michael-dev2rights/ansible_integration_iam.json.j2

## ansible_integration_iam.json.j2
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1489152727000",
            "Effect": "Allow",
            "Action": [
                "ec2:Describe*"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "Stmt1489154822000",
            "Effect": "Allow",
            "Action": [
                "ec2:CreateKeyPair",
                "ec2:CreateNatGateway",
                "ec2:DeleteKeyPair",
                "ec2:ImportKeyPair",
                "ec2:DescribeSecurityGroups",
                "ec2:CreateSecurityGroup",
                "ec2:RevokeSecurityGroupEgress",
                "ec2:AuthorizeSecurityGroupIngress",
                "ec2:DeleteSecurityGroup",
                "ec2:RunInstances",
                "ec2:CreateTags",
                "ec2:TerminateInstances",
                "ec2:AllocateAddress",
                "ec2:AssociateAddress",
                "ec2:DisassociateAddress",
                "ec2:ReleaseAddress",
                "ec2:CreateSubnet",
                "ec2:CreateVpc",
                "ec2:CreateRouteTable",
                "ec2:ModifyRouteTable",
                "ec2:DescribeRouteTable",
                "ec2:AssociateRouteTable",
                "ec2:DisassociateRouteTable",
                "ec2:ModifyVpcAttribute",
                "ec2:CreateInternetGateway",
                "ec2:AttachInternetGateway",
                "ec2:DeleteNatGateway"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "AllowManageSecurityGroupsForSetup",
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeSecurityGroups",
                "ec2:CreateSecurityGroup",
                "ec2:RevokeSecurityGroupEgress",
                "ec2:AuthorizeSecurityGroupIngress",
                "ec2:DeleteSecurityGroup",
                "ec2:RevokeSecurityGroupIngress"
            ],
            "Resource": [
                "arn:aws:ec2:{{region}}:{{account}}:security-group/*"
            ]
        },
        {
            "Sid": "Stmt1489163124000",
            "Effect": "Allow",
            "Action": [
                "autoscaling:DescribeAutoScalingGroups",
                "autoscaling:DescribeLaunchConfigurations",
                "autoscaling:CreateLaunchConfiguration",
                "autoscaling:CreateAutoScalingGroup",
                "autoscaling:UpdateAutoScalingGroup",
                "autoscaling:DeleteAutoScalingGroup",
                "autoscaling:DeleteLaunchConfiguration"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "AllowReadAllLoadBalancers",
            "Effect": "Allow",
            "Action": [
                "elasticloadbalancing:DescribeLoadBalancers",
                "elasticloadbalancing:DescribeLoadBalancerAttributes",
                "elasticloadbalancing:DescribeInstanceHealth"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "AllowManagementofOwnLoadBalancers",
            "Effect": "Allow",
            "Action": [
                "elasticloadbalancing:DescribeLoadBalancers",
                "elasticloadbalancing:CreateLoadBalancer",
                "elasticloadbalancing:DeleteLoadBalancer",
                "elasticloadbalancing:ConfigureHealthCheck",
                "elasticloadbalancing:DescribeLoadBalancerAttributes",
                "elasticloadbalancing:ModifyLoadBalancerAttributes",
                "elasticloadbalancing:EnableAvailabilityZonesForLoadBalancer",
                "elasticloadbalancing:DisableAvailabilityZonesForLoadBalancer",
                "elasticloadbalancing:DeleteLoadBalancerListeners",
                "elasticloadbalancing:CreateLoadBalancerListeners",
                "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
                "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
                "elasticloadbalancing:DescribeInstanceHealth"
            ],
            "Resource": [
                "arn:aws:elasticloadbalancing:{{region}}:{{account}}:loadbalancer/ansible-testing-*"
            ]
        },
        {
            "Sid": "Stmt1489417130000",
            "Effect": "Allow",
            "Action": [
                "ecr:DescribeRepositories",
                "ecr:CreateRepository",
                "ecr:DescribeRepositories",
                "ecr:GetRepositoryPolicy",
                "ecr:DescribeRepositories",
                "ecr:SetRepositoryPolicy",
                "ecr:DeleteRepository",
                "ecr:DeleteRepositoryPolicy",
                "ecr:DeleteRepositoryPolicy"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "AllowOldRDSModule",
            "Effect": "Allow",
            "Action": [
                "rds:DescribeDBInstances",
                "rds:CreateDBInstance",
                "rds:ModifyDBInstance",
                "rds:DeleteDBInstance"
            ],
            "Resource": [
                "arn:aws:rds:{{region}}:{{account}}:db:ansible-testing*"
            ]
        },
        {
            "Sid": "AllowRDSModuleCompatibilityTests",
            "Effect": "Allow",
            "Action": [
                "rds:DescribeDBInstances",
                "rds:CreateDBInstance",
                "rds:ModifyDBInstance",
                "rds:ListTagsForResource",
                "rds:DeleteDBInstance"
            ],
            "Resource": [
                "arn:aws:rds:{{region}}:{{account}}:db:ansible-testing*"
            ]
        },
        {
            "Sid": "AllowRDSInstanceManageOwnInstance",
            "Effect": "Allow",
            "Action": [
                "rds:CreateDBInstance",
                "rds:ModifyDBInstance",
                "rds:ListTagsForResource",
                "rds:DescribeDBInstances"
            ],
            "Resource": [
                "arn:aws:rds:{{region}}:{{account}}:db:rds-*"
            ]
        },
        {
            "Sid": "AllowRDSSnapshotManageSnapshots",
            "Effect": "Allow",
            "Action": [
                "rds:DescribeDBSnapshots",
                "rds:DescribeDBInstances",
                "rds:DescribeDBSnapshots",
                "rds:DeleteDBInstance",
                "rds:CreateDBSnapshot",
                "rds:DeleteDBSnapshot",
                "rds:RestoreDBInstanceFromDBSnapshot",
                "rds:CreateDBInstanceReadReplica"
            ],
            "Resource": [
                "arn:aws:rds:{{region}}:{{account}}:snapshot:snapshot-*",
                "arn:aws:rds:{{region}}:{{account}}:snapshot:rds-*",
                "arn:aws:rds:{{region}}:{{account}}:db:rds-*"
            ]
        },
        {
            "Sid": "Stmt1492534430805",
            "Action": [
                "s3:GetObject",
                "s3:ListBucket",
                "s3:PutBucketAcl",
                "s3:CreateBucket",
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:DeleteBucket",
                "s3:DeleteObject"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:s3:::ansible_test_*",
                "arn:aws:s3:::ansible_test_*/*"
            ]
        }
    ]
}
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "Stmt1489152727000",
	"Effect": "Allow",
	"Action": [
	"ec2:Describe*"
	],
	"Resource": [
	"*"
	]
	},
	{
	"Sid": "Stmt1489154822000",
	"Effect": "Allow",
	"Action": [
	"ec2:CreateKeyPair",
	"ec2:CreateNatGateway",
	"ec2:DeleteKeyPair",
	"ec2:ImportKeyPair",
	"ec2:DescribeSecurityGroups",
	"ec2:CreateSecurityGroup",
	"ec2:RevokeSecurityGroupEgress",
	"ec2:AuthorizeSecurityGroupIngress",
	"ec2:DeleteSecurityGroup",
	"ec2:RunInstances",
	"ec2:CreateTags",
	"ec2:TerminateInstances",
	"ec2:AllocateAddress",
	"ec2:AssociateAddress",
	"ec2:DisassociateAddress",
	"ec2:ReleaseAddress",
	"ec2:CreateSubnet",
	"ec2:CreateVpc",
	"ec2:CreateRouteTable",
	"ec2:ModifyRouteTable",
	"ec2:DescribeRouteTable",
	"ec2:AssociateRouteTable",
	"ec2:DisassociateRouteTable",
	"ec2:ModifyVpcAttribute",
	"ec2:CreateInternetGateway",
	"ec2:AttachInternetGateway",
	"ec2:DeleteNatGateway"
	],
	"Resource": [
	"*"
	]
	},
	{
	"Sid": "AllowManageSecurityGroupsForSetup",
	"Effect": "Allow",
	"Action": [
	"ec2:DescribeSecurityGroups",
	"ec2:CreateSecurityGroup",
	"ec2:RevokeSecurityGroupEgress",
	"ec2:AuthorizeSecurityGroupIngress",
	"ec2:DeleteSecurityGroup",
	"ec2:RevokeSecurityGroupIngress"
	],
	"Resource": [
	"arn:aws:ec2:{{region}}:{{account}}:security-group/*"
	]
	},
	{
	"Sid": "Stmt1489163124000",
	"Effect": "Allow",
	"Action": [
	"autoscaling:DescribeAutoScalingGroups",
	"autoscaling:DescribeLaunchConfigurations",
	"autoscaling:CreateLaunchConfiguration",
	"autoscaling:CreateAutoScalingGroup",
	"autoscaling:UpdateAutoScalingGroup",
	"autoscaling:DeleteAutoScalingGroup",
	"autoscaling:DeleteLaunchConfiguration"
	],
	"Resource": [
	"*"
	]
	},
	{
	"Sid": "AllowReadAllLoadBalancers",
	"Effect": "Allow",
	"Action": [
	"elasticloadbalancing:DescribeLoadBalancers",
	"elasticloadbalancing:DescribeLoadBalancerAttributes",
	"elasticloadbalancing:DescribeInstanceHealth"
	],
	"Resource": [
	"*"
	]
	},
	{
	"Sid": "AllowManagementofOwnLoadBalancers",
	"Effect": "Allow",
	"Action": [
	"elasticloadbalancing:DescribeLoadBalancers",
	"elasticloadbalancing:CreateLoadBalancer",
	"elasticloadbalancing:DeleteLoadBalancer",
	"elasticloadbalancing:ConfigureHealthCheck",
	"elasticloadbalancing:DescribeLoadBalancerAttributes",
	"elasticloadbalancing:ModifyLoadBalancerAttributes",
	"elasticloadbalancing:EnableAvailabilityZonesForLoadBalancer",
	"elasticloadbalancing:DisableAvailabilityZonesForLoadBalancer",
	"elasticloadbalancing:DeleteLoadBalancerListeners",
	"elasticloadbalancing:CreateLoadBalancerListeners",
	"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
	"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
	"elasticloadbalancing:DescribeInstanceHealth"
	],
	"Resource": [
	"arn:aws:elasticloadbalancing:{{region}}:{{account}}:loadbalancer/ansible-testing-*"
	]
	},
	{
	"Sid": "Stmt1489417130000",
	"Effect": "Allow",
	"Action": [
	"ecr:DescribeRepositories",
	"ecr:CreateRepository",
	"ecr:DescribeRepositories",
	"ecr:GetRepositoryPolicy",
	"ecr:DescribeRepositories",
	"ecr:SetRepositoryPolicy",
	"ecr:DeleteRepository",
	"ecr:DeleteRepositoryPolicy",
	"ecr:DeleteRepositoryPolicy"
	],
	"Resource": [
	"*"
	]
	},
	{
	"Sid": "AllowOldRDSModule",
	"Effect": "Allow",
	"Action": [
	"rds:DescribeDBInstances",
	"rds:CreateDBInstance",
	"rds:ModifyDBInstance",
	"rds:DeleteDBInstance"
	],
	"Resource": [
	"arn:aws:rds:{{region}}:{{account}}:db:ansible-testing*"
	]
	},
	{
	"Sid": "AllowRDSModuleCompatibilityTests",
	"Effect": "Allow",
	"Action": [
	"rds:DescribeDBInstances",
	"rds:CreateDBInstance",
	"rds:ModifyDBInstance",
	"rds:ListTagsForResource",
	"rds:DeleteDBInstance"
	],
	"Resource": [
	"arn:aws:rds:{{region}}:{{account}}:db:ansible-testing*"
	]
	},
	{
	"Sid": "AllowRDSInstanceManageOwnInstance",
	"Effect": "Allow",
	"Action": [
	"rds:CreateDBInstance",
	"rds:ModifyDBInstance",
	"rds:ListTagsForResource",
	"rds:DescribeDBInstances"
	],
	"Resource": [
	"arn:aws:rds:{{region}}:{{account}}:db:rds-*"
	]
	},
	{
	"Sid": "AllowRDSSnapshotManageSnapshots",
	"Effect": "Allow",
	"Action": [
	"rds:DescribeDBSnapshots",
	"rds:DescribeDBInstances",
	"rds:DescribeDBSnapshots",
	"rds:DeleteDBInstance",
	"rds:CreateDBSnapshot",
	"rds:DeleteDBSnapshot",
	"rds:RestoreDBInstanceFromDBSnapshot",
	"rds:CreateDBInstanceReadReplica"
	],
	"Resource": [
	"arn:aws:rds:{{region}}:{{account}}:snapshot:snapshot-*",
	"arn:aws:rds:{{region}}:{{account}}:snapshot:rds-*",
	"arn:aws:rds:{{region}}:{{account}}:db:rds-*"
	]
	},
	{
	"Sid": "Stmt1492534430805",
	"Action": [
	"s3:GetObject",
	"s3:ListBucket",
	"s3:PutBucketAcl",
	"s3:CreateBucket",
	"s3:PutObject",
	"s3:PutObjectAcl",
	"s3:DeleteBucket",
	"s3:DeleteObject"
	],
	"Effect": "Allow",
	"Resource": [
	"arn:aws:s3:::ansible_test_*",
	"arn:aws:s3:::ansible_test_/"
	]
	}
	]
	}
No results found