rockybean/iam-policy

## iam-policy
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": "ec2:DescribeAccountAttributes",
      "Resource": "*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "iam:ListPolicies",
        "iam:GetPolicy*",
        "iam:CreatePolicy*"
      ],
      "Resource": "*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "dynamodb:UpdateTimeToLive",
        "dynamodb:UpdateTable*",
        "dynamodb:UntagResource",
        "dynamodb:TagResource",
        "dynamodb:RestoreTable*",
        "dynamodb:ListTagsOfResource",
        "dynamodb:Describe*",
        "dynamodb:DeleteTable*",
        "dynamodb:DeleteBackup",
        "dynamodb:CreateTable*",
        "dynamodb:CreateBackup",
        "dynamodb:*ContinuousBackups"
      ],
      "Resource": "arn:aws:dynamodb:*:522681501109:table/*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "dynamodb:UpdateGlobal*",
        "dynamodb:DescribeGlobal*",
        "dynamodb:DeleteGlobalTable*",
        "dynamodb:CreateGlobalTable"
      ],
      "Resource": "arn:aws:dynamodb:*:522681501109:global-table/*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "dynamodb:ListTables",
        "dynamodb:ListGlobalTables",
        "dynamodb:ListBackups"
      ],
      "Resource": "arn:aws:dynamodb:*:522681501109:*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "kms:TagResource",
        "kms:ScheduleKeyDeletion",
        "kms:ListResourceTags",
        "kms:ListKeys",
        "kms:ListAliases",
        "kms:GetKeyRotationStatus",
        "kms:GetKeyPolicy",
        "kms:DescribeKey",
        "kms:DeleteKey",
        "kms:DeleteAlias",
        "kms:CreateKey",
        "kms:CreateAlias"
      ],
      "Resource": "*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "s3:PutReplicationConfiguration",
        "s3:PutMetricsConfiguration",
        "s3:PutLifecycleConfiguration",
        "s3:PutInventoryConfiguration",
        "s3:PutEncryptionConfiguration",
        "s3:PutBucket*",
        "s3:PutAnalyticsConfiguration",
        "s3:PutAccountPublicAccessBlock",
        "s3:PutAccessPointPolicy",
        "s3:PutAccelerateConfiguration",
        "s3:DeleteBucket",
        "s3:CreateBucket"
      ],
      "Resource": "arn:aws:s3:::*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "s3:ListBucket",
        "s3:ListAllMyBuckets",
        "s3:GetReplicationConfiguration",
        "s3:GetMetricsConfiguration",
        "s3:GetLifecycleConfiguration",
        "s3:GetInventoryConfiguration",
        "s3:GetEncryptionConfiguration",
        "s3:GetBucketLocation",
        "s3:GetBucket*",
        "s3:GetAnalyticsConfiguration",
        "s3:GetAccountPublicAccessBlock",
        "s3:GetAccessPointPolicy",
        "s3:GetAccelerateConfiguration"
      ],
      "Resource": "*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": "eks:*",
      "Resource": "*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": "iam:PassRole",
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "iam:PassedToService": [
            "eks.amazonaws.com"
          ]
        }
      }
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "ec2:RunInstances",
        "ec2:RevokeSecurityGroupIngress",
        "ec2:RevokeSecurityGroupEgress",
        "ec2:ReleaseAddress",
        "ec2:ModifyVpcAttribute",
        "ec2:ModifySubnetAttribute",
        "ec2:DisassociateRouteTable",
        "ec2:DetachInternetGateway",
        "ec2:DescribeTags",
        "ec2:DescribeSubnets",
        "ec2:DescribeSecurityGroups",
        "ec2:DescribeRouteTables",
        "ec2:DescribeRegions",
        "ec2:DescribeNatGateways",
        "ec2:DescribeLaunchTemplates",
        "ec2:DescribeLaunchTemplateVersions",
        "ec2:DescribeInternetGateways",
        "ec2:DescribeImages",
        "ec2:DescribeAvailabilityZones",
        "ec2:DescribeAddresses",
        "ec2:DeleteTags",
        "ec2:CreateTags",
        "ec2:AuthorizeSecurityGroupIngress",
        "ec2:AuthorizeSecurityGroupEgress",
        "ec2:AllocateAddress",
        "ec2:*Vpc*",
        "ec2:*Subnet*",
        "ec2:*SecurityGroup*",
        "ec2:*RouteTable*",
        "ec2:*Route*",
        "ec2:*NetworkAcl*",
        "ec2:*NatGateway*",
        "ec2:*LaunchTemplate",
        "ec2:*InternetGateway*"
      ],
      "Resource": "*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "autoscaling:UpdateAutoScalingGroup",
        "autoscaling:DescribeScalingActivities",
        "autoscaling:DescribeLaunchConfigurations",
        "autoscaling:DescribeAutoScalingGroups",
        "autoscaling:DeleteLaunchConfiguration",
        "autoscaling:DeleteAutoScalingGroup",
        "autoscaling:CreateLaunchConfiguration",
        "autoscaling:CreateAutoScalingGroup"
      ],
      "Resource": "*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": "cloudformation:*",
      "Resource": "*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "iam:RemoveRoleFromInstanceProfile",
        "iam:PutRolePolicy",
        "iam:PassRole",
        "iam:ListInstanceProfilesForRole",
        "iam:ListInstanceProfiles",
        "iam:GetRolePolicy",
        "iam:GetRole",
        "iam:GetOpenIDConnectProvider",
        "iam:GetInstanceProfile",
        "iam:DetachRolePolicy",
        "iam:DeleteRolePolicy",
        "iam:DeleteRole",
        "iam:DeleteInstanceProfile",
        "iam:CreateRole",
        "iam:CreateInstanceProfile",
        "iam:AttachRolePolicy",
        "iam:AddRoleToInstanceProfile"
      ],
      "Resource": [
        "arn:aws:iam::522681501109:role/*",
        "arn:aws:iam::522681501109:instance-profile/*"
      ]
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "iam:GetOpenIDConnectProvider",
        "iam:DeleteOpenIDConnectProvider",
        "iam:CreateOpenIDConnectProvider"
      ],
      "Resource": "arn:aws:iam::522681501109:oidc-provider/*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "iam:UpdateRole",
        "iam:UpdateAssumeRolePolicy",
        "iam:UntagRole",
        "iam:TagRole",
        "iam:RemoveRoleFromInstanceProfile",
        "iam:PutRolePolicy",
        "iam:PassRole",
        "iam:ListRole*",
        "iam:ListPolicy*",
        "iam:ListInstanceProfilesForRole",
        "iam:ListInstanceProfiles",
        "iam:ListEntitiesForPolicy",
        "iam:ListAttached*",
        "iam:GetRole*",
        "iam:GetPolicy*",
        "iam:GetInstanceProfile",
        "iam:GetAccountSummary",
        "iam:GetAccountAuthorizationDetails",
        "iam:GenerateServiceLastAccessedDetails",
        "iam:DetachRolePolicy",
        "iam:DeleteServiceLinkedRole",
        "iam:DeleteRole*",
        "iam:DeletePolicy*",
        "iam:DeleteInstanceProfile",
        "iam:CreateServiceLinkedRole",
        "iam:CreateRole*",
        "iam:CreatePolicy*",
        "iam:CreateInstanceProfile",
        "iam:AttachRolePolicy",
        "iam:AddRoleToInstanceProfile"
      ],
      "Resource": "*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "acm:ResendValidationEmail",
        "acm:RequestCertificate",
        "acm:RemoveTagsFromCertificate",
        "acm:ListTagsForCertificate",
        "acm:ListCertificates",
        "acm:ImportCertificate",
        "acm:GetCertificate",
        "acm:ExportCertificate",
        "acm:DescribeCertificate",
        "acm:DeleteCertificate",
        "acm:AddTagsToCertificate"
      ],
      "Resource": "*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "route53:ListResourceRecordSets",
        "route53:GetHostedZone",
        "route53:ChangeResourceRecordSets"
      ],
      "Resource": "arn:aws:route53:::hostedzone/*"
    },
    {
      "Sid": "",
      "Effect": "Allow",
      "Action": [
        "route53:ListTagsForResource",
        "route53:ListHostedZonesByName",
        "route53:ListHostedZones",
        "route53:GetChange"
      ],
      "Resource": "*"
    }
  ]
}
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": "ec2:DescribeAccountAttributes",
	"Resource": "*"
	},
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": [
	"iam:ListPolicies",
	"iam:GetPolicy*",
	"iam:CreatePolicy*"
	],
	"Resource": "*"
	},
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": [
	"dynamodb:UpdateTimeToLive",
	"dynamodb:UpdateTable*",
	"dynamodb:UntagResource",
	"dynamodb:TagResource",
	"dynamodb:RestoreTable*",
	"dynamodb:ListTagsOfResource",
	"dynamodb:Describe*",
	"dynamodb:DeleteTable*",
	"dynamodb:DeleteBackup",
	"dynamodb:CreateTable*",
	"dynamodb:CreateBackup",
	"dynamodb:*ContinuousBackups"
	],
	"Resource": "arn:aws:dynamodb::522681501109:table/"
	},
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": [
	"dynamodb:UpdateGlobal*",
	"dynamodb:DescribeGlobal*",
	"dynamodb:DeleteGlobalTable*",
	"dynamodb:CreateGlobalTable"
	],
	"Resource": "arn:aws:dynamodb::522681501109:global-table/"
	},
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": [
	"dynamodb:ListTables",
	"dynamodb:ListGlobalTables",
	"dynamodb:ListBackups"
	],
	"Resource": "arn:aws:dynamodb::522681501109:"
	},
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": [
	"kms:TagResource",
	"kms:ScheduleKeyDeletion",
	"kms:ListResourceTags",
	"kms:ListKeys",
	"kms:ListAliases",
	"kms:GetKeyRotationStatus",
	"kms:GetKeyPolicy",
	"kms:DescribeKey",
	"kms:DeleteKey",
	"kms:DeleteAlias",
	"kms:CreateKey",
	"kms:CreateAlias"
	],
	"Resource": "*"
	},
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": [
	"s3:PutReplicationConfiguration",
	"s3:PutMetricsConfiguration",
	"s3:PutLifecycleConfiguration",
	"s3:PutInventoryConfiguration",
	"s3:PutEncryptionConfiguration",
	"s3:PutBucket*",
	"s3:PutAnalyticsConfiguration",
	"s3:PutAccountPublicAccessBlock",
	"s3:PutAccessPointPolicy",
	"s3:PutAccelerateConfiguration",
	"s3:DeleteBucket",
	"s3:CreateBucket"
	],
	"Resource": "arn:aws:s3:::*"
	},
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": [
	"s3:ListBucket",
	"s3:ListAllMyBuckets",
	"s3:GetReplicationConfiguration",
	"s3:GetMetricsConfiguration",
	"s3:GetLifecycleConfiguration",
	"s3:GetInventoryConfiguration",
	"s3:GetEncryptionConfiguration",
	"s3:GetBucketLocation",
	"s3:GetBucket*",
	"s3:GetAnalyticsConfiguration",
	"s3:GetAccountPublicAccessBlock",
	"s3:GetAccessPointPolicy",
	"s3:GetAccelerateConfiguration"
	],
	"Resource": "*"
	},
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": "eks:*",
	"Resource": "*"
	},
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": "iam:PassRole",
	"Resource": "*",
	"Condition": {
	"StringEquals": {
	"iam:PassedToService": [
	"eks.amazonaws.com"
	]
	}
	}
	},
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": [
	"ec2:RunInstances",
	"ec2:RevokeSecurityGroupIngress",
	"ec2:RevokeSecurityGroupEgress",
	"ec2:ReleaseAddress",
	"ec2:ModifyVpcAttribute",
	"ec2:ModifySubnetAttribute",
	"ec2:DisassociateRouteTable",
	"ec2:DetachInternetGateway",
	"ec2:DescribeTags",
	"ec2:DescribeSubnets",
	"ec2:DescribeSecurityGroups",
	"ec2:DescribeRouteTables",
	"ec2:DescribeRegions",
	"ec2:DescribeNatGateways",
	"ec2:DescribeLaunchTemplates",
	"ec2:DescribeLaunchTemplateVersions",
	"ec2:DescribeInternetGateways",
	"ec2:DescribeImages",
	"ec2:DescribeAvailabilityZones",
	"ec2:DescribeAddresses",
	"ec2:DeleteTags",
	"ec2:CreateTags",
	"ec2:AuthorizeSecurityGroupIngress",
	"ec2:AuthorizeSecurityGroupEgress",
	"ec2:AllocateAddress",
	"ec2:Vpc",
	"ec2:Subnet",
	"ec2:SecurityGroup",
	"ec2:RouteTable",
	"ec2:Route",
	"ec2:NetworkAcl",
	"ec2:NatGateway",
	"ec2:*LaunchTemplate",
	"ec2:InternetGateway"
	],
	"Resource": "*"
	},
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": [
	"autoscaling:UpdateAutoScalingGroup",
	"autoscaling:DescribeScalingActivities",
	"autoscaling:DescribeLaunchConfigurations",
	"autoscaling:DescribeAutoScalingGroups",
	"autoscaling:DeleteLaunchConfiguration",
	"autoscaling:DeleteAutoScalingGroup",
	"autoscaling:CreateLaunchConfiguration",
	"autoscaling:CreateAutoScalingGroup"
	],
	"Resource": "*"
	},
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": "cloudformation:*",
	"Resource": "*"
	},
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": [
	"iam:RemoveRoleFromInstanceProfile",
	"iam:PutRolePolicy",
	"iam:PassRole",
	"iam:ListInstanceProfilesForRole",
	"iam:ListInstanceProfiles",
	"iam:GetRolePolicy",
	"iam:GetRole",
	"iam:GetOpenIDConnectProvider",
	"iam:GetInstanceProfile",
	"iam:DetachRolePolicy",
	"iam:DeleteRolePolicy",
	"iam:DeleteRole",
	"iam:DeleteInstanceProfile",
	"iam:CreateRole",
	"iam:CreateInstanceProfile",
	"iam:AttachRolePolicy",
	"iam:AddRoleToInstanceProfile"
	],
	"Resource": [
	"arn:aws:iam::522681501109:role/*",
	"arn:aws:iam::522681501109:instance-profile/*"
	]
	},
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": [
	"iam:GetOpenIDConnectProvider",
	"iam:DeleteOpenIDConnectProvider",
	"iam:CreateOpenIDConnectProvider"
	],
	"Resource": "arn:aws:iam::522681501109:oidc-provider/*"
	},
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": [
	"iam:UpdateRole",
	"iam:UpdateAssumeRolePolicy",
	"iam:UntagRole",
	"iam:TagRole",
	"iam:RemoveRoleFromInstanceProfile",
	"iam:PutRolePolicy",
	"iam:PassRole",
	"iam:ListRole*",
	"iam:ListPolicy*",
	"iam:ListInstanceProfilesForRole",
	"iam:ListInstanceProfiles",
	"iam:ListEntitiesForPolicy",
	"iam:ListAttached*",
	"iam:GetRole*",
	"iam:GetPolicy*",
	"iam:GetInstanceProfile",
	"iam:GetAccountSummary",
	"iam:GetAccountAuthorizationDetails",
	"iam:GenerateServiceLastAccessedDetails",
	"iam:DetachRolePolicy",
	"iam:DeleteServiceLinkedRole",
	"iam:DeleteRole*",
	"iam:DeletePolicy*",
	"iam:DeleteInstanceProfile",
	"iam:CreateServiceLinkedRole",
	"iam:CreateRole*",
	"iam:CreatePolicy*",
	"iam:CreateInstanceProfile",
	"iam:AttachRolePolicy",
	"iam:AddRoleToInstanceProfile"
	],
	"Resource": "*"
	},
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": [
	"acm:ResendValidationEmail",
	"acm:RequestCertificate",
	"acm:RemoveTagsFromCertificate",
	"acm:ListTagsForCertificate",
	"acm:ListCertificates",
	"acm:ImportCertificate",
	"acm:GetCertificate",
	"acm:ExportCertificate",
	"acm:DescribeCertificate",
	"acm:DeleteCertificate",
	"acm:AddTagsToCertificate"
	],
	"Resource": "*"
	},
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": [
	"route53:ListResourceRecordSets",
	"route53:GetHostedZone",
	"route53:ChangeResourceRecordSets"
	],
	"Resource": "arn:aws:route53:::hostedzone/*"
	},
	{
	"Sid": "",
	"Effect": "Allow",
	"Action": [
	"route53:ListTagsForResource",
	"route53:ListHostedZonesByName",
	"route53:ListHostedZones",
	"route53:GetChange"
	],
	"Resource": "*"
	}
	]
	}
No results found