects", | |
"datapipeline:EvaluateExpression", | |
"dynamodb:BatchGetItem", | |
"dynamodb:DescribeTable", | |
"dynamodb:GetItem", | |
"dynamodb:Query", | |
"dynamodb:Scan", | |
"dynamodb:UpdateTable", | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:CancelSpotInstanceRequests", | |
"ec2:CreateSecurityGroup", | |
"ec2:CreateTags", | |
"ec2:DeleteTags", | |
"ec2:Describe*", | |
"ec2:ModifyImageAttribute", | |
"ec2:ModifyInstanceAttribute", | |
"ec2:RequestSpotInstances", | |
"ec2:RunInstances", | |
"ec2:StartInstances", | |
"ec2:StopInstances", | |
"ec2:TerminateInstances", | |
"ec2:AuthorizeSecurityGroupEgress", | |
"ec2:DeleteSecurityGroup", | |
"ec2:RevokeSecurityGroupEgress", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:CreateNetworkInterface", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DetachNetworkInterface", | |
"elasticmapreduce:*", | |
"iam:GetInstanceProfile", | |
"iam:GetRole", | |
"iam:GetRolePolicy", | |
"iam:ListAttachedRolePolicies", | |
"iam:ListRolePolicies", | |
"iam:ListInstanceProfiles", | |
"iam:PassRole", | |
"rds:DescribeDBInstances", | |
"rds:DescribeDBSecurityGroups", | |
"redshift:DescribeClusters", | |
"redshift:DescribeClusterSecurityGroups", | |
"s3:CreateBucket", | |
"s3:DeleteObject", | |
"s3:Get*", | |
"s3:List*", | |
"s3:Put*", | |
"sdb:BatchPutAttributes", | |
"sdb:Select*", | |
"sns:GetTopicAttributes", | |
"sns:ListTopics", | |
"sns:Publish", | |
"sns:Subscribe", | |
"sns:Unsubscribe", | |
"sqs:CreateQueue", | |
"sqs:Delete*", | |
"sqs:GetQueue*", | |
"sqs:PurgeQueue", | |
"sqs:ReceiveMessage" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": [ | |
"elasticmapreduce.amazonaws.com", | |
"spot.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIKCP6XS3ESGF4GLO2", | |
"PolicyName": "AWSDataPipelineRole", | |
"UpdateDate": "2017-12-22T23:43:28+00:00", | |
"VersionId": "v6" | |
}, | |
"AWSDataPipeline_FullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSDataPipeline_FullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-08-17T18:48:39+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"s3:List*", | |
"dynamodb:DescribeTable", | |
"rds:DescribeDBInstances", | |
"rds:DescribeDBSecurityGroups", | |
"redshift:DescribeClusters", | |
"redshift:DescribeClusterSecurityGroups", | |
"sns:ListTopics", | |
"sns:Subscribe", | |
"iam:ListRoles", | |
"iam:GetRolePolicy", | |
"iam:GetInstanceProfile", | |
"iam:ListInstanceProfiles", | |
"datapipeline:*" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/DataPipelineDefaultResourceRole", | |
"arn:aws:iam::*:role/DataPipelineDefaultRole" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIXOFIG7RSBMRPHXJ4", | |
"PolicyName": "AWSDataPipeline_FullAccess", | |
"UpdateDate": "2017-08-17T18:48:39+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSDataPipeline_PowerUser": { | |
"Arn": "arn:aws:iam::aws:policy/AWSDataPipeline_PowerUser", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-08-17T18:49:42+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"s3:List*", | |
"dynamodb:DescribeTable", | |
"rds:DescribeDBInstances", | |
"rds:DescribeDBSecurityGroups", | |
"redshift:DescribeClusters", | |
"redshift:DescribeClusterSecurityGroups", | |
"sns:ListTopics", | |
"iam:ListRoles", | |
"iam:GetRolePolicy", | |
"iam:GetInstanceProfile", | |
"iam:ListInstanceProfiles", | |
"datapipeline:*" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/DataPipelineDefaultResourceRole", | |
"arn:aws:iam::*:role/DataPipelineDefaultRole" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIMXGLVY6DVR24VTYS", | |
"PolicyName": "AWSDataPipeline_PowerUser", | |
"UpdateDate": "2017-08-17T18:49:42+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSDataSyncFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSDataSyncFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-01-18T19:40:36+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"datasync:*", | |
"ec2:CreateNetworkInterface", | |
"ec2:CreateNetworkInterfacePermission", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:ModifyNetworkInterfaceAttribute", | |
"elasticfilesystem:DescribeFileSystems", | |
"elasticfilesystem:DescribeMountTargets", | |
"iam:GetRole", | |
"iam:ListRoles", | |
"logs:CreateLogGroup", | |
"logs:DescribeLogGroups", | |
"s3:ListAllMyBuckets", | |
"s3:ListBucket" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringEquals": { | |
"iam:PassedToService": [ | |
"datasync.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJGOHCDUQULZJKDGT4", | |
"PolicyName": "AWSDataSyncFullAccess", | |
"UpdateDate": "2019-01-18T19:40:36+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSDataSyncReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSDataSyncReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-01-18T19:18:44+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"datasync:Describe*", | |
"datasync:List*", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"elasticfilesystem:DescribeFileSystems", | |
"elasticfilesystem:DescribeMountTargets", | |
"iam:GetRole", | |
"iam:ListRoles", | |
"logs:DescribeLogGroups", | |
"s3:ListAllMyBuckets", | |
"s3:ListBucket" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJRYVEZEDR7ZEAGYLY", | |
"PolicyName": "AWSDataSyncReadOnlyAccess", | |
"UpdateDate": "2019-01-18T19:18:44+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSDeepLensLambdaFunctionAccessPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/AWSDeepLensLambdaFunctionAccessPolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-11T23:11:55+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"s3:ListBucket", | |
"s3:GetObject" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::deeplens*/*", | |
"arn:aws:s3:::deeplens*" | |
], | |
"Sid": "DeepLensS3ObjectAccess" | |
}, | |
{ | |
"Action": [ | |
"logs:CreateLogStream", | |
"logs:DescribeLogStreams", | |
"logs:PutLogEvents", | |
"logs:CreateLogGroup" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:logs:*:*:log-group:/aws/greengrass/*", | |
"Sid": "DeepLensGreenGrassCloudWatchAccess" | |
}, | |
{ | |
"Action": [ | |
"deeplens:*" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "DeepLensAccess" | |
}, | |
{ | |
"Action": [ | |
"kinesisvideo:DescribeStream", | |
"kinesisvideo:CreateStream", | |
"kinesisvideo:GetDataEndpoint", | |
"kinesisvideo:PutMedia" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "DeepLensKinesisVideoAccess" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIKIEE4PRM54V4G3ZG", | |
"PolicyName": "AWSDeepLensLambdaFunctionAccessPolicy", | |
"UpdateDate": "2019-06-11T23:11:55+00:00", | |
"VersionId": "v4" | |
}, | |
"AWSDeepLensServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSDeepLensServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-09-25T19:25:06+00:00", | |
"DefaultVersionId": "v6", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iot:CreateThing", | |
"iot:DeleteThing", | |
"iot:DeleteThingShadow", | |
"iot:DescribeThing", | |
"iot:GetThingShadow", | |
"iot:UpdateThing", | |
"iot:UpdateThingShadow" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iot:*:*:thing/deeplens*" | |
], | |
"Sid": "DeepLensIoTThingAccess" | |
}, | |
{ | |
"Action": [ | |
"iot:AttachThingPrincipal", | |
"iot:DetachThingPrincipal", | |
"iot:UpdateCertificate", | |
"iot:DeleteCertificate", | |
"iot:DetachPrincipalPolicy" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iot:*:*:thing/deeplens*", | |
"arn:aws:iot:*:*:cert/*" | |
], | |
"Sid": "DeepLensIoTCertificateAccess" | |
}, | |
{ | |
"Action": [ | |
"iot:CreateKeysAndCertificate", | |
"iot:CreatePolicy", | |
"iot:CreatePolicyVersion" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "DeepLensIoTCreateCertificateAndPolicyAccess" | |
}, | |
{ | |
"Action": [ | |
"iot:AttachPrincipalPolicy" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iot:*:*:policy/deeplens*", | |
"arn:aws:iot:*:*:cert/*" | |
], | |
"Sid": "DeepLensIoTAttachCertificatePolicyAccess" | |
}, | |
{ | |
"Action": [ | |
"iot:GetThingShadow", | |
"iot:UpdateThingShadow" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iot:*:*:thing/deeplens*" | |
], | |
"Sid": "DeepLensIoTDataAccess" | |
}, | |
{ | |
"Action": [ | |
"iot:DescribeEndpoint" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "DeepLensIoTEndpointAccess" | |
}, | |
{ | |
"Action": [ | |
"deeplens:*" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "DeepLensAccess" | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::deeplens*" | |
], | |
"Sid": "DeepLensS3ObjectAccess" | |
}, | |
{ | |
"Action": [ | |
"s3:DeleteBucket", | |
"s3:ListBucket" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::deeplens*" | |
], | |
"Sid": "DeepLensS3Buckets" | |
}, | |
{ | |
"Action": [ | |
"s3:CreateBucket" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "DeepLensCreateS3Buckets" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringEquals": { | |
"iam:PassedToService": [ | |
"greengrass.amazonaws.com", | |
"sagemaker.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "DeepLensIAMPassRoleAccess" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringEqualsIfExists": { | |
"iam:PassedToService": "lambda.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/AWSDeepLens*", | |
"arn:aws:iam::*:role/service-role/AWSDeepLens*" | |
], | |
"Sid": "DeepLensIAMLambdaPassRoleAccess" | |
}, | |
{ | |
"Action": [ | |
"greengrass:AssociateRoleToGroup", | |
"greengrass:AssociateServiceRoleToAccount", | |
"greengrass:CreateResourceDefinition", | |
"greengrass:CreateResourceDefinitionVersion", | |
"greengrass:CreateCoreDefinition", | |
"greengrass:CreateCoreDefinitionVersion", | |
"greengrass:CreateDeployment", | |
"greengrass:CreateFunctionDefinition", | |
"greengrass:CreateFunctionDefinitionVersion", | |
"greengrass:CreateGroup", | |
"greengrass:CreateGroupCertificateAuthority", | |
"greengrass:CreateGroupVersion", | |
"greengrass:CreateLoggerDefinition", | |
"greengrass:CreateLoggerDefinitionVersion", | |
"greengrass:CreateSubscriptionDefinition", | |
"greengrass:CreateSubscriptionDefinitionVersion", | |
"greengrass:DeleteCoreDefinition", | |
"greengrass:DeleteFunctionDefinition", | |
"greengrass:DeleteGroup", | |
"greengrass:DeleteLoggerDefinition", | |
"greengrass:DeleteSubscriptionDefinition", | |
"greengrass:DisassociateRoleFromGroup", | |
"greengrass:DisassociateServiceRoleFromAccount", | |
"greengrass:GetAssociatedRole", | |
"greengrass:GetConnectivityInfo", | |
"greengrass:GetCoreDefinition", | |
"greengrass:GetCoreDefinitionVersion", | |
"greengrass:GetDeploymentStatus", | |
"greengrass:GetDeviceDefinition", | |
"greengrass:GetDeviceDefinitionVersion", | |
"greengrass:GetFunctionDefinition", | |
"greengrass:GetFunctionDefinitionVersion", | |
"greengrass:GetGroup", | |
"greengrass:GetGroupCertificateAuthority", | |
"greengrass:GetGroupCertificateConfiguration", | |
"greengrass:GetGroupVersion", | |
"greengrass:GetLoggerDefinition", | |
"greengrass:GetLoggerDefinitionVersion", | |
"greengrass:GetResourceDefinition", | |
"greengrass:GetServiceRoleForAccount", | |
"greengrass:GetSubscriptionDefinition", | |
"greengrass:GetSubscriptionDefinitionVersion", | |
"greengrass:ListCoreDefinitionVersions", | |
"greengrass:ListCoreDefinitions", | |
"greengrass:ListDeployments", | |
"greengrass:ListDeviceDefinitionVersions", | |
"greengrass:ListDeviceDefinitions", | |
"greengrass:ListFunctionDefinitionVersions", | |
"greengrass:ListFunctionDefinitions", | |
"greengrass:ListGroupCertificateAuthorities", | |
"greengrass:ListGroupVersions", | |
"greengrass:ListGroups", | |
"greengrass:ListLoggerDefinitionVersions", | |
"greengrass:ListLoggerDefinitions", | |
"greengrass:ListSubscriptionDefinitionVersions", | |
"greengrass:ListSubscriptionDefinitions", | |
"greengrass:ResetDeployments", | |
"greengrass:UpdateConnectivityInfo", | |
"greengrass:UpdateCoreDefinition", | |
"greengrass:UpdateDeviceDefinition", | |
"greengrass:UpdateFunctionDefinition", | |
"greengrass:UpdateGroup", | |
"greengrass:UpdateGroupCertificateConfiguration", | |
"greengrass:UpdateLoggerDefinition", | |
"greengrass:UpdateSubscriptionDefinition", | |
"greengrass:UpdateResourceDefinition" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "DeepLensGreenGrassAccess" | |
}, | |
{ | |
"Action": [ | |
"lambda:CreateFunction", | |
"lambda:DeleteFunction", | |
"lambda:GetFunction", | |
"lambda:GetFunctionConfiguration", | |
"lambda:ListFunctions", | |
"lambda:ListVersionsByFunction", | |
"lambda:PublishVersion", | |
"lambda:UpdateFunctionCode", | |
"lambda:UpdateFunctionConfiguration" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:lambda:*:*:function:deeplens*" | |
], | |
"Sid": "DeepLensLambdaAdminFunctionAccess" | |
}, | |
{ | |
"Action": [ | |
"lambda:GetFunction", | |
"lambda:GetFunctionConfiguration", | |
"lambda:ListFunctions", | |
"lambda:ListVersionsByFunction" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:lambda:*:*:function:*" | |
], | |
"Sid": "DeepLensLambdaUsersFunctionAccess" | |
}, | |
{ | |
"Action": [ | |
"sagemaker:CreateTrainingJob", | |
"sagemaker:DescribeTrainingJob", | |
"sagemaker:StopTrainingJob" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:sagemaker:*:*:training-job/deeplens*" | |
], | |
"Sid": "DeepLensSageMakerWriteAccess" | |
}, | |
{ | |
"Action": [ | |
"sagemaker:DescribeTrainingJob" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:sagemaker:*:*:training-job/*" | |
], | |
"Sid": "DeepLensSageMakerReadAccess" | |
}, | |
{ | |
"Action": [ | |
"kinesisvideo:CreateStream", | |
"kinesisvideo:DescribeStream", | |
"kinesisvideo:DeleteStream" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:kinesisvideo:*:*:stream/deeplens*/*" | |
], | |
"Sid": "DeepLensKinesisVideoStreamAccess" | |
}, | |
{ | |
"Action": [ | |
"kinesisvideo:GetDataEndpoint" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "DeepLensKinesisVideoEndpointAccess" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJK2Z2S7FPJFCYGR72", | |
"PolicyName": "AWSDeepLensServiceRolePolicy", | |
"UpdateDate": "2019-09-25T19:25:06+00:00", | |
"VersionId": "v6" | |
}, | |
"AWSDeepRacerCloudFormationAccessPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/AWSDeepRacerCloudFormationAccessPolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-14T17:02:04+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudformation:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"ec2:AllocateAddress", | |
"ec2:AttachInternetGateway", | |
"ec2:AssociateRouteTable", | |
"ec2:AuthorizeSecurityGroupEgress", | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:CreateInternetGateway", | |
"ec2:CreateNatGateway", | |
"ec2:CreateNetworkAcl", | |
"ec2:CreateNetworkAclEntry", | |
"ec2:CreateRoute", | |
"ec2:CreateRouteTable", | |
"ec2:CreateSecurityGroup", | |
"ec2:CreateSubnet", | |
"ec2:CreateTags", | |
"ec2:CreateVpc", | |
"ec2:CreateVpcEndpoint", | |
"ec2:DeleteInternetGateway", | |
"ec2:DeleteNatGateway", | |
"ec2:DeleteNetworkAcl", | |
"ec2:DeleteNetworkAclEntry", | |
"ec2:DeleteRoute", | |
"ec2:DeleteRouteTable", | |
"ec2:DeleteSecurityGroup", | |
"ec2:DeleteSubnet", | |
"ec2:DeleteTags", | |
"ec2:DeleteVpc", | |
"ec2:DeleteVpcEndpoints", | |
"ec2:DescribeAddresses", | |
"ec2:DescribeInternetGateways", | |
"ec2:DescribeNatGateways", | |
"ec2:DescribeNetworkAcls", | |
"ec2:DescribeRouteTables", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeTags", | |
"ec2:DescribeVpcEndpoints", | |
"ec2:DescribeVpcs", | |
"ec2:DetachInternetGateway", | |
"ec2:DisassociateRouteTable", | |
"ec2:ModifySubnetAttribute", | |
"ec2:ModifyVpcAttribute", | |
"ec2:ReleaseAddress", | |
"ec2:ReplaceNetworkAclAssociation", | |
"ec2:RevokeSecurityGroupEgress", | |
"ec2:RevokeSecurityGroupIngress" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringLikeIfExists": { | |
"iam:PassedToService": "lambda.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/service-role/AWSDeepRacerLambdaAccessRole" | |
}, | |
{ | |
"Action": [ | |
"lambda:CreateFunction", | |
"lambda:GetFunction", | |
"lambda:DeleteFunction", | |
"lambda:TagResource", | |
"lambda:UpdateFunctionCode" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:lambda:*:*:function:*DeepRacer*", | |
"arn:aws:lambda:*:*:function:*Deepracer*", | |
"arn:aws:lambda:*:*:function:*deepracer*" | |
] | |
}, | |
{ | |
"Action": [ | |
"s3:PutBucketPolicy", | |
"s3:CreateBucket", | |
"s3:ListBucket", | |
"s3:GetBucketAcl", | |
"s3:DeleteBucket" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::*DeepRacer*", | |
"arn:aws:s3:::*Deepracer*", | |
"arn:aws:s3:::*deepracer*" | |
] | |
}, | |
{ | |
"Action": [ | |
"robomaker:CreateSimulationApplication", | |
"robomaker:CreateSimulationApplicationVersion", | |
"robomaker:DeleteSimulationApplication", | |
"robomaker:DescribeSimulationApplication", | |
"robomaker:ListSimulationApplications", | |
"robomaker:TagResource", | |
"robomaker:UpdateSimulationApplication" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:robomaker:*:*:/createSimulationApplication", | |
"arn:aws:robomaker:*:*:simulation-application/deepracer*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJYG7FM75UF5CW5ICS", | |
"PolicyName": "AWSDeepRacerCloudFormationAccessPolicy", | |
"UpdateDate": "2019-06-14T17:02:04+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSDeepRacerRoboMakerAccessPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/AWSDeepRacerRoboMakerAccessPolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-02-28T21:59:58+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"robomaker:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"cloudwatch:PutMetricData", | |
"ec2:CreateNetworkInterfacePermission", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeVpcs" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"logs:CreateLogGroup", | |
"logs:CreateLogStream", | |
"logs:DescribeLogStreams", | |
"logs:PutLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:logs:*:*:log-group:/aws/robomaker/SimulationJobs", | |
"arn:aws:logs:*:*:log-group:/aws/robomaker/SimulationJobs:log-stream:*" | |
] | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject", | |
"s3:GetBucketLocation", | |
"s3:ListBucket", | |
"s3:ListAllMyBuckets", | |
"s3:PutObject" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::*DeepRacer*", | |
"arn:aws:s3:::*Deepracer*", | |
"arn:aws:s3:::*deepracer*", | |
"arn:aws:s3:::dr-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject" | |
], | |
"Condition": { | |
"StringEqualsIgnoreCase": { | |
"s3:ExistingObjectTag/DeepRacer": "true" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"kinesisvideo:CreateStream", | |
"kinesisvideo:DescribeStream", | |
"kinesisvideo:GetDataEndpoint", | |
"kinesisvideo:PutMedia", | |
"kinesisvideo:TagStream" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:kinesisvideo:*:*:stream/dr-*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIUKGYRTDCUFOMRGAM", | |
"PolicyName": "AWSDeepRacerRoboMakerAccessPolicy", | |
"UpdateDate": "2019-02-28T21:59:58+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSDeepRacerServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSDeepRacerServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-12T20:55:34+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"deepracer:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"robomaker:*", | |
"sagemaker:*", | |
"s3:ListAllMyBuckets" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"cloudformation:ListStackResources", | |
"cloudformation:DescribeStacks", | |
"cloudformation:CreateStack", | |
"cloudformation:DeleteStack", | |
"cloudformation:DescribeStackResource", | |
"cloudformation:DescribeStackResources", | |
"cloudformation:DescribeStackEvents", | |
"cloudformation:DetectStackDrift", | |
"cloudformation:DescribeStackDriftDetectionStatus", | |
"cloudformation:DescribeStackResourceDrifts" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringEquals": { | |
"iam:AWSServiceName": "robomaker.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/AWSDeepRacer*", | |
"arn:aws:iam::*:role/service-role/AWSDeepRacer*" | |
] | |
}, | |
{ | |
"Action": [ | |
"cloudwatch:GetMetricData", | |
"logs:CreateLogGroup", | |
"logs:CreateLogStream", | |
"logs:DescribeLogStreams", | |
"logs:GetLogEvents", | |
"logs:PutLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"lambda:CreateFunction", | |
"lambda:DeleteFunction", | |
"lambda:GetFunction", | |
"lambda:InvokeFunction", | |
"lambda:UpdateFunctionCode" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:lambda:*:*:function:*DeepRacer*", | |
"arn:aws:lambda:*:*:function:*Deepracer*", | |
"arn:aws:lambda:*:*:function:*deepracer*", | |
"arn:aws:lambda:*:*:function:*dr-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject", | |
"s3:GetBucketLocation", | |
"s3:DeleteObject", | |
"s3:ListBucket", | |
"s3:PutObject", | |
"s3:PutBucketPolicy", | |
"s3:GetBucketAcl" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::*DeepRacer*", | |
"arn:aws:s3:::*Deepracer*", | |
"arn:aws:s3:::*deepracer*", | |
"arn:aws:s3:::dr-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject" | |
], | |
"Condition": { | |
"StringEqualsIgnoreCase": { | |
"s3:ExistingObjectTag/DeepRacer": "true" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"kinesisvideo:CreateStream", | |
"kinesisvideo:DeleteStream", | |
"kinesisvideo:DescribeStream", | |
"kinesisvideo:GetDataEndpoint", | |
"kinesisvideo:GetHLSStreamingSessionURL", | |
"kinesisvideo:GetMedia", | |
"kinesisvideo:PutMedia", | |
"kinesisvideo:TagStream" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:kinesisvideo:*:*:stream/dr-*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJTUAQLIAVBJ7LZ32S", | |
"PolicyName": "AWSDeepRacerServiceRolePolicy", | |
"UpdateDate": "2019-06-12T20:55:34+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSDenyAll": { | |
"Arn": "arn:aws:iam::aws:policy/AWSDenyAll", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-05-01T22:36:14+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"*" | |
], | |
"Effect": "Deny", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4P43IUQ5E5", | |
"PolicyName": "AWSDenyAll", | |
"UpdateDate": "2019-05-01T22:36:14+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSDeviceFarmFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSDeviceFarmFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-07-13T16:37:38+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"devicefarm:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJO7KEDP4VYJPNT5UW", | |
"PolicyName": "AWSDeviceFarmFullAccess", | |
"UpdateDate": "2015-07-13T16:37:38+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSDirectConnectFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSDirectConnectFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-04-30T15:29:29+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"directconnect:*", | |
"ec2:DescribeVpnGateways", | |
"ec2:DescribeTransitGateways" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJQF2QKZSK74KTIHOW", | |
"PolicyName": "AWSDirectConnectFullAccess", | |
"UpdateDate": "2019-04-30T15:29:29+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSDirectConnectReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSDirectConnectReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-04-30T15:23:18+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"directconnect:Describe*", | |
"ec2:DescribeVpnGateways", | |
"ec2:DescribeTransitGateways" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI23HZ27SI6FQMGNQ2", | |
"PolicyName": "AWSDirectConnectReadOnlyAccess", | |
"UpdateDate": "2019-04-30T15:23:18+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSDirectoryServiceFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-02-05T20:29:43+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ds:*", | |
"ec2:AuthorizeSecurityGroupEgress", | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:CreateNetworkInterface", | |
"ec2:CreateSecurityGroup", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DeleteSecurityGroup", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"ec2:RevokeSecurityGroupEgress", | |
"ec2:RevokeSecurityGroupIngress", | |
"ec2:DescribeSecurityGroups", | |
"sns:GetTopicAttributes", | |
"sns:ListSubscriptions", | |
"sns:ListSubscriptionsByTopic", | |
"sns:ListTopics", | |
"iam:ListRoles", | |
"organizations:ListAccountsForParent", | |
"organizations:ListRoots", | |
"organizations:ListAccounts", | |
"organizations:DescribeOrganization", | |
"organizations:DescribeAccount", | |
"organizations:ListOrganizationalUnitsForParent", | |
"organizations:ListAWSServiceAccessForOrganization" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"sns:CreateTopic", | |
"sns:DeleteTopic", | |
"sns:SetTopicAttributes", | |
"sns:Subscribe", | |
"sns:Unsubscribe" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:sns:*:*:DirectoryMonitoring*" | |
}, | |
{ | |
"Action": [ | |
"organizations:EnableAWSServiceAccess", | |
"organizations:DisableAWSServiceAccess" | |
], | |
"Condition": { | |
"ForAllValues:StringLike": { | |
"organizations:ServicePrincipal": [ | |
"ds.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"ec2:CreateTags", | |
"ec2:DeleteTags" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:ec2:*:*:network-interface/*", | |
"arn:aws:ec2:*:*:security-group/*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAINAW5ANUWTH3R4ANI", | |
"PolicyName": "AWSDirectoryServiceFullAccess", | |
"UpdateDate": "2019-02-05T20:29:43+00:00", | |
"VersionId": "v4" | |
}, | |
"AWSDirectoryServiceReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSDirectoryServiceReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-09-25T21:54:01+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ds:Check*", | |
"ds:Describe*", | |
"ds:Get*", | |
"ds:List*", | |
"ds:Verify*", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"sns:ListTopics", | |
"sns:GetTopicAttributes", | |
"sns:ListSubscriptions", | |
"sns:ListSubscriptionsByTopic", | |
"organizations:DescribeAccount", | |
"organizations:DescribeOrganization", | |
"organizations:ListAWSServiceAccessForOrganization" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIHWYO6WSDNCG64M2W", | |
"PolicyName": "AWSDirectoryServiceReadOnlyAccess", | |
"UpdateDate": "2018-09-25T21:54:01+00:00", | |
"VersionId": "v4" | |
}, | |
"AWSDiscoveryContinuousExportFirehosePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/AWSDiscoveryContinuousExportFirehosePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-08-09T18:29:39+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"glue:GetTableVersions" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"s3:AbortMultipartUpload", | |
"s3:GetBucketLocation", | |
"s3:GetObject", | |
"s3:ListBucket", | |
"s3:ListBucketMultipartUploads", | |
"s3:PutObject" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::aws-application-discovery-service-*", | |
"arn:aws:s3:::aws-application-discovery-service-*/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"logs:PutLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:logs:*:*:log-group:/aws/application-discovery-service/firehose:log-stream:*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIX6FHUTEUNXYDFZ7C", | |
"PolicyName": "AWSDiscoveryContinuousExportFirehosePolicy", | |
"UpdateDate": "2018-08-09T18:29:39+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSEC2FleetServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2FleetServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-04-19T21:37:07+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:DescribeImages", | |
"ec2:DescribeSubnets", | |
"ec2:RequestSpotInstances", | |
"ec2:DescribeInstanceStatus", | |
"ec2:RunInstances" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:CreateServiceLinkedRole" | |
], | |
"Condition": { | |
"StringEquals": { | |
"iam:AWSServiceName": "spot.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "EC2SpotManagement" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringEquals": { | |
"iam:PassedToService": [ | |
"ec2.amazonaws.com", | |
"ec2.amazonaws.com.cn" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ec2:CreateTags" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:ec2:*:*:instance/*", | |
"arn:aws:ec2:*:*:spot-instances-request/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ec2:TerminateInstances" | |
], | |
"Condition": { | |
"StringLike": { | |
"ec2:ResourceTag/aws:ec2:fleet-id": "*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJCL355O4TC27CPKVC", | |
"PolicyName": "AWSEC2FleetServiceRolePolicy", | |
"UpdateDate": "2018-04-19T21:37:07+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSEC2SpotFleetServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotFleetServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-03-28T19:04:33+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:DescribeImages", | |
"ec2:DescribeSubnets", | |
"ec2:RequestSpotInstances", | |
"ec2:DescribeInstanceStatus", | |
"ec2:RunInstances" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringEquals": { | |
"iam:PassedToService": [ | |
"ec2.amazonaws.com", | |
"ec2.amazonaws.com.cn" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ec2:CreateTags" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:ec2:*:*:instance/*", | |
"arn:aws:ec2:*:*:spot-instances-request/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ec2:TerminateInstances" | |
], | |
"Condition": { | |
"StringLike": { | |
"ec2:ResourceTag/aws:ec2spot:fleet-request-id": "*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAILWCVTZD57EMYWMBO", | |
"PolicyName": "AWSEC2SpotFleetServiceRolePolicy", | |
"UpdateDate": "2018-03-28T19:04:33+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSEC2SpotServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotServiceRolePolicy", | |
"AttachmentCount": 1, | |
"CreateDate": "2018-12-12T00:13:51+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:DescribeInstances", | |
"ec2:StartInstances", | |
"ec2:StopInstances", | |
"ec2:RunInstances" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ec2:RunInstances" | |
], | |
"Condition": { | |
"StringNotEquals": { | |
"ec2:InstanceMarketType": "spot" | |
} | |
}, | |
"Effect": "Deny", | |
"Resource": [ | |
"arn:aws:ec2:*:*:instance/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringEquals": { | |
"iam:PassedToService": [ | |
"ec2.amazonaws.com", | |
"ec2.amazonaws.com.cn" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ec2:CreateTags" | |
], | |
"Condition": { | |
"StringEquals": { | |
"ec2:CreateAction": "RunInstances" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIZJJBQNXQYVKTEXGM", | |
"PolicyName": "AWSEC2SpotServiceRolePolicy", | |
"UpdateDate": "2018-12-12T00:13:51+00:00", | |
"VersionId": "v4" | |
}, | |
"AWSElasticBeanstalkCustomPlatformforEC2Role": { | |
"Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkCustomPlatformforEC2Role", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-02-21T22:50:30+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:AttachVolume", | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:CopyImage", | |
"ec2:CreateImage", | |
"ec2:CreateKeypair", | |
"ec2:CreateSecurityGroup", | |
"ec2:CreateSnapshot", | |
"ec2:CreateTags", | |
"ec2:CreateVolume", | |
"ec2:DeleteKeypair", | |
"ec2:DeleteSecurityGroup", | |
"ec2:DeleteSnapshot", | |
"ec2:DeleteVolume", | |
"ec2:DeregisterImage", | |
"ec2:DescribeImageAttribute", | |
"ec2:DescribeImages", | |
"ec2:DescribeInstances", | |
"ec2:DescribeRegions", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSnapshots", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeTags", | |
"ec2:DescribeVolumes", | |
"ec2:DetachVolume", | |
"ec2:GetPasswordData", | |
"ec2:ModifyImageAttribute", | |
"ec2:ModifyInstanceAttribute", | |
"ec2:ModifySnapshotAttribute", | |
"ec2:RegisterImage", | |
"ec2:RunInstances", | |
"ec2:StopInstances", | |
"ec2:TerminateInstances" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "EC2Access" | |
}, | |
{ | |
"Action": [ | |
"s3:Get*", | |
"s3:List*", | |
"s3:PutObject" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::elasticbeanstalk-*", | |
"arn:aws:s3:::elasticbeanstalk-*/*" | |
], | |
"Sid": "BucketAccess" | |
}, | |
{ | |
"Action": [ | |
"logs:CreateLogGroup", | |
"logs:CreateLogStream", | |
"logs:PutLogEvents", | |
"logs:DescribeLogStreams" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/platform/*", | |
"Sid": "CloudWatchLogsAccess" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJRVFXSS6LEIQGBKDY", | |
"PolicyName": "AWSElasticBeanstalkCustomPlatformforEC2Role", | |
"UpdateDate": "2017-02-21T22:50:30+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSElasticBeanstalkEnhancedHealth": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkEnhancedHealth", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-04-09T22:12:53+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"elasticloadbalancing:DescribeInstanceHealth", | |
"elasticloadbalancing:DescribeLoadBalancers", | |
"elasticloadbalancing:DescribeTargetHealth", | |
"ec2:DescribeInstances", | |
"ec2:DescribeInstanceStatus", | |
"ec2:GetConsoleOutput", | |
"ec2:AssociateAddress", | |
"ec2:DescribeAddresses", | |
"ec2:DescribeSecurityGroups", | |
"sqs:GetQueueAttributes", | |
"sqs:GetQueueUrl", | |
"autoscaling:DescribeAutoScalingGroups", | |
"autoscaling:DescribeAutoScalingInstances", | |
"autoscaling:DescribeScalingActivities", | |
"autoscaling:DescribeNotificationConfigurations", | |
"sns:Publish" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"logs:DescribeLogStreams", | |
"logs:CreateLogStream", | |
"logs:PutLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*:log-stream:*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIH5EFJNMOGUUTKLFE", | |
"PolicyName": "AWSElasticBeanstalkEnhancedHealth", | |
"UpdateDate": "2018-04-09T22:12:53+00:00", | |
"VersionId": "v4" | |
}, | |
"AWSElasticBeanstalkFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-07-10T19:27:59+00:00", | |
"DefaultVersionId": "v8", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"elasticbeanstalk:*", | |
"ec2:*", | |
"ecs:*", | |
"ecr:*", | |
"elasticloadbalancing:*", | |
"autoscaling:*", | |
"cloudwatch:*", | |
"s3:*", | |
"sns:*", | |
"cloudformation:*", | |
"dynamodb:*", | |
"rds:*", | |
"sqs:*", | |
"logs:*", | |
"iam:GetPolicyVersion", | |
"iam:GetRole", | |
"iam:PassRole", | |
"iam:ListRolePolicies", | |
"iam:ListAttachedRolePolicies", | |
"iam:ListInstanceProfiles", | |
"iam:ListRoles", | |
"iam:ListServerCertificates", | |
"acm:DescribeCertificate", | |
"acm:ListCertificates", | |
"codebuild:CreateProject", | |
"codebuild:DeleteProject", | |
"codebuild:BatchGetBuilds", | |
"codebuild:StartBuild" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:AddRoleToInstanceProfile", | |
"iam:CreateInstanceProfile", | |
"iam:CreateRole" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/aws-elasticbeanstalk*", | |
"arn:aws:iam::*:instance-profile/aws-elasticbeanstalk*" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:CreateServiceLinkedRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": "autoscaling.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling*" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:CreateServiceLinkedRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": "elasticbeanstalk.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:CreateServiceLinkedRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing*" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:AttachRolePolicy" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:PolicyArn": [ | |
"arn:aws:iam::aws:policy/AWSElasticBeanstalk*", | |
"arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalk*" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-elasticbeanstalk*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIZYX2YLLBW2LJVUFW", | |
"PolicyName": "AWSElasticBeanstalkFullAccess", | |
"UpdateDate": "2019-07-10T19:27:59+00:00", | |
"VersionId": "v8" | |
}, | |
"AWSElasticBeanstalkMaintenance": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkMaintenance", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-04T17:48:27+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudformation:CreateChangeSet", | |
"cloudformation:DescribeChangeSet", | |
"cloudformation:ExecuteChangeSet", | |
"cloudformation:DeleteChangeSet", | |
"cloudformation:ListChangeSets", | |
"cloudformation:DescribeStacks" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:cloudformation:*:*:stack/awseb-*", | |
"arn:aws:cloudformation:*:*:stack/eb-*" | |
], | |
"Sid": "AllowCloudformationChangeSetOperationsOnElasticBeanstalkStacks" | |
}, | |
{ | |
"Action": "elasticloadbalancing:DescribeLoadBalancers", | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "AllowElasticBeanstalkStacksUpdateExecuteSuccessfully" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJQPH22XGBH2VV2LSW", | |
"PolicyName": "AWSElasticBeanstalkMaintenance", | |
"UpdateDate": "2019-06-04T17:48:27+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSElasticBeanstalkMulticontainerDocker": { | |
"Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-06-06T23:45:37+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ecs:Poll", | |
"ecs:StartTask", | |
"ecs:StopTask", | |
"ecs:DiscoverPollEndpoint", | |
"ecs:StartTelemetrySession", | |
"ecs:RegisterContainerInstance", | |
"ecs:DeregisterContainerInstance", | |
"ecs:DescribeContainerInstances", | |
"ecs:Submit*", | |
"ecs:DescribeTasks" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "ECSAccess" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ45SBYG72SD6SHJEY", | |
"PolicyName": "AWSElasticBeanstalkMulticontainerDocker", | |
"UpdateDate": "2016-06-06T23:45:37+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSElasticBeanstalkReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-02-06T18:40:19+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"elasticbeanstalk:Check*", | |
"elasticbeanstalk:Describe*", | |
"elasticbeanstalk:List*", | |
"elasticbeanstalk:RequestEnvironmentInfo", | |
"elasticbeanstalk:RetrieveEnvironmentInfo", | |
"ec2:Describe*", | |
"elasticloadbalancing:Describe*", | |
"autoscaling:Describe*", | |
"cloudwatch:Describe*", | |
"cloudwatch:List*", | |
"cloudwatch:Get*", | |
"s3:Get*", | |
"s3:List*", | |
"sns:Get*", | |
"sns:List*", | |
"cloudformation:Describe*", | |
"cloudformation:Get*", | |
"cloudformation:List*", | |
"cloudformation:Validate*", | |
"cloudformation:Estimate*", | |
"rds:Describe*", | |
"sqs:Get*", | |
"sqs:List*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI47KNGXDAXFD4SDHG", | |
"PolicyName": "AWSElasticBeanstalkReadOnlyAccess", | |
"UpdateDate": "2015-02-06T18:40:19+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSElasticBeanstalkService": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-14T23:18:46+00:00", | |
"DefaultVersionId": "v16", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudformation:*" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:cloudformation:*:*:stack/awseb-*", | |
"arn:aws:cloudformation:*:*:stack/eb-*" | |
], | |
"Sid": "AllowCloudformationOperationsOnElasticBeanstalkStacks" | |
}, | |
{ | |
"Action": [ | |
"logs:DeleteLogGroup" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*" | |
], | |
"Sid": "AllowDeleteCloudwatchLogGroups" | |
}, | |
{ | |
"Action": [ | |
"s3:*" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::elasticbeanstalk-*", | |
"arn:aws:s3:::elasticbeanstalk-*/*" | |
], | |
"Sid": "AllowS3OperationsOnElasticBeanstalkBuckets" | |
}, | |
{ | |
"Action": "ec2:RunInstances", | |
"Condition": { | |
"ArnLike": { | |
"ec2:LaunchTemplate": "arn:aws:ec2:*:*:launch-template/*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "AllowLaunchTemplateRunInstances" | |
}, | |
{ | |
"Action": [ | |
"autoscaling:AttachInstances", | |
"autoscaling:CreateAutoScalingGroup", | |
"autoscaling:CreateLaunchConfiguration", | |
"autoscaling:DeleteLaunchConfiguration", | |
"autoscaling:DeleteAutoScalingGroup", | |
"autoscaling:DeleteScheduledAction", | |
"autoscaling:DescribeAccountLimits", | |
"autoscaling:DescribeAutoScalingGroups", | |
"autoscaling:DescribeAutoScalingInstances", | |
"autoscaling:DescribeLaunchConfigurations", | |
"autoscaling:DescribeLoadBalancers", | |
"autoscaling:DescribeNotificationConfigurations", | |
"autoscaling:DescribeScalingActivities", | |
"autoscaling:DescribeScheduledActions", | |
"autoscaling:DetachInstances", | |
"autoscaling:DeletePolicy", | |
"autoscaling:PutScalingPolicy", | |
"autoscaling:PutScheduledUpdateGroupAction", | |
"autoscaling:PutNotificationConfiguration", | |
"autoscaling:ResumeProcesses", | |
"autoscaling:SetDesiredCapacity", | |
"autoscaling:SuspendProcesses", | |
"autoscaling:TerminateInstanceInAutoScalingGroup", | |
"autoscaling:UpdateAutoScalingGroup", | |
"cloudwatch:PutMetricAlarm", | |
"ec2:AssociateAddress", | |
"ec2:AllocateAddress", | |
"ec2:AuthorizeSecurityGroupEgress", | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:CreateLaunchTemplate", | |
"ec2:CreateLaunchTemplateVersion", | |
"ec2:DescribeLaunchTemplates", | |
"ec2:DescribeLaunchTemplateVersions", | |
"ec2:DeleteLaunchTemplate", | |
"ec2:DeleteLaunchTemplateVersions", | |
"ec2:CreateSecurityGroup", | |
"ec2:DeleteSecurityGroup", | |
"ec2:DescribeAccountAttributes", | |
"ec2:DescribeAddresses", | |
"ec2:DescribeImages", | |
"ec2:DescribeInstances", | |
"ec2:DescribeKeyPairs", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSnapshots", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeInstanceAttribute", | |
"ec2:DescribeSpotInstanceRequests", | |
"ec2:DescribeVpcClassicLink", | |
"ec2:DisassociateAddress", | |
"ec2:ReleaseAddress", | |
"ec2:RevokeSecurityGroupEgress", | |
"ec2:RevokeSecurityGroupIngress", | |
"ec2:TerminateInstances", | |
"ecs:CreateCluster", | |
"ecs:DeleteCluster", | |
"ecs:DescribeClusters", | |
"ecs:RegisterTaskDefinition", | |
"elasticbeanstalk:*", | |
"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", | |
"elasticloadbalancing:ConfigureHealthCheck", | |
"elasticloadbalancing:CreateLoadBalancer", | |
"elasticloadbalancing:DeleteLoadBalancer", | |
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer", | |
"elasticloadbalancing:DescribeInstanceHealth", | |
"elasticloadbalancing:DescribeLoadBalancers", | |
"elasticloadbalancing:DescribeTargetHealth", | |
"elasticloadbalancing:RegisterInstancesWithLoadBalancer", | |
"elasticloadbalancing:DescribeTargetGroups", | |
"elasticloadbalancing:RegisterTargets", | |
"elasticloadbalancing:DeregisterTargets", | |
"iam:ListRoles", | |
"iam:PassRole", | |
"logs:CreateLogGroup", | |
"logs:PutRetentionPolicy", | |
"logs:DescribeLogGroups", | |
"rds:DescribeDBEngineVersions", | |
"rds:DescribeDBInstances", | |
"rds:DescribeOrderableDBInstanceOptions", | |
"s3:GetObject", | |
"s3:GetObjectAcl", | |
"s3:ListBucket", | |
"sns:CreateTopic", | |
"sns:GetTopicAttributes", | |
"sns:ListSubscriptionsByTopic", | |
"sns:Subscribe", | |
"sns:SetTopicAttributes", | |
"sqs:GetQueueAttributes", | |
"sqs:GetQueueUrl", | |
"codebuild:CreateProject", | |
"codebuild:DeleteProject", | |
"codebuild:BatchGetBuilds", | |
"codebuild:StartBuild" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "AllowOperations" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJKQ5SN74ZQ4WASXBM", | |
"PolicyName": "AWSElasticBeanstalkService", | |
"UpdateDate": "2019-06-14T23:18:46+00:00", | |
"VersionId": "v16" | |
}, | |
"AWSElasticBeanstalkServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-06T21:59:51+00:00", | |
"DefaultVersionId": "v6", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudformation:DescribeStackResource", | |
"cloudformation:DescribeStackResources", | |
"cloudformation:DescribeStacks" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:cloudformation:*:*:stack/awseb-*", | |
"arn:aws:cloudformation:*:*:stack/eb-*" | |
], | |
"Sid": "AllowCloudformationReadOperationsOnElasticBeanstalkStacks" | |
}, | |
{ | |
"Action": [ | |
"autoscaling:DescribeAutoScalingGroups", | |
"autoscaling:DescribeAutoScalingInstances", | |
"autoscaling:DescribeNotificationConfigurations", | |
"autoscaling:DescribeScalingActivities", | |
"autoscaling:PutNotificationConfiguration", | |
"ec2:DescribeInstanceStatus", | |
"ec2:AssociateAddress", | |
"ec2:DescribeAddresses", | |
"ec2:DescribeInstances", | |
"ec2:DescribeSecurityGroups", | |
"elasticloadbalancing:DescribeInstanceHealth", | |
"elasticloadbalancing:DescribeLoadBalancers", | |
"elasticloadbalancing:DescribeTargetHealth", | |
"elasticloadbalancing:DescribeTargetGroups", | |
"lambda:GetFunction", | |
"sqs:GetQueueAttributes", | |
"sqs:GetQueueUrl", | |
"sns:Publish" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "AllowOperations" | |
}, | |
{ | |
"Action": [ | |
"logs:CreateLogStream", | |
"logs:DescribeLogGroups", | |
"logs:DescribeLogStreams", | |
"logs:DeleteLogGroup", | |
"logs:PutLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*", | |
"Sid": "AllowOperationsOnHealthStreamingLogs" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIID62QSI3OSIPQXTM", | |
"PolicyName": "AWSElasticBeanstalkServiceRolePolicy", | |
"UpdateDate": "2019-06-06T21:59:51+00:00", | |
"VersionId": "v6" | |
}, | |
"AWSElasticBeanstalkWebTier": { | |
"Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-03-01T00:04:49+00:00", | |
"DefaultVersionId": "v6", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"s3:Get*", | |
"s3:List*", | |
"s3:PutObject" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::elasticbeanstalk-*", | |
"arn:aws:s3:::elasticbeanstalk-*/*" | |
], | |
"Sid": "BucketAccess" | |
}, | |
{ | |
"Action": [ | |
"xray:PutTraceSegments", | |
"xray:PutTelemetryRecords", | |
"xray:GetSamplingRules", | |
"xray:GetSamplingTargets", | |
"xray:GetSamplingStatisticSummaries" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "XRayAccess" | |
}, | |
{ | |
"Action": [ | |
"logs:PutLogEvents", | |
"logs:CreateLogStream", | |
"logs:DescribeLogStreams", | |
"logs:DescribeLogGroups" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*" | |
], | |
"Sid": "CloudWatchLogsAccess" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIUF4325SJYOREKW3A", | |
"PolicyName": "AWSElasticBeanstalkWebTier", | |
"UpdateDate": "2019-03-01T00:04:49+00:00", | |
"VersionId": "v6" | |
}, | |
"AWSElasticBeanstalkWorkerTier": { | |
"Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-03-01T00:07:00+00:00", | |
"DefaultVersionId": "v5", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudwatch:PutMetricData" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "MetricsAccess" | |
}, | |
{ | |
"Action": [ | |
"xray:PutTraceSegments", | |
"xray:PutTelemetryRecords", | |
"xray:GetSamplingRules", | |
"xray:GetSamplingTargets", | |
"xray:GetSamplingStatisticSummaries" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "XRayAccess" | |
}, | |
{ | |
"Action": [ | |
"sqs:ChangeMessageVisibility", | |
"sqs:DeleteMessage", | |
"sqs:ReceiveMessage", | |
"sqs:SendMessage" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "QueueAccess" | |
}, | |
{ | |
"Action": [ | |
"s3:Get*", | |
"s3:List*", | |
"s3:PutObject" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::elasticbeanstalk-*", | |
"arn:aws:s3:::elasticbeanstalk-*/*" | |
], | |
"Sid": "BucketAccess" | |
}, | |
{ | |
"Action": [ | |
"dynamodb:BatchGetItem", | |
"dynamodb:BatchWriteItem", | |
"dynamodb:DeleteItem", | |
"dynamodb:GetItem", | |
"dynamodb:PutItem", | |
"dynamodb:Query", | |
"dynamodb:Scan", | |
"dynamodb:UpdateItem" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:dynamodb:*:*:table/*-stack-AWSEBWorkerCronLeaderRegistry*" | |
], | |
"Sid": "DynamoPeriodicTasks" | |
}, | |
{ | |
"Action": [ | |
"logs:PutLogEvents", | |
"logs:CreateLogStream" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*" | |
], | |
"Sid": "CloudWatchLogsAccess" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJQDLBRSJVKVF4JMSK", | |
"PolicyName": "AWSElasticBeanstalkWorkerTier", | |
"UpdateDate": "2019-03-01T00:07:00+00:00", | |
"VersionId": "v5" | |
}, | |
"AWSElasticLoadBalancingClassicServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticLoadBalancingClassicServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-07T23:04:27+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:DescribeAddresses", | |
"ec2:DescribeInstances", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeInternetGateways", | |
"ec2:DescribeAccountAttributes", | |
"ec2:DescribeClassicLinkInstances", | |
"ec2:DescribeVpcClassicLink", | |
"ec2:CreateSecurityGroup", | |
"ec2:CreateNetworkInterface", | |
"ec2:DeleteNetworkInterface", | |
"ec2:ModifyNetworkInterfaceAttribute", | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:AssociateAddress", | |
"ec2:DisassociateAddress", | |
"ec2:AttachNetworkInterface", | |
"ec2:DetachNetworkInterface", | |
"ec2:AssignPrivateIpAddresses", | |
"ec2:AssignIpv6Addresses", | |
"ec2:UnassignIpv6Addresses" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIUMWW3QP7DPZPNVU4", | |
"PolicyName": "AWSElasticLoadBalancingClassicServiceRolePolicy", | |
"UpdateDate": "2019-10-07T23:04:27+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSElasticLoadBalancingServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticLoadBalancingServiceRolePolicy", | |
"AttachmentCount": 1, | |
"CreateDate": "2019-10-07T22:55:16+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:DescribeAddresses", | |
"ec2:DescribeInstances", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeInternetGateways", | |
"ec2:DescribeAccountAttributes", | |
"ec2:DescribeClassicLinkInstances", | |
"ec2:DescribeVpcClassicLink", | |
"ec2:CreateSecurityGroup", | |
"ec2:CreateNetworkInterface", | |
"ec2:DeleteNetworkInterface", | |
"ec2:ModifyNetworkInterfaceAttribute", | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:AssociateAddress", | |
"ec2:DisassociateAddress", | |
"ec2:AttachNetworkInterface", | |
"ec2:DetachNetworkInterface", | |
"ec2:AssignPrivateIpAddresses", | |
"ec2:AssignIpv6Addresses", | |
"ec2:UnassignIpv6Addresses", | |
"logs:CreateLogDelivery", | |
"logs:GetLogDelivery", | |
"logs:UpdateLogDelivery", | |
"logs:DeleteLogDelivery", | |
"logs:ListLogDeliveries" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIMHWGGSRHLOQUICJQ", | |
"PolicyName": "AWSElasticLoadBalancingServiceRolePolicy", | |
"UpdateDate": "2019-10-07T22:55:16+00:00", | |
"VersionId": "v4" | |
}, | |
"AWSElementalMediaConvertFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSElementalMediaConvertFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-10T22:52:25+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"mediaconvert:*", | |
"s3:ListAllMyBuckets", | |
"s3:ListBucket" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": [ | |
"mediaconvert.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIXDREOCL6LV7RBJWC", | |
"PolicyName": "AWSElementalMediaConvertFullAccess", | |
"UpdateDate": "2019-06-10T22:52:25+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSElementalMediaConvertReadOnly": { | |
"Arn": "arn:aws:iam::aws:policy/AWSElementalMediaConvertReadOnly", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-10T22:52:18+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"mediaconvert:Get*", | |
"mediaconvert:List*", | |
"mediaconvert:DescribeEndpoints", | |
"s3:ListAllMyBuckets", | |
"s3:ListBucket" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJSXYOBSLJN3JEDO42", | |
"PolicyName": "AWSElementalMediaConvertReadOnly", | |
"UpdateDate": "2019-06-10T22:52:18+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSElementalMediaPackageFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSElementalMediaPackageFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-12-29T23:39:52+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": { | |
"Action": "mediapackage:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIYI6IYR3JRFAVNQHC", | |
"PolicyName": "AWSElementalMediaPackageFullAccess", | |
"UpdateDate": "2017-12-29T23:39:52+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSElementalMediaPackageReadOnly": { | |
"Arn": "arn:aws:iam::aws:policy/AWSElementalMediaPackageReadOnly", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-12-30T00:04:29+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": { | |
"Action": [ | |
"mediapackage:List*", | |
"mediapackage:Describe*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ42DVTPUHKXNYZQCO", | |
"PolicyName": "AWSElementalMediaPackageReadOnly", | |
"UpdateDate": "2017-12-30T00:04:29+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSElementalMediaStoreFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSElementalMediaStoreFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-03-05T23:15:31+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"mediastore:*" | |
], | |
"Condition": { | |
"Bool": { | |
"aws:SecureTransport": "true" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJZFYFW2QXSNK7OH6Y", | |
"PolicyName": "AWSElementalMediaStoreFullAccess", | |
"UpdateDate": "2018-03-05T23:15:31+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSElementalMediaStoreReadOnly": { | |
"Arn": "arn:aws:iam::aws:policy/AWSElementalMediaStoreReadOnly", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-03-08T19:48:22+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"mediastore:Get*", | |
"mediastore:List*", | |
"mediastore:Describe*" | |
], | |
"Condition": { | |
"Bool": { | |
"aws:SecureTransport": "true" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI4EFXRATQYOFTAEFM", | |
"PolicyName": "AWSElementalMediaStoreReadOnly", | |
"UpdateDate": "2018-03-08T19:48:22+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSEnhancedClassicNetworkingMangementPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEnhancedClassicNetworkingMangementPolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-09-20T17:29:09+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:DescribeInstances", | |
"ec2:DescribeSecurityGroups" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI7T4V2HZTS72QVO52", | |
"PolicyName": "AWSEnhancedClassicNetworkingMangementPolicy", | |
"UpdateDate": "2017-09-20T17:29:09+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSFMAdminFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSFMAdminFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-05-09T18:06:18+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"fms:*", | |
"waf:*", | |
"waf-regional:*", | |
"elasticloadbalancing:SetWebACL", | |
"organizations:DescribeOrganization" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJLAGM5X6WSNPF4EAQ", | |
"PolicyName": "AWSFMAdminFullAccess", | |
"UpdateDate": "2018-05-09T18:06:18+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSFMAdminReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSFMAdminReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-05-09T20:07:39+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"fms:Get*", | |
"fms:List*", | |
"waf:Get*", | |
"waf:List*", | |
"waf-regional:Get*", | |
"waf-regional:List*", | |
"organizations:DescribeOrganization" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJA3UKVVBN62QFIKLW", | |
"PolicyName": "AWSFMAdminReadOnlyAccess", | |
"UpdateDate": "2018-05-09T20:07:39+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSFMMemberReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSFMMemberReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-05-09T21:05:29+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"fms:GetAdminAccount", | |
"waf:Get*", | |
"waf:List*", | |
"waf-regional:Get*", | |
"waf-regional:List*", | |
"organizations:DescribeOrganization" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIB2IVAQ4XXNHHA3DW", | |
"PolicyName": "AWSFMMemberReadOnlyAccess", | |
"UpdateDate": "2018-05-09T21:05:29+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSForWordPressPluginPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/AWSForWordPressPluginPolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-30T00:27:46+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"s3:HeadBucket", | |
"polly:SynthesizeSpeech", | |
"polly:DescribeVoices", | |
"translate:TranslateText" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "Permissions1" | |
}, | |
{ | |
"Action": [ | |
"s3:ListBucket", | |
"s3:GetBucketAcl", | |
"s3:GetBucketPolicy", | |
"s3:PutObject", | |
"s3:DeleteObject", | |
"s3:CreateBucket", | |
"s3:PutObjectAcl" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::audio_for_wordpress*", | |
"arn:aws:s3:::audio-for-wordpress*" | |
], | |
"Sid": "Permissions2" | |
}, | |
{ | |
"Action": [ | |
"acm:AddTagsToCertificate", | |
"acm:DescribeCertificate", | |
"acm:RequestCertificate", | |
"cloudformation:CreateStack", | |
"cloudfront:ListDistributions" | |
], | |
"Condition": { | |
"StringEquals": { | |
"aws:RequestedRegion": "us-east-1" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "Permissions3" | |
}, | |
{ | |
"Action": [ | |
"cloudformation:DeleteStack", | |
"cloudformation:DescribeStackEvents", | |
"cloudformation:DescribeStackResources", | |
"cloudformation:UpdateStack", | |
"cloudfront:CreateDistribution", | |
"cloudfront:CreateInvalidation", | |
"cloudfront:DeleteDistribution", | |
"cloudfront:GetDistribution", | |
"cloudfront:GetInvalidation", | |
"cloudfront:TagResource", | |
"cloudfront:UpdateDistribution" | |
], | |
"Condition": { | |
"StringEquals": { | |
"aws:ResourceTag/createdBy": "AWSForWordPressPlugin" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "Permissions4" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4KEKYXDWNJ", | |
"PolicyName": "AWSForWordPressPluginPolicy", | |
"UpdateDate": "2019-10-30T00:27:46+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSGlobalAcceleratorSLRPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSGlobalAcceleratorSLRPolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-14T21:05:22+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:CreateNetworkInterface", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DescribeInstances", | |
"ec2:DescribeInternetGateways", | |
"ec2:DescribeSubnets", | |
"ec2:ModifyNetworkInterfaceAttribute", | |
"ec2:DeleteNetworkInterface" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "ec2:DeleteSecurityGroup", | |
"Condition": { | |
"StringEquals": { | |
"ec2:ResourceTag/AWSServiceName": "GlobalAccelerator" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"ec2:CreateSecurityGroup", | |
"ec2:DescribeSecurityGroups" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "elasticloadbalancing:DescribeLoadBalancers", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "ec2:CreateTags", | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:ec2:*:*:security-group/*", | |
"arn:aws:ec2:*:*:network-interface/*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4EJ5ZEQR2C", | |
"PolicyName": "AWSGlobalAcceleratorSLRPolicy", | |
"UpdateDate": "2019-10-14T21:05:22+00:00", | |
"VersionId": "v4" | |
}, | |
"AWSGlueConsoleFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSGlueConsoleFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-02-11T19:49:01+00:00", | |
"DefaultVersionId": "v12", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"glue:*", | |
"redshift:DescribeClusters", | |
"redshift:DescribeClusterSubnetGroups", | |
"iam:ListRoles", | |
"iam:ListUsers", | |
"iam:ListGroups", | |
"iam:ListRolePolicies", | |
"iam:GetRole", | |
"iam:GetRolePolicy", | |
"iam:ListAttachedRolePolicies", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeVpcEndpoints", | |
"ec2:DescribeRouteTables", | |
"ec2:DescribeVpcAttribute", | |
"ec2:DescribeKeyPairs", | |
"ec2:DescribeInstances", | |
"ec2:DescribeImages", | |
"rds:DescribeDBInstances", | |
"rds:DescribeDBClusters", | |
"rds:DescribeDBSubnetGroups", | |
"s3:ListAllMyBuckets", | |
"s3:ListBucket", | |
"s3:GetBucketAcl", | |
"s3:GetBucketLocation", | |
"cloudformation:DescribeStacks", | |
"cloudformation:GetTemplateSummary", | |
"dynamodb:ListTables", | |
"kms:ListAliases", | |
"kms:DescribeKey", | |
"cloudwatch:GetMetricData", | |
"cloudwatch:ListDashboards" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject", | |
"s3:PutObject" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::aws-glue-*/*", | |
"arn:aws:s3:::*/*aws-glue-*/*", | |
"arn:aws:s3:::aws-glue-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"tag:GetResources" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"s3:CreateBucket" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::aws-glue-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"logs:GetLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:logs:*:*:/aws-glue/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"cloudformation:CreateStack", | |
"cloudformation:DeleteStack" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:cloudformation:*:*:stack/aws-glue*/*" | |
}, | |
{ | |
"Action": [ | |
"ec2:RunInstances" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:ec2:*:*:instance/*", | |
"arn:aws:ec2:*:*:key-pair/*", | |
"arn:aws:ec2:*:*:image/*", | |
"arn:aws:ec2:*:*:security-group/*", | |
"arn:aws:ec2:*:*:network-interface/*", | |
"arn:aws:ec2:*:*:subnet/*", | |
"arn:aws:ec2:*:*:volume/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ec2:TerminateInstances", | |
"ec2:CreateTags", | |
"ec2:DeleteTags" | |
], | |
"Condition": { | |
"StringEquals": { | |
"ec2:ResourceTag/aws:cloudformation:logical-id": "ZeppelinInstance" | |
}, | |
"StringLike": { | |
"ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/aws-glue-*/*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:ec2:*:*:instance/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": [ | |
"glue.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/AWSGlueServiceRole*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": [ | |
"ec2.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/AWSGlueServiceNotebookRole*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": [ | |
"glue.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/service-role/AWSGlueServiceRole*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJNZGDEOD7MISOVSVI", | |
"PolicyName": "AWSGlueConsoleFullAccess", | |
"UpdateDate": "2019-02-11T19:49:01+00:00", | |
"VersionId": "v12" | |
}, | |
"AWSGlueConsoleSageMakerNotebookFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSGlueConsoleSageMakerNotebookFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-09-26T17:14:11+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"glue:*", | |
"redshift:DescribeClusters", | |
"redshift:DescribeClusterSubnetGroups", | |
"iam:ListRoles", | |
"iam:ListRolePolicies", | |
"iam:GetRole", | |
"iam:GetRolePolicy", | |
"iam:ListAttachedRolePolicies", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeVpcEndpoints", | |
"ec2:DescribeRouteTables", | |
"ec2:DescribeVpcAttribute", | |
"ec2:DescribeKeyPairs", | |
"ec2:DescribeInstances", | |
"ec2:DescribeImages", | |
"ec2:CreateNetworkInterface", | |
"ec2:AttachNetworkInterface", | |
"ec2:ModifyNetworkInterfaceAttribute", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DescribeAvailabilityZones", | |
"ec2:DescribeInternetGateways", | |
"ec2:DescribeNetworkInterfaces", | |
"rds:DescribeDBInstances", | |
"s3:ListAllMyBuckets", | |
"s3:ListBucket", | |
"s3:GetBucketAcl", | |
"s3:GetBucketLocation", | |
"cloudformation:DescribeStacks", | |
"cloudformation:GetTemplateSummary", | |
"dynamodb:ListTables", | |
"kms:ListAliases", | |
"kms:DescribeKey", | |
"sagemaker:ListNotebookInstances", | |
"cloudformation:ListStacks", | |
"cloudwatch:GetMetricData", | |
"cloudwatch:ListDashboards" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject", | |
"s3:PutObject" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::aws-glue-*/*", | |
"arn:aws:s3:::*/*aws-glue-*/*", | |
"arn:aws:s3:::aws-glue-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"s3:CreateBucket" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::aws-glue-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"logs:GetLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:logs:*:*:/aws-glue/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"cloudformation:CreateStack", | |
"cloudformation:DeleteStack" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:cloudformation:*:*:stack/aws-glue*/*" | |
}, | |
{ | |
"Action": [ | |
"sagemaker:CreatePresignedNotebookInstanceUrl", | |
"sagemaker:CreateNotebookInstance", | |
"sagemaker:DeleteNotebookInstance", | |
"sagemaker:DescribeNotebookInstance", | |
"sagemaker:StartNotebookInstance", | |
"sagemaker:StopNotebookInstance", | |
"sagemaker:UpdateNotebookInstance", | |
"sagemaker:ListTags" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:sagemaker:*:*:notebook-instance/aws-glue-*" | |
}, | |
{ | |
"Action": [ | |
"sagemaker:DescribeNotebookInstanceLifecycleConfig", | |
"sagemaker:CreateNotebookInstanceLifecycleConfig", | |
"sagemaker:DeleteNotebookInstanceLifecycleConfig", | |
"sagemaker:ListNotebookInstanceLifecycleConfigs" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:sagemaker:*:*:notebook-instance-lifecycle-config/aws-glue-*" | |
}, | |
{ | |
"Action": [ | |
"ec2:RunInstances" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:ec2:*:*:instance/*", | |
"arn:aws:ec2:*:*:key-pair/*", | |
"arn:aws:ec2:*:*:image/*", | |
"arn:aws:ec2:*:*:security-group/*", | |
"arn:aws:ec2:*:*:network-interface/*", | |
"arn:aws:ec2:*:*:subnet/*", | |
"arn:aws:ec2:*:*:volume/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ec2:TerminateInstances", | |
"ec2:CreateTags", | |
"ec2:DeleteTags" | |
], | |
"Condition": { | |
"StringEquals": { | |
"ec2:ResourceTag/aws:cloudformation:logical-id": "ZeppelinInstance" | |
}, | |
"StringLike": { | |
"ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/aws-glue-*/*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:ec2:*:*:instance/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"tag:GetResources" | |
], | |
"Condition": { | |
"StringEquals": { | |
"aws:TagKeys": "aws-glue-*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": [ | |
"glue.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/AWSGlueServiceRole*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": [ | |
"ec2.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/AWSGlueServiceNotebookRole*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": [ | |
"sagemaker.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/AWSGlueServiceSageMakerNotebookRole*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": [ | |
"glue.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/service-role/AWSGlueServiceRole*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJELFOHJC42QS3ZSYY", | |
"PolicyName": "AWSGlueConsoleSageMakerNotebookFullAccess", | |
"UpdateDate": "2019-09-26T17:14:11+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSGlueServiceNotebookRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSGlueServiceNotebookRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-07T18:05:54+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"glue:CreateDatabase", | |
"glue:CreatePartition", | |
"glue:CreateTable", | |
"glue:DeleteDatabase", | |
"glue:DeletePartition", | |
"glue:DeleteTable", | |
"glue:GetDatabase", | |
"glue:GetDatabases", | |
"glue:GetPartition", | |
"glue:GetPartitions", | |
"glue:GetTable", | |
"glue:GetTableVersions", | |
"glue:GetTables", | |
"glue:UpdateDatabase", | |
"glue:UpdatePartition", | |
"glue:UpdateTable", | |
"glue:CreateConnection", | |
"glue:CreateJob", | |
"glue:DeleteConnection", | |
"glue:DeleteJob", | |
"glue:GetConnection", | |
"glue:GetConnections", | |
"glue:GetDevEndpoint", | |
"glue:GetDevEndpoints", | |
"glue:GetJob", | |
"glue:GetJobs", | |
"glue:UpdateJob", | |
"glue:BatchDeleteConnection", | |
"glue:UpdateConnection", | |
"glue:GetUserDefinedFunction", | |
"glue:UpdateUserDefinedFunction", | |
"glue:GetUserDefinedFunctions", | |
"glue:DeleteUserDefinedFunction", | |
"glue:CreateUserDefinedFunction", | |
"glue:BatchGetPartition", | |
"glue:BatchDeletePartition", | |
"glue:BatchCreatePartition", | |
"glue:BatchDeleteTable", | |
"glue:UpdateDevEndpoint", | |
"s3:GetBucketLocation", | |
"s3:ListBucket", | |
"s3:ListAllMyBuckets", | |
"s3:GetBucketAcl" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::crawler-public*", | |
"arn:aws:s3:::aws-glue*" | |
] | |
}, | |
{ | |
"Action": [ | |
"s3:PutObject", | |
"s3:DeleteObject" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::aws-glue*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ec2:CreateTags", | |
"ec2:DeleteTags" | |
], | |
"Condition": { | |
"ForAllValues:StringEquals": { | |
"aws:TagKeys": [ | |
"aws-glue-service-resource" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:ec2:*:*:network-interface/*", | |
"arn:aws:ec2:*:*:security-group/*", | |
"arn:aws:ec2:*:*:instance/*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIMRC6VZUHJYCTKWFI", | |
"PolicyName": "AWSGlueServiceNotebookRole", | |
"UpdateDate": "2019-10-07T18:05:54+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSGlueServiceRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-06-25T18:23:09+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"glue:*", | |
"s3:GetBucketLocation", | |
"s3:ListBucket", | |
"s3:ListAllMyBuckets", | |
"s3:GetBucketAcl", | |
"ec2:DescribeVpcEndpoints", | |
"ec2:DescribeRouteTables", | |
"ec2:CreateNetworkInterface", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcAttribute", | |
"iam:ListRolePolicies", | |
"iam:GetRole", | |
"iam:GetRolePolicy", | |
"cloudwatch:PutMetricData" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"s3:CreateBucket" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::aws-glue-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject", | |
"s3:PutObject", | |
"s3:DeleteObject" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::aws-glue-*/*", | |
"arn:aws:s3:::*/*aws-glue-*/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::crawler-public*", | |
"arn:aws:s3:::aws-glue-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"logs:CreateLogGroup", | |
"logs:CreateLogStream", | |
"logs:PutLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:logs:*:*:/aws-glue/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ec2:CreateTags", | |
"ec2:DeleteTags" | |
], | |
"Condition": { | |
"ForAllValues:StringEquals": { | |
"aws:TagKeys": [ | |
"aws-glue-service-resource" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:ec2:*:*:network-interface/*", | |
"arn:aws:ec2:*:*:security-group/*", | |
"arn:aws:ec2:*:*:instance/*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIRUJCPEBPMEZFAS32", | |
"PolicyName": "AWSGlueServiceRole", | |
"UpdateDate": "2018-06-25T18:23:09+00:00", | |
"VersionId": "v4" | |
}, | |
"AWSGreengrassFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSGreengrassFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-05-03T00:47:37+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"greengrass:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJWPV6OBK4QONH4J3O", | |
"PolicyName": "AWSGreengrassFullAccess", | |
"UpdateDate": "2017-05-03T00:47:37+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSGreengrassReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSGreengrassReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-10-30T16:01:43+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"greengrass:List*", | |
"greengrass:Get*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJLSKLXFVTQTZ5GY3I", | |
"PolicyName": "AWSGreengrassReadOnlyAccess", | |
"UpdateDate": "2018-10-30T16:01:43+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSGreengrassResourceAccessRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSGreengrassResourceAccessRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-11-14T00:35:02+00:00", | |
"DefaultVersionId": "v5", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iot:DeleteThingShadow", | |
"iot:GetThingShadow", | |
"iot:UpdateThingShadow" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iot:*:*:thing/GG_*", | |
"arn:aws:iot:*:*:thing/*-gcm", | |
"arn:aws:iot:*:*:thing/*-gda", | |
"arn:aws:iot:*:*:thing/*-gci" | |
], | |
"Sid": "AllowGreengrassAccessToShadows" | |
}, | |
{ | |
"Action": [ | |
"iot:DescribeThing" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iot:*:*:thing/*", | |
"Sid": "AllowGreengrassToDescribeThings" | |
}, | |
{ | |
"Action": [ | |
"iot:DescribeCertificate" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iot:*:*:cert/*", | |
"Sid": "AllowGreengrassToDescribeCertificates" | |
}, | |
{ | |
"Action": [ | |
"greengrass:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "AllowGreengrassToCallGreengrassServices" | |
}, | |
{ | |
"Action": [ | |
"lambda:GetFunction", | |
"lambda:GetFunctionConfiguration" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "AllowGreengrassToGetLambdaFunctions" | |
}, | |
{ | |
"Action": [ | |
"secretsmanager:GetSecretValue" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:secretsmanager:*:*:secret:greengrass-*", | |
"Sid": "AllowGreengrassToGetGreengrassSecrets" | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::*Greengrass*", | |
"arn:aws:s3:::*GreenGrass*", | |
"arn:aws:s3:::*greengrass*", | |
"arn:aws:s3:::*Sagemaker*", | |
"arn:aws:s3:::*SageMaker*", | |
"arn:aws:s3:::*sagemaker*" | |
], | |
"Sid": "AllowGreengrassAccessToS3Objects" | |
}, | |
{ | |
"Action": [ | |
"s3:GetBucketLocation" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "AllowGreengrassAccessToS3BucketLocation" | |
}, | |
{ | |
"Action": [ | |
"sagemaker:DescribeTrainingJob" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:sagemaker:*:*:training-job/*" | |
], | |
"Sid": "AllowGreengrassAccessToSageMakerTrainingJobs" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJPKEIMB6YMXDEVRTM", | |
"PolicyName": "AWSGreengrassResourceAccessRolePolicy", | |
"UpdateDate": "2018-11-14T00:35:02+00:00", | |
"VersionId": "v5" | |
}, | |
"AWSHealthFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSHealthFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-12-06T12:30:31+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"health:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI3CUMPCPEUPCSXC4Y", | |
"PolicyName": "AWSHealthFullAccess", | |
"UpdateDate": "2016-12-06T12:30:31+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSIQContractServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSIQContractServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-08-22T19:28:39+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"aws-marketplace:Subscribe" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4E26ATDUIP", | |
"PolicyName": "AWSIQContractServiceRolePolicy", | |
"UpdateDate": "2019-08-22T19:28:39+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSIQFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSIQFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-09-25T20:22:34+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iq:*", | |
"iq-permission:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringEquals": { | |
"iam:AWSServiceName": [ | |
"permission.iq.amazonaws.com", | |
"contract.iq.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4P4TAHETXT", | |
"PolicyName": "AWSIQFullAccess", | |
"UpdateDate": "2019-09-25T20:22:34+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSIQPermissionServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSIQPermissionServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-08-22T19:36:29+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iam:DeleteRole", | |
"iam:ListAttachedRolePolicies" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/AWSIQPermission-*" | |
}, | |
{ | |
"Action": [ | |
"iam:AttachRolePolicy" | |
], | |
"Condition": { | |
"ArnEquals": { | |
"iam:PolicyARN": "arn:aws:iam::aws:policy/AWSDenyAll" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/AWSIQPermission-*" | |
}, | |
{ | |
"Action": [ | |
"iam:DetachRolePolicy" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/AWSIQPermission-*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4J77DMGFZ5", | |
"PolicyName": "AWSIQPermissionServiceRolePolicy", | |
"UpdateDate": "2019-08-22T19:36:29+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSImportExportFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSImportExportFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-02-06T18:40:43+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"importexport:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJCQCT4JGTLC6722MQ", | |
"PolicyName": "AWSImportExportFullAccess", | |
"UpdateDate": "2015-02-06T18:40:43+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSImportExportReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSImportExportReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-02-06T18:40:42+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"importexport:ListJobs", | |
"importexport:GetStatus" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJNTV4OG52ESYZHCNK", | |
"PolicyName": "AWSImportExportReadOnlyAccess", | |
"UpdateDate": "2015-02-06T18:40:42+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSIoT1ClickFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSIoT1ClickFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-05-11T22:10:14+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iot1click:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJPQNJPDUDESCCAMIA", | |
"PolicyName": "AWSIoT1ClickFullAccess", | |
"UpdateDate": "2018-05-11T22:10:14+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSIoT1ClickReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSIoT1ClickReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-05-11T21:49:24+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iot1click:Describe*", | |
"iot1click:Get*", | |
"iot1click:List*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI35VTLD3EBNY2JGXS", | |
"PolicyName": "AWSIoT1ClickReadOnlyAccess", | |
"UpdateDate": "2018-05-11T21:49:24+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSIoTAnalyticsFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSIoTAnalyticsFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-06-18T23:02:45+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iotanalytics:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ7FB5ZEKQN445QGKY", | |
"PolicyName": "AWSIoTAnalyticsFullAccess", | |
"UpdateDate": "2018-06-18T23:02:45+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSIoTAnalyticsReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSIoTAnalyticsReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-06-18T21:37:49+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iotanalytics:Describe*", | |
"iotanalytics:List*", | |
"iotanalytics:Get*", | |
"iotanalytics:SampleChannelData" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ3Z4LYBELMXGFLGMI", | |
"PolicyName": "AWSIoTAnalyticsReadOnlyAccess", | |
"UpdateDate": "2018-06-18T21:37:49+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSIoTConfigAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSIoTConfigAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-09-27T20:48:00+00:00", | |
"DefaultVersionId": "v9", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iot:AcceptCertificateTransfer", | |
"iot:AddThingToThingGroup", | |
"iot:AssociateTargetsWithJob", | |
"iot:AttachPolicy", | |
"iot:AttachPrincipalPolicy", | |
"iot:AttachThingPrincipal", | |
"iot:CancelCertificateTransfer", | |
"iot:CancelJob", | |
"iot:CancelJobExecution", | |
"iot:ClearDefaultAuthorizer", | |
"iot:CreateAuthorizer", | |
"iot:CreateCertificateFromCsr", | |
"iot:CreateJob", | |
"iot:CreateKeysAndCertificate", | |
"iot:CreateOTAUpdate", | |
"iot:CreatePolicy", | |
"iot:CreatePolicyVersion", | |
"iot:CreateRoleAlias", | |
"iot:CreateStream", | |
"iot:CreateThing", | |
"iot:CreateThingGroup", | |
"iot:CreateThingType", | |
"iot:CreateTopicRule", | |
"iot:DeleteAuthorizer", | |
"iot:DeleteCACertificate", | |
"iot:DeleteCertificate", | |
"iot:DeleteJob", | |
"iot:DeleteJobExecution", | |
"iot:DeleteOTAUpdate", | |
"iot:DeletePolicy", | |
"iot:DeletePolicyVersion", | |
"iot:DeleteRegistrationCode", | |
"iot:DeleteRoleAlias", | |
"iot:DeleteStream", | |
"iot:DeleteThing", | |
"iot:DeleteThingGroup", | |
"iot:DeleteThingType", | |
"iot:DeleteTopicRule", | |
"iot:DeleteV2LoggingLevel", | |
"iot:DeprecateThingType", | |
"iot:DescribeAuthorizer", | |
"iot:DescribeCACertificate", | |
"iot:DescribeCertificate", | |
"iot:DescribeDefaultAuthorizer", | |
"iot:DescribeEndpoint", | |
"iot:DescribeEventConfigurations", | |
"iot:DescribeIndex", | |
"iot:DescribeJob", | |
"iot:DescribeJobExecution", | |
"iot:DescribeRoleAlias", | |
"iot:DescribeStream", | |
"iot:DescribeThing", | |
"iot:DescribeThingGroup", | |
"iot:DescribeThingRegistrationTask", | |
"iot:DescribeThingType", | |
"iot:DetachPolicy", | |
"iot:DetachPrincipalPolicy", | |
"iot:DetachThingPrincipal", | |
"iot:DisableTopicRule", | |
"iot:EnableTopicRule", | |
"iot:GetEffectivePolicies", | |
"iot:GetIndexingConfiguration", | |
"iot:GetJobDocument", | |
"iot:GetLoggingOptions", | |
"iot:GetOTAUpdate", | |
"iot:GetPolicy", | |
"iot:GetPolicyVersion", | |
"iot:GetRegistrationCode", | |
"iot:GetTopicRule", | |
"iot:GetV2LoggingOptions", | |
"iot:ListAttachedPolicies", | |
"iot:ListAuthorizers", | |
"iot:ListCACertificates", | |
"iot:ListCertificates", | |
"iot:ListCertificatesByCA", | |
"iot:ListIndices", | |
"iot:ListJobExecutionsForJob", | |
"iot:ListJobExecutionsForThing", | |
"iot:ListJobs", | |
"iot:ListOTAUpdates", | |
"iot:ListOutgoingCertificates", | |
"iot:ListPolicies", | |
"iot:ListPolicyPrincipals", | |
"iot:ListPolicyVersions", | |
"iot:ListPrincipalPolicies", | |
"iot:ListPrincipalThings", | |
"iot:ListRoleAliases", | |
"iot:ListStreams", | |
"iot:ListTargetsForPolicy", | |
"iot:ListThingGroups", | |
"iot:ListThingGroupsForThing", | |
"iot:ListThingPrincipals", | |
"iot:ListThingRegistrationTaskReports", | |
"iot:ListThingRegistrationTasks", | |
"iot:ListThings", | |
"iot:ListThingsInThingGroup", | |
"iot:ListThingTypes", | |
"iot:ListTopicRules", | |
"iot:ListV2LoggingLevels", | |
"iot:RegisterCACertificate", | |
"iot:RegisterCertificate", | |
"iot:RegisterThing", | |
"iot:RejectCertificateTransfer", | |
"iot:RemoveThingFromThingGroup", | |
"iot:ReplaceTopicRule", | |
"iot:SearchIndex", | |
"iot:SetDefaultAuthorizer", | |
"iot:SetDefaultPolicyVersion", | |
"iot:SetLoggingOptions", | |
"iot:SetV2LoggingLevel", | |
"iot:SetV2LoggingOptions", | |
"iot:StartThingRegistrationTask", | |
"iot:StopThingRegistrationTask", | |
"iot:TestAuthorization", | |
"iot:TestInvokeAuthorizer", | |
"iot:TransferCertificate", | |
"iot:UpdateAuthorizer", | |
"iot:UpdateCACertificate", | |
"iot:UpdateCertificate", | |
"iot:UpdateEventConfigurations", | |
"iot:UpdateIndexingConfiguration", | |
"iot:UpdateRoleAlias", | |
"iot:UpdateStream", | |
"iot:UpdateThing", | |
"iot:UpdateThingGroup", | |
"iot:UpdateThingGroupsForThing", | |
"iot:UpdateAccountAuditConfiguration", | |
"iot:DescribeAccountAuditConfiguration", | |
"iot:DeleteAccountAuditConfiguration", | |
"iot:StartOnDemandAuditTask", | |
"iot:CancelAuditTask", | |
"iot:DescribeAuditTask", | |
"iot:ListAuditTasks", | |
"iot:CreateScheduledAudit", | |
"iot:UpdateScheduledAudit", | |
"iot:DeleteScheduledAudit", | |
"iot:DescribeScheduledAudit", | |
"iot:ListScheduledAudits", | |
"iot:ListAuditFindings", | |
"iot:CreateSecurityProfile", | |
"iot:DescribeSecurityProfile", | |
"iot:UpdateSecurityProfile", | |
"iot:DeleteSecurityProfile", | |
"iot:AttachSecurityProfile", | |
"iot:DetachSecurityProfile", | |
"iot:ListSecurityProfiles", | |
"iot:ListSecurityProfilesForTarget", | |
"iot:ListTargetsForSecurityProfile", | |
"iot:ListActiveViolations", | |
"iot:ListViolationEvents", | |
"iot:ValidateSecurityProfileBehaviors" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIWWGD4LM4EMXNRL7I", | |
"PolicyName": "AWSIoTConfigAccess", | |
"UpdateDate": "2019-09-27T20:48:00+00:00", | |
"VersionId": "v9" | |
}, | |
"AWSIoTConfigReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSIoTConfigReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-09-27T20:52:40+00:00", | |
"DefaultVersionId": "v8", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iot:DescribeAuthorizer", | |
"iot:DescribeCACertificate", | |
"iot:DescribeCertificate", | |
"iot:DescribeDefaultAuthorizer", | |
"iot:DescribeEndpoint", | |
"iot:DescribeEventConfigurations", | |
"iot:DescribeIndex", | |
"iot:DescribeJob", | |
"iot:DescribeJobExecution", | |
"iot:DescribeRoleAlias", | |
"iot:DescribeStream", | |
"iot:DescribeThing", | |
"iot:DescribeThingGroup", | |
"iot:DescribeThingRegistrationTask", | |
"iot:DescribeThingType", | |
"iot:GetEffectivePolicies", | |
"iot:GetIndexingConfiguration", | |
"iot:GetJobDocument", | |
"iot:GetLoggingOptions", | |
"iot:GetOTAUpdate", | |
"iot:GetPolicy", | |
"iot:GetPolicyVersion", | |
"iot:GetRegistrationCode", | |
"iot:GetTopicRule", | |
"iot:GetV2LoggingOptions", | |
"iot:ListAttachedPolicies", | |
"iot:ListAuthorizers", | |
"iot:ListCACertificates", | |
"iot:ListCertificates", | |
"iot:ListCertificatesByCA", | |
"iot:ListIndices", | |
"iot:ListJobExecutionsForJob", | |
"iot:ListJobExecutionsForThing", | |
"iot:ListJobs", | |
"iot:ListOTAUpdates", | |
"iot:ListOutgoingCertificates", | |
"iot:ListPolicies", | |
"iot:ListPolicyPrincipals", | |
"iot:ListPolicyVersions", | |
"iot:ListPrincipalPolicies", | |
"iot:ListPrincipalThings", | |
"iot:ListRoleAliases", | |
"iot:ListStreams", | |
"iot:ListTargetsForPolicy", | |
"iot:ListThingGroups", | |
"iot:ListThingGroupsForThing", | |
"iot:ListThingPrincipals", | |
"iot:ListThingRegistrationTaskReports", | |
"iot:ListThingRegistrationTasks", | |
"iot:ListThings", | |
"iot:ListThingsInThingGroup", | |
"iot:ListThingTypes", | |
"iot:ListTopicRules", | |
"iot:ListV2LoggingLevels", | |
"iot:SearchIndex", | |
"iot:TestAuthorization", | |
"iot:TestInvokeAuthorizer", | |
"iot:DescribeAccountAuditConfiguration", | |
"iot:DescribeAuditTask", | |
"iot:ListAuditTasks", | |
"iot:DescribeScheduledAudit", | |
"iot:ListScheduledAudits", | |
"iot:ListAuditFindings", | |
"iot:DescribeSecurityProfile", | |
"iot:ListSecurityProfiles", | |
"iot:ListSecurityProfilesForTarget", | |
"iot:ListTargetsForSecurityProfile", | |
"iot:ListActiveViolations", | |
"iot:ListViolationEvents", | |
"iot:ValidateSecurityProfileBehaviors" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJHENEMXGX4XMFOIOI", | |
"PolicyName": "AWSIoTConfigReadOnlyAccess", | |
"UpdateDate": "2019-09-27T20:52:40+00:00", | |
"VersionId": "v8" | |
}, | |
"AWSIoTDataAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSIoTDataAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-11-16T18:24:11+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iot:Connect", | |
"iot:Publish", | |
"iot:Subscribe", | |
"iot:Receive", | |
"iot:GetThingShadow", | |
"iot:UpdateThingShadow", | |
"iot:DeleteThingShadow" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJM2KI2UJDR24XPS2K", | |
"PolicyName": "AWSIoTDataAccess", | |
"UpdateDate": "2017-11-16T18:24:11+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-08-07T17:55:37+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iot:ListPrincipalThings", | |
"iot:AddThingToThingGroup" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4HEHG3RV6B", | |
"PolicyName": "AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction", | |
"UpdateDate": "2019-08-07T17:55:37+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSIoTDeviceDefenderAudit": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderAudit", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-07-18T21:17:40+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iot:GetLoggingOptions", | |
"iot:GetV2LoggingOptions", | |
"iot:ListCACertificates", | |
"iot:ListCertificates", | |
"iot:DescribeCACertificate", | |
"iot:DescribeCertificate", | |
"iot:ListPolicies", | |
"iot:GetPolicy", | |
"iot:GetEffectivePolicies", | |
"cognito-identity:GetIdentityPoolRoles", | |
"iam:ListRolePolicies", | |
"iam:ListAttachedRolePolicies", | |
"iam:GetPolicy", | |
"iam:GetPolicyVersion", | |
"iam:GetRolePolicy" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJKUN6OAGIHZ66TRKO", | |
"PolicyName": "AWSIoTDeviceDefenderAudit", | |
"UpdateDate": "2018-07-18T21:17:40+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-08-07T17:04:07+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iot:SetV2LoggingOptions" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringEquals": { | |
"iam:PassedToService": [ | |
"iot.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4G34KP2NLZ", | |
"PolicyName": "AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction", | |
"UpdateDate": "2019-08-07T17:04:07+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-08-07T17:04:37+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"sns:Publish" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4GZL2FL6JV", | |
"PolicyName": "AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction", | |
"UpdateDate": "2019-08-07T17:04:37+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-08-07T17:04:57+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iot:CreatePolicyVersion" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4HN4VCIBCR", | |
"PolicyName": "AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction", | |
"UpdateDate": "2019-08-07T17:04:57+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSIoTDeviceDefenderUpdateCACertMitigationAction": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderUpdateCACertMitigationAction", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-08-07T17:05:49+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iot:UpdateCACertificate" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4KLBGET6KX", | |
"PolicyName": "AWSIoTDeviceDefenderUpdateCACertMitigationAction", | |
"UpdateDate": "2019-08-07T17:05:49+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-08-07T17:06:00+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iot:UpdateCertificate" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4KB4AHFGEB", | |
"PolicyName": "AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction", | |
"UpdateDate": "2019-08-07T17:06:00+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSIoTEventsFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSIoTEventsFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-01-10T22:51:57+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iotevents:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJGA726P7LVUWJZ2LM", | |
"PolicyName": "AWSIoTEventsFullAccess", | |
"UpdateDate": "2019-01-10T22:51:57+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSIoTEventsReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSIoTEventsReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-09-23T17:22:04+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iotevents:Describe*", | |
"iotevents:List*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJYJFNAR7CN5JW52PG", | |
"PolicyName": "AWSIoTEventsReadOnlyAccess", | |
"UpdateDate": "2019-09-23T17:22:04+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSIoTFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSIoTFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-10-08T15:19:49+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iot:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJU2FPGG6PQWN72V2G", | |
"PolicyName": "AWSIoTFullAccess", | |
"UpdateDate": "2015-10-08T15:19:49+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSIoTLogging": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTLogging", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-10-08T15:17:25+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"logs:CreateLogGroup", | |
"logs:CreateLogStream", | |
"logs:PutLogEvents", | |
"logs:PutMetricFilter", | |
"logs:PutRetentionPolicy", | |
"logs:GetLogEvents", | |
"logs:DeleteLogStream" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI6R6Z2FHHGS454W7W", | |
"PolicyName": "AWSIoTLogging", | |
"UpdateDate": "2015-10-08T15:17:25+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSIoTOTAUpdate": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTOTAUpdate", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-12-20T20:36:53+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": { | |
"Action": [ | |
"iot:CreateJob", | |
"signer:DescribeSigningJob" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJLJYWX53STBZFPUEY", | |
"PolicyName": "AWSIoTOTAUpdate", | |
"UpdateDate": "2017-12-20T20:36:53+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSIoTRuleActions": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTRuleActions", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-01-16T19:28:19+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": { | |
"Action": [ | |
"dynamodb:PutItem", | |
"kinesis:PutRecord", | |
"iot:Publish", | |
"s3:PutObject", | |
"sns:Publish", | |
"sqs:SendMessage*", | |
"cloudwatch:SetAlarmState", | |
"cloudwatch:PutMetricData", | |
"es:ESHttpPut", | |
"firehose:PutRecord" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJEZ6FS7BUZVUHMOKY", | |
"PolicyName": "AWSIoTRuleActions", | |
"UpdateDate": "2018-01-16T19:28:19+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSIoTSiteWiseConsoleFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSIoTSiteWiseConsoleFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-05-31T21:37:49+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "iotsitewise:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iotanalytics:List*", | |
"iotanalytics:Describe*", | |
"iotanalytics:Create*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iot:DescribeEndpoint", | |
"iot:GetThingShadow" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"greengrass:GetGroup", | |
"greengrass:GetGroupVersion", | |
"greengrass:GetCoreDefinitionVersion", | |
"greengrass:ListGroups" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"secretsmanager:ListSecrets", | |
"secretsmanager:CreateSecret" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"secretsmanager:UpdateSecret" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:secretsmanager:*:*:secret:greengrass-*" | |
}, | |
{ | |
"Action": [ | |
"tag:GetResources" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:CreateServiceLinkedRole" | |
], | |
"Condition": { | |
"StringEquals": { | |
"iam:AWSServiceName": "iotsitewise.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/iotsitewise.amazonaws.com/AWSServiceRoleForIoTSiteWise*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringEquals": { | |
"iam:PassedToService": "iotsitewise.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/iotsitewise.amazonaws.com/AWSServiceRoleForIoTSiteWise*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4K7KP5VA7F", | |
"PolicyName": "AWSIoTSiteWiseConsoleFullAccess", | |
"UpdateDate": "2019-05-31T21:37:49+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSIoTSiteWiseFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSIoTSiteWiseFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-12-04T20:53:39+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iotsitewise:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAILUK3XBM6TZ5Q3PX2", | |
"PolicyName": "AWSIoTSiteWiseFullAccess", | |
"UpdateDate": "2018-12-04T20:53:39+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSIoTSiteWiseMonitorServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSIoTSiteWiseMonitorServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-14T00:59:10+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iotsitewise:CreateProject", | |
"iotsitewise:DescribeProject", | |
"iotsitewise:UpdateProject", | |
"iotsitewise:DeleteProject", | |
"iotsitewise:ListProjects", | |
"iotsitewise:BatchAssociateProjectAssets", | |
"iotsitewise:BatchDisassociateProjectAssets", | |
"iotsitewise:ListProjectAssets", | |
"iotsitewise:CreateDashboard", | |
"iotsitewise:DescribeDashboard", | |
"iotsitewise:UpdateDashboard", | |
"iotsitewise:DeleteDashboard", | |
"iotsitewise:ListDashboards", | |
"iotsitewise:CreateAccessPolicy", | |
"iotsitewise:DescribeAccessPolicy", | |
"iotsitewise:UpdateAccessPolicy", | |
"iotsitewise:DeleteAccessPolicy", | |
"iotsitewise:ListAccessPolicies", | |
"iotsitewise:DescribeAsset", | |
"iotsitewise:ListAssets", | |
"iotsitewise:ListAssociatedAssets", | |
"iotsitewise:DescribeAssetProperty", | |
"iotsitewise:GetAssetPropertyValue", | |
"iotsitewise:GetAssetPropertyValueHistory", | |
"iotsitewise:GetAssetPropertyAggregates", | |
"sso-directory:DescribeUser", | |
"sso-directory:DescribeUsers" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4CR556M6Y5", | |
"PolicyName": "AWSIoTSiteWiseMonitorServiceRolePolicy", | |
"UpdateDate": "2019-11-14T00:59:10+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSIoTSiteWiseReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSIoTSiteWiseReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-12-04T20:55:11+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iotsitewise:Describe*", | |
"iotsitewise:List*", | |
"iotsitewise:Get*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJLHEAFKME2QL64WKK", | |
"PolicyName": "AWSIoTSiteWiseReadOnlyAccess", | |
"UpdateDate": "2018-12-04T20:55:11+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSIoTThingsRegistration": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-12-01T20:21:52+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iot:AddThingToThingGroup", | |
"iot:AttachPrincipalPolicy", | |
"iot:AttachThingPrincipal", | |
"iot:CreateCertificateFromCsr", | |
"iot:CreatePolicy", | |
"iot:CreateThing", | |
"iot:DescribeCertificate", | |
"iot:DescribeThing", | |
"iot:DescribeThingGroup", | |
"iot:DescribeThingType", | |
"iot:DetachThingPrincipal", | |
"iot:GetPolicy", | |
"iot:ListPolicyPrincipals", | |
"iot:ListPrincipalPolicies", | |
"iot:ListPrincipalThings", | |
"iot:ListThingGroupsForThing", | |
"iot:ListThingPrincipals", | |
"iot:RegisterCertificate", | |
"iot:RegisterThing", | |
"iot:RemoveThingFromThingGroup", | |
"iot:UpdateCertificate", | |
"iot:UpdateThing", | |
"iot:UpdateThingGroupsForThing" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI3YQXTC5XAEVTJNEU", | |
"PolicyName": "AWSIoTThingsRegistration", | |
"UpdateDate": "2017-12-01T20:21:52+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-11-14T20:10:53+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudhsm:Describe*", | |
"ec2:CreateNetworkInterface", | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:CreateSecurityGroup", | |
"ec2:DescribeSecurityGroups", | |
"ec2:RevokeSecurityGroupEgress", | |
"ec2:DeleteSecurityGroup" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIADMJEHVVYK5AUQOO", | |
"PolicyName": "AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy", | |
"UpdateDate": "2018-11-14T20:10:53+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSKeyManagementServicePowerUser": { | |
"Arn": "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-03-07T00:55:11+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"kms:CreateAlias", | |
"kms:CreateKey", | |
"kms:DeleteAlias", | |
"kms:Describe*", | |
"kms:GenerateRandom", | |
"kms:Get*", | |
"kms:List*", | |
"kms:TagResource", | |
"kms:UntagResource", | |
"iam:ListGroups", | |
"iam:ListRoles", | |
"iam:ListUsers" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJNPP7PPPPMJRV2SA4", | |
"PolicyName": "AWSKeyManagementServicePowerUser", | |
"UpdateDate": "2017-03-07T00:55:11+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSLakeFormationDataAdmin": { | |
"Arn": "arn:aws:iam::aws:policy/AWSLakeFormationDataAdmin", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-08-08T17:33:44+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"lakeformation:*", | |
"cloudtrail:DescribeTrails", | |
"cloudtrail:LookupEvents", | |
"glue:GetDatabase", | |
"glue:GetDatabases", | |
"glue:CreateDatabase", | |
"glue:UpdateDatabase", | |
"glue:DeleteDatabase", | |
"glue:GetConnections", | |
"glue:SearchTables", | |
"glue:GetTable", | |
"glue:CreateTable", | |
"glue:UpdateTable", | |
"glue:DeleteTable", | |
"glue:GetTableVersions", | |
"glue:GetPartitions", | |
"glue:GetTables", | |
"glue:GetWorkflow", | |
"glue:ListWorkflows", | |
"glue:BatchGetWorkflows", | |
"glue:DeleteWorkflow", | |
"glue:GetWorkflowRuns", | |
"glue:StartWorkflowRun", | |
"glue:GetWorkflow", | |
"s3:ListObjects", | |
"s3:ListBucket", | |
"s3:GetBucketLocation", | |
"s3:ListAllMyBuckets", | |
"s3:GetBucketAcl", | |
"iam:ListUsers", | |
"iam:ListRoles", | |
"iam:GetRole", | |
"iam:GetRolePolicy" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"lakeformation:PutDataLakeSettings" | |
], | |
"Effect": "Deny", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4OWCH3ENIA", | |
"PolicyName": "AWSLakeFormationDataAdmin", | |
"UpdateDate": "2019-08-08T17:33:44+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSLambdaBasicExecutionRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", | |
"AttachmentCount": 1, | |
"CreateDate": "2015-04-09T15:03:43+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"logs:CreateLogGroup", | |
"logs:CreateLogStream", | |
"logs:PutLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJNCQGXC42545SKXIK", | |
"PolicyName": "AWSLambdaBasicExecutionRole", | |
"UpdateDate": "2015-04-09T15:03:43+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSLambdaDynamoDBExecutionRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-04-09T15:09:29+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"dynamodb:DescribeStream", | |
"dynamodb:GetRecords", | |
"dynamodb:GetShardIterator", | |
"dynamodb:ListStreams", | |
"logs:CreateLogGroup", | |
"logs:CreateLogStream", | |
"logs:PutLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIP7WNAGMIPYNW4WQG", | |
"PolicyName": "AWSLambdaDynamoDBExecutionRole", | |
"UpdateDate": "2015-04-09T15:09:29+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSLambdaENIManagementAccess": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaENIManagementAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-12-06T00:37:27+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:CreateNetworkInterface", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DeleteNetworkInterface" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJXAW2Q3KPTURUT2QC", | |
"PolicyName": "AWSLambdaENIManagementAccess", | |
"UpdateDate": "2016-12-06T00:37:27+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSLambdaExecute": { | |
"Arn": "arn:aws:iam::aws:policy/AWSLambdaExecute", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-02-06T18:40:46+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"logs:*" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:logs:*:*:*" | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject", | |
"s3:PutObject" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:s3:::*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJE5FX7FQZSU5XAKGO", | |
"PolicyName": "AWSLambdaExecute", | |
"UpdateDate": "2015-02-06T18:40:46+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSLambdaFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSLambdaFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-11-27T23:22:38+00:00", | |
"DefaultVersionId": "v8", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudformation:DescribeChangeSet", | |
"cloudformation:DescribeStackResources", | |
"cloudformation:DescribeStacks", | |
"cloudformation:GetTemplate", | |
"cloudformation:ListStackResources", | |
"cloudwatch:*", | |
"cognito-identity:ListIdentityPools", | |
"cognito-sync:GetCognitoEvents", | |
"cognito-sync:SetCognitoEvents", | |
"dynamodb:*", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"events:*", | |
"iam:GetPolicy", | |
"iam:GetPolicyVersion", | |
"iam:GetRole", | |
"iam:GetRolePolicy", | |
"iam:ListAttachedRolePolicies", | |
"iam:ListRolePolicies", | |
"iam:ListRoles", | |
"iam:PassRole", | |
"iot:AttachPrincipalPolicy", | |
"iot:AttachThingPrincipal", | |
"iot:CreateKeysAndCertificate", | |
"iot:CreatePolicy", | |
"iot:CreateThing", | |
"iot:CreateTopicRule", | |
"iot:DescribeEndpoint", | |
"iot:GetTopicRule", | |
"iot:ListPolicies", | |
"iot:ListThings", | |
"iot:ListTopicRules", | |
"iot:ReplaceTopicRule", | |
"kinesis:DescribeStream", | |
"kinesis:ListStreams", | |
"kinesis:PutRecord", | |
"kms:ListAliases", | |
"lambda:*", | |
"logs:*", | |
"s3:*", | |
"sns:ListSubscriptions", | |
"sns:ListSubscriptionsByTopic", | |
"sns:ListTopics", | |
"sns:Publish", | |
"sns:Subscribe", | |
"sns:Unsubscribe", | |
"sqs:ListQueues", | |
"sqs:SendMessage", | |
"tag:GetResources", | |
"xray:PutTelemetryRecords", | |
"xray:PutTraceSegments" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI6E2CYYMI4XI7AA5K", | |
"PolicyName": "AWSLambdaFullAccess", | |
"UpdateDate": "2017-11-27T23:22:38+00:00", | |
"VersionId": "v8" | |
}, | |
"AWSLambdaInvocation-DynamoDB": { | |
"Arn": "arn:aws:iam::aws:policy/AWSLambdaInvocation-DynamoDB", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-02-06T18:40:47+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"lambda:InvokeFunction" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"dynamodb:DescribeStream", | |
"dynamodb:GetRecords", | |
"dynamodb:GetShardIterator", | |
"dynamodb:ListStreams" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJTHQ3EKCQALQDYG5G", | |
"PolicyName": "AWSLambdaInvocation-DynamoDB", | |
"UpdateDate": "2015-02-06T18:40:47+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSLambdaKinesisExecutionRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-11-19T20:09:24+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"kinesis:DescribeStream", | |
"kinesis:DescribeStreamSummary", | |
"kinesis:GetRecords", | |
"kinesis:GetShardIterator", | |
"kinesis:ListShards", | |
"kinesis:ListStreams", | |
"kinesis:SubscribeToShard", | |
"logs:CreateLogGroup", | |
"logs:CreateLogStream", | |
"logs:PutLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJHOLKJPXV4GBRMJUQ", | |
"PolicyName": "AWSLambdaKinesisExecutionRole", | |
"UpdateDate": "2018-11-19T20:09:24+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSLambdaReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSLambdaReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-09-06T18:04:54+00:00", | |
"DefaultVersionId": "v8", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudformation:DescribeChangeSet", | |
"cloudformation:DescribeStackResources", | |
"cloudformation:DescribeStacks", | |
"cloudformation:GetTemplate", | |
"cloudformation:ListStackResources", | |
"cloudwatch:Describe*", | |
"cloudwatch:Get*", | |
"cloudwatch:List*", | |
"cognito-identity:ListIdentityPools", | |
"cognito-sync:GetCognitoEvents", | |
"dynamodb:BatchGetItem", | |
"dynamodb:DescribeStream", | |
"dynamodb:DescribeTable", | |
"dynamodb:GetItem", | |
"dynamodb:ListStreams", | |
"dynamodb:ListTables", | |
"dynamodb:Query", | |
"dynamodb:Scan", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"events:Describe*", | |
"events:List*", | |
"iam:GetPolicy", | |
"iam:GetPolicyVersion", | |
"iam:GetRole", | |
"iam:GetRolePolicy", | |
"iam:ListAttachedRolePolicies", | |
"iam:ListRolePolicies", | |
"iam:ListRoles", | |
"iot:DescribeEndpoint", | |
"iot:GetTopicRule", | |
"iot:ListPolicies", | |
"iot:ListThings", | |
"iot:ListTopicRules", | |
"kinesis:DescribeStream", | |
"kinesis:ListStreams", | |
"kms:ListAliases", | |
"lambda:Get*", | |
"lambda:List*", | |
"logs:DescribeLogGroups", | |
"logs:DescribeLogStreams", | |
"logs:DescribeMetricFilters", | |
"logs:GetLogEvents", | |
"s3:Get*", | |
"s3:List*", | |
"sns:ListSubscriptions", | |
"sns:ListSubscriptionsByTopic", | |
"sns:ListTopics", | |
"sqs:ListQueues", | |
"tag:GetResources" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJLDG7J3CGUHFN4YN6", | |
"PolicyName": "AWSLambdaReadOnlyAccess", | |
"UpdateDate": "2018-09-06T18:04:54+00:00", | |
"VersionId": "v8" | |
}, | |
"AWSLambdaReplicator": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLambdaReplicator", | |
"AttachmentCount": 1, | |
"CreateDate": "2017-12-08T00:17:54+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"lambda:CreateFunction", | |
"lambda:DeleteFunction", | |
"lambda:DisableReplication" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:lambda:*:*:function:*" | |
], | |
"Sid": "LambdaCreateDeletePermission" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringLikeIfExists": { | |
"iam:PassedToService": "lambda.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "IamPassRolePermission" | |
}, | |
{ | |
"Action": [ | |
"cloudfront:ListDistributionsByLambdaFunction" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "CloudFrontListDistributions" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIIQFXZNNLL3E2HKTG", | |
"PolicyName": "AWSLambdaReplicator", | |
"UpdateDate": "2017-12-08T00:17:54+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSLambdaRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-02-06T18:41:28+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"lambda:InvokeFunction" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJX4DPCRGTC4NFDUXI", | |
"PolicyName": "AWSLambdaRole", | |
"UpdateDate": "2015-02-06T18:41:28+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSLambdaSQSQueueExecutionRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-06-14T21:50:45+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"sqs:ReceiveMessage", | |
"sqs:DeleteMessage", | |
"sqs:GetQueueAttributes", | |
"logs:CreateLogGroup", | |
"logs:CreateLogStream", | |
"logs:PutLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJFWJZI6JNND4TSELK", | |
"PolicyName": "AWSLambdaSQSQueueExecutionRole", | |
"UpdateDate": "2018-06-14T21:50:45+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSLambdaVPCAccessExecutionRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", | |
"AttachmentCount": 2, | |
"CreateDate": "2016-02-11T23:15:26+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"logs:CreateLogGroup", | |
"logs:CreateLogStream", | |
"logs:PutLogEvents", | |
"ec2:CreateNetworkInterface", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DeleteNetworkInterface" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJVTME3YLVNL72YR2K", | |
"PolicyName": "AWSLambdaVPCAccessExecutionRole", | |
"UpdateDate": "2016-02-11T23:15:26+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSLicenseManagerMasterAccountRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerMasterAccountRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-08-29T22:56:41+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"s3:GetBucketLocation", | |
"s3:ListBucket", | |
"s3:GetLifecycleConfiguration", | |
"s3:PutLifecycleConfiguration", | |
"s3:GetBucketPolicy", | |
"s3:PutBucketPolicy" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::aws-license-manager-service-*" | |
], | |
"Sid": "S3BucketPermissions" | |
}, | |
{ | |
"Action": [ | |
"s3:AbortMultipartUpload", | |
"s3:PutObject", | |
"s3:GetObject", | |
"s3:ListBucketMultipartUploads", | |
"s3:ListMultipartUploadParts" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::aws-license-manager-service-*" | |
], | |
"Sid": "S3ObjectPermissions1" | |
}, | |
{ | |
"Action": [ | |
"s3:DeleteObject" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::aws-license-manager-service-*/resource_sync/*" | |
], | |
"Sid": "S3ObjectPermissions2" | |
}, | |
{ | |
"Action": [ | |
"athena:GetQueryExecution", | |
"athena:GetQueryResults", | |
"athena:StartQueryExecution" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "AthenaPermissions" | |
}, | |
{ | |
"Action": [ | |
"glue:GetTable", | |
"glue:GetPartition", | |
"glue:GetPartitions" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "GluePermissions" | |
}, | |
{ | |
"Action": [ | |
"organizations:DescribeOrganization", | |
"organizations:ListAccounts", | |
"organizations:DescribeAccount", | |
"organizations:ListChildren", | |
"organizations:ListParents", | |
"organizations:ListAccountsForParent", | |
"organizations:ListRoots", | |
"organizations:ListAWSServiceAccessForOrganization" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "OrganizationPermissions" | |
}, | |
{ | |
"Action": [ | |
"ram:GetResourceShares", | |
"ram:GetResourceShareAssociations", | |
"ram:TagResource" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "RAMPermissions1" | |
}, | |
{ | |
"Action": [ | |
"ram:CreateResourceShare" | |
], | |
"Condition": { | |
"StringEquals": { | |
"aws:RequestTag/Service": "LicenseManager" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "RAMPermissions2" | |
}, | |
{ | |
"Action": [ | |
"ram:AssociateResourceShare", | |
"ram:DisassociateResourceShare", | |
"ram:UpdateResourceShare", | |
"ram:DeleteResourceShare" | |
], | |
"Condition": { | |
"StringEquals": { | |
"ram:ResourceTag/Service": "LicenseManager" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "RAMPermissions3" | |
}, | |
{ | |
"Action": [ | |
"iam:GetRole" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "IAMGetRoles" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringEquals": { | |
"iam:PassedToService": [ | |
"cloudformation.amazonaws.com", | |
"glue.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/LicenseManagerServiceResourceDataSyncRole*" | |
], | |
"Sid": "IAMPassRoles" | |
}, | |
{ | |
"Action": [ | |
"cloudformation:UpdateStack", | |
"cloudformation:CreateStack", | |
"cloudformation:DeleteStack", | |
"cloudformation:DescribeStacks" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:cloudformation:*:*:stack/LicenseManagerCrossAccountCloudDiscoveryStack/*" | |
], | |
"Sid": "CloudformationPermission" | |
}, | |
{ | |
"Action": [ | |
"glue:CreateTable", | |
"glue:UpdateTable", | |
"glue:DeleteTable", | |
"glue:UpdateJob", | |
"glue:UpdateCrawler" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:glue:*:*:catalog", | |
"arn:aws:glue:*:*:crawler/LicenseManagerResourceSynDataCrawler", | |
"arn:aws:glue:*:*:job/LicenseManagerResourceSynDataProcessJob", | |
"arn:aws:glue:*:*:table/license_manager_resource_inventory_db/*", | |
"arn:aws:glue:*:*:table/license_manager_resource_sync/*", | |
"arn:aws:glue:*:*:database/license_manager_resource_inventory_db", | |
"arn:aws:glue:*:*:database/license_manager_resource_sync" | |
], | |
"Sid": "GlueUpdatePermissions" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIJE2NOZW2BDEHYUH2", | |
"PolicyName": "AWSLicenseManagerMasterAccountRolePolicy", | |
"UpdateDate": "2019-08-29T22:56:41+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSLicenseManagerMemberAccountRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerMemberAccountRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-15T22:09:32+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"license-manager:UpdateLicenseSpecificationsForResource", | |
"license-manager:GetLicenseConfiguration" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "LicenseManagerPermissions" | |
}, | |
{ | |
"Action": [ | |
"ssm:ListInventoryEntries", | |
"ssm:GetInventory", | |
"ssm:CreateAssociation", | |
"ssm:CreateResourceDataSync", | |
"ssm:DeleteResourceDataSync", | |
"ssm:ListResourceDataSync", | |
"ssm:ListAssociations" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "SSMPermissions" | |
}, | |
{ | |
"Action": [ | |
"ram:AcceptResourceShareInvitation", | |
"ram:GetResourceShareInvitations" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "RAMPermissions" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJZTYEY2LEGBYAVUY4", | |
"PolicyName": "AWSLicenseManagerMemberAccountRolePolicy", | |
"UpdateDate": "2019-11-15T22:09:32+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSLicenseManagerServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-15T22:10:12+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"s3:GetBucketLocation", | |
"s3:ListBucket" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::aws-license-manager-service-*" | |
], | |
"Sid": "S3BucketPermissions1" | |
}, | |
{ | |
"Action": [ | |
"s3:ListAllMyBuckets" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "S3BucketPermissions2" | |
}, | |
{ | |
"Action": [ | |
"s3:PutObject" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::aws-license-manager-service-*" | |
], | |
"Sid": "S3ObjectPermissions" | |
}, | |
{ | |
"Action": [ | |
"sns:Publish" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:sns:*:*:aws-license-manager-service-*" | |
], | |
"Sid": "SNSAccountPermissions" | |
}, | |
{ | |
"Action": [ | |
"sns:ListTopics" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "SNSTopicPermissions" | |
}, | |
{ | |
"Action": [ | |
"ec2:DescribeInstances", | |
"ec2:DescribeImages", | |
"ec2:DescribeHosts" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "EC2Permissions" | |
}, | |
{ | |
"Action": [ | |
"ssm:ListInventoryEntries", | |
"ssm:GetInventory", | |
"ssm:CreateAssociation" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "SSMPermissions" | |
}, | |
{ | |
"Action": [ | |
"organizations:ListAWSServiceAccessForOrganization", | |
"organizations:DescribeOrganization" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "OrganizationPermissions" | |
}, | |
{ | |
"Action": [ | |
"license-manager:GetServiceSettings", | |
"license-manager:GetLicenseConfiguration", | |
"license-manager:UpdateLicenseSpecificationsForResource", | |
"license-manager:ListUsageForLicenseConfiguration" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "LicenseManagerPermissions" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIM7JPETWHTYNBQSZE", | |
"PolicyName": "AWSLicenseManagerServiceRolePolicy", | |
"UpdateDate": "2019-11-15T22:10:12+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSMarketplaceFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-08-08T21:13:02+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"aws-marketplace:*", | |
"cloudformation:CreateStack", | |
"cloudformation:DescribeStackResource", | |
"cloudformation:DescribeStackResources", | |
"cloudformation:DescribeStacks", | |
"cloudformation:List*", | |
"ec2:AuthorizeSecurityGroupEgress", | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:CreateSecurityGroup", | |
"ec2:CreateTags", | |
"ec2:DescribeAccountAttributes", | |
"ec2:DescribeAddresses", | |
"ec2:DeleteSecurityGroup", | |
"ec2:DescribeAccountAttributes", | |
"ec2:DescribeImages", | |
"ec2:DescribeInstances", | |
"ec2:DescribeKeyPairs", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeTags", | |
"ec2:DescribeVpcs", | |
"ec2:RunInstances", | |
"ec2:StartInstances", | |
"ec2:StopInstances", | |
"ec2:TerminateInstances" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"ec2:CopyImage", | |
"ec2:DeregisterImage", | |
"ec2:DescribeSnapshots", | |
"ec2:DeleteSnapshot", | |
"ec2:CreateImage", | |
"ec2:DescribeInstanceStatus", | |
"ssm:GetAutomationExecution", | |
"ssm:UpdateDocumentDefaultVersion", | |
"ssm:CreateDocument", | |
"ssm:StartAutomationExecution", | |
"ssm:ListDocuments", | |
"ssm:UpdateDocument", | |
"ssm:DescribeDocument", | |
"sns:ListTopics", | |
"sns:GetTopicAttributes", | |
"sns:CreateTopic", | |
"iam:GetRole", | |
"iam:GetInstanceProfile", | |
"iam:ListRoles", | |
"iam:ListInstanceProfiles" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"s3:ListBucket", | |
"s3:GetObject" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::*image-build*" | |
] | |
}, | |
{ | |
"Action": [ | |
"sns:Publish", | |
"sns:setTopicAttributes" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:sns:*:*:*image-build*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": [ | |
"ec2.amazonaws.com", | |
"ssm.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI2DV5ULJSO2FYVPYG", | |
"PolicyName": "AWSMarketplaceFullAccess", | |
"UpdateDate": "2018-08-08T21:13:02+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSMarketplaceGetEntitlements": { | |
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceGetEntitlements", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-03-27T19:37:24+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"aws-marketplace:GetEntitlements" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJLPIMQE4WMHDC2K7C", | |
"PolicyName": "AWSMarketplaceGetEntitlements", | |
"UpdateDate": "2017-03-27T19:37:24+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSMarketplaceImageBuildFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceImageBuildFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-08-08T21:11:59+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"aws-marketplace:ListBuilds", | |
"aws-marketplace:StartBuild", | |
"aws-marketplace:DescribeBuilds" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "ec2:TerminateInstances", | |
"Condition": { | |
"StringLike": { | |
"ec2:ResourceTag/marketplace-image-build:build-id": "*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringEquals": { | |
"iam:PassedToService": [ | |
"ec2.amazonaws.com", | |
"ssm.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/*Automation*", | |
"arn:aws:iam::*:role/*Instance*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ssm:GetAutomationExecution", | |
"ssm:CreateDocument", | |
"ssm:StartAutomationExecution", | |
"ssm:ListDocuments", | |
"ssm:UpdateDocument", | |
"ssm:UpdateDocumentDefaultVersion", | |
"ssm:DescribeDocument", | |
"ec2:DeregisterImage", | |
"ec2:CopyImage", | |
"ec2:DescribeSnapshots", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeImages", | |
"ec2:DescribeSubnets", | |
"ec2:DeleteSnapshot", | |
"ec2:CreateImage", | |
"ec2:RunInstances", | |
"ec2:DescribeInstanceStatus", | |
"sns:GetTopicAttributes", | |
"iam:GetRole", | |
"iam:GetInstanceProfile" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject", | |
"s3:ListBucket" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::*image-build*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ec2:CreateTags" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:ec2:*::image/*", | |
"arn:aws:ec2:*:*:instance/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"sns:Publish" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:sns:*:*:*image-build*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI4QBMJWC3BNHBHN6I", | |
"PolicyName": "AWSMarketplaceImageBuildFullAccess", | |
"UpdateDate": "2018-08-08T21:11:59+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSMarketplaceManageSubscriptions": { | |
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceManageSubscriptions", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-28T21:49:43+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"aws-marketplace:ViewSubscriptions", | |
"aws-marketplace:Subscribe", | |
"aws-marketplace:Unsubscribe" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"aws-marketplace:CreatePrivateMarketplaceRequests", | |
"aws-marketplace:ListPrivateMarketplaceRequests", | |
"aws-marketplace:DescribePrivateMarketplaceRequests" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJRDW2WIFN7QLUAKBQ", | |
"PolicyName": "AWSMarketplaceManageSubscriptions", | |
"UpdateDate": "2019-10-28T21:49:43+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSMarketplaceMeteringFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-03-17T22:39:22+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"aws-marketplace:MeterUsage" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ65YJPG7CC7LDXNA6", | |
"PolicyName": "AWSMarketplaceMeteringFullAccess", | |
"UpdateDate": "2016-03-17T22:39:22+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSMarketplaceProcurementSystemAdminFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceProcurementSystemAdminFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-25T13:07:47+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"aws-marketplace:PutProcurementSystemConfiguration", | |
"aws-marketplace:DescribeProcurementSystemConfiguration", | |
"organizations:Describe*", | |
"organizations:List*" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4FIYNR3TC4", | |
"PolicyName": "AWSMarketplaceProcurementSystemAdminFullAccess", | |
"UpdateDate": "2019-06-25T13:07:47+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSMarketplaceRead-only": { | |
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceRead-only", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-28T21:51:31+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"aws-marketplace:ViewSubscriptions", | |
"ec2:DescribeAccountAttributes", | |
"ec2:DescribeAddresses", | |
"ec2:DescribeImages", | |
"ec2:DescribeInstances", | |
"ec2:DescribeKeyPairs", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"aws-marketplace:ListBuilds", | |
"aws-marketplace:DescribeBuilds", | |
"iam:ListRoles", | |
"iam:ListInstanceProfiles", | |
"sns:GetTopicAttributes", | |
"sns:ListTopics" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"aws-marketplace:ListPrivateMarketplaceRequests", | |
"aws-marketplace:DescribePrivateMarketplaceRequests" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJOOM6LETKURTJ3XZ2", | |
"PolicyName": "AWSMarketplaceRead-only", | |
"UpdateDate": "2019-10-28T21:51:31+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSMarketplaceSellerFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceSellerFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-07-02T20:40:09+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"aws-marketplace-management:uploadFiles", | |
"aws-marketplace-management:viewMarketing", | |
"aws-marketplace-management:viewReports", | |
"aws-marketplace-management:viewSupport", | |
"aws-marketplace-management:viewSettings", | |
"aws-marketplace:ListChangeSets", | |
"aws-marketplace:DescribeChangeSet", | |
"aws-marketplace:StartChangeSet", | |
"aws-marketplace:CancelChangeSet", | |
"aws-marketplace:ListEntities", | |
"aws-marketplace:DescribeEntity", | |
"ec2:DescribeImages", | |
"ec2:DescribeSnapshots", | |
"ec2:ModifyImageAttribute", | |
"ec2:ModifySnapshotAttribute" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4JF7OFUANW", | |
"PolicyName": "AWSMarketplaceSellerFullAccess", | |
"UpdateDate": "2019-07-02T20:40:09+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSMarketplaceSellerProductsFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceSellerProductsFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-07-02T21:06:25+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"aws-marketplace:ListChangeSets", | |
"aws-marketplace:DescribeChangeSet", | |
"aws-marketplace:StartChangeSet", | |
"aws-marketplace:CancelChangeSet", | |
"aws-marketplace:ListEntities", | |
"aws-marketplace:DescribeEntity", | |
"ec2:DescribeImages", | |
"ec2:DescribeSnapshots", | |
"ec2:ModifyImageAttribute", | |
"ec2:ModifySnapshotAttribute" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4DS2YFEG4N", | |
"PolicyName": "AWSMarketplaceSellerProductsFullAccess", | |
"UpdateDate": "2019-07-02T21:06:25+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSMarketplaceSellerProductsReadOnly": { | |
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceSellerProductsReadOnly", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-07-02T21:40:47+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"aws-marketplace:ListChangeSets", | |
"aws-marketplace:DescribeChangeSet", | |
"aws-marketplace:ListEntities", | |
"aws-marketplace:DescribeEntity", | |
"ec2:DescribeImages", | |
"ec2:DescribeSnapshots" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4K5Y2Q5F7D", | |
"PolicyName": "AWSMarketplaceSellerProductsReadOnly", | |
"UpdateDate": "2019-07-02T21:40:47+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSMigrationHubDMSAccess": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSMigrationHubDMSAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-07T17:51:53+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"mgh:CreateProgressUpdateStream" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:mgh:*:*:progressUpdateStream/DMS" | |
}, | |
{ | |
"Action": [ | |
"mgh:AssociateCreatedArtifact", | |
"mgh:DescribeMigrationTask", | |
"mgh:DisassociateCreatedArtifact", | |
"mgh:ImportMigrationTask", | |
"mgh:ListCreatedArtifacts", | |
"mgh:NotifyMigrationTaskState", | |
"mgh:PutResourceAttributes", | |
"mgh:NotifyApplicationState", | |
"mgh:DescribeApplicationState", | |
"mgh:AssociateDiscoveredResource", | |
"mgh:DisassociateDiscoveredResource", | |
"mgh:ListDiscoveredResources" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:mgh:*:*:progressUpdateStream/DMS/*" | |
}, | |
{ | |
"Action": [ | |
"mgh:ListMigrationTasks", | |
"mgh:GetHomeRegion" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIUQB56VA4JHLN7G2W", | |
"PolicyName": "AWSMigrationHubDMSAccess", | |
"UpdateDate": "2019-10-07T17:51:53+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSMigrationHubDiscoveryAccess": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSMigrationHubDiscoveryAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-08-14T13:30:51+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"discovery:ListConfigurations", | |
"discovery:DescribeConfigurations" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAITRMRLSV7JAL6YIGG", | |
"PolicyName": "AWSMigrationHubDiscoveryAccess", | |
"UpdateDate": "2017-08-14T13:30:51+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSMigrationHubFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSMigrationHubFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-19T21:14:41+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"mgh:*", | |
"discovery:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:GetRole" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringEquals": { | |
"iam:AWSServiceName": "continuousexport.discovery.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*" | |
}, | |
{ | |
"Action": [ | |
"iam:DeleteServiceLinkedRole", | |
"iam:GetServiceLinkedRoleDeletionStatus" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringEquals": { | |
"iam:AWSServiceName": [ | |
"migrationhub.amazonaws.com", | |
"dmsintegration.migrationhub.amazonaws.com", | |
"smsintegration.migrationhub.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ4A2SZKHUYHDYIGOK", | |
"PolicyName": "AWSMigrationHubFullAccess", | |
"UpdateDate": "2019-06-19T21:14:41+00:00", | |
"VersionId": "v4" | |
}, | |
"AWSMigrationHubSMSAccess": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSMigrationHubSMSAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-07T18:01:22+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"mgh:CreateProgressUpdateStream" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:mgh:*:*:progressUpdateStream/SMS" | |
}, | |
{ | |
"Action": [ | |
"mgh:AssociateCreatedArtifact", | |
"mgh:DescribeMigrationTask", | |
"mgh:DisassociateCreatedArtifact", | |
"mgh:ImportMigrationTask", | |
"mgh:ListCreatedArtifacts", | |
"mgh:NotifyMigrationTaskState", | |
"mgh:PutResourceAttributes", | |
"mgh:NotifyApplicationState", | |
"mgh:DescribeApplicationState", | |
"mgh:AssociateDiscoveredResource", | |
"mgh:DisassociateDiscoveredResource", | |
"mgh:ListDiscoveredResources" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:mgh:*:*:progressUpdateStream/SMS/*" | |
}, | |
{ | |
"Action": [ | |
"mgh:ListMigrationTasks", | |
"mgh:GetHomeRegion" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIWQYYT6TSVIRJO4TY", | |
"PolicyName": "AWSMigrationHubSMSAccess", | |
"UpdateDate": "2019-10-07T18:01:22+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSMobileHub_FullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSMobileHub_FullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-02-05T23:44:29+00:00", | |
"DefaultVersionId": "v13", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"apigateway:GET", | |
"apigateway:GetRestApis", | |
"apigateway:GetResources", | |
"apigateway:POST", | |
"apigateway:TestInvokeMethod", | |
"cloudfront:GetDistribution", | |
"devicefarm:CreateProject", | |
"devicefarm:ListJobs", | |
"devicefarm:ListRuns", | |
"devicefarm:GetProject", | |
"devicefarm:GetRun", | |
"devicefarm:ListArtifacts", | |
"devicefarm:ListProjects", | |
"devicefarm:ScheduleRun", | |
"dynamodb:DescribeTable", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"iam:ListSAMLProviders", | |
"lambda:ListFunctions", | |
"sns:ListTopics", | |
"lex:GetIntent", | |
"lex:GetIntents", | |
"lex:GetSlotType", | |
"lex:GetSlotTypes", | |
"lex:GetBot", | |
"lex:GetBots", | |
"lex:GetBotAlias", | |
"lex:GetBotAliases", | |
"mobilehub:CreateProject", | |
"mobilehub:DeleteProject", | |
"mobilehub:UpdateProject", | |
"mobilehub:ExportProject", | |
"mobilehub:ImportProject", | |
"mobilehub:SynchronizeProject", | |
"mobilehub:GenerateProjectParameters", | |
"mobilehub:GetProject", | |
"mobilehub:GetProjectSnapshot", | |
"mobilehub:ListProjectSnapshots", | |
"mobilehub:DeleteProjectSnapshot", | |
"mobilehub:ListAvailableConnectors", | |
"mobilehub:ListAvailableFeatures", | |
"mobilehub:ListAvailableRegions", | |
"mobilehub:ListProjects", | |
"mobilehub:ValidateProject", | |
"mobilehub:VerifyServiceRole", | |
"mobilehub:DescribeBundle", | |
"mobilehub:ExportBundle", | |
"mobilehub:ListBundles" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:s3:::*/aws-my-sample-app*.zip" | |
}, | |
{ | |
"Action": [ | |
"s3:PutObject" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:s3:::*-mobilehub-*/*" | |
}, | |
{ | |
"Action": [ | |
"s3:ListBucket" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:s3:::*-mobilehub-*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIJLU43R6AGRBK76DM", | |
"PolicyName": "AWSMobileHub_FullAccess", | |
"UpdateDate": "2018-02-05T23:44:29+00:00", | |
"VersionId": "v13" | |
}, | |
"AWSMobileHub_ReadOnly": { | |
"Arn": "arn:aws:iam::aws:policy/AWSMobileHub_ReadOnly", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-07-23T21:59:05+00:00", | |
"DefaultVersionId": "v10", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"dynamodb:DescribeTable", | |
"iam:ListSAMLProviders", | |
"lambda:ListFunctions", | |
"sns:ListTopics", | |
"lex:GetIntent", | |
"lex:GetIntents", | |
"lex:GetSlotType", | |
"lex:GetSlotTypes", | |
"lex:GetBot", | |
"lex:GetBots", | |
"lex:GetBotAlias", | |
"lex:GetBotAliases", | |
"mobilehub:ExportProject", | |
"mobilehub:GenerateProjectParameters", | |
"mobilehub:GetProject", | |
"mobilehub:SynchronizeProject", | |
"mobilehub:GetProjectSnapshot", | |
"mobilehub:ListProjectSnapshots", | |
"mobilehub:ListAvailableConnectors", | |
"mobilehub:ListAvailableFeatures", | |
"mobilehub:ListAvailableRegions", | |
"mobilehub:ListProjects", | |
"mobilehub:ValidateProject", | |
"mobilehub:VerifyServiceRole", | |
"mobilehub:DescribeBundle", | |
"mobilehub:ExportBundle", | |
"mobilehub:ListBundles" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:s3:::*/aws-my-sample-app*.zip" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIBXVYVL3PWQFBZFGW", | |
"PolicyName": "AWSMobileHub_ReadOnly", | |
"UpdateDate": "2018-07-23T21:59:05+00:00", | |
"VersionId": "v10" | |
}, | |
"AWSOpsWorksCMInstanceProfileRole": { | |
"Arn": "arn:aws:iam::aws:policy/AWSOpsWorksCMInstanceProfileRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-22T07:40:17+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudformation:DescribeStackResource", | |
"cloudformation:SignalResource" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"s3:AbortMultipartUpload", | |
"s3:DeleteObject", | |
"s3:GetObject", | |
"s3:ListAllMyBuckets", | |
"s3:ListBucket", | |
"s3:ListMultipartUploadParts", | |
"s3:PutObject" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:s3:::aws-opsworks-cm-*" | |
}, | |
{ | |
"Action": "acm:GetCertificate", | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAICSU3OSHCURP2WIZW", | |
"PolicyName": "AWSOpsWorksCMInstanceProfileRole", | |
"UpdateDate": "2019-10-22T07:40:17+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSOpsWorksCMServiceRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSOpsWorksCMServiceRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-07T13:03:31+00:00", | |
"DefaultVersionId": "v11", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"s3:CreateBucket", | |
"s3:DeleteObject", | |
"s3:DeleteBucket", | |
"s3:GetObject", | |
"s3:ListBucket", | |
"s3:PutBucketPolicy", | |
"s3:PutObject" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::aws-opsworks-cm-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ssm:DescribeInstanceInformation", | |
"ssm:GetCommandInvocation", | |
"ssm:ListCommandInvocations", | |
"ssm:ListCommands" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ssm:SendCommand" | |
], | |
"Condition": { | |
"StringLike": { | |
"ssm:resourceTag/aws:cloudformation:stack-name": "aws-opsworks-cm-*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ssm:SendCommand" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:ssm:*::document/*", | |
"arn:aws:s3:::aws-opsworks-cm-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ec2:AllocateAddress", | |
"ec2:AssociateAddress", | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:CreateImage", | |
"ec2:CreateSecurityGroup", | |
"ec2:CreateSnapshot", | |
"ec2:CreateTags", | |
"ec2:DeleteSecurityGroup", | |
"ec2:DeleteSnapshot", | |
"ec2:DeregisterImage", | |
"ec2:DescribeAccountAttributes", | |
"ec2:DescribeAddresses", | |
"ec2:DescribeImages", | |
"ec2:DescribeInstanceStatus", | |
"ec2:DescribeInstances", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSnapshots", | |
"ec2:DescribeSubnets", | |
"ec2:DisassociateAddress", | |
"ec2:ReleaseAddress", | |
"ec2:RunInstances", | |
"ec2:StopInstances" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ec2:TerminateInstances", | |
"ec2:RebootInstances" | |
], | |
"Condition": { | |
"StringLike": { | |
"ec2:ResourceTag/aws:cloudformation:stack-name": "aws-opsworks-cm-*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"opsworks-cm:DeleteServer", | |
"opsworks-cm:StartMaintenance" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:opsworks-cm:*:*:server/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"cloudformation:CreateStack", | |
"cloudformation:DeleteStack", | |
"cloudformation:DescribeStackEvents", | |
"cloudformation:DescribeStackResources", | |
"cloudformation:DescribeStacks", | |
"cloudformation:UpdateStack" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:cloudformation:*:*:stack/aws-opsworks-cm-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/aws-opsworks-cm-*", | |
"arn:aws:iam::*:role/service-role/aws-opsworks-cm-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"acm:DeleteCertificate", | |
"acm:ImportCertificate" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ6I6MPGJE62URSHCO", | |
"PolicyName": "AWSOpsWorksCMServiceRole", | |
"UpdateDate": "2019-11-07T13:03:31+00:00", | |
"VersionId": "v11" | |
}, | |
"AWSOpsWorksCloudWatchLogs": { | |
"Arn": "arn:aws:iam::aws:policy/AWSOpsWorksCloudWatchLogs", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-03-30T17:47:19+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"logs:CreateLogGroup", | |
"logs:CreateLogStream", | |
"logs:PutLogEvents", | |
"logs:DescribeLogStreams" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:logs:*:*:*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJXFIK7WABAY5CPXM4", | |
"PolicyName": "AWSOpsWorksCloudWatchLogs", | |
"UpdateDate": "2017-03-30T17:47:19+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSOpsWorksFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSOpsWorksFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-02-06T18:40:48+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"opsworks:*", | |
"ec2:DescribeAvailabilityZones", | |
"ec2:DescribeKeyPairs", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeAccountAttributes", | |
"ec2:DescribeAvailabilityZones", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"elasticloadbalancing:DescribeInstanceHealth", | |
"elasticloadbalancing:DescribeLoadBalancers", | |
"iam:GetRolePolicy", | |
"iam:ListInstanceProfiles", | |
"iam:ListRoles", | |
"iam:ListUsers", | |
"iam:PassRole" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAICN26VXMXASXKOQCG", | |
"PolicyName": "AWSOpsWorksFullAccess", | |
"UpdateDate": "2015-02-06T18:40:48+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSOpsWorksInstanceRegistration": { | |
"Arn": "arn:aws:iam::aws:policy/AWSOpsWorksInstanceRegistration", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-06-03T14:23:15+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"opsworks:DescribeStackProvisioningParameters", | |
"opsworks:DescribeStacks", | |
"opsworks:RegisterInstance" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJG3LCPVNI4WDZCIMU", | |
"PolicyName": "AWSOpsWorksInstanceRegistration", | |
"UpdateDate": "2016-06-03T14:23:15+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSOpsWorksRegisterCLI_EC2": { | |
"Arn": "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI_EC2", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-18T15:56:17+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"opsworks:AssignInstance", | |
"opsworks:CreateLayer", | |
"opsworks:DeregisterInstance", | |
"opsworks:DescribeInstances", | |
"opsworks:DescribeStackProvisioningParameters", | |
"opsworks:DescribeStacks", | |
"opsworks:UnassignInstance" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ec2:DescribeInstances" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4NCE3CMCRC", | |
"PolicyName": "AWSOpsWorksRegisterCLI_EC2", | |
"UpdateDate": "2019-06-18T15:56:17+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSOpsWorksRegisterCLI_OnPremises": { | |
"Arn": "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI_OnPremises", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-18T15:33:16+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"opsworks:AssignInstance", | |
"opsworks:CreateLayer", | |
"opsworks:DeregisterInstance", | |
"opsworks:DescribeInstances", | |
"opsworks:DescribeStackProvisioningParameters", | |
"opsworks:DescribeStacks", | |
"opsworks:UnassignInstance" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ec2:DescribeInstances" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:CreateGroup", | |
"iam:AddUserToGroup" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:group/AWS/OpsWorks/OpsWorks-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:CreateUser", | |
"iam:CreateAccessKey" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:user/AWS/OpsWorks/OpsWorks-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:AttachUserPolicy" | |
], | |
"Condition": { | |
"ArnEquals": { | |
"iam:PolicyARN": "arn:aws:iam::aws:policy/AWSOpsWorksInstanceRegistration" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:user/AWS/OpsWorks/OpsWorks-*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4EZJ5DYEPG", | |
"PolicyName": "AWSOpsWorksRegisterCLI_OnPremises", | |
"UpdateDate": "2019-06-18T15:33:16+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSOpsWorksRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSOpsWorksRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-02-06T18:41:27+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudwatch:GetMetricStatistics", | |
"ec2:DescribeAccountAttributes", | |
"ec2:DescribeAvailabilityZones", | |
"ec2:DescribeInstances", | |
"ec2:DescribeKeyPairs", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"elasticloadbalancing:DescribeInstanceHealth", | |
"elasticloadbalancing:DescribeLoadBalancers", | |
"iam:GetRolePolicy", | |
"iam:ListInstanceProfiles", | |
"iam:ListRoles", | |
"iam:ListUsers", | |
"iam:PassRole", | |
"opsworks:*", | |
"rds:*" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIDUTMOKHJFAPJV45W", | |
"PolicyName": "AWSOpsWorksRole", | |
"UpdateDate": "2015-02-06T18:41:27+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSOrganizationsFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSOrganizationsFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-11-06T20:31:57+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "organizations:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJZXBNRCJKNLQHSB5M", | |
"PolicyName": "AWSOrganizationsFullAccess", | |
"UpdateDate": "2018-11-06T20:31:57+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSOrganizationsReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSOrganizationsReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-11-06T20:32:38+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"organizations:Describe*", | |
"organizations:List*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJY5RQATUV77PEPVOM", | |
"PolicyName": "AWSOrganizationsReadOnlyAccess", | |
"UpdateDate": "2018-11-06T20:32:38+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSOrganizationsServiceTrustPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSOrganizationsServiceTrustPolicy", | |
"AttachmentCount": 1, | |
"CreateDate": "2017-11-01T06:01:18+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iam:DeleteRole" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/aws-service-role/organizations.amazonaws.com/*" | |
], | |
"Sid": "AllowDeletionOfServiceLinkedRoleForOrganizations" | |
}, | |
{ | |
"Action": [ | |
"iam:CreateServiceLinkedRole" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "AllowCreationOfServiceLinkedRoles" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIQH6ROMVVECFVRJPK", | |
"PolicyName": "AWSOrganizationsServiceTrustPolicy", | |
"UpdateDate": "2017-11-01T06:01:18+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSPriceListServiceFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSPriceListServiceFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-11-22T00:36:27+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"pricing:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIADJ4GBYNHKABML3Q", | |
"PolicyName": "AWSPriceListServiceFullAccess", | |
"UpdateDate": "2017-11-22T00:36:27+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSPrivateMarketplaceAdminFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSPrivateMarketplaceAdminFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-28T21:48:03+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"aws-marketplace:CreatePrivateMarketplace", | |
"aws-marketplace:StartPrivateMarketplace", | |
"aws-marketplace:StopPrivateMarketplace", | |
"aws-marketplace:DescribePrivateMarketplaceStatus", | |
"aws-marketplace:AssociateProductsWithPrivateMarketplace", | |
"aws-marketplace:DisassociateProductsFromPrivateMarketplace", | |
"aws-marketplace:ListPrivateMarketplaceProducts", | |
"aws-marketplace:DescribePrivateMarketplaceProducts", | |
"aws-marketplace:ListPrivateMarketplaceRequests", | |
"aws-marketplace:DescribePrivateMarketplaceRequests", | |
"aws-marketplace:UpdatePrivateMarketplaceSettings", | |
"aws-marketplace:DescribePrivateMarketplaceSettings", | |
"aws-marketplace:CreatePrivateMarketplaceProfile", | |
"aws-marketplace:UpdatePrivateMarketplaceProfile", | |
"aws-marketplace:DescribePrivateMarketplaceProfile" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ6VRZDDCYDOVCOCEI", | |
"PolicyName": "AWSPrivateMarketplaceAdminFullAccess", | |
"UpdateDate": "2019-10-28T21:48:03+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSPrivateMarketplaceRequests": { | |
"Arn": "arn:aws:iam::aws:policy/AWSPrivateMarketplaceRequests", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-28T21:44:03+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"aws-marketplace:CreatePrivateMarketplaceRequests", | |
"aws-marketplace:ListPrivateMarketplaceRequests", | |
"aws-marketplace:DescribePrivateMarketplaceRequests" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4AV6W3DAIW", | |
"PolicyName": "AWSPrivateMarketplaceRequests", | |
"UpdateDate": "2019-10-28T21:44:03+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSQuickSightDescribeRDS": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightDescribeRDS", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-11-10T23:24:50+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"rds:Describe*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJU5J6OAMCJD3OO76O", | |
"PolicyName": "AWSQuickSightDescribeRDS", | |
"UpdateDate": "2015-11-10T23:24:50+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSQuickSightDescribeRedshift": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightDescribeRedshift", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-11-10T23:25:01+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"redshift:Describe*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJFEM6MLSLTW4ZNBW2", | |
"PolicyName": "AWSQuickSightDescribeRedshift", | |
"UpdateDate": "2015-11-10T23:25:01+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSQuickSightIoTAnalyticsAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSQuickSightIoTAnalyticsAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-11-29T17:00:54+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iotanalytics:ListDatasets", | |
"iotanalytics:DescribeDataset", | |
"iotanalytics:GetDatasetContent" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJIZNDRUTKCN5HLZOE", | |
"PolicyName": "AWSQuickSightIoTAnalyticsAccess", | |
"UpdateDate": "2017-11-29T17:00:54+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSQuickSightListIAM": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightListIAM", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-11-10T23:25:07+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iam:List*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI3CH5UUWZN4EKGILO", | |
"PolicyName": "AWSQuickSightListIAM", | |
"UpdateDate": "2015-11-10T23:25:07+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSQuicksightAthenaAccess": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSQuicksightAthenaAccess", | |
"AttachmentCount": 1, | |
"CreateDate": "2019-09-10T17:59:46+00:00", | |
"DefaultVersionId": "v6", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"athena:BatchGetQueryExecution", | |
"athena:CancelQueryExecution", | |
"athena:GetCatalogs", | |
"athena:GetExecutionEngine", | |
"athena:GetExecutionEngines", | |
"athena:GetNamespace", | |
"athena:GetNamespaces", | |
"athena:GetQueryExecution", | |
"athena:GetQueryExecutions", | |
"athena:GetQueryResults", | |
"athena:GetQueryResultsStream", | |
"athena:GetTable", | |
"athena:GetTables", | |
"athena:ListQueryExecutions", | |
"athena:RunQuery", | |
"athena:StartQueryExecution", | |
"athena:StopQueryExecution", | |
"athena:ListWorkGroups", | |
"athena:GetWorkGroup" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"glue:CreateDatabase", | |
"glue:DeleteDatabase", | |
"glue:GetDatabase", | |
"glue:GetDatabases", | |
"glue:UpdateDatabase", | |
"glue:CreateTable", | |
"glue:DeleteTable", | |
"glue:BatchDeleteTable", | |
"glue:UpdateTable", | |
"glue:GetTable", | |
"glue:GetTables", | |
"glue:BatchCreatePartition", | |
"glue:CreatePartition", | |
"glue:DeletePartition", | |
"glue:BatchDeletePartition", | |
"glue:UpdatePartition", | |
"glue:GetPartition", | |
"glue:GetPartitions", | |
"glue:BatchGetPartition" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"s3:GetBucketLocation", | |
"s3:GetObject", | |
"s3:ListBucket", | |
"s3:ListBucketMultipartUploads", | |
"s3:ListMultipartUploadParts", | |
"s3:AbortMultipartUpload", | |
"s3:CreateBucket", | |
"s3:PutObject" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::aws-athena-query-results-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"lakeformation:GetDataAccess" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI4JB77JXFQXDWNRPM", | |
"PolicyName": "AWSQuicksightAthenaAccess", | |
"UpdateDate": "2019-09-10T17:59:46+00:00", | |
"VersionId": "v6" | |
}, | |
"AWSResourceAccessManagerFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSResourceAccessManagerFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-04T17:28:22+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ram:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4FYRGF63DP", | |
"PolicyName": "AWSResourceAccessManagerFullAccess", | |
"UpdateDate": "2019-06-04T17:28:22+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSResourceAccessManagerServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceAccessManagerServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-11-14T19:28:28+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"organizations:DescribeAccount", | |
"organizations:DescribeOrganization", | |
"organizations:DescribeOrganizationalUnit", | |
"organizations:ListAccounts", | |
"organizations:ListAccountsForParent", | |
"organizations:ListChildren", | |
"organizations:ListOrganizationalUnitsForParent", | |
"organizations:ListParents", | |
"organizations:ListRoots" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:DeleteRole" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/aws-service-role/ram.amazonaws.com/*" | |
], | |
"Sid": "AllowDeletionOfServiceLinkedRoleForResourceAccessManager" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJU667A3V5UAXC4YNE", | |
"PolicyName": "AWSResourceAccessManagerServiceRolePolicy", | |
"UpdateDate": "2018-11-14T19:28:28+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSResourceGroupsReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSResourceGroupsReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-02-05T17:56:25+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"resource-groups:Get*", | |
"resource-groups:List*", | |
"resource-groups:Search*", | |
"tag:Get*", | |
"cloudformation:DescribeStacks", | |
"cloudformation:ListStackResources", | |
"ec2:DescribeInstances", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSnapshots", | |
"ec2:DescribeVolumes", | |
"ec2:DescribeVpcs", | |
"elasticache:DescribeCacheClusters", | |
"elasticache:DescribeSnapshots", | |
"elasticache:ListTagsForResource", | |
"elasticbeanstalk:DescribeEnvironments", | |
"elasticmapreduce:DescribeCluster", | |
"elasticmapreduce:ListClusters", | |
"glacier:ListVaults", | |
"glacier:DescribeVault", | |
"glacier:ListTagsForVault", | |
"kinesis:ListStreams", | |
"kinesis:DescribeStream", | |
"kinesis:ListTagsForStream", | |
"opsworks:DescribeStacks", | |
"opsworks:ListTags", | |
"rds:DescribeDBInstances", | |
"rds:DescribeDBSnapshots", | |
"rds:ListTagsForResource", | |
"redshift:DescribeClusters", | |
"redshift:DescribeTags", | |
"route53domains:ListDomains", | |
"route53:ListHealthChecks", | |
"route53:GetHealthCheck", | |
"route53:ListHostedZones", | |
"route53:GetHostedZone", | |
"route53:ListTagsForResource", | |
"storagegateway:ListGateways", | |
"storagegateway:DescribeGatewayInformation", | |
"storagegateway:ListTagsForResource", | |
"s3:ListAllMyBuckets", | |
"s3:GetBucketTagging", | |
"elasticloadbalancing:DescribeLoadBalancers", | |
"elasticloadbalancing:DescribeTags", | |
"ssm:ListDocuments" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIXFKM2WGBJAEWMFEG", | |
"PolicyName": "AWSResourceGroupsReadOnlyAccess", | |
"UpdateDate": "2019-02-05T17:56:25+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSRoboMakerFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSRoboMakerFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-11-26T05:28:10+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"s3:GetObject", | |
"robomaker:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "VisualEditor0" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringEquals": { | |
"iam:AWSServiceName": "robomaker.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIG7WQVUX3AGSKGBAO", | |
"PolicyName": "AWSRoboMakerFullAccess", | |
"UpdateDate": "2018-11-26T05:28:10+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSRoboMakerReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSRoboMakerReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-11-26T05:30:50+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"robomaker:ListDeploymentJobs", | |
"robomaker:BatchDescribeSimulationJob", | |
"robomaker:DescribeFleet", | |
"robomaker:DescribeSimulationApplication", | |
"robomaker:DescribeRobotApplication", | |
"robomaker:ListFleets", | |
"robomaker:ListSimulationJobs", | |
"robomaker:DescribeDeploymentJob", | |
"robomaker:DescribeSimulationJob", | |
"robomaker:DescribeRobot", | |
"robomaker:ListRobots", | |
"robomaker:ListRobotApplications", | |
"robomaker:ListSimulationApplications" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "VisualEditor0" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIXFHP2ALXXGGECYJI", | |
"PolicyName": "AWSRoboMakerReadOnlyAccess", | |
"UpdateDate": "2018-11-26T05:30:50+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSRoboMakerServicePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSRoboMakerServicePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-04-04T22:15:35+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:CreateNetworkInterfacePermission", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeSecurityGroups", | |
"greengrass:CreateDeployment", | |
"greengrass:CreateGroupVersion", | |
"greengrass:CreateFunctionDefinition", | |
"greengrass:CreateFunctionDefinitionVersion", | |
"greengrass:GetDeploymentStatus", | |
"greengrass:GetGroup", | |
"greengrass:GetGroupVersion", | |
"greengrass:GetCoreDefinitionVersion", | |
"greengrass:GetFunctionDefinitionVersion", | |
"greengrass:GetAssociatedRole", | |
"lambda:CreateFunction" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"lambda:UpdateFunctionCode", | |
"lambda:GetFunction", | |
"lambda:UpdateFunctionConfiguration", | |
"lambda:DeleteFunction", | |
"lambda:ListVersionsByFunction", | |
"lambda:GetAlias", | |
"lambda:UpdateAlias", | |
"lambda:CreateAlias", | |
"lambda:DeleteAlias" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:lambda:*:*:function:aws-robomaker-*" | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringEqualsIfExists": { | |
"iam:PassedToService": "lambda.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJYLVVUUQMAEEZ3ZNY", | |
"PolicyName": "AWSRoboMakerServicePolicy", | |
"UpdateDate": "2019-04-04T22:15:35+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSRoboMakerServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/AWSRoboMakerServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-11-26T05:33:19+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:CreateNetworkInterfacePermission", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeSecurityGroups", | |
"greengrass:CreateDeployment", | |
"greengrass:CreateGroupVersion", | |
"greengrass:CreateFunctionDefinition", | |
"greengrass:CreateFunctionDefinitionVersion", | |
"greengrass:GetDeploymentStatus", | |
"greengrass:GetGroup", | |
"greengrass:GetGroupVersion", | |
"greengrass:GetCoreDefinitionVersion", | |
"greengrass:GetFunctionDefinitionVersion", | |
"greengrass:GetAssociatedRole", | |
"lambda:CreateFunction" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"lambda:UpdateFunctionCode", | |
"lambda:GetFunction", | |
"lambda:UpdateFunctionConfiguration" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:lambda:*:*:function:aws-robomaker-*" | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringEqualsIfExists": { | |
"iam:PassedToService": "lambda.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIOSFFLBBLCTKS3ATC", | |
"PolicyName": "AWSRoboMakerServiceRolePolicy", | |
"UpdateDate": "2018-11-26T05:33:19+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSSSODirectoryAdministrator": { | |
"Arn": "arn:aws:iam::aws:policy/AWSSSODirectoryAdministrator", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-10-31T23:54:00+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"sso-directory:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "AWSSSODirectoryAdministrator" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI2TCZRD7WRD5D2E2Q", | |
"PolicyName": "AWSSSODirectoryAdministrator", | |
"UpdateDate": "2018-10-31T23:54:00+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSSSODirectoryReadOnly": { | |
"Arn": "arn:aws:iam::aws:policy/AWSSSODirectoryReadOnly", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-10-31T23:49:32+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"sso-directory:Search*", | |
"sso-directory:Describe*", | |
"sso-directory:List*" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "AWSSSODirectoryReadOnly" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJDPMQELJXZD2NC6JG", | |
"PolicyName": "AWSSSODirectoryReadOnly", | |
"UpdateDate": "2018-10-31T23:49:32+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSSSOMasterAccountAdministrator": { | |
"Arn": "arn:aws:iam::aws:policy/AWSSSOMasterAccountAdministrator", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-10-17T20:41:20+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": "sso.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO", | |
"Sid": "AWSSSOMasterAccountAdministrator" | |
}, | |
{ | |
"Action": [ | |
"ds:DescribeTrusts", | |
"ds:UnauthorizeApplication", | |
"ds:DescribeDirectories", | |
"ds:AuthorizeApplication", | |
"iam:ListPolicies", | |
"organizations:EnableAWSServiceAccess", | |
"organizations:ListRoots", | |
"organizations:ListAccounts", | |
"organizations:ListOrganizationalUnitsForParent", | |
"organizations:ListAccountsForParent", | |
"organizations:DescribeOrganization", | |
"organizations:ListChildren", | |
"organizations:DescribeAccount", | |
"organizations:ListParents", | |
"sso:*", | |
"sso-directory:DescribeDirectory", | |
"ds:CreateAlias" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "AWSSSOMemberAccountAdministrator" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIHXAQZIS3GOYIETUC", | |
"PolicyName": "AWSSSOMasterAccountAdministrator", | |
"UpdateDate": "2018-10-17T20:41:20+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSSSOMemberAccountAdministrator": { | |
"Arn": "arn:aws:iam::aws:policy/AWSSSOMemberAccountAdministrator", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-10-17T20:35:52+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ds:DescribeDirectories", | |
"ds:AuthorizeApplication", | |
"ds:UnauthorizeApplication", | |
"ds:DescribeTrusts", | |
"iam:ListPolicies", | |
"organizations:EnableAWSServiceAccess", | |
"organizations:DescribeOrganization", | |
"organizations:DescribeAccount", | |
"organizations:ListRoots", | |
"organizations:ListAccounts", | |
"organizations:ListAccountsForParent", | |
"organizations:ListParents", | |
"organizations:ListChildren", | |
"organizations:ListOrganizationalUnitsForParent", | |
"sso:*", | |
"sso-directory:DescribeDirectory", | |
"ds:CreateAlias" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "AWSSSOMemberAccountAdministrator" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIQYHEY7KJWXZFNDPY", | |
"PolicyName": "AWSSSOMemberAccountAdministrator", | |
"UpdateDate": "2018-10-17T20:35:52+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSSSOReadOnly": { | |
"Arn": "arn:aws:iam::aws:policy/AWSSSOReadOnly", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-24T15:45:14+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ds:DescribeDirectories", | |
"ds:DescribeTrusts", | |
"iam:ListPolicies", | |
"organizations:DescribeOrganization", | |
"organizations:DescribeAccount", | |
"organizations:ListParents", | |
"organizations:ListChildren", | |
"organizations:ListAccounts", | |
"organizations:ListRoots", | |
"organizations:ListAccountsForParent", | |
"organizations:ListOrganizationalUnitsForParent", | |
"sso:DescribePermissionsPolicies", | |
"sso:GetApplicationTemplate", | |
"sso:GetApplicationInstance", | |
"sso:GetPermissionSet", | |
"sso:GetProfile", | |
"sso:GetPermissionsPolicy", | |
"sso:GetSSOStatus", | |
"sso:GetSSOConfiguration", | |
"sso:GetTrust", | |
"sso:ListPermissionSets", | |
"sso:ListDirectoryAssociations", | |
"sso:ListProfiles", | |
"sso:ListApplicationInstances", | |
"sso:ListApplicationInstanceCertificates", | |
"sso:ListApplicationTemplates", | |
"sso:ListApplications", | |
"sso:ListProfileAssociations", | |
"sso:Search*", | |
"sso:GetMfaDeviceManagementForDirectory", | |
"sso-directory:DescribeDirectory" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "AWSSSOReadOnly" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJBSMEEZXFDMKMY43I", | |
"PolicyName": "AWSSSOReadOnly", | |
"UpdateDate": "2019-10-24T15:45:14+00:00", | |
"VersionId": "v4" | |
}, | |
"AWSSSOServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSSOServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-08-30T19:55:59+00:00", | |
"DefaultVersionId": "v7", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iam:AttachRolePolicy", | |
"iam:CreateRole", | |
"iam:DeleteRole", | |
"iam:DeleteRolePolicy", | |
"iam:DetachRolePolicy", | |
"iam:GetRole", | |
"iam:ListRolePolicies", | |
"iam:PutRolePolicy", | |
"iam:ListAttachedRolePolicies", | |
"iam:UpdateRole" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/aws-reserved/sso.amazonaws.com/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:ListRoles" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "ListRolesInTheAccount" | |
}, | |
{ | |
"Action": [ | |
"iam:DeleteServiceLinkedRole", | |
"iam:GetServiceLinkedRoleDeletionStatus", | |
"iam:DeleteRole", | |
"iam:GetRole" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO" | |
], | |
"Sid": "AllowDeletionOfServiceLinkedRoleForSSO" | |
}, | |
{ | |
"Action": [ | |
"iam:CreateSAMLProvider", | |
"iam:GetSAMLProvider", | |
"iam:UpdateSAMLProvider", | |
"iam:DeleteSAMLProvider" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:saml-provider/AWSSSO_*" | |
] | |
}, | |
{ | |
"Action": [ | |
"organizations:DescribeAccount", | |
"organizations:DescribeOrganization", | |
"organizations:ListAccounts" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ds:UnauthorizeApplication" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "AllowUnauthAppForDirectory" | |
}, | |
{ | |
"Action": [ | |
"ds:DescribeDirectories", | |
"ds:DescribeTrusts" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "AllowDescribeForDirectory" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIJ52KSWOD4GI54XP2", | |
"PolicyName": "AWSSSOServiceRolePolicy", | |
"UpdateDate": "2019-08-30T19:55:59+00:00", | |
"VersionId": "v7" | |
}, | |
"AWSSavingsPlansFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSSavingsPlansFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-06T22:45:18+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "savingsplans:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4NDDOS76AO", | |
"PolicyName": "AWSSavingsPlansFullAccess", | |
"UpdateDate": "2019-11-06T22:45:18+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSSavingsPlansReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSSavingsPlansReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-06T22:45:10+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"savingsplans:Describe*", | |
"savingsplans:List*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4OQ26WIHJ5", | |
"PolicyName": "AWSSavingsPlansReadOnlyAccess", | |
"UpdateDate": "2019-11-06T22:45:10+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSSchemasServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSchemasServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-09-27T21:18:52+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"events:PutRule", | |
"events:PutTargets", | |
"events:EnableRule", | |
"events:DisableRule", | |
"events:DeleteRule", | |
"events:RemoveTargets", | |
"events:ListTargetsByRule" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:events:*:*:rule/*Schemas-*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4EQBCSMIWL", | |
"PolicyName": "AWSSchemasServiceRolePolicy", | |
"UpdateDate": "2019-09-27T21:18:52+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSSecurityHubFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSSecurityHubFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-11-27T23:54:34+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "securityhub:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": "securityhub.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ4262VZCA4HPBZSO6", | |
"PolicyName": "AWSSecurityHubFullAccess", | |
"UpdateDate": "2018-11-27T23:54:34+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSSecurityHubReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSSecurityHubReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-25T22:45:52+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"securityhub:Get*", | |
"securityhub:List*", | |
"securityhub:Describe*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIEBAQNOFUCLFJ3UHG", | |
"PolicyName": "AWSSecurityHubReadOnlyAccess", | |
"UpdateDate": "2019-06-25T22:45:52+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSSecurityHubServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSecurityHubServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-07-12T21:11:13+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudtrail:DescribeTrails", | |
"cloudtrail:GetTrailStatus", | |
"cloudtrail:GetEventSelectors", | |
"cloudwatch:DescribeAlarms", | |
"logs:DescribeMetricFilters", | |
"sns:ListSubscriptionsByTopic", | |
"config:DescribeConfigurationRecorders", | |
"config:DescribeConfigurationRecorderStatus", | |
"config:DescribeConfigRules", | |
"config:BatchGetResourceConfig", | |
"config:SelectResourceConfig" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"config:PutConfigRule", | |
"config:DeleteConfigRule", | |
"config:GetComplianceDetailsByConfigRule" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/*securityhub*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJQPCESDDYDLLSOGYO", | |
"PolicyName": "AWSSecurityHubServiceRolePolicy", | |
"UpdateDate": "2019-07-12T21:11:13+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSServiceCatalogAdminFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogAdminFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-02-06T01:57:54+00:00", | |
"DefaultVersionId": "v5", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudformation:CreateStack", | |
"cloudformation:DeleteStack", | |
"cloudformation:DescribeStackEvents", | |
"cloudformation:DescribeStacks", | |
"cloudformation:SetStackPolicy", | |
"cloudformation:UpdateStack", | |
"cloudformation:CreateChangeSet", | |
"cloudformation:DescribeChangeSet", | |
"cloudformation:ExecuteChangeSet", | |
"cloudformation:ListChangeSets", | |
"cloudformation:DeleteChangeSet", | |
"cloudformation:ListStackResources", | |
"cloudformation:TagResource", | |
"cloudformation:CreateStackSet", | |
"cloudformation:CreateStackInstances", | |
"cloudformation:UpdateStackSet", | |
"cloudformation:UpdateStackInstances", | |
"cloudformation:DeleteStackSet", | |
"cloudformation:DeleteStackInstances", | |
"cloudformation:DescribeStackSet", | |
"cloudformation:DescribeStackInstance", | |
"cloudformation:DescribeStackSetOperation", | |
"cloudformation:ListStackInstances", | |
"cloudformation:ListStackSetOperations", | |
"cloudformation:ListStackSetOperationResults" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:cloudformation:*:*:stack/SC-*", | |
"arn:aws:cloudformation:*:*:stack/StackSet-SC-*", | |
"arn:aws:cloudformation:*:*:changeSet/SC-*", | |
"arn:aws:cloudformation:*:*:stackset/SC-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"cloudformation:CreateUploadBucket", | |
"cloudformation:GetTemplateSummary", | |
"cloudformation:ValidateTemplate", | |
"iam:GetGroup", | |
"iam:GetRole", | |
"iam:GetUser", | |
"iam:ListGroups", | |
"iam:ListRoles", | |
"iam:ListUsers", | |
"servicecatalog:*", | |
"ssm:DescribeDocument", | |
"ssm:GetAutomationExecution", | |
"ssm:ListDocuments", | |
"ssm:ListDocumentVersions", | |
"config:DescribeConfigurationRecorders", | |
"config:DescribeConfigurationRecorderStatus" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringEquals": { | |
"iam:PassedToService": "servicecatalog.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJWLJU4BZ7AQUJSBVM", | |
"PolicyName": "AWSServiceCatalogAdminFullAccess", | |
"UpdateDate": "2019-02-06T01:57:54+00:00", | |
"VersionId": "v5" | |
}, | |
"AWSServiceCatalogAdminReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogAdminReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-25T18:53:38+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudformation:DescribeStackEvents", | |
"cloudformation:DescribeStacks", | |
"cloudformation:DescribeChangeSet", | |
"cloudformation:ListChangeSets", | |
"cloudformation:ListStackResources", | |
"cloudformation:DescribeStackSet", | |
"cloudformation:DescribeStackInstance", | |
"cloudformation:DescribeStackSetOperation", | |
"cloudformation:ListStackInstances", | |
"cloudformation:ListStackSetOperations", | |
"cloudformation:ListStackSetOperationResults" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:cloudformation:*:*:stack/SC-*", | |
"arn:aws:cloudformation:*:*:stack/StackSet-SC-*", | |
"arn:aws:cloudformation:*:*:changeSet/SC-*", | |
"arn:aws:cloudformation:*:*:stackset/SC-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"cloudformation:GetTemplateSummary", | |
"iam:GetGroup", | |
"iam:GetRole", | |
"iam:GetUser", | |
"iam:ListGroups", | |
"iam:ListRoles", | |
"iam:ListUsers", | |
"servicecatalog:Get*", | |
"servicecatalog:List*", | |
"servicecatalog:Describe*", | |
"servicecatalog:ScanProvisionedProducts", | |
"servicecatalog:Search*", | |
"ssm:DescribeDocument", | |
"ssm:GetAutomationExecution", | |
"ssm:ListDocuments", | |
"ssm:ListDocumentVersions", | |
"config:DescribeConfigurationRecorders", | |
"config:DescribeConfigurationRecorderStatus" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4MC6ZR7YFX", | |
"PolicyName": "AWSServiceCatalogAdminReadOnlyAccess", | |
"UpdateDate": "2019-10-25T18:53:38+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSServiceCatalogEndUserFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogEndUserFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-07-10T20:30:52+00:00", | |
"DefaultVersionId": "v7", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudformation:CreateStack", | |
"cloudformation:DeleteStack", | |
"cloudformation:DescribeStackEvents", | |
"cloudformation:DescribeStacks", | |
"cloudformation:SetStackPolicy", | |
"cloudformation:ValidateTemplate", | |
"cloudformation:UpdateStack", | |
"cloudformation:CreateChangeSet", | |
"cloudformation:DescribeChangeSet", | |
"cloudformation:ExecuteChangeSet", | |
"cloudformation:ListChangeSets", | |
"cloudformation:DeleteChangeSet", | |
"cloudformation:TagResource", | |
"cloudformation:CreateStackSet", | |
"cloudformation:CreateStackInstances", | |
"cloudformation:UpdateStackSet", | |
"cloudformation:UpdateStackInstances", | |
"cloudformation:DeleteStackSet", | |
"cloudformation:DeleteStackInstances", | |
"cloudformation:DescribeStackSet", | |
"cloudformation:DescribeStackInstance", | |
"cloudformation:DescribeStackSetOperation", | |
"cloudformation:ListStackInstances", | |
"cloudformation:ListStackResources", | |
"cloudformation:ListStackSetOperations", | |
"cloudformation:ListStackSetOperationResults" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:cloudformation:*:*:stack/SC-*", | |
"arn:aws:cloudformation:*:*:stack/StackSet-SC-*", | |
"arn:aws:cloudformation:*:*:changeSet/SC-*", | |
"arn:aws:cloudformation:*:*:stackset/SC-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"cloudformation:GetTemplateSummary", | |
"servicecatalog:DescribeProduct", | |
"servicecatalog:DescribeProductView", | |
"servicecatalog:DescribeProvisioningParameters", | |
"servicecatalog:ListLaunchPaths", | |
"servicecatalog:ProvisionProduct", | |
"servicecatalog:SearchProducts", | |
"ssm:DescribeDocument", | |
"ssm:GetAutomationExecution", | |
"config:DescribeConfigurationRecorders", | |
"config:DescribeConfigurationRecorderStatus" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"servicecatalog:DescribeProvisionedProduct", | |
"servicecatalog:DescribeRecord", | |
"servicecatalog:ListRecordHistory", | |
"servicecatalog:ListStackInstancesForProvisionedProduct", | |
"servicecatalog:ScanProvisionedProducts", | |
"servicecatalog:TerminateProvisionedProduct", | |
"servicecatalog:UpdateProvisionedProduct", | |
"servicecatalog:SearchProvisionedProducts", | |
"servicecatalog:CreateProvisionedProductPlan", | |
"servicecatalog:DescribeProvisionedProductPlan", | |
"servicecatalog:ExecuteProvisionedProductPlan", | |
"servicecatalog:DeleteProvisionedProductPlan", | |
"servicecatalog:ListProvisionedProductPlans", | |
"servicecatalog:ListServiceActionsForProvisioningArtifact", | |
"servicecatalog:ExecuteProvisionedProductServiceAction", | |
"servicecatalog:DescribeServiceActionExecutionParameters" | |
], | |
"Condition": { | |
"StringEquals": { | |
"servicecatalog:userLevel": "self" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJTLLC4DGDMTZB54M4", | |
"PolicyName": "AWSServiceCatalogEndUserFullAccess", | |
"UpdateDate": "2019-07-10T20:30:52+00:00", | |
"VersionId": "v7" | |
}, | |
"AWSServiceCatalogEndUserReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogEndUserReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-25T18:49:34+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudformation:DescribeStackEvents", | |
"cloudformation:DescribeStacks", | |
"cloudformation:DescribeChangeSet", | |
"cloudformation:ListChangeSets", | |
"cloudformation:DescribeStackSet", | |
"cloudformation:DescribeStackInstance", | |
"cloudformation:DescribeStackSetOperation", | |
"cloudformation:ListStackInstances", | |
"cloudformation:ListStackResources", | |
"cloudformation:ListStackSetOperations", | |
"cloudformation:ListStackSetOperationResults" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:cloudformation:*:*:stack/SC-*", | |
"arn:aws:cloudformation:*:*:stack/StackSet-SC-*", | |
"arn:aws:cloudformation:*:*:changeSet/SC-*", | |
"arn:aws:cloudformation:*:*:stackset/SC-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"cloudformation:GetTemplateSummary", | |
"servicecatalog:DescribeProduct", | |
"servicecatalog:DescribeProductView", | |
"servicecatalog:DescribeProvisioningParameters", | |
"servicecatalog:ListLaunchPaths", | |
"servicecatalog:SearchProducts", | |
"ssm:DescribeDocument", | |
"ssm:GetAutomationExecution", | |
"config:DescribeConfigurationRecorders", | |
"config:DescribeConfigurationRecorderStatus" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"servicecatalog:DescribeProvisionedProduct", | |
"servicecatalog:DescribeRecord", | |
"servicecatalog:ListRecordHistory", | |
"servicecatalog:ListStackInstancesForProvisionedProduct", | |
"servicecatalog:ScanProvisionedProducts", | |
"servicecatalog:SearchProvisionedProducts", | |
"servicecatalog:DescribeProvisionedProductPlan", | |
"servicecatalog:ListProvisionedProductPlans", | |
"servicecatalog:ListServiceActionsForProvisioningArtifact", | |
"servicecatalog:DescribeServiceActionExecutionParameters" | |
], | |
"Condition": { | |
"StringEquals": { | |
"servicecatalog:userLevel": "self" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4IWYKXJJED", | |
"PolicyName": "AWSServiceCatalogEndUserReadOnlyAccess", | |
"UpdateDate": "2019-10-25T18:49:34+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSServiceRoleForAmazonEKSNodegroup": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForAmazonEKSNodegroup", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-07T01:34:26+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:RevokeSecurityGroupIngress", | |
"ec2:AuthorizeSecurityGroupEgress", | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:DescribeInstances", | |
"ec2:RevokeSecurityGroupEgress", | |
"ec2:DeleteSecurityGroup" | |
], | |
"Condition": { | |
"ForAnyValue:StringLike": { | |
"ec2:ResourceTag/eks": "*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "SharedSecurityGroupRelatedPermissions" | |
}, | |
{ | |
"Action": [ | |
"ec2:RevokeSecurityGroupIngress", | |
"ec2:AuthorizeSecurityGroupEgress", | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:DescribeInstances", | |
"ec2:RevokeSecurityGroupEgress", | |
"ec2:DeleteSecurityGroup" | |
], | |
"Condition": { | |
"ForAnyValue:StringLike": { | |
"ec2:ResourceTag/eks:nodegroup-name": "*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "EKSCreatedSecurityGroupRelatedPermissions" | |
}, | |
{ | |
"Action": [ | |
"ec2:DeleteLaunchTemplate", | |
"ec2:CreateLaunchTemplateVersion" | |
], | |
"Condition": { | |
"StringLike": { | |
"ec2:ResourceTag/eks:nodegroup-name": "*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "LaunchTemplateRelatedPermissions" | |
}, | |
{ | |
"Action": [ | |
"autoscaling:UpdateAutoScalingGroup", | |
"autoscaling:DeleteAutoScalingGroup", | |
"autoscaling:TerminateInstanceInAutoScalingGroup", | |
"autoscaling:CompleteLifecycleAction", | |
"autoscaling:PutLifecycleHook", | |
"autoscaling:PutNotificationConfiguration" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:autoscaling:*:*:*:autoScalingGroupName/eks-*", | |
"Sid": "AutoscalingRelatedPermissions" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringEquals": { | |
"iam:AWSServiceName": "autoscaling.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "AllowAutoscalingToCreateSLR" | |
}, | |
{ | |
"Action": [ | |
"autoscaling:CreateOrUpdateTags", | |
"autoscaling:CreateAutoScalingGroup" | |
], | |
"Condition": { | |
"ForAnyValue:StringEquals": { | |
"aws:TagKeys": [ | |
"eks", | |
"eks:cluster-name", | |
"eks:nodegroup-name" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "AllowASGCreationByEKS" | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringEqualsIfExists": { | |
"iam:PassedToService": "iam.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "AllowPassRoleToIAM" | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringEqualsIfExists": { | |
"iam:PassedToService": "autoscaling.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "AllowPassRoleToAutoscaling" | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringEqualsIfExists": { | |
"iam:PassedToService": "ec2.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "AllowPassRoleToEC2" | |
}, | |
{ | |
"Action": [ | |
"iam:GetRole", | |
"ec2:CreateLaunchTemplate", | |
"ec2:DescribeInstances", | |
"iam:GetInstanceProfile", | |
"ec2:DescribeLaunchTemplates", | |
"autoscaling:DescribeAutoScalingGroups", | |
"ec2:CreateSecurityGroup", | |
"ec2:DescribeLaunchTemplateVersions", | |
"ec2:RunInstances", | |
"ec2:DescribeSecurityGroups", | |
"ec2:GetConsoleOutput" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "PermissionsToManageResourcesForNodegroups" | |
}, | |
{ | |
"Action": [ | |
"iam:CreateInstanceProfile", | |
"iam:DeleteInstanceProfile", | |
"iam:RemoveRoleFromInstanceProfile", | |
"iam:AddRoleToInstanceProfile" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:instance-profile/eks-*", | |
"Sid": "PermissionsToCreateAndManageInstanceProfiles" | |
}, | |
{ | |
"Action": [ | |
"ec2:CreateTags", | |
"ec2:DeleteTags" | |
], | |
"Condition": { | |
"ForAnyValue:StringLike": { | |
"aws:TagKeys": [ | |
"eks", | |
"eks:cluster-name", | |
"eks:nodegroup-name", | |
"kubernetes.io/cluster/*" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "PermissionsToManageEKSAndKubernetesTags" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4KH2AAMJJG", | |
"PolicyName": "AWSServiceRoleForAmazonEKSNodegroup", | |
"UpdateDate": "2019-11-07T01:34:26+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSServiceRoleForEC2ScheduledInstances": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForEC2ScheduledInstances", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-10-12T18:31:55+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:CreateTags" | |
], | |
"Condition": { | |
"ForAllValues:StringEquals": { | |
"aws:TagKeys": [ | |
"aws:ec2sri:scheduledInstanceId" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:ec2:*:*:instance/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ec2:TerminateInstances" | |
], | |
"Condition": { | |
"StringLike": { | |
"ec2:ResourceTag/aws:ec2sri:scheduledInstanceId": "*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ7Y4TT63D6QBKCY4O", | |
"PolicyName": "AWSServiceRoleForEC2ScheduledInstances", | |
"UpdateDate": "2017-10-12T18:31:55+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSServiceRoleForIoTSiteWise": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForIoTSiteWise", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-06T21:34:32+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "iotanalytics:ExecuteQuery", | |
"Effect": "Allow", | |
"Resource": "arn:aws:iotanalytics:*:*:datastore-index/*" | |
}, | |
{ | |
"Action": [ | |
"greengrass:CreateCoreDefinitionVersion", | |
"greengrass:CreateDeployment", | |
"greengrass:CreateFunctionDefinition", | |
"greengrass:CreateFunctionDefinitionVersion", | |
"greengrass:CreateGroupVersion", | |
"greengrass:CreateLoggerDefinition", | |
"greengrass:CreateLoggerDefinitionVersion", | |
"greengrass:CreateResourceDefinition", | |
"greengrass:CreateResourceDefinitionVersion", | |
"greengrass:GetAssociatedRole", | |
"greengrass:GetCoreDefinition", | |
"greengrass:GetCoreDefinitionVersion", | |
"greengrass:GetDeploymentStatus", | |
"greengrass:GetFunctionDefinition", | |
"greengrass:GetFunctionDefinitionVersion", | |
"greengrass:GetGroup", | |
"greengrass:GetGroupVersion", | |
"greengrass:GetLoggerDefinition", | |
"greengrass:GetLoggerDefinitionVersion", | |
"greengrass:GetResourceDefinition", | |
"greengrass:GetResourceDefinitionVersion", | |
"greengrass:ListCoreDefinitions", | |
"greengrass:UpdateCoreDefinition", | |
"greengrass:UpdateFunctionDefinition", | |
"greengrass:UpdateLoggerDefinition", | |
"greengrass:UpdateResourceDefinition" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"lambda:CreateAlias", | |
"lambda:CreateFunction", | |
"lambda:GetFunction", | |
"lambda:ListVersionsByFunction", | |
"lambda:UpdateFunctionCode", | |
"lambda:PublishVersion", | |
"lambda:UpdateAlias" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:lambda:*:*:function:AWSIoTSiteWise*" | |
}, | |
{ | |
"Action": [ | |
"iot:GetThingShadow", | |
"iot:UpdateThingShadow" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringLikeIfExists": { | |
"iam:PassedToService": "lambda.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"logs:CreateLogGroup", | |
"logs:DescribeLogGroups" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:logs:*:*:log-group:/aws/iotsitewise*" | |
}, | |
{ | |
"Action": [ | |
"logs:CreateLogStream", | |
"logs:DescribeLogStreams", | |
"logs:PutLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:logs:*:*:log-group:/aws/iotsitewise*:log-stream:*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJGQU4DZIQP6HLYQPE", | |
"PolicyName": "AWSServiceRoleForIoTSiteWise", | |
"UpdateDate": "2019-11-06T21:34:32+00:00", | |
"VersionId": "v4" | |
}, | |
"AWSServiceRoleForLogDeliveryPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForLogDeliveryPolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-04T17:31:19+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"firehose:PutRecord", | |
"firehose:PutRecordBatch" | |
], | |
"Condition": { | |
"StringEquals": { | |
"firehose:ResourceTag/LogDeliveryEnabled": "true" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4EMA7ANTDG", | |
"PolicyName": "AWSServiceRoleForLogDeliveryPolicy", | |
"UpdateDate": "2019-10-04T17:31:19+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSServiceRoleForSMS": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForSMS", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-08-06T18:39:29+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudformation:CreateChangeSet", | |
"cloudformation:CreateStack", | |
"cloudformation:DeleteStack", | |
"cloudformation:ExecuteChangeSet" | |
], | |
"Condition": { | |
"ForAllValues:StringLikeIfExists": { | |
"cloudformation:ResourceTypes": [ | |
"AWS::EC2::*" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" | |
}, | |
{ | |
"Action": [ | |
"cloudformation:DeleteChangeSet", | |
"cloudformation:DescribeChangeSet", | |
"cloudformation:DescribeStackEvents", | |
"cloudformation:DescribeStackResources", | |
"cloudformation:GetTemplate" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" | |
}, | |
{ | |
"Action": [ | |
"cloudformation:DescribeStacks", | |
"cloudformation:ValidateTemplate", | |
"cloudformation:DescribeStackResource", | |
"s3:ListAllMyBuckets" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"s3:CreateBucket", | |
"s3:DeleteBucket", | |
"s3:DeleteObject", | |
"s3:GetBucketAcl", | |
"s3:GetBucketLocation", | |
"s3:GetObject", | |
"s3:ListBucket", | |
"s3:PutObject", | |
"s3:PutObjectAcl", | |
"s3:PutLifecycleConfiguration" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:s3:::sms-app-*" | |
}, | |
{ | |
"Action": [ | |
"sms:CreateReplicationJob", | |
"sms:DeleteReplicationJob", | |
"sms:GetReplicationJobs", | |
"sms:GetReplicationRuns", | |
"sms:GetServers", | |
"sms:ImportServerCatalog", | |
"sms:StartOnDemandReplicationRun", | |
"sms:UpdateReplicationJob" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"ec2:ModifySnapshotAttribute", | |
"ec2:CopySnapshot", | |
"ec2:CopyImage", | |
"ec2:Describe*", | |
"ec2:DeleteSnapshot", | |
"ec2:DeregisterImage", | |
"ec2:RunInstances" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"ec2:CreateTags", | |
"ec2:DeleteTags" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:ec2:*:*:instance/*" | |
}, | |
{ | |
"Action": "iam:GetRole", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringLike": { | |
"iam:AssociatedResourceArn": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"ec2:ModifyInstanceAttribute", | |
"ec2:StopInstances", | |
"ec2:StartInstances", | |
"ec2:TerminateInstances" | |
], | |
"Condition": { | |
"ForAllValues:StringLike": { | |
"ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4OSYRD2VJZ", | |
"PolicyName": "AWSServiceRoleForSMS", | |
"UpdateDate": "2019-08-06T18:39:29+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSShieldDRTAccessPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-02-11T17:08:57+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudfront:List*", | |
"elasticloadbalancing:List*", | |
"route53:List*", | |
"cloudfront:Describe*", | |
"elasticloadbalancing:Describe*", | |
"route53:Describe*", | |
"cloudwatch:Describe*", | |
"cloudwatch:Get*", | |
"cloudwatch:List*", | |
"cloudfront:GetDistribution*", | |
"globalaccelerator:ListAccelerators", | |
"globalaccelerator:DescribeAccelerator" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:elasticloadbalancing:*:*:*", | |
"arn:aws:cloudfront::*:*", | |
"arn:aws:route53:::hostedzone/*", | |
"arn:aws:cloudwatch:*:*:*:*", | |
"arn:aws:globalaccelerator::*:*" | |
], | |
"Sid": "DRTAccessProtectedResources" | |
}, | |
{ | |
"Action": [ | |
"waf:*", | |
"waf-regional:*" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:waf:*", | |
"arn:aws:waf-regional:*" | |
], | |
"Sid": "DRTManageMitigations" | |
}, | |
{ | |
"Action": [ | |
"shield:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "DRTManageProtections" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJWNCSZ4PARLO37VVY", | |
"PolicyName": "AWSShieldDRTAccessPolicy", | |
"UpdateDate": "2019-02-11T17:08:57+00:00", | |
"VersionId": "v3" | |
}, | |
"AWSStepFunctionsConsoleFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSStepFunctionsConsoleFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-01-12T00:19:34+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "states:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:ListRoles", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/service-role/StatesExecutionRole*" | |
}, | |
{ | |
"Action": "lambda:ListFunctions", | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJIYC52YWRX6OSMJWK", | |
"PolicyName": "AWSStepFunctionsConsoleFullAccess", | |
"UpdateDate": "2017-01-12T00:19:34+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSStepFunctionsFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSStepFunctionsFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-01-11T21:51:32+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "states:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJXKA6VP3UFBVHDPPA", | |
"PolicyName": "AWSStepFunctionsFullAccess", | |
"UpdateDate": "2017-01-11T21:51:32+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSStepFunctionsReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSStepFunctionsReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-11-10T22:03:49+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"states:ListStateMachines", | |
"states:ListActivities", | |
"states:DescribeStateMachine", | |
"states:DescribeStateMachineForExecution", | |
"states:ListExecutions", | |
"states:DescribeExecution", | |
"states:GetExecutionHistory", | |
"states:DescribeActivity" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJONHB2TJQDJPFW5TM", | |
"PolicyName": "AWSStepFunctionsReadOnlyAccess", | |
"UpdateDate": "2017-11-10T22:03:49+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSStorageGatewayFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSStorageGatewayFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-02-06T18:41:09+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"storagegateway:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"ec2:DescribeSnapshots", | |
"ec2:DeleteSnapshot" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJG5SSPAVOGK3SIDGU", | |
"PolicyName": "AWSStorageGatewayFullAccess", | |
"UpdateDate": "2015-02-06T18:41:09+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSStorageGatewayReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSStorageGatewayReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-02-06T18:41:10+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"storagegateway:List*", | |
"storagegateway:Describe*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"ec2:DescribeSnapshots" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIFKCTUVOPD5NICXJK", | |
"PolicyName": "AWSStorageGatewayReadOnlyAccess", | |
"UpdateDate": "2015-02-06T18:41:10+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSSupportAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSSupportAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-02-06T18:41:11+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"support:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJSNKQX2OW67GF4S7E", | |
"PolicyName": "AWSSupportAccess", | |
"UpdateDate": "2015-02-06T18:41:11+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSSupportServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy", | |
"AttachmentCount": 1, | |
"CreateDate": "2019-10-17T21:49:13+00:00", | |
"DefaultVersionId": "v7", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"apigateway:GET" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:apigateway:*::/account", | |
"arn:aws:apigateway:*::/clientcertificates", | |
"arn:aws:apigateway:*::/clientcertificates/*", | |
"arn:aws:apigateway:*::/domainnames", | |
"arn:aws:apigateway:*::/domainnames/*", | |
"arn:aws:apigateway:*::/domainnames/*/basepathmappings", | |
"arn:aws:apigateway:*::/domainnames/*/basepathmappings/*", | |
"arn:aws:apigateway:*::/restapis", | |
"arn:aws:apigateway:*::/restapis/*", | |
"arn:aws:apigateway:*::/restapis/*/authorizers", | |
"arn:aws:apigateway:*::/restapis/*/authorizers/*", | |
"arn:aws:apigateway:*::/restapis/*/deployments", | |
"arn:aws:apigateway:*::/restapis/*/deployments/*", | |
"arn:aws:apigateway:*::/restapis/*/models", | |
"arn:aws:apigateway:*::/restapis/*/models/*", | |
"arn:aws:apigateway:*::/restapis/*/models/*/default_template", | |
"arn:aws:apigateway:*::/restapis/*/resources", | |
"arn:aws:apigateway:*::/restapis/*/resources/*", | |
"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration/responses/*", | |
"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/responses/*", | |
"arn:aws:apigateway:*::/restapis/*/stages/*/sdks/*", | |
"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", | |
"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration", | |
"arn:aws:apigateway:*::/restapis/*/stages", | |
"arn:aws:apigateway:*::/restapis/*/stages/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:DeleteRole" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport" | |
] | |
}, | |
{ | |
"Action": [ | |
"a4b:getDevice", | |
"a4b:getProfile", | |
"a4b:getRoom", | |
"a4b:getRoomSkillParameter", | |
"a4b:getSkillGroup", | |
"a4b:searchDevices", | |
"a4b:searchProfiles", | |
"a4b:searchRooms", | |
"a4b:searchSkillGroups", | |
"acm-pca:describeCertificateAuthority", | |
"acm-pca:describeCertificateAuthorityAuditReport", | |
"acm-pca:getCertificate", | |
"acm-pca:getCertificateAuthorityCertificate", | |
"acm-pca:getCertificateAuthorityCsr", | |
"acm-pca:listCertificateAuthorities", | |
"acm-pca:listTags", | |
"acm:describeCertificate", | |
"acm:getCertificate", | |
"acm:listCertificates", | |
"acm:listTagsForCertificate", | |
"application-autoscaling:describeScalableTargets", | |
"application-autoscaling:describeScalingActivities", | |
"application-autoscaling:describeScalingPolicies", | |
"appstream:describeDirectoryConfigs", | |
"appstream:describeFleets", | |
"appstream:describeImageBuilders", | |
"appstream:describeImages", | |
"appstream:describeSessions", | |
"appstream:describeStacks", | |
"appstream:listAssociatedFleets", | |
"appstream:listAssociatedStacks", | |
"appstream:listTagsForResource", | |
"appsync:getFunction", | |
"appsync:getGraphqlApi", | |
"appsync:getIntrospectionSchema", | |
"appsync:getResolver", | |
"appsync:getSchemaCreationStatus", | |
"appsync:getType", | |
"appsync:listDataSources", | |
"appsync:listFunctions", | |
"appsync:listGraphqlApis", | |
"appsync:listResolvers", | |
"appsync:listTypes", | |
"athena:batchGetNamedQuery", | |
"athena:batchGetQueryExecution", | |
"athena:getNamedQuery", | |
"athena:getQueryExecution", | |
"athena:getWorkGroup", | |
"athena:listNamedQueries", | |
"athena:listQueryExecutions", | |
"athena:listTagsForResource", | |
"athena:listWorkGroups", | |
"autoscaling-plans:describeScalingPlanResources", | |
"autoscaling-plans:describeScalingPlans", | |
"autoscaling-plans:getScalingPlanResourceForecastData", | |
"autoscaling:describeAccountLimits", | |
"autoscaling:describeAdjustmentTypes", | |
"autoscaling:describeAutoScalingGroups", | |
"autoscaling:describeAutoScalingInstances", | |
"autoscaling:describeAutoScalingNotificationTypes", | |
"autoscaling:describeLaunchConfigurations", | |
"autoscaling:describeLifecycleHookTypes", | |
"autoscaling:describeLifecycleHooks", | |
"autoscaling:describeLoadBalancerTargetGroups", | |
"autoscaling:describeLoadBalancers", | |
"autoscaling:describeMetricCollectionTypes", | |
"autoscaling:describeNotificationConfigurations", | |
"autoscaling:describePolicies", | |
"autoscaling:describeScalingActivities", | |
"autoscaling:describeScalingProcessTypes", | |
"autoscaling:describeScheduledActions", | |
"autoscaling:describeTags", | |
"autoscaling:describeTerminationPolicyTypes", | |
"backup:describeBackupJob", | |
"backup:describeBackupVault", | |
"backup:describeProtectedResource", | |
"backup:describeRecoveryPoint", | |
"backup:describeRestoreJob", | |
"backup:getBackupPlan", | |
"backup:getBackupPlanFromJSON", | |
"backup:getBackupPlanFromTemplate", | |
"backup:getBackupSelection", | |
"backup:getBackupVaultAccessPolicy", | |
"backup:getBackupVaultNotifications", | |
"backup:getRecoveryPointRestoreMetadata", | |
"backup:getSupportedResourceTypes", | |
"backup:listBackupJobs", | |
"backup:listBackupPlanTemplates", | |
"backup:listBackupPlanVersions", | |
"backup:listBackupPlans", | |
"backup:listBackupSelections", | |
"backup:listBackupVaults", | |
"backup:listProtectedResources", | |
"backup:listRecoveryPointsByBackupVault", | |
"backup:listRecoveryPointsByResource", | |
"backup:listRestoreJobs", | |
"backup:listTags", | |
"batch:describeComputeEnvironments", | |
"batch:describeJobDefinitions", | |
"batch:describeJobQueues", | |
"batch:describeJobs", | |
"batch:listJobs", | |
"ce:getCostAndUsage", | |
"ce:getDimensionValues", | |
"ce:getReservationCoverage", | |
"ce:getReservationUtilization", | |
"ce:getTags", | |
"cloud9:describeEnvironmentMemberships", | |
"cloud9:describeEnvironments", | |
"cloud9:listEnvironments", | |
"clouddirectory:getDirectory", | |
"clouddirectory:listDirectories", | |
"cloudformation:describeAccountLimits", | |
"cloudformation:describeChangeSet", | |
"cloudformation:describeStackEvents", | |
"cloudformation:describeStackInstance", | |
"cloudformation:describeStackResource", | |
"cloudformation:describeStackResources", | |
"cloudformation:describeStackSet", | |
"cloudformation:describeStackSetOperation", | |
"cloudformation:describeStacks", | |
"cloudformation:estimateTemplateCost", | |
"cloudformation:getStackPolicy", | |
"cloudformation:getTemplate", | |
"cloudformation:getTemplateSummary", | |
"cloudformation:listChangeSets", | |
"cloudformation:listExports", | |
"cloudformation:listImports", | |
"cloudformation:listStackInstances", | |
"cloudformation:listStackResources", | |
"cloudformation:listStackSetOperationResults", | |
"cloudformation:listStackSetOperations", | |
"cloudformation:listStackSets", | |
"cloudformation:listStacks", | |
"cloudfront:getCloudFrontOriginAccessIdentity", | |
"cloudfront:getCloudFrontOriginAccessIdentityConfig", | |
"cloudfront:getDistribution", | |
"cloudfront:getDistributionConfig", | |
"cloudfront:getInvalidation", | |
"cloudfront:getStreamingDistribution", | |
"cloudfront:getStreamingDistributionConfig", | |
"cloudfront:listCloudFrontOriginAccessIdentities", | |
"cloudfront:listDistributions", | |
"cloudfront:listDistributionsByWebACLId", | |
"cloudfront:listInvalidations", | |
"cloudfront:listStreamingDistributions", | |
"cloudhsm:describeBackups", | |
"cloudhsm:describeClusters", | |
"cloudsearch:describeAnalysisSchemes", | |
"cloudsearch:describeAvailabilityOptions", | |
"cloudsearch:describeDomains", | |
"cloudsearch:describeExpressions", | |
"cloudsearch:describeIndexFields", | |
"cloudsearch:describeScalingParameters", | |
"cloudsearch:describeServiceAccessPolicies", | |
"cloudsearch:describeSuggesters", | |
"cloudsearch:listDomainNames", | |
"cloudtrail:describeTrails", | |
"cloudtrail:getEventSelectors", | |
"cloudtrail:getTrailStatus", | |
"cloudtrail:listPublicKeys", | |
"cloudtrail:listTags", | |
"cloudtrail:lookupEvents", | |
"cloudwatch:describeAlarmHistory", | |
"cloudwatch:describeAlarms", | |
"cloudwatch:describeAlarmsForMetric", | |
"cloudwatch:getDashboard", | |
"cloudwatch:getMetricData", | |
"cloudwatch:getMetricStatistics", | |
"cloudwatch:listDashboards", | |
"cloudwatch:listMetrics", | |
"codebuild:batchGetBuilds", | |
"codebuild:batchGetProjects", | |
"codebuild:listBuilds", | |
"codebuild:listBuildsForProject", | |
"codebuild:listCuratedEnvironmentImages", | |
"codebuild:listProjects", | |
"codebuild:listSourceCredentials", | |
"codecommit:batchGetRepositories", | |
"codecommit:getBranch", | |
"codecommit:getRepository", | |
"codecommit:getRepositoryTriggers", | |
"codecommit:listBranches", | |
"codecommit:listRepositories", | |
"codedeploy:batchGetApplicationRevisions", | |
"codedeploy:batchGetApplications", | |
"codedeploy:batchGetDeploymentGroups", | |
"codedeploy:batchGetDeploymentInstances", | |
"codedeploy:batchGetDeployments", | |
"codedeploy:batchGetOnPremisesInstances", | |
"codedeploy:getApplication", | |
"codedeploy:getApplicationRevision", | |
"codedeploy:getDeployment", | |
"codedeploy:getDeploymentConfig", | |
"codedeploy:getDeploymentGroup", | |
"codedeploy:getDeploymentInstance", | |
"codedeploy:getOnPremisesInstance", | |
"codedeploy:listApplicationRevisions", | |
"codedeploy:listApplications", | |
"codedeploy:listDeploymentConfigs", | |
"codedeploy:listDeploymentGroups", | |
"codedeploy:listDeploymentInstances", | |
"codedeploy:listDeployments", | |
"codedeploy:listOnPremisesInstances", | |
"codepipeline:getJobDetails", | |
"codepipeline:getPipeline", | |
"codepipeline:getPipelineExecution", | |
"codepipeline:getPipelineState", | |
"codepipeline:listActionTypes", | |
"codepipeline:listPipelines", | |
"codestar:describeProject", | |
"codestar:listProjects", | |
"codestar:listResources", | |
"codestar:listTeamMembers", | |
"codestar:listUserProfiles", | |
"cognito-identity:describeIdentityPool", | |
"cognito-identity:getIdentityPoolRoles", | |
"cognito-identity:listIdentities", | |
"cognito-identity:listIdentityPools", | |
"cognito-idp:adminGetUser", | |
"cognito-idp:describeIdentityProvider", | |
"cognito-idp:describeResourceServer", | |
"cognito-idp:describeRiskConfiguration", | |
"cognito-idp:describeUserImportJob", | |
"cognito-idp:describeUserPool", | |
"cognito-idp:describeUserPoolClient", | |
"cognito-idp:describeUserPoolDomain", | |
"cognito-idp:getGroup", | |
"cognito-idp:getUICustomization", | |
"cognito-idp:getUser", | |
"cognito-idp:getUserPoolMfaConfig", | |
"cognito-idp:listGroups", | |
"cognito-idp:listIdentityProviders", | |
"cognito-idp:listResourceServers", | |
"cognito-idp:listUserImportJobs", | |
"cognito-idp:listUserPoolClients", | |
"cognito-idp:listUserPools", | |
"cognito-sync:describeDataset", | |
"cognito-sync:describeIdentityPoolUsage", | |
"cognito-sync:describeIdentityUsage", | |
"cognito-sync:getCognitoEvents", | |
"cognito-sync:getIdentityPoolConfiguration", | |
"cognito-sync:listDatasets", | |
"cognito-sync:listIdentityPoolUsage", | |
"config:describeConfigRuleEvaluationStatus", | |
"config:describeConfigRules", | |
"config:describeConfigurationRecorderStatus", | |
"config:describeConfigurationRecorders", | |
"config:describeDeliveryChannelStatus", | |
"config:describeDeliveryChannels", | |
"config:getResourceConfigHistory", | |
"config:listDiscoveredResources", | |
"datapipeline:describeObjects", | |
"datapipeline:describePipelines", | |
"datapipeline:getPipelineDefinition", | |
"datapipeline:listPipelines", | |
"datapipeline:queryObjects", | |
"datasync:describeAgent", | |
"datasync:describeLocationEfs", | |
"datasync:describeLocationNfs", | |
"datasync:describeLocationS3", | |
"datasync:describeTask", | |
"datasync:describeTaskExecution", | |
"datasync:listAgents", | |
"datasync:listLocations", | |
"datasync:listTaskExecutions", | |
"datasync:listTasks", | |
"dax:describeClusters", | |
"dax:describeDefaultParameters", | |
"dax:describeEvents", | |
"dax:describeParameterGroups", | |
"dax:describeParameters", | |
"dax:describeSubnetGroups", | |
"devicefarm:getAccountSettings", | |
"devicefarm:getDevice", | |
"devicefarm:getDevicePool", | |
"devicefarm:getDevicePoolCompatibility", | |
"devicefarm:getJob", | |
"devicefarm:getProject", | |
"devicefarm:getRemoteAccessSession", | |
"devicefarm:getRun", | |
"devicefarm:getSuite", | |
"devicefarm:getTest", | |
"devicefarm:getUpload", | |
"devicefarm:listArtifacts", | |
"devicefarm:listDevicePools", | |
"devicefarm:listDevices", | |
"devicefarm:listJobs", | |
"devicefarm:listProjects", | |
"devicefarm:listRemoteAccessSessions", | |
"devicefarm:listRuns", | |
"devicefarm:listSamples", | |
"devicefarm:listSuites", | |
"devicefarm:listTests", | |
"devicefarm:listUniqueProblems", | |
"devicefarm:listUploads", | |
"directconnect:describeConnections", | |
"directconnect:describeConnectionsOnInterconnect", | |
"directconnect:describeInterconnects", | |
"directconnect:describeLocations", | |
"directconnect:describeVirtualGateways", | |
"directconnect:describeVirtualInterfaces", | |
"dlm:getLifecyclePolicies", | |
"dlm:getLifecyclePolicy", | |
"dms:describeAccountAttributes", | |
"dms:describeConnections", | |
"dms:describeEndpointTypes", | |
"dms:describeEndpoints", | |
"dms:describeOrderableReplicationInstances", | |
"dms:describeRefreshSchemasStatus", | |
"dms:describeReplicationInstances", | |
"dms:describeReplicationSubnetGroups", | |
"ds:describeConditionalForwarders", | |
"ds:describeDirectories", | |
"ds:describeEventTopics", | |
"ds:describeSnapshots", | |
"ds:describeTrusts", | |
"ds:getDirectoryLimits", | |
"ds:getSnapshotLimits", | |
"ds:listIpRoutes", | |
"ds:listSchemaExtensions", | |
"ds:listTagsForResource", | |
"dynamodb:describeBackup", | |
"dynamodb:describeContinuousBackups", | |
"dynamodb:describeGlobalTable", | |
"dynamodb:describeLimits", | |
"dynamodb:describeStream", | |
"dynamodb:describeTable", | |
"dynamodb:describeTimeToLive", | |
"dynamodb:listBackups", | |
"dynamodb:listGlobalTables", | |
"dynamodb:listStreams", | |
"dynamodb:listTables", | |
"dynamodb:listTagsOfResource", | |
"ec2:acceptReservedInstancesExchangeQuote", | |
"ec2:cancelReservedInstancesListing", | |
"ec2:createReservedInstancesListing", | |
"ec2:describeAccountAttributes", | |
"ec2:describeAddresses", | |
"ec2:describeAvailabilityZones", | |
"ec2:describeBundleTasks", | |
"ec2:describeByoipCidrs", | |
"ec2:describeCapacityReservations", | |
"ec2:describeClassicLinkInstances", | |
"ec2:describeClientVpnAuthorizationRules", | |
"ec2:describeClientVpnConnections", | |
"ec2:describeClientVpnEndpoints", | |
"ec2:describeClientVpnRoutes", | |
"ec2:describeClientVpnTargetNetworks", | |
"ec2:describeConversionTasks", | |
"ec2:describeCustomerGateways", | |
"ec2:describeDhcpOptions", | |
"ec2:describeElasticGpus", | |
"ec2:describeExportTasks", | |
"ec2:describeFleetHistory", | |
"ec2:describeFleetInstances", | |
"ec2:describeFleets", | |
"ec2:describeFlowLogs", | |
"ec2:describeHostReservationOfferings", | |
"ec2:describeHostReservations", | |
"ec2:describeHosts", | |
"ec2:describeIdFormat", | |
"ec2:describeIdentityIdFormat", | |
"ec2:describeImageAttribute", | |
"ec2:describeImages", | |
"ec2:describeImportImageTasks", | |
"ec2:describeImportSnapshotTasks", | |
"ec2:describeInstanceAttribute", | |
"ec2:describeInstanceStatus", | |
"ec2:describeInstances", | |
"ec2:describeInternetGateways", | |
"ec2:describeKeyPairs", | |
"ec2:describeLaunchTemplateVersions", | |
"ec2:describeLaunchTemplates", | |
"ec2:describeMovingAddresses", | |
"ec2:describeNatGateways", | |
"ec2:describeNetworkAcls", | |
"ec2:describeNetworkInterfaceAttribute", | |
"ec2:describeNetworkInterfaces", | |
"ec2:describePlacementGroups", | |
"ec2:describePrefixLists", | |
"ec2:describePublicIpv4Pools", | |
"ec2:describeRegions", | |
"ec2:describeReservedInstances", | |
"ec2:describeReservedInstancesListings", | |
"ec2:describeReservedInstancesModifications", | |
"ec2:describeReservedInstancesOfferings", | |
"ec2:describeRouteTables", | |
"ec2:describeScheduledInstances", | |
"ec2:describeSecurityGroups", | |
"ec2:describeSnapshotAttribute", | |
"ec2:describeSnapshots", | |
"ec2:describeSpotDatafeedSubscription", | |
"ec2:describeSpotFleetInstances", | |
"ec2:describeSpotFleetRequestHistory", | |
"ec2:describeSpotFleetRequests", | |
"ec2:describeSpotInstanceRequests", | |
"ec2:describeSpotPriceHistory", | |
"ec2:describeSubnets", | |
"ec2:describeTags", | |
"ec2:describeTransitGatewayAttachments", | |
"ec2:describeTransitGatewayRouteTables", | |
"ec2:describeTransitGatewayVpcAttachments", | |
"ec2:describeTransitGateways", | |
"ec2:describeVolumeAttribute", | |
"ec2:describeVolumeStatus", | |
"ec2:describeVolumes", | |
"ec2:describeVolumesModifications", | |
"ec2:describeVpcAttribute", | |
"ec2:describeVpcClassicLink", | |
"ec2:describeVpcClassicLinkDnsSupport", | |
"ec2:describeVpcEndpointConnectionNotifications", | |
"ec2:describeVpcEndpointConnections", | |
"ec2:describeVpcEndpointServiceConfigurations", | |
"ec2:describeVpcEndpointServicePermissions", | |
"ec2:describeVpcEndpointServices", | |
"ec2:describeVpcEndpoints", | |
"ec2:describeVpcPeeringConnections", | |
"ec2:describeVpcs", | |
"ec2:describeVpnConnections", | |
"ec2:describeVpnGateways", | |
"ec2:getConsoleScreenshot", | |
"ec2:getReservedInstancesExchangeQuote", | |
"ec2:getTransitGatewayAttachmentPropagations", | |
"ec2:getTransitGatewayRouteTableAssociations", | |
"ec2:getTransitGatewayRouteTablePropagations", | |
"ec2:modifyReservedInstances", | |
"ec2:purchaseReservedInstancesOffering", | |
"ecr:batchCheckLayerAvailability", | |
"ecr:describeImages", | |
"ecr:describeRepositories", | |
"ecr:getRepositoryPolicy", | |
"ecr:listImages", | |
"ecs:describeClusters", | |
"ecs:describeContainerInstances", | |
"ecs:describeServices", | |
"ecs:describeTaskDefinition", | |
"ecs:describeTasks", | |
"ecs:listClusters", | |
"ecs:listContainerInstances", | |
"ecs:listServices", | |
"ecs:listTaskDefinitions", | |
"ecs:listTasks", | |
"eks:describeCluster", | |
"eks:describeUpdate", | |
"eks:listClusters", | |
"eks:listUpdates", | |
"elasticache:describeCacheClusters", | |
"elasticache:describeCacheEngineVersions", | |
"elasticache:describeCacheParameterGroups", | |
"elasticache:describeCacheParameters", | |
"elasticache:describeCacheSecurityGroups", | |
"elasticache:describeCacheSubnetGroups", | |
"elasticache:describeEngineDefaultParameters", | |
"elasticache:describeEvents", | |
"elasticache:describeReplicationGroups", | |
"elasticache:describeReservedCacheNodes", | |
"elasticache:describeReservedCacheNodesOfferings", | |
"elasticache:describeSnapshots", | |
"elasticache:listAllowedNodeTypeModifications", | |
"elasticache:listTagsForResource", | |
"elasticbeanstalk:checkDNSAvailability", | |
"elasticbeanstalk:describeApplicationVersions", | |
"elasticbeanstalk:describeApplications", | |
"elasticbeanstalk:describeConfigurationOptions", | |
"elasticbeanstalk:describeConfigurationSettings", | |
"elasticbeanstalk:describeEnvironmentHealth", | |
"elasticbeanstalk:describeEnvironmentManagedActionHistory", | |
"elasticbeanstalk:describeEnvironmentManagedActions", | |
"elasticbeanstalk:describeEnvironmentResources", | |
"elasticbeanstalk:describeEnvironments", | |
"elasticbeanstalk:describeEvents", | |
"elasticbeanstalk:describeInstancesHealth", | |
"elasticbeanstalk:describePlatformVersion", | |
"elasticbeanstalk:listAvailableSolutionStacks", | |
"elasticbeanstalk:listPlatformVersions", | |
"elasticbeanstalk:validateConfigurationSettings", | |
"elasticfilesystem:describeFileSystems", | |
"elasticfilesystem:describeLifecycleConfiguration", | |
"elasticfilesystem:describeMountTargetSecurityGroups", | |
"elasticfilesystem:describeMountTargets", | |
"elasticfilesystem:describeTags", | |
"elasticloadbalancing:describeInstanceHealth", | |
"elasticloadbalancing:describeListenerCertificates", | |
"elasticloadbalancing:describeListeners", | |
"elasticloadbalancing:describeLoadBalancerAttributes", | |
"elasticloadbalancing:describeLoadBalancerPolicies", | |
"elasticloadbalancing:describeLoadBalancerPolicyTypes", | |
"elasticloadbalancing:describeLoadBalancers", | |
"elasticloadbalancing:describeRules", | |
"elasticloadbalancing:describeSSLPolicies", | |
"elasticloadbalancing:describeTags", | |
"elasticloadbalancing:describeTargetGroupAttributes", | |
"elasticloadbalancing:describeTargetGroups", | |
"elasticloadbalancing:describeTargetHealth", | |
"elasticmapreduce:describeCluster", | |
"elasticmapreduce:describeSecurityConfiguration", | |
"elasticmapreduce:describeStep", | |
"elasticmapreduce:listBootstrapActions", | |
"elasticmapreduce:listClusters", | |
"elasticmapreduce:listInstanceGroups", | |
"elasticmapreduce:listInstances", | |
"elasticmapreduce:listSecurityConfigurations", | |
"elasticmapreduce:listSteps", | |
"elastictranscoder:listJobsByPipeline", | |
"elastictranscoder:listJobsByStatus", | |
"elastictranscoder:listPipelines", | |
"elastictranscoder:listPresets", | |
"elastictranscoder:readPipeline", | |
"elastictranscoder:readPreset", | |
"es:describeElasticsearchDomain", | |
"es:describeElasticsearchDomainConfig", | |
"es:describeElasticsearchDomains", | |
"es:listDomainNames", | |
"es:listTags", | |
"events:describeEventBus", | |
"events:describeRule", | |
"events:listRuleNamesByTarget", | |
"events:listRules", | |
"events:listTargetsByRule", | |
"events:testEventPattern", | |
"firehose:describeDeliveryStream", | |
"firehose:listDeliveryStreams", | |
"fsx:describeBackups", | |
"fsx:describeFileSystems", | |
"fsx:listTagsForResource", | |
"glacier:describeJob", | |
"glacier:describeVault", | |
"glacier:getDataRetrievalPolicy", | |
"glacier:getVaultAccessPolicy", | |
"glacier:getVaultLock", | |
"glacier:getVaultNotifications", | |
"glacier:listJobs", | |
"glacier:listTagsForVault", | |
"glacier:listVaults", | |
"globalaccelerator:describeAccelerator", | |
"globalaccelerator:describeAcceleratorAttributes", | |
"globalaccelerator:describeEndpointGroup", | |
"globalaccelerator:describeListener", | |
"globalaccelerator:listAccelerators", | |
"globalaccelerator:listEndpointGroups", | |
"globalaccelerator:listListeners", | |
"glue:batchGetPartition", | |
"glue:getCatalogImportStatus", | |
"glue:getClassifier", | |
"glue:getClassifiers", | |
"glue:getCrawler", | |
"glue:getCrawlerMetrics", | |
"glue:getCrawlers", | |
"glue:getDatabase", | |
"glue:getDatabases", | |
"glue:getDataflowGraph", | |
"glue:getDevEndpoint", | |
"glue:getDevEndpoints", | |
"glue:getJob", | |
"glue:getJobRun", | |
"glue:getJobRuns", | |
"glue:getJobs", | |
"glue:getMapping", | |
"glue:getPartition", | |
"glue:getPartitions", | |
"glue:getTable", | |
"glue:getTableVersions", | |
"glue:getTables", | |
"glue:getTrigger", | |
"glue:getTriggers", | |
"glue:getUserDefinedFunction", | |
"glue:getUserDefinedFunctions", | |
"greengrass:getConnectivityInfo", | |
"greengrass:getCoreDefinition", | |
"greengrass:getCoreDefinitionVersion", | |
"greengrass:getDeploymentStatus", | |
"greengrass:getDeviceDefinition", | |
"greengrass:getDeviceDefinitionVersion", | |
"greengrass:getFunctionDefinition", | |
"greengrass:getFunctionDefinitionVersion", | |
"greengrass:getGroup", | |
"greengrass:getGroupCertificateAuthority", | |
"greengrass:getGroupVersion", | |
"greengrass:getLoggerDefinition", | |
"greengrass:getLoggerDefinitionVersion", | |
"greengrass:getResourceDefinitionVersion", | |
"greengrass:getServiceRoleForAccount", | |
"greengrass:getSubscriptionDefinition", | |
"greengrass:getSubscriptionDefinitionVersion", | |
"greengrass:listCoreDefinitionVersions", | |
"greengrass:listCoreDefinitions", | |
"greengrass:listDeployments", | |
"greengrass:listDeviceDefinitionVersions", | |
"greengrass:listDeviceDefinitions", | |
"greengrass:listFunctionDefinitionVersions", | |
"greengrass:listFunctionDefinitions", | |
"greengrass:listGroupVersions", | |
"greengrass:listGroups", | |
"greengrass:listLoggerDefinitionVersions", | |
"greengrass:listLoggerDefinitions", | |
"greengrass:listResourceDefinitionVersions", | |
"greengrass:listResourceDefinitions", | |
"greengrass:listSubscriptionDefinitionVersions", | |
"greengrass:listSubscriptionDefinitions", | |
"guardduty:getDetector", | |
"guardduty:getFindings", | |
"guardduty:getFindingsStatistics", | |
"guardduty:getIPSet", | |
"guardduty:getInvitationsCount", | |
"guardduty:getMasterAccount", | |
"guardduty:getMembers", | |
"guardduty:getThreatIntelSet", | |
"guardduty:listDetectors", | |
"guardduty:listFindings", | |
"guardduty:listIPSets", | |
"guardduty:listInvitations", | |
"guardduty:listMembers", | |
"guardduty:listThreatIntelSets", | |
"health:describeAffectedEntities", | |
"health:describeEntityAggregates", | |
"health:describeEventAggregates", | |
"health:describeEventDetails", | |
"health:describeEventTypes", | |
"health:describeEvents", | |
"iam:getAccessKeyLastUsed", | |
"iam:getAccountAuthorizationDetails", | |
"iam:getAccountPasswordPolicy", | |
"iam:getAccountSummary", | |
"iam:getContextKeysForCustomPolicy", | |
"iam:getContextKeysForPrincipalPolicy", | |
"iam:getCredentialReport", | |
"iam:getGroup", | |
"iam:getGroupPolicy", | |
"iam:getInstanceProfile", | |
"iam:getLoginProfile", | |
"iam:getOpenIDConnectProvider", | |
"iam:getPolicy", | |
"iam:getPolicyVersion", | |
"iam:getRole", | |
"iam:getRolePolicy", | |
"iam:getSAMLProvider", | |
"iam:getSSHPublicKey", | |
"iam:getServerCertificate", | |
"iam:getUser", | |
"iam:getUserPolicy", | |
"iam:listAccessKeys", | |
"iam:listAccountAliases", | |
"iam:listAttachedGroupPolicies", | |
"iam:listAttachedRolePolicies", | |
"iam:listAttachedUserPolicies", | |
"iam:listEntitiesForPolicy", | |
"iam:listGroupPolicies", | |
"iam:listGroups", | |
"iam:listGroupsForUser", | |
"iam:listInstanceProfiles", | |
"iam:listInstanceProfilesForRole", | |
"iam:listMFADevices", | |
"iam:listOpenIDConnectProviders", | |
"iam:listPolicies", | |
"iam:listPolicyVersions", | |
"iam:listRolePolicies", | |
"iam:listRoles", | |
"iam:listSAMLProviders", | |
"iam:listSSHPublicKeys", | |
"iam:listServerCertificates", | |
"iam:listSigningCertificates", | |
"iam:listUserPolicies", | |
"iam:listUsers", | |
"iam:listVirtualMFADevices", | |
"iam:simulateCustomPolicy", | |
"iam:simulatePrincipalPolicy", | |
"importexport:getStatus", | |
"importexport:listJobs", | |
"inspector:describeAssessmentRuns", | |
"inspector:describeAssessmentTargets", | |
"inspector:describeAssessmentTemplates", | |
"inspector:describeCrossAccountAccessRole", | |
"inspector:describeResourceGroups", | |
"inspector:describeRulesPackages", | |
"inspector:getTelemetryMetadata", | |
"inspector:listAssessmentRunAgents", | |
"inspector:listAssessmentRuns", | |
"inspector:listAssessmentTargets", | |
"inspector:listAssessmentTemplates", | |
"inspector:listEventSubscriptions", | |
"inspector:listRulesPackages", | |
"inspector:listTagsForResource", | |
"iot:describeAuthorizer", | |
"iot:describeCACertificate", | |
"iot:describeCertificate", | |
"iot:describeDefaultAuthorizer", | |
"iot:describeEndpoint", | |
"iot:describeIndex", | |
"iot:describeJobExecution", | |
"iot:describeThing", | |
"iot:describeThingGroup", | |
"iot:getEffectivePolicies", | |
"iot:getIndexingConfiguration", | |
"iot:getLoggingOptions", | |
"iot:getPolicy", | |
"iot:getPolicyVersion", | |
"iot:getTopicRule", | |
"iot:getV2LoggingOptions", | |
"iot:listAttachedPolicies", | |
"iot:listAuthorizers", | |
"iot:listCACertificates", | |
"iot:listCertificates", | |
"iot:listCertificatesByCA", | |
"iot:listJobExecutionsForJob", | |
"iot:listJobExecutionsForThing", | |
"iot:listJobs", | |
"iot:listOutgoingCertificates", | |
"iot:listPolicies", | |
"iot:listPolicyPrincipals", | |
"iot:listPolicyVersions", | |
"iot:listPrincipalPolicies", | |
"iot:listPrincipalThings", | |
"iot:listRoleAliases", | |
"iot:listTargetsForPolicy", | |
"iot:listThingGroups", | |
"iot:listThingGroupsForThing", | |
"iot:listThingPrincipals", | |
"iot:listThingRegistrationTasks", | |
"iot:listThingTypes", | |
"iot:listThings", | |
"iot:listTopicRules", | |
"iot:listV2LoggingLevels", | |
"iotevents:describeDetector", | |
"iotevents:describeDetectorModel", | |
"iotevents:describeInput", | |
"iotevents:describeLoggingOptions", | |
"iotevents:listDetectorModelVersions", | |
"iotevents:listDetectorModels", | |
"iotevents:listDetectors", | |
"iotevents:listInputs", | |
"kafka:describeCluster", | |
"kafka:getBootstrapBrokers", | |
"kafka:listClusters", | |
"kafka:listNodes", | |
"kinesis:describeStream", | |
"kinesis:listStreams", | |
"kinesis:listTagsForStream", | |
"kinesisanalytics:describeApplication", | |
"kinesisanalytics:listApplications", | |
"kms:describeKey", | |
"kms:getKeyPolicy", | |
"kms:getKeyRotationStatus", | |
"kms:listAliases", | |
"kms:listGrants", | |
"kms:listKeyPolicies", | |
"kms:listKeys", | |
"kms:listResourceTags", | |
"kms:listRetirableGrants", | |
"lambda:getAccountSettings", | |
"lambda:getAlias", | |
"lambda:getEventSourceMapping", | |
"lambda:getFunction", | |
"lambda:getFunctionConfiguration", | |
"lambda:getLayerVersion", | |
"lambda:getLayerVersionPolicy", | |
"lambda:getPolicy", | |
"lambda:listAliases", | |
"lambda:listEventSourceMappings", | |
"lambda:listFunctions", | |
"lambda:listLayerVersions", | |
"lambda:listLayers", | |
"lambda:listVersionsByFunction", | |
"lex:getBot", | |
"lex:getBotAlias", | |
"lex:getBotAliases", | |
"lex:getBotChannelAssociation", | |
"lex:getBotChannelAssociations", | |
"lex:getBotVersions", | |
"lex:getBots", | |
"lex:getBuiltinIntent", | |
"lex:getBuiltinIntents", | |
"lex:getBuiltinSlotTypes", | |
"lex:getIntent", | |
"lex:getIntentVersions", | |
"lex:getIntents", | |
"lex:getSlotType", | |
"lex:getSlotTypeVersions", | |
"lex:getSlotTypes", | |
"lightsail:getActiveNames", | |
"lightsail:getBlueprints", | |
"lightsail:getBundles", | |
"lightsail:getDomain", | |
"lightsail:getDomains", | |
"lightsail:getInstance", | |
"lightsail:getInstanceAccessDetails", | |
"lightsail:getInstanceMetricData", | |
"lightsail:getInstancePortStates", | |
"lightsail:getInstanceSnapshot", | |
"lightsail:getInstanceSnapshots", | |
"lightsail:getInstanceState", | |
"lightsail:getInstances", | |
"lightsail:getKeyPair", | |
"lightsail:getKeyPairs", | |
"lightsail:getOperation", | |
"lightsail:getOperations", | |
"lightsail:getOperationsForResource", | |
"lightsail:getRegions", | |
"lightsail:getStaticIp", | |
"lightsail:getStaticIps", | |
"logs:describeDestinations", | |
"logs:describeExportTasks", | |
"logs:describeLogGroups", | |
"logs:describeLogStreams", | |
"logs:describeMetricFilters", | |
"logs:describeQueries", | |
"logs:describeSubscriptionFilters", | |
"logs:testMetricFilter", | |
"machinelearning:describeBatchPredictions", | |
"machinelearning:describeDataSources", | |
"machinelearning:describeEvaluations", | |
"machinelearning:describeMLModels", | |
"machinelearning:getBatchPrediction", | |
"machinelearning:getDataSource", | |
"machinelearning:getEvaluation", | |
"machinelearning:getMLModel", | |
"managedblockchain:getMember", | |
"managedblockchain:getNetwork", | |
"managedblockchain:getNode", | |
"managedblockchain:listMembers", | |
"managedblockchain:listNetworks", | |
"managedblockchain:listNodes", | |
"mediaconvert:describeEndpoints", | |
"mediaconvert:getJob", | |
"mediaconvert:getJobTemplate", | |
"mediaconvert:getPreset", | |
"mediaconvert:getQueue", | |
"mediaconvert:listJobTemplates", | |
"mediaconvert:listJobs", | |
"medialive:describeChannel", | |
"medialive:describeInput", | |
"medialive:describeInputSecurityGroup", | |
"medialive:describeOffering", | |
"medialive:describeReservation", | |
"medialive:describeSchedule", | |
"medialive:listChannels", | |
"medialive:listInputSecurityGroups", | |
"medialive:listInputs", | |
"medialive:listOfferings", | |
"medialive:listReservations", | |
"mediapackage:describeChannel", | |
"mediapackage:describeOriginEndpoint", | |
"mediapackage:listChannels", | |
"mediapackage:listOriginEndpoints", | |
"mediastore:describeContainer", | |
"mediastore:describeObject", | |
"mediastore:getContainerPolicy", | |
"mediastore:getCorsPolicy", | |
"mediastore:listContainers", | |
"mediastore:listItems", | |
"mediatailor:getPlaybackConfiguration", | |
"mediatailor:listPlaybackConfigurations", | |
"mobiletargeting:getAdmChannel", | |
"mobiletargeting:getApnsChannel", | |
"mobiletargeting:getApnsSandboxChannel", | |
"mobiletargeting:getApnsVoipChannel", | |
"mobiletargeting:getApnsVoipSandboxChannel", | |
"mobiletargeting:getApp", | |
"mobiletargeting:getApplicationSettings", | |
"mobiletargeting:getApps", | |
"mobiletargeting:getBaiduChannel", | |
"mobiletargeting:getCampaign", | |
"mobiletargeting:getCampaignActivities", | |
"mobiletargeting:getCampaignVersion", | |
"mobiletargeting:getCampaignVersions", | |
"mobiletargeting:getCampaigns", | |
"mobiletargeting:getEmailChannel", | |
"mobiletargeting:getEndpoint", | |
"mobiletargeting:getEventStream", | |
"mobiletargeting:getExportJob", | |
"mobiletargeting:getExportJobs", | |
"mobiletargeting:getGcmChannel", | |
"mobiletargeting:getImportJob", | |
"mobiletargeting:getImportJobs", | |
"mobiletargeting:getSegment", | |
"mobiletargeting:getSegmentImportJobs", | |
"mobiletargeting:getSegmentVersion", | |
"mobiletargeting:getSegmentVersions", | |
"mobiletargeting:getSegments", | |
"mobiletargeting:getSmsChannel", | |
"mq:describeBroker", | |
"mq:describeConfiguration", | |
"mq:describeConfigurationRevision", | |
"mq:describeUser", | |
"mq:listBrokers", | |
"mq:listConfigurationRevisions", | |
"mq:listConfigurations", | |
"mq:listUsers", | |
"opsworks-cm:describeAccountAttributes", | |
"opsworks-cm:describeBackups", | |
"opsworks-cm:describeEvents", | |
"opsworks-cm:describeNodeAssociationStatus", | |
"opsworks-cm:describeServers", | |
"opsworks:describeAgentVersions", | |
"opsworks:describeApps", | |
"opsworks:describeCommands", | |
"opsworks:describeDeployments", | |
"opsworks:describeEcsClusters", | |
"opsworks:describeElasticIps", | |
"opsworks:describeElasticLoadBalancers", | |
"opsworks:describeInstances", | |
"opsworks:describeLayers", | |
"opsworks:describeLoadBasedAutoScaling", | |
"opsworks:describeMyUserProfile", | |
"opsworks:describePermissions", | |
"opsworks:describeRaidArrays", | |
"opsworks:describeRdsDbInstances", | |
"opsworks:describeServiceErrors", | |
"opsworks:describeStackProvisioningParameters", | |
"opsworks:describeStackSummary", | |
"opsworks:describeStacks", | |
"opsworks:describeTimeBasedAutoScaling", | |
"opsworks:describeUserProfiles", | |
"opsworks:describeVolumes", | |
"opsworks:getHostnameSuggestion", | |
"personalize:describeAlgorithm", | |
"personalize:describeCampaign", | |
"personalize:describeDataset", | |
"personalize:describeDatasetGroup", | |
"personalize:describeDatasetImportJob", | |
"personalize:describeEventTracker", | |
"personalize:describeFeatureTransformation", | |
"personalize:describeRecipe", | |
"personalize:describeSchema", | |
"personalize:describeSolution", | |
"personalize:describeSolutionVersion", | |
"personalize:listCampaigns", | |
"personalize:listDatasetGroups", | |
"personalize:listDatasetImportJobs", | |
"personalize:listDatasets", | |
"personalize:listEventTrackers", | |
"personalize:listRecipes", | |
"personalize:listSchemas", | |
"personalize:listSolutionVersions", | |
"personalize:listSolutions", | |
"polly:describeVoices", | |
"polly:getLexicon", | |
"polly:listLexicons", | |
"pricing:describeServices", | |
"pricing:getAttributeValues", | |
"pricing:getProducts", | |
"rds:describeAccountAttributes", | |
"rds:describeCertificates", | |
"rds:describeDBClusterParameterGroups", | |
"rds:describeDBClusterParameters", | |
"rds:describeDBClusterSnapshots", | |
"rds:describeDBClusters", | |
"rds:describeDBEngineVersions", | |
"rds:describeDBInstances", | |
"rds:describeDBParameterGroups", | |
"rds:describeDBParameters", | |
"rds:describeDBSecurityGroups", | |
"rds:describeDBSnapshotAttributes", | |
"rds:describeDBSnapshots", | |
"rds:describeDBSubnetGroups", | |
"rds:describeEngineDefaultClusterParameters", | |
"rds:describeEngineDefaultParameters", | |
"rds:describeEventCategories", | |
"rds:describeEventSubscriptions", | |
"rds:describeEvents", | |
"rds:describeOptionGroupOptions", | |
"rds:describeOptionGroups", | |
"rds:describeOrderableDBInstanceOptions", | |
"rds:describePendingMaintenanceActions", | |
"rds:describeReservedDBInstances", | |
"rds:describeReservedDBInstancesOfferings", | |
"rds:listTagsForResource", | |
"redshift:describeClusterParameterGroups", | |
"redshift:describeClusterParameters", | |
"redshift:describeClusterSecurityGroups", | |
"redshift:describeClusterSnapshots", | |
"redshift:describeClusterSubnetGroups", | |
"redshift:describeClusterVersions", | |
"redshift:describeClusters", | |
"redshift:describeDefaultClusterParameters", | |
"redshift:describeEventCategories", | |
"redshift:describeEventSubscriptions", | |
"redshift:describeEvents", | |
"redshift:describeHsmClientCertificates", | |
"redshift:describeHsmConfigurations", | |
"redshift:describeLoggingStatus", | |
"redshift:describeOrderableClusterOptions", | |
"redshift:describeReservedNodeOfferings", | |
"redshift:describeReservedNodes", | |
"redshift:describeResize", | |
"redshift:describeSnapshotCopyGrants", | |
"redshift:describeTableRestoreStatus", | |
"redshift:describeTags", | |
"rekognition:listCollections", | |
"rekognition:listFaces", | |
"robomaker:batchDescribeSimulationJob", | |
"robomaker:describeDeploymentJob", | |
"robomaker:describeFleet", | |
"robomaker:describeRobot", | |
"robomaker:describeRobotApplication", | |
"robomaker:describeSimulationApplication", | |
"robomaker:describeSimulationJob", | |
"robomaker:listDeploymentJobs", | |
"robomaker:listFleets", | |
"robomaker:listRobotApplications", | |
"robomaker:listRobots", | |
"robomaker:listSimulationApplications", | |
"robomaker:listSimulationJobs", | |
"route53:getChange", | |
"route53:getCheckerIpRanges", | |
"route53:getGeoLocation", | |
"route53:getHealthCheck", | |
"route53:getHealthCheckCount", | |
"route53:getHealthCheckLastFailureReason", | |
"route53:getHealthCheckStatus", | |
"route53:getHostedZone", | |
"route53:getHostedZoneCount", | |
"route53:getReusableDelegationSet", | |
"route53:getTrafficPolicy", | |
"route53:getTrafficPolicyInstance", | |
"route53:getTrafficPolicyInstanceCount", | |
"route53:listGeoLocations", | |
"route53:listHealthChecks", | |
"route53:listHostedZones", | |
"route53:listHostedZonesByName", | |
"route53:listResourceRecordSets", | |
"route53:listReusableDelegationSets", | |
"route53:listTagsForResource", | |
"route53:listTagsForResources", | |
"route53:listTrafficPolicies", | |
"route53:listTrafficPolicyInstances", | |
"route53:listTrafficPolicyInstancesByHostedZone", | |
"route53:listTrafficPolicyInstancesByPolicy", | |
"route53:listTrafficPolicyVersions", | |
"route53domains:checkDomainAvailability", | |
"route53domains:getContactReachabilityStatus", | |
"route53domains:getDomainDetail", | |
"route53domains:getOperationDetail", | |
"route53domains:listDomains", | |
"route53domains:listOperations", | |
"route53domains:listTagsForDomain", | |
"route53domains:viewBilling", | |
"route53resolver:getResolverRulePolicy", | |
"route53resolver:listResolverEndpointIpAddresses", | |
"route53resolver:listResolverEndpoints", | |
"route53resolver:listResolverRuleAssociations", | |
"route53resolver:listResolverRules", | |
"route53resolver:listTagsForResource", | |
"s3:getAccelerateConfiguration", | |
"s3:getAnalyticsConfiguration", | |
"s3:getBucketAcl", | |
"s3:getBucketCORS", | |
"s3:getBucketLocation", | |
"s3:getBucketLogging", | |
"s3:getBucketNotification", | |
"s3:getBucketPolicy", | |
"s3:getBucketRequestPayment", | |
"s3:getBucketTagging", | |
"s3:getBucketVersioning", | |
"s3:getBucketWebsite", | |
"s3:getEncryptionConfiguration", | |
"s3:getInventoryConfiguration", | |
"s3:getLifecycleConfiguration", | |
"s3:getMetricsConfiguration", | |
"s3:getReplicationConfiguration", | |
"s3:headBucket", | |
"s3:listAllMyBuckets", | |
"s3:listBucketMultipartUploads", | |
"sagemaker:describeAlgorithm", | |
"sagemaker:describeCompilationJob", | |
"sagemaker:describeEndpoint", | |
"sagemaker:describeEndpointConfig", | |
"sagemaker:describeHyperParameterTuningJob", | |
"sagemaker:describeLabelingJob", | |
"sagemaker:describeModel", | |
"sagemaker:describeModelPackage", | |
"sagemaker:describeNotebookInstance", | |
"sagemaker:describeNotebookInstanceLifecycleConfig", | |
"sagemaker:describeTrainingJob", | |
"sagemaker:describeTransformJob", | |
"sagemaker:describeWorkteam", | |
"sagemaker:listAlgorithms", | |
"sagemaker:listCompilationJobs", | |
"sagemaker:listEndpointConfigs", | |
"sagemaker:listEndpoints", | |
"sagemaker:listHyperParameterTuningJobs", | |
"sagemaker:listLabelingJobs", | |
"sagemaker:listLabelingJobsForWorkteam", | |
"sagemaker:listModelPackages", | |
"sagemaker:listModels", | |
"sagemaker:listNotebookInstanceLifecycleConfigs", | |
"sagemaker:listNotebookInstances", | |
"sagemaker:listTags", | |
"sagemaker:listTrainingJobs", | |
"sagemaker:listTrainingJobsForHyperParameterTuningJob", | |
"sagemaker:listTransformJobs", | |
"sagemaker:listWorkteams", | |
"sdb:domainMetadata", | |
"sdb:listDomains", | |
"secretsmanager:describeSecret", | |
"secretsmanager:getResourcePolicy", | |
"secretsmanager:listSecretVersionIds", | |
"secretsmanager:listSecrets", | |
"securityhub:getEnabledStandards", | |
"securityhub:getFindings", | |
"securityhub:getInsightResults", | |
"securityhub:getInsights", | |
"securityhub:getMasterAccount", | |
"securityhub:getMembers", | |
"securityhub:listEnabledProductsForImport", | |
"securityhub:listInvitations", | |
"securityhub:listMembers", | |
"servicecatalog:describeConstraint", | |
"servicecatalog:describePortfolio", | |
"servicecatalog:describeProduct", | |
"servicecatalog:describeProductAsAdmin", | |
"servicecatalog:describeProductView", | |
"servicecatalog:describeProvisioningArtifact", | |
"servicecatalog:describeProvisioningParameters", | |
"servicecatalog:describeRecord", | |
"servicecatalog:listAcceptedPortfolioShares", | |
"servicecatalog:listConstraintsForPortfolio", | |
"servicecatalog:listLaunchPaths", | |
"servicecatalog:listPortfolioAccess", | |
"servicecatalog:listPortfolios", | |
"servicecatalog:listPortfoliosForProduct", | |
"servicecatalog:listPrincipalsForPortfolio", | |
"servicecatalog:listProvisioningArtifacts", | |
"servicecatalog:listRecordHistory", | |
"servicecatalog:scanProvisionedProducts", | |
"servicecatalog:searchProducts", | |
"servicequotas:getAWSDefaultServiceQuota", | |
"servicequotas:getAssociationForServiceQuotaTemplate", | |
"servicequotas:getRequestedServiceQuotaChange", | |
"servicequotas:getServiceQuota", | |
"servicequotas:getServiceQuotaIncreaseRequestFromTemplate", | |
"servicequotas:listAWSDefaultServiceQuotas", | |
"servicequotas:listRequestedServiceQuotaChangeHistory", | |
"servicequotas:listRequestedServiceQuotaChangeHistoryByQuota", | |
"servicequotas:listServiceQuotaIncreaseRequestsInTemplate", | |
"servicequotas:listServiceQuotas", | |
"servicequotas:listServices", | |
"ses:describeActiveReceiptRuleSet", | |
"ses:describeReceiptRule", | |
"ses:describeReceiptRuleSet", | |
"ses:getIdentityDkimAttributes", | |
"ses:getIdentityMailFromDomainAttributes", | |
"ses:getIdentityNotificationAttributes", | |
"ses:getIdentityPolicies", | |
"ses:getIdentityVerificationAttributes", | |
"ses:getSendQuota", | |
"ses:getSendStatistics", | |
"ses:listIdentities", | |
"ses:listIdentityPolicies", | |
"ses:listReceiptFilters", | |
"ses:listReceiptRuleSets", | |
"ses:listVerifiedEmailAddresses", | |
"shield:describeAttack", | |
"shield:describeProtection", | |
"shield:describeSubscription", | |
"shield:listAttacks", | |
"shield:listProtections", | |
"sms:getConnectors", | |
"sms:getReplicationJobs", | |
"sms:getReplicationRuns", | |
"sms:getServers", | |
"snowball:describeAddress", | |
"snowball:describeAddresses", | |
"snowball:describeJob", | |
"snowball:getSnowballUsage", | |
"snowball:listJobs", | |
"sns:checkIfPhoneNumberIsOptedOut", | |
"sns:getEndpointAttributes", | |
"sns:getPlatformApplicationAttributes", | |
"sns:getSMSAttributes", | |
"sns:getSubscriptionAttributes", | |
"sns:getTopicAttributes", | |
"sns:listEndpointsByPlatformApplication", | |
"sns:listPhoneNumbersOptedOut", | |
"sns:listPlatformApplications", | |
"sns:listSubscriptions", | |
"sns:listSubscriptionsByTopic", | |
"sns:listTopics", | |
"sqs:getQueueAttributes", | |
"sqs:getQueueUrl", | |
"sqs:listDeadLetterSourceQueues", | |
"sqs:listQueues", | |
"ssm:describeActivations", | |
"ssm:describeAssociation", | |
"ssm:describeAutomationExecutions", | |
"ssm:describeAvailablePatches", | |
"ssm:describeDocument", | |
"ssm:describeDocumentPermission", | |
"ssm:describeEffectiveInstanceAssociations", | |
"ssm:describeEffectivePatchesForPatchBaseline", | |
"ssm:describeInstanceAssociationsStatus", | |
"ssm:describeInstanceInformation", | |
"ssm:describeInstancePatchStates", | |
"ssm:describeInstancePatchStatesForPatchGroup", | |
"ssm:describeInstancePatches", | |
"ssm:describeMaintenanceWindowExecutionTaskInvocations", | |
"ssm:describeMaintenanceWindowExecutionTasks", | |
"ssm:describeMaintenanceWindowExecutions", | |
"ssm:describeMaintenanceWindowTargets", | |
"ssm:describeMaintenanceWindowTasks", | |
"ssm:describeMaintenanceWindows", | |
"ssm:describeParameters", | |
"ssm:describePatchBaselines", | |
"ssm:describePatchGroupState", | |
"ssm:describePatchGroups", | |
"ssm:getAutomationExecution", | |
"ssm:getCommandInvocation", | |
"ssm:getDefaultPatchBaseline", | |
"ssm:getDeployablePatchSnapshotForInstance", | |
"ssm:getDocument", | |
"ssm:getInventory", | |
"ssm:getInventorySchema", | |
"ssm:getMaintenanceWindow", | |
"ssm:getMaintenanceWindowExecution", | |
"ssm:getMaintenanceWindowExecutionTask", | |
"ssm:getParameterHistory", | |
"ssm:getParameters", | |
"ssm:getPatchBaseline", | |
"ssm:getPatchBaselineForPatchGroup", | |
"ssm:listAssociations", | |
"ssm:listCommandInvocations", | |
"ssm:listCommands", | |
"ssm:listDocumentVersions", | |
"ssm:listDocuments", | |
"ssm:listInventoryEntries", | |
"ssm:listTagsForResource", | |
"states:describeActivity", | |
"states:describeExecution", | |
"states:describeStateMachine", | |
"states:getExecutionHistory", | |
"states:listActivities", | |
"states:listExecutions", | |
"states:listStateMachines", | |
"storagegateway:describeBandwidthRateLimit", | |
"storagegateway:describeCache", | |
"storagegateway:describeCachediSCSIVolumes", | |
"storagegateway:describeGatewayInformation", | |
"storagegateway:describeMaintenanceStartTime", | |
"storagegateway:describeNFSFileShares", | |
"storagegateway:describeSMBFileShares", | |
"storagegateway:describeSMBSettings", | |
"storagegateway:describeSnapshotSchedule", | |
"storagegateway:describeStorediSCSIVolumes", | |
"storagegateway:describeTapeArchives", | |
"storagegateway:describeTapeRecoveryPoints", | |
"storagegateway:describeTapes", | |
"storagegateway:describeUploadBuffer", | |
"storagegateway:describeVTLDevices", | |
"storagegateway:describeWorkingStorage", | |
"storagegateway:listFileShares", | |
"storagegateway:listGateways", | |
"storagegateway:listLocalDisks", | |
"storagegateway:listTagsForResource", | |
"storagegateway:listTapes", | |
"storagegateway:listVolumeInitiators", | |
"storagegateway:listVolumeRecoveryPoints", | |
"storagegateway:listVolumes", | |
"swf:countClosedWorkflowExecutions", | |
"swf:countOpenWorkflowExecutions", | |
"swf:countPendingActivityTasks", | |
"swf:countPendingDecisionTasks", | |
"swf:describeActivityType", | |
"swf:describeDomain", | |
"swf:describeWorkflowExecution", | |
"swf:describeWorkflowType", | |
"swf:getWorkflowExecutionHistory", | |
"swf:listActivityTypes", | |
"swf:listClosedWorkflowExecutions", | |
"swf:listDomains", | |
"swf:listOpenWorkflowExecutions", | |
"swf:listWorkflowTypes", | |
"transfer:describeServer", | |
"transfer:describeUser", | |
"transfer:listServers", | |
"transfer:listTagsForResource", | |
"transfer:listUsers", | |
"waf-regional:getByteMatchSet", | |
"waf-regional:getChangeTokenStatus", | |
"waf-regional:getIPSet", | |
"waf-regional:getRule", | |
"waf-regional:getSqlInjectionMatchSet", | |
"waf-regional:getWebACL", | |
"waf-regional:getWebACLForResource", | |
"waf-regional:listByteMatchSets", | |
"waf-regional:listIPSets", | |
"waf-regional:listResourcesForWebACL", | |
"waf-regional:listRules", | |
"waf-regional:listSqlInjectionMatchSets", | |
"waf-regional:listWebACLs", | |
"waf:getByteMatchSet", | |
"waf:getChangeTokenStatus", | |
"waf:getIPSet", | |
"waf:getRule", | |
"waf:getSampledRequests", | |
"waf:getSizeConstraintSet", | |
"waf:getSqlInjectionMatchSet", | |
"waf:getWebACL", | |
"waf:getXssMatchSet", | |
"waf:listByteMatchSets", | |
"waf:listIPSets", | |
"waf:listRules", | |
"waf:listSizeConstraintSets", | |
"waf:listSqlInjectionMatchSets", | |
"waf:listWebACLs", | |
"waf:listXssMatchSets", | |
"workdocs:checkAlias", | |
"workdocs:describeAvailableDirectories", | |
"workdocs:describeInstances", | |
"worklink:describeAuditStreamConfiguration", | |
"worklink:describeCompanyNetworkConfiguration", | |
"worklink:describeDevice", | |
"worklink:describeDevicePolicyConfiguration", | |
"worklink:describeDomain", | |
"worklink:describeFleetMetadata", | |
"worklink:describeIdentityProviderConfiguration", | |
"worklink:describeWebsiteCertificateAuthority", | |
"worklink:listDevices", | |
"worklink:listDomains", | |
"worklink:listFleets", | |
"worklink:listWebsiteAuthorizationProviders", | |
"worklink:listWebsiteCertificateAuthorities", | |
"workmail:describeGroup", | |
"workmail:describeOrganization", | |
"workmail:describeResource", | |
"workmail:describeUser", | |
"workmail:listAliases", | |
"workmail:listGroupMembers", | |
"workmail:listGroups", | |
"workmail:listMailboxPermissions", | |
"workmail:listOrganizations", | |
"workmail:listResourceDelegates", | |
"workmail:listResources", | |
"workmail:listUsers", | |
"workspaces:describeAccount", | |
"workspaces:describeAccountModifications", | |
"workspaces:describeIpGroups", | |
"workspaces:describeTags", | |
"workspaces:describeWorkspaceBundles", | |
"workspaces:describeWorkspaceDirectories", | |
"workspaces:describeWorkspaceImages", | |
"workspaces:describeWorkspaces", | |
"workspaces:describeWorkspacesConnectionStatus" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": false, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ7W6266ELXF5MISDS", | |
"PolicyName": "AWSSupportServiceRolePolicy", | |
"UpdateDate": "2019-10-17T21:49:13+00:00", | |
"VersionId": "v7" | |
}, | |
"AWSSystemsManagerAccountDiscoveryServicePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerAccountDiscoveryServicePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-24T17:21:05+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"organizations:DescribeAccount", | |
"organizations:DescribeOrganization", | |
"organizations:ListAccounts", | |
"organizations:ListAWSServiceAccessForOrganization", | |
"organizations:ListChildren", | |
"organizations:ListParents" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4BPDSHIWK5", | |
"PolicyName": "AWSSystemsManagerAccountDiscoveryServicePolicy", | |
"UpdateDate": "2019-10-24T17:21:05+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSTransferLoggingAccess": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-01-14T15:32:50+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"logs:CreateLogStream", | |
"logs:DescribeLogStreams", | |
"logs:CreateLogGroup", | |
"logs:PutLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAISIP5WGJX7VKXRQZO", | |
"PolicyName": "AWSTransferLoggingAccess", | |
"UpdateDate": "2019-01-14T15:32:50+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSTrustedAdvisorServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy", | |
"AttachmentCount": 1, | |
"CreateDate": "2019-11-15T22:11:48+00:00", | |
"DefaultVersionId": "v7", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"autoscaling:DescribeAccountLimits", | |
"autoscaling:DescribeAutoScalingGroups", | |
"autoscaling:DescribeLaunchConfigurations", | |
"cloudformation:DescribeAccountLimits", | |
"cloudformation:DescribeStacks", | |
"cloudformation:ListStacks", | |
"cloudfront:ListDistributions", | |
"cloudtrail:DescribeTrails", | |
"cloudtrail:GetTrailStatus", | |
"dynamodb:DescribeLimits", | |
"dynamodb:DescribeTable", | |
"dynamodb:ListTables", | |
"ec2:DescribeAddresses", | |
"ec2:DescribeReservedInstances", | |
"ec2:DescribeInstances", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeInternetGateways", | |
"ec2:DescribeImages", | |
"ec2:DescribeVolumes", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeReservedInstancesOfferings", | |
"ec2:DescribeSnapshots", | |
"ec2:DescribeVpnConnections", | |
"ec2:DescribeVpnGateways", | |
"ec2:DescribeLaunchTemplateVersions", | |
"elasticloadbalancing:DescribeAccountLimits", | |
"elasticloadbalancing:DescribeInstanceHealth", | |
"elasticloadbalancing:DescribeLoadBalancerAttributes", | |
"elasticloadbalancing:DescribeLoadBalancerPolicies", | |
"elasticloadbalancing:DescribeLoadBalancerPolicyTypes", | |
"elasticloadbalancing:DescribeLoadBalancers", | |
"iam:GenerateCredentialReport", | |
"iam:GetAccountPasswordPolicy", | |
"iam:GetAccountSummary", | |
"iam:GetCredentialReport", | |
"iam:GetServerCertificate", | |
"iam:ListServerCertificates", | |
"kinesis:DescribeLimits", | |
"rds:DescribeAccountAttributes", | |
"rds:DescribeDBClusters", | |
"rds:DescribeDBEngineVersions", | |
"rds:DescribeDBInstances", | |
"rds:DescribeDBParameterGroups", | |
"rds:DescribeDBParameters", | |
"rds:DescribeDBSecurityGroups", | |
"rds:DescribeDBSnapshots", | |
"rds:DescribeDBSubnetGroups", | |
"rds:DescribeEngineDefaultParameters", | |
"rds:DescribeEvents", | |
"rds:DescribeOptionGroupOptions", | |
"rds:DescribeOptionGroups", | |
"rds:DescribeOrderableDBInstanceOptions", | |
"rds:DescribeReservedDBInstances", | |
"rds:DescribeReservedDBInstancesOfferings", | |
"rds:ListTagsForResource", | |
"redshift:DescribeClusters", | |
"redshift:DescribeReservedNodeOfferings", | |
"redshift:DescribeReservedNodes", | |
"route53:GetAccountLimit", | |
"route53:GetHealthCheck", | |
"route53:GetHostedZone", | |
"route53:ListHealthChecks", | |
"route53:ListHostedZones", | |
"route53:ListHostedZonesByName", | |
"route53:ListResourceRecordSets", | |
"s3:GetBucketAcl", | |
"s3:GetBucketPolicy", | |
"s3:GetBucketPolicyStatus", | |
"s3:GetBucketLocation", | |
"s3:GetBucketLogging", | |
"s3:GetBucketVersioning", | |
"s3:GetBucketPublicAccessBlock", | |
"s3:ListBucket", | |
"s3:ListAllMyBuckets", | |
"ses:GetSendQuota", | |
"sqs:ListQueues", | |
"cloudwatch:GetMetricStatistics", | |
"ce:GetReservationPurchaseRecommendation" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJH4QJ2WMHBOB47BUE", | |
"PolicyName": "AWSTrustedAdvisorServiceRolePolicy", | |
"UpdateDate": "2019-11-15T22:11:48+00:00", | |
"VersionId": "v7" | |
}, | |
"AWSVPCS2SVpnServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSVPCS2SVpnServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-08-06T14:13:58+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"acm:ExportCertificate", | |
"acm:DescribeCertificate", | |
"acm:ListCertificates", | |
"acm-pca:DescribeCertificateAuthority" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "0" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4ENV7ZVNT6", | |
"PolicyName": "AWSVPCS2SVpnServiceRolePolicy", | |
"UpdateDate": "2019-08-06T14:13:58+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSVPCTransitGatewayServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSVPCTransitGatewayServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-11-26T16:21:17+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:CreateNetworkInterface", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:ModifyNetworkInterfaceAttribute", | |
"ec2:DeleteNetworkInterface", | |
"ec2:CreateNetworkInterfacePermission" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "0" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJS2PBJSYV2EZW3MIQ", | |
"PolicyName": "AWSVPCTransitGatewayServiceRolePolicy", | |
"UpdateDate": "2018-11-26T16:21:17+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSWAFFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSWAFFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-12-07T21:33:25+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"waf:*", | |
"waf-regional:*", | |
"elasticloadbalancing:SetWebACL" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJMIKIAFXZEGOLRH7C", | |
"PolicyName": "AWSWAFFullAccess", | |
"UpdateDate": "2016-12-07T21:33:25+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSWAFReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSWAFReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-12-07T21:30:54+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"waf:Get*", | |
"waf:List*", | |
"waf-regional:Get*", | |
"waf-regional:List*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAINZVDMX2SBF7EU2OC", | |
"PolicyName": "AWSWAFReadOnlyAccess", | |
"UpdateDate": "2016-12-07T21:30:54+00:00", | |
"VersionId": "v2" | |
}, | |
"AWSXRayDaemonWriteAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-08-28T23:00:33+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"xray:PutTraceSegments", | |
"xray:PutTelemetryRecords", | |
"xray:GetSamplingRules", | |
"xray:GetSamplingTargets", | |
"xray:GetSamplingStatisticSummaries" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIOE47HSUE5AVBNEDM", | |
"PolicyName": "AWSXRayDaemonWriteAccess", | |
"UpdateDate": "2018-08-28T23:00:33+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSXrayFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSXrayFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-12-01T18:30:55+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"xray:*" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJQBYG45NSJMVQDB2K", | |
"PolicyName": "AWSXrayFullAccess", | |
"UpdateDate": "2016-12-01T18:30:55+00:00", | |
"VersionId": "v1" | |
}, | |
"AWSXrayReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSXrayReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-04-30T18:11:46+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"xray:GetSamplingRules", | |
"xray:GetSamplingTargets", | |
"xray:GetSamplingStatisticSummaries", | |
"xray:BatchGetTraces", | |
"xray:GetServiceGraph", | |
"xray:GetTraceGraph", | |
"xray:GetTraceSummaries", | |
"xray:GetGroups", | |
"xray:GetGroup", | |
"xray:GetTimeSeriesServiceStatistics" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIH4OFXWPS6ZX6OPGQ", | |
"PolicyName": "AWSXrayReadOnlyAccess", | |
"UpdateDate": "2019-04-30T18:11:46+00:00", | |
"VersionId": "v4" | |
}, | |
"AWSXrayWriteOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-08-28T23:03:04+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"xray:PutTraceSegments", | |
"xray:PutTelemetryRecords", | |
"xray:GetSamplingRules", | |
"xray:GetSamplingTargets", | |
"xray:GetSamplingStatisticSummaries" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIAACM4LMYSRGBCTM6", | |
"PolicyName": "AWSXrayWriteOnlyAccess", | |
"UpdateDate": "2018-08-28T23:03:04+00:00", | |
"VersionId": "v2" | |
}, | |
"AdministratorAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AdministratorAccess", | |
"AttachmentCount": 7, | |
"CreateDate": "2015-02-06T18:39:46+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "*", | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIWMBCKSKIEE64ZLYK", | |
"PolicyName": "AdministratorAccess", | |
"UpdateDate": "2015-02-06T18:39:46+00:00", | |
"VersionId": "v1" | |
}, | |
"AlexaForBusinessDeviceSetup": { | |
"Arn": "arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-05-20T21:05:39+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"a4b:RegisterDevice", | |
"a4b:CompleteRegistration", | |
"a4b:SearchDevices", | |
"a4b:SearchNetworkProfiles", | |
"a4b:GetNetworkProfile", | |
"a4b:PutDeviceSetupEvents" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"secretsmanager:GetSecretValue" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:secretsmanager:*:*:secret:A4BNetworkProfile*", | |
"Sid": "A4bDeviceSetupAccess" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIUEFZFUTDTY4HGFU2", | |
"PolicyName": "AlexaForBusinessDeviceSetup", | |
"UpdateDate": "2019-05-20T21:05:39+00:00", | |
"VersionId": "v2" | |
}, | |
"AlexaForBusinessFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AlexaForBusinessFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-05-20T21:32:33+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"a4b:*", | |
"kms:DescribeKey" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:CreateServiceLinkedRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": [ | |
"*a4b.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:DeleteServiceLinkedRole", | |
"iam:GetServiceLinkedRoleDeletionStatus" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/*a4b.amazonaws.com/AWSServiceRoleForAlexaForBusiness*" | |
}, | |
{ | |
"Action": [ | |
"secretsmanager:GetSecretValue", | |
"secretsmanager:DeleteSecret", | |
"secretsmanager:UpdateSecret" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:secretsmanager:*:*:secret:A4BNetworkProfile*" | |
}, | |
{ | |
"Action": "secretsmanager:CreateSecret", | |
"Condition": { | |
"StringLike": { | |
"secretsmanager:Name": "A4BNetworkProfile*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAILUT3JGG7WRIMVNH2", | |
"PolicyName": "AlexaForBusinessFullAccess", | |
"UpdateDate": "2019-05-20T21:32:33+00:00", | |
"VersionId": "v4" | |
}, | |
"AlexaForBusinessGatewayExecution": { | |
"Arn": "arn:aws:iam::aws:policy/AlexaForBusinessGatewayExecution", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-11-30T16:47:19+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"a4b:Send*", | |
"a4b:Get*" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:a4b:*:*:gateway/*" | |
}, | |
{ | |
"Action": [ | |
"sqs:ReceiveMessage", | |
"sqs:DeleteMessage" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:sqs:*:*:dd-*", | |
"arn:aws:sqs:*:*:sd-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"a4b:List*", | |
"logs:CreateLogGroup", | |
"logs:CreateLogStream", | |
"logs:DescribeLogGroups", | |
"logs:PutLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI3LZ7YP7KHLG4DT2Q", | |
"PolicyName": "AlexaForBusinessGatewayExecution", | |
"UpdateDate": "2017-11-30T16:47:19+00:00", | |
"VersionId": "v1" | |
}, | |
"AlexaForBusinessNetworkProfileServicePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AlexaForBusinessNetworkProfileServicePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-04-05T21:57:56+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"acm-pca:GetCertificate", | |
"acm-pca:IssueCertificate", | |
"acm-pca:RevokeCertificate" | |
], | |
"Condition": { | |
"StringEquals": { | |
"aws:ResourceTag/a4b": "enabled" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "A4bPcaTagAccess" | |
}, | |
{ | |
"Action": [ | |
"secretsmanager:GetSecretValue" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:secretsmanager:*:*:secret:A4BNetworkProfile*", | |
"Sid": "A4bNetworkProfileAccess" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI7GYBNGIZU2EDSMGQ", | |
"PolicyName": "AlexaForBusinessNetworkProfileServicePolicy", | |
"UpdateDate": "2019-04-05T21:57:56+00:00", | |
"VersionId": "v2" | |
}, | |
"AlexaForBusinessPolyDelegatedAccessPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/AlexaForBusinessPolyDelegatedAccessPolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-16T19:48:45+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"a4b:DisassociateDeviceFromRoom", | |
"a4b:DeleteDevice", | |
"a4b:UpdateDevice", | |
"a4b:GetDevice" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:a4b:us-east-1:*:device/*/*:A238TWV36W3S92", | |
"arn:aws:a4b:us-east-1:*:device/*/*:A1FUZ1SC53VJXD" | |
] | |
}, | |
{ | |
"Action": [ | |
"a4b:RegisterAVSDevice" | |
], | |
"Condition": { | |
"StringEquals": { | |
"a4b:amazonId": [ | |
"A238TWV36W3S92", | |
"A1FUZ1SC53VJXD" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"a4b:SearchDevices" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"a4b:AssociateDeviceWithRoom" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:a4b:us-east-1:*:device/*/*:A238TWV36W3S92", | |
"arn:aws:a4b:us-east-1:*:device/*/*:A1FUZ1SC53VJXD", | |
"arn:aws:a4b:us-east-1:*:room/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"a4b:GetRoom", | |
"a4b:SearchRooms", | |
"a4b:CreateRoom", | |
"a4b:GetProfile", | |
"a4b:SearchSkillGroups", | |
"a4b:DisassociateSkillGroupFromRoom", | |
"a4b:AssociateSkillGroupWithRoom", | |
"a4b:GetSkillGroup", | |
"a4b:SearchProfiles", | |
"a4b:GetAddressBook", | |
"a4b:UpdateRoom" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4FIHC2UP5Z", | |
"PolicyName": "AlexaForBusinessPolyDelegatedAccessPolicy", | |
"UpdateDate": "2019-10-16T19:48:45+00:00", | |
"VersionId": "v1" | |
}, | |
"AlexaForBusinessReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AlexaForBusinessReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-06-25T23:52:33+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"a4b:Get*", | |
"a4b:List*", | |
"a4b:Describe*", | |
"a4b:Search*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI6BKSTB4XMLPBFFJ2", | |
"PolicyName": "AlexaForBusinessReadOnlyAccess", | |
"UpdateDate": "2018-06-25T23:52:33+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonAPIGatewayAdministrator": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-07-09T17:34:45+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"apigateway:*" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:apigateway:*::/*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ4PT6VY5NLKTNUYSI", | |
"PolicyName": "AmazonAPIGatewayAdministrator", | |
"UpdateDate": "2015-07-09T17:34:45+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonAPIGatewayInvokeFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-12-18T18:25:10+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"execute-api:Invoke", | |
"execute-api:ManageConnections" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:execute-api:*:*:*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIIWAX2NOOQJ4AIEQ6", | |
"PolicyName": "AmazonAPIGatewayInvokeFullAccess", | |
"UpdateDate": "2018-12-18T18:25:10+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonAPIGatewayPushToCloudWatchLogs": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", | |
"AttachmentCount": 2, | |
"CreateDate": "2015-11-11T23:41:46+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"logs:CreateLogGroup", | |
"logs:CreateLogStream", | |
"logs:DescribeLogGroups", | |
"logs:DescribeLogStreams", | |
"logs:PutLogEvents", | |
"logs:GetLogEvents", | |
"logs:FilterLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIK4GFO7HLKYN64ASK", | |
"PolicyName": "AmazonAPIGatewayPushToCloudWatchLogs", | |
"UpdateDate": "2015-11-11T23:41:46+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonAppStreamFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonAppStreamFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-08-07T19:27:59+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"appstream:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"application-autoscaling:DeleteScalingPolicy", | |
"application-autoscaling:DescribeScalableTargets", | |
"application-autoscaling:DescribeScalingPolicies", | |
"application-autoscaling:PutScalingPolicy", | |
"application-autoscaling:RegisterScalableTarget" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"cloudwatch:DeleteAlarms", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:GetMetricStatistics", | |
"cloudwatch:PutMetricAlarm" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"ec2:DescribeRouteTables", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeVpcEndpoints" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:ListRoles", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": "application-autoscaling.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/service-role/ApplicationAutoScalingForAmazonAppStreamAccess" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": "appstream.application-autoscaling.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/appstream.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_AppStreamFleet" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJLZZXU2YQVGL4QDNC", | |
"PolicyName": "AmazonAppStreamFullAccess", | |
"UpdateDate": "2019-08-07T19:27:59+00:00", | |
"VersionId": "v4" | |
}, | |
"AmazonAppStreamReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonAppStreamReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-12-07T21:00:06+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"appstream:Get*", | |
"appstream:List*", | |
"appstream:Describe*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJXIFDGB4VBX23DX7K", | |
"PolicyName": "AmazonAppStreamReadOnlyAccess", | |
"UpdateDate": "2016-12-07T21:00:06+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonAppStreamServiceAccess": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonAppStreamServiceAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-08-07T18:29:52+00:00", | |
"DefaultVersionId": "v6", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:DescribeVpcs", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeAvailabilityZones", | |
"ec2:CreateNetworkInterface", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DescribeSubnets", | |
"ec2:AssociateAddress", | |
"ec2:DisassociateAddress", | |
"ec2:DescribeRouteTables", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeVpcEndpoints", | |
"s3:ListAllMyBuckets" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"s3:CreateBucket", | |
"s3:ListBucket", | |
"s3:GetObject", | |
"s3:PutObject", | |
"s3:DeleteObject", | |
"s3:GetObjectVersion", | |
"s3:DeleteObjectVersion", | |
"s3:PutBucketPolicy", | |
"s3:PutEncryptionConfiguration" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::appstream2-36fb080bb8-*", | |
"arn:aws:s3:::appstream-app-settings-*", | |
"arn:aws:s3:::appstream-logs-*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAISBRZ7LMMCBYEF3SE", | |
"PolicyName": "AmazonAppStreamServiceAccess", | |
"UpdateDate": "2019-08-07T18:29:52+00:00", | |
"VersionId": "v6" | |
}, | |
"AmazonAthenaFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonAthenaFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-08-08T17:52:27+00:00", | |
"DefaultVersionId": "v6", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"athena:*" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"glue:CreateDatabase", | |
"glue:DeleteDatabase", | |
"glue:GetDatabase", | |
"glue:GetDatabases", | |
"glue:UpdateDatabase", | |
"glue:CreateTable", | |
"glue:DeleteTable", | |
"glue:BatchDeleteTable", | |
"glue:UpdateTable", | |
"glue:GetTable", | |
"glue:GetTables", | |
"glue:BatchCreatePartition", | |
"glue:CreatePartition", | |
"glue:DeletePartition", | |
"glue:BatchDeletePartition", | |
"glue:UpdatePartition", | |
"glue:GetPartition", | |
"glue:GetPartitions", | |
"glue:BatchGetPartition" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"s3:GetBucketLocation", | |
"s3:GetObject", | |
"s3:ListBucket", | |
"s3:ListBucketMultipartUploads", | |
"s3:ListMultipartUploadParts", | |
"s3:AbortMultipartUpload", | |
"s3:CreateBucket", | |
"s3:PutObject" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::aws-athena-query-results-*" | |
] | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject", | |
"s3:ListBucket" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::athena-examples*" | |
] | |
}, | |
{ | |
"Action": [ | |
"s3:ListBucket", | |
"s3:GetBucketLocation", | |
"s3:ListAllMyBuckets" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"sns:ListTopics", | |
"sns:GetTopicAttributes" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"cloudwatch:PutMetricAlarm", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:DeleteAlarms" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"lakeformation:GetDataAccess" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIPJMLMD4C7RYZ6XCK", | |
"PolicyName": "AmazonAthenaFullAccess", | |
"UpdateDate": "2019-08-08T17:52:27+00:00", | |
"VersionId": "v6" | |
}, | |
"AmazonChimeFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonChimeFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-11-01T22:15:43+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"chime:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIUJFSAKUERNORYRWO", | |
"PolicyName": "AmazonChimeFullAccess", | |
"UpdateDate": "2017-11-01T22:15:43+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonChimeReadOnly": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonChimeReadOnly", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-18T18:49:37+00:00", | |
"DefaultVersionId": "v9", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"chime:List*", | |
"chime:Get*", | |
"chime:SearchAvailablePhoneNumbers" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJLBFZZFABRXVWRTCI", | |
"PolicyName": "AmazonChimeReadOnly", | |
"UpdateDate": "2019-11-18T18:49:37+00:00", | |
"VersionId": "v9" | |
}, | |
"AmazonChimeServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-09-30T22:25:06+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"iam:CreateServiceLinkedRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": "chime.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/aws-service-role/chime.amazonaws.com/AWSServiceRoleForAmazonChime" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4NA5XMV3PI", | |
"PolicyName": "AmazonChimeServiceRolePolicy", | |
"UpdateDate": "2019-09-30T22:25:06+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonChimeUserManagement": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonChimeUserManagement", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-03-18T12:17:58+00:00", | |
"DefaultVersionId": "v6", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"chime:ListAccounts", | |
"chime:GetAccount", | |
"chime:GetAccountSettings", | |
"chime:UpdateAccountSettings", | |
"chime:ListUsers", | |
"chime:GetUser", | |
"chime:GetUserByEmail", | |
"chime:InviteUsers", | |
"chime:SuspendUsers", | |
"chime:ActivateUsers", | |
"chime:UpdateUserLicenses", | |
"chime:ResetPersonalPIN", | |
"chime:LogoutUser", | |
"chime:ListDomains", | |
"chime:GetDomain", | |
"chime:ListDirectories", | |
"chime:ListGroups", | |
"chime:SubmitSupportRequest", | |
"chime:ListDelegates", | |
"chime:ListAccountUsageReportData", | |
"chime:GetMeetingDetail", | |
"chime:ListMeetingEvents", | |
"chime:ListMeetingsReportData", | |
"chime:GetUserActivityReportData", | |
"chime:UpdateUser", | |
"chime:BatchUpdateUser", | |
"chime:BatchSuspendUser", | |
"chime:BatchUnsuspendUser", | |
"chime:AssociatePhoneNumberWithUser", | |
"chime:DisassociatePhoneNumberFromUser", | |
"chime:GetPhoneNumber", | |
"chime:ListPhoneNumbers", | |
"chime:GetUserSettings", | |
"chime:UpdateUserSettings" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJGLHVUHNMQPSDGSOO", | |
"PolicyName": "AmazonChimeUserManagement", | |
"UpdateDate": "2019-03-18T12:17:58+00:00", | |
"VersionId": "v6" | |
}, | |
"AmazonChimeVoiceConnectorServiceLinkedRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeVoiceConnectorServiceLinkedRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-09-30T22:16:42+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"chime:GetVoiceConnector*" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4GP44ZBY4P", | |
"PolicyName": "AmazonChimeVoiceConnectorServiceLinkedRolePolicy", | |
"UpdateDate": "2019-09-30T22:16:42+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonCloudDirectoryFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonCloudDirectoryFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-02-25T00:41:39+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"clouddirectory:*" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJG3XQK77ATFLCF2CK", | |
"PolicyName": "AmazonCloudDirectoryFullAccess", | |
"UpdateDate": "2017-02-25T00:41:39+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonCloudDirectoryReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonCloudDirectoryReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-02-28T23:42:06+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"clouddirectory:List*", | |
"clouddirectory:Get*", | |
"clouddirectory:LookupPolicy", | |
"clouddirectory:BatchRead" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAICMSZQGR3O62KMD6M", | |
"PolicyName": "AmazonCloudDirectoryReadOnlyAccess", | |
"UpdateDate": "2017-02-28T23:42:06+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonCognitoDeveloperAuthenticatedIdentities": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonCognitoDeveloperAuthenticatedIdentities", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-03-24T17:22:23+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cognito-identity:GetOpenIdTokenForDeveloperIdentity", | |
"cognito-identity:LookupDeveloperIdentity", | |
"cognito-identity:MergeDeveloperIdentities", | |
"cognito-identity:UnlinkDeveloperIdentity" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIQOKZ5BGKLCMTXH4W", | |
"PolicyName": "AmazonCognitoDeveloperAuthenticatedIdentities", | |
"UpdateDate": "2015-03-24T17:22:23+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonCognitoIdpEmailServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonCognitoIdpEmailServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-03-21T21:32:25+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ses:SendEmail", | |
"ses:SendRawEmail" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"ses:List*" | |
], | |
"Effect": "Deny", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIX7PW362PLAQFKBHM", | |
"PolicyName": "AmazonCognitoIdpEmailServiceRolePolicy", | |
"UpdateDate": "2019-03-21T21:32:25+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonCognitoPowerUser": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonCognitoPowerUser", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-03-29T22:06:46+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cognito-identity:*", | |
"cognito-idp:*", | |
"cognito-sync:*", | |
"iam:ListRoles", | |
"iam:ListOpenIdConnectProviders", | |
"sns:ListPlatformApplications" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringEquals": { | |
"iam:AWSServiceName": "email.cognito-idp.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:DeleteServiceLinkedRole", | |
"iam:GetServiceLinkedRoleDeletionStatus" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/email.cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdpEmail*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJKW5H2HNCPGCYGR6Y", | |
"PolicyName": "AmazonCognitoPowerUser", | |
"UpdateDate": "2019-03-29T22:06:46+00:00", | |
"VersionId": "v3" | |
}, | |
"AmazonCognitoReadOnly": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonCognitoReadOnly", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-08-01T19:21:04+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cognito-identity:Describe*", | |
"cognito-identity:Get*", | |
"cognito-identity:List*", | |
"cognito-idp:Describe*", | |
"cognito-idp:AdminGet*", | |
"cognito-idp:AdminList*", | |
"cognito-idp:List*", | |
"cognito-idp:Get*", | |
"cognito-sync:Describe*", | |
"cognito-sync:Get*", | |
"cognito-sync:List*", | |
"iam:ListOpenIdConnectProviders", | |
"iam:ListRoles", | |
"sns:ListPlatformApplications" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJBFTRZD2GQGJHSVQK", | |
"PolicyName": "AmazonCognitoReadOnly", | |
"UpdateDate": "2019-08-01T19:21:04+00:00", | |
"VersionId": "v4" | |
}, | |
"AmazonConnectFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonConnectFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-10-17T22:28:01+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"connect:*", | |
"ds:CreateAlias", | |
"ds:AuthorizeApplication", | |
"ds:CreateIdentityPoolDirectory", | |
"ds:DeleteDirectory", | |
"ds:DescribeDirectories", | |
"ds:UnauthorizeApplication", | |
"firehose:DescribeDeliveryStream", | |
"firehose:ListDeliveryStreams", | |
"kinesis:DescribeStream", | |
"kinesis:ListStreams", | |
"kms:DescribeKey", | |
"kms:CreateGrant", | |
"kms:ListAliases", | |
"lex:GetBots", | |
"logs:CreateLogGroup", | |
"s3:CreateBucket", | |
"s3:GetBucketLocation", | |
"s3:ListAllMyBuckets" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringEquals": { | |
"iam:AWSServiceName": "connect.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:DeleteServiceLinkedRole", | |
"iam:PutRolePolicy" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIPZZCFFD55NYGBAJI", | |
"PolicyName": "AmazonConnectFullAccess", | |
"UpdateDate": "2018-10-17T22:28:01+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonConnectReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonConnectReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-06T22:10:18+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"connect:Get*", | |
"connect:Describe*", | |
"connect:List*", | |
"ds:DescribeDirectories" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "connect:GetFederationTokens", | |
"Effect": "Deny", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIVZMH7VU6YYKRY6ZU", | |
"PolicyName": "AmazonConnectReadOnlyAccess", | |
"UpdateDate": "2019-11-06T22:10:18+00:00", | |
"VersionId": "v3" | |
}, | |
"AmazonConnectServiceLinkedRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonConnectServiceLinkedRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-09-25T21:29:18+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"connect:*" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:DeleteRole" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect_*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ6R6FMTSRUJSKI72Y", | |
"PolicyName": "AmazonConnectServiceLinkedRolePolicy", | |
"UpdateDate": "2018-09-25T21:29:18+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonDMSCloudWatchLogsRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-01-07T23:44:53+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"logs:DescribeLogGroups" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "AllowDescribeOnAllLogGroups" | |
}, | |
{ | |
"Action": [ | |
"logs:DescribeLogStreams" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:logs:*:*:log-group:dms-tasks-*" | |
], | |
"Sid": "AllowDescribeOfAllLogStreamsOnDmsTasksLogGroup" | |
}, | |
{ | |
"Action": [ | |
"logs:CreateLogGroup" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:logs:*:*:log-group:dms-tasks-*" | |
], | |
"Sid": "AllowCreationOfDmsTasksLogGroups" | |
}, | |
{ | |
"Action": [ | |
"logs:CreateLogStream" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:logs:*:*:log-group:dms-tasks-*:log-stream:dms-task-*" | |
], | |
"Sid": "AllowCreationOfDmsTaskLogStream" | |
}, | |
{ | |
"Action": [ | |
"logs:PutLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:logs:*:*:log-group:dms-tasks-*:log-stream:dms-task-*" | |
], | |
"Sid": "AllowUploadOfLogEventsToDmsTaskLogStream" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJBG7UXZZXUJD3TDJE", | |
"PolicyName": "AmazonDMSCloudWatchLogsRole", | |
"UpdateDate": "2016-01-07T23:44:53+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonDMSRedshiftS3Role": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-07-08T18:19:14+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"s3:CreateBucket", | |
"s3:ListBucket", | |
"s3:DeleteBucket", | |
"s3:GetBucketLocation", | |
"s3:GetObject", | |
"s3:PutObject", | |
"s3:DeleteObject", | |
"s3:GetObjectVersion", | |
"s3:GetBucketPolicy", | |
"s3:PutBucketPolicy", | |
"s3:GetBucketAcl", | |
"s3:PutBucketVersioning", | |
"s3:GetBucketVersioning", | |
"s3:PutLifecycleConfiguration", | |
"s3:GetLifecycleConfiguration", | |
"s3:DeleteBucketPolicy" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:s3:::dms-*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI3CCUQ4U5WNC5F6B6", | |
"PolicyName": "AmazonDMSRedshiftS3Role", | |
"UpdateDate": "2019-07-08T18:19:14+00:00", | |
"VersionId": "v3" | |
}, | |
"AmazonDMSVPCManagementRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-05-23T16:29:57+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:CreateNetworkInterface", | |
"ec2:DescribeAvailabilityZones", | |
"ec2:DescribeInternetGateways", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"ec2:DeleteNetworkInterface", | |
"ec2:ModifyNetworkInterfaceAttribute" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJHKIGMBQI4AEFFSYO", | |
"PolicyName": "AmazonDMSVPCManagementRole", | |
"UpdateDate": "2016-05-23T16:29:57+00:00", | |
"VersionId": "v3" | |
}, | |
"AmazonDRSVPCManagement": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonDRSVPCManagement", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-09-02T00:09:20+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:CreateNetworkInterface", | |
"ec2:CreateSecurityGroup", | |
"ec2:DescribeAvailabilityZones", | |
"ec2:DescribeInternetGateways", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcAttribute", | |
"ec2:DescribeVpcs", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DeleteSecurityGroup", | |
"ec2:ModifyNetworkInterfaceAttribute", | |
"ec2:RevokeSecurityGroupIngress" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJPXIBTTZMBEFEX6UA", | |
"PolicyName": "AmazonDRSVPCManagement", | |
"UpdateDate": "2015-09-02T00:09:20+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonDocDBConsoleFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonDocDBConsoleFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-21T18:57:02+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"rds:AddRoleToDBCluster", | |
"rds:AddSourceIdentifierToSubscription", | |
"rds:AddTagsToResource", | |
"rds:ApplyPendingMaintenanceAction", | |
"rds:CopyDBClusterParameterGroup", | |
"rds:CopyDBClusterSnapshot", | |
"rds:CopyDBParameterGroup", | |
"rds:CreateDBCluster", | |
"rds:CreateDBClusterParameterGroup", | |
"rds:CreateDBClusterSnapshot", | |
"rds:CreateDBInstance", | |
"rds:CreateDBParameterGroup", | |
"rds:CreateDBSubnetGroup", | |
"rds:CreateEventSubscription", | |
"rds:DeleteDBCluster", | |
"rds:DeleteDBClusterParameterGroup", | |
"rds:DeleteDBClusterSnapshot", | |
"rds:DeleteDBInstance", | |
"rds:DeleteDBParameterGroup", | |
"rds:DeleteDBSubnetGroup", | |
"rds:DeleteEventSubscription", | |
"rds:DescribeAccountAttributes", | |
"rds:DescribeCertificates", | |
"rds:DescribeDBClusterParameterGroups", | |
"rds:DescribeDBClusterParameters", | |
"rds:DescribeDBClusterSnapshotAttributes", | |
"rds:DescribeDBClusterSnapshots", | |
"rds:DescribeDBClusters", | |
"rds:DescribeDBEngineVersions", | |
"rds:DescribeDBInstances", | |
"rds:DescribeDBLogFiles", | |
"rds:DescribeDBParameterGroups", | |
"rds:DescribeDBParameters", | |
"rds:DescribeDBSecurityGroups", | |
"rds:DescribeDBSubnetGroups", | |
"rds:DescribeEngineDefaultClusterParameters", | |
"rds:DescribeEngineDefaultParameters", | |
"rds:DescribeEventCategories", | |
"rds:DescribeEventSubscriptions", | |
"rds:DescribeEvents", | |
"rds:DescribeOptionGroups", | |
"rds:DescribeOrderableDBInstanceOptions", | |
"rds:DescribePendingMaintenanceActions", | |
"rds:DescribeValidDBInstanceModifications", | |
"rds:DownloadDBLogFilePortion", | |
"rds:FailoverDBCluster", | |
"rds:ListTagsForResource", | |
"rds:ModifyDBCluster", | |
"rds:ModifyDBClusterParameterGroup", | |
"rds:ModifyDBClusterSnapshotAttribute", | |
"rds:ModifyDBInstance", | |
"rds:ModifyDBParameterGroup", | |
"rds:ModifyDBSubnetGroup", | |
"rds:ModifyEventSubscription", | |
"rds:PromoteReadReplicaDBCluster", | |
"rds:RebootDBInstance", | |
"rds:RemoveRoleFromDBCluster", | |
"rds:RemoveSourceIdentifierFromSubscription", | |
"rds:RemoveTagsFromResource", | |
"rds:ResetDBClusterParameterGroup", | |
"rds:ResetDBParameterGroup", | |
"rds:RestoreDBClusterFromSnapshot", | |
"rds:RestoreDBClusterToPointInTime" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:GetRole", | |
"cloudwatch:GetMetricData", | |
"cloudwatch:GetMetricStatistics", | |
"cloudwatch:ListMetrics", | |
"ec2:AllocateAddress", | |
"ec2:AssignIpv6Addresses", | |
"ec2:AssignPrivateIpAddresses", | |
"ec2:AssociateAddress", | |
"ec2:AssociateRouteTable", | |
"ec2:AssociateSubnetCidrBlock", | |
"ec2:AssociateVpcCidrBlock", | |
"ec2:AttachInternetGateway", | |
"ec2:AttachNetworkInterface", | |
"ec2:CreateCustomerGateway", | |
"ec2:CreateDefaultSubnet", | |
"ec2:CreateDefaultVpc", | |
"ec2:CreateInternetGateway", | |
"ec2:CreateNatGateway", | |
"ec2:CreateNetworkInterface", | |
"ec2:CreateRoute", | |
"ec2:CreateRouteTable", | |
"ec2:CreateSecurityGroup", | |
"ec2:CreateSubnet", | |
"ec2:CreateVpc", | |
"ec2:CreateVpcEndpoint", | |
"ec2:DescribeAccountAttributes", | |
"ec2:DescribeAddresses", | |
"ec2:DescribeAvailabilityZones", | |
"ec2:DescribeCustomerGateways", | |
"ec2:DescribeInstances", | |
"ec2:DescribeNatGateways", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DescribePrefixLists", | |
"ec2:DescribeRouteTables", | |
"ec2:DescribeSecurityGroupReferences", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcAttribute", | |
"ec2:DescribeVpcEndpoints", | |
"ec2:DescribeVpcs", | |
"ec2:ModifyNetworkInterfaceAttribute", | |
"ec2:ModifySubnetAttribute", | |
"ec2:ModifyVpcAttribute", | |
"ec2:ModifyVpcEndpoint", | |
"kms:DescribeKey", | |
"kms:ListAliases", | |
"kms:ListKeyPolicies", | |
"kms:ListKeys", | |
"kms:ListRetirableGrants", | |
"logs:DescribeLogStreams", | |
"logs:GetLogEvents", | |
"sns:ListSubscriptions", | |
"sns:ListTopics", | |
"sns:Publish" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": "rds.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJHV6VMSNDDHJ3ESNI", | |
"PolicyName": "AmazonDocDBConsoleFullAccess", | |
"UpdateDate": "2019-10-21T18:57:02+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonDocDBFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonDocDBFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-01-09T20:21:44+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"rds:AddRoleToDBCluster", | |
"rds:AddSourceIdentifierToSubscription", | |
"rds:AddTagsToResource", | |
"rds:ApplyPendingMaintenanceAction", | |
"rds:CopyDBClusterParameterGroup", | |
"rds:CopyDBClusterSnapshot", | |
"rds:CopyDBParameterGroup", | |
"rds:CreateDBCluster", | |
"rds:CreateDBClusterParameterGroup", | |
"rds:CreateDBClusterSnapshot", | |
"rds:CreateDBInstance", | |
"rds:CreateDBParameterGroup", | |
"rds:CreateDBSubnetGroup", | |
"rds:CreateEventSubscription", | |
"rds:DeleteDBCluster", | |
"rds:DeleteDBClusterParameterGroup", | |
"rds:DeleteDBClusterSnapshot", | |
"rds:DeleteDBInstance", | |
"rds:DeleteDBParameterGroup", | |
"rds:DeleteDBSubnetGroup", | |
"rds:DeleteEventSubscription", | |
"rds:DescribeAccountAttributes", | |
"rds:DescribeCertificates", | |
"rds:DescribeDBClusterParameterGroups", | |
"rds:DescribeDBClusterParameters", | |
"rds:DescribeDBClusterSnapshotAttributes", | |
"rds:DescribeDBClusterSnapshots", | |
"rds:DescribeDBClusters", | |
"rds:DescribeDBEngineVersions", | |
"rds:DescribeDBInstances", | |
"rds:DescribeDBLogFiles", | |
"rds:DescribeDBParameterGroups", | |
"rds:DescribeDBParameters", | |
"rds:DescribeDBSecurityGroups", | |
"rds:DescribeDBSubnetGroups", | |
"rds:DescribeEngineDefaultClusterParameters", | |
"rds:DescribeEngineDefaultParameters", | |
"rds:DescribeEventCategories", | |
"rds:DescribeEventSubscriptions", | |
"rds:DescribeEvents", | |
"rds:DescribeOptionGroups", | |
"rds:DescribeOrderableDBInstanceOptions", | |
"rds:DescribePendingMaintenanceActions", | |
"rds:DescribeValidDBInstanceModifications", | |
"rds:DownloadDBLogFilePortion", | |
"rds:FailoverDBCluster", | |
"rds:ListTagsForResource", | |
"rds:ModifyDBCluster", | |
"rds:ModifyDBClusterParameterGroup", | |
"rds:ModifyDBClusterSnapshotAttribute", | |
"rds:ModifyDBInstance", | |
"rds:ModifyDBParameterGroup", | |
"rds:ModifyDBSubnetGroup", | |
"rds:ModifyEventSubscription", | |
"rds:PromoteReadReplicaDBCluster", | |
"rds:RebootDBInstance", | |
"rds:RemoveRoleFromDBCluster", | |
"rds:RemoveSourceIdentifierFromSubscription", | |
"rds:RemoveTagsFromResource", | |
"rds:ResetDBClusterParameterGroup", | |
"rds:ResetDBParameterGroup", | |
"rds:RestoreDBClusterFromSnapshot", | |
"rds:RestoreDBClusterToPointInTime" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"cloudwatch:GetMetricStatistics", | |
"cloudwatch:ListMetrics", | |
"ec2:DescribeAccountAttributes", | |
"ec2:DescribeAvailabilityZones", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcAttribute", | |
"ec2:DescribeVpcs", | |
"kms:ListAliases", | |
"kms:ListKeyPolicies", | |
"kms:ListKeys", | |
"kms:ListRetirableGrants", | |
"logs:DescribeLogStreams", | |
"logs:GetLogEvents", | |
"sns:ListSubscriptions", | |
"sns:ListTopics", | |
"sns:Publish" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": "rds.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIQKACUF6JJHALEG5K", | |
"PolicyName": "AmazonDocDBFullAccess", | |
"UpdateDate": "2019-01-09T20:21:44+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonDocDBReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonDocDBReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-01-09T20:30:28+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"rds:DescribeAccountAttributes", | |
"rds:DescribeCertificates", | |
"rds:DescribeDBClusterParameterGroups", | |
"rds:DescribeDBClusterParameters", | |
"rds:DescribeDBClusterSnapshotAttributes", | |
"rds:DescribeDBClusterSnapshots", | |
"rds:DescribeDBClusters", | |
"rds:DescribeDBEngineVersions", | |
"rds:DescribeDBInstances", | |
"rds:DescribeDBLogFiles", | |
"rds:DescribeDBParameterGroups", | |
"rds:DescribeDBParameters", | |
"rds:DescribeDBSubnetGroups", | |
"rds:DescribeEventCategories", | |
"rds:DescribeEventSubscriptions", | |
"rds:DescribeEvents", | |
"rds:DescribeOrderableDBInstanceOptions", | |
"rds:DescribePendingMaintenanceActions", | |
"rds:DownloadDBLogFilePortion", | |
"rds:ListTagsForResource" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"cloudwatch:GetMetricStatistics", | |
"cloudwatch:ListMetrics" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"ec2:DescribeAccountAttributes", | |
"ec2:DescribeAvailabilityZones", | |
"ec2:DescribeInternetGateways", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcAttribute", | |
"ec2:DescribeVpcs" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"kms:ListKeys", | |
"kms:ListRetirableGrants", | |
"kms:ListAliases", | |
"kms:ListKeyPolicies" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"logs:DescribeLogStreams", | |
"logs:GetLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*", | |
"arn:aws:logs:*:*:log-group:/aws/docdb/*:log-stream:*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI477RMVACLTLWY5RQ", | |
"PolicyName": "AmazonDocDBReadOnlyAccess", | |
"UpdateDate": "2019-01-09T20:30:28+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonDynamoDBFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-15T18:20:39+00:00", | |
"DefaultVersionId": "v10", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"dynamodb:*", | |
"dax:*", | |
"application-autoscaling:DeleteScalingPolicy", | |
"application-autoscaling:DeregisterScalableTarget", | |
"application-autoscaling:DescribeScalableTargets", | |
"application-autoscaling:DescribeScalingActivities", | |
"application-autoscaling:DescribeScalingPolicies", | |
"application-autoscaling:PutScalingPolicy", | |
"application-autoscaling:RegisterScalableTarget", | |
"cloudwatch:DeleteAlarms", | |
"cloudwatch:DescribeAlarmHistory", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:DescribeAlarmsForMetric", | |
"cloudwatch:GetMetricStatistics", | |
"cloudwatch:ListMetrics", | |
"cloudwatch:PutMetricAlarm", | |
"datapipeline:ActivatePipeline", | |
"datapipeline:CreatePipeline", | |
"datapipeline:DeletePipeline", | |
"datapipeline:DescribeObjects", | |
"datapipeline:DescribePipelines", | |
"datapipeline:GetPipelineDefinition", | |
"datapipeline:ListPipelines", | |
"datapipeline:PutPipelineDefinition", | |
"datapipeline:QueryObjects", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeSecurityGroups", | |
"iam:GetRole", | |
"iam:ListRoles", | |
"sns:CreateTopic", | |
"sns:DeleteTopic", | |
"sns:ListSubscriptions", | |
"sns:ListSubscriptionsByTopic", | |
"sns:ListTopics", | |
"sns:Subscribe", | |
"sns:Unsubscribe", | |
"sns:SetTopicAttributes", | |
"lambda:CreateFunction", | |
"lambda:ListFunctions", | |
"lambda:ListEventSourceMappings", | |
"lambda:CreateEventSourceMapping", | |
"lambda:DeleteEventSourceMapping", | |
"lambda:GetFunctionConfiguration", | |
"lambda:DeleteFunction", | |
"resource-groups:ListGroups", | |
"resource-groups:ListGroupResources", | |
"resource-groups:GetGroup", | |
"resource-groups:GetGroupQuery", | |
"resource-groups:DeleteGroup", | |
"resource-groups:CreateGroup", | |
"tag:GetResources" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": [ | |
"application-autoscaling.amazonaws.com", | |
"dax.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:CreateServiceLinkedRole" | |
], | |
"Condition": { | |
"StringEquals": { | |
"iam:AWSServiceName": [ | |
"replication.dynamodb.amazonaws.com", | |
"dax.amazonaws.com", | |
"dynamodb.application-autoscaling.amazonaws.com", | |
"contributorinsights.dynamodb.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAINUGF2JSOSUY76KYA", | |
"PolicyName": "AmazonDynamoDBFullAccess", | |
"UpdateDate": "2019-11-15T18:20:39+00:00", | |
"VersionId": "v10" | |
}, | |
"AmazonDynamoDBFullAccesswithDataPipeline": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccesswithDataPipeline", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-11-12T02:17:42+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudwatch:DeleteAlarms", | |
"cloudwatch:DescribeAlarmHistory", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:DescribeAlarmsForMetric", | |
"cloudwatch:GetMetricStatistics", | |
"cloudwatch:ListMetrics", | |
"cloudwatch:PutMetricAlarm", | |
"dynamodb:*", | |
"sns:CreateTopic", | |
"sns:DeleteTopic", | |
"sns:ListSubscriptions", | |
"sns:ListSubscriptionsByTopic", | |
"sns:ListTopics", | |
"sns:Subscribe", | |
"sns:Unsubscribe", | |
"sns:SetTopicAttributes" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "DDBConsole" | |
}, | |
{ | |
"Action": [ | |
"lambda:*", | |
"iam:ListRoles" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "DDBConsoleTriggers" | |
}, | |
{ | |
"Action": [ | |
"datapipeline:*", | |
"iam:ListRoles" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "DDBConsoleImportExport" | |
}, | |
{ | |
"Action": [ | |
"iam:GetRolePolicy", | |
"iam:PassRole" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "IAMEDPRoles" | |
}, | |
{ | |
"Action": [ | |
"ec2:CreateTags", | |
"ec2:DescribeInstances", | |
"ec2:RunInstances", | |
"ec2:StartInstances", | |
"ec2:StopInstances", | |
"ec2:TerminateInstances", | |
"elasticmapreduce:*", | |
"datapipeline:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "EMR" | |
}, | |
{ | |
"Action": [ | |
"s3:DeleteObject", | |
"s3:Get*", | |
"s3:List*", | |
"s3:Put*" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "S3" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ3ORT7KDISSXGHJXA", | |
"PolicyName": "AmazonDynamoDBFullAccesswithDataPipeline", | |
"UpdateDate": "2015-11-12T02:17:42+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonDynamoDBReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-05-08T21:15:48+00:00", | |
"DefaultVersionId": "v8", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"application-autoscaling:DescribeScalableTargets", | |
"application-autoscaling:DescribeScalingActivities", | |
"application-autoscaling:DescribeScalingPolicies", | |
"cloudwatch:DescribeAlarmHistory", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:DescribeAlarmsForMetric", | |
"cloudwatch:GetMetricStatistics", | |
"cloudwatch:ListMetrics", | |
"datapipeline:DescribeObjects", | |
"datapipeline:DescribePipelines", | |
"datapipeline:GetPipelineDefinition", | |
"datapipeline:ListPipelines", | |
"datapipeline:QueryObjects", | |
"dynamodb:BatchGetItem", | |
"dynamodb:Describe*", | |
"dynamodb:List*", | |
"dynamodb:GetItem", | |
"dynamodb:Query", | |
"dynamodb:Scan", | |
"dax:Describe*", | |
"dax:List*", | |
"dax:GetItem", | |
"dax:BatchGetItem", | |
"dax:Query", | |
"dax:Scan", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeSecurityGroups", | |
"iam:GetRole", | |
"iam:ListRoles", | |
"sns:ListSubscriptionsByTopic", | |
"sns:ListTopics", | |
"lambda:ListFunctions", | |
"lambda:ListEventSourceMappings", | |
"lambda:GetFunctionConfiguration", | |
"resource-groups:ListGroups", | |
"resource-groups:ListGroupResources", | |
"resource-groups:GetGroup", | |
"resource-groups:GetGroupQuery", | |
"tag:GetResources" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIY2XFNA232XJ6J7X2", | |
"PolicyName": "AmazonDynamoDBReadOnlyAccess", | |
"UpdateDate": "2019-05-08T21:15:48+00:00", | |
"VersionId": "v8" | |
}, | |
"AmazonEC2ContainerRegistryFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-11-10T17:54:49+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ecr:*", | |
"cloudtrail:LookupEvents" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIESRL7KD7IIVF6V4W", | |
"PolicyName": "AmazonEC2ContainerRegistryFullAccess", | |
"UpdateDate": "2017-11-10T17:54:49+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonEC2ContainerRegistryPowerUser": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-10-11T22:28:07+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ecr:GetAuthorizationToken", | |
"ecr:BatchCheckLayerAvailability", | |
"ecr:GetDownloadUrlForLayer", | |
"ecr:GetRepositoryPolicy", | |
"ecr:DescribeRepositories", | |
"ecr:ListImages", | |
"ecr:DescribeImages", | |
"ecr:BatchGetImage", | |
"ecr:InitiateLayerUpload", | |
"ecr:UploadLayerPart", | |
"ecr:CompleteLayerUpload", | |
"ecr:PutImage" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJDNE5PIHROIBGGDDW", | |
"PolicyName": "AmazonEC2ContainerRegistryPowerUser", | |
"UpdateDate": "2016-10-11T22:28:07+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonEC2ContainerRegistryReadOnly": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", | |
"AttachmentCount": 3, | |
"CreateDate": "2016-10-11T22:08:43+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ecr:GetAuthorizationToken", | |
"ecr:BatchCheckLayerAvailability", | |
"ecr:GetDownloadUrlForLayer", | |
"ecr:GetRepositoryPolicy", | |
"ecr:DescribeRepositories", | |
"ecr:ListImages", | |
"ecr:DescribeImages", | |
"ecr:BatchGetImage" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIFYZPA37OOHVIH7KQ", | |
"PolicyName": "AmazonEC2ContainerRegistryReadOnly", | |
"UpdateDate": "2016-10-11T22:08:43+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonEC2ContainerServiceAutoscaleRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceAutoscaleRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-02-05T19:15:15+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ecs:DescribeServices", | |
"ecs:UpdateService" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:PutMetricAlarm" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIUAP3EGGGXXCPDQKK", | |
"PolicyName": "AmazonEC2ContainerServiceAutoscaleRole", | |
"UpdateDate": "2018-02-05T19:15:15+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonEC2ContainerServiceEventsRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceEventsRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-05-22T19:13:11+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ecs:RunTask" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": "ecs-tasks.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAITKFNIUAG27VSYNZ4", | |
"PolicyName": "AmazonEC2ContainerServiceEventsRole", | |
"UpdateDate": "2018-05-22T19:13:11+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonEC2ContainerServiceFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-06-08T00:18:56+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"autoscaling:Describe*", | |
"autoscaling:UpdateAutoScalingGroup", | |
"cloudformation:CreateStack", | |
"cloudformation:DeleteStack", | |
"cloudformation:DescribeStack*", | |
"cloudformation:UpdateStack", | |
"cloudwatch:GetMetricStatistics", | |
"ec2:Describe*", | |
"elasticloadbalancing:*", | |
"ecs:*", | |
"events:DescribeRule", | |
"events:DeleteRule", | |
"events:ListRuleNamesByTarget", | |
"events:ListTargetsByRule", | |
"events:PutRule", | |
"events:PutTargets", | |
"events:RemoveTargets", | |
"iam:ListInstanceProfiles", | |
"iam:ListRoles", | |
"iam:PassRole" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJALOYVTPDZEMIACSM", | |
"PolicyName": "AmazonEC2ContainerServiceFullAccess", | |
"UpdateDate": "2017-06-08T00:18:56+00:00", | |
"VersionId": "v4" | |
}, | |
"AmazonEC2ContainerServiceRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-08-11T13:08:01+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:Describe*", | |
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer", | |
"elasticloadbalancing:DeregisterTargets", | |
"elasticloadbalancing:Describe*", | |
"elasticloadbalancing:RegisterInstancesWithLoadBalancer", | |
"elasticloadbalancing:RegisterTargets" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJO53W2XHNACG7V77Q", | |
"PolicyName": "AmazonEC2ContainerServiceRole", | |
"UpdateDate": "2016-08-11T13:08:01+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonEC2ContainerServiceforEC2Role": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-13T19:11:37+00:00", | |
"DefaultVersionId": "v6", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:DescribeTags", | |
"ecs:CreateCluster", | |
"ecs:DeregisterContainerInstance", | |
"ecs:DiscoverPollEndpoint", | |
"ecs:Poll", | |
"ecs:RegisterContainerInstance", | |
"ecs:StartTelemetrySession", | |
"ecs:UpdateContainerInstancesState", | |
"ecs:Submit*", | |
"ecr:GetAuthorizationToken", | |
"ecr:BatchCheckLayerAvailability", | |
"ecr:GetDownloadUrlForLayer", | |
"ecr:BatchGetImage", | |
"logs:CreateLogStream", | |
"logs:PutLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJLYJCVHC7TQHCSQDS", | |
"PolicyName": "AmazonEC2ContainerServiceforEC2Role", | |
"UpdateDate": "2019-06-13T19:11:37+00:00", | |
"VersionId": "v6" | |
}, | |
"AmazonEC2FullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonEC2FullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-11-27T02:16:56+00:00", | |
"DefaultVersionId": "v5", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "ec2:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "elasticloadbalancing:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "cloudwatch:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "autoscaling:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringEquals": { | |
"iam:AWSServiceName": [ | |
"autoscaling.amazonaws.com", | |
"ec2scheduled.amazonaws.com", | |
"elasticloadbalancing.amazonaws.com", | |
"spot.amazonaws.com", | |
"spotfleet.amazonaws.com", | |
"transitgateway.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI3VAJF5ZCRZ7MCQE6", | |
"PolicyName": "AmazonEC2FullAccess", | |
"UpdateDate": "2018-11-27T02:16:56+00:00", | |
"VersionId": "v5" | |
}, | |
"AmazonEC2ReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-02-06T18:40:17+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "ec2:Describe*", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "elasticloadbalancing:Describe*", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"cloudwatch:ListMetrics", | |
"cloudwatch:GetMetricStatistics", | |
"cloudwatch:Describe*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "autoscaling:Describe*", | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIGDT4SV4GSETWTBZK", | |
"PolicyName": "AmazonEC2ReadOnlyAccess", | |
"UpdateDate": "2015-02-06T18:40:17+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonEC2ReportsAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonEC2ReportsAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-02-06T18:40:16+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "ec2-reports:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIU6NBZVF2PCRW36ZW", | |
"PolicyName": "AmazonEC2ReportsAccess", | |
"UpdateDate": "2015-02-06T18:40:16+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonEC2RolePolicyForLaunchWizard": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonEC2RolePolicyForLaunchWizard", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-13T08:05:53+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:AttachVolume", | |
"ec2:ModifyVolume", | |
"ec2:DescribeInstances", | |
"ec2:DescribeVolumes", | |
"ec2:CreateVolume" | |
], | |
"Condition": { | |
"ForAllValues:StringLike": { | |
"aws:TagKeys": "LaunchWizardResourceGroupID" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "ec2:CreateTags", | |
"Condition": { | |
"ForAllValues:StringEquals": { | |
"aws:TagKeys": "LaunchWizardResourceGroupID" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"s3:GetObject", | |
"logs:PutLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:logs:*:*:*", | |
"arn:aws:s3:::launchwizard*/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ec2:DescribeAddresses", | |
"ec2:AssociateAddress" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "logs:Create*", | |
"Effect": "Allow", | |
"Resource": "arn:aws:logs:*:*:*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4CBGI56NFS", | |
"PolicyName": "AmazonEC2RolePolicyForLaunchWizard", | |
"UpdateDate": "2019-11-13T08:05:53+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonEC2RoleforAWSCodeDeploy": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-03-20T17:14:10+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"s3:GetObject", | |
"s3:GetObjectVersion", | |
"s3:ListBucket" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIAZKXZ27TAJ4PVWGK", | |
"PolicyName": "AmazonEC2RoleforAWSCodeDeploy", | |
"UpdateDate": "2017-03-20T17:14:10+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonEC2RoleforDataPipelineRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforDataPipelineRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-02-22T17:24:05+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudwatch:*", | |
"datapipeline:*", | |
"dynamodb:*", | |
"ec2:Describe*", | |
"elasticmapreduce:AddJobFlowSteps", | |
"elasticmapreduce:Describe*", | |
"elasticmapreduce:ListInstance*", | |
"elasticmapreduce:ModifyInstanceGroups", | |
"rds:Describe*", | |
"redshift:DescribeClusters", | |
"redshift:DescribeClusterSecurityGroups", | |
"s3:*", | |
"sdb:*", | |
"sns:*", | |
"sqs:*" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ3Z5I2WAJE5DN2J36", | |
"PolicyName": "AmazonEC2RoleforDataPipelineRole", | |
"UpdateDate": "2016-02-22T17:24:05+00:00", | |
"VersionId": "v3" | |
}, | |
"AmazonEC2RoleforSSM": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM", | |
"AttachmentCount": 2, | |
"CreateDate": "2019-01-24T19:20:51+00:00", | |
"DefaultVersionId": "v8", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ssm:DescribeAssociation", | |
"ssm:GetDeployablePatchSnapshotForInstance", | |
"ssm:GetDocument", | |
"ssm:DescribeDocument", | |
"ssm:GetManifest", | |
"ssm:GetParameters", | |
"ssm:ListAssociations", | |
"ssm:ListInstanceAssociations", | |
"ssm:PutInventory", | |
"ssm:PutComplianceItems", | |
"ssm:PutConfigurePackageResult", | |
"ssm:UpdateAssociationStatus", | |
"ssm:UpdateInstanceAssociationStatus", | |
"ssm:UpdateInstanceInformation" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"ssmmessages:CreateControlChannel", | |
"ssmmessages:CreateDataChannel", | |
"ssmmessages:OpenControlChannel", | |
"ssmmessages:OpenDataChannel" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"ec2messages:AcknowledgeMessage", | |
"ec2messages:DeleteMessage", | |
"ec2messages:FailMessage", | |
"ec2messages:GetEndpoint", | |
"ec2messages:GetMessages", | |
"ec2messages:SendReply" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"cloudwatch:PutMetricData" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"ec2:DescribeInstanceStatus" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"ds:CreateComputer", | |
"ds:DescribeDirectories" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"logs:CreateLogGroup", | |
"logs:CreateLogStream", | |
"logs:DescribeLogGroups", | |
"logs:DescribeLogStreams", | |
"logs:PutLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"s3:GetBucketLocation", | |
"s3:PutObject", | |
"s3:GetObject", | |
"s3:GetEncryptionConfiguration", | |
"s3:AbortMultipartUpload", | |
"s3:ListMultipartUploadParts", | |
"s3:ListBucket", | |
"s3:ListBucketMultipartUploads" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI6TL3SMY22S4KMMX6", | |
"PolicyName": "AmazonEC2RoleforSSM", | |
"UpdateDate": "2019-01-24T19:20:51+00:00", | |
"VersionId": "v8" | |
}, | |
"AmazonEC2SpotFleetAutoscaleRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetAutoscaleRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-02-18T19:17:03+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:DescribeSpotFleetRequests", | |
"ec2:ModifySpotFleetRequest" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:PutMetricAlarm", | |
"cloudwatch:DeleteAlarms" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": "ec2.application-autoscaling.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/ec2.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_EC2SpotFleetRequest" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIMFFRMIOBGDP2TAVE", | |
"PolicyName": "AmazonEC2SpotFleetAutoscaleRole", | |
"UpdateDate": "2019-02-18T19:17:03+00:00", | |
"VersionId": "v3" | |
}, | |
"AmazonEC2SpotFleetTaggingRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-11-17T22:51:17+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:DescribeImages", | |
"ec2:DescribeSubnets", | |
"ec2:RequestSpotInstances", | |
"ec2:TerminateInstances", | |
"ec2:DescribeInstanceStatus", | |
"ec2:CreateTags" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringEquals": { | |
"iam:PassedToService": [ | |
"ec2.amazonaws.com", | |
"ec2.amazonaws.com.cn" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"elasticloadbalancing:RegisterInstancesWithLoadBalancer" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:elasticloadbalancing:*:*:loadbalancer/*" | |
] | |
}, | |
{ | |
"Action": [ | |
"elasticloadbalancing:RegisterTargets" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ5U6UMLCEYLX5OLC4", | |
"PolicyName": "AmazonEC2SpotFleetTaggingRole", | |
"UpdateDate": "2017-11-17T22:51:17+00:00", | |
"VersionId": "v4" | |
}, | |
"AmazonECSServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonECSServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-24T23:16:41+00:00", | |
"DefaultVersionId": "v6", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:AttachNetworkInterface", | |
"ec2:CreateNetworkInterface", | |
"ec2:CreateNetworkInterfacePermission", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DeleteNetworkInterfacePermission", | |
"ec2:Describe*", | |
"ec2:DetachNetworkInterface", | |
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer", | |
"elasticloadbalancing:DeregisterTargets", | |
"elasticloadbalancing:Describe*", | |
"elasticloadbalancing:RegisterInstancesWithLoadBalancer", | |
"elasticloadbalancing:RegisterTargets", | |
"route53:ChangeResourceRecordSets", | |
"route53:CreateHealthCheck", | |
"route53:DeleteHealthCheck", | |
"route53:Get*", | |
"route53:List*", | |
"route53:UpdateHealthCheck", | |
"servicediscovery:DeregisterInstance", | |
"servicediscovery:Get*", | |
"servicediscovery:List*", | |
"servicediscovery:RegisterInstance", | |
"servicediscovery:UpdateInstanceCustomHealthStatus" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "ECSTaskManagement" | |
}, | |
{ | |
"Action": [ | |
"ec2:CreateTags" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:ec2:*:*:network-interface/*", | |
"Sid": "ECSTagging" | |
}, | |
{ | |
"Action": [ | |
"logs:CreateLogGroup", | |
"logs:DescribeLogGroups", | |
"logs:PutRetentionPolicy" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:logs:*:*:log-group:/aws/ecs/*", | |
"Sid": "CWLogGroupManagement" | |
}, | |
{ | |
"Action": [ | |
"logs:CreateLogStream", | |
"logs:DescribeLogStreams", | |
"logs:PutLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:logs:*:*:log-group:/aws/ecs/*:log-stream:*", | |
"Sid": "CWLogStreamManagement" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIVUWKCAI7URU4WUEI", | |
"PolicyName": "AmazonECSServiceRolePolicy", | |
"UpdateDate": "2019-06-24T23:16:41+00:00", | |
"VersionId": "v6" | |
}, | |
"AmazonECSTaskExecutionRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-11-16T18:48:22+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ecr:GetAuthorizationToken", | |
"ecr:BatchCheckLayerAvailability", | |
"ecr:GetDownloadUrlForLayer", | |
"ecr:BatchGetImage", | |
"logs:CreateLogStream", | |
"logs:PutLogEvents" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJG4T4G4PV56DE72PY", | |
"PolicyName": "AmazonECSTaskExecutionRolePolicy", | |
"UpdateDate": "2017-11-16T18:48:22+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonECS_FullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonECS_FullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-20T17:53:43+00:00", | |
"DefaultVersionId": "v16", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"application-autoscaling:DeleteScalingPolicy", | |
"application-autoscaling:DeregisterScalableTarget", | |
"application-autoscaling:DescribeScalableTargets", | |
"application-autoscaling:DescribeScalingActivities", | |
"application-autoscaling:DescribeScalingPolicies", | |
"application-autoscaling:PutScalingPolicy", | |
"application-autoscaling:RegisterScalableTarget", | |
"appmesh:ListMeshes", | |
"appmesh:ListVirtualNodes", | |
"appmesh:DescribeVirtualNode", | |
"autoscaling:UpdateAutoScalingGroup", | |
"autoscaling:CreateAutoScalingGroup", | |
"autoscaling:CreateLaunchConfiguration", | |
"autoscaling:DeleteAutoScalingGroup", | |
"autoscaling:DeleteLaunchConfiguration", | |
"autoscaling:Describe*", | |
"cloudformation:CreateStack", | |
"cloudformation:DeleteStack", | |
"cloudformation:DescribeStack*", | |
"cloudformation:UpdateStack", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:DeleteAlarms", | |
"cloudwatch:GetMetricStatistics", | |
"cloudwatch:PutMetricAlarm", | |
"codedeploy:CreateApplication", | |
"codedeploy:CreateDeployment", | |
"codedeploy:CreateDeploymentGroup", | |
"codedeploy:GetApplication", | |
"codedeploy:GetDeployment", | |
"codedeploy:GetDeploymentGroup", | |
"codedeploy:ListApplications", | |
"codedeploy:ListDeploymentGroups", | |
"codedeploy:ListDeployments", | |
"codedeploy:StopDeployment", | |
"codedeploy:GetDeploymentTarget", | |
"codedeploy:ListDeploymentTargets", | |
"codedeploy:GetDeploymentConfig", | |
"codedeploy:GetApplicationRevision", | |
"codedeploy:RegisterApplicationRevision", | |
"codedeploy:BatchGetApplicationRevisions", | |
"codedeploy:BatchGetDeploymentGroups", | |
"codedeploy:BatchGetDeployments", | |
"codedeploy:BatchGetApplications", | |
"codedeploy:ListApplicationRevisions", | |
"codedeploy:ListDeploymentConfigs", | |
"codedeploy:ContinueDeployment", | |
"sns:ListTopics", | |
"lambda:ListFunctions", | |
"ec2:AssociateRouteTable", | |
"ec2:AttachInternetGateway", | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:CancelSpotFleetRequests", | |
"ec2:CreateInternetGateway", | |
"ec2:CreateLaunchTemplate", | |
"ec2:CreateRoute", | |
"ec2:CreateRouteTable", | |
"ec2:CreateSecurityGroup", | |
"ec2:CreateSubnet", | |
"ec2:CreateVpc", | |
"ec2:DeleteLaunchTemplate", | |
"ec2:DeleteSubnet", | |
"ec2:DeleteVpc", | |
"ec2:Describe*", | |
"ec2:DetachInternetGateway", | |
"ec2:DisassociateRouteTable", | |
"ec2:ModifySubnetAttribute", | |
"ec2:ModifyVpcAttribute", | |
"ec2:RunInstances", | |
"ec2:RequestSpotFleet", | |
"elasticloadbalancing:CreateListener", | |
"elasticloadbalancing:CreateLoadBalancer", | |
"elasticloadbalancing:CreateRule", | |
"elasticloadbalancing:CreateTargetGroup", | |
"elasticloadbalancing:DeleteListener", | |
"elasticloadbalancing:DeleteLoadBalancer", | |
"elasticloadbalancing:DeleteRule", | |
"elasticloadbalancing:DeleteTargetGroup", | |
"elasticloadbalancing:DescribeListeners", | |
"elasticloadbalancing:DescribeLoadBalancers", | |
"elasticloadbalancing:DescribeRules", | |
"elasticloadbalancing:DescribeTargetGroups", | |
"ecs:*", | |
"events:DescribeRule", | |
"events:DeleteRule", | |
"events:ListRuleNamesByTarget", | |
"events:ListTargetsByRule", | |
"events:PutRule", | |
"events:PutTargets", | |
"events:RemoveTargets", | |
"iam:ListAttachedRolePolicies", | |
"iam:ListInstanceProfiles", | |
"iam:ListRoles", | |
"logs:CreateLogGroup", | |
"logs:DescribeLogGroups", | |
"logs:FilterLogEvents", | |
"route53:GetHostedZone", | |
"route53:ListHostedZonesByName", | |
"route53:CreateHostedZone", | |
"route53:DeleteHostedZone", | |
"route53:GetHealthCheck", | |
"servicediscovery:CreatePrivateDnsNamespace", | |
"servicediscovery:CreateService", | |
"servicediscovery:GetNamespace", | |
"servicediscovery:GetOperation", | |
"servicediscovery:GetService", | |
"servicediscovery:ListNamespaces", | |
"servicediscovery:ListServices", | |
"servicediscovery:UpdateService", | |
"servicediscovery:DeleteService" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"ssm:GetParametersByPath", | |
"ssm:GetParameters", | |
"ssm:GetParameter" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:ssm:*:*:parameter/aws/service/ecs*" | |
}, | |
{ | |
"Action": [ | |
"ec2:DeleteInternetGateway", | |
"ec2:DeleteRoute", | |
"ec2:DeleteRouteTable", | |
"ec2:DeleteSecurityGroup" | |
], | |
"Condition": { | |
"StringLike": { | |
"ec2:ResourceTag/aws:cloudformation:stack-name": "EC2ContainerService-*" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": "ecs-tasks.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": [ | |
"ec2.amazonaws.com", | |
"ec2.amazonaws.com.cn" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/ecsInstanceRole*" | |
] | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": [ | |
"application-autoscaling.amazonaws.com", | |
"application-autoscaling.amazonaws.com.cn" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/ecsAutoscaleRole*" | |
] | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": [ | |
"ecs.amazonaws.com", | |
"spot.amazonaws.com", | |
"spotfleet.amazonaws.com", | |
"ecs.application-autoscaling.amazonaws.com", | |
"autoscaling.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ7S7AN6YQPTJC7IFS", | |
"PolicyName": "AmazonECS_FullAccess", | |
"UpdateDate": "2019-06-20T17:53:43+00:00", | |
"VersionId": "v16" | |
}, | |
"AmazonEKSClusterPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", | |
"AttachmentCount": 3, | |
"CreateDate": "2019-05-22T22:04:46+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"autoscaling:DescribeAutoScalingGroups", | |
"autoscaling:UpdateAutoScalingGroup", | |
"ec2:AttachVolume", | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:CreateRoute", | |
"ec2:CreateSecurityGroup", | |
"ec2:CreateTags", | |
"ec2:CreateVolume", | |
"ec2:DeleteRoute", | |
"ec2:DeleteSecurityGroup", | |
"ec2:DeleteVolume", | |
"ec2:DescribeInstances", | |
"ec2:DescribeRouteTables", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVolumes", | |
"ec2:DescribeVolumesModifications", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeDhcpOptions", | |
"ec2:DetachVolume", | |
"ec2:ModifyInstanceAttribute", | |
"ec2:ModifyVolume", | |
"ec2:RevokeSecurityGroupIngress", | |
"elasticloadbalancing:AddTags", | |
"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", | |
"elasticloadbalancing:AttachLoadBalancerToSubnets", | |
"elasticloadbalancing:ConfigureHealthCheck", | |
"elasticloadbalancing:CreateListener", | |
"elasticloadbalancing:CreateLoadBalancer", | |
"elasticloadbalancing:CreateLoadBalancerListeners", | |
"elasticloadbalancing:CreateLoadBalancerPolicy", | |
"elasticloadbalancing:CreateTargetGroup", | |
"elasticloadbalancing:DeleteListener", | |
"elasticloadbalancing:DeleteLoadBalancer", | |
"elasticloadbalancing:DeleteLoadBalancerListeners", | |
"elasticloadbalancing:DeleteTargetGroup", | |
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer", | |
"elasticloadbalancing:DeregisterTargets", | |
"elasticloadbalancing:DescribeListeners", | |
"elasticloadbalancing:DescribeLoadBalancerAttributes", | |
"elasticloadbalancing:DescribeLoadBalancerPolicies", | |
"elasticloadbalancing:DescribeLoadBalancers", | |
"elasticloadbalancing:DescribeTargetGroupAttributes", | |
"elasticloadbalancing:DescribeTargetGroups", | |
"elasticloadbalancing:DescribeTargetHealth", | |
"elasticloadbalancing:DetachLoadBalancerFromSubnets", | |
"elasticloadbalancing:ModifyListener", | |
"elasticloadbalancing:ModifyLoadBalancerAttributes", | |
"elasticloadbalancing:ModifyTargetGroup", | |
"elasticloadbalancing:ModifyTargetGroupAttributes", | |
"elasticloadbalancing:RegisterInstancesWithLoadBalancer", | |
"elasticloadbalancing:RegisterTargets", | |
"elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer", | |
"elasticloadbalancing:SetLoadBalancerPoliciesOfListener", | |
"kms:DescribeKey" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIBTLDQMIC6UOIGFWA", | |
"PolicyName": "AmazonEKSClusterPolicy", | |
"UpdateDate": "2019-05-22T22:04:46+00:00", | |
"VersionId": "v3" | |
}, | |
"AmazonEKSServicePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonEKSServicePolicy", | |
"AttachmentCount": 3, | |
"CreateDate": "2019-08-21T16:17:56+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:CreateNetworkInterface", | |
"ec2:CreateNetworkInterfacePermission", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DescribeInstances", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"ec2:ModifyNetworkInterfaceAttribute", | |
"iam:ListAttachedRolePolicies", | |
"eks:UpdateClusterVersion" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"ec2:CreateTags", | |
"ec2:DeleteTags" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:ec2:*:*:vpc/*", | |
"arn:aws:ec2:*:*:subnet/*" | |
] | |
}, | |
{ | |
"Action": "route53:AssociateVPCWithHostedZone", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "logs:CreateLogGroup", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"logs:CreateLogStream", | |
"logs:DescribeLogStreams" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*:*" | |
}, | |
{ | |
"Action": "logs:PutLogEvents", | |
"Effect": "Allow", | |
"Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*:*:*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJFCNXU6HPGCIVXYDI", | |
"PolicyName": "AmazonEKSServicePolicy", | |
"UpdateDate": "2019-08-21T16:17:56+00:00", | |
"VersionId": "v4" | |
}, | |
"AmazonEKSWorkerNodePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", | |
"AttachmentCount": 3, | |
"CreateDate": "2018-05-27T21:09:01+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:DescribeInstances", | |
"ec2:DescribeRouteTables", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVolumes", | |
"ec2:DescribeVolumesModifications", | |
"ec2:DescribeVpcs", | |
"eks:DescribeCluster" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIBVMOY52IPQ6HD3PO", | |
"PolicyName": "AmazonEKSWorkerNodePolicy", | |
"UpdateDate": "2018-05-27T21:09:01+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonEKS_CNI_Policy": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy", | |
"AttachmentCount": 3, | |
"CreateDate": "2019-06-27T18:10:37+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:AssignPrivateIpAddresses", | |
"ec2:AttachNetworkInterface", | |
"ec2:CreateNetworkInterface", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DescribeInstances", | |
"ec2:DescribeTags", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DetachNetworkInterface", | |
"ec2:ModifyNetworkInterfaceAttribute", | |
"ec2:UnassignPrivateIpAddresses" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"ec2:CreateTags" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:ec2:*:*:network-interface/*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJWLAS474LDBXNNTM4", | |
"PolicyName": "AmazonEKS_CNI_Policy", | |
"UpdateDate": "2019-06-27T18:10:37+00:00", | |
"VersionId": "v3" | |
}, | |
"AmazonEMRCleanupPolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEMRCleanupPolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-09-26T23:54:19+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:DescribeInstances", | |
"ec2:DescribeSpotInstanceRequests", | |
"ec2:ModifyInstanceAttribute", | |
"ec2:TerminateInstances", | |
"ec2:CancelSpotInstanceRequests", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DescribeInstanceAttribute", | |
"ec2:DescribeVolumeStatus", | |
"ec2:DescribeVolumes", | |
"ec2:DetachVolume", | |
"ec2:DeleteVolume" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI4YEZURRMKACW56EA", | |
"PolicyName": "AmazonEMRCleanupPolicy", | |
"UpdateDate": "2017-09-26T23:54:19+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonESCognitoAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonESCognitoAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-02-28T22:29:18+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cognito-idp:DescribeUserPool", | |
"cognito-idp:CreateUserPoolClient", | |
"cognito-idp:DeleteUserPoolClient", | |
"cognito-idp:DescribeUserPoolClient", | |
"cognito-idp:AdminInitiateAuth", | |
"cognito-idp:AdminUserGlobalSignOut", | |
"cognito-idp:ListUserPoolClients", | |
"cognito-identity:DescribeIdentityPool", | |
"cognito-identity:UpdateIdentityPool", | |
"cognito-identity:SetIdentityPoolRoles", | |
"cognito-identity:GetIdentityPoolRoles" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": "cognito-identity.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJL2FUMODIGNDPTZHO", | |
"PolicyName": "AmazonESCognitoAccess", | |
"UpdateDate": "2018-02-28T22:29:18+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonESFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonESFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-10-01T19:14:00+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"es:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJM6ZTCU24QL5PZCGC", | |
"PolicyName": "AmazonESFullAccess", | |
"UpdateDate": "2015-10-01T19:14:00+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonESReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonESReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-10-03T03:32:56+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"es:Describe*", | |
"es:List*", | |
"es:Get*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJUDMRLOQ7FPAR46FQ", | |
"PolicyName": "AmazonESReadOnlyAccess", | |
"UpdateDate": "2018-10-03T03:32:56+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonElastiCacheFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonElastiCacheFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-12-07T17:48:26+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "elasticache:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": "elasticache.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/elasticache.amazonaws.com/AWSServiceRoleForElastiCache" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIA2V44CPHAUAAECKG", | |
"PolicyName": "AmazonElastiCacheFullAccess", | |
"UpdateDate": "2017-12-07T17:48:26+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonElastiCacheReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-02-06T18:40:21+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"elasticache:Describe*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIPDACSNQHSENWAKM2", | |
"PolicyName": "AmazonElastiCacheReadOnlyAccess", | |
"UpdateDate": "2015-02-06T18:40:21+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonElasticFileSystemFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-05T17:10:26+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:CreateNetworkInterface", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DescribeAvailabilityZones", | |
"ec2:DescribeNetworkInterfaceAttribute", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcAttribute", | |
"ec2:DescribeVpcs", | |
"ec2:ModifyNetworkInterfaceAttribute", | |
"elasticfilesystem:*", | |
"kms:DescribeKey", | |
"kms:ListAliases" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": [ | |
"elasticfilesystem.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJKXTMNVQGIDNCKPBC", | |
"PolicyName": "AmazonElasticFileSystemFullAccess", | |
"UpdateDate": "2019-11-05T17:10:26+00:00", | |
"VersionId": "v4" | |
}, | |
"AmazonElasticFileSystemReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-08-14T10:09:49+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:DescribeAvailabilityZones", | |
"ec2:DescribeNetworkInterfaceAttribute", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcAttribute", | |
"ec2:DescribeVpcs", | |
"elasticfilesystem:Describe*", | |
"kms:ListAliases" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIPN5S4NE5JJOKVC4Y", | |
"PolicyName": "AmazonElasticFileSystemReadOnlyAccess", | |
"UpdateDate": "2017-08-14T10:09:49+00:00", | |
"VersionId": "v3" | |
}, | |
"AmazonElasticFileSystemServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonElasticFileSystemServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-05T16:52:41+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:CreateNetworkInterface", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeNetworkInterfaceAttribute", | |
"ec2:ModifyNetworkInterfaceAttribute" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4FXCJYWBN7", | |
"PolicyName": "AmazonElasticFileSystemServiceRolePolicy", | |
"UpdateDate": "2019-11-05T16:52:41+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonElasticMapReduceEditorsRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceEditorsRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-11-16T21:55:25+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:AuthorizeSecurityGroupEgress", | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:CreateSecurityGroup", | |
"ec2:DescribeSecurityGroups", | |
"ec2:RevokeSecurityGroupEgress", | |
"ec2:CreateNetworkInterface", | |
"ec2:CreateNetworkInterfacePermission", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DeleteNetworkInterfacePermission", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:ModifyNetworkInterfaceAttribute", | |
"ec2:DescribeTags", | |
"ec2:DescribeInstances", | |
"ec2:DescribeSubnets", | |
"elasticmapreduce:ListInstances", | |
"elasticmapreduce:DescribeCluster" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "ec2:CreateTags", | |
"Condition": { | |
"ForAllValues:StringEquals": { | |
"aws:TagKeys": [ | |
"aws:elasticmapreduce:editor-id", | |
"aws:elasticmapreduce:job-flow-id" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:ec2:*:*:network-interface/*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIBI5CIE6OHUIGLYVG", | |
"PolicyName": "AmazonElasticMapReduceEditorsRole", | |
"UpdateDate": "2018-11-16T21:55:25+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonElasticMapReduceFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonElasticMapReduceFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-11T15:19:30+00:00", | |
"DefaultVersionId": "v7", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudwatch:*", | |
"cloudformation:CreateStack", | |
"cloudformation:DescribeStackEvents", | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:AuthorizeSecurityGroupEgress", | |
"ec2:CancelSpotInstanceRequests", | |
"ec2:CreateRoute", | |
"ec2:CreateSecurityGroup", | |
"ec2:CreateTags", | |
"ec2:DeleteRoute", | |
"ec2:DeleteTags", | |
"ec2:DeleteSecurityGroup", | |
"ec2:DescribeAvailabilityZones", | |
"ec2:DescribeAccountAttributes", | |
"ec2:DescribeInstances", | |
"ec2:DescribeKeyPairs", | |
"ec2:DescribeRouteTables", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSpotInstanceRequests", | |
"ec2:DescribeSpotPriceHistory", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcAttribute", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeRouteTables", | |
"ec2:DescribeNetworkAcls", | |
"ec2:CreateVpcEndpoint", | |
"ec2:ModifyImageAttribute", | |
"ec2:ModifyInstanceAttribute", | |
"ec2:RequestSpotInstances", | |
"ec2:RevokeSecurityGroupEgress", | |
"ec2:RunInstances", | |
"ec2:TerminateInstances", | |
"elasticmapreduce:*", | |
"iam:GetPolicy", | |
"iam:GetPolicyVersion", | |
"iam:ListRoles", | |
"iam:PassRole", | |
"kms:List*", | |
"s3:*", | |
"sdb:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": [ | |
"elasticmapreduce.amazonaws.com", | |
"elasticmapreduce.amazonaws.com.cn" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIZP5JFP3AMSGINBB2", | |
"PolicyName": "AmazonElasticMapReduceFullAccess", | |
"UpdateDate": "2019-10-11T15:19:30+00:00", | |
"VersionId": "v7" | |
}, | |
"AmazonElasticMapReduceReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonElasticMapReduceReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-05-22T23:00:19+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"elasticmapreduce:Describe*", | |
"elasticmapreduce:List*", | |
"elasticmapreduce:ViewEventsFromAllClustersInConsole", | |
"s3:GetObject", | |
"s3:ListAllMyBuckets", | |
"s3:ListBucket", | |
"sdb:Select", | |
"cloudwatch:GetMetricStatistics" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIHP6NH2S6GYFCOINC", | |
"PolicyName": "AmazonElasticMapReduceReadOnlyAccess", | |
"UpdateDate": "2017-05-22T23:00:19+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonElasticMapReduceRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-12-12T00:47:45+00:00", | |
"DefaultVersionId": "v9", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:AuthorizeSecurityGroupEgress", | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:CancelSpotInstanceRequests", | |
"ec2:CreateNetworkInterface", | |
"ec2:CreateSecurityGroup", | |
"ec2:CreateTags", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DeleteSecurityGroup", | |
"ec2:DeleteTags", | |
"ec2:DescribeAvailabilityZones", | |
"ec2:DescribeAccountAttributes", | |
"ec2:DescribeDhcpOptions", | |
"ec2:DescribeImages", | |
"ec2:DescribeInstanceStatus", | |
"ec2:DescribeInstances", | |
"ec2:DescribeKeyPairs", | |
"ec2:DescribeNetworkAcls", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DescribePrefixLists", | |
"ec2:DescribeRouteTables", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSpotInstanceRequests", | |
"ec2:DescribeSpotPriceHistory", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeTags", | |
"ec2:DescribeVpcAttribute", | |
"ec2:DescribeVpcEndpoints", | |
"ec2:DescribeVpcEndpointServices", | |
"ec2:DescribeVpcs", | |
"ec2:DetachNetworkInterface", | |
"ec2:ModifyImageAttribute", | |
"ec2:ModifyInstanceAttribute", | |
"ec2:RequestSpotInstances", | |
"ec2:RevokeSecurityGroupEgress", | |
"ec2:RunInstances", | |
"ec2:TerminateInstances", | |
"ec2:DeleteVolume", | |
"ec2:DescribeVolumeStatus", | |
"ec2:DescribeVolumes", | |
"ec2:DetachVolume", | |
"iam:GetRole", | |
"iam:GetRolePolicy", | |
"iam:ListInstanceProfiles", | |
"iam:ListRolePolicies", | |
"iam:PassRole", | |
"s3:CreateBucket", | |
"s3:Get*", | |
"s3:List*", | |
"sdb:BatchPutAttributes", | |
"sdb:Select", | |
"sqs:CreateQueue", | |
"sqs:Delete*", | |
"sqs:GetQueue*", | |
"sqs:PurgeQueue", | |
"sqs:ReceiveMessage", | |
"cloudwatch:PutMetricAlarm", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:DeleteAlarms", | |
"application-autoscaling:RegisterScalableTarget", | |
"application-autoscaling:DeregisterScalableTarget", | |
"application-autoscaling:PutScalingPolicy", | |
"application-autoscaling:DeleteScalingPolicy", | |
"application-autoscaling:Describe*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": "spot.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIDI2BQT2LKXZG36TW", | |
"PolicyName": "AmazonElasticMapReduceRole", | |
"UpdateDate": "2017-12-12T00:47:45+00:00", | |
"VersionId": "v9" | |
}, | |
"AmazonElasticMapReduceforAutoScalingRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforAutoScalingRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-11-18T01:09:10+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudwatch:DescribeAlarms", | |
"elasticmapreduce:ListInstanceGroups", | |
"elasticmapreduce:ModifyInstanceGroups" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJSVXG6QHPE6VHDZ4Q", | |
"PolicyName": "AmazonElasticMapReduceforAutoScalingRole", | |
"UpdateDate": "2016-11-18T01:09:10+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonElasticMapReduceforEC2Role": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-08-11T23:57:30+00:00", | |
"DefaultVersionId": "v3", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudwatch:*", | |
"dynamodb:*", | |
"ec2:Describe*", | |
"elasticmapreduce:Describe*", | |
"elasticmapreduce:ListBootstrapActions", | |
"elasticmapreduce:ListClusters", | |
"elasticmapreduce:ListInstanceGroups", | |
"elasticmapreduce:ListInstances", | |
"elasticmapreduce:ListSteps", | |
"kinesis:CreateStream", | |
"kinesis:DeleteStream", | |
"kinesis:DescribeStream", | |
"kinesis:GetRecords", | |
"kinesis:GetShardIterator", | |
"kinesis:MergeShards", | |
"kinesis:PutRecord", | |
"kinesis:SplitShard", | |
"rds:Describe*", | |
"s3:*", | |
"sdb:*", | |
"sns:*", | |
"sqs:*", | |
"glue:CreateDatabase", | |
"glue:UpdateDatabase", | |
"glue:DeleteDatabase", | |
"glue:GetDatabase", | |
"glue:GetDatabases", | |
"glue:CreateTable", | |
"glue:UpdateTable", | |
"glue:DeleteTable", | |
"glue:GetTable", | |
"glue:GetTables", | |
"glue:GetTableVersions", | |
"glue:CreatePartition", | |
"glue:BatchCreatePartition", | |
"glue:UpdatePartition", | |
"glue:DeletePartition", | |
"glue:BatchDeletePartition", | |
"glue:GetPartition", | |
"glue:GetPartitions", | |
"glue:BatchGetPartition", | |
"glue:CreateUserDefinedFunction", | |
"glue:UpdateUserDefinedFunction", | |
"glue:DeleteUserDefinedFunction", | |
"glue:GetUserDefinedFunction", | |
"glue:GetUserDefinedFunctions" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIGALS5RCDLZLB3PGS", | |
"PolicyName": "AmazonElasticMapReduceforEC2Role", | |
"UpdateDate": "2017-08-11T23:57:30+00:00", | |
"VersionId": "v3" | |
}, | |
"AmazonElasticTranscoderRole": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticTranscoderRole", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-13T22:48:22+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"s3:ListBucket", | |
"s3:Get*", | |
"s3:PutObject", | |
"s3:PutObjectAcl", | |
"s3:*MultipartUpload*" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "1" | |
}, | |
{ | |
"Action": [ | |
"sns:Publish" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "2" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJNW3WMKVXFJ2KPIQ2", | |
"PolicyName": "AmazonElasticTranscoderRole", | |
"UpdateDate": "2019-06-13T22:48:22+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonElasticTranscoder_FullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonElasticTranscoder_FullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-10T22:51:51+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"elastictranscoder:*", | |
"s3:ListAllMyBuckets", | |
"s3:ListBucket", | |
"iam:ListRoles", | |
"sns:ListTopics" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": [ | |
"elastictranscoder.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAICFT6XVF3RSR4E7JG", | |
"PolicyName": "AmazonElasticTranscoder_FullAccess", | |
"UpdateDate": "2019-06-10T22:51:51+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonElasticTranscoder_JobsSubmitter": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonElasticTranscoder_JobsSubmitter", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-10T22:49:34+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"elastictranscoder:Read*", | |
"elastictranscoder:List*", | |
"elastictranscoder:*Job", | |
"elastictranscoder:*Preset", | |
"s3:ListAllMyBuckets", | |
"s3:ListBucket", | |
"iam:ListRoles", | |
"sns:ListTopics" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ7AUMMRQOVZRI734S", | |
"PolicyName": "AmazonElasticTranscoder_JobsSubmitter", | |
"UpdateDate": "2019-06-10T22:49:34+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonElasticTranscoder_ReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonElasticTranscoder_ReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-10T22:48:32+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"elastictranscoder:Read*", | |
"elastictranscoder:List*", | |
"s3:ListAllMyBuckets", | |
"s3:ListBucket", | |
"iam:ListRoles", | |
"sns:ListTopics" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI3R3CR6KVEWD4DPFY", | |
"PolicyName": "AmazonElasticTranscoder_ReadOnlyAccess", | |
"UpdateDate": "2019-06-10T22:48:32+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonElasticsearchServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonElasticsearchServiceRolePolicy", | |
"AttachmentCount": 1, | |
"CreateDate": "2018-02-08T21:38:27+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:CreateNetworkInterface", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:ModifyNetworkInterfaceAttribute", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs" | |
], | |
"Effect": "Allow", | |
"Resource": "*", | |
"Sid": "Stmt1480452973134" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJFEWZPHXKLCVHEUIC", | |
"PolicyName": "AmazonElasticsearchServiceRolePolicy", | |
"UpdateDate": "2018-02-08T21:38:27+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonEventBridgeFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-07-11T14:08:55+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "events:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Condition": { | |
"StringLike": { | |
"iam:PassedToService": "events.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4BUM4GCASI", | |
"PolicyName": "AmazonEventBridgeFullAccess", | |
"UpdateDate": "2019-07-11T14:08:55+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonEventBridgeReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonEventBridgeReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-07-11T13:59:07+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"events:DescribeRule", | |
"events:DescribeEventBus", | |
"events:DescribeEventSource", | |
"events:ListEventBuses", | |
"events:ListEventSources", | |
"events:ListRuleNamesByTarget", | |
"events:ListRules", | |
"events:ListTargetsByRule", | |
"events:TestEventPattern" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4BDMP3LZME", | |
"PolicyName": "AmazonEventBridgeReadOnlyAccess", | |
"UpdateDate": "2019-07-11T13:59:07+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonFSxConsoleFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonFSxConsoleFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-09-10T13:11:13+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudwatch:DescribeAlarms", | |
"ds:DescribeDirectories", | |
"ec2:DescribeNetworkInterfaceAttribute", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"fsx:*", | |
"kms:ListAliases", | |
"s3:HeadBucket" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": [ | |
"fsx.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": [ | |
"s3.data-source.lustre.fsx.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAITDDJ23Y5UZ2WCZRQ", | |
"PolicyName": "AmazonFSxConsoleFullAccess", | |
"UpdateDate": "2019-09-10T13:11:13+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonFSxConsoleReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonFSxConsoleReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-09-10T13:17:59+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudwatch:DescribeAlarms", | |
"ds:DescribeDirectories", | |
"ec2:DescribeNetworkInterfaceAttribute", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"fsx:Describe*", | |
"fsx:ListTagsForResource", | |
"kms:DescribeKey" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJQUISIZNHGLA6YQFM", | |
"PolicyName": "AmazonFSxConsoleReadOnlyAccess", | |
"UpdateDate": "2019-09-10T13:17:59+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonFSxFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonFSxFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-11-28T16:34:43+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ds:DescribeDirectories", | |
"fsx:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": [ | |
"fsx.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": [ | |
"s3.data-source.lustre.fsx.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIEUV6Z2X4VNZRVB5I", | |
"PolicyName": "AmazonFSxFullAccess", | |
"UpdateDate": "2018-11-28T16:34:43+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonFSxReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonFSxReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-11-28T16:33:32+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"fsx:Describe*", | |
"fsx:ListTagsForResource" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ4ICPKXR6KK32HT52", | |
"PolicyName": "AmazonFSxReadOnlyAccess", | |
"UpdateDate": "2018-11-28T16:33:32+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonFSxServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonFSxServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-06-18T13:25:32+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudwatch:PutMetricData", | |
"ds:AuthorizeApplication", | |
"ds:GetAuthorizedApplicationDetails", | |
"ds:UnauthorizeApplication", | |
"ec2:CreateNetworkInterface", | |
"ec2:CreateNetworkInterfacePermission", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"route53:AssociateVPCWithHostedZone" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIVQ24YKVRBV5IYQ5G", | |
"PolicyName": "AmazonFSxServiceRolePolicy", | |
"UpdateDate": "2019-06-18T13:25:32+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonForecastFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonForecastFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-01-18T01:52:29+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"forecast:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringEquals": { | |
"iam:PassedToService": "forecast.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIAKOTFNTUECQVU7C4", | |
"PolicyName": "AmazonForecastFullAccess", | |
"UpdateDate": "2019-01-18T01:52:29+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonFreeRTOSFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonFreeRTOSFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-11-29T15:32:51+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"freertos:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJAN6PSDCOH6HXG2SE", | |
"PolicyName": "AmazonFreeRTOSFullAccess", | |
"UpdateDate": "2017-11-29T15:32:51+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonFreeRTOSOTAUpdate": { | |
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonFreeRTOSOTAUpdate", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-07T20:11:30+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"s3:GetObjectVersion", | |
"s3:PutObject", | |
"s3:GetObject" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:s3:::afr-ota*" | |
}, | |
{ | |
"Action": [ | |
"signer:StartSigningJob", | |
"signer:DescribeSigningJob", | |
"signer:GetSigningProfile", | |
"signer:PutSigningProfile" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"s3:ListBucketVersions", | |
"s3:ListBucket", | |
"s3:ListAllMyBuckets", | |
"s3:GetBucketLocation" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iot:DeleteJob" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iot:*:*:job/AFR_OTA*" | |
}, | |
{ | |
"Action": [ | |
"iot:DeleteStream" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iot:*:*:stream/AFR_OTA*" | |
}, | |
{ | |
"Action": [ | |
"iot:CreateStream", | |
"iot:CreateJob" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAINC2TXHAYDOK3SWMU", | |
"PolicyName": "AmazonFreeRTOSOTAUpdate", | |
"UpdateDate": "2019-10-07T20:11:30+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonGlacierFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonGlacierFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-02-06T18:40:28+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "glacier:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJQSTZJWB2AXXAKHVQ", | |
"PolicyName": "AmazonGlacierFullAccess", | |
"UpdateDate": "2015-02-06T18:40:28+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonGlacierReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonGlacierReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-05-05T18:46:10+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"glacier:DescribeJob", | |
"glacier:DescribeVault", | |
"glacier:GetDataRetrievalPolicy", | |
"glacier:GetJobOutput", | |
"glacier:GetVaultAccessPolicy", | |
"glacier:GetVaultLock", | |
"glacier:GetVaultNotifications", | |
"glacier:ListJobs", | |
"glacier:ListMultipartUploads", | |
"glacier:ListParts", | |
"glacier:ListTagsForVault", | |
"glacier:ListVaults" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI2D5NJKMU274MET4E", | |
"PolicyName": "AmazonGlacierReadOnlyAccess", | |
"UpdateDate": "2016-05-05T18:46:10+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonGuardDutyFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonGuardDutyFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-11-28T22:31:30+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "guardduty:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": "guardduty.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIKUTKSN4KC63VDQUM", | |
"PolicyName": "AmazonGuardDutyFullAccess", | |
"UpdateDate": "2017-11-28T22:31:30+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonGuardDutyReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonGuardDutyReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-04-25T21:07:17+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"guardduty:Get*", | |
"guardduty:List*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIVMCEDV336RWUSNHG", | |
"PolicyName": "AmazonGuardDutyReadOnlyAccess", | |
"UpdateDate": "2018-04-25T21:07:17+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonGuardDutyServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonGuardDutyServiceRolePolicy", | |
"AttachmentCount": 1, | |
"CreateDate": "2017-11-28T20:12:59+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:DescribeInstances", | |
"ec2:DescribeImages" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIHZREZOWNSSA6FWQO", | |
"PolicyName": "AmazonGuardDutyServiceRolePolicy", | |
"UpdateDate": "2017-11-28T20:12:59+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonInspectorFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonInspectorFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-12-21T14:53:31+00:00", | |
"DefaultVersionId": "v5", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"inspector:*", | |
"ec2:DescribeInstances", | |
"ec2:DescribeTags", | |
"sns:ListTopics", | |
"events:DescribeRule", | |
"events:ListRuleNamesByTarget" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:PassRole" | |
], | |
"Condition": { | |
"StringEquals": { | |
"iam:PassedToService": [ | |
"inspector.amazonaws.com" | |
] | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": "inspector.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/inspector.amazonaws.com/AWSServiceRoleForAmazonInspector" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI7Y6NTA27NWNA5U5E", | |
"PolicyName": "AmazonInspectorFullAccess", | |
"UpdateDate": "2017-12-21T14:53:31+00:00", | |
"VersionId": "v5" | |
}, | |
"AmazonInspectorReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonInspectorReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-10-01T15:17:54+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"inspector:Describe*", | |
"inspector:Get*", | |
"inspector:List*", | |
"inspector:Preview*", | |
"ec2:DescribeInstances", | |
"ec2:DescribeTags", | |
"sns:ListTopics", | |
"events:DescribeRule", | |
"events:ListRuleNamesByTarget" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJXQNTHTEJ2JFRN2SE", | |
"PolicyName": "AmazonInspectorReadOnlyAccess", | |
"UpdateDate": "2019-10-01T15:17:54+00:00", | |
"VersionId": "v4" | |
}, | |
"AmazonInspectorServiceRolePolicy": { | |
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonInspectorServiceRolePolicy", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-05-10T18:36:01+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"directconnect:DescribeConnections", | |
"directconnect:DescribeDirectConnectGateways", | |
"directconnect:DescribeDirectConnectGatewayAssociations", | |
"directconnect:DescribeDirectConnectGatewayAttachments", | |
"directconnect:DescribeVirtualGateways", | |
"directconnect:DescribeVirtualInterfaces", | |
"directconnect:DescribeTags", | |
"ec2:DescribeAvailabilityZones", | |
"ec2:DescribeCustomerGateways", | |
"ec2:DescribeInstances", | |
"ec2:DescribeTags", | |
"ec2:DescribeInternetGateways", | |
"ec2:DescribeNatGateways", | |
"ec2:DescribeNetworkAcls", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DescribePrefixLists", | |
"ec2:DescribeRegions", | |
"ec2:DescribeRouteTables", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcEndpoints", | |
"ec2:DescribeVpcPeeringConnections", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeVpnConnections", | |
"ec2:DescribeVpnGateways", | |
"elasticloadbalancing:DescribeListeners", | |
"elasticloadbalancing:DescribeLoadBalancers", | |
"elasticloadbalancing:DescribeLoadBalancerAttributes", | |
"elasticloadbalancing:DescribeRules", | |
"elasticloadbalancing:DescribeTags", | |
"elasticloadbalancing:DescribeTargetGroups", | |
"elasticloadbalancing:DescribeTargetHealth" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/aws-service-role/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJKBMSBWLU2TGXHHUQ", | |
"PolicyName": "AmazonInspectorServiceRolePolicy", | |
"UpdateDate": "2018-05-10T18:36:01+00:00", | |
"VersionId": "v4" | |
}, | |
"AmazonKinesisAnalyticsFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-09-21T19:01:14+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "kinesisanalytics:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"kinesis:CreateStream", | |
"kinesis:DeleteStream", | |
"kinesis:DescribeStream", | |
"kinesis:ListStreams", | |
"kinesis:PutRecord", | |
"kinesis:PutRecords" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"firehose:DescribeDeliveryStream", | |
"firehose:ListDeliveryStreams" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"cloudwatch:GetMetricStatistics", | |
"cloudwatch:ListMetrics" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "logs:GetLogEvents", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:ListPolicyVersions", | |
"iam:ListRoles" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:PassRole", | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/service-role/kinesis-analytics*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJQOSKHTXP43R7P5AC", | |
"PolicyName": "AmazonKinesisAnalyticsFullAccess", | |
"UpdateDate": "2016-09-21T19:01:14+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonKinesisAnalyticsReadOnly": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsReadOnly", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-09-21T18:16:43+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"kinesisanalytics:Describe*", | |
"kinesisanalytics:Get*", | |
"kinesisanalytics:List*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"kinesis:DescribeStream", | |
"kinesis:ListStreams" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"firehose:DescribeDeliveryStream", | |
"firehose:ListDeliveryStreams" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"cloudwatch:GetMetricStatistics", | |
"cloudwatch:ListMetrics" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "logs:GetLogEvents", | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:ListPolicyVersions", | |
"iam:ListRoles" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIJIEXZAFUK43U7ARK", | |
"PolicyName": "AmazonKinesisAnalyticsReadOnly", | |
"UpdateDate": "2016-09-21T18:16:43+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonKinesisFirehoseFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonKinesisFirehoseFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-10-07T18:45:26+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"firehose:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJMZQMTZ7FRBFHHAHI", | |
"PolicyName": "AmazonKinesisFirehoseFullAccess", | |
"UpdateDate": "2015-10-07T18:45:26+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonKinesisFirehoseReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonKinesisFirehoseReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-10-07T18:43:39+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"firehose:Describe*", | |
"firehose:List*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJ36NT645INW4K24W6", | |
"PolicyName": "AmazonKinesisFirehoseReadOnlyAccess", | |
"UpdateDate": "2015-10-07T18:43:39+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonKinesisFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonKinesisFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-02-06T18:40:29+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "kinesis:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIVF32HAMOXCUYRAYE", | |
"PolicyName": "AmazonKinesisFullAccess", | |
"UpdateDate": "2015-02-06T18:40:29+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonKinesisReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonKinesisReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-02-06T18:40:30+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"kinesis:Get*", | |
"kinesis:List*", | |
"kinesis:Describe*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIOCMTDT5RLKZ2CAJO", | |
"PolicyName": "AmazonKinesisReadOnlyAccess", | |
"UpdateDate": "2015-02-06T18:40:30+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonKinesisVideoStreamsFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonKinesisVideoStreamsFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-12-01T23:27:18+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": "kinesisvideo:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIZAN5AK7E7UVYIAZY", | |
"PolicyName": "AmazonKinesisVideoStreamsFullAccess", | |
"UpdateDate": "2017-12-01T23:27:18+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonKinesisVideoStreamsReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonKinesisVideoStreamsReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-12-01T23:14:32+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"kinesisvideo:Describe*", | |
"kinesisvideo:Get*", | |
"kinesisvideo:List*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJDS2DKUCYTEA7M6UA", | |
"PolicyName": "AmazonKinesisVideoStreamsReadOnlyAccess", | |
"UpdateDate": "2017-12-01T23:14:32+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonLaunchWizardFullaccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonLaunchWizardFullaccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-11-13T17:08:13+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudformation:CreateStack", | |
"cloudformation:DeleteStack", | |
"cloudformation:DescribeStack*", | |
"cloudformation:Get*", | |
"cloudformation:ListStacks", | |
"cloudformation:SignalResource", | |
"ec2:AllocateAddress", | |
"ec2:AllocateHosts", | |
"ec2:AssignPrivateIpAddresses", | |
"ec2:AssociateAddress", | |
"ec2:AssociateDhcpOptions", | |
"ec2:AssociateSubnetCidrBlock", | |
"ec2:AttachInternetGateway", | |
"ec2:AttachNetworkInterface", | |
"ec2:AttachVolume", | |
"ec2:AuthorizeSecurityGroupEgress", | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:CreateDhcpOptions", | |
"ec2:CreateEgressOnlyInternetGateway", | |
"ec2:CreateInternetGateway", | |
"ec2:CreateNatGateway", | |
"ec2:CreateNetworkInterface", | |
"ec2:CreateSecurityGroup", | |
"ec2:CreateVolume", | |
"ec2:CreateVpc", | |
"ec2:CreateVpcEndpoint", | |
"ec2:DeleteDhcpOptions", | |
"ec2:DeleteInternetGateway", | |
"ec2:DeleteKeyPair", | |
"ec2:DeleteNatGateway", | |
"ec2:DeleteSecurityGroup", | |
"ec2:DeleteSnapshot", | |
"ec2:DeleteVolume", | |
"ec2:DeleteVpc", | |
"ec2:DetachInternetGateway", | |
"ec2:DetachVolume", | |
"ec2:DisassociateIamInstanceProfile", | |
"ec2:DisassociateRouteTable", | |
"ec2:DisassociateSubnetCidrBlock", | |
"ec2:GetConsoleOutput", | |
"ec2:GetPasswordData", | |
"ec2:ModifyInstanceAttribute", | |
"ec2:ModifySubnetAttribute", | |
"ec2:ModifyVolumeAttribute", | |
"ec2:ModifyVpcAttribute", | |
"ec2:ReleaseAddress", | |
"ec2:ReplaceRoute", | |
"ec2:ReplaceRouteTableAssociation", | |
"ec2:RevokeSecurityGroupEgress", | |
"ec2:RevokeSecurityGroupIngress", | |
"ec2:RunInstances", | |
"ec2:StartInstances", | |
"ec2:StopInstances", | |
"ec2:TerminateInstances", | |
"ssm:SendCommand" | |
], | |
"Condition": { | |
"ForAllValues:StringLike": { | |
"aws:TagKeys": "LaunchWizardResourceGroupID" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"iam:CreateInstanceProfile", | |
"iam:DeleteInstanceProfile", | |
"iam:PassRole", | |
"iam:RemoveRoleFromInstanceProfile", | |
"iam:AddRoleToInstanceProfile" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard*", | |
"arn:aws:iam::*:instance-profile/LaunchWizard*" | |
], | |
"Sid": "VisualEditor0" | |
}, | |
{ | |
"Action": [ | |
"autoscaling:AttachInstances", | |
"autoscaling:CreateAutoScalingGroup", | |
"autoscaling:CreateLaunchConfiguration", | |
"autoscaling:DeleteAutoScalingGroup", | |
"autoscaling:DeleteLaunchConfiguration", | |
"autoscaling:UpdateAutoScalingGroup", | |
"logs:CreateLogStream", | |
"logs:DeleteLogGroup", | |
"logs:DeleteLogStream", | |
"logs:DescribeLog*", | |
"logs:PutLogEvents", | |
"resource-groups:CreateGroup", | |
"resource-groups:DeleteGroup", | |
"sns:ListSubscriptionsByTopic", | |
"sns:Publish", | |
"ssm:DeleteDocument", | |
"ssm:DeleteParameter*", | |
"ssm:DescribeDocument*", | |
"ssm:GetDocument", | |
"ssm:PutParameter" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:resource-groups:*:*:group/LaunchWizard*", | |
"arn:aws:sns:*:*:*", | |
"arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/LaunchWizard*", | |
"arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/LaunchWizard*", | |
"arn:aws:ssm:*:*:parameter/LaunchWizard*", | |
"arn:aws:ssm:*:*:document/LaunchWizard*", | |
"arn:aws:logs:*:*:log-group:*:*:*", | |
"arn:aws:logs:::log-group:LaunchWizard*" | |
] | |
}, | |
{ | |
"Action": [ | |
"logs:DeleteLogStream", | |
"logs:GetLogEvents", | |
"logs:PutLogEvents", | |
"ssm:AddTagsToResource", | |
"ssm:DescribeDocument", | |
"ssm:GetDocument", | |
"ssm:ListTagsForResource", | |
"ssm:RemoveTagsFromResource" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:logs:*:*:log-group:*:*:*", | |
"arn:aws:logs:::log-group:LaunchWizard*", | |
"arn:aws:ssm:*:*:parameter/LaunchWizard*", | |
"arn:aws:ssm:*:*:document/LaunchWizard*" | |
] | |
}, | |
{ | |
"Action": [ | |
"autoscaling:DescribeAutoScaling*", | |
"autoscaling:DescribeLaunchConfigurations", | |
"autoscaling:DescribeNotificationConfigurations", | |
"autoscaling:DescribePolicies", | |
"autoscaling:DescribeScaling*", | |
"autoscaling:DescribeScheduledActions", | |
"cloudformation:DescribeAccountLimits", | |
"cloudformation:DescribeStackDriftDetectionStatus", | |
"cloudformation:List*", | |
"ds:AddIpRoutes", | |
"ds:CreateComputer", | |
"ds:CreateMicrosoftAD", | |
"ds:DeleteDirectory", | |
"ds:Describe*", | |
"ds:ListAuthorizedApplications", | |
"ec2:AssociateRouteTable", | |
"ec2:AssociateVpcCidrBlock", | |
"ec2:CreateInternetGateway", | |
"ec2:CreateKeyPair", | |
"ec2:CreateNatGateway", | |
"ec2:CreateRoute", | |
"ec2:CreateRouteTable", | |
"ec2:CreateSubnet", | |
"ec2:CreateTags", | |
"ec2:DeleteNetworkAcl", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DeleteNetworkInterfacePermission", | |
"ec2:DeleteRoute", | |
"ec2:DeleteRouteTable", | |
"ec2:DeleteSubnet", | |
"ec2:DeleteTags", | |
"ec2:DescribeAccountAttributes", | |
"ec2:DescribeAddresses", | |
"ec2:DescribeAvailabilityZones", | |
"ec2:DescribeDhcpOptions", | |
"ec2:DescribeEgressOnlyInternetGateways", | |
"ec2:DescribeImage*", | |
"ec2:DescribeInstanceStatus", | |
"ec2:DescribeInstances", | |
"ec2:DescribeInternetGateways", | |
"ec2:DescribeKeyPairs", | |
"ec2:DescribeNatGateways", | |
"ec2:DescribeNetwork*", | |
"ec2:DescribeRegions", | |
"ec2:DescribeRouteTables", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSnapshot*", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeTags", | |
"ec2:DescribeVolume*", | |
"ec2:DescribeVpc*", | |
"ec2:DetachNetworkInterface", | |
"ec2:DisassociateAddress", | |
"ec2:DisassociateVpcCidrBlock", | |
"ec2:GetLaunchTemplateData", | |
"ec2:ModifyNetworkInterfaceAttribute", | |
"ec2:ModifyVolume", | |
"iam:GetRole", | |
"iam:GetRolePolicy", | |
"iam:List*", | |
"logs:CreateLogGroup", | |
"logs:GetLogDelivery", | |
"logs:GetLogRecord", | |
"logs:ListLogDeliveries", | |
"resource-groups:Get*", | |
"resource-groups:List*", | |
"servicequotas:GetServiceQuota", | |
"servicequotas:ListServiceQuotas", | |
"sns:ListSubscriptions", | |
"sns:ListTopics", | |
"ssm:CreateDocument", | |
"ssm:DescribeAutomation*", | |
"ssm:DescribeInstanceInformation", | |
"ssm:DescribeParameters", | |
"ssm:GetAutomationExecution", | |
"ssm:GetCommandInvocation", | |
"ssm:GetParameter*", | |
"ssm:ListCommand*", | |
"ssm:ListDocument*", | |
"ssm:ListInstanceAssociations", | |
"ssm:SendAutomationSignal", | |
"ssm:StartAutomationExecution", | |
"ssm:StopAutomationExecution", | |
"tag:Get*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "logs:GetLog*", | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:logs:*:*:log-group:*:*:*", | |
"arn:aws:logs:::log-group:LaunchWizard*" | |
] | |
}, | |
{ | |
"Action": [ | |
"cloudformation:List*", | |
"cloudformation:Describe*" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:cloudformation:::stack/LaunchWizard*/" | |
}, | |
{ | |
"Action": [ | |
"iam:CreateServiceLinkedRole" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling*" | |
] | |
}, | |
{ | |
"Action": "launchwizard:*", | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAZKAPJZG4E27VRMEE5", | |
"PolicyName": "AmazonLaunchWizardFullaccess", | |
"UpdateDate": "2019-11-13T17:08:13+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonLexFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonLexFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-11-15T23:55:07+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"cloudwatch:GetMetricStatistics", | |
"cloudwatch:DescribeAlarms", | |
"cloudwatch:DescribeAlarmsForMetric", | |
"kms:DescribeKey", | |
"kms:ListAliases", | |
"lambda:GetPolicy", | |
"lambda:ListFunctions", | |
"lex:*", | |
"polly:DescribeVoices", | |
"polly:SynthesizeSpeech" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
] | |
}, | |
{ | |
"Action": [ | |
"lambda:AddPermission", | |
"lambda:RemovePermission" | |
], | |
"Condition": { | |
"StringLike": { | |
"lambda:Principal": "lex.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:lambda:*:*:function:AmazonLex*" | |
}, | |
{ | |
"Action": [ | |
"iam:GetRole", | |
"iam:DeleteRole" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots", | |
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:CreateServiceLinkedRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": "lex.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:DeleteServiceLinkedRole", | |
"iam:GetServiceLinkedRoleDeletionStatus" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:DetachRolePolicy" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:PolicyArn": "arn:aws:iam::aws:policy/aws-service-role/AmazonLexBotPolicy" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:CreateServiceLinkedRole" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": "channels.lex.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:DeleteServiceLinkedRole", | |
"iam:GetServiceLinkedRoleDeletionStatus" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels" | |
] | |
}, | |
{ | |
"Action": [ | |
"iam:DetachRolePolicy" | |
], | |
"Condition": { | |
"StringLike": { | |
"iam:PolicyArn": "arn:aws:iam::aws:policy/aws-service-role/LexChannelPolicy" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJVLXDHKVC23HRTKSI", | |
"PolicyName": "AmazonLexFullAccess", | |
"UpdateDate": "2017-11-15T23:55:07+00:00", | |
"VersionId": "v4" | |
}, | |
"AmazonLexReadOnly": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonLexReadOnly", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-04-11T23:13:33+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"lex:GetBot", | |
"lex:GetBotAlias", | |
"lex:GetBotAliases", | |
"lex:GetBots", | |
"lex:GetBotChannelAssociation", | |
"lex:GetBotChannelAssociations", | |
"lex:GetBotVersions", | |
"lex:GetBuiltinIntent", | |
"lex:GetBuiltinIntents", | |
"lex:GetBuiltinSlotTypes", | |
"lex:GetIntent", | |
"lex:GetIntents", | |
"lex:GetIntentVersions", | |
"lex:GetSlotType", | |
"lex:GetSlotTypes", | |
"lex:GetSlotTypeVersions", | |
"lex:GetUtterancesView" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJGBI5LSMAJNDGBNAM", | |
"PolicyName": "AmazonLexReadOnly", | |
"UpdateDate": "2017-04-11T23:13:33+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonLexRunBotsOnly": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonLexRunBotsOnly", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-04-11T23:06:24+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"lex:PostContent", | |
"lex:PostText" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJVZGB5CM3N6YWJHBE", | |
"PolicyName": "AmazonLexRunBotsOnly", | |
"UpdateDate": "2017-04-11T23:06:24+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonMQApiFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonMQApiFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-12-18T20:31:31+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"mq:*", | |
"ec2:CreateNetworkInterface", | |
"ec2:CreateNetworkInterfacePermission", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DeleteNetworkInterfacePermission", | |
"ec2:DetachNetworkInterface", | |
"ec2:DescribeInternetGateways", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DescribeNetworkInterfacePermissions", | |
"ec2:DescribeRouteTables", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"logs:CreateLogGroup" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:logs:*:*:log-group:/aws/amazonmq/*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAI4CMO533EBV3L2GW4", | |
"PolicyName": "AmazonMQApiFullAccess", | |
"UpdateDate": "2018-12-18T20:31:31+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonMQApiReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonMQApiReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-12-18T20:31:13+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"mq:Describe*", | |
"mq:List*", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIKI5JRHKAFHXQJKMO", | |
"PolicyName": "AmazonMQApiReadOnlyAccess", | |
"UpdateDate": "2018-12-18T20:31:13+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonMQFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonMQFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2018-12-18T20:33:17+00:00", | |
"DefaultVersionId": "v4", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"mq:*", | |
"cloudformation:CreateStack", | |
"ec2:CreateNetworkInterface", | |
"ec2:CreateNetworkInterfacePermission", | |
"ec2:DeleteNetworkInterface", | |
"ec2:DeleteNetworkInterfacePermission", | |
"ec2:DetachNetworkInterface", | |
"ec2:DescribeInternetGateways", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DescribeNetworkInterfacePermissions", | |
"ec2:DescribeRouteTables", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"ec2:CreateSecurityGroup", | |
"ec2:AuthorizeSecurityGroupIngress" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": [ | |
"logs:CreateLogGroup" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:logs:*:*:log-group:/aws/amazonmq/*" | |
] | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJLKBROJNQYDDXOOGG", | |
"PolicyName": "AmazonMQFullAccess", | |
"UpdateDate": "2018-12-18T20:33:17+00:00", | |
"VersionId": "v4" | |
}, | |
"AmazonMQReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonMQReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2017-11-28T19:02:03+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"mq:Describe*", | |
"mq:List*", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJFH3NKGULDUU66D5C", | |
"PolicyName": "AmazonMQReadOnlyAccess", | |
"UpdateDate": "2017-11-28T19:02:03+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonMSKFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonMSKFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-01-14T22:07:52+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"kafka:*", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"ec2:DescribeSecurityGroups", | |
"kms:DescribeKey", | |
"kms:CreateGrant" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
}, | |
{ | |
"Action": "iam:CreateServiceLinkedRole", | |
"Condition": { | |
"StringLike": { | |
"iam:AWSServiceName": "kafka.amazonaws.com" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/kafka.amazonaws.com/AWSServiceRoleForKafka*" | |
}, | |
{ | |
"Action": [ | |
"iam:AttachRolePolicy", | |
"iam:PutRolePolicy" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:iam::*:role/aws-service-role/kafka.amazonaws.com/AWSServiceRoleForKafka*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJERQQQTWI5OMENTQE", | |
"PolicyName": "AmazonMSKFullAccess", | |
"UpdateDate": "2019-01-14T22:07:52+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonMSKReadOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonMSKReadOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2019-01-14T22:28:45+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"kafka:Describe*", | |
"kafka:List*", | |
"kafka:Get*", | |
"ec2:DescribeNetworkInterfaces", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVpcs", | |
"kms:DescribeKey" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJGMUI3DP2EVP3VGYO", | |
"PolicyName": "AmazonMSKReadOnlyAccess", | |
"UpdateDate": "2019-01-14T22:28:45+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonMachineLearningBatchPredictionsAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningBatchPredictionsAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-04-09T17:12:19+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"machinelearning:CreateBatchPrediction", | |
"machinelearning:DeleteBatchPrediction", | |
"machinelearning:DescribeBatchPredictions", | |
"machinelearning:GetBatchPrediction", | |
"machinelearning:UpdateBatchPrediction" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAILOI4HTQSFTF3GQSC", | |
"PolicyName": "AmazonMachineLearningBatchPredictionsAccess", | |
"UpdateDate": "2015-04-09T17:12:19+00:00", | |
"VersionId": "v1" | |
}, | |
"AmazonMachineLearningCreateOnlyAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningCreateOnlyAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2016-06-29T20:55:03+00:00", | |
"DefaultVersionId": "v2", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"machinelearning:Add*", | |
"machinelearning:Create*", | |
"machinelearning:Delete*", | |
"machinelearning:Describe*", | |
"machinelearning:Get*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAJDRUNIC2RYAMAT3CK", | |
"PolicyName": "AmazonMachineLearningCreateOnlyAccess", | |
"UpdateDate": "2016-06-29T20:55:03+00:00", | |
"VersionId": "v2" | |
}, | |
"AmazonMachineLearningFullAccess": { | |
"Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningFullAccess", | |
"AttachmentCount": 0, | |
"CreateDate": "2015-04-09T17:25:41+00:00", | |
"DefaultVersionId": "v1", | |
"Document": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"machinelearning:*" | |
], | |
"Effect": "Allow", | |
"Resource": "*" | |
} | |
], | |
"Version": "2012-10-17" | |
}, | |
"IsAttachable": true, | |
"IsDefaultVersion": true, | |
"Path": "/", | |
"PermissionsBoundaryUsageCount": 0, | |
"PolicyId": "ANPAIWKW6AGSGYOQ5ERHC", | |
"PolicyName": "AmazonMachineLearningFullAccess", |
(Sorry about that, but we can’t show files that are this big right now.)
Do you make this map to solve this issue?
No, I made this code so that I could easily see the details of the managed policies since AWS doesn't publish them.
@gene1wood thanks a lot! Wouldn't you mind updating this list with actual data? It would save some time for someone trying to get actual roles list (AWSSecurityHubReadOnlyAccess
let's say, introduced in 2019).
@paskal Sure, I've updated the list as of Nov 18 2019. The code to generate this list is just above if you want to generate it yourself.
Thank you so much for this @gene1wood. That's exactly what I needed to build my little CLI helper that finds AWS managed policies (which you can try if you have nodejs installed by running: npx get-policies
).
If this helps, I've noticed that your list is missing arn:aws:iam::aws:policy/service-role/AmazonMachineLearningRoleforRedshiftDataSourceV3
.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:RevokeSecurityGroupIngress",
"redshift:AuthorizeClusterSecurityGroupIngress",
"redshift:CreateClusterSecurityGroup",
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"redshift:ModifyCluster",
"redshift:RevokeClusterSecurityGroupIngress"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:PutBucketPolicy",
"s3:GetBucketLocation",
"s3:GetBucketPolicy",
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::amazon-machine-learning*"
}
]
}
why did you do this?
I am trying to create a resource template for an IAM Policy, I can get the inline policy documents from this object, but I am unable to get the policy_document for a managed policy... Do you make this map to solve this issue?