Skip to content

Instantly share code, notes, and snippets.

@gusdelact

gusdelact/StudentLab-Level2 permission set.json

Created November 5, 2025 20:13
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save gusdelact/2da7d93ea8fd4c85b3c48d1a785c886b to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save gusdelact/2da7d93ea8fd4c85b3c48d1a785c886b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
StudentLab-Level2 permission set.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "S3Access",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation",
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": "*"
},
{
"Sid": "EC2AndAutoScaling",
"Effect": "Allow",
"Action": [
"ec2:*",
"autoscaling:*",
"elasticloadbalancing:*"
],
"Resource": "*"
},
{
"Sid": "CloudFormationAccess",
"Effect": "Allow",
"Action": [
"cloudformation:*"
],
"Resource": "*"
},
{
"Sid": "CloudWatchAccess",
"Effect": "Allow",
"Action": [
"cloudwatch:*",
"logs:*",
"events:*"
],
"Resource": "*"
},
{
"Sid": "SQSAndSNSAccess",
"Effect": "Allow",
"Action": [
"sqs:*",
"sns:*"
],
"Resource": "*"
},
{
"Sid": "CloudFrontAccess",
"Effect": "Allow",
"Action": [
"cloudfront:*"
],
"Resource": "*"
},
{
"Sid": "IAMReadOnly",
"Effect": "Allow",
"Action": [
"iam:Get*",
"iam:List*",
"iam:GenerateServiceLastAccessedDetails"
],
"Resource": "*"
},
{
"Sid": "Route53Access",
"Effect": "Allow",
"Action": [
"route53:List*",
"route53:Get*",
"route53:ChangeResourceRecordSets",
"route53:CreateHostedZone",
"route53:DeleteHostedZone"
],
"Resource": "*"
},
{
"Sid": "dynamodb",
"Effect": "Allow",
"Action": [
"dynamodb:*"
],
"Resource": "*"
},
{
"Sid": "LambdaAccess",
"Effect": "Allow",
"Action": [
"lambda:*"
],
"Resource": "*"
},
{
"Sid": "SSMAccess",
"Effect": "Allow",
"Action": [
"ssm:*",
"ec2messages:*",
"ssmmessages:*"
],
"Resource": "*"
},
{
"Sid": "ApiGatewayAccess",
"Effect": "Allow",
"Action": [
"apigateway:*"
],
"Resource": "*"
},
{
"Sid": "PassRoleForServices",
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": "*",
"Condition": {
"StringLikeIfExists": {
"iam:PassedToService": [
"ec2.amazonaws.com",
"lambda.amazonaws.com",
"apigateway.amazonaws.com",
"cloudformation.amazonaws.com"
]
}
}
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment