{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1503340968000", "Effect": "Allow", "Action": [ "ec2:AllocateAddress", "ec2:CreateInternetGateway", "ec2:CreateNatGateway", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", "ec2:AuthorizeSecurityGroupIngress", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSpotFleetInstances", "ec2:DescribeSpotFleetRequests", "ec2:DescribeSpotPriceHistory", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DeleteVpc", "ec2:ReleaseAddress", "ec2:DeleteInternetGateway", "ec2:DescribeAddresses", "ec2:RequestSpotFleet", "ec2:RevokeSecurityGroupIngress", "ec2:ModifyVpcAttribute", "ec2:DescribeRouteTables", "ec2:DeleteRouteTable", "ec2:DeleteSecurityGroup", "ec2:DeleteSubnet", "ec2:AttachInternetGateway", "ec2:AssociateRouteTable", "ec2:DeleteRoute", "ec2:DeleteNatGateway", "ec2:DetachInternetGateway", "ec2:DescribeNatGateways", "ec2:DisassociateRouteTable", "ec2:RunInstances", "ec2:ModifyInstanceAttribute", "ec2:TerminateInstances", "ec2:AssociateAddress", "ec2:DisassociateAddress", "ec2:GetConsoleOutput", "ec2:ModifySpotFleetRequest", "ec2:CancelSpotFleetRequests", "ec2:DescribeAvailabilityZones", "ec2:ImportKeyPair", "ec2:DescribeKeyPairs", "ec2:DescribeSpotFleetRequestHistory", "ec2:CreateVpcEndpoint", "ec2:DescribeVpcEndpoints", "ec2:DeleteVpcEndpoints" ], "Resource": [ "*" ] }, { "Sid": "Stmt1503341224000", "Effect": "Allow", "Action": [ "iam:CreateAccessKey", "iam:DeleteAccessKey", "iam:AttachRolePolicy", "iam:AttachUserPolicy", "iam:DetachRolePolicy", "iam:CreatePolicy", "iam:CreatePolicyVersion", "iam:CreateRole", "iam:DeleteRole", "iam:CreateUser", "iam:DeletePolicyVersion", "iam:GetPolicy", "iam:GetRole", "iam:GetRolePolicy", "iam:GetUser", "iam:ListEntitiesForPolicy", "iam:ListPolicyVersions", "iam:CreateInstanceProfile", "iam:GetInstanceProfile", "iam:AddRoleToInstanceProfile", "iam:RemoveRoleFromInstanceProfile", "iam:PutRolePolicy", "iam:DeleteRolePolicy", "iam:DeleteInstanceProfile", "iam:PassRole", "iam:ListAccessKeys", "iam:CreateServiceLinkedRole" ], "Resource": [ "*" ] }, { "Sid": "Stmt1503341437000", "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:DeleteBucket", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketVersioning", "s3:ListAllMyBuckets", "s3:PutBucketAcl", "s3:PutBucketCORS", "s3:PutBucketVersioning", "s3:GetBucketAcl", "s3:GetObject", "s3:PutBucketLogging", "s3:DeleteObject", "s3:PutObject", "s3:DeleteBucketPolicy", "s3:ListBucket", "s3:ListBucketVersions", "s3:DeleteObjectVersion", "s3:PutBucketPolicy", "s3:PutEncryptionConfiguration", "s3:PutLifecycleConfiguration", "s3:PutBucketTagging", "s3:DeleteBucketTagging" ], "Resource": [ "*" ] }, { "Sid": "Stmt1496243120000", "Effect": "Allow", "Action": [ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResources", "cloudformation:ListStacks", "cloudformation:EstimateTemplateCost", "cloudformation:ListStackResources", "cloudformation:CreateChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:ExecuteChangeSet", "cloudformation:UpdateTerminationProtection", "cloudformation:DeleteChangeSet" ], "Resource": [ "*" ] }, { "Sid": "Stmt1506545147000", "Effect": "Allow", "Action": [ "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:GetLogEvents", "logs:CreateLogGroup", "logs:PutRetentionPolicy", "logs:DeleteRetentionPolicy" ], "Resource": [ "*" ] }, { "Sid": "DynamoDBPermissions", "Effect": "Allow", "Action": [ "dynamodb:CreateTable", "dynamodb:DescribeTable", "dynamodb:DeleteTable", "dynamodb:TagResource", "dynamodb:UntagResource", "dynamodb:ListTagsOfResource", "dynamodb:BatchWriteItem", "dynamodb:Scan" ], "Resource": "*" }, { "Sid": "SQSPermissions", "Effect": "Allow", "Action": [ "sqs:CreateQueue", "sqs:GetQueueAttributes", "sqs:DeleteQueue", "sqs:GetQueueUrl", "sqs:ListQueueTags", "sqs:UntagQueue", "sqs:TagQueue" ], "Resource": "*" }, { "Sid": "LambdaPermissions", "Effect": "Allow", "Action": [ "lambda:GetFunction", "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:GetFunctionConfiguration", "lambda:CreateEventSourceMapping", "lambda:GetEventSourceMapping", "lambda:DeleteEventSourceMapping", "lambda:AddPermission" ], "Resource": "*" }, { "Sid": "EventPermissions", "Effect": "Allow", "Action": [ "events:PutRule", "events:DescribeRule", "events:RemoveTargets", "events:DeleteRule", "events:PutTargets" ], "Resource": "*" }, { "Sid": "AutoScalingPermissions", "Effect": "Allow", "Action": [ "application-autoscaling:DescribeScalableTargets", "application-autoscaling:RegisterScalableTarget", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:PutScalingPolicy", "application-autoscaling:DeleteScalingPolicy" ], "Resource": "*" }, { "Sid": "STSPermissions", "Effect": "Allow", "Action": [ "sts:GetCallerIdentity" ], "Resource": "*" }, { "Sid": "SecretsManagerPermissions", "Effect": "Allow", "Action": [ "secretsmanager:CreateSecret", "secretsmanager:DeleteSecret", "secretsmanager:UpdateSecret", "secretsmanager:DescribeSecret", "secretsmanager:TagResource" ], "Resource": [ "*" ] }, { "Sid": "KMSPermissions", "Effect": "Allow", "Action": [ "kms:CreateKey", "kms:DescribeKey", "kms:Encrypt", "kms:GenerateDataKey", "kms:EnableKeyRotation", "kms:ListKeys", "kms:ListKeyPolicies", "kms:ListResourceTags", "kms:PutKeyPolicy", "kms:UpdateKeyDescription", "kms:ScheduleKeyDeletion", "kms:TagResource" ], "Resource": [ "*" ] } ] }