diff --git a/moto/iam/aws_managed_policies.py b/moto/iam/aws_managed_policies.py index ef6475a51..66349b0f7 100644 --- a/moto/iam/aws_managed_policies.py +++ b/moto/iam/aws_managed_policies.py @@ -1,65212 +1,62359 @@ # Imported via `make aws_managed_policies` aws_managed_policies_data = """ { - "APIGatewayServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/APIGatewayServiceRolePolicy", - "AttachmentCount": 1, - "CreateDate": "2017-10-20T17:23:10+00:00", - "DefaultVersionId": "v9", - "Document": { - "Statement": [ - { - "Action": [ - "elasticloadbalancing:AddListenerCertificates", - "elasticloadbalancing:RemoveListenerCertificates", - "elasticloadbalancing:ModifyListener", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancers", - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - "xray:GetSamplingTargets", - "xray:GetSamplingRules", - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - "servicediscovery:DiscoverInstances" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "firehose:DescribeDeliveryStream", - "firehose:PutRecord", - "firehose:PutRecordBatch" - ], - "Effect": "Allow", - "Resource": "arn:aws:firehose:*:*:deliverystream/amazon-apigateway-*" - }, - { - "Action": [ - "acm:DescribeCertificate", - "acm:GetCertificate" - ], - "Effect": "Allow", - "Resource": "arn:aws:acm:*:*:certificate/*" - }, - { - "Action": "ec2:CreateNetworkInterfacePermission", - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:network-interface/*" - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": [ - "Owner", - "VpcLinkId" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:network-interface/*" - }, - { - "Action": [ - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:DeleteNetworkInterface", - "ec2:AssignPrivateIpAddresses", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterfacePermission", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeNetworkInterfaceAttribute", - "ec2:DescribeVpcs", - "ec2:DescribeNetworkInterfacePermissions", - "ec2:UnassignPrivateIpAddresses", - "ec2:DescribeSubnets", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "servicediscovery:GetNamespace", - "Effect": "Allow", - "Resource": "arn:aws:servicediscovery:*:*:namespace/*" - }, - { - "Action": "servicediscovery:GetService", - "Effect": "Allow", - "Resource": "arn:aws:servicediscovery:*:*:service/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJQQDZNLDBF2ULTWK6", - "PolicyName": "APIGatewayServiceRolePolicy", - "UpdateDate": "2021-07-12T22:24:40+00:00", - "VersionId": "v9" - }, - "AWSAccountActivityAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSAccountActivityAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:18+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "aws-portal:ViewBilling" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJQRYCWMFX5J3E333K", - "PolicyName": "AWSAccountActivityAccess", - "UpdateDate": "2015-02-06T18:41:18+00:00", - "VersionId": "v1" - }, - "AWSAccountManagementFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSAccountManagementFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-09-30T23:20:37+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "account:*", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NJRKI5OH5", - "PolicyName": "AWSAccountManagementFullAccess", - "UpdateDate": "2021-09-30T23:20:37+00:00", - "VersionId": "v1" - }, - "AWSAccountManagementReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSAccountManagementReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2021-09-30T23:29:53+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "account:Get*", - "account:List*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FJMX42HLT", - "PolicyName": "AWSAccountManagementReadOnlyAccess", - "UpdateDate": "2021-09-30T23:29:53+00:00", - "VersionId": "v1" - }, - "AWSAccountUsageReportAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSAccountUsageReportAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:19+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "aws-portal:ViewUsage" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJLIB4VSBVO47ZSBB6", - "PolicyName": "AWSAccountUsageReportAccess", - "UpdateDate": "2015-02-06T18:41:19+00:00", - "VersionId": "v1" - }, - "AWSAgentlessDiscoveryService": { - "Arn": "arn:aws:iam::aws:policy/AWSAgentlessDiscoveryService", - "AttachmentCount": 0, - "CreateDate": "2016-08-02T01:35:11+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "awsconnector:RegisterConnector", - "awsconnector:GetConnectorHealth" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:GetUser", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetObject", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::connector-platform-upgrade-info/*", - "arn:aws:s3:::connector-platform-upgrade-info", - "arn:aws:s3:::connector-platform-upgrade-bundles/*", - "arn:aws:s3:::connector-platform-upgrade-bundles", - "arn:aws:s3:::connector-platform-release-notes/*", - "arn:aws:s3:::connector-platform-release-notes", - "arn:aws:s3:::prod.agentless.discovery.connector.upgrade/*", - "arn:aws:s3:::prod.agentless.discovery.connector.upgrade" - ] - }, - { - "Action": [ - "s3:PutObject", - "s3:PutObjectAcl" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::import-to-ec2-connector-debug-logs/*" - ] - }, - { - "Action": [ - "SNS:Publish" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:metrics-sns-topic-for-*" - }, - { - "Action": [ - "Discovery:*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "Discovery" - }, - { - "Action": [ - "arsenal:RegisterOnPremisesAgent" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "arsenal" - }, - { - "Action": [ - "mgh:GetHomeRegion" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIA3DIL7BYQ35ISM4K", - "PolicyName": "AWSAgentlessDiscoveryService", - "UpdateDate": "2020-02-24T23:08:23+00:00", - "VersionId": "v2" - }, - "AWSAppMeshEnvoyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSAppMeshEnvoyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-07-03T21:29:37+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "appmesh:StreamAggregatedResources" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PMG6ZGSZZ", - "PolicyName": "AWSAppMeshEnvoyAccess", - "UpdateDate": "2019-07-03T21:29:37+00:00", - "VersionId": "v1" - }, - "AWSAppMeshFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSAppMeshFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-04-16T17:50:40+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "appmesh:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringLike": { - "iam:AWSServiceName": [ - "appmesh.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/appmesh.amazonaws.com/AWSServiceRoleForAppMesh" - }, - { - "Action": [ - "cloudformation:CreateStack", - "cloudformation:DeleteStack", - "cloudformation:DescribeStack*", - "cloudformation:UpdateStack" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudformation:*:*:stack/AWSAppMesh-GettingStarted-*" - }, - { - "Action": [ - "acm:ListCertificates", - "acm:DescribeCertificate", - "acm-pca:DescribeCertificateAuthority", - "acm-pca:ListCertificateAuthorities" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "servicediscovery:ListNamespaces", - "servicediscovery:ListServices", - "servicediscovery:ListInstances" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4ILVZ5BWFU", - "PolicyName": "AWSAppMeshFullAccess", - "UpdateDate": "2021-01-07T19:54:08+00:00", - "VersionId": "v6" - }, - "AWSAppMeshPreviewEnvoyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSAppMeshPreviewEnvoyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-08-05T23:32:39+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "appmesh-preview:StreamAggregatedResources" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NKURE3R2M", - "PolicyName": "AWSAppMeshPreviewEnvoyAccess", - "UpdateDate": "2019-08-05T23:32:39+00:00", - "VersionId": "v1" - }, - "AWSAppMeshPreviewServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAppMeshPreviewServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-06-19T19:07:00+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "servicediscovery:DiscoverInstances" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CloudMapServiceDiscovery" - }, - { - "Action": [ - "acm:DescribeCertificate" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ACMCertificateVerification" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FAQWKJYPJ", - "PolicyName": "AWSAppMeshPreviewServiceRolePolicy", - "UpdateDate": "2019-08-21T21:06:29+00:00", - "VersionId": "v3" - }, - "AWSAppMeshReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AWSAppMeshReadOnly", - "AttachmentCount": 0, - "CreateDate": "2019-04-16T17:51:11+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "appmesh:Describe*", - "appmesh:List*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudformation:DescribeStack*" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudformation:*:*:stack/AWSAppMesh-GettingStarted-*" - }, - { - "Action": [ - "acm:ListCertificates", - "acm:DescribeCertificate", - "acm-pca:DescribeCertificateAuthority", - "acm-pca:ListCertificateAuthorities" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "servicediscovery:ListNamespaces", - "servicediscovery:ListServices", - "servicediscovery:ListInstances" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4HOPFCIWXP", - "PolicyName": "AWSAppMeshReadOnly", - "UpdateDate": "2021-01-07T19:53:16+00:00", - "VersionId": "v5" - }, - "AWSAppMeshServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAppMeshServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-06-03T18:30:51+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "servicediscovery:DiscoverInstances" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CloudMapServiceDiscovery" - }, - { - "Action": [ - "acm:DescribeCertificate" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ACMCertificateVerification" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4B5IHMMEND", - "PolicyName": "AWSAppMeshServiceRolePolicy", - "UpdateDate": "2019-09-10T22:44:43+00:00", - "VersionId": "v2" - }, - "AWSAppRunnerFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSAppRunnerFullAccess", - "AttachmentCount": 0, - "CreateDate": "2022-01-11T04:02:09+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "apprunner.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/apprunner.amazonaws.com/AWSServiceRoleForAppRunner" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringLike": { - "iam:PassedToService": "apprunner.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "apprunner:*", - "Effect": "Allow", - "Resource": "*", - "Sid": "AppRunnerAdminAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CI7E7OMBX", - "PolicyName": "AWSAppRunnerFullAccess", - "UpdateDate": "2022-01-11T04:02:09+00:00", - "VersionId": "v1" - }, - "AWSAppRunnerReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSAppRunnerReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2022-02-24T21:24:15+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "apprunner:List*", - "apprunner:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PMYP6C5TR", - "PolicyName": "AWSAppRunnerReadOnlyAccess", - "UpdateDate": "2022-02-24T21:24:15+00:00", - "VersionId": "v1" - }, - "AWSAppRunnerServicePolicyForECRAccess": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSAppRunnerServicePolicyForECRAccess", - "AttachmentCount": 0, - "CreateDate": "2021-05-14T19:17:21+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage", - "ecr:DescribeImages", - "ecr:GetAuthorizationToken", - "ecr:BatchCheckLayerAvailability" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LYM3IT6IY", - "PolicyName": "AWSAppRunnerServicePolicyForECRAccess", - "UpdateDate": "2021-05-14T19:17:21+00:00", - "VersionId": "v1" - }, - "AWSAppSyncAdministrator": { - "Arn": "arn:aws:iam::aws:policy/AWSAppSyncAdministrator", - "AttachmentCount": 0, - "CreateDate": "2018-03-20T21:20:28+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "appsync:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "appsync.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "appsync.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:DeleteServiceLinkedRole", - "iam:GetServiceLinkedRoleDeletionStatus" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/appsync.amazonaws.com/AWSServiceRoleForAppSync*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJBYY36AJPXTTWIXCY", - "PolicyName": "AWSAppSyncAdministrator", - "UpdateDate": "2019-11-04T19:23:49+00:00", - "VersionId": "v2" - }, - "AWSAppSyncInvokeFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSAppSyncInvokeFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-03-20T21:21:20+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "appsync:GraphQL", - "appsync:GetGraphqlApi", - "appsync:ListGraphqlApis", - "appsync:ListApiKeys" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAILMPWRRZN27MPE3VM", - "PolicyName": "AWSAppSyncInvokeFullAccess", - "UpdateDate": "2018-03-20T21:21:20+00:00", - "VersionId": "v1" - }, - "AWSAppSyncPushToCloudWatchLogs": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs", - "AttachmentCount": 0, - "CreateDate": "2018-04-09T19:38:55+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIWN7WNO34HLMJPUQS", - "PolicyName": "AWSAppSyncPushToCloudWatchLogs", - "UpdateDate": "2018-04-09T19:38:55+00:00", - "VersionId": "v1" - }, - "AWSAppSyncSchemaAuthor": { - "Arn": "arn:aws:iam::aws:policy/AWSAppSyncSchemaAuthor", - "AttachmentCount": 0, - "CreateDate": "2018-03-20T21:21:06+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "appsync:GraphQL", - "appsync:CreateResolver", - "appsync:CreateType", - "appsync:DeleteResolver", - "appsync:DeleteType", - "appsync:GetResolver", - "appsync:GetType", - "appsync:GetDataSource", - "appsync:GetSchemaCreationStatus", - "appsync:GetIntrospectionSchema", - "appsync:GetGraphqlApi", - "appsync:ListTypes", - "appsync:ListApiKeys", - "appsync:ListResolvers", - "appsync:ListDataSources", - "appsync:ListGraphqlApis", - "appsync:StartSchemaCreation", - "appsync:UpdateResolver", - "appsync:UpdateType" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIUCF5WVTOFQXFKY5E", - "PolicyName": "AWSAppSyncSchemaAuthor", - "UpdateDate": "2018-03-20T21:21:06+00:00", - "VersionId": "v1" - }, - "AWSAppSyncServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAppSyncServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-01-21T19:56:53+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - "xray:GetSamplingTargets", - "xray:GetSamplingRules", - "xray:GetSamplingStatisticSummaries" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4IKBIQXBOO", - "PolicyName": "AWSAppSyncServiceRolePolicy", - "UpdateDate": "2020-01-21T19:56:53+00:00", - "VersionId": "v1" - }, - "AWSApplicationAutoScalingCustomResourcePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoScalingCustomResourcePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-06-04T23:22:44+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "execute-api:Invoke", - "cloudwatch:PutMetricAlarm", - "cloudwatch:DescribeAlarms", - "cloudwatch:DeleteAlarms" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJYTKXPX6DO32Z4XXA", - "PolicyName": "AWSApplicationAutoScalingCustomResourcePolicy", - "UpdateDate": "2018-06-04T23:22:44+00:00", - "VersionId": "v1" - }, - "AWSApplicationAutoscalingAppStreamFleetPolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingAppStreamFleetPolicy", - "AttachmentCount": 0, - "CreateDate": "2017-10-20T19:04:06+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "appstream:UpdateFleet", - "appstream:DescribeFleets", - "cloudwatch:PutMetricAlarm", - "cloudwatch:DescribeAlarms", - "cloudwatch:DeleteAlarms" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIRI724OWKP56ZG62M", - "PolicyName": "AWSApplicationAutoscalingAppStreamFleetPolicy", - "UpdateDate": "2017-10-20T19:04:06+00:00", - "VersionId": "v1" - }, - "AWSApplicationAutoscalingCassandraTablePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingCassandraTablePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-03-18T22:49:23+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "cassandra:Select", - "Effect": "Allow", - "Resource": [ - "arn:*:cassandra:*:*:/keyspace/system/table/*", - "arn:*:cassandra:*:*:/keyspace/system_schema/table/*", - "arn:*:cassandra:*:*:/keyspace/system_schema_mcs/table/*" - ] - }, - { - "Action": [ - "cassandra:Alter", - "cloudwatch:PutMetricAlarm", - "cloudwatch:DescribeAlarms", - "cloudwatch:DeleteAlarms" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4BOOOZAOTV", - "PolicyName": "AWSApplicationAutoscalingCassandraTablePolicy", - "UpdateDate": "2020-03-18T22:49:23+00:00", - "VersionId": "v1" - }, - "AWSApplicationAutoscalingComprehendEndpointPolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingComprehendEndpointPolicy", - "AttachmentCount": 0, - "CreateDate": "2019-11-14T18:39:07+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "comprehend:UpdateEndpoint", - "comprehend:DescribeEndpoint", - "cloudwatch:PutMetricAlarm", - "cloudwatch:DescribeAlarms", - "cloudwatch:DeleteAlarms" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4HD4ODS6K6", - "PolicyName": "AWSApplicationAutoscalingComprehendEndpointPolicy", - "UpdateDate": "2019-11-14T18:39:07+00:00", - "VersionId": "v1" - }, - "AWSApplicationAutoscalingDynamoDBTablePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingDynamoDBTablePolicy", - "AttachmentCount": 1, - "CreateDate": "2017-10-20T21:34:57+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "dynamodb:DescribeTable", - "dynamodb:UpdateTable", - "cloudwatch:PutMetricAlarm", - "cloudwatch:DescribeAlarms", - "cloudwatch:DeleteAlarms" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJOVQMDI3JFCBW4LFO", - "PolicyName": "AWSApplicationAutoscalingDynamoDBTablePolicy", - "UpdateDate": "2017-10-20T21:34:57+00:00", - "VersionId": "v1" - }, - "AWSApplicationAutoscalingEC2SpotFleetRequestPolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingEC2SpotFleetRequestPolicy", - "AttachmentCount": 0, - "CreateDate": "2017-10-25T18:23:27+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeSpotFleetRequests", - "ec2:ModifySpotFleetRequest", - "cloudwatch:PutMetricAlarm", - "cloudwatch:DescribeAlarms", - "cloudwatch:DeleteAlarms" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJNRH3VE3WW4Q4RDTU", - "PolicyName": "AWSApplicationAutoscalingEC2SpotFleetRequestPolicy", - "UpdateDate": "2017-10-25T18:23:27+00:00", - "VersionId": "v1" - }, - "AWSApplicationAutoscalingECSServicePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingECSServicePolicy", - "AttachmentCount": 0, - "CreateDate": "2017-10-25T23:53:08+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ecs:DescribeServices", - "ecs:UpdateService", - "cloudwatch:PutMetricAlarm", - "cloudwatch:DescribeAlarms", - "cloudwatch:DeleteAlarms" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJFXLLV7AKH5PSFOYG", - "PolicyName": "AWSApplicationAutoscalingECSServicePolicy", - "UpdateDate": "2017-10-25T23:53:08+00:00", - "VersionId": "v1" - }, - "AWSApplicationAutoscalingEMRInstanceGroupPolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingEMRInstanceGroupPolicy", - "AttachmentCount": 0, - "CreateDate": "2017-10-26T00:57:39+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "elasticmapreduce:ListInstanceGroups", - "elasticmapreduce:ModifyInstanceGroups", - "cloudwatch:PutMetricAlarm", - "cloudwatch:DescribeAlarms", - "cloudwatch:DeleteAlarms" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIQ6M5Z7LQY2YSG2JS", - "PolicyName": "AWSApplicationAutoscalingEMRInstanceGroupPolicy", - "UpdateDate": "2017-10-26T00:57:39+00:00", - "VersionId": "v1" - }, - "AWSApplicationAutoscalingElastiCacheRGPolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingElastiCacheRGPolicy", - "AttachmentCount": 0, - "CreateDate": "2021-08-17T23:41:42+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "elasticache:DescribeReplicationGroups", - "elasticache:ModifyReplicationGroupShardConfiguration", - "elasticache:IncreaseReplicaCount", - "elasticache:DecreaseReplicaCount", - "elasticache:DescribeCacheClusters", - "elasticache:DescribeCacheParameters", - "cloudwatch:DescribeAlarms" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "cloudwatch:PutMetricAlarm", - "cloudwatch:DeleteAlarms" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudwatch:*:*:alarm:TargetTracking*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4A7HPQJPZ7", - "PolicyName": "AWSApplicationAutoscalingElastiCacheRGPolicy", - "UpdateDate": "2021-08-17T23:41:42+00:00", - "VersionId": "v1" - }, - "AWSApplicationAutoscalingKafkaClusterPolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingKafkaClusterPolicy", - "AttachmentCount": 0, - "CreateDate": "2020-08-24T18:36:01+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "kafka:DescribeCluster", - "kafka:DescribeClusterOperation", - "kafka:UpdateBrokerStorage", - "cloudwatch:PutMetricAlarm", - "cloudwatch:DescribeAlarms", - "cloudwatch:DeleteAlarms" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FTCIZBJA2", - "PolicyName": "AWSApplicationAutoscalingKafkaClusterPolicy", - "UpdateDate": "2020-08-24T18:36:01+00:00", - "VersionId": "v1" - }, - "AWSApplicationAutoscalingLambdaConcurrencyPolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingLambdaConcurrencyPolicy", - "AttachmentCount": 0, - "CreateDate": "2019-10-21T20:04:17+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "lambda:PutProvisionedConcurrencyConfig", - "lambda:GetProvisionedConcurrencyConfig", - "lambda:DeleteProvisionedConcurrencyConfig", - "cloudwatch:PutMetricAlarm", - "cloudwatch:DescribeAlarms", - "cloudwatch:DeleteAlarms" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KIR2KPJCU", - "PolicyName": "AWSApplicationAutoscalingLambdaConcurrencyPolicy", - "UpdateDate": "2019-10-21T20:04:17+00:00", - "VersionId": "v1" - }, - "AWSApplicationAutoscalingNeptuneClusterPolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingNeptuneClusterPolicy", - "AttachmentCount": 0, - "CreateDate": "2021-09-02T21:14:55+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "rds:ListTagsForResource", - "rds:DescribeDBInstances", - "rds:DescribeDBClusters", - "rds:DescribeDBClusterParameters", - "cloudwatch:DescribeAlarms" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "rds:AddTagsToResource", - "Condition": { - "StringEquals": { - "rds:DatabaseEngine": "neptune" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:rds:*:*:db:autoscaled-reader*" - ] - }, - { - "Action": "rds:CreateDBInstance", - "Condition": { - "StringEquals": { - "rds:DatabaseEngine": "neptune" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:rds:*:*:db:autoscaled-reader*", - "arn:aws:rds:*:*:cluster:*" - ] - }, - { - "Action": [ - "rds:DeleteDBInstance" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:rds:*:*:db:autoscaled-reader*" - ] - }, - { - "Action": [ - "cloudwatch:PutMetricAlarm", - "cloudwatch:DeleteAlarms" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudwatch:*:*:alarm:TargetTracking*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LJVNMME6T", - "PolicyName": "AWSApplicationAutoscalingNeptuneClusterPolicy", - "UpdateDate": "2021-09-02T21:14:55+00:00", - "VersionId": "v1" - }, - "AWSApplicationAutoscalingRDSClusterPolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingRDSClusterPolicy", - "AttachmentCount": 0, - "CreateDate": "2017-10-17T17:46:56+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "rds:AddTagsToResource", - "rds:CreateDBInstance", - "rds:DeleteDBInstance", - "rds:DescribeDBClusters", - "rds:DescribeDBInstances", - "rds:ModifyDBCluster", - "cloudwatch:PutMetricAlarm", - "cloudwatch:DescribeAlarms", - "cloudwatch:DeleteAlarms" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": "rds.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ7XS52I27Q2JVKALU", - "PolicyName": "AWSApplicationAutoscalingRDSClusterPolicy", - "UpdateDate": "2018-08-07T19:14:24+00:00", - "VersionId": "v3" - }, - "AWSApplicationAutoscalingSageMakerEndpointPolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingSageMakerEndpointPolicy", - "AttachmentCount": 0, - "CreateDate": "2018-02-06T19:58:21+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "sagemaker:DescribeEndpoint", - "sagemaker:DescribeEndpointConfig", - "sagemaker:UpdateEndpointWeightsAndCapacities", - "cloudwatch:PutMetricAlarm", - "cloudwatch:DescribeAlarms", - "cloudwatch:DeleteAlarms" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI5DBEBNRZQ4SXYTAW", - "PolicyName": "AWSApplicationAutoscalingSageMakerEndpointPolicy", - "UpdateDate": "2018-02-06T19:58:21+00:00", - "VersionId": "v1" - }, - "AWSApplicationDiscoveryAgentAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSApplicationDiscoveryAgentAccess", - "AttachmentCount": 0, - "CreateDate": "2016-05-11T21:38:47+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "arsenal:RegisterOnPremisesAgent" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "mgh:GetHomeRegion" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAICZIOVAGC6JPF3WHC", - "PolicyName": "AWSApplicationDiscoveryAgentAccess", - "UpdateDate": "2020-02-24T22:26:45+00:00", - "VersionId": "v2" - }, - "AWSApplicationDiscoveryServiceFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSApplicationDiscoveryServiceFullAccess", - "AttachmentCount": 0, - "CreateDate": "2016-05-11T21:30:50+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "mgh:*", - "discovery:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "continuousexport.discovery.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*" - }, - { - "Action": [ - "iam:DeleteServiceLinkedRole", - "iam:GetServiceLinkedRoleDeletionStatus" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "migrationhub.amazonaws.com", - "dmsintegration.migrationhub.amazonaws.com", - "smsintegration.migrationhub.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJBNJEA6ZXM2SBOPDU", - "PolicyName": "AWSApplicationDiscoveryServiceFullAccess", - "UpdateDate": "2019-06-19T21:21:26+00:00", - "VersionId": "v4" - }, - "AWSApplicationMigrationAgentPolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSApplicationMigrationAgentPolicy", - "AttachmentCount": 0, - "CreateDate": "2021-04-07T07:00:21+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "mgn:SendAgentMetricsForMgn", - "mgn:SendAgentLogsForMgn", - "mgn:SendClientLogsForMgn" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "mgn:RegisterAgentForMgn", - "mgn:UpdateAgentSourcePropertiesForMgn", - "mgn:UpdateAgentReplicationInfoForMgn", - "mgn:UpdateAgentConversionInfoForMgn", - "mgn:GetAgentInstallationAssetsForMgn", - "mgn:GetAgentCommandForMgn", - "mgn:GetAgentConfirmedResumeInfoForMgn", - "mgn:GetAgentRuntimeConfigurationForMgn", - "mgn:UpdateAgentBacklogForMgn", - "mgn:GetAgentReplicationInfoForMgn" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "mgn:TagResource", - "Effect": "Allow", - "Resource": "arn:aws:mgn:*:*:source-server/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4D2GD5QYXR", - "PolicyName": "AWSApplicationMigrationAgentPolicy", - "UpdateDate": "2021-04-07T07:00:21+00:00", - "VersionId": "v1" - }, - "AWSApplicationMigrationConversionServerPolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSApplicationMigrationConversionServerPolicy", - "AttachmentCount": 0, - "CreateDate": "2021-04-07T06:48:58+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "mgn:SendClientMetricsForMgn", - "mgn:SendClientLogsForMgn", - "mgn:GetChannelCommandsForMgn", - "mgn:SendChannelCommandResultForMgn" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4OPUSQRTYL", - "PolicyName": "AWSApplicationMigrationConversionServerPolicy", - "UpdateDate": "2021-04-07T06:48:58+00:00", - "VersionId": "v1" - }, - "AWSApplicationMigrationEC2Access": { - "Arn": "arn:aws:iam::aws:policy/AWSApplicationMigrationEC2Access", - "AttachmentCount": 0, - "CreateDate": "2021-04-07T07:05:22+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": "ec2.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/service-role/AWSApplicationMigrationConversionServerRole" - ] - }, - { - "Action": [ - "ec2:DeleteSnapshot" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:snapshot/*" - }, - { - "Action": [ - "ec2:CreateLaunchTemplateVersion", - "ec2:ModifyLaunchTemplate", - "ec2:DeleteLaunchTemplateVersions" - ], - "Condition": { - "Null": { - "aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:launch-template/*" - }, - { - "Action": [ - "ec2:DeleteVolume" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": [ - "ec2:StartInstances", - "ec2:StopInstances", - "ec2:TerminateInstances", - "ec2:ModifyInstanceAttribute", - "ec2:GetConsoleOutput", - "ec2:GetConsoleScreenshot" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "ec2:RevokeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:AuthorizeSecurityGroupEgress" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:security-group/*" - }, - { - "Action": [ - "ec2:CreateVolume" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "aws:RequestTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": "ec2:CreateSecurityGroup", - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:vpc/*" - }, - { - "Action": [ - "ec2:CreateSecurityGroup" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "aws:RequestTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:security-group/*" - }, - { - "Action": [ - "ec2:CreateSnapshot" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "ec2:ResourceTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": [ - "ec2:CreateSnapshot" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "aws:RequestTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:snapshot/*" - }, - { - "Action": [ - "ec2:DetachVolume", - "ec2:AttachVolume" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "ec2:ResourceTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "ec2:AttachVolume" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "ec2:ResourceTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": [ - "ec2:DetachVolume" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": [ - "ec2:RunInstances" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "aws:RequestTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "ec2:RunInstances" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:image/*", - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:launch-template/*" - ] - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "StringEquals": { - "ec2:CreateAction": [ - "CreateSecurityGroup", - "CreateVolume", - "CreateSnapshot", - "RunInstances" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:snapshot/*", - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:ModifyVolume" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "ec2:ResourceTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:volume/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4OBKWG2D2O", - "PolicyName": "AWSApplicationMigrationEC2Access", - "UpdateDate": "2022-03-02T08:49:20+00:00", - "VersionId": "v2" - }, - "AWSApplicationMigrationFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSApplicationMigrationFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-04-07T06:56:05+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "mgn:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:ListAliases", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeKeyPairs", - "ec2:DescribeTags", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribePlacementGroups", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeImages", - "ec2:DescribeInstances", - "ec2:DescribeInstanceTypes", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeInstanceStatus", - "ec2:DescribeInstanceTypeOfferings", - "ec2:DescribeLaunchTemplateVersions", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSnapshots", - "ec2:DescribeSubnets", - "ec2:DescribeVolumes", - "ec2:GetEbsEncryptionByDefault", - "ec2:GetEbsDefaultKmsKeyId" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "license-manager:ListLicenseConfigurations", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "elasticloadbalancing:DescribeLoadBalancers", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:ListInstanceProfiles", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4HPQNMM2HL", - "PolicyName": "AWSApplicationMigrationFullAccess", - "UpdateDate": "2022-02-22T11:16:56+00:00", - "VersionId": "v2" - }, - "AWSApplicationMigrationMGHAccess": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSApplicationMigrationMGHAccess", - "AttachmentCount": 0, - "CreateDate": "2021-04-07T07:10:01+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "mgh:AssociateCreatedArtifact", - "mgh:CreateProgressUpdateStream", - "mgh:DisassociateCreatedArtifact", - "mgh:GetHomeRegion", - "mgh:ImportMigrationTask", - "mgh:NotifyMigrationTaskState", - "mgh:PutResourceAttributes" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KOE4CJMGD", - "PolicyName": "AWSApplicationMigrationMGHAccess", - "UpdateDate": "2021-04-07T07:10:01+00:00", - "VersionId": "v1" - }, - "AWSApplicationMigrationReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSApplicationMigrationReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2021-04-07T07:15:26+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "mgn:DescribeJobLogItems", - "mgn:DescribeJobs", - "mgn:DescribeSourceServers", - "mgn:DescribeReplicationConfigurationTemplates", - "mgn:GetLaunchConfiguration", - "mgn:DescribeVcenterClients", - "mgn:GetReplicationConfiguration" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeLaunchTemplateVersions", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4M2IUSVNLL", - "PolicyName": "AWSApplicationMigrationReadOnlyAccess", - "UpdateDate": "2021-11-08T12:54:08+00:00", - "VersionId": "v2" - }, - "AWSApplicationMigrationReplicationServerPolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSApplicationMigrationReplicationServerPolicy", - "AttachmentCount": 0, - "CreateDate": "2021-04-07T07:21:57+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "mgn:SendClientMetricsForMgn", - "mgn:SendClientLogsForMgn", - "mgn:GetChannelCommandsForMgn", - "mgn:SendChannelCommandResultForMgn", - "mgn:GetAgentSnapshotCreditsForMgn", - "mgn:DescribeReplicationServerAssociationsForMgn", - "mgn:DescribeSnapshotRequestsForMgn", - "mgn:BatchDeleteSnapshotRequestForMgn", - "mgn:NotifyAgentAuthenticationForMgn", - "mgn:BatchCreateVolumeSnapshotGroupForMgn", - "mgn:UpdateAgentReplicationProcessStateForMgn", - "mgn:NotifyAgentReplicationProgressForMgn", - "mgn:NotifyAgentConnectedForMgn", - "mgn:NotifyAgentDisconnectedForMgn" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeSnapshots" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateSnapshot" - ], - "Condition": { - "Null": { - "aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": [ - "ec2:CreateSnapshot" - ], - "Condition": { - "Null": { - "aws:RequestTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:snapshot/*" - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "ec2:CreateAction": "CreateSnapshot" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PXFWAA3SE", - "PolicyName": "AWSApplicationMigrationReplicationServerPolicy", - "UpdateDate": "2021-04-07T07:21:57+00:00", - "VersionId": "v1" - }, - "AWSApplicationMigrationServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationMigrationServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-04-07T06:43:20+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "mgn:ListTagsForResource", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "kms:ListRetirableGrants", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "mgh:AssociateCreatedArtifact", - "mgh:CreateProgressUpdateStream", - "mgh:DisassociateCreatedArtifact", - "mgh:GetHomeRegion", - "mgh:ImportMigrationTask", - "mgh:NotifyMigrationTaskState", - "mgh:PutResourceAttributes" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeImages", - "ec2:DescribeInstances", - "ec2:DescribeInstanceTypes", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeInstanceStatus", - "ec2:DescribeLaunchTemplateVersions", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSnapshots", - "ec2:DescribeSubnets", - "ec2:DescribeVolumes", - "ec2:GetEbsDefaultKmsKeyId", - "ec2:GetEbsEncryptionByDefault" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:RegisterImage", - "ec2:DeregisterImage" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DeleteSnapshot" - ], - "Condition": { - "Null": { - "aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:snapshot/*" - }, - { - "Action": [ - "ec2:CreateLaunchTemplateVersion", - "ec2:ModifyLaunchTemplate", - "ec2:DeleteLaunchTemplate", - "ec2:DeleteLaunchTemplateVersions" - ], - "Condition": { - "Null": { - "aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:launch-template/*" - }, - { - "Action": [ - "ec2:DeleteVolume" - ], - "Condition": { - "Null": { - "aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": [ - "ec2:StartInstances", - "ec2:StopInstances", - "ec2:TerminateInstances", - "ec2:ModifyInstanceAttribute", - "ec2:GetConsoleOutput", - "ec2:GetConsoleScreenshot" - ], - "Condition": { - "Null": { - "aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "ec2:RevokeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:AuthorizeSecurityGroupEgress" - ], - "Condition": { - "Null": { - "aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:security-group/*" - }, - { - "Action": [ - "ec2:CreateVolume" - ], - "Condition": { - "Null": { - "aws:RequestTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": [ - "ec2:CreateSecurityGroup" - ], - "Condition": { - "Null": { - "aws:RequestTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:security-group/*" - }, - { - "Action": [ - "ec2:CreateSecurityGroup" - ], - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:vpc/*" - }, - { - "Action": [ - "ec2:CreateLaunchTemplate" - ], - "Condition": { - "Null": { - "aws:RequestTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:launch-template/*" - }, - { - "Action": [ - "ec2:CreateSnapshot" - ], - "Condition": { - "Null": { - "ec2:ResourceTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": [ - "ec2:CreateSnapshot" - ], - "Condition": { - "Null": { - "aws:RequestTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:snapshot/*" - }, - { - "Action": [ - "ec2:DetachVolume", - "ec2:AttachVolume" - ], - "Condition": { - "Null": { - "ec2:ResourceTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "ec2:AttachVolume" - ], - "Condition": { - "Null": { - "ec2:ResourceTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": [ - "ec2:DetachVolume" - ], - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": [ - "ec2:RunInstances" - ], - "Condition": { - "Null": { - "aws:RequestTag/AWSApplicationMigrationServiceManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "ec2:RunInstances" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:image/*", - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:launch-template/*" - ] - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": "ec2.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/service-role/AWSApplicationMigrationReplicationServerRole", - "arn:aws:iam::*:role/service-role/AWSApplicationMigrationConversionServerRole" - ] - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "ec2:CreateAction": [ - "CreateLaunchTemplate", - "CreateSecurityGroup", - "CreateVolume", - "CreateSnapshot", - "RunInstances" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:launch-template/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:snapshot/*", - "arn:aws:ec2:*:*:instance/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LGJRHTEPG", - "PolicyName": "AWSApplicationMigrationServiceRolePolicy", - "UpdateDate": "2021-04-07T06:43:20+00:00", - "VersionId": "v1" - }, - "AWSApplicationMigrationVCenterClientPolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSApplicationMigrationVCenterClientPolicy", - "AttachmentCount": 0, - "CreateDate": "2021-11-08T12:53:08+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "mgn:CreateVcenterClientForMgn", - "mgn:DescribeVcenterClients" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "mgn:GetVcenterClientCommandsForMgn", - "mgn:SendVcenterClientCommandResultForMgn", - "mgn:SendVcenterClientLogsForMgn", - "mgn:SendVcenterClientMetricsForMgn", - "mgn:DeleteVcenterClient", - "mgn:TagResource", - "mgn:NotifyVcenterClientStartedForMgn" - ], - "Effect": "Allow", - "Resource": "arn:aws:mgn:*:*:vcenter-client/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4EZSWKZUGJ", - "PolicyName": "AWSApplicationMigrationVCenterClientPolicy", - "UpdateDate": "2021-11-08T12:53:08+00:00", - "VersionId": "v1" - }, - "AWSArtifactAccountSync": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSArtifactAccountSync", - "AttachmentCount": 0, - "CreateDate": "2018-04-10T23:04:33+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "organizations:ListAccounts", - "organizations:DescribeOrganization" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJMVPXRWZJZWDTYDNC", - "PolicyName": "AWSArtifactAccountSync", - "UpdateDate": "2018-04-10T23:04:33+00:00", - "VersionId": "v1" - }, - "AWSAuditManagerAdministratorAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSAuditManagerAdministratorAccess", - "AttachmentCount": 0, - "CreateDate": "2020-12-11T20:02:42+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "auditmanager:*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AuditManagerAccess" - }, - { - "Action": [ - "organizations:ListAccountsForParent", - "organizations:ListAccounts", - "organizations:DescribeOrganization", - "organizations:DescribeOrganizationalUnit", - "organizations:DescribeAccount", - "organizations:ListParents", - "organizations:ListChildren" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "OrganizationsAccess" - }, - { - "Action": [ - "organizations:RegisterDelegatedAdministrator", - "organizations:DeregisterDelegatedAdministrator", - "organizations:EnableAWSServiceAccess" - ], - "Condition": { - "StringLikeIfExists": { - "organizations:ServicePrincipal": [ - "auditmanager.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowOnlyAuditManagerIntegration" - }, - { - "Action": [ - "iam:GetUser", - "iam:ListUsers", - "iam:ListRoles" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "IAMAccess" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "auditmanager.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/auditmanager.amazonaws.com/AWSServiceRoleForAuditManager*", - "Sid": "IAMAccessCreateSLR" - }, - { - "Action": [ - "iam:DeleteServiceLinkedRole", - "iam:UpdateRoleDescription", - "iam:GetServiceLinkedRoleDeletionStatus" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/auditmanager.amazonaws.com/AWSServiceRoleForAuditManager*", - "Sid": "IAMAccessManageSLR" - }, - { - "Action": [ - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "S3Access" - }, - { - "Action": [ - "kms:DescribeKey", - "kms:ListKeys", - "kms:ListAliases" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "KmsAccess" - }, - { - "Action": [ - "kms:CreateGrant" - ], - "Condition": { - "Bool": { - "kms:GrantIsForAWSResource": "true" - }, - "StringLike": { - "kms:ViaService": "auditmanager.*.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "KmsCreateGrantAccess" - }, - { - "Action": [ - "sns:ListTopics" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "SNSAccess" - }, - { - "Action": [ - "events:PutRule" - ], - "Condition": { - "StringEquals": { - "events:detail-type": "Security Hub Findings - Imported", - "events:source": "aws.securityhub" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CreateEventsAccess" - }, - { - "Action": [ - "events:DeleteRule", - "events:DescribeRule", - "events:EnableRule", - "events:DisableRule", - "events:ListTargetsByRule", - "events:PutTargets", - "events:RemoveTargets" - ], - "Effect": "Allow", - "Resource": "arn:aws:events:*:*:rule/AuditManagerSecurityHubFindingsReceiver", - "Sid": "EventsAccess" - }, - { - "Action": [ - "tag:GetResources" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "TagAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4EBAFCQQJX", - "PolicyName": "AWSAuditManagerAdministratorAccess", - "UpdateDate": "2020-12-11T20:02:42+00:00", - "VersionId": "v1" - }, - "AWSAuditManagerServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAuditManagerServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-12-08T15:12:12+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "license-manager:ListLicenseConfigurations", - "license-manager:ListAssociationsForLicenseConfiguration", - "license-manager:ListUsageForLicenseConfiguration" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "LicenseManagerAccess" - }, - { - "Action": [ - "iam:GenerateCredentialReport", - "iam:GetAccountSummary", - "iam:ListPolicies", - "iam:GetAccountPasswordPolicy", - "iam:ListUsers", - "iam:ListUserPolicies", - "iam:ListRoles", - "iam:ListRolePolicies", - "iam:ListGroups", - "iam:ListGroupPolicies", - "iam:ListEntitiesForPolicy" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "IAMAccess" - }, - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeFlowLogs", - "ec2:DescribeVpcs", - "ec2:DescribeSecurityGroups", - "ec2:DescribeNetworkAcls", - "ec2:DescribeRouteTables", - "ec2:DescribeSnapshots", - "ec2:DescribeVpcEndpoints" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "EC2Access" - }, - { - "Action": [ - "cloudtrail:DescribeTrails" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CloudtrailAccess" - }, - { - "Action": [ - "config:DescribeDeliveryChannels", - "config:ListDiscoveredResources", - "config:DescribeConfigRules" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ConfigAccess" - }, - { - "Action": [ - "securityhub:DescribeStandards" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "SecurityHubAccess" - }, - { - "Action": [ - "kms:ListKeys", - "kms:DescribeKey", - "kms:ListGrants" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "KMSAccess" - }, - { - "Action": [ - "cloudwatch:DescribeAlarms" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CloudwatchAccess" - }, - { - "Action": [ - "s3:GetLifecycleConfiguration" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "S3Access" - }, - { - "Action": [ - "events:DescribeRule" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "EventBridgeAccess" - }, - { - "Action": [ - "waf:ListActivatedRulesInRuleGroup" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "WAFAccess" - }, - { - "Action": [ - "guardduty:ListDetectors" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "GuardDutyAccess" - }, - { - "Action": [ - "route53:GetQueryLoggingConfig" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "Route53Access" - }, - { - "Action": [ - "organizations:DescribePolicy" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "OrganizationsAccess" - }, - { - "Action": [ - "cognito-idp:DescribeUserPool" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CognitoAccess" - }, - { - "Action": [ - "elasticfilesystem:DescribeFileSystems" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "EFSAccess" - }, - { - "Action": [ - "events:PutRule" - ], - "Condition": { - "ForAllValues:StringEquals": { - "events:source": [ - "aws.securityhub" - ] - }, - "StringEquals": { - "events:detail-type": "Security Hub Findings - Imported" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CreateEventsAccess" - }, - { - "Action": [ - "events:DeleteRule", - "events:DescribeRule", - "events:EnableRule", - "events:DisableRule", - "events:ListTargetsByRule", - "events:PutTargets", - "events:RemoveTargets" - ], - "Effect": "Allow", - "Resource": "arn:aws:events:*:*:rule/AuditManagerSecurityHubFindingsReceiver", - "Sid": "EventsAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4C5N52UWST", - "PolicyName": "AWSAuditManagerServiceRolePolicy", - "UpdateDate": "2021-11-22T19:36:39+00:00", - "VersionId": "v2" - }, - "AWSAutoScalingPlansEC2AutoScalingPolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAutoScalingPlansEC2AutoScalingPolicy", - "AttachmentCount": 0, - "CreateDate": "2018-08-23T22:46:59+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:GetMetricData", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeScheduledActions", - "autoscaling:BatchPutScheduledUpdateGroupAction", - "autoscaling:BatchDeleteScheduledAction" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIXWLPZPD4RYBM3JSU", - "PolicyName": "AWSAutoScalingPlansEC2AutoScalingPolicy", - "UpdateDate": "2018-08-23T22:46:59+00:00", - "VersionId": "v1" - }, - "AWSBackupAuditAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSBackupAuditAccess", - "AttachmentCount": 0, - "CreateDate": "2021-08-24T01:02:23+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "backup:CreateFramework", - "backup:UpdateFramework", - "backup:ListFrameworks", - "backup:DescribeFramework", - "backup:DeleteFramework", - "backup:ListBackupPlans", - "backup:ListBackupVaults", - "backup:CreateReportPlan", - "backup:UpdateReportPlan", - "backup:ListReportPlans", - "backup:DescribeReportPlan", - "backup:DeleteReportPlan", - "backup:StartReportJob", - "backup:ListReportJobs", - "backup:DescribeReportJob" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "config:DescribeConfigurationRecorders", - "config:DescribeConfigurationRecorderStatus" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "config:DescribeComplianceByConfigRule", - "config:GetComplianceDetailsByConfigRule" - ], - "Effect": "Allow", - "Resource": "arn:aws:config:*:*:config-rule/*" - }, - { - "Action": [ - "s3:ListAllMyBuckets", - "s3:GetBucketLocation" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4C7QUTQXCL", - "PolicyName": "AWSBackupAuditAccess", - "UpdateDate": "2021-08-24T01:02:23+00:00", - "VersionId": "v1" - }, - "AWSBackupFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSBackupFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-11-18T22:21:52+00:00", - "DefaultVersionId": "v9", - "Document": { - "Statement": [ - { - "Action": "backup:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "backup-storage:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "rds:DescribeDBSnapshots", - "rds:ListTagsForResource", - "rds:DescribeDBInstances", - "rds:describeDBEngineVersions", - "rds:describeOptionGroups", - "rds:describeOrderableDBInstanceOptions", - "rds:describeDBSubnetGroups", - "rds:describeDBClusterSnapshots", - "rds:describeDBClusters", - "rds:describeDBParameterGroups", - "rds:DescribeDBClusterParameterGroups", - "rds:DescribeDBInstanceAutomatedBackups" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "rds:DeleteDBSnapshot", - "rds:DeleteDBClusterSnapshot" - ], - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "backup.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "dynamodb:ListBackups", - "dynamodb:ListTables" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "dynamodb:DeleteBackup" - ], - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "backup.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "elasticfilesystem:DescribeFilesystems" - ], - "Effect": "Allow", - "Resource": "arn:aws:elasticfilesystem:*:*:file-system/*" - }, - { - "Action": [ - "ec2:DescribeSnapshots", - "ec2:DescribeVolumes", - "ec2:describeAvailabilityZones", - "ec2:DescribeVpcs", - "ec2:DescribeAccountAttributes", - "ec2:DescribeSecurityGroups", - "ec2:DescribeImages", - "ec2:DescribeSubnets", - "ec2:DescribePlacementGroups", - "ec2:DescribeInstances", - "ec2:DescribeInstanceTypes" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DeleteSnapshot", - "ec2:DeregisterImage" - ], - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "backup.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "tag:GetTagKeys", - "tag:GetTagValues", - "tag:GetResources" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "storagegateway:DescribeCachediSCSIVolumes", - "storagegateway:DescribeStorediSCSIVolumes" - ], - "Effect": "Allow", - "Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*" - }, - { - "Action": [ - "storagegateway:ListGateways" - ], - "Effect": "Allow", - "Resource": "arn:aws:storagegateway:*:*:*" - }, - { - "Action": [ - "storagegateway:DescribeGatewayInformation", - "storagegateway:ListVolumes", - "storagegateway:ListLocalDisks" - ], - "Effect": "Allow", - "Resource": "arn:aws:storagegateway:*:*:gateway/*" - }, - { - "Action": [ - "iam:ListRoles", - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringLike": { - "iam:PassedToService": "backup.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/*AwsBackup*", - "arn:aws:iam::*:role/*AWSBackup*" - ] - }, - { - "Action": "organizations:DescribeOrganization", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:ListKeys", - "kms:DescribeKey", - "kms:GenerateDataKey", - "kms:ListAliases" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:CreateGrant" - ], - "Condition": { - "Bool": { - "kms:GrantIsForAWSResource": true - }, - "ForAnyValue:StringEquals": { - "kms:EncryptionContextKeys": "aws:backup:backup-vault" - }, - "StringLike": { - "kms:ViaService": "backup.*.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ssm:CancelCommand", - "ssm:GetCommandInvocation" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ssm:SendCommand", - "Effect": "Allow", - "Resource": [ - "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot", - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": "fsx:DescribeFileSystems", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "fsx:DescribeBackups", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "fsx:DeleteBackup", - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "backup.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:fsx:*:*:backup/*" - }, - { - "Action": "ds:DescribeDirectories", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "backup.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "backup-gateway:AssociateGatewayToServer", - "backup-gateway:CreateGateway", - "backup-gateway:DeleteGateway", - "backup-gateway:DeleteHypervisor", - "backup-gateway:DisassociateGatewayFromServer", - "backup-gateway:ImportHypervisorConfiguration", - "backup-gateway:ListGateways", - "backup-gateway:ListHypervisors", - "backup-gateway:ListTagsForResource", - "backup-gateway:ListVirtualMachines", - "backup-gateway:PutMaintenanceStartTime", - "backup-gateway:TagResource", - "backup-gateway:TestHypervisorConfiguration", - "backup-gateway:UntagResource", - "backup-gateway:UpdateGatewayInformation", - "backup-gateway:UpdateHypervisor" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LL52EIPJX", - "PolicyName": "AWSBackupFullAccess", - "UpdateDate": "2021-11-23T22:00:22+00:00", - "VersionId": "v9" - }, - "AWSBackupOperatorAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSBackupOperatorAccess", - "AttachmentCount": 0, - "CreateDate": "2019-11-18T22:23:17+00:00", - "DefaultVersionId": "v8", - "Document": { - "Statement": [ - { - "Action": [ - "backup:Get*", - "backup:List*", - "backup:Describe*", - "backup:CreateBackupSelection", - "backup:DeleteBackupSelection", - "backup:StartBackupJob", - "backup:StartRestoreJob", - "backup:StartCopyJob" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "rds:DescribeDBSnapshots", - "rds:ListTagsForResource", - "rds:DescribeDBInstances", - "rds:describeDBEngineVersions", - "rds:describeOptionGroups", - "rds:describeOrderableDBInstanceOptions", - "rds:describeDBSubnetGroups", - "rds:DescribeDBClusterSnapshots", - "rds:DescribeDBClusters", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBClusterParameterGroups", - "rds:DescribeDBInstanceAutomatedBackups" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "dynamodb:ListBackups", - "dynamodb:ListTables" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "elasticfilesystem:DescribeFilesystems" - ], - "Effect": "Allow", - "Resource": "arn:aws:elasticfilesystem:*:*:file-system/*" - }, - { - "Action": [ - "ec2:DescribeSnapshots", - "ec2:DescribeVolumes", - "ec2:describeAvailabilityZones", - "ec2:DescribeVpcs", - "ec2:DescribeAccountAttributes", - "ec2:DescribeSecurityGroups", - "ec2:DescribeImages", - "ec2:DescribeSubnets", - "ec2:DescribePlacementGroups", - "ec2:DescribeInstances", - "ec2:DescribeInstanceTypes" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "tag:GetTagKeys", - "tag:GetTagValues", - "tag:GetResources" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "storagegateway:DescribeCachediSCSIVolumes", - "storagegateway:DescribeStorediSCSIVolumes" - ], - "Effect": "Allow", - "Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*" - }, - { - "Action": [ - "storagegateway:ListGateways" - ], - "Effect": "Allow", - "Resource": "arn:aws:storagegateway:*:*:*" - }, - { - "Action": [ - "storagegateway:DescribeGatewayInformation", - "storagegateway:ListVolumes", - "storagegateway:ListLocalDisks" - ], - "Effect": "Allow", - "Resource": "arn:aws:storagegateway:*:*:gateway/*" - }, - { - "Action": [ - "iam:ListRoles", - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringLike": { - "iam:PassedToService": "backup.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/*AwsBackup*", - "arn:aws:iam::*:role/*AWSBackup*" - ] - }, - { - "Action": "organizations:DescribeOrganization", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ssm:CancelCommand", - "ssm:GetCommandInvocation" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ssm:SendCommand", - "Effect": "Allow", - "Resource": [ - "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot", - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": "fsx:DescribeBackups", - "Effect": "Allow", - "Resource": "arn:aws:fsx:*:*:backup/*" - }, - { - "Action": "fsx:DescribeFileSystems", - "Effect": "Allow", - "Resource": "arn:aws:fsx:*:*:file-system/*" - }, - { - "Action": "ds:DescribeDirectories", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "backup-gateway:ListGateways", - "backup-gateway:ListHypervisors", - "backup-gateway:ListTagsForResource", - "backup-gateway:ListVirtualMachines" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KHXVYMY4O", - "PolicyName": "AWSBackupOperatorAccess", - "UpdateDate": "2021-11-23T22:00:28+00:00", - "VersionId": "v8" - }, - "AWSBackupOrganizationAdminAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSBackupOrganizationAdminAccess", - "AttachmentCount": 0, - "CreateDate": "2020-06-24T16:23:14+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "organizations:DisableAWSServiceAccess", - "organizations:EnableAWSServiceAccess" - ], - "Condition": { - "StringEquals": { - "organizations:ServicePrincipal": [ - "backup.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "organizations:AttachPolicy", - "organizations:ListPoliciesForTarget", - "organizations:ListTargetsForPolicy", - "organizations:DetachPolicy", - "organizations:DisablePolicyType", - "organizations:DescribePolicy", - "organizations:DescribeEffectivePolicy", - "organizations:ListPolicies", - "organizations:EnablePolicyType", - "organizations:CreatePolicy", - "organizations:UpdatePolicy", - "organizations:DeletePolicy" - ], - "Condition": { - "StringLikeIfExists": { - "organizations:PolicyType": [ - "BACKUP_POLICY" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "organizations:ListRoots", - "organizations:ListParents", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:ListAccountsForParent", - "organizations:ListAccounts", - "organizations:DescribeOrganization", - "organizations:ListOrganizationalUnitsForParent", - "organizations:ListChildren", - "organizations:DescribeAccount", - "organizations:DescribeOrganizationalUnit" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4E5BC3XLFS", - "PolicyName": "AWSBackupOrganizationAdminAccess", - "UpdateDate": "2020-11-24T22:09:43+00:00", - "VersionId": "v2" - }, - "AWSBackupServiceLinkedRolePolicyForBackup": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackup", - "AttachmentCount": 0, - "CreateDate": "2020-06-02T23:08:40+00:00", - "DefaultVersionId": "v8", - "Document": { - "Statement": [ - { - "Action": [ - "elasticfilesystem:Backup", - "elasticfilesystem:DescribeTags" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/aws:elasticfilesystem:default-backup": "enabled" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:elasticfilesystem:*:*:file-system/*" - }, - { - "Action": [ - "tag:GetResources", - "elasticfilesystem:DescribeFileSystems", - "dynamodb:ListTables", - "storagegateway:ListVolumes", - "ec2:DescribeVolumes", - "ec2:DescribeInstances", - "rds:DescribeDBInstances", - "rds:DescribeDBClusters", - "fsx:DescribeFileSystems", - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "ec2:CreateAction": "CopySnapshot" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*::snapshot/*" - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": [ - "AWSBackupManagedResource" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*::image/*", - "arn:aws:ec2:*::snapshot/*" - ] - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "Null": { - "ec2:ResourceTag/AWSBackupManagedResource": "false" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*::image/*", - "arn:aws:ec2:*::snapshot/*" - ] - }, - { - "Action": [ - "ec2:DescribeSnapshots", - "ec2:DescribeImages", - "rds:DescribeDBSnapshots", - "rds:DescribeDBClusterSnapshots" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:CopySnapshot", - "Effect": "Allow", - "Resource": "arn:aws:ec2:*::snapshot/*" - }, - { - "Action": "ec2:CopyImage", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DeregisterImage", - "ec2:DeleteSnapshot" - ], - "Condition": { - "Null": { - "ec2:ResourceTag/AWSBackupManagedResource": "false" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "rds:AddTagsToResource", - "rds:CopyDBSnapshot", - "rds:DeleteDBSnapshot" - ], - "Effect": "Allow", - "Resource": "arn:aws:rds:*:*:snapshot:awsbackup:*" - }, - { - "Action": [ - "rds:AddTagsToResource", - "rds:CopyDBClusterSnapshot", - "rds:DeleteDBClusterSnapshot" - ], - "Effect": "Allow", - "Resource": "arn:aws:rds:*:*:cluster-snapshot:awsbackup:*" - }, - { - "Action": "kms:DescribeKey", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:ListGrants", - "kms:ReEncryptFrom", - "kms:GenerateDataKeyWithoutPlaintext" - ], - "Condition": { - "StringLike": { - "kms:ViaService": [ - "ec2.*.amazonaws.com", - "rds.*.amazonaws.com", - "fsx.*.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "kms:CreateGrant", - "Condition": { - "Bool": { - "kms:GrantIsForAWSResource": "true" - }, - "StringLike": { - "kms:ViaService": [ - "ec2.*.amazonaws.com", - "rds.*.amazonaws.com", - "fsx.*.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "fsx:CopyBackup", - "fsx:TagResource", - "fsx:DescribeBackups", - "fsx:DeleteBackup" - ], - "Effect": "Allow", - "Resource": "arn:aws:fsx:*:*:backup/*" - }, - { - "Action": "dynamodb:DeleteBackup", - "Effect": "Allow", - "Resource": "arn:aws:dynamodb:*:*:table/*/backup/*" - }, - { - "Action": [ - "backup-gateway:ListVirtualMachines" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "BackupGateway" - }, - { - "Action": [ - "backup-gateway:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": "arn:aws:backup-gateway:*:*:vm/*", - "Sid": "ListTagsForBackupGateway" - }, - { - "Action": [ - "dynamodb:ListTagsOfResource", - "dynamodb:DescribeTable" - ], - "Effect": "Allow", - "Resource": "arn:aws:dynamodb:*:*:table/*" - }, - { - "Action": [ - "storagegateway:DescribeCachediSCSIVolumes", - "storagegateway:DescribeStorediSCSIVolumes" - ], - "Effect": "Allow", - "Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4ONJBD4ZY2", - "PolicyName": "AWSBackupServiceLinkedRolePolicyForBackup", - "UpdateDate": "2022-02-18T17:38:21+00:00", - "VersionId": "v8" - }, - "AWSBackupServiceLinkedRolePolicyForBackupTest": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackupTest", - "AttachmentCount": 0, - "CreateDate": "2020-05-12T17:37:29+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "elasticfilesystem:Backup", - "elasticfilesystem:DescribeTags" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/aws:elasticfilesystem:default-backup": "enabled" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:elasticfilesystem:*:*:file-system/*" - }, - { - "Action": [ - "tag:GetResources" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KMHRZD5LV", - "PolicyName": "AWSBackupServiceLinkedRolePolicyForBackupTest", - "UpdateDate": "2020-05-12T17:37:29+00:00", - "VersionId": "v1" - }, - "AWSBackupServiceRolePolicyForBackup": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup", - "AttachmentCount": 0, - "CreateDate": "2019-01-10T21:01:28+00:00", - "DefaultVersionId": "v11", - "Document": { - "Statement": [ - { - "Action": [ - "dynamodb:DescribeTable", - "dynamodb:CreateBackup" - ], - "Effect": "Allow", - "Resource": "arn:aws:dynamodb:*:*:table/*" - }, - { - "Action": [ - "dynamodb:DescribeBackup", - "dynamodb:DeleteBackup" - ], - "Effect": "Allow", - "Resource": "arn:aws:dynamodb:*:*:table/*/backup/*" - }, - { - "Action": [ - "rds:AddTagsToResource", - "rds:ListTagsForResource", - "rds:DescribeDBSnapshots", - "rds:CreateDBSnapshot", - "rds:CopyDBSnapshot", - "rds:DescribeDBInstances", - "rds:CreateDBClusterSnapshot", - "rds:DescribeDBClusters", - "rds:DescribeDBClusterSnapshots", - "rds:CopyDBClusterSnapshot" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "rds:ModifyDBInstance" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:rds:*:*:db:*" - ] - }, - { - "Action": [ - "rds:DeleteDBSnapshot", - "rds:ModifyDBSnapshotAttribute" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:rds:*:*:snapshot:awsbackup:*" - ] - }, - { - "Action": [ - "rds:DeleteDBClusterSnapshot", - "rds:ModifyDBClusterSnapshotAttribute" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:rds:*:*:cluster-snapshot:awsbackup:*" - ] - }, - { - "Action": [ - "storagegateway:CreateSnapshot", - "storagegateway:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*" - }, - { - "Action": [ - "ec2:CopySnapshot" - ], - "Effect": "Allow", - "Resource": "arn:aws:ec2:*::snapshot/*" - }, - { - "Action": [ - "ec2:CopyImage" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteSnapshot" - ], - "Effect": "Allow", - "Resource": "arn:aws:ec2:*::snapshot/*" - }, - { - "Action": [ - "ec2:CreateImage", - "ec2:DeregisterImage" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:image/*" - }, - { - "Action": [ - "ec2:DescribeSnapshots", - "ec2:DescribeTags", - "ec2:DescribeImages", - "ec2:DescribeInstances", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeInstanceCreditSpecifications", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeElasticGpus", - "ec2:DescribeSpotInstanceRequests" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:ModifySnapshotAttribute", - "ec2:ModifyImageAttribute" - ], - "Condition": { - "Null": { - "aws:ResourceTag/aws:backup:source-resource": "false" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "backup:DescribeBackupVault", - "backup:CopyIntoBackupVault" - ], - "Effect": "Allow", - "Resource": "arn:aws:backup:*:*:backup-vault:*" - }, - { - "Action": [ - "backup:CopyFromBackupVault" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "elasticfilesystem:Backup", - "elasticfilesystem:DescribeTags" - ], - "Effect": "Allow", - "Resource": "arn:aws:elasticfilesystem:*:*:file-system/*" - }, - { - "Action": [ - "ec2:CreateSnapshot", - "ec2:DeleteSnapshot", - "ec2:DescribeVolumes", - "ec2:DescribeSnapshots" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*::snapshot/*", - "arn:aws:ec2:*:*:volume/*" - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:GenerateDataKey" - ], - "Condition": { - "StringLike": { - "kms:ViaService": [ - "dynamodb.*.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "kms:DescribeKey", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "kms:CreateGrant", - "Condition": { - "Bool": { - "kms:GrantIsForAWSResource": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:GenerateDataKeyWithoutPlaintext" - ], - "Condition": { - "StringLike": { - "kms:ViaService": [ - "ec2.*.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:kms:*:*:key/*" - }, - { - "Action": [ - "tag:GetResources" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ssm:CancelCommand", - "ssm:GetCommandInvocation" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ssm:SendCommand", - "Effect": "Allow", - "Resource": [ - "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot", - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": "fsx:DescribeBackups", - "Effect": "Allow", - "Resource": "arn:aws:fsx:*:*:backup/*" - }, - { - "Action": "fsx:CreateBackup", - "Effect": "Allow", - "Resource": [ - "arn:aws:fsx:*:*:file-system/*", - "arn:aws:fsx:*:*:backup/*" - ] - }, - { - "Action": "fsx:DescribeFileSystems", - "Effect": "Allow", - "Resource": "arn:aws:fsx:*:*:file-system/*" - }, - { - "Action": "fsx:ListTagsForResource", - "Effect": "Allow", - "Resource": "arn:aws:fsx:*:*:file-system/*" - }, - { - "Action": "fsx:DeleteBackup", - "Effect": "Allow", - "Resource": "arn:aws:fsx:*:*:backup/*" - }, - { - "Action": [ - "fsx:ListTagsForResource", - "fsx:ManageBackupPrincipalAssociations", - "fsx:CopyBackup", - "fsx:TagResource" - ], - "Effect": "Allow", - "Resource": "arn:aws:fsx:*:*:backup/*" - }, - { - "Action": [ - "dynamodb:StartAwsBackupJob", - "dynamodb:ListTagsOfResource" - ], - "Effect": "Allow", - "Resource": "arn:aws:dynamodb:*:*:table/*", - "Sid": "DynamodbBackupPermissions" - }, - { - "Action": [ - "backup-gateway:Backup", - "backup-gateway:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": "arn:aws:backup-gateway:*:*:vm/*", - "Sid": "BackupGatewayBackupPermissions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIOOYZSLZZXWFJJ5N2", - "PolicyName": "AWSBackupServiceRolePolicyForBackup", - "UpdateDate": "2021-11-23T22:00:34+00:00", - "VersionId": "v11" - }, - "AWSBackupServiceRolePolicyForRestores": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForRestores", - "AttachmentCount": 0, - "CreateDate": "2019-01-12T00:23:54+00:00", - "DefaultVersionId": "v10", - "Document": { - "Statement": [ - { - "Action": [ - "dynamodb:Scan", - "dynamodb:Query", - "dynamodb:UpdateItem", - "dynamodb:PutItem", - "dynamodb:GetItem", - "dynamodb:DeleteItem", - "dynamodb:BatchWriteItem", - "dynamodb:DescribeTable" - ], - "Effect": "Allow", - "Resource": "arn:aws:dynamodb:*:*:table/*" - }, - { - "Action": [ - "dynamodb:RestoreTableFromBackup" - ], - "Effect": "Allow", - "Resource": "arn:aws:dynamodb:*:*:table/*/backup/*" - }, - { - "Action": [ - "ec2:CreateVolume", - "ec2:DeleteVolume" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*::snapshot/*", - "arn:aws:ec2:*:*:volume/*" - ] - }, - { - "Action": [ - "ec2:DescribeImages", - "ec2:DescribeInstances", - "ec2:DescribeSnapshots", - "ec2:DescribeVolumes" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "storagegateway:DeleteVolume", - "storagegateway:DescribeCachediSCSIVolumes", - "storagegateway:DescribeStorediSCSIVolumes" - ], - "Effect": "Allow", - "Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*" - }, - { - "Action": [ - "storagegateway:DescribeGatewayInformation", - "storagegateway:CreateStorediSCSIVolume", - "storagegateway:CreateCachediSCSIVolume" - ], - "Effect": "Allow", - "Resource": "arn:aws:storagegateway:*:*:gateway/*" - }, - { - "Action": [ - "storagegateway:ListVolumes" - ], - "Effect": "Allow", - "Resource": "arn:aws:storagegateway:*:*:*" - }, - { - "Action": [ - "rds:DescribeDBInstances", - "rds:DescribeDBSnapshots", - "rds:ListTagsForResource", - "rds:RestoreDBInstanceFromDBSnapshot", - "rds:DeleteDBInstance", - "rds:AddTagsToResource", - "rds:DescribeDBClusters", - "rds:RestoreDBClusterFromSnapshot", - "rds:DeleteDBCluster", - "rds:RestoreDBInstanceToPointInTime" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "elasticfilesystem:Restore", - "elasticfilesystem:CreateFilesystem", - "elasticfilesystem:DescribeFilesystems", - "elasticfilesystem:DeleteFilesystem" - ], - "Effect": "Allow", - "Resource": "arn:aws:elasticfilesystem:*:*:file-system/*" - }, - { - "Action": "kms:DescribeKey", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:Decrypt", - "kms:Encrypt", - "kms:GenerateDataKey", - "kms:ReEncryptTo", - "kms:ReEncryptFrom" - ], - "Condition": { - "StringLike": { - "kms:ViaService": [ - "dynamodb.*.amazonaws.com", - "ec2.*.amazonaws.com", - "elasticfilesystem.*.amazonaws.com", - "rds.*.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "kms:CreateGrant", - "Condition": { - "Bool": { - "kms:GrantIsForAWSResource": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:RunInstances" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:TerminateInstances" - ], - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "fsx:CreateFileSystemFromBackup" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:fsx:*:*:file-system/*", - "arn:aws:fsx:*:*:backup/*" - ] - }, - { - "Action": [ - "fsx:DescribeFileSystems", - "fsx:TagResource" - ], - "Effect": "Allow", - "Resource": "arn:aws:fsx:*:*:file-system/*" - }, - { - "Action": "fsx:DescribeBackups", - "Effect": "Allow", - "Resource": "arn:aws:fsx:*:*:backup/*" - }, - { - "Action": [ - "fsx:DeleteFileSystem", - "fsx:UntagResource" - ], - "Condition": { - "Null": { - "aws:ResourceTag/aws:backup:source-resource": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:fsx:*:*:file-system/*" - }, - { - "Action": "ds:DescribeDirectories", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "dynamodb:RestoreTableFromAwsBackup" - ], - "Effect": "Allow", - "Resource": "arn:aws:dynamodb:*:*:table/*", - "Sid": "DynamoDBRestorePermissions" - }, - { - "Action": [ - "backup-gateway:Restore" - ], - "Effect": "Allow", - "Resource": "arn:aws:backup-gateway:*:*:hypervisor/*", - "Sid": "GatewayRestorePermissions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJZCCL6F2WPVOUXZKI", - "PolicyName": "AWSBackupServiceRolePolicyForRestores", - "UpdateDate": "2021-11-23T22:00:41+00:00", - "VersionId": "v10" - }, - "AWSBackupServiceRolePolicyForS3Backup": { - "Arn": "arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForS3Backup", - "AttachmentCount": 0, - "CreateDate": "2022-02-18T17:40:24+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": "cloudwatch:GetMetricData", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "events:DeleteRule", - "events:PutTargets", - "events:DescribeRule", - "events:EnableRule", - "events:PutRule", - "events:RemoveTargets", - "events:ListTargetsByRule", - "events:DisableRule" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:events:*:*:rule/AwsBackupManagedRule*" - ] - }, - { - "Action": "events:ListRules", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey" - ], - "Condition": { - "StringLike": { - "kms:ViaService": "s3.*.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetBucketTagging", - "s3:GetInventoryConfiguration", - "s3:ListBucketVersions", - "s3:ListBucket", - "s3:GetBucketVersioning", - "s3:GetBucketLocation", - "s3:PutInventoryConfiguration", - "s3:GetBucketNotification", - "s3:PutBucketNotification" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*" - }, - { - "Action": [ - "s3:GetObjectAcl", - "s3:GetObject", - "s3:GetObjectVersionTagging", - "s3:GetObjectVersionAcl", - "s3:GetObjectTagging", - "s3:GetObjectVersion" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*/*" - }, - { - "Action": "s3:ListAllMyBuckets", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CGZAHUZ2D", - "PolicyName": "AWSBackupServiceRolePolicyForS3Backup", - "UpdateDate": "2022-02-26T00:01:09+00:00", - "VersionId": "v2" - }, - "AWSBackupServiceRolePolicyForS3Restore": { - "Arn": "arn:aws:iam::aws:policy/AWSBackupServiceRolePolicyForS3Restore", - "AttachmentCount": 0, - "CreateDate": "2022-02-18T17:39:37+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "s3:CreateBucket", - "s3:ListBucketVersions", - "s3:ListBucket", - "s3:GetBucketVersioning", - "s3:GetBucketLocation", - "s3:PutBucketVersioning" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*" - ] - }, - { - "Action": [ - "s3:GetObject", - "s3:GetObjectVersion", - "s3:DeleteObject", - "s3:PutObjectVersionAcl", - "s3:GetObjectVersionAcl", - "s3:GetObjectTagging", - "s3:PutObjectTagging", - "s3:GetObjectAcl", - "s3:PutObjectAcl", - "s3:ListMultipartUploadParts", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*/*" - ] - }, - { - "Action": [ - "kms:DescribeKey", - "kms:GenerateDataKey" - ], - "Condition": { - "StringLike": { - "kms:ViaService": "s3.*.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KPHGRYXGS", - "PolicyName": "AWSBackupServiceRolePolicyForS3Restore", - "UpdateDate": "2022-02-18T17:39:37+00:00", - "VersionId": "v1" - }, - "AWSBatchFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSBatchFullAccess", - "AttachmentCount": 0, - "CreateDate": "2016-12-06T19:35:42+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "batch:*", - "cloudwatch:GetMetricStatistics", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", - "ec2:DescribeKeyPairs", - "ec2:DescribeVpcs", - "ec2:DescribeImages", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeLaunchTemplateVersions", - "ecs:DescribeClusters", - "ecs:Describe*", - "ecs:List*", - "logs:Describe*", - "logs:Get*", - "logs:TestMetricFilter", - "logs:FilterLogEvents", - "iam:ListInstanceProfiles", - "iam:ListRoles" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/AWSBatchServiceRole", - "arn:aws:iam::*:role/service-role/AWSBatchServiceRole", - "arn:aws:iam::*:role/ecsInstanceRole", - "arn:aws:iam::*:instance-profile/ecsInstanceRole", - "arn:aws:iam::*:role/iaws-ec2-spot-fleet-role", - "arn:aws:iam::*:role/aws-ec2-spot-fleet-role", - "arn:aws:iam::*:role/AWSBatchJobRole*" - ] - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "batch.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/*Batch*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ7K2KIWB3HZVK3CUO", - "PolicyName": "AWSBatchFullAccess", - "UpdateDate": "2021-03-10T07:02:45+00:00", - "VersionId": "v6" - }, - "AWSBatchServiceEventTargetRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSBatchServiceEventTargetRole", - "AttachmentCount": 0, - "CreateDate": "2018-02-28T22:31:13+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "batch:SubmitJob" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAICVHHZ6XHNMA6VE3Q", - "PolicyName": "AWSBatchServiceEventTargetRole", - "UpdateDate": "2018-02-28T22:31:13+00:00", - "VersionId": "v1" - }, - "AWSBatchServiceRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole", - "AttachmentCount": 0, - "CreateDate": "2016-12-06T19:36:24+00:00", - "DefaultVersionId": "v12", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeAccountAttributes", - "ec2:DescribeInstances", - "ec2:DescribeInstanceStatus", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", - "ec2:DescribeKeyPairs", - "ec2:DescribeImages", - "ec2:DescribeImageAttribute", - "ec2:DescribeSpotInstanceRequests", - "ec2:DescribeSpotFleetInstances", - "ec2:DescribeSpotFleetRequests", - "ec2:DescribeSpotPriceHistory", - "ec2:DescribeVpcClassicLink", - "ec2:DescribeLaunchTemplateVersions", - "ec2:CreateLaunchTemplate", - "ec2:DeleteLaunchTemplate", - "ec2:RequestSpotFleet", - "ec2:CancelSpotFleetRequests", - "ec2:ModifySpotFleetRequest", - "ec2:TerminateInstances", - "ec2:RunInstances", - "autoscaling:DescribeAccountLimits", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:CreateLaunchConfiguration", - "autoscaling:CreateAutoScalingGroup", - "autoscaling:UpdateAutoScalingGroup", - "autoscaling:SetDesiredCapacity", - "autoscaling:DeleteLaunchConfiguration", - "autoscaling:DeleteAutoScalingGroup", - "autoscaling:CreateOrUpdateTags", - "autoscaling:SuspendProcesses", - "autoscaling:PutNotificationConfiguration", - "autoscaling:TerminateInstanceInAutoScalingGroup", - "ecs:DescribeClusters", - "ecs:DescribeContainerInstances", - "ecs:DescribeTaskDefinition", - "ecs:DescribeTasks", - "ecs:ListAccountSettings", - "ecs:ListClusters", - "ecs:ListContainerInstances", - "ecs:ListTaskDefinitionFamilies", - "ecs:ListTaskDefinitions", - "ecs:ListTasks", - "ecs:CreateCluster", - "ecs:DeleteCluster", - "ecs:RegisterTaskDefinition", - "ecs:DeregisterTaskDefinition", - "ecs:RunTask", - "ecs:StartTask", - "ecs:StopTask", - "ecs:UpdateContainerAgent", - "ecs:DeregisterContainerInstance", - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogGroups", - "iam:GetInstanceProfile", - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ecs:TagResource", - "Effect": "Allow", - "Resource": [ - "arn:aws:ecs:*:*:task/*_Batch_*" - ] - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "ec2.amazonaws.com", - "ec2.amazonaws.com.cn", - "ecs-tasks.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "spot.amazonaws.com", - "spotfleet.amazonaws.com", - "autoscaling.amazonaws.com", - "ecs.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "StringEquals": { - "ec2:CreateAction": "RunInstances" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIUETIXPCKASQJURFE", - "PolicyName": "AWSBatchServiceRole", - "UpdateDate": "2021-12-07T02:22:29+00:00", - "VersionId": "v12" - }, - "AWSBillingReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSBillingReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-08-27T20:08:51+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "aws-portal:ViewBilling" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LJ3OSZ5SX", - "PolicyName": "AWSBillingReadOnlyAccess", - "UpdateDate": "2020-08-27T20:08:51+00:00", - "VersionId": "v1" - }, - "AWSBudgetsActionsRolePolicyForResourceAdministrationWithSSM": { - "Arn": "arn:aws:iam::aws:policy/AWSBudgetsActionsRolePolicyForResourceAdministrationWithSSM", - "AttachmentCount": 0, - "CreateDate": "2020-10-15T17:20:48+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeInstanceStatus", - "ec2:StartInstances", - "ec2:StopInstances", - "rds:DescribeDBInstances", - "rds:StartDBInstance", - "rds:StopDBInstance" - ], - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "ssm.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ssm:StartAutomationExecution" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KIUIYBT2X", - "PolicyName": "AWSBudgetsActionsRolePolicyForResourceAdministrationWithSSM", - "UpdateDate": "2020-10-15T17:20:48+00:00", - "VersionId": "v1" - }, - "AWSBudgetsActionsWithAWSResourceControlAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSBudgetsActionsWithAWSResourceControlAccess", - "AttachmentCount": 0, - "CreateDate": "2020-10-15T17:19:12+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "budgets:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "aws-portal:ViewBilling" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": "budgets.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "aws-portal:ModifyBilling", - "ec2:DescribeInstances", - "iam:ListGroups", - "iam:ListPolicies", - "iam:ListRoles", - "iam:ListUsers", - "organizations:ListAccounts", - "organizations:ListOrganizationalUnitsForParent", - "organizations:ListPolicies", - "organizations:ListRoots", - "rds:DescribeDBInstances", - "sns:ListTopics" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4AHTKKGHHS", - "PolicyName": "AWSBudgetsActionsWithAWSResourceControlAccess", - "UpdateDate": "2020-10-15T17:19:12+00:00", - "VersionId": "v1" - }, - "AWSBudgetsReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSBudgetsReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-10-15T17:18:28+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "aws-portal:ViewBilling", - "budgets:ViewBudget", - "budgets:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4EZCFS6BHW", - "PolicyName": "AWSBudgetsReadOnlyAccess", - "UpdateDate": "2020-10-15T17:18:28+00:00", - "VersionId": "v1" - }, - "AWSBugBustFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSBugBustFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-06-24T07:03:26+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "codeguru-reviewer:DescribeCodeReview", - "codeguru-reviewer:ListRecommendations", - "codeguru-reviewer:ListCodeReviews" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeGuruReviewerPermission" - }, - { - "Action": [ - "codeguru-profiler:ListProfilingGroups", - "codeguru-profiler:DescribeProfilingGroup" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeGuruProfilerPermission" - }, - { - "Action": [ - "bugbust:*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AWSBugBustFullAccess" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "bugbust.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/bugbust.amazonaws.com/AWSServiceRoleForBugBust", - "Sid": "AWSBugBustSLRCreation" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MQU5DXLFC", - "PolicyName": "AWSBugBustFullAccess", - "UpdateDate": "2021-07-22T20:04:29+00:00", - "VersionId": "v2" - }, - "AWSBugBustPlayerAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSBugBustPlayerAccess", - "AttachmentCount": 0, - "CreateDate": "2021-06-24T07:15:00+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "codeguru-reviewer:DescribeCodeReview", - "codeguru-reviewer:ListRecommendations" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeGuruReviewerPermission" - }, - { - "Action": [ - "codeguru-profiler:DescribeProfilingGroup" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeGuruProfilerPermission" - }, - { - "Action": [ - "bugbust:ListBugs", - "bugbust:ListProfilingGroups", - "bugbust:JoinEvent", - "bugbust:GetEvent", - "bugbust:ListEvents", - "bugbust:GetJoinEventStatus", - "bugbust:ListEventScores", - "bugbust:ListEventParticipants", - "bugbust:UpdateWorkItem", - "bugbust:ListPullRequests" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AWSBugBustPlayerAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CPEJPLKKR", - "PolicyName": "AWSBugBustPlayerAccess", - "UpdateDate": "2021-06-24T07:15:00+00:00", - "VersionId": "v1" - }, - "AWSBugBustServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSBugBustServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-06-24T06:59:05+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "codeguru-reviewer:ListRecommendations", - "codeguru-reviewer:UntagResource", - "codeguru-reviewer:DescribeCodeReview" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/bugbust": "enabled" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LXHZTN64K", - "PolicyName": "AWSBugBustServiceRolePolicy", - "UpdateDate": "2021-06-24T06:59:05+00:00", - "VersionId": "v1" - }, - "AWSCertificateManagerFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerFullAccess", - "AttachmentCount": 0, - "CreateDate": "2016-01-21T17:02:36+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "acm:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "acm.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager*" - }, - { - "Action": [ - "iam:DeleteServiceLinkedRole", - "iam:GetServiceLinkedRoleDeletionStatus", - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJYCHABBP6VQIVBCBQ", - "PolicyName": "AWSCertificateManagerFullAccess", - "UpdateDate": "2020-08-17T22:18:28+00:00", - "VersionId": "v2" - }, - "AWSCertificateManagerPrivateCAAuditor": { - "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAAuditor", - "AttachmentCount": 0, - "CreateDate": "2018-10-23T16:51:08+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "acm-pca:CreateCertificateAuthorityAuditReport", - "acm-pca:DescribeCertificateAuthority", - "acm-pca:DescribeCertificateAuthorityAuditReport", - "acm-pca:GetCertificateAuthorityCsr", - "acm-pca:GetCertificateAuthorityCertificate", - "acm-pca:GetCertificate", - "acm-pca:GetPolicy", - "acm-pca:ListPermissions", - "acm-pca:ListTags" - ], - "Effect": "Allow", - "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*" - }, - { - "Action": [ - "acm-pca:ListCertificateAuthorities" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJW77VE4UEBJ4PEXEY", - "PolicyName": "AWSCertificateManagerPrivateCAAuditor", - "UpdateDate": "2020-08-17T22:54:12+00:00", - "VersionId": "v4" - }, - "AWSCertificateManagerPrivateCAFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-10-23T16:54:50+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "acm-pca:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIRTQUC55CREAWFLBG", - "PolicyName": "AWSCertificateManagerPrivateCAFullAccess", - "UpdateDate": "2018-10-23T16:54:50+00:00", - "VersionId": "v1" - }, - "AWSCertificateManagerPrivateCAPrivilegedUser": { - "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAPrivilegedUser", - "AttachmentCount": 0, - "CreateDate": "2019-06-20T17:43:13+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "acm-pca:IssueCertificate" - ], - "Condition": { - "StringLike": { - "acm-pca:TemplateArn": [ - "arn:aws:acm-pca:::template/*CACertificate*/V*" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*" - }, - { - "Action": [ - "acm-pca:IssueCertificate" - ], - "Condition": { - "StringNotLike": { - "acm-pca:TemplateArn": [ - "arn:aws:acm-pca:::template/*CACertificate*/V*" - ] - } - }, - "Effect": "Deny", - "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*" - }, - { - "Action": [ - "acm-pca:RevokeCertificate", - "acm-pca:GetCertificate", - "acm-pca:ListPermissions" - ], - "Effect": "Allow", - "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*" - }, - { - "Action": [ - "acm-pca:ListCertificateAuthorities" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4EQ6CWU5X5", - "PolicyName": "AWSCertificateManagerPrivateCAPrivilegedUser", - "UpdateDate": "2019-06-20T17:43:13+00:00", - "VersionId": "v1" - }, - "AWSCertificateManagerPrivateCAReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAReadOnly", - "AttachmentCount": 0, - "CreateDate": "2018-10-23T16:57:04+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": { - "Action": [ - "acm-pca:DescribeCertificateAuthority", - "acm-pca:DescribeCertificateAuthorityAuditReport", - "acm-pca:ListCertificateAuthorities", - "acm-pca:GetCertificateAuthorityCsr", - "acm-pca:GetCertificateAuthorityCertificate", - "acm-pca:GetCertificate", - "acm-pca:GetPolicy", - "acm-pca:ListPermissions", - "acm-pca:ListTags" - ], - "Effect": "Allow", - "Resource": "*" - }, - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJQAQT3WIXOXY7TD4A", - "PolicyName": "AWSCertificateManagerPrivateCAReadOnly", - "UpdateDate": "2020-08-17T22:54:22+00:00", - "VersionId": "v3" - }, - "AWSCertificateManagerPrivateCAUser": { - "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAUser", - "AttachmentCount": 0, - "CreateDate": "2018-10-23T16:53:33+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "acm-pca:IssueCertificate" - ], - "Condition": { - "StringLike": { - "acm-pca:TemplateArn": [ - "arn:aws:acm-pca:::template/EndEntityCertificate/V*" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*" - }, - { - "Action": [ - "acm-pca:IssueCertificate" - ], - "Condition": { - "StringNotLike": { - "acm-pca:TemplateArn": [ - "arn:aws:acm-pca:::template/EndEntityCertificate/V*" - ] - } - }, - "Effect": "Deny", - "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*" - }, - { - "Action": [ - "acm-pca:RevokeCertificate", - "acm-pca:GetCertificate", - "acm-pca:ListPermissions" - ], - "Effect": "Allow", - "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*" - }, - { - "Action": [ - "acm-pca:ListCertificateAuthorities" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJBXCSJJULLMRWSNII", - "PolicyName": "AWSCertificateManagerPrivateCAUser", - "UpdateDate": "2019-06-20T17:42:37+00:00", - "VersionId": "v4" - }, - "AWSCertificateManagerReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerReadOnly", - "AttachmentCount": 0, - "CreateDate": "2016-01-21T17:07:33+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": { - "Action": [ - "acm:DescribeCertificate", - "acm:ListCertificates", - "acm:GetCertificate", - "acm:ListTagsForCertificate", - "acm:GetAccountConfiguration" - ], - "Effect": "Allow", - "Resource": "*" - }, - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI4GSWX6S4MESJ3EWC", - "PolicyName": "AWSCertificateManagerReadOnly", - "UpdateDate": "2021-03-15T16:25:21+00:00", - "VersionId": "v4" - }, - "AWSChatbotServiceLinkedRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSChatbotServiceLinkedRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-11-18T16:39:50+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "sns:ListSubscriptionsByTopic", - "sns:ListTopics", - "sns:Unsubscribe", - "sns:Subscribe", - "sns:ListSubscriptions" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:PutLogEvents", - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:CreateLogGroup", - "logs:DescribeLogGroups" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/chatbot/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4ID4WRYKST", - "PolicyName": "AWSChatbotServiceLinkedRolePolicy", - "UpdateDate": "2019-11-18T16:39:50+00:00", - "VersionId": "v1" - }, - "AWSCloud9Administrator": { - "Arn": "arn:aws:iam::aws:policy/AWSCloud9Administrator", - "AttachmentCount": 0, - "CreateDate": "2017-11-30T16:17:28+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "cloud9:*", - "iam:GetUser", - "iam:ListUsers", - "ec2:DescribeVpcs", - "ec2:DescribeSubnets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringLike": { - "iam:AWSServiceName": "cloud9.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ssm:StartSession", - "Condition": { - "StringEquals": { - "aws:CalledViaFirst": "cloud9.amazonaws.com" - }, - "StringLike": { - "ssm:resourceTag/aws:cloud9:environment": "*" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "ssm:StartSession" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ssm:*:*:document/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIQ4KWP455WDTCBGWK", - "PolicyName": "AWSCloud9Administrator", - "UpdateDate": "2020-07-29T06:28:54+00:00", - "VersionId": "v2" - }, - "AWSCloud9EnvironmentMember": { - "Arn": "arn:aws:iam::aws:policy/AWSCloud9EnvironmentMember", - "AttachmentCount": 0, - "CreateDate": "2017-11-30T16:18:28+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "cloud9:GetUserSettings", - "cloud9:UpdateUserSettings", - "iam:GetUser", - "iam:ListUsers" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloud9:DescribeEnvironmentMemberships" - ], - "Condition": { - "Null": { - "cloud9:EnvironmentId": "true", - "cloud9:UserArn": "true" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "ssm:StartSession", - "Condition": { - "StringEquals": { - "aws:CalledViaFirst": "cloud9.amazonaws.com" - }, - "StringLike": { - "ssm:resourceTag/aws:cloud9:environment": "*" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "ssm:StartSession" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ssm:*:*:document/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI54ULAIPVT5HFTYGK", - "PolicyName": "AWSCloud9EnvironmentMember", - "UpdateDate": "2020-07-29T06:29:08+00:00", - "VersionId": "v2" - }, - "AWSCloud9SSMInstanceProfile": { - "Arn": "arn:aws:iam::aws:policy/AWSCloud9SSMInstanceProfile", - "AttachmentCount": 0, - "CreateDate": "2020-05-14T11:40:49+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ssmmessages:CreateControlChannel", - "ssmmessages:CreateDataChannel", - "ssmmessages:OpenControlChannel", - "ssmmessages:OpenDataChannel", - "ssm:UpdateInstanceInformation" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4IQOSNAKW6", - "PolicyName": "AWSCloud9SSMInstanceProfile", - "UpdateDate": "2020-05-14T11:40:49+00:00", - "VersionId": "v1" - }, - "AWSCloud9ServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSCloud9ServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2017-11-30T13:44:08+00:00", - "DefaultVersionId": "v8", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:RunInstances", - "ec2:CreateSecurityGroup", - "ec2:DescribeVpcs", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", - "ec2:DescribeInstances", - "ec2:DescribeInstanceStatus", - "cloudformation:CreateStack", - "cloudformation:DescribeStacks", - "cloudformation:DescribeStackEvents", - "cloudformation:DescribeStackResources" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:TerminateInstances", - "ec2:DeleteSecurityGroup", - "ec2:AuthorizeSecurityGroupIngress" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudformation:DeleteStack" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudformation:*:*:stack/aws-cloud9-*" - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "StringLike": { - "aws:RequestTag/Name": "aws-cloud9-*" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "ec2:StartInstances", - "ec2:StopInstances" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/aws:cloudformation:stack-name": "aws-cloud9-*" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:StartInstances", - "ec2:StopInstances" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:license-manager:*:*:license-configuration:*" - ] - }, - { - "Action": [ - "iam:ListInstanceProfiles", - "iam:GetInstanceProfile" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:instance-profile/cloud9/*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": "ec2.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/service-role/AWSCloud9SSMAccessRole" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJFXGCBXQIZATFZ4YG", - "PolicyName": "AWSCloud9ServiceRolePolicy", - "UpdateDate": "2022-01-17T14:06:15+00:00", - "VersionId": "v8" - }, - "AWSCloud9User": { - "Arn": "arn:aws:iam::aws:policy/AWSCloud9User", - "AttachmentCount": 0, - "CreateDate": "2017-11-30T16:16:17+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "cloud9:ValidateEnvironmentName", - "cloud9:UpdateUserSettings", - "cloud9:GetUserSettings", - "iam:GetUser", - "iam:ListUsers", - "ec2:DescribeVpcs", - "ec2:DescribeSubnets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloud9:CreateEnvironmentEC2", - "cloud9:CreateEnvironmentSSH" - ], - "Condition": { - "Null": { - "cloud9:OwnerArn": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloud9:GetUserPublicKey" - ], - "Condition": { - "Null": { - "cloud9:UserArn": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloud9:DescribeEnvironmentMemberships" - ], - "Condition": { - "Null": { - "cloud9:EnvironmentId": "true", - "cloud9:UserArn": "true" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringLike": { - "iam:AWSServiceName": "cloud9.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ssm:StartSession", - "Condition": { - "StringEquals": { - "aws:CalledViaFirst": "cloud9.amazonaws.com" - }, - "StringLike": { - "ssm:resourceTag/aws:cloud9:environment": "*" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "ssm:StartSession" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ssm:*:*:document/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJPFGFWQF67QVARP6U", - "PolicyName": "AWSCloud9User", - "UpdateDate": "2020-07-29T06:26:43+00:00", - "VersionId": "v4" - }, - "AWSCloudFormationFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCloudFormationFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-07-26T21:50:35+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cloudformation:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CRR3ZS723", - "PolicyName": "AWSCloudFormationFullAccess", - "UpdateDate": "2019-07-26T21:50:35+00:00", - "VersionId": "v1" - }, - "AWSCloudFormationReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:39:49+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "cloudformation:Describe*", - "cloudformation:EstimateTemplateCost", - "cloudformation:Get*", - "cloudformation:List*", - "cloudformation:ValidateTemplate", - "cloudformation:Detect*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJWVBEE4I2POWLODLW", - "PolicyName": "AWSCloudFormationReadOnlyAccess", - "UpdateDate": "2019-11-13T17:40:07+00:00", - "VersionId": "v4" - }, - "AWSCloudFrontLogger": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSCloudFrontLogger", - "AttachmentCount": 0, - "CreateDate": "2018-06-12T20:15:23+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/cloudfront/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIOI7RPKLCNINBTRP4", - "PolicyName": "AWSCloudFrontLogger", - "UpdateDate": "2019-11-22T19:33:51+00:00", - "VersionId": "v2" - }, - "AWSCloudHSMFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCloudHSMFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:39:51+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "cloudhsm:*", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIMBQYQZM7F63DA2UU", - "PolicyName": "AWSCloudHSMFullAccess", - "UpdateDate": "2015-02-06T18:39:51+00:00", - "VersionId": "v1" - }, - "AWSCloudHSMReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCloudHSMReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:39:52+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cloudhsm:Get*", - "cloudhsm:List*", - "cloudhsm:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAISVCBSY7YDBOT67KE", - "PolicyName": "AWSCloudHSMReadOnlyAccess", - "UpdateDate": "2015-02-06T18:39:52+00:00", - "VersionId": "v1" - }, - "AWSCloudHSMRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSCloudHSMRole", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:23+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateNetworkInterface", - "ec2:CreateTags", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaceAttribute", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DetachNetworkInterface" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI7QIUU4GC66SF26WE", - "PolicyName": "AWSCloudHSMRole", - "UpdateDate": "2015-02-06T18:41:23+00:00", - "VersionId": "v1" - }, - "AWSCloudMapDiscoverInstanceAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCloudMapDiscoverInstanceAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-29T00:02:42+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "servicediscovery:DiscoverInstances" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIPRD7PYYQVYPDME4K", - "PolicyName": "AWSCloudMapDiscoverInstanceAccess", - "UpdateDate": "2018-11-29T00:02:42+00:00", - "VersionId": "v1" - }, - "AWSCloudMapFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCloudMapFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-28T23:57:31+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "route53:GetHostedZone", - "route53:ListHostedZonesByName", - "route53:CreateHostedZone", - "route53:DeleteHostedZone", - "route53:ChangeResourceRecordSets", - "route53:CreateHealthCheck", - "route53:GetHealthCheck", - "route53:DeleteHealthCheck", - "route53:UpdateHealthCheck", - "ec2:DescribeVpcs", - "ec2:DescribeRegions", - "ec2:DescribeInstances", - "servicediscovery:*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIZPIMAQZJS3WUXUJM", - "PolicyName": "AWSCloudMapFullAccess", - "UpdateDate": "2020-07-29T19:15:35+00:00", - "VersionId": "v2" - }, - "AWSCloudMapReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCloudMapReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-28T23:45:26+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "servicediscovery:Get*", - "servicediscovery:List*", - "servicediscovery:DiscoverInstances" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIOHISHKLCJTVQQL5E", - "PolicyName": "AWSCloudMapReadOnlyAccess", - "UpdateDate": "2018-11-28T23:45:26+00:00", - "VersionId": "v1" - }, - "AWSCloudMapRegisterInstanceAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCloudMapRegisterInstanceAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-29T00:04:57+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "route53:GetHostedZone", - "route53:ListHostedZonesByName", - "route53:ChangeResourceRecordSets", - "route53:CreateHealthCheck", - "route53:GetHealthCheck", - "route53:DeleteHealthCheck", - "route53:UpdateHealthCheck", - "servicediscovery:Get*", - "servicediscovery:List*", - "servicediscovery:RegisterInstance", - "servicediscovery:DeregisterInstance", - "servicediscovery:DiscoverInstances", - "ec2:DescribeInstances" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI4P5Z5HXVWJ75WQBC", - "PolicyName": "AWSCloudMapRegisterInstanceAccess", - "UpdateDate": "2020-07-29T17:57:24+00:00", - "VersionId": "v2" - }, - "AWSCloudShellFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCloudShellFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-12-15T18:07:44+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cloudshell:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4HEDUXFSA3", - "PolicyName": "AWSCloudShellFullAccess", - "UpdateDate": "2020-12-15T18:07:44+00:00", - "VersionId": "v1" - }, - "AWSCloudTrailReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCloudTrailReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:39:59+00:00", - "DefaultVersionId": "v9", - "Document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:GetBucketLocation" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudtrail:GetTrail", - "cloudtrail:GetTrailStatus", - "cloudtrail:DescribeTrails", - "cloudtrail:ListTrails", - "cloudtrail:LookupEvents", - "cloudtrail:ListTags", - "cloudtrail:ListPublicKeys", - "cloudtrail:GetEventSelectors", - "cloudtrail:GetInsightSelectors", - "s3:ListAllMyBuckets", - "kms:ListAliases", - "lambda:ListFunctions" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJDU7KJADWBSEQ3E7S", - "PolicyName": "AWSCloudTrailReadOnlyAccess", - "UpdateDate": "2019-11-20T21:06:49+00:00", - "VersionId": "v9" - }, - "AWSCloudTrail_FullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCloudTrail_FullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-10-08T23:41:15+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "sns:AddPermission", - "sns:CreateTopic", - "sns:SetTopicAttributes", - "sns:GetTopicAttributes" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sns:*:*:aws-cloudtrail-logs*" - ] - }, - { - "Action": [ - "sns:ListTopics" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:CreateBucket", - "s3:PutBucketPolicy", - "s3:PutBucketPublicAccessBlock" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-cloudtrail-logs*" - ] - }, - { - "Action": [ - "s3:ListAllMyBuckets", - "s3:GetBucketLocation", - "s3:GetBucketPolicy" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "cloudtrail:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:aws-cloudtrail-logs*" - ] - }, - { - "Action": [ - "iam:ListRoles", - "iam:GetRolePolicy", - "iam:GetUser" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": "cloudtrail.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:CreateKey", - "kms:CreateAlias", - "kms:ListKeys", - "kms:ListAliases" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "lambda:ListFunctions" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "dynamodb:ListGlobalTables", - "dynamodb:ListTables" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CA4SIJQAM", - "PolicyName": "AWSCloudTrail_FullAccess", - "UpdateDate": "2021-02-22T19:01:00+00:00", - "VersionId": "v3" - }, - "AWSCloudWatchAlarms_ActionSSMIncidentsServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSCloudWatchAlarms_ActionSSMIncidentsServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-04-27T13:30:52+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "ssm-incidents:StartIncident", - "Effect": "Allow", - "Resource": "*", - "Sid": "StartIncidentPermissions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JS7SI2RZY", - "PolicyName": "AWSCloudWatchAlarms_ActionSSMIncidentsServiceRolePolicy", - "UpdateDate": "2021-04-27T13:30:52+00:00", - "VersionId": "v1" - }, - "AWSCodeArtifactAdminAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCodeArtifactAdminAccess", - "AttachmentCount": 0, - "CreateDate": "2020-06-16T23:53:23+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "codeartifact:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "sts:GetServiceBearerToken", - "Condition": { - "StringEquals": { - "sts:AWSServiceName": "codeartifact.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MBONPJNI5", - "PolicyName": "AWSCodeArtifactAdminAccess", - "UpdateDate": "2020-06-16T23:53:23+00:00", - "VersionId": "v1" - }, - "AWSCodeArtifactReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCodeArtifactReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-06-25T21:23:52+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "codeartifact:Describe*", - "codeartifact:Get*", - "codeartifact:List*", - "codeartifact:ReadFromRepository" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "sts:GetServiceBearerToken", - "Condition": { - "StringEquals": { - "sts:AWSServiceName": "codeartifact.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PVTKOJHFB", - "PolicyName": "AWSCodeArtifactReadOnlyAccess", - "UpdateDate": "2020-06-25T21:23:52+00:00", - "VersionId": "v1" - }, - "AWSCodeBuildAdminAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess", - "AttachmentCount": 0, - "CreateDate": "2016-12-01T19:04:44+00:00", - "DefaultVersionId": "v12", - "Document": { - "Statement": [ - { - "Action": [ - "codebuild:*", - "codecommit:GetBranch", - "codecommit:GetCommit", - "codecommit:GetRepository", - "codecommit:ListBranches", - "codecommit:ListRepositories", - "cloudwatch:GetMetricStatistics", - "ec2:DescribeVpcs", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ecr:DescribeRepositories", - "ecr:ListImages", - "elasticfilesystem:DescribeFileSystems", - "events:DeleteRule", - "events:DescribeRule", - "events:DisableRule", - "events:EnableRule", - "events:ListTargetsByRule", - "events:ListRuleNamesByTarget", - "events:PutRule", - "events:PutTargets", - "events:RemoveTargets", - "logs:GetLogEvents", - "s3:GetBucketLocation", - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:DeleteLogGroup" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/codebuild/*:log-stream:*" - }, - { - "Action": [ - "ssm:PutParameter" - ], - "Effect": "Allow", - "Resource": "arn:aws:ssm:*:*:parameter/CodeBuild/*" - }, - { - "Action": [ - "ssm:StartSession" - ], - "Effect": "Allow", - "Resource": "arn:aws:ecs:*:*:task/*/*" - }, - { - "Action": [ - "codestar-connections:CreateConnection", - "codestar-connections:DeleteConnection", - "codestar-connections:UpdateConnectionInstallation", - "codestar-connections:TagResource", - "codestar-connections:UntagResource", - "codestar-connections:ListConnections", - "codestar-connections:ListInstallationTargets", - "codestar-connections:ListTagsForResource", - "codestar-connections:GetConnection", - "codestar-connections:GetIndividualAccessToken", - "codestar-connections:GetInstallationUrl", - "codestar-connections:PassConnection", - "codestar-connections:StartOAuthHandshake", - "codestar-connections:UseConnection" - ], - "Effect": "Allow", - "Resource": "arn:aws:codestar-connections:*:*:connection/*", - "Sid": "CodeStarConnectionsReadWriteAccess" - }, - { - "Action": [ - "codestar-notifications:CreateNotificationRule", - "codestar-notifications:DescribeNotificationRule", - "codestar-notifications:UpdateNotificationRule", - "codestar-notifications:DeleteNotificationRule", - "codestar-notifications:Subscribe", - "codestar-notifications:Unsubscribe" - ], - "Condition": { - "StringLike": { - "codestar-notifications:NotificationsForResource": "arn:aws:codebuild:*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsReadWriteAccess" - }, - { - "Action": [ - "codestar-notifications:ListNotificationRules", - "codestar-notifications:ListEventTypes", - "codestar-notifications:ListTargets", - "codestar-notifications:ListTagsforResource" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsListAccess" - }, - { - "Action": [ - "sns:CreateTopic", - "sns:SetTopicAttributes" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:codestar-notifications*", - "Sid": "CodeStarNotificationsSNSTopicCreateAccess" - }, - { - "Action": [ - "sns:ListTopics", - "sns:GetTopicAttributes" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "SNSTopicListAccess" - }, - { - "Action": [ - "chatbot:DescribeSlackChannelConfigurations" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsChatbotAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJQJGIOIE3CD2TQXDS", - "PolicyName": "AWSCodeBuildAdminAccess", - "UpdateDate": "2020-09-14T16:03:39+00:00", - "VersionId": "v12" - }, - "AWSCodeBuildDeveloperAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess", - "AttachmentCount": 0, - "CreateDate": "2016-12-01T19:02:32+00:00", - "DefaultVersionId": "v13", - "Document": { - "Statement": [ - { - "Action": [ - "codebuild:StartBuild", - "codebuild:StopBuild", - "codebuild:StartBuildBatch", - "codebuild:StopBuildBatch", - "codebuild:RetryBuild", - "codebuild:RetryBuildBatch", - "codebuild:BatchGet*", - "codebuild:GetResourcePolicy", - "codebuild:DescribeTestCases", - "codebuild:DescribeCodeCoverages", - "codebuild:List*", - "codecommit:GetBranch", - "codecommit:GetCommit", - "codecommit:GetRepository", - "codecommit:ListBranches", - "cloudwatch:GetMetricStatistics", - "events:DescribeRule", - "events:ListTargetsByRule", - "events:ListRuleNamesByTarget", - "logs:GetLogEvents", - "s3:GetBucketLocation", - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ssm:PutParameter" - ], - "Effect": "Allow", - "Resource": "arn:aws:ssm:*:*:parameter/CodeBuild/*" - }, - { - "Action": [ - "ssm:StartSession" - ], - "Effect": "Allow", - "Resource": "arn:aws:ecs:*:*:task/*/*" - }, - { - "Action": [ - "codestar-connections:ListConnections", - "codestar-connections:GetConnection" - ], - "Effect": "Allow", - "Resource": "arn:aws:codestar-connections:*:*:connection/*", - "Sid": "CodeStarConnectionsUserAccess" - }, - { - "Action": [ - "codestar-notifications:CreateNotificationRule", - "codestar-notifications:DescribeNotificationRule", - "codestar-notifications:UpdateNotificationRule", - "codestar-notifications:Subscribe", - "codestar-notifications:Unsubscribe" - ], - "Condition": { - "StringLike": { - "codestar-notifications:NotificationsForResource": "arn:aws:codebuild:*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsReadWriteAccess" - }, - { - "Action": [ - "codestar-notifications:ListNotificationRules", - "codestar-notifications:ListEventTypes", - "codestar-notifications:ListTargets", - "codestar-notifications:ListTagsforResource" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsListAccess" - }, - { - "Action": [ - "sns:ListTopics", - "sns:GetTopicAttributes" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "SNSTopicListAccess" - }, - { - "Action": [ - "chatbot:DescribeSlackChannelConfigurations" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsChatbotAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIMKTMR34XSBQW45HS", - "PolicyName": "AWSCodeBuildDeveloperAccess", - "UpdateDate": "2020-09-14T16:03:44+00:00", - "VersionId": "v13" - }, - "AWSCodeBuildReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCodeBuildReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2016-12-01T19:03:41+00:00", - "DefaultVersionId": "v11", - "Document": { - "Statement": [ - { - "Action": [ - "codebuild:BatchGet*", - "codebuild:GetResourcePolicy", - "codebuild:List*", - "codebuild:DescribeTestCases", - "codebuild:DescribeCodeCoverages", - "codecommit:GetBranch", - "codecommit:GetCommit", - "codecommit:GetRepository", - "cloudwatch:GetMetricStatistics", - "events:DescribeRule", - "events:ListTargetsByRule", - "events:ListRuleNamesByTarget", - "logs:GetLogEvents" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "codestar-connections:ListConnections", - "codestar-connections:GetConnection" - ], - "Effect": "Allow", - "Resource": "arn:aws:codestar-connections:*:*:connection/*", - "Sid": "CodeStarConnectionsUserAccess" - }, - { - "Action": [ - "codestar-notifications:DescribeNotificationRule" - ], - "Condition": { - "StringLike": { - "codestar-notifications:NotificationsForResource": "arn:aws:codebuild:*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsPowerUserAccess" - }, - { - "Action": [ - "codestar-notifications:ListNotificationRules", - "codestar-notifications:ListEventTypes", - "codestar-notifications:ListTargets" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsListAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJIZZWN6557F5HVP2K", - "PolicyName": "AWSCodeBuildReadOnlyAccess", - "UpdateDate": "2020-09-14T16:04:04+00:00", - "VersionId": "v11" - }, - "AWSCodeCommitFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCodeCommitFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-07-09T17:02:19+00:00", - "DefaultVersionId": "v9", - "Document": { - "Statement": [ - { - "Action": [ - "codecommit:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "events:DeleteRule", - "events:DescribeRule", - "events:DisableRule", - "events:EnableRule", - "events:PutRule", - "events:PutTargets", - "events:RemoveTargets", - "events:ListTargetsByRule" - ], - "Effect": "Allow", - "Resource": "arn:aws:events:*:*:rule/codecommit*", - "Sid": "CloudWatchEventsCodeCommitRulesAccess" - }, - { - "Action": [ - "sns:CreateTopic", - "sns:DeleteTopic", - "sns:Subscribe", - "sns:Unsubscribe", - "sns:SetTopicAttributes" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:codecommit*", - "Sid": "SNSTopicAndSubscriptionAccess" - }, - { - "Action": [ - "sns:ListTopics", - "sns:ListSubscriptionsByTopic", - "sns:GetTopicAttributes" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "SNSTopicAndSubscriptionReadAccess" - }, - { - "Action": [ - "lambda:ListFunctions" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "LambdaReadOnlyListAccess" - }, - { - "Action": [ - "iam:ListUsers" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "IAMReadOnlyListAccess" - }, - { - "Action": [ - "iam:ListAccessKeys", - "iam:ListSSHPublicKeys", - "iam:ListServiceSpecificCredentials" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:user/${aws:username}", - "Sid": "IAMReadOnlyConsoleAccess" - }, - { - "Action": [ - "iam:DeleteSSHPublicKey", - "iam:GetSSHPublicKey", - "iam:ListSSHPublicKeys", - "iam:UpdateSSHPublicKey", - "iam:UploadSSHPublicKey" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:user/${aws:username}", - "Sid": "IAMUserSSHKeys" - }, - { - "Action": [ - "iam:CreateServiceSpecificCredential", - "iam:UpdateServiceSpecificCredential", - "iam:DeleteServiceSpecificCredential", - "iam:ResetServiceSpecificCredential" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:user/${aws:username}", - "Sid": "IAMSelfManageServiceSpecificCredentials" - }, - { - "Action": [ - "codestar-notifications:CreateNotificationRule", - "codestar-notifications:DescribeNotificationRule", - "codestar-notifications:UpdateNotificationRule", - "codestar-notifications:DeleteNotificationRule", - "codestar-notifications:Subscribe", - "codestar-notifications:Unsubscribe" - ], - "Condition": { - "StringLike": { - "codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsReadWriteAccess" - }, - { - "Action": [ - "codestar-notifications:ListNotificationRules", - "codestar-notifications:ListTargets", - "codestar-notifications:ListTagsforResource", - "codestar-notifications:ListEventTypes" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsListAccess" - }, - { - "Action": [ - "sns:CreateTopic", - "sns:SetTopicAttributes" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:codestar-notifications*", - "Sid": "CodeStarNotificationsSNSTopicCreateAccess" - }, - { - "Action": [ - "codeguru-reviewer:AssociateRepository", - "codeguru-reviewer:DescribeRepositoryAssociation", - "codeguru-reviewer:ListRepositoryAssociations", - "codeguru-reviewer:DisassociateRepository", - "codeguru-reviewer:DescribeCodeReview", - "codeguru-reviewer:ListCodeReviews" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonCodeGuruReviewerFullAccess" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "codeguru-reviewer.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", - "Sid": "AmazonCodeGuruReviewerSLRCreation" - }, - { - "Action": [ - "events:PutRule", - "events:PutTargets", - "events:DeleteRule", - "events:RemoveTargets" - ], - "Condition": { - "StringEquals": { - "events:ManagedBy": "codeguru-reviewer.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CloudWatchEventsManagedRules" - }, - { - "Action": [ - "chatbot:DescribeSlackChannelConfigurations" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsChatbotAccess" - }, - { - "Action": [ - "codestar-connections:ListConnections", - "codestar-connections:GetConnection" - ], - "Effect": "Allow", - "Resource": "arn:aws:codestar-connections:*:*:connection/*", - "Sid": "CodeStarConnectionsReadOnlyAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI4VCZ3XPIZLQ5NZV2", - "PolicyName": "AWSCodeCommitFullAccess", - "UpdateDate": "2020-07-30T23:17:35+00:00", - "VersionId": "v9" - }, - "AWSCodeCommitPowerUser": { - "Arn": "arn:aws:iam::aws:policy/AWSCodeCommitPowerUser", - "AttachmentCount": 0, - "CreateDate": "2015-07-09T17:06:49+00:00", - "DefaultVersionId": "v14", - "Document": { - "Statement": [ - { - "Action": [ - "codecommit:AssociateApprovalRuleTemplateWithRepository", - "codecommit:BatchAssociateApprovalRuleTemplateWithRepositories", - "codecommit:BatchDisassociateApprovalRuleTemplateFromRepositories", - "codecommit:BatchGet*", - "codecommit:BatchDescribe*", - "codecommit:Create*", - "codecommit:DeleteBranch", - "codecommit:DeleteFile", - "codecommit:Describe*", - "codecommit:DisassociateApprovalRuleTemplateFromRepository", - "codecommit:EvaluatePullRequestApprovalRules", - "codecommit:Get*", - "codecommit:List*", - "codecommit:Merge*", - "codecommit:OverridePullRequestApprovalRules", - "codecommit:Put*", - "codecommit:Post*", - "codecommit:TagResource", - "codecommit:Test*", - "codecommit:UntagResource", - "codecommit:Update*", - "codecommit:GitPull", - "codecommit:GitPush" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "events:DeleteRule", - "events:DescribeRule", - "events:DisableRule", - "events:EnableRule", - "events:PutRule", - "events:PutTargets", - "events:RemoveTargets", - "events:ListTargetsByRule" - ], - "Effect": "Allow", - "Resource": "arn:aws:events:*:*:rule/codecommit*", - "Sid": "CloudWatchEventsCodeCommitRulesAccess" - }, - { - "Action": [ - "sns:Subscribe", - "sns:Unsubscribe" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:codecommit*", - "Sid": "SNSTopicAndSubscriptionAccess" - }, - { - "Action": [ - "sns:ListTopics", - "sns:ListSubscriptionsByTopic", - "sns:GetTopicAttributes" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "SNSTopicAndSubscriptionReadAccess" - }, - { - "Action": [ - "lambda:ListFunctions" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "LambdaReadOnlyListAccess" - }, - { - "Action": [ - "iam:ListUsers" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "IAMReadOnlyListAccess" - }, - { - "Action": [ - "iam:ListAccessKeys", - "iam:ListSSHPublicKeys", - "iam:ListServiceSpecificCredentials" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:user/${aws:username}", - "Sid": "IAMReadOnlyConsoleAccess" - }, - { - "Action": [ - "iam:DeleteSSHPublicKey", - "iam:GetSSHPublicKey", - "iam:ListSSHPublicKeys", - "iam:UpdateSSHPublicKey", - "iam:UploadSSHPublicKey" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:user/${aws:username}", - "Sid": "IAMUserSSHKeys" - }, - { - "Action": [ - "iam:CreateServiceSpecificCredential", - "iam:UpdateServiceSpecificCredential", - "iam:DeleteServiceSpecificCredential", - "iam:ResetServiceSpecificCredential" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:user/${aws:username}", - "Sid": "IAMSelfManageServiceSpecificCredentials" - }, - { - "Action": [ - "codestar-notifications:CreateNotificationRule", - "codestar-notifications:DescribeNotificationRule", - "codestar-notifications:UpdateNotificationRule", - "codestar-notifications:Subscribe", - "codestar-notifications:Unsubscribe" - ], - "Condition": { - "StringLike": { - "codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsReadWriteAccess" - }, - { - "Action": [ - "codestar-notifications:ListNotificationRules", - "codestar-notifications:ListTargets", - "codestar-notifications:ListTagsforResource", - "codestar-notifications:ListEventTypes" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsListAccess" - }, - { - "Action": [ - "codeguru-reviewer:AssociateRepository", - "codeguru-reviewer:DescribeRepositoryAssociation", - "codeguru-reviewer:ListRepositoryAssociations", - "codeguru-reviewer:DisassociateRepository", - "codeguru-reviewer:DescribeCodeReview", - "codeguru-reviewer:ListCodeReviews" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonCodeGuruReviewerFullAccess" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "codeguru-reviewer.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", - "Sid": "AmazonCodeGuruReviewerSLRCreation" - }, - { - "Action": [ - "events:PutRule", - "events:PutTargets", - "events:DeleteRule", - "events:RemoveTargets" - ], - "Condition": { - "StringEquals": { - "events:ManagedBy": "codeguru-reviewer.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CloudWatchEventsManagedRules" - }, - { - "Action": [ - "chatbot:DescribeSlackChannelConfigurations" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsChatbotAccess" - }, - { - "Action": [ - "codestar-connections:ListConnections", - "codestar-connections:GetConnection" - ], - "Effect": "Allow", - "Resource": "arn:aws:codestar-connections:*:*:connection/*", - "Sid": "CodeStarConnectionsReadOnlyAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI4UIINUVGB5SEC57G", - "PolicyName": "AWSCodeCommitPowerUser", - "UpdateDate": "2020-07-30T23:12:48+00:00", - "VersionId": "v14" - }, - "AWSCodeCommitReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AWSCodeCommitReadOnly", - "AttachmentCount": 0, - "CreateDate": "2015-07-09T17:05:06+00:00", - "DefaultVersionId": "v11", - "Document": { - "Statement": [ - { - "Action": [ - "codecommit:BatchGet*", - "codecommit:BatchDescribe*", - "codecommit:Describe*", - "codecommit:EvaluatePullRequestApprovalRules", - "codecommit:Get*", - "codecommit:List*", - "codecommit:GitPull" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "events:DescribeRule", - "events:ListTargetsByRule" - ], - "Effect": "Allow", - "Resource": "arn:aws:events:*:*:rule/codecommit*", - "Sid": "CloudWatchEventsCodeCommitRulesReadOnlyAccess" - }, - { - "Action": [ - "sns:ListTopics", - "sns:ListSubscriptionsByTopic", - "sns:GetTopicAttributes" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "SNSSubscriptionAccess" - }, - { - "Action": [ - "lambda:ListFunctions" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "LambdaReadOnlyListAccess" - }, - { - "Action": [ - "iam:ListUsers" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "IAMReadOnlyListAccess" - }, - { - "Action": [ - "iam:ListSSHPublicKeys", - "iam:ListServiceSpecificCredentials", - "iam:ListAccessKeys", - "iam:GetSSHPublicKey" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:user/${aws:username}", - "Sid": "IAMReadOnlyConsoleAccess" - }, - { - "Action": [ - "codestar-connections:ListConnections", - "codestar-connections:GetConnection" - ], - "Effect": "Allow", - "Resource": "arn:aws:codestar-connections:*:*:connection/*", - "Sid": "CodeStarConnectionsReadOnlyAccess" - }, - { - "Action": [ - "codestar-notifications:DescribeNotificationRule" - ], - "Condition": { - "StringLike": { - "codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsReadOnlyAccess" - }, - { - "Action": [ - "codestar-notifications:ListNotificationRules", - "codestar-notifications:ListEventTypes", - "codestar-notifications:ListTargets" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsListAccess" - }, - { - "Action": [ - "codeguru-reviewer:DescribeRepositoryAssociation", - "codeguru-reviewer:ListRepositoryAssociations", - "codeguru-reviewer:DescribeCodeReview", - "codeguru-reviewer:ListCodeReviews" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonCodeGuruReviewerReadOnlyAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJACNSXR7Z2VLJW3D6", - "PolicyName": "AWSCodeCommitReadOnly", - "UpdateDate": "2021-08-18T18:18:01+00:00", - "VersionId": "v11" - }, - "AWSCodeDeployDeployerAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess", - "AttachmentCount": 0, - "CreateDate": "2015-05-19T18:18:43+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "codedeploy:Batch*", - "codedeploy:CreateDeployment", - "codedeploy:Get*", - "codedeploy:List*", - "codedeploy:RegisterApplicationRevision" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "codestar-notifications:CreateNotificationRule", - "codestar-notifications:DescribeNotificationRule", - "codestar-notifications:UpdateNotificationRule", - "codestar-notifications:Subscribe", - "codestar-notifications:Unsubscribe" - ], - "Condition": { - "StringLike": { - "codestar-notifications:NotificationsForResource": "arn:aws:codedeploy:*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsReadWriteAccess" - }, - { - "Action": [ - "codestar-notifications:ListNotificationRules", - "codestar-notifications:ListTargets", - "codestar-notifications:ListTagsforResource", - "codestar-notifications:ListEventTypes" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsListAccess" - }, - { - "Action": [ - "chatbot:DescribeSlackChannelConfigurations" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsChatbotAccess" - }, - { - "Action": [ - "sns:ListTopics" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "SNSTopicListAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJUWEPOMGLMVXJAPUI", - "PolicyName": "AWSCodeDeployDeployerAccess", - "UpdateDate": "2020-04-02T16:16:11+00:00", - "VersionId": "v3" - }, - "AWSCodeDeployFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCodeDeployFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-05-19T18:13:23+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": "codedeploy:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "codestar-notifications:CreateNotificationRule", - "codestar-notifications:DescribeNotificationRule", - "codestar-notifications:UpdateNotificationRule", - "codestar-notifications:DeleteNotificationRule", - "codestar-notifications:Subscribe", - "codestar-notifications:Unsubscribe" - ], - "Condition": { - "StringLike": { - "codestar-notifications:NotificationsForResource": "arn:aws:codedeploy:*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsReadWriteAccess" - }, - { - "Action": [ - "codestar-notifications:ListNotificationRules", - "codestar-notifications:ListTargets", - "codestar-notifications:ListTagsforResource", - "codestar-notifications:ListEventTypes" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsListAccess" - }, - { - "Action": [ - "sns:CreateTopic", - "sns:SetTopicAttributes" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:codestar-notifications*", - "Sid": "CodeStarNotificationsSNSTopicCreateAccess" - }, - { - "Action": [ - "chatbot:DescribeSlackChannelConfigurations" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsChatbotAccess" - }, - { - "Action": [ - "sns:ListTopics" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "SNSTopicListAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIONKN3TJZUKXCHXWC", - "PolicyName": "AWSCodeDeployFullAccess", - "UpdateDate": "2020-04-02T16:14:47+00:00", - "VersionId": "v3" - }, - "AWSCodeDeployReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCodeDeployReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-05-19T18:21:32+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "codedeploy:Batch*", - "codedeploy:Get*", - "codedeploy:List*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "codestar-notifications:DescribeNotificationRule" - ], - "Condition": { - "StringLike": { - "codestar-notifications:NotificationsForResource": "arn:aws:codedeploy:*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsPowerUserAccess" - }, - { - "Action": [ - "codestar-notifications:ListNotificationRules", - "codestar-notifications:ListEventTypes", - "codestar-notifications:ListTargets" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsListAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAILZHHKCKB4NE7XOIQ", - "PolicyName": "AWSCodeDeployReadOnlyAccess", - "UpdateDate": "2020-04-02T16:20:09+00:00", - "VersionId": "v3" - }, - "AWSCodeDeployRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole", - "AttachmentCount": 0, - "CreateDate": "2015-05-04T18:05:37+00:00", - "DefaultVersionId": "v9", - "Document": { - "Statement": [ - { - "Action": [ - "autoscaling:CompleteLifecycleAction", - "autoscaling:DeleteLifecycleHook", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeLifecycleHooks", - "autoscaling:PutLifecycleHook", - "autoscaling:RecordLifecycleActionHeartbeat", - "autoscaling:CreateAutoScalingGroup", - "autoscaling:UpdateAutoScalingGroup", - "autoscaling:EnableMetricsCollection", - "autoscaling:DescribePolicies", - "autoscaling:DescribeScheduledActions", - "autoscaling:DescribeNotificationConfigurations", - "autoscaling:SuspendProcesses", - "autoscaling:ResumeProcesses", - "autoscaling:AttachLoadBalancers", - "autoscaling:AttachLoadBalancerTargetGroups", - "autoscaling:PutScalingPolicy", - "autoscaling:PutScheduledUpdateGroupAction", - "autoscaling:PutNotificationConfiguration", - "autoscaling:PutWarmPool", - "autoscaling:DescribeScalingActivities", - "autoscaling:DeleteAutoScalingGroup", - "ec2:DescribeInstances", - "ec2:DescribeInstanceStatus", - "ec2:TerminateInstances", - "tag:GetResources", - "sns:Publish", - "cloudwatch:DescribeAlarms", - "cloudwatch:PutMetricAlarm", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeInstanceHealth", - "elasticloadbalancing:RegisterInstancesWithLoadBalancer", - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:DeregisterTargets" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ2NKMKD73QS5NBFLA", - "PolicyName": "AWSCodeDeployRole", - "UpdateDate": "2021-05-19T00:42:51+00:00", - "VersionId": "v9" - }, - "AWSCodeDeployRoleForCloudFormation": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForCloudFormation", - "AttachmentCount": 0, - "CreateDate": "2020-05-19T17:12:52+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "lambda:InvokeFunction" - ], - "Effect": "Allow", - "Resource": "arn:aws:lambda:*:*:function:CodeDeployHook_*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CO24UTMFH", - "PolicyName": "AWSCodeDeployRoleForCloudFormation", - "UpdateDate": "2020-05-19T17:12:52+00:00", - "VersionId": "v1" - }, - "AWSCodeDeployRoleForECS": { - "Arn": "arn:aws:iam::aws:policy/AWSCodeDeployRoleForECS", - "AttachmentCount": 0, - "CreateDate": "2018-11-27T20:40:57+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "ecs:DescribeServices", - "ecs:CreateTaskSet", - "ecs:UpdateServicePrimaryTaskSet", - "ecs:DeleteTaskSet", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:ModifyListener", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:ModifyRule", - "lambda:InvokeFunction", - "cloudwatch:DescribeAlarms", - "sns:Publish", - "s3:GetObject", - "s3:GetObjectVersion" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": [ - "ecs-tasks.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIIL3KXEKRGEN2HFIO", - "PolicyName": "AWSCodeDeployRoleForECS", - "UpdateDate": "2019-09-23T22:37:46+00:00", - "VersionId": "v3" - }, - "AWSCodeDeployRoleForECSLimited": { - "Arn": "arn:aws:iam::aws:policy/AWSCodeDeployRoleForECSLimited", - "AttachmentCount": 0, - "CreateDate": "2018-11-27T20:42:42+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "ecs:DescribeServices", - "ecs:CreateTaskSet", - "ecs:UpdateServicePrimaryTaskSet", - "ecs:DeleteTaskSet", - "cloudwatch:DescribeAlarms" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sns:Publish" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:CodeDeployTopic_*" - }, - { - "Action": [ - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:ModifyListener", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:ModifyRule" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "lambda:InvokeFunction" - ], - "Effect": "Allow", - "Resource": "arn:aws:lambda:*:*:function:CodeDeployHook_*" - }, - { - "Action": [ - "s3:GetObject", - "s3:GetObjectVersion" - ], - "Condition": { - "StringEquals": { - "s3:ExistingObjectTag/UseWithCodeDeploy": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": [ - "ecs-tasks.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/ecsTaskExecutionRole", - "arn:aws:iam::*:role/ECSTaskExecution*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ6Z7L2IOXEFFOGD2M", - "PolicyName": "AWSCodeDeployRoleForECSLimited", - "UpdateDate": "2019-09-23T22:10:29+00:00", - "VersionId": "v3" - }, - "AWSCodeDeployRoleForLambda": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda", - "AttachmentCount": 0, - "CreateDate": "2017-11-28T14:05:44+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:DescribeAlarms", - "lambda:UpdateAlias", - "lambda:GetAlias", - "lambda:GetProvisionedConcurrencyConfig", - "sns:Publish" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetObject", - "s3:GetObjectVersion" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*/CodeDeploy/*" - }, - { - "Action": [ - "s3:GetObject", - "s3:GetObjectVersion" - ], - "Condition": { - "StringEquals": { - "s3:ExistingObjectTag/UseWithCodeDeploy": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "lambda:InvokeFunction" - ], - "Effect": "Allow", - "Resource": "arn:aws:lambda:*:*:function:CodeDeployHook_*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJA3RQZIKNOSJ4ZQSA", - "PolicyName": "AWSCodeDeployRoleForLambda", - "UpdateDate": "2019-12-03T19:53:10+00:00", - "VersionId": "v3" - }, - "AWSCodeDeployRoleForLambdaLimited": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited", - "AttachmentCount": 0, - "CreateDate": "2020-08-17T17:14:14+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:DescribeAlarms", - "lambda:UpdateAlias", - "lambda:GetAlias", - "lambda:GetProvisionedConcurrencyConfig" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetObject", - "s3:GetObjectVersion" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*/CodeDeploy/*" - }, - { - "Action": [ - "s3:GetObject", - "s3:GetObjectVersion" - ], - "Condition": { - "StringEquals": { - "s3:ExistingObjectTag/UseWithCodeDeploy": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "lambda:InvokeFunction" - ], - "Effect": "Allow", - "Resource": "arn:aws:lambda:*:*:function:CodeDeployHook_*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4C55RUFGEB", - "PolicyName": "AWSCodeDeployRoleForLambdaLimited", - "UpdateDate": "2020-08-17T17:14:14+00:00", - "VersionId": "v1" - }, - "AWSCodePipelineApproverAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCodePipelineApproverAccess", - "AttachmentCount": 0, - "CreateDate": "2016-07-28T18:59:17+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "codepipeline:GetPipeline", - "codepipeline:GetPipelineState", - "codepipeline:GetPipelineExecution", - "codepipeline:ListPipelineExecutions", - "codepipeline:ListPipelines", - "codepipeline:PutApprovalResult" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAICXNWK42SQ6LMDXM2", - "PolicyName": "AWSCodePipelineApproverAccess", - "UpdateDate": "2017-08-02T17:24:58+00:00", - "VersionId": "v3" - }, - "AWSCodePipelineCustomActionAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCodePipelineCustomActionAccess", - "AttachmentCount": 0, - "CreateDate": "2015-07-09T17:02:54+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "codepipeline:AcknowledgeJob", - "codepipeline:GetJobDetails", - "codepipeline:PollForJobs", - "codepipeline:PutJobFailureResult", - "codepipeline:PutJobSuccessResult" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJFW5Z32BTVF76VCYC", - "PolicyName": "AWSCodePipelineCustomActionAccess", - "UpdateDate": "2015-07-09T17:02:54+00:00", - "VersionId": "v1" - }, - "AWSCodePipelineFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCodePipelineFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-07-09T16:58:07+00:00", - "DefaultVersionId": "v10", - "Document": { - "Statement": [ - { - "Action": [ - "codepipeline:*", - "cloudformation:DescribeStacks", - "cloudformation:ListChangeSets", - "cloudtrail:CreateTrail", - "cloudtrail:DescribeTrails", - "cloudtrail:GetEventSelectors", - "cloudtrail:PutEventSelectors", - "cloudtrail:StartLogging", - "codebuild:BatchGetProjects", - "codebuild:CreateProject", - "codebuild:ListCuratedEnvironmentImages", - "codebuild:ListProjects", - "codecommit:GetBranch", - "codecommit:GetRepositoryTriggers", - "codecommit:ListBranches", - "codecommit:ListRepositories", - "codecommit:PutRepositoryTriggers", - "codecommit:GetReferences", - "codedeploy:GetApplication", - "codedeploy:BatchGetApplications", - "codedeploy:GetDeploymentGroup", - "codedeploy:BatchGetDeploymentGroups", - "codedeploy:ListApplications", - "codedeploy:ListDeploymentGroups", - "devicefarm:GetDevicePool", - "devicefarm:GetProject", - "devicefarm:ListDevicePools", - "devicefarm:ListProjects", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ecr:DescribeRepositories", - "ecr:ListImages", - "ecs:ListClusters", - "ecs:ListServices", - "elasticbeanstalk:DescribeApplications", - "elasticbeanstalk:DescribeEnvironments", - "iam:ListRoles", - "iam:GetRole", - "lambda:GetFunctionConfiguration", - "lambda:ListFunctions", - "events:ListRules", - "events:ListTargetsByRule", - "events:DescribeRule", - "opsworks:DescribeApps", - "opsworks:DescribeLayers", - "opsworks:DescribeStacks", - "s3:GetBucketPolicy", - "s3:GetBucketVersioning", - "s3:GetObjectVersion", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "sns:ListTopics", - "codestar-notifications:ListNotificationRules", - "codestar-notifications:ListTargets", - "codestar-notifications:ListTagsforResource", - "codestar-notifications:ListEventTypes", - "states:ListStateMachines" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetObject", - "s3:CreateBucket", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3::*:codepipeline-*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "events.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/service-role/cwe-role-*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "codepipeline.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "events:PutRule", - "events:PutTargets", - "events:DeleteRule", - "events:DisableRule", - "events:RemoveTargets" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:events:*:*:rule/codepipeline-*" - ] - }, - { - "Action": [ - "codestar-notifications:CreateNotificationRule", - "codestar-notifications:DescribeNotificationRule", - "codestar-notifications:UpdateNotificationRule", - "codestar-notifications:DeleteNotificationRule", - "codestar-notifications:Subscribe", - "codestar-notifications:Unsubscribe" - ], - "Condition": { - "StringLike": { - "codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsReadWriteAccess" - }, - { - "Action": [ - "sns:CreateTopic", - "sns:SetTopicAttributes" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:codestar-notifications*", - "Sid": "CodeStarNotificationsSNSTopicCreateAccess" - }, - { - "Action": [ - "chatbot:DescribeSlackChannelConfigurations" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsChatbotAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJP5LH77KSAT2KHQGG", - "PolicyName": "AWSCodePipelineFullAccess", - "UpdateDate": "2020-05-21T22:03:13+00:00", - "VersionId": "v10" - }, - "AWSCodePipelineReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCodePipelineReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-07-09T16:43:57+00:00", - "DefaultVersionId": "v9", - "Document": { - "Statement": [ - { - "Action": [ - "codepipeline:GetPipeline", - "codepipeline:GetPipelineState", - "codepipeline:GetPipelineExecution", - "codepipeline:ListPipelineExecutions", - "codepipeline:ListActionExecutions", - "codepipeline:ListActionTypes", - "codepipeline:ListPipelines", - "codepipeline:ListTagsForResource", - "iam:ListRoles", - "s3:GetBucketPolicy", - "s3:GetObject", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "codecommit:ListBranches", - "codecommit:ListRepositories", - "codedeploy:GetApplication", - "codedeploy:GetDeploymentGroup", - "codedeploy:ListApplications", - "codedeploy:ListDeploymentGroups", - "elasticbeanstalk:DescribeApplications", - "elasticbeanstalk:DescribeEnvironments", - "lambda:GetFunctionConfiguration", - "lambda:ListFunctions", - "opsworks:DescribeApps", - "opsworks:DescribeLayers", - "opsworks:DescribeStacks", - "codestar-notifications:ListNotificationRules", - "codestar-notifications:ListEventTypes", - "codestar-notifications:ListTargets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "codestar-notifications:DescribeNotificationRule" - ], - "Condition": { - "StringLike": { - "codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsReadOnlyAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAILFKZXIBOTNC5TO2Q", - "PolicyName": "AWSCodePipelineReadOnlyAccess", - "UpdateDate": "2020-03-26T16:07:17+00:00", - "VersionId": "v9" - }, - "AWSCodePipeline_FullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCodePipeline_FullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-08-03T22:38:28+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "codepipeline:*", - "cloudformation:DescribeStacks", - "cloudformation:ListChangeSets", - "cloudtrail:DescribeTrails", - "codebuild:BatchGetProjects", - "codebuild:CreateProject", - "codebuild:ListCuratedEnvironmentImages", - "codebuild:ListProjects", - "codecommit:ListBranches", - "codecommit:GetReferences", - "codecommit:ListRepositories", - "codedeploy:BatchGetDeploymentGroups", - "codedeploy:ListApplications", - "codedeploy:ListDeploymentGroups", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ecr:DescribeRepositories", - "ecr:ListImages", - "ecs:ListClusters", - "ecs:ListServices", - "elasticbeanstalk:DescribeApplications", - "elasticbeanstalk:DescribeEnvironments", - "iam:ListRoles", - "iam:GetRole", - "lambda:ListFunctions", - "events:ListRules", - "events:ListTargetsByRule", - "events:DescribeRule", - "opsworks:DescribeApps", - "opsworks:DescribeLayers", - "opsworks:DescribeStacks", - "s3:ListAllMyBuckets", - "sns:ListTopics", - "codestar-notifications:ListNotificationRules", - "codestar-notifications:ListTargets", - "codestar-notifications:ListTagsforResource", - "codestar-notifications:ListEventTypes", - "states:ListStateMachines" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetObject", - "s3:ListBucket", - "s3:GetBucketPolicy", - "s3:GetBucketVersioning", - "s3:GetObjectVersion", - "s3:CreateBucket", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3::*:codepipeline-*" - }, - { - "Action": [ - "cloudtrail:PutEventSelectors", - "cloudtrail:CreateTrail", - "cloudtrail:GetEventSelectors", - "cloudtrail:StartLogging" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudtrail:*:*:trail/codepipeline-source-trail" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "events.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/service-role/cwe-role-*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "codepipeline.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "events:PutRule", - "events:PutTargets", - "events:DeleteRule", - "events:DisableRule", - "events:RemoveTargets" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:events:*:*:rule/codepipeline-*" - ] - }, - { - "Action": [ - "codestar-notifications:CreateNotificationRule", - "codestar-notifications:DescribeNotificationRule", - "codestar-notifications:UpdateNotificationRule", - "codestar-notifications:DeleteNotificationRule", - "codestar-notifications:Subscribe", - "codestar-notifications:Unsubscribe" - ], - "Condition": { - "StringLike": { - "codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsReadWriteAccess" - }, - { - "Action": [ - "sns:CreateTopic", - "sns:SetTopicAttributes" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:codestar-notifications*", - "Sid": "CodeStarNotificationsSNSTopicCreateAccess" - }, - { - "Action": [ - "chatbot:DescribeSlackChannelConfigurations" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsChatbotAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4A6ZKP3LKA", - "PolicyName": "AWSCodePipeline_FullAccess", - "UpdateDate": "2020-08-03T22:38:28+00:00", - "VersionId": "v1" - }, - "AWSCodePipeline_ReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCodePipeline_ReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-08-03T22:25:17+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "codepipeline:GetPipeline", - "codepipeline:GetPipelineState", - "codepipeline:GetPipelineExecution", - "codepipeline:ListPipelineExecutions", - "codepipeline:ListActionExecutions", - "codepipeline:ListActionTypes", - "codepipeline:ListPipelines", - "codepipeline:ListTagsForResource", - "s3:ListAllMyBuckets", - "codestar-notifications:ListNotificationRules", - "codestar-notifications:ListEventTypes", - "codestar-notifications:ListTargets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetObject", - "s3:ListBucket", - "s3:GetBucketPolicy" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3::*:codepipeline-*" - }, - { - "Action": [ - "codestar-notifications:DescribeNotificationRule" - ], - "Condition": { - "StringLike": { - "codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarNotificationsReadOnlyAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4IGBTPGT6W", - "PolicyName": "AWSCodePipeline_ReadOnlyAccess", - "UpdateDate": "2020-08-03T22:25:17+00:00", - "VersionId": "v1" - }, - "AWSCodeStarFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSCodeStarFullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-04-19T16:23:19+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "codestar:*", - "ec2:DescribeKeyPairs", - "ec2:DescribeVpcs", - "ec2:DescribeSubnets", - "cloud9:DescribeEnvironment*", - "cloud9:ValidateEnvironmentName" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeStarEC2" - }, - { - "Action": [ - "cloudformation:DescribeStack*", - "cloudformation:GetTemplateSummary" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:stack/awscodestar-*" - ], - "Sid": "CodeStarCF" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIXI233TFUGLZOJBEC", - "PolicyName": "AWSCodeStarFullAccess", - "UpdateDate": "2018-01-10T21:54:06+00:00", - "VersionId": "v2" - }, - "AWSCodeStarNotificationsServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSCodeStarNotificationsServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-11-05T16:10:21+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "events:PutTargets", - "events:PutRule", - "events:DescribeRule" - ], - "Effect": "Allow", - "Resource": "arn:aws:events:*:*:rule/awscodestarnotifications-*" - }, - { - "Action": [ - "sns:CreateTopic" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:CodeStarNotifications-*" - }, - { - "Action": [ - "codecommit:GetCommentsForPullRequest", - "codecommit:GetCommentsForComparedCommit", - "chatbot:DescribeSlackChannelConfigurations", - "chatbot:UpdateSlackChannelConfiguration", - "codecommit:GetDifferences", - "codepipeline:ListActionExecutions" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "codecommit:GetFile" - ], - "Condition": { - "StringNotEquals": { - "aws:ResourceTag/ExcludeFileContentFromNotifications": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4BGRXOB2GH", - "PolicyName": "AWSCodeStarNotificationsServiceRolePolicy", - "UpdateDate": "2020-03-19T16:01:55+00:00", - "VersionId": "v4" - }, - "AWSCodeStarServiceRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeStarServiceRole", - "AttachmentCount": 0, - "CreateDate": "2017-04-19T15:20:50+00:00", - "DefaultVersionId": "v11", - "Document": { - "Statement": [ - { - "Action": [ - "events:PutTargets", - "events:RemoveTargets", - "events:PutRule", - "events:DeleteRule", - "events:DescribeRule" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:events:*:*:rule/awscodestar-*" - ], - "Sid": "ProjectEventRules" - }, - { - "Action": [ - "cloudformation:*Stack*", - "cloudformation:CreateChangeSet", - "cloudformation:ExecuteChangeSet", - "cloudformation:DeleteChangeSet", - "cloudformation:GetTemplate" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:stack/awscodestar-*", - "arn:aws:cloudformation:*:*:stack/awseb-*", - "arn:aws:cloudformation:*:*:stack/aws-cloud9-*", - "arn:aws:cloudformation:*:aws:transform/CodeStar*" - ], - "Sid": "ProjectStack" - }, - { - "Action": [ - "cloudformation:GetTemplateSummary", - "cloudformation:DescribeChangeSet" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ProjectStackTemplate" - }, - { - "Action": [ - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::awscodestar-*/*" - ], - "Sid": "ProjectQuickstarts" - }, - { - "Action": [ - "s3:*" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-codestar-*", - "arn:aws:s3:::elasticbeanstalk-*" - ], - "Sid": "ProjectS3Buckets" - }, - { - "Action": [ - "codestar:*", - "codecommit:*", - "codepipeline:*", - "codedeploy:*", - "codebuild:*", - "autoscaling:*", - "cloudwatch:Put*", - "ec2:*", - "elasticbeanstalk:*", - "elasticloadbalancing:*", - "iam:ListRoles", - "logs:*", - "sns:*", - "cloud9:CreateEnvironmentEC2", - "cloud9:DeleteEnvironment", - "cloud9:DescribeEnvironment*", - "cloud9:ListEnvironments" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ProjectServices" - }, - { - "Action": [ - "iam:AttachRolePolicy", - "iam:CreateRole", - "iam:DeleteRole", - "iam:DeleteRolePolicy", - "iam:DetachRolePolicy", - "iam:GetRole", - "iam:PassRole", - "iam:GetRolePolicy", - "iam:PutRolePolicy", - "iam:SetDefaultPolicyVersion", - "iam:CreatePolicy", - "iam:DeletePolicy", - "iam:AddRoleToInstanceProfile", - "iam:CreateInstanceProfile", - "iam:DeleteInstanceProfile", - "iam:RemoveRoleFromInstanceProfile" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/CodeStarWorker*", - "arn:aws:iam::*:policy/CodeStarWorker*", - "arn:aws:iam::*:instance-profile/awscodestar-*" - ], - "Sid": "ProjectWorkerRoles" - }, - { - "Action": [ - "iam:AttachUserPolicy", - "iam:DetachUserPolicy" - ], - "Condition": { - "ArnEquals": { - "iam:PolicyArn": [ - "arn:aws:iam::*:policy/CodeStar_*" - ] - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "ProjectTeamMembers" - }, - { - "Action": [ - "iam:CreatePolicy", - "iam:DeletePolicy", - "iam:CreatePolicyVersion", - "iam:DeletePolicyVersion", - "iam:ListEntitiesForPolicy", - "iam:ListPolicyVersions", - "iam:GetPolicy", - "iam:GetPolicyVersion" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:policy/CodeStar_*" - ], - "Sid": "ProjectRoles" - }, - { - "Action": [ - "iam:ListAttachedRolePolicies" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-codestar-service-role", - "arn:aws:iam::*:role/service-role/aws-codestar-service-role" - ], - "Sid": "InspectServiceRole" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "cloud9.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "IAMLinkRole" - }, - { - "Action": [ - "config:DescribeConfigRules" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "DescribeConfigRuleForARN" - }, - { - "Action": [ - "codestar-connections:UseConnection", - "codestar-connections:GetConnection" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ProjectCodeStarConnections" - }, - { - "Action": "codestar-connections:PassConnection", - "Condition": { - "StringEqualsIfExists": { - "codestar-connections:PassedToService": "codepipeline.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "ProjectCodeStarConnectionsPassConnections" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIN6D4M2KD3NBOC4M4", - "PolicyName": "AWSCodeStarServiceRole", - "UpdateDate": "2021-09-20T19:11:03+00:00", - "VersionId": "v11" - }, - "AWSCompromisedKeyQuarantine": { - "Arn": "arn:aws:iam::aws:policy/AWSCompromisedKeyQuarantine", - "AttachmentCount": 0, - "CreateDate": "2020-08-11T18:04:13+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iam:AttachGroupPolicy", - "iam:AttachRolePolicy", - "iam:AttachUserPolicy", - "iam:ChangePassword", - "iam:CreateAccessKey", - "iam:CreateInstanceProfile", - "iam:CreateLoginProfile", - "iam:CreateRole", - "iam:CreateUser", - "iam:DetachUserPolicy", - "iam:PutUserPermissionsBoundary", - "iam:PutUserPolicy", - "iam:UpdateAccessKey", - "iam:UpdateAccountPasswordPolicy", - "iam:UpdateUser", - "ec2:RequestSpotInstances", - "ec2:RunInstances", - "ec2:StartInstances", - "organizations:CreateAccount", - "organizations:CreateOrganization", - "organizations:InviteAccountToOrganization", - "lambda:CreateFunction", - "lightsail:Create*", - "lightsail:Start*", - "lightsail:Delete*", - "lightsail:Update*", - "lightsail:GetInstanceAccessDetails", - "lightsail:DownloadDefaultKeyPair" - ], - "Effect": "Deny", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PLD3NKX4L", - "PolicyName": "AWSCompromisedKeyQuarantine", - "UpdateDate": "2020-08-11T18:04:13+00:00", - "VersionId": "v1" - }, - "AWSCompromisedKeyQuarantineV2": { - "Arn": "arn:aws:iam::aws:policy/AWSCompromisedKeyQuarantineV2", - "AttachmentCount": 0, - "CreateDate": "2021-04-21T22:30:59+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:RequestSpotInstances", - "ec2:RunInstances", - "ec2:StartInstances", - "iam:AddUserToGroup", - "iam:AttachGroupPolicy", - "iam:AttachRolePolicy", - "iam:AttachUserPolicy", - "iam:ChangePassword", - "iam:CreateAccessKey", - "iam:CreateInstanceProfile", - "iam:CreateLoginProfile", - "iam:CreatePolicyVersion", - "iam:CreateRole", - "iam:CreateUser", - "iam:DetachUserPolicy", - "iam:PassRole", - "iam:PutGroupPolicy", - "iam:PutRolePolicy", - "iam:PutUserPermissionsBoundary", - "iam:PutUserPolicy", - "iam:SetDefaultPolicyVersion", - "iam:UpdateAccessKey", - "iam:UpdateAccountPasswordPolicy", - "iam:UpdateAssumeRolePolicy", - "iam:UpdateLoginProfile", - "iam:UpdateUser", - "lambda:AddLayerVersionPermission", - "lambda:AddPermission", - "lambda:CreateFunction", - "lambda:GetPolicy", - "lambda:ListTags", - "lambda:PutProvisionedConcurrencyConfig", - "lambda:TagResource", - "lambda:UntagResource", - "lambda:UpdateFunctionCode", - "lightsail:Create*", - "lightsail:Delete*", - "lightsail:DownloadDefaultKeyPair", - "lightsail:GetInstanceAccessDetails", - "lightsail:Start*", - "lightsail:Update*", - "organizations:CreateAccount", - "organizations:CreateOrganization", - "organizations:InviteAccountToOrganization", - "s3:DeleteBucket", - "s3:DeleteObject", - "s3:DeleteObjectVersion", - "s3:PutLifecycleConfiguration", - "s3:PutBucketAcl", - "s3:PutBucketOwnershipControls", - "s3:DeleteBucketPolicy", - "s3:ObjectOwnerOverrideToBucketOwner", - "s3:PutAccountPublicAccessBlock", - "s3:PutBucketPolicy", - "s3:ListAllMyBuckets" - ], - "Effect": "Deny", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PFYMROIMI", - "PolicyName": "AWSCompromisedKeyQuarantineV2", - "UpdateDate": "2021-11-11T21:32:48+00:00", - "VersionId": "v2" - }, - "AWSConfigMultiAccountSetupPolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSConfigMultiAccountSetupPolicy", - "AttachmentCount": 0, - "CreateDate": "2019-06-17T18:03:16+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "config:PutConfigRule", - "config:DeleteConfigRule" - ], - "Effect": "Allow", - "Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/config-multiaccountsetup.amazonaws.com/*" - }, - { - "Action": [ - "config:DescribeConfigurationRecorders" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "organizations:ListAccounts", - "organizations:DescribeOrganization", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:DescribeAccount" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "config:PutConformancePack", - "config:DeleteConformancePack", - "config:DescribeConformancePackStatus" - ], - "Effect": "Allow", - "Resource": "arn:aws:config:*:*:conformance-pack/aws-service-conformance-pack/config-multiaccountsetup.amazonaws.com/*" - }, - { - "Action": [ - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringLike": { - "iam:AWSServiceName": "config-conforms.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": "ssm.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4L5NAGNGTD", - "PolicyName": "AWSConfigMultiAccountSetupPolicy", - "UpdateDate": "2020-05-21T22:59:26+00:00", - "VersionId": "v4" - }, - "AWSConfigRemediationServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSConfigRemediationServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-06-18T21:21:35+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ssm:GetDocument", - "ssm:DescribeDocument", - "ssm:StartAutomationExecution" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": "ssm.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4BC7ZOM6NP", - "PolicyName": "AWSConfigRemediationServiceRolePolicy", - "UpdateDate": "2019-06-18T21:21:35+00:00", - "VersionId": "v1" - }, - "AWSConfigRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSConfigRole", - "AttachmentCount": 0, - "CreateDate": "2015-04-02T17:36:23+00:00", - "DefaultVersionId": "v42", - "Document": { - "Statement": [ - { - "Action": [ - "access-analyzer:GetAnalyzer", - "access-analyzer:GetArchiveRule", - "access-analyzer:ListAnalyzers", - "access-analyzer:ListArchiveRules", - "access-analyzer:ListTagsForResource", - "account:GetAlternateContact", - "acm:DescribeCertificate", - "acm:ListCertificates", - "acm:ListTagsForCertificate", - "apigateway:GET", - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DescribeScalingPolicies", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeLifecycleHooks", - "autoscaling:DescribePolicies", - "autoscaling:DescribeScheduledActions", - "autoscaling:DescribeTags", - "backup:DescribeBackupVault", - "backup:DescribeRecoveryPoint", - "backup:GetBackupPlan", - "backup:GetBackupSelection", - "backup:GetBackupVaultAccessPolicy", - "backup:GetBackupVaultNotifications", - "backup:ListBackupPlans", - "backup:ListBackupSelections", - "backup:ListBackupVaults", - "backup:ListRecoveryPointsByBackupVault", - "backup:ListTags", - "cloudformation:DescribeType", - "cloudformation:ListTypes", - "cloudfront:ListDistributions", - "cloudfront:ListTagsForResource", - "cloudtrail:DescribeTrails", - "cloudtrail:GetEventSelectors", - "cloudtrail:GetTrailStatus", - "cloudtrail:ListTags", - "cloudwatch:DescribeAlarms", - "codedeploy:GetDeploymentConfig", - "codepipeline:GetPipeline", - "codepipeline:GetPipelineState", - "codepipeline:ListPipelines", - "config:BatchGet*", - "config:Describe*", - "config:Get*", - "config:List*", - "config:Put*", - "config:Select*", - "dax:DescribeClusters", - "dms:DescribeEventSubscriptions", - "dms:DescribeReplicationInstances", - "dms:DescribeReplicationSubnetGroups", - "dms:ListTagsForResource", - "dynamodb:DescribeContinuousBackups", - "dynamodb:DescribeLimits", - "dynamodb:DescribeTable", - "dynamodb:ListTables", - "dynamodb:ListTagsOfResource", - "ec2:Describe*", - "ec2:GetEbsEncryptionByDefault", - "ecr-public:DescribeRepositories", - "ecr-public:GetRepositoryCatalogData", - "ecr-public:GetRepositoryPolicy", - "ecr-public:ListTagsForResource", - "ecr:DescribeRepositories", - "ecr:GetLifecyclePolicy", - "ecr:GetRepositoryPolicy", - "ecr:ListTagsForResource", - "ecs:DescribeClusters", - "ecs:DescribeServices", - "ecs:DescribeTaskDefinition", - "ecs:DescribeTaskSets", - "ecs:ListClusters", - "ecs:ListServices", - "ecs:ListTagsForResource", - "ecs:ListTaskDefinitionFamilies", - "ecs:ListTaskDefinitions", - "eks:DescribeCluster", - "eks:DescribeNodegroup", - "eks:ListClusters", - "eks:ListNodegroups", - "elasticache:DescribeCacheClusters", - "elasticache:DescribeCacheParameterGroups", - "elasticache:DescribeCacheSubnetGroups", - "elasticache:DescribeReplicationGroups", - "elasticache:DescribeSnapshots", - "elasticache:ListTagsForResource", - "elasticbeanstalk:DescribeConfigurationSettings", - "elasticbeanstalk:DescribeEnvironments", - "elasticfilesystem:DescribeAccessPoints", - "elasticfilesystem:DescribeBackupPolicy", - "elasticfilesystem:DescribeFileSystemPolicy", - "elasticfilesystem:DescribeFileSystems", - "elasticfilesystem:DescribeLifecycleConfiguration", - "elasticfilesystem:DescribeMountTargets", - "elasticfilesystem:DescribeMountTargetSecurityGroups", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTags", - "elasticmapreduce:DescribeCluster", - "elasticmapreduce:DescribeSecurityConfiguration", - "elasticmapreduce:DescribeStep", - "elasticmapreduce:GetBlockPublicAccessConfiguration", - "elasticmapreduce:GetManagedScalingPolicy", - "elasticmapreduce:ListClusters", - "elasticmapreduce:ListInstanceFleets", - "elasticmapreduce:ListInstanceGroups", - "elasticmapreduce:ListInstances", - "elasticmapreduce:ListSecurityConfigurations", - "elasticmapreduce:ListSteps", - "es:DescribeDomain", - "es:DescribeDomains", - "es:DescribeElasticsearchDomain", - "es:DescribeElasticsearchDomains", - "es:GetCompatibleElasticsearchVersions", - "es:GetCompatibleVersions", - "es:ListDomainNames", - "es:ListTags", - "firehose:DescribeDeliveryStream", - "firehose:ListDeliveryStreams", - "firehose:ListTagsForDeliveryStream", - "fsx:DescribeFileSystems", - "globalaccelerator:DescribeAccelerator", - "globalaccelerator:DescribeEndpointGroup", - "globalaccelerator:DescribeListener", - "globalaccelerator:ListAccelerators", - "globalaccelerator:ListEndpointGroups", - "globalaccelerator:ListListeners", - "globalaccelerator:ListTagsForResource", - "guardduty:GetDetector", - "guardduty:GetFindings", - "guardduty:GetMasterAccount", - "guardduty:ListDetectors", - "guardduty:ListFindings", - "iam:GenerateCredentialReport", - "iam:GetAccountAuthorizationDetails", - "iam:GetAccountPasswordPolicy", - "iam:GetAccountSummary", - "iam:GetCredentialReport", - "iam:GetGroup", - "iam:GetGroupPolicy", - "iam:GetPolicy", - "iam:GetPolicyVersion", - "iam:GetRole", - "iam:GetRolePolicy", - "iam:GetUser", - "iam:GetUserPolicy", - "iam:ListAttachedGroupPolicies", - "iam:ListAttachedRolePolicies", - "iam:ListAttachedUserPolicies", - "iam:ListEntitiesForPolicy", - "iam:ListGroupPolicies", - "iam:ListGroupsForUser", - "iam:ListInstanceProfilesForRole", - "iam:ListPolicyVersions", - "iam:ListRolePolicies", - "iam:ListUserPolicies", - "iam:ListVirtualMFADevices", - "kafka:DescribeCluster", - "kafka:ListClusters", - "kinesis:DescribeStreamConsumer", - "kinesis:DescribeStreamSummary", - "kinesis:ListStreamConsumers", - "kinesis:ListStreams", - "kinesis:ListTagsForStream", - "kms:DescribeKey", - "kms:GetKeyPolicy", - "kms:GetKeyRotationStatus", - "kms:ListKeys", - "kms:ListResourceTags", - "lambda:GetAlias", - "lambda:GetFunction", - "lambda:GetFunctionCodeSigningConfig", - "lambda:GetPolicy", - "lambda:ListAliases", - "lambda:ListFunctions", - "lambda:ListVersionsByFunction", - "logs:DescribeLogGroups", - "logs:ListTagsLogGroup", - "network-firewall:DescribeLoggingConfiguration", - "network-firewall:ListFirewalls", - "organizations:DescribeOrganization", - "organizations:DescribePolicy", - "organizations:ListParents", - "organizations:ListPoliciesForTarget", - "rds:DescribeDBClusters", - "rds:DescribeDBClusterSnapshotAttributes", - "rds:DescribeDBClusterSnapshots", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstances", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBParameters", - "rds:DescribeDBSecurityGroups", - "rds:DescribeDBSnapshotAttributes", - "rds:DescribeDBSnapshots", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEventSubscriptions", - "rds:DescribeOptionGroups", - "rds:ListTagsForResource", - "redshift:DescribeClusterParameterGroups", - "redshift:DescribeClusterParameters", - "redshift:DescribeClusters", - "redshift:DescribeClusterSecurityGroups", - "redshift:DescribeClusterSnapshots", - "redshift:DescribeClusterSubnetGroups", - "redshift:DescribeEventSubscriptions", - "redshift:DescribeLoggingStatus", - "route53:GetHealthCheck", - "route53:GetHostedZone", - "route53:ListHealthChecks", - "route53:ListHostedZones", - "route53:ListHostedZonesByName", - "route53:ListQueryLoggingConfigs", - "route53:ListResourceRecordSets", - "route53:ListTagsForResource", - "route53resolver:GetResolverEndpoint", - "route53resolver:GetResolverRule", - "route53resolver:GetResolverRuleAssociation", - "route53resolver:ListResolverEndpointIpAddresses", - "route53resolver:ListResolverEndpoints", - "route53resolver:ListResolverRuleAssociations", - "route53resolver:ListResolverRules", - "route53resolver:ListTagsForResource", - "s3:GetAccelerateConfiguration", - "s3:GetAccessPoint", - "s3:GetAccessPointPolicy", - "s3:GetAccessPointPolicyStatus", - "s3:GetAccountPublicAccessBlock", - "s3:GetBucketAcl", - "s3:GetBucketCORS", - "s3:GetBucketLocation", - "s3:GetBucketLogging", - "s3:GetBucketNotification", - "s3:GetBucketObjectLockConfiguration", - "s3:GetBucketPolicy", - "s3:GetBucketPublicAccessBlock", - "s3:GetBucketRequestPayment", - "s3:GetBucketTagging", - "s3:GetBucketVersioning", - "s3:GetBucketWebsite", - "s3:GetEncryptionConfiguration", - "s3:GetLifecycleConfiguration", - "s3:GetObject", - "s3:GetReplicationConfiguration", - "s3:ListAccessPoints", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "sagemaker:DescribeCodeRepository", - "sagemaker:DescribeEndpoint", - "sagemaker:DescribeEndpointConfig", - "sagemaker:DescribeModel", - "sagemaker:DescribeMonitoringSchedule", - "sagemaker:DescribeNotebookInstance", - "sagemaker:DescribeNotebookInstanceLifecycleConfig", - "sagemaker:DescribeWorkteam", - "sagemaker:ListCodeRepositories", - "sagemaker:ListEndpointConfigs", - "sagemaker:ListEndpoints", - "sagemaker:ListModels", - "sagemaker:ListMonitoringSchedules", - "sagemaker:ListNotebookInstanceLifecycleConfigs", - "sagemaker:ListNotebookInstances", - "sagemaker:ListTags", - "sagemaker:ListWorkteams", - "secretsmanager:ListSecrets", - "secretsmanager:ListSecretVersionIds", - "securityhub:DescribeHub", - "shield:DescribeDRTAccess", - "shield:DescribeProtection", - "shield:DescribeSubscription", - "sns:GetSubscriptionAttributes", - "sns:GetTopicAttributes", - "sns:ListSubscriptions", - "sns:ListSubscriptionsByTopic", - "sns:ListTagsForResource", - "sns:ListTopics", - "sqs:GetQueueAttributes", - "sqs:ListQueues", - "sqs:ListQueueTags", - "ssm:DescribeAutomationExecutions", - "ssm:DescribeDocument", - "ssm:DescribeDocumentPermission", - "ssm:GetAutomationExecution", - "ssm:GetDocument", - "ssm:ListDocuments", - "states:DescribeStateMachine", - "states:ListStateMachines", - "states:ListTagsForResource", - "storagegateway:ListGateways", - "storagegateway:ListTagsForResource", - "storagegateway:ListVolumes", - "support:DescribeCases", - "tag:GetResources", - "waf-regional:GetLoggingConfiguration", - "waf-regional:GetWebACL", - "waf-regional:GetWebACLForResource", - "waf:GetLoggingConfiguration", - "waf:GetWebACL", - "wafv2:GetLoggingConfiguration" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIQRXRDRGJUA33ELIO", - "PolicyName": "AWSConfigRole", - "UpdateDate": "2022-02-10T18:33:55+00:00", - "VersionId": "v42" - }, - "AWSConfigRoleForOrganizations": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations", - "AttachmentCount": 0, - "CreateDate": "2018-03-19T22:53:01+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "organizations:ListAccounts", - "organizations:DescribeOrganization", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:ListDelegatedAdministrators" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIEHGYAUTHXSXZAW2E", - "PolicyName": "AWSConfigRoleForOrganizations", - "UpdateDate": "2020-11-24T20:19:13+00:00", - "VersionId": "v2" - }, - "AWSConfigRulesExecutionRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSConfigRulesExecutionRole", - "AttachmentCount": 0, - "CreateDate": "2016-03-25T17:59:36+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*/AWSLogs/*/Config/*" - }, - { - "Action": [ - "config:Put*", - "config:Get*", - "config:List*", - "config:Describe*", - "config:BatchGet*", - "config:Select*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJUB3KIKTA4PU4OYAA", - "PolicyName": "AWSConfigRulesExecutionRole", - "UpdateDate": "2019-05-13T21:33:30+00:00", - "VersionId": "v3" - }, - "AWSConfigServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSConfigServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-05-30T23:31:46+00:00", - "DefaultVersionId": "v30", - "Document": { - "Statement": [ - { - "Action": [ - "access-analyzer:GetAnalyzer", - "access-analyzer:GetArchiveRule", - "access-analyzer:ListAnalyzers", - "access-analyzer:ListArchiveRules", - "access-analyzer:ListTagsForResource", - "account:GetAlternateContact", - "acm:DescribeCertificate", - "acm:ListCertificates", - "acm:ListTagsForCertificate", - "apigateway:GET", - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DescribeScalingPolicies", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeLifecycleHooks", - "autoscaling:DescribePolicies", - "autoscaling:DescribeScheduledActions", - "autoscaling:DescribeTags", - "backup-gateway:ListTagsForResource", - "backup-gateway:ListVirtualMachines", - "backup:DescribeBackupVault", - "backup:DescribeRecoveryPoint", - "backup:GetBackupPlan", - "backup:GetBackupSelection", - "backup:GetBackupVaultAccessPolicy", - "backup:GetBackupVaultNotifications", - "backup:ListBackupPlans", - "backup:ListBackupSelections", - "backup:ListBackupVaults", - "backup:ListRecoveryPointsByBackupVault", - "backup:ListTags", - "batch:DescribeComputeEnvironments", - "batch:DescribeJobQueues", - "batch:ListTagsForResource", - "cloudformation:DescribeType", - "cloudformation:ListTypes", - "cloudfront:ListDistributions", - "cloudfront:ListTagsForResource", - "cloudtrail:DescribeTrails", - "cloudtrail:GetEventSelectors", - "cloudtrail:GetTrailStatus", - "cloudtrail:ListTags", - "cloudwatch:DescribeAlarms", - "codedeploy:GetDeploymentConfig", - "codepipeline:GetPipeline", - "codepipeline:GetPipelineState", - "codepipeline:ListPipelines", - "config:BatchGet*", - "config:Describe*", - "config:Get*", - "config:List*", - "config:Put*", - "config:Select*", - "dax:DescribeClusters", - "dax:ListTags", - "dms:DescribeCertificates", - "dms:DescribeEventSubscriptions", - "dms:DescribeReplicationInstances", - "dms:DescribeReplicationSubnetGroups", - "dms:ListTagsForResource", - "dynamodb:DescribeContinuousBackups", - "dynamodb:DescribeGlobalTable", - "dynamodb:DescribeGlobalTableSettings", - "dynamodb:DescribeLimits", - "dynamodb:DescribeTable", - "dynamodb:ListTables", - "dynamodb:ListTagsOfResource", - "ec2:Describe*", - "ec2:DescribeClientVpnAuthorizationRules", - "ec2:DescribeClientVpnEndpoints", - "ec2:DescribeDhcpOptions", - "ec2:DescribeFleets", - "ec2:DescribeNetworkAcls", - "ec2:DescribePlacementGroups", - "ec2:DescribeSpotFleetRequests", - "ec2:DescribeVolumeAttribute", - "ec2:DescribeVolumes", - "ec2:GetEbsEncryptionByDefault", - "ecr-public:DescribeRepositories", - "ecr-public:GetRepositoryCatalogData", - "ecr-public:GetRepositoryPolicy", - "ecr-public:ListTagsForResource", - "ecr:DescribeRepositories", - "ecr:GetLifecyclePolicy", - "ecr:GetRepositoryPolicy", - "ecr:ListTagsForResource", - "ecs:DescribeClusters", - "ecs:DescribeServices", - "ecs:DescribeTaskDefinition", - "ecs:DescribeTaskSets", - "ecs:ListClusters", - "ecs:ListServices", - "ecs:ListTagsForResource", - "ecs:ListTaskDefinitionFamilies", - "ecs:ListTaskDefinitions", - "eks:DescribeCluster", - "eks:DescribeFargateProfile", - "eks:DescribeNodegroup", - "eks:ListClusters", - "eks:ListFargateProfiles", - "eks:ListNodegroups", - "eks:ListTagsForResource", - "elasticache:DescribeCacheClusters", - "elasticache:DescribeCacheParameterGroups", - "elasticache:DescribeCacheSubnetGroups", - "elasticache:DescribeReplicationGroups", - "elasticache:DescribeSnapshots", - "elasticache:ListTagsForResource", - "elasticbeanstalk:DescribeConfigurationSettings", - "elasticbeanstalk:DescribeEnvironments", - "elasticfilesystem:DescribeAccessPoints", - "elasticfilesystem:DescribeBackupPolicy", - "elasticfilesystem:DescribeFileSystemPolicy", - "elasticfilesystem:DescribeFileSystems", - "elasticfilesystem:DescribeLifecycleConfiguration", - "elasticfilesystem:DescribeMountTargets", - "elasticfilesystem:DescribeMountTargetSecurityGroups", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTags", - "elasticmapreduce:DescribeCluster", - "elasticmapreduce:DescribeSecurityConfiguration", - "elasticmapreduce:DescribeStep", - "elasticmapreduce:GetBlockPublicAccessConfiguration", - "elasticmapreduce:GetManagedScalingPolicy", - "elasticmapreduce:ListClusters", - "elasticmapreduce:ListInstanceFleets", - "elasticmapreduce:ListInstanceGroups", - "elasticmapreduce:ListInstances", - "elasticmapreduce:ListSecurityConfigurations", - "elasticmapreduce:ListSteps", - "es:DescribeDomain", - "es:DescribeDomains", - "es:DescribeElasticsearchDomain", - "es:DescribeElasticsearchDomains", - "es:GetCompatibleElasticsearchVersions", - "es:GetCompatibleVersions", - "es:ListDomainNames", - "es:ListTags", - "firehose:DescribeDeliveryStream", - "firehose:ListDeliveryStreams", - "firehose:ListTagsForDeliveryStream", - "fsx:DescribeFileSystems", - "fsx:ListTagsForResource", - "globalaccelerator:DescribeAccelerator", - "globalaccelerator:DescribeEndpointGroup", - "globalaccelerator:DescribeListener", - "globalaccelerator:ListAccelerators", - "globalaccelerator:ListEndpointGroups", - "globalaccelerator:ListListeners", - "globalaccelerator:ListTagsForResource", - "guardduty:GetDetector", - "guardduty:GetFindings", - "guardduty:GetMasterAccount", - "guardduty:ListDetectors", - "guardduty:ListFindings", - "guardduty:ListOrganizationAdminAccounts", - "iam:GenerateCredentialReport", - "iam:GetAccountAuthorizationDetails", - "iam:GetAccountPasswordPolicy", - "iam:GetAccountSummary", - "iam:GetCredentialReport", - "iam:GetGroup", - "iam:GetGroupPolicy", - "iam:GetPolicy", - "iam:GetPolicyVersion", - "iam:GetRole", - "iam:GetRolePolicy", - "iam:GetUser", - "iam:GetUserPolicy", - "iam:ListAttachedGroupPolicies", - "iam:ListAttachedRolePolicies", - "iam:ListAttachedUserPolicies", - "iam:ListEntitiesForPolicy", - "iam:ListGroupPolicies", - "iam:ListGroupsForUser", - "iam:ListInstanceProfilesForRole", - "iam:ListPolicyVersions", - "iam:ListRolePolicies", - "iam:ListUserPolicies", - "iam:ListVirtualMFADevices", - "kafka:DescribeCluster", - "kafka:ListClusters", - "kinesis:DescribeStreamConsumer", - "kinesis:DescribeStreamSummary", - "kinesis:ListStreamConsumers", - "kinesis:ListStreams", - "kinesis:ListTagsForStream", - "kms:DescribeKey", - "kms:GetKeyPolicy", - "kms:GetKeyRotationStatus", - "kms:ListAliases", - "kms:ListKeys", - "kms:ListResourceTags", - "lambda:GetAlias", - "lambda:GetFunction", - "lambda:GetFunctionCodeSigningConfig", - "lambda:GetPolicy", - "lambda:ListAliases", - "lambda:ListFunctions", - "lambda:ListVersionsByFunction", - "logs:DescribeLogGroups", - "logs:ListTagsLogGroup", - "network-firewall:DescribeLoggingConfiguration", - "network-firewall:ListFirewalls", - "opsworks:DescribeLayers", - "opsworks:ListTags", - "organizations:DescribeOrganization", - "organizations:DescribePolicy", - "organizations:ListParents", - "organizations:ListPoliciesForTarget", - "rds:DescribeDBClusterParameterGroups", - "rds:DescribeDBClusterParameters", - "rds:DescribeDBClusters", - "rds:DescribeDBClusterSnapshotAttributes", - "rds:DescribeDBClusterSnapshots", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstances", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBParameters", - "rds:DescribeDBSecurityGroups", - "rds:DescribeDBSnapshotAttributes", - "rds:DescribeDBSnapshots", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEventSubscriptions", - "rds:DescribeOptionGroups", - "rds:ListTagsForResource", - "redshift:DescribeClusterParameterGroups", - "redshift:DescribeClusterParameters", - "redshift:DescribeClusters", - "redshift:DescribeClusterSecurityGroups", - "redshift:DescribeClusterSnapshots", - "redshift:DescribeClusterSubnetGroups", - "redshift:DescribeEventSubscriptions", - "redshift:DescribeLoggingStatus", - "route53:GetHealthCheck", - "route53:GetHostedZone", - "route53:ListHealthChecks", - "route53:ListHostedZones", - "route53:ListHostedZonesByName", - "route53:ListQueryLoggingConfigs", - "route53:ListResourceRecordSets", - "route53:ListTagsForResource", - "route53resolver:GetResolverEndpoint", - "route53resolver:GetResolverRule", - "route53resolver:GetResolverRuleAssociation", - "route53resolver:ListResolverEndpointIpAddresses", - "route53resolver:ListResolverEndpoints", - "route53resolver:ListResolverRuleAssociations", - "route53resolver:ListResolverRules", - "route53resolver:ListTagsForResource", - "s3:GetAccelerateConfiguration", - "s3:GetAccessPoint", - "s3:GetAccessPointPolicy", - "s3:GetAccessPointPolicyStatus", - "s3:GetAccountPublicAccessBlock", - "s3:GetBucketAcl", - "s3:GetBucketCORS", - "s3:GetBucketLocation", - "s3:GetBucketLogging", - "s3:GetBucketNotification", - "s3:GetBucketObjectLockConfiguration", - "s3:GetBucketPolicy", - "s3:GetBucketPublicAccessBlock", - "s3:GetBucketRequestPayment", - "s3:GetBucketTagging", - "s3:GetBucketVersioning", - "s3:GetBucketWebsite", - "s3:GetEncryptionConfiguration", - "s3:GetLifecycleConfiguration", - "s3:GetReplicationConfiguration", - "s3:ListAccessPoints", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "sagemaker:DescribeCodeRepository", - "sagemaker:DescribeEndpoint", - "sagemaker:DescribeEndpointConfig", - "sagemaker:DescribeModel", - "sagemaker:DescribeMonitoringSchedule", - "sagemaker:DescribeNotebookInstance", - "sagemaker:DescribeNotebookInstanceLifecycleConfig", - "sagemaker:DescribeWorkteam", - "sagemaker:ListCodeRepositories", - "sagemaker:ListEndpointConfigs", - "sagemaker:ListEndpoints", - "sagemaker:ListModels", - "sagemaker:ListMonitoringSchedules", - "sagemaker:ListNotebookInstanceLifecycleConfigs", - "sagemaker:ListNotebookInstances", - "sagemaker:ListTags", - "sagemaker:ListWorkteams", - "secretsmanager:ListSecrets", - "secretsmanager:ListSecretVersionIds", - "securityhub:DescribeHub", - "shield:DescribeDRTAccess", - "shield:DescribeProtection", - "shield:DescribeSubscription", - "sns:GetSubscriptionAttributes", - "sns:GetTopicAttributes", - "sns:ListSubscriptions", - "sns:ListSubscriptionsByTopic", - "sns:ListTagsForResource", - "sns:ListTopics", - "sqs:GetQueueAttributes", - "sqs:ListQueues", - "sqs:ListQueueTags", - "ssm:DescribeAutomationExecutions", - "ssm:DescribeDocument", - "ssm:DescribeDocumentPermission", - "ssm:GetAutomationExecution", - "ssm:GetDocument", - "ssm:ListDocuments", - "states:DescribeActivity", - "states:DescribeStateMachine", - "states:ListActivities", - "states:ListStateMachines", - "states:ListTagsForResource", - "storagegateway:ListGateways", - "storagegateway:ListTagsForResource", - "storagegateway:ListVolumes", - "support:DescribeCases", - "tag:GetResources", - "waf-regional:GetLoggingConfiguration", - "waf-regional:GetWebACL", - "waf-regional:GetWebACLForResource", - "waf:GetLoggingConfiguration", - "waf:GetWebACL", - "wafv2:GetLoggingConfiguration", - "wafv2:GetRuleGroup", - "wafv2:ListRuleGroups", - "wafv2:ListTagsForResource", - "workspaces:DescribeConnectionAliases", - "workspaces:DescribeTags", - "workspaces:DescribeWorkspaces" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/config/*" - }, - { - "Action": "logs:PutLogEvents", - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/config/*:log-stream:config-rule-evaluation/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJUCWFHNZER665LLQQ", - "PolicyName": "AWSConfigServiceRolePolicy", - "UpdateDate": "2022-03-11T21:29:26+00:00", - "VersionId": "v30" - }, - "AWSConfigUserAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSConfigUserAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-18T19:38:41+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "config:Get*", - "config:Describe*", - "config:Deliver*", - "config:List*", - "config:Select*", - "tag:GetResources", - "tag:GetTagKeys", - "cloudtrail:DescribeTrails", - "cloudtrail:GetTrailStatus", - "cloudtrail:LookupEvents" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIWTTSFJ7KKJE3MWGA", - "PolicyName": "AWSConfigUserAccess", - "UpdateDate": "2019-03-18T20:27:47+00:00", - "VersionId": "v4" - }, - "AWSConnector": { - "Arn": "arn:aws:iam::aws:policy/AWSConnector", - "AttachmentCount": 0, - "CreateDate": "2015-02-11T17:14:31+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": "iam:GetUser", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:CreateBucket", - "s3:DeleteBucket", - "s3:DeleteObject", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:PutObject", - "s3:PutObjectAcl", - "s3:AbortMultipartUpload", - "s3:ListBucketMultipartUploads", - "s3:ListMultipartUploadParts" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::import-to-ec2-*" - }, - { - "Action": [ - "ec2:CancelConversionTask", - "ec2:CancelExportTask", - "ec2:CreateImage", - "ec2:CreateInstanceExportTask", - "ec2:CreateTags", - "ec2:CreateVolume", - "ec2:DeleteTags", - "ec2:DeleteVolume", - "ec2:DescribeConversionTasks", - "ec2:DescribeExportTasks", - "ec2:DescribeImages", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeInstanceStatus", - "ec2:DescribeInstances", - "ec2:DescribeRegions", - "ec2:DescribeTags", - "ec2:DetachVolume", - "ec2:ImportInstance", - "ec2:ImportVolume", - "ec2:ModifyInstanceAttribute", - "ec2:RunInstances", - "ec2:StartInstances", - "ec2:StopInstances", - "ec2:TerminateInstances", - "ec2:ImportImage", - "ec2:DescribeImportImageTasks", - "ec2:DeregisterImage", - "ec2:DescribeSnapshots", - "ec2:DeleteSnapshot", - "ec2:CancelImportTask", - "ec2:ImportSnapshot", - "ec2:DescribeImportSnapshotTasks" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "SNS:Publish" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:metrics-sns-topic-for-*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ6YATONJHICG3DJ3U", - "PolicyName": "AWSConnector", - "UpdateDate": "2015-09-28T19:50:38+00:00", - "VersionId": "v3" - }, - "AWSControlTowerServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSControlTowerServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-05-03T18:19:11+00:00", - "DefaultVersionId": "v7", - "Document": { - "Statement": [ - { - "Action": [ - "cloudformation:CreateStack", - "cloudformation:CreateStackInstances", - "cloudformation:CreateStackSet", - "cloudformation:DeleteStack", - "cloudformation:DeleteStackInstances", - "cloudformation:DeleteStackSet", - "cloudformation:DescribeStackInstance", - "cloudformation:DescribeStacks", - "cloudformation:DescribeStackSet", - "cloudformation:DescribeStackSetOperation", - "cloudformation:ListStackInstances", - "cloudformation:UpdateStack", - "cloudformation:UpdateStackInstances", - "cloudformation:UpdateStackSet" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:type/resource/AWS-IAM-Role" - ] - }, - { - "Action": [ - "cloudformation:CreateStack", - "cloudformation:CreateStackInstances", - "cloudformation:CreateStackSet", - "cloudformation:DeleteStack", - "cloudformation:DeleteStackInstances", - "cloudformation:DeleteStackSet", - "cloudformation:DescribeStackInstance", - "cloudformation:DescribeStacks", - "cloudformation:DescribeStackSet", - "cloudformation:DescribeStackSetOperation", - "cloudformation:GetTemplate", - "cloudformation:ListStackInstances", - "cloudformation:UpdateStack", - "cloudformation:UpdateStackInstances", - "cloudformation:UpdateStackSet" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:stack/AWSControlTower*/*", - "arn:aws:cloudformation:*:*:stack/StackSet-AWSControlTower*/*", - "arn:aws:cloudformation:*:*:stackset/AWSControlTower*:*", - "arn:aws:cloudformation:*:*:stackset-target/AWSControlTower*/*" - ] - }, - { - "Action": [ - "cloudtrail:CreateTrail", - "cloudtrail:DeleteTrail", - "cloudtrail:GetTrailStatus", - "cloudtrail:StartLogging", - "cloudtrail:StopLogging", - "cloudtrail:UpdateTrail", - "cloudtrail:PutEventSelectors", - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:PutRetentionPolicy" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:aws-controltower/CloudTrailLogs:*", - "arn:aws:cloudtrail:*:*:trail/aws-controltower*" - ] - }, - { - "Action": [ - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-controltower*/*" - ] - }, - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/AWSControlTowerExecution" - ] - }, - { - "Action": [ - "cloudtrail:DescribeTrails", - "ec2:DescribeAvailabilityZones", - "iam:ListRoles", - "logs:CreateLogGroup", - "logs:DescribeLogGroups", - "organizations:CreateAccount", - "organizations:DescribeAccount", - "organizations:DescribeCreateAccountStatus", - "organizations:DescribeOrganization", - "organizations:DescribeOrganizationalUnit", - "organizations:DescribePolicy", - "organizations:ListAccounts", - "organizations:ListAccountsForParent", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:ListChildren", - "organizations:ListOrganizationalUnitsForParent", - "organizations:ListParents", - "organizations:ListPoliciesForTarget", - "organizations:ListTargetsForPolicy", - "organizations:ListRoots", - "organizations:MoveAccount", - "servicecatalog:AssociatePrincipalWithPortfolio" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:GetRole", - "iam:GetUser", - "iam:ListAttachedRolePolicies", - "iam:GetRolePolicy" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/service-role/AWSControlTowerStackSetRole", - "arn:aws:iam::*:role/service-role/AWSControlTowerCloudTrailRole", - "arn:aws:iam::*:role/service-role/AWSControlTowerConfigAggregatorRoleForOrganizations" - ] - }, - { - "Action": [ - "config:DeleteConfigurationAggregator", - "config:PutConfigurationAggregator", - "config:TagResource" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/aws-control-tower": "managed-by-control-tower" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "organizations:EnableAWSServiceAccess", - "Condition": { - "StringLike": { - "organizations:ServicePrincipal": "config.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MW35THVLF", - "PolicyName": "AWSControlTowerServiceRolePolicy", - "UpdateDate": "2021-06-04T23:00:46+00:00", - "VersionId": "v7" - }, - "AWSCostAndUsageReportAutomationPolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSCostAndUsageReportAutomationPolicy", - "AttachmentCount": 0, - "CreateDate": "2021-11-01T21:27:29+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "organizations:DescribeOrganization" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetBucketTagging", - "s3:PutBucketTagging", - "s3:GetBucketPolicy", - "s3:PutBucketPolicy", - "s3:ListBucket", - "s3:CreateBucket" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::aws-map-cur-bucket-*" - }, - { - "Action": [ - "cur:PutReportDefinition", - "cur:DeleteReportDefinition", - "cur:DescribeReportDefinitions" - ], - "Effect": "Allow", - "Resource": "arn:aws:cur:*:*:definition/map-migrated-report" - }, - { - "Action": "cur:DescribeReportDefinitions", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KVW6KKXOP", - "PolicyName": "AWSCostAndUsageReportAutomationPolicy", - "UpdateDate": "2021-11-01T21:27:29+00:00", - "VersionId": "v1" - }, - "AWSDataExchangeFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSDataExchangeFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-11-13T19:27:59+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "dataexchange:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "s3:GetObject", - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "dataexchange.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:s3:::*aws-data-exchange*" - }, - { - "Action": "s3:GetObject", - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "dataexchange.amazonaws.com" - ] - }, - "StringEqualsIgnoreCase": { - "s3:ExistingObjectTag/AWSDataExchange": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:PutObject", - "s3:PutObjectAcl" - ], - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "dataexchange.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:s3:::*aws-data-exchange*" - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:ListBucket", - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "aws-marketplace:DescribeEntity", - "aws-marketplace:ListEntities", - "aws-marketplace:StartChangeSet", - "aws-marketplace:ListChangeSets", - "aws-marketplace:DescribeChangeSet", - "aws-marketplace:CancelChangeSet", - "aws-marketplace:GetAgreementApprovalRequest", - "aws-marketplace:ListAgreementApprovalRequests", - "aws-marketplace:AcceptAgreementApprovalRequest", - "aws-marketplace:RejectAgreementApprovalRequest", - "aws-marketplace:UpdateAgreementApprovalRequest", - "aws-marketplace:SearchAgreements", - "aws-marketplace:GetAgreementTerms" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "aws-marketplace:Subscribe", - "aws-marketplace:Unsubscribe", - "aws-marketplace:ViewSubscriptions", - "aws-marketplace:GetAgreementRequest", - "aws-marketplace:ListAgreementRequests", - "aws-marketplace:CancelAgreementRequest" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:DescribeKey", - "kms:ListAliases", - "kms:ListKeys" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "redshift:AuthorizeDataShare" - ], - "Condition": { - "StringEqualsIgnoreCase": { - "redshift:ConsumerIdentifier": "ADX" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "redshift:DescribeDataSharesForProducer", - "redshift:DescribeDataShares" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "apigateway:GET" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MPDTDB3FH", - "PolicyName": "AWSDataExchangeFullAccess", - "UpdateDate": "2021-12-02T16:14:27+00:00", - "VersionId": "v6" - }, - "AWSDataExchangeProviderFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSDataExchangeProviderFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-11-13T19:27:55+00:00", - "DefaultVersionId": "v10", - "Document": { - "Statement": [ - { - "Action": [ - "dataexchange:CreateDataSet", - "dataexchange:CreateRevision", - "dataexchange:CreateAsset", - "dataexchange:Get*", - "dataexchange:Update*", - "dataexchange:List*", - "dataexchange:Delete*", - "dataexchange:TagResource", - "dataexchange:UntagResource", - "dataexchange:PublishDataSet", - "dataexchange:SendApiAsset", - "tag:GetTagKeys", - "tag:GetTagValues" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "dataexchange:CreateJob", - "dataexchange:StartJob", - "dataexchange:CancelJob" - ], - "Condition": { - "StringEquals": { - "dataexchange:JobType": [ - "IMPORT_ASSETS_FROM_S3", - "IMPORT_ASSET_FROM_SIGNED_URL", - "EXPORT_ASSETS_TO_S3", - "EXPORT_ASSET_TO_SIGNED_URL", - "IMPORT_ASSET_FROM_API_GATEWAY_API", - "IMPORT_ASSETS_FROM_REDSHIFT_DATA_SHARES" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "s3:GetObject", - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "dataexchange.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:s3:::*aws-data-exchange*" - }, - { - "Action": "s3:GetObject", - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "dataexchange.amazonaws.com" - ] - }, - "StringEqualsIgnoreCase": { - "s3:ExistingObjectTag/AWSDataExchange": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:PutObject", - "s3:PutObjectAcl" - ], - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "dataexchange.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:s3:::*aws-data-exchange*" - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:ListBucket", - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "aws-marketplace:DescribeEntity", - "aws-marketplace:ListEntities", - "aws-marketplace:DescribeChangeSet", - "aws-marketplace:ListChangeSets", - "aws-marketplace:StartChangeSet", - "aws-marketplace:CancelChangeSet", - "aws-marketplace:GetAgreementApprovalRequest", - "aws-marketplace:ListAgreementApprovalRequests", - "aws-marketplace:AcceptAgreementApprovalRequest", - "aws-marketplace:RejectAgreementApprovalRequest", - "aws-marketplace:UpdateAgreementApprovalRequest", - "aws-marketplace:SearchAgreements", - "aws-marketplace:GetAgreementTerms" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:DescribeKey", - "kms:ListAliases", - "kms:ListKeys" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "redshift:AuthorizeDataShare" - ], - "Condition": { - "StringEqualsIgnoreCase": { - "redshift:ConsumerIdentifier": "ADX" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "redshift:DescribeDataSharesForProducer", - "redshift:DescribeDataShares" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "apigateway:GET" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MQSUGZZPZ", - "PolicyName": "AWSDataExchangeProviderFullAccess", - "UpdateDate": "2021-12-02T16:12:19+00:00", - "VersionId": "v10" - }, - "AWSDataExchangeReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AWSDataExchangeReadOnly", - "AttachmentCount": 0, - "CreateDate": "2019-11-13T19:27:37+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "dataexchange:Get*", - "dataexchange:List*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "aws-marketplace:ViewSubscriptions", - "aws-marketplace:GetAgreementRequest", - "aws-marketplace:ListAgreementRequests", - "aws-marketplace:GetAgreementApprovalRequest", - "aws-marketplace:ListAgreementApprovalRequests", - "aws-marketplace:DescribeEntity", - "aws-marketplace:ListEntities", - "aws-marketplace:DescribeChangeSet", - "aws-marketplace:ListChangeSets", - "aws-marketplace:SearchAgreements", - "aws-marketplace:GetAgreementTerms" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4DQNFEZURI", - "PolicyName": "AWSDataExchangeReadOnly", - "UpdateDate": "2021-05-10T21:15:26+00:00", - "VersionId": "v2" - }, - "AWSDataExchangeSubscriberFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSDataExchangeSubscriberFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-11-13T19:27:52+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "dataexchange:Get*", - "dataexchange:List*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "dataexchange:CreateJob", - "dataexchange:StartJob", - "dataexchange:CancelJob" - ], - "Condition": { - "StringEquals": { - "dataexchange:JobType": [ - "EXPORT_ASSETS_TO_S3", - "EXPORT_ASSET_TO_SIGNED_URL", - "EXPORT_REVISIONS_TO_S3" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "dataexchange:CreateEventAction", - "dataexchange:UpdateEventAction", - "dataexchange:DeleteEventAction", - "dataexchange:SendApiAsset" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "s3:GetObject", - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "dataexchange.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:s3:::*aws-data-exchange*" - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:ListBucket", - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "aws-marketplace:Subscribe", - "aws-marketplace:Unsubscribe", - "aws-marketplace:ViewSubscriptions", - "aws-marketplace:GetAgreementRequest", - "aws-marketplace:ListAgreementRequests", - "aws-marketplace:CancelAgreementRequest" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:DescribeKey", - "kms:ListAliases", - "kms:ListKeys" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MAWRW4GF7", - "PolicyName": "AWSDataExchangeSubscriberFullAccess", - "UpdateDate": "2021-11-29T23:00:06+00:00", - "VersionId": "v6" - }, - "AWSDataLifecycleManagerServiceRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerServiceRole", - "AttachmentCount": 0, - "CreateDate": "2018-07-06T19:34:16+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateSnapshot", - "ec2:CreateSnapshots", - "ec2:DeleteSnapshot", - "ec2:DescribeInstances", - "ec2:DescribeVolumes", - "ec2:DescribeSnapshots", - "ec2:EnableFastSnapshotRestores", - "ec2:DescribeFastSnapshotRestores", - "ec2:DisableFastSnapshotRestores", - "ec2:CopySnapshot", - "ec2:ModifySnapshotAttribute", - "ec2:DescribeSnapshotAttribute" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Effect": "Allow", - "Resource": "arn:aws:ec2:*::snapshot/*" - }, - { - "Action": [ - "events:PutRule", - "events:DeleteRule", - "events:DescribeRule", - "events:EnableRule", - "events:DisableRule", - "events:ListTargetsByRule", - "events:PutTargets", - "events:RemoveTargets" - ], - "Effect": "Allow", - "Resource": "arn:aws:events:*:*:rule/AwsDataLifecycleRule.managed-cwe.*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIZRLOKFUFE7YXQOJS", - "PolicyName": "AWSDataLifecycleManagerServiceRole", - "UpdateDate": "2020-12-11T18:15:06+00:00", - "VersionId": "v6" - }, - "AWSDataLifecycleManagerServiceRoleForAMIManagement": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerServiceRoleForAMIManagement", - "AttachmentCount": 0, - "CreateDate": "2020-10-21T19:39:41+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": "ec2:CreateTags", - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*::snapshot/*", - "arn:aws:ec2:*::image/*" - ] - }, - { - "Action": [ - "ec2:DescribeImages", - "ec2:DescribeInstances", - "ec2:DescribeImageAttribute", - "ec2:DescribeVolumes", - "ec2:DescribeSnapshots" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:DeleteSnapshot", - "Effect": "Allow", - "Resource": "arn:aws:ec2:*::snapshot/*" - }, - { - "Action": [ - "ec2:ResetImageAttribute", - "ec2:DeregisterImage", - "ec2:CreateImage", - "ec2:CopyImage", - "ec2:ModifyImageAttribute" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:EnableImageDeprecation", - "ec2:DisableImageDeprecation" - ], - "Effect": "Allow", - "Resource": "arn:aws:ec2:*::image/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MG6O7FWSP", - "PolicyName": "AWSDataLifecycleManagerServiceRoleForAMIManagement", - "UpdateDate": "2021-08-19T17:03:44+00:00", - "VersionId": "v2" - }, - "AWSDataPipelineRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSDataPipelineRole", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:24+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:*", - "datapipeline:DescribeObjects", - "datapipeline:EvaluateExpression", - "dynamodb:BatchGetItem", - "dynamodb:DescribeTable", - "dynamodb:GetItem", - "dynamodb:Query", - "dynamodb:Scan", - "dynamodb:UpdateTable", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CancelSpotInstanceRequests", - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:DeleteTags", - "ec2:Describe*", - "ec2:ModifyImageAttribute", - "ec2:ModifyInstanceAttribute", - "ec2:RequestSpotInstances", - "ec2:RunInstances", - "ec2:StartInstances", - "ec2:StopInstances", - "ec2:TerminateInstances", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:DeleteSecurityGroup", - "ec2:RevokeSecurityGroupEgress", - "ec2:DescribeNetworkInterfaces", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DetachNetworkInterface", - "elasticmapreduce:*", - "iam:GetInstanceProfile", - "iam:GetRole", - "iam:GetRolePolicy", - "iam:ListAttachedRolePolicies", - "iam:ListRolePolicies", - "iam:ListInstanceProfiles", - "iam:PassRole", - "rds:DescribeDBInstances", - "rds:DescribeDBSecurityGroups", - "redshift:DescribeClusters", - "redshift:DescribeClusterSecurityGroups", - "s3:CreateBucket", - "s3:DeleteObject", - "s3:Get*", - "s3:List*", - "s3:Put*", - "sdb:BatchPutAttributes", - "sdb:Select*", - "sns:GetTopicAttributes", - "sns:ListTopics", - "sns:Publish", - "sns:Subscribe", - "sns:Unsubscribe", - "sqs:CreateQueue", - "sqs:Delete*", - "sqs:GetQueue*", - "sqs:PurgeQueue", - "sqs:ReceiveMessage" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": [ - "elasticmapreduce.amazonaws.com", - "spot.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIKCP6XS3ESGF4GLO2", - "PolicyName": "AWSDataPipelineRole", - "UpdateDate": "2017-12-22T23:43:28+00:00", - "VersionId": "v6" - }, - "AWSDataPipeline_FullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSDataPipeline_FullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-01-19T23:14:54+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "s3:List*", - "dynamodb:DescribeTable", - "rds:DescribeDBInstances", - "rds:DescribeDBSecurityGroups", - "redshift:DescribeClusters", - "redshift:DescribeClusterSecurityGroups", - "sns:ListTopics", - "sns:Subscribe", - "iam:ListRoles", - "iam:GetRolePolicy", - "iam:GetInstanceProfile", - "iam:ListInstanceProfiles", - "datapipeline:*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/DataPipelineDefaultResourceRole", - "arn:aws:iam::*:role/DataPipelineDefaultRole" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIXOFIG7RSBMRPHXJ4", - "PolicyName": "AWSDataPipeline_FullAccess", - "UpdateDate": "2017-08-17T18:48:39+00:00", - "VersionId": "v2" - }, - "AWSDataPipeline_PowerUser": { - "Arn": "arn:aws:iam::aws:policy/AWSDataPipeline_PowerUser", - "AttachmentCount": 0, - "CreateDate": "2017-01-19T23:16:46+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "s3:List*", - "dynamodb:DescribeTable", - "rds:DescribeDBInstances", - "rds:DescribeDBSecurityGroups", - "redshift:DescribeClusters", - "redshift:DescribeClusterSecurityGroups", - "sns:ListTopics", - "iam:ListRoles", - "iam:GetRolePolicy", - "iam:GetInstanceProfile", - "iam:ListInstanceProfiles", - "datapipeline:*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/DataPipelineDefaultResourceRole", - "arn:aws:iam::*:role/DataPipelineDefaultRole" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIMXGLVY6DVR24VTYS", - "PolicyName": "AWSDataPipeline_PowerUser", - "UpdateDate": "2017-08-17T18:49:42+00:00", - "VersionId": "v2" - }, - "AWSDataSyncFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSDataSyncFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-01-18T19:40:36+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "datasync:*", - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:ModifyNetworkInterfaceAttribute", - "fsx:DescribeFileSystems", - "elasticfilesystem:DescribeFileSystems", - "elasticfilesystem:DescribeMountTargets", - "iam:GetRole", - "iam:ListRoles", - "logs:CreateLogGroup", - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "s3:ListAllMyBuckets", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "datasync.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJGOHCDUQULZJKDGT4", - "PolicyName": "AWSDataSyncFullAccess", - "UpdateDate": "2020-06-30T17:58:58+00:00", - "VersionId": "v3" - }, - "AWSDataSyncReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSDataSyncReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-01-18T19:18:44+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "datasync:Describe*", - "datasync:List*", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "elasticfilesystem:DescribeFileSystems", - "elasticfilesystem:DescribeMountTargets", - "fsx:DescribeFileSystems", - "iam:GetRole", - "iam:ListRoles", - "logs:DescribeLogGroups", - "logs:DescribeResourcePolicies", - "s3:ListAllMyBuckets", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJRYVEZEDR7ZEAGYLY", - "PolicyName": "AWSDataSyncReadOnlyAccess", - "UpdateDate": "2020-06-30T17:59:22+00:00", - "VersionId": "v3" - }, - "AWSDeepLensLambdaFunctionAccessPolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSDeepLensLambdaFunctionAccessPolicy", - "AttachmentCount": 0, - "CreateDate": "2017-11-29T15:47:18+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "s3:ListBucket", - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::deeplens*/*", - "arn:aws:s3:::deeplens*" - ], - "Sid": "DeepLensS3ObjectAccess" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/greengrass/*", - "Sid": "DeepLensGreenGrassCloudWatchAccess" - }, - { - "Action": [ - "deeplens:*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "DeepLensAccess" - }, - { - "Action": [ - "kinesisvideo:DescribeStream", - "kinesisvideo:CreateStream", - "kinesisvideo:GetDataEndpoint", - "kinesisvideo:PutMedia" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "DeepLensKinesisVideoAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIKIEE4PRM54V4G3ZG", - "PolicyName": "AWSDeepLensLambdaFunctionAccessPolicy", - "UpdateDate": "2019-06-11T23:11:55+00:00", - "VersionId": "v4" - }, - "AWSDeepLensServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSDeepLensServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2017-11-29T15:46:36+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "iot:CreateThing", - "iot:DeleteThing", - "iot:DeleteThingShadow", - "iot:DescribeThing", - "iot:GetThingShadow", - "iot:UpdateThing", - "iot:UpdateThingShadow" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iot:*:*:thing/deeplens*" - ], - "Sid": "DeepLensIoTThingAccess" - }, - { - "Action": [ - "iot:AttachThingPrincipal", - "iot:DetachThingPrincipal", - "iot:UpdateCertificate", - "iot:DeleteCertificate", - "iot:DetachPrincipalPolicy" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iot:*:*:thing/deeplens*", - "arn:aws:iot:*:*:cert/*" - ], - "Sid": "DeepLensIoTCertificateAccess" - }, - { - "Action": [ - "iot:CreateKeysAndCertificate", - "iot:CreatePolicy", - "iot:CreatePolicyVersion" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "DeepLensIoTCreateCertificateAndPolicyAccess" - }, - { - "Action": [ - "iot:AttachPrincipalPolicy" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iot:*:*:policy/deeplens*", - "arn:aws:iot:*:*:cert/*" - ], - "Sid": "DeepLensIoTAttachCertificatePolicyAccess" - }, - { - "Action": [ - "iot:GetThingShadow", - "iot:UpdateThingShadow" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iot:*:*:thing/deeplens*" - ], - "Sid": "DeepLensIoTDataAccess" - }, - { - "Action": [ - "iot:DescribeEndpoint" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "DeepLensIoTEndpointAccess" - }, - { - "Action": [ - "deeplens:*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "DeepLensAccess" - }, - { - "Action": [ - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::deeplens*" - ], - "Sid": "DeepLensS3ObjectAccess" - }, - { - "Action": [ - "s3:DeleteBucket", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::deeplens*" - ], - "Sid": "DeepLensS3Buckets" - }, - { - "Action": [ - "s3:CreateBucket" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "DeepLensCreateS3Buckets" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "greengrass.amazonaws.com", - "sagemaker.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "DeepLensIAMPassRoleAccess" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEqualsIfExists": { - "iam:PassedToService": "lambda.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/AWSDeepLens*", - "arn:aws:iam::*:role/service-role/AWSDeepLens*" - ], - "Sid": "DeepLensIAMLambdaPassRoleAccess" - }, - { - "Action": [ - "greengrass:AssociateRoleToGroup", - "greengrass:AssociateServiceRoleToAccount", - "greengrass:CreateResourceDefinition", - "greengrass:CreateResourceDefinitionVersion", - "greengrass:CreateCoreDefinition", - "greengrass:CreateCoreDefinitionVersion", - "greengrass:CreateDeployment", - "greengrass:CreateFunctionDefinition", - "greengrass:CreateFunctionDefinitionVersion", - "greengrass:CreateGroup", - "greengrass:CreateGroupCertificateAuthority", - "greengrass:CreateGroupVersion", - "greengrass:CreateLoggerDefinition", - "greengrass:CreateLoggerDefinitionVersion", - "greengrass:CreateSubscriptionDefinition", - "greengrass:CreateSubscriptionDefinitionVersion", - "greengrass:DeleteCoreDefinition", - "greengrass:DeleteFunctionDefinition", - "greengrass:DeleteGroup", - "greengrass:DeleteLoggerDefinition", - "greengrass:DeleteSubscriptionDefinition", - "greengrass:DisassociateRoleFromGroup", - "greengrass:DisassociateServiceRoleFromAccount", - "greengrass:GetAssociatedRole", - "greengrass:GetConnectivityInfo", - "greengrass:GetCoreDefinition", - "greengrass:GetCoreDefinitionVersion", - "greengrass:GetDeploymentStatus", - "greengrass:GetDeviceDefinition", - "greengrass:GetDeviceDefinitionVersion", - "greengrass:GetFunctionDefinition", - "greengrass:GetFunctionDefinitionVersion", - "greengrass:GetGroup", - "greengrass:GetGroupCertificateAuthority", - "greengrass:GetGroupCertificateConfiguration", - "greengrass:GetGroupVersion", - "greengrass:GetLoggerDefinition", - "greengrass:GetLoggerDefinitionVersion", - "greengrass:GetResourceDefinition", - "greengrass:GetServiceRoleForAccount", - "greengrass:GetSubscriptionDefinition", - "greengrass:GetSubscriptionDefinitionVersion", - "greengrass:ListCoreDefinitionVersions", - "greengrass:ListCoreDefinitions", - "greengrass:ListDeployments", - "greengrass:ListDeviceDefinitionVersions", - "greengrass:ListDeviceDefinitions", - "greengrass:ListFunctionDefinitionVersions", - "greengrass:ListFunctionDefinitions", - "greengrass:ListGroupCertificateAuthorities", - "greengrass:ListGroupVersions", - "greengrass:ListGroups", - "greengrass:ListLoggerDefinitionVersions", - "greengrass:ListLoggerDefinitions", - "greengrass:ListSubscriptionDefinitionVersions", - "greengrass:ListSubscriptionDefinitions", - "greengrass:ResetDeployments", - "greengrass:UpdateConnectivityInfo", - "greengrass:UpdateCoreDefinition", - "greengrass:UpdateDeviceDefinition", - "greengrass:UpdateFunctionDefinition", - "greengrass:UpdateGroup", - "greengrass:UpdateGroupCertificateConfiguration", - "greengrass:UpdateLoggerDefinition", - "greengrass:UpdateSubscriptionDefinition", - "greengrass:UpdateResourceDefinition" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "DeepLensGreenGrassAccess" - }, - { - "Action": [ - "lambda:CreateFunction", - "lambda:DeleteFunction", - "lambda:GetFunction", - "lambda:GetFunctionConfiguration", - "lambda:ListFunctions", - "lambda:ListVersionsByFunction", - "lambda:PublishVersion", - "lambda:UpdateFunctionCode", - "lambda:UpdateFunctionConfiguration" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:lambda:*:*:function:deeplens*" - ], - "Sid": "DeepLensLambdaAdminFunctionAccess" - }, - { - "Action": [ - "lambda:GetFunction", - "lambda:GetFunctionConfiguration", - "lambda:ListFunctions", - "lambda:ListVersionsByFunction" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:lambda:*:*:function:*" - ], - "Sid": "DeepLensLambdaUsersFunctionAccess" - }, - { - "Action": [ - "sagemaker:CreateTrainingJob", - "sagemaker:DescribeTrainingJob", - "sagemaker:StopTrainingJob" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sagemaker:*:*:training-job/deeplens*" - ], - "Sid": "DeepLensSageMakerWriteAccess" - }, - { - "Action": [ - "sagemaker:DescribeTrainingJob" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sagemaker:*:*:training-job/*" - ], - "Sid": "DeepLensSageMakerReadAccess" - }, - { - "Action": [ - "kinesisvideo:CreateStream", - "kinesisvideo:DescribeStream", - "kinesisvideo:DeleteStream" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:kinesisvideo:*:*:stream/deeplens*/*" - ], - "Sid": "DeepLensKinesisVideoStreamAccess" - }, - { - "Action": [ - "kinesisvideo:GetDataEndpoint" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "DeepLensKinesisVideoEndpointAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJK2Z2S7FPJFCYGR72", - "PolicyName": "AWSDeepLensServiceRolePolicy", - "UpdateDate": "2019-09-25T19:25:06+00:00", - "VersionId": "v6" - }, - "AWSDeepRacerAccountAdminAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSDeepRacerAccountAdminAccess", - "AttachmentCount": 0, - "CreateDate": "2021-10-28T01:27:13+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "deepracer:*" - ], - "Condition": { - "Null": { - "deepracer:UserToken": "true" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "DeepRacerAdminAccessStatement" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4HKQKG3YSU", - "PolicyName": "AWSDeepRacerAccountAdminAccess", - "UpdateDate": "2021-10-28T01:27:13+00:00", - "VersionId": "v1" - }, - "AWSDeepRacerCloudFormationAccessPolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSDeepRacerCloudFormationAccessPolicy", - "AttachmentCount": 0, - "CreateDate": "2019-02-28T21:59:49+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "cloudformation:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AllocateAddress", - "ec2:AttachInternetGateway", - "ec2:AssociateRouteTable", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateInternetGateway", - "ec2:CreateNatGateway", - "ec2:CreateNetworkAcl", - "ec2:CreateNetworkAclEntry", - "ec2:CreateRoute", - "ec2:CreateRouteTable", - "ec2:CreateSecurityGroup", - "ec2:CreateSubnet", - "ec2:CreateTags", - "ec2:CreateVpc", - "ec2:CreateVpcEndpoint", - "ec2:DeleteInternetGateway", - "ec2:DeleteNatGateway", - "ec2:DeleteNetworkAcl", - "ec2:DeleteNetworkAclEntry", - "ec2:DeleteRoute", - "ec2:DeleteRouteTable", - "ec2:DeleteSecurityGroup", - "ec2:DeleteSubnet", - "ec2:DeleteTags", - "ec2:DeleteVpc", - "ec2:DeleteVpcEndpoints", - "ec2:DescribeAddresses", - "ec2:DescribeInternetGateways", - "ec2:DescribeNatGateways", - "ec2:DescribeNetworkAcls", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeTags", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcs", - "ec2:DetachInternetGateway", - "ec2:DisassociateRouteTable", - "ec2:ModifySubnetAttribute", - "ec2:ModifyVpcAttribute", - "ec2:ReleaseAddress", - "ec2:ReplaceNetworkAclAssociation", - "ec2:RevokeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLikeIfExists": { - "iam:PassedToService": "lambda.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/service-role/AWSDeepRacerLambdaAccessRole" - }, - { - "Action": [ - "lambda:CreateFunction", - "lambda:GetFunction", - "lambda:DeleteFunction", - "lambda:TagResource", - "lambda:UpdateFunctionCode" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:lambda:*:*:function:*DeepRacer*", - "arn:aws:lambda:*:*:function:*Deepracer*", - "arn:aws:lambda:*:*:function:*deepracer*" - ] - }, - { - "Action": [ - "s3:PutBucketPolicy", - "s3:CreateBucket", - "s3:ListBucket", - "s3:GetBucketAcl", - "s3:DeleteBucket" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*DeepRacer*", - "arn:aws:s3:::*Deepracer*", - "arn:aws:s3:::*deepracer*" - ] - }, - { - "Action": [ - "robomaker:CreateSimulationApplication", - "robomaker:CreateSimulationApplicationVersion", - "robomaker:DeleteSimulationApplication", - "robomaker:DescribeSimulationApplication", - "robomaker:ListSimulationApplications", - "robomaker:TagResource", - "robomaker:UpdateSimulationApplication" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:robomaker:*:*:/createSimulationApplication", - "arn:aws:robomaker:*:*:simulation-application/deepracer*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJYG7FM75UF5CW5ICS", - "PolicyName": "AWSDeepRacerCloudFormationAccessPolicy", - "UpdateDate": "2019-06-14T17:02:04+00:00", - "VersionId": "v2" - }, - "AWSDeepRacerDefaultMultiUserAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSDeepRacerDefaultMultiUserAccess", - "AttachmentCount": 0, - "CreateDate": "2021-10-28T01:27:13+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "deepracer:Add*", - "deepracer:Remove*", - "deepracer:Create*", - "deepracer:Perform*", - "deepracer:Clone*", - "deepracer:Get*", - "deepracer:List*", - "deepracer:Edit*", - "deepracer:Start*", - "deepracer:Set*", - "deepracer:Update*", - "deepracer:Delete*", - "deepracer:Stop*", - "deepracer:Import*", - "deepracer:Tag*", - "deepracer:Untag*" - ], - "Condition": { - "Bool": { - "deepracer:MultiUser": "true" - }, - "Null": { - "deepracer:UserToken": "false" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "deepracer:GetAccountConfig", - "deepracer:GetTrack", - "deepracer:ListTracks", - "deepracer:TestRewardFunction" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "deepracer:Admin*" - ], - "Effect": "Deny", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4IDMSNDQGW", - "PolicyName": "AWSDeepRacerDefaultMultiUserAccess", - "UpdateDate": "2021-10-28T01:27:13+00:00", - "VersionId": "v1" - }, - "AWSDeepRacerFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSDeepRacerFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-10-05T22:03:10+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:DeleteObject", - "s3:DeleteObjectVersion", - "s3:GetBucketPolicy", - "s3:PutBucketPolicy", - "s3:ListBucket", - "s3:GetBucketAcl", - "s3:GetObject", - "s3:GetObjectVersion", - "s3:GetObjectAcl", - "s3:GetBucketLocation" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*DeepRacer*", - "arn:aws:s3:::*Deepracer*", - "arn:aws:s3:::*deepracer*", - "arn:aws:s3:::dr-*", - "arn:aws:s3:::*DeepRacer*/*", - "arn:aws:s3:::*Deepracer*/*", - "arn:aws:s3:::*deepracer*/*", - "arn:aws:s3:::dr-*/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JFTOPTVBM", - "PolicyName": "AWSDeepRacerFullAccess", - "UpdateDate": "2020-10-05T22:03:10+00:00", - "VersionId": "v1" - }, - "AWSDeepRacerRoboMakerAccessPolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSDeepRacerRoboMakerAccessPolicy", - "AttachmentCount": 0, - "CreateDate": "2019-02-28T21:59:58+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "robomaker:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:PutMetricData", - "ec2:CreateNetworkInterfacePermission", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", - "ec2:DescribeVpcs" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/robomaker/SimulationJobs", - "arn:aws:logs:*:*:log-group:/aws/robomaker/SimulationJobs:log-stream:*" - ] - }, - { - "Action": [ - "s3:GetObject", - "s3:GetBucketLocation", - "s3:ListBucket", - "s3:ListAllMyBuckets", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*DeepRacer*", - "arn:aws:s3:::*Deepracer*", - "arn:aws:s3:::*deepracer*", - "arn:aws:s3:::dr-*" - ] - }, - { - "Action": [ - "s3:GetObject" - ], - "Condition": { - "StringEqualsIgnoreCase": { - "s3:ExistingObjectTag/DeepRacer": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kinesisvideo:CreateStream", - "kinesisvideo:DescribeStream", - "kinesisvideo:GetDataEndpoint", - "kinesisvideo:PutMedia", - "kinesisvideo:TagStream" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:kinesisvideo:*:*:stream/dr-*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIUKGYRTDCUFOMRGAM", - "PolicyName": "AWSDeepRacerRoboMakerAccessPolicy", - "UpdateDate": "2019-02-28T21:59:58+00:00", - "VersionId": "v1" - }, - "AWSDeepRacerServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSDeepRacerServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-02-28T21:58:09+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "deepracer:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "robomaker:*", - "sagemaker:*", - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudformation:ListStackResources", - "cloudformation:DescribeStacks", - "cloudformation:CreateStack", - "cloudformation:DeleteStack", - "cloudformation:DescribeStackResource", - "cloudformation:DescribeStackResources", - "cloudformation:DescribeStackEvents", - "cloudformation:DetectStackDrift", - "cloudformation:DescribeStackDriftDetectionStatus", - "cloudformation:DescribeStackResourceDrifts" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "robomaker.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/AWSDeepRacer*", - "arn:aws:iam::*:role/service-role/AWSDeepRacer*" - ] - }, - { - "Action": [ - "cloudwatch:GetMetricData", - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "lambda:CreateFunction", - "lambda:DeleteFunction", - "lambda:GetFunction", - "lambda:InvokeFunction", - "lambda:UpdateFunctionCode" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:lambda:*:*:function:*DeepRacer*", - "arn:aws:lambda:*:*:function:*Deepracer*", - "arn:aws:lambda:*:*:function:*deepracer*", - "arn:aws:lambda:*:*:function:*dr-*" - ] - }, - { - "Action": [ - "s3:GetObject", - "s3:GetBucketLocation", - "s3:DeleteObject", - "s3:ListBucket", - "s3:PutObject", - "s3:PutBucketPolicy", - "s3:GetBucketAcl" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*DeepRacer*", - "arn:aws:s3:::*Deepracer*", - "arn:aws:s3:::*deepracer*", - "arn:aws:s3:::dr-*" - ] - }, - { - "Action": [ - "s3:GetObject" - ], - "Condition": { - "StringEqualsIgnoreCase": { - "s3:ExistingObjectTag/DeepRacer": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kinesisvideo:CreateStream", - "kinesisvideo:DeleteStream", - "kinesisvideo:DescribeStream", - "kinesisvideo:GetDataEndpoint", - "kinesisvideo:GetHLSStreamingSessionURL", - "kinesisvideo:GetMedia", - "kinesisvideo:PutMedia", - "kinesisvideo:TagStream" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:kinesisvideo:*:*:stream/dr-*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJTUAQLIAVBJ7LZ32S", - "PolicyName": "AWSDeepRacerServiceRolePolicy", - "UpdateDate": "2019-06-12T20:55:34+00:00", - "VersionId": "v3" - }, - "AWSDenyAll": { - "Arn": "arn:aws:iam::aws:policy/AWSDenyAll", - "AttachmentCount": 0, - "CreateDate": "2019-05-01T22:36:14+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "*" - ], - "Effect": "Deny", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4P43IUQ5E5", - "PolicyName": "AWSDenyAll", - "UpdateDate": "2019-05-01T22:36:14+00:00", - "VersionId": "v1" - }, - "AWSDeviceFarmFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSDeviceFarmFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-07-13T16:37:38+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "devicefarm:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJO7KEDP4VYJPNT5UW", - "PolicyName": "AWSDeviceFarmFullAccess", - "UpdateDate": "2015-07-13T16:37:38+00:00", - "VersionId": "v1" - }, - "AWSDeviceFarmTestGridServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSDeviceFarmTestGridServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-05-26T22:01:35+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeVpcs", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateNetworkInterface" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "ec2:CreateNetworkInterface" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/AWSDeviceFarmManaged": "true" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:network-interface/*" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "StringEquals": { - "ec2:CreateAction": "CreateNetworkInterface" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:network-interface/*" - }, - { - "Action": [ - "ec2:CreateNetworkInterfacePermission", - "ec2:DeleteNetworkInterface" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/AWSDeviceFarmManaged": "true" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:network-interface/*" - }, - { - "Action": [ - "ec2:ModifyNetworkInterfaceAttribute" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": [ - "ec2:ModifyNetworkInterfaceAttribute" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/AWSDeviceFarmManaged": "true" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:network-interface/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KOLIVAOCV", - "PolicyName": "AWSDeviceFarmTestGridServiceRolePolicy", - "UpdateDate": "2021-05-26T22:01:35+00:00", - "VersionId": "v1" - }, - "AWSDirectConnectFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSDirectConnectFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:07+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "directconnect:*", - "ec2:DescribeVpnGateways", - "ec2:DescribeTransitGateways" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJQF2QKZSK74KTIHOW", - "PolicyName": "AWSDirectConnectFullAccess", - "UpdateDate": "2019-04-30T15:29:29+00:00", - "VersionId": "v3" - }, - "AWSDirectConnectReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSDirectConnectReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:08+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "directconnect:Describe*", - "directconnect:List*", - "ec2:DescribeVpnGateways", - "ec2:DescribeTransitGateways" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI23HZ27SI6FQMGNQ2", - "PolicyName": "AWSDirectConnectReadOnlyAccess", - "UpdateDate": "2020-05-18T18:48:22+00:00", - "VersionId": "v4" - }, - "AWSDirectConnectServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSDirectConnectServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-01-14T18:35:27+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "secretsmanager:DescribeSecret", - "secretsmanager:ListSecretVersionIds", - "secretsmanager:GetSecretValue" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:secretsmanager:*:*:secret:*directconnect*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4O7743JCTQ", - "PolicyName": "AWSDirectConnectServiceRolePolicy", - "UpdateDate": "2021-01-14T18:35:27+00:00", - "VersionId": "v1" - }, - "AWSDirectoryServiceFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:11+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "ds:*", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:DeleteNetworkInterface", - "ec2:DeleteSecurityGroup", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:RevokeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress", - "ec2:DescribeSecurityGroups", - "sns:GetTopicAttributes", - "sns:ListSubscriptions", - "sns:ListSubscriptionsByTopic", - "sns:ListTopics", - "iam:ListRoles", - "organizations:ListAccountsForParent", - "organizations:ListRoots", - "organizations:ListAccounts", - "organizations:DescribeOrganization", - "organizations:DescribeAccount", - "organizations:ListOrganizationalUnitsForParent", - "organizations:ListAWSServiceAccessForOrganization" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sns:CreateTopic", - "sns:DeleteTopic", - "sns:SetTopicAttributes", - "sns:Subscribe", - "sns:Unsubscribe" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:DirectoryMonitoring*" - }, - { - "Action": [ - "organizations:EnableAWSServiceAccess", - "organizations:DisableAWSServiceAccess" - ], - "Condition": { - "StringEquals": { - "organizations:ServicePrincipal": "ds.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:security-group/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAINAW5ANUWTH3R4ANI", - "PolicyName": "AWSDirectoryServiceFullAccess", - "UpdateDate": "2020-11-24T23:24:10+00:00", - "VersionId": "v5" - }, - "AWSDirectoryServiceReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSDirectoryServiceReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:12+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "ds:Check*", - "ds:Describe*", - "ds:Get*", - "ds:List*", - "ds:Verify*", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "sns:ListTopics", - "sns:GetTopicAttributes", - "sns:ListSubscriptions", - "sns:ListSubscriptionsByTopic", - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:ListAWSServiceAccessForOrganization" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIHWYO6WSDNCG64M2W", - "PolicyName": "AWSDirectoryServiceReadOnlyAccess", - "UpdateDate": "2018-09-25T21:54:01+00:00", - "VersionId": "v4" - }, - "AWSDiscoveryContinuousExportFirehosePolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSDiscoveryContinuousExportFirehosePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-08-09T18:29:39+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "glue:GetTableVersions" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:AbortMultipartUpload", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-application-discovery-service-*" - ] - }, - { - "Action": [ - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/application-discovery-service/firehose:log-stream:*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIX6FHUTEUNXYDFZ7C", - "PolicyName": "AWSDiscoveryContinuousExportFirehosePolicy", - "UpdateDate": "2021-06-08T17:32:46+00:00", - "VersionId": "v2" - }, - "AWSEC2CapacityReservationFleetRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2CapacityReservationFleetRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-09-29T14:43:09+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeCapacityReservations", - "ec2:DescribeInstances" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateCapacityReservation", - "ec2:CancelCapacityReservation", - "ec2:ModifyCapacityReservation" - ], - "Condition": { - "StringLike": { - "ec2:CapacityReservationFleet": "arn:aws:ec2:*:*:capacity-reservation-fleet/crf-*" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:capacity-reservation/*" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "StringEquals": { - "ec2:CreateAction": "CreateCapacityReservation" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:capacity-reservation/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4HMH3YJXLU", - "PolicyName": "AWSEC2CapacityReservationFleetRolePolicy", - "UpdateDate": "2021-09-29T14:43:09+00:00", - "VersionId": "v1" - }, - "AWSEC2FleetServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2FleetServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-03-21T00:08:55+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeImages", - "ec2:DescribeSubnets", - "ec2:RequestSpotInstances", - "ec2:DescribeInstanceStatus", - "ec2:RunInstances" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "spot.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "EC2SpotManagement" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "ec2.amazonaws.com", - "ec2.amazonaws.com.cn" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:spot-instances-request/*" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "StringEquals": { - "ec2:CreateAction": "RunInstances" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:volume/*" - ] - }, - { - "Action": [ - "ec2:TerminateInstances" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/aws:ec2:fleet-id": "*" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJCL355O4TC27CPKVC", - "PolicyName": "AWSEC2FleetServiceRolePolicy", - "UpdateDate": "2020-05-04T20:10:31+00:00", - "VersionId": "v3" - }, - "AWSEC2SpotFleetServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotFleetServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2017-10-23T19:13:06+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeImages", - "ec2:DescribeSubnets", - "ec2:RequestSpotInstances", - "ec2:DescribeInstanceStatus", - "ec2:RunInstances" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "ec2.amazonaws.com", - "ec2.amazonaws.com.cn" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:spot-instances-request/*", - "arn:aws:ec2:*:*:spot-fleet-request/*", - "arn:aws:ec2:*:*:volume/*" - ] - }, - { - "Action": [ - "ec2:TerminateInstances" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/aws:ec2spot:fleet-request-id": "*" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "elasticloadbalancing:RegisterInstancesWithLoadBalancer" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:elasticloadbalancing:*:*:loadbalancer/*" - ] - }, - { - "Action": [ - "elasticloadbalancing:RegisterTargets" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:elasticloadbalancing:*:*:*/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAILWCVTZD57EMYWMBO", - "PolicyName": "AWSEC2SpotFleetServiceRolePolicy", - "UpdateDate": "2020-03-16T19:16:21+00:00", - "VersionId": "v4" - }, - "AWSEC2SpotServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotServiceRolePolicy", - "AttachmentCount": 1, - "CreateDate": "2017-09-18T18:51:54+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeInstances", - "ec2:StartInstances", - "ec2:StopInstances", - "ec2:RunInstances" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:RunInstances" - ], - "Condition": { - "StringNotEquals": { - "ec2:InstanceMarketType": "spot" - } - }, - "Effect": "Deny", - "Resource": [ - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "ec2.amazonaws.com", - "ec2.amazonaws.com.cn" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "StringEquals": { - "ec2:CreateAction": "RunInstances" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIZJJBQNXQYVKTEXGM", - "PolicyName": "AWSEC2SpotServiceRolePolicy", - "UpdateDate": "2018-12-12T00:13:51+00:00", - "VersionId": "v4" - }, - "AWSECRPullThroughCache_ServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSECRPullThroughCache_ServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-11-26T21:51:09+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ecr:GetAuthorizationToken", - "ecr:BatchCheckLayerAvailability", - "ecr:InitiateLayerUpload", - "ecr:UploadLayerPart", - "ecr:CompleteLayerUpload", - "ecr:PutImage" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4G6RNU4BVN", - "PolicyName": "AWSECRPullThroughCache_ServiceRolePolicy", - "UpdateDate": "2021-11-26T21:51:09+00:00", - "VersionId": "v1" - }, - "AWSElasticBeanstalkCustomPlatformforEC2Role": { - "Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkCustomPlatformforEC2Role", - "AttachmentCount": 0, - "CreateDate": "2017-02-21T22:50:30+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:AttachVolume", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CopyImage", - "ec2:CreateImage", - "ec2:CreateKeypair", - "ec2:CreateSecurityGroup", - "ec2:CreateSnapshot", - "ec2:CreateTags", - "ec2:CreateVolume", - "ec2:DeleteKeypair", - "ec2:DeleteSecurityGroup", - "ec2:DeleteSnapshot", - "ec2:DeleteVolume", - "ec2:DeregisterImage", - "ec2:DescribeImageAttribute", - "ec2:DescribeImages", - "ec2:DescribeInstances", - "ec2:DescribeRegions", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSnapshots", - "ec2:DescribeSubnets", - "ec2:DescribeTags", - "ec2:DescribeVolumes", - "ec2:DetachVolume", - "ec2:GetPasswordData", - "ec2:ModifyImageAttribute", - "ec2:ModifyInstanceAttribute", - "ec2:ModifySnapshotAttribute", - "ec2:RegisterImage", - "ec2:RunInstances", - "ec2:StopInstances", - "ec2:TerminateInstances" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "EC2Access" - }, - { - "Action": [ - "s3:Get*", - "s3:List*", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::elasticbeanstalk-*", - "arn:aws:s3:::elasticbeanstalk-*/*" - ], - "Sid": "BucketAccess" - }, - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/platform/*", - "Sid": "CloudWatchLogsAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJRVFXSS6LEIQGBKDY", - "PolicyName": "AWSElasticBeanstalkCustomPlatformforEC2Role", - "UpdateDate": "2017-02-21T22:50:30+00:00", - "VersionId": "v1" - }, - "AWSElasticBeanstalkEnhancedHealth": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkEnhancedHealth", - "AttachmentCount": 0, - "CreateDate": "2016-02-08T23:17:27+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "elasticloadbalancing:DescribeInstanceHealth", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTargetHealth", - "ec2:DescribeInstances", - "ec2:DescribeInstanceStatus", - "ec2:GetConsoleOutput", - "ec2:AssociateAddress", - "ec2:DescribeAddresses", - "ec2:DescribeSecurityGroups", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:DescribeScalingActivities", - "autoscaling:DescribeNotificationConfigurations", - "sns:Publish" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "logs:DescribeLogStreams", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*:log-stream:*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIH5EFJNMOGUUTKLFE", - "PolicyName": "AWSElasticBeanstalkEnhancedHealth", - "UpdateDate": "2018-04-09T22:12:53+00:00", - "VersionId": "v4" - }, - "AWSElasticBeanstalkMaintenance": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkMaintenance", - "AttachmentCount": 0, - "CreateDate": "2019-01-11T23:22:52+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "cloudformation:CreateChangeSet", - "cloudformation:DescribeChangeSet", - "cloudformation:ExecuteChangeSet", - "cloudformation:DeleteChangeSet", - "cloudformation:ListChangeSets", - "cloudformation:DescribeStacks" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:stack/awseb-*", - "arn:aws:cloudformation:*:*:stack/eb-*" - ], - "Sid": "AllowCloudformationChangeSetOperationsOnElasticBeanstalkStacks" - }, - { - "Action": "elasticloadbalancing:DescribeLoadBalancers", - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowElasticBeanstalkStacksUpdateExecuteSuccessfully" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJQPH22XGBH2VV2LSW", - "PolicyName": "AWSElasticBeanstalkMaintenance", - "UpdateDate": "2019-06-04T17:48:27+00:00", - "VersionId": "v2" - }, - "AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-03-03T22:18:00+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "elasticbeanstalk:*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ElasticBeanstalkPermissions" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "elasticbeanstalk.amazonaws.com", - "ec2.amazonaws.com", - "ec2.amazonaws.com.cn", - "autoscaling.amazonaws.com", - "elasticloadbalancing.amazonaws.com", - "ecs.amazonaws.com", - "cloudformation.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/*", - "Sid": "AllowPassRoleToElasticBeanstalkAndDownstreamServices" - }, - { - "Action": [ - "autoscaling:DescribeAccountLimits", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeLoadBalancers", - "autoscaling:DescribeNotificationConfigurations", - "autoscaling:DescribeScalingActivities", - "autoscaling:DescribeScheduledActions", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAddresses", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeImages", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeInstances", - "ec2:DescribeKeyPairs", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeLaunchTemplateVersions", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSnapshots", - "ec2:DescribeSpotInstanceRequests", - "ec2:DescribeSubnets", - "ec2:DescribeVpcClassicLink", - "ec2:DescribeVpcs", - "elasticloadbalancing:DescribeInstanceHealth", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "logs:DescribeLogGroups", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstances", - "rds:DescribeOrderableDBInstanceOptions", - "sns:ListSubscriptionsByTopic" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "ReadOnlyPermissions" - }, - { - "Action": [ - "ec2:AllocateAddress", - "ec2:AssociateAddress", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateLaunchTemplate", - "ec2:CreateLaunchTemplateVersion", - "ec2:CreateSecurityGroup", - "ec2:DeleteLaunchTemplate", - "ec2:DeleteLaunchTemplateVersions", - "ec2:DeleteSecurityGroup", - "ec2:DisassociateAddress", - "ec2:ReleaseAddress", - "ec2:RevokeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "EC2BroadOperationPermissions" - }, - { - "Action": "ec2:RunInstances", - "Condition": { - "ArnLike": { - "ec2:LaunchTemplate": "arn:aws:ec2:*:*:launch-template/*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "EC2RunInstancesOperationPermissions" - }, - { - "Action": [ - "ec2:TerminateInstances" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/aws:cloudformation:stack-id": [ - "arn:aws:cloudformation:*:*:stack/awseb-e-*", - "arn:aws:cloudformation:*:*:stack/eb-*" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*", - "Sid": "EC2TerminateInstancesOperationPermissions" - }, - { - "Action": [ - "ecs:CreateCluster", - "ecs:DescribeClusters", - "ecs:RegisterTaskDefinition" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ECSBroadOperationPermissions" - }, - { - "Action": "ecs:DeleteCluster", - "Effect": "Allow", - "Resource": "arn:aws:ecs:*:*:cluster/awseb-*", - "Sid": "ECSDeleteClusterOperationPermissions" - }, - { - "Action": [ - "autoscaling:AttachInstances", - "autoscaling:CreateAutoScalingGroup", - "autoscaling:CreateLaunchConfiguration", - "autoscaling:DeleteLaunchConfiguration", - "autoscaling:DeleteAutoScalingGroup", - "autoscaling:DeleteScheduledAction", - "autoscaling:DetachInstances", - "autoscaling:DeletePolicy", - "autoscaling:PutScalingPolicy", - "autoscaling:PutScheduledUpdateGroupAction", - "autoscaling:PutNotificationConfiguration", - "autoscaling:ResumeProcesses", - "autoscaling:SetDesiredCapacity", - "autoscaling:SuspendProcesses", - "autoscaling:TerminateInstanceInAutoScalingGroup", - "autoscaling:UpdateAutoScalingGroup" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", - "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*", - "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*", - "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*" - ], - "Sid": "ASGOperationPermissions" - }, - { - "Action": [ - "cloudformation:*" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:stack/awseb-*", - "arn:aws:cloudformation:*:*:stack/eb-*" - ], - "Sid": "CFNOperationPermissions" - }, - { - "Action": [ - "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", - "elasticloadbalancing:ConfigureHealthCheck", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", - "elasticloadbalancing:DeregisterTargets", - "elasticloadbalancing:RegisterInstancesWithLoadBalancer", - "elasticloadbalancing:RegisterTargets" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", - "arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/*/awseb-*/*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/*/eb-*/*" - ], - "Sid": "ELBOperationPermissions" - }, - { - "Action": [ - "logs:CreateLogGroup", - "logs:DeleteLogGroup", - "logs:PutRetentionPolicy" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*", - "Sid": "CWLogsOperationPermissions" - }, - { - "Action": [ - "s3:DeleteObject", - "s3:GetObject", - "s3:GetObjectAcl", - "s3:GetObjectVersion", - "s3:GetObjectVersionAcl", - "s3:PutObject", - "s3:PutObjectAcl", - "s3:PutObjectVersionAcl" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::elasticbeanstalk-*/*", - "Sid": "S3ObjectOperationPermissions" - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:GetBucketPolicy", - "s3:ListBucket", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::elasticbeanstalk-*", - "Sid": "S3BucketOperationPermissions" - }, - { - "Action": [ - "sns:CreateTopic", - "sns:GetTopicAttributes", - "sns:SetTopicAttributes", - "sns:Subscribe" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:ElasticBeanstalkNotifications-*", - "Sid": "SNSOperationPermissions" - }, - { - "Action": [ - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sqs:*:*:awseb-e-*", - "arn:aws:sqs:*:*:eb-*" - ], - "Sid": "SQSOperationPermissions" - }, - { - "Action": [ - "cloudwatch:PutMetricAlarm" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudwatch:*:*:alarm:awseb-*", - "arn:aws:cloudwatch:*:*:alarm:eb-*" - ], - "Sid": "CWPutMetricAlarmOperationPermissions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4AKB7QD2CZ", - "PolicyName": "AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy", - "UpdateDate": "2021-06-16T22:40:31+00:00", - "VersionId": "v3" - }, - "AWSElasticBeanstalkManagedUpdatesServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkManagedUpdatesServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-11-21T22:35:06+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": "iam:PassRole", - "Condition": { - "StringLikeIfExists": { - "iam:PassedToService": [ - "elasticbeanstalk.amazonaws.com", - "ec2.amazonaws.com", - "autoscaling.amazonaws.com", - "elasticloadbalancing.amazonaws.com", - "ecs.amazonaws.com", - "cloudformation.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowPassRoleToElasticBeanstalkAndDownstreamServices" - }, - { - "Action": [ - "ec2:releaseAddress", - "ec2:allocateAddress", - "ec2:DisassociateAddress", - "ec2:AssociateAddress" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "SingleInstanceAPIs" - }, - { - "Action": [ - "ecs:RegisterTaskDefinition", - "ecs:DeRegisterTaskDefinition", - "ecs:List*", - "ecs:Describe*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ECS" - }, - { - "Action": [ - "elasticbeanstalk:*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ElasticBeanstalkAPIs" - }, - { - "Action": [ - "cloudformation:Describe*", - "cloudformation:List*", - "ec2:Describe*", - "autoscaling:Describe*", - "elasticloadbalancing:Describe*", - "logs:DescribeLogGroups", - "sns:GetTopicAttributes", - "sns:ListSubscriptionsByTopic" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ReadOnlyAPIs" - }, - { - "Action": [ - "autoscaling:AttachInstances", - "autoscaling:CreateAutoScalingGroup", - "autoscaling:CreateLaunchConfiguration", - "autoscaling:DeleteAutoScalingGroup", - "autoscaling:DeleteLaunchConfiguration", - "autoscaling:DeleteScheduledAction", - "autoscaling:DetachInstances", - "autoscaling:PutNotificationConfiguration", - "autoscaling:PutScalingPolicy", - "autoscaling:PutScheduledUpdateGroupAction", - "autoscaling:ResumeProcesses", - "autoscaling:SuspendProcesses", - "autoscaling:TerminateInstanceInAutoScalingGroup", - "autoscaling:UpdateAutoScalingGroup" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", - "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*", - "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*", - "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*" - ], - "Sid": "ASG" - }, - { - "Action": [ - "cloudformation:CreateStack", - "cloudformation:CancelUpdateStack", - "cloudformation:DeleteStack", - "cloudformation:GetTemplate", - "cloudformation:UpdateStack" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:stack/awseb-e-*", - "arn:aws:cloudformation:*:*:stack/eb-*" - ], - "Sid": "CFN" - }, - { - "Action": [ - "ec2:TerminateInstances" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/aws:cloudformation:stack-id": [ - "arn:aws:cloudformation:*:*:stack/awseb-e-*", - "arn:aws:cloudformation:*:*:stack/eb-*" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*", - "Sid": "EC2" - }, - { - "Action": [ - "s3:DeleteObject", - "s3:GetObject", - "s3:GetObjectAcl", - "s3:GetObjectVersion", - "s3:GetObjectVersionAcl", - "s3:PutObject", - "s3:PutObjectAcl", - "s3:PutObjectVersionAcl" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::elasticbeanstalk-*/*", - "Sid": "S3Obj" - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:GetBucketPolicy", - "s3:ListBucket", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::elasticbeanstalk-*", - "Sid": "S3Bucket" - }, - { - "Action": [ - "logs:CreateLogGroup", - "logs:DeleteLogGroup", - "logs:PutRetentionPolicy" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*", - "Sid": "CWL" - }, - { - "Action": [ - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:DeRegisterTargets", - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", - "elasticloadbalancing:RegisterInstancesWithLoadBalancer" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-e-*", - "arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*" - ], - "Sid": "ELB" - }, - { - "Action": [ - "sns:CreateTopic" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:ElasticBeanstalkNotifications-Environment-*", - "Sid": "SNS" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4HVFNJB4NR", - "PolicyName": "AWSElasticBeanstalkManagedUpdatesServiceRolePolicy", - "UpdateDate": "2020-12-11T18:21:32+00:00", - "VersionId": "v5" - }, - "AWSElasticBeanstalkMulticontainerDocker": { - "Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker", - "AttachmentCount": 0, - "CreateDate": "2016-02-08T23:15:29+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "ecs:Poll", - "ecs:StartTask", - "ecs:StopTask", - "ecs:DiscoverPollEndpoint", - "ecs:StartTelemetrySession", - "ecs:RegisterContainerInstance", - "ecs:DeregisterContainerInstance", - "ecs:DescribeContainerInstances", - "ecs:Submit*", - "ecs:DescribeTasks" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ECSAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ45SBYG72SD6SHJEY", - "PolicyName": "AWSElasticBeanstalkMulticontainerDocker", - "UpdateDate": "2016-06-06T23:45:37+00:00", - "VersionId": "v2" - }, - "AWSElasticBeanstalkReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkReadOnly", - "AttachmentCount": 0, - "CreateDate": "2021-01-22T19:02:37+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "acm:ListCertificates", - "autoscaling:DescribeAccountLimits", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribePolicies", - "autoscaling:DescribeLoadBalancers", - "autoscaling:DescribeNotificationConfigurations", - "autoscaling:DescribeScalingActivities", - "autoscaling:DescribeScheduledActions", - "cloudformation:DescribeStackResource", - "cloudformation:DescribeStackResources", - "cloudformation:DescribeStacks", - "cloudformation:GetTemplate", - "cloudformation:ListStackResources", - "cloudformation:ListStacks", - "cloudformation:ValidateTemplate", - "cloudtrail:LookupEvents", - "cloudwatch:DescribeAlarms", - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAddresses", - "ec2:DescribeImages", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeInstances", - "ec2:DescribeInstanceStatus", - "ec2:DescribeKeyPairs", - "ec2:DescribeLaunchTemplateVersions", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSnapshots", - "ec2:DescribeSpotInstanceRequests", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "elasticbeanstalk:Check*", - "elasticbeanstalk:Describe*", - "elasticbeanstalk:List*", - "elasticbeanstalk:RequestEnvironmentInfo", - "elasticbeanstalk:RetrieveEnvironmentInfo", - "elasticloadbalancing:DescribeInstanceHealth", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeSSLPolicies", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "iam:GetRole", - "iam:ListAttachedRolePolicies", - "iam:ListInstanceProfiles", - "iam:ListRolePolicies", - "iam:ListRoles", - "iam:ListServerCertificates", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstances", - "rds:DescribeOrderableDBInstanceOptions", - "rds:DescribeDBSnapshots", - "s3:ListAllMyBuckets", - "sns:ListSubscriptionsByTopic", - "sns:ListTopics", - "sqs:ListQueues" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowAPIs" - }, - { - "Action": [ - "s3:GetObject", - "s3:GetObjectAcl", - "s3:GetObjectVersion", - "s3:GetObjectVersionAcl", - "s3:GetBucketLocation", - "s3:GetBucketPolicy", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::elasticbeanstalk-*", - "Sid": "AllowS3" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4BYFSOYIWH", - "PolicyName": "AWSElasticBeanstalkReadOnly", - "UpdateDate": "2021-01-22T19:02:37+00:00", - "VersionId": "v1" - }, - "AWSElasticBeanstalkRoleCWL": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleCWL", - "AttachmentCount": 0, - "CreateDate": "2020-06-05T21:49:06+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:DeleteLogGroup", - "logs:PutRetentionPolicy" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*", - "Sid": "AllowCWL" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4G4S2QMTW3", - "PolicyName": "AWSElasticBeanstalkRoleCWL", - "UpdateDate": "2020-06-05T21:49:06+00:00", - "VersionId": "v1" - }, - "AWSElasticBeanstalkRoleCore": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleCore", - "AttachmentCount": 0, - "CreateDate": "2020-06-05T21:48:24+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:TerminateInstances" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/awseb-e-*" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*", - "Sid": "TerminateInstances" - }, - { - "Action": [ - "ec2:ReleaseAddress", - "ec2:AllocateAddress", - "ec2:DisassociateAddress", - "ec2:AssociateAddress", - "ec2:CreateTags", - "ec2:DeleteTags", - "ec2:CreateSecurityGroup", - "ec2:DeleteSecurityGroup", - "ec2:AuthorizeSecurityGroup*", - "ec2:RevokeSecurityGroup*", - "ec2:CreateLaunchTemplate*", - "ec2:DeleteLaunchTemplate*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "EC2" - }, - { - "Action": "ec2:RunInstances", - "Condition": { - "ArnLike": { - "ec2:LaunchTemplate": "arn:aws:ec2:*:*:launch-template/*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "LTRunInstances" - }, - { - "Action": [ - "autoscaling:AttachInstances", - "autoscaling:*LoadBalancer*", - "autoscaling:*AutoScalingGroup", - "autoscaling:*LaunchConfiguration", - "autoscaling:DeleteScheduledAction", - "autoscaling:DetachInstances", - "autoscaling:PutNotificationConfiguration", - "autoscaling:PutScalingPolicy", - "autoscaling:PutScheduledUpdateGroupAction", - "autoscaling:ResumeProcesses", - "autoscaling:SuspendProcesses", - "autoscaling:*Tags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", - "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*" - ], - "Sid": "ASG" - }, - { - "Action": [ - "autoscaling:DeletePolicy" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "ASGPolicy" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringLike": { - "iam:AWSServiceName": "elasticbeanstalk.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*" - ], - "Sid": "EBSLR" - }, - { - "Action": [ - "s3:Delete*", - "s3:Get*", - "s3:Put*" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::elasticbeanstalk-*/*", - "arn:aws:s3:::elasticbeanstalk-env-resources-*/*" - ], - "Sid": "S3Obj" - }, - { - "Action": [ - "s3:GetBucket*", - "s3:ListBucket", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::elasticbeanstalk-*", - "Sid": "S3Bucket" - }, - { - "Action": [ - "cloudformation:CreateStack", - "cloudformation:DeleteStack", - "cloudformation:GetTemplate", - "cloudformation:ListStackResources", - "cloudformation:UpdateStack", - "cloudformation:ContinueUpdateRollback", - "cloudformation:CancelUpdateStack" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudformation:*:*:stack/awseb-e-*", - "Sid": "CFN" - }, - { - "Action": [ - "cloudwatch:PutMetricAlarm", - "cloudwatch:DeleteAlarms" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudwatch:*:*:alarm:awseb-*", - "Sid": "CloudWatch" - }, - { - "Action": [ - "elasticloadbalancing:Create*", - "elasticloadbalancing:Delete*", - "elasticloadbalancing:Modify*", - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:DeRegisterTargets", - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", - "elasticloadbalancing:RegisterInstancesWithLoadBalancer", - "elasticloadbalancing:*Tags", - "elasticloadbalancing:ConfigureHealthCheck", - "elasticloadbalancing:SetRulePriorities", - "elasticloadbalancing:SetLoadBalancerPoliciesOfListener" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/awseb-*/*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/awseb-*/*", - "arn:aws:elasticloadbalancing:*:*:listener/awseb-*", - "arn:aws:elasticloadbalancing:*:*:listener/app/awseb-*", - "arn:aws:elasticloadbalancing:*:*:listener/net/awseb-*", - "arn:aws:elasticloadbalancing:*:*:listener-rule/app/awseb-*/*/*/*" - ], - "Sid": "ELB" - }, - { - "Action": [ - "autoscaling:Describe*", - "cloudformation:Describe*", - "logs:Describe*", - "ec2:Describe*", - "ecs:Describe*", - "ecs:List*", - "elasticloadbalancing:Describe*", - "rds:Describe*", - "sns:List*", - "iam:List*", - "acm:Describe*", - "acm:List*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ListAPIs" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "elasticbeanstalk.amazonaws.com", - "ec2.amazonaws.com", - "autoscaling.amazonaws.com", - "elasticloadbalancing.amazonaws.com", - "ecs.amazonaws.com", - "cloudformation.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-elasticbeanstalk-*", - "Sid": "AllowPassRole" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4OXQ5DMW6K", - "PolicyName": "AWSElasticBeanstalkRoleCore", - "UpdateDate": "2020-09-09T20:31:14+00:00", - "VersionId": "v2" - }, - "AWSElasticBeanstalkRoleECS": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleECS", - "AttachmentCount": 0, - "CreateDate": "2020-06-05T21:47:27+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ecs:CreateCluster", - "ecs:DeleteCluster", - "ecs:RegisterTaskDefinition", - "ecs:DeRegisterTaskDefinition" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "AllowECS" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4ORP4E3ZEZ", - "PolicyName": "AWSElasticBeanstalkRoleECS", - "UpdateDate": "2020-06-05T21:47:27+00:00", - "VersionId": "v1" - }, - "AWSElasticBeanstalkRoleRDS": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleRDS", - "AttachmentCount": 0, - "CreateDate": "2020-06-05T21:46:55+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "rds:CreateDBSecurityGroup", - "rds:DeleteDBSecurityGroup", - "rds:AuthorizeDBSecurityGroupIngress", - "rds:CreateDBInstance", - "rds:ModifyDBInstance", - "rds:DeleteDBInstance" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:rds:*:*:secgrp:awseb-e-*", - "arn:aws:rds:*:*:db:*" - ], - "Sid": "AllowRDS" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4G5JWEESE4", - "PolicyName": "AWSElasticBeanstalkRoleRDS", - "UpdateDate": "2020-06-05T21:46:55+00:00", - "VersionId": "v1" - }, - "AWSElasticBeanstalkRoleSNS": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleSNS", - "AttachmentCount": 0, - "CreateDate": "2020-06-05T21:46:22+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "sns:CreateTopic", - "sns:SetTopicAttributes", - "sns:DeleteTopic" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sns:*:*:ElasticBeanstalkNotifications-*" - ], - "Sid": "AllowBeanstalkManageSNS" - }, - { - "Action": [ - "sns:GetTopicAttributes", - "sns:Subscribe", - "sns:Unsubscribe", - "sns:Publish" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowSNSPublish" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PARPZJ2UZ", - "PolicyName": "AWSElasticBeanstalkRoleSNS", - "UpdateDate": "2020-06-05T21:46:22+00:00", - "VersionId": "v1" - }, - "AWSElasticBeanstalkRoleWorkerTier": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleWorkerTier", - "AttachmentCount": 0, - "CreateDate": "2020-06-05T21:43:37+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "sqs:TagQueue", - "sqs:DeleteQueue", - "sqs:GetQueueAttributes", - "sqs:CreateQueue" - ], - "Effect": "Allow", - "Resource": "arn:aws:sqs:*:*:awseb-e-*", - "Sid": "AllowSQS" - }, - { - "Action": [ - "dynamodb:CreateTable", - "dynamodb:TagResource", - "dynamodb:DescribeTable", - "dynamodb:DeleteTable" - ], - "Effect": "Allow", - "Resource": "arn:aws:dynamodb:*:*:table/awseb-e-*", - "Sid": "AllowDDB" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LTO4NS2Z5", - "PolicyName": "AWSElasticBeanstalkRoleWorkerTier", - "UpdateDate": "2020-06-05T21:43:37+00:00", - "VersionId": "v1" - }, - "AWSElasticBeanstalkService": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService", - "AttachmentCount": 0, - "CreateDate": "2016-04-11T20:27:23+00:00", - "DefaultVersionId": "v16", - "Document": { - "Statement": [ - { - "Action": [ - "cloudformation:*" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:stack/awseb-*", - "arn:aws:cloudformation:*:*:stack/eb-*" - ], - "Sid": "AllowCloudformationOperationsOnElasticBeanstalkStacks" - }, - { - "Action": [ - "logs:DeleteLogGroup" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*" - ], - "Sid": "AllowDeleteCloudwatchLogGroups" - }, - { - "Action": [ - "s3:*" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::elasticbeanstalk-*", - "arn:aws:s3:::elasticbeanstalk-*/*" - ], - "Sid": "AllowS3OperationsOnElasticBeanstalkBuckets" - }, - { - "Action": "ec2:RunInstances", - "Condition": { - "ArnLike": { - "ec2:LaunchTemplate": "arn:aws:ec2:*:*:launch-template/*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowLaunchTemplateRunInstances" - }, - { - "Action": [ - "autoscaling:AttachInstances", - "autoscaling:CreateAutoScalingGroup", - "autoscaling:CreateLaunchConfiguration", - "autoscaling:DeleteLaunchConfiguration", - "autoscaling:DeleteAutoScalingGroup", - "autoscaling:DeleteScheduledAction", - "autoscaling:DescribeAccountLimits", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeLoadBalancers", - "autoscaling:DescribeNotificationConfigurations", - "autoscaling:DescribeScalingActivities", - "autoscaling:DescribeScheduledActions", - "autoscaling:DetachInstances", - "autoscaling:DeletePolicy", - "autoscaling:PutScalingPolicy", - "autoscaling:PutScheduledUpdateGroupAction", - "autoscaling:PutNotificationConfiguration", - "autoscaling:ResumeProcesses", - "autoscaling:SetDesiredCapacity", - "autoscaling:SuspendProcesses", - "autoscaling:TerminateInstanceInAutoScalingGroup", - "autoscaling:UpdateAutoScalingGroup", - "cloudwatch:PutMetricAlarm", - "ec2:AssociateAddress", - "ec2:AllocateAddress", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateLaunchTemplate", - "ec2:CreateLaunchTemplateVersion", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeLaunchTemplateVersions", - "ec2:DeleteLaunchTemplate", - "ec2:DeleteLaunchTemplateVersions", - "ec2:CreateSecurityGroup", - "ec2:DeleteSecurityGroup", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAddresses", - "ec2:DescribeImages", - "ec2:DescribeInstances", - "ec2:DescribeKeyPairs", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSnapshots", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeSpotInstanceRequests", - "ec2:DescribeVpcClassicLink", - "ec2:DisassociateAddress", - "ec2:ReleaseAddress", - "ec2:RevokeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress", - "ec2:TerminateInstances", - "ecs:CreateCluster", - "ecs:DeleteCluster", - "ecs:DescribeClusters", - "ecs:RegisterTaskDefinition", - "elasticbeanstalk:*", - "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", - "elasticloadbalancing:ConfigureHealthCheck", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", - "elasticloadbalancing:DescribeInstanceHealth", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:RegisterInstancesWithLoadBalancer", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:DeregisterTargets", - "iam:ListRoles", - "iam:PassRole", - "logs:CreateLogGroup", - "logs:PutRetentionPolicy", - "logs:DescribeLogGroups", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstances", - "rds:DescribeOrderableDBInstanceOptions", - "s3:GetObject", - "s3:GetObjectAcl", - "s3:ListBucket", - "sns:CreateTopic", - "sns:GetTopicAttributes", - "sns:ListSubscriptionsByTopic", - "sns:Subscribe", - "sns:SetTopicAttributes", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - "codebuild:CreateProject", - "codebuild:DeleteProject", - "codebuild:BatchGetBuilds", - "codebuild:StartBuild" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "AllowOperations" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJKQ5SN74ZQ4WASXBM", - "PolicyName": "AWSElasticBeanstalkService", - "UpdateDate": "2019-06-14T23:18:46+00:00", - "VersionId": "v16" - }, - "AWSElasticBeanstalkServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2017-09-13T23:46:37+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "cloudformation:DescribeStackResource", - "cloudformation:DescribeStackResources", - "cloudformation:DescribeStacks" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:stack/awseb-*", - "arn:aws:cloudformation:*:*:stack/eb-*" - ], - "Sid": "AllowCloudformationReadOperationsOnElasticBeanstalkStacks" - }, - { - "Action": [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:DescribeNotificationConfigurations", - "autoscaling:DescribeScalingActivities", - "autoscaling:PutNotificationConfiguration", - "ec2:DescribeInstanceStatus", - "ec2:AssociateAddress", - "ec2:DescribeAddresses", - "ec2:DescribeInstances", - "ec2:DescribeSecurityGroups", - "elasticloadbalancing:DescribeInstanceHealth", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:DescribeTargetGroups", - "lambda:GetFunction", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - "sns:Publish" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "AllowOperations" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:DeleteLogGroup", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*", - "Sid": "AllowOperationsOnHealthStreamingLogs" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIID62QSI3OSIPQXTM", - "PolicyName": "AWSElasticBeanstalkServiceRolePolicy", - "UpdateDate": "2019-06-06T21:59:51+00:00", - "VersionId": "v6" - }, - "AWSElasticBeanstalkWebTier": { - "Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier", - "AttachmentCount": 0, - "CreateDate": "2016-02-08T23:08:54+00:00", - "DefaultVersionId": "v7", - "Document": { - "Statement": [ - { - "Action": [ - "s3:Get*", - "s3:List*", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::elasticbeanstalk-*", - "arn:aws:s3:::elasticbeanstalk-*/*" - ], - "Sid": "BucketAccess" - }, - { - "Action": [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - "xray:GetSamplingRules", - "xray:GetSamplingTargets", - "xray:GetSamplingStatisticSummaries" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "XRayAccess" - }, - { - "Action": [ - "logs:PutLogEvents", - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:DescribeLogGroups" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*" - ], - "Sid": "CloudWatchLogsAccess" - }, - { - "Action": [ - "elasticbeanstalk:PutInstanceStatistics" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:elasticbeanstalk:*:*:application/*", - "arn:aws:elasticbeanstalk:*:*:environment/*" - ], - "Sid": "ElasticBeanstalkHealthAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIUF4325SJYOREKW3A", - "PolicyName": "AWSElasticBeanstalkWebTier", - "UpdateDate": "2020-09-09T19:38:36+00:00", - "VersionId": "v7" - }, - "AWSElasticBeanstalkWorkerTier": { - "Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier", - "AttachmentCount": 0, - "CreateDate": "2016-02-08T23:12:02+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:PutMetricData" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "MetricsAccess" - }, - { - "Action": [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - "xray:GetSamplingRules", - "xray:GetSamplingTargets", - "xray:GetSamplingStatisticSummaries" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "XRayAccess" - }, - { - "Action": [ - "sqs:ChangeMessageVisibility", - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "QueueAccess" - }, - { - "Action": [ - "s3:Get*", - "s3:List*", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::elasticbeanstalk-*", - "arn:aws:s3:::elasticbeanstalk-*/*" - ], - "Sid": "BucketAccess" - }, - { - "Action": [ - "dynamodb:BatchGetItem", - "dynamodb:BatchWriteItem", - "dynamodb:DeleteItem", - "dynamodb:GetItem", - "dynamodb:PutItem", - "dynamodb:Query", - "dynamodb:Scan", - "dynamodb:UpdateItem" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:dynamodb:*:*:table/*-stack-AWSEBWorkerCronLeaderRegistry*" - ], - "Sid": "DynamoPeriodicTasks" - }, - { - "Action": [ - "logs:PutLogEvents", - "logs:CreateLogStream" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*" - ], - "Sid": "CloudWatchLogsAccess" - }, - { - "Action": [ - "elasticbeanstalk:PutInstanceStatistics" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:elasticbeanstalk:*:*:application/*", - "arn:aws:elasticbeanstalk:*:*:environment/*" - ], - "Sid": "ElasticBeanstalkHealthAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJQDLBRSJVKVF4JMSK", - "PolicyName": "AWSElasticBeanstalkWorkerTier", - "UpdateDate": "2020-09-09T19:53:40+00:00", - "VersionId": "v6" - }, - "AWSElasticDisasterRecoveryAgentInstallationPolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSElasticDisasterRecoveryAgentInstallationPolicy", - "AttachmentCount": 0, - "CreateDate": "2021-11-17T10:37:54+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "drs:GetAgentInstallationAssetsForDrs", - "drs:SendClientLogsForDrs", - "drs:CreateSourceServerForDrs", - "drs:CreateRecoveryInstanceForDrs", - "drs:DescribeRecoveryInstances" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "drs:TagResource", - "drs:IssueAgentCertificateForDrs" - ], - "Effect": "Allow", - "Resource": "arn:aws:drs:*:*:source-server/*" - }, - { - "Action": [ - "drs:TagResource" - ], - "Effect": "Allow", - "Resource": "arn:aws:drs:*:*:recovery-instance/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LHPRHPQKB", - "PolicyName": "AWSElasticDisasterRecoveryAgentInstallationPolicy", - "UpdateDate": "2021-11-17T10:37:54+00:00", - "VersionId": "v1" - }, - "AWSElasticDisasterRecoveryAgentPolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryAgentPolicy", - "AttachmentCount": 0, - "CreateDate": "2021-11-17T10:32:32+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "drs:SendAgentMetricsForDrs", - "drs:SendAgentLogsForDrs", - "drs:UpdateAgentSourcePropertiesForDrs", - "drs:UpdateAgentReplicationInfoForDrs", - "drs:UpdateAgentConversionInfoForDrs", - "drs:GetAgentCommandForDrs", - "drs:GetAgentConfirmedResumeInfoForDrs", - "drs:GetAgentRuntimeConfigurationForDrs", - "drs:UpdateAgentBacklogForDrs", - "drs:GetAgentReplicationInfoForDrs", - "drs:IssueAgentCertificateForDrs" - ], - "Effect": "Allow", - "Resource": "arn:aws:drs:*:*:source-server/${aws:SourceIdentity}" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4IPFHAAF4L", - "PolicyName": "AWSElasticDisasterRecoveryAgentPolicy", - "UpdateDate": "2021-11-17T10:32:32+00:00", - "VersionId": "v1" - }, - "AWSElasticDisasterRecoveryConsoleFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSElasticDisasterRecoveryConsoleFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-11-17T10:46:29+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "drs:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:ListAliases", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeImages", - "ec2:DescribeInstances", - "ec2:DescribeInstanceTypes", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeInstanceStatus", - "ec2:DescribeInstanceTypeOfferings", - "ec2:DescribeLaunchTemplateVersions", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSnapshots", - "ec2:DescribeSubnets", - "ec2:DescribeVolumes", - "ec2:GetEbsEncryptionByDefault", - "ec2:GetEbsDefaultKmsKeyId" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "license-manager:ListLicenseConfigurations", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "resource-groups:ListGroups", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "elasticloadbalancing:DescribeLoadBalancers", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:ListInstanceProfiles", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": "ec2.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryConversionServerRole", - "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryRecoveryInstanceRole" - ] - }, - { - "Action": [ - "ec2:DeleteSnapshot" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:snapshot/*" - }, - { - "Action": [ - "ec2:CreateLaunchTemplateVersion", - "ec2:ModifyLaunchTemplate", - "ec2:DeleteLaunchTemplateVersions" - ], - "Condition": { - "Null": { - "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:launch-template/*" - }, - { - "Action": [ - "ec2:DeleteVolume" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": [ - "ec2:StartInstances", - "ec2:StopInstances", - "ec2:TerminateInstances", - "ec2:ModifyInstanceAttribute", - "ec2:GetConsoleOutput", - "ec2:GetConsoleScreenshot" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "ec2:RevokeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:AuthorizeSecurityGroupEgress" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:security-group/*" - }, - { - "Action": [ - "ec2:CreateVolume" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "aws:RequestTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": "ec2:CreateSecurityGroup", - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:vpc/*" - }, - { - "Action": [ - "ec2:CreateSecurityGroup" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "aws:RequestTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:security-group/*" - }, - { - "Action": [ - "ec2:CreateSnapshot" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "ec2:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": [ - "ec2:CreateSnapshot" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "aws:RequestTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:snapshot/*" - }, - { - "Action": [ - "ec2:DetachVolume", - "ec2:AttachVolume" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "ec2:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "ec2:AttachVolume" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "ec2:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": [ - "ec2:DetachVolume" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": [ - "ec2:RunInstances" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "Null": { - "aws:RequestTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "ec2:RunInstances" - ], - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:image/*", - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:launch-template/*" - ] - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "Bool": { - "aws:ViaAWSService": "true" - }, - "StringEquals": { - "ec2:CreateAction": [ - "CreateSecurityGroup", - "CreateVolume", - "CreateSnapshot", - "RunInstances" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:snapshot/*", - "arn:aws:ec2:*:*:instance/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LCQTK3F7W", - "PolicyName": "AWSElasticDisasterRecoveryConsoleFullAccess", - "UpdateDate": "2021-11-17T10:46:29+00:00", - "VersionId": "v1" - }, - "AWSElasticDisasterRecoveryConversionServerPolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryConversionServerPolicy", - "AttachmentCount": 0, - "CreateDate": "2021-11-17T13:42:23+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "drs:SendClientMetricsForDrs", - "drs:SendClientLogsForDrs" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "drs:GetChannelCommandsForDrs", - "drs:SendChannelCommandResultForDrs" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4G7IPHJVFX", - "PolicyName": "AWSElasticDisasterRecoveryConversionServerPolicy", - "UpdateDate": "2021-11-17T13:42:23+00:00", - "VersionId": "v1" - }, - "AWSElasticDisasterRecoveryFailbackInstallationPolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSElasticDisasterRecoveryFailbackInstallationPolicy", - "AttachmentCount": 0, - "CreateDate": "2021-11-17T11:02:03+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "drs:SendClientLogsForDrs", - "drs:SendClientMetricsForDrs", - "drs:DescribeRecoveryInstances", - "drs:DescribeSourceServers" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "drs:TagResource", - "drs:IssueAgentCertificateForDrs", - "drs:AssociateFailbackClientToRecoveryInstanceForDrs", - "drs:GetSuggestedFailbackClientDeviceMappingForDrs", - "drs:UpdateFailbackClientDeviceMappingForDrs" - ], - "Effect": "Allow", - "Resource": "arn:aws:drs:*:*:recovery-instance/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JWDYEAMTS", - "PolicyName": "AWSElasticDisasterRecoveryFailbackInstallationPolicy", - "UpdateDate": "2021-11-17T11:02:03+00:00", - "VersionId": "v1" - }, - "AWSElasticDisasterRecoveryFailbackPolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryFailbackPolicy", - "AttachmentCount": 0, - "CreateDate": "2021-11-17T10:41:40+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "drs:SendClientMetricsForDrs", - "drs:SendClientLogsForDrs" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "drs:GetChannelCommandsForDrs", - "drs:SendChannelCommandResultForDrs" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "drs:DescribeReplicationServerAssociationsForDrs", - "drs:DescribeRecoveryInstances" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "drs:GetFailbackCommandForDrs", - "drs:UpdateFailbackClientLastSeenForDrs", - "drs:NotifyAgentAuthenticationForDrs", - "drs:UpdateAgentReplicationProcessStateForDrs", - "drs:NotifyAgentReplicationProgressForDrs", - "drs:NotifyAgentConnectedForDrs", - "drs:NotifyAgentDisconnectedForDrs", - "drs:NotifyConsistencyAttainedForDrs", - "drs:GetFailbackLaunchRequestedForDrs", - "drs:IssueAgentCertificateForDrs" - ], - "Effect": "Allow", - "Resource": "arn:aws:drs:*:*:recovery-instance/${aws:SourceIdentity}" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FSEIUN7KZ", - "PolicyName": "AWSElasticDisasterRecoveryFailbackPolicy", - "UpdateDate": "2021-11-17T10:41:40+00:00", - "VersionId": "v1" - }, - "AWSElasticDisasterRecoveryReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSElasticDisasterRecoveryReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2021-11-17T10:50:05+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "drs:DescribeJobLogItems", - "drs:DescribeJobs", - "drs:DescribeRecoveryInstances", - "drs:DescribeRecoverySnapshots", - "drs:DescribeReplicationConfigurationTemplates", - "drs:DescribeSourceServers", - "drs:GetFailbackReplicationConfiguration", - "drs:GetLaunchConfiguration", - "drs:GetReplicationConfiguration", - "drs:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeLaunchTemplateVersions", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4AACAUJE3T", - "PolicyName": "AWSElasticDisasterRecoveryReadOnlyAccess", - "UpdateDate": "2021-11-17T10:50:05+00:00", - "VersionId": "v1" - }, - "AWSElasticDisasterRecoveryRecoveryInstancePolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryRecoveryInstancePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-11-17T10:20:43+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "drs:SendAgentMetricsForDrs", - "drs:SendAgentLogsForDrs", - "drs:UpdateAgentSourcePropertiesForDrs", - "drs:UpdateAgentReplicationInfoForDrs", - "drs:UpdateAgentConversionInfoForDrs", - "drs:GetAgentCommandForDrs", - "drs:GetAgentConfirmedResumeInfoForDrs", - "drs:GetAgentRuntimeConfigurationForDrs", - "drs:UpdateAgentBacklogForDrs", - "drs:GetAgentReplicationInfoForDrs", - "drs:UpdateReplicationCertificateForDrs", - "drs:NotifyReplicationServerAuthenticationForDrs" - ], - "Condition": { - "StringEquals": { - "drs:EC2InstanceARN": "${ec2:SourceInstanceARN}" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:drs:*:*:recovery-instance/*" - }, - { - "Action": [ - "drs:DescribeRecoveryInstances" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeInstanceTypes" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NGCMXUFTL", - "PolicyName": "AWSElasticDisasterRecoveryRecoveryInstancePolicy", - "UpdateDate": "2021-11-17T10:20:43+00:00", - "VersionId": "v1" - }, - "AWSElasticDisasterRecoveryReplicationServerPolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryReplicationServerPolicy", - "AttachmentCount": 0, - "CreateDate": "2021-11-17T13:34:00+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "drs:SendClientMetricsForDrs", - "drs:SendClientLogsForDrs" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "drs:GetChannelCommandsForDrs", - "drs:SendChannelCommandResultForDrs" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "drs:GetAgentSnapshotCreditsForDrs", - "drs:DescribeReplicationServerAssociationsForDrs", - "drs:DescribeSnapshotRequestsForDrs", - "drs:BatchDeleteSnapshotRequestForDrs", - "drs:NotifyAgentAuthenticationForDrs", - "drs:BatchCreateVolumeSnapshotGroupForDrs", - "drs:UpdateAgentReplicationProcessStateForDrs", - "drs:NotifyAgentReplicationProgressForDrs", - "drs:NotifyAgentConnectedForDrs", - "drs:NotifyAgentDisconnectedForDrs" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeSnapshots" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateSnapshot" - ], - "Condition": { - "Null": { - "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": [ - "ec2:CreateSnapshot" - ], - "Condition": { - "Null": { - "aws:RequestTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:snapshot/*" - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "ec2:CreateAction": "CreateSnapshot" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PHOT5QARB", - "PolicyName": "AWSElasticDisasterRecoveryReplicationServerPolicy", - "UpdateDate": "2021-11-17T13:34:00+00:00", - "VersionId": "v1" - }, - "AWSElasticDisasterRecoveryServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticDisasterRecoveryServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-11-17T10:56:17+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "drs:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "drs:CreateRecoveryInstanceForDrs", - "drs:TagResource" - ], - "Effect": "Allow", - "Resource": "arn:aws:drs:*:*:recovery-instance/*" - }, - { - "Action": "iam:GetInstanceProfile", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "kms:ListRetirableGrants", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeImages", - "ec2:DescribeInstances", - "ec2:DescribeInstanceTypes", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeInstanceStatus", - "ec2:DescribeLaunchTemplateVersions", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSnapshots", - "ec2:DescribeSubnets", - "ec2:DescribeVolumes", - "ec2:GetEbsDefaultKmsKeyId", - "ec2:GetEbsEncryptionByDefault" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:RegisterImage" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DeregisterImage" - ], - "Condition": { - "Null": { - "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DeleteSnapshot" - ], - "Condition": { - "Null": { - "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:snapshot/*" - }, - { - "Action": [ - "ec2:CreateLaunchTemplateVersion", - "ec2:ModifyLaunchTemplate", - "ec2:DeleteLaunchTemplate", - "ec2:DeleteLaunchTemplateVersions" - ], - "Condition": { - "Null": { - "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:launch-template/*" - }, - { - "Action": [ - "ec2:DeleteVolume" - ], - "Condition": { - "Null": { - "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": [ - "ec2:StartInstances", - "ec2:StopInstances", - "ec2:TerminateInstances", - "ec2:ModifyInstanceAttribute", - "ec2:GetConsoleOutput", - "ec2:GetConsoleScreenshot" - ], - "Condition": { - "Null": { - "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "ec2:RevokeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:AuthorizeSecurityGroupEgress" - ], - "Condition": { - "Null": { - "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:security-group/*" - }, - { - "Action": [ - "ec2:CreateVolume" - ], - "Condition": { - "Null": { - "aws:RequestTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": [ - "ec2:CreateSecurityGroup" - ], - "Condition": { - "Null": { - "aws:RequestTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:security-group/*" - }, - { - "Action": [ - "ec2:CreateSecurityGroup" - ], - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:vpc/*" - }, - { - "Action": [ - "ec2:CreateLaunchTemplate" - ], - "Condition": { - "Null": { - "aws:RequestTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:launch-template/*" - }, - { - "Action": [ - "ec2:CreateSnapshot" - ], - "Condition": { - "Null": { - "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": [ - "ec2:CreateSnapshot" - ], - "Condition": { - "Null": { - "aws:RequestTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:snapshot/*" - }, - { - "Action": [ - "ec2:DetachVolume", - "ec2:AttachVolume" - ], - "Condition": { - "Null": { - "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "ec2:AttachVolume" - ], - "Condition": { - "Null": { - "aws:ResourceTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": [ - "ec2:DetachVolume" - ], - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": [ - "ec2:RunInstances" - ], - "Condition": { - "Null": { - "aws:RequestTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "ec2:RunInstances" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:image/*", - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:launch-template/*" - ] - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": "ec2.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryReplicationServerRole", - "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryConversionServerRole", - "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryRecoveryInstanceRole" - ] - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "ec2:CreateAction": [ - "CreateLaunchTemplate", - "CreateSecurityGroup", - "CreateVolume", - "CreateSnapshot", - "RunInstances" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:launch-template/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:snapshot/*", - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "Null": { - "aws:RequestTag/AWSElasticDisasterRecoveryManaged": "false" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:image/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4HALZVJBJX", - "PolicyName": "AWSElasticDisasterRecoveryServiceRolePolicy", - "UpdateDate": "2021-11-17T10:56:17+00:00", - "VersionId": "v1" - }, - "AWSElasticLoadBalancingClassicServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticLoadBalancingClassicServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2017-09-19T22:36:18+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeAddresses", - "ec2:DescribeInstances", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", - "ec2:DescribeVpcs", - "ec2:DescribeInternetGateways", - "ec2:DescribeAccountAttributes", - "ec2:DescribeClassicLinkInstances", - "ec2:DescribeVpcClassicLink", - "ec2:CreateSecurityGroup", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:AssociateAddress", - "ec2:DisassociateAddress", - "ec2:AttachNetworkInterface", - "ec2:DetachNetworkInterface", - "ec2:AssignPrivateIpAddresses", - "ec2:AssignIpv6Addresses", - "ec2:UnassignIpv6Addresses" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIUMWW3QP7DPZPNVU4", - "PolicyName": "AWSElasticLoadBalancingClassicServiceRolePolicy", - "UpdateDate": "2019-10-07T23:04:27+00:00", - "VersionId": "v2" - }, - "AWSElasticLoadBalancingServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticLoadBalancingServiceRolePolicy", - "AttachmentCount": 1, - "CreateDate": "2017-09-19T22:19:04+00:00", - "DefaultVersionId": "v7", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeAddresses", - "ec2:DescribeCoipPools", - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", - "ec2:DescribeVpcs", - "ec2:DescribeInternetGateways", - "ec2:DescribeAccountAttributes", - "ec2:DescribeClassicLinkInstances", - "ec2:DescribeVpcClassicLink", - "ec2:CreateSecurityGroup", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:GetCoipPoolUsage", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:AllocateAddress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:AssociateAddress", - "ec2:DisassociateAddress", - "ec2:AttachNetworkInterface", - "ec2:DetachNetworkInterface", - "ec2:AssignPrivateIpAddresses", - "ec2:AssignIpv6Addresses", - "ec2:ReleaseAddress", - "ec2:UnassignIpv6Addresses", - "ec2:DescribeVpcPeeringConnections", - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - "outposts:GetOutpostInstanceTypes" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIMHWGGSRHLOQUICJQ", - "PolicyName": "AWSElasticLoadBalancingServiceRolePolicy", - "UpdateDate": "2021-08-26T19:01:48+00:00", - "VersionId": "v7" - }, - "AWSElementalMediaConvertFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaConvertFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-06-25T19:25:35+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "mediaconvert:*", - "s3:ListAllMyBuckets", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": [ - "mediaconvert.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIXDREOCL6LV7RBJWC", - "PolicyName": "AWSElementalMediaConvertFullAccess", - "UpdateDate": "2019-06-10T22:52:25+00:00", - "VersionId": "v2" - }, - "AWSElementalMediaConvertReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaConvertReadOnly", - "AttachmentCount": 0, - "CreateDate": "2018-06-25T19:25:14+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "mediaconvert:Get*", - "mediaconvert:List*", - "mediaconvert:DescribeEndpoints", - "s3:ListAllMyBuckets", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJSXYOBSLJN3JEDO42", - "PolicyName": "AWSElementalMediaConvertReadOnly", - "UpdateDate": "2019-06-10T22:52:18+00:00", - "VersionId": "v2" - }, - "AWSElementalMediaLiveFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaLiveFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-07-08T17:07:14+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": { - "Action": "medialive:*", - "Effect": "Allow", - "Resource": "*" - }, - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4K5KSJBKUE", - "PolicyName": "AWSElementalMediaLiveFullAccess", - "UpdateDate": "2020-07-08T17:07:14+00:00", - "VersionId": "v1" - }, - "AWSElementalMediaLiveReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaLiveReadOnly", - "AttachmentCount": 0, - "CreateDate": "2020-07-08T16:38:07+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": { - "Action": [ - "medialive:List*", - "medialive:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - }, - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4L7DTGZPRO", - "PolicyName": "AWSElementalMediaLiveReadOnly", - "UpdateDate": "2020-07-08T16:38:07+00:00", - "VersionId": "v1" - }, - "AWSElementalMediaPackageFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaPackageFullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-12-29T23:39:52+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": { - "Action": "mediapackage:*", - "Effect": "Allow", - "Resource": "*" - }, - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIYI6IYR3JRFAVNQHC", - "PolicyName": "AWSElementalMediaPackageFullAccess", - "UpdateDate": "2017-12-29T23:39:52+00:00", - "VersionId": "v1" - }, - "AWSElementalMediaPackageReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaPackageReadOnly", - "AttachmentCount": 0, - "CreateDate": "2017-12-30T00:04:29+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": { - "Action": [ - "mediapackage:List*", - "mediapackage:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - }, - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ42DVTPUHKXNYZQCO", - "PolicyName": "AWSElementalMediaPackageReadOnly", - "UpdateDate": "2017-12-30T00:04:29+00:00", - "VersionId": "v1" - }, - "AWSElementalMediaStoreFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaStoreFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-03-05T23:15:31+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "mediastore:*" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJZFYFW2QXSNK7OH6Y", - "PolicyName": "AWSElementalMediaStoreFullAccess", - "UpdateDate": "2018-03-05T23:15:31+00:00", - "VersionId": "v1" - }, - "AWSElementalMediaStoreReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaStoreReadOnly", - "AttachmentCount": 0, - "CreateDate": "2018-03-08T19:48:22+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "mediastore:Get*", - "mediastore:List*", - "mediastore:Describe*" - ], - "Condition": { - "Bool": { - "aws:SecureTransport": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI4EFXRATQYOFTAEFM", - "PolicyName": "AWSElementalMediaStoreReadOnly", - "UpdateDate": "2018-03-08T19:48:22+00:00", - "VersionId": "v1" - }, - "AWSElementalMediaTailorFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaTailorFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-11-23T00:04:39+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": { - "Action": "mediatailor:*", - "Effect": "Allow", - "Resource": "*" - }, - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NNHQVB6BS", - "PolicyName": "AWSElementalMediaTailorFullAccess", - "UpdateDate": "2021-11-23T00:04:39+00:00", - "VersionId": "v1" - }, - "AWSElementalMediaTailorReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaTailorReadOnly", - "AttachmentCount": 0, - "CreateDate": "2021-11-23T00:05:01+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": { - "Action": [ - "mediatailor:List*", - "mediatailor:Describe*", - "mediatailor:Get*" - ], - "Effect": "Allow", - "Resource": "*" - }, - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4BINASLBHU", - "PolicyName": "AWSElementalMediaTailorReadOnly", - "UpdateDate": "2021-11-23T00:05:01+00:00", - "VersionId": "v1" - }, - "AWSEnhancedClassicNetworkingMangementPolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEnhancedClassicNetworkingMangementPolicy", - "AttachmentCount": 0, - "CreateDate": "2017-09-20T17:29:09+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeSecurityGroups" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI7T4V2HZTS72QVO52", - "PolicyName": "AWSEnhancedClassicNetworkingMangementPolicy", - "UpdateDate": "2017-09-20T17:29:09+00:00", - "VersionId": "v1" - }, - "AWSFMAdminFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSFMAdminFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-05-09T18:06:18+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "fms:*", - "waf:*", - "waf-regional:*", - "elasticloadbalancing:SetWebACL", - "organizations:DescribeOrganization" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJLAGM5X6WSNPF4EAQ", - "PolicyName": "AWSFMAdminFullAccess", - "UpdateDate": "2018-05-09T18:06:18+00:00", - "VersionId": "v1" - }, - "AWSFMAdminReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSFMAdminReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2018-05-09T20:07:39+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "fms:Get*", - "fms:List*", - "waf:Get*", - "waf:List*", - "waf-regional:Get*", - "waf-regional:List*", - "organizations:DescribeOrganization" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJA3UKVVBN62QFIKLW", - "PolicyName": "AWSFMAdminReadOnlyAccess", - "UpdateDate": "2018-05-09T20:07:39+00:00", - "VersionId": "v1" - }, - "AWSFMMemberReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSFMMemberReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2018-05-09T21:05:29+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "fms:GetAdminAccount", - "waf:Get*", - "waf:List*", - "waf-regional:Get*", - "waf-regional:List*", - "organizations:DescribeOrganization" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIB2IVAQ4XXNHHA3DW", - "PolicyName": "AWSFMMemberReadOnlyAccess", - "UpdateDate": "2018-05-09T21:05:29+00:00", - "VersionId": "v1" - }, - "AWSForWordPressPluginPolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSForWordPressPluginPolicy", - "AttachmentCount": 0, - "CreateDate": "2019-10-30T00:27:46+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "polly:SynthesizeSpeech", - "polly:DescribeVoices", - "translate:TranslateText" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "Permissions1" - }, - { - "Action": [ - "s3:ListBucket", - "s3:GetBucketAcl", - "s3:GetBucketPolicy", - "s3:PutObject", - "s3:DeleteObject", - "s3:CreateBucket", - "s3:PutObjectAcl" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::audio_for_wordpress*", - "arn:aws:s3:::audio-for-wordpress*" - ], - "Sid": "Permissions2" - }, - { - "Action": [ - "acm:AddTagsToCertificate", - "acm:DescribeCertificate", - "acm:RequestCertificate", - "cloudformation:CreateStack", - "cloudfront:ListDistributions" - ], - "Condition": { - "StringEquals": { - "aws:RequestedRegion": "us-east-1" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "Permissions3" - }, - { - "Action": [ - "acm:DeleteCertificate", - "cloudformation:DeleteStack", - "cloudformation:DescribeStackEvents", - "cloudformation:DescribeStackResources", - "cloudformation:UpdateStack", - "cloudfront:CreateDistribution", - "cloudfront:CreateInvalidation", - "cloudfront:DeleteDistribution", - "cloudfront:GetDistribution", - "cloudfront:GetInvalidation", - "cloudfront:TagResource", - "cloudfront:UpdateDistribution" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/createdBy": "AWSForWordPressPlugin" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "Permissions4" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KEKYXDWNJ", - "PolicyName": "AWSForWordPressPluginPolicy", - "UpdateDate": "2020-01-20T23:20:47+00:00", - "VersionId": "v2" - }, - "AWSGlobalAcceleratorSLRPolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSGlobalAcceleratorSLRPolicy", - "AttachmentCount": 1, - "CreateDate": "2019-04-05T19:39:13+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeInstances", - "ec2:DescribeInternetGateways", - "ec2:DescribeSubnets", - "ec2:DescribeRegions", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:DeleteNetworkInterface" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DeleteSecurityGroup", - "ec2:AssignIpv6Addresses", - "ec2:UnassignIpv6Addresses" - ], - "Condition": { - "StringEquals": { - "ec2:ResourceTag/AWSServiceName": "GlobalAccelerator" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateSecurityGroup", - "ec2:DescribeSecurityGroups" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "elasticloadbalancing:DescribeLoadBalancers", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:CreateTags", - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:network-interface/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4EJ5ZEQR2C", - "PolicyName": "AWSGlobalAcceleratorSLRPolicy", - "UpdateDate": "2021-11-02T18:33:56+00:00", - "VersionId": "v6" - }, - "AWSGlueConsoleFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSGlueConsoleFullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-08-14T13:37:39+00:00", - "DefaultVersionId": "v12", - "Document": { - "Statement": [ - { - "Action": [ - "glue:*", - "redshift:DescribeClusters", - "redshift:DescribeClusterSubnetGroups", - "iam:ListRoles", - "iam:ListUsers", - "iam:ListGroups", - "iam:ListRolePolicies", - "iam:GetRole", - "iam:GetRolePolicy", - "iam:ListAttachedRolePolicies", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeRouteTables", - "ec2:DescribeVpcAttribute", - "ec2:DescribeKeyPairs", - "ec2:DescribeInstances", - "ec2:DescribeImages", - "rds:DescribeDBInstances", - "rds:DescribeDBClusters", - "rds:DescribeDBSubnetGroups", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "s3:GetBucketAcl", - "s3:GetBucketLocation", - "cloudformation:DescribeStacks", - "cloudformation:GetTemplateSummary", - "dynamodb:ListTables", - "kms:ListAliases", - "kms:DescribeKey", - "cloudwatch:GetMetricData", - "cloudwatch:ListDashboards" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "s3:GetObject", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-glue-*/*", - "arn:aws:s3:::*/*aws-glue-*/*", - "arn:aws:s3:::aws-glue-*" - ] - }, - { - "Action": [ - "tag:GetResources" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "s3:CreateBucket" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-glue-*" - ] - }, - { - "Action": [ - "logs:GetLogEvents" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:/aws-glue/*" - ] - }, - { - "Action": [ - "cloudformation:CreateStack", - "cloudformation:DeleteStack" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudformation:*:*:stack/aws-glue*/*" - }, - { - "Action": [ - "ec2:RunInstances" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:key-pair/*", - "arn:aws:ec2:*:*:image/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:volume/*" - ] - }, - { - "Action": [ - "ec2:TerminateInstances", - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "StringEquals": { - "ec2:ResourceTag/aws:cloudformation:logical-id": "ZeppelinInstance" - }, - "StringLike": { - "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/aws-glue-*/*" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": [ - "glue.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/AWSGlueServiceRole*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": [ - "ec2.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/AWSGlueServiceNotebookRole*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": [ - "glue.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/service-role/AWSGlueServiceRole*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJNZGDEOD7MISOVSVI", - "PolicyName": "AWSGlueConsoleFullAccess", - "UpdateDate": "2019-02-11T19:49:01+00:00", - "VersionId": "v12" - }, - "AWSGlueConsoleSageMakerNotebookFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSGlueConsoleSageMakerNotebookFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-10-05T17:52:35+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "glue:*", - "redshift:DescribeClusters", - "redshift:DescribeClusterSubnetGroups", - "iam:ListRoles", - "iam:ListRolePolicies", - "iam:GetRole", - "iam:GetRolePolicy", - "iam:ListAttachedRolePolicies", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeRouteTables", - "ec2:DescribeVpcAttribute", - "ec2:DescribeKeyPairs", - "ec2:DescribeInstances", - "ec2:DescribeImages", - "ec2:CreateNetworkInterface", - "ec2:AttachNetworkInterface", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:DeleteNetworkInterface", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInternetGateways", - "ec2:DescribeNetworkInterfaces", - "rds:DescribeDBInstances", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "s3:GetBucketAcl", - "s3:GetBucketLocation", - "cloudformation:DescribeStacks", - "cloudformation:GetTemplateSummary", - "dynamodb:ListTables", - "kms:ListAliases", - "kms:DescribeKey", - "sagemaker:ListNotebookInstances", - "cloudformation:ListStacks", - "cloudwatch:GetMetricData", - "cloudwatch:ListDashboards" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "s3:GetObject", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*/*aws-glue-*/*", - "arn:aws:s3:::aws-glue-*" - ] - }, - { - "Action": [ - "s3:CreateBucket" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-glue-*" - ] - }, - { - "Action": [ - "logs:GetLogEvents" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:/aws-glue/*" - ] - }, - { - "Action": [ - "cloudformation:CreateStack", - "cloudformation:DeleteStack" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudformation:*:*:stack/aws-glue*/*" - }, - { - "Action": [ - "sagemaker:CreatePresignedNotebookInstanceUrl", - "sagemaker:CreateNotebookInstance", - "sagemaker:DeleteNotebookInstance", - "sagemaker:DescribeNotebookInstance", - "sagemaker:StartNotebookInstance", - "sagemaker:StopNotebookInstance", - "sagemaker:UpdateNotebookInstance", - "sagemaker:ListTags" - ], - "Effect": "Allow", - "Resource": "arn:aws:sagemaker:*:*:notebook-instance/aws-glue-*" - }, - { - "Action": [ - "sagemaker:DescribeNotebookInstanceLifecycleConfig", - "sagemaker:CreateNotebookInstanceLifecycleConfig", - "sagemaker:DeleteNotebookInstanceLifecycleConfig", - "sagemaker:ListNotebookInstanceLifecycleConfigs" - ], - "Effect": "Allow", - "Resource": "arn:aws:sagemaker:*:*:notebook-instance-lifecycle-config/aws-glue-*" - }, - { - "Action": [ - "ec2:RunInstances" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:key-pair/*", - "arn:aws:ec2:*:*:image/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:volume/*" - ] - }, - { - "Action": [ - "ec2:TerminateInstances", - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "StringEquals": { - "ec2:ResourceTag/aws:cloudformation:logical-id": "ZeppelinInstance" - }, - "StringLike": { - "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/aws-glue-*/*" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": [ - "tag:GetResources" - ], - "Condition": { - "ForAllValues:StringLike": { - "aws:TagKeys": [ - "aws-glue-*" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": [ - "glue.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/AWSGlueServiceRole*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": [ - "ec2.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/AWSGlueServiceNotebookRole*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": [ - "sagemaker.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/AWSGlueServiceSageMakerNotebookRole*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": [ - "glue.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/service-role/AWSGlueServiceRole*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJELFOHJC42QS3ZSYY", - "PolicyName": "AWSGlueConsoleSageMakerNotebookFullAccess", - "UpdateDate": "2021-07-15T15:24:19+00:00", - "VersionId": "v3" - }, - "AWSGlueDataBrewServiceRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSGlueDataBrewServiceRole", - "AttachmentCount": 0, - "CreateDate": "2020-12-04T21:26:50+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "glue:GetDatabases", - "glue:GetPartitions", - "glue:GetTable", - "glue:GetTables", - "glue:GetConnection" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "s3:ListBucket", - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::databrew-public-datasets-*" - ] - }, - { - "Action": [ - "ec2:DescribeVpcEndpoints", - "ec2:DescribeRouteTables", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:CreateNetworkInterface" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "ec2:DeleteNetworkInterface", - "Condition": { - "StringLike": { - "aws:ResourceTag/aws-glue-service-resource": "*" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": [ - "aws-glue-service-resource" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws-glue-databrew/*" - ] - }, - { - "Action": [ - "lakeformation:GetDataAccess" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "secretsmanager:GetSecretValue" - ], - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:secret:databrew!default-*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4HSXDEANHC", - "PolicyName": "AWSGlueDataBrewServiceRole", - "UpdateDate": "2021-11-18T19:44:16+00:00", - "VersionId": "v2" - }, - "AWSGlueSchemaRegistryFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSGlueSchemaRegistryFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-11-20T00:19:00+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "glue:CreateRegistry", - "glue:UpdateRegistry", - "glue:DeleteRegistry", - "glue:GetRegistry", - "glue:ListRegistries", - "glue:CreateSchema", - "glue:UpdateSchema", - "glue:DeleteSchema", - "glue:GetSchema", - "glue:ListSchemas", - "glue:RegisterSchemaVersion", - "glue:DeleteSchemaVersions", - "glue:GetSchemaByDefinition", - "glue:GetSchemaVersion", - "glue:GetSchemaVersionsDiff", - "glue:ListSchemaVersions", - "glue:CheckSchemaVersionValidity", - "glue:PutSchemaVersionMetadata", - "glue:RemoveSchemaVersionMetadata", - "glue:QuerySchemaVersionMetadata" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "AWSGlueSchemaRegistryFullAccess" - }, - { - "Action": [ - "glue:GetTags", - "glue:TagResource", - "glue:UnTagResource" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:glue:*:*:schema/*", - "arn:aws:glue:*:*:registry/*" - ], - "Sid": "AWSGlueSchemaRegistryTagsFullAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4H2OHGXA4A", - "PolicyName": "AWSGlueSchemaRegistryFullAccess", - "UpdateDate": "2020-11-20T00:19:00+00:00", - "VersionId": "v1" - }, - "AWSGlueSchemaRegistryReadonlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSGlueSchemaRegistryReadonlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-11-20T00:20:06+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "glue:GetRegistry", - "glue:ListRegistries", - "glue:GetSchema", - "glue:ListSchemas", - "glue:GetSchemaByDefinition", - "glue:GetSchemaVersion", - "glue:ListSchemaVersions", - "glue:GetSchemaVersionsDiff", - "glue:CheckSchemaVersionValidity", - "glue:QuerySchemaVersionMetadata", - "glue:GetTags" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "AWSGlueSchemaRegistryReadonlyAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4B2SFYL4LZ", - "PolicyName": "AWSGlueSchemaRegistryReadonlyAccess", - "UpdateDate": "2020-11-20T00:20:06+00:00", - "VersionId": "v1" - }, - "AWSGlueServiceNotebookRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSGlueServiceNotebookRole", - "AttachmentCount": 0, - "CreateDate": "2017-08-14T13:37:42+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "glue:CreateDatabase", - "glue:CreatePartition", - "glue:CreateTable", - "glue:DeleteDatabase", - "glue:DeletePartition", - "glue:DeleteTable", - "glue:GetDatabase", - "glue:GetDatabases", - "glue:GetPartition", - "glue:GetPartitions", - "glue:GetTable", - "glue:GetTableVersions", - "glue:GetTables", - "glue:UpdateDatabase", - "glue:UpdatePartition", - "glue:UpdateTable", - "glue:CreateConnection", - "glue:CreateJob", - "glue:DeleteConnection", - "glue:DeleteJob", - "glue:GetConnection", - "glue:GetConnections", - "glue:GetDevEndpoint", - "glue:GetDevEndpoints", - "glue:GetJob", - "glue:GetJobs", - "glue:UpdateJob", - "glue:BatchDeleteConnection", - "glue:UpdateConnection", - "glue:GetUserDefinedFunction", - "glue:UpdateUserDefinedFunction", - "glue:GetUserDefinedFunctions", - "glue:DeleteUserDefinedFunction", - "glue:CreateUserDefinedFunction", - "glue:BatchGetPartition", - "glue:BatchDeletePartition", - "glue:BatchCreatePartition", - "glue:BatchDeleteTable", - "glue:UpdateDevEndpoint", - "s3:GetBucketLocation", - "s3:ListBucket", - "s3:ListAllMyBuckets", - "s3:GetBucketAcl" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::crawler-public*", - "arn:aws:s3:::aws-glue*" - ] - }, - { - "Action": [ - "s3:PutObject", - "s3:DeleteObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-glue*" - ] - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": [ - "aws-glue-service-resource" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:instance/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIMRC6VZUHJYCTKWFI", - "PolicyName": "AWSGlueServiceNotebookRole", - "UpdateDate": "2019-10-07T18:05:54+00:00", - "VersionId": "v3" - }, - "AWSGlueServiceRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole", - "AttachmentCount": 0, - "CreateDate": "2017-08-14T13:37:21+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "glue:*", - "s3:GetBucketLocation", - "s3:ListBucket", - "s3:ListAllMyBuckets", - "s3:GetBucketAcl", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeRouteTables", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "iam:ListRolePolicies", - "iam:GetRole", - "iam:GetRolePolicy", - "cloudwatch:PutMetricData" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "s3:CreateBucket" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-glue-*" - ] - }, - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-glue-*/*", - "arn:aws:s3:::*/*aws-glue-*/*" - ] - }, - { - "Action": [ - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::crawler-public*", - "arn:aws:s3:::aws-glue-*" - ] - }, - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:/aws-glue/*" - ] - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": [ - "aws-glue-service-resource" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:instance/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIRUJCPEBPMEZFAS32", - "PolicyName": "AWSGlueServiceRole", - "UpdateDate": "2018-06-25T18:23:09+00:00", - "VersionId": "v4" - }, - "AWSGrafanaAccountAdministrator": { - "Arn": "arn:aws:iam::aws:policy/AWSGrafanaAccountAdministrator", - "AttachmentCount": 0, - "CreateDate": "2021-02-23T00:20:38+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "iam:ListRoles" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AWSGrafanaOrganizationAdmin" - }, - { - "Action": "iam:GetRole", - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/*", - "Sid": "GrafanaIAMGetRolePermission" - }, - { - "Action": [ - "grafana:*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AWSGrafanaPermissions" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringLike": { - "iam:PassedToService": "grafana.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/*", - "Sid": "GrafanaIAMPassRolePermission" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KHVCM25DH", - "PolicyName": "AWSGrafanaAccountAdministrator", - "UpdateDate": "2022-02-15T22:36:18+00:00", - "VersionId": "v3" - }, - "AWSGrafanaConsoleReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSGrafanaConsoleReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2021-02-23T00:10:40+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "grafana:Describe*", - "grafana:List*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AWSGrafanaConsoleReadOnlyAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4OHSWBMKNF", - "PolicyName": "AWSGrafanaConsoleReadOnlyAccess", - "UpdateDate": "2022-02-15T22:30:54+00:00", - "VersionId": "v3" - }, - "AWSGrafanaWorkspacePermissionManagement": { - "Arn": "arn:aws:iam::aws:policy/AWSGrafanaWorkspacePermissionManagement", - "AttachmentCount": 0, - "CreateDate": "2021-02-23T00:15:54+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "grafana:DescribeWorkspace", - "grafana:DescribeWorkspaceAuthentication", - "grafana:UpdatePermissions", - "grafana:ListPermissions", - "grafana:ListWorkspaces" - ], - "Effect": "Allow", - "Resource": "arn:aws:grafana:*:*:/workspaces*", - "Sid": "AWSGrafanaPermissions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4G37QQNGZW", - "PolicyName": "AWSGrafanaWorkspacePermissionManagement", - "UpdateDate": "2021-09-21T20:30:06+00:00", - "VersionId": "v2" - }, - "AWSGreengrassFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSGreengrassFullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-05-03T00:47:37+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "greengrass:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJWPV6OBK4QONH4J3O", - "PolicyName": "AWSGreengrassFullAccess", - "UpdateDate": "2017-05-03T00:47:37+00:00", - "VersionId": "v1" - }, - "AWSGreengrassReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSGreengrassReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2018-10-30T16:01:43+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "greengrass:List*", - "greengrass:Get*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJLSKLXFVTQTZ5GY3I", - "PolicyName": "AWSGreengrassReadOnlyAccess", - "UpdateDate": "2018-10-30T16:01:43+00:00", - "VersionId": "v1" - }, - "AWSGreengrassResourceAccessRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSGreengrassResourceAccessRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2017-02-14T21:17:24+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "iot:DeleteThingShadow", - "iot:GetThingShadow", - "iot:UpdateThingShadow" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iot:*:*:thing/GG_*", - "arn:aws:iot:*:*:thing/*-gcm", - "arn:aws:iot:*:*:thing/*-gda", - "arn:aws:iot:*:*:thing/*-gci" - ], - "Sid": "AllowGreengrassAccessToShadows" - }, - { - "Action": [ - "iot:DescribeThing" - ], - "Effect": "Allow", - "Resource": "arn:aws:iot:*:*:thing/*", - "Sid": "AllowGreengrassToDescribeThings" - }, - { - "Action": [ - "iot:DescribeCertificate" - ], - "Effect": "Allow", - "Resource": "arn:aws:iot:*:*:cert/*", - "Sid": "AllowGreengrassToDescribeCertificates" - }, - { - "Action": [ - "greengrass:*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowGreengrassToCallGreengrassServices" - }, - { - "Action": [ - "lambda:GetFunction", - "lambda:GetFunctionConfiguration" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowGreengrassToGetLambdaFunctions" - }, - { - "Action": [ - "secretsmanager:GetSecretValue" - ], - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:secret:greengrass-*", - "Sid": "AllowGreengrassToGetGreengrassSecrets" - }, - { - "Action": [ - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*Greengrass*", - "arn:aws:s3:::*GreenGrass*", - "arn:aws:s3:::*greengrass*", - "arn:aws:s3:::*Sagemaker*", - "arn:aws:s3:::*SageMaker*", - "arn:aws:s3:::*sagemaker*" - ], - "Sid": "AllowGreengrassAccessToS3Objects" - }, - { - "Action": [ - "s3:GetBucketLocation" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowGreengrassAccessToS3BucketLocation" - }, - { - "Action": [ - "sagemaker:DescribeTrainingJob" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sagemaker:*:*:training-job/*" - ], - "Sid": "AllowGreengrassAccessToSageMakerTrainingJobs" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJPKEIMB6YMXDEVRTM", - "PolicyName": "AWSGreengrassResourceAccessRolePolicy", - "UpdateDate": "2018-11-14T00:35:02+00:00", - "VersionId": "v5" - }, - "AWSHealthFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSHealthFullAccess", - "AttachmentCount": 0, - "CreateDate": "2016-12-06T12:30:31+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "organizations:EnableAWSServiceAccess", - "organizations:DisableAWSServiceAccess" - ], - "Condition": { - "StringEquals": { - "organizations:ServicePrincipal": "health.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "health:*", - "organizations:ListAccounts", - "organizations:ListParents", - "organizations:DescribeAccount", - "organizations:ListDelegatedAdministrators" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "health.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI3CUMPCPEUPCSXC4Y", - "PolicyName": "AWSHealthFullAccess", - "UpdateDate": "2020-11-16T18:11:34+00:00", - "VersionId": "v3" - }, - "AWSIPAMServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSIPAMServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-11-30T19:08:11+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeAddresses", - "ec2:DescribeByoipCidrs", - "ec2:DescribeIpv6Pools", - "ec2:DescribePublicIpv4Pools", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:ListAccounts", - "organizations:ListDelegatedAdministrators" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "cloudwatch:PutMetricData", - "Condition": { - "StringEquals": { - "cloudwatch:namespace": "AWS/IPAM" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JEQHJ6QN6", - "PolicyName": "AWSIPAMServiceRolePolicy", - "UpdateDate": "2021-11-30T19:08:11+00:00", - "VersionId": "v1" - }, - "AWSIQContractServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSIQContractServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-08-22T19:28:39+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "aws-marketplace:Subscribe" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4E26ATDUIP", - "PolicyName": "AWSIQContractServiceRolePolicy", - "UpdateDate": "2019-08-22T19:28:39+00:00", - "VersionId": "v1" - }, - "AWSIQFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIQFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-04-04T23:13:42+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "iq:*", - "iq-permission:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "permission.iq.amazonaws.com", - "contract.iq.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4P4TAHETXT", - "PolicyName": "AWSIQFullAccess", - "UpdateDate": "2019-09-25T20:22:34+00:00", - "VersionId": "v2" - }, - "AWSIQPermissionServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSIQPermissionServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-08-22T19:36:29+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iam:DeleteRole", - "iam:ListAttachedRolePolicies" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/AWSIQPermission-*" - }, - { - "Action": [ - "iam:AttachRolePolicy" - ], - "Condition": { - "ArnEquals": { - "iam:PolicyARN": "arn:aws:iam::aws:policy/AWSDenyAll" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/AWSIQPermission-*" - }, - { - "Action": [ - "iam:DetachRolePolicy" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/AWSIQPermission-*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4J77DMGFZ5", - "PolicyName": "AWSIQPermissionServiceRolePolicy", - "UpdateDate": "2019-08-22T19:36:29+00:00", - "VersionId": "v1" - }, - "AWSImageBuilderFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSImageBuilderFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-12-20T18:25:12+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "imagebuilder:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sns:ListTopics" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sns:Publish" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:*imagebuilder*" - }, - { - "Action": [ - "license-manager:ListLicenseConfigurations", - "license-manager:ListLicenseSpecificationsForResource" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder" - }, - { - "Action": [ - "iam:GetInstanceProfile" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:instance-profile/*imagebuilder*" - }, - { - "Action": [ - "iam:ListInstanceProfiles", - "iam:ListRoles" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": "ec2.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:instance-profile/*imagebuilder*", - "arn:aws:iam::*:role/*imagebuilder*" - ] - }, - { - "Action": [ - "s3:ListAllMyBuckets", - "s3:GetBucketLocation" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3::*:*imagebuilder*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "imagebuilder.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder" - }, - { - "Action": [ - "ec2:DescribeImages", - "ec2:DescribeSnapshots", - "ec2:DescribeVpcs", - "ec2:DescribeRegions", - "ec2:DescribeVolumes", - "ec2:DescribeSubnets", - "ec2:DescribeKeyPairs", - "ec2:DescribeSecurityGroups", - "ec2:DescribeInstanceTypeOfferings", - "ec2:DescribeLaunchTemplates" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4EO4HCSNZH", - "PolicyName": "AWSImageBuilderFullAccess", - "UpdateDate": "2021-04-13T17:33:42+00:00", - "VersionId": "v2" - }, - "AWSImageBuilderReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSImageBuilderReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-12-19T22:29:23+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "imagebuilder:Get*", - "imagebuilder:List*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4OD5TC5BXP", - "PolicyName": "AWSImageBuilderReadOnlyAccess", - "UpdateDate": "2019-12-19T22:29:23+00:00", - "VersionId": "v1" - }, - "AWSImportExportFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSImportExportFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:43+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "importexport:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJCQCT4JGTLC6722MQ", - "PolicyName": "AWSImportExportFullAccess", - "UpdateDate": "2015-02-06T18:40:43+00:00", - "VersionId": "v1" - }, - "AWSImportExportReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSImportExportReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:42+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "importexport:ListJobs", - "importexport:GetStatus" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJNTV4OG52ESYZHCNK", - "PolicyName": "AWSImportExportReadOnlyAccess", - "UpdateDate": "2015-02-06T18:40:42+00:00", - "VersionId": "v1" - }, - "AWSIncidentManagerResolverAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIncidentManagerResolverAccess", - "AttachmentCount": 0, - "CreateDate": "2021-05-10T06:12:34+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ssm-incidents:StartIncident" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "StartIncidentPermissions" - }, - { - "Action": [ - "ssm-incidents:ListResponsePlans", - "ssm-incidents:GetResponsePlan" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ResponsePlanReadOnlyPermissions" - }, - { - "Action": [ - "ssm-incidents:ListIncidentRecords", - "ssm-incidents:GetIncidentRecord", - "ssm-incidents:UpdateIncidentRecord", - "ssm-incidents:ListTimelineEvents", - "ssm-incidents:CreateTimelineEvent", - "ssm-incidents:GetTimelineEvent", - "ssm-incidents:UpdateTimelineEvent", - "ssm-incidents:DeleteTimelineEvent", - "ssm-incidents:ListRelatedItems", - "ssm-incidents:UpdateRelatedItems" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "IncidentRecordResolverPermissions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4EQ4SDPENY", - "PolicyName": "AWSIncidentManagerResolverAccess", - "UpdateDate": "2021-05-10T06:12:34+00:00", - "VersionId": "v1" - }, - "AWSIncidentManagerServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSIncidentManagerServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-05-10T03:34:45+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ssm-incidents:ListIncidentRecords", - "ssm-incidents:CreateTimelineEvent" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "UpdateIncidentRecordPermissions" - }, - { - "Action": [ - "ssm:CreateOpsItem", - "ssm:AssociateOpsItemRelatedItem" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "RelatedOpsItemPermissions" - }, - { - "Action": "ssm-contacts:StartEngagement", - "Effect": "Allow", - "Resource": "*", - "Sid": "IncidentEngagementPermissions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4INCMTEIEV", - "PolicyName": "AWSIncidentManagerServiceRolePolicy", - "UpdateDate": "2021-05-10T03:34:45+00:00", - "VersionId": "v1" - }, - "AWSIoT1ClickFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIoT1ClickFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-05-11T22:10:14+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iot1click:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJPQNJPDUDESCCAMIA", - "PolicyName": "AWSIoT1ClickFullAccess", - "UpdateDate": "2018-05-11T22:10:14+00:00", - "VersionId": "v1" - }, - "AWSIoT1ClickReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIoT1ClickReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2018-05-11T21:49:24+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iot1click:Describe*", - "iot1click:Get*", - "iot1click:List*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI35VTLD3EBNY2JGXS", - "PolicyName": "AWSIoT1ClickReadOnlyAccess", - "UpdateDate": "2018-05-11T21:49:24+00:00", - "VersionId": "v1" - }, - "AWSIoTAnalyticsFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIoTAnalyticsFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-06-18T23:02:45+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iotanalytics:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ7FB5ZEKQN445QGKY", - "PolicyName": "AWSIoTAnalyticsFullAccess", - "UpdateDate": "2018-06-18T23:02:45+00:00", - "VersionId": "v1" - }, - "AWSIoTAnalyticsReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIoTAnalyticsReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2018-06-18T21:37:49+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iotanalytics:Describe*", - "iotanalytics:List*", - "iotanalytics:Get*", - "iotanalytics:SampleChannelData" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ3Z4LYBELMXGFLGMI", - "PolicyName": "AWSIoTAnalyticsReadOnlyAccess", - "UpdateDate": "2018-06-18T21:37:49+00:00", - "VersionId": "v1" - }, - "AWSIoTConfigAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIoTConfigAccess", - "AttachmentCount": 0, - "CreateDate": "2015-10-27T21:52:07+00:00", - "DefaultVersionId": "v9", - "Document": { - "Statement": [ - { - "Action": [ - "iot:AcceptCertificateTransfer", - "iot:AddThingToThingGroup", - "iot:AssociateTargetsWithJob", - "iot:AttachPolicy", - "iot:AttachPrincipalPolicy", - "iot:AttachThingPrincipal", - "iot:CancelCertificateTransfer", - "iot:CancelJob", - "iot:CancelJobExecution", - "iot:ClearDefaultAuthorizer", - "iot:CreateAuthorizer", - "iot:CreateCertificateFromCsr", - "iot:CreateJob", - "iot:CreateKeysAndCertificate", - "iot:CreateOTAUpdate", - "iot:CreatePolicy", - "iot:CreatePolicyVersion", - "iot:CreateRoleAlias", - "iot:CreateStream", - "iot:CreateThing", - "iot:CreateThingGroup", - "iot:CreateThingType", - "iot:CreateTopicRule", - "iot:DeleteAuthorizer", - "iot:DeleteCACertificate", - "iot:DeleteCertificate", - "iot:DeleteJob", - "iot:DeleteJobExecution", - "iot:DeleteOTAUpdate", - "iot:DeletePolicy", - "iot:DeletePolicyVersion", - "iot:DeleteRegistrationCode", - "iot:DeleteRoleAlias", - "iot:DeleteStream", - "iot:DeleteThing", - "iot:DeleteThingGroup", - "iot:DeleteThingType", - "iot:DeleteTopicRule", - "iot:DeleteV2LoggingLevel", - "iot:DeprecateThingType", - "iot:DescribeAuthorizer", - "iot:DescribeCACertificate", - "iot:DescribeCertificate", - "iot:DescribeDefaultAuthorizer", - "iot:DescribeEndpoint", - "iot:DescribeEventConfigurations", - "iot:DescribeIndex", - "iot:DescribeJob", - "iot:DescribeJobExecution", - "iot:DescribeRoleAlias", - "iot:DescribeStream", - "iot:DescribeThing", - "iot:DescribeThingGroup", - "iot:DescribeThingRegistrationTask", - "iot:DescribeThingType", - "iot:DetachPolicy", - "iot:DetachPrincipalPolicy", - "iot:DetachThingPrincipal", - "iot:DisableTopicRule", - "iot:EnableTopicRule", - "iot:GetEffectivePolicies", - "iot:GetIndexingConfiguration", - "iot:GetJobDocument", - "iot:GetLoggingOptions", - "iot:GetOTAUpdate", - "iot:GetPolicy", - "iot:GetPolicyVersion", - "iot:GetRegistrationCode", - "iot:GetTopicRule", - "iot:GetV2LoggingOptions", - "iot:ListAttachedPolicies", - "iot:ListAuthorizers", - "iot:ListCACertificates", - "iot:ListCertificates", - "iot:ListCertificatesByCA", - "iot:ListIndices", - "iot:ListJobExecutionsForJob", - "iot:ListJobExecutionsForThing", - "iot:ListJobs", - "iot:ListOTAUpdates", - "iot:ListOutgoingCertificates", - "iot:ListPolicies", - "iot:ListPolicyPrincipals", - "iot:ListPolicyVersions", - "iot:ListPrincipalPolicies", - "iot:ListPrincipalThings", - "iot:ListRoleAliases", - "iot:ListStreams", - "iot:ListTargetsForPolicy", - "iot:ListThingGroups", - "iot:ListThingGroupsForThing", - "iot:ListThingPrincipals", - "iot:ListThingRegistrationTaskReports", - "iot:ListThingRegistrationTasks", - "iot:ListThings", - "iot:ListThingsInThingGroup", - "iot:ListThingTypes", - "iot:ListTopicRules", - "iot:ListV2LoggingLevels", - "iot:RegisterCACertificate", - "iot:RegisterCertificate", - "iot:RegisterThing", - "iot:RejectCertificateTransfer", - "iot:RemoveThingFromThingGroup", - "iot:ReplaceTopicRule", - "iot:SearchIndex", - "iot:SetDefaultAuthorizer", - "iot:SetDefaultPolicyVersion", - "iot:SetLoggingOptions", - "iot:SetV2LoggingLevel", - "iot:SetV2LoggingOptions", - "iot:StartThingRegistrationTask", - "iot:StopThingRegistrationTask", - "iot:TestAuthorization", - "iot:TestInvokeAuthorizer", - "iot:TransferCertificate", - "iot:UpdateAuthorizer", - "iot:UpdateCACertificate", - "iot:UpdateCertificate", - "iot:UpdateEventConfigurations", - "iot:UpdateIndexingConfiguration", - "iot:UpdateRoleAlias", - "iot:UpdateStream", - "iot:UpdateThing", - "iot:UpdateThingGroup", - "iot:UpdateThingGroupsForThing", - "iot:UpdateAccountAuditConfiguration", - "iot:DescribeAccountAuditConfiguration", - "iot:DeleteAccountAuditConfiguration", - "iot:StartOnDemandAuditTask", - "iot:CancelAuditTask", - "iot:DescribeAuditTask", - "iot:ListAuditTasks", - "iot:CreateScheduledAudit", - "iot:UpdateScheduledAudit", - "iot:DeleteScheduledAudit", - "iot:DescribeScheduledAudit", - "iot:ListScheduledAudits", - "iot:ListAuditFindings", - "iot:CreateSecurityProfile", - "iot:DescribeSecurityProfile", - "iot:UpdateSecurityProfile", - "iot:DeleteSecurityProfile", - "iot:AttachSecurityProfile", - "iot:DetachSecurityProfile", - "iot:ListSecurityProfiles", - "iot:ListSecurityProfilesForTarget", - "iot:ListTargetsForSecurityProfile", - "iot:ListActiveViolations", - "iot:ListViolationEvents", - "iot:ValidateSecurityProfileBehaviors" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIWWGD4LM4EMXNRL7I", - "PolicyName": "AWSIoTConfigAccess", - "UpdateDate": "2019-09-27T20:48:00+00:00", - "VersionId": "v9" - }, - "AWSIoTConfigReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIoTConfigReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-10-27T21:52:31+00:00", - "DefaultVersionId": "v8", - "Document": { - "Statement": [ - { - "Action": [ - "iot:DescribeAuthorizer", - "iot:DescribeCACertificate", - "iot:DescribeCertificate", - "iot:DescribeDefaultAuthorizer", - "iot:DescribeEndpoint", - "iot:DescribeEventConfigurations", - "iot:DescribeIndex", - "iot:DescribeJob", - "iot:DescribeJobExecution", - "iot:DescribeRoleAlias", - "iot:DescribeStream", - "iot:DescribeThing", - "iot:DescribeThingGroup", - "iot:DescribeThingRegistrationTask", - "iot:DescribeThingType", - "iot:GetEffectivePolicies", - "iot:GetIndexingConfiguration", - "iot:GetJobDocument", - "iot:GetLoggingOptions", - "iot:GetOTAUpdate", - "iot:GetPolicy", - "iot:GetPolicyVersion", - "iot:GetRegistrationCode", - "iot:GetTopicRule", - "iot:GetV2LoggingOptions", - "iot:ListAttachedPolicies", - "iot:ListAuthorizers", - "iot:ListCACertificates", - "iot:ListCertificates", - "iot:ListCertificatesByCA", - "iot:ListIndices", - "iot:ListJobExecutionsForJob", - "iot:ListJobExecutionsForThing", - "iot:ListJobs", - "iot:ListOTAUpdates", - "iot:ListOutgoingCertificates", - "iot:ListPolicies", - "iot:ListPolicyPrincipals", - "iot:ListPolicyVersions", - "iot:ListPrincipalPolicies", - "iot:ListPrincipalThings", - "iot:ListRoleAliases", - "iot:ListStreams", - "iot:ListTargetsForPolicy", - "iot:ListThingGroups", - "iot:ListThingGroupsForThing", - "iot:ListThingPrincipals", - "iot:ListThingRegistrationTaskReports", - "iot:ListThingRegistrationTasks", - "iot:ListThings", - "iot:ListThingsInThingGroup", - "iot:ListThingTypes", - "iot:ListTopicRules", - "iot:ListV2LoggingLevels", - "iot:SearchIndex", - "iot:TestAuthorization", - "iot:TestInvokeAuthorizer", - "iot:DescribeAccountAuditConfiguration", - "iot:DescribeAuditTask", - "iot:ListAuditTasks", - "iot:DescribeScheduledAudit", - "iot:ListScheduledAudits", - "iot:ListAuditFindings", - "iot:DescribeSecurityProfile", - "iot:ListSecurityProfiles", - "iot:ListSecurityProfilesForTarget", - "iot:ListTargetsForSecurityProfile", - "iot:ListActiveViolations", - "iot:ListViolationEvents", - "iot:ValidateSecurityProfileBehaviors" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJHENEMXGX4XMFOIOI", - "PolicyName": "AWSIoTConfigReadOnlyAccess", - "UpdateDate": "2019-09-27T20:52:40+00:00", - "VersionId": "v8" - }, - "AWSIoTDataAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIoTDataAccess", - "AttachmentCount": 0, - "CreateDate": "2015-10-27T21:51:18+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "iot:Connect", - "iot:Publish", - "iot:Subscribe", - "iot:Receive", - "iot:GetThingShadow", - "iot:UpdateThingShadow", - "iot:DeleteThingShadow", - "iot:ListNamedShadowsForThing" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJM2KI2UJDR24XPS2K", - "PolicyName": "AWSIoTDataAccess", - "UpdateDate": "2021-06-23T21:34:47+00:00", - "VersionId": "v3" - }, - "AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction", - "AttachmentCount": 0, - "CreateDate": "2019-08-07T17:55:37+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iot:ListPrincipalThings", - "iot:AddThingToThingGroup" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4HEHG3RV6B", - "PolicyName": "AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction", - "UpdateDate": "2019-08-07T17:55:37+00:00", - "VersionId": "v1" - }, - "AWSIoTDeviceDefenderAudit": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderAudit", - "AttachmentCount": 0, - "CreateDate": "2018-07-18T21:17:40+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "iot:GetLoggingOptions", - "iot:GetV2LoggingOptions", - "iot:ListCACertificates", - "iot:ListCertificates", - "iot:DescribeCACertificate", - "iot:DescribeCertificate", - "iot:ListPolicies", - "iot:GetPolicy", - "iot:GetEffectivePolicies", - "iot:ListRoleAliases", - "iot:DescribeRoleAlias", - "cognito-identity:GetIdentityPoolRoles", - "iam:ListRolePolicies", - "iam:ListAttachedRolePolicies", - "iam:GetRole", - "iam:GetPolicy", - "iam:GetPolicyVersion", - "iam:GetRolePolicy", - "iam:GenerateServiceLastAccessedDetails", - "iam:GetServiceLastAccessedDetails" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJKUN6OAGIHZ66TRKO", - "PolicyName": "AWSIoTDeviceDefenderAudit", - "UpdateDate": "2019-11-25T23:52:43+00:00", - "VersionId": "v3" - }, - "AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction", - "AttachmentCount": 0, - "CreateDate": "2019-08-07T17:04:07+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iot:SetV2LoggingOptions" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "iot.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4G34KP2NLZ", - "PolicyName": "AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction", - "UpdateDate": "2019-08-07T17:04:07+00:00", - "VersionId": "v1" - }, - "AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction", - "AttachmentCount": 0, - "CreateDate": "2019-08-07T17:04:37+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "sns:Publish" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4GZL2FL6JV", - "PolicyName": "AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction", - "UpdateDate": "2019-08-07T17:04:37+00:00", - "VersionId": "v1" - }, - "AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction", - "AttachmentCount": 0, - "CreateDate": "2019-08-07T17:04:57+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iot:CreatePolicyVersion" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4HN4VCIBCR", - "PolicyName": "AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction", - "UpdateDate": "2019-08-07T17:04:57+00:00", - "VersionId": "v1" - }, - "AWSIoTDeviceDefenderUpdateCACertMitigationAction": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderUpdateCACertMitigationAction", - "AttachmentCount": 0, - "CreateDate": "2019-08-07T17:05:49+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iot:UpdateCACertificate" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KLBGET6KX", - "PolicyName": "AWSIoTDeviceDefenderUpdateCACertMitigationAction", - "UpdateDate": "2019-08-07T17:05:49+00:00", - "VersionId": "v1" - }, - "AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction", - "AttachmentCount": 0, - "CreateDate": "2019-08-07T17:06:00+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iot:UpdateCertificate" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KB4AHFGEB", - "PolicyName": "AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction", - "UpdateDate": "2019-08-07T17:06:00+00:00", - "VersionId": "v1" - }, - "AWSIoTDeviceTesterForFreeRTOSFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIoTDeviceTesterForFreeRTOSFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-02-12T20:33:53+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": "iot.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/idt-*", - "Sid": "VisualEditor0" - }, - { - "Action": [ - "iot:DeleteThing", - "iot:AttachThingPrincipal", - "iot:DeleteCertificate", - "iot:GetRegistrationCode", - "iot:CreatePolicy", - "iot:UpdateCACertificate", - "s3:ListBucket", - "iot:DescribeEndpoint", - "iot:CreateOTAUpdate", - "iot:CreateStream", - "signer:ListSigningJobs", - "acm:ListCertificates", - "iot:CreateKeysAndCertificate", - "iot:UpdateCertificate", - "iot:CreateCertificateFromCsr", - "iot:DetachThingPrincipal", - "iot:RegisterCACertificate", - "iot:CreateThing", - "freertos:ListHardwarePlatforms", - "iam:ListRoles", - "iot:RegisterCertificate", - "iot:DeleteCACertificate", - "signer:PutSigningProfile", - "s3:ListAllMyBuckets", - "signer:ListSigningPlatforms", - "iot-device-tester:SendMetrics", - "iot-device-tester:SupportedVersion", - "iot-device-tester:LatestIdt", - "iot-device-tester:CheckVersion", - "iot-device-tester:DownloadTestSuite" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "VisualEditor1" - }, - { - "Action": [ - "iam:GetRole", - "signer:StartSigningJob", - "acm:GetCertificate", - "signer:DescribeSigningJob", - "s3:CreateBucket", - "execute-api:Invoke", - "s3:DeleteBucket", - "s3:PutBucketVersioning", - "signer:CancelSigningProfile" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:execute-api:us-east-1:098862408343:9xpmnvs5h4/prod/POST/metrics", - "arn:aws:signer:*:*:/signing-profiles/*", - "arn:aws:signer:*:*:/signing-jobs/*", - "arn:aws:iam::*:role/idt-*", - "arn:aws:acm:*:*:certificate/*", - "arn:aws:s3:::idt-*", - "arn:aws:s3:::afr-ota*" - ], - "Sid": "VisualEditor2" - }, - { - "Action": [ - "iot:DeleteStream", - "iot:DeleteCertificate", - "iot:AttachPolicy", - "iot:DetachPolicy", - "iot:DeletePolicy", - "s3:ListBucketVersions", - "iot:UpdateCertificate", - "iot:GetOTAUpdate", - "iot:DeleteOTAUpdate", - "iot:DescribeJobExecution" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::afr-ota*", - "arn:aws:iot:*:*:thinggroup/idt*", - "arn:aws:iam::*:role/idt-*" - ], - "Sid": "VisualEditor3" - }, - { - "Action": [ - "iot:DeleteCertificate", - "iot:AttachPolicy", - "iot:DetachPolicy", - "s3:DeleteObjectVersion", - "iot:DeleteOTAUpdate", - "s3:PutObject", - "s3:GetObject", - "iot:DeleteStream", - "iot:DeletePolicy", - "s3:DeleteObject", - "iot:UpdateCertificate", - "iot:GetOTAUpdate", - "s3:GetObjectVersion", - "iot:DescribeJobExecution" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::afr-ota*/*", - "arn:aws:s3:::idt-*/*", - "arn:aws:iot:*:*:policy/idt*", - "arn:aws:iam::*:role/idt-*", - "arn:aws:iot:*:*:otaupdate/idt*", - "arn:aws:iot:*:*:thing/idt*", - "arn:aws:iot:*:*:cert/*", - "arn:aws:iot:*:*:job/*", - "arn:aws:iot:*:*:stream/*" - ], - "Sid": "VisualEditor4" - }, - { - "Action": [ - "s3:PutObject", - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::afr-ota*/*", - "arn:aws:s3:::idt-*/*" - ], - "Sid": "VisualEditor5" - }, - { - "Action": [ - "iot:CancelJobExecution" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iot:*:*:job/*", - "arn:aws:iot:*:*:thing/idt*" - ], - "Sid": "VisualEditor6" - }, - { - "Action": [ - "ec2:TerminateInstances" - ], - "Condition": { - "StringEquals": { - "ec2:ResourceTag/Owner": "IoTDeviceTester" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*" - ], - "Sid": "VisualEditor7" - }, - { - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:DeleteSecurityGroup" - ], - "Condition": { - "StringEquals": { - "ec2:ResourceTag/Owner": "IoTDeviceTester" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:security-group/*" - ], - "Sid": "VisualEditor8" - }, - { - "Action": [ - "ec2:RunInstances" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/Owner": "IoTDeviceTester" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*" - ], - "Sid": "VisualEditor9" - }, - { - "Action": [ - "ec2:RunInstances" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:image/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:key-pair/*", - "arn:aws:ec2:*:*:placement-group/*", - "arn:aws:ec2:*:*:snapshot/*", - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:subnet/*" - ], - "Sid": "VisualEditor10" - }, - { - "Action": [ - "ec2:CreateSecurityGroup" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/Owner": "IoTDeviceTester" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:security-group/*" - ], - "Sid": "VisualEditor11" - }, - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeSecurityGroups", - "ssm:DescribeParameters", - "ssm:GetParameters" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "VisualEditor12" - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "ForAnyValue:StringEquals": { - "aws:TagKeys": [ - "Owner" - ], - "ec2:CreateAction": [ - "RunInstances", - "CreateSecurityGroup" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:instance/*" - ], - "Sid": "VisualEditor13" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4ADNJ2YUUH", - "PolicyName": "AWSIoTDeviceTesterForFreeRTOSFullAccess", - "UpdateDate": "2020-12-15T18:03:46+00:00", - "VersionId": "v5" - }, - "AWSIoTDeviceTesterForGreengrassFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIoTDeviceTesterForGreengrassFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-02-20T21:21:27+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "iot.amazonaws.com", - "lambda.amazonaws.com", - "greengrass.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/idt-*", - "Sid": "VisualEditor1" - }, - { - "Action": [ - "lambda:CreateFunction", - "iot:DeleteCertificate", - "lambda:DeleteFunction", - "execute-api:Invoke", - "iot:UpdateCertificate" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:execute-api:us-east-1:098862408343:9xpmnvs5h4/prod/POST/metrics", - "arn:aws:lambda:*:*:function:idt-*", - "arn:aws:iot:*:*:cert/*" - ], - "Sid": "VisualEditor2" - }, - { - "Action": [ - "iot:CreateThing", - "iot:DeleteThing" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iot:*:*:thing/idt-*", - "arn:aws:iot:*:*:cert/*" - ], - "Sid": "VisualEditor3" - }, - { - "Action": [ - "iot:AttachPolicy", - "iot:DetachPolicy", - "iot:DeletePolicy" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iot:*:*:policy/idt-*", - "arn:aws:iot:*:*:cert/*" - ], - "Sid": "VisualEditor4" - }, - { - "Action": [ - "iot:CreateJob", - "iot:DescribeJob", - "iot:DescribeJobExecution", - "iot:DeleteJob" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iot:*:*:thing/idt-*", - "arn:aws:iot:*:*:job/*" - ], - "Sid": "VisualEditor5" - }, - { - "Action": [ - "iot:DescribeEndpoint", - "greengrass:*", - "iam:ListAttachedRolePolicies", - "iot:CreatePolicy", - "iot:GetThingShadow", - "iot:CreateKeysAndCertificate", - "iot:ListThings", - "iot:UpdateThingShadow", - "iot:CreateCertificateFromCsr", - "iot-device-tester:SendMetrics", - "iot-device-tester:SupportedVersion", - "iot-device-tester:LatestIdt", - "iot-device-tester:CheckVersion", - "iot-device-tester:DownloadTestSuite" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "VisualEditor6" - }, - { - "Action": [ - "iot:DetachThingPrincipal", - "iot:AttachThingPrincipal" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iot:*:*:thing/idt-*", - "arn:aws:iot:*:*:cert/*" - ], - "Sid": "VisualEditor7" - }, - { - "Action": [ - "s3:PutObject", - "s3:DeleteObjectVersion", - "s3:ListBucketVersions", - "s3:CreateBucket", - "s3:DeleteObject", - "s3:DeleteBucket" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::idt*", - "Sid": "VisualEditor8" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4ORKVZSPY7", - "PolicyName": "AWSIoTDeviceTesterForGreengrassFullAccess", - "UpdateDate": "2020-06-25T17:01:56+00:00", - "VersionId": "v4" - }, - "AWSIoTEventsFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIoTEventsFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-01-10T22:51:57+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iotevents:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJGA726P7LVUWJZ2LM", - "PolicyName": "AWSIoTEventsFullAccess", - "UpdateDate": "2019-01-10T22:51:57+00:00", - "VersionId": "v1" - }, - "AWSIoTEventsReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIoTEventsReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-01-10T22:50:08+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "iotevents:Describe*", - "iotevents:List*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJYJFNAR7CN5JW52PG", - "PolicyName": "AWSIoTEventsReadOnlyAccess", - "UpdateDate": "2019-09-23T17:22:04+00:00", - "VersionId": "v2" - }, - "AWSIoTFleetHubFederationAccess": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTFleetHubFederationAccess", - "AttachmentCount": 0, - "CreateDate": "2020-12-15T08:08:05+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "iot:DescribeIndex", - "iot:DescribeThingGroup", - "iot:GetBucketsAggregation", - "iot:GetCardinality", - "iot:GetIndexingConfiguration", - "iot:GetPercentiles", - "iot:GetStatistics", - "iot:SearchIndex", - "iot:CreateFleetMetric", - "iot:ListFleetMetrics", - "iot:DeleteFleetMetric", - "iot:DescribeFleetMetric", - "iot:UpdateFleetMetric", - "iot:ListThingGroups", - "iot:ListThingsInThingGroup", - "iot:ListJobTemplates", - "iot:DescribeJobTemplate", - "iot:ListJobs", - "iot:CreateJob", - "iot:CancelJob", - "iot:DescribeJob", - "iot:ListJobExecutionsForJob", - "iot:ListJobExecutionsForThing", - "iot:DescribeJobExecution", - "iot:ListSecurityProfiles", - "iot:DescribeSecurityProfile", - "iot:ListActiveViolations", - "iot:GetThingShadow", - "iot:ListNamedShadowsForThing", - "iot:CancelJobExecution", - "iot:DescribeEndpoint", - "iotfleethub:DescribeApplication", - "cloudwatch:DescribeAlarms", - "cloudwatch:GetMetricData", - "cloudwatch:ListMetrics", - "sns:ListTopics" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sns:CreateTopic", - "sns:DeleteTopic", - "sns:ListSubscriptionsByTopic", - "sns:Subscribe", - "sns:Unsubscribe" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:iotfleethub*" - }, - { - "Action": [ - "cloudwatch:PutMetricAlarm", - "cloudwatch:DeleteAlarms", - "cloudwatch:DescribeAlarmHistory" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudwatch:*:*:iotfleethub*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4H4EGQA254", - "PolicyName": "AWSIoTFleetHubFederationAccess", - "UpdateDate": "2021-11-15T23:28:19+00:00", - "VersionId": "v4" - }, - "AWSIoTFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIoTFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-10-08T15:19:49+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iot:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJU2FPGG6PQWN72V2G", - "PolicyName": "AWSIoTFullAccess", - "UpdateDate": "2015-10-08T15:19:49+00:00", - "VersionId": "v1" - }, - "AWSIoTLogging": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTLogging", - "AttachmentCount": 0, - "CreateDate": "2015-10-08T15:17:25+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:PutMetricFilter", - "logs:PutRetentionPolicy", - "logs:GetLogEvents", - "logs:DeleteLogStream" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI6R6Z2FHHGS454W7W", - "PolicyName": "AWSIoTLogging", - "UpdateDate": "2015-10-08T15:17:25+00:00", - "VersionId": "v1" - }, - "AWSIoTOTAUpdate": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTOTAUpdate", - "AttachmentCount": 0, - "CreateDate": "2017-12-20T20:36:53+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": { - "Action": [ - "iot:CreateJob", - "signer:DescribeSigningJob" - ], - "Effect": "Allow", - "Resource": "*" - }, - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJLJYWX53STBZFPUEY", - "PolicyName": "AWSIoTOTAUpdate", - "UpdateDate": "2017-12-20T20:36:53+00:00", - "VersionId": "v1" - }, - "AWSIoTRuleActions": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTRuleActions", - "AttachmentCount": 0, - "CreateDate": "2015-10-08T15:14:51+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": { - "Action": [ - "dynamodb:PutItem", - "kinesis:PutRecord", - "iot:Publish", - "s3:PutObject", - "sns:Publish", - "sqs:SendMessage*", - "cloudwatch:SetAlarmState", - "cloudwatch:PutMetricData", - "es:ESHttpPut", - "firehose:PutRecord" - ], - "Effect": "Allow", - "Resource": "*" - }, - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJEZ6FS7BUZVUHMOKY", - "PolicyName": "AWSIoTRuleActions", - "UpdateDate": "2018-01-16T19:28:19+00:00", - "VersionId": "v2" - }, - "AWSIoTSiteWiseConsoleFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIoTSiteWiseConsoleFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-05-31T21:37:49+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "iotsitewise:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iotanalytics:List*", - "iotanalytics:Describe*", - "iotanalytics:Create*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iot:DescribeEndpoint", - "iot:GetThingShadow" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "greengrass:GetGroup", - "greengrass:GetGroupVersion", - "greengrass:GetCoreDefinitionVersion", - "greengrass:ListGroups" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "secretsmanager:ListSecrets", - "secretsmanager:CreateSecret" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "secretsmanager:UpdateSecret" - ], - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:secret:greengrass-*" - }, - { - "Action": [ - "tag:GetResources" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "iotsitewise.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/iotsitewise.amazonaws.com/AWSServiceRoleForIoTSiteWise*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": "iotsitewise.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/iotsitewise.amazonaws.com/AWSServiceRoleForIoTSiteWise*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4K7KP5VA7F", - "PolicyName": "AWSIoTSiteWiseConsoleFullAccess", - "UpdateDate": "2019-05-31T21:37:49+00:00", - "VersionId": "v1" - }, - "AWSIoTSiteWiseFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIoTSiteWiseFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-12-04T20:53:39+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iotsitewise:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAILUK3XBM6TZ5Q3PX2", - "PolicyName": "AWSIoTSiteWiseFullAccess", - "UpdateDate": "2018-12-04T20:53:39+00:00", - "VersionId": "v1" - }, - "AWSIoTSiteWiseMonitorPortalAccess": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTSiteWiseMonitorPortalAccess", - "AttachmentCount": 0, - "CreateDate": "2020-05-19T20:01:21+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iotsitewise:CreateProject", - "iotsitewise:DescribeProject", - "iotsitewise:UpdateProject", - "iotsitewise:DeleteProject", - "iotsitewise:ListProjects", - "iotsitewise:BatchAssociateProjectAssets", - "iotsitewise:BatchDisassociateProjectAssets", - "iotsitewise:ListProjectAssets", - "iotsitewise:CreateDashboard", - "iotsitewise:DescribeDashboard", - "iotsitewise:UpdateDashboard", - "iotsitewise:DeleteDashboard", - "iotsitewise:ListDashboards", - "iotsitewise:CreateAccessPolicy", - "iotsitewise:DescribeAccessPolicy", - "iotsitewise:UpdateAccessPolicy", - "iotsitewise:DeleteAccessPolicy", - "iotsitewise:ListAccessPolicies", - "iotsitewise:DescribeAsset", - "iotsitewise:ListAssets", - "iotsitewise:ListAssociatedAssets", - "iotsitewise:DescribeAssetProperty", - "iotsitewise:GetAssetPropertyValue", - "iotsitewise:GetAssetPropertyValueHistory", - "iotsitewise:GetAssetPropertyAggregates", - "sso-directory:DescribeUsers" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4E6CZDALWJ", - "PolicyName": "AWSIoTSiteWiseMonitorPortalAccess", - "UpdateDate": "2020-05-19T20:01:21+00:00", - "VersionId": "v1" - }, - "AWSIoTSiteWiseMonitorServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSIoTSiteWiseMonitorServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-11-14T00:59:10+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "iotsitewise:CreateProject", - "iotsitewise:DescribeProject", - "iotsitewise:UpdateProject", - "iotsitewise:DeleteProject", - "iotsitewise:ListProjects", - "iotsitewise:BatchAssociateProjectAssets", - "iotsitewise:BatchDisassociateProjectAssets", - "iotsitewise:ListProjectAssets", - "iotsitewise:CreateDashboard", - "iotsitewise:DescribeDashboard", - "iotsitewise:UpdateDashboard", - "iotsitewise:DeleteDashboard", - "iotsitewise:ListDashboards", - "iotsitewise:CreateAccessPolicy", - "iotsitewise:DescribeAccessPolicy", - "iotsitewise:UpdateAccessPolicy", - "iotsitewise:DeleteAccessPolicy", - "iotsitewise:ListAccessPolicies", - "iotsitewise:DescribeAsset", - "iotsitewise:ListAssets", - "iotsitewise:ListAssociatedAssets", - "iotsitewise:DescribeAssetProperty", - "iotsitewise:GetAssetPropertyValue", - "iotsitewise:GetAssetPropertyValueHistory", - "iotsitewise:GetAssetPropertyAggregates", - "sso-directory:DescribeUsers" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CR556M6Y5", - "PolicyName": "AWSIoTSiteWiseMonitorServiceRolePolicy", - "UpdateDate": "2019-12-13T22:19:25+00:00", - "VersionId": "v2" - }, - "AWSIoTSiteWiseReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIoTSiteWiseReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2018-12-04T20:55:11+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iotsitewise:Describe*", - "iotsitewise:List*", - "iotsitewise:Get*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJLHEAFKME2QL64WKK", - "PolicyName": "AWSIoTSiteWiseReadOnlyAccess", - "UpdateDate": "2018-12-04T20:55:11+00:00", - "VersionId": "v1" - }, - "AWSIoTThingsRegistration": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration", - "AttachmentCount": 0, - "CreateDate": "2017-12-01T20:21:52+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "iot:AddThingToThingGroup", - "iot:AttachPolicy", - "iot:AttachPrincipalPolicy", - "iot:AttachThingPrincipal", - "iot:CreateCertificateFromCsr", - "iot:CreatePolicy", - "iot:CreateThing", - "iot:DescribeCertificate", - "iot:DescribeThing", - "iot:DescribeThingGroup", - "iot:DescribeThingType", - "iot:DetachPolicy", - "iot:DetachThingPrincipal", - "iot:GetPolicy", - "iot:ListAttachedPolicies", - "iot:ListPolicyPrincipals", - "iot:ListPrincipalPolicies", - "iot:ListPrincipalThings", - "iot:ListTargetsForPolicy", - "iot:ListThingGroupsForThing", - "iot:ListThingPrincipals", - "iot:RegisterCertificate", - "iot:RegisterThing", - "iot:RemoveThingFromThingGroup", - "iot:UpdateCertificate", - "iot:UpdateThing", - "iot:UpdateThingGroupsForThing", - "iot:AddThingToBillingGroup", - "iot:DescribeBillingGroup", - "iot:RemoveThingFromBillingGroup" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI3YQXTC5XAEVTJNEU", - "PolicyName": "AWSIoTThingsRegistration", - "UpdateDate": "2020-10-05T19:20:12+00:00", - "VersionId": "v3" - }, - "AWSIoTWirelessDataAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessDataAccess", - "AttachmentCount": 0, - "CreateDate": "2020-12-15T15:31:39+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iotwireless:SendDataToWirelessDevice" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4HH6GBXNUO", - "PolicyName": "AWSIoTWirelessDataAccess", - "UpdateDate": "2020-12-15T15:31:39+00:00", - "VersionId": "v1" - }, - "AWSIoTWirelessFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-12-15T15:27:57+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iotwireless:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4L5RZVVSRQ", - "PolicyName": "AWSIoTWirelessFullAccess", - "UpdateDate": "2020-12-15T15:27:57+00:00", - "VersionId": "v1" - }, - "AWSIoTWirelessFullPublishAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessFullPublishAccess", - "AttachmentCount": 0, - "CreateDate": "2020-12-15T15:29:59+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iot:DescribeEndpoint", - "iot:Publish" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JSRC2FZ22", - "PolicyName": "AWSIoTWirelessFullPublishAccess", - "UpdateDate": "2020-12-15T15:29:59+00:00", - "VersionId": "v1" - }, - "AWSIoTWirelessGatewayCertManager": { - "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessGatewayCertManager", - "AttachmentCount": 0, - "CreateDate": "2020-12-15T15:30:48+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iot:CreateKeysAndCertificate", - "iot:DescribeCertificate", - "iot:ListCertificates" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "IoTWirelessGatewayCertManager" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4O6BH33Y6U", - "PolicyName": "AWSIoTWirelessGatewayCertManager", - "UpdateDate": "2020-12-15T15:30:48+00:00", - "VersionId": "v1" - }, - "AWSIoTWirelessLogging": { - "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessLogging", - "AttachmentCount": 0, - "CreateDate": "2020-12-15T15:32:40+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/iotwireless*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4L3X44AIHR", - "PolicyName": "AWSIoTWirelessLogging", - "UpdateDate": "2020-12-15T15:32:40+00:00", - "VersionId": "v1" - }, - "AWSIoTWirelessReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-12-15T15:28:56+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iotwireless:List*", - "iotwireless:Get*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FJYYSL3ZA", - "PolicyName": "AWSIoTWirelessReadOnlyAccess", - "UpdateDate": "2020-12-15T15:28:56+00:00", - "VersionId": "v1" - }, - "AWSIotRoboRunnerFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSIotRoboRunnerFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-11-29T03:54:37+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "iotroborunner:*", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4IYUQ2ND5E", - "PolicyName": "AWSIotRoboRunnerFullAccess", - "UpdateDate": "2021-11-29T03:54:37+00:00", - "VersionId": "v1" - }, - "AWSIotRoboRunnerReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AWSIotRoboRunnerReadOnly", - "AttachmentCount": 0, - "CreateDate": "2021-11-29T03:43:32+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iotroborunner:GetTask", - "iotroborunner:ListActivities", - "iotroborunner:GetSite", - "iotroborunner:GetDestinationRelationship", - "iotroborunner:GetWorker", - "iotroborunner:ListTasks", - "iotroborunner:GetAction", - "iotroborunner:GetActivity", - "iotroborunner:ListDestinationRelationships", - "iotroborunner:ListActionTemplates", - "iotroborunner:ListWorkerFleets", - "iotroborunner:ListSites", - "iotroborunner:ListActions", - "iotroborunner:ListWorkers", - "iotroborunner:GetDestination", - "iotroborunner:GetActionTemplate", - "iotroborunner:GetWorkerFleet", - "iotroborunner:ListDestinations" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NPMSUTQWF", - "PolicyName": "AWSIotRoboRunnerReadOnly", - "UpdateDate": "2021-11-29T03:43:32+00:00", - "VersionId": "v1" - }, - "AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-11-14T20:10:53+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cloudhsm:Describe*", - "ec2:CreateNetworkInterface", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateSecurityGroup", - "ec2:DescribeSecurityGroups", - "ec2:RevokeSecurityGroupEgress", - "ec2:DeleteSecurityGroup" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIADMJEHVVYK5AUQOO", - "PolicyName": "AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy", - "UpdateDate": "2018-11-14T20:10:53+00:00", - "VersionId": "v1" - }, - "AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-06-16T15:37:37+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "kms:SynchronizeMultiRegionKey" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4P3NRAIDRH", - "PolicyName": "AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy", - "UpdateDate": "2021-06-16T15:37:37+00:00", - "VersionId": "v1" - }, - "AWSKeyManagementServicePowerUser": { - "Arn": "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:40+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "kms:CreateAlias", - "kms:CreateKey", - "kms:DeleteAlias", - "kms:Describe*", - "kms:GenerateRandom", - "kms:Get*", - "kms:List*", - "kms:TagResource", - "kms:UntagResource", - "iam:ListGroups", - "iam:ListRoles", - "iam:ListUsers" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJNPP7PPPPMJRV2SA4", - "PolicyName": "AWSKeyManagementServicePowerUser", - "UpdateDate": "2017-03-07T00:55:11+00:00", - "VersionId": "v2" - }, - "AWSLakeFormationCrossAccountManager": { - "Arn": "arn:aws:iam::aws:policy/AWSLakeFormationCrossAccountManager", - "AttachmentCount": 0, - "CreateDate": "2020-08-04T20:59:46+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "ram:CreateResourceShare" - ], - "Condition": { - "StringLikeIfExists": { - "ram:RequestedResourceType": [ - "glue:Table", - "glue:Database", - "glue:Catalog" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ram:UpdateResourceShare", - "ram:DeleteResourceShare" - ], - "Condition": { - "StringLike": { - "ram:ResourceShareName": [ - "LakeFormation*" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "glue:PutResourcePolicy", - "glue:DeleteResourcePolicy", - "organizations:DescribeOrganization", - "organizations:DescribeAccount", - "ram:Get*", - "ram:List*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "organizations:ListRoots", - "organizations:ListAccountsForParent", - "organizations:ListOrganizationalUnitsForParent" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4HPT7Y7QL3", - "PolicyName": "AWSLakeFormationCrossAccountManager", - "UpdateDate": "2020-12-07T23:11:36+00:00", - "VersionId": "v3" - }, - "AWSLakeFormationDataAdmin": { - "Arn": "arn:aws:iam::aws:policy/AWSLakeFormationDataAdmin", - "AttachmentCount": 0, - "CreateDate": "2019-08-08T17:33:44+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "lakeformation:*", - "cloudtrail:DescribeTrails", - "cloudtrail:LookupEvents", - "glue:GetDatabase", - "glue:GetDatabases", - "glue:CreateDatabase", - "glue:UpdateDatabase", - "glue:DeleteDatabase", - "glue:GetConnections", - "glue:SearchTables", - "glue:GetTable", - "glue:CreateTable", - "glue:UpdateTable", - "glue:DeleteTable", - "glue:GetTableVersions", - "glue:GetPartitions", - "glue:GetTables", - "glue:GetWorkflow", - "glue:ListWorkflows", - "glue:BatchGetWorkflows", - "glue:DeleteWorkflow", - "glue:GetWorkflowRuns", - "glue:StartWorkflowRun", - "glue:GetWorkflow", - "s3:ListBucket", - "s3:GetBucketLocation", - "s3:ListAllMyBuckets", - "s3:GetBucketAcl", - "iam:ListUsers", - "iam:ListRoles", - "iam:GetRole", - "iam:GetRolePolicy" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "lakeformation:PutDataLakeSettings" - ], - "Effect": "Deny", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4OWCH3ENIA", - "PolicyName": "AWSLakeFormationDataAdmin", - "UpdateDate": "2019-12-16T22:41:40+00:00", - "VersionId": "v2" - }, - "AWSLambdaBasicExecutionRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "AttachmentCount": 0, - "CreateDate": "2015-04-09T15:03:43+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJNCQGXC42545SKXIK", - "PolicyName": "AWSLambdaBasicExecutionRole", - "UpdateDate": "2015-04-09T15:03:43+00:00", - "VersionId": "v1" - }, - "AWSLambdaDynamoDBExecutionRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole", - "AttachmentCount": 0, - "CreateDate": "2015-04-09T15:09:29+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "dynamodb:DescribeStream", - "dynamodb:GetRecords", - "dynamodb:GetShardIterator", - "dynamodb:ListStreams", - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIP7WNAGMIPYNW4WQG", - "PolicyName": "AWSLambdaDynamoDBExecutionRole", - "UpdateDate": "2015-04-09T15:09:29+00:00", - "VersionId": "v1" - }, - "AWSLambdaENIManagementAccess": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaENIManagementAccess", - "AttachmentCount": 0, - "CreateDate": "2016-12-06T00:37:27+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DeleteNetworkInterface", - "ec2:AssignPrivateIpAddresses", - "ec2:UnassignPrivateIpAddresses" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJXAW2Q3KPTURUT2QC", - "PolicyName": "AWSLambdaENIManagementAccess", - "UpdateDate": "2020-10-01T20:07:26+00:00", - "VersionId": "v2" - }, - "AWSLambdaExecute": { - "Arn": "arn:aws:iam::aws:policy/AWSLambdaExecute", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:46+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:*" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:*" - }, - { - "Action": [ - "s3:GetObject", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJE5FX7FQZSU5XAKGO", - "PolicyName": "AWSLambdaExecute", - "UpdateDate": "2015-02-06T18:40:46+00:00", - "VersionId": "v1" - }, - "AWSLambdaInvocation-DynamoDB": { - "Arn": "arn:aws:iam::aws:policy/AWSLambdaInvocation-DynamoDB", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:47+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "lambda:InvokeFunction" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "dynamodb:DescribeStream", - "dynamodb:GetRecords", - "dynamodb:GetShardIterator", - "dynamodb:ListStreams" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJTHQ3EKCQALQDYG5G", - "PolicyName": "AWSLambdaInvocation-DynamoDB", - "UpdateDate": "2015-02-06T18:40:47+00:00", - "VersionId": "v1" - }, - "AWSLambdaKinesisExecutionRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole", - "AttachmentCount": 0, - "CreateDate": "2015-04-09T15:14:16+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "kinesis:DescribeStream", - "kinesis:DescribeStreamSummary", - "kinesis:GetRecords", - "kinesis:GetShardIterator", - "kinesis:ListShards", - "kinesis:ListStreams", - "kinesis:SubscribeToShard", - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJHOLKJPXV4GBRMJUQ", - "PolicyName": "AWSLambdaKinesisExecutionRole", - "UpdateDate": "2018-11-19T20:09:24+00:00", - "VersionId": "v2" - }, - "AWSLambdaMSKExecutionRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaMSKExecutionRole", - "AttachmentCount": 0, - "CreateDate": "2020-08-11T17:35:05+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "kafka:DescribeCluster", - "kafka:GetBootstrapBrokers", - "ec2:CreateNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeVpcs", - "ec2:DeleteNetworkInterface", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FHMXOHIS5", - "PolicyName": "AWSLambdaMSKExecutionRole", - "UpdateDate": "2020-08-11T17:35:05+00:00", - "VersionId": "v1" - }, - "AWSLambdaReplicator": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLambdaReplicator", - "AttachmentCount": 0, - "CreateDate": "2017-05-23T17:53:03+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "lambda:CreateFunction", - "lambda:DeleteFunction", - "lambda:DisableReplication" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:lambda:*:*:function:*" - ], - "Sid": "LambdaCreateDeletePermission" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLikeIfExists": { - "iam:PassedToService": "lambda.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "IamPassRolePermission" - }, - { - "Action": [ - "cloudfront:ListDistributionsByLambdaFunction" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "CloudFrontListDistributions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIIQFXZNNLL3E2HKTG", - "PolicyName": "AWSLambdaReplicator", - "UpdateDate": "2017-12-08T00:17:54+00:00", - "VersionId": "v3" - }, - "AWSLambdaRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaRole", - "AttachmentCount": 1, - "CreateDate": "2015-02-06T18:41:28+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "lambda:InvokeFunction" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJX4DPCRGTC4NFDUXI", - "PolicyName": "AWSLambdaRole", - "UpdateDate": "2015-02-06T18:41:28+00:00", - "VersionId": "v1" - }, - "AWSLambdaSQSQueueExecutionRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole", - "AttachmentCount": 0, - "CreateDate": "2018-06-14T21:50:45+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "sqs:ReceiveMessage", - "sqs:DeleteMessage", - "sqs:GetQueueAttributes", - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJFWJZI6JNND4TSELK", - "PolicyName": "AWSLambdaSQSQueueExecutionRole", - "UpdateDate": "2018-06-14T21:50:45+00:00", - "VersionId": "v1" - }, - "AWSLambdaVPCAccessExecutionRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", - "AttachmentCount": 0, - "CreateDate": "2016-02-11T23:15:26+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - "ec2:CreateNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DeleteNetworkInterface", - "ec2:AssignPrivateIpAddresses", - "ec2:UnassignPrivateIpAddresses" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJVTME3YLVNL72YR2K", - "PolicyName": "AWSLambdaVPCAccessExecutionRole", - "UpdateDate": "2020-10-15T22:53:03+00:00", - "VersionId": "v2" - }, - "AWSLambda_FullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSLambda_FullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-11-17T21:14:08+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cloudformation:DescribeStacks", - "cloudformation:ListStackResources", - "cloudwatch:ListMetrics", - "cloudwatch:GetMetricData", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "kms:ListAliases", - "iam:GetPolicy", - "iam:GetPolicyVersion", - "iam:GetRole", - "iam:GetRolePolicy", - "iam:ListAttachedRolePolicies", - "iam:ListRolePolicies", - "iam:ListRoles", - "lambda:*", - "logs:DescribeLogGroups", - "states:DescribeStateMachine", - "states:ListStateMachines", - "tag:GetResources", - "xray:GetTraceSummaries", - "xray:BatchGetTraces" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": "lambda.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "logs:FilterLogEvents" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4OXQPYWZ5D", - "PolicyName": "AWSLambda_FullAccess", - "UpdateDate": "2020-11-17T21:14:08+00:00", - "VersionId": "v1" - }, - "AWSLambda_ReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSLambda_ReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-11-17T21:10:32+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cloudformation:DescribeStacks", - "cloudformation:ListStackResources", - "cloudwatch:GetMetricData", - "cloudwatch:ListMetrics", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "kms:ListAliases", - "iam:GetPolicy", - "iam:GetPolicyVersion", - "iam:GetRole", - "iam:GetRolePolicy", - "iam:ListAttachedRolePolicies", - "iam:ListRolePolicies", - "iam:ListRoles", - "logs:DescribeLogGroups", - "lambda:Get*", - "lambda:List*", - "states:DescribeStateMachine", - "states:ListStateMachines", - "tag:GetResources", - "xray:GetTraceSummaries", - "xray:BatchGetTraces" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "logs:FilterLogEvents" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4IERNVMNPE", - "PolicyName": "AWSLambda_ReadOnlyAccess", - "UpdateDate": "2020-11-17T21:10:32+00:00", - "VersionId": "v1" - }, - "AWSLicenseManagerConsumptionPolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSLicenseManagerConsumptionPolicy", - "AttachmentCount": 0, - "CreateDate": "2021-08-11T23:18:08+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": { - "Action": [ - "license-manager:CheckoutLicense", - "license-manager:CheckInLicense", - "license-manager:ExtendLicenseConsumption", - "license-manager:GetLicense" - ], - "Effect": "Allow", - "Resource": "*" - }, - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KWNLLSDDM", - "PolicyName": "AWSLicenseManagerConsumptionPolicy", - "UpdateDate": "2021-08-11T23:18:08+00:00", - "VersionId": "v1" - }, - "AWSLicenseManagerMasterAccountRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerMasterAccountRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-11-26T19:03:51+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "s3:GetBucketLocation", - "s3:ListBucket", - "s3:GetLifecycleConfiguration", - "s3:PutLifecycleConfiguration", - "s3:GetBucketPolicy", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-license-manager-service-*" - ], - "Sid": "S3BucketPermissions" - }, - { - "Action": [ - "s3:AbortMultipartUpload", - "s3:PutObject", - "s3:GetObject", - "s3:ListBucketMultipartUploads", - "s3:ListMultipartUploadParts" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-license-manager-service-*" - ], - "Sid": "S3ObjectPermissions1" - }, - { - "Action": [ - "s3:DeleteObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-license-manager-service-*/resource_sync/*" - ], - "Sid": "S3ObjectPermissions2" - }, - { - "Action": [ - "athena:GetQueryExecution", - "athena:GetQueryResults", - "athena:StartQueryExecution" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "AthenaPermissions" - }, - { - "Action": [ - "glue:GetTable", - "glue:GetPartition", - "glue:GetPartitions" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "GluePermissions" - }, - { - "Action": [ - "organizations:DescribeOrganization", - "organizations:ListAccounts", - "organizations:DescribeAccount", - "organizations:ListChildren", - "organizations:ListParents", - "organizations:ListAccountsForParent", - "organizations:ListRoots", - "organizations:ListAWSServiceAccessForOrganization" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "OrganizationPermissions" - }, - { - "Action": [ - "ram:GetResourceShares", - "ram:GetResourceShareAssociations", - "ram:TagResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "RAMPermissions1" - }, - { - "Action": [ - "ram:CreateResourceShare" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/Service": "LicenseManager" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "RAMPermissions2" - }, - { - "Action": [ - "ram:AssociateResourceShare", - "ram:DisassociateResourceShare", - "ram:UpdateResourceShare", - "ram:DeleteResourceShare" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/Service": "LicenseManager" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "RAMPermissions3" - }, - { - "Action": [ - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "IAMGetRoles" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "cloudformation.amazonaws.com", - "glue.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/LicenseManagerServiceResourceDataSyncRole*" - ], - "Sid": "IAMPassRoles" - }, - { - "Action": [ - "cloudformation:UpdateStack", - "cloudformation:CreateStack", - "cloudformation:DeleteStack", - "cloudformation:DescribeStacks" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:stack/LicenseManagerCrossAccountCloudDiscoveryStack/*" - ], - "Sid": "CloudformationPermission" - }, - { - "Action": [ - "glue:CreateTable", - "glue:UpdateTable", - "glue:DeleteTable", - "glue:UpdateJob", - "glue:UpdateCrawler" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:glue:*:*:catalog", - "arn:aws:glue:*:*:crawler/LicenseManagerResourceSynDataCrawler", - "arn:aws:glue:*:*:job/LicenseManagerResourceSynDataProcessJob", - "arn:aws:glue:*:*:table/license_manager_resource_inventory_db/*", - "arn:aws:glue:*:*:table/license_manager_resource_sync/*", - "arn:aws:glue:*:*:database/license_manager_resource_inventory_db", - "arn:aws:glue:*:*:database/license_manager_resource_sync" - ], - "Sid": "GlueUpdatePermissions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIJE2NOZW2BDEHYUH2", - "PolicyName": "AWSLicenseManagerMasterAccountRolePolicy", - "UpdateDate": "2021-11-18T02:02:15+00:00", - "VersionId": "v4" - }, - "AWSLicenseManagerMemberAccountRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerMemberAccountRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-11-26T19:04:32+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "license-manager:UpdateLicenseSpecificationsForResource", - "license-manager:GetLicenseConfiguration" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "LicenseManagerPermissions" - }, - { - "Action": [ - "ssm:ListInventoryEntries", - "ssm:GetInventory", - "ssm:CreateAssociation", - "ssm:CreateResourceDataSync", - "ssm:DeleteResourceDataSync", - "ssm:ListResourceDataSync", - "ssm:ListAssociations" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "SSMPermissions" - }, - { - "Action": [ - "ram:AcceptResourceShareInvitation", - "ram:GetResourceShareInvitations" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "RAMPermissions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJZTYEY2LEGBYAVUY4", - "PolicyName": "AWSLicenseManagerMemberAccountRolePolicy", - "UpdateDate": "2019-11-15T22:09:32+00:00", - "VersionId": "v2" - }, - "AWSLicenseManagerServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-11-26T19:02:53+00:00", - "DefaultVersionId": "v7", - "Document": { - "Statement": [ - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "license-management.marketplace.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/license-management.marketplace.amazonaws.com/AWSServiceRoleForMarketplaceLicenseManagement" - ], - "Sid": "IAMPermissions" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "license-manager.member-account.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:*:iam::*:role/aws-service-role/license-manager.member-account.amazonaws.com/AWSServiceRoleForAWSLicenseManagerMemberAccountRole" - ], - "Sid": "IAMPermissionsForCreatingMemberSLR" - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-license-manager-service-*" - ], - "Sid": "S3BucketPermissions1" - }, - { - "Action": [ - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "S3BucketPermissions2" - }, - { - "Action": [ - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-license-manager-service-*" - ], - "Sid": "S3ObjectPermissions" - }, - { - "Action": [ - "sns:Publish" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sns:*:*:aws-license-manager-service-*" - ], - "Sid": "SNSAccountPermissions" - }, - { - "Action": [ - "sns:ListTopics" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "SNSTopicPermissions" - }, - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeImages", - "ec2:DescribeHosts" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "EC2Permissions" - }, - { - "Action": [ - "ssm:ListInventoryEntries", - "ssm:GetInventory", - "ssm:CreateAssociation" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "SSMPermissions" - }, - { - "Action": [ - "organizations:ListAWSServiceAccessForOrganization", - "organizations:DescribeOrganization", - "organizations:ListDelegatedAdministrators" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "OrganizationPermissions" - }, - { - "Action": [ - "license-manager:GetServiceSettings", - "license-manager:GetLicense*", - "license-manager:UpdateLicenseSpecificationsForResource", - "license-manager:List*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "LicenseManagerPermissions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIM7JPETWHTYNBQSZE", - "PolicyName": "AWSLicenseManagerServiceRolePolicy", - "UpdateDate": "2021-07-30T01:43:19+00:00", - "VersionId": "v7" - }, - "AWSMarketplaceAmiIngestion": { - "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceAmiIngestion", - "AttachmentCount": 0, - "CreateDate": "2020-09-25T20:55:10+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:ModifySnapshotAttribute" - ], - "Effect": "Allow", - "Resource": "arn:aws:ec2:us-east-1::snapshot/snap-*" - }, - { - "Action": [ - "ec2:DescribeImageAttribute", - "ec2:DescribeImages", - "ec2:DescribeSnapshotAttribute", - "ec2:ModifyImageAttribute" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4AV3OZYWEM", - "PolicyName": "AWSMarketplaceAmiIngestion", - "UpdateDate": "2020-09-25T20:55:10+00:00", - "VersionId": "v1" - }, - "AWSMarketplaceFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-11T17:21:45+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "aws-marketplace:*", - "cloudformation:CreateStack", - "cloudformation:DescribeStackResource", - "cloudformation:DescribeStackResources", - "cloudformation:DescribeStacks", - "cloudformation:List*", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAddresses", - "ec2:DeleteSecurityGroup", - "ec2:DescribeAccountAttributes", - "ec2:DescribeImages", - "ec2:DescribeInstances", - "ec2:DescribeKeyPairs", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeTags", - "ec2:DescribeVpcs", - "ec2:RunInstances", - "ec2:StartInstances", - "ec2:StopInstances", - "ec2:TerminateInstances" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CopyImage", - "ec2:DeregisterImage", - "ec2:DescribeSnapshots", - "ec2:DeleteSnapshot", - "ec2:CreateImage", - "ec2:DescribeInstanceStatus", - "ssm:GetAutomationExecution", - "ssm:ListDocuments", - "ssm:DescribeDocument", - "sns:ListTopics", - "sns:GetTopicAttributes", - "sns:CreateTopic", - "iam:GetRole", - "iam:GetInstanceProfile", - "iam:ListRoles", - "iam:ListInstanceProfiles" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:ListBucket", - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*image-build*" - ] - }, - { - "Action": [ - "sns:Publish", - "sns:setTopicAttributes" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:*image-build*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": [ - "ec2.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ssm:StartAutomationExecution" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ssm:eu-central-1:906690553262:automation-definition/*", - "arn:aws:ssm:us-east-1:058657716661:automation-definition/*", - "arn:aws:ssm:ap-northeast-1:340648487307:automation-definition/*", - "arn:aws:ssm:eu-west-1:564714592864:automation-definition/*", - "arn:aws:ssm:us-west-2:243045473901:automation-definition/*", - "arn:aws:ssm:ap-southeast-2:362149219987:automation-definition/*", - "arn:aws:ssm:eu-west-2:587945719687:automation-definition/*", - "arn:aws:ssm:us-east-2:134937423163:automation-definition/*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:AssociatedResourceARN": [ - "arn:aws:ssm:eu-central-1:906690553262:automation-definition/*", - "arn:aws:ssm:us-east-1:058657716661:automation-definition/*", - "arn:aws:ssm:ap-northeast-1:340648487307:automation-definition/*", - "arn:aws:ssm:eu-west-1:564714592864:automation-definition/*", - "arn:aws:ssm:us-west-2:243045473901:automation-definition/*", - "arn:aws:ssm:ap-southeast-2:362149219987:automation-definition/*", - "arn:aws:ssm:eu-west-2:587945719687:automation-definition/*", - "arn:aws:ssm:us-east-2:134937423163:automation-definition/*" - ], - "iam:PassedToService": [ - "ssm.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI2DV5ULJSO2FYVPYG", - "PolicyName": "AWSMarketplaceFullAccess", - "UpdateDate": "2022-03-04T17:04:00+00:00", - "VersionId": "v4" - }, - "AWSMarketplaceGetEntitlements": { - "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceGetEntitlements", - "AttachmentCount": 0, - "CreateDate": "2017-03-27T19:37:24+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "aws-marketplace:GetEntitlements" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJLPIMQE4WMHDC2K7C", - "PolicyName": "AWSMarketplaceGetEntitlements", - "UpdateDate": "2017-03-27T19:37:24+00:00", - "VersionId": "v1" - }, - "AWSMarketplaceImageBuildFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceImageBuildFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-07-31T23:29:49+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "aws-marketplace:ListBuilds", - "aws-marketplace:StartBuild", - "aws-marketplace:DescribeBuilds" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:TerminateInstances", - "Condition": { - "StringLike": { - "ec2:ResourceTag/marketplace-image-build:build-id": "*" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "ec2.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/*Automation*", - "arn:aws:iam::*:role/*Instance*" - ] - }, - { - "Action": [ - "ssm:GetAutomationExecution", - "ssm:ListDocuments", - "ssm:DescribeDocument", - "ec2:DeregisterImage", - "ec2:CopyImage", - "ec2:DescribeSnapshots", - "ec2:DescribeSecurityGroups", - "ec2:DescribeImages", - "ec2:DescribeSubnets", - "ec2:DeleteSnapshot", - "ec2:CreateImage", - "ec2:RunInstances", - "ec2:DescribeInstanceStatus", - "sns:GetTopicAttributes", - "iam:GetRole", - "iam:GetInstanceProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetObject", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*image-build*" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*::image/*", - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": [ - "sns:Publish" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sns:*:*:*image-build*" - ] - }, - { - "Action": [ - "ssm:StartAutomationExecution" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ssm:eu-central-1:906690553262:automation-definition/*", - "arn:aws:ssm:us-east-1:058657716661:automation-definition/*", - "arn:aws:ssm:ap-northeast-1:340648487307:automation-definition/*", - "arn:aws:ssm:eu-west-1:564714592864:automation-definition/*", - "arn:aws:ssm:us-west-2:243045473901:automation-definition/*", - "arn:aws:ssm:ap-southeast-2:362149219987:automation-definition/*", - "arn:aws:ssm:eu-west-2:587945719687:automation-definition/*", - "arn:aws:ssm:us-east-2:134937423163:automation-definition/*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:AssociatedResourceARN": [ - "arn:aws:ssm:eu-central-1:906690553262:automation-definition/*", - "arn:aws:ssm:us-east-1:058657716661:automation-definition/*", - "arn:aws:ssm:ap-northeast-1:340648487307:automation-definition/*", - "arn:aws:ssm:eu-west-1:564714592864:automation-definition/*", - "arn:aws:ssm:us-west-2:243045473901:automation-definition/*", - "arn:aws:ssm:ap-southeast-2:362149219987:automation-definition/*", - "arn:aws:ssm:eu-west-2:587945719687:automation-definition/*", - "arn:aws:ssm:us-east-2:134937423163:automation-definition/*" - ], - "iam:PassedToService": [ - "ssm.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "StringLike": { - "aws:RequestTag/marketplace-image-build:build-id": "*" - }, - "StringNotEquals": { - "ec2:CreateAction": "RunInstances" - } - }, - "Effect": "Deny", - "Resource": [ - "arn:aws:ec2:*:*:instance/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI4QBMJWC3BNHBHN6I", - "PolicyName": "AWSMarketplaceImageBuildFullAccess", - "UpdateDate": "2022-03-04T17:05:09+00:00", - "VersionId": "v3" - }, - "AWSMarketplaceLicenseManagementServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSMarketplaceLicenseManagementServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-12-03T08:33:40+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "organizations:DescribeOrganization", - "license-manager:ListReceivedGrants", - "license-manager:ListDistributedGrants", - "license-manager:GetGrant", - "license-manager:CreateGrant", - "license-manager:CreateGrantVersion", - "license-manager:DeleteGrant", - "license-manager:AcceptGrant" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "AllowLicenseManagerActions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4DTCV6FSO7", - "PolicyName": "AWSMarketplaceLicenseManagementServiceRolePolicy", - "UpdateDate": "2020-12-03T08:33:40+00:00", - "VersionId": "v1" - }, - "AWSMarketplaceManageSubscriptions": { - "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceManageSubscriptions", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:32+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "aws-marketplace:ViewSubscriptions", - "aws-marketplace:Subscribe", - "aws-marketplace:Unsubscribe" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "aws-marketplace:CreatePrivateMarketplaceRequests", - "aws-marketplace:ListPrivateMarketplaceRequests", - "aws-marketplace:DescribePrivateMarketplaceRequests" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJRDW2WIFN7QLUAKBQ", - "PolicyName": "AWSMarketplaceManageSubscriptions", - "UpdateDate": "2019-10-28T21:49:43+00:00", - "VersionId": "v2" - }, - "AWSMarketplaceMeteringFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess", - "AttachmentCount": 0, - "CreateDate": "2016-03-17T22:39:22+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "aws-marketplace:MeterUsage" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ65YJPG7CC7LDXNA6", - "PolicyName": "AWSMarketplaceMeteringFullAccess", - "UpdateDate": "2016-03-17T22:39:22+00:00", - "VersionId": "v1" - }, - "AWSMarketplaceMeteringRegisterUsage": { - "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceMeteringRegisterUsage", - "AttachmentCount": 0, - "CreateDate": "2019-11-21T01:17:54+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "aws-marketplace:RegisterUsage" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4OIHJX73MZ", - "PolicyName": "AWSMarketplaceMeteringRegisterUsage", - "UpdateDate": "2019-11-21T01:17:54+00:00", - "VersionId": "v1" - }, - "AWSMarketplaceProcurementSystemAdminFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceProcurementSystemAdminFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-06-25T13:07:47+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "aws-marketplace:PutProcurementSystemConfiguration", - "aws-marketplace:DescribeProcurementSystemConfiguration", - "organizations:Describe*", - "organizations:List*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FIYNR3TC4", - "PolicyName": "AWSMarketplaceProcurementSystemAdminFullAccess", - "UpdateDate": "2019-06-25T13:07:47+00:00", - "VersionId": "v1" - }, - "AWSMarketplacePurchaseOrdersServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSMarketplacePurchaseOrdersServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-10-27T15:12:37+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "purchase-orders:ViewPurchaseOrders", - "purchase-orders:ModifyPurchaseOrders" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "AllowPurchaseOrderActions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4BHDLJGTI4", - "PolicyName": "AWSMarketplacePurchaseOrdersServiceRolePolicy", - "UpdateDate": "2021-10-27T15:12:37+00:00", - "VersionId": "v1" - }, - "AWSMarketplaceRead-only": { - "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceRead-only", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:31+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "aws-marketplace:ViewSubscriptions", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAddresses", - "ec2:DescribeImages", - "ec2:DescribeInstances", - "ec2:DescribeKeyPairs", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "aws-marketplace:ListBuilds", - "aws-marketplace:DescribeBuilds", - "iam:ListRoles", - "iam:ListInstanceProfiles", - "sns:GetTopicAttributes", - "sns:ListTopics" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "aws-marketplace:ListPrivateMarketplaceRequests", - "aws-marketplace:DescribePrivateMarketplaceRequests" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJOOM6LETKURTJ3XZ2", - "PolicyName": "AWSMarketplaceRead-only", - "UpdateDate": "2019-10-28T21:51:31+00:00", - "VersionId": "v3" - }, - "AWSMarketplaceSellerFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceSellerFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-07-02T20:40:09+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "aws-marketplace-management:uploadFiles", - "aws-marketplace-management:viewMarketing", - "aws-marketplace-management:viewReports", - "aws-marketplace-management:viewSupport", - "aws-marketplace-management:viewSettings", - "aws-marketplace:ListChangeSets", - "aws-marketplace:DescribeChangeSet", - "aws-marketplace:StartChangeSet", - "aws-marketplace:CancelChangeSet", - "aws-marketplace:ListEntities", - "aws-marketplace:DescribeEntity", - "aws-marketplace:ListTasks", - "aws-marketplace:DescribeTask", - "aws-marketplace:UpdateTask", - "aws-marketplace:CompleteTask", - "ec2:DescribeImages", - "ec2:DescribeSnapshots", - "ec2:ModifyImageAttribute", - "ec2:ModifySnapshotAttribute" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "aws-marketplace:SearchAgreements", - "aws-marketplace:DescribeAgreement", - "aws-marketplace:GetAgreementTerms" - ], - "Condition": { - "ForAllValues:StringEquals": { - "aws-marketplace:AgreementType": [ - "PurchaseAgreement" - ] - }, - "StringEquals": { - "aws-marketplace:PartyType": "Proposer" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": "assets.marketplace.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JF7OFUANW", - "PolicyName": "AWSMarketplaceSellerFullAccess", - "UpdateDate": "2021-11-30T19:26:49+00:00", - "VersionId": "v5" - }, - "AWSMarketplaceSellerProductsFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceSellerProductsFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-07-02T21:06:25+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "aws-marketplace:ListChangeSets", - "aws-marketplace:DescribeChangeSet", - "aws-marketplace:StartChangeSet", - "aws-marketplace:CancelChangeSet", - "aws-marketplace:ListEntities", - "aws-marketplace:DescribeEntity", - "aws-marketplace:ListTasks", - "aws-marketplace:DescribeTask", - "aws-marketplace:UpdateTask", - "aws-marketplace:CompleteTask", - "ec2:DescribeImages", - "ec2:DescribeSnapshots", - "ec2:ModifyImageAttribute", - "ec2:ModifySnapshotAttribute" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": "assets.marketplace.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4DS2YFEG4N", - "PolicyName": "AWSMarketplaceSellerProductsFullAccess", - "UpdateDate": "2021-11-26T18:50:50+00:00", - "VersionId": "v4" - }, - "AWSMarketplaceSellerProductsReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceSellerProductsReadOnly", - "AttachmentCount": 0, - "CreateDate": "2019-07-02T21:40:47+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "aws-marketplace:ListChangeSets", - "aws-marketplace:DescribeChangeSet", - "aws-marketplace:ListEntities", - "aws-marketplace:DescribeEntity", - "aws-marketplace:ListTasks", - "aws-marketplace:DescribeTask", - "ec2:DescribeImages", - "ec2:DescribeSnapshots" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4K5Y2Q5F7D", - "PolicyName": "AWSMarketplaceSellerProductsReadOnly", - "UpdateDate": "2020-03-05T23:11:53+00:00", - "VersionId": "v2" - }, - "AWSMediaTailorServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSMediaTailorServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-09-17T22:27:10+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "logs:PutLogEvents", - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:MediaTailor/*:log-stream:*" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:CreateLogGroup", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:MediaTailor/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4N46XCSH76", - "PolicyName": "AWSMediaTailorServiceRolePolicy", - "UpdateDate": "2021-09-17T22:27:10+00:00", - "VersionId": "v1" - }, - "AWSMigrationHubDMSAccess": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSMigrationHubDMSAccess", - "AttachmentCount": 0, - "CreateDate": "2017-08-14T14:00:06+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "mgh:CreateProgressUpdateStream" - ], - "Effect": "Allow", - "Resource": "arn:aws:mgh:*:*:progressUpdateStream/DMS" - }, - { - "Action": [ - "mgh:AssociateCreatedArtifact", - "mgh:DescribeMigrationTask", - "mgh:DisassociateCreatedArtifact", - "mgh:ImportMigrationTask", - "mgh:ListCreatedArtifacts", - "mgh:NotifyMigrationTaskState", - "mgh:PutResourceAttributes", - "mgh:NotifyApplicationState", - "mgh:DescribeApplicationState", - "mgh:AssociateDiscoveredResource", - "mgh:DisassociateDiscoveredResource", - "mgh:ListDiscoveredResources" - ], - "Effect": "Allow", - "Resource": "arn:aws:mgh:*:*:progressUpdateStream/DMS/*" - }, - { - "Action": [ - "mgh:ListMigrationTasks", - "mgh:GetHomeRegion" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIUQB56VA4JHLN7G2W", - "PolicyName": "AWSMigrationHubDMSAccess", - "UpdateDate": "2019-10-07T17:51:53+00:00", - "VersionId": "v2" - }, - "AWSMigrationHubDiscoveryAccess": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSMigrationHubDiscoveryAccess", - "AttachmentCount": 0, - "CreateDate": "2017-08-14T13:30:51+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "discovery:ListConfigurations", - "discovery:DescribeConfigurations" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": "aws:migrationhub:source-id" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:image/*", - "arn:aws:ec2:*:*:volume/*" - ] - }, - { - "Action": "dms:AddTagsToResource", - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": "aws:migrationhub:source-id" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:dms:*:*:endpoint:*" - ] - }, - { - "Action": [ - "ec2:DescribeInstanceAttribute" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAITRMRLSV7JAL6YIGG", - "PolicyName": "AWSMigrationHubDiscoveryAccess", - "UpdateDate": "2020-08-06T17:34:42+00:00", - "VersionId": "v3" - }, - "AWSMigrationHubFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSMigrationHubFullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-08-14T14:02:54+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "mgh:*", - "discovery:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "continuousexport.discovery.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*" - }, - { - "Action": [ - "iam:DeleteServiceLinkedRole", - "iam:GetServiceLinkedRoleDeletionStatus" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "migrationhub.amazonaws.com", - "dmsintegration.migrationhub.amazonaws.com", - "smsintegration.migrationhub.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ4A2SZKHUYHDYIGOK", - "PolicyName": "AWSMigrationHubFullAccess", - "UpdateDate": "2019-06-19T21:14:41+00:00", - "VersionId": "v4" - }, - "AWSMigrationHubRefactorSpacesFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSMigrationHubRefactorSpacesFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-11-29T07:12:55+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "refactor-spaces:*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "RefactorSpaces" - }, - { - "Action": [ - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcEndpointServiceConfigurations", - "ec2:DescribeVpcs", - "ec2:DescribeTransitGatewayVpcAttachments", - "ec2:DescribeTransitGateways", - "ec2:DescribeTags", - "ec2:DescribeTransitGateways", - "ec2:DescribeAccountAttributes", - "ec2:DescribeInternetGateways" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateTransitGateway", - "ec2:CreateSecurityGroup", - "ec2:CreateTransitGatewayVpcAttachment" - ], - "Condition": { - "Null": { - "aws:RequestTag/refactor-spaces:environment-id": "false" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateTransitGateway", - "ec2:CreateSecurityGroup", - "ec2:CreateTransitGatewayVpcAttachment" - ], - "Condition": { - "Null": { - "aws:ResourceTag/refactor-spaces:environment-id": "false" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateVpcEndpointServiceConfiguration" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DeleteTransitGateway", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:RevokeSecurityGroupIngress", - "ec2:DeleteSecurityGroup", - "ec2:DeleteTransitGatewayVpcAttachment", - "ec2:CreateRoute", - "ec2:DeleteRoute", - "ec2:DeleteTags" - ], - "Condition": { - "Null": { - "aws:ResourceTag/refactor-spaces:environment-id": "false" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:DeleteVpcEndpointServiceConfigurations", - "Condition": { - "Null": { - "aws:ResourceTag/refactor-spaces:application-id": "false" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "elasticloadbalancing:CreateLoadBalancer" - ], - "Condition": { - "Null": { - "aws:RequestTag/refactor-spaces:application-id": "false" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTags", - "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeListeners" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:CreateLoadBalancerListeners", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:DeleteTargetGroup" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/refactor-spaces:route-id": [ - "*" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "elasticloadbalancing:DeleteLoadBalancer", - "Effect": "Allow", - "Resource": "arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*" - }, - { - "Action": [ - "elasticloadbalancing:AddTags", - "elasticloadbalancing:CreateListener" - ], - "Condition": { - "Null": { - "aws:RequestTag/refactor-spaces:route-id": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*" - }, - { - "Action": "elasticloadbalancing:DeleteListener", - "Effect": "Allow", - "Resource": "arn:*:elasticloadbalancing:*:*:listener/net/refactor-spaces-nlb-*" - }, - { - "Action": [ - "elasticloadbalancing:DeleteTargetGroup", - "elasticloadbalancing:RegisterTargets" - ], - "Effect": "Allow", - "Resource": "arn:*:elasticloadbalancing:*:*:targetgroup/refactor-spaces-tg-*" - }, - { - "Action": [ - "elasticloadbalancing:AddTags", - "elasticloadbalancing:CreateTargetGroup" - ], - "Condition": { - "Null": { - "aws:RequestTag/refactor-spaces:route-id": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:*:elasticloadbalancing:*:*:targetgroup/refactor-spaces-tg-*" - }, - { - "Action": [ - "apigateway:GET", - "apigateway:DELETE", - "apigateway:PATCH", - "apigateway:POST", - "apigateway:PUT", - "apigateway:UpdateRestApiPolicy" - ], - "Condition": { - "Null": { - "aws:ResourceTag/refactor-spaces:application-id": "false" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:apigateway:*::/restapis", - "arn:aws:apigateway:*::/restapis/*", - "arn:aws:apigateway:*::/vpclinks", - "arn:aws:apigateway:*::/vpclinks/*", - "arn:aws:apigateway:*::/tags", - "arn:aws:apigateway:*::/tags/*" - ] - }, - { - "Action": "apigateway:GET", - "Effect": "Allow", - "Resource": [ - "arn:aws:apigateway:*::/vpclinks", - "arn:aws:apigateway:*::/vpclinks/*" - ] - }, - { - "Action": [ - "organizations:DescribeOrganization" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudformation:CreateStack" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "refactor-spaces.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4OQKCEGRMK", - "PolicyName": "AWSMigrationHubRefactorSpacesFullAccess", - "UpdateDate": "2021-11-29T14:07:52+00:00", - "VersionId": "v2" - }, - "AWSMigrationHubRefactorSpacesServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSMigrationHubRefactorSpacesServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-11-29T06:50:15+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeRouteTables", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", - "ec2:DescribeVpcEndpointServiceConfigurations", - "ec2:DescribeTransitGatewayVpcAttachments", - "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeTargetGroups", - "ram:GetResourceShareAssociations" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:RevokeSecurityGroupIngress", - "ec2:DeleteSecurityGroup", - "ec2:DeleteTransitGatewayVpcAttachment", - "ec2:CreateRoute", - "ec2:DeleteRoute", - "ec2:DeleteTags", - "ram:DeleteResourceShare", - "ram:AssociateResourceShare", - "ram:DisassociateResourceShare" - ], - "Condition": { - "Null": { - "aws:ResourceTag/refactor-spaces:environment-id": "false" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:DeleteVpcEndpointServiceConfigurations", - "Condition": { - "Null": { - "aws:ResourceTag/refactor-spaces:application-id": "false" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:CreateLoadBalancerListeners", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:DeleteTargetGroup" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/refactor-spaces:route-id": [ - "*" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "apigateway:PUT", - "apigateway:POST", - "apigateway:GET", - "apigateway:PATCH", - "apigateway:DELETE" - ], - "Condition": { - "Null": { - "aws:ResourceTag/refactor-spaces:application-id": "false" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:apigateway:*::/restapis", - "arn:aws:apigateway:*::/restapis/*", - "arn:aws:apigateway:*::/vpclinks/*", - "arn:aws:apigateway:*::/tags", - "arn:aws:apigateway:*::/tags/*" - ] - }, - { - "Action": "apigateway:GET", - "Effect": "Allow", - "Resource": "arn:aws:apigateway:*::/vpclinks/*" - }, - { - "Action": "elasticloadbalancing:DeleteLoadBalancer", - "Effect": "Allow", - "Resource": "arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*" - }, - { - "Action": [ - "elasticloadbalancing:AddTags", - "elasticloadbalancing:CreateListener" - ], - "Condition": { - "Null": { - "aws:RequestTag/refactor-spaces:route-id": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*" - }, - { - "Action": "elasticloadbalancing:DeleteListener", - "Effect": "Allow", - "Resource": "arn:*:elasticloadbalancing:*:*:listener/net/refactor-spaces-nlb-*" - }, - { - "Action": [ - "elasticloadbalancing:DeleteTargetGroup", - "elasticloadbalancing:RegisterTargets" - ], - "Effect": "Allow", - "Resource": "arn:*:elasticloadbalancing:*:*:targetgroup/refactor-spaces-tg-*" - }, - { - "Action": [ - "elasticloadbalancing:AddTags", - "elasticloadbalancing:CreateTargetGroup" - ], - "Condition": { - "Null": { - "aws:RequestTag/refactor-spaces:route-id": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:*:elasticloadbalancing:*:*:targetgroup/refactor-spaces-tg-*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KIIHJIPXW", - "PolicyName": "AWSMigrationHubRefactorSpacesServiceRolePolicy", - "UpdateDate": "2021-11-29T06:50:15+00:00", - "VersionId": "v1" - }, - "AWSMigrationHubSMSAccess": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSMigrationHubSMSAccess", - "AttachmentCount": 0, - "CreateDate": "2017-08-14T13:57:54+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "mgh:CreateProgressUpdateStream" - ], - "Effect": "Allow", - "Resource": "arn:aws:mgh:*:*:progressUpdateStream/SMS" - }, - { - "Action": [ - "mgh:AssociateCreatedArtifact", - "mgh:DescribeMigrationTask", - "mgh:DisassociateCreatedArtifact", - "mgh:ImportMigrationTask", - "mgh:ListCreatedArtifacts", - "mgh:NotifyMigrationTaskState", - "mgh:PutResourceAttributes", - "mgh:NotifyApplicationState", - "mgh:DescribeApplicationState", - "mgh:AssociateDiscoveredResource", - "mgh:DisassociateDiscoveredResource", - "mgh:ListDiscoveredResources" - ], - "Effect": "Allow", - "Resource": "arn:aws:mgh:*:*:progressUpdateStream/SMS/*" - }, - { - "Action": [ - "mgh:ListMigrationTasks", - "mgh:GetHomeRegion" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIWQYYT6TSVIRJO4TY", - "PolicyName": "AWSMigrationHubSMSAccess", - "UpdateDate": "2019-10-07T18:01:22+00:00", - "VersionId": "v2" - }, - "AWSMigrationHubStrategyCollector": { - "Arn": "arn:aws:iam::aws:policy/AWSMigrationHubStrategyCollector", - "AttachmentCount": 0, - "CreateDate": "2021-10-19T20:15:15+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "s3:PutObject", - "s3:GetBucketAcl" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::migrationhub-strategy-*" - }, - { - "Action": [ - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*" - }, - { - "Action": [ - "execute-api:Invoke", - "execute-api:ManageConnections" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:execute-api:*:*:*/prod/*/put-log-data", - "arn:aws:execute-api:*:*:*/prod/*/put-metric-data" - ] - }, - { - "Action": [ - "migrationhub-strategy:RegisterCollector", - "migrationhub-strategy:GetAntiPattern", - "migrationhub-strategy:GetMessage", - "migrationhub-strategy:SendMessage", - "migrationhub-strategy:ListAntiPatterns", - "migrationhub-strategy:ListJarArtifacts" - ], - "Effect": "Allow", - "Resource": "arn:aws:migrationhub-strategy:*:*:*" - }, - { - "Action": [ - "secretsmanager:GetSecretValue" - ], - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:secret:migrationhub-strategy-*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LHUI3MFF6", - "PolicyName": "AWSMigrationHubStrategyCollector", - "UpdateDate": "2021-10-19T20:15:15+00:00", - "VersionId": "v1" - }, - "AWSMigrationHubStrategyConsoleFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSMigrationHubStrategyConsoleFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-10-19T20:13:26+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "migrationhub-strategy:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*" - }, - { - "Action": [ - "s3:GetObject", - "s3:CreateBucket", - "s3:PutEncryptionConfiguration", - "s3:PutBucketPublicAccessBlock", - "s3:PutBucketPolicy", - "s3:PutBucketVersioning", - "s3:PutLifecycleConfiguration" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::migrationhub-strategy-*" - }, - { - "Action": [ - "secretsmanager:ListSecrets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "discovery:GetDiscoverySummary" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "migrationhub-strategy.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/migrationhub-strategy.amazonaws.com/AWSMigrationHubStrategyServiceRolePolicy*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NOFRRYUC5", - "PolicyName": "AWSMigrationHubStrategyConsoleFullAccess", - "UpdateDate": "2021-10-19T20:13:26+00:00", - "VersionId": "v1" - }, - "AWSMigrationHubStrategyServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSMigrationHubStrategyServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-10-19T20:02:37+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "discovery:ListConfigurations", - "discovery:DescribeConfigurations", - "mgh:GetHomeRegion" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "permissionsForAds" - }, - { - "Action": [ - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*" - }, - { - "Action": [ - "s3:GetBucketAcl", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:PutObject", - "s3:PutObjectAcl" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::migrationhub-strategy-*", - "Sid": "permissionsForS3" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4EZOM3LHDI", - "PolicyName": "AWSMigrationHubStrategyServiceRolePolicy", - "UpdateDate": "2021-10-19T20:02:37+00:00", - "VersionId": "v1" - }, - "AWSMobileHub_FullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSMobileHub_FullAccess", - "AttachmentCount": 0, - "CreateDate": "2016-01-05T19:56:01+00:00", - "DefaultVersionId": "v14", - "Document": { - "Statement": [ - { - "Action": [ - "apigateway:GET", - "apigateway:POST", - "cloudfront:GetDistribution", - "devicefarm:CreateProject", - "devicefarm:ListJobs", - "devicefarm:ListRuns", - "devicefarm:GetProject", - "devicefarm:GetRun", - "devicefarm:ListArtifacts", - "devicefarm:ListProjects", - "devicefarm:ScheduleRun", - "dynamodb:DescribeTable", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "iam:ListSAMLProviders", - "lambda:ListFunctions", - "sns:ListTopics", - "lex:GetIntent", - "lex:GetIntents", - "lex:GetSlotType", - "lex:GetSlotTypes", - "lex:GetBot", - "lex:GetBots", - "lex:GetBotAlias", - "lex:GetBotAliases", - "mobilehub:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*/aws-my-sample-app*.zip" - }, - { - "Action": [ - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*-mobilehub-*/*" - }, - { - "Action": [ - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*-mobilehub-*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIJLU43R6AGRBK76DM", - "PolicyName": "AWSMobileHub_FullAccess", - "UpdateDate": "2019-12-19T23:15:52+00:00", - "VersionId": "v14" - }, - "AWSMobileHub_ReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AWSMobileHub_ReadOnly", - "AttachmentCount": 0, - "CreateDate": "2016-01-05T19:55:48+00:00", - "DefaultVersionId": "v10", - "Document": { - "Statement": [ - { - "Action": [ - "dynamodb:DescribeTable", - "iam:ListSAMLProviders", - "lambda:ListFunctions", - "sns:ListTopics", - "lex:GetIntent", - "lex:GetIntents", - "lex:GetSlotType", - "lex:GetSlotTypes", - "lex:GetBot", - "lex:GetBots", - "lex:GetBotAlias", - "lex:GetBotAliases", - "mobilehub:ExportProject", - "mobilehub:GenerateProjectParameters", - "mobilehub:GetProject", - "mobilehub:SynchronizeProject", - "mobilehub:GetProjectSnapshot", - "mobilehub:ListProjectSnapshots", - "mobilehub:ListAvailableConnectors", - "mobilehub:ListAvailableFeatures", - "mobilehub:ListAvailableRegions", - "mobilehub:ListProjects", - "mobilehub:ValidateProject", - "mobilehub:VerifyServiceRole", - "mobilehub:DescribeBundle", - "mobilehub:ExportBundle", - "mobilehub:ListBundles" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*/aws-my-sample-app*.zip" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIBXVYVL3PWQFBZFGW", - "PolicyName": "AWSMobileHub_ReadOnly", - "UpdateDate": "2018-07-23T21:59:05+00:00", - "VersionId": "v10" - }, - "AWSNetworkFirewallServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSNetworkFirewallServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-11-17T17:17:26+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:CreateVpcEndpoint", - "ec2:DescribeVpcEndpoints" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/AWSNetworkFirewallManaged": "true", - "ec2:CreateAction": "CreateVpcEndpoint" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*" - }, - { - "Action": [ - "ec2:DeleteVpcEndpoints" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/AWSNetworkFirewallManaged": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4DF6QQZAL3", - "PolicyName": "AWSNetworkFirewallServiceRolePolicy", - "UpdateDate": "2020-11-17T17:17:26+00:00", - "VersionId": "v1" - }, - "AWSNetworkManagerFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSNetworkManagerFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-12-03T17:37:58+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "networkmanager:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "networkmanager.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4ARXJ4NU7I", - "PolicyName": "AWSNetworkManagerFullAccess", - "UpdateDate": "2019-12-03T17:37:58+00:00", - "VersionId": "v1" - }, - "AWSNetworkManagerReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSNetworkManagerReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-12-03T17:35:05+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "networkmanager:Describe*", - "networkmanager:Get*", - "networkmanager:List*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LZFJOS62Z", - "PolicyName": "AWSNetworkManagerReadOnlyAccess", - "UpdateDate": "2019-12-03T17:35:05+00:00", - "VersionId": "v1" - }, - "AWSNetworkManagerServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSNetworkManagerServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-12-03T14:03:35+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "directconnect:DescribeDirectConnectGateways", - "directconnect:DescribeConnections", - "directconnect:DescribeDirectConnectGatewayAttachments", - "directconnect:DescribeLocations", - "directconnect:DescribeVirtualInterfaces", - "ec2:DescribeCustomerGateways", - "ec2:DescribeTransitGatewayAttachments", - "ec2:DescribeTransitGatewayRouteTables", - "ec2:DescribeTransitGateways", - "ec2:DescribeVpnConnections", - "ec2:DescribeVpcs", - "ec2:GetTransitGatewayRouteTableAssociations", - "ec2:SearchTransitGatewayRoutes", - "ec2:DescribeTransitGatewayPeeringAttachments", - "ec2:DescribeTransitGatewayConnects", - "ec2:DescribeTransitGatewayConnectPeers", - "ec2:DescribeRegions" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4B346KOB7I", - "PolicyName": "AWSNetworkManagerServiceRolePolicy", - "UpdateDate": "2021-11-23T21:38:47+00:00", - "VersionId": "v5" - }, - "AWSOpsWorksCMInstanceProfileRole": { - "Arn": "arn:aws:iam::aws:policy/AWSOpsWorksCMInstanceProfileRole", - "AttachmentCount": 0, - "CreateDate": "2016-11-24T09:48:22+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "cloudformation:DescribeStackResource", - "cloudformation:SignalResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "s3:AbortMultipartUpload", - "s3:DeleteObject", - "s3:GetObject", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "s3:ListMultipartUploadParts", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::aws-opsworks-cm-*" - }, - { - "Action": "acm:GetCertificate", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "secretsmanager:GetSecretValue", - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:opsworks-cm!aws-opsworks-cm-secrets-*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAICSU3OSHCURP2WIZW", - "PolicyName": "AWSOpsWorksCMInstanceProfileRole", - "UpdateDate": "2021-04-23T17:34:03+00:00", - "VersionId": "v5" - }, - "AWSOpsWorksCMServiceRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSOpsWorksCMServiceRole", - "AttachmentCount": 0, - "CreateDate": "2016-11-24T09:49:46+00:00", - "DefaultVersionId": "v14", - "Document": { - "Statement": [ - { - "Action": [ - "s3:CreateBucket", - "s3:DeleteObject", - "s3:DeleteBucket", - "s3:GetObject", - "s3:ListBucket", - "s3:PutBucketPolicy", - "s3:PutObject", - "s3:GetBucketTagging", - "s3:PutBucketTagging" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-opsworks-cm-*" - ] - }, - { - "Action": [ - "tag:UntagResources", - "tag:TagResources" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ssm:DescribeInstanceInformation", - "ssm:GetCommandInvocation", - "ssm:ListCommandInvocations", - "ssm:ListCommands" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ssm:SendCommand" - ], - "Condition": { - "StringLike": { - "ssm:resourceTag/aws:cloudformation:stack-name": "aws-opsworks-cm-*" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ssm:SendCommand" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ssm:*::document/*", - "arn:aws:s3:::aws-opsworks-cm-*" - ] - }, - { - "Action": [ - "ec2:AllocateAddress", - "ec2:AssociateAddress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateImage", - "ec2:CreateSecurityGroup", - "ec2:CreateSnapshot", - "ec2:CreateTags", - "ec2:DeleteSecurityGroup", - "ec2:DeleteSnapshot", - "ec2:DeregisterImage", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAddresses", - "ec2:DescribeImages", - "ec2:DescribeInstanceStatus", - "ec2:DescribeInstances", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSnapshots", - "ec2:DescribeSubnets", - "ec2:DisassociateAddress", - "ec2:ReleaseAddress", - "ec2:RunInstances", - "ec2:StopInstances" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:TerminateInstances", - "ec2:RebootInstances" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/aws:cloudformation:stack-name": "aws-opsworks-cm-*" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "opsworks-cm:DeleteServer", - "opsworks-cm:StartMaintenance" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:opsworks-cm:*:*:server/*" - ] - }, - { - "Action": [ - "cloudformation:CreateStack", - "cloudformation:DeleteStack", - "cloudformation:DescribeStackEvents", - "cloudformation:DescribeStackResources", - "cloudformation:DescribeStacks", - "cloudformation:UpdateStack" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:stack/aws-opsworks-cm-*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-opsworks-cm-*", - "arn:aws:iam::*:role/service-role/aws-opsworks-cm-*" - ] - }, - { - "Action": [ - "acm:DeleteCertificate", - "acm:ImportCertificate" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "secretsmanager:CreateSecret", - "secretsmanager:GetSecretValue", - "secretsmanager:UpdateSecret", - "secretsmanager:DeleteSecret", - "secretsmanager:TagResource", - "secretsmanager:UntagResource" - ], - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:opsworks-cm!aws-opsworks-cm-secrets-*" - }, - { - "Action": "ec2:DeleteTags", - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:elastic-ip/*", - "arn:aws:ec2:*:*:security-group/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ6I6MPGJE62URSHCO", - "PolicyName": "AWSOpsWorksCMServiceRole", - "UpdateDate": "2021-04-23T17:32:13+00:00", - "VersionId": "v14" - }, - "AWSOpsWorksCloudWatchLogs": { - "Arn": "arn:aws:iam::aws:policy/AWSOpsWorksCloudWatchLogs", - "AttachmentCount": 0, - "CreateDate": "2017-03-30T17:47:19+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJXFIK7WABAY5CPXM4", - "PolicyName": "AWSOpsWorksCloudWatchLogs", - "UpdateDate": "2017-03-30T17:47:19+00:00", - "VersionId": "v1" - }, - "AWSOpsWorksInstanceRegistration": { - "Arn": "arn:aws:iam::aws:policy/AWSOpsWorksInstanceRegistration", - "AttachmentCount": 0, - "CreateDate": "2016-06-03T14:23:15+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "opsworks:DescribeStackProvisioningParameters", - "opsworks:DescribeStacks", - "opsworks:RegisterInstance" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJG3LCPVNI4WDZCIMU", - "PolicyName": "AWSOpsWorksInstanceRegistration", - "UpdateDate": "2016-06-03T14:23:15+00:00", - "VersionId": "v1" - }, - "AWSOpsWorksRegisterCLI_EC2": { - "Arn": "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI_EC2", - "AttachmentCount": 0, - "CreateDate": "2019-06-18T15:56:17+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "opsworks:AssignInstance", - "opsworks:CreateLayer", - "opsworks:DeregisterInstance", - "opsworks:DescribeInstances", - "opsworks:DescribeStackProvisioningParameters", - "opsworks:DescribeStacks", - "opsworks:UnassignInstance" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:DescribeInstances" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NCE3CMCRC", - "PolicyName": "AWSOpsWorksRegisterCLI_EC2", - "UpdateDate": "2019-06-18T15:56:17+00:00", - "VersionId": "v1" - }, - "AWSOpsWorksRegisterCLI_OnPremises": { - "Arn": "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI_OnPremises", - "AttachmentCount": 0, - "CreateDate": "2019-06-18T15:33:16+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "opsworks:AssignInstance", - "opsworks:CreateLayer", - "opsworks:DeregisterInstance", - "opsworks:DescribeInstances", - "opsworks:DescribeStackProvisioningParameters", - "opsworks:DescribeStacks", - "opsworks:UnassignInstance" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:DescribeInstances" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "iam:CreateGroup", - "iam:AddUserToGroup" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:group/AWS/OpsWorks/OpsWorks-*" - ] - }, - { - "Action": [ - "iam:CreateUser", - "iam:CreateAccessKey" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:user/AWS/OpsWorks/OpsWorks-*" - ] - }, - { - "Action": [ - "iam:AttachUserPolicy" - ], - "Condition": { - "ArnEquals": { - "iam:PolicyARN": "arn:aws:iam::aws:policy/AWSOpsWorksInstanceRegistration" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:user/AWS/OpsWorks/OpsWorks-*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4EZJ5DYEPG", - "PolicyName": "AWSOpsWorksRegisterCLI_OnPremises", - "UpdateDate": "2019-06-18T15:33:16+00:00", - "VersionId": "v1" - }, - "AWSOpsWorks_FullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSOpsWorks_FullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-01-22T16:29:08+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:GetMetricStatistics", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInstances", - "ec2:DescribeKeyPairs", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "elasticloadbalancing:DescribeInstanceHealth", - "elasticloadbalancing:DescribeLoadBalancers", - "iam:GetRolePolicy", - "iam:ListInstanceProfiles", - "iam:ListRoles", - "iam:ListUsers", - "opsworks:*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": "opsworks.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4D626GOURR", - "PolicyName": "AWSOpsWorks_FullAccess", - "UpdateDate": "2021-01-22T16:29:08+00:00", - "VersionId": "v1" - }, - "AWSOrganizationsFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSOrganizationsFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-06T20:31:57+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": "organizations:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "account:PutAlternateContact", - "account:DeleteAlternateContact", - "account:GetAlternateContact" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJZXBNRCJKNLQHSB5M", - "PolicyName": "AWSOrganizationsFullAccess", - "UpdateDate": "2022-02-07T18:26:04+00:00", - "VersionId": "v2" - }, - "AWSOrganizationsReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSOrganizationsReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-06T20:32:38+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "organizations:Describe*", - "organizations:List*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "account:GetAlternateContact" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJY5RQATUV77PEPVOM", - "PolicyName": "AWSOrganizationsReadOnlyAccess", - "UpdateDate": "2022-02-07T18:17:19+00:00", - "VersionId": "v2" - }, - "AWSOrganizationsServiceTrustPolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSOrganizationsServiceTrustPolicy", - "AttachmentCount": 1, - "CreateDate": "2017-10-10T23:04:07+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "iam:DeleteRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/organizations.amazonaws.com/*" - ], - "Sid": "AllowDeletionOfServiceLinkedRoleForOrganizations" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowCreationOfServiceLinkedRoles" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIQH6ROMVVECFVRJPK", - "PolicyName": "AWSOrganizationsServiceTrustPolicy", - "UpdateDate": "2017-11-01T06:01:18+00:00", - "VersionId": "v2" - }, - "AWSOutpostsServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSOutpostsServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-11-09T22:55:56+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NM7FW2RO7", - "PolicyName": "AWSOutpostsServiceRolePolicy", - "UpdateDate": "2020-11-09T22:55:56+00:00", - "VersionId": "v1" - }, - "AWSPanoramaApplianceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSPanoramaApplianceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-12-01T13:13:18+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/panorama_device*:log-stream:*", - "Sid": "PanoramaDeviceCreateLogStream" - }, - { - "Action": "logs:CreateLogGroup", - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/panorama_device*", - "Sid": "PanoramaDeviceCreateLogGroup" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CWIHTBB4Y", - "PolicyName": "AWSPanoramaApplianceRolePolicy", - "UpdateDate": "2020-12-01T13:13:18+00:00", - "VersionId": "v1" - }, - "AWSPanoramaApplianceServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSPanoramaApplianceServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-10-20T12:14:03+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/panorama_device*:log-stream:*", - "arn:aws:logs:*:*:log-group:/aws/panorama/devices/*" - ], - "Sid": "PanoramaDeviceCreateLogStream" - }, - { - "Action": "logs:CreateLogGroup", - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/panorama_device*", - "arn:aws:logs:*:*:log-group:/aws/panorama/devices/*" - ], - "Sid": "PanoramaDeviceCreateLogGroup" - }, - { - "Action": "cloudwatch:PutMetricData", - "Condition": { - "StringEquals": { - "cloudwatch:namespace": "PanoramaDeviceMetrics" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "PanoramaDevicePutMetric" - }, - { - "Action": [ - "s3:GetObject", - "s3:ListBucket" - ], - "Condition": { - "StringLike": { - "s3:DataAccessPointArn": "arn:aws:s3:*:*:accesspoint/panorama*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "PanoramaDeviceS3Access" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4O5K6UVMRK", - "PolicyName": "AWSPanoramaApplianceServiceRolePolicy", - "UpdateDate": "2021-10-20T12:14:03+00:00", - "VersionId": "v1" - }, - "AWSPanoramaFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSPanoramaFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-12-01T13:12:47+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "panorama:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:PutObject", - "s3:PutObjectAcl", - "s3:DeleteObject", - "s3:GetObject", - "s3:ListBucket" - ], - "Condition": { - "StringLike": { - "s3:DataAccessPointArn": "arn:aws:s3:*:*:accesspoint/panorama*" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "secretsmanager:GetSecretValue", - "secretsmanager:DescribeSecret", - "secretsmanager:ListSecretVersionIds", - "secretsmanager:PutSecretValue", - "secretsmanager:UpdateSecret" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:secretsmanager:*:*:secret:panorama*", - "arn:aws:secretsmanager:*:*:secret:Panorama*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": "panorama.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:Describe*", - "logs:Get*", - "logs:List*", - "logs:StartQuery", - "logs:StopQuery", - "logs:TestMetricFilter", - "logs:FilterLogEvents" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/panorama_device*:log-stream:*", - "arn:aws:logs:*:*:log-group:/aws/panorama/devices/*" - ] - }, - { - "Action": [ - "logs:DescribeLogGroups" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:*" - ] - }, - { - "Action": [ - "cloudwatch:ListMetrics", - "cloudwatch:GetMetricData", - "cloudwatch:GetMetricStatistics" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:ListRoles", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "panorama.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4IAPULBSWQ", - "PolicyName": "AWSPanoramaFullAccess", - "UpdateDate": "2022-01-12T21:21:04+00:00", - "VersionId": "v4" - }, - "AWSPanoramaGreengrassGroupRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSPanoramaGreengrassGroupRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-12-01T13:10:22+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "s3:ListBucket", - "s3:GetBucket*", - "s3:GetObject", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*aws-panorama*" - ], - "Sid": "PanoramaS3Access" - }, - { - "Action": "cloudwatch:PutDashboard", - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudwatch::*:dashboard/panorama*" - ], - "Sid": "PanoramaCLoudWatchPutDashboard" - }, - { - "Action": "cloudwatch:PutMetricData", - "Effect": "Allow", - "Resource": "*", - "Sid": "PanoramaCloudWatchPutMetricData" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/greengrass/*", - "Sid": "PanoramaGreenGrassCloudWatchAccess" - }, - { - "Action": [ - "panorama:*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "PanoramaAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4IRCPXKCEG", - "PolicyName": "AWSPanoramaGreengrassGroupRolePolicy", - "UpdateDate": "2021-01-06T19:30:35+00:00", - "VersionId": "v2" - }, - "AWSPanoramaSageMakerRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSPanoramaSageMakerRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-12-01T13:13:54+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:GetBucket*" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*aws-panorama*" - ], - "Sid": "PanoramaSageMakerS3Access" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4O23KYQMI2", - "PolicyName": "AWSPanoramaSageMakerRolePolicy", - "UpdateDate": "2020-12-01T13:13:54+00:00", - "VersionId": "v1" - }, - "AWSPanoramaServiceLinkedRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSPanoramaServiceLinkedRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-10-20T12:12:50+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iot:CreateThing", - "iot:DeleteThing", - "iot:DeleteThingShadow", - "iot:DescribeThing", - "iot:GetThingShadow", - "iot:UpdateThing", - "iot:UpdateThingShadow" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iot:*:*:thing/panorama*" - ], - "Sid": "PanoramaIoTThingAccess" - }, - { - "Action": [ - "iot:AttachThingPrincipal", - "iot:DetachThingPrincipal", - "iot:UpdateCertificate", - "iot:DeleteCertificate", - "iot:AttachPrincipalPolicy", - "iot:DetachPrincipalPolicy" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iot:*:*:thing/panorama*", - "arn:aws:iot:*:*:cert/*" - ], - "Sid": "PanoramaIoTCertificateAccess" - }, - { - "Action": [ - "iot:CreateKeysAndCertificate" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "PanoramaIoTCreateCertificateAccess" - }, - { - "Action": [ - "iot:CreatePolicy", - "iot:CreatePolicyVersion", - "iot:AttachPolicy" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iot:*:*:policy/panorama*" - ], - "Sid": "PanoramaIoTCreatePolicyAndVersionAccess" - }, - { - "Action": [ - "iot:DescribeJobExecution", - "iot:CreateJob", - "iot:DeleteJob" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iot:*:*:job/panorama*", - "arn:aws:iot:*:*:thing/panorama*" - ], - "Sid": "PanoramaIoTJobAccess" - }, - { - "Action": [ - "iot:DescribeEndpoint" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "PanoramaIoTEndpointAccess" - }, - { - "Action": [ - "panorama:Describe*", - "panorama:List*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "PanoramaReadOnlyAccess" - }, - { - "Action": [ - "secretsmanager:GetSecretValue", - "secretsmanager:DescribeSecret", - "secretsmanager:CreateSecret", - "secretsmanager:ListSecretVersionIds", - "secretsmanager:DeleteSecret" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:secretsmanager:*:*:secret:panorama*", - "arn:aws:secretsmanager:*:*:secret:Panorama*" - ], - "Sid": "SecretsManagerPermissions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4BQE5OFSDO", - "PolicyName": "AWSPanoramaServiceLinkedRolePolicy", - "UpdateDate": "2021-10-20T12:12:50+00:00", - "VersionId": "v1" - }, - "AWSPanoramaServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSPanoramaServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-12-01T13:14:43+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iot:CreateThing", - "iot:DeleteThing", - "iot:DeleteThingShadow", - "iot:DescribeThing", - "iot:GetThingShadow", - "iot:UpdateThing", - "iot:UpdateThingShadow" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iot:*:*:thing/panorama*" - ], - "Sid": "PanoramaIoTThingAccess" - }, - { - "Action": [ - "iot:AttachThingPrincipal", - "iot:DetachThingPrincipal", - "iot:UpdateCertificate", - "iot:DeleteCertificate", - "iot:AttachPrincipalPolicy", - "iot:DetachPrincipalPolicy" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iot:*:*:thing/panorama*", - "arn:aws:iot:*:*:cert/*" - ], - "Sid": "PanoramaIoTCertificateAccess" - }, - { - "Action": [ - "iot:CreateKeysAndCertificate", - "iot:CreatePolicy" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "PanoramaIoTCreateCertificateAndPolicyAccess" - }, - { - "Action": [ - "iot:CreatePolicyVersion" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iot:*:*:policy/panorama*" - ], - "Sid": "PanoramaIoTCreatePolicyVersionAccess" - }, - { - "Action": [ - "iot:DescribeJobExecution", - "iot:CreateJob", - "iot:DeleteJob" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iot:*:*:job/panorama*", - "arn:aws:iot:*:*:thing/panorama*" - ], - "Sid": "PanoramaIoTJobAccess" - }, - { - "Action": [ - "iot:DescribeEndpoint" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "PanoramaIoTEndpointAccess" - }, - { - "Action": [ - "panorama:Describe*", - "panorama:List*", - "panorama:Get*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "PanoramaAccess" - }, - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:DeleteBucket", - "s3:ListBucket", - "s3:GetBucket*", - "s3:CreateBucket" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*aws-panorama*" - ], - "Sid": "PanoramaS3Access" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "sagemaker.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/AWSPanoramaSageMakerRole", - "arn:aws:iam::*:role/service-role/AWSPanoramaSageMakerRole" - ], - "Sid": "PanoramaIAMPassSageMakerRoleAccess" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "greengrass.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/AWSPanoramaGreengrassGroupRole", - "arn:aws:iam::*:role/service-role/AWSPanoramaGreengrassGroupRole", - "arn:aws:iam::*:role/AWSPanoramaGreengrassRole", - "arn:aws:iam::*:role/service-role/AWSPanoramaGreengrassRole" - ], - "Sid": "PanoramaIAMPassGreengrassRoleAccess" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEqualsIfExists": { - "iam:PassedToService": "iot.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/AWSPanoramaApplianceRole", - "arn:aws:iam::*:role/service-role/AWSPanoramaApplianceRole" - ], - "Sid": "PanoramaIAMPassIoTRoleAccess" - }, - { - "Action": [ - "greengrass:AssociateRoleToGroup", - "greengrass:AssociateServiceRoleToAccount", - "greengrass:CreateResourceDefinition", - "greengrass:CreateResourceDefinitionVersion", - "greengrass:CreateCoreDefinition", - "greengrass:CreateCoreDefinitionVersion", - "greengrass:CreateDeployment", - "greengrass:CreateFunctionDefinition", - "greengrass:CreateFunctionDefinitionVersion", - "greengrass:CreateGroup", - "greengrass:CreateGroupCertificateAuthority", - "greengrass:CreateGroupVersion", - "greengrass:CreateLoggerDefinition", - "greengrass:CreateLoggerDefinitionVersion", - "greengrass:CreateSubscriptionDefinition", - "greengrass:CreateSubscriptionDefinitionVersion", - "greengrass:DeleteCoreDefinition", - "greengrass:DeleteFunctionDefinition", - "greengrass:DeleteResourceDefinition", - "greengrass:DeleteGroup", - "greengrass:DeleteLoggerDefinition", - "greengrass:DeleteSubscriptionDefinition", - "greengrass:DisassociateRoleFromGroup", - "greengrass:DisassociateServiceRoleFromAccount", - "greengrass:GetAssociatedRole", - "greengrass:GetConnectivityInfo", - "greengrass:GetCoreDefinition", - "greengrass:GetCoreDefinitionVersion", - "greengrass:GetDeploymentStatus", - "greengrass:GetDeviceDefinition", - "greengrass:GetDeviceDefinitionVersion", - "greengrass:GetFunctionDefinition", - "greengrass:GetFunctionDefinitionVersion", - "greengrass:GetGroup", - "greengrass:GetGroupCertificateAuthority", - "greengrass:GetGroupCertificateConfiguration", - "greengrass:GetGroupVersion", - "greengrass:GetLoggerDefinition", - "greengrass:GetLoggerDefinitionVersion", - "greengrass:GetResourceDefinition", - "greengrass:GetServiceRoleForAccount", - "greengrass:GetSubscriptionDefinition", - "greengrass:GetSubscriptionDefinitionVersion", - "greengrass:ListCoreDefinitionVersions", - "greengrass:ListCoreDefinitions", - "greengrass:ListDeployments", - "greengrass:ListDeviceDefinitionVersions", - "greengrass:ListDeviceDefinitions", - "greengrass:ListFunctionDefinitionVersions", - "greengrass:ListFunctionDefinitions", - "greengrass:ListGroupCertificateAuthorities", - "greengrass:ListGroupVersions", - "greengrass:ListGroups", - "greengrass:ListLoggerDefinitionVersions", - "greengrass:ListLoggerDefinitions", - "greengrass:ListSubscriptionDefinitionVersions", - "greengrass:ListSubscriptionDefinitions", - "greengrass:ResetDeployments", - "greengrass:UpdateConnectivityInfo", - "greengrass:UpdateCoreDefinition", - "greengrass:UpdateDeviceDefinition", - "greengrass:UpdateFunctionDefinition", - "greengrass:UpdateGroup", - "greengrass:UpdateGroupCertificateConfiguration", - "greengrass:UpdateLoggerDefinition", - "greengrass:UpdateSubscriptionDefinition", - "greengrass:UpdateResourceDefinition" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "PanoramaGreenGrassAccess" - }, - { - "Action": [ - "lambda:GetFunction", - "lambda:GetFunctionConfiguration", - "lambda:ListFunctions", - "lambda:ListVersionsByFunction" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:lambda:*:*:function:*" - ], - "Sid": "PanoramaLambdaUsersFunctionAccess" - }, - { - "Action": [ - "sagemaker:CreateTrainingJob", - "sagemaker:StopTrainingJob", - "sagemaker:CreateCompilationJob", - "sagemaker:DescribeCompilationJob", - "sagemaker:StopCompilationJob" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sagemaker:*:*:training-job/panorama*", - "arn:aws:sagemaker:*:*:compilation-job/panorama*" - ], - "Sid": "PanoramaSageMakerWriteAccess" - }, - { - "Action": [ - "sagemaker:ListCompilationJobs" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "PanoramaSageMakerListAccess" - }, - { - "Action": [ - "sagemaker:DescribeTrainingJob" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sagemaker:*:*:training-job/*" - ], - "Sid": "PanoramaSageMakerReadAccess" - }, - { - "Action": [ - "iot:AttachPolicy", - "iot:CreateRoleAlias" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iot:*:*:policy/panorama*", - "arn:aws:iot:*:*:rolealias/panorama*" - ], - "Sid": "PanoramaCWLogsAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4G7G35B6C5", - "PolicyName": "AWSPanoramaServiceRolePolicy", - "UpdateDate": "2020-12-01T13:14:43+00:00", - "VersionId": "v1" - }, - "AWSPriceListServiceFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSPriceListServiceFullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-11-22T00:36:27+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "pricing:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIADJ4GBYNHKABML3Q", - "PolicyName": "AWSPriceListServiceFullAccess", - "UpdateDate": "2017-11-22T00:36:27+00:00", - "VersionId": "v1" - }, - "AWSPrivateMarketplaceAdminFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSPrivateMarketplaceAdminFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-27T16:32:32+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "aws-marketplace:AssociateProductsWithPrivateMarketplace", - "aws-marketplace:DisassociateProductsFromPrivateMarketplace", - "aws-marketplace:ListPrivateMarketplaceRequests", - "aws-marketplace:DescribePrivateMarketplaceRequests" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "aws-marketplace:ListEntities", - "aws-marketplace:DescribeEntity", - "aws-marketplace:StartChangeSet", - "aws-marketplace:ListChangeSets", - "aws-marketplace:DescribeChangeSet", - "aws-marketplace:CancelChangeSet" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ6VRZDDCYDOVCOCEI", - "PolicyName": "AWSPrivateMarketplaceAdminFullAccess", - "UpdateDate": "2021-08-27T15:34:07+00:00", - "VersionId": "v4" - }, - "AWSPrivateMarketplaceRequests": { - "Arn": "arn:aws:iam::aws:policy/AWSPrivateMarketplaceRequests", - "AttachmentCount": 0, - "CreateDate": "2019-10-28T21:44:03+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "aws-marketplace:CreatePrivateMarketplaceRequests", - "aws-marketplace:ListPrivateMarketplaceRequests", - "aws-marketplace:DescribePrivateMarketplaceRequests" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4AV6W3DAIW", - "PolicyName": "AWSPrivateMarketplaceRequests", - "UpdateDate": "2019-10-28T21:44:03+00:00", - "VersionId": "v1" - }, - "AWSPrivateNetworksServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSPrivateNetworksServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-12-16T23:17:46+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:PutMetricData" - ], - "Condition": { - "StringEquals": { - "cloudwatch:namespace": "AWS/Private5G" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4IGXMJRAAS", - "PolicyName": "AWSPrivateNetworksServiceRolePolicy", - "UpdateDate": "2021-12-16T23:17:46+00:00", - "VersionId": "v1" - }, - "AWSProtonDeveloperAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSProtonDeveloperAccess", - "AttachmentCount": 0, - "CreateDate": "2021-02-17T19:02:08+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "proton:ListServiceTemplates", - "proton:ListServiceTemplateMajorVersions", - "proton:ListServiceTemplateMinorVersions", - "proton:ListServices", - "proton:ListServiceInstances", - "proton:ListEnvironments", - "proton:GetServiceTemplate", - "proton:GetServiceTemplateMajorVersion", - "proton:GetServiceTemplateMinorVersion", - "proton:GetService", - "proton:GetServiceInstance", - "proton:GetEnvironment", - "proton:CreateService", - "proton:UpdateService", - "proton:UpdateServiceInstance", - "proton:UpdateServicePipeline", - "proton:DeleteService", - "codestar-connections:ListConnections" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "codestar-connections:PassConnection" - ], - "Condition": { - "StringEquals": { - "codestar-connections:PassedToService": "proton.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:codestar-connections:*:*:connection/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FWOFPRNSU", - "PolicyName": "AWSProtonDeveloperAccess", - "UpdateDate": "2021-02-17T19:02:08+00:00", - "VersionId": "v1" - }, - "AWSProtonFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSProtonFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-02-17T19:07:18+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "proton:*", - "codestar-connections:ListConnections", - "kms:ListAliases", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:CreateGrant" - ], - "Condition": { - "StringLike": { - "kms:ViaService": "proton.*.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": "proton.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "codestar-connections:PassConnection" - ], - "Condition": { - "StringEquals": { - "codestar-connections:PassedToService": "proton.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:codestar-connections:*:*:connection/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4IOK6P734E", - "PolicyName": "AWSProtonFullAccess", - "UpdateDate": "2021-02-17T19:07:18+00:00", - "VersionId": "v1" - }, - "AWSProtonReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSProtonReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2021-02-17T19:09:12+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": { - "Action": [ - "proton:List*", - "proton:Get*" - ], - "Effect": "Allow", - "Resource": "*" - }, - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4DW2EHEZB3", - "PolicyName": "AWSProtonReadOnlyAccess", - "UpdateDate": "2021-02-17T19:09:12+00:00", - "VersionId": "v1" - }, - "AWSProtonSyncServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSProtonSyncServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-11-23T21:14:36+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "proton:UpdateServiceTemplateVersion", - "proton:UpdateServiceTemplate", - "proton:UpdateEnvironmentTemplateVersion", - "proton:UpdateEnvironmentTemplate", - "proton:GetServiceTemplateVersion", - "proton:GetServiceTemplate", - "proton:GetEnvironmentTemplateVersion", - "proton:GetEnvironmentTemplate", - "proton:DeleteServiceTemplateVersion", - "proton:DeleteEnvironmentTemplateVersion", - "proton:CreateServiceTemplateVersion", - "proton:CreateServiceTemplate", - "proton:CreateEnvironmentTemplateVersion", - "proton:CreateEnvironmentTemplate", - "proton:ListEnvironmentTemplateVersions", - "proton:ListServiceTemplateVersions", - "proton:CreateEnvironmentTemplateMajorVersion", - "proton:CreateServiceTemplateMajorVersion" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "SyncToProton" - }, - { - "Action": [ - "codestar-connections:UseConnection" - ], - "Effect": "Allow", - "Resource": "arn:aws:codestar-connections:*:*:connection/*", - "Sid": "AccessGitRepos" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4H6XP2ZY2O", - "PolicyName": "AWSProtonSyncServiceRolePolicy", - "UpdateDate": "2021-11-23T21:14:36+00:00", - "VersionId": "v1" - }, - "AWSPurchaseOrdersServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSPurchaseOrdersServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-05-06T18:15:47+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "aws-portal:*Billing", - "purchase-orders:*PurchaseOrders" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KQXTYO5FP", - "PolicyName": "AWSPurchaseOrdersServiceRolePolicy", - "UpdateDate": "2021-11-22T20:06:47+00:00", - "VersionId": "v2" - }, - "AWSQuickSightDescribeRDS": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightDescribeRDS", - "AttachmentCount": 0, - "CreateDate": "2015-11-10T23:24:50+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "rds:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJU5J6OAMCJD3OO76O", - "PolicyName": "AWSQuickSightDescribeRDS", - "UpdateDate": "2015-11-10T23:24:50+00:00", - "VersionId": "v1" - }, - "AWSQuickSightDescribeRedshift": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightDescribeRedshift", - "AttachmentCount": 0, - "CreateDate": "2015-11-10T23:25:01+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "redshift:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJFEM6MLSLTW4ZNBW2", - "PolicyName": "AWSQuickSightDescribeRedshift", - "UpdateDate": "2015-11-10T23:25:01+00:00", - "VersionId": "v1" - }, - "AWSQuickSightElasticsearchPolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightElasticsearchPolicy", - "AttachmentCount": 0, - "CreateDate": "2020-09-09T17:27:19+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "es:ESHttpGet" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:es:*:*:domain/*/", - "arn:aws:es:*:*:domain/*/_cluster/settings", - "arn:aws:es:*:*:domain/*/_cat/indices" - ] - }, - { - "Action": "es:ListDomainNames", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "es:DescribeElasticsearchDomain", - "es:DescribeDomain" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:es:*:*:domain/*" - ] - }, - { - "Action": [ - "es:ESHttpPost", - "es:ESHttpGet" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:es:*:*:domain/*/_opendistro/_sql", - "arn:aws:es:*:*:domain/*/_plugin/_sql" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4BLUM3JVIN", - "PolicyName": "AWSQuickSightElasticsearchPolicy", - "UpdateDate": "2021-09-07T23:25:55+00:00", - "VersionId": "v3" - }, - "AWSQuickSightIoTAnalyticsAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSQuickSightIoTAnalyticsAccess", - "AttachmentCount": 0, - "CreateDate": "2017-11-29T17:00:54+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iotanalytics:ListDatasets", - "iotanalytics:DescribeDataset", - "iotanalytics:GetDatasetContent" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJIZNDRUTKCN5HLZOE", - "PolicyName": "AWSQuickSightIoTAnalyticsAccess", - "UpdateDate": "2017-11-29T17:00:54+00:00", - "VersionId": "v1" - }, - "AWSQuickSightListIAM": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightListIAM", - "AttachmentCount": 0, - "CreateDate": "2015-11-10T23:25:07+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iam:List*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI3CH5UUWZN4EKGILO", - "PolicyName": "AWSQuickSightListIAM", - "UpdateDate": "2015-11-10T23:25:07+00:00", - "VersionId": "v1" - }, - "AWSQuickSightSageMakerPolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightSageMakerPolicy", - "AttachmentCount": 0, - "CreateDate": "2020-01-17T17:18:13+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "sagemaker:DescribeTransformJob", - "sagemaker:StopTransformJob", - "sagemaker:CreateTransformJob" - ], - "Effect": "Allow", - "Resource": "arn:aws:sagemaker:*:*:transform-job/quicksight-auto-generated-*" - }, - { - "Action": "sagemaker:ListModels", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": "arn:aws:s3:::quicksight-ml.*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MCLBVDT2I", - "PolicyName": "AWSQuickSightSageMakerPolicy", - "UpdateDate": "2020-01-17T17:18:13+00:00", - "VersionId": "v1" - }, - "AWSQuickSightTimestreamPolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightTimestreamPolicy", - "AttachmentCount": 0, - "CreateDate": "2020-09-30T21:47:03+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "timestream:Select", - "timestream:CancelQuery", - "timestream:ListTables", - "timestream:ListDatabases", - "timestream:ListMeasures", - "timestream:DescribeTable", - "timestream:DescribeDatabase", - "timestream:SelectValues", - "timestream:DescribeEndpoints" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CFKVDHQJH", - "PolicyName": "AWSQuickSightTimestreamPolicy", - "UpdateDate": "2020-09-30T21:47:03+00:00", - "VersionId": "v1" - }, - "AWSQuicksightAthenaAccess": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSQuicksightAthenaAccess", - "AttachmentCount": 0, - "CreateDate": "2016-12-09T02:31:03+00:00", - "DefaultVersionId": "v10", - "Document": { - "Statement": [ - { - "Action": [ - "athena:BatchGetQueryExecution", - "athena:CancelQueryExecution", - "athena:GetCatalogs", - "athena:GetExecutionEngine", - "athena:GetExecutionEngines", - "athena:GetNamespace", - "athena:GetNamespaces", - "athena:GetQueryExecution", - "athena:GetQueryExecutions", - "athena:GetQueryResults", - "athena:GetQueryResultsStream", - "athena:GetTable", - "athena:GetTables", - "athena:ListQueryExecutions", - "athena:RunQuery", - "athena:StartQueryExecution", - "athena:StopQueryExecution", - "athena:ListWorkGroups", - "athena:ListEngineVersions", - "athena:GetWorkGroup", - "athena:GetDataCatalog", - "athena:GetDatabase", - "athena:GetTableMetadata", - "athena:ListDataCatalogs", - "athena:ListDatabases", - "athena:ListTableMetadata" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "glue:CreateDatabase", - "glue:DeleteDatabase", - "glue:GetDatabase", - "glue:GetDatabases", - "glue:UpdateDatabase", - "glue:CreateTable", - "glue:DeleteTable", - "glue:BatchDeleteTable", - "glue:UpdateTable", - "glue:GetTable", - "glue:GetTables", - "glue:BatchCreatePartition", - "glue:CreatePartition", - "glue:DeletePartition", - "glue:BatchDeletePartition", - "glue:UpdatePartition", - "glue:GetPartition", - "glue:GetPartitions", - "glue:BatchGetPartition" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:ListMultipartUploadParts", - "s3:AbortMultipartUpload", - "s3:CreateBucket", - "s3:PutObject", - "s3:PutBucketPublicAccessBlock" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-athena-query-results-*" - ] - }, - { - "Action": [ - "lakeformation:GetDataAccess" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI4JB77JXFQXDWNRPM", - "PolicyName": "AWSQuicksightAthenaAccess", - "UpdateDate": "2021-07-07T20:09:06+00:00", - "VersionId": "v10" - }, - "AWSQuicksightOpenSearchPolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSQuicksightOpenSearchPolicy", - "AttachmentCount": 0, - "CreateDate": "2021-09-07T23:26:19+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "es:ESHttpGet" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:es:*:*:domain/*/", - "arn:aws:es:*:*:domain/*/_cluster/settings", - "arn:aws:es:*:*:domain/*/_cat/indices" - ] - }, - { - "Action": "es:ListDomainNames", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "es:DescribeDomain" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:es:*:*:domain/*" - ] - }, - { - "Action": [ - "es:ESHttpPost", - "es:ESHttpGet" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:es:*:*:domain/*/_opendistro/_sql", - "arn:aws:es:*:*:domain/*/_plugin/_sql" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JW5IRBCM3", - "PolicyName": "AWSQuicksightOpenSearchPolicy", - "UpdateDate": "2021-09-07T23:26:19+00:00", - "VersionId": "v1" - }, - "AWSResourceAccessManagerFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSResourceAccessManagerFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-06-04T17:28:22+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ram:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FYRGF63DP", - "PolicyName": "AWSResourceAccessManagerFullAccess", - "UpdateDate": "2019-06-04T17:28:22+00:00", - "VersionId": "v1" - }, - "AWSResourceAccessManagerReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSResourceAccessManagerReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-12-09T20:58:37+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ram:Get*", - "ram:List*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4BQV2LHYJY", - "PolicyName": "AWSResourceAccessManagerReadOnlyAccess", - "UpdateDate": "2019-12-09T20:58:37+00:00", - "VersionId": "v1" - }, - "AWSResourceAccessManagerResourceShareParticipantAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSResourceAccessManagerResourceShareParticipantAccess", - "AttachmentCount": 0, - "CreateDate": "2019-12-09T20:41:37+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ram:AcceptResourceShareInvitation", - "ram:GetResourcePolicies", - "ram:GetResourceShareInvitations", - "ram:GetResourceShares", - "ram:ListPendingInvitationResources", - "ram:ListPrincipals", - "ram:ListResources", - "ram:RejectResourceShareInvitation" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LIFEGGUIU", - "PolicyName": "AWSResourceAccessManagerResourceShareParticipantAccess", - "UpdateDate": "2019-12-09T20:41:37+00:00", - "VersionId": "v1" - }, - "AWSResourceAccessManagerServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceAccessManagerServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-11-14T19:28:28+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:DescribeOrganizationalUnit", - "organizations:ListAccounts", - "organizations:ListAccountsForParent", - "organizations:ListChildren", - "organizations:ListOrganizationalUnitsForParent", - "organizations:ListParents", - "organizations:ListRoots" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:DeleteRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/ram.amazonaws.com/*" - ], - "Sid": "AllowDeletionOfServiceLinkedRoleForResourceAccessManager" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJU667A3V5UAXC4YNE", - "PolicyName": "AWSResourceAccessManagerServiceRolePolicy", - "UpdateDate": "2018-11-14T19:28:28+00:00", - "VersionId": "v1" - }, - "AWSResourceGroupsReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSResourceGroupsReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2018-03-07T10:27:04+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "resource-groups:Get*", - "resource-groups:List*", - "resource-groups:Search*", - "tag:Get*", - "cloudformation:DescribeStacks", - "cloudformation:ListStackResources", - "ec2:DescribeInstances", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSnapshots", - "ec2:DescribeVolumes", - "ec2:DescribeVpcs", - "elasticache:DescribeCacheClusters", - "elasticache:DescribeSnapshots", - "elasticache:ListTagsForResource", - "elasticbeanstalk:DescribeEnvironments", - "elasticmapreduce:DescribeCluster", - "elasticmapreduce:ListClusters", - "glacier:ListVaults", - "glacier:DescribeVault", - "glacier:ListTagsForVault", - "kinesis:ListStreams", - "kinesis:DescribeStream", - "kinesis:ListTagsForStream", - "opsworks:DescribeStacks", - "opsworks:ListTags", - "rds:DescribeDBInstances", - "rds:DescribeDBSnapshots", - "rds:ListTagsForResource", - "redshift:DescribeClusters", - "redshift:DescribeTags", - "route53domains:ListDomains", - "route53:ListHealthChecks", - "route53:GetHealthCheck", - "route53:ListHostedZones", - "route53:GetHostedZone", - "route53:ListTagsForResource", - "storagegateway:ListGateways", - "storagegateway:DescribeGatewayInformation", - "storagegateway:ListTagsForResource", - "s3:ListAllMyBuckets", - "s3:GetBucketTagging", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTags", - "ssm:ListDocuments" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIXFKM2WGBJAEWMFEG", - "PolicyName": "AWSResourceGroupsReadOnlyAccess", - "UpdateDate": "2019-02-05T17:56:25+00:00", - "VersionId": "v2" - }, - "AWSRoboMakerReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSRoboMakerReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-26T05:30:50+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "robomaker:List*", - "robomaker:BatchDescribe*", - "robomaker:Describe*", - "robomaker:Get*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "VisualEditor0" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIXFHP2ALXXGGECYJI", - "PolicyName": "AWSRoboMakerReadOnlyAccess", - "UpdateDate": "2020-08-28T23:10:18+00:00", - "VersionId": "v2" - }, - "AWSRoboMakerServicePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSRoboMakerServicePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-11-26T06:30:08+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateNetworkInterfacePermission", - "ec2:DescribeNetworkInterfaces", - "ec2:DeleteNetworkInterface", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeSecurityGroups", - "greengrass:CreateDeployment", - "greengrass:CreateGroupVersion", - "greengrass:CreateFunctionDefinition", - "greengrass:CreateFunctionDefinitionVersion", - "greengrass:GetDeploymentStatus", - "greengrass:GetGroup", - "greengrass:GetGroupVersion", - "greengrass:GetCoreDefinitionVersion", - "greengrass:GetFunctionDefinitionVersion", - "greengrass:GetAssociatedRole", - "lambda:CreateFunction", - "robomaker:CreateSimulationJob", - "robomaker:CancelSimulationJob" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "robomaker:TagResource" - ], - "Effect": "Allow", - "Resource": "arn:aws:robomaker:*:*:simulation-job/*" - }, - { - "Action": [ - "lambda:UpdateFunctionCode", - "lambda:GetFunction", - "lambda:UpdateFunctionConfiguration", - "lambda:DeleteFunction", - "lambda:ListVersionsByFunction", - "lambda:GetAlias", - "lambda:UpdateAlias", - "lambda:CreateAlias", - "lambda:DeleteAlias" - ], - "Effect": "Allow", - "Resource": "arn:aws:lambda:*:*:function:aws-robomaker-*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "lambda.amazonaws.com", - "robomaker.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJYLVVUUQMAEEZ3ZNY", - "PolicyName": "AWSRoboMakerServicePolicy", - "UpdateDate": "2021-11-11T22:23:45+00:00", - "VersionId": "v6" - }, - "AWSRoboMakerServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSRoboMakerServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-11-26T05:33:19+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateNetworkInterfacePermission", - "ec2:DescribeNetworkInterfaces", - "ec2:DeleteNetworkInterface", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeSecurityGroups", - "greengrass:CreateDeployment", - "greengrass:CreateGroupVersion", - "greengrass:CreateFunctionDefinition", - "greengrass:CreateFunctionDefinitionVersion", - "greengrass:GetDeploymentStatus", - "greengrass:GetGroup", - "greengrass:GetGroupVersion", - "greengrass:GetCoreDefinitionVersion", - "greengrass:GetFunctionDefinitionVersion", - "greengrass:GetAssociatedRole", - "lambda:CreateFunction" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "lambda:UpdateFunctionCode", - "lambda:GetFunction", - "lambda:UpdateFunctionConfiguration" - ], - "Effect": "Allow", - "Resource": "arn:aws:lambda:*:*:function:aws-robomaker-*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEqualsIfExists": { - "iam:PassedToService": "lambda.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIOSFFLBBLCTKS3ATC", - "PolicyName": "AWSRoboMakerServiceRolePolicy", - "UpdateDate": "2018-11-26T05:33:19+00:00", - "VersionId": "v1" - }, - "AWSRoboMaker_FullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSRoboMaker_FullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-09-10T18:34:18+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": "robomaker:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "s3:GetObject", - "Condition": { - "StringEquals": { - "aws:CalledViaFirst": "robomaker.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ecr:BatchGetImage", - "Condition": { - "StringEquals": { - "aws:CalledViaFirst": "robomaker.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ecr-public:DescribeImages", - "Condition": { - "StringEquals": { - "aws:CalledViaFirst": "robomaker.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "robomaker.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FACURHLCA", - "PolicyName": "AWSRoboMaker_FullAccess", - "UpdateDate": "2021-09-16T21:06:10+00:00", - "VersionId": "v2" - }, - "AWSSSMOpsInsightsServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSSMOpsInsightsServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-06-16T20:12:52+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ssm:CreateOpsItem", - "ssm:AddTagsToResource" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowCreateOpsItem" - }, - { - "Action": [ - "ssm:UpdateOpsItem", - "ssm:GetOpsItem" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/SsmOperationalInsight": "true" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowAccessOpsItem" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4ITJH2GWAW", - "PolicyName": "AWSSSMOpsInsightsServiceRolePolicy", - "UpdateDate": "2021-06-16T20:12:52+00:00", - "VersionId": "v1" - }, - "AWSSSODirectoryAdministrator": { - "Arn": "arn:aws:iam::aws:policy/AWSSSODirectoryAdministrator", - "AttachmentCount": 0, - "CreateDate": "2018-10-31T23:54:00+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "sso-directory:*", - "sso:ListDirectoryAssociations" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AWSSSODirectoryAdministrator" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI2TCZRD7WRD5D2E2Q", - "PolicyName": "AWSSSODirectoryAdministrator", - "UpdateDate": "2020-08-18T17:17:40+00:00", - "VersionId": "v2" - }, - "AWSSSODirectoryReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AWSSSODirectoryReadOnly", - "AttachmentCount": 0, - "CreateDate": "2018-10-31T23:49:32+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "sso-directory:Search*", - "sso-directory:Describe*", - "sso-directory:List*", - "sso-directory:Get*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AWSSSODirectoryReadOnly" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJDPMQELJXZD2NC6JG", - "PolicyName": "AWSSSODirectoryReadOnly", - "UpdateDate": "2019-11-26T22:37:16+00:00", - "VersionId": "v2" - }, - "AWSSSOMasterAccountAdministrator": { - "Arn": "arn:aws:iam::aws:policy/AWSSSOMasterAccountAdministrator", - "AttachmentCount": 0, - "CreateDate": "2018-06-27T20:36:51+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "sso.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO", - "Sid": "AWSSSOCreateSLR" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringLike": { - "iam:PassedToService": "sso.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO", - "Sid": "AWSSSOMasterAccountAdministrator" - }, - { - "Action": [ - "ds:DescribeTrusts", - "ds:UnauthorizeApplication", - "ds:DescribeDirectories", - "ds:AuthorizeApplication", - "iam:ListPolicies", - "organizations:EnableAWSServiceAccess", - "organizations:ListRoots", - "organizations:ListAccounts", - "organizations:ListOrganizationalUnitsForParent", - "organizations:ListAccountsForParent", - "organizations:DescribeOrganization", - "organizations:ListChildren", - "organizations:DescribeAccount", - "organizations:ListParents", - "sso:*", - "sso-directory:*", - "ds:CreateAlias" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AWSSSOMemberAccountAdministrator" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIHXAQZIS3GOYIETUC", - "PolicyName": "AWSSSOMasterAccountAdministrator", - "UpdateDate": "2021-08-04T21:10:42+00:00", - "VersionId": "v4" - }, - "AWSSSOMemberAccountAdministrator": { - "Arn": "arn:aws:iam::aws:policy/AWSSSOMemberAccountAdministrator", - "AttachmentCount": 0, - "CreateDate": "2018-06-27T20:45:42+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "ds:DescribeDirectories", - "ds:AuthorizeApplication", - "ds:UnauthorizeApplication", - "ds:DescribeTrusts", - "iam:ListPolicies", - "organizations:EnableAWSServiceAccess", - "organizations:DescribeOrganization", - "organizations:DescribeAccount", - "organizations:ListRoots", - "organizations:ListAccounts", - "organizations:ListAccountsForParent", - "organizations:ListParents", - "organizations:ListChildren", - "organizations:ListOrganizationalUnitsForParent", - "sso:*", - "sso-directory:*", - "ds:CreateAlias" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AWSSSOMemberAccountAdministrator" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIQYHEY7KJWXZFNDPY", - "PolicyName": "AWSSSOMemberAccountAdministrator", - "UpdateDate": "2021-08-04T20:13:14+00:00", - "VersionId": "v3" - }, - "AWSSSOReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AWSSSOReadOnly", - "AttachmentCount": 0, - "CreateDate": "2018-06-27T20:24:34+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "ds:DescribeDirectories", - "ds:DescribeTrusts", - "iam:ListPolicies", - "organizations:DescribeOrganization", - "organizations:DescribeAccount", - "organizations:ListParents", - "organizations:ListChildren", - "organizations:ListAccounts", - "organizations:ListRoots", - "organizations:ListAccountsForParent", - "organizations:ListOrganizationalUnitsForParent", - "sso:Describe*", - "sso:Get*", - "sso:List*", - "sso:Search*", - "sso-directory:DescribeDirectory" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AWSSSOReadOnly" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJBSMEEZXFDMKMY43I", - "PolicyName": "AWSSSOReadOnly", - "UpdateDate": "2020-09-10T21:26:29+00:00", - "VersionId": "v6" - }, - "AWSSSOServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSSOServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2017-12-05T18:36:15+00:00", - "DefaultVersionId": "v13", - "Document": { - "Statement": [ - { - "Action": [ - "iam:AttachRolePolicy", - "iam:CreateRole", - "iam:PutRolePolicy", - "iam:UpdateRole", - "iam:UpdateRoleDescription", - "iam:UpdateAssumeRolePolicy" - ], - "Condition": { - "StringNotEquals": { - "aws:PrincipalOrgMasterAccountId": "${aws:PrincipalAccount}" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-reserved/sso.amazonaws.com/*" - ], - "Sid": "IAMRoleProvisioningActions" - }, - { - "Action": [ - "iam:GetRole", - "iam:ListRoles" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "IAMRoleReadActions" - }, - { - "Action": [ - "iam:DeleteRole", - "iam:DeleteRolePolicy", - "iam:DetachRolePolicy", - "iam:ListRolePolicies", - "iam:ListAttachedRolePolicies" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-reserved/sso.amazonaws.com/*" - ], - "Sid": "IAMRoleCleanupActions" - }, - { - "Action": [ - "iam:DeleteServiceLinkedRole", - "iam:GetServiceLinkedRoleDeletionStatus", - "iam:DeleteRole", - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO" - ], - "Sid": "IAMSLRCleanupActions" - }, - { - "Action": [ - "iam:CreateSAMLProvider", - "iam:UpdateSAMLProvider" - ], - "Condition": { - "StringNotEquals": { - "aws:PrincipalOrgMasterAccountId": "${aws:PrincipalAccount}" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:saml-provider/AWSSSO_*" - ], - "Sid": "IAMSAMLProviderProvisioningActions" - }, - { - "Action": [ - "iam:DeleteSAMLProvider", - "iam:GetSAMLProvider" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:saml-provider/AWSSSO_*" - ], - "Sid": "IAMSAMLProviderCleanupActions" - }, - { - "Action": [ - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:ListAccounts" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ds:UnauthorizeApplication" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "AllowUnauthAppForDirectory" - }, - { - "Action": [ - "ds:DescribeDirectories", - "ds:DescribeTrusts" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "AllowDescribeForDirectory" - }, - { - "Action": [ - "identitystore:DescribeUser", - "identitystore:DescribeGroup", - "identitystore:ListGroups", - "identitystore:ListUsers" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "AllowDescribeAndListOperationsOnIdentitySource" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIJ52KSWOD4GI54XP2", - "PolicyName": "AWSSSOServiceRolePolicy", - "UpdateDate": "2020-11-19T00:02:00+00:00", - "VersionId": "v13" - }, - "AWSSavingsPlansFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSSavingsPlansFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-11-06T22:45:18+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "savingsplans:*", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NDDOS76AO", - "PolicyName": "AWSSavingsPlansFullAccess", - "UpdateDate": "2019-11-06T22:45:18+00:00", - "VersionId": "v1" - }, - "AWSSavingsPlansReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSSavingsPlansReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-11-06T22:45:10+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "savingsplans:Describe*", - "savingsplans:List*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4OQ26WIHJ5", - "PolicyName": "AWSSavingsPlansReadOnlyAccess", - "UpdateDate": "2019-11-06T22:45:10+00:00", - "VersionId": "v1" - }, - "AWSSecurityHubFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSSecurityHubFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-27T23:54:34+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "securityhub:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "securityhub.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ4262VZCA4HPBZSO6", - "PolicyName": "AWSSecurityHubFullAccess", - "UpdateDate": "2018-11-27T23:54:34+00:00", - "VersionId": "v1" - }, - "AWSSecurityHubOrganizationsAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSSecurityHubOrganizationsAccess", - "AttachmentCount": 0, - "CreateDate": "2021-03-15T20:53:03+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "organizations:ListAccounts", - "organizations:DescribeOrganization" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "organizations:EnableAWSServiceAccess", - "Condition": { - "StringEquals": { - "organizations:ServicePrincipal": "securityhub.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "organizations:RegisterDelegatedAdministrator", - "organizations:DeregisterDelegatedAdministrator" - ], - "Condition": { - "StringEquals": { - "organizations:ServicePrincipal": "securityhub.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:organizations::*:account/o-*/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KVIUTRVOZ", - "PolicyName": "AWSSecurityHubOrganizationsAccess", - "UpdateDate": "2021-03-15T20:53:03+00:00", - "VersionId": "v1" - }, - "AWSSecurityHubReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSSecurityHubReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-28T01:34:29+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "securityhub:Get*", - "securityhub:List*", - "securityhub:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIEBAQNOFUCLFJ3UHG", - "PolicyName": "AWSSecurityHubReadOnlyAccess", - "UpdateDate": "2019-06-25T22:45:52+00:00", - "VersionId": "v2" - }, - "AWSSecurityHubServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSecurityHubServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-11-27T23:47:51+00:00", - "DefaultVersionId": "v9", - "Document": { - "Statement": [ - { - "Action": [ - "cloudtrail:DescribeTrails", - "cloudtrail:GetTrailStatus", - "cloudtrail:GetEventSelectors", - "cloudwatch:DescribeAlarms", - "cloudwatch:DescribeAlarmsForMetric", - "logs:DescribeMetricFilters", - "sns:ListSubscriptionsByTopic", - "config:DescribeConfigurationRecorders", - "config:DescribeConfigurationRecorderStatus", - "config:DescribeConfigRules", - "config:BatchGetResourceConfig", - "config:SelectResourceConfig", - "iam:GenerateCredentialReport", - "iam:GetCredentialReport", - "organizations:ListAccounts", - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "config:PutEvaluations" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "config:PutConfigRule", - "config:DeleteConfigRule", - "config:GetComplianceDetailsByConfigRule", - "config:DescribeConfigRuleEvaluationStatus" - ], - "Effect": "Allow", - "Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/*securityhub*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJQPCESDDYDLLSOGYO", - "PolicyName": "AWSSecurityHubServiceRolePolicy", - "UpdateDate": "2021-07-14T20:32:48+00:00", - "VersionId": "v9" - }, - "AWSServiceCatalogAdminFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogAdminFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-02-15T17:19:40+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "cloudformation:CreateStack", - "cloudformation:DeleteStack", - "cloudformation:DescribeStackEvents", - "cloudformation:DescribeStacks", - "cloudformation:SetStackPolicy", - "cloudformation:UpdateStack", - "cloudformation:CreateChangeSet", - "cloudformation:DescribeChangeSet", - "cloudformation:ExecuteChangeSet", - "cloudformation:ListChangeSets", - "cloudformation:DeleteChangeSet", - "cloudformation:ListStackResources", - "cloudformation:TagResource", - "cloudformation:CreateStackSet", - "cloudformation:CreateStackInstances", - "cloudformation:UpdateStackSet", - "cloudformation:UpdateStackInstances", - "cloudformation:DeleteStackSet", - "cloudformation:DeleteStackInstances", - "cloudformation:DescribeStackSet", - "cloudformation:DescribeStackInstance", - "cloudformation:DescribeStackSetOperation", - "cloudformation:ListStackInstances", - "cloudformation:ListStackSetOperations", - "cloudformation:ListStackSetOperationResults" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:stack/SC-*", - "arn:aws:cloudformation:*:*:stack/StackSet-SC-*", - "arn:aws:cloudformation:*:*:changeSet/SC-*", - "arn:aws:cloudformation:*:*:stackset/SC-*" - ] - }, - { - "Action": [ - "cloudformation:CreateUploadBucket", - "cloudformation:GetTemplateSummary", - "cloudformation:ValidateTemplate", - "iam:GetGroup", - "iam:GetRole", - "iam:GetUser", - "iam:ListGroups", - "iam:ListRoles", - "iam:ListUsers", - "servicecatalog:*", - "ssm:DescribeDocument", - "ssm:GetAutomationExecution", - "ssm:ListDocuments", - "ssm:ListDocumentVersions", - "config:DescribeConfigurationRecorders", - "config:DescribeConfigurationRecorderStatus" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": "servicecatalog.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJWLJU4BZ7AQUJSBVM", - "PolicyName": "AWSServiceCatalogAdminFullAccess", - "UpdateDate": "2019-02-06T01:57:54+00:00", - "VersionId": "v5" - }, - "AWSServiceCatalogAdminReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogAdminReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-10-25T18:53:38+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cloudformation:DescribeStackEvents", - "cloudformation:DescribeStacks", - "cloudformation:DescribeChangeSet", - "cloudformation:ListChangeSets", - "cloudformation:ListStackResources", - "cloudformation:DescribeStackSet", - "cloudformation:DescribeStackInstance", - "cloudformation:DescribeStackSetOperation", - "cloudformation:ListStackInstances", - "cloudformation:ListStackSetOperations", - "cloudformation:ListStackSetOperationResults" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:stack/SC-*", - "arn:aws:cloudformation:*:*:stack/StackSet-SC-*", - "arn:aws:cloudformation:*:*:changeSet/SC-*", - "arn:aws:cloudformation:*:*:stackset/SC-*" - ] - }, - { - "Action": [ - "cloudformation:GetTemplateSummary", - "iam:GetGroup", - "iam:GetRole", - "iam:GetUser", - "iam:ListGroups", - "iam:ListRoles", - "iam:ListUsers", - "servicecatalog:Get*", - "servicecatalog:List*", - "servicecatalog:Describe*", - "servicecatalog:ScanProvisionedProducts", - "servicecatalog:Search*", - "ssm:DescribeDocument", - "ssm:GetAutomationExecution", - "ssm:ListDocuments", - "ssm:ListDocumentVersions", - "config:DescribeConfigurationRecorders", - "config:DescribeConfigurationRecorderStatus" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MC6ZR7YFX", - "PolicyName": "AWSServiceCatalogAdminReadOnlyAccess", - "UpdateDate": "2019-10-25T18:53:38+00:00", - "VersionId": "v1" - }, - "AWSServiceCatalogAppRegistryFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogAppRegistryFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-11-12T22:25:58+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "cloudformation:UpdateStack" - ], - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": "servicecatalog-appregistry.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "servicecatalog-appregistry.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/servicecatalog-appregistry.amazonaws.com/AWSServiceRoleForAWSServiceCatalogAppRegistry*" - }, - { - "Action": [ - "cloudformation:DescribeStacks", - "servicecatalog:CreateApplication", - "servicecatalog:GetApplication", - "servicecatalog:UpdateApplication", - "servicecatalog:DeleteApplication", - "servicecatalog:ListApplications", - "servicecatalog:AssociateResource", - "servicecatalog:DisassociateResource", - "servicecatalog:GetAssociatedResource", - "servicecatalog:ListAssociatedResources", - "servicecatalog:AssociateAttributeGroup", - "servicecatalog:DisassociateAttributeGroup", - "servicecatalog:ListAssociatedAttributeGroups", - "servicecatalog:CreateAttributeGroup", - "servicecatalog:UpdateAttributeGroup", - "servicecatalog:DeleteAttributeGroup", - "servicecatalog:GetAttributeGroup", - "servicecatalog:ListAttributeGroups", - "servicecatalog:SyncResource" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "servicecatalog:ListTagsForResource", - "servicecatalog:UntagResource", - "servicecatalog:TagResource" - ], - "Effect": "Allow", - "Resource": "arn:aws:servicecatalog:*:*:*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4N2G3EPAYN", - "PolicyName": "AWSServiceCatalogAppRegistryFullAccess", - "UpdateDate": "2021-08-24T17:06:03+00:00", - "VersionId": "v2" - }, - "AWSServiceCatalogAppRegistryReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogAppRegistryReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-11-12T22:34:32+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "servicecatalog:GetApplication", - "servicecatalog:ListApplications", - "servicecatalog:GetAssociatedResource", - "servicecatalog:ListAssociatedResources", - "servicecatalog:ListAssociatedAttributeGroups", - "servicecatalog:GetAttributeGroup", - "servicecatalog:ListAttributeGroups", - "servicecatalog:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4M3SSCJCST", - "PolicyName": "AWSServiceCatalogAppRegistryReadOnlyAccess", - "UpdateDate": "2021-08-24T17:03:28+00:00", - "VersionId": "v2" - }, - "AWSServiceCatalogAppRegistryServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceCatalogAppRegistryServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-05-18T22:18:55+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": "cloudformation:DescribeStacks", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "resource-groups:CreateGroup", - "resource-groups:Tag" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/EnableAWSServiceCatalogAppRegistry": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "resource-groups:DeleteGroup", - "resource-groups:UpdateGroup", - "resource-groups:GetGroup", - "resource-groups:GetTags", - "resource-groups:Tag", - "resource-groups:Untag", - "resource-groups:GetGroupConfiguration" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/EnableAWSServiceCatalogAppRegistry": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4H3V4QGJFH", - "PolicyName": "AWSServiceCatalogAppRegistryServiceRolePolicy", - "UpdateDate": "2022-03-04T21:06:44+00:00", - "VersionId": "v3" - }, - "AWSServiceCatalogEndUserFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogEndUserFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-02-15T17:22:32+00:00", - "DefaultVersionId": "v7", - "Document": { - "Statement": [ - { - "Action": [ - "cloudformation:CreateStack", - "cloudformation:DeleteStack", - "cloudformation:DescribeStackEvents", - "cloudformation:DescribeStacks", - "cloudformation:SetStackPolicy", - "cloudformation:ValidateTemplate", - "cloudformation:UpdateStack", - "cloudformation:CreateChangeSet", - "cloudformation:DescribeChangeSet", - "cloudformation:ExecuteChangeSet", - "cloudformation:ListChangeSets", - "cloudformation:DeleteChangeSet", - "cloudformation:TagResource", - "cloudformation:CreateStackSet", - "cloudformation:CreateStackInstances", - "cloudformation:UpdateStackSet", - "cloudformation:UpdateStackInstances", - "cloudformation:DeleteStackSet", - "cloudformation:DeleteStackInstances", - "cloudformation:DescribeStackSet", - "cloudformation:DescribeStackInstance", - "cloudformation:DescribeStackSetOperation", - "cloudformation:ListStackInstances", - "cloudformation:ListStackResources", - "cloudformation:ListStackSetOperations", - "cloudformation:ListStackSetOperationResults" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:stack/SC-*", - "arn:aws:cloudformation:*:*:stack/StackSet-SC-*", - "arn:aws:cloudformation:*:*:changeSet/SC-*", - "arn:aws:cloudformation:*:*:stackset/SC-*" - ] - }, - { - "Action": [ - "cloudformation:GetTemplateSummary", - "servicecatalog:DescribeProduct", - "servicecatalog:DescribeProductView", - "servicecatalog:DescribeProvisioningParameters", - "servicecatalog:ListLaunchPaths", - "servicecatalog:ProvisionProduct", - "servicecatalog:SearchProducts", - "ssm:DescribeDocument", - "ssm:GetAutomationExecution", - "config:DescribeConfigurationRecorders", - "config:DescribeConfigurationRecorderStatus" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "servicecatalog:DescribeProvisionedProduct", - "servicecatalog:DescribeRecord", - "servicecatalog:ListRecordHistory", - "servicecatalog:ListStackInstancesForProvisionedProduct", - "servicecatalog:ScanProvisionedProducts", - "servicecatalog:TerminateProvisionedProduct", - "servicecatalog:UpdateProvisionedProduct", - "servicecatalog:SearchProvisionedProducts", - "servicecatalog:CreateProvisionedProductPlan", - "servicecatalog:DescribeProvisionedProductPlan", - "servicecatalog:ExecuteProvisionedProductPlan", - "servicecatalog:DeleteProvisionedProductPlan", - "servicecatalog:ListProvisionedProductPlans", - "servicecatalog:ListServiceActionsForProvisioningArtifact", - "servicecatalog:ExecuteProvisionedProductServiceAction", - "servicecatalog:DescribeServiceActionExecutionParameters" - ], - "Condition": { - "StringEquals": { - "servicecatalog:userLevel": "self" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJTLLC4DGDMTZB54M4", - "PolicyName": "AWSServiceCatalogEndUserFullAccess", - "UpdateDate": "2019-07-10T20:30:52+00:00", - "VersionId": "v7" - }, - "AWSServiceCatalogEndUserReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogEndUserReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-10-25T18:49:34+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cloudformation:DescribeStackEvents", - "cloudformation:DescribeStacks", - "cloudformation:DescribeChangeSet", - "cloudformation:ListChangeSets", - "cloudformation:DescribeStackSet", - "cloudformation:DescribeStackInstance", - "cloudformation:DescribeStackSetOperation", - "cloudformation:ListStackInstances", - "cloudformation:ListStackResources", - "cloudformation:ListStackSetOperations", - "cloudformation:ListStackSetOperationResults" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:stack/SC-*", - "arn:aws:cloudformation:*:*:stack/StackSet-SC-*", - "arn:aws:cloudformation:*:*:changeSet/SC-*", - "arn:aws:cloudformation:*:*:stackset/SC-*" - ] - }, - { - "Action": [ - "cloudformation:GetTemplateSummary", - "servicecatalog:DescribeProduct", - "servicecatalog:DescribeProductView", - "servicecatalog:DescribeProvisioningParameters", - "servicecatalog:ListLaunchPaths", - "servicecatalog:SearchProducts", - "ssm:DescribeDocument", - "ssm:GetAutomationExecution", - "config:DescribeConfigurationRecorders", - "config:DescribeConfigurationRecorderStatus" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "servicecatalog:DescribeProvisionedProduct", - "servicecatalog:DescribeRecord", - "servicecatalog:ListRecordHistory", - "servicecatalog:ListStackInstancesForProvisionedProduct", - "servicecatalog:ScanProvisionedProducts", - "servicecatalog:SearchProvisionedProducts", - "servicecatalog:DescribeProvisionedProductPlan", - "servicecatalog:ListProvisionedProductPlans", - "servicecatalog:ListServiceActionsForProvisioningArtifact", - "servicecatalog:DescribeServiceActionExecutionParameters" - ], - "Condition": { - "StringEquals": { - "servicecatalog:userLevel": "self" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4IWYKXJJED", - "PolicyName": "AWSServiceCatalogEndUserReadOnlyAccess", - "UpdateDate": "2019-10-25T18:49:34+00:00", - "VersionId": "v1" - }, - "AWSServiceRoleForAmazonEKSNodegroup": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForAmazonEKSNodegroup", - "AttachmentCount": 0, - "CreateDate": "2019-11-07T01:34:26+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:RevokeSecurityGroupIngress", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:DescribeInstances", - "ec2:RevokeSecurityGroupEgress", - "ec2:DeleteSecurityGroup" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/eks": "*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "SharedSecurityGroupRelatedPermissions" - }, - { - "Action": [ - "ec2:RevokeSecurityGroupIngress", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:DescribeInstances", - "ec2:RevokeSecurityGroupEgress", - "ec2:DeleteSecurityGroup" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/eks:nodegroup-name": "*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "EKSCreatedSecurityGroupRelatedPermissions" - }, - { - "Action": [ - "ec2:DeleteLaunchTemplate", - "ec2:CreateLaunchTemplateVersion" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/eks:nodegroup-name": "*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "LaunchTemplateRelatedPermissions" - }, - { - "Action": [ - "autoscaling:UpdateAutoScalingGroup", - "autoscaling:DeleteAutoScalingGroup", - "autoscaling:TerminateInstanceInAutoScalingGroup", - "autoscaling:CompleteLifecycleAction", - "autoscaling:PutLifecycleHook", - "autoscaling:PutNotificationConfiguration", - "autoscaling:EnableMetricsCollection" - ], - "Effect": "Allow", - "Resource": "arn:aws:autoscaling:*:*:*:autoScalingGroupName/eks-*", - "Sid": "AutoscalingRelatedPermissions" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "autoscaling.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowAutoscalingToCreateSLR" - }, - { - "Action": [ - "autoscaling:CreateOrUpdateTags", - "autoscaling:CreateAutoScalingGroup" - ], - "Condition": { - "ForAnyValue:StringEquals": { - "aws:TagKeys": [ - "eks", - "eks:cluster-name", - "eks:nodegroup-name" - ] - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowASGCreationByEKS" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": "autoscaling.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowPassRoleToAutoscaling" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEqualsIfExists": { - "iam:PassedToService": [ - "ec2.amazonaws.com", - "ec2.amazonaws.com.cn" - ] - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowPassRoleToEC2" - }, - { - "Action": [ - "iam:GetRole", - "ec2:CreateLaunchTemplate", - "ec2:DescribeInstances", - "iam:GetInstanceProfile", - "ec2:DescribeLaunchTemplates", - "autoscaling:DescribeAutoScalingGroups", - "ec2:CreateSecurityGroup", - "ec2:DescribeLaunchTemplateVersions", - "ec2:RunInstances", - "ec2:DescribeSecurityGroups", - "ec2:GetConsoleOutput", - "ec2:DescribeRouteTables", - "ec2:DescribeSubnets" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "PermissionsToManageResourcesForNodegroups" - }, - { - "Action": [ - "iam:CreateInstanceProfile", - "iam:DeleteInstanceProfile", - "iam:RemoveRoleFromInstanceProfile", - "iam:AddRoleToInstanceProfile" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:instance-profile/eks-*", - "Sid": "PermissionsToCreateAndManageInstanceProfiles" - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "ForAnyValue:StringLike": { - "aws:TagKeys": [ - "eks", - "eks:cluster-name", - "eks:nodegroup-name", - "kubernetes.io/cluster/*" - ] - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "PermissionsToManageEKSAndKubernetesTags" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KH2AAMJJG", - "PolicyName": "AWSServiceRoleForAmazonEKSNodegroup", - "UpdateDate": "2022-01-14T00:33:26+00:00", - "VersionId": "v6" - }, - "AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-10-01T09:49:01+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ssm:CreateOpsItem" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4M4BX2KX5V", - "PolicyName": "AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy", - "UpdateDate": "2020-10-01T09:49:01+00:00", - "VersionId": "v1" - }, - "AWSServiceRoleForCodeGuru-Profiler": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForCodeGuru-Profiler", - "AttachmentCount": 0, - "CreateDate": "2020-06-26T22:04:26+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "sns:Publish" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowSNSPublishToSendNotifications" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4GNVXVLNQT", - "PolicyName": "AWSServiceRoleForCodeGuru-Profiler", - "UpdateDate": "2020-06-26T22:04:26+00:00", - "VersionId": "v1" - }, - "AWSServiceRoleForEC2ScheduledInstances": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForEC2ScheduledInstances", - "AttachmentCount": 0, - "CreateDate": "2017-10-12T18:31:55+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": [ - "aws:ec2sri:scheduledInstanceId" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": [ - "ec2:TerminateInstances" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/aws:ec2sri:scheduledInstanceId": "*" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ7Y4TT63D6QBKCY4O", - "PolicyName": "AWSServiceRoleForEC2ScheduledInstances", - "UpdateDate": "2017-10-12T18:31:55+00:00", - "VersionId": "v1" - }, - "AWSServiceRoleForImageBuilder": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForImageBuilder", - "AttachmentCount": 0, - "CreateDate": "2019-11-29T22:02:13+00:00", - "DefaultVersionId": "v16", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:RunInstances" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*::image/*", - "arn:aws:ec2:*::snapshot/*", - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:key-pair/*", - "arn:aws:ec2:*:*:launch-template/*" - ] - }, - { - "Action": [ - "ec2:RunInstances" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/CreatedBy": [ - "EC2 Image Builder", - "EC2 Fast Launch" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "ec2.amazonaws.com", - "ec2.amazonaws.com.cn", - "vmie.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:StopInstances", - "ec2:StartInstances", - "ec2:TerminateInstances" - ], - "Condition": { - "StringEquals": { - "ec2:ResourceTag/CreatedBy": "EC2 Image Builder" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CopyImage", - "ec2:CreateImage", - "ec2:CreateLaunchTemplate", - "ec2:DeregisterImage", - "ec2:DescribeImages", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeInstanceStatus", - "ec2:DescribeInstances", - "ec2:DescribeInstanceTypeOfferings", - "ec2:DescribeInstanceTypes", - "ec2:DescribeSubnets", - "ec2:DescribeTags", - "ec2:ModifyImageAttribute", - "ec2:DescribeImportImageTasks", - "ec2:DescribeExportImageTasks", - "ec2:DescribeSnapshots" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:ModifySnapshotAttribute" - ], - "Condition": { - "StringEquals": { - "ec2:ResourceTag/CreatedBy": "EC2 Image Builder" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*::snapshot/*" - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/CreatedBy": [ - "EC2 Image Builder", - "EC2 Fast Launch" - ], - "ec2:CreateAction": [ - "RunInstances", - "CreateImage" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*::image/*", - "arn:aws:ec2:*:*:export-image-task/*" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/CreatedBy": [ - "EC2 Image Builder", - "EC2 Fast Launch" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*::snapshot/*", - "arn:aws:ec2:*:*:launch-template/*" - ] - }, - { - "Action": [ - "license-manager:UpdateLicenseSpecificationsForResource" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sns:Publish" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ssm:ListCommands", - "ssm:ListCommandInvocations", - "ssm:AddTagsToResource", - "ssm:DescribeInstanceInformation", - "ssm:GetAutomationExecution", - "ssm:StopAutomationExecution", - "ssm:ListInventoryEntries", - "ssm:SendAutomationSignal", - "ssm:DescribeInstanceAssociationsStatus", - "ssm:DescribeAssociationExecutions" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ssm:SendCommand", - "Effect": "Allow", - "Resource": [ - "arn:aws:ssm:*:*:document/AWS-RunPowerShellScript", - "arn:aws:ssm:*:*:document/AWS-RunShellScript", - "arn:aws:ssm:*:*:document/AWSEC2-RunSysprep", - "arn:aws:s3:::*" - ] - }, - { - "Action": [ - "ssm:SendCommand" - ], - "Condition": { - "StringEquals": { - "ssm:resourceTag/CreatedBy": [ - "EC2 Image Builder" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": "ssm:StartAutomationExecution", - "Effect": "Allow", - "Resource": "arn:aws:ssm:*:*:automation-definition/ImageBuilder*" - }, - { - "Action": [ - "ssm:CreateAssociation", - "ssm:DeleteAssociation" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ssm:*:*:document/AWS-GatherSoftwareInventory", - "arn:aws:ssm:*:*:association/*", - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncryptFrom", - "kms:ReEncryptTo", - "kms:GenerateDataKeyWithoutPlaintext" - ], - "Condition": { - "ForAllValues:StringEquals": { - "kms:EncryptionContextKeys": [ - "aws:ebs:id" - ] - }, - "StringLike": { - "kms:ViaService": [ - "ec2.*.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:DescribeKey" - ], - "Condition": { - "StringLike": { - "kms:ViaService": [ - "ec2.*.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "kms:CreateGrant", - "Condition": { - "Bool": { - "kms:GrantIsForAWSResource": true - }, - "StringLike": { - "kms:ViaService": [ - "ec2.*.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/EC2ImageBuilderDistributionCrossAccountRole" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:CreateLogGroup", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/imagebuilder/*" - }, - { - "Action": [ - "ec2:CreateLaunchTemplateVersion", - "ec2:DescribeLaunchTemplates", - "ec2:ModifyLaunchTemplate", - "ec2:DescribeLaunchTemplateVersions" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:ExportImage" - ], - "Condition": { - "StringEquals": { - "ec2:ResourceTag/CreatedBy": "EC2 Image Builder" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*::image/*" - }, - { - "Action": [ - "ec2:ExportImage" - ], - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:export-image-task/*" - }, - { - "Action": [ - "ec2:CancelExportTask" - ], - "Condition": { - "StringEquals": { - "ec2:ResourceTag/CreatedBy": "EC2 Image Builder" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:export-image-task/*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "ssm.amazonaws.com", - "ec2fastlaunch.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:EnableFastLaunch" - ], - "Condition": { - "StringEquals": { - "ec2:ResourceTag/CreatedBy": "EC2 Image Builder" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*::image/*", - "arn:aws:ec2:*:*:launch-template/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NE22WISEW", - "PolicyName": "AWSServiceRoleForImageBuilder", - "UpdateDate": "2022-02-17T00:01:44+00:00", - "VersionId": "v16" - }, - "AWSServiceRoleForIoTSiteWise": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForIoTSiteWise", - "AttachmentCount": 0, - "CreateDate": "2018-11-14T19:19:17+00:00", - "DefaultVersionId": "v7", - "Document": { - "Statement": [ - { - "Action": [ - "greengrass:GetAssociatedRole", - "greengrass:GetCoreDefinition", - "greengrass:GetCoreDefinitionVersion", - "greengrass:GetGroup", - "greengrass:GetGroupVersion" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:CreateLogGroup", - "logs:DescribeLogGroups" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/iotsitewise*" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/iotsitewise*:log-stream:*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJGQU4DZIQP6HLYQPE", - "PolicyName": "AWSServiceRoleForIoTSiteWise", - "UpdateDate": "2020-04-25T02:15:01+00:00", - "VersionId": "v7" - }, - "AWSServiceRoleForLogDeliveryPolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForLogDeliveryPolicy", - "AttachmentCount": 0, - "CreateDate": "2019-10-04T17:31:19+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "firehose:PutRecord", - "firehose:PutRecordBatch", - "firehose:ListTagsForDeliveryStream" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/LogDeliveryEnabled": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4EMA7ANTDG", - "PolicyName": "AWSServiceRoleForLogDeliveryPolicy", - "UpdateDate": "2021-07-15T20:07:44+00:00", - "VersionId": "v3" - }, - "AWSServiceRoleForMonitronPolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForMonitronPolicy", - "AttachmentCount": 0, - "CreateDate": "2020-12-02T19:06:08+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "sso:GetManagedApplicationInstance", - "sso:GetProfile", - "sso:ListProfiles", - "sso:AssociateProfile", - "sso:ListDirectoryAssociations", - "sso-directory:DescribeUsers", - "sso-directory:SearchUsers" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NYRIH2RCH", - "PolicyName": "AWSServiceRoleForMonitronPolicy", - "UpdateDate": "2020-12-02T19:06:08+00:00", - "VersionId": "v1" - }, - "AWSServiceRoleForSMS": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForSMS", - "AttachmentCount": 0, - "CreateDate": "2019-08-06T18:39:29+00:00", - "DefaultVersionId": "v10", - "Document": { - "Statement": [ - { - "Action": [ - "cloudformation:CreateChangeSet", - "cloudformation:CreateStack" - ], - "Condition": { - "ForAllValues:StringEquals": { - "cloudformation:ResourceTypes": [ - "AWS::EC2::Instance", - "AWS::ApplicationInsights::Application", - "AWS::ResourceGroups::Group" - ] - }, - "Null": { - "cloudformation:ResourceTypes": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" - }, - { - "Action": [ - "cloudformation:DeleteStack", - "cloudformation:ExecuteChangeSet", - "cloudformation:DeleteChangeSet", - "cloudformation:DescribeChangeSet", - "cloudformation:DescribeStacks", - "cloudformation:DescribeStackEvents", - "cloudformation:DescribeStackResource", - "cloudformation:DescribeStackResources", - "cloudformation:GetTemplate" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" - }, - { - "Action": [ - "cloudformation:ValidateTemplate", - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:CreateBucket", - "s3:DeleteBucket", - "s3:DeleteObject", - "s3:GetBucketAcl", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:PutObject", - "s3:PutObjectAcl", - "s3:PutLifecycleConfiguration" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::sms-app-*" - }, - { - "Action": [ - "sms:CreateReplicationJob", - "sms:DeleteReplicationJob", - "sms:GetReplicationJobs", - "sms:GetReplicationRuns", - "sms:GetServers", - "sms:ImportServerCatalog", - "sms:StartOnDemandReplicationRun", - "sms:UpdateReplicationJob" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ssm:SendCommand", - "Effect": "Allow", - "Resource": [ - "arn:aws:ssm:*::document/AWS-RunRemoteScript", - "arn:aws:s3:::sms-app-*" - ] - }, - { - "Action": "ssm:SendCommand", - "Condition": { - "StringEquals": { - "ssm:resourceTag/UseForSMSApplicationValidation": [ - "true" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "ssm:CancelCommand", - "ssm:GetCommandInvocation" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "ec2:CreateAction": "CopySnapshot" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:snapshot/*" - }, - { - "Action": "ec2:CopySnapshot", - "Condition": { - "StringLike": { - "aws:RequestTag/SMSJobId": [ - "sms-*" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:snapshot/*" - }, - { - "Action": [ - "ec2:ModifySnapshotAttribute", - "ec2:DeleteSnapshot" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/SMSJobId": [ - "sms-*" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:snapshot/*" - }, - { - "Action": [ - "ec2:CopyImage", - "ec2:DescribeImages", - "ec2:DescribeInstances", - "ec2:DescribeSnapshots", - "ec2:DescribeSnapshotAttribute", - "ec2:DeregisterImage", - "ec2:ImportImage", - "ec2:DescribeImportImageTasks", - "ec2:GetEbsEncryptionByDefault" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:GetRole", - "iam:GetInstanceProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DisassociateIamInstanceProfile", - "ec2:AssociateIamInstanceProfile", - "ec2:ReplaceIamInstanceProfileAssociation" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": "ec2.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEqualsIfExists": { - "iam:PassedToService": "cloudformation.amazonaws.com" - }, - "StringLike": { - "iam:AssociatedResourceArn": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:RunInstances" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "ec2:ModifyInstanceAttribute", - "ec2:StopInstances", - "ec2:StartInstances", - "ec2:TerminateInstances" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "applicationinsights:Describe*", - "applicationinsights:List*", - "cloudformation:ListStackResources" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "applicationinsights:CreateApplication", - "applicationinsights:CreateComponent", - "applicationinsights:UpdateApplication", - "applicationinsights:DeleteApplication", - "applicationinsights:UpdateComponentConfiguration", - "applicationinsights:DeleteComponent" - ], - "Effect": "Allow", - "Resource": "arn:aws:applicationinsights:*:*:application/resource-group/sms-app-*" - }, - { - "Action": [ - "resource-groups:CreateGroup", - "resource-groups:GetGroup", - "resource-groups:UpdateGroup", - "resource-groups:DeleteGroup" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:resource-groups:*:*:group/sms-app-*" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "application-insights.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/application-insights.amazonaws.com/AWSServiceRoleForApplicationInsights" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4OSYRD2VJZ", - "PolicyName": "AWSServiceRoleForSMS", - "UpdateDate": "2020-10-15T17:28:13+00:00", - "VersionId": "v10" - }, - "AWSServiceRolePolicyForBackupReports": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRolePolicyForBackupReports", - "AttachmentCount": 0, - "CreateDate": "2021-08-19T21:16:45+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "backup:DescribeFramework", - "backup:ListBackupJobs", - "backup:ListRestoreJobs", - "backup:ListCopyJobs" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "config:DescribeConfigurationRecorders", - "config:DescribeConfigurationRecorderStatus", - "config:BatchGetResourceConfig", - "config:SelectResourceConfig", - "config:DescribeConfigurationAggregators", - "config:SelectAggregateResourceConfig", - "s3:GetBucketLocation" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "config:GetComplianceDetailsByConfigRule", - "config:DescribeConfigRuleEvaluationStatus", - "config:DescribeConfigRules", - "config:PutConfigRule", - "config:DeleteConfigRule" - ], - "Effect": "Allow", - "Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/backup.amazonaws.com*" - }, - { - "Action": [ - "config:DeleteConfigurationAggregator", - "config:PutConfigurationAggregator" - ], - "Effect": "Allow", - "Resource": "arn:aws:config:*:*:config-aggregator/aws-service-config-aggregator/backup.amazonaws.com*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MSKXNYMTU", - "PolicyName": "AWSServiceRolePolicyForBackupReports", - "UpdateDate": "2021-08-19T21:16:45+00:00", - "VersionId": "v1" - }, - "AWSShieldDRTAccessPolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy", - "AttachmentCount": 0, - "CreateDate": "2018-06-05T22:29:39+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "cloudfront:List*", - "route53:List*", - "elasticloadbalancing:Describe*", - "cloudwatch:Describe*", - "cloudwatch:Get*", - "cloudwatch:List*", - "cloudfront:GetDistribution*", - "globalaccelerator:ListAccelerators", - "globalaccelerator:DescribeAccelerator", - "ec2:DescribeRegions", - "ec2:DescribeAddresses" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "SRTAccessProtectedResources" - }, - { - "Action": [ - "shield:*", - "waf:*", - "wafv2:*", - "waf-regional:*", - "elasticloadbalancing:SetWebACL", - "cloudfront:UpdateDistribution", - "apigateway:SetWebACL" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "SRTManageProtections" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJWNCSZ4PARLO37VVY", - "PolicyName": "AWSShieldDRTAccessPolicy", - "UpdateDate": "2020-12-15T17:28:15+00:00", - "VersionId": "v6" - }, - "AWSShieldServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSShieldServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-11-17T19:17:46+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "wafv2:GetWebACL", - "wafv2:UpdateWebACL", - "wafv2:GetWebACLForResource", - "wafv2:ListResourcesForWebACL", - "cloudfront:ListDistributions", - "cloudfront:GetDistribution" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AWSShield" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LW6EWPBMS", - "PolicyName": "AWSShieldServiceRolePolicy", - "UpdateDate": "2021-11-17T19:17:46+00:00", - "VersionId": "v1" - }, - "AWSStepFunctionsConsoleFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSStepFunctionsConsoleFullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-01-11T21:54:31+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": "states:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:ListRoles", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/service-role/StatesExecutionRole*" - }, - { - "Action": "lambda:ListFunctions", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJIYC52YWRX6OSMJWK", - "PolicyName": "AWSStepFunctionsConsoleFullAccess", - "UpdateDate": "2017-01-12T00:19:34+00:00", - "VersionId": "v2" - }, - "AWSStepFunctionsFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSStepFunctionsFullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-01-11T21:51:32+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "states:*", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJXKA6VP3UFBVHDPPA", - "PolicyName": "AWSStepFunctionsFullAccess", - "UpdateDate": "2017-01-11T21:51:32+00:00", - "VersionId": "v1" - }, - "AWSStepFunctionsReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSStepFunctionsReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2017-01-11T21:46:19+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "states:ListStateMachines", - "states:ListActivities", - "states:DescribeStateMachine", - "states:DescribeStateMachineForExecution", - "states:ListExecutions", - "states:DescribeExecution", - "states:GetExecutionHistory", - "states:DescribeActivity" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJONHB2TJQDJPFW5TM", - "PolicyName": "AWSStepFunctionsReadOnlyAccess", - "UpdateDate": "2017-11-10T22:03:49+00:00", - "VersionId": "v2" - }, - "AWSStorageGatewayFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSStorageGatewayFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:09+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "storagegateway:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeSnapshots", - "ec2:DeleteSnapshot" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJG5SSPAVOGK3SIDGU", - "PolicyName": "AWSStorageGatewayFullAccess", - "UpdateDate": "2015-02-06T18:41:09+00:00", - "VersionId": "v1" - }, - "AWSStorageGatewayReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSStorageGatewayReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:10+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "storagegateway:List*", - "storagegateway:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeSnapshots" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIFKCTUVOPD5NICXJK", - "PolicyName": "AWSStorageGatewayReadOnlyAccess", - "UpdateDate": "2015-02-06T18:41:10+00:00", - "VersionId": "v1" - }, - "AWSStorageGatewayServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSStorageGatewayServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-02-17T19:03:19+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "fsx:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": "arn:aws:fsx:*:*:backup/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4E4ZEKWU2U", - "PolicyName": "AWSStorageGatewayServiceRolePolicy", - "UpdateDate": "2021-02-17T19:03:19+00:00", - "VersionId": "v1" - }, - "AWSSupportAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSSupportAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:11+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "support:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJSNKQX2OW67GF4S7E", - "PolicyName": "AWSSupportAccess", - "UpdateDate": "2015-02-06T18:41:11+00:00", - "VersionId": "v1" - }, - "AWSSupportServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy", - "AttachmentCount": 1, - "CreateDate": "2018-04-19T18:04:44+00:00", - "DefaultVersionId": "v21", - "Document": { - "Statement": [ - { - "Action": [ - "apigateway:GET" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:apigateway:*::/account", - "arn:aws:apigateway:*::/apis", - "arn:aws:apigateway:*::/apis/*", - "arn:aws:apigateway:*::/apis/*/authorizers", - "arn:aws:apigateway:*::/apis/*/authorizers/*", - "arn:aws:apigateway:*::/apis/*/deployments", - "arn:aws:apigateway:*::/apis/*/deployments/*", - "arn:aws:apigateway:*::/apis/*/integrations", - "arn:aws:apigateway:*::/apis/*/integrations/*", - "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses", - "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses/*", - "arn:aws:apigateway:*::/apis/*/models", - "arn:aws:apigateway:*::/apis/*/models/*", - "arn:aws:apigateway:*::/apis/*/routes", - "arn:aws:apigateway:*::/apis/*/routes/*", - "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses", - "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses/*", - "arn:aws:apigateway:*::/apis/*/stages", - "arn:aws:apigateway:*::/apis/*/stages/*", - "arn:aws:apigateway:*::/clientcertificates", - "arn:aws:apigateway:*::/clientcertificates/*", - "arn:aws:apigateway:*::/domainnames", - "arn:aws:apigateway:*::/domainnames/*", - "arn:aws:apigateway:*::/domainnames/*/apimappings", - "arn:aws:apigateway:*::/domainnames/*/apimappings/*", - "arn:aws:apigateway:*::/domainnames/*/basepathmappings", - "arn:aws:apigateway:*::/domainnames/*/basepathmappings/*", - "arn:aws:apigateway:*::/restapis", - "arn:aws:apigateway:*::/restapis/*", - "arn:aws:apigateway:*::/restapis/*/authorizers", - "arn:aws:apigateway:*::/restapis/*/authorizers/*", - "arn:aws:apigateway:*::/restapis/*/deployments", - "arn:aws:apigateway:*::/restapis/*/deployments/*", - "arn:aws:apigateway:*::/restapis/*/models", - "arn:aws:apigateway:*::/restapis/*/models/*", - "arn:aws:apigateway:*::/restapis/*/models/*/default_template", - "arn:aws:apigateway:*::/restapis/*/resources", - "arn:aws:apigateway:*::/restapis/*/resources/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration/responses/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/responses/*", - "arn:aws:apigateway:*::/restapis/*/stages/*/sdks/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration", - "arn:aws:apigateway:*::/restapis/*/stages", - "arn:aws:apigateway:*::/restapis/*/stages/*" - ] - }, - { - "Action": [ - "iam:DeleteRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport" - ] - }, - { - "Action": [ - "a4b:getDevice", - "a4b:getProfile", - "a4b:getRoom", - "a4b:getRoomSkillParameter", - "a4b:getSkillGroup", - "a4b:searchDevices", - "a4b:searchProfiles", - "a4b:searchRooms", - "a4b:searchSkillGroups", - "access-analyzer:getFinding", - "access-analyzer:listAnalyzers", - "access-analyzer:listArchiveRules", - "access-analyzer:listFindings", - "acm-pca:describeCertificateAuthority", - "acm-pca:describeCertificateAuthorityAuditReport", - "acm-pca:getCertificate", - "acm-pca:getCertificateAuthorityCertificate", - "acm-pca:getCertificateAuthorityCsr", - "acm-pca:listCertificateAuthorities", - "acm-pca:listTags", - "acm:describeCertificate", - "acm:getCertificate", - "acm:listCertificates", - "acm:listTagsForCertificate", - "airflow:getEnvironment", - "airflow:listEnvironments", - "airflow:listTagsForResource", - "amplify:getApp", - "amplify:getBranch", - "amplify:getDomainAssociation", - "amplify:getJob", - "amplify:getWebhook", - "amplify:listApps", - "amplify:listWebhooks", - "appflow:describeConnectorEntity", - "appflow:describeConnectorProfiles", - "appflow:describeConnectors", - "appflow:describeFlow", - "appflow:describeFlowExecutionRecords", - "appflow:listConnectorEntities", - "appflow:listFlows", - "application-autoscaling:describeScalableTargets", - "application-autoscaling:describeScalingActivities", - "application-autoscaling:describeScalingPolicies", - "application-autoscaling:describeScheduledActions", - "applicationinsights:describeComponentConfiguration", - "applicationinsights:describeComponentConfigurationRecommendation", - "applicationinsights:listApplications", - "applicationinsights:listComponents", - "applicationinsights:listConfigurationHistory", - "applicationinsights:listLogPatterns", - "applicationinsights:listLogPatternSets", - "appmesh:describeGatewayRoute", - "appmesh:describeMesh", - "appmesh:describeRoute", - "appmesh:describeVirtualGateway", - "appmesh:describeVirtualNode", - "appmesh:describeVirtualRouter", - "appmesh:describeVirtualService", - "appmesh:listGatewayRoutes", - "appmesh:listMeshes", - "appmesh:listRoutes", - "appmesh:listTagsForResource", - "appmesh:listVirtualGateways", - "appmesh:listVirtualNodes", - "appmesh:listVirtualRouters", - "appmesh:listVirtualServices", - "apprunner:describeAutoScalingConfiguration", - "apprunner:describeCustomDomains", - "apprunner:describeOperation", - "apprunner:describeService", - "apprunner:listAutoScalingConfigurations", - "apprunner:listConnections", - "apprunner:listOperations", - "apprunner:listServices", - "apprunner:listTagsForResource", - "appstream:describeDirectoryConfigs", - "appstream:describeFleets", - "appstream:describeImageBuilders", - "appstream:describeImages", - "appstream:describeSessions", - "appstream:describeStacks", - "appstream:listAssociatedFleets", - "appstream:listAssociatedStacks", - "appstream:listTagsForResource", - "appsync:getFunction", - "appsync:getGraphqlApi", - "appsync:getIntrospectionSchema", - "appsync:getResolver", - "appsync:getSchemaCreationStatus", - "appsync:getType", - "appsync:listDataSources", - "appsync:listFunctions", - "appsync:listGraphqlApis", - "appsync:listResolvers", - "appsync:listTypes", - "athena:batchGetNamedQuery", - "athena:batchGetQueryExecution", - "athena:getNamedQuery", - "athena:getQueryExecution", - "athena:getWorkGroup", - "athena:listNamedQueries", - "athena:listQueryExecutions", - "athena:listTagsForResource", - "athena:listWorkGroups", - "auditmanager:getAccountStatus", - "auditmanager:getDelegations", - "auditmanager:listAssessmentFrameworks", - "auditmanager:listAssessmentReports", - "auditmanager:listAssessments", - "auditmanager:listControls", - "auditmanager:listKeywordsForDataSource", - "auditmanager:listNotifications", - "autoscaling-plans:describeScalingPlanResources", - "autoscaling-plans:describeScalingPlans", - "autoscaling-plans:getScalingPlanResourceForecastData", - "autoscaling:describeAccountLimits", - "autoscaling:describeAdjustmentTypes", - "autoscaling:describeAutoScalingGroups", - "autoscaling:describeAutoScalingInstances", - "autoscaling:describeAutoScalingNotificationTypes", - "autoscaling:describeInstanceRefreshes", - "autoscaling:describeLaunchConfigurations", - "autoscaling:describeLifecycleHooks", - "autoscaling:describeLifecycleHookTypes", - "autoscaling:describeLoadBalancers", - "autoscaling:describeLoadBalancerTargetGroups", - "autoscaling:describeMetricCollectionTypes", - "autoscaling:describeNotificationConfigurations", - "autoscaling:describePolicies", - "autoscaling:describeScalingActivities", - "autoscaling:describeScalingProcessTypes", - "autoscaling:describeScheduledActions", - "autoscaling:describeTags", - "autoscaling:describeTerminationPolicyTypes", - "backup:describeBackupJob", - "backup:describeBackupVault", - "backup:describeProtectedResource", - "backup:describeRecoveryPoint", - "backup:describeRestoreJob", - "backup:getBackupPlan", - "backup:getBackupPlanFromJSON", - "backup:getBackupPlanFromTemplate", - "backup:getBackupSelection", - "backup:getBackupVaultAccessPolicy", - "backup:getBackupVaultNotifications", - "backup:getRecoveryPointRestoreMetadata", - "backup:getSupportedResourceTypes", - "backup:listBackupJobs", - "backup:listBackupPlans", - "backup:listBackupPlanTemplates", - "backup:listBackupPlanVersions", - "backup:listBackupSelections", - "backup:listBackupVaults", - "backup:listProtectedResources", - "backup:listRecoveryPointsByBackupVault", - "backup:listRecoveryPointsByResource", - "backup:listRestoreJobs", - "backup:listTags", - "batch:describeComputeEnvironments", - "batch:describeJobDefinitions", - "batch:describeJobQueues", - "batch:describeJobs", - "batch:listJobs", - "braket:getDevice", - "braket:getQuantumTask", - "braket:searchDevices", - "braket:searchQuantumTasks", - "budgets:viewBudget", - "ce:getCostAndUsage", - "ce:getCostAndUsageWithResources", - "ce:getCostForecast", - "ce:getDimensionValues", - "ce:getReservationCoverage", - "ce:getReservationPurchaseRecommendation", - "ce:getReservationUtilization", - "ce:getRightsizingRecommendation", - "ce:getSavingsPlansCoverage", - "ce:getSavingsPlansPurchaseRecommendation", - "ce:getSavingsPlansUtilization", - "ce:getSavingsPlansUtilizationDetails", - "ce:getTags", - "cloud9:describeEnvironmentMemberships", - "cloud9:describeEnvironments", - "cloud9:listEnvironments", - "clouddirectory:getDirectory", - "clouddirectory:listDirectories", - "cloudformation:batchDescribeTypeConfigurations", - "cloudformation:describeAccountLimits", - "cloudformation:describeChangeSet", - "cloudformation:describePublisher", - "cloudformation:describeStackEvents", - "cloudformation:describeStackInstance", - "cloudformation:describeStackResource", - "cloudformation:describeStackResources", - "cloudformation:describeStacks", - "cloudformation:describeStackSet", - "cloudformation:describeStackSetOperation", - "cloudformation:describeTypeRegistration", - "cloudformation:estimateTemplateCost", - "cloudformation:getStackPolicy", - "cloudformation:getTemplate", - "cloudformation:getTemplateSummary", - "cloudformation:listChangeSets", - "cloudformation:listExports", - "cloudformation:listImports", - "cloudformation:listStackInstances", - "cloudformation:listStackResources", - "cloudformation:listStacks", - "cloudformation:listStackSetOperationResults", - "cloudformation:listStackSetOperations", - "cloudformation:listStackSets", - "cloudformation:listTypeRegistrations", - "cloudformation:listTypes", - "cloudformation:listTypeVersions", - "cloudfront:getCloudFrontOriginAccessIdentity", - "cloudfront:getCloudFrontOriginAccessIdentityConfig", - "cloudfront:getDistribution", - "cloudfront:getDistributionConfig", - "cloudfront:getInvalidation", - "cloudfront:getStreamingDistribution", - "cloudfront:getStreamingDistributionConfig", - "cloudfront:listCloudFrontOriginAccessIdentities", - "cloudfront:listDistributions", - "cloudfront:listDistributionsByWebACLId", - "cloudfront:listInvalidations", - "cloudfront:listStreamingDistributions", - "cloudhsm:describeBackups", - "cloudhsm:describeClusters", - "cloudsearch:describeAnalysisSchemes", - "cloudsearch:describeAvailabilityOptions", - "cloudsearch:describeDomains", - "cloudsearch:describeExpressions", - "cloudsearch:describeIndexFields", - "cloudsearch:describeScalingParameters", - "cloudsearch:describeServiceAccessPolicies", - "cloudsearch:describeSuggesters", - "cloudsearch:listDomainNames", - "cloudtrail:describeTrails", - "cloudtrail:getEventSelectors", - "cloudtrail:getInsightSelectors", - "cloudtrail:getTrail", - "cloudtrail:getTrailStatus", - "cloudtrail:listPublicKeys", - "cloudtrail:listTags", - "cloudtrail:listTrails", - "cloudtrail:lookupEvents", - "cloudwatch:describeAlarmHistory", - "cloudwatch:describeAlarms", - "cloudwatch:describeAlarmsForMetric", - "cloudwatch:describeAnomalyDetectors", - "cloudwatch:describeInsightRules", - "cloudwatch:getDashboard", - "cloudwatch:getInsightRuleReport", - "cloudwatch:getMetricData", - "cloudwatch:getMetricStatistics", - "cloudwatch:listDashboards", - "cloudwatch:listMetrics", - "codeartifact:describeDomain", - "codeartifact:describePackageVersion", - "codeartifact:describeRepository", - "codeartifact:getDomainPermissionsPolicy", - "codeartifact:getRepositoryEndpoint", - "codeartifact:getRepositoryPermissionsPolicy", - "codeartifact:listDomains", - "codeartifact:listPackages", - "codeartifact:listPackageVersionAssets", - "codeartifact:listPackageVersions", - "codeartifact:listRepositories", - "codeartifact:listRepositoriesInDomain", - "codebuild:batchGetBuildBatches", - "codebuild:batchGetBuilds", - "codebuild:batchGetProjects", - "codebuild:listBuildBatches", - "codebuild:listBuildBatchesForProject", - "codebuild:listBuilds", - "codebuild:listBuildsForProject", - "codebuild:listCuratedEnvironmentImages", - "codebuild:listProjects", - "codebuild:listSourceCredentials", - "codecommit:batchGetRepositories", - "codecommit:getBranch", - "codecommit:getRepository", - "codecommit:getRepositoryTriggers", - "codecommit:listBranches", - "codecommit:listRepositories", - "codedeploy:batchGetApplicationRevisions", - "codedeploy:batchGetApplications", - "codedeploy:batchGetDeploymentGroups", - "codedeploy:batchGetDeploymentInstances", - "codedeploy:batchGetDeployments", - "codedeploy:batchGetDeploymentTargets", - "codedeploy:batchGetOnPremisesInstances", - "codedeploy:getApplication", - "codedeploy:getApplicationRevision", - "codedeploy:getDeployment", - "codedeploy:getDeploymentConfig", - "codedeploy:getDeploymentGroup", - "codedeploy:getDeploymentInstance", - "codedeploy:getDeploymentTarget", - "codedeploy:getOnPremisesInstance", - "codedeploy:listApplicationRevisions", - "codedeploy:listApplications", - "codedeploy:listDeploymentConfigs", - "codedeploy:listDeploymentGroups", - "codedeploy:listDeploymentInstances", - "codedeploy:listDeployments", - "codedeploy:listDeploymentTargets", - "codedeploy:listGitHubAccountTokenNames", - "codedeploy:listOnPremisesInstances", - "codepipeline:getJobDetails", - "codepipeline:getPipeline", - "codepipeline:getPipelineExecution", - "codepipeline:getPipelineState", - "codepipeline:listActionExecutions", - "codepipeline:listActionTypes", - "codepipeline:listPipelineExecutions", - "codepipeline:listPipelines", - "codepipeline:listWebhooks", - "codestar:describeProject", - "codestar:listProjects", - "codestar:listResources", - "codestar:listTeamMembers", - "codestar:listUserProfiles", - "cognito-identity:describeIdentityPool", - "cognito-identity:getIdentityPoolRoles", - "cognito-identity:listIdentities", - "cognito-identity:listIdentityPools", - "cognito-idp:describeIdentityProvider", - "cognito-idp:describeResourceServer", - "cognito-idp:describeRiskConfiguration", - "cognito-idp:describeUserImportJob", - "cognito-idp:describeUserPool", - "cognito-idp:describeUserPoolClient", - "cognito-idp:describeUserPoolDomain", - "cognito-idp:getGroup", - "cognito-idp:getUICustomization", - "cognito-idp:getUserPoolMfaConfig", - "cognito-idp:listGroups", - "cognito-idp:listIdentityProviders", - "cognito-idp:listResourceServers", - "cognito-idp:listUserImportJobs", - "cognito-idp:listUserPoolClients", - "cognito-idp:listUserPools", - "cognito-sync:describeDataset", - "cognito-sync:describeIdentityPoolUsage", - "cognito-sync:describeIdentityUsage", - "cognito-sync:getCognitoEvents", - "cognito-sync:getIdentityPoolConfiguration", - "cognito-sync:listDatasets", - "cognito-sync:listIdentityPoolUsage", - "compute-optimizer:getAutoScalingGroupRecommendations", - "compute-optimizer:getEBSVolumeRecommendations", - "compute-optimizer:getEC2InstanceRecommendations", - "compute-optimizer:getEC2RecommendationProjectedMetrics", - "compute-optimizer:getEnrollmentStatus", - "compute-optimizer:getRecommendationSummaries", - "config:batchGetAggregateResourceConfig", - "config:batchGetResourceConfig", - "config:describeAggregateComplianceByConfigRules", - "config:describeAggregationAuthorizations", - "config:describeComplianceByConfigRule", - "config:describeComplianceByResource", - "config:describeConfigRuleEvaluationStatus", - "config:describeConfigRules", - "config:describeConfigurationAggregators", - "config:describeConfigurationAggregatorSourcesStatus", - "config:describeConfigurationRecorders", - "config:describeConfigurationRecorderStatus", - "config:describeConformancePackCompliance", - "config:describeConformancePacks", - "config:describeConformancePackStatus", - "config:describeDeliveryChannels", - "config:describeDeliveryChannelStatus", - "config:describeOrganizationConfigRules", - "config:describeOrganizationConfigRuleStatuses", - "config:describeOrganizationConformancePacks", - "config:describeOrganizationConformancePackStatuses", - "config:describePendingAggregationRequests", - "config:describeRemediationConfigurations", - "config:describeRemediationExceptions", - "config:describeRemediationExecutionStatus", - "config:describeRetentionConfigurations", - "config:getAggregateComplianceDetailsByConfigRule", - "config:getAggregateConfigRuleComplianceSummary", - "config:getAggregateDiscoveredResourceCounts", - "config:getAggregateResourceConfig", - "config:getComplianceDetailsByConfigRule", - "config:getComplianceDetailsByResource", - "config:getComplianceSummaryByConfigRule", - "config:getComplianceSummaryByResourceType", - "config:getConformancePackComplianceDetails", - "config:getConformancePackComplianceSummary", - "config:getDiscoveredResourceCounts", - "config:getOrganizationConfigRuleDetailedStatus", - "config:getOrganizationConformancePackDetailedStatus", - "config:getResourceConfigHistory", - "config:listAggregateDiscoveredResources", - "config:listDiscoveredResources", - "config:listTagsForResource", - "connect:describeUser", - "connect:getCurrentMetricData", - "connect:getMetricData", - "connect:listRoutingProfiles", - "connect:listSecurityProfiles", - "connect:listUsers", - "controltower:describeAccountFactoryConfig", - "controltower:describeCoreService", - "controltower:describeGuardrail", - "controltower:describeGuardrailForTarget", - "controltower:describeManagedAccount", - "controltower:describeSingleSignOn", - "controltower:getAvailableUpdates", - "controltower:getHomeRegion", - "controltower:getLandingZoneStatus", - "controltower:listDirectoryGroups", - "controltower:listGuardrailsForTarget", - "controltower:listGuardrailViolations", - "controltower:listManagedAccounts", - "controltower:listManagedAccountsForGuardrail", - "controltower:listManagedAccountsForParent", - "controltower:listManagedOrganizationalUnits", - "controltower:listManagedOrganizationalUnitsForGuardrail", - "databrew:describeDataset", - "databrew:describeJob", - "databrew:describeProject", - "databrew:describeRecipe", - "databrew:listDatasets", - "databrew:listJobRuns", - "databrew:listJobs", - "databrew:listProjects", - "databrew:listRecipes", - "databrew:listRecipeVersions", - "databrew:listTagsForResource", - "datapipeline:describeObjects", - "datapipeline:describePipelines", - "datapipeline:getPipelineDefinition", - "datapipeline:listPipelines", - "datapipeline:queryObjects", - "datasync:describeAgent", - "datasync:describeLocationEfs", - "datasync:describeLocationFsxWindows", - "datasync:describeLocationNfs", - "datasync:describeLocationObjectStorage", - "datasync:describeLocationS3", - "datasync:describeLocationSmb", - "datasync:describeTask", - "datasync:describeTaskExecution", - "datasync:listAgents", - "datasync:listLocations", - "datasync:listTaskExecutions", - "datasync:listTasks", - "dax:describeClusters", - "dax:describeDefaultParameters", - "dax:describeEvents", - "dax:describeParameterGroups", - "dax:describeParameters", - "dax:describeSubnetGroups", - "detective:getMembers", - "detective:listGraphs", - "detective:listInvitations", - "detective:listMembers", - "devicefarm:getAccountSettings", - "devicefarm:getDevice", - "devicefarm:getDevicePool", - "devicefarm:getDevicePoolCompatibility", - "devicefarm:getJob", - "devicefarm:getProject", - "devicefarm:getRemoteAccessSession", - "devicefarm:getRun", - "devicefarm:getSuite", - "devicefarm:getTest", - "devicefarm:getTestGridProject", - "devicefarm:getTestGridSession", - "devicefarm:getUpload", - "devicefarm:listArtifacts", - "devicefarm:listDevicePools", - "devicefarm:listDevices", - "devicefarm:listJobs", - "devicefarm:listProjects", - "devicefarm:listRemoteAccessSessions", - "devicefarm:listRuns", - "devicefarm:listSamples", - "devicefarm:listSuites", - "devicefarm:listTestGridProjects", - "devicefarm:listTestGridSessionActions", - "devicefarm:listTestGridSessionArtifacts", - "devicefarm:listTestGridSessions", - "devicefarm:listTests", - "devicefarm:listUniqueProblems", - "devicefarm:listUploads", - "directconnect:describeConnections", - "directconnect:describeConnectionsOnInterconnect", - "directconnect:describeInterconnects", - "directconnect:describeLocations", - "directconnect:describeVirtualGateways", - "directconnect:describeVirtualInterfaces", - "dlm:getLifecyclePolicies", - "dlm:getLifecyclePolicy", - "dms:describeAccountAttributes", - "dms:describeConnections", - "dms:describeEndpoints", - "dms:describeEndpointTypes", - "dms:describeOrderableReplicationInstances", - "dms:describeRefreshSchemasStatus", - "dms:describeReplicationInstances", - "dms:describeReplicationSubnetGroups", - "drs:describeJobLogItems", - "drs:describeJobs", - "drs:describeRecoveryInstances", - "drs:describeRecoverySnapshots", - "drs:describeReplicationConfigurationTemplates", - "drs:describeSourceServers", - "drs:getLaunchConfiguration", - "drs:getReplicationConfiguration", - "ds:describeConditionalForwarders", - "ds:describeDirectories", - "ds:describeEventTopics", - "ds:describeSnapshots", - "ds:describeTrusts", - "ds:getDirectoryLimits", - "ds:getSnapshotLimits", - "ds:listIpRoutes", - "ds:listSchemaExtensions", - "ds:listTagsForResource", - "dynamodb:describeBackup", - "dynamodb:describeContinuousBackups", - "dynamodb:describeGlobalTable", - "dynamodb:describeLimits", - "dynamodb:describeStream", - "dynamodb:describeTable", - "dynamodb:describeTimeToLive", - "dynamodb:listBackups", - "dynamodb:listGlobalTables", - "dynamodb:listStreams", - "dynamodb:listTables", - "dynamodb:listTagsOfResource", - "ec2:describeAccountAttributes", - "ec2:describeAddresses", - "ec2:describeAvailabilityZones", - "ec2:describeBundleTasks", - "ec2:describeByoipCidrs", - "ec2:describeCapacityReservations", - "ec2:describeClassicLinkInstances", - "ec2:describeClientVpnAuthorizationRules", - "ec2:describeClientVpnConnections", - "ec2:describeClientVpnEndpoints", - "ec2:describeClientVpnRoutes", - "ec2:describeClientVpnTargetNetworks", - "ec2:describeCoipPools", - "ec2:describeConversionTasks", - "ec2:describeCustomerGateways", - "ec2:describeDhcpOptions", - "ec2:describeElasticGpus", - "ec2:describeExportImageTasks", - "ec2:describeExportTasks", - "ec2:describeFastSnapshotRestores", - "ec2:describeFleetHistory", - "ec2:describeFleetInstances", - "ec2:describeFleets", - "ec2:describeFlowLogs", - "ec2:describeHostReservationOfferings", - "ec2:describeHostReservations", - "ec2:describeHosts", - "ec2:describeIdentityIdFormat", - "ec2:describeIdFormat", - "ec2:describeImageAttribute", - "ec2:describeImages", - "ec2:describeImportImageTasks", - "ec2:describeImportSnapshotTasks", - "ec2:describeInstanceAttribute", - "ec2:describeInstances", - "ec2:describeInstanceStatus", - "ec2:describeInternetGateways", - "ec2:describeKeyPairs", - "ec2:describeLaunchTemplates", - "ec2:describeLaunchTemplateVersions", - "ec2:describeLocalGatewayRouteTables", - "ec2:describeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", - "ec2:describeLocalGatewayRouteTableVpcAssociations", - "ec2:describeLocalGateways", - "ec2:describeLocalGatewayVirtualInterfaceGroups", - "ec2:describeLocalGatewayVirtualInterfaces", - "ec2:describeMovingAddresses", - "ec2:describeNatGateways", - "ec2:describeNetworkAcls", - "ec2:describeNetworkInterfaceAttribute", - "ec2:describeNetworkInterfaces", - "ec2:describePlacementGroups", - "ec2:describePrefixLists", - "ec2:describePublicIpv4Pools", - "ec2:describeRegions", - "ec2:describeReservedInstances", - "ec2:describeReservedInstancesListings", - "ec2:describeReservedInstancesModifications", - "ec2:describeReservedInstancesOfferings", - "ec2:describeRouteTables", - "ec2:describeScheduledInstances", - "ec2:describeSecurityGroups", - "ec2:describeSnapshotAttribute", - "ec2:describeSnapshots", - "ec2:describeSpotDatafeedSubscription", - "ec2:describeSpotFleetInstances", - "ec2:describeSpotFleetRequestHistory", - "ec2:describeSpotFleetRequests", - "ec2:describeSpotInstanceRequests", - "ec2:describeSpotPriceHistory", - "ec2:describeSubnets", - "ec2:describeTags", - "ec2:describeTrafficMirrorFilters", - "ec2:describeTrafficMirrorSessions", - "ec2:describeTrafficMirrorTargets", - "ec2:describeTransitGatewayAttachments", - "ec2:describeTransitGatewayRouteTables", - "ec2:describeTransitGateways", - "ec2:describeTransitGatewayVpcAttachments", - "ec2:describeVolumeAttribute", - "ec2:describeVolumes", - "ec2:describeVolumesModifications", - "ec2:describeVolumeStatus", - "ec2:describeVpcAttribute", - "ec2:describeVpcClassicLink", - "ec2:describeVpcClassicLinkDnsSupport", - "ec2:describeVpcEndpointConnectionNotifications", - "ec2:describeVpcEndpointConnections", - "ec2:describeVpcEndpoints", - "ec2:describeVpcEndpointServiceConfigurations", - "ec2:describeVpcEndpointServicePermissions", - "ec2:describeVpcEndpointServices", - "ec2:describeVpcPeeringConnections", - "ec2:describeVpcs", - "ec2:describeVpnConnections", - "ec2:describeVpnGateways", - "ec2:getCoipPoolUsage", - "ec2:getConsoleScreenshot", - "ec2:getReservedInstancesExchangeQuote", - "ec2:searchLocalGatewayRoutes", - "ecr-public:describeImages", - "ecr-public:describeImageTags", - "ecr-public:describeRegistries", - "ecr-public:describeRepositories", - "ecr-public:getRegistryCatalogData", - "ecr-public:getRepositoryCatalogData", - "ecr-public:getRepositoryPolicy", - "ecr-public:listTagsForResource", - "ecr:batchCheckLayerAvailability", - "ecr:describeImages", - "ecr:describeImageScanFindings", - "ecr:describeRegistry", - "ecr:describeRepositories", - "ecr:getLifecyclePolicy", - "ecr:getRegistryPolicy", - "ecr:getRepositoryPolicy", - "ecr:listImages", - "ecr:listTagsForResource", - "ecs:describeCapacityProviders", - "ecs:describeClusters", - "ecs:describeContainerInstances", - "ecs:describeServices", - "ecs:describeTaskDefinition", - "ecs:describeTasks", - "ecs:describeTaskSets", - "ecs:listAccountSettings", - "ecs:listAttributes", - "ecs:listClusters", - "ecs:listContainerInstances", - "ecs:listServices", - "ecs:listTagsForResource", - "ecs:listTaskDefinitionFamilies", - "ecs:listTaskDefinitions", - "ecs:listTasks", - "eks:describeCluster", - "eks:describeFargateProfile", - "eks:describeNodegroup", - "eks:describeUpdate", - "eks:listClusters", - "eks:listFargateProfiles", - "eks:listNodegroups", - "eks:listUpdates", - "elasticache:describeCacheClusters", - "elasticache:describeCacheEngineVersions", - "elasticache:describeCacheParameterGroups", - "elasticache:describeCacheParameters", - "elasticache:describeCacheSecurityGroups", - "elasticache:describeCacheSubnetGroups", - "elasticache:describeEngineDefaultParameters", - "elasticache:describeEvents", - "elasticache:describeReplicationGroups", - "elasticache:describeReservedCacheNodes", - "elasticache:describeReservedCacheNodesOfferings", - "elasticache:describeSnapshots", - "elasticache:listAllowedNodeTypeModifications", - "elasticache:listTagsForResource", - "elasticbeanstalk:checkDNSAvailability", - "elasticbeanstalk:describeApplicationVersions", - "elasticbeanstalk:describeConfigurationOptions", - "elasticbeanstalk:describeEnvironmentHealth", - "elasticbeanstalk:describeEnvironmentManagedActionHistory", - "elasticbeanstalk:describeEnvironmentManagedActions", - "elasticbeanstalk:describeEnvironmentResources", - "elasticbeanstalk:describeEnvironments", - "elasticbeanstalk:describeEvents", - "elasticbeanstalk:describeInstancesHealth", - "elasticbeanstalk:describePlatformVersion", - "elasticbeanstalk:listAvailableSolutionStacks", - "elasticbeanstalk:listPlatformVersions", - "elasticbeanstalk:validateConfigurationSettings", - "elasticfilesystem:describeAccessPoints", - "elasticfilesystem:describeFileSystemPolicy", - "elasticfilesystem:describeFileSystems", - "elasticfilesystem:describeLifecycleConfiguration", - "elasticfilesystem:describeMountTargets", - "elasticfilesystem:describeMountTargetSecurityGroups", - "elasticfilesystem:describeTags", - "elasticfilesystem:listTagsForResource", - "elasticloadbalancing:describeAccountLimits", - "elasticloadbalancing:describeInstanceHealth", - "elasticloadbalancing:describeListenerCertificates", - "elasticloadbalancing:describeListeners", - "elasticloadbalancing:describeLoadBalancerAttributes", - "elasticloadbalancing:describeLoadBalancerPolicies", - "elasticloadbalancing:describeLoadBalancerPolicyTypes", - "elasticloadbalancing:describeLoadBalancers", - "elasticloadbalancing:describeRules", - "elasticloadbalancing:describeSSLPolicies", - "elasticloadbalancing:describeTags", - "elasticloadbalancing:describeTargetGroupAttributes", - "elasticloadbalancing:describeTargetGroups", - "elasticloadbalancing:describeTargetHealth", - "elasticmapreduce:describeCluster", - "elasticmapreduce:describeSecurityConfiguration", - "elasticmapreduce:describeStep", - "elasticmapreduce:listBootstrapActions", - "elasticmapreduce:listClusters", - "elasticmapreduce:listInstanceGroups", - "elasticmapreduce:listInstances", - "elasticmapreduce:listSecurityConfigurations", - "elasticmapreduce:listSteps", - "elastictranscoder:listJobsByPipeline", - "elastictranscoder:listJobsByStatus", - "elastictranscoder:listPipelines", - "elastictranscoder:listPresets", - "elastictranscoder:readPipeline", - "elastictranscoder:readPreset", - "es:describeElasticsearchDomain", - "es:describeElasticsearchDomainConfig", - "es:describeElasticsearchDomains", - "es:listDomainNames", - "events:describeApiDestination", - "events:describeEventBus", - "events:describeEventSource", - "events:describePartnerEventSource", - "events:describeRule", - "events:listApiDestinations", - "events:listConnections", - "events:listEventBuses", - "events:listEventSources", - "events:listPartnerEventSourceAccounts", - "events:listPartnerEventSources", - "events:listRuleNamesByTarget", - "events:listRules", - "events:listTargetsByRule", - "events:testEventPattern", - "firehose:describeDeliveryStream", - "firehose:listDeliveryStreams", - "fms:getAdminAccount", - "fms:getComplianceDetail", - "fms:getNotificationChannel", - "fms:getPolicy", - "fms:getProtectionStatus", - "fms:listComplianceStatus", - "fms:listMemberAccounts", - "fms:listPolicies", - "forecast:describeDataset", - "forecast:describeDatasetGroup", - "forecast:describeDatasetImportJob", - "forecast:describeForecast", - "forecast:describeForecastExportJob", - "forecast:describePredictor", - "forecast:getAccuracyMetrics", - "forecast:listDatasetGroups", - "forecast:listDatasetImportJobs", - "forecast:listDatasets", - "forecast:listForecastExportJobs", - "forecast:listForecasts", - "forecast:listPredictors", - "fsx:describeBackups", - "fsx:describeDataRepositoryTasks", - "fsx:describeFileSystems", - "fsx:describeSnapshots", - "fsx:describeStorageVirtualMachines", - "fsx:describeVolumes", - "fsx:listTagsForResource", - "glacier:describeJob", - "glacier:describeVault", - "glacier:getDataRetrievalPolicy", - "glacier:getVaultAccessPolicy", - "glacier:getVaultLock", - "glacier:getVaultNotifications", - "glacier:listJobs", - "glacier:listTagsForVault", - "glacier:listVaults", - "globalaccelerator:describeAccelerator", - "globalaccelerator:describeAcceleratorAttributes", - "globalaccelerator:describeEndpointGroup", - "globalaccelerator:describeListener", - "globalaccelerator:listAccelerators", - "globalaccelerator:listEndpointGroups", - "globalaccelerator:listListeners", - "glue:batchGetPartition", - "glue:checkSchemaVersionValidity", - "glue:getCatalogImportStatus", - "glue:getClassifier", - "glue:getClassifiers", - "glue:getCrawler", - "glue:getCrawlerMetrics", - "glue:getCrawlers", - "glue:getDatabase", - "glue:getDatabases", - "glue:getDataflowGraph", - "glue:getDevEndpoint", - "glue:getDevEndpoints", - "glue:getJob", - "glue:getJobRun", - "glue:getJobRuns", - "glue:getJobs", - "glue:getMapping", - "glue:getPartition", - "glue:getPartitions", - "glue:getRegistry", - "glue:getSchema", - "glue:getSchemaByDefinition", - "glue:getSchemaVersion", - "glue:getSchemaVersionsDiff", - "glue:getTable", - "glue:getTables", - "glue:getTableVersions", - "glue:getTrigger", - "glue:getTriggers", - "glue:getUserDefinedFunction", - "glue:getUserDefinedFunctions", - "glue:listRegistries", - "glue:listSchemas", - "glue:listSchemaVersions", - "glue:querySchemaVersionMetadata", - "greengrass:getConnectivityInfo", - "greengrass:getCoreDefinition", - "greengrass:getCoreDefinitionVersion", - "greengrass:getDeploymentStatus", - "greengrass:getDeviceDefinition", - "greengrass:getDeviceDefinitionVersion", - "greengrass:getFunctionDefinition", - "greengrass:getFunctionDefinitionVersion", - "greengrass:getGroup", - "greengrass:getGroupCertificateAuthority", - "greengrass:getGroupVersion", - "greengrass:getLoggerDefinition", - "greengrass:getLoggerDefinitionVersion", - "greengrass:getResourceDefinitionVersion", - "greengrass:getServiceRoleForAccount", - "greengrass:getSubscriptionDefinition", - "greengrass:getSubscriptionDefinitionVersion", - "greengrass:listCoreDefinitions", - "greengrass:listCoreDefinitionVersions", - "greengrass:listDeployments", - "greengrass:listDeviceDefinitions", - "greengrass:listDeviceDefinitionVersions", - "greengrass:listFunctionDefinitions", - "greengrass:listFunctionDefinitionVersions", - "greengrass:listGroups", - "greengrass:listGroupVersions", - "greengrass:listLoggerDefinitions", - "greengrass:listLoggerDefinitionVersions", - "greengrass:listResourceDefinitions", - "greengrass:listResourceDefinitionVersions", - "greengrass:listSubscriptionDefinitions", - "greengrass:listSubscriptionDefinitionVersions", - "guardduty:getDetector", - "guardduty:getFindings", - "guardduty:getFindingsStatistics", - "guardduty:getInvitationsCount", - "guardduty:getIPSet", - "guardduty:getMasterAccount", - "guardduty:getMembers", - "guardduty:getThreatIntelSet", - "guardduty:listDetectors", - "guardduty:listFindings", - "guardduty:listInvitations", - "guardduty:listIPSets", - "guardduty:listMembers", - "guardduty:listThreatIntelSets", - "health:describeAffectedAccountsForOrganization", - "health:describeAffectedEntities", - "health:describeAffectedEntitiesForOrganization", - "health:describeEntityAggregates", - "health:describeEventAggregates", - "health:describeEventDetails", - "health:describeEventDetailsForOrganization", - "health:describeEvents", - "health:describeEventsForOrganization", - "health:describeEventTypes", - "health:describeHealthServiceStatusForOrganization", - "iam:getAccessKeyLastUsed", - "iam:getAccountAuthorizationDetails", - "iam:getAccountPasswordPolicy", - "iam:getAccountSummary", - "iam:getContextKeysForCustomPolicy", - "iam:getContextKeysForPrincipalPolicy", - "iam:getCredentialReport", - "iam:getGroup", - "iam:getGroupPolicy", - "iam:getInstanceProfile", - "iam:getLoginProfile", - "iam:getOpenIDConnectProvider", - "iam:getPolicy", - "iam:getPolicyVersion", - "iam:getRole", - "iam:getRolePolicy", - "iam:getSAMLProvider", - "iam:getServerCertificate", - "iam:getSSHPublicKey", - "iam:getUser", - "iam:getUserPolicy", - "iam:listAccessKeys", - "iam:listAccountAliases", - "iam:listAttachedGroupPolicies", - "iam:listAttachedRolePolicies", - "iam:listAttachedUserPolicies", - "iam:listEntitiesForPolicy", - "iam:listGroupPolicies", - "iam:listGroups", - "iam:listGroupsForUser", - "iam:listInstanceProfiles", - "iam:listInstanceProfilesForRole", - "iam:listMFADevices", - "iam:listOpenIDConnectProviders", - "iam:listPolicies", - "iam:listPolicyVersions", - "iam:listRolePolicies", - "iam:listRoles", - "iam:listSAMLProviders", - "iam:listServerCertificates", - "iam:listSigningCertificates", - "iam:listSSHPublicKeys", - "iam:listUserPolicies", - "iam:listUsers", - "iam:listVirtualMFADevices", - "iam:simulateCustomPolicy", - "iam:simulatePrincipalPolicy", - "imagebuilder:getComponent", - "imagebuilder:getComponentPolicy", - "imagebuilder:getContainerRecipe", - "imagebuilder:getDistributionConfiguration", - "imagebuilder:getImage", - "imagebuilder:getImagePipeline", - "imagebuilder:getImagePolicy", - "imagebuilder:getImageRecipe", - "imagebuilder:getImageRecipePolicy", - "imagebuilder:getInfrastructureConfiguration", - "imagebuilder:listComponentBuildVersions", - "imagebuilder:listComponents", - "imagebuilder:listContainerRecipes", - "imagebuilder:listDistributionConfigurations", - "imagebuilder:listImageBuildVersions", - "imagebuilder:listImagePipelineImages", - "imagebuilder:listImagePipelines", - "imagebuilder:listImageRecipes", - "imagebuilder:listImages", - "imagebuilder:listInfrastructureConfigurations", - "imagebuilder:listTagsForResource", - "inspector:describeAssessmentRuns", - "inspector:describeAssessmentTargets", - "inspector:describeAssessmentTemplates", - "inspector:describeCrossAccountAccessRole", - "inspector:describeResourceGroups", - "inspector:describeRulesPackages", - "inspector:getTelemetryMetadata", - "inspector:listAssessmentRunAgents", - "inspector:listAssessmentRuns", - "inspector:listAssessmentTargets", - "inspector:listAssessmentTemplates", - "inspector:listEventSubscriptions", - "inspector:listRulesPackages", - "inspector:listTagsForResource", - "iot:describeAuthorizer", - "iot:describeCACertificate", - "iot:describeCertificate", - "iot:describeDefaultAuthorizer", - "iot:describeEndpoint", - "iot:describeIndex", - "iot:describeJobExecution", - "iot:describeThing", - "iot:describeThingGroup", - "iot:describeTunnel", - "iot:getEffectivePolicies", - "iot:getIndexingConfiguration", - "iot:getLoggingOptions", - "iot:getPolicy", - "iot:getPolicyVersion", - "iot:getTopicRule", - "iot:getV2LoggingOptions", - "iot:listAttachedPolicies", - "iot:listAuthorizers", - "iot:listCACertificates", - "iot:listCertificates", - "iot:listCertificatesByCA", - "iot:listJobExecutionsForJob", - "iot:listJobExecutionsForThing", - "iot:listJobs", - "iot:listOutgoingCertificates", - "iot:listPolicies", - "iot:listPolicyPrincipals", - "iot:listPolicyVersions", - "iot:listPrincipalPolicies", - "iot:listPrincipalThings", - "iot:listRoleAliases", - "iot:listTargetsForPolicy", - "iot:listThingGroups", - "iot:listThingGroupsForThing", - "iot:listThingPrincipals", - "iot:listThingRegistrationTasks", - "iot:listThings", - "iot:listThingTypes", - "iot:listTopicRules", - "iot:listTunnels", - "iot:listV2LoggingLevels", - "iotevents:describeDetector", - "iotevents:describeDetectorModel", - "iotevents:describeInput", - "iotevents:describeLoggingOptions", - "iotevents:listDetectorModels", - "iotevents:listDetectorModelVersions", - "iotevents:listDetectors", - "iotevents:listInputs", - "iotsitewise:describeAccessPolicy", - "iotsitewise:describeAsset", - "iotsitewise:describeAssetModel", - "iotsitewise:describeAssetProperty", - "iotsitewise:describeDashboard", - "iotsitewise:describeGateway", - "iotsitewise:describeGatewayCapabilityConfiguration", - "iotsitewise:describeLoggingOptions", - "iotsitewise:describePortal", - "iotsitewise:describeProject", - "iotsitewise:listAccessPolicies", - "iotsitewise:listAssetModels", - "iotsitewise:listAssets", - "iotsitewise:listAssociatedAssets", - "iotsitewise:listDashboards", - "iotsitewise:listGateways", - "iotsitewise:listPortals", - "iotsitewise:listProjectAssets", - "iotsitewise:listProjects", - "iotwireless:getDestination", - "iotwireless:getDeviceProfile", - "iotwireless:getPartnerAccount", - "iotwireless:getServiceEndpoint", - "iotwireless:getServiceProfile", - "iotwireless:getWirelessDevice", - "iotwireless:getWirelessDeviceStatistics", - "iotwireless:getWirelessGateway", - "iotwireless:getWirelessGatewayCertificate", - "iotwireless:getWirelessGatewayFirmwareInformation", - "iotwireless:getWirelessGatewayStatistics", - "iotwireless:getWirelessGatewayTask", - "iotwireless:getWirelessGatewayTaskDefinition", - "iotwireless:listDestinations", - "iotwireless:listDeviceProfiles", - "iotwireless:listPartnerAccounts", - "iotwireless:listServiceProfiles", - "iotwireless:listTagsForResource", - "iotwireless:listWirelessDevices", - "iotwireless:listWirelessGateways", - "iotwireless:listWirelessGatewayTaskDefinitions", - "kafka:describeCluster", - "kafka:getBootstrapBrokers", - "kafka:listClusters", - "kafka:listNodes", - "kendra:describeDataSource", - "kendra:describeFaq", - "kendra:describeIndex", - "kendra:listDataSources", - "kendra:listFaqs", - "kendra:listIndices", - "kinesis:describeStream", - "kinesis:listStreams", - "kinesis:listTagsForStream", - "kinesisanalytics:describeApplication", - "kinesisanalytics:describeApplicationSnapshot", - "kinesisanalytics:listApplications", - "kinesisanalytics:listApplicationSnapshots", - "kms:describeKey", - "kms:getKeyPolicy", - "kms:getKeyRotationStatus", - "kms:listAliases", - "kms:listGrants", - "kms:listKeyPolicies", - "kms:listKeys", - "kms:listResourceTags", - "kms:listRetirableGrants", - "lambda:getAccountSettings", - "lambda:getAlias", - "lambda:getCodeSigningConfig", - "lambda:getEventSourceMapping", - "lambda:getFunction", - "lambda:getFunctionCodeSigningConfig", - "lambda:getFunctionConcurrency", - "lambda:getFunctionConfiguration", - "lambda:getFunctionEventInvokeConfig", - "lambda:getLayerVersion", - "lambda:getLayerVersionPolicy", - "lambda:getPolicy", - "lambda:getProvisionedConcurrencyConfig", - "lambda:listAliases", - "lambda:listCodeSigningConfigs", - "lambda:listEventSourceMappings", - "lambda:listFunctionEventInvokeConfigs", - "lambda:listFunctions", - "lambda:listFunctionsByCodeSigningConfig", - "lambda:listLayers", - "lambda:listLayerVersions", - "lambda:listProvisionedConcurrencyConfigs", - "lambda:listVersionsByFunction", - "launchwizard:describeProvisionedApp", - "launchwizard:describeProvisioningEvents", - "launchwizard:listProvisionedApps", - "lex:getBot", - "lex:getBotAlias", - "lex:getBotAliases", - "lex:getBotChannelAssociation", - "lex:getBotChannelAssociations", - "lex:getBots", - "lex:getBotVersions", - "lex:getBuiltinIntent", - "lex:getBuiltinIntents", - "lex:getBuiltinSlotTypes", - "lex:getIntent", - "lex:getIntents", - "lex:getIntentVersions", - "lex:getSlotType", - "lex:getSlotTypes", - "lex:getSlotTypeVersions", - "license-manager:getLicenseConfiguration", - "license-manager:getServiceSettings", - "license-manager:listAssociationsForLicenseConfiguration", - "license-manager:listFailuresForLicenseConfigurationOperations", - "license-manager:listLicenseConfigurations", - "license-manager:listLicenseSpecificationsForResource", - "license-manager:listResourceInventory", - "license-manager:listUsageForLicenseConfiguration", - "lightsail:getActiveNames", - "lightsail:getAlarms", - "lightsail:getAutoSnapshots", - "lightsail:getBlueprints", - "lightsail:getBucketBundles", - "lightsail:getBucketMetricData", - "lightsail:getBuckets", - "lightsail:getBundles", - "lightsail:getCertificates", - "lightsail:getContainerImages", - "lightsail:getContainerServiceDeployments", - "lightsail:getContainerServiceMetricData", - "lightsail:getContainerServicePowers", - "lightsail:getContainerServices", - "lightsail:getDisk", - "lightsail:getDisks", - "lightsail:getDiskSnapshot", - "lightsail:getDiskSnapshots", - "lightsail:getDistributionBundles", - "lightsail:getDistributionMetricData", - "lightsail:getDistributions", - "lightsail:getDomain", - "lightsail:getDomains", - "lightsail:getExportSnapshotRecords", - "lightsail:getInstance", - "lightsail:getInstanceMetricData", - "lightsail:getInstancePortStates", - "lightsail:getInstances", - "lightsail:getInstanceSnapshot", - "lightsail:getInstanceSnapshots", - "lightsail:getInstanceState", - "lightsail:getKeyPair", - "lightsail:getKeyPairs", - "lightsail:getLoadBalancer", - "lightsail:getLoadBalancerMetricData", - "lightsail:getLoadBalancers", - "lightsail:getLoadBalancerTlsCertificates", - "lightsail:getOperation", - "lightsail:getOperations", - "lightsail:getOperationsForResource", - "lightsail:getRegions", - "lightsail:getRelationalDatabase", - "lightsail:getRelationalDatabaseMetricData", - "lightsail:getRelationalDatabases", - "lightsail:getRelationalDatabaseSnapshot", - "lightsail:getRelationalDatabaseSnapshots", - "lightsail:getStaticIp", - "lightsail:getStaticIps", - "lightsail:isVpcPeered", - "logs:describeDestinations", - "logs:describeExportTasks", - "logs:describeLogGroups", - "logs:describeLogStreams", - "logs:describeMetricFilters", - "logs:describeQueries", - "logs:describeResourcePolicies", - "logs:describeSubscriptionFilters", - "logs:testMetricFilter", - "lookoutmetrics:describeAlert", - "lookoutmetrics:describeAnomalyDetectionExecutions", - "lookoutmetrics:describeAnomalyDetector", - "lookoutmetrics:describeMetricSet", - "lookoutmetrics:getAnomalyGroup", - "lookoutmetrics:getDataQualityMetrics", - "lookoutmetrics:getFeedback", - "lookoutmetrics:getSampleData", - "lookoutmetrics:listAlerts", - "lookoutmetrics:listAnomalyDetectors", - "lookoutmetrics:listAnomalyGroupSummaries", - "lookoutmetrics:listAnomalyGroupTimeSeries", - "lookoutmetrics:listMetricSets", - "lookoutmetrics:listTagsForResource", - "machinelearning:describeBatchPredictions", - "machinelearning:describeDataSources", - "machinelearning:describeEvaluations", - "machinelearning:describeMLModels", - "machinelearning:getBatchPrediction", - "machinelearning:getDataSource", - "machinelearning:getEvaluation", - "machinelearning:getMLModel", - "macie2:getClassificationExportConfiguration", - "macie2:getCustomDataIdentifier", - "macie2:getFindings", - "macie2:getFindingStatistics", - "macie2:listClassificationJobs", - "macie2:listCustomDataIdentifiers", - "macie2:listFindings", - "managedblockchain:getMember", - "managedblockchain:getNetwork", - "managedblockchain:getNode", - "managedblockchain:listMembers", - "managedblockchain:listNetworks", - "managedblockchain:listNodes", - "mediaconnect:describeFlow", - "mediaconnect:listEntitlements", - "mediaconnect:listFlows", - "mediaconvert:describeEndpoints", - "mediaconvert:getJob", - "mediaconvert:getJobTemplate", - "mediaconvert:getPreset", - "mediaconvert:getQueue", - "mediaconvert:listJobs", - "mediaconvert:listJobTemplates", - "medialive:describeChannel", - "medialive:describeInput", - "medialive:describeInputDevice", - "medialive:describeInputSecurityGroup", - "medialive:describeMultiplex", - "medialive:describeOffering", - "medialive:describeReservation", - "medialive:describeSchedule", - "medialive:listChannels", - "medialive:listInputDevices", - "medialive:listInputs", - "medialive:listInputSecurityGroups", - "medialive:listMultiplexes", - "medialive:listOfferings", - "medialive:listReservations", - "mediapackage:describeChannel", - "mediapackage:describeOriginEndpoint", - "mediapackage:listChannels", - "mediapackage:listOriginEndpoints", - "mediastore:describeContainer", - "mediastore:getContainerPolicy", - "mediastore:getCorsPolicy", - "mediastore:listContainers", - "mediatailor:getPlaybackConfiguration", - "mediatailor:listPlaybackConfigurations", - "mgn:describeJobLogItems", - "mgn:describeJobs", - "mgn:describeReplicationConfigurationTemplates", - "mgn:describeSourceServers", - "mgn:describeVcenterClients", - "mgn:getLaunchConfiguration", - "mgn:getReplicationConfiguration", - "mobiletargeting:getAdmChannel", - "mobiletargeting:getApnsChannel", - "mobiletargeting:getApnsSandboxChannel", - "mobiletargeting:getApnsVoipChannel", - "mobiletargeting:getApnsVoipSandboxChannel", - "mobiletargeting:getApp", - "mobiletargeting:getApplicationSettings", - "mobiletargeting:getApps", - "mobiletargeting:getBaiduChannel", - "mobiletargeting:getCampaign", - "mobiletargeting:getCampaignActivities", - "mobiletargeting:getCampaigns", - "mobiletargeting:getCampaignVersion", - "mobiletargeting:getCampaignVersions", - "mobiletargeting:getEmailChannel", - "mobiletargeting:getEndpoint", - "mobiletargeting:getEventStream", - "mobiletargeting:getExportJob", - "mobiletargeting:getExportJobs", - "mobiletargeting:getGcmChannel", - "mobiletargeting:getImportJob", - "mobiletargeting:getImportJobs", - "mobiletargeting:getSegment", - "mobiletargeting:getSegmentImportJobs", - "mobiletargeting:getSegments", - "mobiletargeting:getSegmentVersion", - "mobiletargeting:getSegmentVersions", - "mobiletargeting:getSmsChannel", - "mq:describeBroker", - "mq:describeConfiguration", - "mq:describeConfigurationRevision", - "mq:describeUser", - "mq:listBrokers", - "mq:listConfigurationRevisions", - "mq:listConfigurations", - "mq:listUsers", - "network-firewall:describeFirewall", - "network-firewall:describeFirewallPolicy", - "network-firewall:describeLoggingConfiguration", - "network-firewall:describeRuleGroup", - "network-firewall:listFirewallPolicies", - "network-firewall:listFirewalls", - "network-firewall:listRuleGroups", - "networkmanager:describeGlobalNetworks", - "networkmanager:getCustomerGatewayAssociations", - "networkmanager:getDevices", - "networkmanager:getLinkAssociations", - "networkmanager:getLinks", - "networkmanager:getSites", - "networkmanager:getTransitGatewayRegistrations", - "opsworks-cm:describeAccountAttributes", - "opsworks-cm:describeBackups", - "opsworks-cm:describeEvents", - "opsworks-cm:describeNodeAssociationStatus", - "opsworks-cm:describeServers", - "opsworks:describeAgentVersions", - "opsworks:describeApps", - "opsworks:describeCommands", - "opsworks:describeDeployments", - "opsworks:describeEcsClusters", - "opsworks:describeElasticIps", - "opsworks:describeElasticLoadBalancers", - "opsworks:describeInstances", - "opsworks:describeLayers", - "opsworks:describeLoadBasedAutoScaling", - "opsworks:describeMyUserProfile", - "opsworks:describePermissions", - "opsworks:describeRaidArrays", - "opsworks:describeRdsDbInstances", - "opsworks:describeServiceErrors", - "opsworks:describeStackProvisioningParameters", - "opsworks:describeStacks", - "opsworks:describeStackSummary", - "opsworks:describeTimeBasedAutoScaling", - "opsworks:describeUserProfiles", - "opsworks:describeVolumes", - "opsworks:getHostnameSuggestion", - "organizations:listAccounts", - "organizations:listTagsForResource", - "outposts:getOutpost", - "outposts:getOutpostInstanceTypes", - "outposts:listOutposts", - "outposts:listSites", - "personalize:describeAlgorithm", - "personalize:describeCampaign", - "personalize:describeDataset", - "personalize:describeDatasetGroup", - "personalize:describeDatasetImportJob", - "personalize:describeEventTracker", - "personalize:describeFeatureTransformation", - "personalize:describeRecipe", - "personalize:describeSchema", - "personalize:describeSolution", - "personalize:describeSolutionVersion", - "personalize:listCampaigns", - "personalize:listDatasetGroups", - "personalize:listDatasetImportJobs", - "personalize:listDatasets", - "personalize:listEventTrackers", - "personalize:listRecipes", - "personalize:listSchemas", - "personalize:listSolutions", - "personalize:listSolutionVersions", - "polly:describeVoices", - "polly:getLexicon", - "polly:listLexicons", - "pricing:describeServices", - "pricing:getAttributeValues", - "pricing:getProducts", - "quicksight:describeDashboard", - "quicksight:describeDashboardPermissions", - "quicksight:describeGroup", - "quicksight:describeIAMPolicyAssignment", - "quicksight:describeTemplate", - "quicksight:describeTemplateAlias", - "quicksight:describeTemplatePermissions", - "quicksight:describeUser", - "quicksight:listDashboards", - "quicksight:listGroupMemberships", - "quicksight:listGroups", - "quicksight:listIAMPolicyAssignments", - "quicksight:listIAMPolicyAssignmentsForUser", - "quicksight:listTemplateAliases", - "quicksight:listTemplates", - "quicksight:listTemplateVersions", - "quicksight:listUserGroups", - "quicksight:listUsers", - "ram:getPermission", - "ram:getResourceShareAssociations", - "ram:getResourceShareInvitations", - "ram:getResourceShares", - "ram:listPendingInvitationResources", - "ram:listPrincipals", - "ram:listResources", - "ram:listResourceSharePermissions", - "rbin:getRule", - "rbin:listRules", - "rds:describeAccountAttributes", - "rds:describeCertificates", - "rds:describeDBClusterParameterGroups", - "rds:describeDBClusterParameters", - "rds:describeDBClusters", - "rds:describeDBClusterSnapshots", - "rds:describeDBEngineVersions", - "rds:describeDBInstances", - "rds:describeDBParameterGroups", - "rds:describeDBParameters", - "rds:describeDBSecurityGroups", - "rds:describeDBSnapshotAttributes", - "rds:describeDBSnapshots", - "rds:describeDBSubnetGroups", - "rds:describeEngineDefaultClusterParameters", - "rds:describeEngineDefaultParameters", - "rds:describeEventCategories", - "rds:describeEvents", - "rds:describeEventSubscriptions", - "rds:describeExportTasks", - "rds:describeOptionGroupOptions", - "rds:describeOptionGroups", - "rds:describeOrderableDBInstanceOptions", - "rds:describePendingMaintenanceActions", - "rds:describeReservedDBInstances", - "rds:describeReservedDBInstancesOfferings", - "rds:listTagsForResource", - "redshift-data:describeStatement", - "redshift-data:listStatements", - "redshift:describeClusterParameterGroups", - "redshift:describeClusterParameters", - "redshift:describeClusters", - "redshift:describeClusterSecurityGroups", - "redshift:describeClusterSnapshots", - "redshift:describeClusterSubnetGroups", - "redshift:describeClusterVersions", - "redshift:describeDefaultClusterParameters", - "redshift:describeEventCategories", - "redshift:describeEvents", - "redshift:describeEventSubscriptions", - "redshift:describeHsmClientCertificates", - "redshift:describeHsmConfigurations", - "redshift:describeLoggingStatus", - "redshift:describeOrderableClusterOptions", - "redshift:describeReservedNodeOfferings", - "redshift:describeReservedNodes", - "redshift:describeResize", - "redshift:describeSnapshotCopyGrants", - "redshift:describeStorage", - "redshift:describeTableRestoreStatus", - "redshift:describeTags", - "rekognition:listCollections", - "rekognition:listFaces", - "resource-groups:getGroup", - "resource-groups:getGroupQuery", - "resource-groups:getTags", - "resource-groups:listGroupResources", - "resource-groups:listGroups", - "resource-groups:searchResources", - "robomaker:batchDescribeSimulationJob", - "robomaker:describeDeploymentJob", - "robomaker:describeFleet", - "robomaker:describeRobot", - "robomaker:describeRobotApplication", - "robomaker:describeSimulationApplication", - "robomaker:describeSimulationJob", - "robomaker:listDeploymentJobs", - "robomaker:listFleets", - "robomaker:listRobotApplications", - "robomaker:listRobots", - "robomaker:listSimulationApplications", - "robomaker:listSimulationJobs", - "route53-recovery-readiness:getCell", - "route53-recovery-readiness:getCellReadinessSummary", - "route53-recovery-readiness:getReadinessCheck", - "route53-recovery-readiness:getReadinessCheckResourceStatus", - "route53-recovery-readiness:getReadinessCheckStatus", - "route53-recovery-readiness:getRecoveryGroup", - "route53-recovery-readiness:getRecoveryGroupReadinessSummary", - "route53-recovery-readiness:listCells", - "route53-recovery-readiness:listReadinessChecks", - "route53-recovery-readiness:listRecoveryGroups", - "route53-recovery-readiness:listResourceSets", - "route53:getChange", - "route53:getCheckerIpRanges", - "route53:getGeoLocation", - "route53:getHealthCheck", - "route53:getHealthCheckCount", - "route53:getHealthCheckLastFailureReason", - "route53:getHealthCheckStatus", - "route53:getHostedZone", - "route53:getHostedZoneCount", - "route53:getReusableDelegationSet", - "route53:getTrafficPolicy", - "route53:getTrafficPolicyInstance", - "route53:getTrafficPolicyInstanceCount", - "route53:listGeoLocations", - "route53:listHealthChecks", - "route53:listHostedZones", - "route53:listHostedZonesByName", - "route53:listResourceRecordSets", - "route53:listReusableDelegationSets", - "route53:listTrafficPolicies", - "route53:listTrafficPolicyInstances", - "route53:listTrafficPolicyInstancesByHostedZone", - "route53:listTrafficPolicyInstancesByPolicy", - "route53:listTrafficPolicyVersions", - "route53domains:checkDomainAvailability", - "route53domains:getContactReachabilityStatus", - "route53domains:getDomainDetail", - "route53domains:getOperationDetail", - "route53domains:listDomains", - "route53domains:listOperations", - "route53domains:listTagsForDomain", - "route53domains:viewBilling", - "route53resolver:getFirewallConfig", - "route53resolver:getFirewallDomainList", - "route53resolver:getFirewallRuleGroup", - "route53resolver:getFirewallRuleGroupAssociation", - "route53resolver:getResolverDnssecConfig", - "route53resolver:getResolverRulePolicy", - "route53resolver:listFirewallConfigs", - "route53resolver:listFirewallDomainLists", - "route53resolver:listFirewallDomains", - "route53resolver:listFirewallRuleGroupAssociations", - "route53resolver:listFirewallRuleGroups", - "route53resolver:listFirewallRules", - "route53resolver:listResolverDnssecConfigs", - "route53resolver:listResolverEndpointIpAddresses", - "route53resolver:listResolverEndpoints", - "route53resolver:listResolverRuleAssociations", - "route53resolver:listResolverRules", - "route53resolver:listTagsForResource", - "s3:describeJob", - "s3:describeMultiRegionAccessPointOperation", - "s3:getAccelerateConfiguration", - "s3:getAccessPoint", - "s3:getAccessPointConfigurationForObjectLambda", - "s3:getAccessPointForObjectLambda", - "s3:getAccessPointPolicy", - "s3:getAccessPointPolicyForObjectLambda", - "s3:getAccessPointPolicyStatus", - "s3:getAccessPointPolicyStatusForObjectLambda", - "s3:getAccountPublicAccessBlock", - "s3:getAnalyticsConfiguration", - "s3:getBucketAcl", - "s3:getBucketCORS", - "s3:getBucketLocation", - "s3:getBucketLogging", - "s3:getBucketNotification", - "s3:getBucketObjectLockConfiguration", - "s3:getBucketOwnershipControls", - "s3:getBucketPolicy", - "s3:getBucketPolicyStatus", - "s3:getBucketPublicAccessBlock", - "s3:getBucketRequestPayment", - "s3:getBucketVersioning", - "s3:getBucketWebsite", - "s3:getEncryptionConfiguration", - "s3:getIntelligentTieringConfiguration", - "s3:getInventoryConfiguration", - "s3:getLifecycleConfiguration", - "s3:getMetricsConfiguration", - "s3:getMultiRegionAccessPoint", - "s3:getMultiRegionAccessPointPolicy", - "s3:getMultiRegionAccessPointPolicyStatus", - "s3:getObjectLegalHold", - "s3:getObjectRetention", - "s3:getReplicationConfiguration", - "s3:getStorageLensConfiguration", - "s3:listAccessPoints", - "s3:listAccessPointsForObjectLambda", - "s3:listAllMyBuckets", - "s3:listBucket", - "s3:listBucketMultipartUploads", - "s3:listBucketVersions", - "s3:listJobs", - "s3:listMultipartUploadParts", - "s3:listMultiRegionAccessPoints", - "s3:listStorageLensConfigurations", - "sagemaker:describeAction", - "sagemaker:describeAlgorithm", - "sagemaker:describeApp", - "sagemaker:describeArtifact", - "sagemaker:describeAutoMLJob", - "sagemaker:describeCompilationJob", - "sagemaker:describeContext", - "sagemaker:describeDataQualityJobDefinition", - "sagemaker:describeDevice", - "sagemaker:describeDeviceFleet", - "sagemaker:describeDomain", - "sagemaker:describeEdgePackagingJob", - "sagemaker:describeEndpoint", - "sagemaker:describeEndpointConfig", - "sagemaker:describeExperiment", - "sagemaker:describeFeatureGroup", - "sagemaker:describeHumanTaskUi", - "sagemaker:describeHyperParameterTuningJob", - "sagemaker:describeImage", - "sagemaker:describeImageVersion", - "sagemaker:describeLabelingJob", - "sagemaker:describeModel", - "sagemaker:describeModelBiasJobDefinition", - "sagemaker:describeModelExplainabilityJobDefinition", - "sagemaker:describeModelPackage", - "sagemaker:describeModelPackageGroup", - "sagemaker:describeModelQualityJobDefinition", - "sagemaker:describeMonitoringSchedule", - "sagemaker:describeNotebookInstance", - "sagemaker:describeNotebookInstanceLifecycleConfig", - "sagemaker:describePipeline", - "sagemaker:describePipelineDefinitionForExecution", - "sagemaker:describePipelineExecution", - "sagemaker:describeProcessingJob", - "sagemaker:describeProject", - "sagemaker:describeSubscribedWorkteam", - "sagemaker:describeTrainingJob", - "sagemaker:describeTransformJob", - "sagemaker:describeTrial", - "sagemaker:describeTrialComponent", - "sagemaker:describeUserProfile", - "sagemaker:describeWorkteam", - "sagemaker:listActions", - "sagemaker:listAlgorithms", - "sagemaker:listApps", - "sagemaker:listArtifacts", - "sagemaker:listAssociations", - "sagemaker:listAutoMLJobs", - "sagemaker:listCandidatesForAutoMLJob", - "sagemaker:listCodeRepositories", - "sagemaker:listCompilationJobs", - "sagemaker:listContexts", - "sagemaker:listDataQualityJobDefinitions", - "sagemaker:listDeviceFleets", - "sagemaker:listDevices", - "sagemaker:listDomains", - "sagemaker:listEdgePackagingJobs", - "sagemaker:listEndpointConfigs", - "sagemaker:listEndpoints", - "sagemaker:listExperiments", - "sagemaker:listFeatureGroups", - "sagemaker:listFlowDefinitions", - "sagemaker:listHumanTaskUis", - "sagemaker:listHyperParameterTuningJobs", - "sagemaker:listImages", - "sagemaker:listImageVersions", - "sagemaker:listLabelingJobs", - "sagemaker:listLabelingJobsForWorkteam", - "sagemaker:listModelBiasJobDefinitions", - "sagemaker:listModelExplainabilityJobDefinitions", - "sagemaker:listModelPackageGroups", - "sagemaker:listModelPackages", - "sagemaker:listModelQualityJobDefinitions", - "sagemaker:listModels", - "sagemaker:listMonitoringExecutions", - "sagemaker:listMonitoringSchedules", - "sagemaker:listNotebookInstanceLifecycleConfigs", - "sagemaker:listNotebookInstances", - "sagemaker:listPipelineExecutions", - "sagemaker:listPipelineExecutionSteps", - "sagemaker:listPipelineParametersForExecution", - "sagemaker:listPipelines", - "sagemaker:listProcessingJobs", - "sagemaker:listProjects", - "sagemaker:listSubscribedWorkteams", - "sagemaker:listTags", - "sagemaker:listTrainingJobs", - "sagemaker:listTrainingJobsForHyperParameterTuningJob", - "sagemaker:listTransformJobs", - "sagemaker:listTrialComponents", - "sagemaker:listTrials", - "sagemaker:listUserProfiles", - "sagemaker:listWorkteams", - "sdb:domainMetadata", - "sdb:listDomains", - "secretsmanager:describeSecret", - "secretsmanager:getResourcePolicy", - "secretsmanager:listSecrets", - "secretsmanager:listSecretVersionIds", - "securityhub:getEnabledStandards", - "securityhub:getFindings", - "securityhub:getInsightResults", - "securityhub:getInsights", - "securityhub:getMasterAccount", - "securityhub:getMembers", - "securityhub:listEnabledProductsForImport", - "securityhub:listInvitations", - "securityhub:listMembers", - "servicecatalog:describeConstraint", - "servicecatalog:describePortfolio", - "servicecatalog:describeProduct", - "servicecatalog:describeProductAsAdmin", - "servicecatalog:describeProductView", - "servicecatalog:describeProvisioningArtifact", - "servicecatalog:describeProvisioningParameters", - "servicecatalog:describeRecord", - "servicecatalog:listAcceptedPortfolioShares", - "servicecatalog:listConstraintsForPortfolio", - "servicecatalog:listLaunchPaths", - "servicecatalog:listPortfolioAccess", - "servicecatalog:listPortfolios", - "servicecatalog:listPortfoliosForProduct", - "servicecatalog:listPrincipalsForPortfolio", - "servicecatalog:listProvisioningArtifacts", - "servicecatalog:listRecordHistory", - "servicecatalog:scanProvisionedProducts", - "servicecatalog:searchProducts", - "servicequotas:getAssociationForServiceQuotaTemplate", - "servicequotas:getAWSDefaultServiceQuota", - "servicequotas:getRequestedServiceQuotaChange", - "servicequotas:getServiceQuota", - "servicequotas:getServiceQuotaIncreaseRequestFromTemplate", - "servicequotas:listAWSDefaultServiceQuotas", - "servicequotas:listRequestedServiceQuotaChangeHistory", - "servicequotas:listRequestedServiceQuotaChangeHistoryByQuota", - "servicequotas:listServiceQuotaIncreaseRequestsInTemplate", - "servicequotas:listServiceQuotas", - "servicequotas:listServices", - "ses:describeActiveReceiptRuleSet", - "ses:describeReceiptRule", - "ses:describeReceiptRuleSet", - "ses:getAccount", - "ses:getBlacklistReports", - "ses:getConfigurationSet", - "ses:getConfigurationSetEventDestinations", - "ses:getDedicatedIp", - "ses:getDedicatedIps", - "ses:getDeliverabilityDashboardOptions", - "ses:getDeliverabilityTestReport", - "ses:getDomainDeliverabilityCampaign", - "ses:getDomainStatisticsReport", - "ses:getEmailIdentity", - "ses:getIdentityDkimAttributes", - "ses:getIdentityMailFromDomainAttributes", - "ses:getIdentityNotificationAttributes", - "ses:getIdentityPolicies", - "ses:getIdentityVerificationAttributes", - "ses:getSendQuota", - "ses:getSendStatistics", - "ses:listConfigurationSets", - "ses:listDedicatedIpPools", - "ses:listDeliverabilityTestReports", - "ses:listDomainDeliverabilityCampaigns", - "ses:listEmailIdentities", - "ses:listIdentities", - "ses:listIdentityPolicies", - "ses:listReceiptFilters", - "ses:listReceiptRuleSets", - "ses:listTagsForResource", - "ses:listVerifiedEmailAddresses", - "shield:describeAttack", - "shield:describeProtection", - "shield:describeSubscription", - "shield:listAttacks", - "shield:listProtections", - "sms-voice:getConfigurationSetEventDestinations", - "sms:getConnectors", - "sms:getReplicationJobs", - "sms:getReplicationRuns", - "sms:getServers", - "snowball:describeAddress", - "snowball:describeAddresses", - "snowball:describeJob", - "snowball:getSnowballUsage", - "snowball:listJobs", - "sns:checkIfPhoneNumberIsOptedOut", - "sns:getEndpointAttributes", - "sns:getPlatformApplicationAttributes", - "sns:getSMSAttributes", - "sns:getSubscriptionAttributes", - "sns:getTopicAttributes", - "sns:listEndpointsByPlatformApplication", - "sns:listPhoneNumbersOptedOut", - "sns:listPlatformApplications", - "sns:listSubscriptions", - "sns:listSubscriptionsByTopic", - "sns:listTopics", - "sqs:getQueueAttributes", - "sqs:getQueueUrl", - "sqs:listDeadLetterSourceQueues", - "sqs:listQueues", - "ssm-contacts:describeEngagement", - "ssm-contacts:describePage", - "ssm-contacts:getContact", - "ssm-contacts:getContactChannel", - "ssm-contacts:listContactChannels", - "ssm-contacts:listContacts", - "ssm-contacts:listEngagements", - "ssm-contacts:listPageReceipts", - "ssm-contacts:listPagesByContact", - "ssm-contacts:listPagesByEngagement", - "ssm-incidents:getIncidentRecord", - "ssm-incidents:getReplicationSet", - "ssm-incidents:getResponsePlan", - "ssm-incidents:listIncidentRecords", - "ssm-incidents:listReplicationSets", - "ssm-incidents:listResponsePlans", - "ssm-incidents:listTimelineEvents", - "ssm:describeActivations", - "ssm:describeAssociation", - "ssm:describeAssociationExecutions", - "ssm:describeAssociationExecutionTargets", - "ssm:describeAutomationExecutions", - "ssm:describeAutomationStepExecutions", - "ssm:describeAvailablePatches", - "ssm:describeDocument", - "ssm:describeDocumentPermission", - "ssm:describeEffectiveInstanceAssociations", - "ssm:describeEffectivePatchesForPatchBaseline", - "ssm:describeInstanceAssociationsStatus", - "ssm:describeInstanceInformation", - "ssm:describeInstancePatches", - "ssm:describeInstancePatchStates", - "ssm:describeInstancePatchStatesForPatchGroup", - "ssm:describeInventoryDeletions", - "ssm:describeMaintenanceWindowExecutions", - "ssm:describeMaintenanceWindowExecutionTaskInvocations", - "ssm:describeMaintenanceWindowExecutionTasks", - "ssm:describeMaintenanceWindows", - "ssm:describeMaintenanceWindowSchedule", - "ssm:describeMaintenanceWindowsForTarget", - "ssm:describeMaintenanceWindowTargets", - "ssm:describeMaintenanceWindowTasks", - "ssm:describeOpsItems", - "ssm:describeParameters", - "ssm:describePatchBaselines", - "ssm:describePatchGroups", - "ssm:describePatchGroupState", - "ssm:describePatchProperties", - "ssm:describeSessions", - "ssm:getAutomationExecution", - "ssm:getCommandInvocation", - "ssm:getConnectionStatus", - "ssm:getDefaultPatchBaseline", - "ssm:getDeployablePatchSnapshotForInstance", - "ssm:getInventorySchema", - "ssm:getMaintenanceWindow", - "ssm:getMaintenanceWindowExecution", - "ssm:getMaintenanceWindowExecutionTask", - "ssm:getMaintenanceWindowExecutionTaskInvocation", - "ssm:getMaintenanceWindowTask", - "ssm:getOpsItem", - "ssm:getPatchBaseline", - "ssm:getPatchBaselineForPatchGroup", - "ssm:getServiceSetting", - "ssm:labelParameterVersion", - "ssm:listAssociations", - "ssm:listAssociationVersions", - "ssm:listCommandInvocations", - "ssm:listCommands", - "ssm:listComplianceItems", - "ssm:listComplianceSummaries", - "ssm:listDocuments", - "ssm:listDocumentVersions", - "ssm:listOpsItemEvents", - "ssm:listResourceComplianceSummaries", - "ssm:listResourceDataSync", - "ssm:listTagsForResource", - "states:describeActivity", - "states:describeExecution", - "states:describeStateMachine", - "states:describeStateMachineForExecution", - "states:getExecutionHistory", - "states:listActivities", - "states:listExecutions", - "states:listStateMachines", - "storagegateway:describeBandwidthRateLimit", - "storagegateway:describeCache", - "storagegateway:describeCachediSCSIVolumes", - "storagegateway:describeFileSystemAssociations", - "storagegateway:describeGatewayInformation", - "storagegateway:describeMaintenanceStartTime", - "storagegateway:describeNFSFileShares", - "storagegateway:describeSMBFileShares", - "storagegateway:describeSMBSettings", - "storagegateway:describeSnapshotSchedule", - "storagegateway:describeStorediSCSIVolumes", - "storagegateway:describeTapeArchives", - "storagegateway:describeTapeRecoveryPoints", - "storagegateway:describeTapes", - "storagegateway:describeUploadBuffer", - "storagegateway:describeVTLDevices", - "storagegateway:describeWorkingStorage", - "storagegateway:listAutomaticTapeCreationPolicies", - "storagegateway:listFileShares", - "storagegateway:listFileSystemAssociations", - "storagegateway:listGateways", - "storagegateway:listLocalDisks", - "storagegateway:listTagsForResource", - "storagegateway:listTapes", - "storagegateway:listVolumeInitiators", - "storagegateway:listVolumeRecoveryPoints", - "storagegateway:listVolumes", - "swf:countClosedWorkflowExecutions", - "swf:countOpenWorkflowExecutions", - "swf:countPendingActivityTasks", - "swf:countPendingDecisionTasks", - "swf:describeActivityType", - "swf:describeDomain", - "swf:describeWorkflowExecution", - "swf:describeWorkflowType", - "swf:getWorkflowExecutionHistory", - "swf:listActivityTypes", - "swf:listClosedWorkflowExecutions", - "swf:listDomains", - "swf:listOpenWorkflowExecutions", - "swf:listWorkflowTypes", - "synthetics:describeCanaries", - "synthetics:describeCanariesLastRun", - "synthetics:describeRuntimeVersions", - "synthetics:getCanary", - "synthetics:getCanaryRuns", - "transfer:describeServer", - "transfer:describeUser", - "transfer:listServers", - "transfer:listTagsForResource", - "transfer:listUsers", - "waf-regional:getByteMatchSet", - "waf-regional:getChangeTokenStatus", - "waf-regional:getIPSet", - "waf-regional:getRule", - "waf-regional:getSqlInjectionMatchSet", - "waf-regional:getWebACL", - "waf-regional:getWebACLForResource", - "waf-regional:listByteMatchSets", - "waf-regional:listIPSets", - "waf-regional:listResourcesForWebACL", - "waf-regional:listRules", - "waf-regional:listSqlInjectionMatchSets", - "waf-regional:listWebACLs", - "waf:getByteMatchSet", - "waf:getChangeTokenStatus", - "waf:getIPSet", - "waf:getRule", - "waf:getSampledRequests", - "waf:getSizeConstraintSet", - "waf:getSqlInjectionMatchSet", - "waf:getWebACL", - "waf:getXssMatchSet", - "waf:listByteMatchSets", - "waf:listIPSets", - "waf:listRules", - "waf:listSizeConstraintSets", - "waf:listSqlInjectionMatchSets", - "waf:listWebACLs", - "waf:listXssMatchSets", - "wafv2:checkCapacity", - "wafv2:describeManagedRuleGroup", - "wafv2:getIPSet", - "wafv2:getLoggingConfiguration", - "wafv2:getPermissionPolicy", - "wafv2:getRateBasedStatementManagedKeys", - "wafv2:getRegexPatternSet", - "wafv2:getRuleGroup", - "wafv2:getSampledRequests", - "wafv2:getWebACL", - "wafv2:getWebACLForResource", - "wafv2:listAvailableManagedRuleGroups", - "wafv2:listIPSets", - "wafv2:listLoggingConfigurations", - "wafv2:listRegexPatternSets", - "wafv2:listResourcesForWebACL", - "wafv2:listRuleGroups", - "wafv2:listTagsForResource", - "wafv2:listWebACLs", - "workdocs:checkAlias", - "workdocs:describeAvailableDirectories", - "workdocs:describeInstances", - "worklink:describeAuditStreamConfiguration", - "worklink:describeCompanyNetworkConfiguration", - "worklink:describeDevice", - "worklink:describeDevicePolicyConfiguration", - "worklink:describeDomain", - "worklink:describeFleetMetadata", - "worklink:describeIdentityProviderConfiguration", - "worklink:describeWebsiteCertificateAuthority", - "worklink:listDevices", - "worklink:listDomains", - "worklink:listFleets", - "worklink:listWebsiteAuthorizationProviders", - "worklink:listWebsiteCertificateAuthorities", - "workmail:describeGroup", - "workmail:describeOrganization", - "workmail:describeResource", - "workmail:describeUser", - "workmail:listAliases", - "workmail:listGroupMembers", - "workmail:listGroups", - "workmail:listMailboxPermissions", - "workmail:listOrganizations", - "workmail:listResourceDelegates", - "workmail:listResources", - "workmail:listUsers", - "workspaces:describeAccount", - "workspaces:describeAccountModifications", - "workspaces:describeIpGroups", - "workspaces:describeTags", - "workspaces:describeWorkspaceBundles", - "workspaces:describeWorkspaceDirectories", - "workspaces:describeWorkspaceImages", - "workspaces:describeWorkspaces", - "workspaces:describeWorkspacesConnectionStatus" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ7W6266ELXF5MISDS", - "PolicyName": "AWSSupportServiceRolePolicy", - "UpdateDate": "2022-02-18T00:53:34+00:00", - "VersionId": "v21" - }, - "AWSSystemsManagerAccountDiscoveryServicePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerAccountDiscoveryServicePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-10-24T17:21:05+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:ListAccounts", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:ListChildren", - "organizations:ListParents", - "organizations:ListDelegatedServicesForAccount", - "organizations:ListDelegatedAdministrators" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4BPDSHIWK5", - "PolicyName": "AWSSystemsManagerAccountDiscoveryServicePolicy", - "UpdateDate": "2020-05-27T18:04:51+00:00", - "VersionId": "v2" - }, - "AWSSystemsManagerChangeManagementServicePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerChangeManagementServicePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-12-07T22:21:57+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ssm:CreateAssociation", - "ssm:DeleteAssociation", - "ssm:CreateOpsItem", - "ssm:GetOpsItem", - "ssm:UpdateOpsItem", - "ssm:StartAutomationExecution", - "ssm:StopAutomationExecution", - "ssm:GetAutomationExecution", - "ssm:GetCalendarState", - "ssm:GetDocument" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "cloudwatch:DescribeAlarms" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "sso:ListDirectoryAssociations" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "sso-directory:DescribeUsers", - "sso-directory:IsMemberInGroup" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "iam:GetGroup", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "ssm.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MZTL6DXTC", - "PolicyName": "AWSSystemsManagerChangeManagementServicePolicy", - "UpdateDate": "2020-12-07T22:21:57+00:00", - "VersionId": "v1" - }, - "AWSSystemsManagerOpsDataSyncServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerOpsDataSyncServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-04-26T20:42:39+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ssm:GetOpsItem", - "ssm:UpdateOpsItem" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/ExplorerSecurityHubOpsItem": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ssm:CreateOpsItem" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ssm:AddTagsToResource" - ], - "Effect": "Allow", - "Resource": "arn:aws:ssm:*:*:opsitem/*" - }, - { - "Action": [ - "ssm:UpdateServiceSetting", - "ssm:GetServiceSetting" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ssm:*:*:servicesetting/ssm/opsitem/*", - "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/*" - ] - }, - { - "Action": [ - "securityhub:GetFindings", - "securityhub:BatchUpdateFindings" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "securityhub:BatchUpdateFindings", - "Condition": { - "Null": { - "securityhub:ASFFSyntaxPath/Confidence": false, - "securityhub:ASFFSyntaxPath/Criticality": false, - "securityhub:ASFFSyntaxPath/Note": false, - "securityhub:ASFFSyntaxPath/RelatedFindings": false, - "securityhub:ASFFSyntaxPath/Types": false, - "securityhub:ASFFSyntaxPath/UserDefinedFields": false, - "securityhub:ASFFSyntaxPath/VerificationState": false - }, - "StringEquals": { - "securityhub:ASFFSyntaxPath/Workflow.Status": "SUPPRESSED" - } - }, - "Effect": "Deny", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FUXS4O2QJ", - "PolicyName": "AWSSystemsManagerOpsDataSyncServiceRolePolicy", - "UpdateDate": "2021-04-26T20:42:39+00:00", - "VersionId": "v1" - }, - "AWSThinkboxAWSPortalAdminPolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSThinkboxAWSPortalAdminPolicy", - "AttachmentCount": 0, - "CreateDate": "2020-05-27T19:41:02+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:AttachInternetGateway", - "ec2:AssociateAddress", - "ec2:AssociateRouteTable", - "ec2:AllocateAddress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateFleet", - "ec2:CreateLaunchTemplate", - "ec2:CreateInternetGateway", - "ec2:CreateNatGateway", - "ec2:CreatePlacementGroup", - "ec2:CreateRoute", - "ec2:CreateRouteTable", - "ec2:CreateSecurityGroup", - "ec2:CreateSubnet", - "ec2:CreateVpc", - "ec2:CreateVpcEndpoint", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeAddresses", - "ec2:DescribeFleets", - "ec2:DescribeFleetHistory", - "ec2:DescribeFleetInstances", - "ec2:DescribeImages", - "ec2:DescribeInstances", - "ec2:DescribeInternetGateways", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeRouteTables", - "ec2:DescribeNatGateways", - "ec2:DescribeTags", - "ec2:DescribeKeyPairs", - "ec2:DescribePlacementGroups", - "ec2:DescribeInstanceTypeOfferings", - "ec2:DescribeRegions", - "ec2:DescribeSpotFleetRequestHistory", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSpotFleetInstances", - "ec2:DescribeSpotFleetRequests", - "ec2:DescribeSpotPriceHistory", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeVpcEndpoints", - "ec2:GetConsoleOutput", - "ec2:ImportKeyPair", - "ec2:ReleaseAddress", - "ec2:RequestSpotFleet", - "ec2:CancelSpotFleetRequests", - "ec2:DisassociateAddress", - "ec2:DeleteFleets", - "ec2:DeleteLaunchTemplate", - "ec2:DeleteVpc", - "ec2:DeletePlacementGroup", - "ec2:DeleteVpcEndpoints", - "ec2:DeleteInternetGateway", - "ec2:DeleteSecurityGroup", - "ec2:RevokeSecurityGroupIngress", - "ec2:DeleteRoute", - "ec2:DeleteRouteTable", - "ec2:DisassociateRouteTable", - "ec2:DeleteSubnet", - "ec2:DeleteNatGateway", - "ec2:DetachInternetGateway", - "ec2:ModifyInstanceAttribute", - "ec2:ModifyFleet", - "ec2:ModifySpotFleetRequest", - "ec2:ModifyVpcAttribute" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:RunInstances", - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:key-pair/*", - "arn:aws:ec2:*::snapshot/*", - "arn:aws:ec2:*:*:launch-template/*", - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:placement-group/*", - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*::image/*" - ] - }, - { - "Action": "ec2:RunInstances", - "Condition": { - "StringLike": { - "ec2:InstanceProfile": "arn:aws:iam::*:instance-profile/AWSPortal*" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": "ec2:TerminateInstances", - "Condition": { - "StringEquals": { - "ec2:ResourceTag/aws:cloudformation:logical-id": "ReverseForwarder" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:TerminateInstances", - "Condition": { - "StringLike": { - "ec2:ResourceTag/aws:ec2spot:fleet-request-id": "*" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:TerminateInstances", - "Condition": { - "StringLike": { - "ec2:PlacementGroup": "*DeadlinePlacementGroup*" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "StringLike": { - "ec2:PlacementGroup": "*DeadlinePlacementGroup*" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "StringLike": { - "ec2:CreateAction": "RunInstances" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:internet-gateway/*", - "arn:aws:ec2:*:*:route-table/*", - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:vpc/*", - "arn:aws:ec2:*:*:natgateway/*" - ] - }, - { - "Action": [ - "iam:GetUser" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:GetInstanceProfile" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:instance-profile/AWSPortal*" - ] - }, - { - "Action": [ - "iam:GetPolicy", - "iam:ListEntitiesForPolicy", - "iam:ListPolicyVersions" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:policy/AWSPortal*" - ] - }, - { - "Action": [ - "iam:GetRole", - "iam:GetRolePolicy" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/AWSPortal*", - "arn:aws:iam::*:role/DeadlineSpot*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "ec2.amazonaws.com", - "ec2fleet.amazonaws.com", - "spot.amazonaws.com", - "spotfleet.amazonaws.com", - "cloudformation.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/AWSPortal*", - "arn:aws:iam::*:role/DeadlineSpot*" - ] - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "ec2fleet.amazonaws.com", - "spot.amazonaws.com", - "spotfleet.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/*" - }, - { - "Action": [ - "s3:CreateBucket", - "s3:GetBucketLocation", - "s3:GetBucketLogging", - "s3:GetBucketVersioning", - "s3:PutBucketAcl", - "s3:PutBucketCORS", - "s3:PutBucketVersioning", - "s3:GetBucketAcl", - "s3:GetObject", - "s3:PutBucketLogging", - "s3:PutBucketTagging", - "s3:PutObject", - "s3:ListBucket", - "s3:ListBucketVersions", - "s3:PutEncryptionConfiguration", - "s3:PutLifecycleConfiguration", - "s3:DeleteBucket", - "s3:DeleteObject", - "s3:DeleteBucketPolicy", - "s3:DeleteObjectVersion" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3::*:awsportal*", - "arn:aws:s3::*:stack*", - "arn:aws:s3::*:aws-portal-cache*", - "arn:aws:s3::*:logs-for-aws-portal-cache*", - "arn:aws:s3::*:logs-for-stack*" - ] - }, - { - "Action": [ - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "dynamodb:Scan" - ], - "Effect": "Allow", - "Resource": "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" - }, - { - "Action": [ - "cloudformation:CreateStack", - "cloudformation:DescribeStackEvents", - "cloudformation:DescribeStackResources", - "cloudformation:DeleteStack", - "cloudformation:DeleteChangeSet", - "cloudformation:ListStackResources", - "cloudformation:CreateChangeSet", - "cloudformation:DescribeChangeSet", - "cloudformation:ExecuteChangeSet", - "cloudformation:UpdateTerminationProtection" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:stack/stack*/*", - "arn:aws:cloudformation:*:*:stack/Deadline*/*" - ] - }, - { - "Action": [ - "cloudformation:EstimateTemplateCost", - "cloudformation:DescribeStacks" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "logs:PutRetentionPolicy", - "logs:DeleteRetentionPolicy" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/thinkbox*" - }, - { - "Action": [ - "logs:DescribeLogGroups", - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:Encrypt", - "kms:GenerateDataKey" - ], - "Condition": { - "StringLike": { - "kms:ViaService": [ - "s3.*.amazonaws.com", - "secretsmanager.*.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "secretsmanager:CreateSecret" - ], - "Condition": { - "StringLike": { - "secretsmanager:Name": [ - "rcs-tls-pw*" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "secretsmanager:DeleteSecret", - "secretsmanager:UpdateSecret", - "secretsmanager:DescribeSecret", - "secretsmanager:TagResource" - ], - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:secret:rcs-tls-pw*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4BVM3T5TP2", - "PolicyName": "AWSThinkboxAWSPortalAdminPolicy", - "UpdateDate": "2020-08-20T17:16:03+00:00", - "VersionId": "v4" - }, - "AWSThinkboxAWSPortalGatewayPolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSThinkboxAWSPortalGatewayPolicy", - "AttachmentCount": 0, - "CreateDate": "2020-05-27T19:05:00+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:DescribeLogGroups", - "logs:CreateLogStream" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/thinkbox*" - ] - }, - { - "Action": [ - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-portal-cache*" - ] - }, - { - "Action": "dynamodb:Scan", - "Effect": "Allow", - "Resource": [ - "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" - ] - }, - { - "Action": [ - "s3:ListBucket", - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::stack*" - ] - }, - { - "Action": [ - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::stack*/gateway_certs/*" - ] - }, - { - "Action": [ - "secretsmanager:GetSecretValue" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:secretsmanager:*:*:secret:rcs-tls-pw-stack*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FP27FM4BH", - "PolicyName": "AWSThinkboxAWSPortalGatewayPolicy", - "UpdateDate": "2020-06-30T16:02:07+00:00", - "VersionId": "v2" - }, - "AWSThinkboxAWSPortalWorkerPolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSThinkboxAWSPortalWorkerPolicy", - "AttachmentCount": 0, - "CreateDate": "2020-05-27T19:15:05+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeTags" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:TerminateInstances" - ], - "Condition": { - "StringEquals": { - "ec2:ResourceTag/DeadlineRole": "DeadlineRenderNode" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-portal-cache*" - ] - }, - { - "Action": [ - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::stack*/gateway_certs/*" - ] - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:DescribeLogGroups" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/thinkbox*" - ] - }, - { - "Action": [ - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "sqs:SendMessage", - "sqs:GetQueueUrl" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sqs:*:*:DeadlineAWS*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PI3G53MMS", - "PolicyName": "AWSThinkboxAWSPortalWorkerPolicy", - "UpdateDate": "2020-12-07T23:27:47+00:00", - "VersionId": "v4" - }, - "AWSThinkboxAssetServerPolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSThinkboxAssetServerPolicy", - "AttachmentCount": 0, - "CreateDate": "2020-05-27T19:18:53+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:GetLogEvents" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/thinkbox*" - ] - }, - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-portal-cache*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KDWZE3HCT", - "PolicyName": "AWSThinkboxAssetServerPolicy", - "UpdateDate": "2020-05-27T19:18:53+00:00", - "VersionId": "v1" - }, - "AWSThinkboxDeadlineResourceTrackerAccessPolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineResourceTrackerAccessPolicy", - "AttachmentCount": 0, - "CreateDate": "2020-05-27T19:25:05+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "dynamodb:ListStreams" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "dynamodb:BatchWriteItem", - "dynamodb:DeleteItem", - "dynamodb:DescribeStream", - "dynamodb:DescribeTable", - "dynamodb:GetItem", - "dynamodb:GetRecords", - "dynamodb:GetShardIterator", - "dynamodb:PutItem", - "dynamodb:Scan", - "dynamodb:UpdateItem", - "dynamodb:UpdateTable" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeHealth*", - "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeInfo*", - "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" - ] - }, - { - "Action": [ - "ec2:CancelSpotFleetRequests", - "ec2:DeleteFleets", - "ec2:DescribeFleetInstances", - "ec2:DescribeFleets", - "ec2:DescribeInstances", - "ec2:DescribeSpotFleetInstances", - "ec2:DescribeSpotFleetRequests" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:RebootInstances", - "ec2:TerminateInstances" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/DeadlineTrackedAWSResource": "*" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": [ - "events:PutEvents" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:events:*:*:event-bus/default" - ] - }, - { - "Action": [ - "lambda:InvokeFunction" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:lambda:*:*:function:DeadlineResourceTracker*" - ] - }, - { - "Action": [ - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/lambda/DeadlineResourceTracker*" - ] - }, - { - "Action": [ - "sqs:DeleteMessage", - "sqs:GetQueueAttributes", - "sqs:ReceiveMessage" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sqs:*:*:DeadlineAWSComputeNodeStateMessageQueue*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4OUKJ73IOS", - "PolicyName": "AWSThinkboxDeadlineResourceTrackerAccessPolicy", - "UpdateDate": "2020-05-27T19:25:05+00:00", - "VersionId": "v1" - }, - "AWSThinkboxDeadlineResourceTrackerAdminPolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineResourceTrackerAdminPolicy", - "AttachmentCount": 0, - "CreateDate": "2020-05-27T19:29:09+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "application-autoscaling:DeleteScalingPolicy", - "application-autoscaling:DeregisterScalableTarget", - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DescribeScalingPolicies", - "application-autoscaling:PutScalingPolicy", - "application-autoscaling:RegisterScalableTarget" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "cloudformation:ListStacks" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "cloudformation:CreateStack", - "cloudformation:DeleteStack", - "cloudformation:UpdateStack", - "cloudformation:DescribeStacks", - "cloudformation:UpdateTerminationProtection" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:stack/DeadlineResourceTracker*" - ] - }, - { - "Action": [ - "dynamodb:CreateTable", - "dynamodb:DeleteTable", - "dynamodb:DescribeTable", - "dynamodb:ListTagsOfResource", - "dynamodb:TagResource", - "dynamodb:UntagResource" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeHealth*", - "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeInfo*", - "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" - ] - }, - { - "Action": [ - "dynamodb:BatchWriteItem", - "dynamodb:Scan" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" - ] - }, - { - "Action": [ - "events:DeleteRule", - "events:DescribeRule", - "events:PutRule", - "events:PutTargets", - "events:RemoveTargets" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:events:*:*:rule/DeadlineResourceTracker*" - ] - }, - { - "Action": [ - "iam:GetRole", - "iam:ListAttachedRolePolicies" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/DeadlineResourceTracker*" - ] - }, - { - "Action": [ - "iam:GetUser" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "dynamodb.application-autoscaling.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "lambda.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/DeadlineResourceTrackerAccess*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "application-autoscaling.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/dynamodb.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_DynamoDBTable" - ] - }, - { - "Action": [ - "lambda:GetEventSourceMapping" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "lambda:CreateEventSourceMapping", - "lambda:DeleteEventSourceMapping" - ], - "Condition": { - "StringLike": { - "lambda:FunctionArn": [ - "arn:aws:lambda:*:*:function:DeadlineResourceTracker*" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "lambda:AddPermission", - "lambda:RemovePermission" - ], - "Condition": { - "StringLike": { - "lambda:Principal": "events.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:lambda:*:*:function:DeadlineResourceTracker*" - ] - }, - { - "Action": [ - "lambda:CreateFunction", - "lambda:DeleteFunction", - "lambda:DeleteFunctionConcurrency", - "lambda:GetFunction", - "lambda:GetFunctionConfiguration", - "lambda:ListTags", - "lambda:PutFunctionConcurrency", - "lambda:TagResource", - "lambda:UntagResource", - "lambda:UpdateFunctionCode" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:lambda:*:*:function:DeadlineResourceTracker*" - ] - }, - { - "Action": [ - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*/deadline_aws_resource_tracker-*.zip", - "arn:aws:s3:::*/DeadlineAWSResourceTrackerTemplate-*.yaml" - ] - }, - { - "Action": [ - "sqs:CreateQueue", - "sqs:DeleteQueue", - "sqs:GetQueueAttributes", - "sqs:ListQueueTags", - "sqs:TagQueue", - "sqs:UntagQueue" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sqs:*:*:DeadlineAWSComputeNodeState*", - "arn:aws:sqs:*:*:DeadlineResourceTracker*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FKWWNUOP2", - "PolicyName": "AWSThinkboxDeadlineResourceTrackerAdminPolicy", - "UpdateDate": "2021-12-23T01:01:48+00:00", - "VersionId": "v5" - }, - "AWSThinkboxDeadlineSpotEventPluginAdminPolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineSpotEventPluginAdminPolicy", - "AttachmentCount": 0, - "CreateDate": "2020-05-27T19:38:34+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CancelSpotFleetRequests", - "ec2:DescribeSpotFleetInstances", - "ec2:DescribeSpotFleetRequests", - "ec2:ModifySpotFleetRequest", - "ec2:RequestSpotFleet" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "StringEquals": { - "ec2:CreateAction": "RunInstances" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": [ - "ec2:RunInstances" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:TerminateInstances" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/aws:ec2spot:fleet-request-id": "*" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "spot.amazonaws.com", - "spotfleet.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/*" - ] - }, - { - "Action": [ - "iam:GetInstanceProfile" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:instance-profile/*" - ] - }, - { - "Action": [ - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-ec2-spot-fleet-tagging-role", - "arn:aws:iam::*:role/DeadlineSpot*" - ] - }, - { - "Action": [ - "iam:GetUser" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": "ec2.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-ec2-spot-fleet-tagging-role", - "arn:aws:iam::*:role/DeadlineSpot*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MNSGMZZZZ", - "PolicyName": "AWSThinkboxDeadlineSpotEventPluginAdminPolicy", - "UpdateDate": "2020-05-27T19:38:34+00:00", - "VersionId": "v1" - }, - "AWSThinkboxDeadlineSpotEventPluginWorkerPolicy": { - "Arn": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineSpotEventPluginWorkerPolicy", - "AttachmentCount": 0, - "CreateDate": "2020-05-27T19:35:00+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeTags" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:TerminateInstances" - ], - "Condition": { - "StringEquals": { - "ec2:ResourceTag/DeadlineTrackedAWSResource": "SpotEventPlugin" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": [ - "ec2:TerminateInstances" - ], - "Condition": { - "StringEquals": { - "ec2:ResourceTag/DeadlineResourceTracker": "SpotEventPlugin" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": [ - "sqs:GetQueueUrl", - "sqs:SendMessage" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sqs:*:*:DeadlineAWSComputeNodeState*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JS2KSV4B2", - "PolicyName": "AWSThinkboxDeadlineSpotEventPluginWorkerPolicy", - "UpdateDate": "2020-12-07T23:31:31+00:00", - "VersionId": "v2" - }, - "AWSTransferConsoleFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSTransferConsoleFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-12-14T19:33:25+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": "transfer.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "acm:ListCertificates", - "ec2:DescribeAddresses", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeVpcEndpoints", - "health:DescribeEventAggregates", - "iam:GetPolicyVersion", - "iam:ListPolicies", - "iam:ListRoles", - "route53:ListHostedZones", - "s3:ListAllMyBuckets", - "transfer:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KYSTLCO3J", - "PolicyName": "AWSTransferConsoleFullAccess", - "UpdateDate": "2020-12-14T19:33:25+00:00", - "VersionId": "v1" - }, - "AWSTransferFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSTransferFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-12-14T19:37:23+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "transfer:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": "transfer.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeVpcEndpoints", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeAddresses" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KGELFKPYK", - "PolicyName": "AWSTransferFullAccess", - "UpdateDate": "2020-12-14T19:37:23+00:00", - "VersionId": "v1" - }, - "AWSTransferLoggingAccess": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess", - "AttachmentCount": 0, - "CreateDate": "2019-01-14T15:32:50+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:CreateLogGroup", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAISIP5WGJX7VKXRQZO", - "PolicyName": "AWSTransferLoggingAccess", - "UpdateDate": "2019-01-14T15:32:50+00:00", - "VersionId": "v1" - }, - "AWSTransferReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSTransferReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-08-27T17:54:51+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "transfer:DescribeUser", - "transfer:DescribeServer", - "transfer:ListUsers", - "transfer:ListServers", - "transfer:TestIdentityProvider", - "transfer:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4ITRAALBSI", - "PolicyName": "AWSTransferReadOnlyAccess", - "UpdateDate": "2020-08-27T17:54:51+00:00", - "VersionId": "v1" - }, - "AWSTrustedAdvisorReportingServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorReportingServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-11-19T17:41:13+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "organizations:DescribeOrganization", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:ListAccounts", - "organizations:ListAccountsForParent", - "organizations:ListOrganizationalUnitsForParent", - "organizations:ListChildren", - "organizations:ListParents", - "organizations:DescribeOrganizationalUnit", - "organizations:DescribeAccount" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NCBYW5OGK", - "PolicyName": "AWSTrustedAdvisorReportingServiceRolePolicy", - "UpdateDate": "2020-09-11T21:36:48+00:00", - "VersionId": "v2" - }, - "AWSTrustedAdvisorServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy", - "AttachmentCount": 1, - "CreateDate": "2018-02-22T21:24:25+00:00", - "DefaultVersionId": "v9", - "Document": { - "Statement": [ - { - "Action": [ - "autoscaling:DescribeAccountLimits", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeLaunchConfigurations", - "cloudformation:DescribeAccountLimits", - "cloudformation:DescribeStacks", - "cloudformation:ListStacks", - "cloudfront:ListDistributions", - "cloudtrail:DescribeTrails", - "cloudtrail:GetTrailStatus", - "dynamodb:DescribeLimits", - "dynamodb:DescribeTable", - "dynamodb:ListTables", - "ec2:DescribeAddresses", - "ec2:DescribeReservedInstances", - "ec2:DescribeInstances", - "ec2:DescribeVpcs", - "ec2:DescribeInternetGateways", - "ec2:DescribeImages", - "ec2:DescribeVolumes", - "ec2:DescribeSecurityGroups", - "ec2:DescribeReservedInstancesOfferings", - "ec2:DescribeSnapshots", - "ec2:DescribeVpnConnections", - "ec2:DescribeVpnGateways", - "ec2:DescribeLaunchTemplateVersions", - "elasticloadbalancing:DescribeAccountLimits", - "elasticloadbalancing:DescribeInstanceHealth", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancerPolicyTypes", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTargetGroups", - "iam:GenerateCredentialReport", - "iam:GetAccountPasswordPolicy", - "iam:GetAccountSummary", - "iam:GetCredentialReport", - "iam:GetServerCertificate", - "iam:ListServerCertificates", - "kinesis:DescribeLimits", - "rds:DescribeAccountAttributes", - "rds:DescribeDBClusters", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstances", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBParameters", - "rds:DescribeDBSecurityGroups", - "rds:DescribeDBSnapshots", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEngineDefaultParameters", - "rds:DescribeEvents", - "rds:DescribeOptionGroupOptions", - "rds:DescribeOptionGroups", - "rds:DescribeOrderableDBInstanceOptions", - "rds:DescribeReservedDBInstances", - "rds:DescribeReservedDBInstancesOfferings", - "rds:ListTagsForResource", - "redshift:DescribeClusters", - "redshift:DescribeReservedNodeOfferings", - "redshift:DescribeReservedNodes", - "route53:GetAccountLimit", - "route53:GetHealthCheck", - "route53:GetHostedZone", - "route53:ListHealthChecks", - "route53:ListHostedZones", - "route53:ListHostedZonesByName", - "route53:ListResourceRecordSets", - "s3:GetAccountPublicAccessBlock", - "s3:GetBucketAcl", - "s3:GetBucketPolicy", - "s3:GetBucketPolicyStatus", - "s3:GetBucketLocation", - "s3:GetBucketLogging", - "s3:GetBucketVersioning", - "s3:GetBucketPublicAccessBlock", - "s3:ListBucket", - "s3:ListAllMyBuckets", - "ses:GetSendQuota", - "sqs:ListQueues", - "cloudwatch:GetMetricStatistics", - "ce:GetReservationPurchaseRecommendation", - "ce:GetSavingsPlansPurchaseRecommendation" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJH4QJ2WMHBOB47BUE", - "PolicyName": "AWSTrustedAdvisorServiceRolePolicy", - "UpdateDate": "2021-08-10T22:41:30+00:00", - "VersionId": "v9" - }, - "AWSVPCS2SVpnServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSVPCS2SVpnServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-08-06T14:13:58+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "acm:ExportCertificate", - "acm:DescribeCertificate", - "acm:ListCertificates", - "acm-pca:DescribeCertificateAuthority" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "0" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4ENV7ZVNT6", - "PolicyName": "AWSVPCS2SVpnServiceRolePolicy", - "UpdateDate": "2019-08-06T14:13:58+00:00", - "VersionId": "v1" - }, - "AWSVPCTransitGatewayServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSVPCTransitGatewayServiceRolePolicy", - "AttachmentCount": 1, - "CreateDate": "2018-11-26T16:21:17+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:DeleteNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:AssignIpv6Addresses", - "ec2:UnAssignIpv6Addresses" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "0" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJS2PBJSYV2EZW3MIQ", - "PolicyName": "AWSVPCTransitGatewayServiceRolePolicy", - "UpdateDate": "2021-04-15T16:31:44+00:00", - "VersionId": "v2" - }, - "AWSWAFConsoleFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSWAFConsoleFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-04-06T18:38:38+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "apigateway:GET", - "apigateway:SetWebACL", - "cloudfront:ListDistributions", - "cloudfront:ListDistributionsByWebACLId", - "cloudfront:UpdateDistribution", - "cloudwatch:GetMetricData", - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics", - "ec2:DescribeRegions", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:SetWebACL", - "appsync:ListGraphqlApis", - "appsync:SetWebACL", - "waf-regional:*", - "waf:*", - "wafv2:*", - "s3:ListAllMyBuckets", - "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowUseOfAWSWAF" - }, - { - "Action": [ - "logs:CreateLogDelivery", - "logs:DeleteLogDelivery" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowLogDeliverySubscription" - }, - { - "Action": [ - "s3:PutBucketPolicy", - "s3:GetBucketPolicy" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-waf-logs-*" - ], - "Sid": "GrantLogDeliveryPermissionForS3Bucket" - }, - { - "Action": [ - "logs:PutResourcePolicy" - ], - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "wafv2.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "GrantLogDeliveryPermissionForCloudWatchLogGroup" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4AZOTQ7KAT", - "PolicyName": "AWSWAFConsoleFullAccess", - "UpdateDate": "2022-01-11T19:34:04+00:00", - "VersionId": "v4" - }, - "AWSWAFConsoleReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSWAFConsoleReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-04-06T18:43:24+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "apigateway:GET", - "cloudfront:ListDistributions", - "cloudfront:ListDistributionsByWebACLId", - "cloudwatch:GetMetricData", - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics", - "ec2:DescribeRegions", - "elasticloadbalancing:DescribeLoadBalancers", - "appsync:ListGraphqlApis", - "waf-regional:Get*", - "waf-regional:List*", - "waf:Get*", - "waf:List*", - "wafv2:Describe*", - "wafv2:Get*", - "wafv2:List*", - "wafv2:CheckCapacity" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NCJLTIT64", - "PolicyName": "AWSWAFConsoleReadOnlyAccess", - "UpdateDate": "2020-10-01T20:13:54+00:00", - "VersionId": "v3" - }, - "AWSWAFFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSWAFFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-10-06T20:44:00+00:00", - "DefaultVersionId": "v7", - "Document": { - "Statement": [ - { - "Action": [ - "waf:*", - "waf-regional:*", - "wafv2:*", - "elasticloadbalancing:SetWebACL", - "apigateway:SetWebACL", - "appsync:SetWebACL", - "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowUseOfAWSWAF" - }, - { - "Action": [ - "logs:CreateLogDelivery", - "logs:DeleteLogDelivery" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowLogDeliverySubscription" - }, - { - "Action": [ - "s3:PutBucketPolicy", - "s3:GetBucketPolicy" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-waf-logs-*" - ], - "Sid": "GrantLogDeliveryPermissionForS3Bucket" - }, - { - "Action": [ - "logs:PutResourcePolicy" - ], - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "wafv2.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "GrantLogDeliveryPermissionForCloudWatchLogGroup" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJMIKIAFXZEGOLRH7C", - "PolicyName": "AWSWAFFullAccess", - "UpdateDate": "2022-01-11T19:33:38+00:00", - "VersionId": "v7" - }, - "AWSWAFReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSWAFReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-10-06T20:43:45+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "waf:Get*", - "waf:List*", - "waf-regional:Get*", - "waf-regional:List*", - "wafv2:Get*", - "wafv2:List*", - "wafv2:Describe*", - "wafv2:CheckCapacity" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAINZVDMX2SBF7EU2OC", - "PolicyName": "AWSWAFReadOnlyAccess", - "UpdateDate": "2020-06-22T22:38:54+00:00", - "VersionId": "v4" - }, - "AWSXRayDaemonWriteAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess", - "AttachmentCount": 0, - "CreateDate": "2018-08-28T23:00:33+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - "xray:GetSamplingRules", - "xray:GetSamplingTargets", - "xray:GetSamplingStatisticSummaries" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIOE47HSUE5AVBNEDM", - "PolicyName": "AWSXRayDaemonWriteAccess", - "UpdateDate": "2018-08-28T23:00:33+00:00", - "VersionId": "v1" - }, - "AWSXrayFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSXrayFullAccess", - "AttachmentCount": 0, - "CreateDate": "2016-12-01T18:30:55+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "xray:*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJQBYG45NSJMVQDB2K", - "PolicyName": "AWSXrayFullAccess", - "UpdateDate": "2016-12-01T18:30:55+00:00", - "VersionId": "v1" - }, - "AWSXrayReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSXrayReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2016-12-01T18:27:02+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "xray:GetSamplingRules", - "xray:GetSamplingTargets", - "xray:GetSamplingStatisticSummaries", - "xray:BatchGetTraces", - "xray:GetServiceGraph", - "xray:GetTraceGraph", - "xray:GetTraceSummaries", - "xray:GetGroups", - "xray:GetGroup", - "xray:ListTagsForResource", - "xray:GetTimeSeriesServiceStatistics", - "xray:GetInsightSummaries", - "xray:GetInsight", - "xray:GetInsightEvents", - "xray:GetInsightImpactGraph" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIH4OFXWPS6ZX6OPGQ", - "PolicyName": "AWSXrayReadOnlyAccess", - "UpdateDate": "2020-09-03T22:19:40+00:00", - "VersionId": "v5" - }, - "AWSXrayWriteOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2016-12-01T18:19:53+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - "xray:GetSamplingRules", - "xray:GetSamplingTargets", - "xray:GetSamplingStatisticSummaries" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIAACM4LMYSRGBCTM6", - "PolicyName": "AWSXrayWriteOnlyAccess", - "UpdateDate": "2018-08-28T23:03:04+00:00", - "VersionId": "v2" - }, - "AWS_ConfigRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AWS_ConfigRole", - "AttachmentCount": 0, - "CreateDate": "2020-09-15T20:30:30+00:00", - "DefaultVersionId": "v11", - "Document": { - "Statement": [ - { - "Action": [ - "access-analyzer:GetAnalyzer", - "access-analyzer:GetArchiveRule", - "access-analyzer:ListAnalyzers", - "access-analyzer:ListArchiveRules", - "access-analyzer:ListTagsForResource", - "account:GetAlternateContact", - "acm:DescribeCertificate", - "acm:ListCertificates", - "acm:ListTagsForCertificate", - "apigateway:GET", - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DescribeScalingPolicies", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeLifecycleHooks", - "autoscaling:DescribePolicies", - "autoscaling:DescribeScheduledActions", - "autoscaling:DescribeTags", - "backup-gateway:ListTagsForResource", - "backup-gateway:ListVirtualMachines", - "backup:DescribeBackupVault", - "backup:DescribeRecoveryPoint", - "backup:GetBackupPlan", - "backup:GetBackupSelection", - "backup:GetBackupVaultAccessPolicy", - "backup:GetBackupVaultNotifications", - "backup:ListBackupPlans", - "backup:ListBackupSelections", - "backup:ListBackupVaults", - "backup:ListRecoveryPointsByBackupVault", - "backup:ListTags", - "batch:DescribeComputeEnvironments", - "batch:DescribeJobQueues", - "batch:ListTagsForResource", - "cloudformation:DescribeType", - "cloudformation:ListTypes", - "cloudfront:ListDistributions", - "cloudfront:ListTagsForResource", - "cloudtrail:DescribeTrails", - "cloudtrail:GetEventSelectors", - "cloudtrail:GetTrailStatus", - "cloudtrail:ListTags", - "cloudwatch:DescribeAlarms", - "codedeploy:GetDeploymentConfig", - "codepipeline:GetPipeline", - "codepipeline:GetPipelineState", - "codepipeline:ListPipelines", - "config:BatchGet*", - "config:Describe*", - "config:Get*", - "config:List*", - "config:Put*", - "config:Select*", - "dax:DescribeClusters", - "dax:ListTags", - "dms:DescribeCertificates", - "dms:DescribeEventSubscriptions", - "dms:DescribeReplicationInstances", - "dms:DescribeReplicationSubnetGroups", - "dms:ListTagsForResource", - "dynamodb:DescribeContinuousBackups", - "dynamodb:DescribeGlobalTable", - "dynamodb:DescribeGlobalTableSettings", - "dynamodb:DescribeLimits", - "dynamodb:DescribeTable", - "dynamodb:ListTables", - "dynamodb:ListTagsOfResource", - "ec2:Describe*", - "ec2:DescribeClientVpnAuthorizationRules", - "ec2:DescribeClientVpnEndpoints", - "ec2:DescribeDhcpOptions", - "ec2:DescribeFleets", - "ec2:DescribeNetworkAcls", - "ec2:DescribePlacementGroups", - "ec2:DescribeSpotFleetRequests", - "ec2:DescribeVolumeAttribute", - "ec2:DescribeVolumes", - "ec2:GetEbsEncryptionByDefault", - "ecr-public:DescribeRepositories", - "ecr-public:GetRepositoryCatalogData", - "ecr-public:GetRepositoryPolicy", - "ecr-public:ListTagsForResource", - "ecr:DescribeRepositories", - "ecr:GetLifecyclePolicy", - "ecr:GetRepositoryPolicy", - "ecr:ListTagsForResource", - "ecs:DescribeClusters", - "ecs:DescribeServices", - "ecs:DescribeTaskDefinition", - "ecs:DescribeTaskSets", - "ecs:ListClusters", - "ecs:ListServices", - "ecs:ListTagsForResource", - "ecs:ListTaskDefinitionFamilies", - "ecs:ListTaskDefinitions", - "eks:DescribeCluster", - "eks:DescribeFargateProfile", - "eks:DescribeNodegroup", - "eks:ListClusters", - "eks:ListFargateProfiles", - "eks:ListNodegroups", - "eks:ListTagsForResource", - "elasticache:DescribeCacheClusters", - "elasticache:DescribeCacheParameterGroups", - "elasticache:DescribeCacheSubnetGroups", - "elasticache:DescribeReplicationGroups", - "elasticache:DescribeSnapshots", - "elasticache:ListTagsForResource", - "elasticbeanstalk:DescribeConfigurationSettings", - "elasticbeanstalk:DescribeEnvironments", - "elasticfilesystem:DescribeAccessPoints", - "elasticfilesystem:DescribeBackupPolicy", - "elasticfilesystem:DescribeFileSystemPolicy", - "elasticfilesystem:DescribeFileSystems", - "elasticfilesystem:DescribeLifecycleConfiguration", - "elasticfilesystem:DescribeMountTargets", - "elasticfilesystem:DescribeMountTargetSecurityGroups", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTags", - "elasticmapreduce:DescribeCluster", - "elasticmapreduce:DescribeSecurityConfiguration", - "elasticmapreduce:DescribeStep", - "elasticmapreduce:GetBlockPublicAccessConfiguration", - "elasticmapreduce:GetManagedScalingPolicy", - "elasticmapreduce:ListClusters", - "elasticmapreduce:ListInstanceFleets", - "elasticmapreduce:ListInstanceGroups", - "elasticmapreduce:ListInstances", - "elasticmapreduce:ListSecurityConfigurations", - "elasticmapreduce:ListSteps", - "es:DescribeDomain", - "es:DescribeDomains", - "es:DescribeElasticsearchDomain", - "es:DescribeElasticsearchDomains", - "es:GetCompatibleElasticsearchVersions", - "es:GetCompatibleVersions", - "es:ListDomainNames", - "es:ListTags", - "firehose:DescribeDeliveryStream", - "firehose:ListDeliveryStreams", - "firehose:ListTagsForDeliveryStream", - "fsx:DescribeFileSystems", - "fsx:ListTagsForResource", - "globalaccelerator:DescribeAccelerator", - "globalaccelerator:DescribeEndpointGroup", - "globalaccelerator:DescribeListener", - "globalaccelerator:ListAccelerators", - "globalaccelerator:ListEndpointGroups", - "globalaccelerator:ListListeners", - "globalaccelerator:ListTagsForResource", - "guardduty:GetDetector", - "guardduty:GetFindings", - "guardduty:GetMasterAccount", - "guardduty:ListDetectors", - "guardduty:ListFindings", - "guardduty:ListOrganizationAdminAccounts", - "iam:GenerateCredentialReport", - "iam:GetAccountAuthorizationDetails", - "iam:GetAccountPasswordPolicy", - "iam:GetAccountSummary", - "iam:GetCredentialReport", - "iam:GetGroup", - "iam:GetGroupPolicy", - "iam:GetPolicy", - "iam:GetPolicyVersion", - "iam:GetRole", - "iam:GetRolePolicy", - "iam:GetUser", - "iam:GetUserPolicy", - "iam:ListAttachedGroupPolicies", - "iam:ListAttachedRolePolicies", - "iam:ListAttachedUserPolicies", - "iam:ListEntitiesForPolicy", - "iam:ListGroupPolicies", - "iam:ListGroupsForUser", - "iam:ListInstanceProfilesForRole", - "iam:ListPolicyVersions", - "iam:ListRolePolicies", - "iam:ListUserPolicies", - "iam:ListVirtualMFADevices", - "kafka:DescribeCluster", - "kafka:ListClusters", - "kinesis:DescribeStreamConsumer", - "kinesis:DescribeStreamSummary", - "kinesis:ListStreamConsumers", - "kinesis:ListStreams", - "kinesis:ListTagsForStream", - "kms:DescribeKey", - "kms:GetKeyPolicy", - "kms:GetKeyRotationStatus", - "kms:ListAliases", - "kms:ListKeys", - "kms:ListResourceTags", - "lambda:GetAlias", - "lambda:GetFunction", - "lambda:GetFunctionCodeSigningConfig", - "lambda:GetPolicy", - "lambda:ListAliases", - "lambda:ListFunctions", - "lambda:ListVersionsByFunction", - "logs:DescribeLogGroups", - "logs:ListTagsLogGroup", - "network-firewall:DescribeLoggingConfiguration", - "network-firewall:ListFirewalls", - "opsworks:DescribeLayers", - "opsworks:ListTags", - "organizations:DescribeOrganization", - "organizations:DescribePolicy", - "organizations:ListParents", - "organizations:ListPoliciesForTarget", - "rds:DescribeDBClusterParameterGroups", - "rds:DescribeDBClusterParameters", - "rds:DescribeDBClusters", - "rds:DescribeDBClusterSnapshotAttributes", - "rds:DescribeDBClusterSnapshots", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstances", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBParameters", - "rds:DescribeDBSecurityGroups", - "rds:DescribeDBSnapshotAttributes", - "rds:DescribeDBSnapshots", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEventSubscriptions", - "rds:DescribeOptionGroups", - "rds:ListTagsForResource", - "redshift:DescribeClusterParameterGroups", - "redshift:DescribeClusterParameters", - "redshift:DescribeClusters", - "redshift:DescribeClusterSecurityGroups", - "redshift:DescribeClusterSnapshots", - "redshift:DescribeClusterSubnetGroups", - "redshift:DescribeEventSubscriptions", - "redshift:DescribeLoggingStatus", - "route53:GetHealthCheck", - "route53:GetHostedZone", - "route53:ListHealthChecks", - "route53:ListHostedZones", - "route53:ListHostedZonesByName", - "route53:ListQueryLoggingConfigs", - "route53:ListResourceRecordSets", - "route53:ListTagsForResource", - "route53resolver:GetResolverEndpoint", - "route53resolver:GetResolverRule", - "route53resolver:GetResolverRuleAssociation", - "route53resolver:ListResolverEndpointIpAddresses", - "route53resolver:ListResolverEndpoints", - "route53resolver:ListResolverRuleAssociations", - "route53resolver:ListResolverRules", - "route53resolver:ListTagsForResource", - "s3:GetAccelerateConfiguration", - "s3:GetAccessPoint", - "s3:GetAccessPointPolicy", - "s3:GetAccessPointPolicyStatus", - "s3:GetAccountPublicAccessBlock", - "s3:GetBucketAcl", - "s3:GetBucketCORS", - "s3:GetBucketLocation", - "s3:GetBucketLogging", - "s3:GetBucketNotification", - "s3:GetBucketObjectLockConfiguration", - "s3:GetBucketPolicy", - "s3:GetBucketPublicAccessBlock", - "s3:GetBucketRequestPayment", - "s3:GetBucketTagging", - "s3:GetBucketVersioning", - "s3:GetBucketWebsite", - "s3:GetEncryptionConfiguration", - "s3:GetLifecycleConfiguration", - "s3:GetReplicationConfiguration", - "s3:ListAccessPoints", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "sagemaker:DescribeCodeRepository", - "sagemaker:DescribeEndpoint", - "sagemaker:DescribeEndpointConfig", - "sagemaker:DescribeModel", - "sagemaker:DescribeMonitoringSchedule", - "sagemaker:DescribeNotebookInstance", - "sagemaker:DescribeNotebookInstanceLifecycleConfig", - "sagemaker:DescribeWorkteam", - "sagemaker:ListCodeRepositories", - "sagemaker:ListEndpointConfigs", - "sagemaker:ListEndpoints", - "sagemaker:ListModels", - "sagemaker:ListMonitoringSchedules", - "sagemaker:ListNotebookInstanceLifecycleConfigs", - "sagemaker:ListNotebookInstances", - "sagemaker:ListTags", - "sagemaker:ListWorkteams", - "secretsmanager:ListSecrets", - "secretsmanager:ListSecretVersionIds", - "securityhub:DescribeHub", - "shield:DescribeDRTAccess", - "shield:DescribeProtection", - "shield:DescribeSubscription", - "sns:GetSubscriptionAttributes", - "sns:GetTopicAttributes", - "sns:ListSubscriptions", - "sns:ListSubscriptionsByTopic", - "sns:ListTagsForResource", - "sns:ListTopics", - "sqs:GetQueueAttributes", - "sqs:ListQueues", - "sqs:ListQueueTags", - "ssm:DescribeAutomationExecutions", - "ssm:DescribeDocument", - "ssm:DescribeDocumentPermission", - "ssm:GetAutomationExecution", - "ssm:GetDocument", - "ssm:ListDocuments", - "states:DescribeActivity", - "states:DescribeStateMachine", - "states:ListActivities", - "states:ListStateMachines", - "states:ListTagsForResource", - "storagegateway:ListGateways", - "storagegateway:ListTagsForResource", - "storagegateway:ListVolumes", - "support:DescribeCases", - "tag:GetResources", - "waf-regional:GetLoggingConfiguration", - "waf-regional:GetWebACL", - "waf-regional:GetWebACLForResource", - "waf:GetLoggingConfiguration", - "waf:GetWebACL", - "wafv2:GetLoggingConfiguration", - "wafv2:GetRuleGroup", - "wafv2:ListRuleGroups", - "wafv2:ListTagsForResource", - "workspaces:DescribeConnectionAliases", - "workspaces:DescribeTags", - "workspaces:DescribeWorkspaces" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/config/*" - }, - { - "Action": "logs:PutLogEvents", - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/config/*:log-stream:config-rule-evaluation/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PP7QZ4FBG", - "PolicyName": "AWS_ConfigRole", - "UpdateDate": "2022-03-11T21:35:16+00:00", - "VersionId": "v11" - }, - "AccessAnalyzerServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AccessAnalyzerServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-12-02T17:13:10+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeAddresses", - "ec2:DescribeByoipCidrs", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcs", - "iam:GetRole", - "iam:ListRoles", - "kms:DescribeKey", - "kms:GetKeyPolicy", - "kms:ListGrants", - "kms:ListKeyPolicies", - "kms:ListKeys", - "lambda:GetLayerVersionPolicy", - "lambda:GetPolicy", - "lambda:ListAliases", - "lambda:ListFunctions", - "lambda:ListLayers", - "lambda:ListLayerVersions", - "lambda:ListVersionsByFunction", - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:DescribeOrganizationalUnit", - "organizations:ListAccounts", - "organizations:ListAccountsForParent", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:ListChildren", - "organizations:ListDelegatedAdministrators", - "organizations:ListOrganizationalUnitsForParent", - "organizations:ListParents", - "organizations:ListRoots", - "s3:DescribeMultiRegionAccessPointOperation", - "s3:GetAccessPoint", - "s3:GetAccessPointPolicy", - "s3:GetAccessPointPolicyStatus", - "s3:GetAccountPublicAccessBlock", - "s3:GetBucketAcl", - "s3:GetBucketLocation", - "s3:GetBucketPolicyStatus", - "s3:GetBucketPolicy", - "s3:GetBucketPublicAccessBlock", - "s3:GetMultiRegionAccessPoint", - "s3:GetMultiRegionAccessPointPolicy", - "s3:GetMultiRegionAccessPointPolicyStatus", - "s3:ListAccessPoints", - "s3:ListAllMyBuckets", - "s3:ListMultiRegionAccessPoints", - "sns:GetTopicAttributes", - "sns:ListTopics", - "secretsmanager:DescribeSecret", - "secretsmanager:GetResourcePolicy", - "secretsmanager:ListSecrets", - "sqs:GetQueueAttributes", - "sqs:ListQueues" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CAIXDDRI2", - "PolicyName": "AccessAnalyzerServiceRolePolicy", - "UpdateDate": "2021-09-02T16:49:47+00:00", - "VersionId": "v6" - }, - "AdministratorAccess": { - "Arn": "arn:aws:iam::aws:policy/AdministratorAccess", - "AttachmentCount": 8, - "CreateDate": "2015-02-06T18:39:46+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "*", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIWMBCKSKIEE64ZLYK", - "PolicyName": "AdministratorAccess", - "UpdateDate": "2015-02-06T18:39:46+00:00", - "VersionId": "v1" - }, - "AdministratorAccess-AWSElasticBeanstalk": { - "Arn": "arn:aws:iam::aws:policy/AdministratorAccess-AWSElasticBeanstalk", - "AttachmentCount": 0, - "CreateDate": "2021-01-22T19:36:54+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "acm:Describe*", - "acm:List*", - "autoscaling:Describe*", - "cloudformation:Describe*", - "cloudformation:Estimate*", - "cloudformation:Get*", - "cloudformation:List*", - "cloudformation:Validate*", - "cloudtrail:LookupEvents", - "cloudwatch:DescribeAlarms", - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics", - "codecommit:Get*", - "codecommit:UploadArchive", - "ec2:AllocateAddress", - "ec2:AssociateAddress", - "ec2:AuthorizeSecurityGroup*", - "ec2:CreateLaunchTemplate*", - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:DeleteLaunchTemplate*", - "ec2:DeleteSecurityGroup", - "ec2:DeleteTags", - "ec2:Describe*", - "ec2:DisassociateAddress", - "ec2:ReleaseAddress", - "ec2:RevokeSecurityGroup*", - "ecs:CreateCluster", - "ecs:DeRegisterTaskDefinition", - "ecs:Describe*", - "ecs:List*", - "ecs:RegisterTaskDefinition", - "elasticbeanstalk:*", - "elasticloadbalancing:Describe*", - "iam:GetRole", - "iam:ListAttachedRolePolicies", - "iam:ListInstanceProfiles", - "iam:ListRolePolicies", - "iam:ListRoles", - "iam:ListServerCertificates", - "logs:Describe*", - "rds:Describe*", - "s3:ListAllMyBuckets", - "sns:ListSubscriptionsByTopic", - "sns:ListTopics", - "sqs:ListQueues" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "autoscaling:*" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", - "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*", - "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*", - "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*" - ] - }, - { - "Action": [ - "cloudformation:CancelUpdateStack", - "cloudformation:ContinueUpdateRollback", - "cloudformation:CreateStack", - "cloudformation:DeleteStack", - "cloudformation:GetTemplate", - "cloudformation:ListStackResources", - "cloudformation:SignalResource", - "cloudformation:TagResource", - "cloudformation:UntagResource", - "cloudformation:UpdateStack" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:stack/awseb-*", - "arn:aws:cloudformation:*:*:stack/eb-*" - ] - }, - { - "Action": [ - "cloudwatch:DeleteAlarms", - "cloudwatch:PutMetricAlarm" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudwatch:*:*:alarm:awseb-*", - "arn:aws:cloudwatch:*:*:alarm:eb-*" - ] - }, - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:CreateProject", - "codebuild:DeleteProject", - "codebuild:StartBuild" - ], - "Effect": "Allow", - "Resource": "arn:aws:codebuild:*:*:project/Elastic-Beanstalk-*" - }, - { - "Action": [ - "dynamodb:CreateTable", - "dynamodb:DeleteTable", - "dynamodb:DescribeTable", - "dynamodb:TagResource" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:dynamodb:*:*:table/awseb-e-*", - "arn:aws:dynamodb:*:*:table/eb-*" - ] - }, - { - "Action": [ - "ec2:RebootInstances", - "ec2:TerminateInstances" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/aws:cloudformation:stack-id": [ - "arn:aws:cloudformation:*:*:stack/awseb-e-*", - "arn:aws:cloudformation:*:*:stack/eb-*" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": "ec2:RunInstances", - "Condition": { - "ArnLike": { - "ec2:LaunchTemplate": "arn:aws:ec2:*:*:launch-template/*" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ecs:DeleteCluster" - ], - "Effect": "Allow", - "Resource": "arn:aws:ecs:*:*:cluster/awseb-*" - }, - { - "Action": [ - "elasticloadbalancing:*Rule", - "elasticloadbalancing:*Tags", - "elasticloadbalancing:SetRulePriorities", - "elasticloadbalancing:SetSecurityGroups" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", - "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*/*" - ] - }, - { - "Action": [ - "elasticloadbalancing:*" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", - "arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/*/awseb-*/*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/*/eb-*/*", - "arn:aws:elasticloadbalancing:*:*:listener/awseb-*", - "arn:aws:elasticloadbalancing:*:*:listener/eb-*", - "arn:aws:elasticloadbalancing:*:*:listener/*/awseb-*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener/*/eb-*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener-rule/app/awseb-*/*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener-rule/app/eb-*/*/*/*" - ] - }, - { - "Action": [ - "iam:AddRoleToInstanceProfile", - "iam:CreateInstanceProfile", - "iam:CreateRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-elasticbeanstalk*", - "arn:aws:iam::*:instance-profile/aws-elasticbeanstalk*" - ] - }, - { - "Action": [ - "iam:AttachRolePolicy" - ], - "Condition": { - "StringLike": { - "iam:PolicyArn": [ - "arn:aws:iam::aws:policy/AWSElasticBeanstalk*", - "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalk*" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-elasticbeanstalk*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "elasticbeanstalk.amazonaws.com", - "ec2.amazonaws.com", - "ec2.amazonaws.com.cn", - "autoscaling.amazonaws.com", - "elasticloadbalancing.amazonaws.com", - "ecs.amazonaws.com", - "cloudformation.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/*" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringLike": { - "iam:AWSServiceName": [ - "autoscaling.amazonaws.com", - "elasticbeanstalk.amazonaws.com", - "elasticloadbalancing.amazonaws.com", - "managedupdates.elasticbeanstalk.amazonaws.com", - "maintenance.elasticbeanstalk.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling*", - "arn:aws:iam::*:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*", - "arn:aws:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing*", - "arn:aws:iam::*:role/aws-service-role/managedupdates.elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*", - "arn:aws:iam::*:role/aws-service-role/maintenance.elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*" - ] - }, - { - "Action": [ - "logs:CreateLogGroup", - "logs:DeleteLogGroup", - "logs:PutRetentionPolicy" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*" - }, - { - "Action": [ - "rds:*DBSubnetGroup", - "rds:AuthorizeDBSecurityGroupIngress", - "rds:CreateDBInstance", - "rds:CreateDBSecurityGroup", - "rds:DeleteDBInstance", - "rds:DeleteDBSecurityGroup", - "rds:ModifyDBInstance", - "rds:RestoreDBInstanceFromDBSnapshot" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:rds:*:*:db:*", - "arn:aws:rds:*:*:secgrp:awseb-e-*", - "arn:aws:rds:*:*:secgrp:eb-*", - "arn:aws:rds:*:*:snapshot:*", - "arn:aws:rds:*:*:subgrp:awseb-e-*", - "arn:aws:rds:*:*:subgrp:eb-*" - ] - }, - { - "Action": [ - "s3:Delete*", - "s3:Get*", - "s3:Put*" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::elasticbeanstalk-*/*" - }, - { - "Action": [ - "s3:CreateBucket", - "s3:GetBucket*", - "s3:ListBucket", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::elasticbeanstalk-*" - }, - { - "Action": [ - "sns:CreateTopic", - "sns:DeleteTopic", - "sns:GetTopicAttributes", - "sns:Publish", - "sns:SetTopicAttributes", - "sns:Subscribe", - "sns:Unsubscribe" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:ElasticBeanstalkNotifications-*" - }, - { - "Action": [ - "sqs:*QueueAttributes", - "sqs:CreateQueue", - "sqs:DeleteQueue", - "sqs:SendMessage", - "sqs:TagQueue" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sqs:*:*:awseb-e-*", - "arn:aws:sqs:*:*:eb-*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4AX52KWGWY", - "PolicyName": "AdministratorAccess-AWSElasticBeanstalk", - "UpdateDate": "2021-03-09T22:36:27+00:00", - "VersionId": "v2" - }, - "AdministratorAccess-Amplify": { - "Arn": "arn:aws:iam::aws:policy/AdministratorAccess-Amplify", - "AttachmentCount": 0, - "CreateDate": "2020-12-01T19:03:08+00:00", - "DefaultVersionId": "v7", - "Document": { - "Statement": [ - { - "Action": [ - "cloudformation:CreateChangeSet", - "cloudformation:CreateStack", - "cloudformation:DeleteStack", - "cloudformation:DescribeChangeSet", - "cloudformation:DescribeStackEvents", - "cloudformation:DescribeStackResource", - "cloudformation:DescribeStackResources", - "cloudformation:DescribeStacks", - "cloudformation:ExecuteChangeSet", - "cloudformation:GetTemplate", - "cloudformation:UpdateStack", - "cloudformation:ListStackResources", - "cloudformation:DeleteStackSet", - "cloudformation:DescribeStackSet", - "cloudformation:UpdateStackSet" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:stack/amplify-*" - ], - "Sid": "CLICloudformationPolicy" - }, - { - "Action": [ - "iam:ListRoleTags", - "iam:TagRole", - "iam:AttachRolePolicy", - "iam:CreatePolicy", - "iam:DeletePolicy", - "iam:DeleteRole", - "iam:DeleteRolePolicy", - "iam:DetachRolePolicy", - "iam:PutRolePolicy", - "iam:UpdateRole", - "iam:GetRole", - "iam:GetPolicy", - "iam:GetRolePolicy", - "iam:PassRole", - "iam:ListPolicyVersions", - "iam:CreatePolicyVersion", - "iam:DeletePolicyVersion", - "iam:CreateRole", - "iam:ListRolePolicies", - "iam:PutRolePermissionsBoundary", - "iam:DeleteRolePermissionsBoundary", - "appsync:CreateApiKey", - "appsync:CreateDataSource", - "appsync:CreateFunction", - "appsync:CreateResolver", - "appsync:CreateType", - "appsync:DeleteApiKey", - "appsync:DeleteDataSource", - "appsync:DeleteFunction", - "appsync:DeleteResolver", - "appsync:DeleteType", - "appsync:GetDataSource", - "appsync:GetFunction", - "appsync:GetIntrospectionSchema", - "appsync:GetResolver", - "appsync:GetSchemaCreationStatus", - "appsync:GetType", - "appsync:GraphQL", - "appsync:ListApiKeys", - "appsync:ListDataSources", - "appsync:ListFunctions", - "appsync:ListGraphqlApis", - "appsync:ListResolvers", - "appsync:ListResolversByFunction", - "appsync:ListTypes", - "appsync:StartSchemaCreation", - "appsync:UpdateApiKey", - "appsync:UpdateDataSource", - "appsync:UpdateFunction", - "appsync:UpdateResolver", - "appsync:UpdateType", - "appsync:TagResource", - "appsync:CreateGraphqlApi", - "appsync:DeleteGraphqlApi", - "appsync:GetGraphqlApi", - "appsync:ListTagsForResource", - "appsync:UpdateGraphqlApi", - "apigateway:DELETE", - "apigateway:GET", - "apigateway:PATCH", - "apigateway:POST", - "apigateway:PUT", - "cognito-idp:CreateUserPool", - "cognito-identity:CreateIdentityPool", - "cognito-identity:DeleteIdentityPool", - "cognito-identity:DescribeIdentity", - "cognito-identity:DescribeIdentityPool", - "cognito-identity:SetIdentityPoolRoles", - "cognito-identity:GetIdentityPoolRoles", - "cognito-identity:UpdateIdentityPool", - "cognito-idp:CreateUserPoolClient", - "cognito-idp:DeleteUserPool", - "cognito-idp:DeleteUserPoolClient", - "cognito-idp:DescribeUserPool", - "cognito-idp:DescribeUserPoolClient", - "cognito-idp:ListTagsForResource", - "cognito-idp:ListUserPoolClients", - "cognito-idp:UpdateUserPoolClient", - "cognito-idp:CreateGroup", - "cognito-idp:DeleteGroup", - "cognito-identity:TagResource", - "cognito-idp:TagResource", - "cognito-idp:UpdateUserPool", - "cognito-idp:SetUserPoolMfaConfig", - "lambda:AddPermission", - "lambda:CreateFunction", - "lambda:DeleteFunction", - "lambda:GetFunction", - "lambda:GetFunctionConfiguration", - "lambda:InvokeAsync", - "lambda:InvokeFunction", - "lambda:RemovePermission", - "lambda:UpdateFunctionCode", - "lambda:UpdateFunctionConfiguration", - "lambda:ListTags", - "lambda:TagResource", - "lambda:UntagResource", - "lambda:AddLayerVersionPermission", - "lambda:CreateEventSourceMapping", - "lambda:DeleteEventSourceMapping", - "lambda:DeleteLayerVersion", - "lambda:GetEventSourceMapping", - "lambda:GetLayerVersion", - "lambda:ListEventSourceMappings", - "lambda:ListLayerVersions", - "lambda:PublishLayerVersion", - "lambda:RemoveLayerVersionPermission", - "dynamodb:CreateTable", - "dynamodb:DeleteItem", - "dynamodb:DeleteTable", - "dynamodb:DescribeContinuousBackups", - "dynamodb:DescribeTable", - "dynamodb:DescribeTimeToLive", - "dynamodb:ListStreams", - "dynamodb:PutItem", - "dynamodb:TagResource", - "dynamodb:ListTagsOfResource", - "dynamodb:UpdateContinuousBackups", - "dynamodb:UpdateItem", - "dynamodb:UpdateTable", - "dynamodb:UpdateTimeToLive", - "s3:CreateBucket", - "s3:ListBucket", - "s3:PutBucketAcl", - "s3:PutBucketCORS", - "s3:PutBucketNotification", - "s3:PutBucketPolicy", - "s3:PutBucketWebsite", - "s3:PutObjectAcl", - "cloudfront:CreateCloudFrontOriginAccessIdentity", - "cloudfront:CreateDistribution", - "cloudfront:DeleteCloudFrontOriginAccessIdentity", - "cloudfront:DeleteDistribution", - "cloudfront:GetCloudFrontOriginAccessIdentity", - "cloudfront:GetCloudFrontOriginAccessIdentityConfig", - "cloudfront:GetDistribution", - "cloudfront:GetDistributionConfig", - "cloudfront:TagResource", - "cloudfront:UntagResource", - "cloudfront:UpdateCloudFrontOriginAccessIdentity", - "cloudfront:UpdateDistribution", - "events:DeleteRule", - "events:DescribeRule", - "events:ListRuleNamesByTarget", - "events:PutRule", - "events:PutTargets", - "events:RemoveTargets", - "mobiletargeting:GetApp", - "kinesis:AddTagsToStream", - "kinesis:CreateStream", - "kinesis:DeleteStream", - "kinesis:DescribeStream", - "kinesis:DescribeStreamSummary", - "kinesis:ListTagsForStream", - "kinesis:PutRecords", - "es:AddTags", - "es:CreateElasticsearchDomain", - "es:DeleteElasticsearchDomain", - "es:DescribeElasticsearchDomain", - "s3:PutEncryptionConfiguration" - ], - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "cloudformation.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CLIManageviaCFNPolicy" - }, - { - "Action": [ - "appsync:GetIntrospectionSchema", - "appsync:GraphQL", - "appsync:UpdateApiKey", - "appsync:ListApiKeys", - "amplify:*", - "amplifybackend:*", - "amplifyuibuilder:*", - "sts:AssumeRole", - "mobiletargeting:*", - "cognito-idp:AdminAddUserToGroup", - "cognito-idp:AdminCreateUser", - "cognito-idp:CreateGroup", - "cognito-idp:DeleteGroup", - "cognito-idp:DeleteUser", - "cognito-idp:ListUsers", - "cognito-idp:AdminGetUser", - "cognito-idp:ListUsersInGroup", - "cognito-idp:AdminDisableUser", - "cognito-idp:AdminRemoveUserFromGroup", - "cognito-idp:AdminResetUserPassword", - "cognito-idp:AdminListGroupsForUser", - "cognito-idp:ListGroups", - "cognito-idp:AdminListUserAuthEvents", - "cognito-idp:AdminDeleteUser", - "cognito-idp:AdminConfirmSignUp", - "cognito-idp:AdminEnableUser", - "cognito-idp:AdminUpdateUserAttributes", - "cognito-idp:DescribeIdentityProvider", - "cognito-idp:DescribeUserPool", - "cognito-idp:DeleteUserPool", - "cognito-idp:DescribeUserPoolClient", - "cognito-idp:CreateUserPool", - "cognito-idp:CreateUserPoolClient", - "cognito-idp:UpdateUserPool", - "cognito-idp:AdminSetUserPassword", - "cognito-idp:ListUserPools", - "cognito-idp:ListUserPoolClients", - "cognito-idp:ListIdentityProviders", - "cognito-idp:GetUserPoolMfaConfig", - "cognito-identity:GetIdentityPoolRoles", - "cognito-identity:SetIdentityPoolRoles", - "cognito-identity:CreateIdentityPool", - "cognito-identity:DeleteIdentityPool", - "cognito-identity:ListIdentityPools", - "cognito-identity:DescribeIdentityPool", - "dynamodb:DescribeTable", - "dynamodb:ListTables", - "lambda:GetFunction", - "lambda:CreateFunction", - "lambda:AddPermission", - "lambda:DeleteFunction", - "lambda:DeleteLayerVersion", - "lambda:InvokeFunction", - "lambda:ListLayerVersions", - "iam:PutRolePolicy", - "iam:CreatePolicy", - "iam:AttachRolePolicy", - "iam:ListPolicyVersions", - "iam:ListAttachedRolePolicies", - "iam:CreateRole", - "iam:PassRole", - "iam:ListRolePolicies", - "iam:DeleteRolePolicy", - "iam:CreatePolicyVersion", - "iam:DeletePolicyVersion", - "iam:DeleteRole", - "iam:DetachRolePolicy", - "cloudformation:ListStacks", - "sns:CreateSMSSandboxPhoneNumber", - "sns:GetSMSSandboxAccountStatus", - "sns:VerifySMSSandboxPhoneNumber", - "sns:DeleteSMSSandboxPhoneNumber", - "sns:ListSMSSandboxPhoneNumbers", - "sns:ListOriginationNumbers", - "rekognition:DescribeCollection", - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "lex:GetBot", - "lex:GetBuiltinIntent", - "lex:GetBuiltinIntents", - "lex:GetBuiltinSlotTypes", - "cloudformation:GetTemplateSummary", - "codecommit:GitPull" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CLISDKCalls" - }, - { - "Action": [ - "ssm:PutParameter", - "ssm:DeleteParameter", - "ssm:GetParametersByPath", - "ssm:GetParameters", - "ssm:GetParameter", - "ssm:DeleteParameters" - ], - "Effect": "Allow", - "Resource": "arn:aws:ssm:*:*:parameter/amplify/*", - "Sid": "AmplifySSMCalls" - }, - { - "Action": [ - "geo:*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "GeoPowerUser" - }, - { - "Action": [ - "s3:CreateBucket", - "s3:DeleteBucket", - "s3:DeleteBucketPolicy", - "s3:DeleteBucketWebsite", - "s3:DeleteObject", - "s3:DeleteObjectVersion", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "s3:ListBucketVersions", - "s3:PutBucketAcl", - "s3:PutBucketCORS", - "s3:PutBucketNotification", - "s3:PutBucketPolicy", - "s3:PutBucketVersioning", - "s3:PutBucketWebsite", - "s3:PutEncryptionConfiguration", - "s3:PutLifecycleConfiguration", - "s3:PutObject", - "s3:PutObjectAcl" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AmplifyStorageSDKCalls" - }, - { - "Action": [ - "cloudfront:CreateCloudFrontOriginAccessIdentity", - "cloudfront:CreateDistribution", - "cloudfront:CreateInvalidation", - "cloudfront:GetDistribution", - "cloudfront:GetDistributionConfig", - "cloudfront:ListCloudFrontOriginAccessIdentities", - "cloudfront:ListDistributions", - "cloudfront:ListDistributionsByLambdaFunction", - "cloudfront:ListDistributionsByWebACLId", - "cloudfront:ListFieldLevelEncryptionConfigs", - "cloudfront:ListFieldLevelEncryptionProfiles", - "cloudfront:ListInvalidations", - "cloudfront:ListPublicKeys", - "cloudfront:ListStreamingDistributions", - "cloudfront:UpdateDistribution", - "cloudfront:TagResource", - "cloudfront:UntagResource", - "cloudfront:ListTagsForResource", - "iam:AttachRolePolicy", - "iam:CreateRole", - "iam:CreateServiceLinkedRole", - "iam:GetRole", - "iam:PutRolePolicy", - "iam:PassRole", - "lambda:CreateFunction", - "lambda:EnableReplication", - "lambda:DeleteFunction", - "lambda:GetFunction", - "lambda:GetFunctionConfiguration", - "lambda:PublishVersion", - "lambda:UpdateFunctionCode", - "lambda:UpdateFunctionConfiguration", - "lambda:ListTags", - "lambda:TagResource", - "lambda:UntagResource", - "route53:ChangeResourceRecordSets", - "route53:ListHostedZonesByName", - "route53:ListResourceRecordSets", - "s3:CreateBucket", - "s3:GetAccelerateConfiguration", - "s3:GetObject", - "s3:ListBucket", - "s3:PutAccelerateConfiguration", - "s3:PutBucketPolicy", - "s3:PutObject", - "s3:PutBucketTagging", - "s3:GetBucketTagging", - "lambda:ListEventSourceMappings", - "lambda:CreateEventSourceMapping", - "iam:UpdateAssumeRolePolicy", - "iam:DeleteRolePolicy", - "sqs:CreateQueue", - "sqs:DeleteQueue", - "sqs:GetQueueAttributes", - "sqs:SetQueueAttributes", - "amplify:GetApp", - "amplify:GetBranch", - "amplify:UpdateApp", - "amplify:UpdateBranch" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AmplifySSRCalls" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4AML23RALR", - "PolicyName": "AdministratorAccess-Amplify", - "UpdateDate": "2021-12-01T19:07:19+00:00", - "VersionId": "v7" - }, - "AlexaForBusinessDeviceSetup": { - "Arn": "arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup", - "AttachmentCount": 0, - "CreateDate": "2017-11-30T16:47:16+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "a4b:RegisterDevice", - "a4b:CompleteRegistration", - "a4b:SearchDevices", - "a4b:SearchNetworkProfiles", - "a4b:GetNetworkProfile", - "a4b:PutDeviceSetupEvents" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "secretsmanager:GetSecretValue" - ], - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:secret:A4BNetworkProfile*", - "Sid": "A4bDeviceSetupAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIUEFZFUTDTY4HGFU2", - "PolicyName": "AlexaForBusinessDeviceSetup", - "UpdateDate": "2019-05-20T21:05:39+00:00", - "VersionId": "v2" - }, - "AlexaForBusinessFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AlexaForBusinessFullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-11-30T16:47:09+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "a4b:*", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringLike": { - "iam:AWSServiceName": [ - "*a4b.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:DeleteServiceLinkedRole", - "iam:GetServiceLinkedRoleDeletionStatus" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/*a4b.amazonaws.com/AWSServiceRoleForAlexaForBusiness*" - }, - { - "Action": [ - "secretsmanager:GetSecretValue", - "secretsmanager:DeleteSecret", - "secretsmanager:UpdateSecret" - ], - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:secret:A4B*" - }, - { - "Action": "secretsmanager:CreateSecret", - "Condition": { - "StringLike": { - "secretsmanager:Name": "A4B*" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAILUT3JGG7WRIMVNH2", - "PolicyName": "AlexaForBusinessFullAccess", - "UpdateDate": "2020-07-01T21:01:55+00:00", - "VersionId": "v5" - }, - "AlexaForBusinessGatewayExecution": { - "Arn": "arn:aws:iam::aws:policy/AlexaForBusinessGatewayExecution", - "AttachmentCount": 0, - "CreateDate": "2017-11-30T16:47:19+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "a4b:Send*", - "a4b:Get*" - ], - "Effect": "Allow", - "Resource": "arn:aws:a4b:*:*:gateway/*" - }, - { - "Action": [ - "sqs:ReceiveMessage", - "sqs:DeleteMessage" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sqs:*:*:dd-*", - "arn:aws:sqs:*:*:sd-*" - ] - }, - { - "Action": [ - "a4b:List*", - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI3LZ7YP7KHLG4DT2Q", - "PolicyName": "AlexaForBusinessGatewayExecution", - "UpdateDate": "2017-11-30T16:47:19+00:00", - "VersionId": "v1" - }, - "AlexaForBusinessLifesizeDelegatedAccessPolicy": { - "Arn": "arn:aws:iam::aws:policy/AlexaForBusinessLifesizeDelegatedAccessPolicy", - "AttachmentCount": 0, - "CreateDate": "2020-06-04T19:46:56+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "a4b:DisassociateDeviceFromRoom", - "a4b:DeleteDevice", - "a4b:UpdateDevice", - "a4b:GetDevice" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:a4b:us-east-1:*:device/*/*:A2IWO7UEGWV4TL" - ] - }, - { - "Action": [ - "a4b:RegisterAVSDevice" - ], - "Condition": { - "StringEquals": { - "a4b:amazonId": [ - "A2IWO7UEGWV4TL" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "a4b:SearchDevices" - ], - "Condition": { - "ForAllValues:StringLike": { - "a4b:filters_deviceType": [ - "*A2IWO7UEGWV4TL" - ] - }, - "Null": { - "a4b:filters_deviceType": "false" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "a4b:AssociateDeviceWithRoom" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:a4b:us-east-1:*:device/*/*:A2IWO7UEGWV4TL", - "arn:aws:a4b:us-east-1:*:room/*" - ] - }, - { - "Action": [ - "a4b:GetRoom", - "a4b:GetAddressBook", - "a4b:SearchRooms", - "a4b:CreateContact", - "a4b:CreateRoom", - "a4b:UpdateContact", - "a4b:ListConferenceProviders", - "a4b:DeleteRoom", - "a4b:CreateAddressBook", - "a4b:DisassociateContactFromAddressBook", - "a4b:CreateConferenceProvider", - "a4b:PutConferencePreference", - "a4b:DeleteAddressBook", - "a4b:AssociateContactWithAddressBook", - "a4b:DeleteContact", - "a4b:SearchProfiles", - "a4b:UpdateProfile", - "a4b:GetContact" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": "arn:aws:kms:*:*:key/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4HXQBRRIQV", - "PolicyName": "AlexaForBusinessLifesizeDelegatedAccessPolicy", - "UpdateDate": "2020-06-12T20:31:59+00:00", - "VersionId": "v2" - }, - "AlexaForBusinessNetworkProfileServicePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AlexaForBusinessNetworkProfileServicePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-03-13T00:53:40+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "acm-pca:GetCertificate", - "acm-pca:IssueCertificate", - "acm-pca:RevokeCertificate" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/a4b": "enabled" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "A4bPcaTagAccess" - }, - { - "Action": [ - "secretsmanager:GetSecretValue" - ], - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:secret:A4BNetworkProfile*", - "Sid": "A4bNetworkProfileAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI7GYBNGIZU2EDSMGQ", - "PolicyName": "AlexaForBusinessNetworkProfileServicePolicy", - "UpdateDate": "2019-04-05T21:57:56+00:00", - "VersionId": "v2" - }, - "AlexaForBusinessPolyDelegatedAccessPolicy": { - "Arn": "arn:aws:iam::aws:policy/AlexaForBusinessPolyDelegatedAccessPolicy", - "AttachmentCount": 0, - "CreateDate": "2019-10-16T19:48:45+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "a4b:DisassociateDeviceFromRoom", - "a4b:DeleteDevice", - "a4b:UpdateDevice", - "a4b:GetDevice" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:a4b:us-east-1:*:device/*/*:A238TWV36W3S92", - "arn:aws:a4b:us-east-1:*:device/*/*:A1FUZ1SC53VJXD" - ] - }, - { - "Action": [ - "a4b:RegisterAVSDevice" - ], - "Condition": { - "StringEquals": { - "a4b:amazonId": [ - "A238TWV36W3S92", - "A1FUZ1SC53VJXD" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "a4b:SearchDevices" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "a4b:AssociateDeviceWithRoom" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:a4b:us-east-1:*:device/*/*:A238TWV36W3S92", - "arn:aws:a4b:us-east-1:*:device/*/*:A1FUZ1SC53VJXD", - "arn:aws:a4b:us-east-1:*:room/*" - ] - }, - { - "Action": [ - "a4b:GetRoom", - "a4b:SearchRooms", - "a4b:CreateRoom", - "a4b:GetProfile", - "a4b:SearchSkillGroups", - "a4b:DisassociateSkillGroupFromRoom", - "a4b:AssociateSkillGroupWithRoom", - "a4b:GetSkillGroup", - "a4b:SearchProfiles", - "a4b:GetAddressBook", - "a4b:UpdateRoom" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FIHC2UP5Z", - "PolicyName": "AlexaForBusinessPolyDelegatedAccessPolicy", - "UpdateDate": "2019-10-16T19:48:45+00:00", - "VersionId": "v1" - }, - "AlexaForBusinessReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AlexaForBusinessReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2017-11-30T16:47:12+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "a4b:Get*", - "a4b:List*", - "a4b:Search*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI6BKSTB4XMLPBFFJ2", - "PolicyName": "AlexaForBusinessReadOnlyAccess", - "UpdateDate": "2019-11-20T00:25:33+00:00", - "VersionId": "v3" - }, - "AmazonAPIGatewayAdministrator": { - "Arn": "arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator", - "AttachmentCount": 0, - "CreateDate": "2015-07-09T17:34:45+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "apigateway:*" - ], - "Effect": "Allow", - "Resource": "arn:aws:apigateway:*::/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ4PT6VY5NLKTNUYSI", - "PolicyName": "AmazonAPIGatewayAdministrator", - "UpdateDate": "2015-07-09T17:34:45+00:00", - "VersionId": "v1" - }, - "AmazonAPIGatewayInvokeFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-07-09T17:36:12+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "execute-api:Invoke", - "execute-api:ManageConnections" - ], - "Effect": "Allow", - "Resource": "arn:aws:execute-api:*:*:*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIIWAX2NOOQJ4AIEQ6", - "PolicyName": "AmazonAPIGatewayInvokeFullAccess", - "UpdateDate": "2018-12-18T18:25:10+00:00", - "VersionId": "v2" - }, - "AmazonAPIGatewayPushToCloudWatchLogs": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", - "AttachmentCount": 0, - "CreateDate": "2015-11-11T23:41:46+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIK4GFO7HLKYN64ASK", - "PolicyName": "AmazonAPIGatewayPushToCloudWatchLogs", - "UpdateDate": "2015-11-11T23:41:46+00:00", - "VersionId": "v1" - }, - "AmazonAppFlowFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonAppFlowFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-06-02T23:30:14+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": "appflow:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:ListRoles", - "Effect": "Allow", - "Resource": "*", - "Sid": "ListRolesForRedshift" - }, - { - "Action": [ - "kms:ListKeys", - "kms:DescribeKey", - "kms:ListAliases" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "KMSListAccess" - }, - { - "Action": [ - "kms:CreateGrant" - ], - "Condition": { - "Bool": { - "kms:GrantIsForAWSResource": "true" - }, - "StringLike": { - "kms:ViaService": "appflow.*.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "KMSGrantAccess" - }, - { - "Action": [ - "kms:ListGrants" - ], - "Condition": { - "StringLike": { - "kms:ViaService": "appflow.*.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "KMSListGrantAccess" - }, - { - "Action": [ - "s3:ListAllMyBuckets", - "s3:ListBucket", - "s3:GetBucketLocation", - "s3:GetBucketPolicy" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "S3ReadAccess" - }, - { - "Action": [ - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::appflow-*", - "Sid": "S3PutBucketPolicyAccess" - }, - { - "Action": "secretsmanager:CreateSecret", - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "appflow.amazonaws.com" - ] - }, - "StringLike": { - "secretsmanager:Name": "appflow!*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "SecretsManagerCreateSecretAccess" - }, - { - "Action": [ - "secretsmanager:PutResourcePolicy" - ], - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "appflow.amazonaws.com" - ] - }, - "StringEqualsIgnoreCase": { - "secretsmanager:ResourceTag/aws:secretsmanager:owningService": "appflow" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "SecretsManagerPutResourcePolicyAccess" - }, - { - "Action": [ - "lambda:ListFunctions" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "LambdaListFunctions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PGBU2ALC4", - "PolicyName": "AmazonAppFlowFullAccess", - "UpdateDate": "2022-02-28T23:11:23+00:00", - "VersionId": "v3" - }, - "AmazonAppFlowReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonAppFlowReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-06-02T23:26:51+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "appflow:DescribeConnector", - "appflow:DescribeConnectors", - "appflow:DescribeConnectorProfiles", - "appflow:DescribeFlows", - "appflow:DescribeFlowExecution", - "appflow:DescribeConnectorFields", - "appflow:ListConnectors", - "appflow:ListConnectorFields", - "appflow:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CCGEQPIQI", - "PolicyName": "AmazonAppFlowReadOnlyAccess", - "UpdateDate": "2022-02-28T20:42:58+00:00", - "VersionId": "v2" - }, - "AmazonAppStreamFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonAppStreamFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:09+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "appstream:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "application-autoscaling:DeleteScalingPolicy", - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DescribeScalingPolicies", - "application-autoscaling:PutScalingPolicy", - "application-autoscaling:RegisterScalableTarget", - "application-autoscaling:DescribeScheduledActions", - "application-autoscaling:PutScheduledAction", - "application-autoscaling:DeleteScheduledAction" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:DeleteAlarms", - "cloudwatch:DescribeAlarms", - "cloudwatch:GetMetricStatistics", - "cloudwatch:PutMetricAlarm" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeVpcEndpoints" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:ListRoles", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringLike": { - "iam:PassedToService": "application-autoscaling.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/service-role/ApplicationAutoScalingForAmazonAppStreamAccess" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "appstream.application-autoscaling.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/appstream.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_AppStreamFleet" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJLZZXU2YQVGL4QDNC", - "PolicyName": "AmazonAppStreamFullAccess", - "UpdateDate": "2020-08-28T17:24:35+00:00", - "VersionId": "v6" - }, - "AmazonAppStreamReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonAppStreamReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:10+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "appstream:Get*", - "appstream:List*", - "appstream:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJXIFDGB4VBX23DX7K", - "PolicyName": "AmazonAppStreamReadOnlyAccess", - "UpdateDate": "2016-12-07T21:00:06+00:00", - "VersionId": "v2" - }, - "AmazonAppStreamServiceAccess": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonAppStreamServiceAccess", - "AttachmentCount": 0, - "CreateDate": "2016-11-19T04:17:37+00:00", - "DefaultVersionId": "v8", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeVpcs", - "ec2:DescribeSubnets", - "ec2:DescribeAvailabilityZones", - "ec2:CreateNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DeleteNetworkInterface", - "ec2:DescribeSubnets", - "ec2:AssociateAddress", - "ec2:DisassociateAddress", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeVpcEndpoints", - "s3:ListAllMyBuckets", - "ds:DescribeDirectories" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:CreateBucket", - "s3:ListBucket", - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:GetObjectVersion", - "s3:DeleteObjectVersion", - "s3:GetBucketPolicy", - "s3:PutBucketPolicy", - "s3:PutEncryptionConfiguration" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::appstream2-36fb080bb8-*", - "arn:aws:s3:::appstream-app-settings-*", - "arn:aws:s3:::appstream-logs-*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAISBRZ7LMMCBYEF3SE", - "PolicyName": "AmazonAppStreamServiceAccess", - "UpdateDate": "2020-06-26T16:33:54+00:00", - "VersionId": "v8" - }, - "AmazonAthenaFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonAthenaFullAccess", - "AttachmentCount": 0, - "CreateDate": "2016-11-30T16:46:01+00:00", - "DefaultVersionId": "v7", - "Document": { - "Statement": [ - { - "Action": [ - "athena:*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "glue:CreateDatabase", - "glue:DeleteDatabase", - "glue:GetDatabase", - "glue:GetDatabases", - "glue:UpdateDatabase", - "glue:CreateTable", - "glue:DeleteTable", - "glue:BatchDeleteTable", - "glue:UpdateTable", - "glue:GetTable", - "glue:GetTables", - "glue:BatchCreatePartition", - "glue:CreatePartition", - "glue:DeletePartition", - "glue:BatchDeletePartition", - "glue:UpdatePartition", - "glue:GetPartition", - "glue:GetPartitions", - "glue:BatchGetPartition" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:ListMultipartUploadParts", - "s3:AbortMultipartUpload", - "s3:CreateBucket", - "s3:PutObject", - "s3:PutBucketPublicAccessBlock" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-athena-query-results-*" - ] - }, - { - "Action": [ - "s3:GetObject", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::athena-examples*" - ] - }, - { - "Action": [ - "s3:ListBucket", - "s3:GetBucketLocation", - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "sns:ListTopics", - "sns:GetTopicAttributes" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "cloudwatch:PutMetricAlarm", - "cloudwatch:DescribeAlarms", - "cloudwatch:DeleteAlarms" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "lakeformation:GetDataAccess" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIPJMLMD4C7RYZ6XCK", - "PolicyName": "AmazonAthenaFullAccess", - "UpdateDate": "2021-07-07T20:15:04+00:00", - "VersionId": "v7" - }, - "AmazonAugmentedAIFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonAugmentedAIFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-12-03T16:21:56+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "sagemaker:*HumanLoop", - "sagemaker:*HumanLoops", - "sagemaker:*FlowDefinition", - "sagemaker:*FlowDefinitions", - "sagemaker:*HumanTaskUi", - "sagemaker:*HumanTaskUis" - ], - "Condition": { - "StringEqualsIfExists": { - "sagemaker:WorkteamType": [ - "private-crowd", - "vendor-crowd" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "sagemaker.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4HJOEBWQWI", - "PolicyName": "AmazonAugmentedAIFullAccess", - "UpdateDate": "2019-12-03T16:21:56+00:00", - "VersionId": "v1" - }, - "AmazonAugmentedAIHumanLoopFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonAugmentedAIHumanLoopFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-12-03T16:20:47+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "sagemaker:*HumanLoop", - "sagemaker:*HumanLoops" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4DLDNVPZG4", - "PolicyName": "AmazonAugmentedAIHumanLoopFullAccess", - "UpdateDate": "2019-12-03T16:20:47+00:00", - "VersionId": "v1" - }, - "AmazonAugmentedAIIntegratedAPIAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonAugmentedAIIntegratedAPIAccess", - "AttachmentCount": 0, - "CreateDate": "2020-04-22T20:47:32+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "sagemaker:*HumanLoop", - "sagemaker:*HumanLoops", - "sagemaker:*FlowDefinition", - "sagemaker:*FlowDefinitions", - "sagemaker:*HumanTaskUi", - "sagemaker:*HumanTaskUis" - ], - "Condition": { - "StringEqualsIfExists": { - "sagemaker:WorkteamType": [ - "private-crowd", - "vendor-crowd" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "textract:AnalyzeDocument" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "rekognition:DetectModerationLabels" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "sagemaker.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4A7KC4RFTV", - "PolicyName": "AmazonAugmentedAIIntegratedAPIAccess", - "UpdateDate": "2020-04-22T20:47:32+00:00", - "VersionId": "v1" - }, - "AmazonBraketFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonBraketFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-08-06T20:12:37+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:ListBucket", - "s3:CreateBucket", - "s3:PutBucketPublicAccessBlock", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::amazon-braket-*" - }, - { - "Action": [ - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage", - "ecr:BatchCheckLayerAvailability" - ], - "Effect": "Allow", - "Resource": "arn:aws:ecr:*:*:repository/amazon-braket*" - }, - { - "Action": [ - "ecr:GetAuthorizationToken" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:Describe*", - "logs:Get*", - "logs:List*", - "logs:StartQuery", - "logs:StopQuery", - "logs:TestMetricFilter", - "logs:FilterLogEvents" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/braket*" - }, - { - "Action": [ - "iam:ListRoles", - "iam:ListRolePolicies", - "iam:GetRole", - "iam:GetRolePolicy", - "iam:ListAttachedRolePolicies" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sagemaker:ListNotebookInstances" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sagemaker:CreatePresignedNotebookInstanceUrl", - "sagemaker:CreateNotebookInstance", - "sagemaker:DeleteNotebookInstance", - "sagemaker:DescribeNotebookInstance", - "sagemaker:StartNotebookInstance", - "sagemaker:StopNotebookInstance", - "sagemaker:UpdateNotebookInstance", - "sagemaker:ListTags", - "sagemaker:AddTags", - "sagemaker:DeleteTags" - ], - "Effect": "Allow", - "Resource": "arn:aws:sagemaker:*:*:notebook-instance/amazon-braket-*" - }, - { - "Action": [ - "sagemaker:DescribeNotebookInstanceLifecycleConfig", - "sagemaker:CreateNotebookInstanceLifecycleConfig", - "sagemaker:DeleteNotebookInstanceLifecycleConfig", - "sagemaker:ListNotebookInstanceLifecycleConfigs", - "sagemaker:UpdateNotebookInstanceLifecycleConfig" - ], - "Effect": "Allow", - "Resource": "arn:aws:sagemaker:*:*:notebook-instance-lifecycle-config/amazon-braket-*" - }, - { - "Action": "braket:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "braket.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/braket.amazonaws.com/AWSServiceRoleForAmazonBraket*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": [ - "sagemaker.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/service-role/AmazonBraketServiceSageMakerNotebookRole*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": [ - "braket.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/service-role/AmazonBraketJobsExecutionRole*" - }, - { - "Action": [ - "logs:GetQueryResults" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:*" - ] - }, - { - "Action": [ - "logs:PutLogEvents", - "logs:CreateLogStream", - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/braket*" - }, - { - "Action": "cloudwatch:PutMetricData", - "Condition": { - "StringEquals": { - "cloudwatch:namespace": "/aws/braket" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4HUAKO7NZO", - "PolicyName": "AmazonBraketFullAccess", - "UpdateDate": "2021-11-28T05:31:50+00:00", - "VersionId": "v4" - }, - "AmazonBraketJobsExecutionPolicy": { - "Arn": "arn:aws:iam::aws:policy/AmazonBraketJobsExecutionPolicy", - "AttachmentCount": 0, - "CreateDate": "2021-11-26T19:34:41+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:ListBucket", - "s3:CreateBucket", - "s3:PutBucketPublicAccessBlock", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::amazon-braket-*" - }, - { - "Action": [ - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage", - "ecr:BatchCheckLayerAvailability" - ], - "Effect": "Allow", - "Resource": "arn:aws:ecr:*:*:repository/amazon-braket*" - }, - { - "Action": [ - "ecr:GetAuthorizationToken" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "braket:CancelJob", - "braket:CancelQuantumTask", - "braket:CreateJob", - "braket:CreateQuantumTask", - "braket:GetDevice", - "braket:GetJob", - "braket:GetQuantumTask", - "braket:SearchDevices", - "braket:SearchJobs", - "braket:SearchQuantumTasks", - "braket:ListTagsForResource", - "braket:TagResource", - "braket:UntagResource" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": [ - "braket.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/service-role/AmazonBraketJobsExecutionRole*" - }, - { - "Action": [ - "iam:ListRoles" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/*" - }, - { - "Action": [ - "logs:GetQueryResults" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:*" - ] - }, - { - "Action": [ - "logs:PutLogEvents", - "logs:CreateLogStream", - "logs:CreateLogGroup", - "logs:GetLogEvents", - "logs:DescribeLogStreams", - "logs:StartQuery", - "logs:StopQuery" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/braket*" - }, - { - "Action": "cloudwatch:PutMetricData", - "Condition": { - "StringEquals": { - "cloudwatch:namespace": "/aws/braket" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CBFQZHJ3B", - "PolicyName": "AmazonBraketJobsExecutionPolicy", - "UpdateDate": "2021-11-28T05:34:55+00:00", - "VersionId": "v2" - }, - "AmazonBraketServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonBraketServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-08-04T17:12:23+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "s3:PutObject", - "s3:GetObject", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::amazon-braket-*" - }, - { - "Action": [ - "logs:PutLogEvents", - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:CreateLogGroup", - "logs:DescribeLogGroups" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/braket:*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NIYU42I3S", - "PolicyName": "AmazonBraketServiceRolePolicy", - "UpdateDate": "2020-08-06T20:10:42+00:00", - "VersionId": "v2" - }, - "AmazonChimeFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonChimeFullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-11-01T22:15:43+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "chime:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:ListBucket", - "s3:ListAllMyBuckets", - "s3:GetBucketAcl", - "s3:GetBucketLocation", - "s3:GetBucketLogging", - "s3:GetBucketVersioning", - "s3:GetBucketWebsite" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:CreateLogDelivery", - "logs:DeleteLogDelivery", - "logs:GetLogDelivery", - "logs:ListLogDeliveries", - "logs:DescribeResourcePolicies", - "logs:PutResourcePolicy", - "logs:CreateLogGroup", - "logs:DescribeLogGroups" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sns:CreateTopic", - "sns:GetTopicAttributes" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sns:*:*:ChimeVoiceConnector-Streaming*" - ] - }, - { - "Action": [ - "sqs:GetQueueAttributes", - "sqs:CreateQueue" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sqs:*:*:ChimeVoiceConnector-Streaming*" - ] - }, - { - "Action": [ - "kinesis:ListStreams" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kinesis:DescribeStream" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:kinesis:*:*:stream/chime-chat-*", - "arn:aws:kinesis:*:*:stream/chime-messaging-*" - ] - }, - { - "Action": [ - "s3:GetEncryptionConfiguration", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::chime-chat-*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIUJFSAKUERNORYRWO", - "PolicyName": "AmazonChimeFullAccess", - "UpdateDate": "2020-12-14T21:00:52+00:00", - "VersionId": "v3" - }, - "AmazonChimeReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AmazonChimeReadOnly", - "AttachmentCount": 0, - "CreateDate": "2017-11-01T22:04:17+00:00", - "DefaultVersionId": "v10", - "Document": { - "Statement": [ - { - "Action": [ - "chime:List*", - "chime:Get*", - "chime:Describe*", - "chime:SearchAvailablePhoneNumbers" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJLBFZZFABRXVWRTCI", - "PolicyName": "AmazonChimeReadOnly", - "UpdateDate": "2020-12-14T20:53:57+00:00", - "VersionId": "v10" - }, - "AmazonChimeSDK": { - "Arn": "arn:aws:iam::aws:policy/AmazonChimeSDK", - "AttachmentCount": 0, - "CreateDate": "2020-02-04T21:53:37+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "chime:CreateMeeting", - "chime:CreateMeetingWithAttendees", - "chime:DeleteMeeting", - "chime:GetMeeting", - "chime:ListMeetings", - "chime:CreateAttendee", - "chime:BatchCreateAttendee", - "chime:DeleteAttendee", - "chime:GetAttendee", - "chime:ListAttendees", - "chime:ListAttendeeTags", - "chime:ListMeetingTags", - "chime:ListTagsForResource", - "chime:TagAttendee", - "chime:TagMeeting", - "chime:TagResource", - "chime:UntagAttendee", - "chime:UntagMeeting", - "chime:UntagResource", - "chime:StartMeetingTranscription", - "chime:StopMeetingTranscription" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4ACM6EA4B7", - "PolicyName": "AmazonChimeSDK", - "UpdateDate": "2021-10-21T18:04:27+00:00", - "VersionId": "v4" - }, - "AmazonChimeServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-09-30T22:25:06+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringLike": { - "iam:AWSServiceName": "chime.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/chime.amazonaws.com/AWSServiceRoleForAmazonChime" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NA5XMV3PI", - "PolicyName": "AmazonChimeServiceRolePolicy", - "UpdateDate": "2019-09-30T22:25:06+00:00", - "VersionId": "v1" - }, - "AmazonChimeTranscriptionServiceLinkedRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeTranscriptionServiceLinkedRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-08-04T21:47:41+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "transcribe:StartStreamTranscription", - "transcribe:StartMedicalStreamTranscription" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4DC6EM4O3Q", - "PolicyName": "AmazonChimeTranscriptionServiceLinkedRolePolicy", - "UpdateDate": "2021-08-04T21:47:41+00:00", - "VersionId": "v1" - }, - "AmazonChimeUserManagement": { - "Arn": "arn:aws:iam::aws:policy/AmazonChimeUserManagement", - "AttachmentCount": 0, - "CreateDate": "2017-11-01T22:17:26+00:00", - "DefaultVersionId": "v8", - "Document": { - "Statement": [ - { - "Action": [ - "chime:ListAccounts", - "chime:GetAccount", - "chime:GetAccountSettings", - "chime:UpdateAccountSettings", - "chime:ListUsers", - "chime:GetUser", - "chime:GetUserByEmail", - "chime:InviteUsers", - "chime:InviteUsersFromProvider", - "chime:SuspendUsers", - "chime:ActivateUsers", - "chime:UpdateUserLicenses", - "chime:ResetPersonalPIN", - "chime:LogoutUser", - "chime:ListDomains", - "chime:GetDomain", - "chime:ListDirectories", - "chime:ListGroups", - "chime:SubmitSupportRequest", - "chime:ListDelegates", - "chime:ListAccountUsageReportData", - "chime:GetMeetingDetail", - "chime:ListMeetingEvents", - "chime:ListMeetingsReportData", - "chime:GetUserActivityReportData", - "chime:UpdateUser", - "chime:BatchUpdateUser", - "chime:BatchSuspendUser", - "chime:BatchUnsuspendUser", - "chime:AssociatePhoneNumberWithUser", - "chime:DisassociatePhoneNumberFromUser", - "chime:GetPhoneNumber", - "chime:ListPhoneNumbers", - "chime:GetUserSettings", - "chime:UpdateUserSettings", - "chime:CreateUser", - "chime:AssociateSigninDelegateGroupsWithAccount", - "chime:DisassociateSigninDelegateGroupsFromAccount" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJGLHVUHNMQPSDGSOO", - "PolicyName": "AmazonChimeUserManagement", - "UpdateDate": "2020-02-18T19:26:10+00:00", - "VersionId": "v8" - }, - "AmazonChimeVoiceConnectorServiceLinkedRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeVoiceConnectorServiceLinkedRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-09-30T22:16:42+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "chime:GetVoiceConnector*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "kinesisvideo:GetDataEndpoint", - "kinesisvideo:PutMedia", - "kinesisvideo:UpdateDataRetention", - "kinesisvideo:DescribeStream", - "kinesisvideo:CreateStream" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:kinesisvideo:*:*:stream/ChimeVoiceConnector-*" - ] - }, - { - "Action": [ - "kinesisvideo:ListStreams" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "SNS:Publish" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sns:*:*:ChimeVoiceConnector-Streaming*" - ] - }, - { - "Action": [ - "sqs:SendMessage" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sqs:*:*:ChimeVoiceConnector-Streaming*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4GP44ZBY4P", - "PolicyName": "AmazonChimeVoiceConnectorServiceLinkedRolePolicy", - "UpdateDate": "2021-12-21T00:08:05+00:00", - "VersionId": "v2" - }, - "AmazonCloudDirectoryFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonCloudDirectoryFullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-02-25T00:41:39+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "clouddirectory:*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJG3XQK77ATFLCF2CK", - "PolicyName": "AmazonCloudDirectoryFullAccess", - "UpdateDate": "2017-02-25T00:41:39+00:00", - "VersionId": "v1" - }, - "AmazonCloudDirectoryReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonCloudDirectoryReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2017-02-28T23:42:06+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "clouddirectory:List*", - "clouddirectory:Get*", - "clouddirectory:LookupPolicy", - "clouddirectory:BatchRead" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAICMSZQGR3O62KMD6M", - "PolicyName": "AmazonCloudDirectoryReadOnlyAccess", - "UpdateDate": "2017-02-28T23:42:06+00:00", - "VersionId": "v1" - }, - "AmazonCloudWatchEvidentlyFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonCloudWatchEvidentlyFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-11-29T15:10:14+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "evidently:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:ListRoles" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/service-role/CloudWatchRUMEvidentlyRole-*" - ] - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*" - }, - { - "Action": [ - "cloudwatch:GetMetricData", - "cloudwatch:GetMetricStatistics", - "cloudwatch:DescribeAlarmHistory", - "cloudwatch:DescribeAlarmsForMetric", - "cloudwatch:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:DescribeAlarms", - "cloudwatch:TagResource", - "cloudwatch:UnTagResource" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudwatch:*:*:alarm:*" - ] - }, - { - "Action": [ - "cloudtrail:LookupEvents" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:PutMetricAlarm" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudwatch:*:*:alarm:Evidently-Alarm-*" - ] - }, - { - "Action": [ - "sns:ListTopics" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "sns:CreateTopic", - "sns:Subscribe", - "sns:ListSubscriptionsByTopic" - ], - "Effect": "Allow", - "Resource": [ - "arn:*:sns:*:*:Evidently-*" - ] - }, - { - "Action": [ - "logs:DescribeLogGroups" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4OBNGJAXBS", - "PolicyName": "AmazonCloudWatchEvidentlyFullAccess", - "UpdateDate": "2021-11-29T15:10:14+00:00", - "VersionId": "v1" - }, - "AmazonCloudWatchEvidentlyReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonCloudWatchEvidentlyReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2021-11-29T15:08:38+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "evidently:GetExperiment", - "evidently:GetFeature", - "evidently:GetLaunch", - "evidently:GetProject", - "evidently:ListExperiments", - "evidently:ListFeatures", - "evidently:ListLaunches", - "evidently:ListProjects" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4EQ6XHY7DQ", - "PolicyName": "AmazonCloudWatchEvidentlyReadOnlyAccess", - "UpdateDate": "2021-11-29T15:08:38+00:00", - "VersionId": "v1" - }, - "AmazonCloudWatchRUMFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonCloudWatchRUMFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-11-29T15:46:12+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "rum:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:GetRole", - "iam:CreateServiceLinkedRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/rum.amazonaws.com/AWSServiceRoleForRealUserMonitoring" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "cognito-identity.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/RUM-Monitor*" - ] - }, - { - "Action": [ - "cloudwatch:GetMetricData", - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:DescribeAlarms" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudwatch:*:*:alarm:*" - }, - { - "Action": [ - "cognito-identity:CreateIdentityPool", - "cognito-identity:ListIdentityPools", - "cognito-identity:DescribeIdentityPool", - "cognito-identity:GetIdentityPoolRoles", - "cognito-identity:SetIdentityPoolRoles" - ], - "Effect": "Allow", - "Resource": "arn:aws:cognito-identity:*:*:identitypool/*" - }, - { - "Action": [ - "logs:CreateLogGroup", - "logs:DeleteLogGroup", - "logs:PutRetentionPolicy", - "logs:CreateLogStream" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:*RUMService*" - }, - { - "Action": [ - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - "logs:DescribeResourcePolicies" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:DescribeLogGroups" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group::log-stream:*" - }, - { - "Action": [ - "synthetics:describeCanaries", - "synthetics:describeCanariesLastRun" - ], - "Effect": "Allow", - "Resource": "arn:aws:synthetics:*:*:canary:*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4DPYSNOE6F", - "PolicyName": "AmazonCloudWatchRUMFullAccess", - "UpdateDate": "2021-11-29T15:46:12+00:00", - "VersionId": "v1" - }, - "AmazonCloudWatchRUMReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonCloudWatchRUMReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2021-11-29T15:43:47+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "rum:GetAppMonitor", - "rum:GetAppMonitorData", - "rum:ListAppMonitors" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MNS2SANVJ", - "PolicyName": "AmazonCloudWatchRUMReadOnlyAccess", - "UpdateDate": "2021-11-29T15:43:47+00:00", - "VersionId": "v1" - }, - "AmazonCloudWatchRUMServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonCloudWatchRUMServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-11-17T23:17:23+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "xray:PutTraceSegments" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4GYUK4NU52", - "PolicyName": "AmazonCloudWatchRUMServiceRolePolicy", - "UpdateDate": "2021-11-17T23:17:23+00:00", - "VersionId": "v1" - }, - "AmazonCodeGuruProfilerAgentAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruProfilerAgentAccess", - "AttachmentCount": 0, - "CreateDate": "2021-02-05T22:11:56+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "codeguru-profiler:ConfigureAgent", - "codeguru-profiler:CreateProfilingGroup", - "codeguru-profiler:PostAgentProfile" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NJEGTVMFC", - "PolicyName": "AmazonCodeGuruProfilerAgentAccess", - "UpdateDate": "2021-04-02T23:21:37+00:00", - "VersionId": "v2" - }, - "AmazonCodeGuruProfilerFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruProfilerFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-12-03T10:13:27+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "codeguru-profiler:*", - "iam:ListRoles", - "iam:ListUsers", - "sns:ListTopics", - "codeguru:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "codeguru-profiler.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/*AWSServiceRoleForCodeGuruProfiler*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FVCBNS424", - "PolicyName": "AmazonCodeGuruProfilerFullAccess", - "UpdateDate": "2020-07-15T03:23:08+00:00", - "VersionId": "v4" - }, - "AmazonCodeGuruProfilerReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruProfilerReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-12-03T10:30:15+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "codeguru:Get*", - "codeguru-profiler:BatchGet*", - "codeguru-profiler:Describe*", - "codeguru-profiler:Get*", - "codeguru-profiler:List*", - "iam:ListRoles", - "iam:ListUsers" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LUSUINUHE", - "PolicyName": "AmazonCodeGuruProfilerReadOnlyAccess", - "UpdateDate": "2020-06-27T23:52:52+00:00", - "VersionId": "v3" - }, - "AmazonCodeGuruReviewerFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruReviewerFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-12-03T08:33:47+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "codeguru-reviewer:*", - "codeguru:*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonCodeGuruReviewerFullAccess" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "codeguru-reviewer.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", - "Sid": "AmazonCodeGuruReviewerSLRCreation" - }, - { - "Action": [ - "iam:DeleteServiceLinkedRole", - "iam:GetServiceLinkedRoleDeletionStatus" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", - "Sid": "AmazonCodeGuruReviewerSLRDeletion" - }, - { - "Action": [ - "codecommit:ListRepositories" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeCommitAccess" - }, - { - "Action": [ - "codecommit:TagResource", - "codecommit:UntagResource" - ], - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": "codeguru-reviewer" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeCommitTagManagement" - }, - { - "Action": [ - "codestar-connections:TagResource", - "codestar-connections:UntagResource", - "codestar-connections:ListTagsForResource" - ], - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": "codeguru-reviewer" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeConnectTagManagement" - }, - { - "Action": [ - "codestar-connections:UseConnection", - "codestar-connections:ListConnections", - "codestar-connections:PassConnection" - ], - "Condition": { - "ForAllValues:StringEquals": { - "codestar-connections:ProviderAction": [ - "ListRepositories", - "ListOwners" - ] - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CodeConnectManagedRules" - }, - { - "Action": [ - "events:PutRule", - "events:PutTargets", - "events:DeleteRule", - "events:RemoveTargets" - ], - "Condition": { - "StringEquals": { - "events:ManagedBy": "codeguru-reviewer.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CloudWatchEventsManagedRules" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4ENLFBTHWM", - "PolicyName": "AmazonCodeGuruReviewerFullAccess", - "UpdateDate": "2020-08-29T04:16:08+00:00", - "VersionId": "v3" - }, - "AmazonCodeGuruReviewerReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruReviewerReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-12-03T08:48:24+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "codeguru:Get*", - "codeguru-reviewer:List*", - "codeguru-reviewer:Describe*", - "codeguru-reviewer:Get*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonCodeGuruReviewerReadOnlyAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FOJ4PYG77", - "PolicyName": "AmazonCodeGuruReviewerReadOnlyAccess", - "UpdateDate": "2020-08-29T04:15:32+00:00", - "VersionId": "v2" - }, - "AmazonCodeGuruReviewerServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonCodeGuruReviewerServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-12-03T05:31:12+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "codecommit:GetRepository", - "codecommit:GetBranch", - "codecommit:DescribePullRequestEvents", - "codecommit:GetCommentsForPullRequest", - "codecommit:GetDifferences", - "codecommit:GetPullRequest", - "codecommit:ListPullRequests", - "codecommit:PostCommentForPullRequest", - "codecommit:GitPull", - "codecommit:UntagResource" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/codeguru-reviewer": "enabled" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AccessCodeGuruReviewerEnabledRepositories" - }, - { - "Action": [ - "codestar-connections:UseConnection" - ], - "Condition": { - "ForAllValues:StringEquals": { - "codestar-connections:ProviderAction": [ - "ListBranches", - "GetBranch", - "ListRepositories", - "ListOwners", - "ListPullRequests", - "GetPullRequest", - "ListPullRequestComments", - "ListPullRequestCommits", - "ListCommitFiles", - "ListBranchCommits", - "CreatePullRequestDiffComment", - "GitPull" - ] - }, - "Null": { - "aws:ResourceTag/codeguru-reviewer": "false" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AccessCodeGuruReviewerEnabledConnections" - }, - { - "Action": [ - "events:DeleteRule", - "events:RemoveTargets" - ], - "Condition": { - "StringEquals": { - "events:ManagedBy": "codeguru-reviewer.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "CloudWatchEventsResourceCleanup" - }, - { - "Action": [ - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::codeguru-reviewer-*", - "arn:aws:s3:::codeguru-reviewer-*/*" - ], - "Sid": "AllowGuruS3GetObject" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NJY3GAUD2", - "PolicyName": "AmazonCodeGuruReviewerServiceRolePolicy", - "UpdateDate": "2020-11-27T15:09:46+00:00", - "VersionId": "v4" - }, - "AmazonCognitoDeveloperAuthenticatedIdentities": { - "Arn": "arn:aws:iam::aws:policy/AmazonCognitoDeveloperAuthenticatedIdentities", - "AttachmentCount": 0, - "CreateDate": "2015-03-24T17:22:23+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cognito-identity:GetOpenIdTokenForDeveloperIdentity", - "cognito-identity:LookupDeveloperIdentity", - "cognito-identity:MergeDeveloperIdentities", - "cognito-identity:UnlinkDeveloperIdentity" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIQOKZ5BGKLCMTXH4W", - "PolicyName": "AmazonCognitoDeveloperAuthenticatedIdentities", - "UpdateDate": "2015-03-24T17:22:23+00:00", - "VersionId": "v1" - }, - "AmazonCognitoIdpEmailServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonCognitoIdpEmailServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-03-21T21:32:25+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ses:SendEmail", - "ses:SendRawEmail" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ses:List*" - ], - "Effect": "Deny", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIX7PW362PLAQFKBHM", - "PolicyName": "AmazonCognitoIdpEmailServiceRolePolicy", - "UpdateDate": "2019-03-21T21:32:25+00:00", - "VersionId": "v1" - }, - "AmazonCognitoIdpServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonCognitoIdpServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-06-26T22:30:20+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cognito-idp:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LEUDXVZDR", - "PolicyName": "AmazonCognitoIdpServiceRolePolicy", - "UpdateDate": "2020-06-26T22:30:20+00:00", - "VersionId": "v1" - }, - "AmazonCognitoPowerUser": { - "Arn": "arn:aws:iam::aws:policy/AmazonCognitoPowerUser", - "AttachmentCount": 0, - "CreateDate": "2015-03-24T17:14:56+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "cognito-identity:*", - "cognito-idp:*", - "cognito-sync:*", - "iam:ListRoles", - "iam:ListOpenIdConnectProviders", - "iam:GetRole", - "iam:ListSAMLProviders", - "iam:GetSAMLProvider", - "kinesis:ListStreams", - "lambda:GetPolicy", - "lambda:ListFunctions", - "sns:GetSMSSandboxAccountStatus", - "sns:ListPlatformApplications", - "ses:ListIdentities", - "ses:GetIdentityVerificationAttributes", - "mobiletargeting:GetApps", - "acm:ListCertificates" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "cognito-idp.amazonaws.com", - "email.cognito-idp.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:DeleteServiceLinkedRole", - "iam:GetServiceLinkedRoleDeletionStatus" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdp*", - "arn:aws:iam::*:role/aws-service-role/email.cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdpEmail*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJKW5H2HNCPGCYGR6Y", - "PolicyName": "AmazonCognitoPowerUser", - "UpdateDate": "2021-06-01T17:33:32+00:00", - "VersionId": "v6" - }, - "AmazonCognitoReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AmazonCognitoReadOnly", - "AttachmentCount": 0, - "CreateDate": "2015-03-24T17:06:46+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "cognito-identity:Describe*", - "cognito-identity:Get*", - "cognito-identity:List*", - "cognito-idp:Describe*", - "cognito-idp:AdminGet*", - "cognito-idp:AdminList*", - "cognito-idp:List*", - "cognito-idp:Get*", - "cognito-sync:Describe*", - "cognito-sync:Get*", - "cognito-sync:List*", - "iam:ListOpenIdConnectProviders", - "iam:ListRoles", - "sns:ListPlatformApplications" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJBFTRZD2GQGJHSVQK", - "PolicyName": "AmazonCognitoReadOnly", - "UpdateDate": "2019-08-01T19:21:04+00:00", - "VersionId": "v4" - }, - "AmazonConnectCampaignsServiceLinkedRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonConnectCampaignsServiceLinkedRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-09-23T20:54:26+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "connect-campaigns:ListCampaigns" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PT3AZPOPK", - "PolicyName": "AmazonConnectCampaignsServiceLinkedRolePolicy", - "UpdateDate": "2021-09-23T20:54:26+00:00", - "VersionId": "v1" - }, - "AmazonConnectReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonConnectReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2018-10-17T21:00:44+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "connect:Get*", - "connect:Describe*", - "connect:List*", - "ds:DescribeDirectories" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "connect:GetFederationTokens", - "Effect": "Deny", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIVZMH7VU6YYKRY6ZU", - "PolicyName": "AmazonConnectReadOnlyAccess", - "UpdateDate": "2019-11-06T22:10:18+00:00", - "VersionId": "v3" - }, - "AmazonConnectServiceLinkedRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonConnectServiceLinkedRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-09-07T00:21:43+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "connect:*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "iam:DeleteRole" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect_*" - }, - { - "Action": [ - "s3:GetObject", - "s3:GetObjectAcl", - "s3:PutObject", - "s3:PutObjectAcl", - "s3:DeleteObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::amazon-connect-*/*" - ] - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:GetBucketAcl" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::amazon-connect-*" - ] - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/connect/*:*" - ] - }, - { - "Action": [ - "lex:ListBots", - "lex:ListBotAliases" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "profile:SearchProfiles", - "profile:CreateProfile", - "profile:UpdateProfile", - "profile:AddProfileKey" - ], - "Effect": "Allow", - "Resource": "arn:aws:profile:*:*:domains/amazon-connect-*" - }, - { - "Action": [ - "profile:ListProfileObjects" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:profile:*:*:domains/amazon-connect-*/object-types/CTR", - "arn:aws:profile:*:*:domains/amazon-connect-*/object-types/_asset" - ] - }, - { - "Action": [ - "profile:ListAccountIntegrations" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "cloudwatch:PutMetricData", - "Condition": { - "StringEquals": { - "cloudwatch:namespace": "AWS/Connect" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ6R6FMTSRUJSKI72Y", - "PolicyName": "AmazonConnectServiceLinkedRolePolicy", - "UpdateDate": "2021-12-09T22:12:26+00:00", - "VersionId": "v6" - }, - "AmazonConnectVoiceIDFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonConnectVoiceIDFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-09-26T19:04:10+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "voiceid:*", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4EE2VNKAA5", - "PolicyName": "AmazonConnectVoiceIDFullAccess", - "UpdateDate": "2021-09-26T19:04:10+00:00", - "VersionId": "v1" - }, - "AmazonConnect_FullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonConnect_FullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-11-20T19:54:21+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "connect:*", - "ds:CreateAlias", - "ds:AuthorizeApplication", - "ds:CreateIdentityPoolDirectory", - "ds:DeleteDirectory", - "ds:DescribeDirectories", - "ds:UnauthorizeApplication", - "firehose:DescribeDeliveryStream", - "firehose:ListDeliveryStreams", - "kinesis:DescribeStream", - "kinesis:ListStreams", - "kms:DescribeKey", - "kms:ListAliases", - "lex:GetBots", - "lex:ListBots", - "lex:ListBotAliases", - "logs:CreateLogGroup", - "s3:GetBucketLocation", - "s3:ListAllMyBuckets", - "lambda:ListFunctions", - "ds:CheckAlias", - "profile:ListAccountIntegrations", - "profile:GetDomain", - "profile:ListDomains", - "profile:GetProfileObjectType", - "profile:ListProfileObjectTypeTemplates" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "profile:AddProfileKey", - "profile:CreateDomain", - "profile:CreateProfile", - "profile:DeleteDomain", - "profile:DeleteIntegration", - "profile:DeleteProfile", - "profile:DeleteProfileKey", - "profile:DeleteProfileObject", - "profile:DeleteProfileObjectType", - "profile:GetIntegration", - "profile:GetMatches", - "profile:GetProfileObjectType", - "profile:ListIntegrations", - "profile:ListProfileObjects", - "profile:ListProfileObjectTypes", - "profile:ListTagsForResource", - "profile:MergeProfiles", - "profile:PutIntegration", - "profile:PutProfileObject", - "profile:PutProfileObjectType", - "profile:SearchProfiles", - "profile:TagResource", - "profile:UntagResource", - "profile:UpdateDomain", - "profile:UpdateProfile" - ], - "Effect": "Allow", - "Resource": "arn:aws:profile:*:*:domains/amazon-connect-*" - }, - { - "Action": [ - "s3:CreateBucket", - "s3:GetBucketAcl" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::amazon-connect-*" - }, - { - "Action": [ - "servicequotas:GetServiceQuota" - ], - "Effect": "Allow", - "Resource": "arn:aws:servicequotas:*:*:connect/*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "connect.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:DeleteServiceLinkedRole", - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JXAE7KLRO", - "PolicyName": "AmazonConnect_FullAccess", - "UpdateDate": "2021-11-23T22:05:12+00:00", - "VersionId": "v3" - }, - "AmazonDMSCloudWatchLogsRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole", - "AttachmentCount": 0, - "CreateDate": "2016-01-07T23:44:53+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:DescribeLogGroups" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "AllowDescribeOnAllLogGroups" - }, - { - "Action": [ - "logs:DescribeLogStreams" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:dms-tasks-*" - ], - "Sid": "AllowDescribeOfAllLogStreamsOnDmsTasksLogGroup" - }, - { - "Action": [ - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:dms-tasks-*" - ], - "Sid": "AllowCreationOfDmsTasksLogGroups" - }, - { - "Action": [ - "logs:CreateLogStream" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:dms-tasks-*:log-stream:dms-task-*" - ], - "Sid": "AllowCreationOfDmsTaskLogStream" - }, - { - "Action": [ - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:dms-tasks-*:log-stream:dms-task-*" - ], - "Sid": "AllowUploadOfLogEventsToDmsTaskLogStream" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJBG7UXZZXUJD3TDJE", - "PolicyName": "AmazonDMSCloudWatchLogsRole", - "UpdateDate": "2016-01-07T23:44:53+00:00", - "VersionId": "v1" - }, - "AmazonDMSRedshiftS3Role": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role", - "AttachmentCount": 0, - "CreateDate": "2016-04-20T17:05:56+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "s3:CreateBucket", - "s3:ListBucket", - "s3:DeleteBucket", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:GetObjectVersion", - "s3:GetBucketPolicy", - "s3:PutBucketPolicy", - "s3:GetBucketAcl", - "s3:PutBucketVersioning", - "s3:GetBucketVersioning", - "s3:PutLifecycleConfiguration", - "s3:GetLifecycleConfiguration", - "s3:DeleteBucketPolicy" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::dms-*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI3CCUQ4U5WNC5F6B6", - "PolicyName": "AmazonDMSRedshiftS3Role", - "UpdateDate": "2019-07-08T18:19:14+00:00", - "VersionId": "v3" - }, - "AmazonDMSVPCManagementRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole", - "AttachmentCount": 0, - "CreateDate": "2015-11-18T16:33:19+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateNetworkInterface", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInternetGateways", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DeleteNetworkInterface", - "ec2:ModifyNetworkInterfaceAttribute" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJHKIGMBQI4AEFFSYO", - "PolicyName": "AmazonDMSVPCManagementRole", - "UpdateDate": "2016-05-23T16:29:57+00:00", - "VersionId": "v3" - }, - "AmazonDRSVPCManagement": { - "Arn": "arn:aws:iam::aws:policy/AmazonDRSVPCManagement", - "AttachmentCount": 0, - "CreateDate": "2015-09-02T00:09:20+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInternetGateways", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcs", - "ec2:DeleteNetworkInterface", - "ec2:DeleteSecurityGroup", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:RevokeSecurityGroupIngress" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJPXIBTTZMBEFEX6UA", - "PolicyName": "AmazonDRSVPCManagement", - "UpdateDate": "2015-09-02T00:09:20+00:00", - "VersionId": "v1" - }, - "AmazonDetectiveFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonDetectiveFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-04-30T17:57:15+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "detective:*", - "organizations:DescribeOrganization", - "organizations:ListAccounts" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "guardduty:ArchiveFindings" - ], - "Effect": "Allow", - "Resource": "arn:aws:guardduty:*:*:detector/*" - }, - { - "Action": [ - "guardduty:ListDetectors" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4IRLX3QVOO", - "PolicyName": "AmazonDetectiveFullAccess", - "UpdateDate": "2020-10-21T22:07:28+00:00", - "VersionId": "v2" - }, - "AmazonDetectiveServiceLinkedRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonDetectiveServiceLinkedRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-11-18T19:47:32+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "organizations:DescribeAccount", - "organizations:ListAccounts" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4G5GQKDXB6", - "PolicyName": "AmazonDetectiveServiceLinkedRolePolicy", - "UpdateDate": "2021-11-18T19:47:32+00:00", - "VersionId": "v1" - }, - "AmazonDevOpsGuruConsoleFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonDevOpsGuruConsoleFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-12-17T18:43:09+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "devops-guru:*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "DevOpsGuruFullAccess" - }, - { - "Action": [ - "cloudformation:DescribeStacks", - "cloudformation:ListStacks" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CloudFormationListStacksAccess" - }, - { - "Action": [ - "cloudwatch:GetMetricData" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CloudWatchGetMetricDataAccess" - }, - { - "Action": [ - "sns:ListTopics" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "SnsListTopicsAccess" - }, - { - "Action": [ - "sns:CreateTopic", - "sns:GetTopicAttributes", - "sns:SetTopicAttributes", - "sns:Publish" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:DevOps-Guru-*", - "Sid": "SnsTopicOperations" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "devops-guru.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru", - "Sid": "DevOpsGuruSlrCreation" - }, - { - "Action": [ - "iam:DeleteServiceLinkedRole", - "iam:GetServiceLinkedRoleDeletionStatus" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru", - "Sid": "DevOpsGuruSlrDeletion" - }, - { - "Action": [ - "rds:DescribeDBInstances" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "RDSDescribeDBInstancesAccess" - }, - { - "Action": [ - "pi:GetResourceMetrics", - "pi:DescribeDimensionKeys" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "PerformanceInsightsMetricsDataAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4GSGM7UDO3", - "PolicyName": "AmazonDevOpsGuruConsoleFullAccess", - "UpdateDate": "2021-12-17T18:43:09+00:00", - "VersionId": "v1" - }, - "AmazonDevOpsGuruFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonDevOpsGuruFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-12-01T16:38:12+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "devops-guru:*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "DevOpsGuruFullAccess" - }, - { - "Action": [ - "cloudformation:DescribeStacks", - "cloudformation:ListStacks" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CloudFormationListStacksAccess" - }, - { - "Action": [ - "cloudwatch:GetMetricData" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CloudWatchGetMetricDataAccess" - }, - { - "Action": [ - "sns:ListTopics" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "SnsListTopicsAccess" - }, - { - "Action": [ - "sns:CreateTopic", - "sns:GetTopicAttributes", - "sns:SetTopicAttributes", - "sns:Publish" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:DevOps-Guru-*", - "Sid": "SnsTopicOperations" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "devops-guru.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru", - "Sid": "DevOpsGuruSlrCreation" - }, - { - "Action": [ - "iam:DeleteServiceLinkedRole", - "iam:GetServiceLinkedRoleDeletionStatus" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru", - "Sid": "DevOpsGuruSlrDeletion" - }, - { - "Action": [ - "rds:DescribeDBInstances" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "RDSDescribeDBInstancesAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4BQEAUGTMM", - "PolicyName": "AmazonDevOpsGuruFullAccess", - "UpdateDate": "2021-11-26T20:39:13+00:00", - "VersionId": "v2" - }, - "AmazonDevOpsGuruOrganizationsAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonDevOpsGuruOrganizationsAccess", - "AttachmentCount": 0, - "CreateDate": "2021-11-15T23:50:52+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "devops-guru:DescribeOrganizationHealth", - "devops-guru:DescribeOrganizationResourceCollectionHealth", - "devops-guru:DescribeOrganizationOverview", - "devops-guru:ListOrganizationInsights", - "devops-guru:SearchOrganizationInsights" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "DevOpsGuruOrganizationsAccess" - }, - { - "Action": [ - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:ListAccounts", - "organizations:ListChildren", - "organizations:ListOrganizationalUnitsForParent", - "organizations:ListRoots" - ], - "Effect": "Allow", - "Resource": "arn:aws:organizations::*:", - "Sid": "OrganizationsDataAccess" - }, - { - "Action": [ - "organizations:DeregisterDelegatedAdministrator", - "organizations:RegisterDelegatedAdministrator", - "organizations:ListDelegatedAdministrators", - "organizations:EnableAWSServiceAccess", - "organizations:DisableAWSServiceAccess" - ], - "Condition": { - "StringEquals": { - "organizations:ServicePrincipal": [ - "devops-guru.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "OrganizationsAdminDataAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4M26ELBKR2", - "PolicyName": "AmazonDevOpsGuruOrganizationsAccess", - "UpdateDate": "2021-11-15T23:50:52+00:00", - "VersionId": "v1" - }, - "AmazonDevOpsGuruReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonDevOpsGuruReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-12-01T16:34:40+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "devops-guru:DescribeAccountHealth", - "devops-guru:DescribeAccountOverview", - "devops-guru:DescribeAnomaly", - "devops-guru:DescribeEventSourcesConfig", - "devops-guru:DescribeFeedback", - "devops-guru:DescribeInsight", - "devops-guru:DescribeResourceCollectionHealth", - "devops-guru:DescribeServiceIntegration", - "devops-guru:GetCostEstimation", - "devops-guru:GetResourceCollection", - "devops-guru:ListAnomaliesForInsight", - "devops-guru:ListEvents", - "devops-guru:ListInsights", - "devops-guru:ListNotificationChannels", - "devops-guru:ListRecommendations", - "devops-guru:SearchInsights", - "devops-guru:StartCostEstimation" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "DevOpsGuruReadOnlyAccess" - }, - { - "Action": [ - "cloudformation:DescribeStacks", - "cloudformation:ListStacks" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CloudFormationListStacksAccess" - }, - { - "Action": [ - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru" - }, - { - "Action": [ - "cloudwatch:GetMetricData" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CloudWatchGetMetricDataAccess" - }, - { - "Action": [ - "rds:DescribeDBInstances" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "RDSDescribeDBInstancesAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JK4QO3QK6", - "PolicyName": "AmazonDevOpsGuruReadOnlyAccess", - "UpdateDate": "2022-03-04T02:37:19+00:00", - "VersionId": "v5" - }, - "AmazonDevOpsGuruServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonDevOpsGuruServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-12-01T10:24:42+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "autoscaling:DescribeAutoScalingGroups", - "cloudtrail:LookupEvents", - "cloudwatch:GetMetricData", - "cloudwatch:ListMetrics", - "cloudwatch:DescribeAnomalyDetectors", - "cloudwatch:DescribeAlarms", - "cloudwatch:ListDashboards", - "cloudwatch:GetDashboard", - "cloudformation:GetTemplate", - "cloudformation:ListStacks", - "cloudformation:ListStackResources", - "cloudformation:DescribeStacks", - "cloudformation:ListImports", - "codedeploy:BatchGetDeployments", - "codedeploy:GetDeploymentGroup", - "codedeploy:ListDeployments", - "config:DescribeConfigurationRecorderStatus", - "config:GetResourceConfigHistory", - "events:ListRuleNamesByTarget", - "xray:GetServiceGraph", - "organizations:ListRoots", - "organizations:ListChildren", - "organizations:ListDelegatedAdministrators", - "pi:GetResourceMetrics", - "tag:GetResources", - "lambda:GetFunction", - "lambda:GetFunctionConcurrency", - "lambda:GetAccountSettings", - "lambda:ListProvisionedConcurrencyConfigs", - "lambda:ListAliases", - "lambda:ListEventSourceMappings", - "lambda:GetPolicy", - "ec2:DescribeSubnets", - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DescribeScalingPolicies", - "sqs:GetQueueAttributes", - "kinesis:DescribeStream", - "kinesis:DescribeLimits", - "dynamodb:DescribeTable", - "dynamodb:DescribeLimits", - "dynamodb:DescribeContinuousBackups", - "dynamodb:DescribeStream", - "dynamodb:ListStreams", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "rds:DescribeDBInstances", - "rds:DescribeDBClusters", - "rds:DescribeOptionGroups", - "rds:DescribeDBClusterParameters", - "rds:DescribeDBInstanceAutomatedBackups", - "rds:DescribeAccountAttributes" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "events:PutTargets", - "events:PutRule" - ], - "Effect": "Allow", - "Resource": "arn:aws:events:*:*:rule/DevOps-Guru-managed-*", - "Sid": "AllowPutTargetsOnASpecificRule" - }, - { - "Action": [ - "ssm:CreateOpsItem" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowCreateOpsItem" - }, - { - "Action": [ - "ssm:AddTagsToResource" - ], - "Effect": "Allow", - "Resource": "arn:aws:ssm:*:*:opsitem/*", - "Sid": "AllowAddTagsToOpsItem" - }, - { - "Action": [ - "ssm:GetOpsItem", - "ssm:UpdateOpsItem" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/DevOps-GuruInsightSsmOpsItemRelated": "true" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowAccessOpsItem" - }, - { - "Action": "events:PutRule", - "Effect": "Allow", - "Resource": "arn:aws:events:*:*:rule/DevOpsGuruManagedRule*", - "Sid": "AllowCreateManagedRule" - }, - { - "Action": [ - "events:DescribeRule", - "events:ListTargetsByRule" - ], - "Effect": "Allow", - "Resource": "arn:aws:events:*:*:rule/DevOpsGuruManagedRule*", - "Sid": "AllowAccessManagedRule" - }, - { - "Action": [ - "events:DeleteRule", - "events:EnableRule", - "events:DisableRule", - "events:PutTargets", - "events:RemoveTargets" - ], - "Condition": { - "StringEquals": { - "events:ManagedBy": "devops-guru.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:events:*:*:rule/DevOpsGuruManagedRule*", - "Sid": "AllowOtherOperationsOnManagedRule" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LOGPH224B", - "PolicyName": "AmazonDevOpsGuruServiceRolePolicy", - "UpdateDate": "2022-02-07T19:30:10+00:00", - "VersionId": "v6" - }, - "AmazonDocDBConsoleFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonDocDBConsoleFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-01-09T20:37:28+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "rds:AddRoleToDBCluster", - "rds:AddSourceIdentifierToSubscription", - "rds:AddTagsToResource", - "rds:ApplyPendingMaintenanceAction", - "rds:CopyDBClusterParameterGroup", - "rds:CopyDBClusterSnapshot", - "rds:CopyDBParameterGroup", - "rds:CreateDBCluster", - "rds:CreateDBClusterParameterGroup", - "rds:CreateDBClusterSnapshot", - "rds:CreateDBInstance", - "rds:CreateDBParameterGroup", - "rds:CreateDBSubnetGroup", - "rds:CreateEventSubscription", - "rds:DeleteDBCluster", - "rds:DeleteDBClusterParameterGroup", - "rds:DeleteDBClusterSnapshot", - "rds:DeleteDBInstance", - "rds:DeleteDBParameterGroup", - "rds:DeleteDBSubnetGroup", - "rds:DeleteEventSubscription", - "rds:DescribeAccountAttributes", - "rds:DescribeCertificates", - "rds:DescribeDBClusterParameterGroups", - "rds:DescribeDBClusterParameters", - "rds:DescribeDBClusterSnapshotAttributes", - "rds:DescribeDBClusterSnapshots", - "rds:DescribeDBClusters", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstances", - "rds:DescribeDBLogFiles", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBParameters", - "rds:DescribeDBSecurityGroups", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEngineDefaultClusterParameters", - "rds:DescribeEngineDefaultParameters", - "rds:DescribeEventCategories", - "rds:DescribeEventSubscriptions", - "rds:DescribeEvents", - "rds:DescribeOptionGroups", - "rds:DescribeOrderableDBInstanceOptions", - "rds:DescribePendingMaintenanceActions", - "rds:DescribeValidDBInstanceModifications", - "rds:DownloadDBLogFilePortion", - "rds:FailoverDBCluster", - "rds:ListTagsForResource", - "rds:ModifyDBCluster", - "rds:ModifyDBClusterParameterGroup", - "rds:ModifyDBClusterSnapshotAttribute", - "rds:ModifyDBInstance", - "rds:ModifyDBParameterGroup", - "rds:ModifyDBSubnetGroup", - "rds:ModifyEventSubscription", - "rds:PromoteReadReplicaDBCluster", - "rds:RebootDBInstance", - "rds:RemoveRoleFromDBCluster", - "rds:RemoveSourceIdentifierFromSubscription", - "rds:RemoveTagsFromResource", - "rds:ResetDBClusterParameterGroup", - "rds:ResetDBParameterGroup", - "rds:RestoreDBClusterFromSnapshot", - "rds:RestoreDBClusterToPointInTime" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "iam:GetRole", - "cloudwatch:GetMetricData", - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics", - "ec2:AllocateAddress", - "ec2:AssignIpv6Addresses", - "ec2:AssignPrivateIpAddresses", - "ec2:AssociateAddress", - "ec2:AssociateRouteTable", - "ec2:AssociateSubnetCidrBlock", - "ec2:AssociateVpcCidrBlock", - "ec2:AttachInternetGateway", - "ec2:AttachNetworkInterface", - "ec2:CreateCustomerGateway", - "ec2:CreateDefaultSubnet", - "ec2:CreateDefaultVpc", - "ec2:CreateInternetGateway", - "ec2:CreateNatGateway", - "ec2:CreateNetworkInterface", - "ec2:CreateRoute", - "ec2:CreateRouteTable", - "ec2:CreateSecurityGroup", - "ec2:CreateSubnet", - "ec2:CreateVpc", - "ec2:CreateVpcEndpoint", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAddresses", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeCustomerGateways", - "ec2:DescribeInstances", - "ec2:DescribeNatGateways", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribePrefixLists", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroupReferences", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcs", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:ModifySubnetAttribute", - "ec2:ModifyVpcAttribute", - "ec2:ModifyVpcEndpoint", - "kms:DescribeKey", - "kms:ListAliases", - "kms:ListKeyPolicies", - "kms:ListKeys", - "kms:ListRetirableGrants", - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "sns:ListSubscriptions", - "sns:ListTopics", - "sns:Publish" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "rds.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJHV6VMSNDDHJ3ESNI", - "PolicyName": "AmazonDocDBConsoleFullAccess", - "UpdateDate": "2021-04-05T22:42:40+00:00", - "VersionId": "v3" - }, - "AmazonDocDBFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonDocDBFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-01-09T20:21:44+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "rds:AddRoleToDBCluster", - "rds:AddSourceIdentifierToSubscription", - "rds:AddTagsToResource", - "rds:ApplyPendingMaintenanceAction", - "rds:CopyDBClusterParameterGroup", - "rds:CopyDBClusterSnapshot", - "rds:CopyDBParameterGroup", - "rds:CreateDBCluster", - "rds:CreateDBClusterParameterGroup", - "rds:CreateDBClusterSnapshot", - "rds:CreateDBInstance", - "rds:CreateDBParameterGroup", - "rds:CreateDBSubnetGroup", - "rds:CreateEventSubscription", - "rds:DeleteDBCluster", - "rds:DeleteDBClusterParameterGroup", - "rds:DeleteDBClusterSnapshot", - "rds:DeleteDBInstance", - "rds:DeleteDBParameterGroup", - "rds:DeleteDBSubnetGroup", - "rds:DeleteEventSubscription", - "rds:DescribeAccountAttributes", - "rds:DescribeCertificates", - "rds:DescribeDBClusterParameterGroups", - "rds:DescribeDBClusterParameters", - "rds:DescribeDBClusterSnapshotAttributes", - "rds:DescribeDBClusterSnapshots", - "rds:DescribeDBClusters", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstances", - "rds:DescribeDBLogFiles", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBParameters", - "rds:DescribeDBSecurityGroups", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEngineDefaultClusterParameters", - "rds:DescribeEngineDefaultParameters", - "rds:DescribeEventCategories", - "rds:DescribeEventSubscriptions", - "rds:DescribeEvents", - "rds:DescribeOptionGroups", - "rds:DescribeOrderableDBInstanceOptions", - "rds:DescribePendingMaintenanceActions", - "rds:DescribeValidDBInstanceModifications", - "rds:DownloadDBLogFilePortion", - "rds:FailoverDBCluster", - "rds:ListTagsForResource", - "rds:ModifyDBCluster", - "rds:ModifyDBClusterParameterGroup", - "rds:ModifyDBClusterSnapshotAttribute", - "rds:ModifyDBInstance", - "rds:ModifyDBParameterGroup", - "rds:ModifyDBSubnetGroup", - "rds:ModifyEventSubscription", - "rds:PromoteReadReplicaDBCluster", - "rds:RebootDBInstance", - "rds:RemoveRoleFromDBCluster", - "rds:RemoveSourceIdentifierFromSubscription", - "rds:RemoveTagsFromResource", - "rds:ResetDBClusterParameterGroup", - "rds:ResetDBParameterGroup", - "rds:RestoreDBClusterFromSnapshot", - "rds:RestoreDBClusterToPointInTime" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcs", - "kms:ListAliases", - "kms:ListKeyPolicies", - "kms:ListKeys", - "kms:ListRetirableGrants", - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "sns:ListSubscriptions", - "sns:ListTopics", - "sns:Publish" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "rds.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIQKACUF6JJHALEG5K", - "PolicyName": "AmazonDocDBFullAccess", - "UpdateDate": "2019-01-09T20:21:44+00:00", - "VersionId": "v1" - }, - "AmazonDocDBReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonDocDBReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-01-09T20:30:28+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "rds:DescribeAccountAttributes", - "rds:DescribeCertificates", - "rds:DescribeDBClusterParameterGroups", - "rds:DescribeDBClusterParameters", - "rds:DescribeDBClusterSnapshotAttributes", - "rds:DescribeDBClusterSnapshots", - "rds:DescribeDBClusters", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstances", - "rds:DescribeDBLogFiles", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBParameters", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEventCategories", - "rds:DescribeEventSubscriptions", - "rds:DescribeEvents", - "rds:DescribeOrderableDBInstanceOptions", - "rds:DescribePendingMaintenanceActions", - "rds:DownloadDBLogFilePortion", - "rds:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInternetGateways", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcs" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:ListKeys", - "kms:ListRetirableGrants", - "kms:ListAliases", - "kms:ListKeyPolicies" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:DescribeLogStreams", - "logs:GetLogEvents" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*", - "arn:aws:logs:*:*:log-group:/aws/docdb/*:log-stream:*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI477RMVACLTLWY5RQ", - "PolicyName": "AmazonDocDBReadOnlyAccess", - "UpdateDate": "2019-01-09T20:30:28+00:00", - "VersionId": "v1" - }, - "AmazonDynamoDBFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess", - "AttachmentCount": 2, - "CreateDate": "2015-02-06T18:40:11+00:00", - "DefaultVersionId": "v15", - "Document": { - "Statement": [ - { - "Action": [ - "dynamodb:*", - "dax:*", - "application-autoscaling:DeleteScalingPolicy", - "application-autoscaling:DeregisterScalableTarget", - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DescribeScalingActivities", - "application-autoscaling:DescribeScalingPolicies", - "application-autoscaling:PutScalingPolicy", - "application-autoscaling:RegisterScalableTarget", - "cloudwatch:DeleteAlarms", - "cloudwatch:DescribeAlarmHistory", - "cloudwatch:DescribeAlarms", - "cloudwatch:DescribeAlarmsForMetric", - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics", - "cloudwatch:PutMetricAlarm", - "cloudwatch:GetMetricData", - "datapipeline:ActivatePipeline", - "datapipeline:CreatePipeline", - "datapipeline:DeletePipeline", - "datapipeline:DescribeObjects", - "datapipeline:DescribePipelines", - "datapipeline:GetPipelineDefinition", - "datapipeline:ListPipelines", - "datapipeline:PutPipelineDefinition", - "datapipeline:QueryObjects", - "ec2:DescribeVpcs", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", - "iam:GetRole", - "iam:ListRoles", - "kms:DescribeKey", - "kms:ListAliases", - "sns:CreateTopic", - "sns:DeleteTopic", - "sns:ListSubscriptions", - "sns:ListSubscriptionsByTopic", - "sns:ListTopics", - "sns:Subscribe", - "sns:Unsubscribe", - "sns:SetTopicAttributes", - "lambda:CreateFunction", - "lambda:ListFunctions", - "lambda:ListEventSourceMappings", - "lambda:CreateEventSourceMapping", - "lambda:DeleteEventSourceMapping", - "lambda:GetFunctionConfiguration", - "lambda:DeleteFunction", - "resource-groups:ListGroups", - "resource-groups:ListGroupResources", - "resource-groups:GetGroup", - "resource-groups:GetGroupQuery", - "resource-groups:DeleteGroup", - "resource-groups:CreateGroup", - "tag:GetResources", - "kinesis:ListStreams", - "kinesis:DescribeStream", - "kinesis:DescribeStreamSummary" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "cloudwatch:GetInsightRuleReport", - "Effect": "Allow", - "Resource": "arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": [ - "application-autoscaling.amazonaws.com", - "application-autoscaling.amazonaws.com.cn", - "dax.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "replication.dynamodb.amazonaws.com", - "dax.amazonaws.com", - "dynamodb.application-autoscaling.amazonaws.com", - "contributorinsights.dynamodb.amazonaws.com", - "kinesisreplication.dynamodb.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAINUGF2JSOSUY76KYA", - "PolicyName": "AmazonDynamoDBFullAccess", - "UpdateDate": "2021-01-29T17:38:30+00:00", - "VersionId": "v15" - }, - "AmazonDynamoDBFullAccesswithDataPipeline": { - "Arn": "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccesswithDataPipeline", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:14+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:DeleteAlarms", - "cloudwatch:DescribeAlarmHistory", - "cloudwatch:DescribeAlarms", - "cloudwatch:DescribeAlarmsForMetric", - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics", - "cloudwatch:PutMetricAlarm", - "dynamodb:*", - "sns:CreateTopic", - "sns:DeleteTopic", - "sns:ListSubscriptions", - "sns:ListSubscriptionsByTopic", - "sns:ListTopics", - "sns:Subscribe", - "sns:Unsubscribe", - "sns:SetTopicAttributes" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "DDBConsole" - }, - { - "Action": [ - "lambda:*", - "iam:ListRoles" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "DDBConsoleTriggers" - }, - { - "Action": [ - "datapipeline:*", - "iam:ListRoles" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "DDBConsoleImportExport" - }, - { - "Action": [ - "iam:GetRolePolicy", - "iam:PassRole" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "IAMEDPRoles" - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DescribeInstances", - "ec2:RunInstances", - "ec2:StartInstances", - "ec2:StopInstances", - "ec2:TerminateInstances", - "elasticmapreduce:*", - "datapipeline:*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "EMR" - }, - { - "Action": [ - "s3:DeleteObject", - "s3:Get*", - "s3:List*", - "s3:Put*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "S3" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ3ORT7KDISSXGHJXA", - "PolicyName": "AmazonDynamoDBFullAccesswithDataPipeline", - "UpdateDate": "2015-11-12T02:17:42+00:00", - "VersionId": "v2" - }, - "AmazonDynamoDBReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:12+00:00", - "DefaultVersionId": "v13", - "Document": { - "Statement": [ - { - "Action": [ - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DescribeScalingActivities", - "application-autoscaling:DescribeScalingPolicies", - "cloudwatch:DescribeAlarmHistory", - "cloudwatch:DescribeAlarms", - "cloudwatch:DescribeAlarmsForMetric", - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics", - "cloudwatch:GetMetricData", - "datapipeline:DescribeObjects", - "datapipeline:DescribePipelines", - "datapipeline:GetPipelineDefinition", - "datapipeline:ListPipelines", - "datapipeline:QueryObjects", - "dynamodb:BatchGetItem", - "dynamodb:Describe*", - "dynamodb:List*", - "dynamodb:GetItem", - "dynamodb:Query", - "dynamodb:Scan", - "dynamodb:PartiQLSelect", - "dax:Describe*", - "dax:List*", - "dax:GetItem", - "dax:BatchGetItem", - "dax:Query", - "dax:Scan", - "ec2:DescribeVpcs", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", - "iam:GetRole", - "iam:ListRoles", - "kms:DescribeKey", - "kms:ListAliases", - "sns:ListSubscriptionsByTopic", - "sns:ListTopics", - "lambda:ListFunctions", - "lambda:ListEventSourceMappings", - "lambda:GetFunctionConfiguration", - "resource-groups:ListGroups", - "resource-groups:ListGroupResources", - "resource-groups:GetGroup", - "resource-groups:GetGroupQuery", - "tag:GetResources", - "kinesis:ListStreams", - "kinesis:DescribeStream", - "kinesis:DescribeStreamSummary" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "cloudwatch:GetInsightRuleReport", - "Effect": "Allow", - "Resource": "arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIY2XFNA232XJ6J7X2", - "PolicyName": "AmazonDynamoDBReadOnlyAccess", - "UpdateDate": "2021-01-27T01:01:47+00:00", - "VersionId": "v13" - }, - "AmazonEC2ContainerRegistryFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-12-21T17:06:48+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "ecr:*", - "cloudtrail:LookupEvents" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "replication.ecr.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIESRL7KD7IIVF6V4W", - "PolicyName": "AmazonEC2ContainerRegistryFullAccess", - "UpdateDate": "2020-12-05T00:04:19+00:00", - "VersionId": "v3" - }, - "AmazonEC2ContainerRegistryPowerUser": { - "Arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser", - "AttachmentCount": 0, - "CreateDate": "2015-12-21T17:05:33+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "ecr:GetAuthorizationToken", - "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:GetRepositoryPolicy", - "ecr:DescribeRepositories", - "ecr:ListImages", - "ecr:DescribeImages", - "ecr:BatchGetImage", - "ecr:GetLifecyclePolicy", - "ecr:GetLifecyclePolicyPreview", - "ecr:ListTagsForResource", - "ecr:DescribeImageScanFindings", - "ecr:InitiateLayerUpload", - "ecr:UploadLayerPart", - "ecr:CompleteLayerUpload", - "ecr:PutImage" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJDNE5PIHROIBGGDDW", - "PolicyName": "AmazonEC2ContainerRegistryPowerUser", - "UpdateDate": "2019-12-10T20:48:08+00:00", - "VersionId": "v3" - }, - "AmazonEC2ContainerRegistryReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", - "AttachmentCount": 0, - "CreateDate": "2015-12-21T17:04:15+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "ecr:GetAuthorizationToken", - "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:GetRepositoryPolicy", - "ecr:DescribeRepositories", - "ecr:ListImages", - "ecr:DescribeImages", - "ecr:BatchGetImage", - "ecr:GetLifecyclePolicy", - "ecr:GetLifecyclePolicyPreview", - "ecr:ListTagsForResource", - "ecr:DescribeImageScanFindings" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIFYZPA37OOHVIH7KQ", - "PolicyName": "AmazonEC2ContainerRegistryReadOnly", - "UpdateDate": "2019-12-10T20:56:32+00:00", - "VersionId": "v3" - }, - "AmazonEC2ContainerServiceAutoscaleRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceAutoscaleRole", - "AttachmentCount": 0, - "CreateDate": "2016-05-12T23:25:44+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "ecs:DescribeServices", - "ecs:UpdateService" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "cloudwatch:DescribeAlarms", - "cloudwatch:PutMetricAlarm" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIUAP3EGGGXXCPDQKK", - "PolicyName": "AmazonEC2ContainerServiceAutoscaleRole", - "UpdateDate": "2018-02-05T19:15:15+00:00", - "VersionId": "v2" - }, - "AmazonEC2ContainerServiceEventsRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceEventsRole", - "AttachmentCount": 0, - "CreateDate": "2017-05-30T16:51:35+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "ecs:RunTask" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringLike": { - "iam:PassedToService": "ecs-tasks.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAITKFNIUAG27VSYNZ4", - "PolicyName": "AmazonEC2ContainerServiceEventsRole", - "UpdateDate": "2018-05-22T19:13:11+00:00", - "VersionId": "v2" - }, - "AmazonEC2ContainerServiceRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole", - "AttachmentCount": 0, - "CreateDate": "2015-04-09T16:14:19+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:Describe*", - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", - "elasticloadbalancing:DeregisterTargets", - "elasticloadbalancing:Describe*", - "elasticloadbalancing:RegisterInstancesWithLoadBalancer", - "elasticloadbalancing:RegisterTargets" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJO53W2XHNACG7V77Q", - "PolicyName": "AmazonEC2ContainerServiceRole", - "UpdateDate": "2016-08-11T13:08:01+00:00", - "VersionId": "v2" - }, - "AmazonEC2ContainerServiceforEC2Role": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role", - "AttachmentCount": 1, - "CreateDate": "2015-03-19T18:45:18+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeTags", - "ecs:CreateCluster", - "ecs:DeregisterContainerInstance", - "ecs:DiscoverPollEndpoint", - "ecs:Poll", - "ecs:RegisterContainerInstance", - "ecs:StartTelemetrySession", - "ecs:UpdateContainerInstancesState", - "ecs:Submit*", - "ecr:GetAuthorizationToken", - "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJLYJCVHC7TQHCSQDS", - "PolicyName": "AmazonEC2ContainerServiceforEC2Role", - "UpdateDate": "2019-06-13T19:11:37+00:00", - "VersionId": "v6" - }, - "AmazonEC2FullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonEC2FullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:15+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": "ec2:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "elasticloadbalancing:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "cloudwatch:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "autoscaling:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "autoscaling.amazonaws.com", - "ec2scheduled.amazonaws.com", - "elasticloadbalancing.amazonaws.com", - "spot.amazonaws.com", - "spotfleet.amazonaws.com", - "transitgateway.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI3VAJF5ZCRZ7MCQE6", - "PolicyName": "AmazonEC2FullAccess", - "UpdateDate": "2018-11-27T02:16:56+00:00", - "VersionId": "v5" - }, - "AmazonEC2ReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:17+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "ec2:Describe*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "elasticloadbalancing:Describe*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:ListMetrics", - "cloudwatch:GetMetricStatistics", - "cloudwatch:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "autoscaling:Describe*", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIGDT4SV4GSETWTBZK", - "PolicyName": "AmazonEC2ReadOnlyAccess", - "UpdateDate": "2015-02-06T18:40:17+00:00", - "VersionId": "v1" - }, - "AmazonEC2RolePolicyForLaunchWizard": { - "Arn": "arn:aws:iam::aws:policy/AmazonEC2RolePolicyForLaunchWizard", - "AttachmentCount": 0, - "CreateDate": "2019-11-13T08:05:53+00:00", - "DefaultVersionId": "v9", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:AttachVolume", - "ec2:RebootInstances", - "ec2:StartInstances", - "ec2:StopInstances" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/LaunchWizardResourceGroupID": "*" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": [ - "ec2:ReplaceRoute" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/LaunchWizardApplicationType": "*" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:route-table/*" - }, - { - "Action": [ - "ec2:DescribeAddresses", - "ec2:AssociateAddress", - "ec2:DescribeInstances", - "ec2:DescribeImages", - "ec2:DescribeRegions", - "ec2:DescribeVolumes", - "ec2:DescribeRouteTables", - "ec2:ModifyInstanceAttribute", - "cloudwatch:GetMetricStatistics", - "cloudwatch:PutMetricData", - "ssm:GetCommandInvocation" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:CreateVolume" - ], - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": [ - "LaunchWizardResourceGroupID", - "LaunchWizardApplicationType" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*" - }, - { - "Action": [ - "s3:GetObject", - "s3:ListBucket", - "s3:PutObject", - "s3:PutObjectTagging", - "s3:GetBucketLocation", - "logs:PutLogEvents", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:*", - "arn:aws:s3:::launchwizard*", - "arn:aws:s3:::aws-sap-data-provider/config.properties" - ] - }, - { - "Action": "logs:Create*", - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:*" - }, - { - "Action": [ - "ec2:Describe*", - "cloudformation:DescribeStackResources", - "cloudformation:SignalResource", - "cloudformation:DescribeStackResource", - "cloudformation:DescribeStacks" - ], - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": "LaunchWizardResourceGroupID" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "dynamodb:BatchGetItem", - "dynamodb:PutItem", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "dynamodb:Scan", - "s3:ListBucket", - "dynamodb:Query", - "dynamodb:UpdateItem", - "dynamodb:DeleteTable", - "dynamodb:CreateTable", - "s3:GetObject", - "dynamodb:DescribeTable", - "s3:GetBucketLocation", - "dynamodb:UpdateTable" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::launchwizard*", - "arn:aws:dynamodb:*:*:table/LaunchWizard*", - "arn:aws:sqs:*:*:LaunchWizard*" - ] - }, - { - "Action": "ssm:SendCommand", - "Condition": { - "StringLike": { - "ssm:resourceTag/LaunchWizardApplicationType": "*" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "ssm:SendCommand", - "ssm:GetDocument" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ssm:*:*:document/AWSSAP-InstallBackint" - ] - }, - { - "Action": [ - "fsx:DescribeFileSystems", - "fsx:ListTagsForResource" - ], - "Condition": { - "ForAllValues:StringLike": { - "aws:TagKeys": "LaunchWizard*" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CBGI56NFS", - "PolicyName": "AmazonEC2RolePolicyForLaunchWizard", - "UpdateDate": "2022-01-27T23:01:20+00:00", - "VersionId": "v9" - }, - "AmazonEC2RoleforAWSCodeDeploy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy", - "AttachmentCount": 0, - "CreateDate": "2015-05-19T18:10:14+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:GetObjectVersion", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIAZKXZ27TAJ4PVWGK", - "PolicyName": "AmazonEC2RoleforAWSCodeDeploy", - "UpdateDate": "2017-03-20T17:14:10+00:00", - "VersionId": "v2" - }, - "AmazonEC2RoleforAWSCodeDeployLimited": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeployLimited", - "AttachmentCount": 0, - "CreateDate": "2020-08-24T17:55:18+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "s3:GetObject", - "s3:GetObjectVersion", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*/CodeDeploy/*" - }, - { - "Action": [ - "s3:GetObject", - "s3:GetObjectVersion" - ], - "Condition": { - "StringEquals": { - "s3:ExistingObjectTag/UseWithCodeDeploy": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NN2A7WC6C", - "PolicyName": "AmazonEC2RoleforAWSCodeDeployLimited", - "UpdateDate": "2022-01-20T21:37:31+00:00", - "VersionId": "v2" - }, - "AmazonEC2RoleforDataPipelineRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforDataPipelineRole", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:25+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:*", - "datapipeline:*", - "dynamodb:*", - "ec2:Describe*", - "elasticmapreduce:AddJobFlowSteps", - "elasticmapreduce:Describe*", - "elasticmapreduce:ListInstance*", - "elasticmapreduce:ModifyInstanceGroups", - "rds:Describe*", - "redshift:DescribeClusters", - "redshift:DescribeClusterSecurityGroups", - "s3:*", - "sdb:*", - "sns:*", - "sqs:*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ3Z5I2WAJE5DN2J36", - "PolicyName": "AmazonEC2RoleforDataPipelineRole", - "UpdateDate": "2016-02-22T17:24:05+00:00", - "VersionId": "v3" - }, - "AmazonEC2RoleforSSM": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM", - "AttachmentCount": 0, - "CreateDate": "2015-05-29T17:48:35+00:00", - "DefaultVersionId": "v8", - "Document": { - "Statement": [ - { - "Action": [ - "ssm:DescribeAssociation", - "ssm:GetDeployablePatchSnapshotForInstance", - "ssm:GetDocument", - "ssm:DescribeDocument", - "ssm:GetManifest", - "ssm:GetParameters", - "ssm:ListAssociations", - "ssm:ListInstanceAssociations", - "ssm:PutInventory", - "ssm:PutComplianceItems", - "ssm:PutConfigurePackageResult", - "ssm:UpdateAssociationStatus", - "ssm:UpdateInstanceAssociationStatus", - "ssm:UpdateInstanceInformation" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ssmmessages:CreateControlChannel", - "ssmmessages:CreateDataChannel", - "ssmmessages:OpenControlChannel", - "ssmmessages:OpenDataChannel" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2messages:AcknowledgeMessage", - "ec2messages:DeleteMessage", - "ec2messages:FailMessage", - "ec2messages:GetEndpoint", - "ec2messages:GetMessages", - "ec2messages:SendReply" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:PutMetricData" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeInstanceStatus" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ds:CreateComputer", - "ds:DescribeDirectories" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:PutObject", - "s3:GetObject", - "s3:GetEncryptionConfiguration", - "s3:AbortMultipartUpload", - "s3:ListMultipartUploadParts", - "s3:ListBucket", - "s3:ListBucketMultipartUploads" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI6TL3SMY22S4KMMX6", - "PolicyName": "AmazonEC2RoleforSSM", - "UpdateDate": "2019-01-24T19:20:51+00:00", - "VersionId": "v8" - }, - "AmazonEC2SpotFleetAutoscaleRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetAutoscaleRole", - "AttachmentCount": 0, - "CreateDate": "2016-08-19T18:27:22+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeSpotFleetRequests", - "ec2:ModifySpotFleetRequest" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "cloudwatch:DescribeAlarms", - "cloudwatch:PutMetricAlarm", - "cloudwatch:DeleteAlarms" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "ec2.application-autoscaling.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/ec2.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_EC2SpotFleetRequest" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIMFFRMIOBGDP2TAVE", - "PolicyName": "AmazonEC2SpotFleetAutoscaleRole", - "UpdateDate": "2019-02-18T19:17:03+00:00", - "VersionId": "v3" - }, - "AmazonEC2SpotFleetTaggingRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole", - "AttachmentCount": 0, - "CreateDate": "2017-06-29T18:19:29+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeImages", - "ec2:DescribeSubnets", - "ec2:RequestSpotInstances", - "ec2:TerminateInstances", - "ec2:DescribeInstanceStatus", - "ec2:CreateTags", - "ec2:RunInstances" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "ec2.amazonaws.com", - "ec2.amazonaws.com.cn" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "elasticloadbalancing:RegisterInstancesWithLoadBalancer" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:elasticloadbalancing:*:*:loadbalancer/*" - ] - }, - { - "Action": [ - "elasticloadbalancing:RegisterTargets" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:elasticloadbalancing:*:*:*/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ5U6UMLCEYLX5OLC4", - "PolicyName": "AmazonEC2SpotFleetTaggingRole", - "UpdateDate": "2020-04-23T19:30:49+00:00", - "VersionId": "v5" - }, - "AmazonECSServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonECSServiceRolePolicy", - "AttachmentCount": 1, - "CreateDate": "2017-10-14T01:18:58+00:00", - "DefaultVersionId": "v8", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:AttachNetworkInterface", - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:DeleteNetworkInterface", - "ec2:DeleteNetworkInterfacePermission", - "ec2:Describe*", - "ec2:DetachNetworkInterface", - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", - "elasticloadbalancing:DeregisterTargets", - "elasticloadbalancing:Describe*", - "elasticloadbalancing:RegisterInstancesWithLoadBalancer", - "elasticloadbalancing:RegisterTargets", - "route53:ChangeResourceRecordSets", - "route53:CreateHealthCheck", - "route53:DeleteHealthCheck", - "route53:Get*", - "route53:List*", - "route53:UpdateHealthCheck", - "servicediscovery:DeregisterInstance", - "servicediscovery:Get*", - "servicediscovery:List*", - "servicediscovery:RegisterInstance", - "servicediscovery:UpdateInstanceCustomHealthStatus" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ECSTaskManagement" - }, - { - "Action": [ - "autoscaling:Describe*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AutoScaling" - }, - { - "Action": [ - "autoscaling:DeletePolicy", - "autoscaling:PutScalingPolicy", - "autoscaling:SetInstanceProtection", - "autoscaling:UpdateAutoScalingGroup" - ], - "Condition": { - "Null": { - "autoscaling:ResourceTag/AmazonECSManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AutoScalingManagement" - }, - { - "Action": [ - "autoscaling-plans:CreateScalingPlan", - "autoscaling-plans:DeleteScalingPlan", - "autoscaling-plans:DescribeScalingPlans" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AutoScalingPlanManagement" - }, - { - "Action": [ - "cloudwatch:DeleteAlarms", - "cloudwatch:DescribeAlarms", - "cloudwatch:PutMetricAlarm" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudwatch:*:*:alarm:*", - "Sid": "CWAlarmManagement" - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:network-interface/*", - "Sid": "ECSTagging" - }, - { - "Action": [ - "logs:CreateLogGroup", - "logs:DescribeLogGroups", - "logs:PutRetentionPolicy" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/ecs/*", - "Sid": "CWLogGroupManagement" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/ecs/*:log-stream:*", - "Sid": "CWLogStreamManagement" - }, - { - "Action": [ - "ssm:DescribeSessions" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ExecuteCommandSessionManagement" - }, - { - "Action": [ - "ssm:StartSession" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ecs:*:*:task/*", - "arn:aws:ssm:*:*:document/AmazonECS-ExecuteInteractiveCommand" - ], - "Sid": "ExecuteCommand" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIVUWKCAI7URU4WUEI", - "PolicyName": "AmazonECSServiceRolePolicy", - "UpdateDate": "2021-01-13T20:04:13+00:00", - "VersionId": "v8" - }, - "AmazonECSTaskExecutionRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy", - "AttachmentCount": 1, - "CreateDate": "2017-11-16T18:48:22+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ecr:GetAuthorizationToken", - "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJG4T4G4PV56DE72PY", - "PolicyName": "AmazonECSTaskExecutionRolePolicy", - "UpdateDate": "2017-11-16T18:48:22+00:00", - "VersionId": "v1" - }, - "AmazonECS_FullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonECS_FullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-11-07T21:36:54+00:00", - "DefaultVersionId": "v19", - "Document": { - "Statement": [ - { - "Action": [ - "application-autoscaling:DeleteScalingPolicy", - "application-autoscaling:DeregisterScalableTarget", - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DescribeScalingActivities", - "application-autoscaling:DescribeScalingPolicies", - "application-autoscaling:PutScalingPolicy", - "application-autoscaling:RegisterScalableTarget", - "appmesh:DescribeVirtualGateway", - "appmesh:DescribeVirtualNode", - "appmesh:ListMeshes", - "appmesh:ListVirtualGateways", - "appmesh:ListVirtualNodes", - "autoscaling:CreateAutoScalingGroup", - "autoscaling:CreateLaunchConfiguration", - "autoscaling:DeleteAutoScalingGroup", - "autoscaling:DeleteLaunchConfiguration", - "autoscaling:Describe*", - "autoscaling:UpdateAutoScalingGroup", - "cloudformation:CreateStack", - "cloudformation:DeleteStack", - "cloudformation:DescribeStack*", - "cloudformation:UpdateStack", - "cloudwatch:DeleteAlarms", - "cloudwatch:DescribeAlarms", - "cloudwatch:GetMetricStatistics", - "cloudwatch:PutMetricAlarm", - "codedeploy:BatchGetApplicationRevisions", - "codedeploy:BatchGetApplications", - "codedeploy:BatchGetDeploymentGroups", - "codedeploy:BatchGetDeployments", - "codedeploy:ContinueDeployment", - "codedeploy:CreateApplication", - "codedeploy:CreateDeployment", - "codedeploy:CreateDeploymentGroup", - "codedeploy:GetApplication", - "codedeploy:GetApplicationRevision", - "codedeploy:GetDeployment", - "codedeploy:GetDeploymentConfig", - "codedeploy:GetDeploymentGroup", - "codedeploy:GetDeploymentTarget", - "codedeploy:ListApplicationRevisions", - "codedeploy:ListApplications", - "codedeploy:ListDeploymentConfigs", - "codedeploy:ListDeploymentGroups", - "codedeploy:ListDeployments", - "codedeploy:ListDeploymentTargets", - "codedeploy:RegisterApplicationRevision", - "codedeploy:StopDeployment", - "ec2:AssociateRouteTable", - "ec2:AttachInternetGateway", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CancelSpotFleetRequests", - "ec2:CreateInternetGateway", - "ec2:CreateLaunchTemplate", - "ec2:CreateRoute", - "ec2:CreateRouteTable", - "ec2:CreateSecurityGroup", - "ec2:CreateSubnet", - "ec2:CreateVpc", - "ec2:DeleteLaunchTemplate", - "ec2:DeleteSubnet", - "ec2:DeleteVpc", - "ec2:Describe*", - "ec2:DetachInternetGateway", - "ec2:DisassociateRouteTable", - "ec2:ModifySubnetAttribute", - "ec2:ModifyVpcAttribute", - "ec2:RequestSpotFleet", - "ec2:RunInstances", - "ecs:*", - "elasticfilesystem:DescribeAccessPoints", - "elasticfilesystem:DescribeFileSystems", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:CreateRule", - "elasticloadbalancing:CreateTargetGroup", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:DeleteRule", - "elasticloadbalancing:DeleteTargetGroup", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTargetGroups", - "events:DeleteRule", - "events:DescribeRule", - "events:ListRuleNamesByTarget", - "events:ListTargetsByRule", - "events:PutRule", - "events:PutTargets", - "events:RemoveTargets", - "fsx:DescribeFileSystems", - "iam:ListAttachedRolePolicies", - "iam:ListInstanceProfiles", - "iam:ListRoles", - "lambda:ListFunctions", - "logs:CreateLogGroup", - "logs:DescribeLogGroups", - "logs:FilterLogEvents", - "route53:CreateHostedZone", - "route53:DeleteHostedZone", - "route53:GetHealthCheck", - "route53:GetHostedZone", - "route53:ListHostedZonesByName", - "servicediscovery:CreatePrivateDnsNamespace", - "servicediscovery:CreateService", - "servicediscovery:DeleteService", - "servicediscovery:GetNamespace", - "servicediscovery:GetOperation", - "servicediscovery:GetService", - "servicediscovery:ListNamespaces", - "servicediscovery:ListServices", - "servicediscovery:UpdateService", - "sns:ListTopics" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ssm:GetParameter", - "ssm:GetParameters", - "ssm:GetParametersByPath" - ], - "Effect": "Allow", - "Resource": "arn:aws:ssm:*:*:parameter/aws/service/ecs*" - }, - { - "Action": [ - "ec2:DeleteInternetGateway", - "ec2:DeleteRoute", - "ec2:DeleteRouteTable", - "ec2:DeleteSecurityGroup" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/aws:cloudformation:stack-name": "EC2ContainerService-*" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringLike": { - "iam:PassedToService": "ecs-tasks.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringLike": { - "iam:PassedToService": [ - "ec2.amazonaws.com", - "ec2.amazonaws.com.cn" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/ecsInstanceRole*" - ] - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringLike": { - "iam:PassedToService": [ - "application-autoscaling.amazonaws.com", - "application-autoscaling.amazonaws.com.cn" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/ecsAutoscaleRole*" - ] - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": [ - "autoscaling.amazonaws.com", - "ecs.amazonaws.com", - "ecs.application-autoscaling.amazonaws.com", - "spot.amazonaws.com", - "spotfleet.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ7S7AN6YQPTJC7IFS", - "PolicyName": "AmazonECS_FullAccess", - "UpdateDate": "2020-10-12T21:02:23+00:00", - "VersionId": "v19" - }, - "AmazonEKSClusterPolicy": { - "Arn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", - "AttachmentCount": 0, - "CreateDate": "2018-05-27T21:06:14+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:UpdateAutoScalingGroup", - "ec2:AttachVolume", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateRoute", - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:CreateVolume", - "ec2:DeleteRoute", - "ec2:DeleteSecurityGroup", - "ec2:DeleteVolume", - "ec2:DescribeInstances", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVolumes", - "ec2:DescribeVolumesModifications", - "ec2:DescribeVpcs", - "ec2:DescribeDhcpOptions", - "ec2:DescribeNetworkInterfaces", - "ec2:DetachVolume", - "ec2:ModifyInstanceAttribute", - "ec2:ModifyVolume", - "ec2:RevokeSecurityGroupIngress", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAddresses", - "ec2:DescribeInternetGateways", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", - "elasticloadbalancing:AttachLoadBalancerToSubnets", - "elasticloadbalancing:ConfigureHealthCheck", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:CreateLoadBalancerListeners", - "elasticloadbalancing:CreateLoadBalancerPolicy", - "elasticloadbalancing:CreateTargetGroup", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:DeleteLoadBalancerListeners", - "elasticloadbalancing:DeleteTargetGroup", - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", - "elasticloadbalancing:DeregisterTargets", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTargetGroupAttributes", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:DetachLoadBalancerFromSubnets", - "elasticloadbalancing:ModifyListener", - "elasticloadbalancing:ModifyLoadBalancerAttributes", - "elasticloadbalancing:ModifyTargetGroup", - "elasticloadbalancing:ModifyTargetGroupAttributes", - "elasticloadbalancing:RegisterInstancesWithLoadBalancer", - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer", - "elasticloadbalancing:SetLoadBalancerPoliciesOfListener", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIBTLDQMIC6UOIGFWA", - "PolicyName": "AmazonEKSClusterPolicy", - "UpdateDate": "2021-06-15T20:57:05+00:00", - "VersionId": "v5" - }, - "AmazonEKSConnectorServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSConnectorServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-09-04T20:31:08+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ssm:CreateActivation", - "ssm:DescribeInstanceInformation", - "ssm:DeleteActivation" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AccessSSMService" - }, - { - "Action": [ - "ssm:StartSession" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:eks:*:*:cluster/*", - "arn:aws:ssm:*::document/AmazonEKS-ExecuteNonInteractiveCommand" - ], - "Sid": "ConnectorAgentStartSession" - }, - { - "Action": [ - "ssm:DeregisterManagedInstance" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:eks:*:*:cluster/*" - ], - "Sid": "ConnectorAgentDeregister" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "ssm.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "PassAnyRoleToSsm" - }, - { - "Action": "events:PutRule", - "Condition": { - "StringEquals": { - "events:ManagedBy": "eks-connector.amazonaws.com", - "events:source": "aws.ssm" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "PutManagedEventRule" - }, - { - "Action": "events:PutTargets", - "Condition": { - "StringEquals": { - "events:ManagedBy": "eks-connector.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "PutManagedEventTarget" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4H2PH3AV2C", - "PolicyName": "AmazonEKSConnectorServiceRolePolicy", - "UpdateDate": "2021-09-04T20:31:08+00:00", - "VersionId": "v1" - }, - "AmazonEKSFargatePodExecutionRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-11-22T04:34:29+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ecr:GetAuthorizationToken", - "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FJRXZH7YQ", - "PolicyName": "AmazonEKSFargatePodExecutionRolePolicy", - "UpdateDate": "2019-11-22T04:34:29+00:00", - "VersionId": "v1" - }, - "AmazonEKSForFargateServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSForFargateServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-11-22T04:36:25+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeDhcpOptions", - "ec2:DescribeRouteTables" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JAUTVFICB", - "PolicyName": "AmazonEKSForFargateServiceRolePolicy", - "UpdateDate": "2019-11-22T04:36:25+00:00", - "VersionId": "v1" - }, - "AmazonEKSServicePolicy": { - "Arn": "arn:aws:iam::aws:policy/AmazonEKSServicePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-05-27T21:08:21+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:DeleteNetworkInterface", - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DetachNetworkInterface", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:ModifyNetworkInterfaceAttribute", - "iam:ListAttachedRolePolicies", - "eks:UpdateClusterVersion" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:vpc/*", - "arn:aws:ec2:*:*:subnet/*" - ] - }, - { - "Action": "route53:AssociateVPCWithHostedZone", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "logs:CreateLogGroup", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:DescribeLogStreams" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*:*" - }, - { - "Action": "logs:PutLogEvents", - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*:*:*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "eks.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJFCNXU6HPGCIVXYDI", - "PolicyName": "AmazonEKSServicePolicy", - "UpdateDate": "2020-05-27T19:27:03+00:00", - "VersionId": "v6" - }, - "AmazonEKSServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-02-21T20:10:47+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DetachNetworkInterface", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:CreateNetworkInterfacePermission", - "iam:ListAttachedRolePolicies", - "ec2:CreateSecurityGroup" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DeleteSecurityGroup", - "ec2:RevokeSecurityGroupIngress", - "ec2:AuthorizeSecurityGroupIngress" - ], - "Condition": { - "ForAnyValue:StringLike": { - "ec2:ResourceTag/Name": "eks-cluster-sg*" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:security-group/*" - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "ForAnyValue:StringLike": { - "aws:TagKeys": [ - "kubernetes.io/cluster/*" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:vpc/*", - "arn:aws:ec2:*:*:subnet/*" - ] - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "ForAnyValue:StringLike": { - "aws:RequestTag/Name": "eks-cluster-sg*", - "aws:TagKeys": [ - "kubernetes.io/cluster/*" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:security-group/*" - ] - }, - { - "Action": "route53:AssociateVPCWithHostedZone", - "Effect": "Allow", - "Resource": "arn:aws:route53:::hostedzone/*" - }, - { - "Action": "logs:CreateLogGroup", - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:DescribeLogStreams" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*:*" - }, - { - "Action": "logs:PutLogEvents", - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*:*:*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KZBLSP26Y", - "PolicyName": "AmazonEKSServiceRolePolicy", - "UpdateDate": "2020-05-27T19:30:19+00:00", - "VersionId": "v2" - }, - "AmazonEKSVPCResourceController": { - "Arn": "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController", - "AttachmentCount": 0, - "CreateDate": "2020-08-12T00:55:34+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "ec2:CreateNetworkInterfacePermission", - "Condition": { - "ForAnyValue:StringEquals": { - "ec2:ResourceTag/eks:eni:owner": "eks-vpc-resource-controller" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateNetworkInterface", - "ec2:DetachNetworkInterface", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:DeleteNetworkInterface", - "ec2:AttachNetworkInterface", - "ec2:UnassignPrivateIpAddresses", - "ec2:AssignPrivateIpAddresses" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PBOFT2NNA", - "PolicyName": "AmazonEKSVPCResourceController", - "UpdateDate": "2020-08-12T00:55:34+00:00", - "VersionId": "v1" - }, - "AmazonEKSWorkerNodePolicy": { - "Arn": "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-05-27T21:09:01+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVolumes", - "ec2:DescribeVolumesModifications", - "ec2:DescribeVpcs", - "eks:DescribeCluster" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIBVMOY52IPQ6HD3PO", - "PolicyName": "AmazonEKSWorkerNodePolicy", - "UpdateDate": "2018-05-27T21:09:01+00:00", - "VersionId": "v1" - }, - "AmazonEKS_CNI_Policy": { - "Arn": "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy", - "AttachmentCount": 0, - "CreateDate": "2018-05-27T21:07:42+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:AssignPrivateIpAddresses", - "ec2:AttachNetworkInterface", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeInstances", - "ec2:DescribeTags", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeInstanceTypes", - "ec2:DetachNetworkInterface", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:UnassignPrivateIpAddresses" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:network-interface/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJWLAS474LDBXNNTM4", - "PolicyName": "AmazonEKS_CNI_Policy", - "UpdateDate": "2020-04-20T20:52:01+00:00", - "VersionId": "v4" - }, - "AmazonEMRCleanupPolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEMRCleanupPolicy", - "AttachmentCount": 1, - "CreateDate": "2017-09-26T23:54:19+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeSpotInstanceRequests", - "ec2:DeleteLaunchTemplate", - "ec2:ModifyInstanceAttribute", - "ec2:TerminateInstances", - "ec2:CancelSpotInstanceRequests", - "ec2:DeleteNetworkInterface", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeVolumeStatus", - "ec2:DescribeVolumes", - "ec2:DetachVolume", - "ec2:DeleteVolume", - "ec2:DescribePlacementGroups", - "ec2:DeletePlacementGroup" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI4YEZURRMKACW56EA", - "PolicyName": "AmazonEMRCleanupPolicy", - "UpdateDate": "2020-09-29T21:11:54+00:00", - "VersionId": "v3" - }, - "AmazonEMRContainersServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEMRContainersServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-12-09T00:38:19+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "eks:DescribeCluster", - "ec2:DescribeRouteTables", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", - "elasticloadbalancing:DescribeInstanceHealth", - "elasticloadbalancing:DescribeLoadBalancers" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "acm:ImportCertificate", - "acm:AddTagsToCertificate" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/emr-container:endpoint:managed-certificate": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "acm:DeleteCertificate" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/emr-container:endpoint:managed-certificate": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4P24YZ52G4", - "PolicyName": "AmazonEMRContainersServiceRolePolicy", - "UpdateDate": "2021-12-03T19:55:44+00:00", - "VersionId": "v2" - }, - "AmazonEMRFullAccessPolicy_v2": { - "Arn": "arn:aws:iam::aws:policy/AmazonEMRFullAccessPolicy_v2", - "AttachmentCount": 0, - "CreateDate": "2021-03-12T01:50:29+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "elasticmapreduce:RunJobFlow" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/for-use-with-amazon-emr-managed-policies": "true" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "RunJobFlowExplicitlyWithEMRManagedTag" - }, - { - "Action": [ - "elasticmapreduce:AddInstanceFleet", - "elasticmapreduce:AddInstanceGroups", - "elasticmapreduce:AddJobFlowSteps", - "elasticmapreduce:AddTags", - "elasticmapreduce:CancelSteps", - "elasticmapreduce:CreateEditor", - "elasticmapreduce:CreateSecurityConfiguration", - "elasticmapreduce:DeleteEditor", - "elasticmapreduce:DeleteSecurityConfiguration", - "elasticmapreduce:DescribeCluster", - "elasticmapreduce:DescribeEditor", - "elasticmapreduce:DescribeJobFlows", - "elasticmapreduce:DescribeSecurityConfiguration", - "elasticmapreduce:DescribeStep", - "elasticmapreduce:GetBlockPublicAccessConfiguration", - "elasticmapreduce:GetManagedScalingPolicy", - "elasticmapreduce:ListBootstrapActions", - "elasticmapreduce:ListClusters", - "elasticmapreduce:ListEditors", - "elasticmapreduce:ListInstanceFleets", - "elasticmapreduce:ListInstanceGroups", - "elasticmapreduce:ListInstances", - "elasticmapreduce:ListSecurityConfigurations", - "elasticmapreduce:ListSteps", - "elasticmapreduce:ModifyCluster", - "elasticmapreduce:ModifyInstanceFleet", - "elasticmapreduce:ModifyInstanceGroups", - "elasticmapreduce:OpenEditorInConsole", - "elasticmapreduce:PutAutoScalingPolicy", - "elasticmapreduce:PutBlockPublicAccessConfiguration", - "elasticmapreduce:PutManagedScalingPolicy", - "elasticmapreduce:RemoveAutoScalingPolicy", - "elasticmapreduce:RemoveManagedScalingPolicy", - "elasticmapreduce:RemoveTags", - "elasticmapreduce:SetTerminationProtection", - "elasticmapreduce:StartEditor", - "elasticmapreduce:StopEditor", - "elasticmapreduce:TerminateJobFlows", - "elasticmapreduce:ViewEventsFromAllClustersInConsole" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ElasticMapReduceActions" - }, - { - "Action": [ - "cloudwatch:GetMetricStatistics" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ViewMetricsInEMRConsole" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringLike": { - "iam:PassedToService": "elasticmapreduce.amazonaws.com*" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/EMR_DefaultRole", - "Sid": "PassRoleForElasticMapReduce" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringLike": { - "iam:PassedToService": "ec2.amazonaws.com*" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/EMR_EC2_DefaultRole", - "Sid": "PassRoleForEC2" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringLike": { - "iam:PassedToService": "application-autoscaling.amazonaws.com*" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/EMR_AutoScaling_DefaultRole", - "Sid": "PassRoleForAutoScaling" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "elasticmapreduce.amazonaws.com", - "elasticmapreduce.amazonaws.com.cn" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/elasticmapreduce.amazonaws.com*/AWSServiceRoleForEMRCleanup*", - "Sid": "ElasticMapReduceServiceLinkedRole" - }, - { - "Action": [ - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeImages", - "ec2:DescribeKeyPairs", - "ec2:DescribeNatGateways", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeVpcEndpoints", - "s3:ListAllMyBuckets", - "iam:ListRoles" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ConsoleUIActions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4BK4MMWW4W", - "PolicyName": "AmazonEMRFullAccessPolicy_v2", - "UpdateDate": "2021-03-23T16:57:10+00:00", - "VersionId": "v2" - }, - "AmazonEMRReadOnlyAccessPolicy_v2": { - "Arn": "arn:aws:iam::aws:policy/AmazonEMRReadOnlyAccessPolicy_v2", - "AttachmentCount": 0, - "CreateDate": "2021-03-12T01:39:16+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "elasticmapreduce:DescribeCluster", - "elasticmapreduce:DescribeEditor", - "elasticmapreduce:DescribeJobFlows", - "elasticmapreduce:DescribeSecurityConfiguration", - "elasticmapreduce:DescribeStep", - "elasticmapreduce:GetBlockPublicAccessConfiguration", - "elasticmapreduce:GetManagedScalingPolicy", - "elasticmapreduce:ListBootstrapActions", - "elasticmapreduce:ListClusters", - "elasticmapreduce:ListEditors", - "elasticmapreduce:ListInstanceFleets", - "elasticmapreduce:ListInstanceGroups", - "elasticmapreduce:ListInstances", - "elasticmapreduce:ListSecurityConfigurations", - "elasticmapreduce:ListSteps", - "elasticmapreduce:ViewEventsFromAllClustersInConsole" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ElasticMapReduceActions" - }, - { - "Action": [ - "cloudwatch:GetMetricStatistics" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ViewMetricsInEMRConsole" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4GDFTJ74PD", - "PolicyName": "AmazonEMRReadOnlyAccessPolicy_v2", - "UpdateDate": "2021-03-12T01:39:16+00:00", - "VersionId": "v1" - }, - "AmazonEMRServicePolicy_v2": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEMRServicePolicy_v2", - "AttachmentCount": 0, - "CreateDate": "2021-03-12T01:11:08+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateNetworkInterface", - "ec2:RunInstances", - "ec2:CreateFleet", - "ec2:CreateLaunchTemplate", - "ec2:CreateLaunchTemplateVersion" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/for-use-with-amazon-emr-managed-policies": "true" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:security-group/*" - ], - "Sid": "CreateInTaggedNetwork" - }, - { - "Action": [ - "ec2:CreateFleet", - "ec2:RunInstances", - "ec2:CreateLaunchTemplateVersion" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/for-use-with-amazon-emr-managed-policies": "true" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:launch-template/*", - "Sid": "CreateWithEMRTaggedLaunchTemplate" - }, - { - "Action": "ec2:CreateLaunchTemplate", - "Condition": { - "StringEquals": { - "aws:RequestTag/for-use-with-amazon-emr-managed-policies": "true" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:launch-template/*", - "Sid": "CreateEMRTaggedLaunchTemplate" - }, - { - "Action": [ - "ec2:RunInstances", - "ec2:CreateFleet" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/for-use-with-amazon-emr-managed-policies": "true" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:volume/*" - ], - "Sid": "CreateEMRTaggedInstancesAndVolumes" - }, - { - "Action": [ - "ec2:RunInstances", - "ec2:CreateFleet", - "ec2:CreateLaunchTemplate", - "ec2:CreateLaunchTemplateVersion" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*::image/ami-*", - "arn:aws:ec2:*:*:key-pair/*", - "arn:aws:ec2:*:*:capacity-reservation/*", - "arn:aws:ec2:*:*:placement-group/EMR_*", - "arn:aws:ec2:*:*:fleet/*", - "arn:aws:ec2:*:*:dedicated-host/*", - "arn:aws:resource-groups:*:*:group/*" - ], - "Sid": "ResourcesToLaunchEC2" - }, - { - "Action": [ - "ec2:CreateLaunchTemplateVersion", - "ec2:DeleteLaunchTemplate", - "ec2:DeleteNetworkInterface", - "ec2:ModifyInstanceAttribute", - "ec2:TerminateInstances" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/for-use-with-amazon-emr-managed-policies": "true" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "ManageEMRTaggedResources" - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/for-use-with-amazon-emr-managed-policies": "true" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:launch-template/*" - ], - "Sid": "ManageTagsOnEMRTaggedResources" - }, - { - "Action": [ - "ec2:CreateNetworkInterface" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/for-use-with-amazon-emr-managed-policies": "true" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:network-interface/*" - ], - "Sid": "CreateNetworkInterfaceNeededForPrivateSubnet" - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "StringEquals": { - "ec2:CreateAction": [ - "RunInstances", - "CreateFleet", - "CreateLaunchTemplate", - "CreateNetworkInterface" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:launch-template/*" - ], - "Sid": "TagOnCreateTaggedEMRResources" - }, - { - "Action": [ - "ec2:CreateTags", - "ec2:DeleteTags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:placement-group/EMR_*" - ], - "Sid": "TagPlacementGroups" - }, - { - "Action": [ - "ec2:DescribeAccountAttributes", - "ec2:DescribeCapacityReservations", - "ec2:DescribeDhcpOptions", - "ec2:DescribeImages", - "ec2:DescribeInstances", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeNetworkAcls", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribePlacementGroups", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVolumes", - "ec2:DescribeVolumeStatus", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcs" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ListActionsForEC2Resources" - }, - { - "Action": [ - "ec2:CreateSecurityGroup" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/for-use-with-amazon-emr-managed-policies": "true" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:security-group/*" - ], - "Sid": "CreateDefaultSecurityGroupWithEMRTags" - }, - { - "Action": [ - "ec2:CreateSecurityGroup" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/for-use-with-amazon-emr-managed-policies": "true" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:vpc/*" - ], - "Sid": "CreateDefaultSecurityGroupInVPCWithEMRTags" - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/for-use-with-amazon-emr-managed-policies": "true", - "ec2:CreateAction": "CreateSecurityGroup" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:security-group/*", - "Sid": "TagOnCreateDefaultSecurityGroupWithEMRTags" - }, - { - "Action": [ - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:RevokeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/for-use-with-amazon-emr-managed-policies": "true" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "ManageSecurityGroups" - }, - { - "Action": [ - "ec2:CreatePlacementGroup" - ], - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:placement-group/EMR_*", - "Sid": "CreateEMRPlacementGroups" - }, - { - "Action": [ - "ec2:DeletePlacementGroup" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "DeletePlacementGroups" - }, - { - "Action": [ - "application-autoscaling:DeleteScalingPolicy", - "application-autoscaling:DeregisterScalableTarget", - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DescribeScalingPolicies", - "application-autoscaling:PutScalingPolicy", - "application-autoscaling:RegisterScalableTarget" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AutoScaling" - }, - { - "Action": [ - "resource-groups:ListGroupResources" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ResourceGroupsForCapacityReservations" - }, - { - "Action": [ - "cloudwatch:PutMetricAlarm", - "cloudwatch:DeleteAlarms", - "cloudwatch:DescribeAlarms" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudwatch:*:*:alarm:*_EMR_Auto_Scaling", - "Sid": "AutoScalingCloudWatch" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringLike": { - "iam:PassedToService": "application-autoscaling.amazonaws.com*" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/EMR_AutoScaling_DefaultRole", - "Sid": "PassRoleForAutoScaling" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringLike": { - "iam:PassedToService": "ec2.amazonaws.com*" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/EMR_EC2_DefaultRole", - "Sid": "PassRoleForEC2" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4M2DU3H3GW", - "PolicyName": "AmazonEMRServicePolicy_v2", - "UpdateDate": "2022-02-15T16:48:29+00:00", - "VersionId": "v2" - }, - "AmazonESCognitoAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonESCognitoAccess", - "AttachmentCount": 0, - "CreateDate": "2018-02-28T22:29:18+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "cognito-idp:DescribeUserPool", - "cognito-idp:CreateUserPoolClient", - "cognito-idp:DeleteUserPoolClient", - "cognito-idp:UpdateUserPoolClient", - "cognito-idp:DescribeUserPoolClient", - "cognito-idp:AdminInitiateAuth", - "cognito-idp:AdminUserGlobalSignOut", - "cognito-idp:ListUserPoolClients", - "cognito-identity:DescribeIdentityPool", - "cognito-identity:UpdateIdentityPool", - "cognito-identity:SetIdentityPoolRoles", - "cognito-identity:GetIdentityPoolRoles" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringLike": { - "iam:PassedToService": [ - "cognito-identity.amazonaws.com", - "cognito-identity-us-gov.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJL2FUMODIGNDPTZHO", - "PolicyName": "AmazonESCognitoAccess", - "UpdateDate": "2021-12-20T14:04:44+00:00", - "VersionId": "v2" - }, - "AmazonESFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonESFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-10-01T19:14:00+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "es:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJM6ZTCU24QL5PZCGC", - "PolicyName": "AmazonESFullAccess", - "UpdateDate": "2015-10-01T19:14:00+00:00", - "VersionId": "v1" - }, - "AmazonESReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonESReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-10-01T19:18:24+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "es:Describe*", - "es:List*", - "es:Get*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJUDMRLOQ7FPAR46FQ", - "PolicyName": "AmazonESReadOnlyAccess", - "UpdateDate": "2018-10-03T03:32:56+00:00", - "VersionId": "v2" - }, - "AmazonElastiCacheFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonElastiCacheFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:20+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": "elasticache:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "elasticache.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/elasticache.amazonaws.com/AWSServiceRoleForElastiCache" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIA2V44CPHAUAAECKG", - "PolicyName": "AmazonElastiCacheFullAccess", - "UpdateDate": "2017-12-07T17:48:26+00:00", - "VersionId": "v2" - }, - "AmazonElastiCacheReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:21+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "elasticache:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIPDACSNQHSENWAKM2", - "PolicyName": "AmazonElastiCacheReadOnlyAccess", - "UpdateDate": "2015-02-06T18:40:21+00:00", - "VersionId": "v1" - }, - "AmazonElasticContainerRegistryPublicFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-12-01T17:25:52+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ecr-public:*", - "sts:GetServiceBearerToken" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4F2SFMTI3G", - "PolicyName": "AmazonElasticContainerRegistryPublicFullAccess", - "UpdateDate": "2020-12-01T17:25:52+00:00", - "VersionId": "v1" - }, - "AmazonElasticContainerRegistryPublicPowerUser": { - "Arn": "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicPowerUser", - "AttachmentCount": 0, - "CreateDate": "2020-12-01T16:16:54+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ecr-public:GetAuthorizationToken", - "sts:GetServiceBearerToken", - "ecr-public:BatchCheckLayerAvailability", - "ecr-public:GetRepositoryPolicy", - "ecr-public:DescribeRepositories", - "ecr-public:DescribeRegistries", - "ecr-public:DescribeImages", - "ecr-public:DescribeImageTags", - "ecr-public:GetRepositoryCatalogData", - "ecr-public:GetRegistryCatalogData", - "ecr-public:InitiateLayerUpload", - "ecr-public:UploadLayerPart", - "ecr-public:CompleteLayerUpload", - "ecr-public:PutImage" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4P6F7N3OP7", - "PolicyName": "AmazonElasticContainerRegistryPublicPowerUser", - "UpdateDate": "2020-12-01T16:16:54+00:00", - "VersionId": "v1" - }, - "AmazonElasticContainerRegistryPublicReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicReadOnly", - "AttachmentCount": 0, - "CreateDate": "2020-12-01T17:27:04+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ecr-public:GetAuthorizationToken", - "sts:GetServiceBearerToken", - "ecr-public:BatchCheckLayerAvailability", - "ecr-public:GetRepositoryPolicy", - "ecr-public:DescribeRepositories", - "ecr-public:DescribeRegistries", - "ecr-public:DescribeImages", - "ecr-public:DescribeImageTags", - "ecr-public:GetRepositoryCatalogData", - "ecr-public:GetRegistryCatalogData" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4AD7UYLF25", - "PolicyName": "AmazonElasticContainerRegistryPublicReadOnly", - "UpdateDate": "2020-12-01T17:27:04+00:00", - "VersionId": "v1" - }, - "AmazonElasticFileSystemClientFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-01-13T16:27:00+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "elasticfilesystem:ClientMount", - "elasticfilesystem:ClientRootAccess", - "elasticfilesystem:ClientWrite", - "elasticfilesystem:DescribeMountTargets" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KAMR2MLDF", - "PolicyName": "AmazonElasticFileSystemClientFullAccess", - "UpdateDate": "2020-01-13T16:27:00+00:00", - "VersionId": "v1" - }, - "AmazonElasticFileSystemClientReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-01-13T16:24:36+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "elasticfilesystem:ClientMount", - "elasticfilesystem:DescribeMountTargets" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LBXR6UPYS", - "PolicyName": "AmazonElasticFileSystemClientReadOnlyAccess", - "UpdateDate": "2020-01-13T16:24:36+00:00", - "VersionId": "v1" - }, - "AmazonElasticFileSystemClientReadWriteAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientReadWriteAccess", - "AttachmentCount": 0, - "CreateDate": "2020-01-13T16:21:55+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "elasticfilesystem:ClientMount", - "elasticfilesystem:ClientWrite", - "elasticfilesystem:DescribeMountTargets" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4H74P6RBOF", - "PolicyName": "AmazonElasticFileSystemClientReadWriteAccess", - "UpdateDate": "2020-01-13T16:21:55+00:00", - "VersionId": "v1" - }, - "AmazonElasticFileSystemFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-05-27T16:22:28+00:00", - "DefaultVersionId": "v8", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:DescribeAlarmsForMetric", - "cloudwatch:GetMetricData", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeNetworkInterfaceAttribute", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcs", - "ec2:ModifyNetworkInterfaceAttribute", - "elasticfilesystem:CreateFileSystem", - "elasticfilesystem:CreateMountTarget", - "elasticfilesystem:CreateTags", - "elasticfilesystem:CreateAccessPoint", - "elasticfilesystem:CreateReplicationConfiguration", - "elasticfilesystem:DeleteFileSystem", - "elasticfilesystem:DeleteMountTarget", - "elasticfilesystem:DeleteTags", - "elasticfilesystem:DeleteAccessPoint", - "elasticfilesystem:DeleteFileSystemPolicy", - "elasticfilesystem:DeleteReplicationConfiguration", - "elasticfilesystem:DescribeAccountPreferences", - "elasticfilesystem:DescribeBackupPolicy", - "elasticfilesystem:DescribeFileSystems", - "elasticfilesystem:DescribeFileSystemPolicy", - "elasticfilesystem:DescribeLifecycleConfiguration", - "elasticfilesystem:DescribeMountTargets", - "elasticfilesystem:DescribeMountTargetSecurityGroups", - "elasticfilesystem:DescribeTags", - "elasticfilesystem:DescribeAccessPoints", - "elasticfilesystem:DescribeReplicationConfigurations", - "elasticfilesystem:ModifyMountTargetSecurityGroups", - "elasticfilesystem:PutAccountPreferences", - "elasticfilesystem:PutBackupPolicy", - "elasticfilesystem:PutLifecycleConfiguration", - "elasticfilesystem:PutFileSystemPolicy", - "elasticfilesystem:UpdateFileSystem", - "elasticfilesystem:TagResource", - "elasticfilesystem:UntagResource", - "elasticfilesystem:ListTagsForResource", - "elasticfilesystem:Backup", - "elasticfilesystem:Restore", - "kms:DescribeKey", - "kms:ListAliases" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "elasticfilesystem.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJKXTMNVQGIDNCKPBC", - "PolicyName": "AmazonElasticFileSystemFullAccess", - "UpdateDate": "2022-01-10T19:03:16+00:00", - "VersionId": "v8" - }, - "AmazonElasticFileSystemReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-05-27T16:25:25+00:00", - "DefaultVersionId": "v7", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:DescribeAlarmsForMetric", - "cloudwatch:GetMetricData", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeNetworkInterfaceAttribute", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcs", - "elasticfilesystem:DescribeAccountPreferences", - "elasticfilesystem:DescribeBackupPolicy", - "elasticfilesystem:DescribeFileSystems", - "elasticfilesystem:DescribeFileSystemPolicy", - "elasticfilesystem:DescribeLifecycleConfiguration", - "elasticfilesystem:DescribeMountTargets", - "elasticfilesystem:DescribeMountTargetSecurityGroups", - "elasticfilesystem:DescribeTags", - "elasticfilesystem:DescribeAccessPoints", - "elasticfilesystem:DescribeReplicationConfigurations", - "elasticfilesystem:ListTagsForResource", - "kms:ListAliases" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIPN5S4NE5JJOKVC4Y", - "PolicyName": "AmazonElasticFileSystemReadOnlyAccess", - "UpdateDate": "2022-01-10T18:53:37+00:00", - "VersionId": "v7" - }, - "AmazonElasticFileSystemServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonElasticFileSystemServiceRolePolicy", - "AttachmentCount": 1, - "CreateDate": "2019-11-05T16:52:41+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "backup-storage:MountCapsule", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeNetworkInterfaceAttribute", - "ec2:ModifyNetworkInterfaceAttribute", - "tag:GetResources" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": "arn:aws:kms:*:*:key/*" - }, - { - "Action": [ - "backup:CreateBackupVault", - "backup:PutBackupVaultAccessPolicy" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:backup:*:*:backup-vault:aws/efs/automatic-backup-vault" - ] - }, - { - "Action": [ - "backup:CreateBackupPlan", - "backup:CreateBackupSelection" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:backup:*:*:backup-plan:*" - ] - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "backup.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": "backup.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/backup.amazonaws.com/AWSServiceRoleForBackup" - ] - }, - { - "Action": [ - "elasticfilesystem:DescribeFileSystems", - "elasticfilesystem:CreateReplicationConfiguration", - "elasticfilesystem:DescribeReplicationConfigurations", - "elasticfilesystem:DeleteReplicationConfiguration" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FXCJYWBN7", - "PolicyName": "AmazonElasticFileSystemServiceRolePolicy", - "UpdateDate": "2022-01-10T19:27:33+00:00", - "VersionId": "v4" - }, - "AmazonElasticFileSystemsUtils": { - "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemsUtils", - "AttachmentCount": 0, - "CreateDate": "2020-09-29T15:16:47+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ssm:DescribeAssociation", - "ssm:GetDeployablePatchSnapshotForInstance", - "ssm:GetDocument", - "ssm:DescribeDocument", - "ssm:GetManifest", - "ssm:GetParameter", - "ssm:GetParameters", - "ssm:ListAssociations", - "ssm:ListInstanceAssociations", - "ssm:PutInventory", - "ssm:PutComplianceItems", - "ssm:PutConfigurePackageResult", - "ssm:UpdateAssociationStatus", - "ssm:UpdateInstanceAssociationStatus", - "ssm:UpdateInstanceInformation" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ssmmessages:CreateControlChannel", - "ssmmessages:CreateDataChannel", - "ssmmessages:OpenControlChannel", - "ssmmessages:OpenDataChannel" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2messages:AcknowledgeMessage", - "ec2messages:DeleteMessage", - "ec2messages:FailMessage", - "ec2messages:GetEndpoint", - "ec2messages:GetMessages", - "ec2messages:SendReply" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "elasticfilesystem:DescribeMountTargets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeAvailabilityZones" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:DescribeLogGroups", - "logs:CreateLogStream", - "logs:CreateLogGroup", - "logs:PutRetentionPolicy" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KVOAQRKXW", - "PolicyName": "AmazonElasticFileSystemsUtils", - "UpdateDate": "2020-09-29T15:16:47+00:00", - "VersionId": "v1" - }, - "AmazonElasticMapReduceEditorsRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceEditorsRole", - "AttachmentCount": 0, - "CreateDate": "2018-11-16T21:55:25+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateSecurityGroup", - "ec2:DescribeSecurityGroups", - "ec2:RevokeSecurityGroupEgress", - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:DeleteNetworkInterface", - "ec2:DeleteNetworkInterfacePermission", - "ec2:DescribeNetworkInterfaces", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:DescribeTags", - "ec2:DescribeInstances", - "ec2:DescribeSubnets", - "elasticmapreduce:ListInstances", - "elasticmapreduce:DescribeCluster" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": [ - "aws:elasticmapreduce:editor-id", - "aws:elasticmapreduce:job-flow-id" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:network-interface/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIBI5CIE6OHUIGLYVG", - "PolicyName": "AmazonElasticMapReduceEditorsRole", - "UpdateDate": "2018-11-16T21:55:25+00:00", - "VersionId": "v1" - }, - "AmazonElasticMapReduceFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonElasticMapReduceFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:22+00:00", - "DefaultVersionId": "v7", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:*", - "cloudformation:CreateStack", - "cloudformation:DescribeStackEvents", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:CancelSpotInstanceRequests", - "ec2:CreateRoute", - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:DeleteRoute", - "ec2:DeleteTags", - "ec2:DeleteSecurityGroup", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeAccountAttributes", - "ec2:DescribeInstances", - "ec2:DescribeKeyPairs", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSpotInstanceRequests", - "ec2:DescribeSpotPriceHistory", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcs", - "ec2:DescribeRouteTables", - "ec2:DescribeNetworkAcls", - "ec2:CreateVpcEndpoint", - "ec2:ModifyImageAttribute", - "ec2:ModifyInstanceAttribute", - "ec2:RequestSpotInstances", - "ec2:RevokeSecurityGroupEgress", - "ec2:RunInstances", - "ec2:TerminateInstances", - "elasticmapreduce:*", - "iam:GetPolicy", - "iam:GetPolicyVersion", - "iam:ListRoles", - "iam:PassRole", - "kms:List*", - "s3:*", - "sdb:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": [ - "elasticmapreduce.amazonaws.com", - "elasticmapreduce.amazonaws.com.cn" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIZP5JFP3AMSGINBB2", - "PolicyName": "AmazonElasticMapReduceFullAccess", - "UpdateDate": "2019-10-11T15:19:30+00:00", - "VersionId": "v7" - }, - "AmazonElasticMapReducePlacementGroupPolicy": { - "Arn": "arn:aws:iam::aws:policy/AmazonElasticMapReducePlacementGroupPolicy", - "AttachmentCount": 0, - "CreateDate": "2020-09-29T00:37:08+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DeletePlacementGroup", - "ec2:DescribePlacementGroups" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreatePlacementGroup" - ], - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:placement-group/EMR_*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LC2KU77YD", - "PolicyName": "AmazonElasticMapReducePlacementGroupPolicy", - "UpdateDate": "2020-09-29T00:37:08+00:00", - "VersionId": "v1" - }, - "AmazonElasticMapReduceReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonElasticMapReduceReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:23+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "elasticmapreduce:Describe*", - "elasticmapreduce:List*", - "elasticmapreduce:GetBlockPublicAccessConfiguration", - "elasticmapreduce:ViewEventsFromAllClustersInConsole", - "s3:GetObject", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "sdb:Select", - "cloudwatch:GetMetricStatistics" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIHP6NH2S6GYFCOINC", - "PolicyName": "AmazonElasticMapReduceReadOnlyAccess", - "UpdateDate": "2020-07-29T23:14:09+00:00", - "VersionId": "v3" - }, - "AmazonElasticMapReduceRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole", - "AttachmentCount": 1, - "CreateDate": "2015-02-06T18:41:20+00:00", - "DefaultVersionId": "v10", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CancelSpotInstanceRequests", - "ec2:CreateFleet", - "ec2:CreateLaunchTemplate", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:DeleteLaunchTemplate", - "ec2:DeleteNetworkInterface", - "ec2:DeleteSecurityGroup", - "ec2:DeleteTags", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeAccountAttributes", - "ec2:DescribeDhcpOptions", - "ec2:DescribeImages", - "ec2:DescribeInstanceStatus", - "ec2:DescribeInstances", - "ec2:DescribeKeyPairs", - "ec2:DescribeLaunchTemplates", - "ec2:DescribeNetworkAcls", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribePrefixLists", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSpotInstanceRequests", - "ec2:DescribeSpotPriceHistory", - "ec2:DescribeSubnets", - "ec2:DescribeTags", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcEndpointServices", - "ec2:DescribeVpcs", - "ec2:DetachNetworkInterface", - "ec2:ModifyImageAttribute", - "ec2:ModifyInstanceAttribute", - "ec2:RequestSpotInstances", - "ec2:RevokeSecurityGroupEgress", - "ec2:RunInstances", - "ec2:TerminateInstances", - "ec2:DeleteVolume", - "ec2:DescribeVolumeStatus", - "ec2:DescribeVolumes", - "ec2:DetachVolume", - "iam:GetRole", - "iam:GetRolePolicy", - "iam:ListInstanceProfiles", - "iam:ListRolePolicies", - "iam:PassRole", - "s3:CreateBucket", - "s3:Get*", - "s3:List*", - "sdb:BatchPutAttributes", - "sdb:Select", - "sqs:CreateQueue", - "sqs:Delete*", - "sqs:GetQueue*", - "sqs:PurgeQueue", - "sqs:ReceiveMessage", - "cloudwatch:PutMetricAlarm", - "cloudwatch:DescribeAlarms", - "cloudwatch:DeleteAlarms", - "application-autoscaling:RegisterScalableTarget", - "application-autoscaling:DeregisterScalableTarget", - "application-autoscaling:PutScalingPolicy", - "application-autoscaling:DeleteScalingPolicy", - "application-autoscaling:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "spot.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIDI2BQT2LKXZG36TW", - "PolicyName": "AmazonElasticMapReduceRole", - "UpdateDate": "2020-06-24T22:24:20+00:00", - "VersionId": "v10" - }, - "AmazonElasticMapReduceforAutoScalingRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforAutoScalingRole", - "AttachmentCount": 1, - "CreateDate": "2016-11-18T01:09:10+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:DescribeAlarms", - "elasticmapreduce:ListInstanceGroups", - "elasticmapreduce:ModifyInstanceGroups" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJSVXG6QHPE6VHDZ4Q", - "PolicyName": "AmazonElasticMapReduceforAutoScalingRole", - "UpdateDate": "2016-11-18T01:09:10+00:00", - "VersionId": "v1" - }, - "AmazonElasticMapReduceforEC2Role": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role", - "AttachmentCount": 1, - "CreateDate": "2015-02-06T18:41:21+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:*", - "dynamodb:*", - "ec2:Describe*", - "elasticmapreduce:Describe*", - "elasticmapreduce:ListBootstrapActions", - "elasticmapreduce:ListClusters", - "elasticmapreduce:ListInstanceGroups", - "elasticmapreduce:ListInstances", - "elasticmapreduce:ListSteps", - "kinesis:CreateStream", - "kinesis:DeleteStream", - "kinesis:DescribeStream", - "kinesis:GetRecords", - "kinesis:GetShardIterator", - "kinesis:MergeShards", - "kinesis:PutRecord", - "kinesis:SplitShard", - "rds:Describe*", - "s3:*", - "sdb:*", - "sns:*", - "sqs:*", - "glue:CreateDatabase", - "glue:UpdateDatabase", - "glue:DeleteDatabase", - "glue:GetDatabase", - "glue:GetDatabases", - "glue:CreateTable", - "glue:UpdateTable", - "glue:DeleteTable", - "glue:GetTable", - "glue:GetTables", - "glue:GetTableVersions", - "glue:CreatePartition", - "glue:BatchCreatePartition", - "glue:UpdatePartition", - "glue:DeletePartition", - "glue:BatchDeletePartition", - "glue:GetPartition", - "glue:GetPartitions", - "glue:BatchGetPartition", - "glue:CreateUserDefinedFunction", - "glue:UpdateUserDefinedFunction", - "glue:DeleteUserDefinedFunction", - "glue:GetUserDefinedFunction", - "glue:GetUserDefinedFunctions" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIGALS5RCDLZLB3PGS", - "PolicyName": "AmazonElasticMapReduceforEC2Role", - "UpdateDate": "2017-08-11T23:57:30+00:00", - "VersionId": "v3" - }, - "AmazonElasticTranscoderRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticTranscoderRole", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:26+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "s3:ListBucket", - "s3:Get*", - "s3:PutObject", - "s3:PutObjectAcl", - "s3:*MultipartUpload*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "1" - }, - { - "Action": [ - "sns:Publish" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "2" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJNW3WMKVXFJ2KPIQ2", - "PolicyName": "AmazonElasticTranscoderRole", - "UpdateDate": "2019-06-13T22:48:22+00:00", - "VersionId": "v2" - }, - "AmazonElasticTranscoder_FullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonElasticTranscoder_FullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-04-27T18:59:35+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "elastictranscoder:*", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "iam:ListRoles", - "sns:ListTopics" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": [ - "elastictranscoder.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAICFT6XVF3RSR4E7JG", - "PolicyName": "AmazonElasticTranscoder_FullAccess", - "UpdateDate": "2019-06-10T22:51:51+00:00", - "VersionId": "v2" - }, - "AmazonElasticTranscoder_JobsSubmitter": { - "Arn": "arn:aws:iam::aws:policy/AmazonElasticTranscoder_JobsSubmitter", - "AttachmentCount": 0, - "CreateDate": "2018-06-07T21:12:16+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "elastictranscoder:Read*", - "elastictranscoder:List*", - "elastictranscoder:*Job", - "elastictranscoder:*Preset", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "iam:ListRoles", - "sns:ListTopics" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ7AUMMRQOVZRI734S", - "PolicyName": "AmazonElasticTranscoder_JobsSubmitter", - "UpdateDate": "2019-06-10T22:49:34+00:00", - "VersionId": "v2" - }, - "AmazonElasticTranscoder_ReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonElasticTranscoder_ReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2018-06-07T21:09:56+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "elastictranscoder:Read*", - "elastictranscoder:List*", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "iam:ListRoles", - "sns:ListTopics" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI3R3CR6KVEWD4DPFY", - "PolicyName": "AmazonElasticTranscoder_ReadOnlyAccess", - "UpdateDate": "2019-06-10T22:48:32+00:00", - "VersionId": "v2" - }, - "AmazonElasticsearchServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonElasticsearchServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2017-07-07T00:15:31+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "elasticloadbalancing:AddListenerCertificates", - "elasticloadbalancing:RemoveListenerCertificates" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "Stmt1480452973134" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJFEWZPHXKLCVHEUIC", - "PolicyName": "AmazonElasticsearchServiceRolePolicy", - "UpdateDate": "2020-08-31T10:30:23+00:00", - "VersionId": "v3" - }, - "AmazonEventBridgeApiDestinationsServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEventBridgeApiDestinationsServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-02-11T20:52:05+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "secretsmanager:CreateSecret", - "secretsmanager:UpdateSecret", - "secretsmanager:DescribeSecret", - "secretsmanager:DeleteSecret", - "secretsmanager:GetSecretValue", - "secretsmanager:PutSecretValue" - ], - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:secret:events!connection/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4GHQV22EVJ", - "PolicyName": "AmazonEventBridgeApiDestinationsServiceRolePolicy", - "UpdateDate": "2021-02-11T20:52:05+00:00", - "VersionId": "v1" - }, - "AmazonEventBridgeFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-07-11T14:08:55+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": "events:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "apidestinations.events.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/AmazonEventBridgeApiDestinationsServiceRolePolicy" - }, - { - "Action": [ - "secretsmanager:CreateSecret", - "secretsmanager:UpdateSecret", - "secretsmanager:DeleteSecret", - "secretsmanager:GetSecretValue", - "secretsmanager:PutSecretValue" - ], - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:secret:events!*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringLike": { - "iam:PassedToService": "events.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4BUM4GCASI", - "PolicyName": "AmazonEventBridgeFullAccess", - "UpdateDate": "2021-03-04T18:56:38+00:00", - "VersionId": "v2" - }, - "AmazonEventBridgeReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonEventBridgeReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-07-11T13:59:07+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "events:DescribeRule", - "events:DescribeEventBus", - "events:DescribeEventSource", - "events:ListEventBuses", - "events:ListEventSources", - "events:ListRuleNamesByTarget", - "events:ListRules", - "events:ListTargetsByRule", - "events:TestEventPattern", - "events:DescribeArchive", - "events:ListArchives", - "events:DescribeReplay", - "events:ListReplays", - "events:DescribeConnection", - "events:ListConnections", - "events:DescribeApiDestination", - "events:ListApiDestinations" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4BDMP3LZME", - "PolicyName": "AmazonEventBridgeReadOnlyAccess", - "UpdateDate": "2021-03-04T19:08:31+00:00", - "VersionId": "v3" - }, - "AmazonEventBridgeSchemasFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonEventBridgeSchemasFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-11-28T23:12:53+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "schemas:*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonEventBridgeSchemasFullAccess" - }, - { - "Action": [ - "events:PutRule", - "events:PutTargets", - "events:EnableRule", - "events:DisableRule", - "events:DeleteRule", - "events:RemoveTargets", - "events:ListTargetsByRule" - ], - "Effect": "Allow", - "Resource": "arn:aws:events:*:*:rule/*Schemas*", - "Sid": "AmazonEventBridgeManageRule" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/schemas.amazonaws.com/AWSServiceRoleForSchemas", - "Sid": "IAMCreateServiceLinkedRoleForAmazonEventBridgeSchemas" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JF3KP3V5J", - "PolicyName": "AmazonEventBridgeSchemasFullAccess", - "UpdateDate": "2019-11-28T23:12:53+00:00", - "VersionId": "v1" - }, - "AmazonEventBridgeSchemasReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonEventBridgeSchemasReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-11-28T23:05:57+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "schemas:ListDiscoverers", - "schemas:DescribeDiscoverer", - "schemas:ListRegistries", - "schemas:DescribeRegistry", - "schemas:SearchSchemas", - "schemas:ListSchemas", - "schemas:ListSchemaVersions", - "schemas:DescribeSchema", - "schemas:GetDiscoveredSchema", - "schemas:DescribeCodeBinding", - "schemas:GetCodeBindingSource", - "schemas:ListTagsForResource", - "schemas:GetResourcePolicy" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonEventBridgeSchemasReadOnlyAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JK7CLVFIU", - "PolicyName": "AmazonEventBridgeSchemasReadOnlyAccess", - "UpdateDate": "2020-05-01T00:50:53+00:00", - "VersionId": "v2" - }, - "AmazonEventBridgeSchemasServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEventBridgeSchemasServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-11-27T01:10:40+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "events:PutRule", - "events:PutTargets", - "events:EnableRule", - "events:DisableRule", - "events:DeleteRule", - "events:RemoveTargets", - "events:ListTargetsByRule" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:events:*:*:rule/*Schemas-*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4GZI6BHNDI", - "PolicyName": "AmazonEventBridgeSchemasServiceRolePolicy", - "UpdateDate": "2019-11-27T01:10:40+00:00", - "VersionId": "v1" - }, - "AmazonFISServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonFISServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-12-21T21:18:19+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "events:PutRule", - "events:DeleteRule", - "events:PutTargets", - "events:RemoveTargets" - ], - "Condition": { - "StringEquals": { - "events:ManagedBy": "fis.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "EventBridge" - }, - { - "Action": [ - "events:DescribeRule" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "EventBridgeDescribe" - }, - { - "Action": [ - "tag:GetResources" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "Tagging" - }, - { - "Action": [ - "cloudwatch:DescribeAlarms", - "cloudwatch:DescribeAlarmHistory" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CloudWatch" - }, - { - "Action": [ - "ec2:DescribeInstances", - "iam:GetUser", - "iam:GetRole", - "iam:ListUsers", - "iam:ListRoles", - "rds:DescribeDBClusters", - "rds:DescribeDBInstances", - "ecs:DescribeClusters", - "ecs:DescribeTasks", - "ecs:ListTasks", - "eks:DescribeNodegroup" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "DescribeUserResources" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JLZR2TQJD", - "PolicyName": "AmazonFISServiceRolePolicy", - "UpdateDate": "2022-02-07T11:13:04+00:00", - "VersionId": "v5" - }, - "AmazonFSxConsoleFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonFSxConsoleFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-28T16:36:05+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:DescribeAlarms", - "ds:DescribeDirectories", - "ec2:DescribeNetworkInterfaceAttribute", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "firehose:ListDeliveryStreams", - "fsx:*", - "kms:ListAliases", - "logs:DescribeLogGroups", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "fsx.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "s3.data-source.lustre.fsx.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "fsx.amazonaws.com" - ] - }, - "StringEquals": { - "aws:RequestTag/AmazonFSx": "ManagedByAmazonFSx" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:route-table/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAITDDJ23Y5UZ2WCZRQ", - "PolicyName": "AmazonFSxConsoleFullAccess", - "UpdateDate": "2021-08-26T13:18:46+00:00", - "VersionId": "v5" - }, - "AmazonFSxConsoleReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonFSxConsoleReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-28T16:35:24+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:DescribeAlarms", - "ds:DescribeDirectories", - "ec2:DescribeNetworkInterfaceAttribute", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "firehose:ListDeliveryStreams", - "fsx:Describe*", - "fsx:ListTagsForResource", - "kms:DescribeKey", - "logs:DescribeLogGroups" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJQUISIZNHGLA6YQFM", - "PolicyName": "AmazonFSxConsoleReadOnlyAccess", - "UpdateDate": "2021-06-08T12:21:09+00:00", - "VersionId": "v3" - }, - "AmazonFSxFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonFSxFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-28T16:34:43+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "ds:DescribeDirectories", - "fsx:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "fsx.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "s3.data-source.lustre.fsx.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/fsx/*:log-group:*" - ] - }, - { - "Action": [ - "firehose:PutRecord" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:firehose:*:*:deliverystream/aws-fsx-*" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "fsx.amazonaws.com" - ] - }, - "StringEquals": { - "aws:RequestTag/AmazonFSx": "ManagedByAmazonFSx" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:route-table/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIEUV6Z2X4VNZRVB5I", - "PolicyName": "AmazonFSxFullAccess", - "UpdateDate": "2021-08-26T13:17:29+00:00", - "VersionId": "v3" - }, - "AmazonFSxReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonFSxReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-28T16:33:32+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "fsx:Describe*", - "fsx:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ4ICPKXR6KK32HT52", - "PolicyName": "AmazonFSxReadOnlyAccess", - "UpdateDate": "2018-11-28T16:33:32+00:00", - "VersionId": "v1" - }, - "AmazonFSxServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonFSxServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-11-28T10:38:37+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:PutMetricData", - "ds:AuthorizeApplication", - "ds:GetAuthorizedApplicationDetails", - "ds:UnauthorizeApplication", - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:DeleteNetworkInterface", - "ec2:DescribeAddresses", - "ec2:DescribeDhcpOptions", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DisassociateAddress", - "route53:AssociateVPCWithHostedZone" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": "AmazonFSx.FileSystemId" - }, - "StringEquals": { - "ec2:CreateAction": "CreateNetworkInterface" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:network-interface/*" - ] - }, - { - "Action": [ - "ec2:AssignPrivateIpAddresses", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:UnassignPrivateIpAddresses" - ], - "Condition": { - "Null": { - "aws:ResourceTag/AmazonFSx.FileSystemId": "false" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:network-interface/*" - ] - }, - { - "Action": [ - "ec2:CreateRoute", - "ec2:ReplaceRoute", - "ec2:DeleteRoute" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/AmazonFSx": "ManagedByAmazonFSx" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:route-table/*" - ] - }, - { - "Action": [ - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/fsx/*" - }, - { - "Action": [ - "firehose:DescribeDeliveryStream", - "firehose:PutRecord", - "firehose:PutRecordBatch" - ], - "Effect": "Allow", - "Resource": "arn:aws:firehose:*:*:deliverystream/aws-fsx-*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIVQ24YKVRBV5IYQ5G", - "PolicyName": "AmazonFSxServiceRolePolicy", - "UpdateDate": "2021-08-20T12:51:29+00:00", - "VersionId": "v5" - }, - "AmazonForecastFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonForecastFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-01-18T01:52:29+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "forecast:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": "forecast.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIAKOTFNTUECQVU7C4", - "PolicyName": "AmazonForecastFullAccess", - "UpdateDate": "2019-01-18T01:52:29+00:00", - "VersionId": "v1" - }, - "AmazonFraudDetectorFullAccessPolicy": { - "Arn": "arn:aws:iam::aws:policy/AmazonFraudDetectorFullAccessPolicy", - "AttachmentCount": 0, - "CreateDate": "2019-12-03T22:46:26+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "frauddetector:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sagemaker:ListEndpoints", - "sagemaker:DescribeEndpoint" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:ListAllMyBuckets", - "s3:GetBucketLocation" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:ListRoles" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": "frauddetector.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4AAPDEABT6", - "PolicyName": "AmazonFraudDetectorFullAccessPolicy", - "UpdateDate": "2019-12-03T22:46:26+00:00", - "VersionId": "v1" - }, - "AmazonFreeRTOSFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonFreeRTOSFullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-11-29T15:32:51+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "freertos:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJAN6PSDCOH6HXG2SE", - "PolicyName": "AmazonFreeRTOSFullAccess", - "UpdateDate": "2017-11-29T15:32:51+00:00", - "VersionId": "v1" - }, - "AmazonFreeRTOSOTAUpdate": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonFreeRTOSOTAUpdate", - "AttachmentCount": 0, - "CreateDate": "2018-08-27T22:43:07+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "s3:GetObjectVersion", - "s3:PutObject", - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::afr-ota*" - }, - { - "Action": [ - "signer:StartSigningJob", - "signer:DescribeSigningJob", - "signer:GetSigningProfile", - "signer:PutSigningProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:ListBucketVersions", - "s3:ListBucket", - "s3:ListAllMyBuckets", - "s3:GetBucketLocation" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iot:DeleteJob", - "iot:DescribeJob" - ], - "Effect": "Allow", - "Resource": "arn:aws:iot:*:*:job/AFR_OTA*" - }, - { - "Action": [ - "iot:DeleteStream" - ], - "Effect": "Allow", - "Resource": "arn:aws:iot:*:*:stream/AFR_OTA*" - }, - { - "Action": [ - "iot:CreateStream", - "iot:CreateJob" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAINC2TXHAYDOK3SWMU", - "PolicyName": "AmazonFreeRTOSOTAUpdate", - "UpdateDate": "2020-12-18T17:47:30+00:00", - "VersionId": "v3" - }, - "AmazonGlacierFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonGlacierFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:28+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "glacier:*", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJQSTZJWB2AXXAKHVQ", - "PolicyName": "AmazonGlacierFullAccess", - "UpdateDate": "2015-02-06T18:40:28+00:00", - "VersionId": "v1" - }, - "AmazonGlacierReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonGlacierReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:27+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "glacier:DescribeJob", - "glacier:DescribeVault", - "glacier:GetDataRetrievalPolicy", - "glacier:GetJobOutput", - "glacier:GetVaultAccessPolicy", - "glacier:GetVaultLock", - "glacier:GetVaultNotifications", - "glacier:ListJobs", - "glacier:ListMultipartUploads", - "glacier:ListParts", - "glacier:ListTagsForVault", - "glacier:ListVaults" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI2D5NJKMU274MET4E", - "PolicyName": "AmazonGlacierReadOnlyAccess", - "UpdateDate": "2016-05-05T18:46:10+00:00", - "VersionId": "v2" - }, - "AmazonGrafanaAthenaAccess": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonGrafanaAthenaAccess", - "AttachmentCount": 0, - "CreateDate": "2021-11-22T17:11:11+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "athena:GetDatabase", - "athena:GetDataCatalog", - "athena:GetTableMetadata", - "athena:ListDatabases", - "athena:ListDataCatalogs", - "athena:ListTableMetadata", - "athena:ListWorkGroups" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "athena:GetQueryExecution", - "athena:GetQueryResults", - "athena:GetWorkGroup", - "athena:StartQueryExecution", - "athena:StopQueryExecution" - ], - "Condition": { - "Null": { - "aws:ResourceTag/GrafanaDataSource": "false" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "glue:GetDatabase", - "glue:GetDatabases", - "glue:GetTable", - "glue:GetTables", - "glue:GetPartition", - "glue:GetPartitions", - "glue:BatchGetPartition" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:ListMultipartUploadParts", - "s3:AbortMultipartUpload", - "s3:CreateBucket", - "s3:PutObject", - "s3:PutBucketPublicAccessBlock" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::grafana-athena-query-results-*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4GXSPM7QQ7", - "PolicyName": "AmazonGrafanaAthenaAccess", - "UpdateDate": "2021-11-22T17:11:11+00:00", - "VersionId": "v1" - }, - "AmazonGrafanaRedshiftAccess": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonGrafanaRedshiftAccess", - "AttachmentCount": 0, - "CreateDate": "2021-11-26T23:15:15+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "redshift:DescribeClusters", - "redshift-data:GetStatementResult", - "redshift-data:DescribeStatement", - "secretsmanager:ListSecrets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "redshift-data:DescribeTable", - "redshift-data:ExecuteStatement", - "redshift-data:ListTables", - "redshift-data:ListSchemas" - ], - "Condition": { - "Null": { - "aws:ResourceTag/GrafanaDataSource": "false" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "redshift:GetClusterCredentials", - "Effect": "Allow", - "Resource": [ - "arn:aws:redshift:*:*:dbname:*/*", - "arn:aws:redshift:*:*:dbuser:*/redshift_data_api_user" - ] - }, - { - "Action": [ - "secretsmanager:GetSecretValue" - ], - "Condition": { - "Null": { - "secretsmanager:ResourceTag/RedshiftQueryOwner": "false" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4GQPUO5JGY", - "PolicyName": "AmazonGrafanaRedshiftAccess", - "UpdateDate": "2021-11-26T23:15:15+00:00", - "VersionId": "v1" - }, - "AmazonGuardDutyFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonGuardDutyFullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-11-28T22:31:30+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": "guardduty:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "guardduty.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "organizations:EnableAWSServiceAccess", - "organizations:RegisterDelegatedAdministrator", - "organizations:ListDelegatedAdministrators", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:DescribeOrganizationalUnit", - "organizations:DescribeAccount", - "organizations:DescribeOrganization" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIKUTKSN4KC63VDQUM", - "PolicyName": "AmazonGuardDutyFullAccess", - "UpdateDate": "2021-02-16T23:39:53+00:00", - "VersionId": "v2" - }, - "AmazonGuardDutyReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonGuardDutyReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2017-11-28T22:29:40+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "guardduty:Describe*", - "guardduty:Get*", - "guardduty:List*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "organizations:ListDelegatedAdministrators", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:DescribeOrganizationalUnit", - "organizations:DescribeAccount", - "organizations:DescribeOrganization" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIVMCEDV336RWUSNHG", - "PolicyName": "AmazonGuardDutyReadOnlyAccess", - "UpdateDate": "2021-02-16T23:37:57+00:00", - "VersionId": "v3" - }, - "AmazonGuardDutyServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonGuardDutyServiceRolePolicy", - "AttachmentCount": 1, - "CreateDate": "2017-11-28T20:12:59+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeImages", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeSubnets", - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeTransitGatewayAttachments", - "organizations:ListAccounts", - "organizations:DescribeAccount", - "s3:GetBucketPublicAccessBlock", - "s3:GetEncryptionConfiguration", - "s3:GetBucketTagging", - "s3:GetAccountPublicAccessBlock", - "s3:ListAllMyBuckets", - "s3:GetBucketAcl", - "s3:GetBucketPolicy", - "s3:GetBucketPolicyStatus" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIHZREZOWNSSA6FWQO", - "PolicyName": "AmazonGuardDutyServiceRolePolicy", - "UpdateDate": "2021-08-03T23:14:07+00:00", - "VersionId": "v4" - }, - "AmazonHealthLakeFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonHealthLakeFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-02-17T01:07:05+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "healthlake:*", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "s3:GetBucketLocation", - "iam:ListRoles" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": "healthlake.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4OMJS7NARX", - "PolicyName": "AmazonHealthLakeFullAccess", - "UpdateDate": "2021-02-17T01:07:05+00:00", - "VersionId": "v1" - }, - "AmazonHealthLakeReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonHealthLakeReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2021-02-17T02:43:31+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "healthlake:ListFHIRDatastores", - "healthlake:DescribeFHIRDatastore", - "healthlake:DescribeFHIRImportJob", - "healthlake:DescribeFHIRExportJob", - "healthlake:GetCapabilities", - "healthlake:ReadResource", - "healthlake:SearchWithGet", - "healthlake:SearchWithPost" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MIFB6JFLV", - "PolicyName": "AmazonHealthLakeReadOnlyAccess", - "UpdateDate": "2021-02-17T02:43:31+00:00", - "VersionId": "v1" - }, - "AmazonHoneycodeFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-06-24T20:28:11+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "honeycode:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4ECUH6WAX6", - "PolicyName": "AmazonHoneycodeFullAccess", - "UpdateDate": "2020-06-24T20:28:11+00:00", - "VersionId": "v1" - }, - "AmazonHoneycodeReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-06-24T20:28:16+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "honeycode:List*", - "honeycode:Get*", - "honeycode:Describe*", - "honeycode:Query*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CRFGMHZ3B", - "PolicyName": "AmazonHoneycodeReadOnlyAccess", - "UpdateDate": "2020-12-01T17:27:53+00:00", - "VersionId": "v2" - }, - "AmazonHoneycodeServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonHoneycodeServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-11-18T18:03:08+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "sso:GetManagedApplicationInstance" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4COQCKOKUQ", - "PolicyName": "AmazonHoneycodeServiceRolePolicy", - "UpdateDate": "2020-11-18T18:03:08+00:00", - "VersionId": "v1" - }, - "AmazonHoneycodeTeamAssociationFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeTeamAssociationFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-06-24T20:28:27+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "honeycode:ListTeamAssociations", - "honeycode:ApproveTeamAssociation", - "honeycode:RejectTeamAssociation" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JH4KLR35J", - "PolicyName": "AmazonHoneycodeTeamAssociationFullAccess", - "UpdateDate": "2020-06-24T20:28:27+00:00", - "VersionId": "v1" - }, - "AmazonHoneycodeTeamAssociationReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeTeamAssociationReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-06-24T20:27:46+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "honeycode:ListTeamAssociations" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KRI4FOLPG", - "PolicyName": "AmazonHoneycodeTeamAssociationReadOnlyAccess", - "UpdateDate": "2020-06-24T20:27:46+00:00", - "VersionId": "v1" - }, - "AmazonHoneycodeWorkbookFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeWorkbookFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-06-24T20:28:46+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "honeycode:GetScreenData", - "honeycode:InvokeScreenAutomation", - "honeycode:BatchCreateTableRows", - "honeycode:BatchDeleteTableRows", - "honeycode:BatchUpdateTableRows", - "honeycode:BatchUpsertTableRows", - "honeycode:DescribeTableDataImportJob", - "honeycode:ListTableColumns", - "honeycode:ListTableRows", - "honeycode:ListTables", - "honeycode:QueryTableRows", - "honeycode:StartTableDataImportJob" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4OQLA2WKSW", - "PolicyName": "AmazonHoneycodeWorkbookFullAccess", - "UpdateDate": "2020-12-01T17:30:06+00:00", - "VersionId": "v2" - }, - "AmazonHoneycodeWorkbookReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeWorkbookReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-06-24T20:28:07+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "honeycode:GetScreenData", - "honeycode:DescribeTableDataImportJob", - "honeycode:ListTableColumns", - "honeycode:ListTableRows", - "honeycode:ListTables", - "honeycode:QueryTableRows" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4GUHKYOSNH", - "PolicyName": "AmazonHoneycodeWorkbookReadOnlyAccess", - "UpdateDate": "2020-12-01T17:32:49+00:00", - "VersionId": "v2" - }, - "AmazonInspector2FullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonInspector2FullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-11-29T19:10:15+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "inspector2:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "inspector2.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "organizations:EnableAWSServiceAccess", - "organizations:RegisterDelegatedAdministrator", - "organizations:ListDelegatedAdministrators", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:DescribeOrganizationalUnit", - "organizations:DescribeAccount", - "organizations:DescribeOrganization" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CK4E7UETF", - "PolicyName": "AmazonInspector2FullAccess", - "UpdateDate": "2021-11-29T19:10:15+00:00", - "VersionId": "v1" - }, - "AmazonInspector2ReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonInspector2ReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2022-01-21T14:45:14+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "organizations:ListDelegatedAdministrators", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:DescribeOrganizationalUnit", - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "inspector2:ListAccountPermissions", - "inspector2:ListMembers", - "inspector2:ListFilters", - "inspector2:DescribeOrganizationConfiguration", - "inspector2:GetMember", - "inspector2:BatchGetFreeTrialInfo", - "inspector2:ListUsageTotals", - "inspector2:ListCoverageStatistics", - "inspector2:BatchGetAccountStatus", - "inspector2:ListFindings", - "inspector2:ListFindingAggregations", - "inspector2:ListCoverage", - "inspector2:GetDelegatedAdminAccount", - "inspector2:GetFindingsReportStatus", - "inspector2:ListDelegatedAdminAccounts", - "inspector2:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4IASIMCEPM", - "PolicyName": "AmazonInspector2ReadOnlyAccess", - "UpdateDate": "2022-01-21T14:45:14+00:00", - "VersionId": "v1" - }, - "AmazonInspector2ServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonInspector2ServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-11-16T20:27:48+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "directconnect:DescribeConnections", - "directconnect:DescribeDirectConnectGatewayAssociations", - "directconnect:DescribeDirectConnectGatewayAttachments", - "directconnect:DescribeDirectConnectGateways", - "directconnect:DescribeVirtualGateways", - "directconnect:DescribeVirtualInterfaces", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeCustomerGateways", - "ec2:DescribeInstances", - "ec2:DescribeInternetGateways", - "ec2:DescribeManagedPrefixLists", - "ec2:DescribeNatGateways", - "ec2:DescribeNetworkAcls", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribePrefixLists", - "ec2:DescribeRegions", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeTransitGatewayAttachments", - "ec2:DescribeTransitGatewayConnects", - "ec2:DescribeTransitGatewayPeeringAttachments", - "ec2:DescribeTransitGatewayRouteTables", - "ec2:DescribeTransitGatewayVpcAttachments", - "ec2:DescribeTransitGateways", - "ec2:DescribeVpcEndpointServiceConfigurations", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeVpcs", - "ec2:DescribeVpnConnections", - "ec2:DescribeVpnGateways", - "ec2:GetManagedPrefixListEntries", - "ec2:GetTransitGatewayRouteTablePropagations", - "ec2:SearchTransitGatewayRoutes", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTags", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "network-firewall:DescribeFirewall", - "network-firewall:DescribeFirewallPolicy", - "network-firewall:DescribeResourcePolicy", - "network-firewall:DescribeRuleGroup", - "network-firewall:ListFirewallPolicies", - "network-firewall:ListFirewalls", - "network-firewall:ListRuleGroups", - "tiros:CreateQuery", - "tiros:GetQueryAnswer" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "TirosPolicy" - }, - { - "Action": [ - "ecr:BatchGetImage", - "ecr:BatchGetRepositoryScanningConfiguration", - "ecr:DescribeImages", - "ecr:DescribeRegistry", - "ecr:DescribeRepositories", - "ecr:GetAuthorizationToken", - "ecr:GetDownloadUrlForLayer", - "ecr:GetRegistryScanningConfiguration", - "ecr:ListImages", - "ecr:PutRegistryScanningConfiguration", - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:ListAccounts", - "ssm:DescribeAssociation", - "ssm:DescribeInstanceInformation", - "ssm:ListAssociations", - "ssm:ListResourceDataSync", - "ssm:StartAssociationsOnce", - "ssm:DeleteAssociation", - "ssm:UpdateAssociation" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "PackageVulnerabilityScanning" - }, - { - "Action": [ - "ssm:CreateAssociation" - ], - "Effect": "Allow", - "Resource": [ - "arn:*:ec2:*:*:instance/*", - "arn:aws:ssm:*:*:document/AWS-GatherSoftwareInventory", - "arn:*:ssm:*:*:managed-instance/*" - ], - "Sid": "GatherInventory" - }, - { - "Action": [ - "ssm:CreateResourceDataSync", - "ssm:DeleteResourceDataSync" - ], - "Effect": "Allow", - "Resource": [ - "arn:*:ssm:*:*:resource-data-sync/InspectorResourceDataSync-do-not-delete" - ], - "Sid": "DataSyncCleanup" - }, - { - "Action": [ - "events:PutRule", - "events:DeleteRule", - "events:DescribeRule", - "events:ListTargetsByRule", - "events:PutTargets", - "events:RemoveTargets" - ], - "Effect": "Allow", - "Resource": [ - "arn:*:events:*:*:rule/DO-NOT-DELETE-AmazonInspector*ManagedRule" - ], - "Sid": "ManagedRules" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4BINOILVQW", - "PolicyName": "AmazonInspector2ServiceRolePolicy", - "UpdateDate": "2021-11-16T20:27:48+00:00", - "VersionId": "v1" - }, - "AmazonInspectorFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonInspectorFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-10-07T17:08:04+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "inspector:*", - "ec2:DescribeInstances", - "ec2:DescribeTags", - "sns:ListTopics", - "events:DescribeRule", - "events:ListRuleNamesByTarget" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "inspector.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "inspector.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/inspector.amazonaws.com/AWSServiceRoleForAmazonInspector" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI7Y6NTA27NWNA5U5E", - "PolicyName": "AmazonInspectorFullAccess", - "UpdateDate": "2017-12-21T14:53:31+00:00", - "VersionId": "v5" - }, - "AmazonInspectorReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonInspectorReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-10-07T17:08:01+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "inspector:Describe*", - "inspector:Get*", - "inspector:List*", - "inspector:Preview*", - "ec2:DescribeInstances", - "ec2:DescribeTags", - "sns:ListTopics", - "events:DescribeRule", - "events:ListRuleNamesByTarget" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJXQNTHTEJ2JFRN2SE", - "PolicyName": "AmazonInspectorReadOnlyAccess", - "UpdateDate": "2019-10-01T15:17:54+00:00", - "VersionId": "v4" - }, - "AmazonInspectorServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonInspectorServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2017-11-21T15:48:27+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "directconnect:DescribeConnections", - "directconnect:DescribeDirectConnectGateways", - "directconnect:DescribeDirectConnectGatewayAssociations", - "directconnect:DescribeDirectConnectGatewayAttachments", - "directconnect:DescribeVirtualGateways", - "directconnect:DescribeVirtualInterfaces", - "directconnect:DescribeTags", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeCustomerGateways", - "ec2:DescribeInstances", - "ec2:DescribeTags", - "ec2:DescribeInternetGateways", - "ec2:DescribeNatGateways", - "ec2:DescribeNetworkAcls", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribePrefixLists", - "ec2:DescribeRegions", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeVpcs", - "ec2:DescribeVpnConnections", - "ec2:DescribeVpnGateways", - "ec2:DescribeManagedPrefixLists", - "ec2:GetManagedPrefixListEntries", - "ec2:DescribeVpcEndpointServiceConfigurations", - "ec2:DescribeTransitGateways", - "ec2:DescribeTransitGatewayAttachments", - "ec2:DescribeTransitGatewayVpcAttachments", - "ec2:DescribeTransitGatewayRouteTables", - "ec2:SearchTransitGatewayRoutes", - "ec2:DescribeTransitGatewayPeeringAttachments", - "ec2:GetTransitGatewayRouteTablePropagations", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTags", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJKBMSBWLU2TGXHHUQ", - "PolicyName": "AmazonInspectorServiceRolePolicy", - "UpdateDate": "2020-09-11T17:12:02+00:00", - "VersionId": "v5" - }, - "AmazonKendraFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonKendraFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-12-03T16:15:37+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": "kendra.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:ListRoles" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeSecurityGroups", - "ec2:DescribeVpcs", - "ec2:DescribeSubnets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:ListKeys", - "kms:ListAliases", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:ListAllMyBuckets", - "s3:GetBucketLocation" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "secretsmanager:ListSecrets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:GetMetricData" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "secretsmanager:CreateSecret", - "secretsmanager:DescribeSecret" - ], - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:secret:AmazonKendra-*" - }, - { - "Action": "kendra:*", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4BK2ALV3AM", - "PolicyName": "AmazonKendraFullAccess", - "UpdateDate": "2019-12-03T16:15:37+00:00", - "VersionId": "v1" - }, - "AmazonKendraReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonKendraReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-12-03T16:13:45+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "kendra:Describe*", - "kendra:List*", - "kendra:Query", - "kendra:GetQuerySuggestions" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4POKTT2LDN", - "PolicyName": "AmazonKendraReadOnlyAccess", - "UpdateDate": "2021-05-27T17:01:20+00:00", - "VersionId": "v2" - }, - "AmazonKeyspacesFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonKeyspacesFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-04-23T17:06:37+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "cassandra:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "application-autoscaling:DeleteScalingPolicy", - "application-autoscaling:DeleteScheduledAction", - "application-autoscaling:DeregisterScalableTarget", - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DescribeScalingActivities", - "application-autoscaling:DescribeScalingPolicies", - "application-autoscaling:DescribeScheduledActions", - "application-autoscaling:PutScheduledAction", - "application-autoscaling:PutScalingPolicy", - "application-autoscaling:RegisterScalableTarget", - "kms:DescribeKey", - "kms:ListAliases" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:DeleteAlarms", - "cloudwatch:DescribeAlarms", - "cloudwatch:PutMetricAlarm" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "cassandra.application-autoscaling.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/cassandra.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_CassandraTable" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4HMS72N6JG", - "PolicyName": "AmazonKeyspacesFullAccess", - "UpdateDate": "2021-06-01T19:31:39+00:00", - "VersionId": "v2" - }, - "AmazonKeyspacesReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonKeyspacesReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-04-23T17:07:14+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "cassandra:Select" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DescribeScalingActivities", - "application-autoscaling:DescribeScalingPolicies", - "application-autoscaling:DescribeScheduledActions", - "cloudwatch:DescribeAlarms", - "kms:DescribeKey", - "kms:ListAliases" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LHLFMFIPN", - "PolicyName": "AmazonKeyspacesReadOnlyAccess", - "UpdateDate": "2021-06-01T19:32:47+00:00", - "VersionId": "v2" - }, - "AmazonKinesisAnalyticsFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsFullAccess", - "AttachmentCount": 0, - "CreateDate": "2016-09-21T19:01:14+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "kinesisanalytics:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kinesis:CreateStream", - "kinesis:DeleteStream", - "kinesis:DescribeStream", - "kinesis:ListStreams", - "kinesis:PutRecord", - "kinesis:PutRecords" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "firehose:DescribeDeliveryStream", - "firehose:ListDeliveryStreams" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "logs:GetLogEvents", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:ListPolicyVersions", - "iam:ListRoles" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/service-role/kinesis-analytics*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJQOSKHTXP43R7P5AC", - "PolicyName": "AmazonKinesisAnalyticsFullAccess", - "UpdateDate": "2016-09-21T19:01:14+00:00", - "VersionId": "v1" - }, - "AmazonKinesisAnalyticsReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsReadOnly", - "AttachmentCount": 0, - "CreateDate": "2016-09-21T18:16:43+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "kinesisanalytics:Describe*", - "kinesisanalytics:Get*", - "kinesisanalytics:List*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kinesis:DescribeStream", - "kinesis:ListStreams" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "firehose:DescribeDeliveryStream", - "firehose:ListDeliveryStreams" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "logs:GetLogEvents", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:ListPolicyVersions", - "iam:ListRoles" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIJIEXZAFUK43U7ARK", - "PolicyName": "AmazonKinesisAnalyticsReadOnly", - "UpdateDate": "2016-09-21T18:16:43+00:00", - "VersionId": "v1" - }, - "AmazonKinesisFirehoseFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonKinesisFirehoseFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-10-07T18:45:26+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "firehose:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJMZQMTZ7FRBFHHAHI", - "PolicyName": "AmazonKinesisFirehoseFullAccess", - "UpdateDate": "2015-10-07T18:45:26+00:00", - "VersionId": "v1" - }, - "AmazonKinesisFirehoseReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonKinesisFirehoseReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-10-07T18:43:39+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "firehose:Describe*", - "firehose:List*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ36NT645INW4K24W6", - "PolicyName": "AmazonKinesisFirehoseReadOnlyAccess", - "UpdateDate": "2015-10-07T18:43:39+00:00", - "VersionId": "v1" - }, - "AmazonKinesisFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonKinesisFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:29+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "kinesis:*", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIVF32HAMOXCUYRAYE", - "PolicyName": "AmazonKinesisFullAccess", - "UpdateDate": "2015-02-06T18:40:29+00:00", - "VersionId": "v1" - }, - "AmazonKinesisReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonKinesisReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:30+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "kinesis:Get*", - "kinesis:List*", - "kinesis:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIOCMTDT5RLKZ2CAJO", - "PolicyName": "AmazonKinesisReadOnlyAccess", - "UpdateDate": "2015-02-06T18:40:30+00:00", - "VersionId": "v1" - }, - "AmazonKinesisVideoStreamsFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonKinesisVideoStreamsFullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-12-01T23:27:18+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "kinesisvideo:*", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIZAN5AK7E7UVYIAZY", - "PolicyName": "AmazonKinesisVideoStreamsFullAccess", - "UpdateDate": "2017-12-01T23:27:18+00:00", - "VersionId": "v1" - }, - "AmazonKinesisVideoStreamsReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonKinesisVideoStreamsReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2017-12-01T23:14:32+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "kinesisvideo:Describe*", - "kinesisvideo:Get*", - "kinesisvideo:List*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJDS2DKUCYTEA7M6UA", - "PolicyName": "AmazonKinesisVideoStreamsReadOnlyAccess", - "UpdateDate": "2017-12-01T23:14:32+00:00", - "VersionId": "v1" - }, - "AmazonLaunchWizard_Fullaccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonLaunchWizard_Fullaccess", - "AttachmentCount": 0, - "CreateDate": "2020-08-06T17:47:30+00:00", - "DefaultVersionId": "v12", - "Document": { - "Statement": [ - { - "Action": "applicationinsights:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "resource-groups:List*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "route53:ChangeResourceRecordSets", - "route53:GetChange", - "route53:ListResourceRecordSets", - "route53:ListHostedZones", - "route53:ListHostedZonesByName" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:ListAllMyBuckets", - "s3:ListBucket", - "s3:GetBucketLocation" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:ListKeys", - "kms:ListAliases" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:List*", - "cloudwatch:Get*", - "cloudwatch:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateInternetGateway", - "ec2:CreateNatGateway", - "ec2:CreateVpc", - "ec2:CreateKeyPair", - "ec2:CreateRoute", - "ec2:CreateRouteTable", - "ec2:CreateSubnet" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AllocateAddress", - "ec2:AllocateHosts", - "ec2:AssignPrivateIpAddresses", - "ec2:AssociateAddress", - "ec2:CreateDhcpOptions", - "ec2:CreateEgressOnlyInternetGateway", - "ec2:CreateNetworkInterface", - "ec2:CreateVolume", - "ec2:CreateVpcEndpoint", - "ec2:CreateTags", - "ec2:DeleteTags", - "ec2:RunInstances", - "ec2:StartInstances", - "ec2:ModifyInstanceAttribute", - "ec2:ModifySubnetAttribute", - "ec2:ModifyVolumeAttribute", - "ec2:ModifyVpcAttribute", - "ec2:AssociateDhcpOptions", - "ec2:AssociateSubnetCidrBlock", - "ec2:AttachInternetGateway", - "ec2:AttachNetworkInterface", - "ec2:AttachVolume", - "ec2:DeleteDhcpOptions", - "ec2:DeleteInternetGateway", - "ec2:DeleteKeyPair", - "ec2:DeleteNatGateway", - "ec2:DeleteSecurityGroup", - "ec2:DeleteVolume", - "ec2:DeleteVpc", - "ec2:DetachInternetGateway", - "ec2:DetachVolume", - "ec2:DeleteSnapshot", - "ec2:AssociateRouteTable", - "ec2:AssociateVpcCidrBlock", - "ec2:DeleteNetworkAcl", - "ec2:DeleteNetworkInterface", - "ec2:DeleteNetworkInterfacePermission", - "ec2:DeleteRoute", - "ec2:DeleteRouteTable", - "ec2:DeleteSubnet", - "ec2:DetachNetworkInterface", - "ec2:DisassociateAddress", - "ec2:DisassociateVpcCidrBlock", - "ec2:GetLaunchTemplateData", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:ModifyVolume", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:GetConsoleOutput", - "ec2:GetPasswordData", - "ec2:ReleaseAddress", - "ec2:ReplaceRoute", - "ec2:ReplaceRouteTableAssociation", - "ec2:RevokeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress", - "ec2:DisassociateIamInstanceProfile", - "ec2:DisassociateRouteTable", - "ec2:DisassociateSubnetCidrBlock", - "ec2:ModifyInstancePlacement", - "ec2:DeletePlacementGroup", - "ec2:CreatePlacementGroup", - "elasticfilesystem:DeleteFileSystem", - "elasticfilesystem:DeleteMountTarget", - "ds:AddIpRoutes", - "ds:CreateComputer", - "ds:CreateMicrosoftAD", - "ds:DeleteDirectory", - "servicecatalog:AssociateProductWithPortfolio", - "cloudformation:GetTemplateSummary", - "sts:GetCallerIdentity" - ], - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": "launchwizard.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudformation:DescribeStack*", - "cloudformation:Get*", - "cloudformation:ListStacks", - "cloudformation:SignalResource", - "cloudformation:DeleteStack" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:stack/LaunchWizard*/*", - "arn:aws:cloudformation:*:*:stack/ApplicationInsights*/*" - ] - }, - { - "Action": [ - "ec2:StopInstances", - "ec2:TerminateInstances" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/LaunchWizard-*/*" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:CreateInstanceProfile", - "iam:DeleteInstanceProfile", - "iam:RemoveRoleFromInstanceProfile", - "iam:AddRoleToInstanceProfile" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard*", - "arn:aws:iam::*:instance-profile/LaunchWizard*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEqualsIfExists": { - "iam:PassedToService": [ - "lambda.amazonaws.com", - "ec2.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard*", - "arn:aws:iam::*:role/service-role/AmazonLambdaRoleForLaunchWizard*", - "arn:aws:iam::*:instance-profile/LaunchWizard*" - ] - }, - { - "Action": [ - "autoscaling:AttachInstances", - "autoscaling:CreateAutoScalingGroup", - "autoscaling:CreateLaunchConfiguration", - "autoscaling:DeleteAutoScalingGroup", - "autoscaling:DeleteLaunchConfiguration", - "autoscaling:UpdateAutoScalingGroup", - "logs:CreateLogStream", - "logs:DeleteLogGroup", - "logs:DeleteLogStream", - "logs:DescribeLog*", - "logs:PutLogEvents", - "resource-groups:CreateGroup", - "resource-groups:DeleteGroup", - "sns:ListSubscriptionsByTopic", - "sns:Publish", - "ssm:DeleteDocument", - "ssm:DeleteParameter*", - "ssm:DescribeDocument*", - "ssm:GetDocument", - "ssm:PutParameter" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:resource-groups:*:*:group/LaunchWizard*", - "arn:aws:sns:*:*:*", - "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/LaunchWizard*", - "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/LaunchWizard*", - "arn:aws:ssm:*:*:parameter/LaunchWizard*", - "arn:aws:ssm:*:*:document/LaunchWizard*", - "arn:aws:logs:*:*:log-group:*:*:*", - "arn:aws:logs:*:*:log-group:LaunchWizard*" - ] - }, - { - "Action": [ - "ssm:GetDocument", - "ssm:SendCommand" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ssm:*::document/AWS-RunShellScript" - ] - }, - { - "Action": [ - "ssm:SendCommand" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/LaunchWizard-*/*" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": [ - "logs:DeleteLogStream", - "logs:GetLogEvents", - "logs:PutLogEvents", - "ssm:AddTagsToResource", - "ssm:DescribeDocument", - "ssm:GetDocument", - "ssm:ListTagsForResource", - "ssm:RemoveTagsFromResource" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:*:*:*", - "arn:aws:logs:*:*:log-group:LaunchWizard*", - "arn:aws:ssm:*:*:parameter/LaunchWizard*", - "arn:aws:ssm:*:*:document/LaunchWizard*" - ] - }, - { - "Action": [ - "autoscaling:Describe*", - "cloudformation:DescribeAccountLimits", - "cloudformation:DescribeStackDriftDetectionStatus", - "cloudformation:List*", - "cloudformation:ValidateTemplate", - "ds:Describe*", - "ds:ListAuthorizedApplications", - "ec2:Describe*", - "ec2:Get*", - "iam:GetRole", - "iam:GetRolePolicy", - "iam:GetUser", - "iam:GetPolicyVersion", - "iam:GetPolicy", - "iam:List*", - "logs:CreateLogGroup", - "logs:GetLogDelivery", - "logs:GetLogRecord", - "logs:ListLogDeliveries", - "resource-groups:Get*", - "resource-groups:List*", - "servicequotas:GetServiceQuota", - "servicequotas:ListServiceQuotas", - "sns:ListSubscriptions", - "sns:ListTopics", - "ssm:CreateDocument", - "ssm:DescribeAutomation*", - "ssm:DescribeInstanceInformation", - "ssm:DescribeParameters", - "ssm:GetAutomationExecution", - "ssm:GetCommandInvocation", - "ssm:GetParameter*", - "ssm:GetConnectionStatus", - "ssm:ListCommand*", - "ssm:ListDocument*", - "ssm:ListInstanceAssociations", - "ssm:SendAutomationSignal", - "ssm:StartAutomationExecution", - "ssm:StopAutomationExecution", - "tag:Get*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "logs:GetLog*", - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:*:*:*", - "arn:aws:logs:*:*:log-group:LaunchWizard*" - ] - }, - { - "Action": [ - "cloudformation:List*", - "cloudformation:Describe*" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudformation:*:*:stack/LaunchWizard*/" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "autoscaling.amazonaws.com", - "application-insights.amazonaws.com", - "events.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "launchwizard:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sqs:TagQueue", - "sqs:GetQueueUrl", - "sqs:AddPermission", - "sqs:ListQueues", - "sqs:DeleteQueue", - "sqs:GetQueueAttributes", - "sqs:ListQueueTags", - "sqs:CreateQueue", - "sqs:SetQueueAttributes" - ], - "Effect": "Allow", - "Resource": "arn:aws:sqs:*:*:LaunchWizard*" - }, - { - "Action": [ - "cloudwatch:PutMetricAlarm", - "iam:GetInstanceProfile", - "cloudwatch:DeleteAlarms", - "cloudwatch:DescribeAlarms" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudwatch:*:*:alarm:LaunchWizard*", - "arn:aws:iam::*:instance-profile/LaunchWizard*" - ] - }, - { - "Action": [ - "cloudformation:CreateStack", - "route53:ListHostedZones", - "ec2:CreateSecurityGroup", - "ec2:AuthorizeSecurityGroupIngress", - "elasticfilesystem:DescribeFileSystems", - "elasticfilesystem:CreateFileSystem", - "elasticfilesystem:CreateMountTarget", - "elasticfilesystem:DescribeMountTargets", - "elasticfilesystem:DescribeMountTargetSecurityGroups" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetObject", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::launchwizard*", - "arn:aws:s3:::launchwizard*/*", - "arn:aws:s3:::aws-sap-data-provider/config.properties" - ] - }, - { - "Action": "cloudformation:TagResource", - "Condition": { - "ForAllValues:StringLike": { - "aws:TagKeys": "LaunchWizard*" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:CreateBucket", - "s3:PutBucketVersioning", - "s3:DeleteBucket", - "lambda:CreateFunction", - "lambda:DeleteFunction", - "lambda:GetFunction", - "lambda:GetFunctionConfiguration", - "lambda:InvokeFunction" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:lambda:*:*:function:LaunchWizard*", - "arn:aws:s3:::launchwizard*" - ] - }, - { - "Action": [ - "dynamodb:CreateTable", - "dynamodb:DescribeTable", - "dynamodb:DeleteTable" - ], - "Effect": "Allow", - "Resource": "arn:aws:dynamodb:*:*:table/LaunchWizard*" - }, - { - "Action": [ - "secretsmanager:CreateSecret", - "secretsmanager:DeleteSecret", - "secretsmanager:TagResource", - "secretsmanager:UntagResource", - "secretsmanager:PutResourcePolicy", - "secretsmanager:DeleteResourcePolicy", - "secretsmanager:ListSecretVersionIds", - "secretsmanager:GetSecretValue" - ], - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:secret:LaunchWizard*" - }, - { - "Action": [ - "secretsmanager:GetRandomPassword", - "secretsmanager:ListSecrets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ssm:CreateOpsMetadata" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ssm:DeleteOpsMetadata", - "Effect": "Allow", - "Resource": "arn:aws:ssm:*:*:opsmetadata/aws/ssm/LaunchWizard*" - }, - { - "Action": [ - "sns:CreateTopic", - "sns:DeleteTopic", - "sns:Subscribe", - "sns:Unsubscribe" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:LaunchWizard*" - }, - { - "Action": [ - "fsx:UntagResource", - "fsx:TagResource", - "fsx:DeleteFileSystem", - "fsx:ListTagsForResource" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/Name": "LaunchWizard*" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "fsx:CreateFileSystem" - ], - "Condition": { - "StringLike": { - "aws:RequestTag/Name": [ - "LaunchWizard*" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "fsx:DescribeFileSystems" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "servicecatalog:CreatePortfolio", - "servicecatalog:DescribePortfolio", - "servicecatalog:CreateConstraint", - "servicecatalog:CreateProduct", - "servicecatalog:AssociatePrincipalWithPortfolio", - "servicecatalog:CreateProvisioningArtifact" - ], - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": "launchwizard.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:servicecatalog:*:*:*/*", - "arn:aws:catalog:*:*:*/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4ABPQ7BLC2", - "PolicyName": "AmazonLaunchWizard_Fullaccess", - "UpdateDate": "2022-02-10T00:28:41+00:00", - "VersionId": "v12" - }, - "AmazonLexChannelsAccess": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonLexChannelsAccess", - "AttachmentCount": 0, - "CreateDate": "2021-01-13T20:12:46+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "lex:ListBots" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4HVR6S6UVL", - "PolicyName": "AmazonLexChannelsAccess", - "UpdateDate": "2021-01-13T20:12:46+00:00", - "VersionId": "v1" - }, - "AmazonLexFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonLexFullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-04-11T23:20:36+00:00", - "DefaultVersionId": "v7", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:GetMetricStatistics", - "cloudwatch:DescribeAlarms", - "cloudwatch:DescribeAlarmsForMetric", - "kms:DescribeKey", - "kms:ListAliases", - "lambda:GetPolicy", - "lambda:ListFunctions", - "lex:*", - "polly:DescribeVoices", - "polly:SynthesizeSpeech", - "kendra:ListIndices", - "iam:ListRoles", - "s3:ListAllMyBuckets", - "logs:DescribeLogGroups", - "s3:GetBucketLocation" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "lambda:AddPermission", - "lambda:RemovePermission" - ], - "Condition": { - "StringEquals": { - "lambda:Principal": "lex.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:lambda:*:*:function:AmazonLex*" - }, - { - "Action": [ - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots", - "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels", - "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*", - "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*" - ] - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "lex.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots" - ] - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "channels.lex.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels" - ] - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "lexv2.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*" - ] - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "channels.lexv2.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*" - ] - }, - { - "Action": [ - "iam:DeleteServiceLinkedRole", - "iam:GetServiceLinkedRoleDeletionStatus" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots", - "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels", - "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*", - "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "lex.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "lexv2.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "channels.lexv2.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJVLXDHKVC23HRTKSI", - "PolicyName": "AmazonLexFullAccess", - "UpdateDate": "2021-07-26T21:48:05+00:00", - "VersionId": "v7" - }, - "AmazonLexReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AmazonLexReadOnly", - "AttachmentCount": 0, - "CreateDate": "2017-04-11T23:13:33+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "lex:GetBot", - "lex:GetBotAlias", - "lex:GetBotAliases", - "lex:GetBots", - "lex:GetBotChannelAssociation", - "lex:GetBotChannelAssociations", - "lex:GetBotVersions", - "lex:GetBuiltinIntent", - "lex:GetBuiltinIntents", - "lex:GetBuiltinSlotTypes", - "lex:GetIntent", - "lex:GetIntents", - "lex:GetIntentVersions", - "lex:GetSlotType", - "lex:GetSlotTypes", - "lex:GetSlotTypeVersions", - "lex:GetUtterancesView", - "lex:DescribeBot", - "lex:DescribeBotAlias", - "lex:DescribeBotChannel", - "lex:DescribeBotLocale", - "lex:DescribeBotVersion", - "lex:DescribeExport", - "lex:DescribeImport", - "lex:DescribeIntent", - "lex:DescribeResourcePolicy", - "lex:DescribeSlot", - "lex:DescribeSlotType", - "lex:ListBots", - "lex:ListBotLocales", - "lex:ListBotAliases", - "lex:ListBotChannels", - "lex:ListBotVersions", - "lex:ListBuiltInIntents", - "lex:ListBuiltInSlotTypes", - "lex:ListExports", - "lex:ListImports", - "lex:ListIntents", - "lex:ListSlots", - "lex:ListSlotTypes", - "lex:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJGBI5LSMAJNDGBNAM", - "PolicyName": "AmazonLexReadOnly", - "UpdateDate": "2021-07-26T22:04:56+00:00", - "VersionId": "v2" - }, - "AmazonLexRunBotsOnly": { - "Arn": "arn:aws:iam::aws:policy/AmazonLexRunBotsOnly", - "AttachmentCount": 0, - "CreateDate": "2017-04-11T23:06:24+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "lex:PostContent", - "lex:PostText", - "lex:PutSession", - "lex:GetSession", - "lex:DeleteSession", - "lex:RecognizeText", - "lex:RecognizeUtterance", - "lex:StartConversation" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJVZGB5CM3N6YWJHBE", - "PolicyName": "AmazonLexRunBotsOnly", - "UpdateDate": "2021-08-18T00:15:48+00:00", - "VersionId": "v3" - }, - "AmazonLexV2BotPolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonLexV2BotPolicy", - "AttachmentCount": 0, - "CreateDate": "2021-01-13T20:10:29+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "polly:SynthesizeSpeech" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4DXFCYFGBA", - "PolicyName": "AmazonLexV2BotPolicy", - "UpdateDate": "2021-01-13T20:10:29+00:00", - "VersionId": "v1" - }, - "AmazonLookoutEquipmentFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonLookoutEquipmentFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-04-08T15:52:08+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "lookoutequipment:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "lookoutequipment.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:CreateGrant" - ], - "Condition": { - "StringLike": { - "kms:ViaService": "lookoutequipment.*.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:DescribeKey", - "kms:ListAliases" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KPPCPGNJA", - "PolicyName": "AmazonLookoutEquipmentFullAccess", - "UpdateDate": "2021-11-24T21:00:13+00:00", - "VersionId": "v3" - }, - "AmazonLookoutEquipmentReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonLookoutEquipmentReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2021-05-05T16:47:55+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "lookoutequipment:DescribeDataset", - "lookoutequipment:DescribeDataIngestionJob", - "lookoutequipment:DescribeModel", - "lookoutequipment:DescribeInferenceScheduler", - "lookoutequipment:ListDatasets", - "lookoutequipment:ListDataIngestionJobs", - "lookoutequipment:ListModels", - "lookoutequipment:ListInferenceSchedulers", - "lookoutequipment:ListInferenceExecutions", - "lookoutequipment:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4DNIMPJYBT", - "PolicyName": "AmazonLookoutEquipmentReadOnlyAccess", - "UpdateDate": "2021-05-05T16:47:55+00:00", - "VersionId": "v1" - }, - "AmazonLookoutMetricsFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonLookoutMetricsFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-05-07T00:43:38+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "lookoutmetrics:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": "lookoutmetrics.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/*LookoutMetrics*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CYQN5ZMMA", - "PolicyName": "AmazonLookoutMetricsFullAccess", - "UpdateDate": "2021-05-07T00:43:38+00:00", - "VersionId": "v1" - }, - "AmazonLookoutMetricsReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonLookoutMetricsReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2021-05-07T00:43:34+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "lookoutmetrics:DescribeMetricSet", - "lookoutmetrics:ListMetricSets", - "lookoutmetrics:DescribeAnomalyDetector", - "lookoutmetrics:ListAnomalyDetectors", - "lookoutmetrics:DescribeAnomalyDetectionExecutions", - "lookoutmetrics:DescribeAlert", - "lookoutmetrics:ListAlerts", - "lookoutmetrics:ListTagsForResource", - "lookoutmetrics:ListAnomalyGroupSummaries", - "lookoutmetrics:ListAnomalyGroupTimeSeries", - "lookoutmetrics:ListAnomalyGroupRelatedMetrics", - "lookoutmetrics:GetAnomalyGroup", - "lookoutmetrics:GetDataQualityMetrics", - "lookoutmetrics:GetSampleData", - "lookoutmetrics:GetFeedback" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MP33SLV3F", - "PolicyName": "AmazonLookoutMetricsReadOnlyAccess", - "UpdateDate": "2022-01-04T18:19:27+00:00", - "VersionId": "v2" - }, - "AmazonLookoutVisionConsoleFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonLookoutVisionConsoleFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-05-11T19:37:17+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "lookoutvision:*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "LookoutVisionFullAccess" - }, - { - "Action": [ - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "LookoutVisionConsoleS3BucketSearchAccess" - }, - { - "Action": [ - "s3:CreateBucket", - "s3:PutBucketVersioning", - "s3:PutLifecycleConfiguration", - "s3:PutEncryptionConfiguration", - "s3:PutBucketPublicAccessBlock" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::lookoutvision-*", - "Sid": "LookoutVisionConsoleS3BucketFirstUseSetupAccess" - }, - { - "Action": [ - "s3:ListBucket", - "s3:GetBucketLocation", - "s3:GetBucketVersioning" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::lookoutvision-*", - "Sid": "LookoutVisionConsoleS3BucketAccess" - }, - { - "Action": [ - "s3:GetObject", - "s3:GetObjectVersion", - "s3:PutObject", - "s3:AbortMultipartUpload", - "s3:ListMultipartUploadParts" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::lookoutvision-*/*", - "Sid": "LookoutVisionConsoleS3ObjectAccess" - }, - { - "Action": [ - "groundtruthlabeling:RunGenerateManifestByCrawlingJob", - "groundtruthlabeling:AssociatePatchToManifestJob", - "groundtruthlabeling:DescribeConsoleJob" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "LookoutVisionConsoleDatasetLabelingToolsAccess" - }, - { - "Action": [ - "cloudwatch:GetMetricData", - "cloudwatch:GetMetricStatistics" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "LookoutVisionConsoleDashboardAccess" - }, - { - "Action": [ - "tag:GetTagKeys", - "tag:GetTagValues" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "LookoutVisionConsoleTagSelectorAccess" - }, - { - "Action": [ - "kms:ListAliases" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "LookoutVisionConsoleKmsKeySelectorAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NJJ7RFZ5A", - "PolicyName": "AmazonLookoutVisionConsoleFullAccess", - "UpdateDate": "2021-05-11T19:37:17+00:00", - "VersionId": "v1" - }, - "AmazonLookoutVisionConsoleReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonLookoutVisionConsoleReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2021-05-11T19:32:02+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "lookoutvision:DescribeDataset", - "lookoutvision:DescribeModel", - "lookoutvision:DescribeProject", - "lookoutvision:DescribeTrialDetection", - "lookoutvision:DescribeModelPackagingJob", - "lookoutvision:ListDatasetEntries", - "lookoutvision:ListModels", - "lookoutvision:ListProjects", - "lookoutvision:ListTagsForResource", - "lookoutvision:ListTrialDetections", - "lookoutvision:ListModelPackagingJobs" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "LookoutVisionReadOnlyAccess" - }, - { - "Action": [ - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "LookoutVisionConsoleS3BucketSearchAccess" - }, - { - "Action": [ - "s3:GetObject", - "s3:GetObjectVersion" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::lookoutvision-*/*", - "Sid": "LookoutVisionConsoleS3ObjectReadAccess" - }, - { - "Action": [ - "cloudwatch:GetMetricData", - "cloudwatch:GetMetricStatistics" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "LookoutVisionConsoleDashboardAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CE2DP5IDX", - "PolicyName": "AmazonLookoutVisionConsoleReadOnlyAccess", - "UpdateDate": "2021-12-09T02:46:29+00:00", - "VersionId": "v2" - }, - "AmazonLookoutVisionFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonLookoutVisionFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-05-11T19:24:54+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "lookoutvision:*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "LookoutVisionFullAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CMORWIX77", - "PolicyName": "AmazonLookoutVisionFullAccess", - "UpdateDate": "2021-05-11T19:24:54+00:00", - "VersionId": "v1" - }, - "AmazonLookoutVisionReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonLookoutVisionReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2021-05-11T19:11:07+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "lookoutvision:DescribeDataset", - "lookoutvision:DescribeModel", - "lookoutvision:DescribeProject", - "lookoutvision:DescribeModelPackagingJob", - "lookoutvision:ListDatasetEntries", - "lookoutvision:ListModels", - "lookoutvision:ListProjects", - "lookoutvision:ListTagsForResource", - "lookoutvision:ListModelPackagingJobs" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "LookoutVisionReadOnlyAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4OJEEMR6Q3", - "PolicyName": "AmazonLookoutVisionReadOnlyAccess", - "UpdateDate": "2021-12-09T03:01:51+00:00", - "VersionId": "v2" - }, - "AmazonMCSFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMCSFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-12-03T13:45:25+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "application-autoscaling:DeleteScalingPolicy", - "application-autoscaling:DeregisterScalableTarget", - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DescribeScalingActivities", - "application-autoscaling:DescribeScalingPolicies", - "application-autoscaling:PutScalingPolicy", - "application-autoscaling:RegisterScalableTarget", - "application-autoscaling:PutScheduledAction", - "application-autoscaling:DeleteScheduledAction", - "application-autoscaling:DescribeScheduledActions" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cassandra:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:DeleteAlarms", - "cloudwatch:DescribeAlarms", - "cloudwatch:PutMetricAlarm" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "cassandra.application-autoscaling.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/cassandra.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_CassandraTable" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4K6JRQY7NV", - "PolicyName": "AmazonMCSFullAccess", - "UpdateDate": "2020-04-17T19:19:29+00:00", - "VersionId": "v2" - }, - "AmazonMCSReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMCSReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-12-03T13:46:21+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "cassandra:Select" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DescribeScalingActivities", - "application-autoscaling:DescribeScalingPolicies", - "application-autoscaling:DescribeScheduledActions", - "cloudwatch:DescribeAlarms" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4F6NKMXCNS", - "PolicyName": "AmazonMCSReadOnlyAccess", - "UpdateDate": "2020-04-17T19:21:34+00:00", - "VersionId": "v2" - }, - "AmazonMQApiFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMQApiFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-12-18T20:31:31+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "mq:*", - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:DeleteNetworkInterface", - "ec2:DeleteNetworkInterfacePermission", - "ec2:DetachNetworkInterface", - "ec2:DescribeInternetGateways", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeNetworkInterfacePermissions", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/amazonmq/*" - ] - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "mq.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI4CMO533EBV3L2GW4", - "PolicyName": "AmazonMQApiFullAccess", - "UpdateDate": "2020-11-04T16:45:35+00:00", - "VersionId": "v2" - }, - "AmazonMQApiReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMQApiReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2018-12-18T20:31:13+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "mq:Describe*", - "mq:List*", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIKI5JRHKAFHXQJKMO", - "PolicyName": "AmazonMQApiReadOnlyAccess", - "UpdateDate": "2018-12-18T20:31:13+00:00", - "VersionId": "v1" - }, - "AmazonMQFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMQFullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-11-28T15:28:29+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "mq:*", - "cloudformation:CreateStack", - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:DeleteNetworkInterface", - "ec2:DeleteNetworkInterfacePermission", - "ec2:DetachNetworkInterface", - "ec2:DescribeInternetGateways", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeNetworkInterfacePermissions", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:CreateSecurityGroup", - "ec2:AuthorizeSecurityGroupIngress" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/amazonmq/*" - ] - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "mq.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJLKBROJNQYDDXOOGG", - "PolicyName": "AmazonMQFullAccess", - "UpdateDate": "2020-11-04T16:34:09+00:00", - "VersionId": "v5" - }, - "AmazonMQReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMQReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2017-11-28T15:30:32+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "mq:Describe*", - "mq:List*", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJFH3NKGULDUU66D5C", - "PolicyName": "AmazonMQReadOnlyAccess", - "UpdateDate": "2017-11-28T19:02:03+00:00", - "VersionId": "v2" - }, - "AmazonMQServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonMQServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-11-04T16:07:17+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeVpcEndpoints" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateVpcEndpoint" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:vpc/*", - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "ec2:CreateVpcEndpoint" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/AMQManaged": "true" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:vpc-endpoint/*" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "StringEquals": { - "ec2:CreateAction": "CreateVpcEndpoint" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*" - }, - { - "Action": [ - "ec2:DeleteVpcEndpoints" - ], - "Condition": { - "StringEquals": { - "ec2:ResourceTag/AMQManaged": "true" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*" - }, - { - "Action": [ - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:DescribeLogGroups", - "logs:CreateLogStream", - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/amazonmq/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LFY3JJDI6", - "PolicyName": "AmazonMQServiceRolePolicy", - "UpdateDate": "2020-11-04T16:07:17+00:00", - "VersionId": "v1" - }, - "AmazonMSKConnectReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMSKConnectReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2021-09-20T10:18:43+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "kafkaconnect:ListConnectors", - "kafkaconnect:ListCustomPlugins", - "kafkaconnect:ListWorkerConfigurations" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kafkaconnect:DescribeConnector" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:kafkaconnect:*:*:connector/*" - ] - }, - { - "Action": [ - "kafkaconnect:DescribeCustomPlugin" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:kafkaconnect:*:*:custom-plugin/*" - ] - }, - { - "Action": [ - "kafkaconnect:DescribeWorkerConfiguration" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:kafkaconnect:*:*:worker-configuration/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NBJ5F5NIS", - "PolicyName": "AmazonMSKConnectReadOnlyAccess", - "UpdateDate": "2021-10-18T09:16:26+00:00", - "VersionId": "v2" - }, - "AmazonMSKFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMSKFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-01-14T22:07:52+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "kafka:*", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeSecurityGroups", - "ec2:DescribeRouteTables", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcAttribute", - "kms:DescribeKey", - "kms:CreateGrant", - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - "logs:PutResourcePolicy", - "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups", - "S3:GetBucketPolicy", - "firehose:TagDeliveryStream" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateVpcEndpoint" - ], - "Effect": "Allow", - "Resource": [ - "arn:*:ec2:*:*:vpc/*", - "arn:*:ec2:*:*:subnet/*", - "arn:*:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "ec2:CreateVpcEndpoint" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/AWSMSKManaged": "true" - }, - "StringLike": { - "aws:RequestTag/ClusterArn": "*" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:*:ec2:*:*:vpc-endpoint/*" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "StringEquals": { - "ec2:CreateAction": "CreateVpcEndpoint" - } - }, - "Effect": "Allow", - "Resource": "arn:*:ec2:*:*:vpc-endpoint/*" - }, - { - "Action": [ - "ec2:DeleteVpcEndpoints" - ], - "Condition": { - "StringEquals": { - "ec2:ResourceTag/AWSMSKManaged": "true" - }, - "StringLike": { - "ec2:ResourceTag/ClusterArn": "*" - } - }, - "Effect": "Allow", - "Resource": "arn:*:ec2:*:*:vpc-endpoint/*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "kafka.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/kafka.amazonaws.com/AWSServiceRoleForKafka*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "delivery.logs.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/delivery.logs.amazonaws.com/AWSServiceRoleForLogDelivery*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJERQQQTWI5OMENTQE", - "PolicyName": "AmazonMSKFullAccess", - "UpdateDate": "2022-01-06T21:18:01+00:00", - "VersionId": "v6" - }, - "AmazonMSKReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMSKReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-01-14T22:28:45+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "kafka:Describe*", - "kafka:List*", - "kafka:Get*", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJGMUI3DP2EVP3VGYO", - "PolicyName": "AmazonMSKReadOnlyAccess", - "UpdateDate": "2019-01-14T22:28:45+00:00", - "VersionId": "v1" - }, - "AmazonMWAAServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonMWAAServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-11-24T14:13:41+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:CreateLogStream", - "logs:CreateLogGroup", - "logs:DescribeLogGroups" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:airflow-*:*" - }, - { - "Action": [ - "ec2:AttachNetworkInterface", - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:DeleteNetworkInterface", - "ec2:DeleteNetworkInterfacePermission", - "ec2:DescribeDhcpOptions", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcs", - "ec2:DetachNetworkInterface" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:CreateVpcEndpoint", - "Condition": { - "ForAnyValue:StringEquals": { - "aws:TagKeys": "AmazonMWAAManaged" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*" - }, - { - "Action": [ - "ec2:ModifyVpcEndpoint", - "ec2:DeleteVpcEndpoints" - ], - "Condition": { - "Null": { - "aws:ResourceTag/AmazonMWAAManaged": false - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*" - }, - { - "Action": [ - "ec2:CreateVpcEndpoint", - "ec2:ModifyVpcEndpoint" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:vpc/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:subnet/*" - ] - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "ForAnyValue:StringEquals": { - "aws:TagKeys": "AmazonMWAAManaged" - }, - "StringEquals": { - "ec2:CreateAction": "CreateVpcEndpoint" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JU5RBMG7W", - "PolicyName": "AmazonMWAAServiceRolePolicy", - "UpdateDate": "2020-11-24T14:13:41+00:00", - "VersionId": "v1" - }, - "AmazonMachineLearningBatchPredictionsAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningBatchPredictionsAccess", - "AttachmentCount": 0, - "CreateDate": "2015-04-09T17:12:19+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "machinelearning:CreateBatchPrediction", - "machinelearning:DeleteBatchPrediction", - "machinelearning:DescribeBatchPredictions", - "machinelearning:GetBatchPrediction", - "machinelearning:UpdateBatchPrediction" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAILOI4HTQSFTF3GQSC", - "PolicyName": "AmazonMachineLearningBatchPredictionsAccess", - "UpdateDate": "2015-04-09T17:12:19+00:00", - "VersionId": "v1" - }, - "AmazonMachineLearningCreateOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningCreateOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-04-09T17:18:09+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "machinelearning:Add*", - "machinelearning:Create*", - "machinelearning:Delete*", - "machinelearning:Describe*", - "machinelearning:Get*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJDRUNIC2RYAMAT3CK", - "PolicyName": "AmazonMachineLearningCreateOnlyAccess", - "UpdateDate": "2016-06-29T20:55:03+00:00", - "VersionId": "v2" - }, - "AmazonMachineLearningFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-04-09T17:25:41+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "machinelearning:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIWKW6AGSGYOQ5ERHC", - "PolicyName": "AmazonMachineLearningFullAccess", - "UpdateDate": "2015-04-09T17:25:41+00:00", - "VersionId": "v1" - }, - "AmazonMachineLearningManageRealTimeEndpointOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningManageRealTimeEndpointOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-04-09T17:32:41+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "machinelearning:CreateRealtimeEndpoint", - "machinelearning:DeleteRealtimeEndpoint" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJJL3PC3VCSVZP6OCI", - "PolicyName": "AmazonMachineLearningManageRealTimeEndpointOnlyAccess", - "UpdateDate": "2015-04-09T17:32:41+00:00", - "VersionId": "v1" - }, - "AmazonMachineLearningReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-04-09T17:40:02+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "machinelearning:Describe*", - "machinelearning:Get*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIW5VYBCGEX56JCINC", - "PolicyName": "AmazonMachineLearningReadOnlyAccess", - "UpdateDate": "2015-04-09T17:40:02+00:00", - "VersionId": "v1" - }, - "AmazonMachineLearningRealTimePredictionOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningRealTimePredictionOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-04-09T17:44:06+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "machinelearning:Predict" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIWMCNQPRWMWT36GVQ", - "PolicyName": "AmazonMachineLearningRealTimePredictionOnlyAccess", - "UpdateDate": "2015-04-09T17:44:06+00:00", - "VersionId": "v1" - }, - "AmazonMachineLearningRoleforRedshiftDataSourceV3": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonMachineLearningRoleforRedshiftDataSourceV3", - "AttachmentCount": 0, - "CreateDate": "2020-06-24T18:00:09+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateSecurityGroup", - "ec2:DescribeInternetGateways", - "ec2:DescribeSecurityGroups", - "ec2:RevokeSecurityGroupIngress", - "redshift:AuthorizeClusterSecurityGroupIngress", - "redshift:CreateClusterSecurityGroup", - "redshift:DescribeClusters", - "redshift:DescribeClusterSecurityGroups", - "redshift:ModifyCluster", - "redshift:RevokeClusterSecurityGroupIngress" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:PutBucketPolicy", - "s3:GetBucketLocation", - "s3:GetBucketPolicy", - "s3:GetObject", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::amazon-machine-learning*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4DIXIZO4E2", - "PolicyName": "AmazonMachineLearningRoleforRedshiftDataSourceV3", - "UpdateDate": "2020-06-24T18:00:09+00:00", - "VersionId": "v1" - }, - "AmazonMacieFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMacieFullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-08-14T14:54:30+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "macie2:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "macie.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/AWSServiceRoleForAmazonMacie" - }, - { - "Action": "pricing:GetProducts", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJJF2N5FR6S5TZN5OA", - "PolicyName": "AmazonMacieFullAccess", - "UpdateDate": "2022-03-07T18:08:14+00:00", - "VersionId": "v4" - }, - "AmazonMacieHandshakeRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonMacieHandshakeRole", - "AttachmentCount": 0, - "CreateDate": "2018-06-28T15:46:10+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "ForAnyValue:StringEquals": { - "iam:AWSServiceName": "macie.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ7CVEIVL347MLOVKI", - "PolicyName": "AmazonMacieHandshakeRole", - "UpdateDate": "2018-06-28T15:46:10+00:00", - "VersionId": "v1" - }, - "AmazonMacieServiceRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonMacieServiceRole", - "AttachmentCount": 0, - "CreateDate": "2017-08-14T14:53:26+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "s3:Get*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJVV7PON3FPBL2PSGC", - "PolicyName": "AmazonMacieServiceRole", - "UpdateDate": "2017-08-14T14:53:26+00:00", - "VersionId": "v1" - }, - "AmazonMacieServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonMacieServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-06-19T22:17:38+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "cloudtrail:DescribeTrails", - "cloudtrail:GetEventSelectors", - "cloudtrail:GetTrailStatus", - "cloudtrail:ListTags", - "cloudtrail:LookupEvents", - "iam:ListAccountAliases", - "organizations:DescribeAccount", - "organizations:ListAccounts", - "s3:GetAccountPublicAccessBlock", - "s3:ListAllMyBuckets", - "s3:GetBucketAcl", - "s3:GetBucketLocation", - "s3:GetBucketLogging", - "s3:GetBucketPolicy", - "s3:GetBucketPolicyStatus", - "s3:GetBucketPublicAccessBlock", - "s3:GetBucketTagging", - "s3:GetBucketVersioning", - "s3:GetBucketWebsite", - "s3:GetEncryptionConfiguration", - "s3:GetLifecycleConfiguration", - "s3:GetReplicationConfiguration", - "s3:ListBucket", - "s3:GetObject", - "s3:GetObjectAcl", - "s3:GetObjectTagging" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudtrail:CreateTrail", - "cloudtrail:StartLogging", - "cloudtrail:StopLogging", - "cloudtrail:UpdateTrail", - "cloudtrail:DeleteTrail", - "cloudtrail:PutEventSelectors" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudtrail:*:*:trail/AWSMacieTrail-DO-NOT-EDIT" - }, - { - "Action": [ - "s3:CreateBucket", - "s3:DeleteBucket", - "s3:DeleteBucketPolicy", - "s3:DeleteBucketWebsite", - "s3:DeleteObject", - "s3:DeleteObjectTagging", - "s3:DeleteObjectVersion", - "s3:DeleteObjectVersionTagging", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::awsmacie-*", - "arn:aws:s3:::awsmacietrail-*", - "arn:aws:s3:::*-awsmacietrail-*" - ] - }, - { - "Action": [ - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/macie/*" - ] - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/macie/*:log-stream:*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJPLHONRH2HP2H6TNQ", - "PolicyName": "AmazonMacieServiceRolePolicy", - "UpdateDate": "2021-04-13T17:55:07+00:00", - "VersionId": "v5" - }, - "AmazonMacieSetupRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonMacieSetupRole", - "AttachmentCount": 0, - "CreateDate": "2017-08-14T14:53:34+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "cloudtrail:DescribeTrails", - "cloudtrail:GetEventSelectors", - "cloudtrail:GetTrailStatus", - "cloudtrail:ListTags", - "cloudtrail:LookupEvents", - "iam:ListAccountAliases", - "s3:GetBucket*", - "s3:ListBucket", - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudtrail:CreateTrail", - "cloudtrail:StartLogging", - "cloudtrail:StopLogging", - "cloudtrail:UpdateTrail", - "cloudtrail:DeleteTrail", - "cloudtrail:PutEventSelectors" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudtrail:*:*:trail/AWSMacieTrail-DO-NOT-EDIT" - }, - { - "Action": [ - "s3:CreateBucket", - "s3:DeleteBucket", - "s3:DeleteBucketPolicy", - "s3:DeleteBucketWebsite", - "s3:DeleteObject", - "s3:DeleteObjectTagging", - "s3:DeleteObjectVersion", - "s3:DeleteObjectVersionTagging", - "s3:PutBucketPolicy" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::awsmacie-*", - "arn:aws:s3:::awsmacietrail-*", - "arn:aws:s3:::*-awsmacietrail-*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ5DC6UBVKND7ADSKA", - "PolicyName": "AmazonMacieSetupRole", - "UpdateDate": "2019-09-27T18:41:21+00:00", - "VersionId": "v2" - }, - "AmazonManagedBlockchainConsoleFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonManagedBlockchainConsoleFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-04-29T21:23:25+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "managedblockchain:*", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:CreateVpcEndpoint", - "kms:ListAliases", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4ONVQBFILL", - "PolicyName": "AmazonManagedBlockchainConsoleFullAccess", - "UpdateDate": "2019-04-29T21:23:25+00:00", - "VersionId": "v1" - }, - "AmazonManagedBlockchainFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonManagedBlockchainFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-04-29T21:39:29+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "managedblockchain:*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CGBOJKRYD", - "PolicyName": "AmazonManagedBlockchainFullAccess", - "UpdateDate": "2019-04-29T21:39:29+00:00", - "VersionId": "v1" - }, - "AmazonManagedBlockchainReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonManagedBlockchainReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-04-30T18:17:31+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "managedblockchain:Get*", - "managedblockchain:List*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4OIIAURVWV", - "PolicyName": "AmazonManagedBlockchainReadOnlyAccess", - "UpdateDate": "2019-04-30T18:17:31+00:00", - "VersionId": "v1" - }, - "AmazonManagedBlockchainServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonManagedBlockchainServiceRolePolicy", - "AttachmentCount": 1, - "CreateDate": "2020-01-17T19:51:28+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/managedblockchain/*" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/managedblockchain/*:log-stream:*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MMO7477QN", - "PolicyName": "AmazonManagedBlockchainServiceRolePolicy", - "UpdateDate": "2020-01-17T19:51:28+00:00", - "VersionId": "v1" - }, - "AmazonMechanicalTurkFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMechanicalTurkFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-12-11T19:08:19+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "mechanicalturk:*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJDGCL5BET73H5QIQC", - "PolicyName": "AmazonMechanicalTurkFullAccess", - "UpdateDate": "2015-12-11T19:08:19+00:00", - "VersionId": "v1" - }, - "AmazonMechanicalTurkReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AmazonMechanicalTurkReadOnly", - "AttachmentCount": 0, - "CreateDate": "2015-12-11T19:08:28+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "mechanicalturk:Get*", - "mechanicalturk:List*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIO5IY3G3WXSX5PPRM", - "PolicyName": "AmazonMechanicalTurkReadOnly", - "UpdateDate": "2019-09-25T21:06:26+00:00", - "VersionId": "v3" - }, - "AmazonMemoryDBFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMemoryDBFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-10-08T19:24:16+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "memorydb:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "memorydb.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/memorydb.amazonaws.com/AWSServiceRoleForMemoryDB" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LGPHLZEWJ", - "PolicyName": "AmazonMemoryDBFullAccess", - "UpdateDate": "2021-10-08T19:24:16+00:00", - "VersionId": "v1" - }, - "AmazonMemoryDBReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMemoryDBReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2021-10-08T19:27:28+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "memorydb:Describe*", - "memorydb:List*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4HGOZ3UBWP", - "PolicyName": "AmazonMemoryDBReadOnlyAccess", - "UpdateDate": "2021-10-08T19:27:28+00:00", - "VersionId": "v1" - }, - "AmazonMobileAnalyticsFinancialReportAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFinancialReportAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:35+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "mobileanalytics:GetReports", - "mobileanalytics:GetFinancialReports" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJKJHO2R27TXKCWBU4", - "PolicyName": "AmazonMobileAnalyticsFinancialReportAccess", - "UpdateDate": "2015-02-06T18:40:35+00:00", - "VersionId": "v1" - }, - "AmazonMobileAnalyticsFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:34+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "mobileanalytics:*", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIJIKLU2IJ7WJ6DZFG", - "PolicyName": "AmazonMobileAnalyticsFullAccess", - "UpdateDate": "2015-02-06T18:40:34+00:00", - "VersionId": "v1" - }, - "AmazonMobileAnalyticsNon-financialReportAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMobileAnalyticsNon-financialReportAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:36+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "mobileanalytics:GetReports", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIQLKQ4RXPUBBVVRDE", - "PolicyName": "AmazonMobileAnalyticsNon-financialReportAccess", - "UpdateDate": "2015-02-06T18:40:36+00:00", - "VersionId": "v1" - }, - "AmazonMobileAnalyticsWriteOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMobileAnalyticsWriteOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:37+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "mobileanalytics:PutEvents", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ5TAWBBQC2FAL3G6G", - "PolicyName": "AmazonMobileAnalyticsWriteOnlyAccess", - "UpdateDate": "2015-02-06T18:40:37+00:00", - "VersionId": "v1" - }, - "AmazonMonitronFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonMonitronFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-12-02T22:40:28+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "monitron.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "monitron:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:ListKeys", - "kms:DescribeKey", - "kms:ListAliases" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "kms:CreateGrant", - "Condition": { - "Bool": { - "kms:GrantIsForAWSResource": true - }, - "StringLike": { - "kms:ViaService": [ - "monitron.*.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "ds:DescribeDirectories", - "ds:DescribeTrusts" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AWSSSOPermissions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MHDVZEITQ", - "PolicyName": "AmazonMonitronFullAccess", - "UpdateDate": "2020-12-02T22:40:28+00:00", - "VersionId": "v1" - }, - "AmazonNimbleStudio-LaunchProfileWorker": { - "Arn": "arn:aws:iam::aws:policy/AmazonNimbleStudio-LaunchProfileWorker", - "AttachmentCount": 0, - "CreateDate": "2021-04-28T04:47:02+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "fsx:DescribeFileSystems", - "ds:DescribeDirectories" - ], - "Condition": { - "StringEquals": { - "aws:CalledViaLast": "nimble.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "GetLaunchProfileInitializationDependencies" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4G3GPJQ7LQ", - "PolicyName": "AmazonNimbleStudio-LaunchProfileWorker", - "UpdateDate": "2021-04-28T04:47:02+00:00", - "VersionId": "v1" - }, - "AmazonNimbleStudio-StudioAdmin": { - "Arn": "arn:aws:iam::aws:policy/AmazonNimbleStudio-StudioAdmin", - "AttachmentCount": 0, - "CreateDate": "2021-04-28T04:47:36+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "nimble:CreateStreamingSession", - "nimble:GetStreamingSession", - "nimble:StartStreamingSession", - "nimble:StopStreamingSession", - "nimble:CreateStreamingSessionStream", - "nimble:GetStreamingSessionStream", - "nimble:DeleteStreamingSession", - "nimble:ListEulas", - "nimble:ListEulaAcceptances", - "nimble:GetEula", - "nimble:AcceptEulas", - "nimble:ListStudioMembers", - "nimble:GetStudioMember", - "nimble:ListStreamingSessions", - "nimble:GetStreamingImage", - "nimble:ListStreamingImages", - "nimble:GetLaunchProfileInitialization", - "nimble:GetLaunchProfileDetails", - "nimble:GetFeatureMap", - "nimble:PutStudioLogEvents", - "nimble:ListLaunchProfiles", - "nimble:GetLaunchProfile", - "nimble:GetLaunchProfileMember", - "nimble:ListLaunchProfileMembers", - "nimble:PutLaunchProfileMembers", - "nimble:UpdateLaunchProfileMember", - "nimble:DeleteLaunchProfileMember" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "StudioAdminFullAccess" - }, - { - "Action": [ - "sso-directory:DescribeUsers", - "sso-directory:SearchUsers" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ds:CreateComputer", - "ds:DescribeDirectories", - "ec2:DescribeSubnets", - "ec2:CreateNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DeleteNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:DeleteNetworkInterfacePermission", - "ec2:DescribeSecurityGroups", - "fsx:DescribeFileSystems" - ], - "Condition": { - "StringEquals": { - "aws:CalledViaLast": "nimble.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PTQDL2ND4", - "PolicyName": "AmazonNimbleStudio-StudioAdmin", - "UpdateDate": "2021-11-01T20:02:36+00:00", - "VersionId": "v2" - }, - "AmazonNimbleStudio-StudioUser": { - "Arn": "arn:aws:iam::aws:policy/AmazonNimbleStudio-StudioUser", - "AttachmentCount": 0, - "CreateDate": "2021-04-28T04:48:11+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "ds:CreateComputer", - "ec2:DescribeSubnets", - "ec2:CreateNetworkInterfacePermission", - "ec2:DescribeNetworkInterfaces", - "ec2:DeleteNetworkInterfacePermission", - "ec2:DeleteNetworkInterface", - "ec2:CreateNetworkInterface", - "ec2:DescribeSecurityGroups", - "fsx:DescribeFileSystems", - "ds:DescribeDirectories" - ], - "Condition": { - "StringEquals": { - "aws:CalledViaLast": "nimble.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "sso-directory:DescribeUsers", - "sso-directory:SearchUsers" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "nimble:ListLaunchProfiles" - ], - "Condition": { - "StringEquals": { - "nimble:requesterPrincipalId": "${nimble:principalId}" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "nimble:ListStudioMembers", - "nimble:GetStudioMember", - "nimble:ListEulas", - "nimble:ListEulaAcceptances", - "nimble:GetFeatureMap", - "nimble:PutStudioLogEvents" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "nimble:DeleteStreamingSession", - "nimble:GetStreamingSession", - "nimble:StartStreamingSession", - "nimble:StopStreamingSession", - "nimble:CreateStreamingSessionStream", - "nimble:GetStreamingSessionStream", - "nimble:ListStreamingSessions" - ], - "Condition": { - "StringEquals": { - "nimble:ownedBy": "${nimble:requesterPrincipalId}" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CA37MTXJV", - "PolicyName": "AmazonNimbleStudio-StudioUser", - "UpdateDate": "2021-11-01T20:01:52+00:00", - "VersionId": "v3" - }, - "AmazonOpenSearchServiceCognitoAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonOpenSearchServiceCognitoAccess", - "AttachmentCount": 0, - "CreateDate": "2021-09-02T06:31:49+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "cognito-idp:DescribeUserPool", - "cognito-idp:CreateUserPoolClient", - "cognito-idp:DeleteUserPoolClient", - "cognito-idp:UpdateUserPoolClient", - "cognito-idp:DescribeUserPoolClient", - "cognito-idp:AdminInitiateAuth", - "cognito-idp:AdminUserGlobalSignOut", - "cognito-idp:ListUserPoolClients", - "cognito-identity:DescribeIdentityPool", - "cognito-identity:UpdateIdentityPool", - "cognito-identity:GetIdentityPoolRoles" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cognito-identity:*:*:identitypool/*", - "arn:aws:cognito-idp:*:*:userpool/*" - ] - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringLike": { - "iam:PassedToService": [ - "cognito-identity.amazonaws.com", - "cognito-identity-us-gov.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/*" - }, - { - "Action": "cognito-identity:SetIdentityPoolRoles", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4I2NKQTDYL", - "PolicyName": "AmazonOpenSearchServiceCognitoAccess", - "UpdateDate": "2021-12-20T14:04:18+00:00", - "VersionId": "v2" - }, - "AmazonOpenSearchServiceFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonOpenSearchServiceFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-09-08T05:33:47+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "es:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4F6P6N56MG", - "PolicyName": "AmazonOpenSearchServiceFullAccess", - "UpdateDate": "2021-09-08T05:33:47+00:00", - "VersionId": "v1" - }, - "AmazonOpenSearchServiceReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonOpenSearchServiceReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2021-09-08T05:38:13+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "es:Describe*", - "es:List*", - "es:Get*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PQONZTCWT", - "PolicyName": "AmazonOpenSearchServiceReadOnlyAccess", - "UpdateDate": "2021-09-08T05:38:13+00:00", - "VersionId": "v1" - }, - "AmazonOpenSearchServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonOpenSearchServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-08-26T09:27:09+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateNetworkInterface" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:security-group/*" - ], - "Sid": "Stmt1480452973134" - }, - { - "Action": [ - "ec2:DescribeNetworkInterfaces" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "Stmt1480452973145" - }, - { - "Action": [ - "ec2:DeleteNetworkInterface" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:network-interface/*" - ], - "Sid": "Stmt1480452973144" - }, - { - "Action": [ - "ec2:ModifyNetworkInterfaceAttribute" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:security-group/*" - ], - "Sid": "Stmt1480452973165" - }, - { - "Action": [ - "ec2:DescribeSecurityGroups" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "Stmt1480452973154" - }, - { - "Action": [ - "ec2:DescribeSubnets" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "Stmt1480452973164" - }, - { - "Action": [ - "ec2:DescribeVpcs" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "Stmt1480452973174" - }, - { - "Action": [ - "elasticloadbalancing:AddListenerCertificates", - "elasticloadbalancing:RemoveListenerCertificates" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:elasticloadbalancing:*:*:listener/*" - ], - "Sid": "Stmt1480452973184" - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:network-interface/*" - ], - "Sid": "Stmt1480452973194" - }, - { - "Action": [ - "ec2:DescribeTags" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "Stmt1480452973195" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NHHCOTRP6", - "PolicyName": "AmazonOpenSearchServiceRolePolicy", - "UpdateDate": "2021-09-09T10:43:21+00:00", - "VersionId": "v3" - }, - "AmazonPersonalizeFullAccess": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonPersonalizeFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-12-04T22:24:33+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "personalize:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:PutMetricData", - "cloudwatch:ListMetrics" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*Personalize*", - "arn:aws:s3:::*personalize*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": "personalize.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ45XBPPZNI3MMVAUK", - "PolicyName": "AmazonPersonalizeFullAccess", - "UpdateDate": "2019-05-30T23:46:59+00:00", - "VersionId": "v2" - }, - "AmazonPollyFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonPollyFullAccess", - "AttachmentCount": 0, - "CreateDate": "2016-11-30T18:59:06+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "polly:*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJUZOYQU6XQYPR7EWS", - "PolicyName": "AmazonPollyFullAccess", - "UpdateDate": "2016-11-30T18:59:06+00:00", - "VersionId": "v1" - }, - "AmazonPollyReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonPollyReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2016-11-30T18:59:24+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "polly:DescribeVoices", - "polly:GetLexicon", - "polly:GetSpeechSynthesisTask", - "polly:ListLexicons", - "polly:ListSpeechSynthesisTasks", - "polly:SynthesizeSpeech" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ5FENL3CVPL2FPDLA", - "PolicyName": "AmazonPollyReadOnlyAccess", - "UpdateDate": "2018-07-17T16:41:07+00:00", - "VersionId": "v2" - }, - "AmazonPrometheusConsoleFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonPrometheusConsoleFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-12-15T18:11:10+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "tag:GetTagValues", - "tag:GetTagKeys" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "aps:CreateWorkspace", - "aps:DescribeWorkspace", - "aps:UpdateWorkspaceAlias", - "aps:DeleteWorkspace", - "aps:ListWorkspaces", - "aps:DescribeAlertManagerDefinition", - "aps:DescribeRuleGroupsNamespace", - "aps:CreateAlertManagerDefinition", - "aps:CreateRuleGroupsNamespace", - "aps:DeleteAlertManagerDefinition", - "aps:DeleteRuleGroupsNamespace", - "aps:ListRuleGroupsNamespaces", - "aps:PutAlertManagerDefinition", - "aps:PutRuleGroupsNamespace", - "aps:TagResource", - "aps:UntagResource" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4P7IR2JZ6H", - "PolicyName": "AmazonPrometheusConsoleFullAccess", - "UpdateDate": "2021-09-29T15:29:28+00:00", - "VersionId": "v2" - }, - "AmazonPrometheusFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonPrometheusFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-12-15T18:10:46+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "aps:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4POZK2DGLM", - "PolicyName": "AmazonPrometheusFullAccess", - "UpdateDate": "2020-12-15T18:10:46+00:00", - "VersionId": "v1" - }, - "AmazonPrometheusQueryAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonPrometheusQueryAccess", - "AttachmentCount": 0, - "CreateDate": "2020-12-19T01:02:58+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "aps:GetLabels", - "aps:GetMetricMetadata", - "aps:GetSeries", - "aps:QueryMetrics" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4GQ2MT4E46", - "PolicyName": "AmazonPrometheusQueryAccess", - "UpdateDate": "2020-12-19T01:02:58+00:00", - "VersionId": "v1" - }, - "AmazonPrometheusRemoteWriteAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonPrometheusRemoteWriteAccess", - "AttachmentCount": 0, - "CreateDate": "2020-12-19T01:04:32+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "aps:RemoteWrite" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JHMXH2L3T", - "PolicyName": "AmazonPrometheusRemoteWriteAccess", - "UpdateDate": "2020-12-19T01:04:32+00:00", - "VersionId": "v1" - }, - "AmazonQLDBConsoleFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonQLDBConsoleFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-09-05T18:24:20+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "qldb:CreateLedger", - "qldb:UpdateLedger", - "qldb:UpdateLedgerPermissionsMode", - "qldb:DeleteLedger", - "qldb:ListLedgers", - "qldb:DescribeLedger", - "qldb:ExportJournalToS3", - "qldb:ListJournalS3Exports", - "qldb:ListJournalS3ExportsForLedger", - "qldb:DescribeJournalS3Export", - "qldb:CancelJournalKinesisStream", - "qldb:DescribeJournalKinesisStream", - "qldb:ListJournalKinesisStreamsForLedger", - "qldb:StreamJournalToKinesis", - "qldb:GetBlock", - "qldb:GetDigest", - "qldb:GetRevision", - "qldb:TagResource", - "qldb:UntagResource", - "qldb:ListTagsForResource", - "qldb:SendCommand", - "qldb:ExecuteStatement", - "qldb:ShowCatalog", - "qldb:InsertSampleData", - "qldb:PartiQLCreateTable", - "qldb:PartiQLCreateIndex", - "qldb:PartiQLDropTable", - "qldb:PartiQLDropIndex", - "qldb:PartiQLUndropTable", - "qldb:PartiQLDelete", - "qldb:PartiQLInsert", - "qldb:PartiQLUpdate", - "qldb:PartiQLSelect", - "qldb:PartiQLHistoryFunction" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "dbqms:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kinesis:ListStreams", - "kinesis:DescribeStream" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": "qldb.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4H2DEHAFRU", - "PolicyName": "AmazonQLDBConsoleFullAccess", - "UpdateDate": "2021-09-02T23:21:23+00:00", - "VersionId": "v4" - }, - "AmazonQLDBFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonQLDBFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-09-05T18:23:32+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "qldb:CreateLedger", - "qldb:UpdateLedger", - "qldb:UpdateLedgerPermissionsMode", - "qldb:DeleteLedger", - "qldb:ListLedgers", - "qldb:DescribeLedger", - "qldb:ExportJournalToS3", - "qldb:ListJournalS3Exports", - "qldb:ListJournalS3ExportsForLedger", - "qldb:DescribeJournalS3Export", - "qldb:CancelJournalKinesisStream", - "qldb:DescribeJournalKinesisStream", - "qldb:ListJournalKinesisStreamsForLedger", - "qldb:StreamJournalToKinesis", - "qldb:GetDigest", - "qldb:GetRevision", - "qldb:GetBlock", - "qldb:TagResource", - "qldb:UntagResource", - "qldb:ListTagsForResource", - "qldb:SendCommand", - "qldb:PartiQLCreateTable", - "qldb:PartiQLCreateIndex", - "qldb:PartiQLDropTable", - "qldb:PartiQLDropIndex", - "qldb:PartiQLUndropTable", - "qldb:PartiQLDelete", - "qldb:PartiQLInsert", - "qldb:PartiQLUpdate", - "qldb:PartiQLSelect", - "qldb:PartiQLHistoryFunction" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": "qldb.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4HHBBWGE2J", - "PolicyName": "AmazonQLDBFullAccess", - "UpdateDate": "2021-09-02T23:21:04+00:00", - "VersionId": "v4" - }, - "AmazonQLDBReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AmazonQLDBReadOnly", - "AttachmentCount": 0, - "CreateDate": "2019-09-05T18:19:24+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "qldb:ListLedgers", - "qldb:DescribeLedger", - "qldb:ListJournalS3Exports", - "qldb:ListJournalS3ExportsForLedger", - "qldb:DescribeJournalS3Export", - "qldb:DescribeJournalKinesisStream", - "qldb:ListJournalKinesisStreamsForLedger", - "qldb:GetBlock", - "qldb:GetDigest", - "qldb:GetRevision", - "qldb:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4IC74JOQJR", - "PolicyName": "AmazonQLDBReadOnly", - "UpdateDate": "2021-07-02T02:17:25+00:00", - "VersionId": "v3" - }, - "AmazonRDSBetaServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSBetaServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-05-02T19:41:04+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:AllocateAddress", - "ec2:AssociateAddress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateCoipPoolPermission", - "ec2:CreateLocalGatewayRouteTablePermission", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:DeleteCoipPoolPermission", - "ec2:DeleteLocalGatewayRouteTablePermission", - "ec2:DeleteNetworkInterface", - "ec2:DeleteSecurityGroup", - "ec2:DescribeAddresses", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeCoipPools", - "ec2:DescribeInternetGateways", - "ec2:DescribeLocalGatewayRouteTablePermissions", - "ec2:DescribeLocalGatewayRouteTables", - "ec2:DescribeLocalGatewayRouteTableVpcAssociations", - "ec2:DescribeLocalGateways", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcs", - "ec2:DisassociateAddress", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:ModifyVpcEndpoint", - "ec2:ReleaseAddress", - "ec2:RevokeSecurityGroupIngress", - "ec2:CreateVpcEndpoint", - "ec2:DescribeVpcEndpoints", - "ec2:DeleteVpcEndpoints" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sns:Publish" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/rds/*" - ] - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*" - ] - }, - { - "Action": [ - "cloudwatch:PutMetricData" - ], - "Condition": { - "StringEquals": { - "cloudwatch:namespace": [ - "AWS/DocDB", - "AWS/Neptune", - "AWS/RDS" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ36CJAE6OYAR4YEK4", - "PolicyName": "AmazonRDSBetaServiceRolePolicy", - "UpdateDate": "2022-02-22T20:46:59+00:00", - "VersionId": "v6" - }, - "AmazonRDSCustomPreviewServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSCustomPreviewServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-10-08T21:44:15+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeRegions", - "ec2:DescribeSnapshots", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeVolumes", - "ec2:DescribeInstanceStatus", - "ec2:DescribeIamInstanceProfileAssociations", - "ec2:DescribeImages", - "ec2:DescribeVpcs", - "ec2:RegisterImage", - "ec2:DeregisterImage", - "ec2:DescribeTags", - "ec2:DescribeSecurityGroups", - "ec2:DescribeVolumesModifications", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "ecc1" - }, - { - "Action": [ - "ec2:DisassociateIamInstanceProfile", - "ec2:AssociateIamInstanceProfile", - "ec2:ReplaceIamInstanceProfileAssociation", - "ec2:TerminateInstances", - "ec2:StartInstances", - "ec2:StopInstances", - "ec2:RebootInstances" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*", - "Sid": "ecc2" - }, - { - "Action": [ - "ec2:AllocateAddress" - ], - "Condition": { - "StringLike": { - "aws:RequestTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "ecc1scoping" - }, - { - "Action": [ - "ec2:AssociateAddress", - "ec2:DisassociateAddress", - "ec2:ReleaseAddress" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "ecc1scoping2" - }, - { - "Action": "ec2:RunInstances", - "Condition": { - "StringLike": { - "aws:RequestTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:network-interface/*" - ], - "Sid": "eccRunInstances1" - }, - { - "Action": [ - "ec2:RunInstances" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*::image/*", - "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*", - "arn:aws:ec2:*:*:placement-group/*" - ], - "Sid": "eccRunInstances2" - }, - { - "Action": [ - "ec2:RunInstances", - "ec2:DeleteKeyPair" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*" - ], - "Sid": "eccRunInstances3keyPair1" - }, - { - "Action": [ - "ec2:CreateKeyPair" - ], - "Condition": { - "StringLike": { - "aws:RequestTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*" - ], - "Sid": "eccKeyPair2" - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "eccCreateTag1" - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "StringLike": { - "aws:RequestTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ], - "ec2:CreateAction": [ - "CreateKeyPair", - "RunInstances", - "CreateVolume", - "CreateSnapshots", - "CopySnapshot", - "AllocateAddress" - ] - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "eccCreateTag2" - }, - { - "Action": [ - "ec2:DetachVolume", - "ec2:AttachVolume" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:volume/*" - ], - "Sid": "eccVolume1" - }, - { - "Action": "ec2:CreateVolume", - "Condition": { - "StringLike": { - "aws:RequestTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*", - "Sid": "eccVolume2" - }, - { - "Action": [ - "ec2:ModifyVolumeAttribute", - "ec2:DeleteVolume", - "ec2:ModifyVolume" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*", - "Sid": "eccVolume3" - }, - { - "Action": [ - "ec2:CreateVolume", - "ec2:DeleteSnapshot" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*::snapshot/*", - "Sid": "eccVolume4snapshot1" - }, - { - "Action": [ - "ec2:CopySnapshot", - "ec2:CreateSnapshots" - ], - "Condition": { - "StringLike": { - "aws:RequestTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*::snapshot/*", - "Sid": "eccSnapshot2" - }, - { - "Action": "ec2:CreateSnapshots", - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:volume/*" - ], - "Sid": "eccSnapshot3" - }, - { - "Action": [ - "iam:ListInstanceProfiles", - "iam:GetInstanceProfile", - "iam:GetRole", - "iam:ListRolePolicies", - "iam:GetRolePolicy", - "iam:ListAttachedRolePolicies", - "iam:GetPolicy", - "iam:GetPolicyVersion" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "iam1" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringLike": { - "iam:PassedToService": "ec2.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/AWSRDSCustom*", - "Sid": "iam2" - }, - { - "Action": [ - "cloudtrail:GetTrailStatus" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudtrail:*:*:trail/do-not-delete-rds-custom-*", - "Sid": "cloudtrail1" - }, - { - "Action": [ - "cloudwatch:EnableAlarmActions", - "cloudwatch:DeleteAlarms", - "cloudwatch:DescribeAlarms" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:cloudwatch:*:*:alarm:do-not-delete-rds-custom-*", - "Sid": "cw1" - }, - { - "Action": [ - "cloudwatch:PutMetricAlarm", - "cloudwatch:TagResource" - ], - "Condition": { - "StringLike": { - "aws:RequestTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:cloudwatch:*:*:alarm:do-not-delete-rds-custom-*", - "Sid": "cw2" - }, - { - "Action": "ssm:SendCommand", - "Effect": "Allow", - "Resource": "arn:aws:ssm:*:*:document/*", - "Sid": "ssm1" - }, - { - "Action": "ssm:SendCommand", - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*", - "Sid": "ssm2" - }, - { - "Action": [ - "ssm:GetCommandInvocation", - "ssm:GetConnectionStatus", - "ssm:DescribeInstanceInformation" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ssm3" - }, - { - "Action": [ - "events:PutRule", - "events:TagResource" - ], - "Condition": { - "StringLike": { - "aws:RequestTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", - "Sid": "eb1" - }, - { - "Action": [ - "events:PutTargets", - "events:DescribeRule", - "events:EnableRule", - "events:ListTargetsByRule", - "events:DeleteRule", - "events:RemoveTargets", - "events:DisableRule" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", - "Sid": "eb2" - }, - { - "Action": [ - "secretsmanager:TagResource", - "secretsmanager:CreateSecret" - ], - "Condition": { - "StringLike": { - "aws:RequestTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*", - "Sid": "secretmanager1" - }, - { - "Action": [ - "secretsmanager:TagResource", - "secretsmanager:DescribeSecret", - "secretsmanager:DeleteSecret", - "secretsmanager:PutSecretValue" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*", - "Sid": "secretmanager2" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4D6BEPON2G", - "PolicyName": "AmazonRDSCustomPreviewServiceRolePolicy", - "UpdateDate": "2021-10-08T21:44:15+00:00", - "VersionId": "v1" - }, - "AmazonRDSCustomServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSCustomServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-10-08T21:39:12+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeRegions", - "ec2:DescribeSnapshots", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeVolumes", - "ec2:DescribeInstanceStatus", - "ec2:DescribeIamInstanceProfileAssociations", - "ec2:DescribeImages", - "ec2:DescribeVpcs", - "ec2:RegisterImage", - "ec2:DeregisterImage", - "ec2:DescribeTags", - "ec2:DescribeSecurityGroups", - "ec2:DescribeVolumesModifications", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "ecc1" - }, - { - "Action": [ - "ec2:DisassociateIamInstanceProfile", - "ec2:AssociateIamInstanceProfile", - "ec2:ReplaceIamInstanceProfileAssociation", - "ec2:TerminateInstances", - "ec2:StartInstances", - "ec2:StopInstances", - "ec2:RebootInstances" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*", - "Sid": "ecc2" - }, - { - "Action": [ - "ec2:AllocateAddress" - ], - "Condition": { - "StringLike": { - "aws:RequestTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "ecc1scoping" - }, - { - "Action": [ - "ec2:AssociateAddress", - "ec2:DisassociateAddress", - "ec2:ReleaseAddress" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "ecc1scoping2" - }, - { - "Action": "ec2:RunInstances", - "Condition": { - "StringLike": { - "aws:RequestTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:network-interface/*" - ], - "Sid": "eccRunInstances1" - }, - { - "Action": [ - "ec2:RunInstances" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*::image/*", - "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*", - "arn:aws:ec2:*:*:placement-group/*" - ], - "Sid": "eccRunInstances2" - }, - { - "Action": [ - "ec2:RunInstances", - "ec2:DeleteKeyPair" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*" - ], - "Sid": "eccRunInstances3keyPair1" - }, - { - "Action": [ - "ec2:CreateKeyPair" - ], - "Condition": { - "StringLike": { - "aws:RequestTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*" - ], - "Sid": "eccKeyPair2" - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "eccCreateTag1" - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "StringLike": { - "aws:RequestTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ], - "ec2:CreateAction": [ - "CreateKeyPair", - "RunInstances", - "CreateVolume", - "CreateSnapshots", - "CopySnapshot", - "AllocateAddress" - ] - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "eccCreateTag2" - }, - { - "Action": [ - "ec2:DetachVolume", - "ec2:AttachVolume" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:volume/*" - ], - "Sid": "eccVolume1" - }, - { - "Action": "ec2:CreateVolume", - "Condition": { - "StringLike": { - "aws:RequestTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*", - "Sid": "eccVolume2" - }, - { - "Action": [ - "ec2:ModifyVolumeAttribute", - "ec2:DeleteVolume", - "ec2:ModifyVolume" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:volume/*", - "Sid": "eccVolume3" - }, - { - "Action": [ - "ec2:CreateVolume", - "ec2:DeleteSnapshot" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*::snapshot/*", - "Sid": "eccVolume4snapshot1" - }, - { - "Action": [ - "ec2:CopySnapshot", - "ec2:CreateSnapshots" - ], - "Condition": { - "StringLike": { - "aws:RequestTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*::snapshot/*", - "Sid": "eccSnapshot2" - }, - { - "Action": "ec2:CreateSnapshots", - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:volume/*" - ], - "Sid": "eccSnapshot3" - }, - { - "Action": [ - "iam:ListInstanceProfiles", - "iam:GetInstanceProfile", - "iam:GetRole", - "iam:ListRolePolicies", - "iam:GetRolePolicy", - "iam:ListAttachedRolePolicies", - "iam:GetPolicy", - "iam:GetPolicyVersion" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "iam1" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringLike": { - "iam:PassedToService": "ec2.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/AWSRDSCustom*", - "Sid": "iam2" - }, - { - "Action": [ - "cloudtrail:GetTrailStatus" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudtrail:*:*:trail/do-not-delete-rds-custom-*", - "Sid": "cloudtrail1" - }, - { - "Action": [ - "cloudwatch:EnableAlarmActions", - "cloudwatch:DeleteAlarms", - "cloudwatch:DescribeAlarms" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:cloudwatch:*:*:alarm:do-not-delete-rds-custom-*", - "Sid": "cw1" - }, - { - "Action": [ - "cloudwatch:PutMetricAlarm", - "cloudwatch:TagResource" - ], - "Condition": { - "StringLike": { - "aws:RequestTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:cloudwatch:*:*:alarm:do-not-delete-rds-custom-*", - "Sid": "cw2" - }, - { - "Action": "ssm:SendCommand", - "Effect": "Allow", - "Resource": "arn:aws:ssm:*:*:document/*", - "Sid": "ssm1" - }, - { - "Action": "ssm:SendCommand", - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*", - "Sid": "ssm2" - }, - { - "Action": [ - "ssm:GetCommandInvocation", - "ssm:GetConnectionStatus", - "ssm:DescribeInstanceInformation" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ssm3" - }, - { - "Action": [ - "events:PutRule", - "events:TagResource" - ], - "Condition": { - "StringLike": { - "aws:RequestTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", - "Sid": "eb1" - }, - { - "Action": [ - "events:PutTargets", - "events:DescribeRule", - "events:EnableRule", - "events:ListTargetsByRule", - "events:DeleteRule", - "events:RemoveTargets", - "events:DisableRule" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", - "Sid": "eb2" - }, - { - "Action": [ - "secretsmanager:TagResource", - "secretsmanager:CreateSecret" - ], - "Condition": { - "StringLike": { - "aws:RequestTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*", - "Sid": "secretmanager1" - }, - { - "Action": [ - "secretsmanager:TagResource", - "secretsmanager:DescribeSecret", - "secretsmanager:DeleteSecret", - "secretsmanager:PutSecretValue" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/AWSRDSCustom": [ - "custom-oracle", - "custom-sqlserver" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*", - "Sid": "secretmanager2" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4F2M3XYA7J", - "PolicyName": "AmazonRDSCustomServiceRolePolicy", - "UpdateDate": "2021-10-08T21:39:12+00:00", - "VersionId": "v1" - }, - "AmazonRDSDataFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRDSDataFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-20T21:29:36+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "secretsmanager:GetSecretValue", - "secretsmanager:PutResourcePolicy", - "secretsmanager:PutSecretValue", - "secretsmanager:DeleteSecret", - "secretsmanager:DescribeSecret", - "secretsmanager:TagResource" - ], - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:secret:rds-db-credentials/*", - "Sid": "SecretsManagerDbCredentialsAccess" - }, - { - "Action": [ - "dbqms:CreateFavoriteQuery", - "dbqms:DescribeFavoriteQueries", - "dbqms:UpdateFavoriteQuery", - "dbqms:DeleteFavoriteQueries", - "dbqms:GetQueryString", - "dbqms:CreateQueryHistory", - "dbqms:DescribeQueryHistory", - "dbqms:UpdateQueryHistory", - "dbqms:DeleteQueryHistory", - "rds-data:ExecuteSql", - "rds-data:ExecuteStatement", - "rds-data:BatchExecuteStatement", - "rds-data:BeginTransaction", - "rds-data:CommitTransaction", - "rds-data:RollbackTransaction", - "secretsmanager:CreateSecret", - "secretsmanager:ListSecrets", - "secretsmanager:GetRandomPassword", - "tag:GetResources" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "RDSDataServiceAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ5HUMNZCSW4IC74T6", - "PolicyName": "AmazonRDSDataFullAccess", - "UpdateDate": "2019-11-20T21:58:46+00:00", - "VersionId": "v3" - }, - "AmazonRDSDirectoryServiceAccess": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess", - "AttachmentCount": 0, - "CreateDate": "2016-02-26T02:02:05+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "ds:DescribeDirectories", - "ds:AuthorizeApplication", - "ds:UnauthorizeApplication", - "ds:GetAuthorizedApplicationDetails" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIL4KBY57XWMYUHKUU", - "PolicyName": "AmazonRDSDirectoryServiceAccess", - "UpdateDate": "2019-05-15T16:51:50+00:00", - "VersionId": "v2" - }, - "AmazonRDSEnhancedMonitoringRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole", - "AttachmentCount": 0, - "CreateDate": "2015-11-11T19:58:29+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:PutRetentionPolicy" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:RDS*" - ], - "Sid": "EnableCreationAndManagementOfRDSCloudwatchLogGroups" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:GetLogEvents" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:RDS*:log-stream:*" - ], - "Sid": "EnableCreationAndManagementOfRDSCloudwatchLogStreams" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJV7BS425S4PTSSVGK", - "PolicyName": "AmazonRDSEnhancedMonitoringRole", - "UpdateDate": "2015-11-11T19:58:29+00:00", - "VersionId": "v1" - }, - "AmazonRDSFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRDSFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:52+00:00", - "DefaultVersionId": "v9", - "Document": { - "Statement": [ - { - "Action": [ - "rds:*", - "application-autoscaling:DeleteScalingPolicy", - "application-autoscaling:DeregisterScalableTarget", - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DescribeScalingActivities", - "application-autoscaling:DescribeScalingPolicies", - "application-autoscaling:PutScalingPolicy", - "application-autoscaling:RegisterScalableTarget", - "cloudwatch:DescribeAlarms", - "cloudwatch:GetMetricStatistics", - "cloudwatch:PutMetricAlarm", - "cloudwatch:DeleteAlarms", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeCoipPools", - "ec2:DescribeInternetGateways", - "ec2:DescribeLocalGatewayRouteTablePermissions", - "ec2:DescribeLocalGatewayRouteTables", - "ec2:DescribeLocalGatewayRouteTableVpcAssociations", - "ec2:DescribeLocalGateways", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcs", - "ec2:GetCoipPoolUsage", - "sns:ListSubscriptions", - "sns:ListTopics", - "sns:Publish", - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "outposts:GetOutpostInstanceTypes" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "pi:*", - "Effect": "Allow", - "Resource": "arn:aws:pi:*:*:metrics/rds/*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": [ - "rds.amazonaws.com", - "rds.application-autoscaling.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI3R4QMOG6Q5A4VWVG", - "PolicyName": "AmazonRDSFullAccess", - "UpdateDate": "2022-03-07T21:11:46+00:00", - "VersionId": "v9" - }, - "AmazonRDSPreviewServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSPreviewServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-05-31T18:02:00+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "rds:CrossRegionCommunication" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AllocateAddress", - "ec2:AssociateAddress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateCoipPoolPermission", - "ec2:CreateLocalGatewayRouteTablePermission", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:DeleteCoipPoolPermission", - "ec2:DeleteLocalGatewayRouteTablePermission", - "ec2:DeleteNetworkInterface", - "ec2:DeleteSecurityGroup", - "ec2:DescribeAddresses", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeCoipPools", - "ec2:DescribeInternetGateways", - "ec2:DescribeLocalGatewayRouteTablePermissions", - "ec2:DescribeLocalGatewayRouteTables", - "ec2:DescribeLocalGatewayRouteTableVpcAssociations", - "ec2:DescribeLocalGateways", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcs", - "ec2:DisassociateAddress", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:ReleaseAddress", - "ec2:RevokeSecurityGroupIngress" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sns:Publish" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/rds/*" - ] - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*" - ] - }, - { - "Action": [ - "cloudwatch:PutMetricData" - ], - "Condition": { - "StringEquals": { - "cloudwatch:namespace": [ - "AWS/DocDB", - "AWS/Neptune", - "AWS/RDS" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIZHJJBU3675JOUEMQ", - "PolicyName": "AmazonRDSPreviewServiceRolePolicy", - "UpdateDate": "2022-02-22T20:46:58+00:00", - "VersionId": "v5" - }, - "AmazonRDSReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRDSReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:53+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "rds:Describe*", - "rds:ListTagsForResource", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInternetGateways", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcs" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:GetMetricStatistics", - "logs:DescribeLogStreams", - "logs:GetLogEvents" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJKTTTYV2IIHKLZ346", - "PolicyName": "AmazonRDSReadOnlyAccess", - "UpdateDate": "2017-08-28T21:36:32+00:00", - "VersionId": "v3" - }, - "AmazonRDSServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSServiceRolePolicy", - "AttachmentCount": 1, - "CreateDate": "2018-01-08T18:17:46+00:00", - "DefaultVersionId": "v10", - "Document": { - "Statement": [ - { - "Action": [ - "rds:CrossRegionCommunication" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AllocateAddress", - "ec2:AssociateAddress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateCoipPoolPermission", - "ec2:CreateLocalGatewayRouteTablePermission", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:DeleteCoipPoolPermission", - "ec2:DeleteLocalGatewayRouteTablePermission", - "ec2:DeleteNetworkInterface", - "ec2:DeleteSecurityGroup", - "ec2:DescribeAddresses", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeCoipPools", - "ec2:DescribeInternetGateways", - "ec2:DescribeLocalGatewayRouteTablePermissions", - "ec2:DescribeLocalGatewayRouteTables", - "ec2:DescribeLocalGatewayRouteTableVpcAssociations", - "ec2:DescribeLocalGateways", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcs", - "ec2:DisassociateAddress", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:ModifyVpcEndpoint", - "ec2:ReleaseAddress", - "ec2:RevokeSecurityGroupIngress", - "ec2:CreateVpcEndpoint", - "ec2:DescribeVpcEndpoints", - "ec2:DeleteVpcEndpoints", - "ec2:AssignPrivateIpAddresses", - "ec2:UnassignPrivateIpAddresses" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sns:Publish" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/rds/*", - "arn:aws:logs:*:*:log-group:/aws/docdb/*", - "arn:aws:logs:*:*:log-group:/aws/neptune/*" - ] - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*", - "arn:aws:logs:*:*:log-group:/aws/docdb/*:log-stream:*", - "arn:aws:logs:*:*:log-group:/aws/neptune/*:log-stream:*" - ] - }, - { - "Action": [ - "kinesis:CreateStream", - "kinesis:PutRecord", - "kinesis:PutRecords", - "kinesis:DescribeStream", - "kinesis:SplitShard", - "kinesis:MergeShards", - "kinesis:DeleteStream", - "kinesis:UpdateShardCount" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:kinesis:*:*:stream/aws-rds-das-*" - ] - }, - { - "Action": [ - "cloudwatch:PutMetricData" - ], - "Condition": { - "StringEquals": { - "cloudwatch:namespace": [ - "AWS/DocDB", - "AWS/Neptune", - "AWS/RDS" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIPEU5ZOBJWKWHUIBA", - "PolicyName": "AmazonRDSServiceRolePolicy", - "UpdateDate": "2022-02-24T01:07:42+00:00", - "VersionId": "v10" - }, - "AmazonRedshiftAllCommandsFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRedshiftAllCommandsFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-11-04T00:48:08+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "sagemaker:CreateTrainingJob", - "sagemaker:CreateAutoMLJob", - "sagemaker:CreateCompilationJob", - "sagemaker:CreateEndpoint", - "sagemaker:DescribeAutoMLJob", - "sagemaker:DescribeTrainingJob", - "sagemaker:DescribeCompilationJob", - "sagemaker:DescribeProcessingJob", - "sagemaker:DescribeTransformJob", - "sagemaker:ListCandidatesForAutoMLJob", - "sagemaker:StopAutoMLJob", - "sagemaker:StopCompilationJob", - "sagemaker:StopTrainingJob", - "sagemaker:DescribeEndpoint", - "sagemaker:InvokeEndpoint", - "sagemaker:StopProcessingJob", - "sagemaker:CreateModel", - "sagemaker:CreateProcessingJob" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sagemaker:*:*:model/*redshift*", - "arn:aws:sagemaker:*:*:training-job/*redshift*", - "arn:aws:sagemaker:*:*:automl-job/*redshift*", - "arn:aws:sagemaker:*:*:compilation-job/*redshift*", - "arn:aws:sagemaker:*:*:processing-job/*redshift*", - "arn:aws:sagemaker:*:*:transform-job/*redshift*", - "arn:aws:sagemaker:*:*:endpoint/*redshift*" - ] - }, - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/sagemaker/Endpoints/*redshift*", - "arn:aws:logs:*:*:log-group:/aws/sagemaker/ProcessingJobs/*redshift*", - "arn:aws:logs:*:*:log-group:/aws/sagemaker/TrainingJobs/*redshift*", - "arn:aws:logs:*:*:log-group:/aws/sagemaker/TransformJobs/*redshift*" - ] - }, - { - "Action": [ - "cloudwatch:PutMetricData" - ], - "Condition": { - "StringEquals": { - "cloudwatch:namespace": [ - "SageMaker", - "/aws/sagemaker/Endpoints", - "/aws/sagemaker/ProcessingJobs", - "/aws/sagemaker/TrainingJobs", - "/aws/sagemaker/TransformJobs" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ecr:BatchCheckLayerAvailability", - "ecr:BatchGetImage", - "ecr:GetAuthorizationToken", - "ecr:GetDownloadUrlForLayer" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetObject", - "s3:GetBucketAcl", - "s3:GetBucketCors", - "s3:GetEncryptionConfiguration", - "s3:GetBucketLocation", - "s3:ListBucket", - "s3:ListAllMyBuckets", - "s3:ListMultipartUploadParts", - "s3:ListBucketMultipartUploads", - "s3:PutObject", - "s3:PutBucketAcl", - "s3:PutBucketCors", - "s3:DeleteObject", - "s3:AbortMultipartUpload", - "s3:CreateBucket" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::redshift-downloads", - "arn:aws:s3:::redshift-downloads/*", - "arn:aws:s3:::*redshift*", - "arn:aws:s3:::*redshift*/*" - ] - }, - { - "Action": [ - "s3:GetObject" - ], - "Condition": { - "StringEqualsIgnoreCase": { - "s3:ExistingObjectTag/Redshift": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "dynamodb:Scan", - "dynamodb:DescribeTable", - "dynamodb:Getitem" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:dynamodb:*:*:table/*redshift*", - "arn:aws:dynamodb:*:*:table/*redshift*/index/*" - ] - }, - { - "Action": [ - "elasticmapreduce:ListInstances" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:elasticmapreduce:*:*:cluster/*redshift*" - ] - }, - { - "Action": [ - "elasticmapreduce:ListInstances" - ], - "Condition": { - "StringEqualsIgnoreCase": { - "elasticmapreduce:ResourceTag/Redshift": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "lambda:InvokeFunction" - ], - "Effect": "Allow", - "Resource": "arn:aws:lambda:*:*:function:*redshift*" - }, - { - "Action": [ - "glue:CreateDatabase", - "glue:DeleteDatabase", - "glue:GetDatabase", - "glue:GetDatabases", - "glue:UpdateDatabase", - "glue:CreateTable", - "glue:DeleteTable", - "glue:BatchDeleteTable", - "glue:UpdateTable", - "glue:GetTable", - "glue:GetTables", - "glue:BatchCreatePartition", - "glue:CreatePartition", - "glue:DeletePartition", - "glue:BatchDeletePartition", - "glue:UpdatePartition", - "glue:GetPartition", - "glue:GetPartitions", - "glue:BatchGetPartition" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:glue:*:*:table/*redshift*/*", - "arn:aws:glue:*:*:catalog", - "arn:aws:glue:*:*:database/*redshift*" - ] - }, - { - "Action": [ - "secretsmanager:GetResourcePolicy", - "secretsmanager:GetSecretValue", - "secretsmanager:DescribeSecret", - "secretsmanager:ListSecretVersionIds" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:secretsmanager:*:*:secret:*redshift*" - ] - }, - { - "Action": [ - "secretsmanager:GetRandomPassword", - "secretsmanager:ListSecrets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "redshift.amazonaws.com", - "glue.amazonaws.com", - "sagemaker.amazonaws.com", - "athena.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FLN3TI7CS", - "PolicyName": "AmazonRedshiftAllCommandsFullAccess", - "UpdateDate": "2021-11-25T02:27:31+00:00", - "VersionId": "v2" - }, - "AmazonRedshiftDataFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRedshiftDataFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-09-09T19:23:55+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "redshift-data:BatchExecuteStatement", - "redshift-data:ExecuteStatement", - "redshift-data:CancelStatement", - "redshift-data:ListStatements", - "redshift-data:GetStatementResult", - "redshift-data:DescribeStatement", - "redshift-data:ListDatabases", - "redshift-data:ListSchemas", - "redshift-data:ListTables", - "redshift-data:DescribeTable" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "DataAPIPermissions" - }, - { - "Action": [ - "secretsmanager:GetSecretValue" - ], - "Condition": { - "StringLike": { - "secretsmanager:ResourceTag/RedshiftDataFullAccess": "*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "SecretsManagerPermissions" - }, - { - "Action": "redshift:GetClusterCredentials", - "Effect": "Allow", - "Resource": [ - "arn:aws:redshift:*:*:dbname:*/*", - "arn:aws:redshift:*:*:dbuser:*/redshift_data_api_user" - ], - "Sid": "GetCredentialsForAPIUser" - }, - { - "Action": "redshift:CreateClusterUser", - "Effect": "Deny", - "Resource": [ - "arn:aws:redshift:*:*:dbuser:*/redshift_data_api_user" - ], - "Sid": "DenyCreateAPIUser" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "redshift-data.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/redshift-data.amazonaws.com/AWSServiceRoleForRedshift", - "Sid": "ServiceLinkedRole" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PX5LA5SG6", - "PolicyName": "AmazonRedshiftDataFullAccess", - "UpdateDate": "2021-07-27T20:05:33+00:00", - "VersionId": "v2" - }, - "AmazonRedshiftFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRedshiftFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:50+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "redshift:*", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAddresses", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeInternetGateways", - "sns:CreateTopic", - "sns:Get*", - "sns:List*", - "cloudwatch:Describe*", - "cloudwatch:Get*", - "cloudwatch:List*", - "cloudwatch:PutMetricAlarm", - "cloudwatch:EnableAlarmActions", - "cloudwatch:DisableAlarmActions", - "tag:GetResources", - "tag:UntagResources", - "tag:GetTagValues", - "tag:GetTagKeys", - "tag:TagResources" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "redshift.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/redshift.amazonaws.com/AWSServiceRoleForRedshift" - }, - { - "Action": [ - "redshift-data:ExecuteStatement", - "redshift-data:CancelStatement", - "redshift-data:ListStatements", - "redshift-data:GetStatementResult", - "redshift-data:DescribeStatement", - "redshift-data:ListDatabases", - "redshift-data:ListSchemas", - "redshift-data:ListTables", - "redshift-data:DescribeTable" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "DataAPIPermissions" - }, - { - "Action": [ - "secretsmanager:ListSecrets" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "SecretsManagerListPermissions" - }, - { - "Action": [ - "secretsmanager:CreateSecret", - "secretsmanager:GetSecretValue", - "secretsmanager:TagResource" - ], - "Condition": { - "StringLike": { - "secretsmanager:ResourceTag/RedshiftDataFullAccess": "*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "SecretsManagerCreateGetPermissions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAISEKCHH4YDB46B5ZO", - "PolicyName": "AmazonRedshiftFullAccess", - "UpdateDate": "2020-09-09T19:51:19+00:00", - "VersionId": "v4" - }, - "AmazonRedshiftQueryEditor": { - "Arn": "arn:aws:iam::aws:policy/AmazonRedshiftQueryEditor", - "AttachmentCount": 1, - "CreateDate": "2018-10-04T22:50:32+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "redshift:GetClusterCredentials", - "redshift:ListSchemas", - "redshift:ListTables", - "redshift:ListDatabases", - "redshift:ExecuteQuery", - "redshift:FetchResults", - "redshift:CancelQuery", - "redshift:DescribeClusters", - "redshift:DescribeQuery", - "redshift:DescribeTable", - "redshift:ViewQueriesFromConsole", - "redshift:DescribeSavedQueries", - "redshift:CreateSavedQuery", - "redshift:DeleteSavedQueries", - "redshift:ModifySavedQuery" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "redshift-data:ExecuteStatement", - "redshift-data:ListDatabases", - "redshift-data:ListSchemas", - "redshift-data:ListTables", - "redshift-data:DescribeTable" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "DataAPIPermissions" - }, - { - "Action": [ - "redshift-data:GetStatementResult", - "redshift-data:CancelStatement", - "redshift-data:DescribeStatement", - "redshift-data:ListStatements" - ], - "Condition": { - "StringEquals": { - "redshift-data:statement-owner-iam-userid": "${aws:userid}" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "DataAPIIAMSessionPermissionsRestriction" - }, - { - "Action": [ - "secretsmanager:ListSecrets" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "SecretsManagerListPermissions" - }, - { - "Action": [ - "secretsmanager:CreateSecret", - "secretsmanager:GetSecretValue", - "secretsmanager:TagResource" - ], - "Condition": { - "StringEquals": { - "secretsmanager:ResourceTag/RedshiftQueryOwner": "${aws:userid}" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:secret:*", - "Sid": "SecretsManagerCreateGetPermissions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAINVFHHP7CWVHTGBGM", - "PolicyName": "AmazonRedshiftQueryEditor", - "UpdateDate": "2021-02-16T19:33:45+00:00", - "VersionId": "v4" - }, - "AmazonRedshiftQueryEditorV2FullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRedshiftQueryEditorV2FullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-09-24T14:06:02+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": "redshift:DescribeClusters", - "Effect": "Allow", - "Resource": "*", - "Sid": "RedshiftPermissions" - }, - { - "Action": [ - "kms:DescribeKey", - "kms:ListAliases" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "KeyManagementServicePermissions" - }, - { - "Action": [ - "secretsmanager:CreateSecret", - "secretsmanager:GetSecretValue", - "secretsmanager:DeleteSecret", - "secretsmanager:TagResource" - ], - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:sqlworkbench!*", - "Sid": "SecretsManagerPermissions" - }, - { - "Action": [ - "tag:GetResources" - ], - "Condition": { - "StringEquals": { - "aws:CalledViaLast": "sqlworkbench.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "ResourceGroupsTaggingPermissions" - }, - { - "Action": "sqlworkbench:*", - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonRedshiftQueryEditorV2Permissions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4BKYFZHR4E", - "PolicyName": "AmazonRedshiftQueryEditorV2FullAccess", - "UpdateDate": "2022-02-23T17:05:06+00:00", - "VersionId": "v2" - }, - "AmazonRedshiftQueryEditorV2NoSharing": { - "Arn": "arn:aws:iam::aws:policy/AmazonRedshiftQueryEditorV2NoSharing", - "AttachmentCount": 0, - "CreateDate": "2021-09-24T14:18:42+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": "redshift:DescribeClusters", - "Effect": "Allow", - "Resource": "*", - "Sid": "RedshiftPermissions" - }, - { - "Action": [ - "secretsmanager:CreateSecret", - "secretsmanager:GetSecretValue", - "secretsmanager:DeleteSecret", - "secretsmanager:TagResource" - ], - "Condition": { - "StringEquals": { - "secretsmanager:ResourceTag/sqlworkbench-resource-owner": "${aws:userid}" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:sqlworkbench!*", - "Sid": "SecretsManagerPermissions" - }, - { - "Action": [ - "tag:GetResources" - ], - "Condition": { - "StringEquals": { - "aws:CalledViaLast": "sqlworkbench.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "ResourceGroupsTaggingPermissions" - }, - { - "Action": [ - "sqlworkbench:CreateFolder", - "sqlworkbench:PutTab", - "sqlworkbench:BatchDeleteFolder", - "sqlworkbench:DeleteTab", - "sqlworkbench:GenerateSession", - "sqlworkbench:GetAccountInfo", - "sqlworkbench:GetUserInfo", - "sqlworkbench:GetUserWorkspaceSettings", - "sqlworkbench:PutUserWorkspaceSettings", - "sqlworkbench:ListConnections", - "sqlworkbench:ListFiles", - "sqlworkbench:ListTabs", - "sqlworkbench:UpdateFolder", - "sqlworkbench:ListRedshiftClusters", - "sqlworkbench:DriverExecute", - "sqlworkbench:ListTaggedResources" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonRedshiftQueryEditorV2NonResourceLevelPermissions" - }, - { - "Action": [ - "sqlworkbench:CreateConnection", - "sqlworkbench:CreateSavedQuery", - "sqlworkbench:CreateChart" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/sqlworkbench-resource-owner": "${aws:userid}" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonRedshiftQueryEditorV2CreateOwnedResourcePermissions" - }, - { - "Action": [ - "sqlworkbench:DeleteChart", - "sqlworkbench:DeleteConnection", - "sqlworkbench:DeleteSavedQuery", - "sqlworkbench:GetChart", - "sqlworkbench:GetConnection", - "sqlworkbench:GetSavedQuery", - "sqlworkbench:ListSavedQueryVersions", - "sqlworkbench:UpdateChart", - "sqlworkbench:UpdateConnection", - "sqlworkbench:UpdateSavedQuery", - "sqlworkbench:AssociateConnectionWithTab", - "sqlworkbench:AssociateQueryWithTab", - "sqlworkbench:AssociateConnectionWithChart", - "sqlworkbench:UpdateFileFolder", - "sqlworkbench:ListTagsForResource" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/sqlworkbench-resource-owner": "${aws:userid}" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonRedshiftQueryEditorV2OwnerSpecificPermissions" - }, - { - "Action": "sqlworkbench:TagResource", - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": "sqlworkbench-resource-owner" - }, - "StringEquals": { - "aws:RequestTag/sqlworkbench-resource-owner": "${aws:userid}", - "aws:ResourceTag/sqlworkbench-resource-owner": "${aws:userid}" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonRedshiftQueryEditorV2TagOnlyUserIdPermissions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JFCSC6IV2", - "PolicyName": "AmazonRedshiftQueryEditorV2NoSharing", - "UpdateDate": "2022-02-23T17:04:20+00:00", - "VersionId": "v2" - }, - "AmazonRedshiftQueryEditorV2ReadSharing": { - "Arn": "arn:aws:iam::aws:policy/AmazonRedshiftQueryEditorV2ReadSharing", - "AttachmentCount": 0, - "CreateDate": "2021-09-24T14:22:21+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": "redshift:DescribeClusters", - "Effect": "Allow", - "Resource": "*", - "Sid": "RedshiftPermissions" - }, - { - "Action": [ - "secretsmanager:CreateSecret", - "secretsmanager:GetSecretValue", - "secretsmanager:DeleteSecret", - "secretsmanager:TagResource" - ], - "Condition": { - "StringEquals": { - "secretsmanager:ResourceTag/sqlworkbench-resource-owner": "${aws:userid}" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:sqlworkbench!*", - "Sid": "SecretsManagerPermissions" - }, - { - "Action": [ - "tag:GetResources" - ], - "Condition": { - "StringEquals": { - "aws:CalledViaLast": "sqlworkbench.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "ResourceGroupsTaggingPermissions" - }, - { - "Action": [ - "sqlworkbench:CreateFolder", - "sqlworkbench:PutTab", - "sqlworkbench:BatchDeleteFolder", - "sqlworkbench:DeleteTab", - "sqlworkbench:GenerateSession", - "sqlworkbench:GetAccountInfo", - "sqlworkbench:GetUserInfo", - "sqlworkbench:GetUserWorkspaceSettings", - "sqlworkbench:PutUserWorkspaceSettings", - "sqlworkbench:ListConnections", - "sqlworkbench:ListFiles", - "sqlworkbench:ListTabs", - "sqlworkbench:UpdateFolder", - "sqlworkbench:ListRedshiftClusters", - "sqlworkbench:DriverExecute", - "sqlworkbench:ListTaggedResources" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonRedshiftQueryEditorV2NonResourceLevelPermissions" - }, - { - "Action": [ - "sqlworkbench:CreateConnection", - "sqlworkbench:CreateSavedQuery", - "sqlworkbench:CreateChart" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/sqlworkbench-resource-owner": "${aws:userid}" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonRedshiftQueryEditorV2CreateOwnedResourcePermissions" - }, - { - "Action": [ - "sqlworkbench:DeleteChart", - "sqlworkbench:DeleteConnection", - "sqlworkbench:DeleteSavedQuery", - "sqlworkbench:GetChart", - "sqlworkbench:GetConnection", - "sqlworkbench:GetSavedQuery", - "sqlworkbench:ListSavedQueryVersions", - "sqlworkbench:UpdateChart", - "sqlworkbench:UpdateConnection", - "sqlworkbench:UpdateSavedQuery", - "sqlworkbench:AssociateConnectionWithTab", - "sqlworkbench:AssociateQueryWithTab", - "sqlworkbench:AssociateConnectionWithChart", - "sqlworkbench:UpdateFileFolder", - "sqlworkbench:ListTagsForResource" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/sqlworkbench-resource-owner": "${aws:userid}" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonRedshiftQueryEditorV2OwnerSpecificPermissions" - }, - { - "Action": "sqlworkbench:TagResource", - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": "sqlworkbench-resource-owner" - }, - "StringEquals": { - "aws:RequestTag/sqlworkbench-resource-owner": "${aws:userid}", - "aws:ResourceTag/sqlworkbench-resource-owner": "${aws:userid}" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonRedshiftQueryEditorV2TagOnlyUserIdPermissions" - }, - { - "Action": [ - "sqlworkbench:GetChart", - "sqlworkbench:GetConnection", - "sqlworkbench:GetSavedQuery", - "sqlworkbench:ListSavedQueryVersions", - "sqlworkbench:ListTagsForResource", - "sqlworkbench:AssociateQueryWithTab" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/sqlworkbench-team": "${aws:PrincipalTag/sqlworkbench-team}" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonRedshiftQueryEditorV2TeamReadAccessPermissions" - }, - { - "Action": "sqlworkbench:TagResource", - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": "sqlworkbench-team" - }, - "StringEquals": { - "aws:RequestTag/sqlworkbench-team": "${aws:PrincipalTag/sqlworkbench-team}", - "aws:ResourceTag/sqlworkbench-resource-owner": "${aws:userid}" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonRedshiftQueryEditorV2TagOnlyTeamPermissions" - }, - { - "Action": "sqlworkbench:UntagResource", - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": "sqlworkbench-team" - }, - "StringEquals": { - "aws:ResourceTag/sqlworkbench-resource-owner": "${aws:userid}" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonRedshiftQueryEditorV2UntagOnlyTeamPermissions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4G5PCICHSV", - "PolicyName": "AmazonRedshiftQueryEditorV2ReadSharing", - "UpdateDate": "2022-02-23T17:03:58+00:00", - "VersionId": "v2" - }, - "AmazonRedshiftQueryEditorV2ReadWriteSharing": { - "Arn": "arn:aws:iam::aws:policy/AmazonRedshiftQueryEditorV2ReadWriteSharing", - "AttachmentCount": 0, - "CreateDate": "2021-09-24T14:25:37+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": "redshift:DescribeClusters", - "Effect": "Allow", - "Resource": "*", - "Sid": "RedshiftPermissions" - }, - { - "Action": [ - "secretsmanager:CreateSecret", - "secretsmanager:GetSecretValue", - "secretsmanager:DeleteSecret", - "secretsmanager:TagResource" - ], - "Condition": { - "StringEquals": { - "secretsmanager:ResourceTag/sqlworkbench-resource-owner": "${aws:userid}" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:sqlworkbench!*", - "Sid": "SecretsManagerPermissions" - }, - { - "Action": [ - "tag:GetResources" - ], - "Condition": { - "StringEquals": { - "aws:CalledViaLast": "sqlworkbench.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "ResourceGroupsTaggingPermissions" - }, - { - "Action": [ - "sqlworkbench:CreateFolder", - "sqlworkbench:PutTab", - "sqlworkbench:BatchDeleteFolder", - "sqlworkbench:DeleteTab", - "sqlworkbench:GenerateSession", - "sqlworkbench:GetAccountInfo", - "sqlworkbench:GetUserInfo", - "sqlworkbench:GetUserWorkspaceSettings", - "sqlworkbench:PutUserWorkspaceSettings", - "sqlworkbench:ListConnections", - "sqlworkbench:ListFiles", - "sqlworkbench:ListTabs", - "sqlworkbench:UpdateFolder", - "sqlworkbench:ListRedshiftClusters", - "sqlworkbench:DriverExecute", - "sqlworkbench:ListTaggedResources" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonRedshiftQueryEditorV2NonResourceLevelPermissions" - }, - { - "Action": [ - "sqlworkbench:CreateConnection", - "sqlworkbench:CreateSavedQuery", - "sqlworkbench:CreateChart" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/sqlworkbench-resource-owner": "${aws:userid}" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonRedshiftQueryEditorV2CreateOwnedResourcePermissions" - }, - { - "Action": [ - "sqlworkbench:DeleteChart", - "sqlworkbench:DeleteConnection", - "sqlworkbench:DeleteSavedQuery", - "sqlworkbench:GetChart", - "sqlworkbench:GetConnection", - "sqlworkbench:GetSavedQuery", - "sqlworkbench:ListSavedQueryVersions", - "sqlworkbench:UpdateChart", - "sqlworkbench:UpdateConnection", - "sqlworkbench:UpdateSavedQuery", - "sqlworkbench:AssociateConnectionWithTab", - "sqlworkbench:AssociateQueryWithTab", - "sqlworkbench:AssociateConnectionWithChart", - "sqlworkbench:UpdateFileFolder", - "sqlworkbench:ListTagsForResource" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/sqlworkbench-resource-owner": "${aws:userid}" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonRedshiftQueryEditorV2OwnerSpecificPermissions" - }, - { - "Action": "sqlworkbench:TagResource", - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": "sqlworkbench-resource-owner" - }, - "StringEquals": { - "aws:RequestTag/sqlworkbench-resource-owner": "${aws:userid}", - "aws:ResourceTag/sqlworkbench-resource-owner": "${aws:userid}" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonRedshiftQueryEditorV2TagOnlyUserIdPermissions" - }, - { - "Action": [ - "sqlworkbench:GetChart", - "sqlworkbench:GetConnection", - "sqlworkbench:GetSavedQuery", - "sqlworkbench:ListSavedQueryVersions", - "sqlworkbench:ListTagsForResource", - "sqlworkbench:UpdateChart", - "sqlworkbench:UpdateConnection", - "sqlworkbench:UpdateSavedQuery", - "sqlworkbench:AssociateConnectionWithTab", - "sqlworkbench:AssociateQueryWithTab", - "sqlworkbench:AssociateConnectionWithChart" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/sqlworkbench-team": "${aws:PrincipalTag/sqlworkbench-team}" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonRedshiftQueryEditorV2TeamReadWriteAccessPermissions" - }, - { - "Action": "sqlworkbench:TagResource", - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": "sqlworkbench-team" - }, - "StringEquals": { - "aws:RequestTag/sqlworkbench-team": "${aws:PrincipalTag/sqlworkbench-team}", - "aws:ResourceTag/sqlworkbench-resource-owner": "${aws:userid}" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonRedshiftQueryEditorV2TagOnlyTeamPermissions" - }, - { - "Action": "sqlworkbench:UntagResource", - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": "sqlworkbench-team" - }, - "StringEquals": { - "aws:ResourceTag/sqlworkbench-resource-owner": "${aws:userid}" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "AmazonRedshiftQueryEditorV2UntagOnlyTeamPermissions" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LIWZX3BPO", - "PolicyName": "AmazonRedshiftQueryEditorV2ReadWriteSharing", - "UpdateDate": "2022-02-23T17:02:35+00:00", - "VersionId": "v2" - }, - "AmazonRedshiftReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRedshiftReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:51+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "redshift:Describe*", - "redshift:ViewQueriesInConsole", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAddresses", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeInternetGateways", - "sns:Get*", - "sns:List*", - "cloudwatch:Describe*", - "cloudwatch:List*", - "cloudwatch:Get*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIGD46KSON64QBSEZM", - "PolicyName": "AmazonRedshiftReadOnlyAccess", - "UpdateDate": "2015-02-06T18:40:51+00:00", - "VersionId": "v1" - }, - "AmazonRedshiftServiceLinkedRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRedshiftServiceLinkedRolePolicy", - "AttachmentCount": 1, - "CreateDate": "2017-09-18T19:19:45+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeVpcs", - "ec2:DescribeSubnets", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeAddresses", - "ec2:AssociateAddress", - "ec2:DisassociateAddress", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:CreateVpcEndpoint", - "ec2:DeleteVpcEndpoints", - "ec2:DescribeVpcEndpoints", - "ec2:ModifyVpcEndpoint" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:CreateLogGroup", - "logs:PutRetentionPolicy" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/redshift/*" - ], - "Sid": "EnableCreationAndManagementOfRedshiftCloudwatchLogGroups" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:GetLogEvents" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/redshift/*:log-stream:*" - ], - "Sid": "EnableCreationAndManagementOfRedshiftCloudwatchLogStreams" - }, - { - "Action": [ - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:UpdateSecurityGroupRuleDescriptionsEgress", - "ec2:ReplaceRouteTableAssociation", - "ec2:CreateRouteTable", - "ec2:AttachInternetGateway", - "ec2:UpdateSecurityGroupRuleDescriptionsIngress", - "ec2:AssociateRouteTable", - "ec2:RevokeSecurityGroupIngress", - "ec2:CreateRoute", - "ec2:CreateSecurityGroup", - "ec2:RevokeSecurityGroupEgress", - "ec2:ModifyVpcAttribute", - "ec2:CreateSubnet" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/Purpose": "RedshiftMigrateToVpc" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:route-table/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:vpc/*", - "arn:aws:ec2:*:*:internet-gateway/*" - ] - }, - { - "Action": [ - "ec2:CreateSecurityGroup", - "ec2:CreateInternetGateway", - "ec2:CreateVpc", - "ec2:CreateRouteTable", - "ec2:CreateSubnet" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/Purpose": "RedshiftMigrateToVpc" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:route-table/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:vpc/*", - "arn:aws:ec2:*:*:internet-gateway/*" - ] - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "ec2:CreateAction": [ - "CreateVpc", - "CreateSecurityGroup", - "CreateSubnet", - "CreateInternetGateway", - "CreateRouteTable" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:route-table/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:vpc/*", - "arn:aws:ec2:*:*:internet-gateway/*" - ] - }, - { - "Action": [ - "ec2:DescribeVpcAttribute", - "ec2:DescribeSecurityGroups", - "ec2:DescribeInternetGateways", - "ec2:DescribeSecurityGroupRules", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeNetworkAcls", - "ec2:DescribeRouteTables" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJPY2VXNRUYOY3SRZS", - "PolicyName": "AmazonRedshiftServiceLinkedRolePolicy", - "UpdateDate": "2021-11-22T21:08:22+00:00", - "VersionId": "v5" - }, - "AmazonRekognitionCustomLabelsFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRekognitionCustomLabelsFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-01-08T19:18:34+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "s3:ListBucket", - "s3:ListAllMyBuckets", - "s3:GetBucketAcl", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:GetObjectAcl", - "s3:GetObjectTagging", - "s3:GetObjectVersion", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*custom-labels*" - }, - { - "Action": [ - "rekognition:CreateProject", - "rekognition:CreateProjectVersion", - "rekognition:StartProjectVersion", - "rekognition:StopProjectVersion", - "rekognition:DescribeProjects", - "rekognition:DescribeProjectVersions", - "rekognition:DetectCustomLabels", - "rekognition:DeleteProject", - "rekognition:DeleteProjectVersion", - "rekognition:TagResource", - "rekognition:UntagResource", - "rekognition:ListTagsForResource", - "rekognition:CreateDataset", - "rekognition:ListDatasetEntries", - "rekognition:ListDatasetLabels", - "rekognition:DescribeDataset", - "rekognition:UpdateDatasetEntries", - "rekognition:DistributeDatasetEntries", - "rekognition:DeleteDataset" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4OJEQDEQQQ", - "PolicyName": "AmazonRekognitionCustomLabelsFullAccess", - "UpdateDate": "2021-11-03T02:53:05+00:00", - "VersionId": "v3" - }, - "AmazonRekognitionFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRekognitionFullAccess", - "AttachmentCount": 0, - "CreateDate": "2016-11-30T14:40:44+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "rekognition:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIWDAOK6AIFDVX6TT6", - "PolicyName": "AmazonRekognitionFullAccess", - "UpdateDate": "2016-11-30T14:40:44+00:00", - "VersionId": "v1" - }, - "AmazonRekognitionReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRekognitionReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2016-11-30T14:58:06+00:00", - "DefaultVersionId": "v7", - "Document": { - "Statement": [ - { - "Action": [ - "rekognition:CompareFaces", - "rekognition:DetectFaces", - "rekognition:DetectLabels", - "rekognition:ListCollections", - "rekognition:ListFaces", - "rekognition:SearchFaces", - "rekognition:SearchFacesByImage", - "rekognition:DetectText", - "rekognition:GetCelebrityInfo", - "rekognition:RecognizeCelebrities", - "rekognition:DetectModerationLabels", - "rekognition:GetLabelDetection", - "rekognition:GetFaceDetection", - "rekognition:GetContentModeration", - "rekognition:GetPersonTracking", - "rekognition:GetCelebrityRecognition", - "rekognition:GetFaceSearch", - "rekognition:GetTextDetection", - "rekognition:GetSegmentDetection", - "rekognition:DescribeStreamProcessor", - "rekognition:ListStreamProcessors", - "rekognition:DescribeProjects", - "rekognition:DescribeProjectVersions", - "rekognition:DetectCustomLabels", - "rekognition:DetectProtectiveEquipment", - "rekognition:ListTagsForResource", - "rekognition:ListDatasetEntries", - "rekognition:ListDatasetLabels", - "rekognition:DescribeDataset" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAILWSUHXUY4ES43SA4", - "PolicyName": "AmazonRekognitionReadOnlyAccess", - "UpdateDate": "2021-11-03T02:53:36+00:00", - "VersionId": "v7" - }, - "AmazonRekognitionServiceRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonRekognitionServiceRole", - "AttachmentCount": 0, - "CreateDate": "2017-11-29T16:52:13+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "sns:Publish" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:AmazonRekognition*" - }, - { - "Action": [ - "kinesis:PutRecord", - "kinesis:PutRecords" - ], - "Effect": "Allow", - "Resource": "arn:aws:kinesis:*:*:stream/AmazonRekognition*" - }, - { - "Action": [ - "kinesisvideo:GetDataEndpoint", - "kinesisvideo:GetMedia" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJI6Q3CUQAVBJ2CTE2", - "PolicyName": "AmazonRekognitionServiceRole", - "UpdateDate": "2017-11-29T16:52:13+00:00", - "VersionId": "v1" - }, - "AmazonRoute53AutoNamingFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRoute53AutoNamingFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-01-18T18:40:41+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "route53:GetHostedZone", - "route53:ListHostedZonesByName", - "route53:CreateHostedZone", - "route53:DeleteHostedZone", - "route53:ChangeResourceRecordSets", - "route53:CreateHealthCheck", - "route53:GetHealthCheck", - "route53:DeleteHealthCheck", - "route53:UpdateHealthCheck", - "ec2:DescribeVpcs", - "ec2:DescribeRegions", - "servicediscovery:*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJCNJBBLMJN2ZMV62Y", - "PolicyName": "AmazonRoute53AutoNamingFullAccess", - "UpdateDate": "2018-01-18T18:40:41+00:00", - "VersionId": "v1" - }, - "AmazonRoute53AutoNamingReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRoute53AutoNamingReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2018-01-18T03:02:59+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "servicediscovery:Get*", - "servicediscovery:List*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJBPMV2EFBFFKJ6SI4", - "PolicyName": "AmazonRoute53AutoNamingReadOnlyAccess", - "UpdateDate": "2018-01-18T03:02:59+00:00", - "VersionId": "v1" - }, - "AmazonRoute53AutoNamingRegistrantAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRoute53AutoNamingRegistrantAccess", - "AttachmentCount": 0, - "CreateDate": "2018-03-12T22:33:20+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "route53:GetHostedZone", - "route53:ListHostedZonesByName", - "route53:ChangeResourceRecordSets", - "route53:CreateHealthCheck", - "route53:GetHealthCheck", - "route53:DeleteHealthCheck", - "route53:UpdateHealthCheck", - "servicediscovery:Get*", - "servicediscovery:List*", - "servicediscovery:RegisterInstance", - "servicediscovery:DeregisterInstance" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJKXLG7EKP2O5SVZW6", - "PolicyName": "AmazonRoute53AutoNamingRegistrantAccess", - "UpdateDate": "2018-03-12T22:33:20+00:00", - "VersionId": "v1" - }, - "AmazonRoute53DomainsFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRoute53DomainsFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:56+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "route53:CreateHostedZone", - "route53domains:*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIPAFBMIYUILMOKL6G", - "PolicyName": "AmazonRoute53DomainsFullAccess", - "UpdateDate": "2015-02-06T18:40:56+00:00", - "VersionId": "v1" - }, - "AmazonRoute53DomainsReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRoute53DomainsReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:57+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "route53domains:Get*", - "route53domains:List*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIDRINP6PPTRXYVQCI", - "PolicyName": "AmazonRoute53DomainsReadOnlyAccess", - "UpdateDate": "2015-02-06T18:40:57+00:00", - "VersionId": "v1" - }, - "AmazonRoute53FullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRoute53FullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:54+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "route53:*", - "route53domains:*", - "cloudfront:ListDistributions", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticbeanstalk:DescribeEnvironments", - "s3:ListBucket", - "s3:GetBucketLocation", - "s3:GetBucketWebsite", - "ec2:DescribeVpcs", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeRegions", - "sns:ListTopics", - "sns:ListSubscriptionsByTopic", - "cloudwatch:DescribeAlarms", - "cloudwatch:GetMetricStatistics" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "apigateway:GET", - "Effect": "Allow", - "Resource": "arn:aws:apigateway:*::/domainnames" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJWVDLG5RPST6PHQ3A", - "PolicyName": "AmazonRoute53FullAccess", - "UpdateDate": "2018-12-20T21:42:00+00:00", - "VersionId": "v4" - }, - "AmazonRoute53ReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRoute53ReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:55+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "route53:Get*", - "route53:List*", - "route53:TestDNSAnswer" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAITOYK2ZAOQFXV2JNC", - "PolicyName": "AmazonRoute53ReadOnlyAccess", - "UpdateDate": "2016-11-15T21:15:16+00:00", - "VersionId": "v2" - }, - "AmazonRoute53RecoveryClusterFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRoute53RecoveryClusterFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-08-18T18:37:00+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "route53-recovery-cluster:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MMWM2PHKW", - "PolicyName": "AmazonRoute53RecoveryClusterFullAccess", - "UpdateDate": "2021-08-18T18:37:00+00:00", - "VersionId": "v1" - }, - "AmazonRoute53RecoveryClusterReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRoute53RecoveryClusterReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2021-08-18T17:36:01+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "route53-recovery-cluster:GetRoutingControlState" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PNOFP2E23", - "PolicyName": "AmazonRoute53RecoveryClusterReadOnlyAccess", - "UpdateDate": "2021-08-18T17:36:01+00:00", - "VersionId": "v1" - }, - "AmazonRoute53RecoveryControlConfigFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRoute53RecoveryControlConfigFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-08-18T17:48:35+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "route53-recovery-control-config:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4BNPPOPVZM", - "PolicyName": "AmazonRoute53RecoveryControlConfigFullAccess", - "UpdateDate": "2021-08-18T17:48:35+00:00", - "VersionId": "v1" - }, - "AmazonRoute53RecoveryControlConfigReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRoute53RecoveryControlConfigReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2021-08-18T18:01:12+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "route53-recovery-control-config:DescribeCluster", - "route53-recovery-control-config:DescribeControlPanel", - "route53-recovery-control-config:DescribeRoutingControl", - "route53-recovery-control-config:DescribeRoutingControlByName", - "route53-recovery-control-config:DescribeSafetyRule", - "route53-recovery-control-config:ListAssociatedRoute53HealthChecks", - "route53-recovery-control-config:ListClusters", - "route53-recovery-control-config:ListControlPanels", - "route53-recovery-control-config:ListRoutingControls", - "route53-recovery-control-config:ListSafetyRules", - "route53-recovery-control-config:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4DBQWX62W5", - "PolicyName": "AmazonRoute53RecoveryControlConfigReadOnlyAccess", - "UpdateDate": "2021-12-09T23:38:51+00:00", - "VersionId": "v2" - }, - "AmazonRoute53RecoveryReadinessFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRoute53RecoveryReadinessFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-08-18T16:45:07+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "route53-recovery-readiness:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4AP3B2MSA3", - "PolicyName": "AmazonRoute53RecoveryReadinessFullAccess", - "UpdateDate": "2021-08-18T16:45:07+00:00", - "VersionId": "v1" - }, - "AmazonRoute53RecoveryReadinessReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRoute53RecoveryReadinessReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2021-08-18T18:11:33+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "route53-recovery-readiness:GetCell", - "route53-recovery-readiness:GetReadinessCheck", - "route53-recovery-readiness:GetReadinessCheckResourceStatus", - "route53-recovery-readiness:GetReadinessCheckStatus", - "route53-recovery-readiness:GetRecoveryGroup", - "route53-recovery-readiness:GetRecoveryGroupReadinessSummary", - "route53-recovery-readiness:GetResourceSet", - "route53-recovery-readiness:ListCells", - "route53-recovery-readiness:ListCrossAccountAuthorizations", - "route53-recovery-readiness:ListReadinessChecks", - "route53-recovery-readiness:ListRecoveryGroups", - "route53-recovery-readiness:ListResourceSets", - "route53-recovery-readiness:ListRules", - "route53-recovery-readiness:ListTagsForResources" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "route53-recovery-readiness:GetArchitectureRecommendations", - "route53-recovery-readiness:GetCellReadinessSummary" - ], - "Effect": "Allow", - "Resource": "arn:aws:route53-recovery-readiness::*:*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4M6P5L3S4F", - "PolicyName": "AmazonRoute53RecoveryReadinessReadOnlyAccess", - "UpdateDate": "2021-11-09T20:14:51+00:00", - "VersionId": "v2" - }, - "AmazonRoute53ResolverFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRoute53ResolverFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-05-30T18:10:50+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "route53resolver:*", - "ec2:DescribeSubnets", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:DescribeNetworkInterfaces", - "ec2:CreateNetworkInterfacePermission", - "ec2:DescribeSecurityGroups", - "ec2:DescribeVpcs", - "ec2:DescribeAvailabilityZones" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MZN2MQCY3", - "PolicyName": "AmazonRoute53ResolverFullAccess", - "UpdateDate": "2020-07-17T19:03:27+00:00", - "VersionId": "v2" - }, - "AmazonRoute53ResolverReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonRoute53ResolverReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-05-30T18:11:31+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "route53resolver:Get*", - "route53resolver:List*", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeVpcs", - "ec2:DescribeSubnets" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CARVKYCWY", - "PolicyName": "AmazonRoute53ResolverReadOnlyAccess", - "UpdateDate": "2019-09-27T16:37:48+00:00", - "VersionId": "v2" - }, - "AmazonS3FullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonS3FullAccess", - "AttachmentCount": 3, - "CreateDate": "2015-02-06T18:40:58+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "s3:*", - "s3-object-lambda:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIFIR6V6BVTRAHWINE", - "PolicyName": "AmazonS3FullAccess", - "UpdateDate": "2021-09-27T20:16:37+00:00", - "VersionId": "v2" - }, - "AmazonS3ObjectLambdaExecutionRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonS3ObjectLambdaExecutionRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-08-18T10:07:41+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - "s3-object-lambda:WriteGetObjectResponse" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PG47VBSXA", - "PolicyName": "AmazonS3ObjectLambdaExecutionRolePolicy", - "UpdateDate": "2021-08-18T10:07:41+00:00", - "VersionId": "v1" - }, - "AmazonS3OutpostsFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonS3OutpostsFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-10-02T17:26:30+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "s3-outposts:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "datasync:ListTasks", - "datasync:ListLocations", - "datasync:DescribeTask", - "datasync:DescribeLocation*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeVpcs", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", - "ec2:DescribeNetworkInterfaces" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "outposts:ListOutposts", - "outposts:GetOutpost" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4BKMLUXKOR", - "PolicyName": "AmazonS3OutpostsFullAccess", - "UpdateDate": "2020-10-02T17:26:30+00:00", - "VersionId": "v1" - }, - "AmazonS3OutpostsReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonS3OutpostsReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-10-02T18:55:58+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "s3-outposts:Get*", - "s3-outposts:List*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "datasync:ListTasks", - "datasync:ListLocations", - "datasync:DescribeTask", - "datasync:DescribeLocation*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeVpcs", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", - "ec2:DescribeNetworkInterfaces" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "outposts:ListOutposts", - "outposts:GetOutpost" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PJ2AX4CUB", - "PolicyName": "AmazonS3OutpostsReadOnlyAccess", - "UpdateDate": "2020-10-02T18:55:58+00:00", - "VersionId": "v1" - }, - "AmazonS3ReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess", - "AttachmentCount": 2, - "CreateDate": "2015-02-06T18:40:59+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "s3:Get*", - "s3:List*", - "s3-object-lambda:Get*", - "s3-object-lambda:List*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIZTJ4DXE7G6AGAE6M", - "PolicyName": "AmazonS3ReadOnlyAccess", - "UpdateDate": "2021-09-27T20:24:58+00:00", - "VersionId": "v2" - }, - "AmazonSESFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonSESFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:02+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ses:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ2P4NXCHAT7NDPNR4", - "PolicyName": "AmazonSESFullAccess", - "UpdateDate": "2015-02-06T18:41:02+00:00", - "VersionId": "v1" - }, - "AmazonSESReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonSESReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:03+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ses:Get*", - "ses:List*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAINV2XPFRMWJJNSCGI", - "PolicyName": "AmazonSESReadOnlyAccess", - "UpdateDate": "2015-02-06T18:41:03+00:00", - "VersionId": "v1" - }, - "AmazonSNSFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonSNSFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:05+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "sns:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJWEKLCXXUNT2SOLSG", - "PolicyName": "AmazonSNSFullAccess", - "UpdateDate": "2015-02-06T18:41:05+00:00", - "VersionId": "v1" - }, - "AmazonSNSReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonSNSReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:06+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "sns:GetTopicAttributes", - "sns:List*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIZGQCQTFOFPMHSB6W", - "PolicyName": "AmazonSNSReadOnlyAccess", - "UpdateDate": "2015-02-06T18:41:06+00:00", - "VersionId": "v1" - }, - "AmazonSNSRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonSNSRole", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:30+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:PutMetricFilter", - "logs:PutRetentionPolicy" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJK5GQB7CIK7KHY2GA", - "PolicyName": "AmazonSNSRole", - "UpdateDate": "2015-02-06T18:41:30+00:00", - "VersionId": "v1" - }, - "AmazonSQSFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonSQSFullAccess", - "AttachmentCount": 1, - "CreateDate": "2015-02-06T18:41:07+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "sqs:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI65L554VRJ33ECQS6", - "PolicyName": "AmazonSQSFullAccess", - "UpdateDate": "2015-02-06T18:41:07+00:00", - "VersionId": "v1" - }, - "AmazonSQSReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonSQSReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:08+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - "sqs:ListDeadLetterSourceQueues", - "sqs:ListQueues" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIUGSSQY362XGCM6KW", - "PolicyName": "AmazonSQSReadOnlyAccess", - "UpdateDate": "2018-08-20T23:35:49+00:00", - "VersionId": "v2" - }, - "AmazonSSMAutomationApproverAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonSSMAutomationApproverAccess", - "AttachmentCount": 0, - "CreateDate": "2017-08-07T23:07:28+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ssm:DescribeAutomationExecutions", - "ssm:GetAutomationExecution", - "ssm:SendAutomationSignal" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIDSSXIRWBSLWWIORC", - "PolicyName": "AmazonSSMAutomationApproverAccess", - "UpdateDate": "2017-08-07T23:07:28+00:00", - "VersionId": "v1" - }, - "AmazonSSMAutomationRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole", - "AttachmentCount": 0, - "CreateDate": "2016-12-05T22:09:55+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "lambda:InvokeFunction" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:lambda:*:*:function:Automation*" - ] - }, - { - "Action": [ - "ec2:CreateImage", - "ec2:CopyImage", - "ec2:DeregisterImage", - "ec2:DescribeImages", - "ec2:DeleteSnapshot", - "ec2:StartInstances", - "ec2:RunInstances", - "ec2:StopInstances", - "ec2:TerminateInstances", - "ec2:DescribeInstanceStatus", - "ec2:CreateTags", - "ec2:DeleteTags", - "ec2:DescribeTags", - "cloudformation:CreateStack", - "cloudformation:DescribeStackEvents", - "cloudformation:DescribeStacks", - "cloudformation:UpdateStack", - "cloudformation:DeleteStack" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ssm:*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "sns:Publish" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sns:*:*:Automation*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJIBQCTBCXD2XRNB6W", - "PolicyName": "AmazonSSMAutomationRole", - "UpdateDate": "2017-07-24T23:29:12+00:00", - "VersionId": "v5" - }, - "AmazonSSMDirectoryServiceAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonSSMDirectoryServiceAccess", - "AttachmentCount": 0, - "CreateDate": "2019-03-15T17:44:38+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ds:CreateComputer", - "ds:DescribeDirectories" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ7OJQH3CZU674ERII", - "PolicyName": "AmazonSSMDirectoryServiceAccess", - "UpdateDate": "2019-03-15T17:44:38+00:00", - "VersionId": "v1" - }, - "AmazonSSMFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonSSMFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-05-29T17:39:47+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:PutMetricData", - "ds:CreateComputer", - "ds:DescribeDirectories", - "ec2:DescribeInstanceStatus", - "logs:*", - "ssm:*", - "ec2messages:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "ssm.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*" - }, - { - "Action": [ - "iam:DeleteServiceLinkedRole", - "iam:GetServiceLinkedRoleDeletionStatus" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*" - }, - { - "Action": [ - "ssmmessages:CreateControlChannel", - "ssmmessages:CreateDataChannel", - "ssmmessages:OpenControlChannel", - "ssmmessages:OpenDataChannel" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJA7V6HI4ISQFMDYAG", - "PolicyName": "AmazonSSMFullAccess", - "UpdateDate": "2019-11-20T20:08:56+00:00", - "VersionId": "v4" - }, - "AmazonSSMMaintenanceWindowRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonSSMMaintenanceWindowRole", - "AttachmentCount": 0, - "CreateDate": "2016-12-01T15:57:54+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "ssm:GetAutomationExecution", - "ssm:GetParameters", - "ssm:ListCommands", - "ssm:SendCommand", - "ssm:StartAutomationExecution" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "lambda:InvokeFunction" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:lambda:*:*:function:SSM*", - "arn:aws:lambda:*:*:function:*:SSM*" - ] - }, - { - "Action": [ - "states:DescribeExecution", - "states:StartExecution" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:states:*:*:stateMachine:SSM*", - "arn:aws:states:*:*:execution:SSM*" - ] - }, - { - "Action": [ - "resource-groups:ListGroups", - "resource-groups:ListGroupResources" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "tag:GetResources" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJV3JNYSTZ47VOXYME", - "PolicyName": "AmazonSSMMaintenanceWindowRole", - "UpdateDate": "2019-07-27T00:16:05+00:00", - "VersionId": "v3" - }, - "AmazonSSMManagedInstanceCore": { - "Arn": "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", - "AttachmentCount": 0, - "CreateDate": "2019-03-15T17:22:12+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "ssm:DescribeAssociation", - "ssm:GetDeployablePatchSnapshotForInstance", - "ssm:GetDocument", - "ssm:DescribeDocument", - "ssm:GetManifest", - "ssm:GetParameter", - "ssm:GetParameters", - "ssm:ListAssociations", - "ssm:ListInstanceAssociations", - "ssm:PutInventory", - "ssm:PutComplianceItems", - "ssm:PutConfigurePackageResult", - "ssm:UpdateAssociationStatus", - "ssm:UpdateInstanceAssociationStatus", - "ssm:UpdateInstanceInformation" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ssmmessages:CreateControlChannel", - "ssmmessages:CreateDataChannel", - "ssmmessages:OpenControlChannel", - "ssmmessages:OpenDataChannel" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2messages:AcknowledgeMessage", - "ec2messages:DeleteMessage", - "ec2messages:FailMessage", - "ec2messages:GetEndpoint", - "ec2messages:GetMessages", - "ec2messages:SendReply" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIXSHM2BNB2D3AXXRU", - "PolicyName": "AmazonSSMManagedInstanceCore", - "UpdateDate": "2019-05-23T16:54:21+00:00", - "VersionId": "v2" - }, - "AmazonSSMPatchAssociation": { - "Arn": "arn:aws:iam::aws:policy/AmazonSSMPatchAssociation", - "AttachmentCount": 0, - "CreateDate": "2020-05-13T16:00:42+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "ssm:DescribeEffectivePatchesForPatchBaseline", - "Effect": "Allow", - "Resource": "arn:aws:ssm:*:*:patchbaseline/*" - }, - { - "Action": "ssm:GetPatchBaseline", - "Effect": "Allow", - "Resource": "arn:aws:ssm:*:*:patchbaseline/*" - }, - { - "Action": "tag:GetResources", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ssm:DescribePatchBaselines", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4EWLEL5ZX7", - "PolicyName": "AmazonSSMPatchAssociation", - "UpdateDate": "2020-05-13T16:00:42+00:00", - "VersionId": "v1" - }, - "AmazonSSMReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess", - "AttachmentCount": 1, - "CreateDate": "2015-05-29T17:44:19+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ssm:Describe*", - "ssm:Get*", - "ssm:List*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJODSKQGGJTHRYZ5FC", - "PolicyName": "AmazonSSMReadOnlyAccess", - "UpdateDate": "2015-05-29T17:44:19+00:00", - "VersionId": "v1" - }, - "AmazonSSMServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonSSMServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2017-11-13T19:20:08+00:00", - "DefaultVersionId": "v13", - "Document": { - "Statement": [ - { - "Action": [ - "ssm:CancelCommand", - "ssm:GetCommandInvocation", - "ssm:ListCommandInvocations", - "ssm:ListCommands", - "ssm:SendCommand", - "ssm:GetAutomationExecution", - "ssm:GetParameters", - "ssm:StartAutomationExecution", - "ssm:ListTagsForResource", - "ssm:GetCalendarState" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ssm:UpdateServiceSetting", - "ssm:GetServiceSetting" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ssm:*:*:servicesetting/ssm/opsitem/*", - "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/*" - ] - }, - { - "Action": [ - "ec2:DescribeInstanceAttribute", - "ec2:DescribeInstanceStatus", - "ec2:DescribeInstances" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "lambda:InvokeFunction" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:lambda:*:*:function:SSM*", - "arn:aws:lambda:*:*:function:*:SSM*" - ] - }, - { - "Action": [ - "states:DescribeExecution", - "states:StartExecution" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:states:*:*:stateMachine:SSM*", - "arn:aws:states:*:*:execution:SSM*" - ] - }, - { - "Action": [ - "resource-groups:ListGroups", - "resource-groups:ListGroupResources", - "resource-groups:GetGroupQuery" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "cloudformation:DescribeStacks", - "cloudformation:ListStackResources" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "tag:GetResources" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "config:SelectResourceConfig" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "compute-optimizer:GetEC2InstanceRecommendations", - "compute-optimizer:GetEnrollmentStatus" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "support:DescribeTrustedAdvisorChecks", - "support:DescribeTrustedAdvisorCheckSummaries", - "support:DescribeTrustedAdvisorCheckResult", - "support:DescribeCases" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "config:DescribeComplianceByConfigRule", - "config:DescribeComplianceByResource", - "config:DescribeRemediationConfigurations", - "config:DescribeConfigurationRecorders" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "ssm.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "organizations:DescribeOrganization", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "cloudformation:ListStackSets", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudformation:ListStackInstances", - "cloudformation:DescribeStackSetOperation", - "cloudformation:DeleteStackSet" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudformation:*:*:stackset/AWS-QuickSetup-SSM*:*" - }, - { - "Action": "cloudformation:DeleteStackInstances", - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:stackset/AWS-QuickSetup-SSM*:*", - "arn:aws:cloudformation:*:*:stackset-target/AWS-QuickSetup-SSM*:*", - "arn:aws:cloudformation:*:*:type/resource/*" - ] - }, - { - "Action": [ - "events:PutRule", - "events:PutTargets" - ], - "Condition": { - "StringEquals": { - "events:ManagedBy": "ssm.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "events:RemoveTargets", - "events:DeleteRule" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:events:*:*:rule/SSMExplorerManagedRule" - ] - }, - { - "Action": "events:DescribeRule", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "securityhub:DescribeHub", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIXJ26NUGBA3TCV7EC", - "PolicyName": "AmazonSSMServiceRolePolicy", - "UpdateDate": "2021-04-26T20:43:46+00:00", - "VersionId": "v13" - }, - "AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy", - "AttachmentCount": 1, - "CreateDate": "2020-11-27T18:48:07+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "apigateway:GET", - "apigateway:POST", - "apigateway:PUT", - "apigateway:PATCH", - "apigateway:DELETE" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/sagemaker:launch-source": "*" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "apigateway:POST" - ], - "Condition": { - "ForAnyValue:StringLike": { - "aws:TagKeys": [ - "sagemaker:launch-source" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "apigateway:PATCH" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:apigateway:*::/account" - ] - }, - { - "Action": [ - "cloudformation:CreateStack", - "cloudformation:UpdateStack", - "cloudformation:DeleteStack" - ], - "Condition": { - "ArnLikeIfExists": { - "cloudformation:RoleArn": [ - "arn:aws:sts::*:assumed-role/AmazonSageMakerServiceCatalog*" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:cloudformation:*:*:stack/SC-*" - }, - { - "Action": [ - "cloudformation:DescribeStackEvents", - "cloudformation:DescribeStacks" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudformation:*:*:stack/SC-*" - }, - { - "Action": [ - "cloudformation:GetTemplateSummary", - "cloudformation:ValidateTemplate" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "codebuild:CreateProject", - "codebuild:DeleteProject", - "codebuild:UpdateProject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:codebuild:*:*:project/sagemaker-*" - ] - }, - { - "Action": [ - "codecommit:CreateCommit", - "codecommit:CreateRepository", - "codecommit:DeleteRepository", - "codecommit:GetRepository", - "codecommit:TagResource" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:codecommit:*:*:sagemaker-*" - ] - }, - { - "Action": [ - "codecommit:ListRepositories" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "codepipeline:CreatePipeline", - "codepipeline:DeletePipeline", - "codepipeline:GetPipeline", - "codepipeline:GetPipelineState", - "codepipeline:StartPipelineExecution", - "codepipeline:TagResource", - "codepipeline:UpdatePipeline" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:codepipeline:*:*:sagemaker-*" - ] - }, - { - "Action": [ - "cognito-idp:CreateUserPool", - "cognito-idp:TagResource" - ], - "Condition": { - "ForAnyValue:StringLike": { - "aws:TagKeys": [ - "sagemaker:launch-source" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cognito-idp:CreateGroup", - "cognito-idp:CreateUserPoolDomain", - "cognito-idp:CreateUserPoolClient", - "cognito-idp:DeleteGroup", - "cognito-idp:DeleteUserPool", - "cognito-idp:DeleteUserPoolClient", - "cognito-idp:DeleteUserPoolDomain", - "cognito-idp:DescribeUserPool", - "cognito-idp:DescribeUserPoolClient", - "cognito-idp:UpdateUserPool", - "cognito-idp:UpdateUserPoolClient" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/sagemaker:launch-source": "*" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ecr:CreateRepository", - "ecr:DeleteRepository" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ecr:*:*:repository/sagemaker-*" - ] - }, - { - "Action": [ - "events:DescribeRule", - "events:DeleteRule", - "events:DisableRule", - "events:EnableRule", - "events:PutRule", - "events:PutTargets", - "events:RemoveTargets" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:events:*:*:rule/sagemaker-*" - ] - }, - { - "Action": [ - "firehose:CreateDeliveryStream", - "firehose:DeleteDeliveryStream", - "firehose:DescribeDeliveryStream", - "firehose:StartDeliveryStreamEncryption", - "firehose:StopDeliveryStreamEncryption", - "firehose:UpdateDestination" - ], - "Effect": "Allow", - "Resource": "arn:aws:firehose:*:*:deliverystream/sagemaker-*" - }, - { - "Action": [ - "glue:CreateDatabase", - "glue:DeleteDatabase" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:glue:*:*:catalog", - "arn:aws:glue:*:*:database/sagemaker-*", - "arn:aws:glue:*:*:table/sagemaker-*", - "arn:aws:glue:*:*:userDefinedFunction/sagemaker-*" - ] - }, - { - "Action": [ - "glue:CreateClassifier", - "glue:DeleteClassifier", - "glue:DeleteCrawler", - "glue:DeleteJob", - "glue:DeleteTrigger", - "glue:DeleteWorkflow", - "glue:StopCrawler" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "glue:CreateWorkflow" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:glue:*:*:workflow/sagemaker-*" - ] - }, - { - "Action": [ - "glue:CreateJob" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:glue:*:*:job/sagemaker-*" - ] - }, - { - "Action": [ - "glue:CreateCrawler", - "glue:GetCrawler" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:glue:*:*:crawler/sagemaker-*" - ] - }, - { - "Action": [ - "glue:CreateTrigger", - "glue:GetTrigger" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:glue:*:*:trigger/sagemaker-*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalog*" - ] - }, - { - "Action": [ - "lambda:AddPermission", - "lambda:CreateFunction", - "lambda:DeleteFunction", - "lambda:GetFunction", - "lambda:GetFunctionConfiguration", - "lambda:InvokeFunction", - "lambda:RemovePermission" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:lambda:*:*:function:sagemaker-*" - ] - }, - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DeleteLogGroup", - "logs:DeleteLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutRetentionPolicy" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/apigateway/AccessLogs/*", - "arn:aws:logs:*:*:log-group::log-stream:*" - ] - }, - { - "Action": "s3:GetObject", - "Condition": { - "StringEquals": { - "s3:ExistingObjectTag/servicecatalog:provisioning": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::sagemaker-*" - ] - }, - { - "Action": [ - "s3:CreateBucket", - "s3:DeleteBucket", - "s3:DeleteBucketPolicy", - "s3:GetBucketPolicy", - "s3:PutBucketAcl", - "s3:PutBucketNotification", - "s3:PutBucketPolicy", - "s3:PutBucketPublicAccessBlock", - "s3:PutBucketLogging", - "s3:PutEncryptionConfiguration", - "s3:PutBucketCORS", - "s3:PutBucketTagging", - "s3:PutObjectTagging" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::sagemaker-*" - }, - { - "Action": [ - "sagemaker:CreateEndpoint", - "sagemaker:CreateEndpointConfig", - "sagemaker:CreateModel", - "sagemaker:CreateWorkteam", - "sagemaker:DeleteEndpoint", - "sagemaker:DeleteEndpointConfig", - "sagemaker:DeleteModel", - "sagemaker:DeleteWorkteam", - "sagemaker:DescribeModel", - "sagemaker:DescribeEndpointConfig", - "sagemaker:DescribeEndpoint", - "sagemaker:DescribeWorkteam", - "sagemaker:CreateCodeRepository", - "sagemaker:DescribeCodeRepository", - "sagemaker:UpdateCodeRepository", - "sagemaker:DeleteCodeRepository" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sagemaker:*:*:*" - ] - }, - { - "Action": [ - "sagemaker:CreateImage", - "sagemaker:DeleteImage", - "sagemaker:DescribeImage", - "sagemaker:UpdateImage", - "sagemaker:ListTags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sagemaker:*:*:image/*" - ] - }, - { - "Action": [ - "states:CreateStateMachine", - "states:DeleteStateMachine", - "states:UpdateStateMachine" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:states:*:*:stateMachine:sagemaker-*" - ] - }, - { - "Action": "codestar-connections:PassConnection", - "Condition": { - "StringEquals": { - "codestar-connections:PassedToService": "codepipeline.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:codestar-connections:*:*:connection/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NAOSKQH4V", - "PolicyName": "AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy", - "UpdateDate": "2022-02-16T19:52:11+00:00", - "VersionId": "v4" - }, - "AmazonSageMakerCoreServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonSageMakerCoreServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-12-21T21:40:47+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DeleteNetworkInterfacePermission" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateNetworkInterfacePermission" - ], - "Condition": { - "StringEquals": { - "ec2:AuthorizedService": "sagemaker.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeDhcpOptions", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MMWQCSNKX", - "PolicyName": "AmazonSageMakerCoreServiceRolePolicy", - "UpdateDate": "2020-12-21T21:40:47+00:00", - "VersionId": "v1" - }, - "AmazonSageMakerEdgeDeviceFleetPolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerEdgeDeviceFleetPolicy", - "AttachmentCount": 0, - "CreateDate": "2020-12-08T16:17:22+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "s3:PutObject", - "s3:GetBucketLocation" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*SageMaker*", - "arn:aws:s3:::*Sagemaker*", - "arn:aws:s3:::*sagemaker*" - ], - "Sid": "DeviceS3Access" - }, - { - "Action": [ - "sagemaker:SendHeartbeat", - "sagemaker:GetDeviceRegistration" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "SageMakerEdgeApis" - }, - { - "Action": [ - "iot:CreateRoleAlias", - "iot:DescribeRoleAlias", - "iot:UpdateRoleAlias", - "iot:ListTagsForResource", - "iot:TagResource" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iot:*:*:rolealias/SageMakerEdge*" - ], - "Sid": "CreateIoTRoleAlias" - }, - { - "Action": [ - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/*SageMaker*", - "arn:aws:iam::*:role/*Sagemaker*", - "arn:aws:iam::*:role/*sagemaker*" - ], - "Sid": "CreateIoTRoleAliasIamPermissionsGetRole" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEqualsIfExists": { - "iam:PassedToService": [ - "iot.amazonaws.com", - "credentials.iot.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/*SageMaker*", - "arn:aws:iam::*:role/*Sagemaker*", - "arn:aws:iam::*:role/*sagemaker*" - ], - "Sid": "CreateIoTRoleAliasIamPermissionsPassRole" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CPENAJLBT", - "PolicyName": "AmazonSageMakerEdgeDeviceFleetPolicy", - "UpdateDate": "2020-12-08T16:17:22+00:00", - "VersionId": "v1" - }, - "AmazonSageMakerFeatureStoreAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerFeatureStoreAccess", - "AttachmentCount": 0, - "CreateDate": "2020-12-01T16:24:05+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "s3:PutObject", - "s3:GetBucketAcl", - "s3:PutObjectAcl" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*SageMaker*", - "arn:aws:s3:::*Sagemaker*", - "arn:aws:s3:::*sagemaker*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FO5MQNGJU", - "PolicyName": "AmazonSageMakerFeatureStoreAccess", - "UpdateDate": "2021-02-24T02:18:50+00:00", - "VersionId": "v2" - }, - "AmazonSageMakerFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-11-29T13:07:59+00:00", - "DefaultVersionId": "v21", - "Document": { - "Statement": [ - { - "Action": [ - "sagemaker:*" - ], - "Effect": "Allow", - "NotResource": [ - "arn:aws:sagemaker:*:*:domain/*", - "arn:aws:sagemaker:*:*:user-profile/*", - "arn:aws:sagemaker:*:*:app/*", - "arn:aws:sagemaker:*:*:flow-definition/*" - ] - }, - { - "Action": [ - "sagemaker:CreatePresignedDomainUrl", - "sagemaker:DescribeDomain", - "sagemaker:ListDomains", - "sagemaker:DescribeUserProfile", - "sagemaker:ListUserProfiles", - "sagemaker:*App", - "sagemaker:ListApps" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "sagemaker:*", - "Condition": { - "StringEqualsIfExists": { - "sagemaker:WorkteamType": [ - "private-crowd", - "vendor-crowd" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:sagemaker:*:*:flow-definition/*" - ] - }, - { - "Action": [ - "application-autoscaling:DeleteScalingPolicy", - "application-autoscaling:DeleteScheduledAction", - "application-autoscaling:DeregisterScalableTarget", - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DescribeScalingActivities", - "application-autoscaling:DescribeScalingPolicies", - "application-autoscaling:DescribeScheduledActions", - "application-autoscaling:PutScalingPolicy", - "application-autoscaling:PutScheduledAction", - "application-autoscaling:RegisterScalableTarget", - "aws-marketplace:ViewSubscriptions", - "cloudformation:GetTemplateSummary", - "cloudwatch:DeleteAlarms", - "cloudwatch:DescribeAlarms", - "cloudwatch:GetMetricData", - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics", - "cloudwatch:PutMetricAlarm", - "cloudwatch:PutMetricData", - "codecommit:BatchGetRepositories", - "codecommit:CreateRepository", - "codecommit:GetRepository", - "codecommit:List*", - "cognito-idp:AdminAddUserToGroup", - "cognito-idp:AdminCreateUser", - "cognito-idp:AdminDeleteUser", - "cognito-idp:AdminDisableUser", - "cognito-idp:AdminEnableUser", - "cognito-idp:AdminRemoveUserFromGroup", - "cognito-idp:CreateGroup", - "cognito-idp:CreateUserPool", - "cognito-idp:CreateUserPoolClient", - "cognito-idp:CreateUserPoolDomain", - "cognito-idp:DescribeUserPool", - "cognito-idp:DescribeUserPoolClient", - "cognito-idp:List*", - "cognito-idp:UpdateUserPool", - "cognito-idp:UpdateUserPoolClient", - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:CreateVpcEndpoint", - "ec2:DeleteNetworkInterface", - "ec2:DeleteNetworkInterfacePermission", - "ec2:DescribeDhcpOptions", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcs", - "ecr:BatchCheckLayerAvailability", - "ecr:BatchGetImage", - "ecr:CreateRepository", - "ecr:Describe*", - "ecr:GetAuthorizationToken", - "ecr:GetDownloadUrlForLayer", - "ecr:StartImageScan", - "elastic-inference:Connect", - "elasticfilesystem:DescribeFileSystems", - "elasticfilesystem:DescribeMountTargets", - "fsx:DescribeFileSystems", - "glue:CreateJob", - "glue:DeleteJob", - "glue:GetJob*", - "glue:GetTable*", - "glue:GetWorkflowRun", - "glue:ResetJobBookmark", - "glue:StartJobRun", - "glue:StartWorkflowRun", - "glue:UpdateJob", - "groundtruthlabeling:*", - "iam:ListRoles", - "kms:DescribeKey", - "kms:ListAliases", - "lambda:ListFunctions", - "logs:CreateLogDelivery", - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DeleteLogDelivery", - "logs:Describe*", - "logs:GetLogDelivery", - "logs:GetLogEvents", - "logs:ListLogDeliveries", - "logs:PutLogEvents", - "logs:PutResourcePolicy", - "logs:UpdateLogDelivery", - "robomaker:CreateSimulationApplication", - "robomaker:DescribeSimulationApplication", - "robomaker:DeleteSimulationApplication", - "robomaker:CreateSimulationJob", - "robomaker:DescribeSimulationJob", - "robomaker:CancelSimulationJob", - "secretsmanager:ListSecrets", - "servicecatalog:Describe*", - "servicecatalog:List*", - "servicecatalog:ScanProvisionedProducts", - "servicecatalog:SearchProducts", - "servicecatalog:SearchProvisionedProducts", - "sns:ListTopics", - "tag:GetResources" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ecr:SetRepositoryPolicy", - "ecr:CompleteLayerUpload", - "ecr:BatchDeleteImage", - "ecr:UploadLayerPart", - "ecr:DeleteRepositoryPolicy", - "ecr:InitiateLayerUpload", - "ecr:DeleteRepository", - "ecr:PutImage" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ecr:*:*:repository/*sagemaker*" - ] - }, - { - "Action": [ - "codecommit:GitPull", - "codecommit:GitPush" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:codecommit:*:*:*sagemaker*", - "arn:aws:codecommit:*:*:*SageMaker*", - "arn:aws:codecommit:*:*:*Sagemaker*" - ] - }, - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:codebuild:*:*:project/sagemaker*", - "arn:aws:codebuild:*:*:build/*" - ] - }, - { - "Action": [ - "states:DescribeExecution", - "states:GetExecutionHistory", - "states:StartExecution", - "states:StopExecution", - "states:UpdateStateMachine" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:states:*:*:statemachine:*sagemaker*", - "arn:aws:states:*:*:execution:*sagemaker*:*" - ] - }, - { - "Action": [ - "secretsmanager:DescribeSecret", - "secretsmanager:GetSecretValue", - "secretsmanager:CreateSecret" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:secretsmanager:*:*:secret:AmazonSageMaker-*" - ] - }, - { - "Action": [ - "secretsmanager:DescribeSecret", - "secretsmanager:GetSecretValue" - ], - "Condition": { - "StringEquals": { - "secretsmanager:ResourceTag/SageMaker": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "servicecatalog:ProvisionProduct" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "servicecatalog:TerminateProvisionedProduct", - "servicecatalog:UpdateProvisionedProduct" - ], - "Condition": { - "StringEquals": { - "servicecatalog:userLevel": "self" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:AbortMultipartUpload" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*SageMaker*", - "arn:aws:s3:::*Sagemaker*", - "arn:aws:s3:::*sagemaker*", - "arn:aws:s3:::*aws-glue*" - ] - }, - { - "Action": [ - "s3:GetObject" - ], - "Condition": { - "StringEqualsIgnoreCase": { - "s3:ExistingObjectTag/SageMaker": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetObject" - ], - "Condition": { - "StringEquals": { - "s3:ExistingObjectTag/servicecatalog:provisioning": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:CreateBucket", - "s3:GetBucketLocation", - "s3:ListBucket", - "s3:ListAllMyBuckets", - "s3:GetBucketCors", - "s3:PutBucketCors" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetBucketAcl", - "s3:PutObjectAcl" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*SageMaker*", - "arn:aws:s3:::*Sagemaker*", - "arn:aws:s3:::*sagemaker*" - ] - }, - { - "Action": [ - "lambda:InvokeFunction" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:lambda:*:*:function:*SageMaker*", - "arn:aws:lambda:*:*:function:*sagemaker*", - "arn:aws:lambda:*:*:function:*Sagemaker*", - "arn:aws:lambda:*:*:function:*LabelingFunction*" - ] - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "sagemaker.application-autoscaling.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "robomaker.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sns:Subscribe", - "sns:CreateTopic", - "sns:Publish" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sns:*:*:*SageMaker*", - "arn:aws:sns:*:*:*Sagemaker*", - "arn:aws:sns:*:*:*sagemaker*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "glue.amazonaws.com", - "robomaker.amazonaws.com", - "states.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/*AmazonSageMaker*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": "sagemaker.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/*" - }, - { - "Action": [ - "athena:ListDataCatalogs", - "athena:ListDatabases", - "athena:ListTableMetadata", - "athena:GetQueryExecution", - "athena:GetQueryResults", - "athena:StartQueryExecution", - "athena:StopQueryExecution" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "glue:CreateTable" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:glue:*:*:table/*/sagemaker_tmp_*", - "arn:aws:glue:*:*:table/sagemaker_featurestore/*", - "arn:aws:glue:*:*:catalog", - "arn:aws:glue:*:*:database/*" - ] - }, - { - "Action": [ - "glue:DeleteTable" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:glue:*:*:table/*/sagemaker_tmp_*", - "arn:aws:glue:*:*:catalog", - "arn:aws:glue:*:*:database/*" - ] - }, - { - "Action": [ - "glue:GetDatabases", - "glue:GetTable", - "glue:GetTables" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:glue:*:*:table/*", - "arn:aws:glue:*:*:catalog", - "arn:aws:glue:*:*:database/*" - ] - }, - { - "Action": [ - "glue:CreateDatabase", - "glue:GetDatabase" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:glue:*:*:catalog", - "arn:aws:glue:*:*:database/sagemaker_featurestore", - "arn:aws:glue:*:*:database/sagemaker_processing", - "arn:aws:glue:*:*:database/default", - "arn:aws:glue:*:*:database/sagemaker_data_wrangler" - ] - }, - { - "Action": [ - "redshift-data:ExecuteStatement", - "redshift-data:DescribeStatement", - "redshift-data:CancelStatement", - "redshift-data:GetStatementResult", - "redshift-data:ListSchemas", - "redshift-data:ListTables" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "redshift:GetClusterCredentials" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:redshift:*:*:dbuser:*/sagemaker_access*", - "arn:aws:redshift:*:*:dbname:*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJZ5IWYMXO5QDB4QOG", - "PolicyName": "AmazonSageMakerFullAccess", - "UpdateDate": "2021-09-08T17:12:25+00:00", - "VersionId": "v21" - }, - "AmazonSageMakerGroundTruthExecution": { - "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerGroundTruthExecution", - "AttachmentCount": 0, - "CreateDate": "2020-07-09T19:30:20+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "lambda:InvokeFunction" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:lambda:*:*:function:*GtRecipe*", - "arn:aws:lambda:*:*:function:*LabelingFunction*", - "arn:aws:lambda:*:*:function:*SageMaker*", - "arn:aws:lambda:*:*:function:*sagemaker*", - "arn:aws:lambda:*:*:function:*Sagemaker*" - ], - "Sid": "CustomLabelingJobs" - }, - { - "Action": [ - "s3:AbortMultipartUpload", - "s3:GetObject", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*GroundTruth*", - "arn:aws:s3:::*Groundtruth*", - "arn:aws:s3:::*groundtruth*", - "arn:aws:s3:::*SageMaker*", - "arn:aws:s3:::*Sagemaker*", - "arn:aws:s3:::*sagemaker*" - ] - }, - { - "Action": [ - "s3:GetObject" - ], - "Condition": { - "StringEqualsIgnoreCase": { - "s3:ExistingObjectTag/SageMaker": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:PutMetricData", - "logs:CreateLogStream", - "logs:CreateLogGroup", - "logs:DescribeLogStreams", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CloudWatch" - }, - { - "Action": [ - "sqs:CreateQueue", - "sqs:DeleteMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:SendMessageBatch", - "sqs:SetQueueAttributes" - ], - "Effect": "Allow", - "Resource": "arn:aws:sqs:*:*:*GroundTruth*", - "Sid": "StreamingQueue" - }, - { - "Action": "sns:Subscribe", - "Condition": { - "StringEquals": { - "sns:Protocol": "sqs" - }, - "StringLike": { - "sns:Endpoint": "arn:aws:sqs:*:*:*GroundTruth*" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:sns:*:*:*GroundTruth*", - "arn:aws:sns:*:*:*Groundtruth*", - "arn:aws:sns:*:*:*groundTruth*", - "arn:aws:sns:*:*:*groundtruth*", - "arn:aws:sns:*:*:*SageMaker*", - "arn:aws:sns:*:*:*Sagemaker*", - "arn:aws:sns:*:*:*sageMaker*", - "arn:aws:sns:*:*:*sagemaker*" - ], - "Sid": "StreamingTopicSubscribe" - }, - { - "Action": [ - "sns:Publish" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sns:*:*:*GroundTruth*", - "arn:aws:sns:*:*:*Groundtruth*", - "arn:aws:sns:*:*:*groundTruth*", - "arn:aws:sns:*:*:*groundtruth*", - "arn:aws:sns:*:*:*SageMaker*", - "arn:aws:sns:*:*:*Sagemaker*", - "arn:aws:sns:*:*:*sageMaker*", - "arn:aws:sns:*:*:*sagemaker*" - ], - "Sid": "StreamingTopic" - }, - { - "Action": [ - "sns:Unsubscribe" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "StreamingTopicUnsubscribe" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FYNFSJXO3", - "PolicyName": "AmazonSageMakerGroundTruthExecution", - "UpdateDate": "2020-07-09T19:30:20+00:00", - "VersionId": "v1" - }, - "AmazonSageMakerMechanicalTurkAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerMechanicalTurkAccess", - "AttachmentCount": 0, - "CreateDate": "2019-12-03T16:19:36+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "sagemaker:*FlowDefinition", - "sagemaker:*FlowDefinitions" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4AYDBKMMDV", - "PolicyName": "AmazonSageMakerMechanicalTurkAccess", - "UpdateDate": "2019-12-03T16:19:36+00:00", - "VersionId": "v1" - }, - "AmazonSageMakerNotebooksServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonSageMakerNotebooksServiceRolePolicy", - "AttachmentCount": 1, - "CreateDate": "2019-10-18T20:27:37+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": "elasticfilesystem:CreateFileSystem", - "Condition": { - "StringLike": { - "aws:RequestTag/ManagedByAmazonSageMakerResource": "*" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "elasticfilesystem:CreateMountTarget", - "elasticfilesystem:DeleteFileSystem", - "elasticfilesystem:DeleteMountTarget" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/ManagedByAmazonSageMakerResource": "*" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "elasticfilesystem:DescribeFileSystems", - "elasticfilesystem:DescribeMountTargets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:CreateTags", - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:DeleteNetworkInterface", - "ec2:DescribeDhcpOptions", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:ModifyNetworkInterfaceAttribute" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateNetworkInterfacePermission", - "ec2:DeleteNetworkInterfacePermission", - "ec2:DeleteSecurityGroup", - "ec2:RevokeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/ManagedByAmazonSageMakerResource": "*" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sso:CreateManagedApplicationInstance", - "sso:DeleteManagedApplicationInstance", - "sso:GetManagedApplicationInstance" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sagemaker:CreateUserProfile", - "sagemaker:DescribeUserProfile" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MYB7OEJED", - "PolicyName": "AmazonSageMakerNotebooksServiceRolePolicy", - "UpdateDate": "2020-08-28T22:39:39+00:00", - "VersionId": "v5" - }, - "AmazonSageMakerPipelinesIntegrations": { - "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerPipelinesIntegrations", - "AttachmentCount": 0, - "CreateDate": "2021-07-30T16:35:10+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "lambda:CreateFunction", - "lambda:DeleteFunction", - "lambda:InvokeFunction", - "lambda:UpdateFunctionCode" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:lambda:*:*:function:*sagemaker*", - "arn:aws:lambda:*:*:function:*sageMaker*", - "arn:aws:lambda:*:*:function:*SageMaker*" - ] - }, - { - "Action": [ - "sqs:CreateQueue", - "sqs:SendMessage" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:sqs:*:*:*sagemaker*", - "arn:aws:sqs:*:*:*sageMaker*", - "arn:aws:sqs:*:*:*SageMaker*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "lambda.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FK53JOAN3", - "PolicyName": "AmazonSageMakerPipelinesIntegrations", - "UpdateDate": "2021-07-30T16:35:10+00:00", - "VersionId": "v1" - }, - "AmazonSageMakerReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerReadOnly", - "AttachmentCount": 0, - "CreateDate": "2017-11-29T13:07:09+00:00", - "DefaultVersionId": "v11", - "Document": { - "Statement": [ - { - "Action": [ - "sagemaker:Describe*", - "sagemaker:List*", - "sagemaker:BatchGetMetrics", - "sagemaker:GetDeviceRegistration", - "sagemaker:GetDeviceFleetReport", - "sagemaker:GetSearchSuggestions", - "sagemaker:BatchGetRecord", - "sagemaker:GetRecord", - "sagemaker:Search", - "sagemaker:QueryLineage", - "sagemaker:GetLineageGroupPolicy", - "sagemaker:BatchDescribeModelPackage", - "sagemaker:GetModelPackageGroupPolicy" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DescribeScalingActivities", - "application-autoscaling:DescribeScalingPolicies", - "application-autoscaling:DescribeScheduledActions", - "aws-marketplace:ViewSubscriptions", - "cloudwatch:DescribeAlarms", - "cognito-idp:DescribeUserPool", - "cognito-idp:DescribeUserPoolClient", - "cognito-idp:ListGroups", - "cognito-idp:ListIdentityProviders", - "cognito-idp:ListUserPoolClients", - "cognito-idp:ListUserPools", - "cognito-idp:ListUsers", - "cognito-idp:ListUsersInGroup", - "ecr:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJTZ2FTFCQ6CFLQA2O", - "PolicyName": "AmazonSageMakerReadOnly", - "UpdateDate": "2021-12-01T16:29:20+00:00", - "VersionId": "v11" - }, - "AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2022-02-22T09:53:17+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cloudformation:CreateChangeSet", - "cloudformation:CreateStack", - "cloudformation:DescribeChangeSet", - "cloudformation:DeleteChangeSet", - "cloudformation:DeleteStack", - "cloudformation:DescribeStacks", - "cloudformation:ExecuteChangeSet", - "cloudformation:SetStackPolicy", - "cloudformation:UpdateStack" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudformation:*:*:stack/sagemaker-*" - }, - { - "Action": [ - "s3:AbortMultipartUpload", - "s3:DeleteObject", - "s3:GetObject", - "s3:GetObjectVersion", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::sagemaker-*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsCloudformationRole" - ] - }, - { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:codebuild:*:*:project/sagemaker-*", - "arn:aws:codebuild:*:*:build/sagemaker-*" - ] - }, - { - "Action": [ - "codecommit:CancelUploadArchive", - "codecommit:GetBranch", - "codecommit:GetCommit", - "codecommit:GetUploadArchiveStatus", - "codecommit:UploadArchive" - ], - "Effect": "Allow", - "Resource": "arn:aws:codecommit:*:*:sagemaker-*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CL3UG2EHM", - "PolicyName": "AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy", - "UpdateDate": "2022-02-22T09:53:17+00:00", - "VersionId": "v1" - }, - "AmazonSageMakerServiceCatalogProductsEventsServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerServiceCatalogProductsEventsServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2022-02-22T09:53:59+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "codepipeline:StartPipelineExecution", - "Effect": "Allow", - "Resource": "arn:aws:codepipeline:*:*:sagemaker-*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4ATIM24QYI", - "PolicyName": "AmazonSageMakerServiceCatalogProductsEventsServiceRolePolicy", - "UpdateDate": "2022-02-22T09:53:59+00:00", - "VersionId": "v1" - }, - "AmazonSageMakerServiceCatalogProductsFirehoseServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerServiceCatalogProductsFirehoseServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2022-02-22T09:54:35+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "firehose:PutRecord", - "firehose:PutRecordBatch" - ], - "Effect": "Allow", - "Resource": "arn:aws:firehose:*:*:deliverystream/sagemaker-*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4ESFA6JNN2", - "PolicyName": "AmazonSageMakerServiceCatalogProductsFirehoseServiceRolePolicy", - "UpdateDate": "2022-02-22T09:54:35+00:00", - "VersionId": "v1" - }, - "AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2022-02-22T09:51:13+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "glue:BatchCreatePartition", - "glue:BatchDeletePartition", - "glue:BatchDeleteTable", - "glue:BatchDeleteTableVersion", - "glue:BatchGetPartition", - "glue:CreateDatabase", - "glue:CreatePartition", - "glue:CreateTable", - "glue:DeletePartition", - "glue:DeleteTable", - "glue:DeleteTableVersion", - "glue:GetDatabase", - "glue:GetPartition", - "glue:GetPartitions", - "glue:GetTable", - "glue:GetTables", - "glue:GetTableVersion", - "glue:GetTableVersions", - "glue:SearchTables", - "glue:UpdatePartition", - "glue:UpdateTable" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:glue:*:*:catalog", - "arn:aws:glue:*:*:database/default", - "arn:aws:glue:*:*:database/global_temp", - "arn:aws:glue:*:*:database/sagemaker-*", - "arn:aws:glue:*:*:table/sagemaker-*", - "arn:aws:glue:*:*:tableVersion/sagemaker-*" - ] - }, - { - "Action": [ - "s3:CreateBucket", - "s3:DeleteBucket", - "s3:GetBucketAcl", - "s3:GetBucketCors", - "s3:GetBucketLocation", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:PutBucketCors" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-glue-*", - "arn:aws:s3:::sagemaker-*" - ] - }, - { - "Action": [ - "s3:AbortMultipartUpload", - "s3:DeleteObject", - "s3:GetObject", - "s3:GetObjectVersion", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::aws-glue-*", - "arn:aws:s3:::sagemaker-*" - ] - }, - { - "Action": [ - "logs:CreateLogDelivery", - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DeleteLogDelivery", - "logs:Describe*", - "logs:GetLogDelivery", - "logs:GetLogEvents", - "logs:ListLogDeliveries", - "logs:PutLogEvents", - "logs:PutResourcePolicy", - "logs:UpdateLogDelivery" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/glue/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4DOYZH7RTZ", - "PolicyName": "AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy", - "UpdateDate": "2022-02-22T09:51:13+00:00", - "VersionId": "v1" - }, - "AmazonSumerianFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonSumerianFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-04-24T20:14:16+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "sumerian:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJMGUENPB56MXVVGBE", - "PolicyName": "AmazonSumerianFullAccess", - "UpdateDate": "2018-04-24T20:14:16+00:00", - "VersionId": "v1" - }, - "AmazonTextractFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonTextractFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-28T19:07:42+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "textract:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIQDD47A7H3GBVPWOQ", - "PolicyName": "AmazonTextractFullAccess", - "UpdateDate": "2018-11-28T19:07:42+00:00", - "VersionId": "v1" - }, - "AmazonTextractServiceRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AmazonTextractServiceRole", - "AttachmentCount": 0, - "CreateDate": "2018-11-28T19:12:16+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "sns:Publish" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:AmazonTextract*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJBDSAWESWLL34WASG", - "PolicyName": "AmazonTextractServiceRole", - "UpdateDate": "2018-11-28T19:12:16+00:00", - "VersionId": "v1" - }, - "AmazonTimestreamConsoleFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonTimestreamConsoleFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-09-30T21:47:18+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "timestream:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:DescribeKey", - "kms:ListKeys", - "kms:ListAliases" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:CreateGrant" - ], - "Condition": { - "Bool": { - "kms:GrantIsForAWSResource": true - }, - "ForAnyValue:StringEquals": { - "kms:EncryptionContextKeys": "aws:timestream:database-name" - }, - "StringLike": { - "kms:ViaService": "timestream.*.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "dbqms:CreateFavoriteQuery", - "dbqms:DescribeFavoriteQueries", - "dbqms:UpdateFavoriteQuery", - "dbqms:DeleteFavoriteQueries", - "dbqms:GetQueryString", - "dbqms:CreateQueryHistory", - "dbqms:DescribeQueryHistory", - "dbqms:UpdateQueryHistory", - "dbqms:DeleteQueryHistory" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sns:ListTopics", - "iam:ListRoles" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4AZJLUKMAZ", - "PolicyName": "AmazonTimestreamConsoleFullAccess", - "UpdateDate": "2022-02-01T21:37:31+00:00", - "VersionId": "v4" - }, - "AmazonTimestreamFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonTimestreamFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-09-30T21:47:14+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "timestream:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:CreateGrant" - ], - "Condition": { - "Bool": { - "kms:GrantIsForAWSResource": true - }, - "ForAnyValue:StringEquals": { - "kms:EncryptionContextKeys": "aws:timestream:database-name" - }, - "StringLike": { - "kms:ViaService": "timestream.*.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CGYUJBH4V", - "PolicyName": "AmazonTimestreamFullAccess", - "UpdateDate": "2021-11-26T23:42:00+00:00", - "VersionId": "v2" - }, - "AmazonTimestreamReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonTimestreamReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-09-30T21:47:08+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "timestream:CancelQuery", - "timestream:DescribeDatabase", - "timestream:DescribeEndpoints", - "timestream:DescribeTable", - "timestream:ListDatabases", - "timestream:ListMeasures", - "timestream:ListTables", - "timestream:ListTagsForResource", - "timestream:Select", - "timestream:SelectValues", - "timestream:DescribeScheduledQuery", - "timestream:ListScheduledQueries" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4I7VUQXAEJ", - "PolicyName": "AmazonTimestreamReadOnlyAccess", - "UpdateDate": "2021-11-26T23:39:30+00:00", - "VersionId": "v2" - }, - "AmazonTranscribeFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonTranscribeFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-04-04T16:06:16+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "transcribe:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*transcribe*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAINAV45F5NT5RMFO7K", - "PolicyName": "AmazonTranscribeFullAccess", - "UpdateDate": "2018-04-04T16:06:16+00:00", - "VersionId": "v1" - }, - "AmazonTranscribeReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonTranscribeReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2018-04-04T16:05:06+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "transcribe:Get*", - "transcribe:List*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJM6JONISXCAZKFCAO", - "PolicyName": "AmazonTranscribeReadOnlyAccess", - "UpdateDate": "2018-04-04T16:05:06+00:00", - "VersionId": "v1" - }, - "AmazonVPCCrossAccountNetworkInterfaceOperations": { - "Arn": "arn:aws:iam::aws:policy/AmazonVPCCrossAccountNetworkInterfaceOperations", - "AttachmentCount": 0, - "CreateDate": "2017-07-18T20:47:16+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeRouteTables", - "ec2:CreateRoute", - "ec2:DeleteRoute", - "ec2:ReplaceRoute" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:DescribeNetworkInterfaces", - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:DeleteNetworkInterfacePermission", - "ec2:DescribeNetworkInterfacePermissions", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:DescribeNetworkInterfaceAttribute", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeRegions", - "ec2:DescribeVpcs", - "ec2:DescribeSubnets" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:AssignPrivateIpAddresses", - "ec2:UnassignPrivateIpAddresses" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ53Y4ZY5OHP4CNRJC", - "PolicyName": "AmazonVPCCrossAccountNetworkInterfaceOperations", - "UpdateDate": "2020-06-16T14:16:49+00:00", - "VersionId": "v4" - }, - "AmazonVPCFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonVPCFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:16+00:00", - "DefaultVersionId": "v9", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:AcceptVpcPeeringConnection", - "ec2:AcceptVpcEndpointConnections", - "ec2:AllocateAddress", - "ec2:AssignIpv6Addresses", - "ec2:AssignPrivateIpAddresses", - "ec2:AssociateAddress", - "ec2:AssociateDhcpOptions", - "ec2:AssociateRouteTable", - "ec2:AssociateSubnetCidrBlock", - "ec2:AssociateVpcCidrBlock", - "ec2:AttachClassicLinkVpc", - "ec2:AttachInternetGateway", - "ec2:AttachNetworkInterface", - "ec2:AttachVpnGateway", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateCarrierGateway", - "ec2:CreateCustomerGateway", - "ec2:CreateDefaultSubnet", - "ec2:CreateDefaultVpc", - "ec2:CreateDhcpOptions", - "ec2:CreateEgressOnlyInternetGateway", - "ec2:CreateFlowLogs", - "ec2:CreateInternetGateway", - "ec2:CreateLocalGatewayRouteTableVpcAssociation", - "ec2:CreateNatGateway", - "ec2:CreateNetworkAcl", - "ec2:CreateNetworkAclEntry", - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:CreateRoute", - "ec2:CreateRouteTable", - "ec2:CreateSecurityGroup", - "ec2:CreateSubnet", - "ec2:CreateTags", - "ec2:CreateVpc", - "ec2:CreateVpcEndpoint", - "ec2:CreateVpcEndpointConnectionNotification", - "ec2:CreateVpcEndpointServiceConfiguration", - "ec2:CreateVpcPeeringConnection", - "ec2:CreateVpnConnection", - "ec2:CreateVpnConnectionRoute", - "ec2:CreateVpnGateway", - "ec2:DeleteCarrierGateway", - "ec2:DeleteCustomerGateway", - "ec2:DeleteDhcpOptions", - "ec2:DeleteEgressOnlyInternetGateway", - "ec2:DeleteFlowLogs", - "ec2:DeleteInternetGateway", - "ec2:DeleteLocalGatewayRouteTableVpcAssociation", - "ec2:DeleteNatGateway", - "ec2:DeleteNetworkAcl", - "ec2:DeleteNetworkAclEntry", - "ec2:DeleteNetworkInterface", - "ec2:DeleteNetworkInterfacePermission", - "ec2:DeleteRoute", - "ec2:DeleteRouteTable", - "ec2:DeleteSecurityGroup", - "ec2:DeleteSubnet", - "ec2:DeleteTags", - "ec2:DeleteVpc", - "ec2:DeleteVpcEndpoints", - "ec2:DeleteVpcEndpointConnectionNotifications", - "ec2:DeleteVpcEndpointServiceConfigurations", - "ec2:DeleteVpcPeeringConnection", - "ec2:DeleteVpnConnection", - "ec2:DeleteVpnConnectionRoute", - "ec2:DeleteVpnGateway", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAddresses", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeCarrierGateways", - "ec2:DescribeClassicLinkInstances", - "ec2:DescribeCustomerGateways", - "ec2:DescribeDhcpOptions", - "ec2:DescribeEgressOnlyInternetGateways", - "ec2:DescribeFlowLogs", - "ec2:DescribeInstances", - "ec2:DescribeInternetGateways", - "ec2:DescribeIpv6Pools", - "ec2:DescribeLocalGatewayRouteTables", - "ec2:DescribeLocalGatewayRouteTableVpcAssociations", - "ec2:DescribeKeyPairs", - "ec2:DescribeMovingAddresses", - "ec2:DescribeNatGateways", - "ec2:DescribeNetworkAcls", - "ec2:DescribeNetworkInterfaceAttribute", - "ec2:DescribeNetworkInterfacePermissions", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribePrefixLists", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroupReferences", - "ec2:DescribeSecurityGroupRules", - "ec2:DescribeSecurityGroups", - "ec2:DescribeStaleSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeTags", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcClassicLink", - "ec2:DescribeVpcClassicLinkDnsSupport", - "ec2:DescribeVpcEndpointConnectionNotifications", - "ec2:DescribeVpcEndpointConnections", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcEndpointServiceConfigurations", - "ec2:DescribeVpcEndpointServicePermissions", - "ec2:DescribeVpcEndpointServices", - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeVpcs", - "ec2:DescribeVpnConnections", - "ec2:DescribeVpnGateways", - "ec2:DetachClassicLinkVpc", - "ec2:DetachInternetGateway", - "ec2:DetachNetworkInterface", - "ec2:DetachVpnGateway", - "ec2:DisableVgwRoutePropagation", - "ec2:DisableVpcClassicLink", - "ec2:DisableVpcClassicLinkDnsSupport", - "ec2:DisassociateAddress", - "ec2:DisassociateRouteTable", - "ec2:DisassociateSubnetCidrBlock", - "ec2:DisassociateVpcCidrBlock", - "ec2:EnableVgwRoutePropagation", - "ec2:EnableVpcClassicLink", - "ec2:EnableVpcClassicLinkDnsSupport", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:ModifySecurityGroupRules", - "ec2:ModifySubnetAttribute", - "ec2:ModifyVpcAttribute", - "ec2:ModifyVpcEndpoint", - "ec2:ModifyVpcEndpointConnectionNotification", - "ec2:ModifyVpcEndpointServiceConfiguration", - "ec2:ModifyVpcEndpointServicePermissions", - "ec2:ModifyVpcPeeringConnectionOptions", - "ec2:ModifyVpcTenancy", - "ec2:MoveAddressToVpc", - "ec2:RejectVpcEndpointConnections", - "ec2:RejectVpcPeeringConnection", - "ec2:ReleaseAddress", - "ec2:ReplaceNetworkAclAssociation", - "ec2:ReplaceNetworkAclEntry", - "ec2:ReplaceRoute", - "ec2:ReplaceRouteTableAssociation", - "ec2:ResetNetworkInterfaceAttribute", - "ec2:RestoreAddressToClassic", - "ec2:RevokeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress", - "ec2:UnassignIpv6Addresses", - "ec2:UnassignPrivateIpAddresses", - "ec2:UpdateSecurityGroupRuleDescriptionsEgress", - "ec2:UpdateSecurityGroupRuleDescriptionsIngress" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJBWPGNOVKZD3JI2P2", - "PolicyName": "AmazonVPCFullAccess", - "UpdateDate": "2021-08-02T19:12:14+00:00", - "VersionId": "v9" - }, - "AmazonVPCReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonVPCReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:17+00:00", - "DefaultVersionId": "v8", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeAccountAttributes", - "ec2:DescribeAddresses", - "ec2:DescribeCarrierGateways", - "ec2:DescribeClassicLinkInstances", - "ec2:DescribeCustomerGateways", - "ec2:DescribeDhcpOptions", - "ec2:DescribeEgressOnlyInternetGateways", - "ec2:DescribeFlowLogs", - "ec2:DescribeInternetGateways", - "ec2:DescribeLocalGatewayRouteTables", - "ec2:DescribeLocalGatewayRouteTableVpcAssociations", - "ec2:DescribeMovingAddresses", - "ec2:DescribeNatGateways", - "ec2:DescribeNetworkAcls", - "ec2:DescribeNetworkInterfaceAttribute", - "ec2:DescribeNetworkInterfacePermissions", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribePrefixLists", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroupReferences", - "ec2:DescribeSecurityGroupRules", - "ec2:DescribeSecurityGroups", - "ec2:DescribeStaleSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeTags", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcClassicLink", - "ec2:DescribeVpcClassicLinkDnsSupport", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcEndpointConnectionNotifications", - "ec2:DescribeVpcEndpointConnections", - "ec2:DescribeVpcEndpointServiceConfigurations", - "ec2:DescribeVpcEndpointServicePermissions", - "ec2:DescribeVpcEndpointServices", - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeVpcs", - "ec2:DescribeVpnConnections", - "ec2:DescribeVpnGateways" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIICZJNOJN36GTG6CM", - "PolicyName": "AmazonVPCReadOnlyAccess", - "UpdateDate": "2021-08-02T15:47:38+00:00", - "VersionId": "v8" - }, - "AmazonWorkDocsFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonWorkDocsFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-04-16T23:05:11+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "workdocs:*", - "ds:DescribeDirectories", - "ec2:DescribeVpcs", - "ec2:DescribeSubnets" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4GTERAZYCR", - "PolicyName": "AmazonWorkDocsFullAccess", - "UpdateDate": "2020-04-16T23:05:11+00:00", - "VersionId": "v1" - }, - "AmazonWorkDocsReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonWorkDocsReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-01-08T23:49:59+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "workdocs:Describe*", - "ds:DescribeDirectories", - "ec2:DescribeVpcs", - "ec2:DescribeSubnets" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4EDG6WGO5A", - "PolicyName": "AmazonWorkDocsReadOnlyAccess", - "UpdateDate": "2020-01-08T23:49:59+00:00", - "VersionId": "v1" - }, - "AmazonWorkLinkFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonWorkLinkFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-01-23T18:52:09+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "worklink:*" - ], - "Effect": "Allow", - "Resource": "arn:aws:worklink:*:*:*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJM4ITL7TEVURHCQSY", - "PolicyName": "AmazonWorkLinkFullAccess", - "UpdateDate": "2019-09-23T18:37:42+00:00", - "VersionId": "v2" - }, - "AmazonWorkLinkReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AmazonWorkLinkReadOnly", - "AttachmentCount": 0, - "CreateDate": "2019-01-23T19:07:10+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "worklink:Describe*", - "worklink:List*", - "worklink:Search*" - ], - "Effect": "Allow", - "Resource": "arn:aws:worklink:*:*:*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIANQMFGU4EUUZKFQ4", - "PolicyName": "AmazonWorkLinkReadOnly", - "UpdateDate": "2019-09-23T18:37:21+00:00", - "VersionId": "v3" - }, - "AmazonWorkLinkServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonWorkLinkServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-03-18T18:00:16+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterfacePermission", - "ec2:CreateNetworkInterfacePermission", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:DeleteNetworkInterface" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kinesis:PutRecord", - "kinesis:PutRecords" - ], - "Effect": "Allow", - "Resource": "arn:aws:kinesis:*:*:stream/AmazonWorkLink-*" - }, - { - "Action": [ - "elasticloadbalancing:ModifyListener", - "elasticloadbalancing:AddListenerCertificates", - "elasticloadbalancing:RemoveListenerCertificates" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAINJJP6CO7ATFCV4CU", - "PolicyName": "AmazonWorkLinkServiceRolePolicy", - "UpdateDate": "2020-02-07T20:48:49+00:00", - "VersionId": "v2" - }, - "AmazonWorkMailEventsServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonWorkMailEventsServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-04-16T16:52:43+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JG5LNO3U7", - "PolicyName": "AmazonWorkMailEventsServiceRolePolicy", - "UpdateDate": "2019-04-16T16:52:43+00:00", - "VersionId": "v1" - }, - "AmazonWorkMailFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonWorkMailFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:41+00:00", - "DefaultVersionId": "v10", - "Document": { - "Statement": [ - { - "Action": [ - "ds:AuthorizeApplication", - "ds:CheckAlias", - "ds:CreateAlias", - "ds:CreateDirectory", - "ds:CreateIdentityPoolDirectory", - "ds:DeleteDirectory", - "ds:DescribeDirectories", - "ds:GetDirectoryLimits", - "ds:ListAuthorizedApplications", - "ds:UnauthorizeApplication", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:CreateSubnet", - "ec2:CreateTags", - "ec2:CreateVpc", - "ec2:DeleteSecurityGroup", - "ec2:DeleteSubnet", - "ec2:DeleteVpc", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeRouteTables", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:RevokeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress", - "kms:DescribeKey", - "kms:ListAliases", - "lambda:ListFunctions", - "route53:ChangeResourceRecordSets", - "route53:ListHostedZones", - "route53:ListResourceRecordSets", - "route53:GetHostedZone", - "route53domains:CheckDomainAvailability", - "route53domains:ListDomains", - "ses:*", - "workmail:*", - "iam:ListRoles", - "logs:DescribeLogGroups", - "logs:CreateLogGroup", - "logs:PutRetentionPolicy", - "cloudwatch:GetMetricData" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "events.workmail.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:DeleteServiceLinkedRole", - "iam:GetServiceLinkedRoleDeletionStatus" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/events.workmail.amazonaws.com/AWSServiceRoleForAmazonWorkMailEvents*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringLike": { - "iam:PassedToService": "events.workmail.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/*workmail*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJQVKNMT7SVATQ4AUY", - "PolicyName": "AmazonWorkMailFullAccess", - "UpdateDate": "2020-12-21T14:13:40+00:00", - "VersionId": "v10" - }, - "AmazonWorkMailMessageFlowFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonWorkMailMessageFlowFullAccess", - "AttachmentCount": 0, - "CreateDate": "2021-02-11T11:08:35+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "workmailmessageflow:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4ORQUVJL66", - "PolicyName": "AmazonWorkMailMessageFlowFullAccess", - "UpdateDate": "2021-02-11T11:08:35+00:00", - "VersionId": "v1" - }, - "AmazonWorkMailMessageFlowReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonWorkMailMessageFlowReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2021-01-28T12:40:08+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "workmailmessageflow:Get*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4M6UETQLYG", - "PolicyName": "AmazonWorkMailMessageFlowReadOnlyAccess", - "UpdateDate": "2021-01-28T12:40:08+00:00", - "VersionId": "v1" - }, - "AmazonWorkMailReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonWorkMailReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:42+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "ses:Describe*", - "ses:Get*", - "workmail:Describe*", - "workmail:Get*", - "workmail:List*", - "workmail:Search*", - "lambda:ListFunctions", - "iam:ListRoles", - "logs:DescribeLogGroups", - "cloudwatch:GetMetricData" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJHF7J65E2QFKCWAJM", - "PolicyName": "AmazonWorkMailReadOnlyAccess", - "UpdateDate": "2019-07-25T08:24:50+00:00", - "VersionId": "v4" - }, - "AmazonWorkSpacesAdmin": { - "Arn": "arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin", - "AttachmentCount": 0, - "CreateDate": "2015-09-22T22:21:15+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "workspaces:CreateWorkspaces", - "workspaces:DescribeWorkspaces", - "workspaces:RebootWorkspaces", - "workspaces:RebuildWorkspaces", - "workspaces:TerminateWorkspaces", - "workspaces:DescribeWorkspaceDirectories", - "workspaces:DescribeWorkspaceBundles", - "workspaces:ModifyWorkspaceProperties", - "workspaces:StopWorkspaces", - "workspaces:StartWorkspaces", - "workspaces:DescribeWorkspacesConnectionStatus", - "workspaces:CreateTags", - "workspaces:DeleteTags", - "workspaces:DescribeTags", - "kms:ListKeys", - "kms:ListAliases", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ26AU6ATUQCT5KVJU", - "PolicyName": "AmazonWorkSpacesAdmin", - "UpdateDate": "2016-08-18T23:08:42+00:00", - "VersionId": "v2" - }, - "AmazonWorkSpacesApplicationManagerAdminAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonWorkSpacesApplicationManagerAdminAccess", - "AttachmentCount": 0, - "CreateDate": "2015-04-09T14:03:18+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "wam:AuthenticatePackager", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJPRL4KYETIH7XGTSS", - "PolicyName": "AmazonWorkSpacesApplicationManagerAdminAccess", - "UpdateDate": "2015-04-09T14:03:18+00:00", - "VersionId": "v1" - }, - "AmazonWorkSpacesSelfServiceAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess", - "AttachmentCount": 0, - "CreateDate": "2019-06-27T19:22:52+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "workspaces:RebootWorkspaces", - "workspaces:RebuildWorkspaces", - "workspaces:ModifyWorkspaceProperties" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MLHUSTJAF", - "PolicyName": "AmazonWorkSpacesSelfServiceAccess", - "UpdateDate": "2019-06-27T19:22:52+00:00", - "VersionId": "v1" - }, - "AmazonWorkSpacesServiceAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess", - "AttachmentCount": 0, - "CreateDate": "2019-06-27T19:19:09+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DescribeNetworkInterfaces" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KRXBM753F", - "PolicyName": "AmazonWorkSpacesServiceAccess", - "UpdateDate": "2020-03-18T23:32:10+00:00", - "VersionId": "v2" - }, - "AmazonWorkSpacesWebReadOnly": { - "Arn": "arn:aws:iam::aws:policy/AmazonWorkSpacesWebReadOnly", - "AttachmentCount": 0, - "CreateDate": "2021-11-30T14:20:36+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "workspaces-web:GetBrowserSettings", - "workspaces-web:GetIdentityProvider", - "workspaces-web:GetNetworkSettings", - "workspaces-web:GetPortal", - "workspaces-web:GetPortalServiceProviderMetadata", - "workspaces-web:GetTrustStore", - "workspaces-web:GetTrustStoreCertificate", - "workspaces-web:GetUserSettings", - "workspaces-web:ListBrowserSettings", - "workspaces-web:ListIdentityProviders", - "workspaces-web:ListNetworkSettings", - "workspaces-web:ListPortals", - "workspaces-web:ListTagsForResource", - "workspaces-web:ListTrustStoreCertificates", - "workspaces-web:ListTrustStores", - "workspaces-web:ListUserSettings" - ], - "Effect": "Allow", - "Resource": "arn:aws:workspaces-web:*:*:*" - }, - { - "Action": [ - "ec2:DescribeVpcs", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4HIYKYJQEQ", - "PolicyName": "AmazonWorkSpacesWebReadOnly", - "UpdateDate": "2021-11-30T14:20:36+00:00", - "VersionId": "v1" - }, - "AmazonWorkSpacesWebServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonWorkSpacesWebServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-11-30T13:15:53+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeVpcs", - "ec2:DescribeSubnets", - "ec2:DescribeAvailabilityZones", - "ec2:CreateNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DeleteNetworkInterface", - "ec2:AssociateAddress", - "ec2:DisassociateAddress", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeVpcEndpoints" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:PutMetricData" - ], - "Condition": { - "StringEquals": { - "cloudwatch:namespace": "AWS/WorkSpacesWeb" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JW4G4DATC", - "PolicyName": "AmazonWorkSpacesWebServiceRolePolicy", - "UpdateDate": "2021-11-30T13:15:53+00:00", - "VersionId": "v1" - }, - "AmazonZocaloFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonZocaloFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:13+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "zocalo:*", - "ds:*", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:CreateSubnet", - "ec2:CreateTags", - "ec2:CreateVpc", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DeleteNetworkInterface", - "ec2:DeleteSecurityGroup", - "ec2:RevokeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJLCDXYRINDMUXEVL6", - "PolicyName": "AmazonZocaloFullAccess", - "UpdateDate": "2015-02-06T18:41:13+00:00", - "VersionId": "v1" - }, - "AmazonZocaloReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AmazonZocaloReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:14+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "zocalo:Describe*", - "ds:DescribeDirectories", - "ec2:DescribeVpcs", - "ec2:DescribeSubnets" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAISRCSSJNS3QPKZJPM", - "PolicyName": "AmazonZocaloReadOnlyAccess", - "UpdateDate": "2015-02-06T18:41:14+00:00", - "VersionId": "v1" - }, - "AppRunnerNetworkingServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AppRunnerNetworkingServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2022-01-12T21:02:40+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeVpcs", - "ec2:DescribeDhcpOptions", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:CreateNetworkInterface", - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": [ - "AWSAppRunnerManaged" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "ec2:CreateAction": "CreateNetworkInterface" - }, - "StringLike": { - "aws:RequestTag/AWSAppRunnerManaged": "*" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:network-interface/*" - }, - { - "Action": "ec2:DeleteNetworkInterface", - "Condition": { - "Null": { - "ec2:ResourceTag/AWSAppRunnerManaged": "false" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4BKUD67OZN", - "PolicyName": "AppRunnerNetworkingServiceRolePolicy", - "UpdateDate": "2022-01-12T21:02:40+00:00", - "VersionId": "v1" - }, - "AppRunnerServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AppRunnerServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-05-14T19:15:04+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:PutRetentionPolicy" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/apprunner/*" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/apprunner/*:log-stream:*" - ] - }, - { - "Action": [ - "events:PutRule", - "events:PutTargets", - "events:DeleteRule", - "events:RemoveTargets", - "events:DescribeRule", - "events:EnableRule", - "events:DisableRule" - ], - "Effect": "Allow", - "Resource": "arn:aws:events:*:*:rule/AWSAppRunnerManagedRule*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FKEGI2QN2", - "PolicyName": "AppRunnerServiceRolePolicy", - "UpdateDate": "2021-05-14T19:15:04+00:00", - "VersionId": "v1" - }, - "ApplicationAutoScalingForAmazonAppStreamAccess": { - "Arn": "arn:aws:iam::aws:policy/service-role/ApplicationAutoScalingForAmazonAppStreamAccess", - "AttachmentCount": 0, - "CreateDate": "2017-02-06T21:39:56+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "appstream:UpdateFleet", - "appstream:DescribeFleets" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "cloudwatch:DescribeAlarms" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIEL3HJCCWFVHA6KPG", - "PolicyName": "ApplicationAutoScalingForAmazonAppStreamAccess", - "UpdateDate": "2017-02-06T21:39:56+00:00", - "VersionId": "v1" - }, - "ApplicationDiscoveryServiceContinuousExportServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/ApplicationDiscoveryServiceContinuousExportServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-08-09T20:22:01+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "glue:CreateDatabase", - "glue:UpdateDatabase", - "glue:CreateTable", - "glue:UpdateTable", - "firehose:CreateDeliveryStream", - "firehose:DescribeDeliveryStream", - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "firehose:DeleteDeliveryStream", - "firehose:PutRecord", - "firehose:PutRecordBatch", - "firehose:UpdateDestination" - ], - "Effect": "Allow", - "Resource": "arn:aws:firehose:*:*:deliverystream/aws-application-discovery-service*" - }, - { - "Action": [ - "s3:CreateBucket", - "s3:ListBucket", - "s3:PutBucketLogging", - "s3:PutEncryptionConfiguration" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::aws-application-discovery-service*" - }, - { - "Action": [ - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::aws-application-discovery-service*/*" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutRetentionPolicy" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/application-discovery-service/firehose*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": "firehose.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/AWSApplicationDiscoveryServiceFirehose" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": "firehose.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/service-role/AWSApplicationDiscoveryServiceFirehose" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJMGMY3P6OEWOELRFE", - "PolicyName": "ApplicationDiscoveryServiceContinuousExportServiceRolePolicy", - "UpdateDate": "2018-08-13T22:31:21+00:00", - "VersionId": "v2" - }, - "AutoScalingConsoleFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AutoScalingConsoleFullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-01-12T19:43:16+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateKeyPair", - "ec2:CreateSecurityGroup", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeImages", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeInstances", - "ec2:DescribeKeyPairs", - "ec2:DescribeLaunchTemplateVersions", - "ec2:DescribePlacementGroups", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSpotInstanceRequests", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeVpcClassicLink", - "ec2:ImportKeyPair" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "elasticloadbalancing:Describe*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:ListMetrics", - "cloudwatch:GetMetricStatistics", - "cloudwatch:PutMetricAlarm", - "cloudwatch:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "autoscaling:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sns:ListSubscriptions", - "sns:ListTopics" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:ListRoles", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "autoscaling.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIYEN6FJGYYWJFFCZW", - "PolicyName": "AutoScalingConsoleFullAccess", - "UpdateDate": "2018-02-06T23:15:36+00:00", - "VersionId": "v2" - }, - "AutoScalingConsoleReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AutoScalingConsoleReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2017-01-12T19:48:53+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeVpcs", - "ec2:DescribeVpcClassicLink", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeSubnets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "elasticloadbalancing:Describe*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:ListMetrics", - "cloudwatch:GetMetricStatistics", - "cloudwatch:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "autoscaling:Describe*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sns:ListSubscriptions", - "sns:ListTopics" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI3A7GDXOYQV3VUQMK", - "PolicyName": "AutoScalingConsoleReadOnlyAccess", - "UpdateDate": "2017-01-12T19:48:53+00:00", - "VersionId": "v1" - }, - "AutoScalingFullAccess": { - "Arn": "arn:aws:iam::aws:policy/AutoScalingFullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-01-12T19:31:58+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": "autoscaling:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "cloudwatch:PutMetricAlarm", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeImages", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeInstances", - "ec2:DescribeKeyPairs", - "ec2:DescribeLaunchTemplateVersions", - "ec2:DescribePlacementGroups", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSpotInstanceRequests", - "ec2:DescribeSubnets", - "ec2:DescribeVpcClassicLink" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTargetGroups" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "autoscaling.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIAWRCSJDDXDXGPCFU", - "PolicyName": "AutoScalingFullAccess", - "UpdateDate": "2018-02-06T21:59:13+00:00", - "VersionId": "v2" - }, - "AutoScalingNotificationAccessRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/AutoScalingNotificationAccessRole", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:22+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "sqs:SendMessage", - "sqs:GetQueueUrl", - "sns:Publish" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIO2VMUPGDC5PZVXVA", - "PolicyName": "AutoScalingNotificationAccessRole", - "UpdateDate": "2015-02-06T18:41:22+00:00", - "VersionId": "v1" - }, - "AutoScalingReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/AutoScalingReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2017-01-12T19:39:35+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "autoscaling:Describe*", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIAFWUVLC2LPLSFTFG", - "PolicyName": "AutoScalingReadOnlyAccess", - "UpdateDate": "2017-01-12T19:39:35+00:00", - "VersionId": "v1" - }, - "AutoScalingServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/AutoScalingServiceRolePolicy", - "AttachmentCount": 1, - "CreateDate": "2018-01-08T23:10:55+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:AttachClassicLinkVpc", - "ec2:CancelSpotInstanceRequests", - "ec2:CreateFleet", - "ec2:CreateTags", - "ec2:DeleteTags", - "ec2:Describe*", - "ec2:DetachClassicLinkVpc", - "ec2:ModifyInstanceAttribute", - "ec2:RequestSpotInstances", - "ec2:RunInstances", - "ec2:StartInstances", - "ec2:StopInstances", - "ec2:TerminateInstances" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "EC2InstanceManagement" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringLike": { - "iam:PassedToService": "ec2.amazonaws.com*" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "EC2InstanceProfileManagement" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "spot.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "EC2SpotManagement" - }, - { - "Action": [ - "elasticloadbalancing:Register*", - "elasticloadbalancing:Deregister*", - "elasticloadbalancing:Describe*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ELBManagement" - }, - { - "Action": [ - "cloudwatch:DeleteAlarms", - "cloudwatch:DescribeAlarms", - "cloudwatch:GetMetricData", - "cloudwatch:PutMetricAlarm" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CWManagement" - }, - { - "Action": [ - "sns:Publish" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "SNSManagement" - }, - { - "Action": [ - "events:PutRule", - "events:PutTargets", - "events:RemoveTargets", - "events:DeleteRule", - "events:DescribeRule" - ], - "Condition": { - "StringEquals": { - "events:ManagedBy": "autoscaling.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*", - "Sid": "EventBridgeRuleManagement" - }, - { - "Action": [ - "ssm:GetParameters" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "SystemsManagerParameterManagement" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIC5D2V7MRWBMHGD7G", - "PolicyName": "AutoScalingServiceRolePolicy", - "UpdateDate": "2021-10-29T22:06:23+00:00", - "VersionId": "v6" - }, - "AwsGlueDataBrewFullAccessPolicy": { - "Arn": "arn:aws:iam::aws:policy/AwsGlueDataBrewFullAccessPolicy", - "AttachmentCount": 0, - "CreateDate": "2020-11-11T16:51:39+00:00", - "DefaultVersionId": "v8", - "Document": { - "Statement": [ - { - "Action": [ - "databrew:CreateDataset", - "databrew:DescribeDataset", - "databrew:ListDatasets", - "databrew:UpdateDataset", - "databrew:DeleteDataset", - "databrew:CreateProject", - "databrew:DescribeProject", - "databrew:ListProjects", - "databrew:StartProjectSession", - "databrew:SendProjectSessionAction", - "databrew:UpdateProject", - "databrew:DeleteProject", - "databrew:CreateRecipe", - "databrew:DescribeRecipe", - "databrew:ListRecipes", - "databrew:ListRecipeVersions", - "databrew:PublishRecipe", - "databrew:UpdateRecipe", - "databrew:BatchDeleteRecipeVersion", - "databrew:DeleteRecipeVersion", - "databrew:CreateRecipeJob", - "databrew:CreateProfileJob", - "databrew:DescribeJob", - "databrew:DescribeJobRun", - "databrew:ListJobRuns", - "databrew:ListJobs", - "databrew:StartJobRun", - "databrew:StopJobRun", - "databrew:UpdateProfileJob", - "databrew:UpdateRecipeJob", - "databrew:DeleteJob", - "databrew:CreateSchedule", - "databrew:DescribeSchedule", - "databrew:ListSchedules", - "databrew:UpdateSchedule", - "databrew:DeleteSchedule", - "databrew:CreateRuleset", - "databrew:DeleteRuleset", - "databrew:DescribeRuleset", - "databrew:ListRulesets", - "databrew:UpdateRuleset", - "databrew:ListTagsForResource", - "databrew:TagResource", - "databrew:UntagResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "appflow:DescribeFlow", - "appflow:DescribeFlowExecutionRecords", - "appflow:ListFlows", - "glue:GetConnection", - "glue:GetConnections", - "glue:GetDatabases", - "glue:GetPartitions", - "glue:GetTable", - "glue:GetTables", - "glue:GetDataCatalogEncryptionSettings", - "dataexchange:ListDataSets", - "dataexchange:ListDataSetRevisions", - "dataexchange:ListRevisionAssets", - "dataexchange:CreateJob", - "dataexchange:StartJob", - "dataexchange:GetJob", - "ec2:DescribeSecurityGroups", - "ec2:DescribeVpcs", - "ec2:DescribeSubnets", - "kms:DescribeKey", - "kms:ListKeys", - "kms:ListAliases", - "redshift:DescribeClusters", - "redshift:DescribeClusterSubnetGroups", - "redshift-data:DescribeStatement", - "redshift-data:ListDatabases", - "redshift-data:ListSchemas", - "redshift-data:ListTables", - "s3:ListAllMyBuckets", - "s3:GetBucketCORS", - "s3:GetBucketLocation", - "s3:GetEncryptionConfiguration", - "s3:GetLifecycleConfiguration", - "secretsmanager:ListSecrets", - "secretsmanager:DescribeSecret", - "sts:GetCallerIdentity", - "cloudtrail:LookupEvents", - "iam:ListRoles", - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "glue:CreateConnection" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:glue:*:*:catalog", - "arn:aws:glue:*:*:connection/AwsGlueDataBrew-*" - ] - }, - { - "Action": [ - "glue:GetDatabases" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:glue:*:*:catalog", - "arn:aws:glue:*:*:database/*" - ] - }, - { - "Action": [ - "glue:CreateTable" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:glue:*:*:catalog", - "arn:aws:glue:*:*:database/*", - "arn:aws:glue:*:*:table/*/awsgluedatabrew*" - ] - }, - { - "Action": [ - "s3:ListBucket", - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::databrew-public-datasets-*" - ] - }, - { - "Action": [ - "kms:GenerateDataKey" - ], - "Condition": { - "StringLike": { - "kms:ViaService": "s3.*.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "secretsmanager:CreateSecret" - ], - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:secret:AwsGlueDataBrew-*" - }, - { - "Action": [ - "kms:GenerateRandom" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "secretsmanager:GetSecretValue" - ], - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "databrew.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:secret:databrew!default-*" - }, - { - "Action": [ - "secretsmanager:CreateSecret" - ], - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "databrew.amazonaws.com" - ] - }, - "StringLike": { - "secretsmanager:Name": "databrew!default" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:secretsmanager:*:*:secret:databrew!default-*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "databrew.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4ACNRIK7M3", - "PolicyName": "AwsGlueDataBrewFullAccessPolicy", - "UpdateDate": "2022-02-04T18:28:33+00:00", - "VersionId": "v8" - }, - "BatchServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/BatchServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-03-10T06:55:36+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeAccountAttributes", - "ec2:DescribeInstances", - "ec2:DescribeInstanceStatus", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", - "ec2:DescribeKeyPairs", - "ec2:DescribeImages", - "ec2:DescribeImageAttribute", - "ec2:DescribeSpotInstanceRequests", - "ec2:DescribeSpotFleetInstances", - "ec2:DescribeSpotFleetRequests", - "ec2:DescribeSpotPriceHistory", - "ec2:DescribeVpcClassicLink", - "ec2:DescribeLaunchTemplateVersions", - "ec2:RequestSpotFleet", - "autoscaling:DescribeAccountLimits", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeAutoScalingInstances", - "ecs:DescribeClusters", - "ecs:DescribeContainerInstances", - "ecs:DescribeTaskDefinition", - "ecs:DescribeTasks", - "ecs:ListClusters", - "ecs:ListContainerInstances", - "ecs:ListTaskDefinitionFamilies", - "ecs:ListTaskDefinitions", - "ecs:ListTasks", - "ecs:DeregisterTaskDefinition", - "ecs:TagResource", - "ecs:ListAccountSettings", - "logs:DescribeLogGroups", - "iam:GetInstanceProfile", - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/batch/job*" - }, - { - "Action": [ - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/batch/job*:log-stream:*" - }, - { - "Action": [ - "autoscaling:CreateOrUpdateTags" - ], - "Condition": { - "Null": { - "aws:RequestTag/AWSBatchServiceTag": "false" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "ec2.amazonaws.com", - "ec2.amazonaws.com.cn", - "ecs-tasks.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "spot.amazonaws.com", - "spotfleet.amazonaws.com", - "autoscaling.amazonaws.com", - "ecs.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:CreateLaunchTemplate" - ], - "Condition": { - "Null": { - "aws:RequestTag/AWSBatchServiceTag": "false" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:TerminateInstances", - "ec2:CancelSpotFleetRequests", - "ec2:ModifySpotFleetRequest", - "ec2:DeleteLaunchTemplate" - ], - "Condition": { - "Null": { - "aws:ResourceTag/AWSBatchServiceTag": "false" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "autoscaling:CreateLaunchConfiguration", - "autoscaling:DeleteLaunchConfiguration" - ], - "Effect": "Allow", - "Resource": "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/AWSBatch*" - }, - { - "Action": [ - "autoscaling:CreateAutoScalingGroup", - "autoscaling:UpdateAutoScalingGroup", - "autoscaling:SetDesiredCapacity", - "autoscaling:DeleteAutoScalingGroup", - "autoscaling:SuspendProcesses", - "autoscaling:PutNotificationConfiguration", - "autoscaling:TerminateInstanceInAutoScalingGroup" - ], - "Effect": "Allow", - "Resource": "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/AWSBatch*" - }, - { - "Action": [ - "ecs:DeleteCluster", - "ecs:DeregisterContainerInstance", - "ecs:RunTask", - "ecs:StartTask", - "ecs:StopTask" - ], - "Effect": "Allow", - "Resource": "arn:aws:ecs:*:*:cluster/AWSBatch*" - }, - { - "Action": [ - "ecs:RunTask", - "ecs:StartTask", - "ecs:StopTask" - ], - "Effect": "Allow", - "Resource": "arn:aws:ecs:*:*:task-definition/*" - }, - { - "Action": [ - "ecs:StopTask" - ], - "Effect": "Allow", - "Resource": "arn:aws:ecs:*:*:task/*/*" - }, - { - "Action": [ - "ecs:CreateCluster", - "ecs:RegisterTaskDefinition" - ], - "Condition": { - "Null": { - "aws:RequestTag/AWSBatchServiceTag": "false" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:RunInstances", - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*::image/*", - "arn:aws:ec2:*::snapshot/*", - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:key-pair/*", - "arn:aws:ec2:*:*:launch-template/*", - "arn:aws:ec2:*:*:placement-group/*", - "arn:aws:ec2:*:*:capacity-reservation/*", - "arn:aws:ec2:*:*:elastic-gpu/*", - "arn:aws:elastic-inference:*:*:elastic-inference-accelerator/*" - ] - }, - { - "Action": "ec2:RunInstances", - "Condition": { - "Null": { - "aws:RequestTag/AWSBatchServiceTag": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "StringEquals": { - "ec2:CreateAction": [ - "RunInstances", - "CreateLaunchTemplate", - "RequestSpotFleet" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4COHHXEWBT", - "PolicyName": "BatchServiceRolePolicy", - "UpdateDate": "2021-12-07T02:15:31+00:00", - "VersionId": "v4" - }, - "Billing": { - "Arn": "arn:aws:iam::aws:policy/job-function/Billing", - "AttachmentCount": 0, - "CreateDate": "2016-11-10T17:33:18+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "aws-portal:*Billing", - "aws-portal:*Usage", - "aws-portal:*PaymentMethods", - "budgets:ViewBudget", - "budgets:ModifyBudget", - "ce:UpdatePreferences", - "ce:CreateReport", - "ce:UpdateReport", - "ce:DeleteReport", - "ce:CreateNotificationSubscription", - "ce:UpdateNotificationSubscription", - "ce:DeleteNotificationSubscription", - "cur:DescribeReportDefinitions", - "cur:PutReportDefinition", - "cur:ModifyReportDefinition", - "cur:DeleteReportDefinition", - "purchase-orders:*PurchaseOrders" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/job-function/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIFTHXT6FFMIRT7ZEA", - "PolicyName": "Billing", - "UpdateDate": "2020-10-05T20:37:01+00:00", - "VersionId": "v5" - }, - "CertificateManagerServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/CertificateManagerServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-06-25T17:56:49+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "acm-pca:IssueCertificate", - "acm-pca:GetCertificate" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4G2T4BX7CL", - "PolicyName": "CertificateManagerServiceRolePolicy", - "UpdateDate": "2020-06-25T17:56:49+00:00", - "VersionId": "v1" - }, - "ClientVPNServiceConnectionsRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/ClientVPNServiceConnectionsRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-08-12T19:48:06+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "lambda:InvokeFunction" - ], - "Effect": "Allow", - "Resource": "arn:aws:lambda:*:*:function:AWSClientVPN-*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PG4VWZTEZ", - "PolicyName": "ClientVPNServiceConnectionsRolePolicy", - "UpdateDate": "2020-08-12T19:48:06+00:00", - "VersionId": "v1" - }, - "ClientVPNServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/ClientVPNServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-12-10T21:20:25+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:DescribeSecurityGroups", - "ec2:DescribeVpcs", - "ec2:DescribeSubnets", - "ec2:DescribeInternetGateways", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:DeleteNetworkInterface", - "ec2:DescribeAccountAttributes", - "ds:AuthorizeApplication", - "ds:DescribeDirectories", - "ds:GetDirectoryLimits", - "ds:UnauthorizeApplication", - "logs:DescribeLogStreams", - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogGroups", - "acm:GetCertificate", - "acm:DescribeCertificate", - "iam:GetSAMLProvider", - "lambda:GetFunctionConfiguration" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI2SV25KUCYQYS5N74", - "PolicyName": "ClientVPNServiceRolePolicy", - "UpdateDate": "2020-08-12T19:39:34+00:00", - "VersionId": "v5" - }, - "CloudFormationStackSetsOrgAdminServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudFormationStackSetsOrgAdminServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-12-10T00:20:05+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "organizations:List*", - "organizations:Describe*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AllowsAWSOrganizationsReadAPIs" - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/stacksets-exec-*", - "Sid": "AllowAssumeRoleInMemberAccounts" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JEQ3CDBDV", - "PolicyName": "CloudFormationStackSetsOrgAdminServiceRolePolicy", - "UpdateDate": "2019-12-10T00:20:05+00:00", - "VersionId": "v1" - }, - "CloudFormationStackSetsOrgMemberServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudFormationStackSetsOrgMemberServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-12-09T23:52:37+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iam:CreateRole", - "iam:DeleteRole", - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/stacksets-exec-*" - ] - }, - { - "Action": [ - "iam:DetachRolePolicy", - "iam:AttachRolePolicy" - ], - "Condition": { - "StringEquals": { - "iam:PolicyARN": "arn:aws:iam::aws:policy/AdministratorAccess" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/stacksets-exec-*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LHV6H6QDU", - "PolicyName": "CloudFormationStackSetsOrgMemberServiceRolePolicy", - "UpdateDate": "2019-12-09T23:52:37+00:00", - "VersionId": "v1" - }, - "CloudFrontFullAccess": { - "Arn": "arn:aws:iam::aws:policy/CloudFrontFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:39:50+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*" - }, - { - "Action": [ - "acm:ListCertificates", - "cloudfront:*", - "iam:ListServerCertificates", - "waf:ListWebACLs", - "waf:GetWebACL", - "wafv2:ListWebACLs", - "wafv2:GetWebACL", - "kinesis:ListStreams" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kinesis:DescribeStream" - ], - "Effect": "Allow", - "Resource": "arn:aws:kinesis:*:*:*" - }, - { - "Action": [ - "iam:ListRoles" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIPRV52SH6HDCCFY6U", - "PolicyName": "CloudFrontFullAccess", - "UpdateDate": "2020-09-03T20:18:42+00:00", - "VersionId": "v6" - }, - "CloudFrontReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/CloudFrontReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:39:55+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "acm:ListCertificates", - "cloudfront:DescribeFunction", - "cloudfront:Get*", - "cloudfront:List*", - "iam:ListServerCertificates", - "route53:List*", - "waf:ListWebACLs", - "waf:GetWebACL", - "wafv2:ListWebACLs", - "wafv2:GetWebACL" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJJZMNYOTZCNQP36LG", - "PolicyName": "CloudFrontReadOnlyAccess", - "UpdateDate": "2021-09-08T22:10:54+00:00", - "VersionId": "v5" - }, - "CloudHSMServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudHSMServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2017-11-06T19:12:46+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJILYY7JP6JLMQG56I", - "PolicyName": "CloudHSMServiceRolePolicy", - "UpdateDate": "2017-11-06T19:12:46+00:00", - "VersionId": "v1" - }, - "CloudSearchFullAccess": { - "Arn": "arn:aws:iam::aws:policy/CloudSearchFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:39:56+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cloudsearch:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIM6OOWKQ7L7VBOZOC", - "PolicyName": "CloudSearchFullAccess", - "UpdateDate": "2015-02-06T18:39:56+00:00", - "VersionId": "v1" - }, - "CloudSearchReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/CloudSearchReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:39:57+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cloudsearch:Describe*", - "cloudsearch:List*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJWPLX7N7BCC3RZLHW", - "PolicyName": "CloudSearchReadOnlyAccess", - "UpdateDate": "2015-02-06T18:39:57+00:00", - "VersionId": "v1" - }, - "CloudTrailServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudTrailServiceRolePolicy", - "AttachmentCount": 1, - "CreateDate": "2018-10-24T21:21:44+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cloudtrail:*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CloudTrailFullAccess" - }, - { - "Action": [ - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:ListAccounts", - "organizations:ListAWSServiceAccessForOrganization" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "AwsOrgsAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJXQJ45EGU6U7NQBW4", - "PolicyName": "CloudTrailServiceRolePolicy", - "UpdateDate": "2018-10-24T21:21:44+00:00", - "VersionId": "v1" - }, - "CloudWatch-CrossAccountAccess": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudWatch-CrossAccountAccess", - "AttachmentCount": 0, - "CreateDate": "2019-07-23T09:59:27+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "sts:AssumeRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/CloudWatch-CrossAccountSharing*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4OV6AFDA5J", - "PolicyName": "CloudWatch-CrossAccountAccess", - "UpdateDate": "2019-07-23T09:59:27+00:00", - "VersionId": "v1" - }, - "CloudWatchActionsEC2Access": { - "Arn": "arn:aws:iam::aws:policy/CloudWatchActionsEC2Access", - "AttachmentCount": 0, - "CreateDate": "2015-07-07T00:00:33+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:Describe*", - "ec2:Describe*", - "ec2:RebootInstances", - "ec2:StopInstances", - "ec2:TerminateInstances" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIOWD4E3FVSORSZTGU", - "PolicyName": "CloudWatchActionsEC2Access", - "UpdateDate": "2015-07-07T00:00:33+00:00", - "VersionId": "v1" - }, - "CloudWatchAgentAdminPolicy": { - "Arn": "arn:aws:iam::aws:policy/CloudWatchAgentAdminPolicy", - "AttachmentCount": 0, - "CreateDate": "2018-03-07T00:52:31+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:PutMetricData", - "ec2:DescribeTags", - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:DescribeLogGroups", - "logs:CreateLogStream", - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ssm:GetParameter", - "ssm:PutParameter" - ], - "Effect": "Allow", - "Resource": "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAICMXPKT7EBAF6KR3O", - "PolicyName": "CloudWatchAgentAdminPolicy", - "UpdateDate": "2018-03-07T00:52:31+00:00", - "VersionId": "v1" - }, - "CloudWatchAgentServerPolicy": { - "Arn": "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy", - "AttachmentCount": 0, - "CreateDate": "2018-03-07T01:06:44+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:PutMetricData", - "ec2:DescribeVolumes", - "ec2:DescribeTags", - "logs:PutLogEvents", - "logs:DescribeLogStreams", - "logs:DescribeLogGroups", - "logs:CreateLogStream", - "logs:CreateLogGroup" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ssm:GetParameter" - ], - "Effect": "Allow", - "Resource": "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIGOPKN7KRDAKTLG4I", - "PolicyName": "CloudWatchAgentServerPolicy", - "UpdateDate": "2019-10-17T23:08:51+00:00", - "VersionId": "v2" - }, - "CloudWatchApplicationInsightsFullAccess": { - "Arn": "arn:aws:iam::aws:policy/CloudWatchApplicationInsightsFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-11-24T18:44:14+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": "applicationinsights:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeVolumes", - "rds:DescribeDBInstances", - "rds:DescribeDBClusters", - "sqs:ListQueues", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "autoscaling:DescribeAutoScalingGroups", - "lambda:ListFunctions", - "dynamodb:ListTables", - "s3:ListAllMyBuckets", - "sns:ListTopics", - "states:ListStateMachines", - "apigateway:GET", - "ecs:ListClusters", - "ecs:DescribeTaskDefinition", - "ecs:ListServices", - "ecs:ListTasks", - "eks:ListClusters", - "eks:ListNodegroups", - "fsx:DescribeFileSystems", - "logs:DescribeLogGroups" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "application-insights.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/application-insights.amazonaws.com/AWSServiceRoleForApplicationInsights" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MSQN23AKX", - "PolicyName": "CloudWatchApplicationInsightsFullAccess", - "UpdateDate": "2022-01-25T17:51:29+00:00", - "VersionId": "v4" - }, - "CloudWatchApplicationInsightsReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/CloudWatchApplicationInsightsReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-11-24T18:48:00+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "applicationinsights:Describe*", - "applicationinsights:List*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4AX4TJYLSI", - "PolicyName": "CloudWatchApplicationInsightsReadOnlyAccess", - "UpdateDate": "2020-11-24T18:48:00+00:00", - "VersionId": "v1" - }, - "CloudWatchAutomaticDashboardsAccess": { - "Arn": "arn:aws:iam::aws:policy/CloudWatchAutomaticDashboardsAccess", - "AttachmentCount": 0, - "CreateDate": "2019-07-23T10:01:08+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "autoscaling:DescribeAutoScalingGroups", - "cloudfront:GetDistribution", - "cloudfront:ListDistributions", - "dynamodb:DescribeTable", - "dynamodb:ListTables", - "ec2:DescribeInstances", - "ec2:DescribeVolumes", - "ecs:DescribeClusters", - "ecs:DescribeContainerInstances", - "ecs:ListClusters", - "ecs:ListContainerInstances", - "ecs:ListServices", - "elasticache:DescribeCacheClusters", - "elasticbeanstalk:DescribeEnvironments", - "elasticfilesystem:DescribeFileSystems", - "elasticloadbalancing:DescribeLoadBalancers", - "kinesis:DescribeStream", - "kinesis:ListStreams", - "lambda:GetFunction", - "lambda:ListFunctions", - "rds:DescribeDBClusters", - "rds:DescribeDBInstances", - "resource-groups:ListGroupResources", - "resource-groups:ListGroups", - "route53:GetHealthCheck", - "route53:ListHealthChecks", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "sns:ListTopics", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - "sqs:ListQueues", - "synthetics:DescribeCanariesLastRun", - "tag:GetResources" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "apigateway:GET" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:apigateway:*::/restapis*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JFCXGSE2Q", - "PolicyName": "CloudWatchAutomaticDashboardsAccess", - "UpdateDate": "2021-04-20T13:05:40+00:00", - "VersionId": "v4" - }, - "CloudWatchEventsBuiltInTargetExecutionAccess": { - "Arn": "arn:aws:iam::aws:policy/service-role/CloudWatchEventsBuiltInTargetExecutionAccess", - "AttachmentCount": 0, - "CreateDate": "2016-01-14T18:35:49+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:Describe*", - "ec2:RebootInstances", - "ec2:StopInstances", - "ec2:TerminateInstances", - "ec2:CreateSnapshot" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CloudWatchEventsBuiltInTargetExecutionAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIC5AQ5DATYSNF4AUM", - "PolicyName": "CloudWatchEventsBuiltInTargetExecutionAccess", - "UpdateDate": "2016-01-14T18:35:49+00:00", - "VersionId": "v1" - }, - "CloudWatchEventsFullAccess": { - "Arn": "arn:aws:iam::aws:policy/CloudWatchEventsFullAccess", - "AttachmentCount": 0, - "CreateDate": "2016-01-14T18:37:08+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "events:*", - "Effect": "Allow", - "Resource": "*", - "Sid": "CloudWatchEventsFullAccess" - }, - { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/AWS_Events_Invoke_Targets", - "Sid": "IAMPassRoleForCloudWatchEvents" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJZLOYLNHESMYOJAFU", - "PolicyName": "CloudWatchEventsFullAccess", - "UpdateDate": "2016-01-14T18:37:08+00:00", - "VersionId": "v1" - }, - "CloudWatchEventsInvocationAccess": { - "Arn": "arn:aws:iam::aws:policy/service-role/CloudWatchEventsInvocationAccess", - "AttachmentCount": 0, - "CreateDate": "2016-01-14T18:36:33+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "kinesis:PutRecord" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CloudWatchEventsInvocationAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJJXD6JKJLK2WDLZNO", - "PolicyName": "CloudWatchEventsInvocationAccess", - "UpdateDate": "2016-01-14T18:36:33+00:00", - "VersionId": "v1" - }, - "CloudWatchEventsReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/CloudWatchEventsReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2016-01-14T18:27:18+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "events:DescribeRule", - "events:ListRuleNamesByTarget", - "events:ListRules", - "events:ListTargetsByRule", - "events:TestEventPattern", - "events:DescribeEventBus" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CloudWatchEventsReadOnlyAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIILJPXXA6F7GYLYBS", - "PolicyName": "CloudWatchEventsReadOnlyAccess", - "UpdateDate": "2017-08-10T17:25:34+00:00", - "VersionId": "v2" - }, - "CloudWatchEventsServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudWatchEventsServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2017-11-17T00:42:04+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:DescribeAlarms", - "ec2:DescribeInstanceStatus", - "ec2:DescribeInstances", - "ec2:DescribeSnapshots", - "ec2:DescribeVolumeStatus", - "ec2:DescribeVolumes", - "ec2:RebootInstances", - "ec2:StopInstances", - "ec2:TerminateInstances", - "ec2:CreateSnapshot" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJNVASSNSIDZIP4X7I", - "PolicyName": "CloudWatchEventsServiceRolePolicy", - "UpdateDate": "2017-11-17T00:42:04+00:00", - "VersionId": "v1" - }, - "CloudWatchFullAccess": { - "Arn": "arn:aws:iam::aws:policy/CloudWatchFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:00+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "autoscaling:Describe*", - "cloudwatch:*", - "logs:*", - "sns:*", - "iam:GetPolicy", - "iam:GetPolicyVersion", - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "events.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIKEABORKUXN6DEAZU", - "PolicyName": "CloudWatchFullAccess", - "UpdateDate": "2018-08-09T19:10:43+00:00", - "VersionId": "v3" - }, - "CloudWatchLambdaInsightsExecutionRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-10-07T19:27:06+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "logs:CreateLogGroup", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/lambda-insights:*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4EDWWYYDS6", - "PolicyName": "CloudWatchLambdaInsightsExecutionRolePolicy", - "UpdateDate": "2020-10-07T19:27:06+00:00", - "VersionId": "v1" - }, - "CloudWatchLogsFullAccess": { - "Arn": "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:02+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ3ZGNWK2R5HW5BQFO", - "PolicyName": "CloudWatchLogsFullAccess", - "UpdateDate": "2015-02-06T18:40:02+00:00", - "VersionId": "v1" - }, - "CloudWatchLogsReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:03+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "logs:Describe*", - "logs:Get*", - "logs:List*", - "logs:StartQuery", - "logs:StopQuery", - "logs:TestMetricFilter", - "logs:FilterLogEvents" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ2YIYDYSNNEHK3VKW", - "PolicyName": "CloudWatchLogsReadOnlyAccess", - "UpdateDate": "2019-01-14T19:32:45+00:00", - "VersionId": "v4" - }, - "CloudWatchReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:01+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "autoscaling:Describe*", - "cloudwatch:Describe*", - "cloudwatch:Get*", - "cloudwatch:List*", - "logs:Get*", - "logs:List*", - "logs:StartQuery", - "logs:StopQuery", - "logs:Describe*", - "logs:TestMetricFilter", - "logs:FilterLogEvents", - "sns:Get*", - "sns:List*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJN23PDQP7SZQAE3QE", - "PolicyName": "CloudWatchReadOnlyAccess", - "UpdateDate": "2020-07-17T17:49:09+00:00", - "VersionId": "v4" - }, - "CloudWatchSyntheticsFullAccess": { - "Arn": "arn:aws:iam::aws:policy/CloudWatchSyntheticsFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-11-25T17:39:46+00:00", - "DefaultVersionId": "v8", - "Document": { - "Statement": [ - { - "Action": [ - "synthetics:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:CreateBucket", - "s3:PutEncryptionConfiguration" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::cw-syn-results-*" - ] - }, - { - "Action": [ - "iam:ListRoles", - "s3:ListAllMyBuckets", - "xray:GetTraceSummaries", - "xray:BatchGetTraces", - "apigateway:GET" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetBucketLocation" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*" - }, - { - "Action": [ - "s3:GetObject", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::cw-syn-*" - }, - { - "Action": [ - "s3:GetObjectVersion" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::aws-synthetics-library-*" - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "lambda.amazonaws.com", - "synthetics.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/service-role/CloudWatchSyntheticsRole*" - ] - }, - { - "Action": [ - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/service-role/CloudWatchSyntheticsRole*" - ] - }, - { - "Action": [ - "cloudwatch:GetMetricData", - "cloudwatch:GetMetricStatistics" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:PutMetricAlarm", - "cloudwatch:DeleteAlarms" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudwatch:*:*:alarm:Synthetics-*" - ] - }, - { - "Action": [ - "cloudwatch:DescribeAlarms" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudwatch:*:*:alarm:*" - ] - }, - { - "Action": [ - "lambda:CreateFunction", - "lambda:AddPermission", - "lambda:PublishVersion", - "lambda:UpdateFunctionCode", - "lambda:UpdateFunctionConfiguration", - "lambda:GetFunctionConfiguration" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:lambda:*:*:function:cwsyn-*" - ] - }, - { - "Action": [ - "lambda:GetLayerVersion", - "lambda:PublishLayerVersion" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:lambda:*:*:layer:cwsyn-*", - "arn:aws:lambda:*:*:layer:Synthetics:*" - ] - }, - { - "Action": [ - "ec2:DescribeVpcs", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "sns:ListTopics" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "sns:CreateTopic", - "sns:Subscribe", - "sns:ListSubscriptionsByTopic" - ], - "Effect": "Allow", - "Resource": [ - "arn:*:sns:*:*:Synthetics-*" - ] - }, - { - "Action": [ - "kms:ListAliases" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": "arn:aws:kms:*:*:key/*" - }, - { - "Action": [ - "kms:Decrypt" - ], - "Condition": { - "StringLike": { - "kms:ViaService": [ - "s3.*.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:kms:*:*:key/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MAGQWEZP4", - "PolicyName": "CloudWatchSyntheticsFullAccess", - "UpdateDate": "2021-09-29T23:07:11+00:00", - "VersionId": "v8" - }, - "CloudWatchSyntheticsReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/CloudWatchSyntheticsReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-11-25T17:45:40+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "synthetics:Describe*", - "synthetics:Get*", - "synthetics:List*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4C7XDT2FFB", - "PolicyName": "CloudWatchSyntheticsReadOnlyAccess", - "UpdateDate": "2020-03-06T19:26:01+00:00", - "VersionId": "v2" - }, - "CloudwatchApplicationInsightsServiceLinkedRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudwatchApplicationInsightsServiceLinkedRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-12-01T16:22:12+00:00", - "DefaultVersionId": "v19", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:DescribeAlarmHistory", - "cloudwatch:DescribeAlarms", - "cloudwatch:GetMetricData", - "cloudwatch:ListMetrics", - "cloudwatch:PutMetricAlarm", - "cloudwatch:DeleteAlarms", - "cloudwatch:PutAnomalyDetector", - "cloudwatch:DeleteAnomalyDetector", - "cloudwatch:DescribeAnomalyDetectors" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "logs:FilterLogEvents", - "logs:GetLogEvents", - "logs:DescribeLogStreams", - "logs:DescribeLogGroups" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "events:DescribeRule" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "cloudFormation:CreateStack", - "cloudFormation:UpdateStack", - "cloudFormation:DeleteStack", - "cloudFormation:DescribeStackResources" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:cloudformation:*:*:stack/ApplicationInsights-*" - ] - }, - { - "Action": [ - "cloudFormation:DescribeStacks", - "cloudFormation:ListStackResources" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "tag:GetResources" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "resource-groups:ListGroupResources", - "resource-groups:GetGroupQuery", - "resource-groups:GetGroup" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "resource-groups:CreateGroup", - "resource-groups:DeleteGroup" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:resource-groups:*:*:group/ApplicationInsights-*" - ] - }, - { - "Action": [ - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "autoscaling:DescribeAutoScalingGroups" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ssm:PutParameter", - "ssm:DeleteParameter", - "ssm:AddTagsToResource", - "ssm:RemoveTagsFromResource", - "ssm:GetParameters" - ], - "Effect": "Allow", - "Resource": "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-ApplicationInsights-*" - }, - { - "Action": [ - "ssm:CreateAssociation", - "ssm:UpdateAssociation", - "ssm:DeleteAssociation", - "ssm:DescribeAssociation" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ssm:*:*:association/*", - "arn:aws:ssm:*:*:managed-instance/*", - "arn:aws:ssm:*:*:document/AWSEC2-ApplicationInsightsCloudwatchAgentInstallAndConfigure", - "arn:aws:ssm:*:*:document/AWS-ConfigureAWSPackage", - "arn:aws:ssm:*:*:document/AmazonCloudWatch-ManageAgent" - ] - }, - { - "Action": [ - "ssm:GetOpsItem", - "ssm:CreateOpsItem", - "ssm:DescribeOpsItems", - "ssm:UpdateOpsItem", - "ssm:DescribeInstanceInformation" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ssm:AddTagsToResource" - ], - "Effect": "Allow", - "Resource": "arn:aws:ssm:*:*:opsitem/*" - }, - { - "Action": [ - "ssm:ListCommandInvocations" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "ssm:SendCommand", - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ssm:*:*:document/AWSEC2-CheckPerformanceCounterSets", - "arn:aws:ssm:*:*:document/AWS-ConfigureAWSPackage", - "arn:aws:ssm:*:*:document/AWSEC2-DetectWorkload", - "arn:aws:ssm:*:*:document/AmazonCloudWatch-ManageAgent" - ] - }, - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeVolumes", - "ec2:DescribeVolumeStatus" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "rds:DescribeDBInstances", - "rds:DescribeDBClusters" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "lambda:ListFunctions", - "lambda:GetFunctionConfiguration", - "lambda:ListEventSourceMappings" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "events:PutRule", - "events:PutTargets", - "events:RemoveTargets", - "events:DeleteRule" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:events:*:*:rule/AmazonCloudWatch-ApplicationInsights-*" - ] - }, - { - "Action": [ - "xray:GetServiceGraph", - "xray:GetTraceSummaries", - "xray:GetTimeSeriesServiceStatistics", - "xray:GetTraceGraph" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "dynamodb:ListTables", - "dynamodb:DescribeTable", - "dynamodb:DescribeContributorInsights", - "dynamodb:DescribeTimeToLive" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "application-autoscaling:DescribeScalableTargets" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "s3:ListAllMyBuckets", - "s3:GetMetricsConfiguration", - "s3:GetReplicationConfiguration" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "states:ListStateMachines", - "states:DescribeExecution", - "states:DescribeStateMachine", - "states:GetExecutionHistory" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "apigateway:GET" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ecs:DescribeClusters", - "ecs:DescribeContainerInstances", - "ecs:DescribeServices", - "ecs:DescribeTaskDefinition", - "ecs:DescribeTasks", - "ecs:DescribeTaskSets", - "ecs:ListClusters", - "ecs:ListContainerInstances", - "ecs:ListServices", - "ecs:ListTasks" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ecs:UpdateClusterSettings" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ecs:*:*:cluster/*" - ] - }, - { - "Action": [ - "eks:DescribeCluster", - "eks:DescribeFargateProfile", - "eks:DescribeNodegroup", - "eks:ListClusters", - "eks:ListFargateProfiles", - "eks:ListNodegroups", - "fsx:DescribeFileSystems" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "sns:GetSubscriptionAttributes", - "sns:GetTopicAttributes", - "sns:GetSMSAttributes", - "sns:ListSubscriptionsByTopic", - "sns:ListTopics" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "sqs:ListQueues" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:DeleteSubscriptionFilter" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:*" - ] - }, - { - "Action": [ - "logs:PutSubscriptionFilter" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:*", - "arn:aws:logs:*:*:destination:AmazonCloudWatch-ApplicationInsights-LogIngestionDestination*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJH3SHQERZRQMQOQ44", - "PolicyName": "CloudwatchApplicationInsightsServiceLinkedRolePolicy", - "UpdateDate": "2022-01-25T17:51:32+00:00", - "VersionId": "v19" - }, - "ComprehendDataAccessRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/service-role/ComprehendDataAccessRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-03-06T22:28:15+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": { - "Action": [ - "s3:GetObject", - "s3:ListBucket", - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*Comprehend*", - "arn:aws:s3:::*comprehend*" - ] - }, - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJHSDRRKS2Z3MYUPQY", - "PolicyName": "ComprehendDataAccessRolePolicy", - "UpdateDate": "2019-03-06T22:28:15+00:00", - "VersionId": "v1" - }, - "ComprehendFullAccess": { - "Arn": "arn:aws:iam::aws:policy/ComprehendFullAccess", - "AttachmentCount": 0, - "CreateDate": "2017-11-29T18:08:43+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "comprehend:*", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "s3:GetBucketLocation", - "iam:ListRoles", - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAITBM2PMWNG2P7RZEQ", - "PolicyName": "ComprehendFullAccess", - "UpdateDate": "2017-12-05T01:36:24+00:00", - "VersionId": "v2" - }, - "ComprehendMedicalFullAccess": { - "Arn": "arn:aws:iam::aws:policy/ComprehendMedicalFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-27T17:55:52+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "comprehendmedical:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJR5SUEX6PPJ3K4RAO", - "PolicyName": "ComprehendMedicalFullAccess", - "UpdateDate": "2018-11-27T17:55:52+00:00", - "VersionId": "v1" - }, - "ComprehendReadOnly": { - "Arn": "arn:aws:iam::aws:policy/ComprehendReadOnly", - "AttachmentCount": 0, - "CreateDate": "2017-11-29T18:10:19+00:00", - "DefaultVersionId": "v10", - "Document": { - "Statement": [ - { - "Action": [ - "comprehend:DetectDominantLanguage", - "comprehend:BatchDetectDominantLanguage", - "comprehend:DetectEntities", - "comprehend:BatchDetectEntities", - "comprehend:DetectKeyPhrases", - "comprehend:BatchDetectKeyPhrases", - "comprehend:DetectPiiEntities", - "comprehend:ContainsPiiEntities", - "comprehend:DetectSentiment", - "comprehend:BatchDetectSentiment", - "comprehend:DetectSyntax", - "comprehend:BatchDetectSyntax", - "comprehend:ClassifyDocument", - "comprehend:DescribeTopicsDetectionJob", - "comprehend:ListTopicsDetectionJobs", - "comprehend:DescribeDominantLanguageDetectionJob", - "comprehend:ListDominantLanguageDetectionJobs", - "comprehend:DescribeEntitiesDetectionJob", - "comprehend:ListEntitiesDetectionJobs", - "comprehend:DescribeKeyPhrasesDetectionJob", - "comprehend:ListKeyPhrasesDetectionJobs", - "comprehend:DescribePiiEntitiesDetectionJob", - "comprehend:ListPiiEntitiesDetectionJobs", - "comprehend:DescribeSentimentDetectionJob", - "comprehend:ListSentimentDetectionJobs", - "comprehend:DescribeDocumentClassifier", - "comprehend:ListDocumentClassifiers", - "comprehend:DescribeDocumentClassificationJob", - "comprehend:ListDocumentClassificationJobs", - "comprehend:DescribeEntityRecognizer", - "comprehend:ListEntityRecognizers", - "comprehend:ListTagsForResource", - "comprehend:DescribeEndpoint", - "comprehend:ListEndpoints", - "comprehend:ListDocumentClassifierSummaries", - "comprehend:ListEntityRecognizerSummaries", - "comprehend:DescribeResourcePolicy" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJIUV5K2YCHQBBAH7G", - "PolicyName": "ComprehendReadOnly", - "UpdateDate": "2022-02-02T21:08:24+00:00", - "VersionId": "v10" - }, - "ComputeOptimizerReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/ComputeOptimizerReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-03-07T00:11:02+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "compute-optimizer:DescribeRecommendationExportJobs", - "compute-optimizer:GetEnrollmentStatus", - "compute-optimizer:GetEnrollmentStatusesForOrganization", - "compute-optimizer:GetRecommendationSummaries", - "compute-optimizer:GetEC2InstanceRecommendations", - "compute-optimizer:GetEC2RecommendationProjectedMetrics", - "compute-optimizer:GetAutoScalingGroupRecommendations", - "compute-optimizer:GetEBSVolumeRecommendations", - "compute-optimizer:GetLambdaFunctionRecommendations", - "compute-optimizer:GetRecommendationPreferences", - "compute-optimizer:GetEffectiveRecommendationPreferences", - "ec2:DescribeInstances", - "ec2:DescribeVolumes", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeAutoScalingInstances", - "lambda:ListFunctions", - "lambda:ListProvisionedConcurrencyConfigs", - "cloudwatch:GetMetricData", - "organizations:ListAccounts", - "organizations:DescribeOrganization", - "organizations:DescribeAccount" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FI27MEARJ", - "PolicyName": "ComputeOptimizerReadOnlyAccess", - "UpdateDate": "2021-11-29T16:03:07+00:00", - "VersionId": "v5" - }, - "ComputeOptimizerServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/ComputeOptimizerServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-12-03T08:45:19+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "compute-optimizer:*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ComputeOptimizerFullAccess" - }, - { - "Action": [ - "organizations:DescribeOrganization", - "organizations:ListAccounts", - "organizations:ListAWSServiceAccessForOrganization" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "AwsOrgsAccess" - }, - { - "Action": [ - "cloudwatch:GetMetricData" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "CloudWatchAccess" - }, - { - "Action": [ - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:DescribeAutoScalingGroups" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "AutoScalingAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4HPOQZNRNJ", - "PolicyName": "ComputeOptimizerServiceRolePolicy", - "UpdateDate": "2021-11-29T16:04:07+00:00", - "VersionId": "v2" - }, - "ConfigConformsServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/ConfigConformsServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-07-25T21:38:05+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "config:PutConfigRule", - "config:DeleteConfigRule", - "config:DescribeConfigRules" - ], - "Effect": "Allow", - "Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/config-conforms.amazonaws.com*" - }, - { - "Action": [ - "config:DescribeRemediationConfigurations", - "config:DeleteRemediationConfiguration", - "config:PutRemediationConfigurations" - ], - "Effect": "Allow", - "Resource": "arn:aws:config:*:*:remediation-configuration/aws-service-remediation-configuration/config-conforms.amazonaws.com*" - }, - { - "Action": [ - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/*" - }, - { - "Action": [ - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/remediation.config.amazonaws.com/AWSServiceRoleForConfigRemediation" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "remediation.config.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/remediation.config.amazonaws.com/AWSServiceRoleForConfigRemediation" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": "ssm.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ssm:DescribeDocument", - "ssm:GetDocument" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:PutObject", - "s3:PutObjectAcl", - "s3:GetObject", - "s3:GetBucketAcl" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::awsconfigconforms*" - }, - { - "Action": [ - "cloudformation:CreateStack", - "cloudformation:DeleteStack", - "cloudformation:DescribeStackEvents", - "cloudformation:DescribeStackResource", - "cloudformation:DescribeStackResources", - "cloudformation:DescribeStacks", - "cloudformation:GetStackPolicy", - "cloudformation:SetStackPolicy", - "cloudformation:UpdateStack", - "cloudformation:UpdateTerminationProtection", - "cloudformation:ValidateTemplate", - "cloudformation:ListStackResources" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudformation:*:*:stack/awsconfigconforms-*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4BCH3IIJPN", - "PolicyName": "ConfigConformsServiceRolePolicy", - "UpdateDate": "2019-11-13T18:29:21+00:00", - "VersionId": "v4" - }, - "DAXServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/DAXServiceRolePolicy", - "AttachmentCount": 1, - "CreateDate": "2018-03-05T17:51:25+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:DeleteNetworkInterface", - "ec2:DeleteSecurityGroup", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:RevokeSecurityGroupIngress" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJQWMGC67G4DWMREGM", - "PolicyName": "DAXServiceRolePolicy", - "UpdateDate": "2018-03-05T17:51:25+00:00", - "VersionId": "v1" - }, - "DataScientist": { - "Arn": "arn:aws:iam::aws:policy/job-function/DataScientist", - "AttachmentCount": 0, - "CreateDate": "2016-11-10T17:28:48+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "autoscaling:*", - "cloudwatch:*", - "cloudformation:CreateStack", - "cloudformation:DescribeStackEvents", - "datapipeline:Describe*", - "datapipeline:ListPipelines", - "datapipeline:GetPipelineDefinition", - "datapipeline:QueryObjects", - "dynamodb:*", - "ec2:CancelSpotInstanceRequests", - "ec2:CancelSpotFleetRequests", - "ec2:CreateTags", - "ec2:DeleteTags", - "ec2:Describe*", - "ec2:ModifyImageAttribute", - "ec2:ModifyInstanceAttribute", - "ec2:ModifySpotFleetRequest", - "ec2:RequestSpotInstances", - "ec2:RequestSpotFleet", - "elasticfilesystem:*", - "elasticmapreduce:*", - "es:*", - "firehose:*", - "fsx:DescribeFileSystems", - "iam:GetInstanceProfile", - "iam:GetRole", - "iam:GetPolicy", - "iam:GetPolicyVersion", - "iam:ListRoles", - "kinesis:*", - "kms:List*", - "lambda:Create*", - "lambda:Delete*", - "lambda:Get*", - "lambda:InvokeFunction", - "lambda:PublishVersion", - "lambda:Update*", - "lambda:List*", - "machinelearning:*", - "sdb:*", - "rds:*", - "sns:ListSubscriptions", - "sns:ListTopics", - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "redshift:*", - "s3:CreateBucket", - "sns:CreateTopic", - "sns:Get*", - "sns:List*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:Abort*", - "s3:DeleteObject", - "s3:Get*", - "s3:List*", - "s3:PutAccelerateConfiguration", - "s3:PutBucketCors", - "s3:PutBucketLogging", - "s3:PutBucketNotification", - "s3:PutBucketTagging", - "s3:PutObject", - "s3:Replicate*", - "s3:RestoreObject" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:RunInstances", - "ec2:TerminateInstances" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/DataPipelineDefaultRole", - "arn:aws:iam::*:role/DataPipelineDefaultResourceRole", - "arn:aws:iam::*:role/EMR_EC2_DefaultRole", - "arn:aws:iam::*:role/EMR_DefaultRole", - "arn:aws:iam::*:role/kinesis-*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": "sagemaker.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sagemaker:*" - ], - "Effect": "Allow", - "NotResource": [ - "arn:aws:sagemaker:*:*:domain/*", - "arn:aws:sagemaker:*:*:user-profile/*", - "arn:aws:sagemaker:*:*:app/*", - "arn:aws:sagemaker:*:*:flow-definition/*" - ] - }, - { - "Action": [ - "sagemaker:CreatePresignedDomainUrl", - "sagemaker:DescribeDomain", - "sagemaker:ListDomains", - "sagemaker:DescribeUserProfile", - "sagemaker:ListUserProfiles", - "sagemaker:*App", - "sagemaker:ListApps" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sagemaker:*FlowDefinition", - "sagemaker:*FlowDefinitions" - ], - "Condition": { - "StringEqualsIfExists": { - "sagemaker:WorkteamType": [ - "private-crowd", - "vendor-crowd" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/job-function/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ5YHI2BQW7EQFYDXS", - "PolicyName": "DataScientist", - "UpdateDate": "2019-12-03T16:48:34+00:00", - "VersionId": "v5" - }, - "DatabaseAdministrator": { - "Arn": "arn:aws:iam::aws:policy/job-function/DatabaseAdministrator", - "AttachmentCount": 0, - "CreateDate": "2016-11-10T17:25:43+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:DeleteAlarms", - "cloudwatch:Describe*", - "cloudwatch:DisableAlarmActions", - "cloudwatch:EnableAlarmActions", - "cloudwatch:Get*", - "cloudwatch:List*", - "cloudwatch:PutMetricAlarm", - "datapipeline:ActivatePipeline", - "datapipeline:CreatePipeline", - "datapipeline:DeletePipeline", - "datapipeline:DescribeObjects", - "datapipeline:DescribePipelines", - "datapipeline:GetPipelineDefinition", - "datapipeline:ListPipelines", - "datapipeline:PutPipelineDefinition", - "datapipeline:QueryObjects", - "dynamodb:*", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAddresses", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInternetGateways", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "elasticache:*", - "iam:ListRoles", - "iam:GetRole", - "kms:ListKeys", - "lambda:CreateEventSourceMapping", - "lambda:CreateFunction", - "lambda:DeleteEventSourceMapping", - "lambda:DeleteFunction", - "lambda:GetFunctionConfiguration", - "lambda:ListEventSourceMappings", - "lambda:ListFunctions", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:FilterLogEvents", - "logs:GetLogEvents", - "logs:Create*", - "logs:PutLogEvents", - "logs:PutMetricFilter", - "rds:*", - "redshift:*", - "s3:CreateBucket", - "sns:CreateTopic", - "sns:DeleteTopic", - "sns:Get*", - "sns:List*", - "sns:SetTopicAttributes", - "sns:Subscribe", - "sns:Unsubscribe" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:AbortMultipartUpload", - "s3:DeleteObject*", - "s3:Get*", - "s3:List*", - "s3:PutAccelerateConfiguration", - "s3:PutBucketTagging", - "s3:PutBucketVersioning", - "s3:PutBucketWebsite", - "s3:PutLifecycleConfiguration", - "s3:PutReplicationConfiguration", - "s3:PutObject*", - "s3:Replicate*", - "s3:RestoreObject" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/rds-monitoring-role", - "arn:aws:iam::*:role/rdbms-lambda-access", - "arn:aws:iam::*:role/lambda_exec_role", - "arn:aws:iam::*:role/lambda-dynamodb-*", - "arn:aws:iam::*:role/lambda-vpc-execution-role", - "arn:aws:iam::*:role/DataPipelineDefaultRole", - "arn:aws:iam::*:role/DataPipelineDefaultResourceRole" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/job-function/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIGBMAW4VUQKOQNVT6", - "PolicyName": "DatabaseAdministrator", - "UpdateDate": "2019-01-08T00:48:02+00:00", - "VersionId": "v2" - }, - "DynamoDBCloudWatchContributorInsightsServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/DynamoDBCloudWatchContributorInsightsServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-11-15T21:13:58+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "cloudwatch:DeleteInsightRules", - "cloudwatch:PutInsightRule" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*" - }, - { - "Action": [ - "cloudwatch:DescribeInsightRules" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4G4VWJTRGV", - "PolicyName": "DynamoDBCloudWatchContributorInsightsServiceRolePolicy", - "UpdateDate": "2019-11-15T21:13:58+00:00", - "VersionId": "v1" - }, - "DynamoDBKinesisReplicationServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/DynamoDBKinesisReplicationServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-11-12T00:43:25+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "kms:GenerateDataKey", - "Condition": { - "StringLike": { - "kms:ViaService": "kinesis.*.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kinesis:PutRecord", - "kinesis:PutRecords", - "kinesis:DescribeStream" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4A745YPIYL", - "PolicyName": "DynamoDBKinesisReplicationServiceRolePolicy", - "UpdateDate": "2020-11-12T00:43:25+00:00", - "VersionId": "v1" - }, - "DynamoDBReplicationServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/DynamoDBReplicationServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2017-11-09T23:55:34+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "dynamodb:GetItem", - "dynamodb:PutItem", - "dynamodb:UpdateItem", - "dynamodb:DeleteItem", - "dynamodb:DescribeTable", - "dynamodb:UpdateTable", - "dynamodb:Scan", - "dynamodb:DescribeStream", - "dynamodb:GetRecords", - "dynamodb:GetShardIterator", - "dynamodb:DescribeTimeToLive", - "dynamodb:UpdateTimeToLive", - "dynamodb:DescribeLimits", - "application-autoscaling:RegisterScalableTarget", - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:PutScalingPolicy", - "application-autoscaling:DescribeScalingPolicies" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "dynamodb.application-autoscaling.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJCUNRXL4BWASNJED2", - "PolicyName": "DynamoDBReplicationServiceRolePolicy", - "UpdateDate": "2020-09-09T18:43:04+00:00", - "VersionId": "v6" - }, - "EC2FastLaunchServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/EC2FastLaunchServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2022-01-10T13:08:21+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:RunInstances" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*::image/*", - "arn:aws:ec2:*:*:key-pair/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:launch-template/*" - ] - }, - { - "Action": [ - "ec2:RunInstances" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/CreatedBy": "EC2 Fast Launch" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "ec2.amazonaws.com", - "ec2.amazonaws.com.cn" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:StopInstances", - "ec2:TerminateInstances" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/CreatedBy": "EC2 Fast Launch" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": "ec2:CreateSnapshot", - "Condition": { - "StringEquals": { - "aws:ResourceTag/CreatedBy": "EC2 Fast Launch" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:volume/*" - ] - }, - { - "Action": "ec2:CreateSnapshot", - "Condition": { - "ForAnyValue:StringEquals": { - "aws:TagKeys": [ - "CreatedByLaunchTemplateName", - "CreatedByLaunchTemplateId" - ] - }, - "StringEquals": { - "aws:RequestTag/CreatedBy": "EC2 Fast Launch" - }, - "StringLike": { - "aws:RequestTag/CreatedByLaunchTemplateVersion": "*" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:snapshot/*" - ], - "Sid": "AllowCreateTaggedSnapshot" - }, - { - "Action": "ec2:CreateLaunchTemplate", - "Condition": { - "StringEquals": { - "aws:RequestTag/CreatedBy": "EC2 Fast Launch" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:launch-template/*" - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "ec2:CreateAction": [ - "CreateSnapshot", - "RunInstances", - "CreateLaunchTemplate" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:volume/*", - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:snapshot/*", - "arn:aws:ec2:*:*:launch-template/*" - ] - }, - { - "Action": [ - "ec2:DeleteSnapshot" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/CreatedBy": "EC2 Fast Launch" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:snapshot/*" - ] - }, - { - "Action": [ - "ec2:DescribeImages", - "ec2:DescribeSnapshots", - "ec2:DescribeSubnets", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeInstanceStatus", - "ec2:DescribeInstances", - "ec2:DescribeInstanceTypeOfferings", - "ec2:DescribeLaunchTemplateVersions", - "ec2:DescribeLaunchTemplates" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "cloudwatch:PutMetricData", - "Condition": { - "StringEquals": { - "cloudwatch:namespace": "AWS/EC2" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PBILMNSY7", - "PolicyName": "EC2FastLaunchServiceRolePolicy", - "UpdateDate": "2022-01-10T13:08:21+00:00", - "VersionId": "v1" - }, - "EC2FleetTimeShiftableServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/EC2FleetTimeShiftableServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-12-23T19:47:15+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeImages", - "ec2:DescribeSubnets", - "ec2:DescribeInstances", - "ec2:RunInstances", - "ec2:CreateFleet" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "iam:PassRole" - ], - "Condition": { - "StringEquals": { - "iam:PassedToService": [ - "ec2.amazonaws.com", - "ec2.amazonaws.com.cn" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:spot-instances-request/*" - ] - }, - { - "Action": [ - "ec2:TerminateInstances" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/aws:ec2:fleet-id": "*" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4IU3TFNWBH", - "PolicyName": "EC2FleetTimeShiftableServiceRolePolicy", - "UpdateDate": "2019-12-23T19:47:15+00:00", - "VersionId": "v1" - }, - "EC2InstanceConnect": { - "Arn": "arn:aws:iam::aws:policy/EC2InstanceConnect", - "AttachmentCount": 0, - "CreateDate": "2019-06-27T18:53:34+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:DescribeInstances", - "ec2-instance-connect:SendSSHPublicKey" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "EC2InstanceConnect" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PBRCMEYY5", - "PolicyName": "EC2InstanceConnect", - "UpdateDate": "2019-06-27T18:53:34+00:00", - "VersionId": "v1" - }, - "EC2InstanceProfileForImageBuilder": { - "Arn": "arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder", - "AttachmentCount": 0, - "CreateDate": "2019-12-01T19:08:23+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "imagebuilder:GetComponent" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:Decrypt" - ], - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "imagebuilder.amazonaws.com" - ], - "kms:EncryptionContextKeys": "aws:imagebuilder:arn" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::ec2imagebuilder*" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:CreateLogGroup", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/imagebuilder/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4EJC2UPLYL", - "PolicyName": "EC2InstanceProfileForImageBuilder", - "UpdateDate": "2020-08-27T16:40:50+00:00", - "VersionId": "v3" - }, - "EC2InstanceProfileForImageBuilderECRContainerBuilds": { - "Arn": "arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilderECRContainerBuilds", - "AttachmentCount": 0, - "CreateDate": "2020-12-11T19:48:15+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "imagebuilder:GetComponent", - "imagebuilder:GetContainerRecipe", - "ecr:GetAuthorizationToken", - "ecr:BatchGetImage", - "ecr:InitiateLayerUpload", - "ecr:UploadLayerPart", - "ecr:CompleteLayerUpload", - "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:PutImage" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:Decrypt" - ], - "Condition": { - "ForAnyValue:StringEquals": { - "aws:CalledVia": [ - "imagebuilder.amazonaws.com" - ], - "kms:EncryptionContextKeys": "aws:imagebuilder:arn" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::ec2imagebuilder*" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:CreateLogGroup", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/imagebuilder/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4C32QNC6KD", - "PolicyName": "EC2InstanceProfileForImageBuilderECRContainerBuilds", - "UpdateDate": "2020-12-11T19:48:15+00:00", - "VersionId": "v1" - }, - "ECRReplicationServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/ECRReplicationServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-12-04T22:11:28+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ecr:CreateRepository", - "ecr:ReplicateImage" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NS3XDKIDR", - "PolicyName": "ECRReplicationServiceRolePolicy", - "UpdateDate": "2020-12-04T22:11:28+00:00", - "VersionId": "v1" - }, - "Ec2ImageBuilderCrossAccountDistributionAccess": { - "Arn": "arn:aws:iam::aws:policy/Ec2ImageBuilderCrossAccountDistributionAccess", - "AttachmentCount": 0, - "CreateDate": "2020-09-30T19:22:54+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "ec2:CreateTags", - "Effect": "Allow", - "Resource": "arn:aws:ec2:*::image/*" - }, - { - "Action": [ - "ec2:DescribeImages", - "ec2:CopyImage", - "ec2:ModifyImageAttribute" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4PHZOLIXKT", - "PolicyName": "Ec2ImageBuilderCrossAccountDistributionAccess", - "UpdateDate": "2020-09-30T19:22:54+00:00", - "VersionId": "v1" - }, - "ElastiCacheServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy", - "AttachmentCount": 1, - "CreateDate": "2017-12-07T17:50:04+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateNetworkInterface", - "ec2:CreateSecurityGroup", - "ec2:DeleteNetworkInterface", - "ec2:DeleteSecurityGroup", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:RevokeSecurityGroupIngress", - "cloudwatch:PutMetricData", - "outposts:GetOutpost", - "outposts:GetOutpostInstanceTypes", - "outposts:ListOutposts", - "outposts:ListSites" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIML5LIBUZBVCSF7PI", - "PolicyName": "ElastiCacheServiceRolePolicy", - "UpdateDate": "2020-02-06T21:27:13+00:00", - "VersionId": "v3" - }, - "ElasticLoadBalancingFullAccess": { - "Arn": "arn:aws:iam::aws:policy/ElasticLoadBalancingFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-09-20T20:42:07+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": "elasticloadbalancing:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeAccountAttributes", - "ec2:DescribeAddresses", - "ec2:DescribeInternetGateways", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "ec2:DescribeVpcClassicLink", - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeClassicLinkInstances", - "ec2:DescribeRouteTables", - "ec2:DescribeCoipPools", - "ec2:GetCoipPoolUsage", - "ec2:DescribeVpcPeeringConnections", - "cognito-idp:DescribeUserPoolClient" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIDPMLA3IUIOQCISJ4", - "PolicyName": "ElasticLoadBalancingFullAccess", - "UpdateDate": "2021-08-26T18:32:13+00:00", - "VersionId": "v6" - }, - "ElasticLoadBalancingReadOnly": { - "Arn": "arn:aws:iam::aws:policy/ElasticLoadBalancingReadOnly", - "AttachmentCount": 0, - "CreateDate": "2018-09-20T20:17:09+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "elasticloadbalancing:Describe*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeClassicLinkInstances", - "ec2:DescribeSecurityGroups" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJMO7B7SNFLQ6HH736", - "PolicyName": "ElasticLoadBalancingReadOnly", - "UpdateDate": "2018-09-20T20:17:09+00:00", - "VersionId": "v1" - }, - "ElementalActivationsDownloadSoftwareAccess": { - "Arn": "arn:aws:iam::aws:policy/ElementalActivationsDownloadSoftwareAccess", - "AttachmentCount": 0, - "CreateDate": "2020-09-08T17:26:09+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "elemental-activations:Get*", - "elemental-activations:Download*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4IQVGBB6WY", - "PolicyName": "ElementalActivationsDownloadSoftwareAccess", - "UpdateDate": "2020-09-08T17:26:09+00:00", - "VersionId": "v1" - }, - "ElementalActivationsFullAccess": { - "Arn": "arn:aws:iam::aws:policy/ElementalActivationsFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-06-04T21:00:13+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "elemental-activations:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4IYX6A6CKJ", - "PolicyName": "ElementalActivationsFullAccess", - "UpdateDate": "2020-06-04T21:00:13+00:00", - "VersionId": "v1" - }, - "ElementalActivationsGenerateLicenses": { - "Arn": "arn:aws:iam::aws:policy/ElementalActivationsGenerateLicenses", - "AttachmentCount": 0, - "CreateDate": "2020-08-28T18:28:58+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "elemental-activations:Get*", - "elemental-activations:GenerateLicenses", - "elemental-activations:StartFileUpload", - "elemental-activations:CompleteFileUpload" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LVMPXPYYJ", - "PolicyName": "ElementalActivationsGenerateLicenses", - "UpdateDate": "2020-08-28T18:28:58+00:00", - "VersionId": "v1" - }, - "ElementalActivationsReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/ElementalActivationsReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-08-28T16:51:01+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "elemental-activations:Get*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JBRIPMTYG", - "PolicyName": "ElementalActivationsReadOnlyAccess", - "UpdateDate": "2020-08-28T16:51:01+00:00", - "VersionId": "v1" - }, - "ElementalAppliancesSoftwareFullAccess": { - "Arn": "arn:aws:iam::aws:policy/ElementalAppliancesSoftwareFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-07-31T16:28:53+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "elemental-appliances-software:*", - "elemental-activations:CompleteAccountRegistration" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4DHARJPIR5", - "PolicyName": "ElementalAppliancesSoftwareFullAccess", - "UpdateDate": "2021-02-05T21:01:25+00:00", - "VersionId": "v4" - }, - "ElementalAppliancesSoftwareReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/ElementalAppliancesSoftwareReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2020-04-01T22:31:09+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "elemental-appliances-software:List*", - "elemental-appliances-software:Get*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CLKYU5WOM", - "PolicyName": "ElementalAppliancesSoftwareReadOnlyAccess", - "UpdateDate": "2020-04-01T22:31:09+00:00", - "VersionId": "v1" - }, - "ElementalSupportCenterFullAccess": { - "Arn": "arn:aws:iam::aws:policy/ElementalSupportCenterFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-11-25T18:08:30+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "elemental-support-cases:*", - "elemental-support-content:*", - "elemental-activations:CompleteAccountRegistration" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4ECPR57WVQ", - "PolicyName": "ElementalSupportCenterFullAccess", - "UpdateDate": "2021-02-05T21:02:54+00:00", - "VersionId": "v2" - }, - "FMSServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/FMSServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-03-28T23:01:12+00:00", - "DefaultVersionId": "v23", - "Document": { - "Statement": [ - { - "Action": [ - "waf:UpdateWebACL", - "waf:DeleteWebACL", - "waf:GetWebACL", - "waf:GetRuleGroup", - "waf:ListSubscribedRuleGroups", - "waf-regional:UpdateWebACL", - "waf-regional:DeleteWebACL", - "waf-regional:GetWebACL", - "waf-regional:GetRuleGroup", - "waf-regional:ListSubscribedRuleGroups", - "waf-regional:ListResourcesForWebACL", - "waf-regional:AssociateWebACL", - "waf-regional:DisassociateWebACL", - "elasticloadbalancing:SetWebACL", - "apigateway:SetWebACL", - "elasticloadbalancing:SetSecurityGroups", - "waf:ListTagsForResource", - "waf-regional:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:waf:*:*:webacl/*", - "arn:aws:waf-regional:*:*:webacl/*", - "arn:aws:waf:*:*:rulegroup/*", - "arn:aws:waf-regional:*:*:rulegroup/*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*", - "arn:aws:apigateway:*::/restapis/*/stages/*" - ] - }, - { - "Action": [ - "wafv2:PutLoggingConfiguration", - "wafv2:GetLoggingConfiguration", - "wafv2:ListLoggingConfigurations", - "wafv2:DeleteLoggingConfiguration" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:wafv2:*:*:regional/webacl/*", - "arn:aws:wafv2:*:*:global/webacl/*" - ] - }, - { - "Action": [ - "waf:CreateWebACL", - "waf-regional:CreateWebACL", - "waf:GetChangeToken", - "waf-regional:GetChangeToken", - "waf-regional:GetWebACLForResource" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:waf:*:*:*", - "arn:aws:waf-regional:*:*:*" - ] - }, - { - "Action": [ - "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", - "elasticloadbalancing:DescribeTags" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "waf:PutPermissionPolicy", - "waf:GetPermissionPolicy", - "waf:DeletePermissionPolicy", - "waf-regional:PutPermissionPolicy", - "waf-regional:GetPermissionPolicy", - "waf-regional:DeletePermissionPolicy" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:waf:*:*:webacl/*", - "arn:aws:waf:*:*:rulegroup/*", - "arn:aws:waf-regional:*:*:webacl/*", - "arn:aws:waf-regional:*:*:rulegroup/*" - ] - }, - { - "Action": [ - "cloudfront:GetDistribution", - "cloudfront:UpdateDistribution", - "cloudfront:ListDistributionsByWebACLId", - "cloudfront:ListDistributions" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "config:DeleteConfigRule", - "config:DescribeComplianceByConfigRule", - "config:DescribeConfigRuleEvaluationStatus", - "config:DescribeConfigRules", - "config:GetComplianceDetailsByConfigRule", - "config:PutConfigRule", - "config:StartConfigRulesEvaluation" - ], - "Effect": "Allow", - "Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/fms.amazonaws.com/*" - }, - { - "Action": [ - "config:DescribeConfigurationRecorders", - "config:DescribeConfigurationRecorderStatus", - "config:PutConfigurationRecorder", - "config:StartConfigurationRecorder", - "config:PutDeliveryChannel", - "config:DescribeDeliveryChannels", - "config:DescribeDeliveryChannelStatus", - "config:GetComplianceSummaryByConfigRule", - "config:GetDiscoveredResourceCounts", - "config:PutEvaluations", - "config:SelectResourceConfig" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:DeleteServiceLinkedRole", - "iam:GetServiceLinkedRoleDeletionStatus" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS" - ] - }, - { - "Action": [ - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:ListAccounts", - "organizations:DescribeOrganizationalUnit", - "organizations:ListChildren", - "organizations:ListRoots", - "organizations:ListParents", - "organizations:ListOrganizationalUnitsForParent", - "organizations:ListAWSServiceAccessForOrganization" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "shield:CreateProtection", - "shield:DeleteProtection", - "shield:DescribeProtection", - "shield:ListProtections", - "shield:ListAttacks", - "shield:CreateSubscription", - "shield:DescribeSubscription", - "shield:GetSubscriptionState", - "shield:DescribeDRTAccess", - "shield:DescribeEmergencyContactSettings", - "shield:UpdateEmergencyContactSettings", - "elasticloadbalancing:DescribeLoadBalancers", - "ec2:DescribeAddresses", - "shield:EnableApplicationLayerAutomaticResponse", - "shield:DisableApplicationLayerAutomaticResponse", - "shield:UpdateApplicationLayerAutomaticResponse" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:DeleteSecurityGroup", - "ec2:RevokeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress", - "ec2:UpdateSecurityGroupRuleDescriptionsEgress", - "ec2:UpdateSecurityGroupRuleDescriptionsIngress", - "ec2:DescribeNetworkInterfaceAttribute", - "ec2:DescribeInstances" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:security-group/*", - "arn:aws:ec2:*:*:instance/*" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "ec2:CreateSecurityGroup", - "ec2:DescribeSecurityGroupReferences", - "ec2:DescribeSecurityGroups", - "ec2:DescribeStaleSecurityGroups", - "ec2:DescribeNetworkInterfaces", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:DescribeVpcs", - "ec2:DescribeVpcPeeringConnections" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "wafv2:TagResource", - "wafv2:ListResourcesForWebACL", - "wafv2:AssociateWebACL", - "wafv2:ListTagsForResource", - "wafv2:UntagResource", - "wafv2:GetWebACL", - "wafv2:DisassociateFirewallManager", - "wafv2:DeleteWebACL", - "wafv2:DisassociateWebACL" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:wafv2:*:*:global/webacl/*", - "arn:aws:wafv2:*:*:regional/webacl/*" - ] - }, - { - "Action": [ - "wafv2:UpdateWebACL", - "wafv2:CreateWebACL", - "wafv2:DeleteFirewallManagerRuleGroups", - "wafv2:PutFirewallManagerRuleGroups" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:wafv2:*:*:global/webacl/*", - "arn:aws:wafv2:*:*:regional/webacl/*", - "arn:aws:wafv2:*:*:global/rulegroup/*", - "arn:aws:wafv2:*:*:regional/rulegroup/*", - "arn:aws:wafv2:*:*:global/managedruleset/*", - "arn:aws:wafv2:*:*:regional/managedruleset/*", - "arn:aws:wafv2:*:*:global/ipset/*", - "arn:aws:wafv2:*:*:regional/ipset/*", - "arn:aws:wafv2:*:*:global/regexpatternset/*", - "arn:aws:wafv2:*:*:regional/regexpatternset/*" - ] - }, - { - "Action": [ - "wafv2:PutPermissionPolicy", - "wafv2:GetPermissionPolicy", - "wafv2:DeletePermissionPolicy" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:wafv2:*:*:global/rulegroup/*", - "arn:aws:wafv2:*:*:regional/rulegroup/*" - ] - }, - { - "Action": [ - "cloudfront:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "wafv2:GetWebACLForResource" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:wafv2:*:*:regional/webacl/*" - ] - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": [ - "Name", - "FMManaged" - ] - }, - "StringEquals": { - "ec2:CreateAction": "CreateRouteTable" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:route-table/*" - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": [ - "Name", - "FMManaged" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:subnet/*" - ] - }, - { - "Action": "ec2:DeleteRouteTable", - "Condition": { - "StringEquals": { - "ec2:ResourceTag/FMManaged": "true" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:route-table/*" - }, - { - "Action": [ - "ec2:AssociateRouteTable", - "ec2:CreateSubnet", - "ec2:CreateRouteTable", - "ec2:DeleteSubnet", - "ec2:DisassociateRouteTable", - "ec2:ReplaceRouteTableAssociation" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeInternetGateways", - "ec2:DescribeRouteTables", - "ec2:DescribeSubnets", - "ec2:DescribeTags", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeAvailabilityZones" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ram:TagResource" - ], - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": [ - "Name", - "FMManaged" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ram:*:*:resource-share/*" - ] - }, - { - "Action": [ - "ram:AssociateResourceShare", - "ram:UpdateResourceShare", - "ram:DeleteResourceShare" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/FMManaged": "true" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ram:*:*:resource-share/*" - }, - { - "Action": "ram:CreateResourceShare", - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": [ - "Name", - "FMManaged" - ] - }, - "StringEquals": { - "aws:RequestTag/FMManaged": [ - "true" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ram:GetResourceShareAssociations", - "ram:GetResourceShares" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "ram" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": [ - "network-firewall.amazonaws.com", - "shield.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:GetRole", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "network-firewall:TagResource" - ], - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": [ - "Name", - "FMManaged" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "network-firewall:AssociateSubnets", - "network-firewall:CreateFirewall", - "network-firewall:CreateFirewallPolicy", - "network-firewall:DisassociateSubnets", - "network-firewall:UpdateFirewallDeleteProtection", - "network-firewall:UpdateFirewallPolicy", - "network-firewall:UpdateFirewallPolicyChangeProtection", - "network-firewall:UpdateSubnetChangeProtection", - "network-firewall:AssociateFirewallPolicy", - "network-firewall:DescribeFirewall", - "network-firewall:DescribeFirewallPolicy", - "network-firewall:DescribeRuleGroup", - "network-firewall:ListFirewallPolicies", - "network-firewall:ListFirewalls", - "network-firewall:ListRuleGroups", - "network-firewall:PutResourcePolicy", - "network-firewall:DescribeResourcePolicy", - "network-firewall:DeleteResourcePolicy", - "network-firewall:DescribeLoggingConfiguration", - "network-firewall:UpdateLoggingConfiguration" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "network-firewall:DeleteFirewallPolicy", - "network-firewall:DeleteFirewall" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/FMManaged": "true" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:ListLogDeliveries", - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "route53resolver:ListFirewallRuleGroupAssociations", - "route53resolver:ListTagsForResource", - "route53resolver:ListFirewallRuleGroups", - "route53resolver:GetFirewallRuleGroupAssociation", - "route53resolver:GetFirewallRuleGroup", - "route53resolver:GetFirewallRuleGroupPolicy", - "route53resolver:PutFirewallRuleGroupPolicy" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "route53resolver:UpdateFirewallRuleGroupAssociation", - "route53resolver:DisassociateFirewallRuleGroup" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/FMManaged": "true" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:route53resolver:*:*:firewall-rule-group-association/*" - }, - { - "Action": [ - "route53resolver:AssociateFirewallRuleGroup", - "route53resolver:TagResource" - ], - "Condition": { - "StringEquals": { - "aws:RequestTag/FMManaged": "true" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:route53resolver:*:*:firewall-rule-group-association/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI62NTGYJB446ACUEA", - "PolicyName": "FMSServiceRolePolicy", - "UpdateDate": "2022-02-16T18:35:29+00:00", - "VersionId": "v23" - }, - "FSxDeleteServiceLinkedRoleAccess": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/FSxDeleteServiceLinkedRoleAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-28T10:40:24+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iam:DeleteServiceLinkedRole", - "iam:GetServiceLinkedRoleDeletionStatus", - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": "arn:*:iam::*:role/aws-service-role/s3.data-source.lustre.fsx.amazonaws.com/AWSServiceRoleForFSxS3Access_*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ6IRP2YV2YPKWPPNQ", - "PolicyName": "FSxDeleteServiceLinkedRoleAccess", - "UpdateDate": "2018-11-28T10:40:24+00:00", - "VersionId": "v1" - }, - "GameLiftGameServerGroupPolicy": { - "Arn": "arn:aws:iam::aws:policy/GameLiftGameServerGroupPolicy", - "AttachmentCount": 0, - "CreateDate": "2020-04-03T23:12:19+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": "ec2:TerminateInstances", - "Condition": { - "StringEquals": { - "ec2:ResourceTag/GameLift": "GameServerGroups" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "autoscaling:CompleteLifecycleAction", - "autoscaling:ResumeProcesses", - "autoscaling:EnterStandby", - "autoscaling:SetInstanceProtection", - "autoscaling:UpdateAutoScalingGroup", - "autoscaling:SuspendProcesses", - "autoscaling:DetachInstances" - ], - "Condition": { - "StringEquals": { - "aws:ResourceTag/GameLift": "GameServerGroups" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeImages", - "ec2:DescribeInstances", - "autoscaling:DescribeAutoScalingGroups", - "ec2:DescribeLaunchTemplateVersions", - "ec2:DescribeSubnets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "sns:Publish", - "Effect": "Allow", - "Resource": [ - "arn:*:sns:*:*:ActivatingLifecycleHookTopic-*", - "arn:*:sns:*:*:TerminatingLifecycleHookTopic-*" - ] - }, - { - "Action": [ - "cloudwatch:PutMetricData" - ], - "Condition": { - "StringEquals": { - "cloudwatch:namespace": "AWS/GameLift" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JTX4JYBF6", - "PolicyName": "GameLiftGameServerGroupPolicy", - "UpdateDate": "2020-05-13T17:27:43+00:00", - "VersionId": "v3" - }, - "GlobalAcceleratorFullAccess": { - "Arn": "arn:aws:iam::aws:policy/GlobalAcceleratorFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-27T02:44:44+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "globalaccelerator:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "elasticloadbalancing:DescribeLoadBalancers", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeAddresses", - "ec2:DescribeInstances", - "ec2:DescribeInternetGateways", - "ec2:DescribeRegions", - "ec2:DescribeSubnets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "globalaccelerator.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/globalaccelerator.amazonaws.com/AWSServiceRoleForGlobalAccelerator*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ3NSRQKPB42BCNRT6", - "PolicyName": "GlobalAcceleratorFullAccess", - "UpdateDate": "2020-12-04T19:17:26+00:00", - "VersionId": "v6" - }, - "GlobalAcceleratorReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/GlobalAcceleratorReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-27T02:41:00+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "globalaccelerator:Describe*", - "globalaccelerator:List*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJYXHGCVENJKQZRNGU", - "PolicyName": "GlobalAcceleratorReadOnlyAccess", - "UpdateDate": "2018-11-27T02:41:00+00:00", - "VersionId": "v1" - }, - "GreengrassOTAUpdateArtifactAccess": { - "Arn": "arn:aws:iam::aws:policy/service-role/GreengrassOTAUpdateArtifactAccess", - "AttachmentCount": 0, - "CreateDate": "2017-11-29T18:11:47+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*-greengrass-updates/*" - ], - "Sid": "AllowsIotToAccessGreengrassOTAUpdateArtifacts" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIFGE66SKIK3GW5UC2", - "PolicyName": "GreengrassOTAUpdateArtifactAccess", - "UpdateDate": "2018-12-18T00:59:43+00:00", - "VersionId": "v2" - }, - "Health_OrganizationsServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/Health_OrganizationsServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-12-16T13:28:21+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": "organizations:ListAccounts", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "organizations:ListAWSServiceAccessForOrganization", - "Effect": "Allow", - "Resource": "*", - "Sid": "ListAWSServiceAccessForOrganization0" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4EZKGOJYHQ", - "PolicyName": "Health_OrganizationsServiceRolePolicy", - "UpdateDate": "2020-06-08T12:48:44+00:00", - "VersionId": "v2" - }, - "IAMAccessAdvisorReadOnly": { - "Arn": "arn:aws:iam::aws:policy/IAMAccessAdvisorReadOnly", - "AttachmentCount": 0, - "CreateDate": "2019-06-21T19:33:45+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iam:ListRoles", - "iam:ListUsers", - "iam:ListGroups", - "iam:ListPolicies", - "iam:ListPoliciesGrantingServiceAccess", - "iam:GenerateServiceLastAccessedDetails", - "iam:GenerateOrganizationsAccessReport", - "iam:GenerateCredentialReport", - "iam:GetRole", - "iam:GetPolicy", - "iam:GetServiceLastAccessedDetails", - "iam:GetServiceLastAccessedDetailsWithEntities", - "iam:GetOrganizationsAccessReport", - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:DescribeOrganizationalUnit", - "organizations:DescribePolicy", - "organizations:ListChildren", - "organizations:ListParents", - "organizations:ListPoliciesForTarget", - "organizations:ListRoots", - "organizations:ListPolicies", - "organizations:ListTargetsForPolicy" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FNDX5PG6Z", - "PolicyName": "IAMAccessAdvisorReadOnly", - "UpdateDate": "2019-06-21T19:33:45+00:00", - "VersionId": "v1" - }, - "IAMAccessAnalyzerFullAccess": { - "Arn": "arn:aws:iam::aws:policy/IAMAccessAnalyzerFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-12-02T17:12:40+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "access-analyzer:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "access-analyzer.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:DescribeOrganizationalUnit", - "organizations:ListAccounts", - "organizations:ListAccountsForParent", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:ListChildren", - "organizations:ListDelegatedAdministrators", - "organizations:ListOrganizationalUnitsForParent", - "organizations:ListParents", - "organizations:ListRoots" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4MAZGHIYZN", - "PolicyName": "IAMAccessAnalyzerFullAccess", - "UpdateDate": "2019-12-02T17:12:40+00:00", - "VersionId": "v1" - }, - "IAMAccessAnalyzerReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/IAMAccessAnalyzerReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-12-02T17:12:53+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "access-analyzer:Get*", - "access-analyzer:List*", - "access-analyzer:ValidatePolicy" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4GY4R3GAPM", - "PolicyName": "IAMAccessAnalyzerReadOnlyAccess", - "UpdateDate": "2021-03-16T20:37:30+00:00", - "VersionId": "v2" - }, - "IAMFullAccess": { - "Arn": "arn:aws:iam::aws:policy/IAMFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:38+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "iam:*", - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:DescribeOrganizationalUnit", - "organizations:DescribePolicy", - "organizations:ListChildren", - "organizations:ListParents", - "organizations:ListPoliciesForTarget", - "organizations:ListRoots", - "organizations:ListPolicies", - "organizations:ListTargetsForPolicy" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI7XKCFMBPM3QQRRVQ", - "PolicyName": "IAMFullAccess", - "UpdateDate": "2019-06-21T19:40:00+00:00", - "VersionId": "v2" - }, - "IAMReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/IAMReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:40:39+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "iam:GenerateCredentialReport", - "iam:GenerateServiceLastAccessedDetails", - "iam:Get*", - "iam:List*", - "iam:SimulateCustomPolicy", - "iam:SimulatePrincipalPolicy" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJKSO7NDY4T57MWDSQ", - "PolicyName": "IAMReadOnlyAccess", - "UpdateDate": "2018-01-25T19:11:27+00:00", - "VersionId": "v4" - }, - "IAMSelfManageServiceSpecificCredentials": { - "Arn": "arn:aws:iam::aws:policy/IAMSelfManageServiceSpecificCredentials", - "AttachmentCount": 0, - "CreateDate": "2016-12-22T17:25:18+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iam:CreateServiceSpecificCredential", - "iam:ListServiceSpecificCredentials", - "iam:UpdateServiceSpecificCredential", - "iam:DeleteServiceSpecificCredential", - "iam:ResetServiceSpecificCredential" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:user/${aws:username}" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI4VT74EMXK2PMQJM2", - "PolicyName": "IAMSelfManageServiceSpecificCredentials", - "UpdateDate": "2016-12-22T17:25:18+00:00", - "VersionId": "v1" - }, - "IAMUserChangePassword": { - "Arn": "arn:aws:iam::aws:policy/IAMUserChangePassword", - "AttachmentCount": 0, - "CreateDate": "2016-11-15T00:25:16+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "iam:ChangePassword" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:user/${aws:username}" - ] - }, - { - "Action": [ - "iam:GetAccountPasswordPolicy" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ4L4MM2A7QIEB56MS", - "PolicyName": "IAMUserChangePassword", - "UpdateDate": "2016-11-15T23:18:55+00:00", - "VersionId": "v2" - }, - "IAMUserSSHKeys": { - "Arn": "arn:aws:iam::aws:policy/IAMUserSSHKeys", - "AttachmentCount": 0, - "CreateDate": "2015-07-09T17:08:54+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "iam:DeleteSSHPublicKey", - "iam:GetSSHPublicKey", - "iam:ListSSHPublicKeys", - "iam:UpdateSSHPublicKey", - "iam:UploadSSHPublicKey" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:user/${aws:username}" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJTSHUA4UXGXU7ANUA", - "PolicyName": "IAMUserSSHKeys", - "UpdateDate": "2015-07-09T17:08:54+00:00", - "VersionId": "v1" - }, - "IVSRecordToS3": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/IVSRecordToS3", - "AttachmentCount": 0, - "CreateDate": "2020-12-05T00:10:43+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "s3:PutObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::AWSIVS_*/ivs/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4M65NGVKOJ", - "PolicyName": "IVSRecordToS3", - "UpdateDate": "2020-12-05T00:10:43+00:00", - "VersionId": "v1" - }, - "KafkaConnectServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/KafkaConnectServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-09-07T13:12:44+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateNetworkInterface" - ], - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": "AmazonMSKConnectManaged" - }, - "StringEquals": { - "aws:RequestTag/AmazonMSKConnectManaged": "true" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:network-interface/*" - }, - { - "Action": [ - "ec2:CreateNetworkInterface" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "StringEquals": { - "ec2:CreateAction": "CreateNetworkInterface" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:network-interface/*" - }, - { - "Action": [ - "ec2:DescribeNetworkInterfaces", - "ec2:CreateNetworkInterfacePermission", - "ec2:AttachNetworkInterface", - "ec2:DetachNetworkInterface", - "ec2:DeleteNetworkInterface" - ], - "Condition": { - "StringEquals": { - "ec2:ResourceTag/AmazonMSKConnectManaged": "true" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:network-interface/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KFEKH7VR6", - "PolicyName": "KafkaConnectServiceRolePolicy", - "UpdateDate": "2021-09-07T13:12:44+00:00", - "VersionId": "v1" - }, - "KafkaServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/KafkaServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-11-15T23:31:48+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:CreateNetworkInterfacePermission", - "ec2:AttachNetworkInterface", - "ec2:DeleteNetworkInterface", - "ec2:DetachNetworkInterface", - "acm-pca:GetCertificateAuthorityCertificate", - "secretsmanager:ListSecrets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "secretsmanager:GetResourcePolicy", - "secretsmanager:PutResourcePolicy", - "secretsmanager:DeleteResourcePolicy", - "secretsmanager:DescribeSecret" - ], - "Condition": { - "ArnLike": { - "secretsmanager:SecretId": "arn:*:secretsmanager:*:*:secret:AmazonMSK_*" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJUXPRZ76MAP2EVQJU", - "PolicyName": "KafkaServiceRolePolicy", - "UpdateDate": "2020-08-26T20:40:53+00:00", - "VersionId": "v3" - }, - "LakeFormationDataAccessServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/LakeFormationDataAccessServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-06-20T20:46:19+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4N342E3KHW", - "PolicyName": "LakeFormationDataAccessServiceRolePolicy", - "UpdateDate": "2019-06-20T20:46:19+00:00", - "VersionId": "v1" - }, - "LexBotPolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/LexBotPolicy", - "AttachmentCount": 0, - "CreateDate": "2017-02-17T22:18:13+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "polly:SynthesizeSpeech" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "comprehend:DetectSentiment" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJJ3NZRBBQKSESXXJC", - "PolicyName": "LexBotPolicy", - "UpdateDate": "2019-11-13T22:29:16+00:00", - "VersionId": "v2" - }, - "LexChannelPolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/LexChannelPolicy", - "AttachmentCount": 0, - "CreateDate": "2017-02-17T23:23:24+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "lex:PostText" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJKYEISPO63JTBJWPY", - "PolicyName": "LexChannelPolicy", - "UpdateDate": "2017-02-17T23:23:24+00:00", - "VersionId": "v1" - }, - "LightsailExportAccess": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/LightsailExportAccess", - "AttachmentCount": 0, - "CreateDate": "2018-09-28T16:35:54+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "iam:DeleteServiceLinkedRole", - "iam:GetServiceLinkedRoleDeletionStatus" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/lightsail.amazonaws.com/AWSServiceRoleForLightsail*" - }, - { - "Action": [ - "ec2:CopySnapshot", - "ec2:DescribeSnapshots", - "ec2:CopyImage", - "ec2:DescribeImages" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetAccountPublicAccessBlock" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ4LZGPQLZWMVR4WMQ", - "PolicyName": "LightsailExportAccess", - "UpdateDate": "2022-01-15T01:45:33+00:00", - "VersionId": "v2" - }, - "MediaPackageServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/MediaPackageServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-09-18T17:45:47+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "logs:PutLogEvents", - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/MediaPackage/*:log-stream:*" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:CreateLogGroup", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams" - ], - "Effect": "Allow", - "Resource": "arn:aws:logs:*:*:log-group:/aws/MediaPackage/*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4GXH4HDK6N", - "PolicyName": "MediaPackageServiceRolePolicy", - "UpdateDate": "2020-09-18T17:45:47+00:00", - "VersionId": "v1" - }, - "MemoryDBServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/MemoryDBServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-08-17T22:34:59+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateTags" - ], - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": [ - "AmazonMemoryDBManaged" - ] - }, - "StringEquals": { - "ec2:CreateAction": "CreateNetworkInterface" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:network-interface/*" - }, - { - "Action": [ - "ec2:CreateNetworkInterface" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:network-interface/*", - "arn:aws:ec2:*:*:subnet/*", - "arn:aws:ec2:*:*:security-group/*" - ] - }, - { - "Action": [ - "ec2:DeleteNetworkInterface", - "ec2:ModifyNetworkInterfaceAttribute" - ], - "Condition": { - "StringEquals": { - "ec2:ResourceTag/AmazonMemoryDBManaged": "true" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:network-interface/*" - }, - { - "Action": [ - "ec2:DeleteNetworkInterface", - "ec2:ModifyNetworkInterfaceAttribute" - ], - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:security-group/*" - }, - { - "Action": [ - "ec2:DescribeSecurityGroups", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:PutMetricData" - ], - "Condition": { - "StringEquals": { - "cloudwatch:namespace": "AWS/MemoryDB" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4KWEJCOJNF", - "PolicyName": "MemoryDBServiceRolePolicy", - "UpdateDate": "2021-08-18T23:48:16+00:00", - "VersionId": "v2" - }, - "MigrationHubDMSAccessServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/MigrationHubDMSAccessServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-06-12T17:50:39+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": "mgh:CreateProgressUpdateStream", - "Effect": "Allow", - "Resource": "arn:aws:mgh:*:*:progressUpdateStream/DMS" - }, - { - "Action": [ - "mgh:DescribeMigrationTask", - "mgh:AssociateDiscoveredResource", - "mgh:ListDiscoveredResources", - "mgh:ImportMigrationTask", - "mgh:ListCreatedArtifacts", - "mgh:DisassociateDiscoveredResource", - "mgh:AssociateCreatedArtifact", - "mgh:NotifyMigrationTaskState", - "mgh:DisassociateCreatedArtifact", - "mgh:PutResourceAttributes" - ], - "Effect": "Allow", - "Resource": "arn:aws:mgh:*:*:progressUpdateStream/DMS/migrationTask/*" - }, - { - "Action": [ - "mgh:ListMigrationTasks", - "mgh:NotifyApplicationState", - "mgh:DescribeApplicationState", - "mgh:GetHomeRegion" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4IV7DIZ555", - "PolicyName": "MigrationHubDMSAccessServiceRolePolicy", - "UpdateDate": "2019-10-07T17:57:44+00:00", - "VersionId": "v2" - }, - "MigrationHubSMSAccessServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/MigrationHubSMSAccessServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-06-12T18:30:28+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": "mgh:CreateProgressUpdateStream", - "Effect": "Allow", - "Resource": "arn:aws:mgh:*:*:progressUpdateStream/SMS" - }, - { - "Action": [ - "mgh:DescribeMigrationTask", - "mgh:AssociateDiscoveredResource", - "mgh:ListDiscoveredResources", - "mgh:ImportMigrationTask", - "mgh:ListCreatedArtifacts", - "mgh:DisassociateDiscoveredResource", - "mgh:AssociateCreatedArtifact", - "mgh:NotifyMigrationTaskState", - "mgh:DisassociateCreatedArtifact", - "mgh:PutResourceAttributes" - ], - "Effect": "Allow", - "Resource": "arn:aws:mgh:*:*:progressUpdateStream/SMS/migrationTask/*" - }, - { - "Action": [ - "mgh:ListMigrationTasks", - "mgh:NotifyApplicationState", - "mgh:DescribeApplicationState", - "mgh:GetHomeRegion" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4JCW2B2IGB", - "PolicyName": "MigrationHubSMSAccessServiceRolePolicy", - "UpdateDate": "2019-10-07T18:02:22+00:00", - "VersionId": "v2" - }, - "MigrationHubServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/MigrationHubServiceRolePolicy", - "AttachmentCount": 1, - "CreateDate": "2019-06-12T17:22:16+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "discovery:ListConfigurations", - "discovery:DescribeConfigurations" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": "aws:migrationhub:source-id" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:ec2:*:*:instance/*", - "arn:aws:ec2:*:*:image/*", - "arn:aws:ec2:*:*:volume/*" - ] - }, - { - "Action": "dms:AddTagsToResource", - "Condition": { - "ForAllValues:StringEquals": { - "aws:TagKeys": "aws:migrationhub:source-id" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:dms:*:*:endpoint:*" - ] - }, - { - "Action": [ - "ec2:DescribeInstanceAttribute" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NWLJ3LLW3", - "PolicyName": "MigrationHubServiceRolePolicy", - "UpdateDate": "2020-08-06T18:08:46+00:00", - "VersionId": "v3" - }, - "NeptuneConsoleFullAccess": { - "Arn": "arn:aws:iam::aws:policy/NeptuneConsoleFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-06-19T21:35:19+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "rds:CreateDBCluster", - "rds:CreateDBInstance" - ], - "Condition": { - "StringEquals": { - "rds:DatabaseEngine": [ - "graphdb", - "neptune" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:rds:*:*:*" - ] - }, - { - "Action": [ - "rds:AddRoleToDBCluster", - "rds:AddSourceIdentifierToSubscription", - "rds:AddTagsToResource", - "rds:ApplyPendingMaintenanceAction", - "rds:CopyDBClusterParameterGroup", - "rds:CopyDBClusterSnapshot", - "rds:CopyDBParameterGroup", - "rds:CreateDBClusterParameterGroup", - "rds:CreateDBClusterSnapshot", - "rds:CreateDBParameterGroup", - "rds:CreateDBSubnetGroup", - "rds:CreateEventSubscription", - "rds:DeleteDBCluster", - "rds:DeleteDBClusterParameterGroup", - "rds:DeleteDBClusterSnapshot", - "rds:DeleteDBInstance", - "rds:DeleteDBParameterGroup", - "rds:DeleteDBSubnetGroup", - "rds:DeleteEventSubscription", - "rds:DescribeAccountAttributes", - "rds:DescribeCertificates", - "rds:DescribeDBClusterParameterGroups", - "rds:DescribeDBClusterParameters", - "rds:DescribeDBClusterSnapshotAttributes", - "rds:DescribeDBClusterSnapshots", - "rds:DescribeDBClusters", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstances", - "rds:DescribeDBLogFiles", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBParameters", - "rds:DescribeDBSecurityGroups", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEngineDefaultClusterParameters", - "rds:DescribeEngineDefaultParameters", - "rds:DescribeEventCategories", - "rds:DescribeEventSubscriptions", - "rds:DescribeEvents", - "rds:DescribeOptionGroups", - "rds:DescribeOrderableDBInstanceOptions", - "rds:DescribePendingMaintenanceActions", - "rds:DescribeValidDBInstanceModifications", - "rds:DownloadDBLogFilePortion", - "rds:FailoverDBCluster", - "rds:ListTagsForResource", - "rds:ModifyDBCluster", - "rds:ModifyDBClusterParameterGroup", - "rds:ModifyDBClusterSnapshotAttribute", - "rds:ModifyDBInstance", - "rds:ModifyDBParameterGroup", - "rds:ModifyDBSubnetGroup", - "rds:ModifyEventSubscription", - "rds:PromoteReadReplicaDBCluster", - "rds:RebootDBInstance", - "rds:RemoveRoleFromDBCluster", - "rds:RemoveSourceIdentifierFromSubscription", - "rds:RemoveTagsFromResource", - "rds:ResetDBClusterParameterGroup", - "rds:ResetDBParameterGroup", - "rds:RestoreDBClusterFromSnapshot", - "rds:RestoreDBClusterToPointInTime" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics", - "ec2:AllocateAddress", - "ec2:AssignIpv6Addresses", - "ec2:AssignPrivateIpAddresses", - "ec2:AssociateAddress", - "ec2:AssociateRouteTable", - "ec2:AssociateSubnetCidrBlock", - "ec2:AssociateVpcCidrBlock", - "ec2:AttachInternetGateway", - "ec2:AttachNetworkInterface", - "ec2:CreateCustomerGateway", - "ec2:CreateDefaultSubnet", - "ec2:CreateDefaultVpc", - "ec2:CreateInternetGateway", - "ec2:CreateNatGateway", - "ec2:CreateNetworkInterface", - "ec2:CreateRoute", - "ec2:CreateRouteTable", - "ec2:CreateSecurityGroup", - "ec2:CreateSubnet", - "ec2:CreateVpc", - "ec2:CreateVpcEndpoint", - "ec2:CreateVpcEndpoint", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAddresses", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeCustomerGateways", - "ec2:DescribeInstances", - "ec2:DescribeNatGateways", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribePrefixLists", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroupReferences", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcs", - "ec2:DescribeVpcs", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:ModifySubnetAttribute", - "ec2:ModifyVpcAttribute", - "ec2:ModifyVpcEndpoint", - "iam:ListRoles", - "kms:ListAliases", - "kms:ListKeyPolicies", - "kms:ListKeys", - "kms:ListRetirableGrants", - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "sns:ListSubscriptions", - "sns:ListTopics", - "sns:Publish" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:passedToService": "rds.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "rds.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJWTD4ELX2KRNICUVQ", - "PolicyName": "NeptuneConsoleFullAccess", - "UpdateDate": "2020-09-02T17:25:07+00:00", - "VersionId": "v4" - }, - "NeptuneFullAccess": { - "Arn": "arn:aws:iam::aws:policy/NeptuneFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-05-30T19:17:31+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "rds:CreateDBCluster", - "rds:CreateDBInstance" - ], - "Condition": { - "StringEquals": { - "rds:DatabaseEngine": [ - "graphdb", - "neptune" - ] - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:rds:*:*:*" - ] - }, - { - "Action": [ - "rds:AddRoleToDBCluster", - "rds:AddSourceIdentifierToSubscription", - "rds:AddTagsToResource", - "rds:ApplyPendingMaintenanceAction", - "rds:CopyDBClusterParameterGroup", - "rds:CopyDBClusterSnapshot", - "rds:CopyDBParameterGroup", - "rds:CreateDBClusterParameterGroup", - "rds:CreateDBClusterSnapshot", - "rds:CreateDBParameterGroup", - "rds:CreateDBSubnetGroup", - "rds:CreateEventSubscription", - "rds:DeleteDBCluster", - "rds:DeleteDBClusterParameterGroup", - "rds:DeleteDBClusterSnapshot", - "rds:DeleteDBInstance", - "rds:DeleteDBParameterGroup", - "rds:DeleteDBSubnetGroup", - "rds:DeleteEventSubscription", - "rds:DescribeAccountAttributes", - "rds:DescribeCertificates", - "rds:DescribeDBClusterParameterGroups", - "rds:DescribeDBClusterParameters", - "rds:DescribeDBClusterSnapshotAttributes", - "rds:DescribeDBClusterSnapshots", - "rds:DescribeDBClusters", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstances", - "rds:DescribeDBLogFiles", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBParameters", - "rds:DescribeDBSecurityGroups", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEngineDefaultClusterParameters", - "rds:DescribeEngineDefaultParameters", - "rds:DescribeEventCategories", - "rds:DescribeEventSubscriptions", - "rds:DescribeEvents", - "rds:DescribeOptionGroups", - "rds:DescribeOrderableDBInstanceOptions", - "rds:DescribePendingMaintenanceActions", - "rds:DescribeValidDBInstanceModifications", - "rds:DownloadDBLogFilePortion", - "rds:FailoverDBCluster", - "rds:ListTagsForResource", - "rds:ModifyDBCluster", - "rds:ModifyDBClusterParameterGroup", - "rds:ModifyDBClusterSnapshotAttribute", - "rds:ModifyDBInstance", - "rds:ModifyDBParameterGroup", - "rds:ModifyDBSubnetGroup", - "rds:ModifyEventSubscription", - "rds:PromoteReadReplicaDBCluster", - "rds:RebootDBInstance", - "rds:RemoveRoleFromDBCluster", - "rds:RemoveSourceIdentifierFromSubscription", - "rds:RemoveTagsFromResource", - "rds:ResetDBClusterParameterGroup", - "rds:ResetDBParameterGroup", - "rds:RestoreDBClusterFromSnapshot", - "rds:RestoreDBClusterToPointInTime" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcs", - "kms:ListAliases", - "kms:ListKeyPolicies", - "kms:ListKeys", - "kms:ListRetirableGrants", - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "sns:ListSubscriptions", - "sns:ListTopics", - "sns:Publish" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:passedToService": "rds.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Condition": { - "StringLike": { - "iam:AWSServiceName": "rds.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIXSDEYRCNJRC6ITFK", - "PolicyName": "NeptuneFullAccess", - "UpdateDate": "2020-09-02T17:24:56+00:00", - "VersionId": "v5" - }, - "NeptuneReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/NeptuneReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2018-05-30T19:16:37+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "rds:DescribeAccountAttributes", - "rds:DescribeCertificates", - "rds:DescribeDBClusterParameterGroups", - "rds:DescribeDBClusterParameters", - "rds:DescribeDBClusterSnapshotAttributes", - "rds:DescribeDBClusterSnapshots", - "rds:DescribeDBClusters", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBInstances", - "rds:DescribeDBLogFiles", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBParameters", - "rds:DescribeDBSubnetGroups", - "rds:DescribeEventCategories", - "rds:DescribeEventSubscriptions", - "rds:DescribeEvents", - "rds:DescribeOrderableDBInstanceOptions", - "rds:DescribePendingMaintenanceActions", - "rds:DownloadDBLogFilePortion", - "rds:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeAccountAttributes", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInternetGateways", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcs" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kms:ListKeys", - "kms:ListRetirableGrants", - "kms:ListAliases", - "kms:ListKeyPolicies" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:DescribeLogStreams", - "logs:GetLogEvents" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*", - "arn:aws:logs:*:*:log-group:/aws/neptune/*:log-stream:*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJS5OQ5RXULC66WTGQ", - "PolicyName": "NeptuneReadOnlyAccess", - "UpdateDate": "2018-05-30T19:16:37+00:00", - "VersionId": "v1" - }, - "NetworkAdministrator": { - "Arn": "arn:aws:iam::aws:policy/job-function/NetworkAdministrator", - "AttachmentCount": 0, - "CreateDate": "2016-11-10T17:31:35+00:00", - "DefaultVersionId": "v11", - "Document": { - "Statement": [ - { - "Action": [ - "autoscaling:Describe*", - "cloudfront:ListDistributions", - "cloudwatch:DeleteAlarms", - "cloudwatch:DescribeAlarms", - "cloudwatch:GetMetricStatistics", - "cloudwatch:PutMetricAlarm", - "directconnect:*", - "ec2:AcceptVpcEndpointConnections", - "ec2:AllocateAddress", - "ec2:AssignIpv6Addresses", - "ec2:AssignPrivateIpAddresses", - "ec2:AssociateAddress", - "ec2:AssociateDhcpOptions", - "ec2:AssociateRouteTable", - "ec2:AssociateSubnetCidrBlock", - "ec2:AssociateVpcCidrBlock", - "ec2:AttachInternetGateway", - "ec2:AttachNetworkInterface", - "ec2:AttachVpnGateway", - "ec2:CreateCarrierGateway", - "ec2:CreateCustomerGateway", - "ec2:CreateDefaultSubnet", - "ec2:CreateDefaultVpc", - "ec2:CreateDhcpOptions", - "ec2:CreateEgressOnlyInternetGateway", - "ec2:CreateFlowLogs", - "ec2:CreateInternetGateway", - "ec2:CreateNatGateway", - "ec2:CreateNetworkAcl", - "ec2:CreateNetworkAclEntry", - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:CreatePlacementGroup", - "ec2:CreateRoute", - "ec2:CreateRouteTable", - "ec2:CreateSecurityGroup", - "ec2:CreateSubnet", - "ec2:CreateTags", - "ec2:CreateVpc", - "ec2:CreateVpcEndpoint", - "ec2:CreateVpcEndpointConnectionNotification", - "ec2:CreateVpcEndpointServiceConfiguration", - "ec2:CreateVpnConnection", - "ec2:CreateVpnConnectionRoute", - "ec2:CreateVpnGateway", - "ec2:DeleteCarrierGateway", - "ec2:DeleteEgressOnlyInternetGateway", - "ec2:DeleteFlowLogs", - "ec2:DeleteNatGateway", - "ec2:DeleteNetworkInterface", - "ec2:DeleteNetworkInterfacePermission", - "ec2:DeletePlacementGroup", - "ec2:DeleteSubnet", - "ec2:DeleteTags", - "ec2:DeleteVpc", - "ec2:DeleteVpcEndpointConnectionNotifications", - "ec2:DeleteVpcEndpointServiceConfigurations", - "ec2:DeleteVpcEndpoints", - "ec2:DeleteVpnConnection", - "ec2:DeleteVpnConnectionRoute", - "ec2:DeleteVpnGateway", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAddresses", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeCarrierGateways", - "ec2:DescribeClassicLinkInstances", - "ec2:DescribeCustomerGateways", - "ec2:DescribeDhcpOptions", - "ec2:DescribeEgressOnlyInternetGateways", - "ec2:DescribeFlowLogs", - "ec2:DescribeInstances", - "ec2:DescribeInternetGateways", - "ec2:DescribeKeyPairs", - "ec2:DescribeMovingAddresses", - "ec2:DescribeNatGateways", - "ec2:DescribeNetworkAcls", - "ec2:DescribeNetworkInterfaceAttribute", - "ec2:DescribeNetworkInterfacePermissions", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribePlacementGroups", - "ec2:DescribePrefixLists", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroupReferences", - "ec2:DescribeSecurityGroupRules", - "ec2:DescribeSecurityGroups", - "ec2:DescribeStaleSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeTags", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcClassicLink", - "ec2:DescribeVpcClassicLinkDnsSupport", - "ec2:DescribeVpcEndpointConnectionNotifications", - "ec2:DescribeVpcEndpointConnections", - "ec2:DescribeVpcEndpointServiceConfigurations", - "ec2:DescribeVpcEndpointServicePermissions", - "ec2:DescribeVpcEndpointServices", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeVpcs", - "ec2:DescribeVpnConnections", - "ec2:DescribeVpnGateways", - "ec2:DescribePublicIpv4Pools", - "ec2:DescribeIpv6Pools", - "ec2:DetachInternetGateway", - "ec2:DetachNetworkInterface", - "ec2:DetachVpnGateway", - "ec2:DisableVgwRoutePropagation", - "ec2:DisableVpcClassicLinkDnsSupport", - "ec2:DisassociateAddress", - "ec2:DisassociateRouteTable", - "ec2:DisassociateSubnetCidrBlock", - "ec2:DisassociateVpcCidrBlock", - "ec2:EnableVgwRoutePropagation", - "ec2:EnableVpcClassicLinkDnsSupport", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:ModifySecurityGroupRules", - "ec2:ModifySubnetAttribute", - "ec2:ModifyVpcAttribute", - "ec2:ModifyVpcEndpoint", - "ec2:ModifyVpcEndpointConnectionNotification", - "ec2:ModifyVpcEndpointServiceConfiguration", - "ec2:ModifyVpcEndpointServicePermissions", - "ec2:ModifyVpcPeeringConnectionOptions", - "ec2:ModifyVpcTenancy", - "ec2:MoveAddressToVpc", - "ec2:RejectVpcEndpointConnections", - "ec2:ReleaseAddress", - "ec2:ReplaceNetworkAclAssociation", - "ec2:ReplaceNetworkAclEntry", - "ec2:ReplaceRoute", - "ec2:ReplaceRouteTableAssociation", - "ec2:ResetNetworkInterfaceAttribute", - "ec2:RestoreAddressToClassic", - "ec2:UnassignIpv6Addresses", - "ec2:UnassignPrivateIpAddresses", - "ec2:UpdateSecurityGroupRuleDescriptionsEgress", - "ec2:UpdateSecurityGroupRuleDescriptionsIngress", - "elasticbeanstalk:Describe*", - "elasticbeanstalk:List*", - "elasticbeanstalk:RequestEnvironmentInfo", - "elasticbeanstalk:RetrieveEnvironmentInfo", - "elasticloadbalancing:*", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "route53:*", - "route53domains:*", - "sns:CreateTopic", - "sns:ListSubscriptionsByTopic", - "sns:ListTopics" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AcceptVpcPeeringConnection", - "ec2:AttachClassicLinkVpc", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateVpcPeeringConnection", - "ec2:DeleteCustomerGateway", - "ec2:DeleteDhcpOptions", - "ec2:DeleteInternetGateway", - "ec2:DeleteNetworkAcl", - "ec2:DeleteNetworkAclEntry", - "ec2:DeleteRoute", - "ec2:DeleteRouteTable", - "ec2:DeleteSecurityGroup", - "ec2:DeleteVolume", - "ec2:DeleteVpcPeeringConnection", - "ec2:DetachClassicLinkVpc", - "ec2:DisableVpcClassicLink", - "ec2:EnableVpcClassicLink", - "ec2:GetConsoleScreenshot", - "ec2:RejectVpcPeeringConnection", - "ec2:RevokeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "ec2:CreateLocalGatewayRoute", - "ec2:CreateLocalGatewayRouteTableVpcAssociation", - "ec2:DeleteLocalGatewayRoute", - "ec2:DeleteLocalGatewayRouteTableVpcAssociation", - "ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", - "ec2:DescribeLocalGatewayRouteTableVpcAssociations", - "ec2:DescribeLocalGatewayRouteTables", - "ec2:DescribeLocalGatewayVirtualInterfaceGroups", - "ec2:DescribeLocalGatewayVirtualInterfaces", - "ec2:DescribeLocalGateways", - "ec2:SearchLocalGatewayRoutes" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:GetBucketLocation", - "s3:GetBucketWebsite", - "s3:ListBucket" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "iam:GetRole", - "iam:ListRoles", - "iam:PassRole" - ], - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/flow-logs-*" - }, - { - "Action": [ - "networkmanager:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AcceptTransitGatewayVpcAttachment", - "ec2:AssociateTransitGatewayRouteTable", - "ec2:CreateTransitGateway", - "ec2:CreateTransitGatewayRoute", - "ec2:CreateTransitGatewayRouteTable", - "ec2:CreateTransitGatewayVpcAttachment", - "ec2:DeleteTransitGateway", - "ec2:DeleteTransitGatewayRoute", - "ec2:DeleteTransitGatewayRouteTable", - "ec2:DeleteTransitGatewayVpcAttachment", - "ec2:DescribeTransitGatewayAttachments", - "ec2:DescribeTransitGatewayRouteTables", - "ec2:DescribeTransitGatewayVpcAttachments", - "ec2:DescribeTransitGateways", - "ec2:DisableTransitGatewayRouteTablePropagation", - "ec2:DisassociateTransitGatewayRouteTable", - "ec2:EnableTransitGatewayRouteTablePropagation", - "ec2:ExportTransitGatewayRoutes", - "ec2:GetTransitGatewayAttachmentPropagations", - "ec2:GetTransitGatewayRouteTableAssociations", - "ec2:GetTransitGatewayRouteTablePropagations", - "ec2:ModifyTransitGateway", - "ec2:ModifyTransitGatewayVpcAttachment", - "ec2:RejectTransitGatewayVpcAttachment", - "ec2:ReplaceTransitGatewayRoute", - "ec2:SearchTransitGatewayRoutes" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringLike": { - "iam:AWSServiceName": [ - "transitgateway.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/job-function/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJPNMADZFJCVPJVZA2", - "PolicyName": "NetworkAdministrator", - "UpdateDate": "2021-09-16T20:22:54+00:00", - "VersionId": "v11" - }, - "PowerUserAccess": { - "Arn": "arn:aws:iam::aws:policy/PowerUserAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:39:47+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Effect": "Allow", - "NotAction": [ - "iam:*", - "organizations:*", - "account:*" - ], - "Resource": "*" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole", - "iam:DeleteServiceLinkedRole", - "iam:ListRoles", - "organizations:DescribeOrganization", - "account:ListRegions" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJYRXTHIB4FOVS3ZXS", - "PolicyName": "PowerUserAccess", - "UpdateDate": "2019-03-20T22:19:03+00:00", - "VersionId": "v4" - }, - "QuickSightAccessForS3StorageManagementAnalyticsReadOnly": { - "Arn": "arn:aws:iam::aws:policy/service-role/QuickSightAccessForS3StorageManagementAnalyticsReadOnly", - "AttachmentCount": 0, - "CreateDate": "2017-06-12T18:18:38+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::s3-analytics-export-shared-*" - ] - }, - { - "Action": [ - "s3:GetAnalyticsConfiguration", - "s3:ListAllMyBuckets", - "s3:GetBucketLocation" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIFWG3L3WDMR4I7ZJW", - "PolicyName": "QuickSightAccessForS3StorageManagementAnalyticsReadOnly", - "UpdateDate": "2019-10-08T23:53:11+00:00", - "VersionId": "v4" - }, - "RDSCloudHsmAuthorizationRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/RDSCloudHsmAuthorizationRole", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:29+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "cloudhsm:CreateLunaClient", - "cloudhsm:DeleteLunaClient", - "cloudhsm:DescribeHapg", - "cloudhsm:DescribeLunaClient", - "cloudhsm:GetConfig", - "cloudhsm:ModifyHapg", - "cloudhsm:ModifyLunaClient" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIWKFXRLQG2ROKKXLE", - "PolicyName": "RDSCloudHsmAuthorizationRole", - "UpdateDate": "2019-09-26T22:14:29+00:00", - "VersionId": "v2" - }, - "ReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/ReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:39:48+00:00", - "DefaultVersionId": "v83", - "Document": { - "Statement": [ - { - "Action": [ - "a4b:Get*", - "a4b:List*", - "a4b:Search*", - "access-analyzer:GetAccessPreview", - "access-analyzer:GetAnalyzedResource", - "access-analyzer:GetAnalyzer", - "access-analyzer:GetArchiveRule", - "access-analyzer:GetFinding", - "access-analyzer:GetGeneratedPolicy", - "access-analyzer:ListAccessPreviewFindings", - "access-analyzer:ListAccessPreviews", - "access-analyzer:ListAnalyzedResources", - "access-analyzer:ListAnalyzers", - "access-analyzer:ListArchiveRules", - "access-analyzer:ListFindings", - "access-analyzer:ListPolicyGenerations", - "access-analyzer:ListTagsForResource", - "access-analyzer:ValidatePolicy", - "acm-pca:Describe*", - "acm-pca:Get*", - "acm-pca:List*", - "acm:Describe*", - "acm:Get*", - "acm:List*", - "airflow:ListEnvironments", - "airflow:ListTagsForResource", - "amplify:GetApp", - "amplify:GetBranch", - "amplify:GetDomainAssociation", - "amplify:GetJob", - "amplify:ListApps", - "amplify:ListBranches", - "amplify:ListDomainAssociations", - "amplify:ListJobs", - "apigateway:GET", - "appconfig:GetApplication", - "appconfig:GetConfiguration", - "appconfig:GetConfigurationProfile", - "appconfig:GetDeployment", - "appconfig:GetDeploymentStrategy", - "appconfig:GetEnvironment", - "appconfig:GetHostedConfigurationVersion", - "appconfig:ListApplications", - "appconfig:ListConfigurationProfiles", - "appconfig:ListDeployments", - "appconfig:ListDeploymentStrategies", - "appconfig:ListEnvironments", - "appconfig:ListHostedConfigurationVersions", - "appconfig:ListTagsForResource", - "application-autoscaling:Describe*", - "applicationinsights:Describe*", - "applicationinsights:List*", - "appmesh:Describe*", - "appmesh:List*", - "appstream:Describe*", - "appstream:List*", - "appsync:Get*", - "appsync:List*", - "aps:DescribeAlertManagerDefinition", - "aps:DescribeRuleGroupsNamespace", - "aps:DescribeWorkspace", - "aps:GetAlertManagerSilence", - "aps:GetAlertManagerStatus", - "aps:GetLabels", - "aps:GetMetricMetadata", - "aps:GetSeries", - "aps:ListAlerts", - "aps:ListAlertManagerAlerts", - "aps:ListAlertManagerAlertGroups", - "aps:ListAlertManagerReceivers", - "aps:ListAlertManagerSilences", - "aps:ListRules", - "aps:ListRuleGroupsNamespaces", - "aps:ListTagsForResource", - "aps:ListWorkspaces", - "aps:QueryMetrics", - "athena:Batch*", - "athena:Get*", - "athena:List*", - "auditmanager:GetAccountStatus", - "auditmanager:GetAssessment", - "auditmanager:GetAssessmentFramework", - "auditmanager:GetAssessmentReportUrl", - "auditmanager:GetChangeLogs", - "auditmanager:GetControl", - "auditmanager:GetDelegations", - "auditmanager:GetEvidence", - "auditmanager:GetEvidenceByEvidenceFolder", - "auditmanager:GetEvidenceFolder", - "auditmanager:GetEvidenceFoldersByAssessment", - "auditmanager:GetEvidenceFoldersByAssessmentControl", - "auditmanager:GetOrganizationAdminAccount", - "auditmanager:GetServicesInScope", - "auditmanager:GetSettings", - "auditmanager:ListAssessmentFrameworks", - "auditmanager:ListAssessmentReports", - "auditmanager:ListAssessments", - "auditmanager:ListControls", - "auditmanager:ListKeywordsForDataSource", - "auditmanager:ListNotifications", - "auditmanager:ListTagsForResource", - "auditmanager:ValidateAssessmentReportIntegrity", - "autoscaling-plans:Describe*", - "autoscaling-plans:GetScalingPlanResourceForecastData", - "autoscaling:Describe*", - "aws-portal:View*", - "backup:Describe*", - "backup:Get*", - "backup:List*", - "batch:Describe*", - "batch:List*", - "braket:GetDevice", - "braket:GetQuantumTask", - "braket:SearchDevices", - "braket:SearchQuantumTasks", - "budgets:Describe*", - "budgets:View*", - "cassandra:Select", - "ce:DescribeCostCategoryDefinition", - "ce:DescribeNotificationSubscription", - "ce:DescribeReport", - "ce:GetAnomalies", - "ce:GetAnomalyMonitors", - "ce:GetAnomalySubscriptions", - "ce:GetCostAndUsage", - "ce:GetCostAndUsageWithResources", - "ce:GetCostCategories", - "ce:GetCostForecast", - "ce:GetDimensionValues", - "ce:GetPreferences", - "ce:GetReservationCoverage", - "ce:GetReservationPurchaseRecommendation", - "ce:GetReservationUtilization", - "ce:GetRightsizingRecommendation", - "ce:GetSavingsPlansCoverage", - "ce:GetSavingsPlansPurchaseRecommendation", - "ce:GetSavingsPlansUtilization", - "ce:GetSavingsPlansUtilizationDetails", - "ce:GetTags", - "ce:GetUsageForecast", - "ce:ListCostCategoryDefinitions", - "chatbot:Describe*", - "chatbot:Get*", - "chime:Get*", - "chime:List*", - "chime:Retrieve*", - "chime:Search*", - "chime:Validate*", - "cloud9:Describe*", - "cloud9:List*", - "clouddirectory:BatchRead", - "clouddirectory:Get*", - "clouddirectory:List*", - "clouddirectory:LookupPolicy", - "cloudformation:Describe*", - "cloudformation:Detect*", - "cloudformation:Estimate*", - "cloudformation:Get*", - "cloudformation:List*", - "cloudfront:DescribeFunction", - "cloudfront:Get*", - "cloudfront:List*", - "cloudhsm:Describe*", - "cloudhsm:Get*", - "cloudhsm:List*", - "cloudsearch:Describe*", - "cloudsearch:List*", - "cloudtrail:Describe*", - "cloudtrail:Get*", - "cloudtrail:List*", - "cloudtrail:LookupEvents", - "cloudwatch:Describe*", - "cloudwatch:Get*", - "cloudwatch:List*", - "codeartifact:DescribeDomain", - "codeartifact:DescribePackageVersion", - "codeartifact:DescribeRepository", - "codeartifact:GetAuthorizationToken", - "codeartifact:GetDomainPermissionsPolicy", - "codeartifact:GetPackageVersionAsset", - "codeartifact:GetPackageVersionReadme", - "codeartifact:GetRepositoryEndpoint", - "codeartifact:GetRepositoryPermissionsPolicy", - "codeartifact:ListDomains", - "codeartifact:ListPackages", - "codeartifact:ListPackageVersionAssets", - "codeartifact:ListPackageVersionDependencies", - "codeartifact:ListPackageVersions", - "codeartifact:ListRepositories", - "codeartifact:ListRepositoriesInDomain", - "codeartifact:ListTagsForResource", - "codeartifact:ReadFromRepository", - "codebuild:BatchGet*", - "codebuild:DescribeCodeCoverages", - "codebuild:DescribeTestCases", - "codebuild:List*", - "codecommit:BatchGet*", - "codecommit:Describe*", - "codecommit:Get*", - "codecommit:GitPull", - "codecommit:List*", - "codedeploy:BatchGet*", - "codedeploy:Get*", - "codedeploy:List*", - "codeguru-profiler:Describe*", - "codeguru-profiler:Get*", - "codeguru-profiler:List*", - "codeguru-reviewer:Describe*", - "codeguru-reviewer:Get*", - "codeguru-reviewer:List*", - "codepipeline:Get*", - "codepipeline:List*", - "codestar-connections:GetConnection", - "codestar-connections:GetHost", - "codestar-connections:ListConnections", - "codestar-connections:ListHosts", - "codestar-connections:ListTagsForResource", - "codestar-notifications:describeNotificationRule", - "codestar-notifications:listEventTypes", - "codestar-notifications:listNotificationRules", - "codestar-notifications:listTagsForResource", - "codestar-notifications:ListTargets", - "codestar:Describe*", - "codestar:Get*", - "codestar:List*", - "codestar:Verify*", - "cognito-identity:Describe*", - "cognito-identity:GetCredentialsForIdentity", - "cognito-identity:GetIdentityPoolRoles", - "cognito-identity:GetOpenIdToken", - "cognito-identity:GetOpenIdTokenForDeveloperIdentity", - "cognito-identity:List*", - "cognito-identity:Lookup*", - "cognito-idp:AdminGet*", - "cognito-idp:AdminList*", - "cognito-idp:Describe*", - "cognito-idp:Get*", - "cognito-idp:List*", - "cognito-sync:Describe*", - "cognito-sync:Get*", - "cognito-sync:List*", - "cognito-sync:QueryRecords", - "compute-optimizer:DescribeRecommendationExportJobs", - "compute-optimizer:GetAutoScalingGroupRecommendations", - "compute-optimizer:GetEBSVolumeRecommendations", - "compute-optimizer:GetEC2InstanceRecommendations", - "compute-optimizer:GetEC2RecommendationProjectedMetrics", - "compute-optimizer:GetEnrollmentStatus", - "compute-optimizer:GetEnrollmentStatusesForOrganization", - "compute-optimizer:GetLambdaFunctionRecommendations", - "compute-optimizer:GetRecommendationSummaries", - "config:BatchGetAggregateResourceConfig", - "config:BatchGetResourceConfig", - "config:Deliver*", - "config:Describe*", - "config:Get*", - "config:List*", - "config:SelectAggregateResourceConfig", - "config:SelectResourceConfig", - "connect:Describe*", - "connect:GetFederationToken", - "connect:List*", - "dataexchange:Get*", - "dataexchange:List*", - "datapipeline:Describe*", - "datapipeline:EvaluateExpression", - "datapipeline:Get*", - "datapipeline:List*", - "datapipeline:QueryObjects", - "datapipeline:Validate*", - "datasync:Describe*", - "datasync:List*", - "dax:BatchGetItem", - "dax:Describe*", - "dax:GetItem", - "dax:ListTags", - "dax:Query", - "dax:Scan", - "deepcomposer:GetComposition", - "deepcomposer:GetModel", - "deepcomposer:GetSampleModel", - "deepcomposer:ListCompositions", - "deepcomposer:ListModels", - "deepcomposer:ListSampleModels", - "deepcomposer:ListTrainingTopics", - "detective:Get*", - "detective:List*", - "detective:SearchGraph", - "devicefarm:Get*", - "devicefarm:List*", - "devops-guru:DescribeAccountHealth", - "devops-guru:DescribeAccountOverview", - "devops-guru:DescribeAnomaly", - "devops-guru:DescribeFeedback", - "devops-guru:DescribeInsight", - "devops-guru:DescribeResourceCollectionHealth", - "devops-guru:DescribeServiceIntegration", - "devops-guru:GetCostEstimation", - "devops-guru:GetResourceCollection", - "devops-guru:ListAnomaliesForInsight", - "devops-guru:ListEvents", - "devops-guru:ListInsights", - "devops-guru:ListNotificationChannels", - "devops-guru:ListRecommendations", - "devops-guru:SearchInsights", - "devops-guru:StartCostEstimation", - "directconnect:Describe*", - "discovery:Describe*", - "discovery:Get*", - "discovery:List*", - "dlm:Get*", - "dms:Describe*", - "dms:List*", - "dms:Test*", - "ds:Check*", - "ds:Describe*", - "ds:Get*", - "ds:List*", - "ds:Verify*", - "dynamodb:BatchGet*", - "dynamodb:Describe*", - "dynamodb:Get*", - "dynamodb:List*", - "dynamodb:Query", - "dynamodb:Scan", - "ec2:Describe*", - "ec2:Get*", - "ec2:ListSnapshotsInRecycleBin", - "ec2:SearchLocalGatewayRoutes", - "ec2:SearchTransitGatewayRoutes", - "ec2messages:Get*", - "ecr-public:BatchCheckLayerAvailability", - "ecr-public:DescribeImages", - "ecr-public:DescribeImageTags", - "ecr-public:DescribeRegistries", - "ecr-public:DescribeRepositories", - "ecr-public:GetAuthorizationToken", - "ecr-public:GetRegistryCatalogData", - "ecr-public:GetRepositoryCatalogData", - "ecr-public:GetRepositoryPolicy", - "ecr-public:ListTagsForResource", - "ecr:BatchCheck*", - "ecr:BatchGet*", - "ecr:Describe*", - "ecr:Get*", - "ecr:List*", - "ecs:Describe*", - "ecs:List*", - "eks:Describe*", - "eks:List*", - "elasticache:Describe*", - "elasticache:List*", - "elasticbeanstalk:Check*", - "elasticbeanstalk:Describe*", - "elasticbeanstalk:List*", - "elasticbeanstalk:Request*", - "elasticbeanstalk:Retrieve*", - "elasticbeanstalk:Validate*", - "elasticfilesystem:Describe*", - "elasticloadbalancing:Describe*", - "elasticmapreduce:Describe*", - "elasticmapreduce:GetBlockPublicAccessConfiguration", - "elasticmapreduce:List*", - "elasticmapreduce:View*", - "elastictranscoder:List*", - "elastictranscoder:Read*", - "elemental-appliances-software:Get*", - "elemental-appliances-software:List*", - "emr-containers:DescribeJobRun", - "emr-containers:DescribeManagedEndpoint", - "emr-containers:DescribeVirtualCluster", - "emr-containers:ListJobRuns", - "emr-containers:ListManagedEndpoints", - "emr-containers:ListVirtualClusters", - "emr-containers:ListTagsForResource", - "es:Describe*", - "es:ESHttpGet", - "es:ESHttpHead", - "es:Get*", - "es:List*", - "events:Describe*", - "events:List*", - "events:Test*", - "firehose:Describe*", - "firehose:List*", - "fis:GetAction", - "fis:GetExperiment", - "fis:GetExperimentTemplate", - "fis:ListActions", - "fis:ListExperiments", - "fis:ListExperimentTemplates", - "fis:ListTagsForResource", - "fms:GetAdminAccount", - "fms:GetAppsList", - "fms:GetComplianceDetail", - "fms:GetNotificationChannel", - "fms:GetPolicy", - "fms:GetProtectionStatus", - "fms:GetProtocolsList", - "fms:GetViolationDetails", - "fms:ListAppsLists", - "fms:ListComplianceStatus", - "fms:ListMemberAccounts", - "fms:ListPolicies", - "fms:ListProtocolsLists", - "fms:ListTagsForResource", - "forecast:DescribeDataset", - "forecast:DescribeDatasetGroup", - "forecast:DescribeDatasetImportJob", - "forecast:DescribeForecast", - "forecast:DescribeForecastExportJob", - "forecast:DescribePredictor", - "forecast:DescribePredictorBacktestExportJob", - "forecast:GetAccuracyMetrics", - "forecast:ListDatasetGroups", - "forecast:ListDatasetImportJobs", - "forecast:ListDatasets", - "forecast:ListForecastExportJobs", - "forecast:ListForecasts", - "forecast:ListPredictorBacktestExportJobs", - "forecast:ListPredictors", - "forecast:QueryForecast", - "freertos:Describe*", - "freertos:List*", - "fsx:Describe*", - "fsx:List*", - "gamelift:Describe*", - "gamelift:Get*", - "gamelift:List*", - "gamelift:ResolveAlias", - "gamelift:Search*", - "glacier:Describe*", - "glacier:Get*", - "glacier:List*", - "globalaccelerator:Describe*", - "globalaccelerator:List*", - "glue:BatchGetDevEndpoints", - "glue:BatchGetJobs", - "glue:BatchGetPartition", - "glue:BatchGetTriggers", - "glue:BatchGetWorkflows", - "glue:CheckSchemaVersionValidity", - "glue:GetCatalogImportStatus", - "glue:GetClassifier", - "glue:GetClassifiers", - "glue:GetCrawler", - "glue:GetCrawlerMetrics", - "glue:GetCrawlers", - "glue:GetDatabase", - "glue:GetDatabases", - "glue:GetDataCatalogEncryptionSettings", - "glue:GetDataflowGraph", - "glue:GetDevEndpoint", - "glue:GetDevEndpoints", - "glue:GetJob", - "glue:GetJobBookmark", - "glue:GetJobRun", - "glue:GetJobRuns", - "glue:GetJobs", - "glue:GetMapping", - "glue:GetMLTaskRun", - "glue:GetMLTaskRuns", - "glue:GetMLTransform", - "glue:GetMLTransforms", - "glue:GetPartition", - "glue:GetPartitions", - "glue:GetPlan", - "glue:GetRegistry", - "glue:GetResourcePolicy", - "glue:GetSchema", - "glue:GetSchemaByDefinition", - "glue:GetSchemaVersion", - "glue:GetSchemaVersionsDiff", - "glue:GetSecurityConfiguration", - "glue:GetSecurityConfigurations", - "glue:GetTable", - "glue:GetTables", - "glue:GetTableVersion", - "glue:GetTableVersions", - "glue:GetTags", - "glue:GetTrigger", - "glue:GetTriggers", - "glue:GetUserDefinedFunction", - "glue:GetUserDefinedFunctions", - "glue:GetWorkflow", - "glue:GetWorkflowRun", - "glue:GetWorkflowRunProperties", - "glue:GetWorkflowRuns", - "glue:ListCrawlers", - "glue:ListDevEndpoints", - "glue:ListJobs", - "glue:ListMLTransforms", - "glue:ListRegistries", - "glue:ListSchemas", - "glue:ListSchemaVersions", - "glue:ListTriggers", - "glue:ListWorkflows", - "glue:QuerySchemaVersionMetadata", - "greengrass:DescribeComponent", - "greengrass:Get*", - "greengrass:List*", - "groundstation:DescribeContact", - "groundstation:GetConfig", - "groundstation:GetDataflowEndpointGroup", - "groundstation:GetMinuteUsage", - "groundstation:GetMissionProfile", - "groundstation:GetSatellite", - "groundstation:ListConfigs", - "groundstation:ListContacts", - "groundstation:ListDataflowEndpointGroups", - "groundstation:ListGroundStations", - "groundstation:ListMissionProfiles", - "groundstation:ListSatellites", - "groundstation:ListTagsForResource", - "guardduty:DescribeOrganizationConfiguration", - "guardduty:DescribePublishingDestination", - "guardduty:Get*", - "guardduty:List*", - "health:Describe*", - "iam:Generate*", - "iam:Get*", - "iam:List*", - "iam:Simulate*", - "imagebuilder:Get*", - "imagebuilder:List*", - "importexport:Get*", - "importexport:List*", - "inspector:Describe*", - "inspector:Get*", - "inspector:List*", - "inspector:Preview*", - "iot:Describe*", - "iot:Get*", - "iot:List*", - "iot1click:DescribeDevice", - "iot1click:DescribePlacement", - "iot1click:DescribeProject", - "iot1click:GetDeviceMethods", - "iot1click:GetDevicesInPlacement", - "iot1click:ListDeviceEvents", - "iot1click:ListDevices", - "iot1click:ListPlacements", - "iot1click:ListProjects", - "iot1click:ListTagsForResource", - "iotanalytics:Describe*", - "iotanalytics:Get*", - "iotanalytics:List*", - "iotanalytics:SampleChannelData", - "iotevents:DescribeAlarm", - "iotevents:DescribeAlarmModel", - "iotevents:DescribeDetector", - "iotevents:DescribeDetectorModel", - "iotevents:DescribeInput", - "iotevents:DescribeLoggingOptions", - "iotevents:ListAlarmModels", - "iotevents:ListAlarmModelVersions", - "iotevents:ListAlarms", - "iotevents:ListDetectorModels", - "iotevents:ListDetectorModelVersions", - "iotevents:ListDetectors", - "iotevents:ListInputs", - "iotevents:ListTagsForResource", - "iotfleethub:DescribeApplication", - "iotfleethub:ListApplications", - "iotroborunner:GetAction", - "iotroborunner:GetActionTemplate", - "iotroborunner:GetActivity", - "iotroborunner:GetDestination", - "iotroborunner:GetDestinationRelationship", - "iotroborunner:GetSite", - "iotroborunner:GetTask", - "iotroborunner:GetWorker", - "iotroborunner:GetWorkerFleet", - "iotroborunner:ListActions", - "iotroborunner:ListActionTemplates", - "iotroborunner:ListActivities", - "iotroborunner:ListDestinations", - "iotroborunner:ListDestinationRelationships", - "iotroborunner:ListSites", - "iotroborunner:ListTasks", - "iotroborunner:ListWorkers", - "iotroborunner:ListWorkerFleets", - "iotsitewise:Describe*", - "iotsitewise:Get*", - "iotsitewise:List*", - "iotwireless:GetDestination", - "iotwireless:GetDeviceProfile", - "iotwireless:GetPartnerAccount", - "iotwireless:GetServiceEndpoint", - "iotwireless:GetServiceProfile", - "iotwireless:GetWirelessDevice", - "iotwireless:GetWirelessDeviceStatistics", - "iotwireless:GetWirelessGateway", - "iotwireless:GetWirelessGatewayCertificate", - "iotwireless:GetWirelessGatewayFirmwareInformation", - "iotwireless:GetWirelessGatewayStatistics", - "iotwireless:GetWirelessGatewayTask", - "iotwireless:GetWirelessGatewayTaskDefinition", - "iotwireless:ListDestinations", - "iotwireless:ListDeviceProfiles", - "iotwireless:ListPartnerAccounts", - "iotwireless:ListServiceProfiles", - "iotwireless:ListTagsForResource", - "iotwireless:ListWirelessDevices", - "iotwireless:ListWirelessGateways", - "iotwireless:ListWirelessGatewayTaskDefinitions", - "ivs:BatchGetChannel", - "ivs:GetChannel", - "ivs:GetPlaybackKeyPair", - "ivs:GetRecordingConfiguration", - "ivs:ListChannels", - "ivs:ListPlaybackKeyPairs", - "ivs:ListRecordingConfigurations", - "ivs:ListStreams", - "ivs:ListTagsForResource", - "kafka:Describe*", - "kafka:Get*", - "kafka:List*", - "kafkaconnect:DescribeConnector", - "kafkaconnect:DescribeCustomPlugin", - "kafkaconnect:DescribeWorkerConfiguration", - "kafkaconnect:ListConnectors", - "kafkaconnect:ListCustomPlugins", - "kafkaconnect:ListWorkerConfigurations", - "kendra:DescribeDataSource", - "kendra:DescribeFaq", - "kendra:DescribeIndex", - "kendra:DescribeQuerySuggestionsBlockList", - "kendra:DescribeQuerySuggestionsConfig", - "kendra:DescribeThesaurus", - "kendra:GetQuerySuggestions", - "kendra:ListDataSources", - "kendra:ListDataSourceSyncJobs", - "kendra:ListFaqs", - "kendra:ListIndices", - "kendra:ListQuerySuggestionsBlockLists", - "kendra:ListTagsForResource", - "kendra:ListThesauri", - "kendra:Query", - "kinesis:Describe*", - "kinesis:Get*", - "kinesis:List*", - "kinesisanalytics:Describe*", - "kinesisanalytics:Discover*", - "kinesisanalytics:Get*", - "kinesisanalytics:List*", - "kinesisvideo:Describe*", - "kinesisvideo:Get*", - "kinesisvideo:List*", - "kms:Describe*", - "kms:Get*", - "kms:List*", - "lambda:Get*", - "lambda:List*", - "lex:DescribeBot", - "lex:DescribeBotAlias", - "lex:DescribeBotChannel", - "lex:DescribeBotLocale", - "lex:DescribeBotVersion", - "lex:DescribeExport", - "lex:DescribeImport", - "lex:DescribeIntent", - "lex:DescribeResourcePolicy", - "lex:DescribeSlot", - "lex:DescribeSlotType", - "lex:Get*", - "lex:ListBotAliases", - "lex:ListBotChannels", - "lex:ListBotLocales", - "lex:ListBots", - "lex:ListBotVersions", - "lex:ListBuiltInIntents", - "lex:ListBuiltInSlotTypes", - "lex:ListExports", - "lex:ListImports", - "lex:ListIntents", - "lex:ListSlots", - "lex:ListSlotTypes", - "lex:ListTagsForResource", - "license-manager:Get*", - "license-manager:List*", - "lightsail:GetActiveNames", - "lightsail:GetAlarms", - "lightsail:GetAutoSnapshots", - "lightsail:GetBlueprints", - "lightsail:GetBucketAccessKeys", - "lightsail:GetBucketBundles", - "lightsail:GetBucketMetricData", - "lightsail:GetBuckets", - "lightsail:GetBundles", - "lightsail:GetCertificates", - "lightsail:GetCloudFormationStackRecords", - "lightsail:GetContainerAPIMetadata", - "lightsail:GetContainerImages", - "lightsail:GetContainerServiceDeployments", - "lightsail:GetContainerServiceMetricData", - "lightsail:GetContainerServicePowers", - "lightsail:GetContainerServices", - "lightsail:GetDisk", - "lightsail:GetDisks", - "lightsail:GetDiskSnapshot", - "lightsail:GetDiskSnapshots", - "lightsail:GetDistributionBundles", - "lightsail:GetDistributionLatestCacheReset", - "lightsail:GetDistributionMetricData", - "lightsail:GetDistributions", - "lightsail:GetDomain", - "lightsail:GetDomains", - "lightsail:GetExportSnapshotRecords", - "lightsail:GetInstance", - "lightsail:GetInstanceMetricData", - "lightsail:GetInstancePortStates", - "lightsail:GetInstances", - "lightsail:GetInstanceSnapshot", - "lightsail:GetInstanceSnapshots", - "lightsail:GetInstanceState", - "lightsail:GetKeyPair", - "lightsail:GetKeyPairs", - "lightsail:GetLoadBalancer", - "lightsail:GetLoadBalancerMetricData", - "lightsail:GetLoadBalancers", - "lightsail:GetLoadBalancerTlsCertificates", - "lightsail:GetOperation", - "lightsail:GetOperations", - "lightsail:GetOperationsForResource", - "lightsail:GetRegions", - "lightsail:GetRelationalDatabase", - "lightsail:GetRelationalDatabaseBlueprints", - "lightsail:GetRelationalDatabaseBundles", - "lightsail:GetRelationalDatabaseEvents", - "lightsail:GetRelationalDatabaseLogEvents", - "lightsail:GetRelationalDatabaseLogStreams", - "lightsail:GetRelationalDatabaseMetricData", - "lightsail:GetRelationalDatabaseParameters", - "lightsail:GetRelationalDatabases", - "lightsail:GetRelationalDatabaseSnapshot", - "lightsail:GetRelationalDatabaseSnapshots", - "lightsail:GetStaticIp", - "lightsail:GetStaticIps", - "lightsail:Is*", - "logs:Describe*", - "logs:FilterLogEvents", - "logs:Get*", - "logs:ListTagsLogGroup", - "logs:StartQuery", - "logs:StopQuery", - "logs:TestMetricFilter", - "lookoutvision:DescribeDataset", - "lookoutvision:DescribeModel", - "lookoutvision:DescribeModelPackagingJob", - "lookoutvision:DescribeProject", - "lookoutvision:ListDatasetEntries", - "lookoutvision:ListModels", - "lookoutvision:ListModelPackagingJobs", - "lookoutvision:ListProjects", - "lookoutvision:ListTagsForResource", - "machinelearning:Describe*", - "machinelearning:Get*", - "macie:ListMemberAccounts", - "macie:ListS3Resources", - "macie2:BatchGetCustomDataIdentifiers", - "macie2:DescribeBuckets", - "macie2:DescribeClassificationJob", - "macie2:DescribeOrganizationConfiguration", - "macie2:GetAdministratorAccount", - "macie2:GetBucketStatistics", - "macie2:GetClassificationExportConfiguration", - "macie2:GetCustomDataIdentifier", - "macie2:GetFindings", - "macie2:GetFindingsFilter", - "macie2:GetFindingsPublicationConfiguration", - "macie2:GetFindingStatistics", - "macie2:GetInvitationsCount", - "macie2:GetMacieSession", - "macie2:GetMember", - "macie2:GetUsageStatistics", - "macie2:GetUsageTotals", - "macie2:ListClassificationJobs", - "macie2:ListCustomDataIdentifiers", - "macie2:ListFindings", - "macie2:ListFindingsFilters", - "macie2:ListInvitations", - "macie2:ListMembers", - "macie2:ListOrganizationAdminAccounts", - "macie2:ListTagsForResource", - "macie2:SearchResources", - "managedblockchain:GetNetwork", - "managedblockchain:GetProposal", - "managedblockchain:GetMember", - "managedblockchain:GetNode", - "managedblockchain:ListNetworks", - "managedblockchain:ListProposals", - "managedblockchain:ListProposalVotes", - "managedblockchain:ListInvitations", - "managedblockchain:ListMembers", - "managedblockchain:ListNodes", - "managedblockchain:ListTagsForResource", - "mediaconnect:DescribeFlow", - "mediaconnect:DescribeOffering", - "mediaconnect:DescribeReservation", - "mediaconnect:ListFlows", - "mediaconvert:DescribeEndpoints", - "mediaconvert:Get*", - "mediaconvert:List*", - "mediapackage:Describe*", - "mediapackage:List*", - "mediastore:DescribeContainer", - "mediastore:DescribeObject", - "mediastore:GetContainerPolicy", - "mediastore:GetCorsPolicy", - "mediastore:GetLifecyclePolicy", - "mediastore:GetMetricPolicy", - "mediastore:GetObject", - "mediastore:ListContainers", - "mediastore:ListItems", - "mediastore:ListTagsForResource", - "mgh:Describe*", - "mgh:GetHomeRegion", - "mgh:List*", - "mgn:DescribeJobLogItems", - "mgn:DescribeJobs", - "mgn:DescribeReplicationConfigurationTemplates", - "mgn:DescribeSourceServers", - "mgn:GetLaunchConfiguration", - "mgn:GetReplicationConfiguration", - "mobileanalytics:Get*", - "mobilehub:Describe*", - "mobilehub:Export*", - "mobilehub:Generate*", - "mobilehub:Get*", - "mobilehub:List*", - "mobilehub:Validate*", - "mobilehub:Verify*", - "mobiletargeting:Get*", - "mobiletargeting:List*", - "monitron:GetProject", - "monitron:GetProjectAdminUser", - "monitron:ListProjects", - "monitron:ListTagsForResource", - "mq:Describe*", - "mq:List*", - "network-firewall:DescribeFirewall", - "network-firewall:DescribeFirewallPolicy", - "network-firewall:DescribeLoggingConfiguration", - "network-firewall:DescribeResourcePolicy", - "network-firewall:DescribeRuleGroup", - "network-firewall:DescribeRuleGroupMetadata", - "network-firewall:ListFirewallPolicies", - "network-firewall:ListFirewalls", - "network-firewall:ListRuleGroups", - "network-firewall:ListTagsForResource", - "networkmanager:DescribeGlobalNetworks", - "networkmanager:GetConnections", - "networkmanager:GetCustomerGatewayAssociations", - "networkmanager:GetDevices", - "networkmanager:GetLinkAssociations", - "networkmanager:GetLinks", - "networkmanager:GetSites", - "networkmanager:GetTransitGatewayConnectPeerAssociations", - "networkmanager:GetTransitGatewayRegistrations", - "opsworks-cm:Describe*", - "opsworks-cm:List*", - "opsworks:Describe*", - "opsworks:Get*", - "organizations:Describe*", - "organizations:List*", - "outposts:Get*", - "outposts:List*", - "personalize:Describe*", - "personalize:Get*", - "personalize:List*", - "pi:DescribeDimensionKeys", - "pi:GetDimensionKeyDetails", - "pi:GetResourceMetadata", - "pi:GetResourceMetrics", - "pi:ListAvailableResourceDimensions", - "pi:ListAvailableResourceMetrics", - "polly:Describe*", - "polly:Get*", - "polly:List*", - "polly:SynthesizeSpeech", - "proton:GetEnvironment", - "proton:GetEnvironmentTemplate", - "proton:GetEnvironmentTemplateVersion", - "proton:GetService", - "proton:GetServiceInstance", - "proton:GetServiceTemplate", - "proton:GetServiceTemplateVersion", - "proton:ListEnvironmentAccountConnections", - "proton:ListEnvironments", - "proton:ListEnvironmentTemplates", - "proton:ListServiceInstances", - "proton:ListServices", - "proton:ListServiceTemplates", - "proton:ListTagsForResource", - "qldb:DescribeJournalS3Export", - "qldb:DescribeLedger", - "qldb:GetBlock", - "qldb:GetDigest", - "qldb:GetRevision", - "qldb:ListJournalS3Exports", - "qldb:ListJournalS3ExportsForLedger", - "qldb:ListLedgers", - "qldb:ListTagsForResource", - "ram:Get*", - "ram:List*", - "rbin:GetRule", - "rbin:ListRules", - "rbin:ListTagsForResource", - "rds:Describe*", - "rds:Download*", - "rds:List*", - "redshift:Describe*", - "redshift:GetReservedNodeExchangeOfferings", - "redshift:View*", - "rekognition:CompareFaces", - "rekognition:Detect*", - "rekognition:List*", - "rekognition:Search*", - "resiliencehub:DescribeApp", - "resiliencehub:DescribeAppAssessment", - "resiliencehub:DescribeAppVersionResourcesResolutionStatus", - "resiliencehub:DescribeAppVersionTemplate", - "resiliencehub:DescribeDraftAppVersionResourcesImportStatus", - "resiliencehub:DescribeResiliencyPolicy", - "resiliencehub:ListAlarmRecommendations", - "resiliencehub:ListAppAssessments", - "resiliencehub:ListAppComponentCompliances", - "resiliencehub:ListAppComponentRecommendations", - "resiliencehub:ListAppVersionResourceMappings", - "resiliencehub:ListAppVersionResources", - "resiliencehub:ListAppVersions", - "resiliencehub:ListApps", - "resiliencehub:ListRecommendationTemplates", - "resiliencehub:ListResiliencyPolicies", - "resiliencehub:ListSopRecommendations", - "resiliencehub:ListSuggestedResiliencyPolicies", - "resiliencehub:ListTagsForResource", - "resiliencehub:ListTestRecommendations", - "resiliencehub:ListUnsupportedAppVersionResources", - "resource-groups:Get*", - "resource-groups:List*", - "resource-groups:Search*", - "robomaker:BatchDescribe*", - "robomaker:Describe*", - "robomaker:Get*", - "robomaker:List*", - "route53-recovery-cluster:Get*", - "route53-recovery-control-config:Describe*", - "route53-recovery-control-config:List*", - "route53-recovery-readiness:Get*", - "route53-recovery-readiness:List*", - "route53:Get*", - "route53:List*", - "route53:Test*", - "route53domains:Check*", - "route53domains:Get*", - "route53domains:List*", - "route53domains:View*", - "route53resolver:Get*", - "route53resolver:List*", - "s3-object-lambda:GetObject", - "s3-object-lambda:GetObjectAcl", - "s3-object-lambda:GetObjectLegalHold", - "s3-object-lambda:GetObjectRetention", - "s3-object-lambda:GetObjectTagging", - "s3-object-lambda:GetObjectVersion", - "s3-object-lambda:GetObjectVersionAcl", - "s3-object-lambda:GetObjectVersionTagging", - "s3-object-lambda:ListBucket", - "s3-object-lambda:ListBucketMultipartUploads", - "s3-object-lambda:ListBucketVersions", - "s3-object-lambda:ListMultipartUploadParts", - "s3:DescribeJob", - "s3:Get*", - "s3:List*", - "sagemaker:Describe*", - "sagemaker:GetSearchSuggestions", - "sagemaker:List*", - "sagemaker:Search", - "savingsplans:DescribeSavingsPlanRates", - "savingsplans:DescribeSavingsPlans", - "savingsplans:DescribeSavingsPlansOfferingRates", - "savingsplans:DescribeSavingsPlansOfferings", - "savingsplans:ListTagsForResource", - "schemas:Describe*", - "schemas:Get*", - "schemas:List*", - "schemas:Search*", - "sdb:Get*", - "sdb:List*", - "sdb:Select*", - "secretsmanager:Describe*", - "secretsmanager:GetResourcePolicy", - "secretsmanager:List*", - "securityhub:Describe*", - "securityhub:Get*", - "securityhub:List*", - "serverlessrepo:Get*", - "serverlessrepo:List*", - "serverlessrepo:SearchApplications", - "servicecatalog:Describe*", - "servicecatalog:GetApplication", - "servicecatalog:GetAttributeGroup", - "servicecatalog:List*", - "servicecatalog:Scan*", - "servicecatalog:Search*", - "servicediscovery:Get*", - "servicediscovery:List*", - "servicequotas:GetAssociationForServiceQuotaTemplate", - "servicequotas:GetAWSDefaultServiceQuota", - "servicequotas:GetRequestedServiceQuotaChange", - "servicequotas:GetServiceQuota", - "servicequotas:GetServiceQuotaIncreaseRequestFromTemplate", - "servicequotas:ListAWSDefaultServiceQuotas", - "servicequotas:ListRequestedServiceQuotaChangeHistory", - "servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota", - "servicequotas:ListServiceQuotaIncreaseRequestsInTemplate", - "servicequotas:ListServiceQuotas", - "servicequotas:ListServices", - "ses:Describe*", - "ses:Get*", - "ses:List*", - "shield:Describe*", - "shield:Get*", - "shield:List*", - "signer:DescribeSigningJob", - "signer:GetSigningPlatform", - "signer:GetSigningProfile", - "signer:ListProfilePermissions", - "signer:ListSigningJobs", - "signer:ListSigningPlatforms", - "signer:ListSigningProfiles", - "signer:ListTagsForResource", - "snowball:Describe*", - "snowball:Get*", - "snowball:List*", - "sns:Check*", - "sns:Get*", - "sns:List*", - "sqs:Get*", - "sqs:List*", - "sqs:Receive*", - "ssm-contacts:DescribeEngagement", - "ssm-contacts:DescribePage", - "ssm-contacts:GetContact", - "ssm-contacts:GetContactChannel", - "ssm-contacts:ListContactChannels", - "ssm-contacts:ListContacts", - "ssm-contacts:ListEngagements", - "ssm-contacts:ListPageReceipts", - "ssm-contacts:ListPagesByContact", - "ssm-contacts:ListPagesByEngagement", - "ssm-incidents:GetIncidentRecord", - "ssm-incidents:GetReplicationSet", - "ssm-incidents:GetResourcePolicies", - "ssm-incidents:GetResponsePlan", - "ssm-incidents:GetTimelineEvent", - "ssm-incidents:ListIncidentRecords", - "ssm-incidents:ListRelatedItems", - "ssm-incidents:ListReplicationSets", - "ssm-incidents:ListResponsePlans", - "ssm-incidents:ListTagsForResource", - "ssm-incidents:ListTimelineEvents", - "ssm:Describe*", - "ssm:Get*", - "ssm:List*", - "sso-directory:Describe*", - "sso-directory:List*", - "sso-directory:Search*", - "sso:Describe*", - "sso:Get*", - "sso:List*", - "sso:Search*", - "states:Describe*", - "states:GetExecutionHistory", - "states:List*", - "storagegateway:Describe*", - "storagegateway:List*", - "sts:GetAccessKeyInfo", - "sts:GetCallerIdentity", - "sts:GetSessionToken", - "support:DescribeCases", - "swf:Count*", - "swf:Describe*", - "swf:Get*", - "swf:List*", - "synthetics:Describe*", - "synthetics:Get*", - "synthetics:List*", - "tag:Get*", - "timestream:DescribeDatabase", - "timestream:DescribeEndpoints", - "timestream:DescribeTable", - "timestream:ListDatabases", - "timestream:ListMeasures", - "timestream:ListTables", - "timestream:ListTagsForResource", - "transcribe:Get*", - "transcribe:List*", - "transfer:Describe*", - "transfer:List*", - "transfer:TestIdentityProvider", - "trustedadvisor:Describe*", - "waf-regional:Get*", - "waf-regional:List*", - "waf:Get*", - "waf:List*", - "wafv2:CheckCapacity", - "wafv2:Describe*", - "wafv2:Get*", - "wafv2:List*", - "workdocs:CheckAlias", - "workdocs:Describe*", - "workdocs:Get*", - "worklink:Describe*", - "worklink:List*", - "workmail:Describe*", - "workmail:Get*", - "workmail:List*", - "workmail:Search*", - "workspaces:Describe*", - "xray:BatchGet*", - "xray:Get*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAILL3HVNFSB6DCOWYQ", - "PolicyName": "ReadOnlyAccess", - "UpdateDate": "2022-02-16T20:46:04+00:00", - "VersionId": "v83" - }, - "ResourceGroupsandTagEditorFullAccess": { - "Arn": "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:39:53+00:00", - "DefaultVersionId": "v5", - "Document": { - "Statement": [ - { - "Action": [ - "tag:getResources", - "tag:getTagKeys", - "tag:getTagValues", - "tag:TagResources", - "tag:UntagResources", - "resource-groups:*", - "cloudformation:DescribeStacks", - "cloudformation:ListStackResources" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJNOS54ZFXN4T2Y34A", - "PolicyName": "ResourceGroupsandTagEditorFullAccess", - "UpdateDate": "2019-10-02T23:57:57+00:00", - "VersionId": "v5" - }, - "ResourceGroupsandTagEditorReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:39:54+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "tag:getResources", - "tag:getTagKeys", - "tag:getTagValues", - "resource-groups:Get*", - "resource-groups:List*", - "resource-groups:Search*", - "cloudformation:DescribeStacks", - "cloudformation:ListStackResources" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJHXQTPI5I5JKAIU74", - "PolicyName": "ResourceGroupsandTagEditorReadOnlyAccess", - "UpdateDate": "2019-03-07T19:43:17+00:00", - "VersionId": "v2" - }, - "Route53RecoveryReadinessServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/Route53RecoveryReadinessServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2021-07-15T16:06:21+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "dynamodb:DescribeReservedCapacity", - "dynamodb:DescribeReservedCapacityOfferings" - ], - "Effect": "Allow", - "Resource": "arn:aws:dynamodb:*:*:*" - }, - { - "Action": [ - "dynamodb:DescribeTable", - "dynamodb:DescribeTimeToLive" - ], - "Effect": "Allow", - "Resource": "arn:aws:dynamodb:*:*:table/*" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringLike": { - "iam:AWSServiceName": "servicequotas.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:iam::*:role/aws-service-role/servicequotas.amazonaws.com/AWSServiceRoleForServiceQuotas" - }, - { - "Action": [ - "lambda:GetFunctionConcurrency", - "lambda:GetFunctionConfiguration", - "lambda:GetProvisionedConcurrencyConfig", - "lambda:ListAliases", - "lambda:ListVersionsByFunction" - ], - "Effect": "Allow", - "Resource": "arn:aws:lambda:*:*:function:*" - }, - { - "Action": [ - "rds:DescribeDBClusters" - ], - "Effect": "Allow", - "Resource": "arn:aws:rds:*:*:cluster:*" - }, - { - "Action": [ - "rds:DescribeDBInstances" - ], - "Effect": "Allow", - "Resource": "arn:aws:rds:*:*:db:*" - }, - { - "Action": [ - "route53:ListResourceRecordSets" - ], - "Effect": "Allow", - "Resource": "arn:aws:route53:::hostedzone/*" - }, - { - "Action": [ - "route53:GetHealthCheck", - "route53:GetHealthCheckStatus" - ], - "Effect": "Allow", - "Resource": "arn:aws:route53:::healthcheck/*" - }, - { - "Action": [ - "servicequotas:RequestServiceQuotaIncrease" - ], - "Effect": "Allow", - "Resource": "arn:aws:servicequotas:*:*:*" - }, - { - "Action": [ - "sns:GetTopicAttributes", - "sns:ListSubscriptionsByTopic" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:*" - }, - { - "Action": [ - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl" - ], - "Effect": "Allow", - "Resource": "arn:aws:sqs:*:*:*" - }, - { - "Action": [ - "apigateway:GET", - "application-autoscaling:DescribeScalableTargets", - "application-autoscaling:DescribeScalingPolicies", - "autoscaling:DescribeAccountLimits", - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:DescribeLifecycleHooks", - "autoscaling:DescribeLoadBalancers", - "autoscaling:DescribeLoadBalancerTargetGroups", - "autoscaling:DescribeNotificationConfigurations", - "autoscaling:DescribePolicies", - "cloudwatch:GetMetricData", - "cloudwatch:DescribeAlarms", - "dynamodb:DescribeLimits", - "dynamodb:ListGlobalTables", - "dynamodb:ListTables", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeInstances", - "ec2:DescribeSubnets", - "ec2:DescribeVolumes", - "ec2:DescribeVpcs", - "ec2:DescribeVpnConnections", - "ec2:GetEbsEncryptionByDefault", - "ec2:GetEbsDefaultKmsKeyId", - "elasticloadbalancing:DescribeInstanceHealth", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "kafka:DescribeCluster", - "kafka:DescribeConfigurationRevision", - "lambda:ListEventSourceMappings", - "lambda:ListFunctions", - "rds:DescribeAccountAttributes", - "route53:GetHostedZone", - "servicequotas:ListAWSDefaultServiceQuotas", - "servicequotas:ListRequestedServiceQuotaChangeHistory", - "servicequotas:ListServiceQuotas", - "servicequotas:ListServices", - "sns:GetEndpointAttributes", - "sns:GetSubscriptionAttributes" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4J7MSL2FYD", - "PolicyName": "Route53RecoveryReadinessServiceRolePolicy", - "UpdateDate": "2021-10-29T07:09:46+00:00", - "VersionId": "v3" - }, - "Route53ResolverServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/Route53ResolverServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-08-12T17:47:24+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups", - "s3:GetBucketPolicy" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4AEMJZANMJ", - "PolicyName": "Route53ResolverServiceRolePolicy", - "UpdateDate": "2020-08-12T17:47:24+00:00", - "VersionId": "v1" - }, - "S3StorageLensServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/S3StorageLensServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2020-11-18T18:15:40+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "organizations:DescribeOrganization", - "organizations:ListAccounts", - "organizations:ListAWSServiceAccessForOrganization", - "organizations:ListDelegatedAdministrators" - ], - "Effect": "Allow", - "Resource": [ - "*" - ], - "Sid": "AwsOrgsAccess" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4IHOVJESMS", - "PolicyName": "S3StorageLensServiceRolePolicy", - "UpdateDate": "2020-11-18T18:15:40+00:00", - "VersionId": "v1" - }, - "SecretsManagerReadWrite": { - "Arn": "arn:aws:iam::aws:policy/SecretsManagerReadWrite", - "AttachmentCount": 0, - "CreateDate": "2018-04-04T18:05:29+00:00", - "DefaultVersionId": "v3", - "Document": { - "Statement": [ - { - "Action": [ - "secretsmanager:*", - "cloudformation:CreateChangeSet", - "cloudformation:DescribeChangeSet", - "cloudformation:DescribeStackResource", - "cloudformation:DescribeStacks", - "cloudformation:ExecuteChangeSet", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVpcs", - "kms:DescribeKey", - "kms:ListAliases", - "kms:ListKeys", - "lambda:ListFunctions", - "rds:DescribeDBClusters", - "rds:DescribeDBInstances", - "redshift:DescribeClusters", - "tag:GetResources" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "lambda:AddPermission", - "lambda:CreateFunction", - "lambda:GetFunction", - "lambda:InvokeFunction", - "lambda:UpdateFunctionConfiguration" - ], - "Effect": "Allow", - "Resource": "arn:aws:lambda:*:*:function:SecretsManager*" - }, - { - "Action": [ - "serverlessrepo:CreateCloudFormationChangeSet", - "serverlessrepo:GetApplication" - ], - "Effect": "Allow", - "Resource": "arn:aws:serverlessrepo:*:*:applications/SecretsManager*" - }, - { - "Action": [ - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::awsserverlessrepo-changesets*", - "arn:aws:s3:::secrets-manager-rotation-apps-*/*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI3VG7CI5BIQZQ6G2E", - "PolicyName": "SecretsManagerReadWrite", - "UpdateDate": "2020-06-24T18:01:22+00:00", - "VersionId": "v3" - }, - "SecurityAudit": { - "Arn": "arn:aws:iam::aws:policy/SecurityAudit", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:01+00:00", - "DefaultVersionId": "v35", - "Document": { - "Statement": [ - { - "Action": [ - "access-analyzer:GetAnalyzedResource", - "access-analyzer:GetAnalyzer", - "access-analyzer:GetArchiveRule", - "access-analyzer:GetFinding", - "access-analyzer:ListAnalyzedResources", - "access-analyzer:ListAnalyzers", - "access-analyzer:ListArchiveRules", - "access-analyzer:ListFindings", - "access-analyzer:ListTagsForResource", - "acm-pca:ListPermissions", - "acm:Describe*", - "acm:List*", - "application-autoscaling:Describe*", - "appmesh:Describe*", - "appmesh:List*", - "appsync:List*", - "athena:GetWorkGroup", - "athena:List*", - "autoscaling-plans:DescribeScalingPlans", - "autoscaling:Describe*", - "batch:DescribeComputeEnvironments", - "batch:DescribeJobDefinitions", - "chime:List*", - "cloud9:Describe*", - "cloud9:ListEnvironments", - "clouddirectory:ListDirectories", - "cloudformation:DescribeStack*", - "cloudformation:GetStackPolicy", - "cloudformation:GetTemplate", - "cloudformation:ListStack*", - "cloudfront:Get*", - "cloudfront:List*", - "cloudhsm:ListHapgs", - "cloudhsm:ListHsms", - "cloudhsm:ListLunaClients", - "cloudsearch:DescribeDomainEndpointOptions", - "cloudsearch:DescribeDomains", - "cloudsearch:DescribeServiceAccessPolicies", - "cloudtrail:DescribeTrails", - "cloudtrail:GetEventSelectors", - "cloudtrail:GetTrailStatus", - "cloudtrail:ListTags", - "cloudtrail:LookupEvents", - "cloudwatch:Describe*", - "cloudwatch:ListTagsForResource", - "codebuild:ListProjects", - "codecommit:BatchGetRepositories", - "codecommit:GetBranch", - "codecommit:GetObjectIdentifier", - "codecommit:GetRepository", - "codecommit:GetRepositoryTriggers", - "codecommit:List*", - "codedeploy:Batch*", - "codedeploy:Get*", - "codedeploy:List*", - "codepipeline:GetJobDetails", - "codepipeline:GetPipeline", - "codepipeline:GetPipelineExecution", - "codepipeline:GetPipelineState", - "codepipeline:ListPipelines", - "codestar:Describe*", - "codestar:List*", - "cognito-identity:ListIdentityPools", - "cognito-idp:DescribeIdentityProvider", - "cognito-idp:DescribeResourceServer", - "cognito-idp:DescribeRiskConfiguration", - "cognito-idp:DescribeUserImportJob", - "cognito-idp:DescribeUserPool", - "cognito-idp:DescribeUserPoolClient", - "cognito-idp:DescribeUserPoolDomain", - "cognito-idp:ListDevices", - "cognito-idp:ListGroups", - "cognito-idp:ListIdentityProviders", - "cognito-idp:ListResourceServers", - "cognito-idp:ListTagsForResource", - "cognito-idp:ListUserImportJobs", - "cognito-idp:ListUserPoolClients", - "cognito-idp:ListUserPools", - "cognito-idp:ListUsers", - "cognito-idp:ListUsersInGroup", - "cognito-sync:Describe*", - "cognito-sync:List*", - "comprehend:Describe*", - "comprehend:List*", - "config:BatchGetAggregateResourceConfig", - "config:BatchGetResourceConfig", - "config:Deliver*", - "config:Describe*", - "config:Get*", - "config:List*", - "datapipeline:DescribeObjects", - "datapipeline:DescribePipelines", - "datapipeline:EvaluateExpression", - "datapipeline:GetPipelineDefinition", - "datapipeline:ListPipelines", - "datapipeline:QueryObjects", - "datapipeline:ValidatePipelineDefinition", - "datasync:Describe*", - "datasync:List*", - "dax:Describe*", - "dax:ListTags", - "detective:GetGraphIngestState", - "detective:ListGraphs", - "detective:ListMembers", - "directconnect:Describe*", - "dms:Describe*", - "dms:ListTagsForResource", - "ds:DescribeDirectories", - "dynamodb:DescribeContinuousBackups", - "dynamodb:DescribeGlobalTable", - "dynamodb:DescribeTable", - "dynamodb:DescribeTimeToLive", - "dynamodb:ListBackups", - "dynamodb:ListGlobalTables", - "dynamodb:ListStreams", - "dynamodb:ListTables", - "dynamodb:ListTagsOfResource", - "ec2:Describe*", - "ec2:DescribeTransitGatewayAttachments", - "ec2:DescribeTransitGatewayMulticastDomains", - "ec2:DescribeTransitGatewayPeeringAttachments", - "ec2:DescribeTransitGatewayRouteTables", - "ec2:DescribeTransitGatewayVpcAttachments", - "ec2:DescribeTransitGateways", - "ec2:GetManagedPrefixListAssociations", - "ec2:GetManagedPrefixListEntries", - "ec2:GetTransitGatewayAttachmentPropagations", - "ec2:GetTransitGatewayMulticastDomainAssociations", - "ec2:GetTransitGatewayPrefixListReferences", - "ec2:GetTransitGatewayRouteTableAssociations", - "ec2:GetTransitGatewayRouteTablePropagations", - "ecr-public:DescribeImageTags", - "ecr-public:DescribeImages", - "ecr-public:DescribeRegistries", - "ecr-public:DescribeRepositories", - "ecr-public:GetRegistryCatalogData", - "ecr-public:GetRepositoryCatalogData", - "ecr-public:GetRepositoryPolicy", - "ecr:DescribeImageScanFindings", - "ecr:DescribeImages", - "ecr:DescribeRepositories", - "ecr:GetLifecyclePolicy", - "ecr:GetRepositoryPolicy", - "ecr:ListImages", - "ecr:ListTagsForResource", - "ecs:Describe*", - "ecs:List*", - "eks:DescribeCluster", - "eks:DescribeNodeGroup", - "eks:ListClusters", - "eks:ListNodeGroups", - "elasticache:Describe*", - "elasticache:ListTagsForResource", - "elasticbeanstalk:Describe*", - "elasticbeanstalk:DescribeApplications", - "elasticbeanstalk:ListTagsForResource", - "elasticfilesystem:DescribeFileSystems", - "elasticfilesystem:DescribeMountTargetSecurityGroups", - "elasticfilesystem:DescribeMountTargets", - "elasticloadbalancing:Describe*", - "elasticmapreduce:Describe*", - "elasticmapreduce:GetBlockPublicAccessConfiguration", - "elasticmapreduce:ListClusters", - "elasticmapreduce:ListInstances", - "elasticmapreduce:ListSecurityConfigurations", - "es:Describe*", - "es:ListDomainNames", - "es:ListElasticsearchInstanceTypeDetails", - "es:ListElasticsearchVersions", - "es:ListTags", - "events:Describe*", - "events:List*", - "events:TestEventPattern", - "firehose:Describe*", - "firehose:List*", - "fms:ListComplianceStatus", - "fms:ListPolicies", - "fsx:Describe*", - "fsx:List*", - "gamelift:ListBuilds", - "gamelift:ListFleets", - "glacier:DescribeVault", - "glacier:GetVaultAccessPolicy", - "glacier:ListVaults", - "globalaccelerator:Describe*", - "globalaccelerator:List*", - "glue:GetCrawlers", - "glue:GetDataCatalogEncryptionSettings", - "glue:GetDatabases", - "glue:GetDevEndpoints", - "glue:GetJobs", - "greengrass:List*", - "guardduty:DescribePublishingDestination", - "guardduty:Get*", - "guardduty:List*", - "iam:GenerateCredentialReport", - "iam:GenerateServiceLastAccessedDetails", - "iam:Get*", - "iam:List*", - "iam:SimulateCustomPolicy", - "iam:SimulatePrincipalPolicy", - "inspector:Describe*", - "inspector:Get*", - "inspector:List*", - "inspector:Preview*", - "iot:Describe*", - "iot:GetPolicy", - "iot:GetPolicyVersion", - "iot:List*", - "kinesis:DescribeLimits", - "kinesis:DescribeStream", - "kinesis:DescribeStreamConsumer", - "kinesis:DescribeStreamSummary", - "kinesis:ListStreamConsumers", - "kinesis:ListStreams", - "kinesis:ListTagsForStream", - "kinesisanalytics:ListApplications", - "kms:Describe*", - "kms:Get*", - "kms:List*", - "lambda:GetAccountSettings", - "lambda:GetFunctionConfiguration", - "lambda:GetFunctionEventInvokeConfig", - "lambda:GetLayerVersionPolicy", - "lambda:GetPolicy", - "lambda:List*", - "license-manager:List*", - "lightsail:GetInstances", - "lightsail:GetLoadBalancers", - "logs:Describe*", - "logs:ListTagsLogGroup", - "machinelearning:DescribeMLModels", - "mediaconnect:Describe*", - "mediaconnect:List*", - "mediastore:GetContainerPolicy", - "mediastore:ListContainers", - "mq:DescribeBroker", - "mq:DescribeBrokerEngineTypes", - "mq:DescribeBrokerInstanceOptions", - "mq:DescribeConfiguration", - "mq:DescribeConfigurationRevision", - "mq:DescribeUser", - "mq:ListBrokers", - "mq:ListConfigurationRevisions", - "mq:ListConfigurations", - "mq:ListTags", - "mq:ListUsers", - "network-firewall:ListFirewalls", - "opsworks-cm:DescribeServers", - "opsworks:DescribeStacks", - "organizations:Describe*", - "organizations:List*", - "quicksight:Describe*", - "quicksight:List*", - "ram:List*", - "rds:Describe*", - "rds:DownloadDBLogFilePortion", - "rds:ListTagsForResource", - "redshift:Describe*", - "rekognition:Describe*", - "rekognition:List*", - "robomaker:Describe*", - "robomaker:List*", - "route53:Get*", - "route53:List*", - "route53domains:GetDomainDetail", - "route53domains:GetOperationDetail", - "route53domains:ListDomains", - "route53domains:ListOperations", - "route53domains:ListTagsForDomain", - "route53resolver:Get*", - "route53resolver:List*", - "s3:GetAccelerateConfiguration", - "s3:GetAccessPoint", - "s3:GetAccessPointPolicy", - "s3:GetAccessPointPolicyStatus", - "s3:GetAccountPublicAccessBlock", - "s3:GetAnalyticsConfiguration", - "s3:GetBucket*", - "s3:GetEncryptionConfiguration", - "s3:GetInventoryConfiguration", - "s3:GetLifecycleConfiguration", - "s3:GetMetricsConfiguration", - "s3:GetObjectAcl", - "s3:GetObjectVersionAcl", - "s3:GetReplicationConfiguration", - "s3:ListAccessPoints", - "s3:ListAllMyBuckets", - "sagemaker:Describe*", - "sagemaker:List*", - "schemas:DescribeCodeBinding", - "schemas:DescribeDiscoverer", - "schemas:DescribeRegistry", - "schemas:DescribeSchema", - "schemas:ListDiscoverers", - "schemas:ListRegistries", - "schemas:ListSchemaVersions", - "schemas:ListSchemas", - "schemas:ListTagsForResource", - "sdb:DomainMetadata", - "sdb:ListDomains", - "secretsmanager:DescribeSecret", - "secretsmanager:GetResourcePolicy", - "secretsmanager:ListSecretVersionIds", - "secretsmanager:ListSecrets", - "securityhub:Describe*", - "securityhub:Get*", - "securityhub:List*", - "serverlessrepo:GetApplicationPolicy", - "serverlessrepo:List*", - "servicequotas:GetAWSDefaultServiceQuota", - "servicequotas:GetAssociationForServiceQuotaTemplate", - "servicequotas:GetRequestedServiceQuotaChange", - "servicequotas:GetServiceQuota", - "servicequotas:GetServiceQuotaIncreaseRequestFromTemplate", - "servicequotas:ListAWSDefaultServiceQuotas", - "servicequotas:ListRequestedServiceQuotaChangeHistory", - "servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota", - "servicequotas:ListServiceQuotaIncreaseRequestsInTemplate", - "servicequotas:ListServiceQuotas", - "servicequotas:ListServices", - "servicequotas:ListTagsForResource", - "ses:GetIdentityDkimAttributes", - "ses:GetIdentityPolicies", - "ses:GetIdentityVerificationAttributes", - "ses:ListIdentities", - "ses:ListIdentityPolicies", - "ses:ListVerifiedEmailAddresses", - "shield:Describe*", - "shield:List*", - "snowball:ListClusters", - "snowball:ListJobs", - "sns:GetTopicAttributes", - "sns:ListSubscriptions", - "sns:ListSubscriptionsByTopic", - "sns:ListTagsForResource", - "sns:ListTopics", - "sqs:GetQueueAttributes", - "sqs:ListDeadLetterSourceQueues", - "sqs:ListQueueTags", - "sqs:ListQueues", - "ssm:Describe*", - "ssm:GetAutomationExecution", - "ssm:ListAssociationVersions", - "ssm:ListAssociations", - "ssm:ListCommands", - "ssm:ListComplianceItems", - "ssm:ListComplianceSummaries", - "ssm:ListDocumentMetadataHistory", - "ssm:ListDocumentVersions", - "ssm:ListDocuments", - "ssm:ListInventoryEntries", - "ssm:ListOpsMetadata", - "ssm:ListResourceComplianceSummaries", - "ssm:ListResourceDataSync", - "ssm:ListTagsForResource", - "sso:DescribePermissionsPolicies", - "sso:List*", - "states:ListStateMachines", - "storagegateway:DescribeBandwidthRateLimit", - "storagegateway:DescribeCache", - "storagegateway:DescribeCachediSCSIVolumes", - "storagegateway:DescribeGatewayInformation", - "storagegateway:DescribeMaintenanceStartTime", - "storagegateway:DescribeNFSFileShares", - "storagegateway:DescribeSnapshotSchedule", - "storagegateway:DescribeStorediSCSIVolumes", - "storagegateway:DescribeTapeArchives", - "storagegateway:DescribeTapeRecoveryPoints", - "storagegateway:DescribeTapes", - "storagegateway:DescribeUploadBuffer", - "storagegateway:DescribeVTLDevices", - "storagegateway:DescribeWorkingStorage", - "storagegateway:List*", - "support:DescribeTrustedAdvisorCheckRefreshStatuses", - "support:DescribeTrustedAdvisorCheckResult", - "support:DescribeTrustedAdvisorCheckSummaries", - "support:DescribeTrustedAdvisorChecks", - "tag:GetResources", - "tag:GetTagKeys", - "transfer:Describe*", - "transfer:List*", - "translate:List*", - "trustedadvisor:Describe*", - "waf-regional:GetWebACL", - "waf-regional:ListResourcesForWebACL", - "waf-regional:ListTagsForResource", - "waf-regional:ListWebACLs", - "waf:GetWebACL", - "waf:ListTagsForResource", - "waf:ListWebACLs", - "wafv2:GetWebACL", - "wafv2:ListAvailableManagedRuleGroups", - "wafv2:ListIPSets", - "wafv2:ListLoggingConfigurations", - "wafv2:ListRegexPatternSets", - "wafv2:ListResourcesForWebACL", - "wafv2:ListRuleGroups", - "wafv2:ListTagsForResource", - "wafv2:ListWebACLs", - "workdocs:DescribeResourcePermissions", - "workspaces:Describe*", - "xray:GetEncryptionConfig", - "xray:GetGroup", - "xray:GetGroups", - "xray:GetSamplingRules", - "xray:GetSamplingTargets", - "xray:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "apigateway:GET" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:apigateway:*::/apis", - "arn:aws:apigateway:*::/apis/*/routes", - "arn:aws:apigateway:*::/apis/*/stages", - "arn:aws:apigateway:*::/apis/*/stages/*", - "arn:aws:apigateway:*::/clientcertificates/*", - "arn:aws:apigateway:*::/restapis", - "arn:aws:apigateway:*::/restapis/*/authorizers", - "arn:aws:apigateway:*::/restapis/*/authorizers/*", - "arn:aws:apigateway:*::/restapis/*/documentation/versions", - "arn:aws:apigateway:*::/restapis/*/resources", - "arn:aws:apigateway:*::/restapis/*/resources/*", - "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", - "arn:aws:apigateway:*::/restapis/*/stages", - "arn:aws:apigateway:*::/restapis/*/stages/*", - "arn:aws:apigateway:*::/tags/*", - "arn:aws:apigateway:*::/vpclinks" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIX2T3QCXHR2OGGCTO", - "PolicyName": "SecurityAudit", - "UpdateDate": "2021-04-14T20:28:28+00:00", - "VersionId": "v35" - }, - "ServerMigrationConnector": { - "Arn": "arn:aws:iam::aws:policy/ServerMigrationConnector", - "AttachmentCount": 0, - "CreateDate": "2016-10-24T21:45:56+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "iam:GetUser", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "sms:SendMessage", - "sms:GetMessages" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:CreateBucket", - "s3:DeleteBucket", - "s3:DeleteObject", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:PutObject", - "s3:PutObjectAcl", - "s3:PutLifecycleConfiguration", - "s3:AbortMultipartUpload", - "s3:ListBucketMultipartUploads", - "s3:ListMultipartUploadParts" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::sms-b-*", - "arn:aws:s3:::import-to-ec2-*", - "arn:aws:s3:::server-migration-service-upgrade", - "arn:aws:s3:::server-migration-service-upgrade/*", - "arn:aws:s3:::connector-platform-upgrade-info/*", - "arn:aws:s3:::connector-platform-upgrade-info", - "arn:aws:s3:::connector-platform-upgrade-bundles/*", - "arn:aws:s3:::connector-platform-upgrade-bundles", - "arn:aws:s3:::connector-platform-release-notes/*", - "arn:aws:s3:::connector-platform-release-notes" - ] - }, - { - "Action": "awsconnector:*", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "SNS:Publish" - ], - "Effect": "Allow", - "Resource": "arn:aws:sns:*:*:metrics-sns-topic-for-*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJKZRWXIPK5HSG3QDQ", - "PolicyName": "ServerMigrationConnector", - "UpdateDate": "2016-10-24T21:45:56+00:00", - "VersionId": "v1" - }, - "ServerMigrationServiceConsoleFullAccess": { - "Arn": "arn:aws:iam::aws:policy/ServerMigrationServiceConsoleFullAccess", - "AttachmentCount": 0, - "CreateDate": "2020-05-09T17:18:57+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "sms:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudformation:ListStacks", - "cloudformation:DescribeStacks", - "cloudformation:DescribeStackResources" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "s3:ListAllMyBuckets", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": "arn:aws:s3:::sms-app-*/*" - }, - { - "Action": [ - "ec2:DescribeKeyPairs", - "ec2:DescribeVpcs", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:ListRoles" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "sms.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:GetInstanceProfile", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4IIEMRGEYB", - "PolicyName": "ServerMigrationServiceConsoleFullAccess", - "UpdateDate": "2020-07-20T22:00:37+00:00", - "VersionId": "v2" - }, - "ServerMigrationServiceLaunchRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/ServerMigrationServiceLaunchRole", - "AttachmentCount": 0, - "CreateDate": "2018-11-26T19:53:06+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:ModifyInstanceAttribute", - "ec2:StopInstances", - "ec2:StartInstances", - "ec2:TerminateInstances" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:CreateTags", - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "ec2:DisassociateIamInstanceProfile", - "ec2:AssociateIamInstanceProfile", - "ec2:ReplaceIamInstanceProfileAssociation" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": "ec2.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:RunInstances", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "applicationinsights:Describe*", - "applicationinsights:List*", - "cloudformation:ListStackResources", - "cloudformation:DescribeStacks" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "applicationinsights:CreateApplication", - "applicationinsights:CreateComponent", - "applicationinsights:UpdateApplication", - "applicationinsights:DeleteApplication", - "applicationinsights:UpdateComponentConfiguration", - "applicationinsights:DeleteComponent" - ], - "Effect": "Allow", - "Resource": "arn:aws:applicationinsights:*:*:application/resource-group/sms-app-*" - }, - { - "Action": [ - "resource-groups:CreateGroup", - "resource-groups:GetGroup", - "resource-groups:UpdateGroup", - "resource-groups:DeleteGroup" - ], - "Condition": { - "StringLike": { - "aws:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:resource-groups:*:*:group/sms-app-*" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "application-insights.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/aws-service-role/application-insights.amazonaws.com/AWSServiceRoleForApplicationInsights" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIIIAAMVUCBR2OLXZO", - "PolicyName": "ServerMigrationServiceLaunchRole", - "UpdateDate": "2020-10-15T17:29:00+00:00", - "VersionId": "v4" - }, - "ServerMigrationServiceRoleForInstanceValidation": { - "Arn": "arn:aws:iam::aws:policy/service-role/ServerMigrationServiceRoleForInstanceValidation", - "AttachmentCount": 0, - "CreateDate": "2020-07-20T22:25:07+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": "arn:aws:s3:::sms-app-*/*" - }, - { - "Action": "sms:NotifyAppValidationOutput", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4LJMOLEWUV", - "PolicyName": "ServerMigrationServiceRoleForInstanceValidation", - "UpdateDate": "2020-07-20T22:25:07+00:00", - "VersionId": "v1" - }, - "ServerMigration_ServiceRole": { - "Arn": "arn:aws:iam::aws:policy/service-role/ServerMigration_ServiceRole", - "AttachmentCount": 0, - "CreateDate": "2020-08-11T20:41:44+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "cloudformation:CreateChangeSet", - "cloudformation:CreateStack" - ], - "Condition": { - "ForAllValues:StringEquals": { - "cloudformation:ResourceTypes": [ - "AWS::EC2::Instance", - "AWS::ApplicationInsights::Application", - "AWS::ResourceGroups::Group" - ] - }, - "Null": { - "cloudformation:ResourceTypes": "false" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" - }, - { - "Action": [ - "cloudformation:DeleteStack", - "cloudformation:ExecuteChangeSet", - "cloudformation:DeleteChangeSet", - "cloudformation:DescribeChangeSet", - "cloudformation:DescribeStacks", - "cloudformation:DescribeStackEvents", - "cloudformation:DescribeStackResource", - "cloudformation:DescribeStackResources", - "cloudformation:GetTemplate" - ], - "Effect": "Allow", - "Resource": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" - }, - { - "Action": [ - "cloudformation:ValidateTemplate", - "s3:ListAllMyBuckets" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:CreateBucket", - "s3:DeleteBucket", - "s3:DeleteObject", - "s3:GetBucketAcl", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:PutObject", - "s3:PutObjectAcl", - "s3:PutLifecycleConfiguration" - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::sms-app-*" - }, - { - "Action": [ - "sms:CreateReplicationJob", - "sms:DeleteReplicationJob", - "sms:GetReplicationJobs", - "sms:GetReplicationRuns", - "sms:GetServers", - "sms:ImportServerCatalog", - "sms:StartOnDemandReplicationRun", - "sms:UpdateReplicationJob" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ssm:SendCommand", - "Effect": "Allow", - "Resource": [ - "arn:aws:ssm:*::document/AWS-RunRemoteScript", - "arn:aws:s3:::sms-app-*" - ] - }, - { - "Action": "ssm:SendCommand", - "Condition": { - "StringEquals": { - "ssm:resourceTag/UseForSMSApplicationValidation": [ - "true" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": [ - "ssm:CancelCommand", - "ssm:GetCommandInvocation" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "ec2:CreateTags", - "Condition": { - "StringEquals": { - "ec2:CreateAction": "CopySnapshot" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:snapshot/*" - }, - { - "Action": "ec2:CopySnapshot", - "Condition": { - "StringLike": { - "aws:RequestTag/SMSJobId": [ - "sms-*" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:snapshot/*" - }, - { - "Action": [ - "ec2:ModifySnapshotAttribute", - "ec2:DeleteSnapshot" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/SMSJobId": [ - "sms-*" - ] - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:snapshot/*" - }, - { - "Action": [ - "ec2:CopyImage", - "ec2:DescribeImages", - "ec2:DescribeInstances", - "ec2:DescribeSnapshots", - "ec2:DescribeSnapshotAttribute", - "ec2:DeregisterImage", - "ec2:ImportImage", - "ec2:DescribeImportImageTasks", - "ec2:GetEbsEncryptionByDefault" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:GetRole", - "iam:GetInstanceProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DisassociateIamInstanceProfile", - "ec2:AssociateIamInstanceProfile", - "ec2:ReplaceIamInstanceProfileAssociation" - ], - "Condition": { - "StringLike": { - "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" - } - }, - "Effect": "Allow", - "Resource": "arn:aws:ec2:*:*:instance/*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": "ec2.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEqualsIfExists": { - "iam:PassedToService": "cloudformation.amazonaws.com" - }, - "StringLike": { - "iam:AssociatedResourceArn": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4NKLZNDFDI", - "PolicyName": "ServerMigration_ServiceRole", - "UpdateDate": "2020-10-15T17:26:32+00:00", - "VersionId": "v2" - }, - "ServiceQuotasFullAccess": { - "Arn": "arn:aws:iam::aws:policy/ServiceQuotasFullAccess", - "AttachmentCount": 0, - "CreateDate": "2019-06-24T15:44:35+00:00", - "DefaultVersionId": "v4", - "Document": { - "Statement": [ - { - "Action": [ - "autoscaling:DescribeAccountLimits", - "cloudformation:DescribeAccountLimits", - "cloudwatch:DescribeAlarmsForMetric", - "cloudwatch:DescribeAlarms", - "cloudwatch:GetMetricData", - "cloudwatch:GetMetricStatistics", - "cloudwatch:PutMetricAlarm", - "dynamodb:DescribeLimits", - "elasticloadbalancing:DescribeAccountLimits", - "iam:GetAccountSummary", - "kinesis:DescribeLimits", - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:ListAWSServiceAccessForOrganization", - "rds:DescribeAccountAttributes", - "route53:GetAccountLimit", - "tag:GetTagKeys", - "tag:GetTagValues", - "servicequotas:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cloudwatch:DeleteAlarms" - ], - "Condition": { - "Null": { - "aws:ResourceTag/ServiceQuotaMonitor": "false" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "organizations:EnableAWSServiceAccess" - ], - "Condition": { - "StringLike": { - "organizations:ServicePrincipal": [ - "servicequotas.amazonaws.com" - ] - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:CreateServiceLinkedRole" - ], - "Condition": { - "StringEquals": { - "iam:AWSServiceName": "servicequotas.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4CGHQWENW3", - "PolicyName": "ServiceQuotasFullAccess", - "UpdateDate": "2021-02-04T21:29:43+00:00", - "VersionId": "v4" - }, - "ServiceQuotasReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/ServiceQuotasReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2019-06-24T15:31:06+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "autoscaling:DescribeAccountLimits", - "cloudformation:DescribeAccountLimits", - "cloudwatch:DescribeAlarmsForMetric", - "cloudwatch:DescribeAlarms", - "cloudwatch:GetMetricData", - "cloudwatch:GetMetricStatistics", - "dynamodb:DescribeLimits", - "elasticloadbalancing:DescribeAccountLimits", - "iam:GetAccountSummary", - "kinesis:DescribeLimits", - "organizations:DescribeAccount", - "organizations:DescribeOrganization", - "organizations:ListAWSServiceAccessForOrganization", - "rds:DescribeAccountAttributes", - "route53:GetAccountLimit", - "tag:GetTagKeys", - "tag:GetTagValues", - "servicequotas:GetAssociationForServiceQuotaTemplate", - "servicequotas:GetAWSDefaultServiceQuota", - "servicequotas:GetRequestedServiceQuotaChange", - "servicequotas:GetServiceQuota", - "servicequotas:GetServiceQuotaIncreaseRequestFromTemplate", - "servicequotas:ListAWSDefaultServiceQuotas", - "servicequotas:ListRequestedServiceQuotaChangeHistory", - "servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota", - "servicequotas:ListServices", - "servicequotas:ListServiceQuotas", - "servicequotas:ListServiceQuotaIncreaseRequestsInTemplate", - "servicequotas:ListTagsForResource" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4ITU2HGGUJ", - "PolicyName": "ServiceQuotasReadOnlyAccess", - "UpdateDate": "2020-12-21T18:11:57+00:00", - "VersionId": "v2" - }, - "ServiceQuotasServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/ServiceQuotasServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-05-22T20:44:17+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "support:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4FCG7EVJIR", - "PolicyName": "ServiceQuotasServiceRolePolicy", - "UpdateDate": "2019-06-24T14:52:56+00:00", - "VersionId": "v2" - }, - "SimpleWorkflowFullAccess": { - "Arn": "arn:aws:iam::aws:policy/SimpleWorkflowFullAccess", - "AttachmentCount": 0, - "CreateDate": "2015-02-06T18:41:04+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "swf:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIFE3AV6VE7EANYBVM", - "PolicyName": "SimpleWorkflowFullAccess", - "UpdateDate": "2015-02-06T18:41:04+00:00", - "VersionId": "v1" - }, - "SupportUser": { - "Arn": "arn:aws:iam::aws:policy/job-function/SupportUser", - "AttachmentCount": 0, - "CreateDate": "2016-11-10T17:21:53+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "support:*", - "acm:DescribeCertificate", - "acm:GetCertificate", - "acm:List*", - "acm-pca:DescribeCertificateAuthority", - "acm-pca:ListCertificateAuthorities", - "apigateway:GET", - "autoscaling:Describe*", - "aws-marketplace:ViewSubscriptions", - "cloudformation:Describe*", - "cloudformation:Get*", - "cloudformation:List*", - "cloudformation:EstimateTemplateCost", - "cloudfront:Get*", - "cloudfront:List*", - "cloudsearch:Describe*", - "cloudsearch:List*", - "cloudtrail:DescribeTrails", - "cloudtrail:GetTrailStatus", - "cloudtrail:LookupEvents", - "cloudtrail:ListTags", - "cloudtrail:ListPublicKeys", - "cloudwatch:Describe*", - "cloudwatch:Get*", - "cloudwatch:List*", - "codecommit:BatchGetRepositories", - "codecommit:Get*", - "codecommit:List*", - "codedeploy:Batch*", - "codedeploy:Get*", - "codedeploy:List*", - "codepipeline:AcknowledgeJob", - "codepipeline:AcknowledgeThirdPartyJob", - "codepipeline:ListActionTypes", - "codepipeline:ListPipelines", - "codepipeline:PollForJobs", - "codepipeline:PollForThirdPartyJobs", - "codepipeline:GetPipelineState", - "codepipeline:GetPipeline", - "cognito-identity:List*", - "cognito-identity:LookupDeveloperIdentity", - "cognito-identity:Describe*", - "cognito-idp:DescribeResourceServer", - "cognito-idp:DescribeRiskConfiguration", - "cognito-idp:DescribeUserImportJob", - "cognito-idp:DescribeUserPool", - "cognito-idp:DescribeUserPoolDomain", - "cognito-idp:List*", - "cognito-sync:Describe*", - "cognito-sync:GetBulkPublishDetails", - "cognito-sync:GetCognitoEvents", - "cognito-sync:GetIdentityPoolConfiguration", - "cognito-sync:List*", - "config:DescribeConfigurationRecorders", - "config:DescribeConfigurationRecorderStatus", - "config:DescribeConfigRuleEvaluationStatus", - "config:DescribeConfigRules", - "config:DescribeDeliveryChannels", - "config:DescribeDeliveryChannelStatus", - "config:GetResourceConfigHistory", - "config:ListDiscoveredResources", - "datapipeline:DescribeObjects", - "datapipeline:DescribePipelines", - "datapipeline:GetPipelineDefinition", - "datapipeline:ListPipelines", - "datapipeline:QueryObjects", - "datapipeline:ReportTaskProgress", - "datapipeline:ReportTaskRunnerHeartbeat", - "devicefarm:List*", - "devicefarm:Get*", - "directconnect:Describe*", - "discovery:Describe*", - "discovery:ListConfigurations", - "dms:Describe*", - "dms:List*", - "ds:DescribeDirectories", - "ds:DescribeSnapshots", - "ds:GetDirectoryLimits", - "ds:GetSnapshotLimits", - "ds:ListAuthorizedApplications", - "dynamodb:DescribeLimits", - "dynamodb:DescribeTable", - "dynamodb:ListTables", - "ec2:Describe*", - "ec2:DescribeHosts", - "ec2:describeIdentityIdFormat", - "ec2:DescribeIdFormat", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeNatGateways", - "ec2:DescribeReservedInstancesModifications", - "ec2:DescribeTags", - "ecr:GetRepositoryPolicy", - "ecr:BatchCheckLayerAvailability", - "ecr:DescribeRepositories", - "ecr:ListImages", - "ecs:Describe*", - "ecs:List*", - "elasticache:Describe*", - "elasticache:List*", - "elasticbeanstalk:Check*", - "elasticbeanstalk:Describe*", - "elasticbeanstalk:List*", - "elasticbeanstalk:RequestEnvironmentInfo", - "elasticbeanstalk:RetrieveEnvironmentInfo", - "elasticbeanstalk:ValidateConfigurationSettings", - "elasticfilesystem:Describe*", - "elasticloadbalancing:Describe*", - "elasticmapreduce:Describe*", - "elasticmapreduce:List*", - "elastictranscoder:List*", - "elastictranscoder:ReadJob", - "elasticfilesystem:DescribeFileSystems", - "es:Describe*", - "es:List*", - "es:ESHttpGet", - "es:ESHttpHead", - "events:DescribeRule", - "events:List*", - "events:TestEventPattern", - "firehose:Describe*", - "firehose:List*", - "gamelift:List*", - "gamelift:Describe*", - "glacier:ListVaults", - "glacier:DescribeVault", - "glacier:DescribeJob", - "glacier:Get*", - "glacier:List*", - "iam:GenerateCredentialReport", - "iam:GenerateServiceLastAccessedDetails", - "iam:Get*", - "iam:List*", - "importexport:GetStatus", - "importexport:ListJobs", - "inspector:Describe*", - "inspector:List*", - "iot:Describe*", - "iot:Get*", - "iot:List*", - "kinesisanalytics:DescribeApplication", - "kinesisanalytics:DiscoverInputSchema", - "kinesisanalytics:GetApplicationState", - "kinesisanalytics:ListApplications", - "kinesis:Describe*", - "kinesis:Get*", - "kinesis:List*", - "kms:Describe*", - "kms:Get*", - "kms:List*", - "lambda:List*", - "lambda:Get*", - "logs:Describe*", - "logs:TestMetricFilter", - "machinelearning:Describe*", - "machinelearning:Get*", - "mobilehub:GetProject", - "mobilehub:List*", - "mobilehub:ValidateProject", - "mobilehub:VerifyServiceRole", - "opsworks:Describe*", - "rds:Describe*", - "rds:ListTagsForResource", - "redshift:Describe*", - "route53:Get*", - "route53:List*", - "route53domains:CheckDomainAvailability", - "route53domains:GetDomainDetail", - "route53domains:GetOperationDetail", - "route53domains:List*", - "s3:List*", - "sdb:GetAttributes", - "sdb:List*", - "sdb:Select*", - "servicecatalog:SearchProducts", - "servicecatalog:DescribeProduct", - "servicecatalog:DescribeProductView", - "servicecatalog:ListLaunchPaths", - "servicecatalog:DescribeProvisioningParameters", - "servicecatalog:ListRecordHistory", - "servicecatalog:DescribeRecord", - "servicecatalog:ScanProvisionedProducts", - "ses:Get*", - "ses:List*", - "sns:Get*", - "sns:List*", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - "sqs:ListQueues", - "sqs:ReceiveMessage", - "ssm:List*", - "ssm:Describe*", - "storagegateway:Describe*", - "storagegateway:List*", - "swf:Count*", - "swf:Describe*", - "swf:Get*", - "swf:List*", - "waf:Get*", - "waf:List*", - "workdocs:Describe*", - "workmail:Describe*", - "workmail:Get*", - "workspaces:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/job-function/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAI3V4GSSN5SJY3P2RO", - "PolicyName": "SupportUser", - "UpdateDate": "2022-02-02T15:11:42+00:00", - "VersionId": "v6" - }, - "SystemAdministrator": { - "Arn": "arn:aws:iam::aws:policy/job-function/SystemAdministrator", - "AttachmentCount": 0, - "CreateDate": "2016-11-10T17:23:56+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "acm:Describe*", - "acm:Get*", - "acm:List*", - "acm:Request*", - "acm:Resend*", - "autoscaling:*", - "cloudtrail:DescribeTrails", - "cloudtrail:GetTrailStatus", - "cloudtrail:ListPublicKeys", - "cloudtrail:ListTags", - "cloudtrail:LookupEvents", - "cloudtrail:StartLogging", - "cloudtrail:StopLogging", - "cloudwatch:*", - "codecommit:BatchGetRepositories", - "codecommit:CreateBranch", - "codecommit:CreateRepository", - "codecommit:Get*", - "codecommit:GitPull", - "codecommit:GitPush", - "codecommit:List*", - "codecommit:Put*", - "codecommit:Test*", - "codecommit:Update*", - "codedeploy:*", - "codepipeline:*", - "config:*", - "ds:*", - "ec2:Allocate*", - "ec2:AssignPrivateIpAddresses*", - "ec2:Associate*", - "ec2:Allocate*", - "ec2:AttachInternetGateway", - "ec2:AttachNetworkInterface", - "ec2:AttachVpnGateway", - "ec2:Bundle*", - "ec2:Cancel*", - "ec2:Copy*", - "ec2:CreateCustomerGateway", - "ec2:CreateDhcpOptions", - "ec2:CreateFlowLogs", - "ec2:CreateImage", - "ec2:CreateInstanceExportTask", - "ec2:CreateInternetGateway", - "ec2:CreateKeyPair", - "ec2:CreateLaunchTemplate", - "ec2:CreateLaunchTemplateVersion", - "ec2:CreateNatGateway", - "ec2:CreateNetworkInterface", - "ec2:CreatePlacementGroup", - "ec2:CreateReservedInstancesListing", - "ec2:CreateRoute", - "ec2:CreateRouteTable", - "ec2:CreateSecurityGroup", - "ec2:CreateSnapshot", - "ec2:CreateSpotDatafeedSubscription", - "ec2:CreateSubnet", - "ec2:CreateTags", - "ec2:CreateVolume", - "ec2:CreateVpc", - "ec2:CreateVpcEndpoint", - "ec2:CreateVpnConnection", - "ec2:CreateVpnConnectionRoute", - "ec2:CreateVpnGateway", - "ec2:DeleteFlowLogs", - "ec2:DeleteKeyPair", - "ec2:DeleteLaunchTemplate", - "ec2:DeleteLaunchTemplateVersions", - "ec2:DeleteNatGateway", - "ec2:DeleteNetworkInterface", - "ec2:DeletePlacementGroup", - "ec2:DeleteSnapshot", - "ec2:DeleteSpotDatafeedSubscription", - "ec2:DeleteSubnet", - "ec2:DeleteTags", - "ec2:DeleteVpc", - "ec2:DeleteVpcEndpoints", - "ec2:DeleteVpnConnection", - "ec2:DeleteVpnConnectionRoute", - "ec2:DeleteVpnGateway", - "ec2:DeregisterImage", - "ec2:Describe*", - "ec2:DetachInternetGateway", - "ec2:DetachNetworkInterface", - "ec2:DetachVpnGateway", - "ec2:DisableVgwRoutePropagation", - "ec2:DisableVpcClassicLinkDnsSupport", - "ec2:DisassociateAddress", - "ec2:DisassociateRouteTable", - "ec2:EnableVgwRoutePropagation", - "ec2:EnableVolumeIO", - "ec2:EnableVpcClassicLinkDnsSupport", - "ec2:GetConsoleOutput", - "ec2:GetHostReservationPurchasePreview", - "ec2:GetLaunchTemplateData", - "ec2:GetPasswordData", - "ec2:Import*", - "ec2:Modify*", - "ec2:MonitorInstances", - "ec2:MoveAddressToVpc", - "ec2:Purchase*", - "ec2:RegisterImage", - "ec2:Release*", - "ec2:Replace*", - "ec2:ReportInstanceStatus", - "ec2:Request*", - "ec2:Reset*", - "ec2:RestoreAddressToClassic", - "ec2:RunScheduledInstances", - "ec2:UnassignPrivateIpAddresses", - "ec2:UnmonitorInstances", - "ec2:UpdateSecurityGroupRuleDescriptionsEgress", - "ec2:UpdateSecurityGroupRuleDescriptionsIngress", - "elasticloadbalancing:*", - "events:*", - "iam:GetAccount*", - "iam:GetContextKeys*", - "iam:GetCredentialReport", - "iam:ListAccountAliases", - "iam:ListGroups", - "iam:ListOpenIDConnectProviders", - "iam:ListPolicies", - "iam:ListPoliciesGrantingServiceAccess", - "iam:ListRoles", - "iam:ListSAMLProviders", - "iam:ListServerCertificates", - "iam:Simulate*", - "iam:UpdateServerCertificate", - "iam:UpdateSigningCertificate", - "kinesis:ListStreams", - "kinesis:PutRecord", - "kms:CreateAlias", - "kms:CreateKey", - "kms:DeleteAlias", - "kms:Describe*", - "kms:GenerateRandom", - "kms:Get*", - "kms:List*", - "kms:Encrypt", - "kms:ReEncrypt*", - "lambda:Create*", - "lambda:Delete*", - "lambda:Get*", - "lambda:InvokeFunction", - "lambda:List*", - "lambda:PublishVersion", - "lambda:Update*", - "logs:*", - "rds:Describe*", - "rds:ListTagsForResource", - "route53:*", - "route53domains:*", - "ses:*", - "sns:*", - "sqs:*", - "trustedadvisor:*" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AcceptVpcPeeringConnection", - "ec2:AttachClassicLinkVpc", - "ec2:AttachVolume", - "ec2:AuthorizeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateVpcPeeringConnection", - "ec2:DeleteCustomerGateway", - "ec2:DeleteDhcpOptions", - "ec2:DeleteInternetGateway", - "ec2:DeleteNetworkAcl*", - "ec2:DeleteRoute", - "ec2:DeleteRouteTable", - "ec2:DeleteSecurityGroup", - "ec2:DeleteVolume", - "ec2:DeleteVpcPeeringConnection", - "ec2:DetachClassicLinkVpc", - "ec2:DetachVolume", - "ec2:DisableVpcClassicLink", - "ec2:EnableVpcClassicLink", - "ec2:GetConsoleScreenshot", - "ec2:RebootInstances", - "ec2:RejectVpcPeeringConnection", - "ec2:RevokeSecurityGroupEgress", - "ec2:RevokeSecurityGroupIngress", - "ec2:RunInstances", - "ec2:StartInstances", - "ec2:StopInstances", - "ec2:TerminateInstances" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": "s3:*", - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "iam:GetAccessKeyLastUsed", - "iam:GetGroup*", - "iam:GetInstanceProfile", - "iam:GetLoginProfile", - "iam:GetOpenIDConnectProvider", - "iam:GetPolicy*", - "iam:GetRole*", - "iam:GetSAMLProvider", - "iam:GetSSHPublicKey", - "iam:GetServerCertificate", - "iam:GetServiceLastAccessed*", - "iam:GetUser*", - "iam:ListAccessKeys", - "iam:ListAttached*", - "iam:ListEntitiesForPolicy", - "iam:ListGroupPolicies", - "iam:ListGroupsForUser", - "iam:ListInstanceProfiles*", - "iam:ListMFADevices", - "iam:ListPolicyVersions", - "iam:ListRolePolicies", - "iam:ListSSHPublicKeys", - "iam:ListSigningCertificates", - "iam:ListUserPolicies", - "iam:Upload*" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "iam:GetRole", - "iam:ListRoles", - "iam:PassRole" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:iam::*:role/rds-monitoring-role", - "arn:aws:iam::*:role/ec2-sysadmin-*", - "arn:aws:iam::*:role/ecr-sysadmin-*", - "arn:aws:iam::*:role/lambda-sysadmin-*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/job-function/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAITJPEZXCYCBXANDSW", - "PolicyName": "SystemAdministrator", - "UpdateDate": "2020-08-24T20:05:29+00:00", - "VersionId": "v6" - }, - "TranslateFullAccess": { - "Arn": "arn:aws:iam::aws:policy/TranslateFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-27T23:36:20+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "translate:*", - "comprehend:DetectDominantLanguage", - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "s3:GetBucketLocation", - "iam:ListRoles", - "iam:GetRole" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIAPOAEI2VFQYUK5RY", - "PolicyName": "TranslateFullAccess", - "UpdateDate": "2020-01-08T21:22:27+00:00", - "VersionId": "v2" - }, - "TranslateReadOnly": { - "Arn": "arn:aws:iam::aws:policy/TranslateReadOnly", - "AttachmentCount": 0, - "CreateDate": "2017-11-29T18:22:00+00:00", - "DefaultVersionId": "v6", - "Document": { - "Statement": [ - { - "Action": [ - "translate:TranslateText", - "translate:GetTerminology", - "translate:ListTerminologies", - "translate:ListTextTranslationJobs", - "translate:DescribeTextTranslationJob", - "translate:GetParallelData", - "translate:ListParallelData", - "comprehend:DetectDominantLanguage", - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJYAMZMTQNWUDJKY2E", - "PolicyName": "TranslateReadOnly", - "UpdateDate": "2020-11-23T17:31:06+00:00", - "VersionId": "v6" - }, - "VMImportExportRoleForAWSConnector": { - "Arn": "arn:aws:iam::aws:policy/service-role/VMImportExportRoleForAWSConnector", - "AttachmentCount": 0, - "CreateDate": "2015-09-03T20:48:59+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "s3:ListBucket", - "s3:GetBucketLocation", - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::import-to-ec2-*" - ] - }, - { - "Action": [ - "ec2:ModifySnapshotAttribute", - "ec2:CopySnapshot", - "ec2:RegisterImage", - "ec2:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJFLQOOJ6F5XNX4LAW", - "PolicyName": "VMImportExportRoleForAWSConnector", - "UpdateDate": "2015-09-03T20:48:59+00:00", - "VersionId": "v1" - }, - "ViewOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2016-11-10T17:20:15+00:00", - "DefaultVersionId": "v12", - "Document": { - "Statement": [ - { - "Action": [ - "acm:ListCertificates", - "athena:List*", - "aws-marketplace:ViewSubscriptions", - "autoscaling:Describe*", - "batch:ListJobs", - "clouddirectory:ListAppliedSchemaArns", - "clouddirectory:ListDevelopmentSchemaArns", - "clouddirectory:ListDirectories", - "clouddirectory:ListPublishedSchemaArns", - "cloudformation:List*", - "cloudformation:DescribeStacks", - "cloudfront:List*", - "cloudhsm:ListAvailableZones", - "cloudhsm:ListLunaClients", - "cloudhsm:ListHapgs", - "cloudhsm:ListHsms", - "cloudsearch:List*", - "cloudsearch:DescribeDomains", - "cloudtrail:DescribeTrails", - "cloudtrail:LookupEvents", - "cloudwatch:List*", - "cloudwatch:Get*", - "codebuild:ListBuilds*", - "codebuild:ListProjects", - "codecommit:List*", - "codedeploy:List*", - "codedeploy:Get*", - "codepipeline:ListPipelines", - "codestar:List*", - "cognito-idp:List*", - "cognito-identity:ListIdentities", - "cognito-identity:ListIdentityPools", - "cognito-sync:ListDatasets", - "connect:List*", - "config:List*", - "config:Describe*", - "datapipeline:ListPipelines", - "datapipeline:DescribePipelines", - "datapipeline:GetAccountLimits", - "dax:DescribeClusters", - "dax:DescribeDefaultParameters", - "dax:DescribeEvents", - "dax:DescribeParameterGroups", - "dax:DescribeParameters", - "dax:DescribeSubnetGroups", - "dax:ListTags", - "devicefarm:List*", - "directconnect:Describe*", - "discovery:List*", - "dms:List*", - "ds:DescribeDirectories", - "dynamodb:DescribeBackup", - "dynamodb:DescribeContinuousBackups", - "dynamodb:DescribeGlobalTable", - "dynamodb:DescribeGlobalTableSettings", - "dynamodb:DescribeLimits", - "dynamodb:DescribeReservedCapacity", - "dynamodb:DescribeReservedCapacityOfferings", - "dynamodb:DescribeStream", - "dynamodb:DescribeTable", - "dynamodb:DescribeTimeToLive", - "dynamodb:ListBackups", - "dynamodb:ListGlobalTables", - "dynamodb:ListStreams", - "dynamodb:ListTables", - "dynamodb:ListTagsOfResource", - "ec2:DescribeAccountAttributes", - "ec2:DescribeAddresses", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeBundleTasks", - "ec2:DescribeClassicLinkInstances", - "ec2:DescribeConversionTasks", - "ec2:DescribeCustomerGateways", - "ec2:DescribeDhcpOptions", - "ec2:DescribeExportTasks", - "ec2:DescribeFlowLogs", - "ec2:DescribeHost*", - "ec2:DescribeIdentityIdFormat", - "ec2:DescribeIdFormat", - "ec2:DescribeImage*", - "ec2:DescribeImport*", - "ec2:DescribeInstance*", - "ec2:DescribeInternetGateways", - "ec2:DescribeKeyPairs", - "ec2:DescribeMovingAddresses", - "ec2:DescribeNatGateways", - "ec2:DescribeNetwork*", - "ec2:DescribePlacementGroups", - "ec2:DescribePrefixLists", - "ec2:DescribeRegions", - "ec2:DescribeReserved*", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSnapshot*", - "ec2:DescribeSpot*", - "ec2:DescribeSubnets", - "ec2:DescribeTags", - "ec2:DescribeVolume*", - "ec2:DescribeVpc*", - "ec2:DescribeVpnGateways", - "ec2:DescribeCarrierGateways", - "ec2:DescribeLocalGateways", - "ec2:DescribeLocalGatewayVirtualInterfaces", - "ec2:DescribeLocalGatewayVirtualInterfaceGroups", - "ec2:DescribeLocalGatewayRouteTables", - "ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", - "ec2:DescribeLocalGatewayRouteTableVpcAssociations", - "ec2:SearchLocalGatewayRoutes", - "ecr:DescribeRepositories", - "ecr:ListImages", - "ecs:List*", - "ecs:Describe*", - "elasticache:Describe*", - "elasticbeanstalk:DescribeApplicationVersions", - "elasticbeanstalk:DescribeApplications", - "elasticbeanstalk:DescribeEnvironments", - "elasticbeanstalk:ListAvailableSolutionStacks", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeTargetGroups", - "elasticfilesystem:DescribeFileSystems", - "elasticloadbalancing:DescribeInstanceHealth", - "elasticloadbalancing:DescribeTargetHealth", - "elasticmapreduce:List*", - "elastictranscoder:List*", - "es:DescribeElasticsearchDomain", - "es:DescribeElasticsearchDomains", - "es:ListDomainNames", - "events:ListRuleNamesByTarget", - "events:ListRules", - "events:ListTargetsByRule", - "firehose:List*", - "firehose:DescribeDeliveryStream", - "fsx:DescribeFileSystems", - "gamelift:List*", - "glacier:List*", - "greengrass:List*", - "iam:List*", - "iam:GetAccountSummary", - "iam:GetLoginProfile", - "importexport:ListJobs", - "inspector:List*", - "iot:List*", - "kinesis:ListStreams", - "kinesisanalytics:ListApplications", - "kms:ListKeys", - "lambda:List*", - "lex:GetBotAliases", - "lex:GetBotChannelAssociations", - "lex:GetBots", - "lex:GetBotVersions", - "lex:GetIntents", - "lex:GetIntentVersions", - "lex:GetSlotTypes", - "lex:GetSlotTypeVersions", - "lex:GetUtterancesView", - "lightsail:GetBlueprints", - "lightsail:GetBundles", - "lightsail:GetInstances", - "lightsail:GetInstanceSnapshots", - "lightsail:GetKeyPair", - "lightsail:GetRegions", - "lightsail:GetStaticIps", - "lightsail:IsVpcPeered", - "logs:Describe*", - "machinelearning:Describe*", - "mobilehub:ListAvailableFeatures", - "mobilehub:ListAvailableRegions", - "mobilehub:ListProjects", - "opsworks:Describe*", - "opsworks-cm:Describe*", - "organizations:List*", - "outposts:GetOutpost", - "outposts:GetOutpostInstanceTypes", - "outposts:ListOutposts", - "outposts:ListSites", - "outposts:ListTagsForResource", - "mobiletargeting:GetApplicationSettings", - "mobiletargeting:GetCampaigns", - "mobiletargeting:GetImportJobs", - "mobiletargeting:GetSegments", - "polly:Describe*", - "polly:List*", - "rds:Describe*", - "redshift:DescribeClusters", - "redshift:DescribeEvents", - "redshift:ViewQueriesInConsole", - "route53:List*", - "route53:Get*", - "route53domains:List*", - "route53resolver:Get*", - "route53resolver:List*", - "s3:ListAllMyBuckets", - "s3:ListBucket", - "sagemaker:Describe*", - "sagemaker:List*", - "sdb:List*", - "servicecatalog:List*", - "ses:List*", - "shield:List*", - "states:ListActivities", - "states:ListStateMachines", - "sns:List*", - "sqs:ListQueues", - "ssm:ListAssociations", - "ssm:ListDocuments", - "storagegateway:ListGateways", - "storagegateway:ListLocalDisks", - "storagegateway:ListVolumeRecoveryPoints", - "storagegateway:ListVolumes", - "swf:List*", - "trustedadvisor:Describe*", - "waf:List*", - "waf-regional:List*", - "wafv2:List*", - "workdocs:DescribeAvailableDirectories", - "workdocs:DescribeInstances", - "workmail:Describe*", - "workspaces:Describe*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/job-function/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAID22R6XPJATWOFDK6", - "PolicyName": "ViewOnlyAccess", - "UpdateDate": "2021-12-21T02:53:03+00:00", - "VersionId": "v12" - }, - "WAFLoggingServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/WAFLoggingServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-08-24T21:05:47+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "firehose:PutRecord", - "firehose:PutRecordBatch" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:firehose:*:*:deliverystream/aws-waf-logs-*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJZ7N545GUNUHNTYOM", - "PolicyName": "WAFLoggingServiceRolePolicy", - "UpdateDate": "2018-08-24T21:05:47+00:00", - "VersionId": "v1" - }, - "WAFRegionalLoggingServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/WAFRegionalLoggingServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2018-08-24T18:40:55+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "firehose:PutRecord", - "firehose:PutRecordBatch" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:firehose:*:*:deliverystream/aws-waf-logs-*" - ] - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJE43HAZMEH4CI6SU2", - "PolicyName": "WAFRegionalLoggingServiceRolePolicy", - "UpdateDate": "2018-08-24T18:40:55+00:00", - "VersionId": "v1" - }, - "WAFV2LoggingServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/aws-service-role/WAFV2LoggingServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-11-07T00:40:56+00:00", - "DefaultVersionId": "v2", - "Document": { - "Statement": [ - { - "Action": [ - "firehose:PutRecord", - "firehose:PutRecordBatch" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:firehose:*:*:deliverystream/aws-waf-logs-*" - ] - }, - { - "Action": "organizations:DescribeOrganization", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/aws-service-role/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAZKAPJZG4AHQ3ASNCX", - "PolicyName": "WAFV2LoggingServiceRolePolicy", - "UpdateDate": "2020-07-23T17:04:25+00:00", - "VersionId": "v2" - }, - "WellArchitectedConsoleFullAccess": { - "Arn": "arn:aws:iam::aws:policy/WellArchitectedConsoleFullAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-29T18:19:23+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "wellarchitected:*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIH6HSBHM3VSYC5SKA", - "PolicyName": "WellArchitectedConsoleFullAccess", - "UpdateDate": "2018-11-29T18:19:23+00:00", - "VersionId": "v1" - }, - "WellArchitectedConsoleReadOnlyAccess": { - "Arn": "arn:aws:iam::aws:policy/WellArchitectedConsoleReadOnlyAccess", - "AttachmentCount": 0, - "CreateDate": "2018-11-29T18:21:08+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "wellarchitected:Get*", - "wellarchitected:List*" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAIUTK35NDTYF6T2GFY", - "PolicyName": "WellArchitectedConsoleReadOnlyAccess", - "UpdateDate": "2018-11-29T18:21:08+00:00", - "VersionId": "v1" - }, - "WorkLinkServiceRolePolicy": { - "Arn": "arn:aws:iam::aws:policy/WorkLinkServiceRolePolicy", - "AttachmentCount": 0, - "CreateDate": "2019-01-23T19:03:45+00:00", - "DefaultVersionId": "v1", - "Document": { - "Statement": [ - { - "Action": [ - "ec2:CreateNetworkInterface", - "ec2:DeleteNetworkInterfacePermission", - "ec2:CreateNetworkInterfacePermission", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:DeleteNetworkInterface" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "kinesis:PutRecord", - "kinesis:PutRecords" - ], - "Effect": "Allow", - "Resource": "arn:aws:kinesis:*:*:stream/AmazonWorkLink-*" - } - ], - "Version": "2012-10-17" - }, - "IsAttachable": true, - "IsDefaultVersion": true, - "Path": "/", - "PermissionsBoundaryUsageCount": 0, - "PolicyId": "ANPAJ6JTE3DI5JOULLNLS", - "PolicyName": "WorkLinkServiceRolePolicy", - "UpdateDate": "2019-01-23T19:03:45+00:00", - "VersionId": "v1" + "APIGatewayServiceRolePolicy":{ + "CreateDate":"2017-10-20T17:23:10+00:00", + "DefaultVersionId":"v9", + "Document":{ + "Statement":[ + { + "Action":[ + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancers", + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + "xray:GetSamplingTargets", + "xray:GetSamplingRules", + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:DeleteLogDelivery", + "logs:ListLogDeliveries", + "servicediscovery:DiscoverInstances" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "firehose:DescribeDeliveryStream", + "firehose:PutRecord", + "firehose:PutRecordBatch" + ], + "Effect":"Allow", + "Resource":"arn:aws:firehose:*:*:deliverystream/amazon-apigateway-*" + }, + { + "Action":[ + "acm:DescribeCertificate", + "acm:GetCertificate" + ], + "Effect":"Allow", + "Resource":"arn:aws:acm:*:*:certificate/*" + }, + { + "Action":"ec2:CreateNetworkInterfacePermission", + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "Owner", + "VpcLinkId" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + }, + { + "Action":[ + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:DeleteNetworkInterface", + "ec2:AssignPrivateIpAddresses", + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterfacePermission", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeVpcs", + "ec2:DescribeNetworkInterfacePermissions", + "ec2:UnassignPrivateIpAddresses", + "ec2:DescribeSubnets", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"servicediscovery:GetNamespace", + "Effect":"Allow", + "Resource":"arn:aws:servicediscovery:*:*:namespace/*" + }, + { + "Action":"servicediscovery:GetService", + "Effect":"Allow", + "Resource":"arn:aws:servicediscovery:*:*:service/*" } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-07-12T22:24:40+00:00" + }, + "AWSAccountActivityAccess":{ + "CreateDate":"2015-02-06T18:41:18+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-portal:ViewBilling" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:41:18+00:00" + }, + "AWSAccountManagementFullAccess":{ + "CreateDate":"2021-09-30T23:20:37+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"account:*", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-30T23:20:37+00:00" + }, + "AWSAccountManagementReadOnlyAccess":{ + "CreateDate":"2021-09-30T23:29:53+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "account:Get*", + "account:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-30T23:29:53+00:00" + }, + "AWSAccountUsageReportAccess":{ + "CreateDate":"2015-02-06T18:41:19+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-portal:ViewUsage" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:41:19+00:00" + }, + "AWSAgentlessDiscoveryService":{ + "CreateDate":"2016-08-02T01:35:11+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "awsconnector:RegisterConnector", + "awsconnector:GetConnectorHealth" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:GetUser", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetObject", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::connector-platform-upgrade-info/*", + "arn:aws:s3:::connector-platform-upgrade-info", + "arn:aws:s3:::connector-platform-upgrade-bundles/*", + "arn:aws:s3:::connector-platform-upgrade-bundles", + "arn:aws:s3:::connector-platform-release-notes/*", + "arn:aws:s3:::connector-platform-release-notes", + "arn:aws:s3:::prod.agentless.discovery.connector.upgrade/*", + "arn:aws:s3:::prod.agentless.discovery.connector.upgrade" + ] + }, + { + "Action":[ + "s3:PutObject", + "s3:PutObjectAcl" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::import-to-ec2-connector-debug-logs/*" + ] + }, + { + "Action":[ + "SNS:Publish" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:metrics-sns-topic-for-*" + }, + { + "Action":[ + "Discovery:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Discovery" + }, + { + "Action":[ + "arsenal:RegisterOnPremisesAgent" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"arsenal" + }, + { + "Action":[ + "mgh:GetHomeRegion" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-02-24T23:08:23+00:00" + }, + "AWSAppMeshEnvoyAccess":{ + "CreateDate":"2019-07-03T21:29:37+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "appmesh:StreamAggregatedResources" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-07-03T21:29:37+00:00" + }, + "AWSAppMeshFullAccess":{ + "CreateDate":"2019-04-16T17:50:40+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "appmesh:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":[ + "appmesh.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/appmesh.amazonaws.com/AWSServiceRoleForAppMesh" + }, + { + "Action":[ + "cloudformation:CreateStack", + "cloudformation:DeleteStack", + "cloudformation:DescribeStack*", + "cloudformation:UpdateStack" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudformation:*:*:stack/AWSAppMesh-GettingStarted-*" + }, + { + "Action":[ + "acm:ListCertificates", + "acm:DescribeCertificate", + "acm-pca:DescribeCertificateAuthority", + "acm-pca:ListCertificateAuthorities" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "servicediscovery:ListNamespaces", + "servicediscovery:ListServices", + "servicediscovery:ListInstances" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-01-07T19:54:08+00:00" + }, + "AWSAppMeshPreviewEnvoyAccess":{ + "CreateDate":"2019-08-05T23:32:39+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "appmesh-preview:StreamAggregatedResources" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-08-05T23:32:39+00:00" + }, + "AWSAppMeshPreviewServiceRolePolicy":{ + "CreateDate":"2019-06-19T19:07:00+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "servicediscovery:DiscoverInstances" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudMapServiceDiscovery" + }, + { + "Action":[ + "acm:DescribeCertificate" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ACMCertificateVerification" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-08-21T21:06:29+00:00" + }, + "AWSAppMeshReadOnly":{ + "CreateDate":"2019-04-16T17:51:11+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "appmesh:Describe*", + "appmesh:List*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudformation:DescribeStack*" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudformation:*:*:stack/AWSAppMesh-GettingStarted-*" + }, + { + "Action":[ + "acm:ListCertificates", + "acm:DescribeCertificate", + "acm-pca:DescribeCertificateAuthority", + "acm-pca:ListCertificateAuthorities" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "servicediscovery:ListNamespaces", + "servicediscovery:ListServices", + "servicediscovery:ListInstances" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-01-07T19:53:16+00:00" + }, + "AWSAppMeshServiceRolePolicy":{ + "CreateDate":"2019-06-03T18:30:51+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "servicediscovery:DiscoverInstances" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudMapServiceDiscovery" + }, + { + "Action":[ + "acm:DescribeCertificate" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ACMCertificateVerification" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-09-10T22:44:43+00:00" + }, + "AWSAppRunnerFullAccess":{ + "CreateDate":"2022-01-11T04:02:09+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"apprunner.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/apprunner.amazonaws.com/AWSServiceRoleForAppRunner" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":"apprunner.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"apprunner:*", + "Effect":"Allow", + "Resource":"*", + "Sid":"AppRunnerAdminAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-01-11T04:02:09+00:00" + }, + "AWSAppRunnerReadOnlyAccess":{ + "CreateDate":"2022-02-24T21:24:15+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "apprunner:List*", + "apprunner:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-02-24T21:24:15+00:00" + }, + "AWSAppRunnerServicePolicyForECRAccess":{ + "CreateDate":"2021-05-14T19:17:21+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ecr:GetDownloadUrlForLayer", + "ecr:BatchGetImage", + "ecr:DescribeImages", + "ecr:GetAuthorizationToken", + "ecr:BatchCheckLayerAvailability" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-05-14T19:17:21+00:00" + }, + "AWSAppSyncAdministrator":{ + "CreateDate":"2018-03-20T21:20:28+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "appsync:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "appsync.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"appsync.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/appsync.amazonaws.com/AWSServiceRoleForAppSync*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-11-04T19:23:49+00:00" + }, + "AWSAppSyncInvokeFullAccess":{ + "CreateDate":"2018-03-20T21:21:20+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "appsync:GraphQL", + "appsync:GetGraphqlApi", + "appsync:ListGraphqlApis", + "appsync:ListApiKeys" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-03-20T21:21:20+00:00" + }, + "AWSAppSyncPushToCloudWatchLogs":{ + "CreateDate":"2018-04-09T19:38:55+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-04-09T19:38:55+00:00" + }, + "AWSAppSyncSchemaAuthor":{ + "CreateDate":"2018-03-20T21:21:06+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "appsync:GraphQL", + "appsync:CreateResolver", + "appsync:CreateType", + "appsync:DeleteResolver", + "appsync:DeleteType", + "appsync:GetResolver", + "appsync:GetType", + "appsync:GetDataSource", + "appsync:GetSchemaCreationStatus", + "appsync:GetIntrospectionSchema", + "appsync:GetGraphqlApi", + "appsync:ListTypes", + "appsync:ListApiKeys", + "appsync:ListResolvers", + "appsync:ListDataSources", + "appsync:ListGraphqlApis", + "appsync:StartSchemaCreation", + "appsync:UpdateResolver", + "appsync:UpdateType" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-03-20T21:21:06+00:00" + }, + "AWSAppSyncServiceRolePolicy":{ + "CreateDate":"2020-01-21T19:56:53+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + "xray:GetSamplingTargets", + "xray:GetSamplingRules", + "xray:GetSamplingStatisticSummaries" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-01-21T19:56:53+00:00" + }, + "AWSApplicationAutoScalingCustomResourcePolicy":{ + "CreateDate":"2018-06-04T23:22:44+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "execute-api:Invoke", + "cloudwatch:PutMetricAlarm", + "cloudwatch:DescribeAlarms", + "cloudwatch:DeleteAlarms" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-06-04T23:22:44+00:00" + }, + "AWSApplicationAutoscalingAppStreamFleetPolicy":{ + "CreateDate":"2017-10-20T19:04:06+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "appstream:UpdateFleet", + "appstream:DescribeFleets", + "cloudwatch:PutMetricAlarm", + "cloudwatch:DescribeAlarms", + "cloudwatch:DeleteAlarms" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-10-20T19:04:06+00:00" + }, + "AWSApplicationAutoscalingCassandraTablePolicy":{ + "CreateDate":"2020-03-18T22:49:23+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"cassandra:Select", + "Effect":"Allow", + "Resource":[ + "arn:*:cassandra:*:*:/keyspace/system/table/*", + "arn:*:cassandra:*:*:/keyspace/system_schema/table/*", + "arn:*:cassandra:*:*:/keyspace/system_schema_mcs/table/*" + ] + }, + { + "Action":[ + "cassandra:Alter", + "cloudwatch:PutMetricAlarm", + "cloudwatch:DescribeAlarms", + "cloudwatch:DeleteAlarms" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-03-18T22:49:23+00:00" + }, + "AWSApplicationAutoscalingComprehendEndpointPolicy":{ + "CreateDate":"2019-11-14T18:39:07+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "comprehend:UpdateEndpoint", + "comprehend:DescribeEndpoint", + "cloudwatch:PutMetricAlarm", + "cloudwatch:DescribeAlarms", + "cloudwatch:DeleteAlarms" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-11-14T18:39:07+00:00" + }, + "AWSApplicationAutoscalingDynamoDBTablePolicy":{ + "CreateDate":"2017-10-20T21:34:57+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "dynamodb:DescribeTable", + "dynamodb:UpdateTable", + "cloudwatch:PutMetricAlarm", + "cloudwatch:DescribeAlarms", + "cloudwatch:DeleteAlarms" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-10-20T21:34:57+00:00" + }, + "AWSApplicationAutoscalingEC2SpotFleetRequestPolicy":{ + "CreateDate":"2017-10-25T18:23:27+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeSpotFleetRequests", + "ec2:ModifySpotFleetRequest", + "cloudwatch:PutMetricAlarm", + "cloudwatch:DescribeAlarms", + "cloudwatch:DeleteAlarms" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-10-25T18:23:27+00:00" + }, + "AWSApplicationAutoscalingECSServicePolicy":{ + "CreateDate":"2017-10-25T23:53:08+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ecs:DescribeServices", + "ecs:UpdateService", + "cloudwatch:PutMetricAlarm", + "cloudwatch:DescribeAlarms", + "cloudwatch:DeleteAlarms" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-10-25T23:53:08+00:00" + }, + "AWSApplicationAutoscalingEMRInstanceGroupPolicy":{ + "CreateDate":"2017-10-26T00:57:39+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "elasticmapreduce:ListInstanceGroups", + "elasticmapreduce:ModifyInstanceGroups", + "cloudwatch:PutMetricAlarm", + "cloudwatch:DescribeAlarms", + "cloudwatch:DeleteAlarms" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-10-26T00:57:39+00:00" + }, + "AWSApplicationAutoscalingElastiCacheRGPolicy":{ + "CreateDate":"2021-08-17T23:41:42+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "elasticache:DescribeReplicationGroups", + "elasticache:ModifyReplicationGroupShardConfiguration", + "elasticache:IncreaseReplicaCount", + "elasticache:DecreaseReplicaCount", + "elasticache:DescribeCacheClusters", + "elasticache:DescribeCacheParameters", + "cloudwatch:DescribeAlarms" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "cloudwatch:PutMetricAlarm", + "cloudwatch:DeleteAlarms" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudwatch:*:*:alarm:TargetTracking*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-17T23:41:42+00:00" + }, + "AWSApplicationAutoscalingKafkaClusterPolicy":{ + "CreateDate":"2020-08-24T18:36:01+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "kafka:DescribeCluster", + "kafka:DescribeClusterOperation", + "kafka:UpdateBrokerStorage", + "cloudwatch:PutMetricAlarm", + "cloudwatch:DescribeAlarms", + "cloudwatch:DeleteAlarms" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-24T18:36:01+00:00" + }, + "AWSApplicationAutoscalingLambdaConcurrencyPolicy":{ + "CreateDate":"2019-10-21T20:04:17+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "lambda:PutProvisionedConcurrencyConfig", + "lambda:GetProvisionedConcurrencyConfig", + "lambda:DeleteProvisionedConcurrencyConfig", + "cloudwatch:PutMetricAlarm", + "cloudwatch:DescribeAlarms", + "cloudwatch:DeleteAlarms" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-10-21T20:04:17+00:00" + }, + "AWSApplicationAutoscalingNeptuneClusterPolicy":{ + "CreateDate":"2021-09-02T21:14:55+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "rds:ListTagsForResource", + "rds:DescribeDBInstances", + "rds:DescribeDBClusters", + "rds:DescribeDBClusterParameters", + "cloudwatch:DescribeAlarms" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"rds:AddTagsToResource", + "Condition":{ + "StringEquals":{ + "rds:DatabaseEngine":"neptune" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:rds:*:*:db:autoscaled-reader*" + ] + }, + { + "Action":"rds:CreateDBInstance", + "Condition":{ + "StringEquals":{ + "rds:DatabaseEngine":"neptune" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:rds:*:*:db:autoscaled-reader*", + "arn:aws:rds:*:*:cluster:*" + ] + }, + { + "Action":[ + "rds:DeleteDBInstance" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:rds:*:*:db:autoscaled-reader*" + ] + }, + { + "Action":[ + "cloudwatch:PutMetricAlarm", + "cloudwatch:DeleteAlarms" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudwatch:*:*:alarm:TargetTracking*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-02T21:14:55+00:00" + }, + "AWSApplicationAutoscalingRDSClusterPolicy":{ + "CreateDate":"2017-10-17T17:46:56+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "rds:AddTagsToResource", + "rds:CreateDBInstance", + "rds:DeleteDBInstance", + "rds:DescribeDBClusters", + "rds:DescribeDBInstances", + "rds:ModifyDBCluster", + "cloudwatch:PutMetricAlarm", + "cloudwatch:DescribeAlarms", + "cloudwatch:DeleteAlarms" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":"rds.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-08-07T19:14:24+00:00" + }, + "AWSApplicationAutoscalingSageMakerEndpointPolicy":{ + "CreateDate":"2018-02-06T19:58:21+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sagemaker:DescribeEndpoint", + "sagemaker:DescribeEndpointConfig", + "sagemaker:UpdateEndpointWeightsAndCapacities", + "cloudwatch:PutMetricAlarm", + "cloudwatch:DescribeAlarms", + "cloudwatch:DeleteAlarms" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-02-06T19:58:21+00:00" + }, + "AWSApplicationDiscoveryAgentAccess":{ + "CreateDate":"2016-05-11T21:38:47+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "arsenal:RegisterOnPremisesAgent" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "mgh:GetHomeRegion" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-02-24T22:26:45+00:00" + }, + "AWSApplicationDiscoveryServiceFullAccess":{ + "CreateDate":"2016-05-11T21:30:50+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "mgh:*", + "discovery:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"continuousexport.discovery.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*" + }, + { + "Action":[ + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "migrationhub.amazonaws.com", + "dmsintegration.migrationhub.amazonaws.com", + "smsintegration.migrationhub.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-19T21:21:26+00:00" + }, + "AWSApplicationMigrationAgentInstallationPolicy":{ + "CreateDate":"2022-06-19T07:51:04+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "mgn:GetAgentInstallationAssetsForMgn", + "mgn:SendClientLogsForMgn", + "mgn:RegisterAgentForMgn", + "mgn:VerifyClientRoleForMgn" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "mgn:IssueClientCertificateForMgn" + ], + "Effect":"Allow", + "Resource":"arn:aws:mgn:*:*:source-server/*" + }, + { + "Action":"mgn:TagResource", + "Condition":{ + "StringEquals":{ + "mgn:CreateAction":"RegisterAgentForMgn" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:mgn:*:*:source-server/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-19T07:51:04+00:00" + }, + "AWSApplicationMigrationAgentPolicy":{ + "CreateDate":"2021-04-07T07:00:21+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "mgn:SendAgentMetricsForMgn", + "mgn:SendAgentLogsForMgn", + "mgn:SendClientLogsForMgn" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "mgn:RegisterAgentForMgn", + "mgn:UpdateAgentSourcePropertiesForMgn", + "mgn:UpdateAgentReplicationInfoForMgn", + "mgn:UpdateAgentConversionInfoForMgn", + "mgn:GetAgentInstallationAssetsForMgn", + "mgn:GetAgentCommandForMgn", + "mgn:GetAgentConfirmedResumeInfoForMgn", + "mgn:GetAgentRuntimeConfigurationForMgn", + "mgn:UpdateAgentBacklogForMgn", + "mgn:GetAgentReplicationInfoForMgn" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"mgn:TagResource", + "Effect":"Allow", + "Resource":"arn:aws:mgn:*:*:source-server/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-04-07T07:00:21+00:00" + }, + "AWSApplicationMigrationAgentPolicy_v2":{ + "CreateDate":"2022-06-06T14:14:38+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "mgn:SendAgentMetricsForMgn", + "mgn:SendAgentLogsForMgn", + "mgn:UpdateAgentSourcePropertiesForMgn", + "mgn:UpdateAgentReplicationInfoForMgn", + "mgn:UpdateAgentConversionInfoForMgn", + "mgn:GetAgentCommandForMgn", + "mgn:GetAgentConfirmedResumeInfoForMgn", + "mgn:GetAgentRuntimeConfigurationForMgn", + "mgn:UpdateAgentBacklogForMgn", + "mgn:GetAgentReplicationInfoForMgn", + "mgn:IssueClientCertificateForMgn" + ], + "Effect":"Allow", + "Resource":"arn:aws:mgn:*:*:source-server/${aws:SourceIdentity}" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-06T14:14:38+00:00" + }, + "AWSApplicationMigrationConversionServerPolicy":{ + "CreateDate":"2021-04-07T06:48:58+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "mgn:SendClientMetricsForMgn", + "mgn:SendClientLogsForMgn", + "mgn:GetChannelCommandsForMgn", + "mgn:SendChannelCommandResultForMgn" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-04-07T06:48:58+00:00" + }, + "AWSApplicationMigrationEC2Access":{ + "CreateDate":"2021-04-07T07:05:22+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"ec2.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AWSApplicationMigrationConversionServerRole" + ] + }, + { + "Action":[ + "ec2:DeleteSnapshot" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*" + }, + { + "Action":[ + "ec2:CreateLaunchTemplateVersion", + "ec2:ModifyLaunchTemplate", + "ec2:DeleteLaunchTemplateVersions" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:launch-template/*" + }, + { + "Action":[ + "ec2:DeleteVolume" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":[ + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances", + "ec2:ModifyInstanceAttribute", + "ec2:GetConsoleOutput", + "ec2:GetConsoleScreenshot" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ec2:RevokeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:security-group/*" + }, + { + "Action":[ + "ec2:CreateVolume" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:RequestTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":"ec2:CreateSecurityGroup", + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc/*" + }, + { + "Action":[ + "ec2:CreateSecurityGroup" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:RequestTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:security-group/*" + }, + { + "Action":[ + "ec2:CreateSnapshot" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "ec2:ResourceTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":[ + "ec2:CreateSnapshot" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:RequestTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*" + }, + { + "Action":[ + "ec2:DetachVolume", + "ec2:AttachVolume" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "ec2:ResourceTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ec2:AttachVolume" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "ec2:ResourceTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":[ + "ec2:DetachVolume" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:RequestTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:image/*", + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:launch-template/*" + ] + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "StringEquals":{ + "ec2:CreateAction":[ + "CreateSecurityGroup", + "CreateVolume", + "CreateSnapshot", + "RunInstances" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:snapshot/*", + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":[ + "ec2:CreateTags", + "ec2:ModifyVolume" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "ec2:ResourceTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:volume/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-03-02T08:49:20+00:00" + }, + "AWSApplicationMigrationFullAccess":{ + "CreateDate":"2021-04-07T06:56:05+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "mgn:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:ListAliases", + "kms:DescribeKey" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeKeyPairs", + "ec2:DescribeTags", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribePlacementGroups", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeInstanceTypes", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstanceTypeOfferings", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSnapshots", + "ec2:DescribeSubnets", + "ec2:DescribeVolumes", + "ec2:GetEbsEncryptionByDefault", + "ec2:GetEbsDefaultKmsKeyId" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"license-manager:ListLicenseConfigurations", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"elasticloadbalancing:DescribeLoadBalancers", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:ListInstanceProfiles", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "StringEquals":{ + "iam:PassedToService":"ec2.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AWSApplicationMigrationLaunchInstanceWithSsmRole", + "arn:aws:iam::*:role/service-role/AWSApplicationMigrationLaunchInstanceWithDrsRole" + ] + }, + { + "Action":[ + "drs:DescribeSourceServers" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssm:SendCommand" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:document/AWSDisasterRecovery-InstallDRAgentOnInstance", + "arn:aws:ssm:*:*:document/AWSMigration-ConvertCentOsToRockyLinuxDistribution", + "arn:aws:ssm:*:*:document/AWSMigration-ReplaceSuseSubscriptionWithAwsSubscription" + ] + }, + { + "Action":[ + "ssm:SendCommand" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":[ + "ssm:ListCommandInvocations" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssm:DescribeInstanceInformation", + "ssm:GetCommandInvocation" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssm:DescribeDocument" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:document/AWSDisasterRecovery-InstallDRAgentOnInstance", + "arn:aws:ssm:*:*:document/AWSMigration-ConvertCentOsToRockyLinuxDistribution", + "arn:aws:ssm:*:*:document/AWSMigration-ReplaceSuseSubscriptionWithAwsSubscription" + ] + }, + { + "Action":[ + "ssm:GetParameter", + "ssm:PutParameter" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:parameter/ManagedByAWSApplicationMigrationService-*" + }, + { + "Action":[ + "servicequotas:GetServiceQuota" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-31T21:14:49+00:00" + }, + "AWSApplicationMigrationMGHAccess":{ + "CreateDate":"2021-04-07T07:10:01+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "mgh:AssociateCreatedArtifact", + "mgh:CreateProgressUpdateStream", + "mgh:DisassociateCreatedArtifact", + "mgh:GetHomeRegion", + "mgh:ImportMigrationTask", + "mgh:NotifyMigrationTaskState", + "mgh:PutResourceAttributes" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-04-07T07:10:01+00:00" + }, + "AWSApplicationMigrationReadOnlyAccess":{ + "CreateDate":"2021-04-07T07:15:26+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "mgn:DescribeJobLogItems", + "mgn:DescribeJobs", + "mgn:DescribeSourceServers", + "mgn:DescribeReplicationConfigurationTemplates", + "mgn:GetLaunchConfiguration", + "mgn:DescribeVcenterClients", + "mgn:GetReplicationConfiguration" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "servicequotas:GetServiceQuota" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-01T08:32:53+00:00" + }, + "AWSApplicationMigrationReplicationServerPolicy":{ + "CreateDate":"2021-04-07T07:21:57+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "mgn:SendClientMetricsForMgn", + "mgn:SendClientLogsForMgn", + "mgn:GetChannelCommandsForMgn", + "mgn:SendChannelCommandResultForMgn", + "mgn:GetAgentSnapshotCreditsForMgn", + "mgn:DescribeReplicationServerAssociationsForMgn", + "mgn:DescribeSnapshotRequestsForMgn", + "mgn:BatchDeleteSnapshotRequestForMgn", + "mgn:NotifyAgentAuthenticationForMgn", + "mgn:BatchCreateVolumeSnapshotGroupForMgn", + "mgn:UpdateAgentReplicationProcessStateForMgn", + "mgn:NotifyAgentReplicationProgressForMgn", + "mgn:NotifyAgentConnectedForMgn", + "mgn:NotifyAgentDisconnectedForMgn" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeSnapshots" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateSnapshot" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":[ + "ec2:CreateSnapshot" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"CreateSnapshot" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-04-07T07:21:57+00:00" + }, + "AWSApplicationMigrationServiceRolePolicy":{ + "CreateDate":"2021-04-07T06:43:20+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"mgn:ListTagsForResource", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"kms:ListRetirableGrants", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "mgh:AssociateCreatedArtifact", + "mgh:CreateProgressUpdateStream", + "mgh:DisassociateCreatedArtifact", + "mgh:GetHomeRegion", + "mgh:ImportMigrationTask", + "mgh:NotifyMigrationTaskState", + "mgh:PutResourceAttributes" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeInstanceTypes", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstanceStatus", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSnapshots", + "ec2:DescribeSubnets", + "ec2:DescribeVolumes", + "ec2:GetEbsDefaultKmsKeyId", + "ec2:GetEbsEncryptionByDefault" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:RegisterImage", + "ec2:DeregisterImage" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DeleteSnapshot" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*" + }, + { + "Action":[ + "ec2:CreateLaunchTemplateVersion", + "ec2:ModifyLaunchTemplate", + "ec2:DeleteLaunchTemplate", + "ec2:DeleteLaunchTemplateVersions" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:launch-template/*" + }, + { + "Action":[ + "ec2:DeleteVolume" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":[ + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances", + "ec2:ModifyInstanceAttribute", + "ec2:GetConsoleOutput", + "ec2:GetConsoleScreenshot" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ec2:RevokeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:security-group/*" + }, + { + "Action":[ + "ec2:CreateVolume" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":[ + "ec2:CreateSecurityGroup" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:security-group/*" + }, + { + "Action":[ + "ec2:CreateSecurityGroup" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc/*" + }, + { + "Action":[ + "ec2:CreateLaunchTemplate" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:launch-template/*" + }, + { + "Action":[ + "ec2:CreateSnapshot" + ], + "Condition":{ + "Null":{ + "ec2:ResourceTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":[ + "ec2:CreateSnapshot" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*" + }, + { + "Action":[ + "ec2:DetachVolume", + "ec2:AttachVolume" + ], + "Condition":{ + "Null":{ + "ec2:ResourceTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ec2:AttachVolume" + ], + "Condition":{ + "Null":{ + "ec2:ResourceTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":[ + "ec2:DetachVolume" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/AWSApplicationMigrationServiceManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:image/*", + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:launch-template/*" + ] + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"ec2.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AWSApplicationMigrationReplicationServerRole", + "arn:aws:iam::*:role/service-role/AWSApplicationMigrationConversionServerRole" + ] + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":[ + "CreateLaunchTemplate", + "CreateSecurityGroup", + "CreateVolume", + "CreateSnapshot", + "RunInstances" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:launch-template/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:snapshot/*", + "arn:aws:ec2:*:*:instance/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-04-07T06:43:20+00:00" + }, + "AWSApplicationMigrationVCenterClientPolicy":{ + "CreateDate":"2021-11-08T12:53:08+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "mgn:CreateVcenterClientForMgn", + "mgn:DescribeVcenterClients" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "mgn:GetVcenterClientCommandsForMgn", + "mgn:SendVcenterClientCommandResultForMgn", + "mgn:SendVcenterClientLogsForMgn", + "mgn:SendVcenterClientMetricsForMgn", + "mgn:DeleteVcenterClient", + "mgn:TagResource", + "mgn:NotifyVcenterClientStartedForMgn" + ], + "Effect":"Allow", + "Resource":"arn:aws:mgn:*:*:vcenter-client/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-08T12:53:08+00:00" + }, + "AWSArtifactAccountSync":{ + "CreateDate":"2018-04-10T23:04:33+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "organizations:ListAccounts", + "organizations:DescribeOrganization" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-04-10T23:04:33+00:00" + }, + "AWSAuditManagerAdministratorAccess":{ + "CreateDate":"2020-12-11T20:02:42+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "auditmanager:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AuditManagerAccess" + }, + { + "Action":[ + "organizations:ListAccountsForParent", + "organizations:ListAccounts", + "organizations:DescribeOrganization", + "organizations:DescribeOrganizationalUnit", + "organizations:DescribeAccount", + "organizations:ListParents", + "organizations:ListChildren" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"OrganizationsAccess" + }, + { + "Action":[ + "organizations:RegisterDelegatedAdministrator", + "organizations:DeregisterDelegatedAdministrator", + "organizations:EnableAWSServiceAccess" + ], + "Condition":{ + "StringLikeIfExists":{ + "organizations:ServicePrincipal":[ + "auditmanager.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowOnlyAuditManagerIntegration" + }, + { + "Action":[ + "iam:GetUser", + "iam:ListUsers", + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"IAMAccess" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"auditmanager.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/auditmanager.amazonaws.com/AWSServiceRoleForAuditManager*", + "Sid":"IAMAccessCreateSLR" + }, + { + "Action":[ + "iam:DeleteServiceLinkedRole", + "iam:UpdateRoleDescription", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/auditmanager.amazonaws.com/AWSServiceRoleForAuditManager*", + "Sid":"IAMAccessManageSLR" + }, + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"S3Access" + }, + { + "Action":[ + "kms:DescribeKey", + "kms:ListKeys", + "kms:ListAliases" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"KmsAccess" + }, + { + "Action":[ + "kms:CreateGrant" + ], + "Condition":{ + "Bool":{ + "kms:GrantIsForAWSResource":"true" + }, + "StringLike":{ + "kms:ViaService":"auditmanager.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"KmsCreateGrantAccess" + }, + { + "Action":[ + "sns:ListTopics" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SNSAccess" + }, + { + "Action":[ + "events:PutRule" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "events:source":[ + "aws.securityhub" + ] + }, + "StringEquals":{ + "events:detail-type":"Security Hub Findings - Imported" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CreateEventsAccess" + }, + { + "Action":[ + "events:DeleteRule", + "events:DescribeRule", + "events:EnableRule", + "events:DisableRule", + "events:ListTargetsByRule", + "events:PutTargets", + "events:RemoveTargets" + ], + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/AuditManagerSecurityHubFindingsReceiver", + "Sid":"EventsAccess" + }, + { + "Action":[ + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"TagAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-30T00:02:56+00:00" + }, + "AWSAuditManagerServiceRolePolicy":{ + "CreateDate":"2020-12-08T15:12:12+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "license-manager:ListLicenseConfigurations", + "license-manager:ListAssociationsForLicenseConfiguration", + "license-manager:ListUsageForLicenseConfiguration" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"LicenseManagerAccess" + }, + { + "Action":[ + "iam:GenerateCredentialReport", + "iam:GetAccountSummary", + "iam:ListPolicies", + "iam:GetAccountPasswordPolicy", + "iam:ListUsers", + "iam:ListUserPolicies", + "iam:ListRoles", + "iam:ListRolePolicies", + "iam:ListGroups", + "iam:ListGroupPolicies", + "iam:ListEntitiesForPolicy" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"IAMAccess" + }, + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeFlowLogs", + "ec2:DescribeVpcs", + "ec2:DescribeSecurityGroups", + "ec2:DescribeNetworkAcls", + "ec2:DescribeRouteTables", + "ec2:DescribeSnapshots", + "ec2:DescribeVpcEndpoints" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"EC2Access" + }, + { + "Action":[ + "cloudtrail:DescribeTrails" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudtrailAccess" + }, + { + "Action":[ + "config:DescribeDeliveryChannels", + "config:ListDiscoveredResources", + "config:DescribeConfigRules" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ConfigAccess" + }, + { + "Action":[ + "securityhub:DescribeStandards" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SecurityHubAccess" + }, + { + "Action":[ + "kms:ListKeys", + "kms:DescribeKey", + "kms:ListGrants" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"KMSAccess" + }, + { + "Action":[ + "cloudwatch:DescribeAlarms" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudwatchAccess" + }, + { + "Action":[ + "s3:GetLifecycleConfiguration" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"S3Access" + }, + { + "Action":[ + "events:DescribeRule" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"EventBridgeAccess" + }, + { + "Action":[ + "waf:ListActivatedRulesInRuleGroup" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"WAFAccess" + }, + { + "Action":[ + "guardduty:ListDetectors" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"GuardDutyAccess" + }, + { + "Action":[ + "route53:GetQueryLoggingConfig" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Route53Access" + }, + { + "Action":[ + "organizations:DescribePolicy", + "organizations:DescribeOrganization" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"OrganizationsAccess" + }, + { + "Action":[ + "cognito-idp:DescribeUserPool" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CognitoAccess" + }, + { + "Action":[ + "elasticfilesystem:DescribeFileSystems" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"EFSAccess" + }, + { + "Action":[ + "events:PutRule" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "events:source":[ + "aws.securityhub" + ] + }, + "Null":{ + "events:source":"false" + }, + "StringEquals":{ + "events:detail-type":"Security Hub Findings - Imported" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/AuditManagerSecurityHubFindingsReceiver", + "Sid":"CreateEventsAccess" + }, + { + "Action":[ + "events:DeleteRule", + "events:DescribeRule", + "events:EnableRule", + "events:DisableRule", + "events:ListTargetsByRule", + "events:PutTargets", + "events:RemoveTargets" + ], + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/AuditManagerSecurityHubFindingsReceiver", + "Sid":"EventsAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-20T16:26:09+00:00" + }, + "AWSAutoScalingPlansEC2AutoScalingPolicy":{ + "CreateDate":"2018-08-23T22:46:59+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:GetMetricData", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeScheduledActions", + "autoscaling:BatchPutScheduledUpdateGroupAction", + "autoscaling:BatchDeleteScheduledAction" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-08-23T22:46:59+00:00" + }, + "AWSBackupAuditAccess":{ + "CreateDate":"2021-08-24T01:02:23+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "backup:CreateFramework", + "backup:UpdateFramework", + "backup:ListFrameworks", + "backup:DescribeFramework", + "backup:DeleteFramework", + "backup:ListBackupPlans", + "backup:ListBackupVaults", + "backup:CreateReportPlan", + "backup:UpdateReportPlan", + "backup:ListReportPlans", + "backup:DescribeReportPlan", + "backup:DeleteReportPlan", + "backup:StartReportJob", + "backup:ListReportJobs", + "backup:DescribeReportJob" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "config:DescribeConfigurationRecorders", + "config:DescribeConfigurationRecorderStatus" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "config:DescribeComplianceByConfigRule", + "config:GetComplianceDetailsByConfigRule" + ], + "Effect":"Allow", + "Resource":"arn:aws:config:*:*:config-rule/*" + }, + { + "Action":[ + "s3:ListAllMyBuckets", + "s3:GetBucketLocation" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-24T01:02:23+00:00" + }, + "AWSBackupFullAccess":{ + "CreateDate":"2019-11-18T22:21:52+00:00", + "DefaultVersionId":"v11", + "Document":{ + "Statement":[ + { + "Action":"backup:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"backup-storage:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "rds:DescribeDBSnapshots", + "rds:ListTagsForResource", + "rds:DescribeDBInstances", + "rds:describeDBEngineVersions", + "rds:describeOptionGroups", + "rds:describeOrderableDBInstanceOptions", + "rds:describeDBSubnetGroups", + "rds:describeDBClusterSnapshots", + "rds:describeDBClusters", + "rds:describeDBParameterGroups", + "rds:DescribeDBClusterParameterGroups", + "rds:DescribeDBInstanceAutomatedBackups" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "rds:DeleteDBSnapshot", + "rds:DeleteDBClusterSnapshot" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "backup.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "dynamodb:ListBackups", + "dynamodb:ListTables" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "dynamodb:DeleteBackup" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "backup.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "elasticfilesystem:DescribeFilesystems" + ], + "Effect":"Allow", + "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*" + }, + { + "Action":[ + "ec2:DescribeSnapshots", + "ec2:DescribeVolumes", + "ec2:describeAvailabilityZones", + "ec2:DescribeVpcs", + "ec2:DescribeAccountAttributes", + "ec2:DescribeSecurityGroups", + "ec2:DescribeImages", + "ec2:DescribeSubnets", + "ec2:DescribePlacementGroups", + "ec2:DescribeInstances", + "ec2:DescribeInstanceTypes", + "ec2:DescribeVpcEndpoints" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DeleteSnapshot", + "ec2:DeregisterImage" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "backup.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "tag:GetTagKeys", + "tag:GetTagValues", + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "storagegateway:DescribeCachediSCSIVolumes", + "storagegateway:DescribeStorediSCSIVolumes" + ], + "Effect":"Allow", + "Resource":"arn:aws:storagegateway:*:*:gateway/*/volume/*" + }, + { + "Action":[ + "storagegateway:ListGateways" + ], + "Effect":"Allow", + "Resource":"arn:aws:storagegateway:*:*:*" + }, + { + "Action":[ + "storagegateway:DescribeGatewayInformation", + "storagegateway:ListVolumes", + "storagegateway:ListLocalDisks" + ], + "Effect":"Allow", + "Resource":"arn:aws:storagegateway:*:*:gateway/*" + }, + { + "Action":[ + "iam:ListRoles", + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":"backup.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/*AwsBackup*", + "arn:aws:iam::*:role/*AWSBackup*" + ] + }, + { + "Action":"organizations:DescribeOrganization", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:ListKeys", + "kms:DescribeKey", + "kms:GenerateDataKey", + "kms:ListAliases" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:CreateGrant" + ], + "Condition":{ + "Bool":{ + "kms:GrantIsForAWSResource":true + }, + "ForAnyValue:StringEquals":{ + "kms:EncryptionContextKeys":"aws:backup:backup-vault" + }, + "StringLike":{ + "kms:ViaService":"backup.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssm:CancelCommand", + "ssm:GetCommandInvocation" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ssm:SendCommand", + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot", + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":"fsx:DescribeFileSystems", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"fsx:DescribeBackups", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"fsx:DescribeVolumes", + "Effect":"Allow", + "Resource":"arn:aws:fsx:*:*:volume/*/*" + }, + { + "Action":"fsx:DescribeStorageVirtualMachines", + "Effect":"Allow", + "Resource":"arn:aws:fsx:*:*:storage-virtual-machine/*/*" + }, + { + "Action":"fsx:DeleteBackup", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "backup.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:fsx:*:*:backup/*" + }, + { + "Action":"ds:DescribeDirectories", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"backup.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "backup-gateway:AssociateGatewayToServer", + "backup-gateway:CreateGateway", + "backup-gateway:DeleteGateway", + "backup-gateway:DeleteHypervisor", + "backup-gateway:DisassociateGatewayFromServer", + "backup-gateway:ImportHypervisorConfiguration", + "backup-gateway:ListGateways", + "backup-gateway:ListHypervisors", + "backup-gateway:ListTagsForResource", + "backup-gateway:ListVirtualMachines", + "backup-gateway:PutMaintenanceStartTime", + "backup-gateway:TagResource", + "backup-gateway:TestHypervisorConfiguration", + "backup-gateway:UntagResource", + "backup-gateway:UpdateGatewayInformation", + "backup-gateway:UpdateHypervisor" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"backup-gateway:GetGateway", + "Effect":"Allow", + "Resource":"arn:aws:backup-gateway:*:*:gateway/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-01T17:36:04+00:00" + }, + "AWSBackupOperatorAccess":{ + "CreateDate":"2019-11-18T22:23:17+00:00", + "DefaultVersionId":"v10", + "Document":{ + "Statement":[ + { + "Action":[ + "backup:Get*", + "backup:List*", + "backup:Describe*", + "backup:CreateBackupSelection", + "backup:DeleteBackupSelection", + "backup:StartBackupJob", + "backup:StartRestoreJob", + "backup:StartCopyJob" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "rds:DescribeDBSnapshots", + "rds:ListTagsForResource", + "rds:DescribeDBInstances", + "rds:describeDBEngineVersions", + "rds:describeOptionGroups", + "rds:describeOrderableDBInstanceOptions", + "rds:describeDBSubnetGroups", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBClusters", + "rds:DescribeDBParameterGroups", + "rds:DescribeDBClusterParameterGroups", + "rds:DescribeDBInstanceAutomatedBackups" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "dynamodb:ListBackups", + "dynamodb:ListTables" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "elasticfilesystem:DescribeFilesystems" + ], + "Effect":"Allow", + "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*" + }, + { + "Action":[ + "ec2:DescribeSnapshots", + "ec2:DescribeVolumes", + "ec2:describeAvailabilityZones", + "ec2:DescribeVpcs", + "ec2:DescribeAccountAttributes", + "ec2:DescribeSecurityGroups", + "ec2:DescribeImages", + "ec2:DescribeSubnets", + "ec2:DescribePlacementGroups", + "ec2:DescribeInstances", + "ec2:DescribeInstanceTypes", + "ec2:DescribeVpcEndpoints" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "tag:GetTagKeys", + "tag:GetTagValues", + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "storagegateway:DescribeCachediSCSIVolumes", + "storagegateway:DescribeStorediSCSIVolumes" + ], + "Effect":"Allow", + "Resource":"arn:aws:storagegateway:*:*:gateway/*/volume/*" + }, + { + "Action":[ + "storagegateway:ListGateways" + ], + "Effect":"Allow", + "Resource":"arn:aws:storagegateway:*:*:*" + }, + { + "Action":[ + "storagegateway:DescribeGatewayInformation", + "storagegateway:ListVolumes", + "storagegateway:ListLocalDisks" + ], + "Effect":"Allow", + "Resource":"arn:aws:storagegateway:*:*:gateway/*" + }, + { + "Action":[ + "iam:ListRoles", + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":"backup.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/*AwsBackup*", + "arn:aws:iam::*:role/*AWSBackup*" + ] + }, + { + "Action":"organizations:DescribeOrganization", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssm:CancelCommand", + "ssm:GetCommandInvocation" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ssm:SendCommand", + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot", + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":"fsx:DescribeBackups", + "Effect":"Allow", + "Resource":"arn:aws:fsx:*:*:backup/*" + }, + { + "Action":"fsx:DescribeFileSystems", + "Effect":"Allow", + "Resource":"arn:aws:fsx:*:*:file-system/*" + }, + { + "Action":"fsx:DescribeVolumes", + "Effect":"Allow", + "Resource":"arn:aws:fsx:*:*:volume/*/*" + }, + { + "Action":"fsx:DescribeStorageVirtualMachines", + "Effect":"Allow", + "Resource":"arn:aws:fsx:*:*:storage-virtual-machine/*/*" + }, + { + "Action":"ds:DescribeDirectories", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "backup-gateway:ListGateways", + "backup-gateway:ListHypervisors", + "backup-gateway:ListTagsForResource", + "backup-gateway:ListVirtualMachines" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"backup-gateway:GetGateway", + "Effect":"Allow", + "Resource":"arn:aws:backup-gateway:*:*:gateway/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-01T17:35:31+00:00" + }, + "AWSBackupOrganizationAdminAccess":{ + "CreateDate":"2020-06-24T16:23:14+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "organizations:DisableAWSServiceAccess", + "organizations:EnableAWSServiceAccess" + ], + "Condition":{ + "StringEquals":{ + "organizations:ServicePrincipal":[ + "backup.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "organizations:AttachPolicy", + "organizations:ListPoliciesForTarget", + "organizations:ListTargetsForPolicy", + "organizations:DetachPolicy", + "organizations:DisablePolicyType", + "organizations:DescribePolicy", + "organizations:DescribeEffectivePolicy", + "organizations:ListPolicies", + "organizations:EnablePolicyType", + "organizations:CreatePolicy", + "organizations:UpdatePolicy", + "organizations:DeletePolicy" + ], + "Condition":{ + "StringLikeIfExists":{ + "organizations:PolicyType":[ + "BACKUP_POLICY" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "organizations:ListRoots", + "organizations:ListParents", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListAccountsForParent", + "organizations:ListAccounts", + "organizations:DescribeOrganization", + "organizations:ListOrganizationalUnitsForParent", + "organizations:ListChildren", + "organizations:DescribeAccount", + "organizations:DescribeOrganizationalUnit" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-11-24T22:09:43+00:00" + }, + "AWSBackupServiceLinkedRolePolicyForBackup":{ + "CreateDate":"2020-06-02T23:08:40+00:00", + "DefaultVersionId":"v10", + "Document":{ + "Statement":[ + { + "Action":[ + "elasticfilesystem:Backup", + "elasticfilesystem:DescribeTags" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/aws:elasticfilesystem:default-backup":"enabled" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*" + }, + { + "Action":[ + "tag:GetResources", + "elasticfilesystem:DescribeFileSystems", + "dynamodb:ListTables", + "storagegateway:ListVolumes", + "ec2:DescribeVolumes", + "ec2:DescribeInstances", + "rds:DescribeDBInstances", + "rds:DescribeDBClusters", + "fsx:DescribeFileSystems", + "fsx:DescribeVolumes", + "s3:ListAllMyBuckets", + "s3:GetBucketTagging" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"CopySnapshot" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*::snapshot/*" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "AWSBackupManagedResource" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*::image/*", + "arn:aws:ec2:*::snapshot/*" + ] + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "Null":{ + "ec2:ResourceTag/AWSBackupManagedResource":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*::image/*", + "arn:aws:ec2:*::snapshot/*" + ] + }, + { + "Action":[ + "ec2:DescribeSnapshots", + "ec2:DescribeImages", + "rds:DescribeDBSnapshots", + "rds:DescribeDBClusterSnapshots" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:CopySnapshot", + "Effect":"Allow", + "Resource":"arn:aws:ec2:*::snapshot/*" + }, + { + "Action":"ec2:CopyImage", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DeregisterImage", + "ec2:DeleteSnapshot" + ], + "Condition":{ + "Null":{ + "ec2:ResourceTag/AWSBackupManagedResource":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "rds:AddTagsToResource", + "rds:CopyDBSnapshot", + "rds:DeleteDBSnapshot" + ], + "Effect":"Allow", + "Resource":"arn:aws:rds:*:*:snapshot:awsbackup:*" + }, + { + "Action":[ + "rds:AddTagsToResource", + "rds:CopyDBClusterSnapshot", + "rds:DeleteDBClusterSnapshot" + ], + "Effect":"Allow", + "Resource":"arn:aws:rds:*:*:cluster-snapshot:awsbackup:*" + }, + { + "Action":"kms:DescribeKey", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:ListGrants", + "kms:ReEncryptFrom", + "kms:GenerateDataKeyWithoutPlaintext" + ], + "Condition":{ + "StringLike":{ + "kms:ViaService":[ + "ec2.*.amazonaws.com", + "rds.*.amazonaws.com", + "fsx.*.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"kms:CreateGrant", + "Condition":{ + "Bool":{ + "kms:GrantIsForAWSResource":"true" + }, + "StringLike":{ + "kms:ViaService":[ + "ec2.*.amazonaws.com", + "rds.*.amazonaws.com", + "fsx.*.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "fsx:CopyBackup", + "fsx:TagResource", + "fsx:DescribeBackups", + "fsx:DeleteBackup" + ], + "Effect":"Allow", + "Resource":"arn:aws:fsx:*:*:backup/*" + }, + { + "Action":"dynamodb:DeleteBackup", + "Effect":"Allow", + "Resource":"arn:aws:dynamodb:*:*:table/*/backup/*" + }, + { + "Action":[ + "backup-gateway:ListVirtualMachines" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"BackupGateway" + }, + { + "Action":[ + "backup-gateway:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:backup-gateway:*:*:vm/*", + "Sid":"ListTagsForBackupGateway" + }, + { + "Action":[ + "dynamodb:ListTagsOfResource", + "dynamodb:DescribeTable" + ], + "Effect":"Allow", + "Resource":"arn:aws:dynamodb:*:*:table/*" + }, + { + "Action":[ + "storagegateway:DescribeCachediSCSIVolumes", + "storagegateway:DescribeStorediSCSIVolumes" + ], + "Effect":"Allow", + "Resource":"arn:aws:storagegateway:*:*:gateway/*/volume/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-17T17:21:50+00:00" + }, + "AWSBackupServiceLinkedRolePolicyForBackupTest":{ + "CreateDate":"2020-05-12T17:37:29+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "elasticfilesystem:Backup", + "elasticfilesystem:DescribeTags" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/aws:elasticfilesystem:default-backup":"enabled" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*" + }, + { + "Action":[ + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-05-12T17:37:29+00:00" + }, + "AWSBackupServiceRolePolicyForBackup":{ + "CreateDate":"2019-01-10T21:01:28+00:00", + "DefaultVersionId":"v12", + "Document":{ + "Statement":[ + { + "Action":[ + "dynamodb:DescribeTable", + "dynamodb:CreateBackup" + ], + "Effect":"Allow", + "Resource":"arn:aws:dynamodb:*:*:table/*" + }, + { + "Action":[ + "dynamodb:DescribeBackup", + "dynamodb:DeleteBackup" + ], + "Effect":"Allow", + "Resource":"arn:aws:dynamodb:*:*:table/*/backup/*" + }, + { + "Action":[ + "rds:AddTagsToResource", + "rds:ListTagsForResource", + "rds:DescribeDBSnapshots", + "rds:CreateDBSnapshot", + "rds:CopyDBSnapshot", + "rds:DescribeDBInstances", + "rds:CreateDBClusterSnapshot", + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshots", + "rds:CopyDBClusterSnapshot" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "rds:ModifyDBInstance" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:rds:*:*:db:*" + ] + }, + { + "Action":[ + "rds:DeleteDBSnapshot", + "rds:ModifyDBSnapshotAttribute" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:rds:*:*:snapshot:awsbackup:*" + ] + }, + { + "Action":[ + "rds:DeleteDBClusterSnapshot", + "rds:ModifyDBClusterSnapshotAttribute" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:rds:*:*:cluster-snapshot:awsbackup:*" + ] + }, + { + "Action":[ + "storagegateway:CreateSnapshot", + "storagegateway:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:storagegateway:*:*:gateway/*/volume/*" + }, + { + "Action":[ + "ec2:CopySnapshot" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*::snapshot/*" + }, + { + "Action":[ + "ec2:CopyImage" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateTags", + "ec2:DeleteSnapshot" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*::snapshot/*" + }, + { + "Action":[ + "ec2:CreateImage", + "ec2:DeregisterImage" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:image/*" + }, + { + "Action":[ + "ec2:DescribeSnapshots", + "ec2:DescribeTags", + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstanceCreditSpecifications", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeElasticGpus", + "ec2:DescribeSpotInstanceRequests" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:ModifySnapshotAttribute", + "ec2:ModifyImageAttribute" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/aws:backup:source-resource":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "backup:DescribeBackupVault", + "backup:CopyIntoBackupVault" + ], + "Effect":"Allow", + "Resource":"arn:aws:backup:*:*:backup-vault:*" + }, + { + "Action":[ + "backup:CopyFromBackupVault" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "elasticfilesystem:Backup", + "elasticfilesystem:DescribeTags" + ], + "Effect":"Allow", + "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*" + }, + { + "Action":[ + "ec2:CreateSnapshot", + "ec2:DeleteSnapshot", + "ec2:DescribeVolumes", + "ec2:DescribeSnapshots" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*::snapshot/*", + "arn:aws:ec2:*:*:volume/*" + ] + }, + { + "Action":[ + "kms:Decrypt", + "kms:GenerateDataKey" + ], + "Condition":{ + "StringLike":{ + "kms:ViaService":[ + "dynamodb.*.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"kms:DescribeKey", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"kms:CreateGrant", + "Condition":{ + "Bool":{ + "kms:GrantIsForAWSResource":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:GenerateDataKeyWithoutPlaintext" + ], + "Condition":{ + "StringLike":{ + "kms:ViaService":[ + "ec2.*.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:kms:*:*:key/*" + }, + { + "Action":[ + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssm:CancelCommand", + "ssm:GetCommandInvocation" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ssm:SendCommand", + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot", + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":"fsx:DescribeBackups", + "Effect":"Allow", + "Resource":"arn:aws:fsx:*:*:backup/*" + }, + { + "Action":"fsx:CreateBackup", + "Effect":"Allow", + "Resource":[ + "arn:aws:fsx:*:*:file-system/*", + "arn:aws:fsx:*:*:backup/*", + "arn:aws:fsx:*:*:volume/*" + ] + }, + { + "Action":"fsx:DescribeFileSystems", + "Effect":"Allow", + "Resource":"arn:aws:fsx:*:*:file-system/*" + }, + { + "Action":"fsx:DescribeVolumes", + "Effect":"Allow", + "Resource":"arn:aws:fsx:*:*:volume/*" + }, + { + "Action":"fsx:ListTagsForResource", + "Effect":"Allow", + "Resource":[ + "arn:aws:fsx:*:*:file-system/*", + "arn:aws:fsx:*:*:volume/*" + ] + }, + { + "Action":"fsx:DeleteBackup", + "Effect":"Allow", + "Resource":"arn:aws:fsx:*:*:backup/*" + }, + { + "Action":[ + "fsx:ListTagsForResource", + "fsx:ManageBackupPrincipalAssociations", + "fsx:CopyBackup", + "fsx:TagResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:fsx:*:*:backup/*" + }, + { + "Action":[ + "dynamodb:StartAwsBackupJob", + "dynamodb:ListTagsOfResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:dynamodb:*:*:table/*", + "Sid":"DynamodbBackupPermissions" + }, + { + "Action":[ + "backup-gateway:Backup", + "backup-gateway:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:backup-gateway:*:*:vm/*", + "Sid":"BackupGatewayBackupPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-17T17:31:44+00:00" + }, + "AWSBackupServiceRolePolicyForRestores":{ + "CreateDate":"2019-01-12T00:23:54+00:00", + "DefaultVersionId":"v12", + "Document":{ + "Statement":[ + { + "Action":[ + "dynamodb:Scan", + "dynamodb:Query", + "dynamodb:UpdateItem", + "dynamodb:PutItem", + "dynamodb:GetItem", + "dynamodb:DeleteItem", + "dynamodb:BatchWriteItem", + "dynamodb:DescribeTable" + ], + "Effect":"Allow", + "Resource":"arn:aws:dynamodb:*:*:table/*" + }, + { + "Action":[ + "dynamodb:RestoreTableFromBackup" + ], + "Effect":"Allow", + "Resource":"arn:aws:dynamodb:*:*:table/*/backup/*" + }, + { + "Action":[ + "ec2:CreateVolume", + "ec2:DeleteVolume" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*::snapshot/*", + "arn:aws:ec2:*:*:volume/*" + ] + }, + { + "Action":[ + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeSnapshots", + "ec2:DescribeVolumes" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "storagegateway:DeleteVolume", + "storagegateway:DescribeCachediSCSIVolumes", + "storagegateway:DescribeStorediSCSIVolumes" + ], + "Effect":"Allow", + "Resource":"arn:aws:storagegateway:*:*:gateway/*/volume/*" + }, + { + "Action":[ + "storagegateway:DescribeGatewayInformation", + "storagegateway:CreateStorediSCSIVolume", + "storagegateway:CreateCachediSCSIVolume" + ], + "Effect":"Allow", + "Resource":"arn:aws:storagegateway:*:*:gateway/*" + }, + { + "Action":[ + "storagegateway:ListVolumes" + ], + "Effect":"Allow", + "Resource":"arn:aws:storagegateway:*:*:*" + }, + { + "Action":[ + "rds:DescribeDBInstances", + "rds:DescribeDBSnapshots", + "rds:ListTagsForResource", + "rds:RestoreDBInstanceFromDBSnapshot", + "rds:DeleteDBInstance", + "rds:AddTagsToResource", + "rds:DescribeDBClusters", + "rds:RestoreDBClusterFromSnapshot", + "rds:DeleteDBCluster", + "rds:RestoreDBInstanceToPointInTime" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "elasticfilesystem:Restore", + "elasticfilesystem:CreateFilesystem", + "elasticfilesystem:DescribeFilesystems", + "elasticfilesystem:DeleteFilesystem" + ], + "Effect":"Allow", + "Resource":"arn:aws:elasticfilesystem:*:*:file-system/*" + }, + { + "Action":"kms:DescribeKey", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:Decrypt", + "kms:Encrypt", + "kms:GenerateDataKey", + "kms:ReEncryptTo", + "kms:ReEncryptFrom" + ], + "Condition":{ + "StringLike":{ + "kms:ViaService":[ + "dynamodb.*.amazonaws.com", + "ec2.*.amazonaws.com", + "elasticfilesystem.*.amazonaws.com", + "rds.*.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"kms:CreateGrant", + "Condition":{ + "Bool":{ + "kms:GrantIsForAWSResource":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ebs:CompleteSnapshot", + "ebs:StartSnapshot", + "ebs:PutSnapshotBlock" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*::snapshot/*" + }, + { + "Action":[ + "ec2:DeleteSnapshot", + "ec2:DeleteTags" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/aws:backup:source-resource":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*::snapshot/*" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "aws:backup:source-resource" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*::snapshot/*" + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:TerminateInstances" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "fsx:CreateFileSystemFromBackup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:fsx:*:*:file-system/*", + "arn:aws:fsx:*:*:backup/*" + ] + }, + { + "Action":[ + "fsx:DescribeFileSystems", + "fsx:TagResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:fsx:*:*:file-system/*" + }, + { + "Action":"fsx:DescribeBackups", + "Effect":"Allow", + "Resource":"arn:aws:fsx:*:*:backup/*" + }, + { + "Action":[ + "fsx:DeleteFileSystem", + "fsx:UntagResource" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/aws:backup:source-resource":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:fsx:*:*:file-system/*" + }, + { + "Action":[ + "fsx:DescribeVolumes" + ], + "Effect":"Allow", + "Resource":"arn:aws:fsx:*:*:volume/*" + }, + { + "Action":[ + "fsx:CreateVolumeFromBackup", + "fsx:TagResource" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "aws:backup:source-resource" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:fsx:*:*:volume/*" + ] + }, + { + "Action":[ + "fsx:CreateVolumeFromBackup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:fsx:*:*:storage-virtual-machine/*", + "arn:aws:fsx:*:*:backup/*" + ] + }, + { + "Action":[ + "fsx:DeleteVolume", + "fsx:UntagResource" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/aws:backup:source-resource":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:fsx:*:*:volume/*" + }, + { + "Action":"ds:DescribeDirectories", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "dynamodb:RestoreTableFromAwsBackup" + ], + "Effect":"Allow", + "Resource":"arn:aws:dynamodb:*:*:table/*", + "Sid":"DynamoDBRestorePermissions" + }, + { + "Action":[ + "backup-gateway:Restore" + ], + "Effect":"Allow", + "Resource":"arn:aws:backup-gateway:*:*:hypervisor/*", + "Sid":"GatewayRestorePermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-17T17:36:12+00:00" + }, + "AWSBackupServiceRolePolicyForS3Backup":{ + "CreateDate":"2022-02-18T17:40:24+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":"cloudwatch:GetMetricData", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "events:DeleteRule", + "events:PutTargets", + "events:DescribeRule", + "events:EnableRule", + "events:PutRule", + "events:RemoveTargets", + "events:ListTargetsByRule", + "events:DisableRule" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:events:*:*:rule/AwsBackupManagedRule*" + ] + }, + { + "Action":"events:ListRules", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:Decrypt", + "kms:DescribeKey" + ], + "Condition":{ + "StringLike":{ + "kms:ViaService":"s3.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetBucketTagging", + "s3:GetInventoryConfiguration", + "s3:ListBucketVersions", + "s3:ListBucket", + "s3:GetBucketVersioning", + "s3:GetBucketLocation", + "s3:PutInventoryConfiguration", + "s3:GetBucketNotification", + "s3:PutBucketNotification" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*" + }, + { + "Action":[ + "s3:GetObjectAcl", + "s3:GetObject", + "s3:GetObjectVersionTagging", + "s3:GetObjectVersionAcl", + "s3:GetObjectTagging", + "s3:GetObjectVersion" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*/*" + }, + { + "Action":"s3:ListAllMyBuckets", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-02-26T00:01:09+00:00" + }, + "AWSBackupServiceRolePolicyForS3Restore":{ + "CreateDate":"2022-02-18T17:39:37+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:CreateBucket", + "s3:ListBucketVersions", + "s3:ListBucket", + "s3:GetBucketVersioning", + "s3:GetBucketLocation", + "s3:PutBucketVersioning" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*" + ] + }, + { + "Action":[ + "s3:GetObject", + "s3:GetObjectVersion", + "s3:DeleteObject", + "s3:PutObjectVersionAcl", + "s3:GetObjectVersionAcl", + "s3:GetObjectTagging", + "s3:PutObjectTagging", + "s3:GetObjectAcl", + "s3:PutObjectAcl", + "s3:ListMultipartUploadParts", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*/*" + ] + }, + { + "Action":[ + "kms:DescribeKey", + "kms:GenerateDataKey" + ], + "Condition":{ + "StringLike":{ + "kms:ViaService":"s3.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-02-18T17:39:37+00:00" + }, + "AWSBatchFullAccess":{ + "CreateDate":"2016-12-06T19:35:42+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "batch:*", + "cloudwatch:GetMetricStatistics", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeKeyPairs", + "ec2:DescribeVpcs", + "ec2:DescribeImages", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeLaunchTemplateVersions", + "ecs:DescribeClusters", + "ecs:Describe*", + "ecs:List*", + "logs:Describe*", + "logs:Get*", + "logs:TestMetricFilter", + "logs:FilterLogEvents", + "iam:ListInstanceProfiles", + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/AWSBatchServiceRole", + "arn:aws:iam::*:role/service-role/AWSBatchServiceRole", + "arn:aws:iam::*:role/ecsInstanceRole", + "arn:aws:iam::*:instance-profile/ecsInstanceRole", + "arn:aws:iam::*:role/iaws-ec2-spot-fleet-role", + "arn:aws:iam::*:role/aws-ec2-spot-fleet-role", + "arn:aws:iam::*:role/AWSBatchJobRole*" + ] + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"batch.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*Batch*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-03-10T07:02:45+00:00" + }, + "AWSBatchServiceEventTargetRole":{ + "CreateDate":"2018-02-28T22:31:13+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "batch:SubmitJob" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-02-28T22:31:13+00:00" + }, + "AWSBatchServiceRole":{ + "CreateDate":"2016-12-06T19:36:24+00:00", + "DefaultVersionId":"v12", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeAccountAttributes", + "ec2:DescribeInstances", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeKeyPairs", + "ec2:DescribeImages", + "ec2:DescribeImageAttribute", + "ec2:DescribeSpotInstanceRequests", + "ec2:DescribeSpotFleetInstances", + "ec2:DescribeSpotFleetRequests", + "ec2:DescribeSpotPriceHistory", + "ec2:DescribeVpcClassicLink", + "ec2:DescribeLaunchTemplateVersions", + "ec2:CreateLaunchTemplate", + "ec2:DeleteLaunchTemplate", + "ec2:RequestSpotFleet", + "ec2:CancelSpotFleetRequests", + "ec2:ModifySpotFleetRequest", + "ec2:TerminateInstances", + "ec2:RunInstances", + "autoscaling:DescribeAccountLimits", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribeAutoScalingInstances", + "autoscaling:CreateLaunchConfiguration", + "autoscaling:CreateAutoScalingGroup", + "autoscaling:UpdateAutoScalingGroup", + "autoscaling:SetDesiredCapacity", + "autoscaling:DeleteLaunchConfiguration", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:CreateOrUpdateTags", + "autoscaling:SuspendProcesses", + "autoscaling:PutNotificationConfiguration", + "autoscaling:TerminateInstanceInAutoScalingGroup", + "ecs:DescribeClusters", + "ecs:DescribeContainerInstances", + "ecs:DescribeTaskDefinition", + "ecs:DescribeTasks", + "ecs:ListAccountSettings", + "ecs:ListClusters", + "ecs:ListContainerInstances", + "ecs:ListTaskDefinitionFamilies", + "ecs:ListTaskDefinitions", + "ecs:ListTasks", + "ecs:CreateCluster", + "ecs:DeleteCluster", + "ecs:RegisterTaskDefinition", + "ecs:DeregisterTaskDefinition", + "ecs:RunTask", + "ecs:StartTask", + "ecs:StopTask", + "ecs:UpdateContainerAgent", + "ecs:DeregisterContainerInstance", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogGroups", + "iam:GetInstanceProfile", + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ecs:TagResource", + "Effect":"Allow", + "Resource":[ + "arn:aws:ecs:*:*:task/*_Batch_*" + ] + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "ec2.amazonaws.com", + "ec2.amazonaws.com.cn", + "ecs-tasks.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "spot.amazonaws.com", + "spotfleet.amazonaws.com", + "autoscaling.amazonaws.com", + "ecs.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"RunInstances" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-12-07T02:22:29+00:00" + }, + "AWSBillingConductorFullAccess":{ + "CreateDate":"2022-04-13T18:02:29+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "billingconductor:*", + "organizations:ListAccounts", + "pricing:DescribeServices" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-13T18:02:29+00:00" + }, + "AWSBillingConductorReadOnlyAccess":{ + "CreateDate":"2022-04-13T18:02:59+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "billingconductor:List*", + "organizations:ListAccounts", + "pricing:DescribeServices" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-13T18:02:59+00:00" + }, + "AWSBillingReadOnlyAccess":{ + "CreateDate":"2020-08-27T20:08:51+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-portal:ViewBilling" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-27T20:08:51+00:00" + }, + "AWSBudgetsActionsWithAWSResourceControlAccess":{ + "CreateDate":"2020-10-15T17:19:12+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "budgets:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "aws-portal:ViewBilling" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"budgets.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "aws-portal:ModifyBilling", + "ec2:DescribeInstances", + "iam:ListGroups", + "iam:ListPolicies", + "iam:ListRoles", + "iam:ListUsers", + "organizations:ListAccounts", + "organizations:ListOrganizationalUnitsForParent", + "organizations:ListPolicies", + "organizations:ListRoots", + "rds:DescribeDBInstances", + "sns:ListTopics" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-10-15T17:19:12+00:00" + }, + "AWSBudgetsActions_RolePolicyForResourceAdministrationWithSSM":{ + "CreateDate":"2022-05-25T19:03:30+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeInstanceStatus", + "ec2:StartInstances", + "ec2:StopInstances", + "rds:DescribeDBInstances", + "rds:StartDBInstance", + "rds:StopDBInstance" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "ssm.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssm:StartAutomationExecution" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:automation-definition/AWS-StartEC2Instance:*", + "arn:aws:ssm:*:*:automation-definition/AWS-StopEC2Instance:*", + "arn:aws:ssm:*:*:automation-definition/AWS-StartRdsInstance:*", + "arn:aws:ssm:*:*:automation-definition/AWS-StopRdsInstance:*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-25T19:03:30+00:00" + }, + "AWSBudgetsReadOnlyAccess":{ + "CreateDate":"2020-10-15T17:18:28+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-portal:ViewBilling", + "budgets:ViewBudget", + "budgets:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-10-15T17:18:28+00:00" + }, + "AWSBugBustFullAccess":{ + "CreateDate":"2021-06-24T07:03:26+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "codeguru-reviewer:DescribeCodeReview", + "codeguru-reviewer:ListRecommendations", + "codeguru-reviewer:ListCodeReviews" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeGuruReviewerPermission" + }, + { + "Action":[ + "codeguru-profiler:ListProfilingGroups", + "codeguru-profiler:DescribeProfilingGroup" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeGuruProfilerPermission" + }, + { + "Action":[ + "bugbust:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AWSBugBustFullAccess" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"bugbust.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/bugbust.amazonaws.com/AWSServiceRoleForBugBust", + "Sid":"AWSBugBustSLRCreation" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-07-22T20:04:29+00:00" + }, + "AWSBugBustPlayerAccess":{ + "CreateDate":"2021-06-24T07:15:00+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "codeguru-reviewer:DescribeCodeReview", + "codeguru-reviewer:ListRecommendations" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeGuruReviewerPermission" + }, + { + "Action":[ + "codeguru-profiler:DescribeProfilingGroup" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeGuruProfilerPermission" + }, + { + "Action":[ + "bugbust:ListBugs", + "bugbust:ListProfilingGroups", + "bugbust:JoinEvent", + "bugbust:GetEvent", + "bugbust:ListEvents", + "bugbust:GetJoinEventStatus", + "bugbust:ListEventScores", + "bugbust:ListEventParticipants", + "bugbust:UpdateWorkItem", + "bugbust:ListPullRequests" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AWSBugBustPlayerAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-06-24T07:15:00+00:00" + }, + "AWSBugBustServiceRolePolicy":{ + "CreateDate":"2021-06-24T06:59:05+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "codeguru-reviewer:ListRecommendations", + "codeguru-reviewer:UntagResource", + "codeguru-reviewer:DescribeCodeReview" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/bugbust":"enabled" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-06-24T06:59:05+00:00" + }, + "AWSCertificateManagerFullAccess":{ + "CreateDate":"2016-01-21T17:02:36+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "acm:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"acm.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager*" + }, + { + "Action":[ + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus", + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-17T22:18:28+00:00" + }, + "AWSCertificateManagerPrivateCAAuditor":{ + "CreateDate":"2018-10-23T16:51:08+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "acm-pca:CreateCertificateAuthorityAuditReport", + "acm-pca:DescribeCertificateAuthority", + "acm-pca:DescribeCertificateAuthorityAuditReport", + "acm-pca:GetCertificateAuthorityCsr", + "acm-pca:GetCertificateAuthorityCertificate", + "acm-pca:GetCertificate", + "acm-pca:GetPolicy", + "acm-pca:ListPermissions", + "acm-pca:ListTags" + ], + "Effect":"Allow", + "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" + }, + { + "Action":[ + "acm-pca:ListCertificateAuthorities" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-17T22:54:12+00:00" + }, + "AWSCertificateManagerPrivateCAFullAccess":{ + "CreateDate":"2018-10-23T16:54:50+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "acm-pca:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-10-23T16:54:50+00:00" + }, + "AWSCertificateManagerPrivateCAPrivilegedUser":{ + "CreateDate":"2019-06-20T17:43:13+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "acm-pca:IssueCertificate" + ], + "Condition":{ + "StringLike":{ + "acm-pca:TemplateArn":[ + "arn:aws:acm-pca:::template/*CACertificate*/V*" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" + }, + { + "Action":[ + "acm-pca:IssueCertificate" + ], + "Condition":{ + "StringNotLike":{ + "acm-pca:TemplateArn":[ + "arn:aws:acm-pca:::template/*CACertificate*/V*" + ] + } + }, + "Effect":"Deny", + "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" + }, + { + "Action":[ + "acm-pca:RevokeCertificate", + "acm-pca:GetCertificate", + "acm-pca:ListPermissions" + ], + "Effect":"Allow", + "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" + }, + { + "Action":[ + "acm-pca:ListCertificateAuthorities" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-20T17:43:13+00:00" + }, + "AWSCertificateManagerPrivateCAReadOnly":{ + "CreateDate":"2018-10-23T16:57:04+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":{ + "Action":[ + "acm-pca:DescribeCertificateAuthority", + "acm-pca:DescribeCertificateAuthorityAuditReport", + "acm-pca:ListCertificateAuthorities", + "acm-pca:GetCertificateAuthorityCsr", + "acm-pca:GetCertificateAuthorityCertificate", + "acm-pca:GetCertificate", + "acm-pca:GetPolicy", + "acm-pca:ListPermissions", + "acm-pca:ListTags" + ], + "Effect":"Allow", + "Resource":"*" + }, + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-17T22:54:22+00:00" + }, + "AWSCertificateManagerPrivateCAUser":{ + "CreateDate":"2018-10-23T16:53:33+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "acm-pca:IssueCertificate" + ], + "Condition":{ + "StringLike":{ + "acm-pca:TemplateArn":[ + "arn:aws:acm-pca:::template/EndEntityCertificate/V*" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" + }, + { + "Action":[ + "acm-pca:IssueCertificate" + ], + "Condition":{ + "StringNotLike":{ + "acm-pca:TemplateArn":[ + "arn:aws:acm-pca:::template/EndEntityCertificate/V*" + ] + } + }, + "Effect":"Deny", + "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" + }, + { + "Action":[ + "acm-pca:RevokeCertificate", + "acm-pca:GetCertificate", + "acm-pca:ListPermissions" + ], + "Effect":"Allow", + "Resource":"arn:aws:acm-pca:*:*:certificate-authority/*" + }, + { + "Action":[ + "acm-pca:ListCertificateAuthorities" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-20T17:42:37+00:00" + }, + "AWSCertificateManagerReadOnly":{ + "CreateDate":"2016-01-21T17:07:33+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":{ + "Action":[ + "acm:DescribeCertificate", + "acm:ListCertificates", + "acm:GetCertificate", + "acm:ListTagsForCertificate", + "acm:GetAccountConfiguration" + ], + "Effect":"Allow", + "Resource":"*" + }, + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-03-15T16:25:21+00:00" + }, + "AWSChatbotServiceLinkedRolePolicy":{ + "CreateDate":"2019-11-18T16:39:50+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sns:ListSubscriptionsByTopic", + "sns:ListTopics", + "sns:Unsubscribe", + "sns:Subscribe", + "sns:ListSubscriptions" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:PutLogEvents", + "logs:CreateLogStream", + "logs:DescribeLogStreams", + "logs:CreateLogGroup", + "logs:DescribeLogGroups" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/chatbot/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-11-18T16:39:50+00:00" + }, + "AWSCloud9Administrator":{ + "CreateDate":"2017-11-30T16:17:28+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "cloud9:*", + "iam:GetUser", + "iam:ListUsers", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"cloud9.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ssm:StartSession", + "Condition":{ + "StringEquals":{ + "aws:CalledViaFirst":"cloud9.amazonaws.com" + }, + "StringLike":{ + "ssm:resourceTag/aws:cloud9:environment":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ssm:StartSession" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:document/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-07-29T06:28:54+00:00" + }, + "AWSCloud9EnvironmentMember":{ + "CreateDate":"2017-11-30T16:18:28+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "cloud9:GetUserSettings", + "cloud9:UpdateUserSettings", + "iam:GetUser", + "iam:ListUsers" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloud9:DescribeEnvironmentMemberships" + ], + "Condition":{ + "Null":{ + "cloud9:EnvironmentId":"true", + "cloud9:UserArn":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"ssm:StartSession", + "Condition":{ + "StringEquals":{ + "aws:CalledViaFirst":"cloud9.amazonaws.com" + }, + "StringLike":{ + "ssm:resourceTag/aws:cloud9:environment":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ssm:StartSession" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:document/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-07-29T06:29:08+00:00" + }, + "AWSCloud9SSMInstanceProfile":{ + "CreateDate":"2020-05-14T11:40:49+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel", + "ssm:UpdateInstanceInformation" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-05-14T11:40:49+00:00" + }, + "AWSCloud9ServiceRolePolicy":{ + "CreateDate":"2017-11-30T13:44:08+00:00", + "DefaultVersionId":"v8", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:RunInstances", + "ec2:CreateSecurityGroup", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstances", + "ec2:DescribeInstanceStatus", + "cloudformation:CreateStack", + "cloudformation:DescribeStacks", + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStackResources" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:TerminateInstances", + "ec2:DeleteSecurityGroup", + "ec2:AuthorizeSecurityGroupIngress" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudformation:DeleteStack" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudformation:*:*:stack/aws-cloud9-*" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/Name":"aws-cloud9-*" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:security-group/*" + ] + }, + { + "Action":[ + "ec2:StartInstances", + "ec2:StopInstances" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/aws:cloudformation:stack-name":"aws-cloud9-*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:StartInstances", + "ec2:StopInstances" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:license-manager:*:*:license-configuration:*" + ] + }, + { + "Action":[ + "iam:ListInstanceProfiles", + "iam:GetInstanceProfile" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:instance-profile/cloud9/*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":"ec2.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AWSCloud9SSMAccessRole" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-01-17T14:06:15+00:00" + }, + "AWSCloud9User":{ + "CreateDate":"2017-11-30T16:16:17+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "cloud9:ValidateEnvironmentName", + "cloud9:UpdateUserSettings", + "cloud9:GetUserSettings", + "iam:GetUser", + "iam:ListUsers", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloud9:CreateEnvironmentEC2", + "cloud9:CreateEnvironmentSSH" + ], + "Condition":{ + "Null":{ + "cloud9:OwnerArn":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloud9:GetUserPublicKey" + ], + "Condition":{ + "Null":{ + "cloud9:UserArn":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloud9:DescribeEnvironmentMemberships" + ], + "Condition":{ + "Null":{ + "cloud9:EnvironmentId":"true", + "cloud9:UserArn":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"cloud9.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ssm:StartSession", + "Condition":{ + "StringEquals":{ + "aws:CalledViaFirst":"cloud9.amazonaws.com" + }, + "StringLike":{ + "ssm:resourceTag/aws:cloud9:environment":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ssm:StartSession" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:document/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-07-29T06:26:43+00:00" + }, + "AWSCloudFormationFullAccess":{ + "CreateDate":"2019-07-26T21:50:35+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-07-26T21:50:35+00:00" + }, + "AWSCloudFormationReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:39:49+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:Describe*", + "cloudformation:EstimateTemplateCost", + "cloudformation:Get*", + "cloudformation:List*", + "cloudformation:ValidateTemplate", + "cloudformation:Detect*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-11-13T17:40:07+00:00" + }, + "AWSCloudFrontLogger":{ + "CreateDate":"2018-06-12T20:15:23+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/cloudfront/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-11-22T19:33:51+00:00" + }, + "AWSCloudHSMFullAccess":{ + "CreateDate":"2015-02-06T18:39:51+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"cloudhsm:*", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:39:51+00:00" + }, + "AWSCloudHSMReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:39:52+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudhsm:Get*", + "cloudhsm:List*", + "cloudhsm:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:39:52+00:00" + }, + "AWSCloudHSMRole":{ + "CreateDate":"2015-02-06T18:41:23+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateNetworkInterface", + "ec2:CreateTags", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DetachNetworkInterface" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:41:23+00:00" + }, + "AWSCloudMapDiscoverInstanceAccess":{ + "CreateDate":"2018-11-29T00:02:42+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "servicediscovery:DiscoverInstances" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-11-29T00:02:42+00:00" + }, + "AWSCloudMapFullAccess":{ + "CreateDate":"2018-11-28T23:57:31+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "route53:GetHostedZone", + "route53:ListHostedZonesByName", + "route53:CreateHostedZone", + "route53:DeleteHostedZone", + "route53:ChangeResourceRecordSets", + "route53:CreateHealthCheck", + "route53:GetHealthCheck", + "route53:DeleteHealthCheck", + "route53:UpdateHealthCheck", + "ec2:DescribeVpcs", + "ec2:DescribeRegions", + "ec2:DescribeInstances", + "servicediscovery:*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-07-29T19:15:35+00:00" + }, + "AWSCloudMapReadOnlyAccess":{ + "CreateDate":"2018-11-28T23:45:26+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "servicediscovery:Get*", + "servicediscovery:List*", + "servicediscovery:DiscoverInstances" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-11-28T23:45:26+00:00" + }, + "AWSCloudMapRegisterInstanceAccess":{ + "CreateDate":"2018-11-29T00:04:57+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "route53:GetHostedZone", + "route53:ListHostedZonesByName", + "route53:ChangeResourceRecordSets", + "route53:CreateHealthCheck", + "route53:GetHealthCheck", + "route53:DeleteHealthCheck", + "route53:UpdateHealthCheck", + "servicediscovery:Get*", + "servicediscovery:List*", + "servicediscovery:RegisterInstance", + "servicediscovery:DeregisterInstance", + "servicediscovery:DiscoverInstances", + "ec2:DescribeInstances" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-07-29T17:57:24+00:00" + }, + "AWSCloudShellFullAccess":{ + "CreateDate":"2020-12-15T18:07:44+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudshell:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-15T18:07:44+00:00" + }, + "AWSCloudTrailReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:39:59+00:00", + "DefaultVersionId":"v9", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:GetObject", + "s3:GetBucketLocation" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudtrail:GetTrail", + "cloudtrail:GetTrailStatus", + "cloudtrail:DescribeTrails", + "cloudtrail:ListTrails", + "cloudtrail:LookupEvents", + "cloudtrail:ListTags", + "cloudtrail:ListPublicKeys", + "cloudtrail:GetEventSelectors", + "cloudtrail:GetInsightSelectors", + "s3:ListAllMyBuckets", + "kms:ListAliases", + "lambda:ListFunctions" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-11-20T21:06:49+00:00" + }, + "AWSCloudTrail_FullAccess":{ + "CreateDate":"2020-10-08T23:41:15+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "sns:AddPermission", + "sns:CreateTopic", + "sns:SetTopicAttributes", + "sns:GetTopicAttributes" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sns:*:*:aws-cloudtrail-logs*" + ] + }, + { + "Action":[ + "sns:ListTopics" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:CreateBucket", + "s3:PutBucketPolicy", + "s3:PutBucketPublicAccessBlock" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-cloudtrail-logs*" + ] + }, + { + "Action":[ + "s3:ListAllMyBuckets", + "s3:GetBucketLocation", + "s3:GetBucketPolicy" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"cloudtrail:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:aws-cloudtrail-logs*" + ] + }, + { + "Action":[ + "iam:ListRoles", + "iam:GetRolePolicy", + "iam:GetUser" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"cloudtrail.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:CreateKey", + "kms:CreateAlias", + "kms:ListKeys", + "kms:ListAliases" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "lambda:ListFunctions" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "dynamodb:ListGlobalTables", + "dynamodb:ListTables" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-02-22T19:01:00+00:00" + }, + "AWSCloudTrail_ReadOnlyAccess":{ + "CreateDate":"2022-06-14T17:19:05+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudtrail:Get*", + "cloudtrail:Describe*", + "cloudtrail:List*", + "cloudtrail:LookupEvents" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-14T17:19:05+00:00" + }, + "AWSCloudWatchAlarms_ActionSSMIncidentsServiceRolePolicy":{ + "CreateDate":"2021-04-27T13:30:52+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"ssm-incidents:StartIncident", + "Effect":"Allow", + "Resource":"*", + "Sid":"StartIncidentPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-04-27T13:30:52+00:00" + }, + "AWSCodeArtifactAdminAccess":{ + "CreateDate":"2020-06-16T23:53:23+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "codeartifact:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"sts:GetServiceBearerToken", + "Condition":{ + "StringEquals":{ + "sts:AWSServiceName":"codeartifact.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-16T23:53:23+00:00" + }, + "AWSCodeArtifactReadOnlyAccess":{ + "CreateDate":"2020-06-25T21:23:52+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "codeartifact:Describe*", + "codeartifact:Get*", + "codeartifact:List*", + "codeartifact:ReadFromRepository" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"sts:GetServiceBearerToken", + "Condition":{ + "StringEquals":{ + "sts:AWSServiceName":"codeartifact.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-25T21:23:52+00:00" + }, + "AWSCodeBuildAdminAccess":{ + "CreateDate":"2016-12-01T19:04:44+00:00", + "DefaultVersionId":"v12", + "Document":{ + "Statement":[ + { + "Action":[ + "codebuild:*", + "codecommit:GetBranch", + "codecommit:GetCommit", + "codecommit:GetRepository", + "codecommit:ListBranches", + "codecommit:ListRepositories", + "cloudwatch:GetMetricStatistics", + "ec2:DescribeVpcs", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ecr:DescribeRepositories", + "ecr:ListImages", + "elasticfilesystem:DescribeFileSystems", + "events:DeleteRule", + "events:DescribeRule", + "events:DisableRule", + "events:EnableRule", + "events:ListTargetsByRule", + "events:ListRuleNamesByTarget", + "events:PutRule", + "events:PutTargets", + "events:RemoveTargets", + "logs:GetLogEvents", + "s3:GetBucketLocation", + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:DeleteLogGroup" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/codebuild/*:log-stream:*" + }, + { + "Action":[ + "ssm:PutParameter" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:parameter/CodeBuild/*" + }, + { + "Action":[ + "ssm:StartSession" + ], + "Effect":"Allow", + "Resource":"arn:aws:ecs:*:*:task/*/*" + }, + { + "Action":[ + "codestar-connections:CreateConnection", + "codestar-connections:DeleteConnection", + "codestar-connections:UpdateConnectionInstallation", + "codestar-connections:TagResource", + "codestar-connections:UntagResource", + "codestar-connections:ListConnections", + "codestar-connections:ListInstallationTargets", + "codestar-connections:ListTagsForResource", + "codestar-connections:GetConnection", + "codestar-connections:GetIndividualAccessToken", + "codestar-connections:GetInstallationUrl", + "codestar-connections:PassConnection", + "codestar-connections:StartOAuthHandshake", + "codestar-connections:UseConnection" + ], + "Effect":"Allow", + "Resource":"arn:aws:codestar-connections:*:*:connection/*", + "Sid":"CodeStarConnectionsReadWriteAccess" + }, + { + "Action":[ + "codestar-notifications:CreateNotificationRule", + "codestar-notifications:DescribeNotificationRule", + "codestar-notifications:UpdateNotificationRule", + "codestar-notifications:DeleteNotificationRule", + "codestar-notifications:Subscribe", + "codestar-notifications:Unsubscribe" + ], + "Condition":{ + "StringLike":{ + "codestar-notifications:NotificationsForResource":"arn:aws:codebuild:*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsReadWriteAccess" + }, + { + "Action":[ + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListEventTypes", + "codestar-notifications:ListTargets", + "codestar-notifications:ListTagsforResource" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsListAccess" + }, + { + "Action":[ + "sns:CreateTopic", + "sns:SetTopicAttributes" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:codestar-notifications*", + "Sid":"CodeStarNotificationsSNSTopicCreateAccess" + }, + { + "Action":[ + "sns:ListTopics", + "sns:GetTopicAttributes" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SNSTopicListAccess" + }, + { + "Action":[ + "chatbot:DescribeSlackChannelConfigurations" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsChatbotAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-09-14T16:03:39+00:00" + }, + "AWSCodeBuildDeveloperAccess":{ + "CreateDate":"2016-12-01T19:02:32+00:00", + "DefaultVersionId":"v13", + "Document":{ + "Statement":[ + { + "Action":[ + "codebuild:StartBuild", + "codebuild:StopBuild", + "codebuild:StartBuildBatch", + "codebuild:StopBuildBatch", + "codebuild:RetryBuild", + "codebuild:RetryBuildBatch", + "codebuild:BatchGet*", + "codebuild:GetResourcePolicy", + "codebuild:DescribeTestCases", + "codebuild:DescribeCodeCoverages", + "codebuild:List*", + "codecommit:GetBranch", + "codecommit:GetCommit", + "codecommit:GetRepository", + "codecommit:ListBranches", + "cloudwatch:GetMetricStatistics", + "events:DescribeRule", + "events:ListTargetsByRule", + "events:ListRuleNamesByTarget", + "logs:GetLogEvents", + "s3:GetBucketLocation", + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssm:PutParameter" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:parameter/CodeBuild/*" + }, + { + "Action":[ + "ssm:StartSession" + ], + "Effect":"Allow", + "Resource":"arn:aws:ecs:*:*:task/*/*" + }, + { + "Action":[ + "codestar-connections:ListConnections", + "codestar-connections:GetConnection" + ], + "Effect":"Allow", + "Resource":"arn:aws:codestar-connections:*:*:connection/*", + "Sid":"CodeStarConnectionsUserAccess" + }, + { + "Action":[ + "codestar-notifications:CreateNotificationRule", + "codestar-notifications:DescribeNotificationRule", + "codestar-notifications:UpdateNotificationRule", + "codestar-notifications:Subscribe", + "codestar-notifications:Unsubscribe" + ], + "Condition":{ + "StringLike":{ + "codestar-notifications:NotificationsForResource":"arn:aws:codebuild:*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsReadWriteAccess" + }, + { + "Action":[ + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListEventTypes", + "codestar-notifications:ListTargets", + "codestar-notifications:ListTagsforResource" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsListAccess" + }, + { + "Action":[ + "sns:ListTopics", + "sns:GetTopicAttributes" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SNSTopicListAccess" + }, + { + "Action":[ + "chatbot:DescribeSlackChannelConfigurations" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsChatbotAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-09-14T16:03:44+00:00" + }, + "AWSCodeBuildReadOnlyAccess":{ + "CreateDate":"2016-12-01T19:03:41+00:00", + "DefaultVersionId":"v11", + "Document":{ + "Statement":[ + { + "Action":[ + "codebuild:BatchGet*", + "codebuild:GetResourcePolicy", + "codebuild:List*", + "codebuild:DescribeTestCases", + "codebuild:DescribeCodeCoverages", + "codecommit:GetBranch", + "codecommit:GetCommit", + "codecommit:GetRepository", + "cloudwatch:GetMetricStatistics", + "events:DescribeRule", + "events:ListTargetsByRule", + "events:ListRuleNamesByTarget", + "logs:GetLogEvents" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "codestar-connections:ListConnections", + "codestar-connections:GetConnection" + ], + "Effect":"Allow", + "Resource":"arn:aws:codestar-connections:*:*:connection/*", + "Sid":"CodeStarConnectionsUserAccess" + }, + { + "Action":[ + "codestar-notifications:DescribeNotificationRule" + ], + "Condition":{ + "StringLike":{ + "codestar-notifications:NotificationsForResource":"arn:aws:codebuild:*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsPowerUserAccess" + }, + { + "Action":[ + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListEventTypes", + "codestar-notifications:ListTargets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsListAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-09-14T16:04:04+00:00" + }, + "AWSCodeCommitFullAccess":{ + "CreateDate":"2015-07-09T17:02:19+00:00", + "DefaultVersionId":"v9", + "Document":{ + "Statement":[ + { + "Action":[ + "codecommit:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "events:DeleteRule", + "events:DescribeRule", + "events:DisableRule", + "events:EnableRule", + "events:PutRule", + "events:PutTargets", + "events:RemoveTargets", + "events:ListTargetsByRule" + ], + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/codecommit*", + "Sid":"CloudWatchEventsCodeCommitRulesAccess" + }, + { + "Action":[ + "sns:CreateTopic", + "sns:DeleteTopic", + "sns:Subscribe", + "sns:Unsubscribe", + "sns:SetTopicAttributes" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:codecommit*", + "Sid":"SNSTopicAndSubscriptionAccess" + }, + { + "Action":[ + "sns:ListTopics", + "sns:ListSubscriptionsByTopic", + "sns:GetTopicAttributes" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SNSTopicAndSubscriptionReadAccess" + }, + { + "Action":[ + "lambda:ListFunctions" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"LambdaReadOnlyListAccess" + }, + { + "Action":[ + "iam:ListUsers" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"IAMReadOnlyListAccess" + }, + { + "Action":[ + "iam:ListAccessKeys", + "iam:ListSSHPublicKeys", + "iam:ListServiceSpecificCredentials" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:user/${aws:username}", + "Sid":"IAMReadOnlyConsoleAccess" + }, + { + "Action":[ + "iam:DeleteSSHPublicKey", + "iam:GetSSHPublicKey", + "iam:ListSSHPublicKeys", + "iam:UpdateSSHPublicKey", + "iam:UploadSSHPublicKey" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:user/${aws:username}", + "Sid":"IAMUserSSHKeys" + }, + { + "Action":[ + "iam:CreateServiceSpecificCredential", + "iam:UpdateServiceSpecificCredential", + "iam:DeleteServiceSpecificCredential", + "iam:ResetServiceSpecificCredential" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:user/${aws:username}", + "Sid":"IAMSelfManageServiceSpecificCredentials" + }, + { + "Action":[ + "codestar-notifications:CreateNotificationRule", + "codestar-notifications:DescribeNotificationRule", + "codestar-notifications:UpdateNotificationRule", + "codestar-notifications:DeleteNotificationRule", + "codestar-notifications:Subscribe", + "codestar-notifications:Unsubscribe" + ], + "Condition":{ + "StringLike":{ + "codestar-notifications:NotificationsForResource":"arn:aws:codecommit:*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsReadWriteAccess" + }, + { + "Action":[ + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListTargets", + "codestar-notifications:ListTagsforResource", + "codestar-notifications:ListEventTypes" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsListAccess" + }, + { + "Action":[ + "sns:CreateTopic", + "sns:SetTopicAttributes" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:codestar-notifications*", + "Sid":"CodeStarNotificationsSNSTopicCreateAccess" + }, + { + "Action":[ + "codeguru-reviewer:AssociateRepository", + "codeguru-reviewer:DescribeRepositoryAssociation", + "codeguru-reviewer:ListRepositoryAssociations", + "codeguru-reviewer:DisassociateRepository", + "codeguru-reviewer:DescribeCodeReview", + "codeguru-reviewer:ListCodeReviews" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonCodeGuruReviewerFullAccess" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"codeguru-reviewer.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", + "Sid":"AmazonCodeGuruReviewerSLRCreation" + }, + { + "Action":[ + "events:PutRule", + "events:PutTargets", + "events:DeleteRule", + "events:RemoveTargets" + ], + "Condition":{ + "StringEquals":{ + "events:ManagedBy":"codeguru-reviewer.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudWatchEventsManagedRules" + }, + { + "Action":[ + "chatbot:DescribeSlackChannelConfigurations" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsChatbotAccess" + }, + { + "Action":[ + "codestar-connections:ListConnections", + "codestar-connections:GetConnection" + ], + "Effect":"Allow", + "Resource":"arn:aws:codestar-connections:*:*:connection/*", + "Sid":"CodeStarConnectionsReadOnlyAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-07-30T23:17:35+00:00" + }, + "AWSCodeCommitPowerUser":{ + "CreateDate":"2015-07-09T17:06:49+00:00", + "DefaultVersionId":"v14", + "Document":{ + "Statement":[ + { + "Action":[ + "codecommit:AssociateApprovalRuleTemplateWithRepository", + "codecommit:BatchAssociateApprovalRuleTemplateWithRepositories", + "codecommit:BatchDisassociateApprovalRuleTemplateFromRepositories", + "codecommit:BatchGet*", + "codecommit:BatchDescribe*", + "codecommit:Create*", + "codecommit:DeleteBranch", + "codecommit:DeleteFile", + "codecommit:Describe*", + "codecommit:DisassociateApprovalRuleTemplateFromRepository", + "codecommit:EvaluatePullRequestApprovalRules", + "codecommit:Get*", + "codecommit:List*", + "codecommit:Merge*", + "codecommit:OverridePullRequestApprovalRules", + "codecommit:Put*", + "codecommit:Post*", + "codecommit:TagResource", + "codecommit:Test*", + "codecommit:UntagResource", + "codecommit:Update*", + "codecommit:GitPull", + "codecommit:GitPush" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "events:DeleteRule", + "events:DescribeRule", + "events:DisableRule", + "events:EnableRule", + "events:PutRule", + "events:PutTargets", + "events:RemoveTargets", + "events:ListTargetsByRule" + ], + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/codecommit*", + "Sid":"CloudWatchEventsCodeCommitRulesAccess" + }, + { + "Action":[ + "sns:Subscribe", + "sns:Unsubscribe" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:codecommit*", + "Sid":"SNSTopicAndSubscriptionAccess" + }, + { + "Action":[ + "sns:ListTopics", + "sns:ListSubscriptionsByTopic", + "sns:GetTopicAttributes" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SNSTopicAndSubscriptionReadAccess" + }, + { + "Action":[ + "lambda:ListFunctions" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"LambdaReadOnlyListAccess" + }, + { + "Action":[ + "iam:ListUsers" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"IAMReadOnlyListAccess" + }, + { + "Action":[ + "iam:ListAccessKeys", + "iam:ListSSHPublicKeys", + "iam:ListServiceSpecificCredentials" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:user/${aws:username}", + "Sid":"IAMReadOnlyConsoleAccess" + }, + { + "Action":[ + "iam:DeleteSSHPublicKey", + "iam:GetSSHPublicKey", + "iam:ListSSHPublicKeys", + "iam:UpdateSSHPublicKey", + "iam:UploadSSHPublicKey" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:user/${aws:username}", + "Sid":"IAMUserSSHKeys" + }, + { + "Action":[ + "iam:CreateServiceSpecificCredential", + "iam:UpdateServiceSpecificCredential", + "iam:DeleteServiceSpecificCredential", + "iam:ResetServiceSpecificCredential" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:user/${aws:username}", + "Sid":"IAMSelfManageServiceSpecificCredentials" + }, + { + "Action":[ + "codestar-notifications:CreateNotificationRule", + "codestar-notifications:DescribeNotificationRule", + "codestar-notifications:UpdateNotificationRule", + "codestar-notifications:Subscribe", + "codestar-notifications:Unsubscribe" + ], + "Condition":{ + "StringLike":{ + "codestar-notifications:NotificationsForResource":"arn:aws:codecommit:*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsReadWriteAccess" + }, + { + "Action":[ + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListTargets", + "codestar-notifications:ListTagsforResource", + "codestar-notifications:ListEventTypes" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsListAccess" + }, + { + "Action":[ + "codeguru-reviewer:AssociateRepository", + "codeguru-reviewer:DescribeRepositoryAssociation", + "codeguru-reviewer:ListRepositoryAssociations", + "codeguru-reviewer:DisassociateRepository", + "codeguru-reviewer:DescribeCodeReview", + "codeguru-reviewer:ListCodeReviews" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonCodeGuruReviewerFullAccess" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"codeguru-reviewer.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", + "Sid":"AmazonCodeGuruReviewerSLRCreation" + }, + { + "Action":[ + "events:PutRule", + "events:PutTargets", + "events:DeleteRule", + "events:RemoveTargets" + ], + "Condition":{ + "StringEquals":{ + "events:ManagedBy":"codeguru-reviewer.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudWatchEventsManagedRules" + }, + { + "Action":[ + "chatbot:DescribeSlackChannelConfigurations" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsChatbotAccess" + }, + { + "Action":[ + "codestar-connections:ListConnections", + "codestar-connections:GetConnection" + ], + "Effect":"Allow", + "Resource":"arn:aws:codestar-connections:*:*:connection/*", + "Sid":"CodeStarConnectionsReadOnlyAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-07-30T23:12:48+00:00" + }, + "AWSCodeCommitReadOnly":{ + "CreateDate":"2015-07-09T17:05:06+00:00", + "DefaultVersionId":"v11", + "Document":{ + "Statement":[ + { + "Action":[ + "codecommit:BatchGet*", + "codecommit:BatchDescribe*", + "codecommit:Describe*", + "codecommit:EvaluatePullRequestApprovalRules", + "codecommit:Get*", + "codecommit:List*", + "codecommit:GitPull" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "events:DescribeRule", + "events:ListTargetsByRule" + ], + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/codecommit*", + "Sid":"CloudWatchEventsCodeCommitRulesReadOnlyAccess" + }, + { + "Action":[ + "sns:ListTopics", + "sns:ListSubscriptionsByTopic", + "sns:GetTopicAttributes" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SNSSubscriptionAccess" + }, + { + "Action":[ + "lambda:ListFunctions" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"LambdaReadOnlyListAccess" + }, + { + "Action":[ + "iam:ListUsers" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"IAMReadOnlyListAccess" + }, + { + "Action":[ + "iam:ListSSHPublicKeys", + "iam:ListServiceSpecificCredentials", + "iam:ListAccessKeys", + "iam:GetSSHPublicKey" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:user/${aws:username}", + "Sid":"IAMReadOnlyConsoleAccess" + }, + { + "Action":[ + "codestar-connections:ListConnections", + "codestar-connections:GetConnection" + ], + "Effect":"Allow", + "Resource":"arn:aws:codestar-connections:*:*:connection/*", + "Sid":"CodeStarConnectionsReadOnlyAccess" + }, + { + "Action":[ + "codestar-notifications:DescribeNotificationRule" + ], + "Condition":{ + "StringLike":{ + "codestar-notifications:NotificationsForResource":"arn:aws:codecommit:*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsReadOnlyAccess" + }, + { + "Action":[ + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListEventTypes", + "codestar-notifications:ListTargets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsListAccess" + }, + { + "Action":[ + "codeguru-reviewer:DescribeRepositoryAssociation", + "codeguru-reviewer:ListRepositoryAssociations", + "codeguru-reviewer:DescribeCodeReview", + "codeguru-reviewer:ListCodeReviews" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonCodeGuruReviewerReadOnlyAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-18T18:18:01+00:00" + }, + "AWSCodeDeployDeployerAccess":{ + "CreateDate":"2015-05-19T18:18:43+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "codedeploy:Batch*", + "codedeploy:CreateDeployment", + "codedeploy:Get*", + "codedeploy:List*", + "codedeploy:RegisterApplicationRevision" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "codestar-notifications:CreateNotificationRule", + "codestar-notifications:DescribeNotificationRule", + "codestar-notifications:UpdateNotificationRule", + "codestar-notifications:Subscribe", + "codestar-notifications:Unsubscribe" + ], + "Condition":{ + "StringLike":{ + "codestar-notifications:NotificationsForResource":"arn:aws:codedeploy:*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsReadWriteAccess" + }, + { + "Action":[ + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListTargets", + "codestar-notifications:ListTagsforResource", + "codestar-notifications:ListEventTypes" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsListAccess" + }, + { + "Action":[ + "chatbot:DescribeSlackChannelConfigurations" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsChatbotAccess" + }, + { + "Action":[ + "sns:ListTopics" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SNSTopicListAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-04-02T16:16:11+00:00" + }, + "AWSCodeDeployFullAccess":{ + "CreateDate":"2015-05-19T18:13:23+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":"codedeploy:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "codestar-notifications:CreateNotificationRule", + "codestar-notifications:DescribeNotificationRule", + "codestar-notifications:UpdateNotificationRule", + "codestar-notifications:DeleteNotificationRule", + "codestar-notifications:Subscribe", + "codestar-notifications:Unsubscribe" + ], + "Condition":{ + "StringLike":{ + "codestar-notifications:NotificationsForResource":"arn:aws:codedeploy:*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsReadWriteAccess" + }, + { + "Action":[ + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListTargets", + "codestar-notifications:ListTagsforResource", + "codestar-notifications:ListEventTypes" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsListAccess" + }, + { + "Action":[ + "sns:CreateTopic", + "sns:SetTopicAttributes" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:codestar-notifications*", + "Sid":"CodeStarNotificationsSNSTopicCreateAccess" + }, + { + "Action":[ + "chatbot:DescribeSlackChannelConfigurations" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsChatbotAccess" + }, + { + "Action":[ + "sns:ListTopics" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SNSTopicListAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-04-02T16:14:47+00:00" + }, + "AWSCodeDeployReadOnlyAccess":{ + "CreateDate":"2015-05-19T18:21:32+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "codedeploy:Batch*", + "codedeploy:Get*", + "codedeploy:List*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "codestar-notifications:DescribeNotificationRule" + ], + "Condition":{ + "StringLike":{ + "codestar-notifications:NotificationsForResource":"arn:aws:codedeploy:*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsPowerUserAccess" + }, + { + "Action":[ + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListEventTypes", + "codestar-notifications:ListTargets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsListAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-04-02T16:20:09+00:00" + }, + "AWSCodeDeployRole":{ + "CreateDate":"2015-05-04T18:05:37+00:00", + "DefaultVersionId":"v9", + "Document":{ + "Statement":[ + { + "Action":[ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DeleteLifecycleHook", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeLifecycleHooks", + "autoscaling:PutLifecycleHook", + "autoscaling:RecordLifecycleActionHeartbeat", + "autoscaling:CreateAutoScalingGroup", + "autoscaling:UpdateAutoScalingGroup", + "autoscaling:EnableMetricsCollection", + "autoscaling:DescribePolicies", + "autoscaling:DescribeScheduledActions", + "autoscaling:DescribeNotificationConfigurations", + "autoscaling:SuspendProcesses", + "autoscaling:ResumeProcesses", + "autoscaling:AttachLoadBalancers", + "autoscaling:AttachLoadBalancerTargetGroups", + "autoscaling:PutScalingPolicy", + "autoscaling:PutScheduledUpdateGroupAction", + "autoscaling:PutNotificationConfiguration", + "autoscaling:PutWarmPool", + "autoscaling:DescribeScalingActivities", + "autoscaling:DeleteAutoScalingGroup", + "ec2:DescribeInstances", + "ec2:DescribeInstanceStatus", + "ec2:TerminateInstances", + "tag:GetResources", + "sns:Publish", + "cloudwatch:DescribeAlarms", + "cloudwatch:PutMetricAlarm", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeInstanceHealth", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-05-19T00:42:51+00:00" + }, + "AWSCodeDeployRoleForCloudFormation":{ + "CreateDate":"2020-05-19T17:12:52+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "lambda:InvokeFunction" + ], + "Effect":"Allow", + "Resource":"arn:aws:lambda:*:*:function:CodeDeployHook_*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-05-19T17:12:52+00:00" + }, + "AWSCodeDeployRoleForECS":{ + "CreateDate":"2018-11-27T20:40:57+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "ecs:DescribeServices", + "ecs:CreateTaskSet", + "ecs:UpdateServicePrimaryTaskSet", + "ecs:DeleteTaskSet", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:ModifyRule", + "lambda:InvokeFunction", + "cloudwatch:DescribeAlarms", + "sns:Publish", + "s3:GetObject", + "s3:GetObjectVersion" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":[ + "ecs-tasks.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-09-23T22:37:46+00:00" + }, + "AWSCodeDeployRoleForECSLimited":{ + "CreateDate":"2018-11-27T20:42:42+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "ecs:DescribeServices", + "ecs:CreateTaskSet", + "ecs:UpdateServicePrimaryTaskSet", + "ecs:DeleteTaskSet", + "cloudwatch:DescribeAlarms" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sns:Publish" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:CodeDeployTopic_*" + }, + { + "Action":[ + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:ModifyRule" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "lambda:InvokeFunction" + ], + "Effect":"Allow", + "Resource":"arn:aws:lambda:*:*:function:CodeDeployHook_*" + }, + { + "Action":[ + "s3:GetObject", + "s3:GetObjectVersion" + ], + "Condition":{ + "StringEquals":{ + "s3:ExistingObjectTag/UseWithCodeDeploy":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":[ + "ecs-tasks.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/ecsTaskExecutionRole", + "arn:aws:iam::*:role/ECSTaskExecution*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-09-23T22:10:29+00:00" + }, + "AWSCodeDeployRoleForLambda":{ + "CreateDate":"2017-11-28T14:05:44+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:DescribeAlarms", + "lambda:UpdateAlias", + "lambda:GetAlias", + "lambda:GetProvisionedConcurrencyConfig", + "sns:Publish" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetObject", + "s3:GetObjectVersion" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*/CodeDeploy/*" + }, + { + "Action":[ + "s3:GetObject", + "s3:GetObjectVersion" + ], + "Condition":{ + "StringEquals":{ + "s3:ExistingObjectTag/UseWithCodeDeploy":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "lambda:InvokeFunction" + ], + "Effect":"Allow", + "Resource":"arn:aws:lambda:*:*:function:CodeDeployHook_*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-12-03T19:53:10+00:00" + }, + "AWSCodeDeployRoleForLambdaLimited":{ + "CreateDate":"2020-08-17T17:14:14+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:DescribeAlarms", + "lambda:UpdateAlias", + "lambda:GetAlias", + "lambda:GetProvisionedConcurrencyConfig" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetObject", + "s3:GetObjectVersion" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*/CodeDeploy/*" + }, + { + "Action":[ + "s3:GetObject", + "s3:GetObjectVersion" + ], + "Condition":{ + "StringEquals":{ + "s3:ExistingObjectTag/UseWithCodeDeploy":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "lambda:InvokeFunction" + ], + "Effect":"Allow", + "Resource":"arn:aws:lambda:*:*:function:CodeDeployHook_*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-17T17:14:14+00:00" + }, + "AWSCodePipelineApproverAccess":{ + "CreateDate":"2016-07-28T18:59:17+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "codepipeline:GetPipeline", + "codepipeline:GetPipelineState", + "codepipeline:GetPipelineExecution", + "codepipeline:ListPipelineExecutions", + "codepipeline:ListPipelines", + "codepipeline:PutApprovalResult" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-08-02T17:24:58+00:00" + }, + "AWSCodePipelineCustomActionAccess":{ + "CreateDate":"2015-07-09T17:02:54+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "codepipeline:AcknowledgeJob", + "codepipeline:GetJobDetails", + "codepipeline:PollForJobs", + "codepipeline:PutJobFailureResult", + "codepipeline:PutJobSuccessResult" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-07-09T17:02:54+00:00" + }, + "AWSCodePipelineFullAccess":{ + "CreateDate":"2015-07-09T16:58:07+00:00", + "DefaultVersionId":"v10", + "Document":{ + "Statement":[ + { + "Action":[ + "codepipeline:*", + "cloudformation:DescribeStacks", + "cloudformation:ListChangeSets", + "cloudtrail:CreateTrail", + "cloudtrail:DescribeTrails", + "cloudtrail:GetEventSelectors", + "cloudtrail:PutEventSelectors", + "cloudtrail:StartLogging", + "codebuild:BatchGetProjects", + "codebuild:CreateProject", + "codebuild:ListCuratedEnvironmentImages", + "codebuild:ListProjects", + "codecommit:GetBranch", + "codecommit:GetRepositoryTriggers", + "codecommit:ListBranches", + "codecommit:ListRepositories", + "codecommit:PutRepositoryTriggers", + "codecommit:GetReferences", + "codedeploy:GetApplication", + "codedeploy:BatchGetApplications", + "codedeploy:GetDeploymentGroup", + "codedeploy:BatchGetDeploymentGroups", + "codedeploy:ListApplications", + "codedeploy:ListDeploymentGroups", + "devicefarm:GetDevicePool", + "devicefarm:GetProject", + "devicefarm:ListDevicePools", + "devicefarm:ListProjects", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ecr:DescribeRepositories", + "ecr:ListImages", + "ecs:ListClusters", + "ecs:ListServices", + "elasticbeanstalk:DescribeApplications", + "elasticbeanstalk:DescribeEnvironments", + "iam:ListRoles", + "iam:GetRole", + "lambda:GetFunctionConfiguration", + "lambda:ListFunctions", + "events:ListRules", + "events:ListTargetsByRule", + "events:DescribeRule", + "opsworks:DescribeApps", + "opsworks:DescribeLayers", + "opsworks:DescribeStacks", + "s3:GetBucketPolicy", + "s3:GetBucketVersioning", + "s3:GetObjectVersion", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "sns:ListTopics", + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListTargets", + "codestar-notifications:ListTagsforResource", + "codestar-notifications:ListEventTypes", + "states:ListStateMachines" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetObject", + "s3:CreateBucket", + "s3:PutBucketPolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3::*:codepipeline-*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "events.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/cwe-role-*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "codepipeline.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "events:PutRule", + "events:PutTargets", + "events:DeleteRule", + "events:DisableRule", + "events:RemoveTargets" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:events:*:*:rule/codepipeline-*" + ] + }, + { + "Action":[ + "codestar-notifications:CreateNotificationRule", + "codestar-notifications:DescribeNotificationRule", + "codestar-notifications:UpdateNotificationRule", + "codestar-notifications:DeleteNotificationRule", + "codestar-notifications:Subscribe", + "codestar-notifications:Unsubscribe" + ], + "Condition":{ + "StringLike":{ + "codestar-notifications:NotificationsForResource":"arn:aws:codepipeline:*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsReadWriteAccess" + }, + { + "Action":[ + "sns:CreateTopic", + "sns:SetTopicAttributes" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:codestar-notifications*", + "Sid":"CodeStarNotificationsSNSTopicCreateAccess" + }, + { + "Action":[ + "chatbot:DescribeSlackChannelConfigurations" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsChatbotAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-05-21T22:03:13+00:00" + }, + "AWSCodePipelineReadOnlyAccess":{ + "CreateDate":"2015-07-09T16:43:57+00:00", + "DefaultVersionId":"v9", + "Document":{ + "Statement":[ + { + "Action":[ + "codepipeline:GetPipeline", + "codepipeline:GetPipelineState", + "codepipeline:GetPipelineExecution", + "codepipeline:ListPipelineExecutions", + "codepipeline:ListActionExecutions", + "codepipeline:ListActionTypes", + "codepipeline:ListPipelines", + "codepipeline:ListTagsForResource", + "iam:ListRoles", + "s3:GetBucketPolicy", + "s3:GetObject", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "codecommit:ListBranches", + "codecommit:ListRepositories", + "codedeploy:GetApplication", + "codedeploy:GetDeploymentGroup", + "codedeploy:ListApplications", + "codedeploy:ListDeploymentGroups", + "elasticbeanstalk:DescribeApplications", + "elasticbeanstalk:DescribeEnvironments", + "lambda:GetFunctionConfiguration", + "lambda:ListFunctions", + "opsworks:DescribeApps", + "opsworks:DescribeLayers", + "opsworks:DescribeStacks", + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListEventTypes", + "codestar-notifications:ListTargets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "codestar-notifications:DescribeNotificationRule" + ], + "Condition":{ + "StringLike":{ + "codestar-notifications:NotificationsForResource":"arn:aws:codepipeline:*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsReadOnlyAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-03-26T16:07:17+00:00" + }, + "AWSCodePipeline_FullAccess":{ + "CreateDate":"2020-08-03T22:38:28+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "codepipeline:*", + "cloudformation:DescribeStacks", + "cloudformation:ListChangeSets", + "cloudtrail:DescribeTrails", + "codebuild:BatchGetProjects", + "codebuild:CreateProject", + "codebuild:ListCuratedEnvironmentImages", + "codebuild:ListProjects", + "codecommit:ListBranches", + "codecommit:GetReferences", + "codecommit:ListRepositories", + "codedeploy:BatchGetDeploymentGroups", + "codedeploy:ListApplications", + "codedeploy:ListDeploymentGroups", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ecr:DescribeRepositories", + "ecr:ListImages", + "ecs:ListClusters", + "ecs:ListServices", + "elasticbeanstalk:DescribeApplications", + "elasticbeanstalk:DescribeEnvironments", + "iam:ListRoles", + "iam:GetRole", + "lambda:ListFunctions", + "events:ListRules", + "events:ListTargetsByRule", + "events:DescribeRule", + "opsworks:DescribeApps", + "opsworks:DescribeLayers", + "opsworks:DescribeStacks", + "s3:ListAllMyBuckets", + "sns:ListTopics", + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListTargets", + "codestar-notifications:ListTagsforResource", + "codestar-notifications:ListEventTypes", + "states:ListStateMachines" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetObject", + "s3:ListBucket", + "s3:GetBucketPolicy", + "s3:GetBucketVersioning", + "s3:GetObjectVersion", + "s3:CreateBucket", + "s3:PutBucketPolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3::*:codepipeline-*" + }, + { + "Action":[ + "cloudtrail:PutEventSelectors", + "cloudtrail:CreateTrail", + "cloudtrail:GetEventSelectors", + "cloudtrail:StartLogging" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudtrail:*:*:trail/codepipeline-source-trail" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "events.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/cwe-role-*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "codepipeline.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "events:PutRule", + "events:PutTargets", + "events:DeleteRule", + "events:DisableRule", + "events:RemoveTargets" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:events:*:*:rule/codepipeline-*" + ] + }, + { + "Action":[ + "codestar-notifications:CreateNotificationRule", + "codestar-notifications:DescribeNotificationRule", + "codestar-notifications:UpdateNotificationRule", + "codestar-notifications:DeleteNotificationRule", + "codestar-notifications:Subscribe", + "codestar-notifications:Unsubscribe" + ], + "Condition":{ + "StringLike":{ + "codestar-notifications:NotificationsForResource":"arn:aws:codepipeline:*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsReadWriteAccess" + }, + { + "Action":[ + "sns:CreateTopic", + "sns:SetTopicAttributes" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:codestar-notifications*", + "Sid":"CodeStarNotificationsSNSTopicCreateAccess" + }, + { + "Action":[ + "chatbot:DescribeSlackChannelConfigurations" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsChatbotAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-03T22:38:28+00:00" + }, + "AWSCodePipeline_ReadOnlyAccess":{ + "CreateDate":"2020-08-03T22:25:17+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "codepipeline:GetPipeline", + "codepipeline:GetPipelineState", + "codepipeline:GetPipelineExecution", + "codepipeline:ListPipelineExecutions", + "codepipeline:ListActionExecutions", + "codepipeline:ListActionTypes", + "codepipeline:ListPipelines", + "codepipeline:ListTagsForResource", + "s3:ListAllMyBuckets", + "codestar-notifications:ListNotificationRules", + "codestar-notifications:ListEventTypes", + "codestar-notifications:ListTargets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetObject", + "s3:ListBucket", + "s3:GetBucketPolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3::*:codepipeline-*" + }, + { + "Action":[ + "codestar-notifications:DescribeNotificationRule" + ], + "Condition":{ + "StringLike":{ + "codestar-notifications:NotificationsForResource":"arn:aws:codepipeline:*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarNotificationsReadOnlyAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-03T22:25:17+00:00" + }, + "AWSCodeStarFullAccess":{ + "CreateDate":"2017-04-19T16:23:19+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "codestar:*", + "ec2:DescribeKeyPairs", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "cloud9:DescribeEnvironment*", + "cloud9:ValidateEnvironmentName" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeStarEC2" + }, + { + "Action":[ + "cloudformation:DescribeStack*", + "cloudformation:GetTemplateSummary" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/awscodestar-*" + ], + "Sid":"CodeStarCF" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-01-10T21:54:06+00:00" + }, + "AWSCodeStarNotificationsServiceRolePolicy":{ + "CreateDate":"2019-11-05T16:10:21+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "events:PutTargets", + "events:PutRule", + "events:DescribeRule" + ], + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/awscodestarnotifications-*" + }, + { + "Action":[ + "sns:CreateTopic" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:CodeStarNotifications-*" + }, + { + "Action":[ + "codecommit:GetCommentsForPullRequest", + "codecommit:GetCommentsForComparedCommit", + "chatbot:DescribeSlackChannelConfigurations", + "chatbot:UpdateSlackChannelConfiguration", + "codecommit:GetDifferences", + "codepipeline:ListActionExecutions" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "codecommit:GetFile" + ], + "Condition":{ + "StringNotEquals":{ + "aws:ResourceTag/ExcludeFileContentFromNotifications":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-03-19T16:01:55+00:00" + }, + "AWSCodeStarServiceRole":{ + "CreateDate":"2017-04-19T15:20:50+00:00", + "DefaultVersionId":"v11", + "Document":{ + "Statement":[ + { + "Action":[ + "events:PutTargets", + "events:RemoveTargets", + "events:PutRule", + "events:DeleteRule", + "events:DescribeRule" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:events:*:*:rule/awscodestar-*" + ], + "Sid":"ProjectEventRules" + }, + { + "Action":[ + "cloudformation:*Stack*", + "cloudformation:CreateChangeSet", + "cloudformation:ExecuteChangeSet", + "cloudformation:DeleteChangeSet", + "cloudformation:GetTemplate" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/awscodestar-*", + "arn:aws:cloudformation:*:*:stack/awseb-*", + "arn:aws:cloudformation:*:*:stack/aws-cloud9-*", + "arn:aws:cloudformation:*:aws:transform/CodeStar*" + ], + "Sid":"ProjectStack" + }, + { + "Action":[ + "cloudformation:GetTemplateSummary", + "cloudformation:DescribeChangeSet" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ProjectStackTemplate" + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::awscodestar-*/*" + ], + "Sid":"ProjectQuickstarts" + }, + { + "Action":[ + "s3:*" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-codestar-*", + "arn:aws:s3:::elasticbeanstalk-*" + ], + "Sid":"ProjectS3Buckets" + }, + { + "Action":[ + "codestar:*", + "codecommit:*", + "codepipeline:*", + "codedeploy:*", + "codebuild:*", + "autoscaling:*", + "cloudwatch:Put*", + "ec2:*", + "elasticbeanstalk:*", + "elasticloadbalancing:*", + "iam:ListRoles", + "logs:*", + "sns:*", + "cloud9:CreateEnvironmentEC2", + "cloud9:DeleteEnvironment", + "cloud9:DescribeEnvironment*", + "cloud9:ListEnvironments" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ProjectServices" + }, + { + "Action":[ + "iam:AttachRolePolicy", + "iam:CreateRole", + "iam:DeleteRole", + "iam:DeleteRolePolicy", + "iam:DetachRolePolicy", + "iam:GetRole", + "iam:PassRole", + "iam:GetRolePolicy", + "iam:PutRolePolicy", + "iam:SetDefaultPolicyVersion", + "iam:CreatePolicy", + "iam:DeletePolicy", + "iam:AddRoleToInstanceProfile", + "iam:CreateInstanceProfile", + "iam:DeleteInstanceProfile", + "iam:RemoveRoleFromInstanceProfile" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/CodeStarWorker*", + "arn:aws:iam::*:policy/CodeStarWorker*", + "arn:aws:iam::*:instance-profile/awscodestar-*" + ], + "Sid":"ProjectWorkerRoles" + }, + { + "Action":[ + "iam:AttachUserPolicy", + "iam:DetachUserPolicy" + ], + "Condition":{ + "ArnEquals":{ + "iam:PolicyArn":[ + "arn:aws:iam::*:policy/CodeStar_*" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"ProjectTeamMembers" + }, + { + "Action":[ + "iam:CreatePolicy", + "iam:DeletePolicy", + "iam:CreatePolicyVersion", + "iam:DeletePolicyVersion", + "iam:ListEntitiesForPolicy", + "iam:ListPolicyVersions", + "iam:GetPolicy", + "iam:GetPolicyVersion" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:policy/CodeStar_*" + ], + "Sid":"ProjectRoles" + }, + { + "Action":[ + "iam:ListAttachedRolePolicies" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-codestar-service-role", + "arn:aws:iam::*:role/service-role/aws-codestar-service-role" + ], + "Sid":"InspectServiceRole" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"cloud9.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"IAMLinkRole" + }, + { + "Action":[ + "config:DescribeConfigRules" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"DescribeConfigRuleForARN" + }, + { + "Action":[ + "codestar-connections:UseConnection", + "codestar-connections:GetConnection" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ProjectCodeStarConnections" + }, + { + "Action":"codestar-connections:PassConnection", + "Condition":{ + "StringEqualsIfExists":{ + "codestar-connections:PassedToService":"codepipeline.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"ProjectCodeStarConnectionsPassConnections" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-20T19:11:03+00:00" + }, + "AWSCompromisedKeyQuarantine":{ + "CreateDate":"2020-08-11T18:04:13+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:AttachGroupPolicy", + "iam:AttachRolePolicy", + "iam:AttachUserPolicy", + "iam:ChangePassword", + "iam:CreateAccessKey", + "iam:CreateInstanceProfile", + "iam:CreateLoginProfile", + "iam:CreateRole", + "iam:CreateUser", + "iam:DetachUserPolicy", + "iam:PutUserPermissionsBoundary", + "iam:PutUserPolicy", + "iam:UpdateAccessKey", + "iam:UpdateAccountPasswordPolicy", + "iam:UpdateUser", + "ec2:RequestSpotInstances", + "ec2:RunInstances", + "ec2:StartInstances", + "organizations:CreateAccount", + "organizations:CreateOrganization", + "organizations:InviteAccountToOrganization", + "lambda:CreateFunction", + "lightsail:Create*", + "lightsail:Start*", + "lightsail:Delete*", + "lightsail:Update*", + "lightsail:GetInstanceAccessDetails", + "lightsail:DownloadDefaultKeyPair" + ], + "Effect":"Deny", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-11T18:04:13+00:00" + }, + "AWSCompromisedKeyQuarantineV2":{ + "CreateDate":"2021-04-21T22:30:59+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:RequestSpotInstances", + "ec2:RunInstances", + "ec2:StartInstances", + "iam:AddUserToGroup", + "iam:AttachGroupPolicy", + "iam:AttachRolePolicy", + "iam:AttachUserPolicy", + "iam:ChangePassword", + "iam:CreateAccessKey", + "iam:CreateInstanceProfile", + "iam:CreateLoginProfile", + "iam:CreatePolicyVersion", + "iam:CreateRole", + "iam:CreateUser", + "iam:DetachUserPolicy", + "iam:PassRole", + "iam:PutGroupPolicy", + "iam:PutRolePolicy", + "iam:PutUserPermissionsBoundary", + "iam:PutUserPolicy", + "iam:SetDefaultPolicyVersion", + "iam:UpdateAccessKey", + "iam:UpdateAccountPasswordPolicy", + "iam:UpdateAssumeRolePolicy", + "iam:UpdateLoginProfile", + "iam:UpdateUser", + "lambda:AddLayerVersionPermission", + "lambda:AddPermission", + "lambda:CreateFunction", + "lambda:GetPolicy", + "lambda:ListTags", + "lambda:PutProvisionedConcurrencyConfig", + "lambda:TagResource", + "lambda:UntagResource", + "lambda:UpdateFunctionCode", + "lightsail:Create*", + "lightsail:Delete*", + "lightsail:DownloadDefaultKeyPair", + "lightsail:GetInstanceAccessDetails", + "lightsail:Start*", + "lightsail:Update*", + "organizations:CreateAccount", + "organizations:CreateOrganization", + "organizations:InviteAccountToOrganization", + "s3:DeleteBucket", + "s3:DeleteObject", + "s3:DeleteObjectVersion", + "s3:PutLifecycleConfiguration", + "s3:PutBucketAcl", + "s3:PutBucketOwnershipControls", + "s3:DeleteBucketPolicy", + "s3:ObjectOwnerOverrideToBucketOwner", + "s3:PutAccountPublicAccessBlock", + "s3:PutBucketPolicy", + "s3:ListAllMyBuckets" + ], + "Effect":"Deny", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-11T21:32:48+00:00" + }, + "AWSConfigMultiAccountSetupPolicy":{ + "CreateDate":"2019-06-17T18:03:16+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "config:PutConfigRule", + "config:DeleteConfigRule" + ], + "Effect":"Allow", + "Resource":"arn:aws:config:*:*:config-rule/aws-service-rule/config-multiaccountsetup.amazonaws.com/*" + }, + { + "Action":[ + "config:DescribeConfigurationRecorders" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "organizations:ListAccounts", + "organizations:DescribeOrganization", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:DescribeAccount" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "config:PutConformancePack", + "config:DeleteConformancePack", + "config:DescribeConformancePackStatus" + ], + "Effect":"Allow", + "Resource":"arn:aws:config:*:*:conformance-pack/aws-service-conformance-pack/config-multiaccountsetup.amazonaws.com/*" + }, + { + "Action":[ + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"config-conforms.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"ssm.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-05-21T22:59:26+00:00" + }, + "AWSConfigRemediationServiceRolePolicy":{ + "CreateDate":"2019-06-18T21:21:35+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ssm:GetDocument", + "ssm:DescribeDocument", + "ssm:StartAutomationExecution" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"ssm.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-18T21:21:35+00:00" + }, + "AWSConfigRole":{ + "CreateDate":"2015-04-02T17:36:23+00:00", + "DefaultVersionId":"v42", + "Document":{ + "Statement":[ + { + "Action":[ + "access-analyzer:GetAnalyzer", + "access-analyzer:GetArchiveRule", + "access-analyzer:ListAnalyzers", + "access-analyzer:ListArchiveRules", + "access-analyzer:ListTagsForResource", + "account:GetAlternateContact", + "acm:DescribeCertificate", + "acm:ListCertificates", + "acm:ListTagsForCertificate", + "apigateway:GET", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingPolicies", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribeLifecycleHooks", + "autoscaling:DescribePolicies", + "autoscaling:DescribeScheduledActions", + "autoscaling:DescribeTags", + "backup:DescribeBackupVault", + "backup:DescribeRecoveryPoint", + "backup:GetBackupPlan", + "backup:GetBackupSelection", + "backup:GetBackupVaultAccessPolicy", + "backup:GetBackupVaultNotifications", + "backup:ListBackupPlans", + "backup:ListBackupSelections", + "backup:ListBackupVaults", + "backup:ListRecoveryPointsByBackupVault", + "backup:ListTags", + "cloudformation:DescribeType", + "cloudformation:ListTypes", + "cloudfront:ListDistributions", + "cloudfront:ListTagsForResource", + "cloudtrail:DescribeTrails", + "cloudtrail:GetEventSelectors", + "cloudtrail:GetTrailStatus", + "cloudtrail:ListTags", + "cloudwatch:DescribeAlarms", + "codedeploy:GetDeploymentConfig", + "codepipeline:GetPipeline", + "codepipeline:GetPipelineState", + "codepipeline:ListPipelines", + "config:BatchGet*", + "config:Describe*", + "config:Get*", + "config:List*", + "config:Put*", + "config:Select*", + "dax:DescribeClusters", + "dms:DescribeEventSubscriptions", + "dms:DescribeReplicationInstances", + "dms:DescribeReplicationSubnetGroups", + "dms:ListTagsForResource", + "dynamodb:DescribeContinuousBackups", + "dynamodb:DescribeLimits", + "dynamodb:DescribeTable", + "dynamodb:ListTables", + "dynamodb:ListTagsOfResource", + "ec2:Describe*", + "ec2:GetEbsEncryptionByDefault", + "ecr-public:DescribeRepositories", + "ecr-public:GetRepositoryCatalogData", + "ecr-public:GetRepositoryPolicy", + "ecr-public:ListTagsForResource", + "ecr:DescribeRepositories", + "ecr:GetLifecyclePolicy", + "ecr:GetRepositoryPolicy", + "ecr:ListTagsForResource", + "ecs:DescribeClusters", + "ecs:DescribeServices", + "ecs:DescribeTaskDefinition", + "ecs:DescribeTaskSets", + "ecs:ListClusters", + "ecs:ListServices", + "ecs:ListTagsForResource", + "ecs:ListTaskDefinitionFamilies", + "ecs:ListTaskDefinitions", + "eks:DescribeCluster", + "eks:DescribeNodegroup", + "eks:ListClusters", + "eks:ListNodegroups", + "elasticache:DescribeCacheClusters", + "elasticache:DescribeCacheParameterGroups", + "elasticache:DescribeCacheSubnetGroups", + "elasticache:DescribeReplicationGroups", + "elasticache:DescribeSnapshots", + "elasticache:ListTagsForResource", + "elasticbeanstalk:DescribeConfigurationSettings", + "elasticbeanstalk:DescribeEnvironments", + "elasticfilesystem:DescribeAccessPoints", + "elasticfilesystem:DescribeBackupPolicy", + "elasticfilesystem:DescribeFileSystemPolicy", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeLifecycleConfiguration", + "elasticfilesystem:DescribeMountTargets", + "elasticfilesystem:DescribeMountTargetSecurityGroups", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeLoadBalancerPolicies", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTags", + "elasticmapreduce:DescribeCluster", + "elasticmapreduce:DescribeSecurityConfiguration", + "elasticmapreduce:DescribeStep", + "elasticmapreduce:GetBlockPublicAccessConfiguration", + "elasticmapreduce:GetManagedScalingPolicy", + "elasticmapreduce:ListClusters", + "elasticmapreduce:ListInstanceFleets", + "elasticmapreduce:ListInstanceGroups", + "elasticmapreduce:ListInstances", + "elasticmapreduce:ListSecurityConfigurations", + "elasticmapreduce:ListSteps", + "es:DescribeDomain", + "es:DescribeDomains", + "es:DescribeElasticsearchDomain", + "es:DescribeElasticsearchDomains", + "es:GetCompatibleElasticsearchVersions", + "es:GetCompatibleVersions", + "es:ListDomainNames", + "es:ListTags", + "firehose:DescribeDeliveryStream", + "firehose:ListDeliveryStreams", + "firehose:ListTagsForDeliveryStream", + "fsx:DescribeFileSystems", + "globalaccelerator:DescribeAccelerator", + "globalaccelerator:DescribeEndpointGroup", + "globalaccelerator:DescribeListener", + "globalaccelerator:ListAccelerators", + "globalaccelerator:ListEndpointGroups", + "globalaccelerator:ListListeners", + "globalaccelerator:ListTagsForResource", + "guardduty:GetDetector", + "guardduty:GetFindings", + "guardduty:GetMasterAccount", + "guardduty:ListDetectors", + "guardduty:ListFindings", + "iam:GenerateCredentialReport", + "iam:GetAccountAuthorizationDetails", + "iam:GetAccountPasswordPolicy", + "iam:GetAccountSummary", + "iam:GetCredentialReport", + "iam:GetGroup", + "iam:GetGroupPolicy", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:GetUser", + "iam:GetUserPolicy", + "iam:ListAttachedGroupPolicies", + "iam:ListAttachedRolePolicies", + "iam:ListAttachedUserPolicies", + "iam:ListEntitiesForPolicy", + "iam:ListGroupPolicies", + "iam:ListGroupsForUser", + "iam:ListInstanceProfilesForRole", + "iam:ListPolicyVersions", + "iam:ListRolePolicies", + "iam:ListUserPolicies", + "iam:ListVirtualMFADevices", + "kafka:DescribeCluster", + "kafka:ListClusters", + "kinesis:DescribeStreamConsumer", + "kinesis:DescribeStreamSummary", + "kinesis:ListStreamConsumers", + "kinesis:ListStreams", + "kinesis:ListTagsForStream", + "kms:DescribeKey", + "kms:GetKeyPolicy", + "kms:GetKeyRotationStatus", + "kms:ListKeys", + "kms:ListResourceTags", + "lambda:GetAlias", + "lambda:GetFunction", + "lambda:GetFunctionCodeSigningConfig", + "lambda:GetPolicy", + "lambda:ListAliases", + "lambda:ListFunctions", + "lambda:ListVersionsByFunction", + "logs:DescribeLogGroups", + "logs:ListTagsLogGroup", + "network-firewall:DescribeLoggingConfiguration", + "network-firewall:ListFirewalls", + "organizations:DescribeOrganization", + "organizations:DescribePolicy", + "organizations:ListParents", + "organizations:ListPoliciesForTarget", + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshotAttributes", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBEngineVersions", + "rds:DescribeDBInstances", + "rds:DescribeDBParameterGroups", + "rds:DescribeDBParameters", + "rds:DescribeDBSecurityGroups", + "rds:DescribeDBSnapshotAttributes", + "rds:DescribeDBSnapshots", + "rds:DescribeDBSubnetGroups", + "rds:DescribeEventSubscriptions", + "rds:DescribeOptionGroups", + "rds:ListTagsForResource", + "redshift:DescribeClusterParameterGroups", + "redshift:DescribeClusterParameters", + "redshift:DescribeClusters", + "redshift:DescribeClusterSecurityGroups", + "redshift:DescribeClusterSnapshots", + "redshift:DescribeClusterSubnetGroups", + "redshift:DescribeEventSubscriptions", + "redshift:DescribeLoggingStatus", + "route53:GetHealthCheck", + "route53:GetHostedZone", + "route53:ListHealthChecks", + "route53:ListHostedZones", + "route53:ListHostedZonesByName", + "route53:ListQueryLoggingConfigs", + "route53:ListResourceRecordSets", + "route53:ListTagsForResource", + "route53resolver:GetResolverEndpoint", + "route53resolver:GetResolverRule", + "route53resolver:GetResolverRuleAssociation", + "route53resolver:ListResolverEndpointIpAddresses", + "route53resolver:ListResolverEndpoints", + "route53resolver:ListResolverRuleAssociations", + "route53resolver:ListResolverRules", + "route53resolver:ListTagsForResource", + "s3:GetAccelerateConfiguration", + "s3:GetAccessPoint", + "s3:GetAccessPointPolicy", + "s3:GetAccessPointPolicyStatus", + "s3:GetAccountPublicAccessBlock", + "s3:GetBucketAcl", + "s3:GetBucketCORS", + "s3:GetBucketLocation", + "s3:GetBucketLogging", + "s3:GetBucketNotification", + "s3:GetBucketObjectLockConfiguration", + "s3:GetBucketPolicy", + "s3:GetBucketPublicAccessBlock", + "s3:GetBucketRequestPayment", + "s3:GetBucketTagging", + "s3:GetBucketVersioning", + "s3:GetBucketWebsite", + "s3:GetEncryptionConfiguration", + "s3:GetLifecycleConfiguration", + "s3:GetObject", + "s3:GetReplicationConfiguration", + "s3:ListAccessPoints", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "sagemaker:DescribeCodeRepository", + "sagemaker:DescribeEndpoint", + "sagemaker:DescribeEndpointConfig", + "sagemaker:DescribeModel", + "sagemaker:DescribeMonitoringSchedule", + "sagemaker:DescribeNotebookInstance", + "sagemaker:DescribeNotebookInstanceLifecycleConfig", + "sagemaker:DescribeWorkteam", + "sagemaker:ListCodeRepositories", + "sagemaker:ListEndpointConfigs", + "sagemaker:ListEndpoints", + "sagemaker:ListModels", + "sagemaker:ListMonitoringSchedules", + "sagemaker:ListNotebookInstanceLifecycleConfigs", + "sagemaker:ListNotebookInstances", + "sagemaker:ListTags", + "sagemaker:ListWorkteams", + "secretsmanager:ListSecrets", + "secretsmanager:ListSecretVersionIds", + "securityhub:DescribeHub", + "shield:DescribeDRTAccess", + "shield:DescribeProtection", + "shield:DescribeSubscription", + "sns:GetSubscriptionAttributes", + "sns:GetTopicAttributes", + "sns:ListSubscriptions", + "sns:ListSubscriptionsByTopic", + "sns:ListTagsForResource", + "sns:ListTopics", + "sqs:GetQueueAttributes", + "sqs:ListQueues", + "sqs:ListQueueTags", + "ssm:DescribeAutomationExecutions", + "ssm:DescribeDocument", + "ssm:DescribeDocumentPermission", + "ssm:GetAutomationExecution", + "ssm:GetDocument", + "ssm:ListDocuments", + "states:DescribeStateMachine", + "states:ListStateMachines", + "states:ListTagsForResource", + "storagegateway:ListGateways", + "storagegateway:ListTagsForResource", + "storagegateway:ListVolumes", + "support:DescribeCases", + "tag:GetResources", + "waf-regional:GetLoggingConfiguration", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf:GetLoggingConfiguration", + "waf:GetWebACL", + "wafv2:GetLoggingConfiguration" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-02-10T18:33:55+00:00" + }, + "AWSConfigRoleForOrganizations":{ + "CreateDate":"2018-03-19T22:53:01+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "organizations:ListAccounts", + "organizations:DescribeOrganization", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListDelegatedAdministrators" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-11-24T20:19:13+00:00" + }, + "AWSConfigRulesExecutionRole":{ + "CreateDate":"2016-03-25T17:59:36+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*/AWSLogs/*/Config/*" + }, + { + "Action":[ + "config:Put*", + "config:Get*", + "config:List*", + "config:Describe*", + "config:BatchGet*", + "config:Select*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-05-13T21:33:30+00:00" + }, + "AWSConfigServiceRolePolicy":{ + "CreateDate":"2018-05-30T23:31:46+00:00", + "DefaultVersionId":"v32", + "Document":{ + "Statement":[ + { + "Action":[ + "access-analyzer:GetAnalyzer", + "access-analyzer:GetArchiveRule", + "access-analyzer:ListAnalyzers", + "access-analyzer:ListArchiveRules", + "access-analyzer:ListTagsForResource", + "account:GetAlternateContact", + "acm:DescribeCertificate", + "acm:ListCertificates", + "acm:ListTagsForCertificate", + "apigateway:GET", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingPolicies", + "athena:GetDataCatalog", + "athena:GetWorkGroup", + "athena:ListDataCatalogs", + "athena:ListTagsForResource", + "athena:ListWorkGroups", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribeLifecycleHooks", + "autoscaling:DescribePolicies", + "autoscaling:DescribeScheduledActions", + "autoscaling:DescribeTags", + "backup-gateway:ListTagsForResource", + "backup-gateway:ListVirtualMachines", + "backup:DescribeBackupVault", + "backup:DescribeRecoveryPoint", + "backup:GetBackupPlan", + "backup:GetBackupSelection", + "backup:GetBackupVaultAccessPolicy", + "backup:GetBackupVaultNotifications", + "backup:ListBackupPlans", + "backup:ListBackupSelections", + "backup:ListBackupVaults", + "backup:ListRecoveryPointsByBackupVault", + "backup:ListTags", + "batch:DescribeComputeEnvironments", + "batch:DescribeJobQueues", + "batch:ListTagsForResource", + "cloudformation:DescribeType", + "cloudformation:GetResource", + "cloudformation:ListResources", + "cloudformation:ListTypes", + "cloudfront:ListDistributions", + "cloudfront:ListTagsForResource", + "cloudtrail:DescribeTrails", + "cloudtrail:GetEventDataStore", + "cloudtrail:GetEventSelectors", + "cloudtrail:GetTrailStatus", + "cloudtrail:ListEventDataStores", + "cloudtrail:ListTags", + "cloudwatch:DescribeAlarms", + "codedeploy:GetDeploymentConfig", + "codepipeline:GetPipeline", + "codepipeline:GetPipelineState", + "codepipeline:ListPipelines", + "config:BatchGet*", + "config:Describe*", + "config:Get*", + "config:List*", + "config:Put*", + "config:Select*", + "dax:DescribeClusters", + "dax:DescribeParameterGroups", + "dax:DescribeParameters", + "dax:DescribeSubnetGroups", + "dax:ListTags", + "detective:ListTagsForResource", + "detective:ListGraphs", + "dms:DescribeCertificates", + "dms:DescribeEventSubscriptions", + "dms:DescribeReplicationInstances", + "dms:DescribeReplicationSubnetGroups", + "dms:DescribeReplicationTasks", + "dms:ListTagsForResource", + "dynamodb:DescribeContinuousBackups", + "dynamodb:DescribeGlobalTable", + "dynamodb:DescribeGlobalTableSettings", + "dynamodb:DescribeLimits", + "dynamodb:DescribeTable", + "dynamodb:ListTables", + "dynamodb:ListTagsOfResource", + "ec2:Describe*", + "ec2:DescribeClientVpnAuthorizationRules", + "ec2:DescribeClientVpnEndpoints", + "ec2:DescribeDhcpOptions", + "ec2:DescribeFleets", + "ec2:DescribeNetworkAcls", + "ec2:DescribePlacementGroups", + "ec2:DescribeSpotFleetRequests", + "ec2:DescribeVolumeAttribute", + "ec2:DescribeVolumes", + "ec2:GetEbsEncryptionByDefault", + "ecr-public:DescribeRepositories", + "ecr-public:GetRepositoryCatalogData", + "ecr-public:GetRepositoryPolicy", + "ecr-public:ListTagsForResource", + "ecr:DescribeRepositories", + "ecr:GetLifecyclePolicy", + "ecr:GetRepositoryPolicy", + "ecr:ListTagsForResource", + "ecs:DescribeClusters", + "ecs:DescribeServices", + "ecs:DescribeTaskDefinition", + "ecs:DescribeTaskSets", + "ecs:ListClusters", + "ecs:ListServices", + "ecs:ListTagsForResource", + "ecs:ListTaskDefinitionFamilies", + "ecs:ListTaskDefinitions", + "eks:DescribeCluster", + "eks:DescribeFargateProfile", + "eks:DescribeNodegroup", + "eks:ListClusters", + "eks:ListFargateProfiles", + "eks:ListNodegroups", + "eks:ListTagsForResource", + "elasticache:DescribeCacheClusters", + "elasticache:DescribeCacheParameterGroups", + "elasticache:DescribeCacheSubnetGroups", + "elasticache:DescribeReplicationGroups", + "elasticache:DescribeSnapshots", + "elasticache:ListTagsForResource", + "elasticbeanstalk:DescribeConfigurationSettings", + "elasticbeanstalk:DescribeEnvironments", + "elasticfilesystem:DescribeAccessPoints", + "elasticfilesystem:DescribeBackupPolicy", + "elasticfilesystem:DescribeFileSystemPolicy", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeLifecycleConfiguration", + "elasticfilesystem:DescribeMountTargets", + "elasticfilesystem:DescribeMountTargetSecurityGroups", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeLoadBalancerPolicies", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTags", + "elasticmapreduce:DescribeCluster", + "elasticmapreduce:DescribeSecurityConfiguration", + "elasticmapreduce:DescribeStep", + "elasticmapreduce:GetBlockPublicAccessConfiguration", + "elasticmapreduce:GetManagedScalingPolicy", + "elasticmapreduce:ListClusters", + "elasticmapreduce:ListInstanceFleets", + "elasticmapreduce:ListInstanceGroups", + "elasticmapreduce:ListInstances", + "elasticmapreduce:ListSecurityConfigurations", + "elasticmapreduce:ListSteps", + "es:DescribeDomain", + "es:DescribeDomains", + "es:DescribeElasticsearchDomain", + "es:DescribeElasticsearchDomains", + "es:GetCompatibleElasticsearchVersions", + "es:GetCompatibleVersions", + "es:ListDomainNames", + "es:ListTags", + "firehose:DescribeDeliveryStream", + "firehose:ListDeliveryStreams", + "firehose:ListTagsForDeliveryStream", + "fsx:DescribeFileSystems", + "fsx:ListTagsForResource", + "globalaccelerator:DescribeAccelerator", + "globalaccelerator:DescribeEndpointGroup", + "globalaccelerator:DescribeListener", + "globalaccelerator:ListAccelerators", + "globalaccelerator:ListEndpointGroups", + "globalaccelerator:ListListeners", + "globalaccelerator:ListTagsForResource", + "glue:BatchGetDevEndpoints", + "glue:GetDevEndpoint", + "glue:GetDevEndpoints", + "glue:GetSecurityConfiguration", + "glue:GetSecurityConfigurations", + "glue:GetTags", + "glue:ListCrawlers", + "glue:ListDevEndpoints", + "glue:ListJobs", + "glue:ListWorkflows", + "guardduty:GetDetector", + "guardduty:GetFilter", + "guardduty:GetFindings", + "guardduty:GetIPSet", + "guardduty:GetMasterAccount", + "guardduty:GetMembers", + "guardduty:GetThreatIntelSet", + "guardduty:ListDetectors", + "guardduty:ListFilters", + "guardduty:ListFindings", + "guardduty:ListIPSets", + "guardduty:ListMembers", + "guardduty:ListOrganizationAdminAccounts", + "guardduty:ListTagsForResource", + "guardduty:ListThreatIntelSets", + "iam:GenerateCredentialReport", + "iam:GetAccountAuthorizationDetails", + "iam:GetAccountPasswordPolicy", + "iam:GetAccountSummary", + "iam:GetCredentialReport", + "iam:GetGroup", + "iam:GetGroupPolicy", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:GetUser", + "iam:GetUserPolicy", + "iam:ListAttachedGroupPolicies", + "iam:ListAttachedRolePolicies", + "iam:ListAttachedUserPolicies", + "iam:ListEntitiesForPolicy", + "iam:ListGroupPolicies", + "iam:ListGroupsForUser", + "iam:ListInstanceProfilesForRole", + "iam:ListPolicyVersions", + "iam:ListRolePolicies", + "iam:ListUserPolicies", + "iam:ListVirtualMFADevices", + "kafka:DescribeCluster", + "kafka:ListClusters", + "kinesis:DescribeStreamConsumer", + "kinesis:DescribeStreamSummary", + "kinesis:ListStreamConsumers", + "kinesis:ListStreams", + "kinesis:ListTagsForStream", + "kms:DescribeKey", + "kms:GetKeyPolicy", + "kms:GetKeyRotationStatus", + "kms:ListAliases", + "kms:ListKeys", + "kms:ListResourceTags", + "lambda:GetAlias", + "lambda:GetFunction", + "lambda:GetFunctionCodeSigningConfig", + "lambda:GetPolicy", + "lambda:ListAliases", + "lambda:ListFunctions", + "lambda:ListVersionsByFunction", + "logs:DescribeLogGroups", + "logs:ListTagsLogGroup", + "macie2:GetMacieSession", + "network-firewall:DescribeLoggingConfiguration", + "network-firewall:ListFirewalls", + "opsworks:DescribeLayers", + "opsworks:ListTags", + "organizations:DescribeOrganization", + "organizations:DescribePolicy", + "organizations:ListParents", + "organizations:ListPolicies", + "organizations:ListPoliciesForTarget", + "ram:GetResourceShareAssociations", + "ram:GetResourceShares", + "rds:DescribeDBClusterParameterGroups", + "rds:DescribeDBClusterParameters", + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshotAttributes", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBEngineVersions", + "rds:DescribeDBInstances", + "rds:DescribeDBParameterGroups", + "rds:DescribeDBParameters", + "rds:DescribeDBSecurityGroups", + "rds:DescribeDBSnapshotAttributes", + "rds:DescribeDBSnapshots", + "rds:DescribeDBSubnetGroups", + "rds:DescribeEventSubscriptions", + "rds:DescribeOptionGroups", + "rds:ListTagsForResource", + "redshift:DescribeClusterParameterGroups", + "redshift:DescribeClusterParameters", + "redshift:DescribeClusters", + "redshift:DescribeClusterSecurityGroups", + "redshift:DescribeClusterSnapshots", + "redshift:DescribeClusterSubnetGroups", + "redshift:DescribeEventSubscriptions", + "redshift:DescribeLoggingStatus", + "route53:GetHealthCheck", + "route53:GetHostedZone", + "route53:ListHealthChecks", + "route53:ListHostedZones", + "route53:ListHostedZonesByName", + "route53:ListQueryLoggingConfigs", + "route53:ListResourceRecordSets", + "route53:ListTagsForResource", + "route53resolver:GetResolverEndpoint", + "route53resolver:GetResolverRule", + "route53resolver:GetResolverRuleAssociation", + "route53resolver:ListResolverEndpointIpAddresses", + "route53resolver:ListResolverEndpoints", + "route53resolver:ListResolverRuleAssociations", + "route53resolver:ListResolverRules", + "route53resolver:ListTagsForResource", + "s3:GetAccelerateConfiguration", + "s3:GetAccessPoint", + "s3:GetAccessPointPolicy", + "s3:GetAccessPointPolicyStatus", + "s3:GetAccountPublicAccessBlock", + "s3:GetBucketAcl", + "s3:GetBucketCORS", + "s3:GetBucketLocation", + "s3:GetBucketLogging", + "s3:GetBucketNotification", + "s3:GetBucketObjectLockConfiguration", + "s3:GetBucketPolicy", + "s3:GetBucketPublicAccessBlock", + "s3:GetBucketRequestPayment", + "s3:GetBucketTagging", + "s3:GetBucketVersioning", + "s3:GetBucketWebsite", + "s3:GetEncryptionConfiguration", + "s3:GetLifecycleConfiguration", + "s3:GetReplicationConfiguration", + "s3:ListAccessPoints", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "sagemaker:DescribeCodeRepository", + "sagemaker:DescribeEndpoint", + "sagemaker:DescribeEndpointConfig", + "sagemaker:DescribeModel", + "sagemaker:DescribeMonitoringSchedule", + "sagemaker:DescribeNotebookInstance", + "sagemaker:DescribeNotebookInstanceLifecycleConfig", + "sagemaker:DescribeWorkteam", + "sagemaker:ListCodeRepositories", + "sagemaker:ListEndpointConfigs", + "sagemaker:ListEndpoints", + "sagemaker:ListModels", + "sagemaker:ListMonitoringSchedules", + "sagemaker:ListNotebookInstanceLifecycleConfigs", + "sagemaker:ListNotebookInstances", + "sagemaker:ListTags", + "sagemaker:ListWorkteams", + "secretsmanager:ListSecrets", + "secretsmanager:ListSecretVersionIds", + "securityhub:DescribeHub", + "ses:GetConfigurationSet", + "ses:GetConfigurationSetEventDestinations", + "ses:ListConfigurationSets", + "shield:DescribeDRTAccess", + "shield:DescribeProtection", + "shield:DescribeSubscription", + "sns:GetSubscriptionAttributes", + "sns:GetTopicAttributes", + "sns:ListSubscriptions", + "sns:ListSubscriptionsByTopic", + "sns:ListTagsForResource", + "sns:ListTopics", + "sqs:GetQueueAttributes", + "sqs:ListQueues", + "sqs:ListQueueTags", + "ssm:DescribeAutomationExecutions", + "ssm:DescribeDocument", + "ssm:DescribeDocumentPermission", + "ssm:GetAutomationExecution", + "ssm:GetDocument", + "ssm:ListDocuments", + "sso:DescribeInstanceAccessControlAttributeConfiguration", + "sso:DescribePermissionSet", + "sso:ListManagedPoliciesInPermissionSet", + "sso:ListPermissionSets", + "sso:ListTagsForResource", + "states:DescribeActivity", + "states:DescribeStateMachine", + "states:ListActivities", + "states:ListStateMachines", + "states:ListTagsForResource", + "storagegateway:ListGateways", + "storagegateway:ListTagsForResource", + "storagegateway:ListVolumes", + "support:DescribeCases", + "tag:GetResources", + "waf-regional:GetLoggingConfiguration", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf:GetLoggingConfiguration", + "waf:GetWebACL", + "wafv2:GetLoggingConfiguration", + "wafv2:GetRuleGroup", + "wafv2:ListRuleGroups", + "wafv2:ListTagsForResource", + "workspaces:DescribeConnectionAliases", + "workspaces:DescribeTags", + "workspaces:DescribeWorkspaces" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/config/*" + }, + { + "Action":"logs:PutLogEvents", + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/config/*:log-stream:config-rule-evaluation/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-31T18:25:11+00:00" + }, + "AWSConfigUserAccess":{ + "CreateDate":"2015-02-18T19:38:41+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "config:Get*", + "config:Describe*", + "config:Deliver*", + "config:List*", + "config:Select*", + "tag:GetResources", + "tag:GetTagKeys", + "cloudtrail:DescribeTrails", + "cloudtrail:GetTrailStatus", + "cloudtrail:LookupEvents" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-03-18T20:27:47+00:00" + }, + "AWSConnector":{ + "CreateDate":"2015-02-11T17:14:31+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":"iam:GetUser", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:CreateBucket", + "s3:DeleteBucket", + "s3:DeleteObject", + "s3:GetBucketLocation", + "s3:GetObject", + "s3:ListBucket", + "s3:PutObject", + "s3:PutObjectAcl", + "s3:AbortMultipartUpload", + "s3:ListBucketMultipartUploads", + "s3:ListMultipartUploadParts" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::import-to-ec2-*" + }, + { + "Action":[ + "ec2:CancelConversionTask", + "ec2:CancelExportTask", + "ec2:CreateImage", + "ec2:CreateInstanceExportTask", + "ec2:CreateTags", + "ec2:CreateVolume", + "ec2:DeleteTags", + "ec2:DeleteVolume", + "ec2:DescribeConversionTasks", + "ec2:DescribeExportTasks", + "ec2:DescribeImages", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstances", + "ec2:DescribeRegions", + "ec2:DescribeTags", + "ec2:DetachVolume", + "ec2:ImportInstance", + "ec2:ImportVolume", + "ec2:ModifyInstanceAttribute", + "ec2:RunInstances", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances", + "ec2:ImportImage", + "ec2:DescribeImportImageTasks", + "ec2:DeregisterImage", + "ec2:DescribeSnapshots", + "ec2:DeleteSnapshot", + "ec2:CancelImportTask", + "ec2:ImportSnapshot", + "ec2:DescribeImportSnapshotTasks" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "SNS:Publish" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:metrics-sns-topic-for-*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-09-28T19:50:38+00:00" + }, + "AWSControlTowerServiceRolePolicy":{ + "CreateDate":"2019-05-03T18:19:11+00:00", + "DefaultVersionId":"v8", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:CreateStack", + "cloudformation:CreateStackInstances", + "cloudformation:CreateStackSet", + "cloudformation:DeleteStack", + "cloudformation:DeleteStackInstances", + "cloudformation:DeleteStackSet", + "cloudformation:DescribeStackInstance", + "cloudformation:DescribeStacks", + "cloudformation:DescribeStackSet", + "cloudformation:DescribeStackSetOperation", + "cloudformation:ListStackInstances", + "cloudformation:UpdateStack", + "cloudformation:UpdateStackInstances", + "cloudformation:UpdateStackSet" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:type/resource/AWS-IAM-Role" + ] + }, + { + "Action":[ + "cloudformation:CreateStack", + "cloudformation:CreateStackInstances", + "cloudformation:CreateStackSet", + "cloudformation:DeleteStack", + "cloudformation:DeleteStackInstances", + "cloudformation:DeleteStackSet", + "cloudformation:DescribeStackInstance", + "cloudformation:DescribeStacks", + "cloudformation:DescribeStackSet", + "cloudformation:DescribeStackSetOperation", + "cloudformation:GetTemplate", + "cloudformation:ListStackInstances", + "cloudformation:UpdateStack", + "cloudformation:UpdateStackInstances", + "cloudformation:UpdateStackSet" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/AWSControlTower*/*", + "arn:aws:cloudformation:*:*:stack/StackSet-AWSControlTower*/*", + "arn:aws:cloudformation:*:*:stackset/AWSControlTower*:*", + "arn:aws:cloudformation:*:*:stackset-target/AWSControlTower*/*" + ] + }, + { + "Action":[ + "cloudtrail:CreateTrail", + "cloudtrail:DeleteTrail", + "cloudtrail:GetTrailStatus", + "cloudtrail:StartLogging", + "cloudtrail:StopLogging", + "cloudtrail:UpdateTrail", + "cloudtrail:PutEventSelectors", + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:PutRetentionPolicy" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:aws-controltower/CloudTrailLogs:*", + "arn:aws:cloudtrail:*:*:trail/aws-controltower*" + ] + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-controltower*/*" + ] + }, + { + "Action":[ + "sts:AssumeRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/AWSControlTowerExecution" + ] + }, + { + "Action":[ + "cloudtrail:DescribeTrails", + "ec2:DescribeAvailabilityZones", + "iam:ListRoles", + "logs:CreateLogGroup", + "logs:DescribeLogGroups", + "organizations:CreateAccount", + "organizations:DescribeAccount", + "organizations:DescribeCreateAccountStatus", + "organizations:DescribeOrganization", + "organizations:DescribeOrganizationalUnit", + "organizations:DescribePolicy", + "organizations:ListAccounts", + "organizations:ListAccountsForParent", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListChildren", + "organizations:ListOrganizationalUnitsForParent", + "organizations:ListParents", + "organizations:ListPoliciesForTarget", + "organizations:ListTargetsForPolicy", + "organizations:ListRoots", + "organizations:MoveAccount", + "servicecatalog:AssociatePrincipalWithPortfolio" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:GetRole", + "iam:GetUser", + "iam:ListAttachedRolePolicies", + "iam:GetRolePolicy" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AWSControlTowerStackSetRole", + "arn:aws:iam::*:role/service-role/AWSControlTowerCloudTrailRole", + "arn:aws:iam::*:role/service-role/AWSControlTowerConfigAggregatorRoleForOrganizations" + ] + }, + { + "Action":[ + "config:DeleteConfigurationAggregator", + "config:PutConfigurationAggregator", + "config:TagResource" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/aws-control-tower":"managed-by-control-tower" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "organizations:EnableAWSServiceAccess", + "organizations:DisableAWSServiceAccess" + ], + "Condition":{ + "StringLike":{ + "organizations:ServicePrincipal":[ + "config.amazonaws.com", + "cloudtrail.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"cloudtrail.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-20T21:45:54+00:00" + }, + "AWSCostAndUsageReportAutomationPolicy":{ + "CreateDate":"2021-11-01T21:27:29+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "organizations:DescribeOrganization" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetBucketTagging", + "s3:PutBucketTagging", + "s3:GetBucketPolicy", + "s3:PutBucketPolicy", + "s3:ListBucket", + "s3:CreateBucket" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::aws-map-cur-bucket-*" + }, + { + "Action":[ + "cur:PutReportDefinition", + "cur:DeleteReportDefinition", + "cur:DescribeReportDefinitions" + ], + "Effect":"Allow", + "Resource":"arn:aws:cur:*:*:definition/map-migrated-report" + }, + { + "Action":"cur:DescribeReportDefinitions", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-01T21:27:29+00:00" + }, + "AWSDataExchangeFullAccess":{ + "CreateDate":"2019-11-13T19:27:59+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "dataexchange:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"s3:GetObject", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "dataexchange.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:s3:::*aws-data-exchange*" + }, + { + "Action":"s3:GetObject", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "dataexchange.amazonaws.com" + ] + }, + "StringEqualsIgnoreCase":{ + "s3:ExistingObjectTag/AWSDataExchange":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:PutObject", + "s3:PutObjectAcl" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "dataexchange.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:s3:::*aws-data-exchange*" + }, + { + "Action":[ + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "aws-marketplace:DescribeEntity", + "aws-marketplace:ListEntities", + "aws-marketplace:StartChangeSet", + "aws-marketplace:ListChangeSets", + "aws-marketplace:DescribeChangeSet", + "aws-marketplace:CancelChangeSet", + "aws-marketplace:GetAgreementApprovalRequest", + "aws-marketplace:ListAgreementApprovalRequests", + "aws-marketplace:AcceptAgreementApprovalRequest", + "aws-marketplace:RejectAgreementApprovalRequest", + "aws-marketplace:UpdateAgreementApprovalRequest", + "aws-marketplace:SearchAgreements", + "aws-marketplace:GetAgreementTerms" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "aws-marketplace:Subscribe", + "aws-marketplace:Unsubscribe", + "aws-marketplace:ViewSubscriptions", + "aws-marketplace:GetAgreementRequest", + "aws-marketplace:ListAgreementRequests", + "aws-marketplace:CancelAgreementRequest" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:DescribeKey", + "kms:ListAliases", + "kms:ListKeys" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "redshift:AuthorizeDataShare" + ], + "Condition":{ + "StringEqualsIgnoreCase":{ + "redshift:ConsumerIdentifier":"ADX" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "redshift:DescribeDataSharesForProducer", + "redshift:DescribeDataShares" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "apigateway:GET" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-12-02T16:14:27+00:00" + }, + "AWSDataExchangeProviderFullAccess":{ + "CreateDate":"2019-11-13T19:27:55+00:00", + "DefaultVersionId":"v11", + "Document":{ + "Statement":[ + { + "Action":[ + "dataexchange:CreateDataSet", + "dataexchange:CreateRevision", + "dataexchange:CreateAsset", + "dataexchange:Get*", + "dataexchange:Update*", + "dataexchange:List*", + "dataexchange:Delete*", + "dataexchange:TagResource", + "dataexchange:UntagResource", + "dataexchange:PublishDataSet", + "dataexchange:SendApiAsset", + "dataexchange:RevokeRevision", + "tag:GetTagKeys", + "tag:GetTagValues" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "dataexchange:CreateJob", + "dataexchange:StartJob", + "dataexchange:CancelJob" + ], + "Condition":{ + "StringEquals":{ + "dataexchange:JobType":[ + "IMPORT_ASSETS_FROM_S3", + "IMPORT_ASSET_FROM_SIGNED_URL", + "EXPORT_ASSETS_TO_S3", + "EXPORT_ASSET_TO_SIGNED_URL", + "IMPORT_ASSET_FROM_API_GATEWAY_API", + "IMPORT_ASSETS_FROM_REDSHIFT_DATA_SHARES" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"s3:GetObject", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "dataexchange.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:s3:::*aws-data-exchange*" + }, + { + "Action":"s3:GetObject", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "dataexchange.amazonaws.com" + ] + }, + "StringEqualsIgnoreCase":{ + "s3:ExistingObjectTag/AWSDataExchange":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:PutObject", + "s3:PutObjectAcl" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "dataexchange.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:s3:::*aws-data-exchange*" + }, + { + "Action":[ + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "aws-marketplace:DescribeEntity", + "aws-marketplace:ListEntities", + "aws-marketplace:DescribeChangeSet", + "aws-marketplace:ListChangeSets", + "aws-marketplace:StartChangeSet", + "aws-marketplace:CancelChangeSet", + "aws-marketplace:GetAgreementApprovalRequest", + "aws-marketplace:ListAgreementApprovalRequests", + "aws-marketplace:AcceptAgreementApprovalRequest", + "aws-marketplace:RejectAgreementApprovalRequest", + "aws-marketplace:UpdateAgreementApprovalRequest", + "aws-marketplace:SearchAgreements", + "aws-marketplace:GetAgreementTerms" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:DescribeKey", + "kms:ListAliases", + "kms:ListKeys" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "redshift:AuthorizeDataShare" + ], + "Condition":{ + "StringEqualsIgnoreCase":{ + "redshift:ConsumerIdentifier":"ADX" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "redshift:DescribeDataSharesForProducer", + "redshift:DescribeDataShares" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "apigateway:GET" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-03-15T16:16:20+00:00" + }, + "AWSDataExchangeReadOnly":{ + "CreateDate":"2019-11-13T19:27:37+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "dataexchange:Get*", + "dataexchange:List*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "aws-marketplace:ViewSubscriptions", + "aws-marketplace:GetAgreementRequest", + "aws-marketplace:ListAgreementRequests", + "aws-marketplace:GetAgreementApprovalRequest", + "aws-marketplace:ListAgreementApprovalRequests", + "aws-marketplace:DescribeEntity", + "aws-marketplace:ListEntities", + "aws-marketplace:DescribeChangeSet", + "aws-marketplace:ListChangeSets", + "aws-marketplace:SearchAgreements", + "aws-marketplace:GetAgreementTerms" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-05-10T21:15:26+00:00" + }, + "AWSDataExchangeSubscriberFullAccess":{ + "CreateDate":"2019-11-13T19:27:52+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "dataexchange:Get*", + "dataexchange:List*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "dataexchange:CreateJob", + "dataexchange:StartJob", + "dataexchange:CancelJob" + ], + "Condition":{ + "StringEquals":{ + "dataexchange:JobType":[ + "EXPORT_ASSETS_TO_S3", + "EXPORT_ASSET_TO_SIGNED_URL", + "EXPORT_REVISIONS_TO_S3" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "dataexchange:CreateEventAction", + "dataexchange:UpdateEventAction", + "dataexchange:DeleteEventAction", + "dataexchange:SendApiAsset" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"s3:GetObject", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "dataexchange.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:s3:::*aws-data-exchange*" + }, + { + "Action":[ + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "aws-marketplace:Subscribe", + "aws-marketplace:Unsubscribe", + "aws-marketplace:ViewSubscriptions", + "aws-marketplace:GetAgreementRequest", + "aws-marketplace:ListAgreementRequests", + "aws-marketplace:CancelAgreementRequest" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:DescribeKey", + "kms:ListAliases", + "kms:ListKeys" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-29T23:00:06+00:00" + }, + "AWSDataLifecycleManagerServiceRole":{ + "CreateDate":"2018-07-06T19:34:16+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateSnapshot", + "ec2:CreateSnapshots", + "ec2:DeleteSnapshot", + "ec2:DescribeInstances", + "ec2:DescribeVolumes", + "ec2:DescribeSnapshots", + "ec2:EnableFastSnapshotRestores", + "ec2:DescribeFastSnapshotRestores", + "ec2:DisableFastSnapshotRestores", + "ec2:CopySnapshot", + "ec2:ModifySnapshotAttribute", + "ec2:DescribeSnapshotAttribute" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*::snapshot/*" + }, + { + "Action":[ + "events:PutRule", + "events:DeleteRule", + "events:DescribeRule", + "events:EnableRule", + "events:DisableRule", + "events:ListTargetsByRule", + "events:PutTargets", + "events:RemoveTargets" + ], + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/AwsDataLifecycleRule.managed-cwe.*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-11T18:15:06+00:00" + }, + "AWSDataLifecycleManagerServiceRoleForAMIManagement":{ + "CreateDate":"2020-10-21T19:39:41+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":"ec2:CreateTags", + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*::snapshot/*", + "arn:aws:ec2:*::image/*" + ] + }, + { + "Action":[ + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeImageAttribute", + "ec2:DescribeVolumes", + "ec2:DescribeSnapshots" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:DeleteSnapshot", + "Effect":"Allow", + "Resource":"arn:aws:ec2:*::snapshot/*" + }, + { + "Action":[ + "ec2:ResetImageAttribute", + "ec2:DeregisterImage", + "ec2:CreateImage", + "ec2:CopyImage", + "ec2:ModifyImageAttribute" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:EnableImageDeprecation", + "ec2:DisableImageDeprecation" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*::image/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-19T17:03:44+00:00" + }, + "AWSDataPipelineRole":{ + "CreateDate":"2015-02-06T18:41:24+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:*", + "datapipeline:DescribeObjects", + "datapipeline:EvaluateExpression", + "dynamodb:BatchGetItem", + "dynamodb:DescribeTable", + "dynamodb:GetItem", + "dynamodb:Query", + "dynamodb:Scan", + "dynamodb:UpdateTable", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CancelSpotInstanceRequests", + "ec2:CreateSecurityGroup", + "ec2:CreateTags", + "ec2:DeleteTags", + "ec2:Describe*", + "ec2:ModifyImageAttribute", + "ec2:ModifyInstanceAttribute", + "ec2:RequestSpotInstances", + "ec2:RunInstances", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:DeleteSecurityGroup", + "ec2:RevokeSecurityGroupEgress", + "ec2:DescribeNetworkInterfaces", + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DetachNetworkInterface", + "elasticmapreduce:*", + "iam:GetInstanceProfile", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:ListAttachedRolePolicies", + "iam:ListRolePolicies", + "iam:ListInstanceProfiles", + "iam:PassRole", + "rds:DescribeDBInstances", + "rds:DescribeDBSecurityGroups", + "redshift:DescribeClusters", + "redshift:DescribeClusterSecurityGroups", + "s3:CreateBucket", + "s3:DeleteObject", + "s3:Get*", + "s3:List*", + "s3:Put*", + "sdb:BatchPutAttributes", + "sdb:Select*", + "sns:GetTopicAttributes", + "sns:ListTopics", + "sns:Publish", + "sns:Subscribe", + "sns:Unsubscribe", + "sqs:CreateQueue", + "sqs:Delete*", + "sqs:GetQueue*", + "sqs:PurgeQueue", + "sqs:ReceiveMessage" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":[ + "elasticmapreduce.amazonaws.com", + "spot.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-12-22T23:43:28+00:00" + }, + "AWSDataPipeline_FullAccess":{ + "CreateDate":"2017-01-19T23:14:54+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:List*", + "dynamodb:DescribeTable", + "rds:DescribeDBInstances", + "rds:DescribeDBSecurityGroups", + "redshift:DescribeClusters", + "redshift:DescribeClusterSecurityGroups", + "sns:ListTopics", + "sns:Subscribe", + "iam:ListRoles", + "iam:GetRolePolicy", + "iam:GetInstanceProfile", + "iam:ListInstanceProfiles", + "datapipeline:*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"iam:PassRole", + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/DataPipelineDefaultResourceRole", + "arn:aws:iam::*:role/DataPipelineDefaultRole" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-08-17T18:48:39+00:00" + }, + "AWSDataPipeline_PowerUser":{ + "CreateDate":"2017-01-19T23:16:46+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:List*", + "dynamodb:DescribeTable", + "rds:DescribeDBInstances", + "rds:DescribeDBSecurityGroups", + "redshift:DescribeClusters", + "redshift:DescribeClusterSecurityGroups", + "sns:ListTopics", + "iam:ListRoles", + "iam:GetRolePolicy", + "iam:GetInstanceProfile", + "iam:ListInstanceProfiles", + "datapipeline:*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"iam:PassRole", + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/DataPipelineDefaultResourceRole", + "arn:aws:iam::*:role/DataPipelineDefaultRole" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-08-17T18:49:42+00:00" + }, + "AWSDataSyncFullAccess":{ + "CreateDate":"2019-01-18T19:40:36+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "datasync:*", + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:ModifyNetworkInterfaceAttribute", + "fsx:DescribeFileSystems", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeMountTargets", + "iam:GetRole", + "iam:ListRoles", + "logs:CreateLogGroup", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "s3:ListAllMyBuckets", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "datasync.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-30T17:58:58+00:00" + }, + "AWSDataSyncReadOnlyAccess":{ + "CreateDate":"2019-01-18T19:18:44+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "datasync:Describe*", + "datasync:List*", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeMountTargets", + "fsx:DescribeFileSystems", + "iam:GetRole", + "iam:ListRoles", + "logs:DescribeLogGroups", + "logs:DescribeResourcePolicies", + "s3:ListAllMyBuckets", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-30T17:59:22+00:00" + }, + "AWSDeepLensLambdaFunctionAccessPolicy":{ + "CreateDate":"2017-11-29T15:47:18+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:ListBucket", + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::deeplens*/*", + "arn:aws:s3:::deeplens*" + ], + "Sid":"DeepLensS3ObjectAccess" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:DescribeLogStreams", + "logs:PutLogEvents", + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/greengrass/*", + "Sid":"DeepLensGreenGrassCloudWatchAccess" + }, + { + "Action":[ + "deeplens:*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"DeepLensAccess" + }, + { + "Action":[ + "kinesisvideo:DescribeStream", + "kinesisvideo:CreateStream", + "kinesisvideo:GetDataEndpoint", + "kinesisvideo:PutMedia" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"DeepLensKinesisVideoAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-11T23:11:55+00:00" + }, + "AWSDeepLensServiceRolePolicy":{ + "CreateDate":"2017-11-29T15:46:36+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "iot:CreateThing", + "iot:DeleteThing", + "iot:DeleteThingShadow", + "iot:DescribeThing", + "iot:GetThingShadow", + "iot:UpdateThing", + "iot:UpdateThingShadow" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iot:*:*:thing/deeplens*" + ], + "Sid":"DeepLensIoTThingAccess" + }, + { + "Action":[ + "iot:AttachThingPrincipal", + "iot:DetachThingPrincipal", + "iot:UpdateCertificate", + "iot:DeleteCertificate", + "iot:DetachPrincipalPolicy" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iot:*:*:thing/deeplens*", + "arn:aws:iot:*:*:cert/*" + ], + "Sid":"DeepLensIoTCertificateAccess" + }, + { + "Action":[ + "iot:CreateKeysAndCertificate", + "iot:CreatePolicy", + "iot:CreatePolicyVersion" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"DeepLensIoTCreateCertificateAndPolicyAccess" + }, + { + "Action":[ + "iot:AttachPrincipalPolicy" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iot:*:*:policy/deeplens*", + "arn:aws:iot:*:*:cert/*" + ], + "Sid":"DeepLensIoTAttachCertificatePolicyAccess" + }, + { + "Action":[ + "iot:GetThingShadow", + "iot:UpdateThingShadow" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iot:*:*:thing/deeplens*" + ], + "Sid":"DeepLensIoTDataAccess" + }, + { + "Action":[ + "iot:DescribeEndpoint" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"DeepLensIoTEndpointAccess" + }, + { + "Action":[ + "deeplens:*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"DeepLensAccess" + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::deeplens*" + ], + "Sid":"DeepLensS3ObjectAccess" + }, + { + "Action":[ + "s3:DeleteBucket", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::deeplens*" + ], + "Sid":"DeepLensS3Buckets" + }, + { + "Action":[ + "s3:CreateBucket" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"DeepLensCreateS3Buckets" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "greengrass.amazonaws.com", + "sagemaker.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"DeepLensIAMPassRoleAccess" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEqualsIfExists":{ + "iam:PassedToService":"lambda.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/AWSDeepLens*", + "arn:aws:iam::*:role/service-role/AWSDeepLens*" + ], + "Sid":"DeepLensIAMLambdaPassRoleAccess" + }, + { + "Action":[ + "greengrass:AssociateRoleToGroup", + "greengrass:AssociateServiceRoleToAccount", + "greengrass:CreateResourceDefinition", + "greengrass:CreateResourceDefinitionVersion", + "greengrass:CreateCoreDefinition", + "greengrass:CreateCoreDefinitionVersion", + "greengrass:CreateDeployment", + "greengrass:CreateFunctionDefinition", + "greengrass:CreateFunctionDefinitionVersion", + "greengrass:CreateGroup", + "greengrass:CreateGroupCertificateAuthority", + "greengrass:CreateGroupVersion", + "greengrass:CreateLoggerDefinition", + "greengrass:CreateLoggerDefinitionVersion", + "greengrass:CreateSubscriptionDefinition", + "greengrass:CreateSubscriptionDefinitionVersion", + "greengrass:DeleteCoreDefinition", + "greengrass:DeleteFunctionDefinition", + "greengrass:DeleteGroup", + "greengrass:DeleteLoggerDefinition", + "greengrass:DeleteSubscriptionDefinition", + "greengrass:DisassociateRoleFromGroup", + "greengrass:DisassociateServiceRoleFromAccount", + "greengrass:GetAssociatedRole", + "greengrass:GetConnectivityInfo", + "greengrass:GetCoreDefinition", + "greengrass:GetCoreDefinitionVersion", + "greengrass:GetDeploymentStatus", + "greengrass:GetDeviceDefinition", + "greengrass:GetDeviceDefinitionVersion", + "greengrass:GetFunctionDefinition", + "greengrass:GetFunctionDefinitionVersion", + "greengrass:GetGroup", + "greengrass:GetGroupCertificateAuthority", + "greengrass:GetGroupCertificateConfiguration", + "greengrass:GetGroupVersion", + "greengrass:GetLoggerDefinition", + "greengrass:GetLoggerDefinitionVersion", + "greengrass:GetResourceDefinition", + "greengrass:GetServiceRoleForAccount", + "greengrass:GetSubscriptionDefinition", + "greengrass:GetSubscriptionDefinitionVersion", + "greengrass:ListCoreDefinitionVersions", + "greengrass:ListCoreDefinitions", + "greengrass:ListDeployments", + "greengrass:ListDeviceDefinitionVersions", + "greengrass:ListDeviceDefinitions", + "greengrass:ListFunctionDefinitionVersions", + "greengrass:ListFunctionDefinitions", + "greengrass:ListGroupCertificateAuthorities", + "greengrass:ListGroupVersions", + "greengrass:ListGroups", + "greengrass:ListLoggerDefinitionVersions", + "greengrass:ListLoggerDefinitions", + "greengrass:ListSubscriptionDefinitionVersions", + "greengrass:ListSubscriptionDefinitions", + "greengrass:ResetDeployments", + "greengrass:UpdateConnectivityInfo", + "greengrass:UpdateCoreDefinition", + "greengrass:UpdateDeviceDefinition", + "greengrass:UpdateFunctionDefinition", + "greengrass:UpdateGroup", + "greengrass:UpdateGroupCertificateConfiguration", + "greengrass:UpdateLoggerDefinition", + "greengrass:UpdateSubscriptionDefinition", + "greengrass:UpdateResourceDefinition" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"DeepLensGreenGrassAccess" + }, + { + "Action":[ + "lambda:CreateFunction", + "lambda:DeleteFunction", + "lambda:GetFunction", + "lambda:GetFunctionConfiguration", + "lambda:ListFunctions", + "lambda:ListVersionsByFunction", + "lambda:PublishVersion", + "lambda:UpdateFunctionCode", + "lambda:UpdateFunctionConfiguration" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:function:deeplens*" + ], + "Sid":"DeepLensLambdaAdminFunctionAccess" + }, + { + "Action":[ + "lambda:GetFunction", + "lambda:GetFunctionConfiguration", + "lambda:ListFunctions", + "lambda:ListVersionsByFunction" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:function:*" + ], + "Sid":"DeepLensLambdaUsersFunctionAccess" + }, + { + "Action":[ + "sagemaker:CreateTrainingJob", + "sagemaker:DescribeTrainingJob", + "sagemaker:StopTrainingJob" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sagemaker:*:*:training-job/deeplens*" + ], + "Sid":"DeepLensSageMakerWriteAccess" + }, + { + "Action":[ + "sagemaker:DescribeTrainingJob" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sagemaker:*:*:training-job/*" + ], + "Sid":"DeepLensSageMakerReadAccess" + }, + { + "Action":[ + "kinesisvideo:CreateStream", + "kinesisvideo:DescribeStream", + "kinesisvideo:DeleteStream" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:kinesisvideo:*:*:stream/deeplens*/*" + ], + "Sid":"DeepLensKinesisVideoStreamAccess" + }, + { + "Action":[ + "kinesisvideo:GetDataEndpoint" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"DeepLensKinesisVideoEndpointAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-09-25T19:25:06+00:00" + }, + "AWSDeepRacerAccountAdminAccess":{ + "CreateDate":"2021-10-28T01:27:13+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "deepracer:*" + ], + "Condition":{ + "Null":{ + "deepracer:UserToken":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"DeepRacerAdminAccessStatement" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-10-28T01:27:13+00:00" + }, + "AWSDeepRacerCloudFormationAccessPolicy":{ + "CreateDate":"2019-02-28T21:59:49+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:AllocateAddress", + "ec2:AttachInternetGateway", + "ec2:AssociateRouteTable", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateInternetGateway", + "ec2:CreateNatGateway", + "ec2:CreateNetworkAcl", + "ec2:CreateNetworkAclEntry", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSecurityGroup", + "ec2:CreateSubnet", + "ec2:CreateTags", + "ec2:CreateVpc", + "ec2:CreateVpcEndpoint", + "ec2:DeleteInternetGateway", + "ec2:DeleteNatGateway", + "ec2:DeleteNetworkAcl", + "ec2:DeleteNetworkAclEntry", + "ec2:DeleteRoute", + "ec2:DeleteRouteTable", + "ec2:DeleteSecurityGroup", + "ec2:DeleteSubnet", + "ec2:DeleteTags", + "ec2:DeleteVpc", + "ec2:DeleteVpcEndpoints", + "ec2:DescribeAddresses", + "ec2:DescribeInternetGateways", + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkAcls", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeTags", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs", + "ec2:DetachInternetGateway", + "ec2:DisassociateRouteTable", + "ec2:ModifySubnetAttribute", + "ec2:ModifyVpcAttribute", + "ec2:ReleaseAddress", + "ec2:ReplaceNetworkAclAssociation", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLikeIfExists":{ + "iam:PassedToService":"lambda.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/service-role/AWSDeepRacerLambdaAccessRole" + }, + { + "Action":[ + "lambda:CreateFunction", + "lambda:GetFunction", + "lambda:DeleteFunction", + "lambda:TagResource", + "lambda:UpdateFunctionCode" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:function:*DeepRacer*", + "arn:aws:lambda:*:*:function:*Deepracer*", + "arn:aws:lambda:*:*:function:*deepracer*" + ] + }, + { + "Action":[ + "s3:PutBucketPolicy", + "s3:CreateBucket", + "s3:ListBucket", + "s3:GetBucketAcl", + "s3:DeleteBucket" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*DeepRacer*", + "arn:aws:s3:::*Deepracer*", + "arn:aws:s3:::*deepracer*" + ] + }, + { + "Action":[ + "robomaker:CreateSimulationApplication", + "robomaker:CreateSimulationApplicationVersion", + "robomaker:DeleteSimulationApplication", + "robomaker:DescribeSimulationApplication", + "robomaker:ListSimulationApplications", + "robomaker:TagResource", + "robomaker:UpdateSimulationApplication" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:robomaker:*:*:/createSimulationApplication", + "arn:aws:robomaker:*:*:simulation-application/deepracer*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-14T17:02:04+00:00" + }, + "AWSDeepRacerDefaultMultiUserAccess":{ + "CreateDate":"2021-10-28T01:27:13+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "deepracer:Add*", + "deepracer:Remove*", + "deepracer:Create*", + "deepracer:Perform*", + "deepracer:Clone*", + "deepracer:Get*", + "deepracer:List*", + "deepracer:Edit*", + "deepracer:Start*", + "deepracer:Set*", + "deepracer:Update*", + "deepracer:Delete*", + "deepracer:Stop*", + "deepracer:Import*", + "deepracer:Tag*", + "deepracer:Untag*" + ], + "Condition":{ + "Bool":{ + "deepracer:MultiUser":"true" + }, + "Null":{ + "deepracer:UserToken":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "deepracer:GetAccountConfig", + "deepracer:GetTrack", + "deepracer:ListTracks", + "deepracer:TestRewardFunction" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "deepracer:Admin*" + ], + "Effect":"Deny", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-10-28T01:27:13+00:00" + }, + "AWSDeepRacerFullAccess":{ + "CreateDate":"2020-10-05T22:03:10+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:DeleteObject", + "s3:DeleteObjectVersion", + "s3:GetBucketPolicy", + "s3:PutBucketPolicy", + "s3:ListBucket", + "s3:GetBucketAcl", + "s3:GetObject", + "s3:GetObjectVersion", + "s3:GetObjectAcl", + "s3:GetBucketLocation" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*DeepRacer*", + "arn:aws:s3:::*Deepracer*", + "arn:aws:s3:::*deepracer*", + "arn:aws:s3:::dr-*", + "arn:aws:s3:::*DeepRacer*/*", + "arn:aws:s3:::*Deepracer*/*", + "arn:aws:s3:::*deepracer*/*", + "arn:aws:s3:::dr-*/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-10-05T22:03:10+00:00" + }, + "AWSDeepRacerRoboMakerAccessPolicy":{ + "CreateDate":"2019-02-28T21:59:58+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "robomaker:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:PutMetricData", + "ec2:CreateNetworkInterfacePermission", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeVpcs" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:DescribeLogStreams", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/robomaker/SimulationJobs", + "arn:aws:logs:*:*:log-group:/aws/robomaker/SimulationJobs:log-stream:*" + ] + }, + { + "Action":[ + "s3:GetObject", + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:ListAllMyBuckets", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*DeepRacer*", + "arn:aws:s3:::*Deepracer*", + "arn:aws:s3:::*deepracer*", + "arn:aws:s3:::dr-*" + ] + }, + { + "Action":[ + "s3:GetObject" + ], + "Condition":{ + "StringEqualsIgnoreCase":{ + "s3:ExistingObjectTag/DeepRacer":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kinesisvideo:CreateStream", + "kinesisvideo:DescribeStream", + "kinesisvideo:GetDataEndpoint", + "kinesisvideo:PutMedia", + "kinesisvideo:TagStream" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:kinesisvideo:*:*:stream/dr-*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-02-28T21:59:58+00:00" + }, + "AWSDeepRacerServiceRolePolicy":{ + "CreateDate":"2019-02-28T21:58:09+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "deepracer:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "robomaker:*", + "sagemaker:*", + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudformation:ListStackResources", + "cloudformation:DescribeStacks", + "cloudformation:CreateStack", + "cloudformation:DeleteStack", + "cloudformation:DescribeStackResource", + "cloudformation:DescribeStackResources", + "cloudformation:DescribeStackEvents", + "cloudformation:DetectStackDrift", + "cloudformation:DescribeStackDriftDetectionStatus", + "cloudformation:DescribeStackResourceDrifts" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"robomaker.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/AWSDeepRacer*", + "arn:aws:iam::*:role/service-role/AWSDeepRacer*" + ] + }, + { + "Action":[ + "cloudwatch:GetMetricData", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:DescribeLogStreams", + "logs:GetLogEvents", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "lambda:CreateFunction", + "lambda:DeleteFunction", + "lambda:GetFunction", + "lambda:InvokeFunction", + "lambda:UpdateFunctionCode" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:function:*DeepRacer*", + "arn:aws:lambda:*:*:function:*Deepracer*", + "arn:aws:lambda:*:*:function:*deepracer*", + "arn:aws:lambda:*:*:function:*dr-*" + ] + }, + { + "Action":[ + "s3:GetObject", + "s3:GetBucketLocation", + "s3:DeleteObject", + "s3:ListBucket", + "s3:PutObject", + "s3:PutBucketPolicy", + "s3:GetBucketAcl" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*DeepRacer*", + "arn:aws:s3:::*Deepracer*", + "arn:aws:s3:::*deepracer*", + "arn:aws:s3:::dr-*" + ] + }, + { + "Action":[ + "s3:GetObject" + ], + "Condition":{ + "StringEqualsIgnoreCase":{ + "s3:ExistingObjectTag/DeepRacer":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kinesisvideo:CreateStream", + "kinesisvideo:DeleteStream", + "kinesisvideo:DescribeStream", + "kinesisvideo:GetDataEndpoint", + "kinesisvideo:GetHLSStreamingSessionURL", + "kinesisvideo:GetMedia", + "kinesisvideo:PutMedia", + "kinesisvideo:TagStream" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:kinesisvideo:*:*:stream/dr-*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-12T20:55:34+00:00" + }, + "AWSDenyAll":{ + "CreateDate":"2019-05-01T22:36:14+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "*" + ], + "Effect":"Deny", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-05-01T22:36:14+00:00" + }, + "AWSDeviceFarmFullAccess":{ + "CreateDate":"2015-07-13T16:37:38+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "devicefarm:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-07-13T16:37:38+00:00" + }, + "AWSDeviceFarmTestGridServiceRolePolicy":{ + "CreateDate":"2021-05-26T22:01:35+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateNetworkInterface" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*" + ] + }, + { + "Action":[ + "ec2:CreateNetworkInterface" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/AWSDeviceFarmManaged":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*" + ] + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"CreateNetworkInterface" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + }, + { + "Action":[ + "ec2:CreateNetworkInterfacePermission", + "ec2:DeleteNetworkInterface" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/AWSDeviceFarmManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + }, + { + "Action":[ + "ec2:ModifyNetworkInterfaceAttribute" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":[ + "ec2:ModifyNetworkInterfaceAttribute" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/AWSDeviceFarmManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-05-26T22:01:35+00:00" + }, + "AWSDirectConnectFullAccess":{ + "CreateDate":"2015-02-06T18:40:07+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "directconnect:*", + "ec2:DescribeVpnGateways", + "ec2:DescribeTransitGateways" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-04-30T15:29:29+00:00" + }, + "AWSDirectConnectReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:40:08+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "directconnect:Describe*", + "directconnect:List*", + "ec2:DescribeVpnGateways", + "ec2:DescribeTransitGateways" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-05-18T18:48:22+00:00" + }, + "AWSDirectConnectServiceRolePolicy":{ + "CreateDate":"2021-01-14T18:35:27+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "secretsmanager:DescribeSecret", + "secretsmanager:ListSecretVersionIds", + "secretsmanager:GetSecretValue" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:secretsmanager:*:*:secret:*directconnect*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-01-14T18:35:27+00:00" + }, + "AWSDirectoryServiceFullAccess":{ + "CreateDate":"2015-02-06T18:41:11+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "ds:*", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup", + "ec2:DeleteNetworkInterface", + "ec2:DeleteSecurityGroup", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DescribeSecurityGroups", + "sns:GetTopicAttributes", + "sns:ListSubscriptions", + "sns:ListSubscriptionsByTopic", + "sns:ListTopics", + "iam:ListRoles", + "organizations:ListAccountsForParent", + "organizations:ListRoots", + "organizations:ListAccounts", + "organizations:DescribeOrganization", + "organizations:DescribeAccount", + "organizations:ListOrganizationalUnitsForParent", + "organizations:ListAWSServiceAccessForOrganization" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sns:CreateTopic", + "sns:DeleteTopic", + "sns:SetTopicAttributes", + "sns:Subscribe", + "sns:Unsubscribe" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:DirectoryMonitoring*" + }, + { + "Action":[ + "organizations:EnableAWSServiceAccess", + "organizations:DisableAWSServiceAccess" + ], + "Condition":{ + "StringEquals":{ + "organizations:ServicePrincipal":"ds.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:security-group/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-11-24T23:24:10+00:00" + }, + "AWSDirectoryServiceReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:41:12+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "ds:Check*", + "ds:Describe*", + "ds:Get*", + "ds:List*", + "ds:Verify*", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "sns:ListTopics", + "sns:GetTopicAttributes", + "sns:ListSubscriptions", + "sns:ListSubscriptionsByTopic", + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:ListAWSServiceAccessForOrganization" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-09-25T21:54:01+00:00" + }, + "AWSDiscoveryContinuousExportFirehosePolicy":{ + "CreateDate":"2018-08-09T18:29:39+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "glue:GetTableVersions" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:AbortMultipartUpload", + "s3:GetBucketLocation", + "s3:GetObject", + "s3:ListBucket", + "s3:ListBucketMultipartUploads", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-application-discovery-service-*" + ] + }, + { + "Action":[ + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/application-discovery-service/firehose:log-stream:*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-06-08T17:32:46+00:00" + }, + "AWSEC2CapacityReservationFleetRolePolicy":{ + "CreateDate":"2021-09-29T14:43:09+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeCapacityReservations", + "ec2:DescribeInstances" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateCapacityReservation", + "ec2:CancelCapacityReservation", + "ec2:ModifyCapacityReservation" + ], + "Condition":{ + "StringLike":{ + "ec2:CapacityReservationFleet":"arn:aws:ec2:*:*:capacity-reservation-fleet/crf-*" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:capacity-reservation/*" + ] + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"CreateCapacityReservation" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:capacity-reservation/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-29T14:43:09+00:00" + }, + "AWSEC2FleetServiceRolePolicy":{ + "CreateDate":"2018-03-21T00:08:55+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeImages", + "ec2:DescribeSubnets", + "ec2:RequestSpotInstances", + "ec2:DescribeInstanceStatus", + "ec2:RunInstances" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"spot.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"EC2SpotManagement" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "ec2.amazonaws.com", + "ec2.amazonaws.com.cn" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:spot-instances-request/*" + ] + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"RunInstances" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:volume/*" + ] + }, + { + "Action":[ + "ec2:TerminateInstances" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/aws:ec2:fleet-id":"*" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-05-04T20:10:31+00:00" + }, + "AWSEC2SpotFleetServiceRolePolicy":{ + "CreateDate":"2017-10-23T19:13:06+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeImages", + "ec2:DescribeSubnets", + "ec2:RequestSpotInstances", + "ec2:DescribeInstanceStatus", + "ec2:RunInstances" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "ec2.amazonaws.com", + "ec2.amazonaws.com.cn" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:spot-instances-request/*", + "arn:aws:ec2:*:*:spot-fleet-request/*", + "arn:aws:ec2:*:*:volume/*" + ] + }, + { + "Action":[ + "ec2:TerminateInstances" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/aws:ec2spot:fleet-request-id":"*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "elasticloadbalancing:RegisterInstancesWithLoadBalancer" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:elasticloadbalancing:*:*:loadbalancer/*" + ] + }, + { + "Action":[ + "elasticloadbalancing:RegisterTargets" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:elasticloadbalancing:*:*:*/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-03-16T19:16:21+00:00" + }, + "AWSEC2SpotServiceRolePolicy":{ + "CreateDate":"2017-09-18T18:51:54+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeInstances", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:RunInstances" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Condition":{ + "StringNotEquals":{ + "ec2:InstanceMarketType":"spot" + } + }, + "Effect":"Deny", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "ec2.amazonaws.com", + "ec2.amazonaws.com.cn" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"RunInstances" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-12-12T00:13:51+00:00" + }, + "AWSECRPullThroughCache_ServiceRolePolicy":{ + "CreateDate":"2021-11-26T21:51:09+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ecr:GetAuthorizationToken", + "ecr:BatchCheckLayerAvailability", + "ecr:InitiateLayerUpload", + "ecr:UploadLayerPart", + "ecr:CompleteLayerUpload", + "ecr:PutImage" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-26T21:51:09+00:00" + }, + "AWSElasticBeanstalkCustomPlatformforEC2Role":{ + "CreateDate":"2017-02-21T22:50:30+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:AttachVolume", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CopyImage", + "ec2:CreateImage", + "ec2:CreateKeypair", + "ec2:CreateSecurityGroup", + "ec2:CreateSnapshot", + "ec2:CreateTags", + "ec2:CreateVolume", + "ec2:DeleteKeypair", + "ec2:DeleteSecurityGroup", + "ec2:DeleteSnapshot", + "ec2:DeleteVolume", + "ec2:DeregisterImage", + "ec2:DescribeImageAttribute", + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeRegions", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSnapshots", + "ec2:DescribeSubnets", + "ec2:DescribeTags", + "ec2:DescribeVolumes", + "ec2:DetachVolume", + "ec2:GetPasswordData", + "ec2:ModifyImageAttribute", + "ec2:ModifyInstanceAttribute", + "ec2:ModifySnapshotAttribute", + "ec2:RegisterImage", + "ec2:RunInstances", + "ec2:StopInstances", + "ec2:TerminateInstances" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"EC2Access" + }, + { + "Action":[ + "s3:Get*", + "s3:List*", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::elasticbeanstalk-*", + "arn:aws:s3:::elasticbeanstalk-*/*" + ], + "Sid":"BucketAccess" + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/platform/*", + "Sid":"CloudWatchLogsAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-02-21T22:50:30+00:00" + }, + "AWSElasticBeanstalkEnhancedHealth":{ + "CreateDate":"2016-02-08T23:17:27+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "elasticloadbalancing:DescribeInstanceHealth", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTargetHealth", + "ec2:DescribeInstances", + "ec2:DescribeInstanceStatus", + "ec2:GetConsoleOutput", + "ec2:AssociateAddress", + "ec2:DescribeAddresses", + "ec2:DescribeSecurityGroups", + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeAutoScalingInstances", + "autoscaling:DescribeScalingActivities", + "autoscaling:DescribeNotificationConfigurations", + "sns:Publish" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "logs:DescribeLogStreams", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*:log-stream:*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-04-09T22:12:53+00:00" + }, + "AWSElasticBeanstalkMaintenance":{ + "CreateDate":"2019-01-11T23:22:52+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:CreateChangeSet", + "cloudformation:DescribeChangeSet", + "cloudformation:ExecuteChangeSet", + "cloudformation:DeleteChangeSet", + "cloudformation:ListChangeSets", + "cloudformation:DescribeStacks" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/awseb-*", + "arn:aws:cloudformation:*:*:stack/eb-*" + ], + "Sid":"AllowCloudformationChangeSetOperationsOnElasticBeanstalkStacks" + }, + { + "Action":"elasticloadbalancing:DescribeLoadBalancers", + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowElasticBeanstalkStacksUpdateExecuteSuccessfully" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-04T17:48:27+00:00" + }, + "AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy":{ + "CreateDate":"2021-03-03T22:18:00+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "elasticbeanstalk:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ElasticBeanstalkPermissions" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "elasticbeanstalk.amazonaws.com", + "ec2.amazonaws.com", + "ec2.amazonaws.com.cn", + "autoscaling.amazonaws.com", + "elasticloadbalancing.amazonaws.com", + "ecs.amazonaws.com", + "cloudformation.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*", + "Sid":"AllowPassRoleToElasticBeanstalkAndDownstreamServices" + }, + { + "Action":[ + "autoscaling:DescribeAccountLimits", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeAutoScalingInstances", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribeLoadBalancers", + "autoscaling:DescribeNotificationConfigurations", + "autoscaling:DescribeScalingActivities", + "autoscaling:DescribeScheduledActions", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeImages", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstances", + "ec2:DescribeKeyPairs", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSnapshots", + "ec2:DescribeSpotInstanceRequests", + "ec2:DescribeSubnets", + "ec2:DescribeVpcClassicLink", + "ec2:DescribeVpcs", + "elasticloadbalancing:DescribeInstanceHealth", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth", + "logs:DescribeLogGroups", + "rds:DescribeDBEngineVersions", + "rds:DescribeDBInstances", + "rds:DescribeOrderableDBInstanceOptions", + "sns:ListSubscriptionsByTopic" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"ReadOnlyPermissions" + }, + { + "Action":[ + "ec2:AllocateAddress", + "ec2:AssociateAddress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateLaunchTemplate", + "ec2:CreateLaunchTemplateVersion", + "ec2:CreateSecurityGroup", + "ec2:DeleteLaunchTemplate", + "ec2:DeleteLaunchTemplateVersions", + "ec2:DeleteSecurityGroup", + "ec2:DisassociateAddress", + "ec2:ReleaseAddress", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"EC2BroadOperationPermissions" + }, + { + "Action":"ec2:RunInstances", + "Condition":{ + "ArnLike":{ + "ec2:LaunchTemplate":"arn:aws:ec2:*:*:launch-template/*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"EC2RunInstancesOperationPermissions" + }, + { + "Action":[ + "ec2:TerminateInstances" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/aws:cloudformation:stack-id":[ + "arn:aws:cloudformation:*:*:stack/awseb-e-*", + "arn:aws:cloudformation:*:*:stack/eb-*" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"EC2TerminateInstancesOperationPermissions" + }, + { + "Action":[ + "ecs:CreateCluster", + "ecs:DescribeClusters", + "ecs:RegisterTaskDefinition" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ECSBroadOperationPermissions" + }, + { + "Action":"ecs:DeleteCluster", + "Effect":"Allow", + "Resource":"arn:aws:ecs:*:*:cluster/awseb-*", + "Sid":"ECSDeleteClusterOperationPermissions" + }, + { + "Action":[ + "autoscaling:AttachInstances", + "autoscaling:CreateAutoScalingGroup", + "autoscaling:CreateLaunchConfiguration", + "autoscaling:DeleteLaunchConfiguration", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:DeleteScheduledAction", + "autoscaling:DetachInstances", + "autoscaling:DeletePolicy", + "autoscaling:PutScalingPolicy", + "autoscaling:PutScheduledUpdateGroupAction", + "autoscaling:PutNotificationConfiguration", + "autoscaling:ResumeProcesses", + "autoscaling:SetDesiredCapacity", + "autoscaling:SuspendProcesses", + "autoscaling:TerminateInstanceInAutoScalingGroup", + "autoscaling:UpdateAutoScalingGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", + "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*", + "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*", + "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*" + ], + "Sid":"ASGOperationPermissions" + }, + { + "Action":[ + "cloudformation:*" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/awseb-*", + "arn:aws:cloudformation:*:*:stack/eb-*" + ], + "Sid":"CFNOperationPermissions" + }, + { + "Action":[ + "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", + "elasticloadbalancing:ConfigureHealthCheck", + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:DeregisterTargets", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer", + "elasticloadbalancing:RegisterTargets" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", + "arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/*/awseb-*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/*/eb-*/*" + ], + "Sid":"ELBOperationPermissions" + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:DeleteLogGroup", + "logs:PutRetentionPolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*", + "Sid":"CWLogsOperationPermissions" + }, + { + "Action":[ + "s3:DeleteObject", + "s3:GetObject", + "s3:GetObjectAcl", + "s3:GetObjectVersion", + "s3:GetObjectVersionAcl", + "s3:PutObject", + "s3:PutObjectAcl", + "s3:PutObjectVersionAcl" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::elasticbeanstalk-*/*", + "Sid":"S3ObjectOperationPermissions" + }, + { + "Action":[ + "s3:GetBucketLocation", + "s3:GetBucketPolicy", + "s3:ListBucket", + "s3:PutBucketPolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::elasticbeanstalk-*", + "Sid":"S3BucketOperationPermissions" + }, + { + "Action":[ + "sns:CreateTopic", + "sns:GetTopicAttributes", + "sns:SetTopicAttributes", + "sns:Subscribe" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:ElasticBeanstalkNotifications-*", + "Sid":"SNSOperationPermissions" + }, + { + "Action":[ + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sqs:*:*:awseb-e-*", + "arn:aws:sqs:*:*:eb-*" + ], + "Sid":"SQSOperationPermissions" + }, + { + "Action":[ + "cloudwatch:PutMetricAlarm" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudwatch:*:*:alarm:awseb-*", + "arn:aws:cloudwatch:*:*:alarm:eb-*" + ], + "Sid":"CWPutMetricAlarmOperationPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-06-16T22:40:31+00:00" + }, + "AWSElasticBeanstalkManagedUpdatesServiceRolePolicy":{ + "CreateDate":"2019-11-21T22:35:06+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":"iam:PassRole", + "Condition":{ + "StringLikeIfExists":{ + "iam:PassedToService":[ + "elasticbeanstalk.amazonaws.com", + "ec2.amazonaws.com", + "autoscaling.amazonaws.com", + "elasticloadbalancing.amazonaws.com", + "ecs.amazonaws.com", + "cloudformation.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowPassRoleToElasticBeanstalkAndDownstreamServices" + }, + { + "Action":[ + "ec2:releaseAddress", + "ec2:allocateAddress", + "ec2:DisassociateAddress", + "ec2:AssociateAddress" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SingleInstanceAPIs" + }, + { + "Action":[ + "ecs:RegisterTaskDefinition", + "ecs:DeRegisterTaskDefinition", + "ecs:List*", + "ecs:Describe*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ECS" + }, + { + "Action":[ + "elasticbeanstalk:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ElasticBeanstalkAPIs" + }, + { + "Action":[ + "cloudformation:Describe*", + "cloudformation:List*", + "ec2:Describe*", + "autoscaling:Describe*", + "elasticloadbalancing:Describe*", + "logs:DescribeLogGroups", + "sns:GetTopicAttributes", + "sns:ListSubscriptionsByTopic" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ReadOnlyAPIs" + }, + { + "Action":[ + "autoscaling:AttachInstances", + "autoscaling:CreateAutoScalingGroup", + "autoscaling:CreateLaunchConfiguration", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:DeleteLaunchConfiguration", + "autoscaling:DeleteScheduledAction", + "autoscaling:DetachInstances", + "autoscaling:PutNotificationConfiguration", + "autoscaling:PutScalingPolicy", + "autoscaling:PutScheduledUpdateGroupAction", + "autoscaling:ResumeProcesses", + "autoscaling:SuspendProcesses", + "autoscaling:TerminateInstanceInAutoScalingGroup", + "autoscaling:UpdateAutoScalingGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", + "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*", + "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*", + "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*" + ], + "Sid":"ASG" + }, + { + "Action":[ + "cloudformation:CreateStack", + "cloudformation:CancelUpdateStack", + "cloudformation:DeleteStack", + "cloudformation:GetTemplate", + "cloudformation:UpdateStack" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/awseb-e-*", + "arn:aws:cloudformation:*:*:stack/eb-*" + ], + "Sid":"CFN" + }, + { + "Action":[ + "ec2:TerminateInstances" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/aws:cloudformation:stack-id":[ + "arn:aws:cloudformation:*:*:stack/awseb-e-*", + "arn:aws:cloudformation:*:*:stack/eb-*" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"EC2" + }, + { + "Action":[ + "s3:DeleteObject", + "s3:GetObject", + "s3:GetObjectAcl", + "s3:GetObjectVersion", + "s3:GetObjectVersionAcl", + "s3:PutObject", + "s3:PutObjectAcl", + "s3:PutObjectVersionAcl" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::elasticbeanstalk-*/*", + "Sid":"S3Obj" + }, + { + "Action":[ + "s3:GetBucketLocation", + "s3:GetBucketPolicy", + "s3:ListBucket", + "s3:PutBucketPolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::elasticbeanstalk-*", + "Sid":"S3Bucket" + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:DeleteLogGroup", + "logs:PutRetentionPolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*", + "Sid":"CWL" + }, + { + "Action":[ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeRegisterTargets", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-e-*", + "arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*" + ], + "Sid":"ELB" + }, + { + "Action":[ + "sns:CreateTopic" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:ElasticBeanstalkNotifications-Environment-*", + "Sid":"SNS" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-11T18:21:32+00:00" + }, + "AWSElasticBeanstalkMulticontainerDocker":{ + "CreateDate":"2016-02-08T23:15:29+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ecs:Poll", + "ecs:StartTask", + "ecs:StopTask", + "ecs:DiscoverPollEndpoint", + "ecs:StartTelemetrySession", + "ecs:RegisterContainerInstance", + "ecs:DeregisterContainerInstance", + "ecs:DescribeContainerInstances", + "ecs:Submit*", + "ecs:DescribeTasks" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ECSAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-06-06T23:45:37+00:00" + }, + "AWSElasticBeanstalkReadOnly":{ + "CreateDate":"2021-01-22T19:02:37+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "acm:ListCertificates", + "autoscaling:DescribeAccountLimits", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeAutoScalingInstances", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribePolicies", + "autoscaling:DescribeLoadBalancers", + "autoscaling:DescribeNotificationConfigurations", + "autoscaling:DescribeScalingActivities", + "autoscaling:DescribeScheduledActions", + "cloudformation:DescribeStackResource", + "cloudformation:DescribeStackResources", + "cloudformation:DescribeStacks", + "cloudformation:GetTemplate", + "cloudformation:ListStackResources", + "cloudformation:ListStacks", + "cloudformation:ValidateTemplate", + "cloudtrail:LookupEvents", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeImages", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstances", + "ec2:DescribeInstanceStatus", + "ec2:DescribeKeyPairs", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSnapshots", + "ec2:DescribeSpotInstanceRequests", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "elasticbeanstalk:Check*", + "elasticbeanstalk:Describe*", + "elasticbeanstalk:List*", + "elasticbeanstalk:RequestEnvironmentInfo", + "elasticbeanstalk:RetrieveEnvironmentInfo", + "elasticloadbalancing:DescribeInstanceHealth", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth", + "iam:GetRole", + "iam:ListAttachedRolePolicies", + "iam:ListInstanceProfiles", + "iam:ListRolePolicies", + "iam:ListRoles", + "iam:ListServerCertificates", + "rds:DescribeDBEngineVersions", + "rds:DescribeDBInstances", + "rds:DescribeOrderableDBInstanceOptions", + "rds:DescribeDBSnapshots", + "s3:ListAllMyBuckets", + "sns:ListSubscriptionsByTopic", + "sns:ListTopics", + "sqs:ListQueues" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowAPIs" + }, + { + "Action":[ + "s3:GetObject", + "s3:GetObjectAcl", + "s3:GetObjectVersion", + "s3:GetObjectVersionAcl", + "s3:GetBucketLocation", + "s3:GetBucketPolicy", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::elasticbeanstalk-*", + "Sid":"AllowS3" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-01-22T19:02:37+00:00" + }, + "AWSElasticBeanstalkRoleCWL":{ + "CreateDate":"2020-06-05T21:49:06+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogGroup", + "logs:DeleteLogGroup", + "logs:PutRetentionPolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*", + "Sid":"AllowCWL" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-05T21:49:06+00:00" + }, + "AWSElasticBeanstalkRoleCore":{ + "CreateDate":"2020-06-05T21:48:24+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:TerminateInstances" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/awseb-e-*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"TerminateInstances" + }, + { + "Action":[ + "ec2:ReleaseAddress", + "ec2:AllocateAddress", + "ec2:DisassociateAddress", + "ec2:AssociateAddress", + "ec2:CreateTags", + "ec2:DeleteTags", + "ec2:CreateSecurityGroup", + "ec2:DeleteSecurityGroup", + "ec2:AuthorizeSecurityGroup*", + "ec2:RevokeSecurityGroup*", + "ec2:CreateLaunchTemplate*", + "ec2:DeleteLaunchTemplate*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"EC2" + }, + { + "Action":"ec2:RunInstances", + "Condition":{ + "ArnLike":{ + "ec2:LaunchTemplate":"arn:aws:ec2:*:*:launch-template/*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"LTRunInstances" + }, + { + "Action":[ + "autoscaling:AttachInstances", + "autoscaling:*LoadBalancer*", + "autoscaling:*AutoScalingGroup", + "autoscaling:*LaunchConfiguration", + "autoscaling:DeleteScheduledAction", + "autoscaling:DetachInstances", + "autoscaling:PutNotificationConfiguration", + "autoscaling:PutScalingPolicy", + "autoscaling:PutScheduledUpdateGroupAction", + "autoscaling:ResumeProcesses", + "autoscaling:SuspendProcesses", + "autoscaling:*Tags" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", + "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*" + ], + "Sid":"ASG" + }, + { + "Action":[ + "autoscaling:DeletePolicy" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"ASGPolicy" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"elasticbeanstalk.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*" + ], + "Sid":"EBSLR" + }, + { + "Action":[ + "s3:Delete*", + "s3:Get*", + "s3:Put*" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::elasticbeanstalk-*/*", + "arn:aws:s3:::elasticbeanstalk-env-resources-*/*" + ], + "Sid":"S3Obj" + }, + { + "Action":[ + "s3:GetBucket*", + "s3:ListBucket", + "s3:PutBucketPolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::elasticbeanstalk-*", + "Sid":"S3Bucket" + }, + { + "Action":[ + "cloudformation:CreateStack", + "cloudformation:DeleteStack", + "cloudformation:GetTemplate", + "cloudformation:ListStackResources", + "cloudformation:UpdateStack", + "cloudformation:ContinueUpdateRollback", + "cloudformation:CancelUpdateStack" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudformation:*:*:stack/awseb-e-*", + "Sid":"CFN" + }, + { + "Action":[ + "cloudwatch:PutMetricAlarm", + "cloudwatch:DeleteAlarms" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudwatch:*:*:alarm:awseb-*", + "Sid":"CloudWatch" + }, + { + "Action":[ + "elasticloadbalancing:Create*", + "elasticloadbalancing:Delete*", + "elasticloadbalancing:Modify*", + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeRegisterTargets", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer", + "elasticloadbalancing:*Tags", + "elasticloadbalancing:ConfigureHealthCheck", + "elasticloadbalancing:SetRulePriorities", + "elasticloadbalancing:SetLoadBalancerPoliciesOfListener" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/awseb-*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/awseb-*/*", + "arn:aws:elasticloadbalancing:*:*:listener/awseb-*", + "arn:aws:elasticloadbalancing:*:*:listener/app/awseb-*", + "arn:aws:elasticloadbalancing:*:*:listener/net/awseb-*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/awseb-*/*/*/*" + ], + "Sid":"ELB" + }, + { + "Action":[ + "autoscaling:Describe*", + "cloudformation:Describe*", + "logs:Describe*", + "ec2:Describe*", + "ecs:Describe*", + "ecs:List*", + "elasticloadbalancing:Describe*", + "rds:Describe*", + "sns:List*", + "iam:List*", + "acm:Describe*", + "acm:List*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ListAPIs" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "elasticbeanstalk.amazonaws.com", + "ec2.amazonaws.com", + "autoscaling.amazonaws.com", + "elasticloadbalancing.amazonaws.com", + "ecs.amazonaws.com", + "cloudformation.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-elasticbeanstalk-*", + "Sid":"AllowPassRole" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-09-09T20:31:14+00:00" + }, + "AWSElasticBeanstalkRoleECS":{ + "CreateDate":"2020-06-05T21:47:27+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ecs:CreateCluster", + "ecs:DeleteCluster", + "ecs:RegisterTaskDefinition", + "ecs:DeRegisterTaskDefinition" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"AllowECS" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-05T21:47:27+00:00" + }, + "AWSElasticBeanstalkRoleRDS":{ + "CreateDate":"2020-06-05T21:46:55+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "rds:CreateDBSecurityGroup", + "rds:DeleteDBSecurityGroup", + "rds:AuthorizeDBSecurityGroupIngress", + "rds:CreateDBInstance", + "rds:ModifyDBInstance", + "rds:DeleteDBInstance" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:rds:*:*:secgrp:awseb-e-*", + "arn:aws:rds:*:*:db:*" + ], + "Sid":"AllowRDS" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-05T21:46:55+00:00" + }, + "AWSElasticBeanstalkRoleSNS":{ + "CreateDate":"2020-06-05T21:46:22+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sns:CreateTopic", + "sns:SetTopicAttributes", + "sns:DeleteTopic" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sns:*:*:ElasticBeanstalkNotifications-*" + ], + "Sid":"AllowBeanstalkManageSNS" + }, + { + "Action":[ + "sns:GetTopicAttributes", + "sns:Subscribe", + "sns:Unsubscribe", + "sns:Publish" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowSNSPublish" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-05T21:46:22+00:00" + }, + "AWSElasticBeanstalkRoleWorkerTier":{ + "CreateDate":"2020-06-05T21:43:37+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sqs:TagQueue", + "sqs:DeleteQueue", + "sqs:GetQueueAttributes", + "sqs:CreateQueue" + ], + "Effect":"Allow", + "Resource":"arn:aws:sqs:*:*:awseb-e-*", + "Sid":"AllowSQS" + }, + { + "Action":[ + "dynamodb:CreateTable", + "dynamodb:TagResource", + "dynamodb:DescribeTable", + "dynamodb:DeleteTable" + ], + "Effect":"Allow", + "Resource":"arn:aws:dynamodb:*:*:table/awseb-e-*", + "Sid":"AllowDDB" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-05T21:43:37+00:00" + }, + "AWSElasticBeanstalkService":{ + "CreateDate":"2016-04-11T20:27:23+00:00", + "DefaultVersionId":"v16", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:*" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/awseb-*", + "arn:aws:cloudformation:*:*:stack/eb-*" + ], + "Sid":"AllowCloudformationOperationsOnElasticBeanstalkStacks" + }, + { + "Action":[ + "logs:DeleteLogGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*" + ], + "Sid":"AllowDeleteCloudwatchLogGroups" + }, + { + "Action":[ + "s3:*" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::elasticbeanstalk-*", + "arn:aws:s3:::elasticbeanstalk-*/*" + ], + "Sid":"AllowS3OperationsOnElasticBeanstalkBuckets" + }, + { + "Action":"ec2:RunInstances", + "Condition":{ + "ArnLike":{ + "ec2:LaunchTemplate":"arn:aws:ec2:*:*:launch-template/*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowLaunchTemplateRunInstances" + }, + { + "Action":[ + "autoscaling:AttachInstances", + "autoscaling:CreateAutoScalingGroup", + "autoscaling:CreateLaunchConfiguration", + "autoscaling:DeleteLaunchConfiguration", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:DeleteScheduledAction", + "autoscaling:DescribeAccountLimits", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeAutoScalingInstances", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribeLoadBalancers", + "autoscaling:DescribeNotificationConfigurations", + "autoscaling:DescribeScalingActivities", + "autoscaling:DescribeScheduledActions", + "autoscaling:DetachInstances", + "autoscaling:DeletePolicy", + "autoscaling:PutScalingPolicy", + "autoscaling:PutScheduledUpdateGroupAction", + "autoscaling:PutNotificationConfiguration", + "autoscaling:ResumeProcesses", + "autoscaling:SetDesiredCapacity", + "autoscaling:SuspendProcesses", + "autoscaling:TerminateInstanceInAutoScalingGroup", + "autoscaling:UpdateAutoScalingGroup", + "cloudwatch:PutMetricAlarm", + "ec2:AssociateAddress", + "ec2:AllocateAddress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateLaunchTemplate", + "ec2:CreateLaunchTemplateVersion", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DeleteLaunchTemplate", + "ec2:DeleteLaunchTemplateVersions", + "ec2:CreateSecurityGroup", + "ec2:DeleteSecurityGroup", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeKeyPairs", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSnapshots", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeSpotInstanceRequests", + "ec2:DescribeVpcClassicLink", + "ec2:DisassociateAddress", + "ec2:ReleaseAddress", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:TerminateInstances", + "ecs:CreateCluster", + "ecs:DeleteCluster", + "ecs:DescribeClusters", + "ecs:RegisterTaskDefinition", + "elasticbeanstalk:*", + "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", + "elasticloadbalancing:ConfigureHealthCheck", + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:DescribeInstanceHealth", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets", + "iam:ListRoles", + "iam:PassRole", + "logs:CreateLogGroup", + "logs:PutRetentionPolicy", + "logs:DescribeLogGroups", + "rds:DescribeDBEngineVersions", + "rds:DescribeDBInstances", + "rds:DescribeOrderableDBInstanceOptions", + "s3:GetObject", + "s3:GetObjectAcl", + "s3:ListBucket", + "sns:CreateTopic", + "sns:GetTopicAttributes", + "sns:ListSubscriptionsByTopic", + "sns:Subscribe", + "sns:SetTopicAttributes", + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "codebuild:CreateProject", + "codebuild:DeleteProject", + "codebuild:BatchGetBuilds", + "codebuild:StartBuild" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"AllowOperations" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-14T23:18:46+00:00" + }, + "AWSElasticBeanstalkServiceRolePolicy":{ + "CreateDate":"2017-09-13T23:46:37+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:DescribeStackResource", + "cloudformation:DescribeStackResources", + "cloudformation:DescribeStacks" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/awseb-*", + "arn:aws:cloudformation:*:*:stack/eb-*" + ], + "Sid":"AllowCloudformationReadOperationsOnElasticBeanstalkStacks" + }, + { + "Action":[ + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeAutoScalingInstances", + "autoscaling:DescribeNotificationConfigurations", + "autoscaling:DescribeScalingActivities", + "autoscaling:PutNotificationConfiguration", + "ec2:DescribeInstanceStatus", + "ec2:AssociateAddress", + "ec2:DescribeAddresses", + "ec2:DescribeInstances", + "ec2:DescribeSecurityGroups", + "elasticloadbalancing:DescribeInstanceHealth", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTargetGroups", + "lambda:GetFunction", + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "sns:Publish" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"AllowOperations" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:DeleteLogGroup", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*", + "Sid":"AllowOperationsOnHealthStreamingLogs" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-06T21:59:51+00:00" + }, + "AWSElasticBeanstalkWebTier":{ + "CreateDate":"2016-02-08T23:08:54+00:00", + "DefaultVersionId":"v7", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:Get*", + "s3:List*", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::elasticbeanstalk-*", + "arn:aws:s3:::elasticbeanstalk-*/*" + ], + "Sid":"BucketAccess" + }, + { + "Action":[ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + "xray:GetSamplingRules", + "xray:GetSamplingTargets", + "xray:GetSamplingStatisticSummaries" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"XRayAccess" + }, + { + "Action":[ + "logs:PutLogEvents", + "logs:CreateLogStream", + "logs:DescribeLogStreams", + "logs:DescribeLogGroups" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*" + ], + "Sid":"CloudWatchLogsAccess" + }, + { + "Action":[ + "elasticbeanstalk:PutInstanceStatistics" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:elasticbeanstalk:*:*:application/*", + "arn:aws:elasticbeanstalk:*:*:environment/*" + ], + "Sid":"ElasticBeanstalkHealthAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-09-09T19:38:36+00:00" + }, + "AWSElasticBeanstalkWorkerTier":{ + "CreateDate":"2016-02-08T23:12:02+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"MetricsAccess" + }, + { + "Action":[ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + "xray:GetSamplingRules", + "xray:GetSamplingTargets", + "xray:GetSamplingStatisticSummaries" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"XRayAccess" + }, + { + "Action":[ + "sqs:ChangeMessageVisibility", + "sqs:DeleteMessage", + "sqs:ReceiveMessage", + "sqs:SendMessage" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"QueueAccess" + }, + { + "Action":[ + "s3:Get*", + "s3:List*", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::elasticbeanstalk-*", + "arn:aws:s3:::elasticbeanstalk-*/*" + ], + "Sid":"BucketAccess" + }, + { + "Action":[ + "dynamodb:BatchGetItem", + "dynamodb:BatchWriteItem", + "dynamodb:DeleteItem", + "dynamodb:GetItem", + "dynamodb:PutItem", + "dynamodb:Query", + "dynamodb:Scan", + "dynamodb:UpdateItem" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:dynamodb:*:*:table/*-stack-AWSEBWorkerCronLeaderRegistry*" + ], + "Sid":"DynamoPeriodicTasks" + }, + { + "Action":[ + "logs:PutLogEvents", + "logs:CreateLogStream" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*" + ], + "Sid":"CloudWatchLogsAccess" + }, + { + "Action":[ + "elasticbeanstalk:PutInstanceStatistics" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:elasticbeanstalk:*:*:application/*", + "arn:aws:elasticbeanstalk:*:*:environment/*" + ], + "Sid":"ElasticBeanstalkHealthAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-09-09T19:53:40+00:00" + }, + "AWSElasticDisasterRecoveryAgentInstallationPolicy":{ + "CreateDate":"2021-11-17T10:37:54+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "drs:GetAgentInstallationAssetsForDrs", + "drs:SendClientLogsForDrs", + "drs:CreateSourceServerForDrs", + "drs:CreateRecoveryInstanceForDrs", + "drs:DescribeRecoveryInstances" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "drs:TagResource", + "drs:IssueAgentCertificateForDrs" + ], + "Effect":"Allow", + "Resource":"arn:aws:drs:*:*:source-server/*" + }, + { + "Action":[ + "drs:TagResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:drs:*:*:recovery-instance/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-17T10:37:54+00:00" + }, + "AWSElasticDisasterRecoveryAgentPolicy":{ + "CreateDate":"2021-11-17T10:32:32+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "drs:SendAgentMetricsForDrs", + "drs:SendAgentLogsForDrs", + "drs:UpdateAgentSourcePropertiesForDrs", + "drs:UpdateAgentReplicationInfoForDrs", + "drs:UpdateAgentConversionInfoForDrs", + "drs:GetAgentCommandForDrs", + "drs:GetAgentConfirmedResumeInfoForDrs", + "drs:GetAgentRuntimeConfigurationForDrs", + "drs:UpdateAgentBacklogForDrs", + "drs:GetAgentReplicationInfoForDrs", + "drs:IssueAgentCertificateForDrs" + ], + "Effect":"Allow", + "Resource":"arn:aws:drs:*:*:source-server/${aws:SourceIdentity}" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-17T10:32:32+00:00" + }, + "AWSElasticDisasterRecoveryConsoleFullAccess":{ + "CreateDate":"2021-11-17T10:46:29+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "drs:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:ListAliases", + "kms:DescribeKey" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeInstanceTypes", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstanceTypeOfferings", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSnapshots", + "ec2:DescribeSubnets", + "ec2:DescribeVolumes", + "ec2:GetEbsEncryptionByDefault", + "ec2:GetEbsDefaultKmsKeyId" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"license-manager:ListLicenseConfigurations", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"resource-groups:ListGroups", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"elasticloadbalancing:DescribeLoadBalancers", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:ListInstanceProfiles", + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"ec2.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryConversionServerRole", + "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryRecoveryInstanceRole" + ] + }, + { + "Action":[ + "ec2:DeleteSnapshot" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*" + }, + { + "Action":[ + "ec2:CreateLaunchTemplateVersion", + "ec2:ModifyLaunchTemplate", + "ec2:DeleteLaunchTemplateVersions" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:launch-template/*" + }, + { + "Action":[ + "ec2:DeleteVolume" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":[ + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances", + "ec2:ModifyInstanceAttribute", + "ec2:GetConsoleOutput", + "ec2:GetConsoleScreenshot" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ec2:RevokeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:security-group/*" + }, + { + "Action":[ + "ec2:CreateVolume" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":"ec2:CreateSecurityGroup", + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc/*" + }, + { + "Action":[ + "ec2:CreateSecurityGroup" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:security-group/*" + }, + { + "Action":[ + "ec2:CreateSnapshot" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "ec2:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":[ + "ec2:CreateSnapshot" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*" + }, + { + "Action":[ + "ec2:DetachVolume", + "ec2:AttachVolume" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "ec2:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ec2:AttachVolume" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "ec2:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":[ + "ec2:DetachVolume" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "Null":{ + "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:image/*", + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:launch-template/*" + ] + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "Bool":{ + "aws:ViaAWSService":"true" + }, + "StringEquals":{ + "ec2:CreateAction":[ + "CreateSecurityGroup", + "CreateVolume", + "CreateSnapshot", + "RunInstances" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:snapshot/*", + "arn:aws:ec2:*:*:instance/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-29T08:40:00+00:00" + }, + "AWSElasticDisasterRecoveryConversionServerPolicy":{ + "CreateDate":"2021-11-17T13:42:23+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "drs:SendClientMetricsForDrs", + "drs:SendClientLogsForDrs" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "drs:GetChannelCommandsForDrs", + "drs:SendChannelCommandResultForDrs" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-17T13:42:23+00:00" + }, + "AWSElasticDisasterRecoveryEc2InstancePolicy":{ + "CreateDate":"2022-05-26T12:30:18+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "drs:GetAgentInstallationAssetsForDrs", + "drs:SendClientLogsForDrs", + "drs:CreateSourceServerForDrs" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "drs:TagResource" + ], + "Condition":{ + "StringEquals":{ + "drs:CreateAction":"CreateSourceServerForDrs" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:drs:*:*:source-server/*" + }, + { + "Action":[ + "drs:SendAgentMetricsForDrs", + "drs:SendAgentLogsForDrs", + "drs:UpdateAgentSourcePropertiesForDrs", + "drs:UpdateAgentReplicationInfoForDrs", + "drs:UpdateAgentConversionInfoForDrs", + "drs:GetAgentCommandForDrs", + "drs:GetAgentConfirmedResumeInfoForDrs", + "drs:GetAgentRuntimeConfigurationForDrs", + "drs:UpdateAgentBacklogForDrs", + "drs:GetAgentReplicationInfoForDrs" + ], + "Effect":"Allow", + "Resource":"arn:aws:drs:*:*:source-server/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-26T12:30:18+00:00" + }, + "AWSElasticDisasterRecoveryFailbackInstallationPolicy":{ + "CreateDate":"2021-11-17T11:02:03+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "drs:SendClientLogsForDrs", + "drs:SendClientMetricsForDrs", + "drs:DescribeRecoveryInstances", + "drs:DescribeSourceServers" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "drs:TagResource", + "drs:IssueAgentCertificateForDrs", + "drs:AssociateFailbackClientToRecoveryInstanceForDrs", + "drs:GetSuggestedFailbackClientDeviceMappingForDrs", + "drs:UpdateFailbackClientDeviceMappingForDrs" + ], + "Effect":"Allow", + "Resource":"arn:aws:drs:*:*:recovery-instance/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-17T11:02:03+00:00" + }, + "AWSElasticDisasterRecoveryFailbackPolicy":{ + "CreateDate":"2021-11-17T10:41:40+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "drs:SendClientMetricsForDrs", + "drs:SendClientLogsForDrs" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "drs:GetChannelCommandsForDrs", + "drs:SendChannelCommandResultForDrs" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "drs:DescribeReplicationServerAssociationsForDrs", + "drs:DescribeRecoveryInstances" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "drs:GetFailbackCommandForDrs", + "drs:UpdateFailbackClientLastSeenForDrs", + "drs:NotifyAgentAuthenticationForDrs", + "drs:UpdateAgentReplicationProcessStateForDrs", + "drs:NotifyAgentReplicationProgressForDrs", + "drs:NotifyAgentConnectedForDrs", + "drs:NotifyAgentDisconnectedForDrs", + "drs:NotifyConsistencyAttainedForDrs", + "drs:GetFailbackLaunchRequestedForDrs", + "drs:IssueAgentCertificateForDrs" + ], + "Effect":"Allow", + "Resource":"arn:aws:drs:*:*:recovery-instance/${aws:SourceIdentity}" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-17T10:41:40+00:00" + }, + "AWSElasticDisasterRecoveryReadOnlyAccess":{ + "CreateDate":"2021-11-17T10:50:05+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "drs:DescribeJobLogItems", + "drs:DescribeJobs", + "drs:DescribeRecoveryInstances", + "drs:DescribeRecoverySnapshots", + "drs:DescribeReplicationConfigurationTemplates", + "drs:DescribeSourceServers", + "drs:GetFailbackReplicationConfiguration", + "drs:GetLaunchConfiguration", + "drs:GetReplicationConfiguration", + "drs:ListExtensibleSourceServers", + "drs:ListStagingAccounts", + "drs:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:ListRoles", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-29T08:27:37+00:00" + }, + "AWSElasticDisasterRecoveryRecoveryInstancePolicy":{ + "CreateDate":"2021-11-17T10:20:43+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "drs:SendAgentMetricsForDrs", + "drs:SendAgentLogsForDrs", + "drs:UpdateAgentSourcePropertiesForDrs", + "drs:UpdateAgentReplicationInfoForDrs", + "drs:UpdateAgentConversionInfoForDrs", + "drs:GetAgentCommandForDrs", + "drs:GetAgentConfirmedResumeInfoForDrs", + "drs:GetAgentRuntimeConfigurationForDrs", + "drs:UpdateAgentBacklogForDrs", + "drs:GetAgentReplicationInfoForDrs", + "drs:UpdateReplicationCertificateForDrs", + "drs:NotifyReplicationServerAuthenticationForDrs" + ], + "Condition":{ + "StringEquals":{ + "drs:EC2InstanceARN":"${ec2:SourceInstanceARN}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:drs:*:*:recovery-instance/*" + }, + { + "Action":[ + "drs:DescribeRecoveryInstances" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeInstanceTypes" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-17T10:20:43+00:00" + }, + "AWSElasticDisasterRecoveryReplicationServerPolicy":{ + "CreateDate":"2021-11-17T13:34:00+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "drs:SendClientMetricsForDrs", + "drs:SendClientLogsForDrs" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "drs:GetChannelCommandsForDrs", + "drs:SendChannelCommandResultForDrs" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "drs:GetAgentSnapshotCreditsForDrs", + "drs:DescribeReplicationServerAssociationsForDrs", + "drs:DescribeSnapshotRequestsForDrs", + "drs:BatchDeleteSnapshotRequestForDrs", + "drs:NotifyAgentAuthenticationForDrs", + "drs:BatchCreateVolumeSnapshotGroupForDrs", + "drs:UpdateAgentReplicationProcessStateForDrs", + "drs:NotifyAgentReplicationProgressForDrs", + "drs:NotifyAgentConnectedForDrs", + "drs:NotifyAgentDisconnectedForDrs" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeSnapshots" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateSnapshot" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":[ + "ec2:CreateSnapshot" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"CreateSnapshot" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-17T13:34:00+00:00" + }, + "AWSElasticDisasterRecoveryServiceRolePolicy":{ + "CreateDate":"2021-11-17T10:56:17+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "drs:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "drs:CreateRecoveryInstanceForDrs", + "drs:TagResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:drs:*:*:recovery-instance/*" + }, + { + "Action":"iam:GetInstanceProfile", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"kms:ListRetirableGrants", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeInstanceTypes", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstanceStatus", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSnapshots", + "ec2:DescribeSubnets", + "ec2:DescribeVolumes", + "ec2:GetEbsDefaultKmsKeyId", + "ec2:GetEbsEncryptionByDefault" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:RegisterImage" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DeregisterImage" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DeleteSnapshot" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*" + }, + { + "Action":[ + "ec2:CreateLaunchTemplateVersion", + "ec2:ModifyLaunchTemplate", + "ec2:DeleteLaunchTemplate", + "ec2:DeleteLaunchTemplateVersions" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:launch-template/*" + }, + { + "Action":[ + "ec2:DeleteVolume" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":[ + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances", + "ec2:ModifyInstanceAttribute", + "ec2:GetConsoleOutput", + "ec2:GetConsoleScreenshot" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ec2:RevokeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:security-group/*" + }, + { + "Action":[ + "ec2:CreateVolume" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":[ + "ec2:CreateSecurityGroup" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:security-group/*" + }, + { + "Action":[ + "ec2:CreateSecurityGroup" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc/*" + }, + { + "Action":[ + "ec2:CreateLaunchTemplate" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:launch-template/*" + }, + { + "Action":[ + "ec2:CreateSnapshot" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":[ + "ec2:CreateSnapshot" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*" + }, + { + "Action":[ + "ec2:DetachVolume", + "ec2:AttachVolume" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ec2:AttachVolume" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":[ + "ec2:DetachVolume" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:image/*", + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:launch-template/*" + ] + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"ec2.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryReplicationServerRole", + "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryConversionServerRole", + "arn:aws:iam::*:role/service-role/AWSElasticDisasterRecoveryRecoveryInstanceRole" + ] + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":[ + "CreateLaunchTemplate", + "CreateSecurityGroup", + "CreateVolume", + "CreateSnapshot", + "RunInstances" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:launch-template/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:snapshot/*", + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "Null":{ + "aws:RequestTag/AWSElasticDisasterRecoveryManaged":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:image/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-17T10:56:17+00:00" + }, + "AWSElasticDisasterRecoveryStagingAccountPolicy":{ + "CreateDate":"2022-05-26T09:49:18+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "drs:DescribeSourceServers", + "drs:DescribeRecoverySnapshots", + "drs:CreateConvertedSnapshotForDrs", + "drs:GetReplicationConfiguration", + "drs:DescribeJobs", + "drs:DescribeJobLogItems" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:ModifySnapshotAttribute" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSElasticDisasterRecoveryManaged":"false" + }, + "StringEquals":{ + "ec2:Add/userId":"${aws:SourceIdentity}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-26T09:49:18+00:00" + }, + "AWSElasticLoadBalancingClassicServiceRolePolicy":{ + "CreateDate":"2017-09-19T22:36:18+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeAddresses", + "ec2:DescribeInstances", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeVpcs", + "ec2:DescribeInternetGateways", + "ec2:DescribeAccountAttributes", + "ec2:DescribeClassicLinkInstances", + "ec2:DescribeVpcClassicLink", + "ec2:CreateSecurityGroup", + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AssociateAddress", + "ec2:DisassociateAddress", + "ec2:AttachNetworkInterface", + "ec2:DetachNetworkInterface", + "ec2:AssignPrivateIpAddresses", + "ec2:AssignIpv6Addresses", + "ec2:UnassignIpv6Addresses" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-10-07T23:04:27+00:00" + }, + "AWSElasticLoadBalancingServiceRolePolicy":{ + "CreateDate":"2017-09-19T22:19:04+00:00", + "DefaultVersionId":"v7", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeAddresses", + "ec2:DescribeCoipPools", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeVpcs", + "ec2:DescribeInternetGateways", + "ec2:DescribeAccountAttributes", + "ec2:DescribeClassicLinkInstances", + "ec2:DescribeVpcClassicLink", + "ec2:CreateSecurityGroup", + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:GetCoipPoolUsage", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:AllocateAddress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AssociateAddress", + "ec2:DisassociateAddress", + "ec2:AttachNetworkInterface", + "ec2:DetachNetworkInterface", + "ec2:AssignPrivateIpAddresses", + "ec2:AssignIpv6Addresses", + "ec2:ReleaseAddress", + "ec2:UnassignIpv6Addresses", + "ec2:DescribeVpcPeeringConnections", + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:DeleteLogDelivery", + "logs:ListLogDeliveries", + "outposts:GetOutpostInstanceTypes" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-26T19:01:48+00:00" + }, + "AWSElementalMediaConvertFullAccess":{ + "CreateDate":"2018-06-25T19:25:35+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "mediaconvert:*", + "s3:ListAllMyBuckets", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":[ + "mediaconvert.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-10T22:52:25+00:00" + }, + "AWSElementalMediaConvertReadOnly":{ + "CreateDate":"2018-06-25T19:25:14+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "mediaconvert:Get*", + "mediaconvert:List*", + "mediaconvert:DescribeEndpoints", + "s3:ListAllMyBuckets", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-10T22:52:18+00:00" + }, + "AWSElementalMediaLiveFullAccess":{ + "CreateDate":"2020-07-08T17:07:14+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":{ + "Action":"medialive:*", + "Effect":"Allow", + "Resource":"*" + }, + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-07-08T17:07:14+00:00" + }, + "AWSElementalMediaLiveReadOnly":{ + "CreateDate":"2020-07-08T16:38:07+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":{ + "Action":[ + "medialive:List*", + "medialive:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + }, + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-07-08T16:38:07+00:00" + }, + "AWSElementalMediaPackageFullAccess":{ + "CreateDate":"2017-12-29T23:39:52+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":{ + "Action":"mediapackage:*", + "Effect":"Allow", + "Resource":"*" + }, + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-12-29T23:39:52+00:00" + }, + "AWSElementalMediaPackageReadOnly":{ + "CreateDate":"2017-12-30T00:04:29+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":{ + "Action":[ + "mediapackage:List*", + "mediapackage:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + }, + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-12-30T00:04:29+00:00" + }, + "AWSElementalMediaStoreFullAccess":{ + "CreateDate":"2018-03-05T23:15:31+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "mediastore:*" + ], + "Condition":{ + "Bool":{ + "aws:SecureTransport":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-03-05T23:15:31+00:00" + }, + "AWSElementalMediaStoreReadOnly":{ + "CreateDate":"2018-03-08T19:48:22+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "mediastore:Get*", + "mediastore:List*", + "mediastore:Describe*" + ], + "Condition":{ + "Bool":{ + "aws:SecureTransport":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-03-08T19:48:22+00:00" + }, + "AWSElementalMediaTailorFullAccess":{ + "CreateDate":"2021-11-23T00:04:39+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":{ + "Action":"mediatailor:*", + "Effect":"Allow", + "Resource":"*" + }, + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-23T00:04:39+00:00" + }, + "AWSElementalMediaTailorReadOnly":{ + "CreateDate":"2021-11-23T00:05:01+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":{ + "Action":[ + "mediatailor:List*", + "mediatailor:Describe*", + "mediatailor:Get*" + ], + "Effect":"Allow", + "Resource":"*" + }, + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-23T00:05:01+00:00" + }, + "AWSEnhancedClassicNetworkingMangementPolicy":{ + "CreateDate":"2017-09-20T17:29:09+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeSecurityGroups" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-09-20T17:29:09+00:00" + }, + "AWSFMAdminFullAccess":{ + "CreateDate":"2018-05-09T18:06:18+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "fms:*", + "waf:*", + "waf-regional:*", + "elasticloadbalancing:SetWebACL", + "organizations:DescribeOrganization" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-05-09T18:06:18+00:00" + }, + "AWSFMAdminReadOnlyAccess":{ + "CreateDate":"2018-05-09T20:07:39+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "fms:Get*", + "fms:List*", + "waf:Get*", + "waf:List*", + "waf-regional:Get*", + "waf-regional:List*", + "organizations:DescribeOrganization" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-05-09T20:07:39+00:00" + }, + "AWSFMMemberReadOnlyAccess":{ + "CreateDate":"2018-05-09T21:05:29+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "fms:GetAdminAccount", + "waf:Get*", + "waf:List*", + "waf-regional:Get*", + "waf-regional:List*", + "organizations:DescribeOrganization" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-05-09T21:05:29+00:00" + }, + "AWSForWordPressPluginPolicy":{ + "CreateDate":"2019-10-30T00:27:46+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "polly:SynthesizeSpeech", + "polly:DescribeVoices", + "translate:TranslateText" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Permissions1" + }, + { + "Action":[ + "s3:ListBucket", + "s3:GetBucketAcl", + "s3:GetBucketPolicy", + "s3:PutObject", + "s3:DeleteObject", + "s3:CreateBucket", + "s3:PutObjectAcl" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::audio_for_wordpress*", + "arn:aws:s3:::audio-for-wordpress*" + ], + "Sid":"Permissions2" + }, + { + "Action":[ + "acm:AddTagsToCertificate", + "acm:DescribeCertificate", + "acm:RequestCertificate", + "cloudformation:CreateStack", + "cloudfront:ListDistributions" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestedRegion":"us-east-1" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"Permissions3" + }, + { + "Action":[ + "acm:DeleteCertificate", + "cloudformation:DeleteStack", + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStackResources", + "cloudformation:UpdateStack", + "cloudfront:CreateDistribution", + "cloudfront:CreateInvalidation", + "cloudfront:DeleteDistribution", + "cloudfront:GetDistribution", + "cloudfront:GetInvalidation", + "cloudfront:TagResource", + "cloudfront:UpdateDistribution" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/createdBy":"AWSForWordPressPlugin" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"Permissions4" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-01-20T23:20:47+00:00" + }, + "AWSGlobalAcceleratorSLRPolicy":{ + "CreateDate":"2019-04-05T19:39:13+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeInstances", + "ec2:DescribeInternetGateways", + "ec2:DescribeSubnets", + "ec2:DescribeRegions", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:DeleteNetworkInterface" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DeleteSecurityGroup", + "ec2:AssignIpv6Addresses", + "ec2:UnassignIpv6Addresses" + ], + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/AWSServiceName":"GlobalAccelerator" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateSecurityGroup", + "ec2:DescribeSecurityGroups" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"elasticloadbalancing:DescribeLoadBalancers", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:CreateTags", + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:network-interface/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-02T18:33:56+00:00" + }, + "AWSGlueConsoleFullAccess":{ + "CreateDate":"2017-08-14T13:37:39+00:00", + "DefaultVersionId":"v12", + "Document":{ + "Statement":[ + { + "Action":[ + "glue:*", + "redshift:DescribeClusters", + "redshift:DescribeClusterSubnetGroups", + "iam:ListRoles", + "iam:ListUsers", + "iam:ListGroups", + "iam:ListRolePolicies", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:ListAttachedRolePolicies", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeRouteTables", + "ec2:DescribeVpcAttribute", + "ec2:DescribeKeyPairs", + "ec2:DescribeInstances", + "ec2:DescribeImages", + "rds:DescribeDBInstances", + "rds:DescribeDBClusters", + "rds:DescribeDBSubnetGroups", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:GetBucketAcl", + "s3:GetBucketLocation", + "cloudformation:DescribeStacks", + "cloudformation:GetTemplateSummary", + "dynamodb:ListTables", + "kms:ListAliases", + "kms:DescribeKey", + "cloudwatch:GetMetricData", + "cloudwatch:ListDashboards" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "s3:GetObject", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-glue-*/*", + "arn:aws:s3:::*/*aws-glue-*/*", + "arn:aws:s3:::aws-glue-*" + ] + }, + { + "Action":[ + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "s3:CreateBucket" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-glue-*" + ] + }, + { + "Action":[ + "logs:GetLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:/aws-glue/*" + ] + }, + { + "Action":[ + "cloudformation:CreateStack", + "cloudformation:DeleteStack" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudformation:*:*:stack/aws-glue*/*" + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:key-pair/*", + "arn:aws:ec2:*:*:image/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:volume/*" + ] + }, + { + "Action":[ + "ec2:TerminateInstances", + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/aws:cloudformation:logical-id":"ZeppelinInstance" + }, + "StringLike":{ + "ec2:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/aws-glue-*/*" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":[ + "glue.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/AWSGlueServiceRole*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":[ + "ec2.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/AWSGlueServiceNotebookRole*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":[ + "glue.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AWSGlueServiceRole*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-02-11T19:49:01+00:00" + }, + "AWSGlueConsoleSageMakerNotebookFullAccess":{ + "CreateDate":"2018-10-05T17:52:35+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "glue:*", + "redshift:DescribeClusters", + "redshift:DescribeClusterSubnetGroups", + "iam:ListRoles", + "iam:ListRolePolicies", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:ListAttachedRolePolicies", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeRouteTables", + "ec2:DescribeVpcAttribute", + "ec2:DescribeKeyPairs", + "ec2:DescribeInstances", + "ec2:DescribeImages", + "ec2:CreateNetworkInterface", + "ec2:AttachNetworkInterface", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:DeleteNetworkInterface", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeNetworkInterfaces", + "rds:DescribeDBInstances", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:GetBucketAcl", + "s3:GetBucketLocation", + "cloudformation:DescribeStacks", + "cloudformation:GetTemplateSummary", + "dynamodb:ListTables", + "kms:ListAliases", + "kms:DescribeKey", + "sagemaker:ListNotebookInstances", + "cloudformation:ListStacks", + "cloudwatch:GetMetricData", + "cloudwatch:ListDashboards" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "s3:GetObject", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*/*aws-glue-*/*", + "arn:aws:s3:::aws-glue-*" + ] + }, + { + "Action":[ + "s3:CreateBucket" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-glue-*" + ] + }, + { + "Action":[ + "logs:GetLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:/aws-glue/*" + ] + }, + { + "Action":[ + "cloudformation:CreateStack", + "cloudformation:DeleteStack" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudformation:*:*:stack/aws-glue*/*" + }, + { + "Action":[ + "sagemaker:CreatePresignedNotebookInstanceUrl", + "sagemaker:CreateNotebookInstance", + "sagemaker:DeleteNotebookInstance", + "sagemaker:DescribeNotebookInstance", + "sagemaker:StartNotebookInstance", + "sagemaker:StopNotebookInstance", + "sagemaker:UpdateNotebookInstance", + "sagemaker:ListTags" + ], + "Effect":"Allow", + "Resource":"arn:aws:sagemaker:*:*:notebook-instance/aws-glue-*" + }, + { + "Action":[ + "sagemaker:DescribeNotebookInstanceLifecycleConfig", + "sagemaker:CreateNotebookInstanceLifecycleConfig", + "sagemaker:DeleteNotebookInstanceLifecycleConfig", + "sagemaker:ListNotebookInstanceLifecycleConfigs" + ], + "Effect":"Allow", + "Resource":"arn:aws:sagemaker:*:*:notebook-instance-lifecycle-config/aws-glue-*" + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:key-pair/*", + "arn:aws:ec2:*:*:image/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:volume/*" + ] + }, + { + "Action":[ + "ec2:TerminateInstances", + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/aws:cloudformation:logical-id":"ZeppelinInstance" + }, + "StringLike":{ + "ec2:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/aws-glue-*/*" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":[ + "tag:GetResources" + ], + "Condition":{ + "ForAllValues:StringLike":{ + "aws:TagKeys":[ + "aws-glue-*" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":[ + "glue.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/AWSGlueServiceRole*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":[ + "ec2.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/AWSGlueServiceNotebookRole*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":[ + "sagemaker.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/AWSGlueServiceSageMakerNotebookRole*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":[ + "glue.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AWSGlueServiceRole*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-07-15T15:24:19+00:00" + }, + "AWSGlueDataBrewServiceRole":{ + "CreateDate":"2020-12-04T21:26:50+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "glue:GetDatabases", + "glue:GetPartitions", + "glue:GetTable", + "glue:GetTables", + "glue:GetConnection" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "glue:BatchGetCustomEntityTypes" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "s3:ListBucket", + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::databrew-public-datasets-*" + ] + }, + { + "Action":[ + "ec2:DescribeVpcEndpoints", + "ec2:DescribeRouteTables", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:CreateNetworkInterface" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"ec2:DeleteNetworkInterface", + "Condition":{ + "StringLike":{ + "aws:ResourceTag/aws-glue-service-resource":"*" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "aws-glue-service-resource" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:security-group/*" + ] + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws-glue-databrew/*" + ] + }, + { + "Action":[ + "lakeformation:GetDataAccess" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "secretsmanager:GetSecretValue" + ], + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:databrew!default-*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-09T23:06:36+00:00" + }, + "AWSGlueSchemaRegistryFullAccess":{ + "CreateDate":"2020-11-20T00:19:00+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "glue:CreateRegistry", + "glue:UpdateRegistry", + "glue:DeleteRegistry", + "glue:GetRegistry", + "glue:ListRegistries", + "glue:CreateSchema", + "glue:UpdateSchema", + "glue:DeleteSchema", + "glue:GetSchema", + "glue:ListSchemas", + "glue:RegisterSchemaVersion", + "glue:DeleteSchemaVersions", + "glue:GetSchemaByDefinition", + "glue:GetSchemaVersion", + "glue:GetSchemaVersionsDiff", + "glue:ListSchemaVersions", + "glue:CheckSchemaVersionValidity", + "glue:PutSchemaVersionMetadata", + "glue:RemoveSchemaVersionMetadata", + "glue:QuerySchemaVersionMetadata" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"AWSGlueSchemaRegistryFullAccess" + }, + { + "Action":[ + "glue:GetTags", + "glue:TagResource", + "glue:UnTagResource" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:schema/*", + "arn:aws:glue:*:*:registry/*" + ], + "Sid":"AWSGlueSchemaRegistryTagsFullAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-11-20T00:19:00+00:00" + }, + "AWSGlueSchemaRegistryReadonlyAccess":{ + "CreateDate":"2020-11-20T00:20:06+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "glue:GetRegistry", + "glue:ListRegistries", + "glue:GetSchema", + "glue:ListSchemas", + "glue:GetSchemaByDefinition", + "glue:GetSchemaVersion", + "glue:ListSchemaVersions", + "glue:GetSchemaVersionsDiff", + "glue:CheckSchemaVersionValidity", + "glue:QuerySchemaVersionMetadata", + "glue:GetTags" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"AWSGlueSchemaRegistryReadonlyAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-11-20T00:20:06+00:00" + }, + "AWSGlueServiceNotebookRole":{ + "CreateDate":"2017-08-14T13:37:42+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "glue:CreateDatabase", + "glue:CreatePartition", + "glue:CreateTable", + "glue:DeleteDatabase", + "glue:DeletePartition", + "glue:DeleteTable", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:GetPartition", + "glue:GetPartitions", + "glue:GetTable", + "glue:GetTableVersions", + "glue:GetTables", + "glue:UpdateDatabase", + "glue:UpdatePartition", + "glue:UpdateTable", + "glue:CreateConnection", + "glue:CreateJob", + "glue:DeleteConnection", + "glue:DeleteJob", + "glue:GetConnection", + "glue:GetConnections", + "glue:GetDevEndpoint", + "glue:GetDevEndpoints", + "glue:GetJob", + "glue:GetJobs", + "glue:UpdateJob", + "glue:BatchDeleteConnection", + "glue:UpdateConnection", + "glue:GetUserDefinedFunction", + "glue:UpdateUserDefinedFunction", + "glue:GetUserDefinedFunctions", + "glue:DeleteUserDefinedFunction", + "glue:CreateUserDefinedFunction", + "glue:BatchGetPartition", + "glue:BatchDeletePartition", + "glue:BatchCreatePartition", + "glue:BatchDeleteTable", + "glue:UpdateDevEndpoint", + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:ListAllMyBuckets", + "s3:GetBucketAcl" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::crawler-public*", + "arn:aws:s3:::aws-glue*" + ] + }, + { + "Action":[ + "s3:PutObject", + "s3:DeleteObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-glue*" + ] + }, + { + "Action":[ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "aws-glue-service-resource" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:instance/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-10-07T18:05:54+00:00" + }, + "AWSGlueServiceRole":{ + "CreateDate":"2017-08-14T13:37:21+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "glue:*", + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:ListAllMyBuckets", + "s3:GetBucketAcl", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeRouteTables", + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "iam:ListRolePolicies", + "iam:GetRole", + "iam:GetRolePolicy", + "cloudwatch:PutMetricData" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "s3:CreateBucket" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-glue-*" + ] + }, + { + "Action":[ + "s3:GetObject", + "s3:PutObject", + "s3:DeleteObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-glue-*/*", + "arn:aws:s3:::*/*aws-glue-*/*" + ] + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::crawler-public*", + "arn:aws:s3:::aws-glue-*" + ] + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:/aws-glue/*" + ] + }, + { + "Action":[ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "aws-glue-service-resource" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:instance/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-06-25T18:23:09+00:00" + }, + "AWSGrafanaAccountAdministrator":{ + "CreateDate":"2021-02-23T00:20:38+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AWSGrafanaOrganizationAdmin" + }, + { + "Action":"iam:GetRole", + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*", + "Sid":"GrafanaIAMGetRolePermission" + }, + { + "Action":[ + "grafana:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AWSGrafanaPermissions" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":"grafana.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*", + "Sid":"GrafanaIAMPassRolePermission" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-02-15T22:36:18+00:00" + }, + "AWSGrafanaConsoleReadOnlyAccess":{ + "CreateDate":"2021-02-23T00:10:40+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "grafana:Describe*", + "grafana:List*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AWSGrafanaConsoleReadOnlyAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-02-15T22:30:54+00:00" + }, + "AWSGrafanaWorkspacePermissionManagement":{ + "CreateDate":"2021-02-23T00:15:54+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "grafana:DescribeWorkspace", + "grafana:DescribeWorkspaceAuthentication", + "grafana:UpdatePermissions", + "grafana:ListPermissions", + "grafana:ListWorkspaces" + ], + "Effect":"Allow", + "Resource":"arn:aws:grafana:*:*:/workspaces*", + "Sid":"AWSGrafanaPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-21T20:30:06+00:00" + }, + "AWSGreengrassFullAccess":{ + "CreateDate":"2017-05-03T00:47:37+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "greengrass:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-05-03T00:47:37+00:00" + }, + "AWSGreengrassReadOnlyAccess":{ + "CreateDate":"2018-10-30T16:01:43+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "greengrass:List*", + "greengrass:Get*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-10-30T16:01:43+00:00" + }, + "AWSGreengrassResourceAccessRolePolicy":{ + "CreateDate":"2017-02-14T21:17:24+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "iot:DeleteThingShadow", + "iot:GetThingShadow", + "iot:UpdateThingShadow" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iot:*:*:thing/GG_*", + "arn:aws:iot:*:*:thing/*-gcm", + "arn:aws:iot:*:*:thing/*-gda", + "arn:aws:iot:*:*:thing/*-gci" + ], + "Sid":"AllowGreengrassAccessToShadows" + }, + { + "Action":[ + "iot:DescribeThing" + ], + "Effect":"Allow", + "Resource":"arn:aws:iot:*:*:thing/*", + "Sid":"AllowGreengrassToDescribeThings" + }, + { + "Action":[ + "iot:DescribeCertificate" + ], + "Effect":"Allow", + "Resource":"arn:aws:iot:*:*:cert/*", + "Sid":"AllowGreengrassToDescribeCertificates" + }, + { + "Action":[ + "greengrass:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowGreengrassToCallGreengrassServices" + }, + { + "Action":[ + "lambda:GetFunction", + "lambda:GetFunctionConfiguration" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowGreengrassToGetLambdaFunctions" + }, + { + "Action":[ + "secretsmanager:GetSecretValue" + ], + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:greengrass-*", + "Sid":"AllowGreengrassToGetGreengrassSecrets" + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*Greengrass*", + "arn:aws:s3:::*GreenGrass*", + "arn:aws:s3:::*greengrass*", + "arn:aws:s3:::*Sagemaker*", + "arn:aws:s3:::*SageMaker*", + "arn:aws:s3:::*sagemaker*" + ], + "Sid":"AllowGreengrassAccessToS3Objects" + }, + { + "Action":[ + "s3:GetBucketLocation" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowGreengrassAccessToS3BucketLocation" + }, + { + "Action":[ + "sagemaker:DescribeTrainingJob" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sagemaker:*:*:training-job/*" + ], + "Sid":"AllowGreengrassAccessToSageMakerTrainingJobs" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-11-14T00:35:02+00:00" + }, + "AWSHealthFullAccess":{ + "CreateDate":"2016-12-06T12:30:31+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "organizations:EnableAWSServiceAccess", + "organizations:DisableAWSServiceAccess" + ], + "Condition":{ + "StringEquals":{ + "organizations:ServicePrincipal":"health.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "health:*", + "organizations:ListAccounts", + "organizations:ListParents", + "organizations:DescribeAccount", + "organizations:ListDelegatedAdministrators" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"health.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-11-16T18:11:34+00:00" + }, + "AWSIPAMServiceRolePolicy":{ + "CreateDate":"2021-11-30T19:08:11+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeAddresses", + "ec2:DescribeByoipCidrs", + "ec2:DescribeIpv6Pools", + "ec2:DescribePublicIpv4Pools", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:ListAccounts", + "organizations:ListDelegatedAdministrators" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"cloudwatch:PutMetricData", + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/IPAM" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-30T19:08:11+00:00" + }, + "AWSIQContractServiceRolePolicy":{ + "CreateDate":"2019-08-22T19:28:39+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-marketplace:Subscribe" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-08-22T19:28:39+00:00" + }, + "AWSIQFullAccess":{ + "CreateDate":"2019-04-04T23:13:42+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "iq:*", + "iq-permission:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "permission.iq.amazonaws.com", + "contract.iq.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-09-25T20:22:34+00:00" + }, + "AWSIQPermissionServiceRolePolicy":{ + "CreateDate":"2019-08-22T19:36:29+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:DeleteRole", + "iam:ListAttachedRolePolicies" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/AWSIQPermission-*" + }, + { + "Action":[ + "iam:AttachRolePolicy" + ], + "Condition":{ + "ArnEquals":{ + "iam:PolicyARN":"arn:aws:iam::aws:policy/AWSDenyAll" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/AWSIQPermission-*" + }, + { + "Action":[ + "iam:DetachRolePolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/AWSIQPermission-*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-08-22T19:36:29+00:00" + }, + "AWSIdentitySyncFullAccess":{ + "CreateDate":"2022-03-23T23:29:33+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ds:AuthorizeApplication", + "ds:UnauthorizeApplication" + ], + "Effect":"Allow", + "Resource":"arn:*:ds:*:*:*/*" + }, + { + "Action":[ + "identity-sync:DeleteSyncProfile", + "identity-sync:CreateSyncProfile", + "identity-sync:GetSyncProfile", + "identity-sync:StartSync", + "identity-sync:StopSync", + "identity-sync:CreateSyncFilter", + "identity-sync:DeleteSyncFilter", + "identity-sync:ListSyncFilters", + "identity-sync:CreateSyncTarget", + "identity-sync:DeleteSyncTarget", + "identity-sync:GetSyncTarget", + "identity-sync:UpdateSyncTarget" + ], + "Effect":"Allow", + "Resource":"arn:*:identity-sync:*:*:*/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-03-23T23:29:33+00:00" + }, + "AWSIdentitySyncReadOnlyAccess":{ + "CreateDate":"2022-03-23T23:29:52+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "identity-sync:GetSyncProfile", + "identity-sync:ListSyncFilters", + "identity-sync:GetSyncTarget" + ], + "Effect":"Allow", + "Resource":"arn:*:identity-sync:*:*:*/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-03-23T23:29:52+00:00" + }, + "AWSImageBuilderFullAccess":{ + "CreateDate":"2019-12-20T18:25:12+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "imagebuilder:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sns:ListTopics" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sns:Publish" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:*imagebuilder*" + }, + { + "Action":[ + "license-manager:ListLicenseConfigurations", + "license-manager:ListLicenseSpecificationsForResource" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder" + }, + { + "Action":[ + "iam:GetInstanceProfile" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:instance-profile/*imagebuilder*" + }, + { + "Action":[ + "iam:ListInstanceProfiles", + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"ec2.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:instance-profile/*imagebuilder*", + "arn:aws:iam::*:role/*imagebuilder*" + ] + }, + { + "Action":[ + "s3:ListAllMyBuckets", + "s3:GetBucketLocation" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3::*:*imagebuilder*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"imagebuilder.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder" + }, + { + "Action":[ + "ec2:DescribeImages", + "ec2:DescribeSnapshots", + "ec2:DescribeVpcs", + "ec2:DescribeRegions", + "ec2:DescribeVolumes", + "ec2:DescribeSubnets", + "ec2:DescribeKeyPairs", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInstanceTypeOfferings", + "ec2:DescribeLaunchTemplates" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-04-13T17:33:42+00:00" + }, + "AWSImageBuilderReadOnlyAccess":{ + "CreateDate":"2019-12-19T22:29:23+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "imagebuilder:Get*", + "imagebuilder:List*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-12-19T22:29:23+00:00" + }, + "AWSImportExportFullAccess":{ + "CreateDate":"2015-02-06T18:40:43+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "importexport:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:40:43+00:00" + }, + "AWSImportExportReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:40:42+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "importexport:ListJobs", + "importexport:GetStatus" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:40:42+00:00" + }, + "AWSIncidentManagerResolverAccess":{ + "CreateDate":"2021-05-10T06:12:34+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ssm-incidents:StartIncident" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"StartIncidentPermissions" + }, + { + "Action":[ + "ssm-incidents:ListResponsePlans", + "ssm-incidents:GetResponsePlan" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ResponsePlanReadOnlyPermissions" + }, + { + "Action":[ + "ssm-incidents:ListIncidentRecords", + "ssm-incidents:GetIncidentRecord", + "ssm-incidents:UpdateIncidentRecord", + "ssm-incidents:ListTimelineEvents", + "ssm-incidents:CreateTimelineEvent", + "ssm-incidents:GetTimelineEvent", + "ssm-incidents:UpdateTimelineEvent", + "ssm-incidents:DeleteTimelineEvent", + "ssm-incidents:ListRelatedItems", + "ssm-incidents:UpdateRelatedItems" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"IncidentRecordResolverPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-05-10T06:12:34+00:00" + }, + "AWSIncidentManagerServiceRolePolicy":{ + "CreateDate":"2021-05-10T03:34:45+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ssm-incidents:ListIncidentRecords", + "ssm-incidents:CreateTimelineEvent" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"UpdateIncidentRecordPermissions" + }, + { + "Action":[ + "ssm:CreateOpsItem", + "ssm:AssociateOpsItemRelatedItem" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"RelatedOpsItemPermissions" + }, + { + "Action":"ssm-contacts:StartEngagement", + "Effect":"Allow", + "Resource":"*", + "Sid":"IncidentEngagementPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-05-10T03:34:45+00:00" + }, + "AWSIoT1ClickFullAccess":{ + "CreateDate":"2018-05-11T22:10:14+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iot1click:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-05-11T22:10:14+00:00" + }, + "AWSIoT1ClickReadOnlyAccess":{ + "CreateDate":"2018-05-11T21:49:24+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iot1click:Describe*", + "iot1click:Get*", + "iot1click:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-05-11T21:49:24+00:00" + }, + "AWSIoTAnalyticsFullAccess":{ + "CreateDate":"2018-06-18T23:02:45+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iotanalytics:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-06-18T23:02:45+00:00" + }, + "AWSIoTAnalyticsReadOnlyAccess":{ + "CreateDate":"2018-06-18T21:37:49+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iotanalytics:Describe*", + "iotanalytics:List*", + "iotanalytics:Get*", + "iotanalytics:SampleChannelData" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-06-18T21:37:49+00:00" + }, + "AWSIoTConfigAccess":{ + "CreateDate":"2015-10-27T21:52:07+00:00", + "DefaultVersionId":"v9", + "Document":{ + "Statement":[ + { + "Action":[ + "iot:AcceptCertificateTransfer", + "iot:AddThingToThingGroup", + "iot:AssociateTargetsWithJob", + "iot:AttachPolicy", + "iot:AttachPrincipalPolicy", + "iot:AttachThingPrincipal", + "iot:CancelCertificateTransfer", + "iot:CancelJob", + "iot:CancelJobExecution", + "iot:ClearDefaultAuthorizer", + "iot:CreateAuthorizer", + "iot:CreateCertificateFromCsr", + "iot:CreateJob", + "iot:CreateKeysAndCertificate", + "iot:CreateOTAUpdate", + "iot:CreatePolicy", + "iot:CreatePolicyVersion", + "iot:CreateRoleAlias", + "iot:CreateStream", + "iot:CreateThing", + "iot:CreateThingGroup", + "iot:CreateThingType", + "iot:CreateTopicRule", + "iot:DeleteAuthorizer", + "iot:DeleteCACertificate", + "iot:DeleteCertificate", + "iot:DeleteJob", + "iot:DeleteJobExecution", + "iot:DeleteOTAUpdate", + "iot:DeletePolicy", + "iot:DeletePolicyVersion", + "iot:DeleteRegistrationCode", + "iot:DeleteRoleAlias", + "iot:DeleteStream", + "iot:DeleteThing", + "iot:DeleteThingGroup", + "iot:DeleteThingType", + "iot:DeleteTopicRule", + "iot:DeleteV2LoggingLevel", + "iot:DeprecateThingType", + "iot:DescribeAuthorizer", + "iot:DescribeCACertificate", + "iot:DescribeCertificate", + "iot:DescribeDefaultAuthorizer", + "iot:DescribeEndpoint", + "iot:DescribeEventConfigurations", + "iot:DescribeIndex", + "iot:DescribeJob", + "iot:DescribeJobExecution", + "iot:DescribeRoleAlias", + "iot:DescribeStream", + "iot:DescribeThing", + "iot:DescribeThingGroup", + "iot:DescribeThingRegistrationTask", + "iot:DescribeThingType", + "iot:DetachPolicy", + "iot:DetachPrincipalPolicy", + "iot:DetachThingPrincipal", + "iot:DisableTopicRule", + "iot:EnableTopicRule", + "iot:GetEffectivePolicies", + "iot:GetIndexingConfiguration", + "iot:GetJobDocument", + "iot:GetLoggingOptions", + "iot:GetOTAUpdate", + "iot:GetPolicy", + "iot:GetPolicyVersion", + "iot:GetRegistrationCode", + "iot:GetTopicRule", + "iot:GetV2LoggingOptions", + "iot:ListAttachedPolicies", + "iot:ListAuthorizers", + "iot:ListCACertificates", + "iot:ListCertificates", + "iot:ListCertificatesByCA", + "iot:ListIndices", + "iot:ListJobExecutionsForJob", + "iot:ListJobExecutionsForThing", + "iot:ListJobs", + "iot:ListOTAUpdates", + "iot:ListOutgoingCertificates", + "iot:ListPolicies", + "iot:ListPolicyPrincipals", + "iot:ListPolicyVersions", + "iot:ListPrincipalPolicies", + "iot:ListPrincipalThings", + "iot:ListRoleAliases", + "iot:ListStreams", + "iot:ListTargetsForPolicy", + "iot:ListThingGroups", + "iot:ListThingGroupsForThing", + "iot:ListThingPrincipals", + "iot:ListThingRegistrationTaskReports", + "iot:ListThingRegistrationTasks", + "iot:ListThings", + "iot:ListThingsInThingGroup", + "iot:ListThingTypes", + "iot:ListTopicRules", + "iot:ListV2LoggingLevels", + "iot:RegisterCACertificate", + "iot:RegisterCertificate", + "iot:RegisterThing", + "iot:RejectCertificateTransfer", + "iot:RemoveThingFromThingGroup", + "iot:ReplaceTopicRule", + "iot:SearchIndex", + "iot:SetDefaultAuthorizer", + "iot:SetDefaultPolicyVersion", + "iot:SetLoggingOptions", + "iot:SetV2LoggingLevel", + "iot:SetV2LoggingOptions", + "iot:StartThingRegistrationTask", + "iot:StopThingRegistrationTask", + "iot:TestAuthorization", + "iot:TestInvokeAuthorizer", + "iot:TransferCertificate", + "iot:UpdateAuthorizer", + "iot:UpdateCACertificate", + "iot:UpdateCertificate", + "iot:UpdateEventConfigurations", + "iot:UpdateIndexingConfiguration", + "iot:UpdateRoleAlias", + "iot:UpdateStream", + "iot:UpdateThing", + "iot:UpdateThingGroup", + "iot:UpdateThingGroupsForThing", + "iot:UpdateAccountAuditConfiguration", + "iot:DescribeAccountAuditConfiguration", + "iot:DeleteAccountAuditConfiguration", + "iot:StartOnDemandAuditTask", + "iot:CancelAuditTask", + "iot:DescribeAuditTask", + "iot:ListAuditTasks", + "iot:CreateScheduledAudit", + "iot:UpdateScheduledAudit", + "iot:DeleteScheduledAudit", + "iot:DescribeScheduledAudit", + "iot:ListScheduledAudits", + "iot:ListAuditFindings", + "iot:CreateSecurityProfile", + "iot:DescribeSecurityProfile", + "iot:UpdateSecurityProfile", + "iot:DeleteSecurityProfile", + "iot:AttachSecurityProfile", + "iot:DetachSecurityProfile", + "iot:ListSecurityProfiles", + "iot:ListSecurityProfilesForTarget", + "iot:ListTargetsForSecurityProfile", + "iot:ListActiveViolations", + "iot:ListViolationEvents", + "iot:ValidateSecurityProfileBehaviors" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-09-27T20:48:00+00:00" + }, + "AWSIoTConfigReadOnlyAccess":{ + "CreateDate":"2015-10-27T21:52:31+00:00", + "DefaultVersionId":"v8", + "Document":{ + "Statement":[ + { + "Action":[ + "iot:DescribeAuthorizer", + "iot:DescribeCACertificate", + "iot:DescribeCertificate", + "iot:DescribeDefaultAuthorizer", + "iot:DescribeEndpoint", + "iot:DescribeEventConfigurations", + "iot:DescribeIndex", + "iot:DescribeJob", + "iot:DescribeJobExecution", + "iot:DescribeRoleAlias", + "iot:DescribeStream", + "iot:DescribeThing", + "iot:DescribeThingGroup", + "iot:DescribeThingRegistrationTask", + "iot:DescribeThingType", + "iot:GetEffectivePolicies", + "iot:GetIndexingConfiguration", + "iot:GetJobDocument", + "iot:GetLoggingOptions", + "iot:GetOTAUpdate", + "iot:GetPolicy", + "iot:GetPolicyVersion", + "iot:GetRegistrationCode", + "iot:GetTopicRule", + "iot:GetV2LoggingOptions", + "iot:ListAttachedPolicies", + "iot:ListAuthorizers", + "iot:ListCACertificates", + "iot:ListCertificates", + "iot:ListCertificatesByCA", + "iot:ListIndices", + "iot:ListJobExecutionsForJob", + "iot:ListJobExecutionsForThing", + "iot:ListJobs", + "iot:ListOTAUpdates", + "iot:ListOutgoingCertificates", + "iot:ListPolicies", + "iot:ListPolicyPrincipals", + "iot:ListPolicyVersions", + "iot:ListPrincipalPolicies", + "iot:ListPrincipalThings", + "iot:ListRoleAliases", + "iot:ListStreams", + "iot:ListTargetsForPolicy", + "iot:ListThingGroups", + "iot:ListThingGroupsForThing", + "iot:ListThingPrincipals", + "iot:ListThingRegistrationTaskReports", + "iot:ListThingRegistrationTasks", + "iot:ListThings", + "iot:ListThingsInThingGroup", + "iot:ListThingTypes", + "iot:ListTopicRules", + "iot:ListV2LoggingLevels", + "iot:SearchIndex", + "iot:TestAuthorization", + "iot:TestInvokeAuthorizer", + "iot:DescribeAccountAuditConfiguration", + "iot:DescribeAuditTask", + "iot:ListAuditTasks", + "iot:DescribeScheduledAudit", + "iot:ListScheduledAudits", + "iot:ListAuditFindings", + "iot:DescribeSecurityProfile", + "iot:ListSecurityProfiles", + "iot:ListSecurityProfilesForTarget", + "iot:ListTargetsForSecurityProfile", + "iot:ListActiveViolations", + "iot:ListViolationEvents", + "iot:ValidateSecurityProfileBehaviors" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-09-27T20:52:40+00:00" + }, + "AWSIoTDataAccess":{ + "CreateDate":"2015-10-27T21:51:18+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "iot:Connect", + "iot:Publish", + "iot:Subscribe", + "iot:Receive", + "iot:GetThingShadow", + "iot:UpdateThingShadow", + "iot:DeleteThingShadow", + "iot:ListNamedShadowsForThing" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-06-23T21:34:47+00:00" + }, + "AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction":{ + "CreateDate":"2019-08-07T17:55:37+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iot:ListPrincipalThings", + "iot:AddThingToThingGroup" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-08-07T17:55:37+00:00" + }, + "AWSIoTDeviceDefenderAudit":{ + "CreateDate":"2018-07-18T21:17:40+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "iot:GetLoggingOptions", + "iot:GetV2LoggingOptions", + "iot:ListCACertificates", + "iot:ListCertificates", + "iot:DescribeCACertificate", + "iot:DescribeCertificate", + "iot:ListPolicies", + "iot:GetPolicy", + "iot:GetEffectivePolicies", + "iot:ListRoleAliases", + "iot:DescribeRoleAlias", + "cognito-identity:GetIdentityPoolRoles", + "iam:ListRolePolicies", + "iam:ListAttachedRolePolicies", + "iam:GetRole", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRolePolicy", + "iam:GenerateServiceLastAccessedDetails", + "iam:GetServiceLastAccessedDetails" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-11-25T23:52:43+00:00" + }, + "AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction":{ + "CreateDate":"2019-08-07T17:04:07+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iot:SetV2LoggingOptions" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "iot.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-08-07T17:04:07+00:00" + }, + "AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction":{ + "CreateDate":"2019-08-07T17:04:37+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sns:Publish" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-08-07T17:04:37+00:00" + }, + "AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction":{ + "CreateDate":"2019-08-07T17:04:57+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iot:CreatePolicyVersion" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-08-07T17:04:57+00:00" + }, + "AWSIoTDeviceDefenderUpdateCACertMitigationAction":{ + "CreateDate":"2019-08-07T17:05:49+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iot:UpdateCACertificate" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-08-07T17:05:49+00:00" + }, + "AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction":{ + "CreateDate":"2019-08-07T17:06:00+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iot:UpdateCertificate" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-08-07T17:06:00+00:00" + }, + "AWSIoTDeviceTesterForFreeRTOSFullAccess":{ + "CreateDate":"2020-02-12T20:33:53+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"iot.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/idt-*", + "Sid":"VisualEditor0" + }, + { + "Action":[ + "iot:DeleteThing", + "iot:AttachThingPrincipal", + "iot:DeleteCertificate", + "iot:GetRegistrationCode", + "iot:CreatePolicy", + "iot:UpdateCACertificate", + "s3:ListBucket", + "iot:DescribeEndpoint", + "iot:CreateOTAUpdate", + "iot:CreateStream", + "signer:ListSigningJobs", + "acm:ListCertificates", + "iot:CreateKeysAndCertificate", + "iot:UpdateCertificate", + "iot:CreateCertificateFromCsr", + "iot:DetachThingPrincipal", + "iot:RegisterCACertificate", + "iot:CreateThing", + "freertos:ListHardwarePlatforms", + "iam:ListRoles", + "iot:RegisterCertificate", + "iot:DeleteCACertificate", + "signer:PutSigningProfile", + "s3:ListAllMyBuckets", + "signer:ListSigningPlatforms", + "iot-device-tester:SendMetrics", + "iot-device-tester:SupportedVersion", + "iot-device-tester:LatestIdt", + "iot-device-tester:CheckVersion", + "iot-device-tester:DownloadTestSuite" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"VisualEditor1" + }, + { + "Action":[ + "iam:GetRole", + "signer:StartSigningJob", + "acm:GetCertificate", + "signer:DescribeSigningJob", + "s3:CreateBucket", + "execute-api:Invoke", + "s3:DeleteBucket", + "s3:PutBucketVersioning", + "signer:CancelSigningProfile" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:execute-api:us-east-1:098862408343:9xpmnvs5h4/prod/POST/metrics", + "arn:aws:signer:*:*:/signing-profiles/*", + "arn:aws:signer:*:*:/signing-jobs/*", + "arn:aws:iam::*:role/idt-*", + "arn:aws:acm:*:*:certificate/*", + "arn:aws:s3:::idt-*", + "arn:aws:s3:::afr-ota*" + ], + "Sid":"VisualEditor2" + }, + { + "Action":[ + "iot:DeleteStream", + "iot:DeleteCertificate", + "iot:AttachPolicy", + "iot:DetachPolicy", + "iot:DeletePolicy", + "s3:ListBucketVersions", + "iot:UpdateCertificate", + "iot:GetOTAUpdate", + "iot:DeleteOTAUpdate", + "iot:DescribeJobExecution" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::afr-ota*", + "arn:aws:iot:*:*:thinggroup/idt*", + "arn:aws:iam::*:role/idt-*" + ], + "Sid":"VisualEditor3" + }, + { + "Action":[ + "iot:DeleteCertificate", + "iot:AttachPolicy", + "iot:DetachPolicy", + "s3:DeleteObjectVersion", + "iot:DeleteOTAUpdate", + "s3:PutObject", + "s3:GetObject", + "iot:DeleteStream", + "iot:DeletePolicy", + "s3:DeleteObject", + "iot:UpdateCertificate", + "iot:GetOTAUpdate", + "s3:GetObjectVersion", + "iot:DescribeJobExecution" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::afr-ota*/*", + "arn:aws:s3:::idt-*/*", + "arn:aws:iot:*:*:policy/idt*", + "arn:aws:iam::*:role/idt-*", + "arn:aws:iot:*:*:otaupdate/idt*", + "arn:aws:iot:*:*:thing/idt*", + "arn:aws:iot:*:*:cert/*", + "arn:aws:iot:*:*:job/*", + "arn:aws:iot:*:*:stream/*" + ], + "Sid":"VisualEditor4" + }, + { + "Action":[ + "s3:PutObject", + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::afr-ota*/*", + "arn:aws:s3:::idt-*/*" + ], + "Sid":"VisualEditor5" + }, + { + "Action":[ + "iot:CancelJobExecution" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iot:*:*:job/*", + "arn:aws:iot:*:*:thing/idt*" + ], + "Sid":"VisualEditor6" + }, + { + "Action":[ + "ec2:TerminateInstances" + ], + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/Owner":"IoTDeviceTester" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ], + "Sid":"VisualEditor7" + }, + { + "Action":[ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:DeleteSecurityGroup" + ], + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/Owner":"IoTDeviceTester" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*" + ], + "Sid":"VisualEditor8" + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/Owner":"IoTDeviceTester" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ], + "Sid":"VisualEditor9" + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:image/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:key-pair/*", + "arn:aws:ec2:*:*:placement-group/*", + "arn:aws:ec2:*:*:snapshot/*", + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:subnet/*" + ], + "Sid":"VisualEditor10" + }, + { + "Action":[ + "ec2:CreateSecurityGroup" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/Owner":"IoTDeviceTester" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*" + ], + "Sid":"VisualEditor11" + }, + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeSecurityGroups", + "ssm:DescribeParameters", + "ssm:GetParameters" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"VisualEditor12" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:TagKeys":[ + "Owner" + ], + "ec2:CreateAction":[ + "RunInstances", + "CreateSecurityGroup" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:instance/*" + ], + "Sid":"VisualEditor13" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-15T18:03:46+00:00" + }, + "AWSIoTDeviceTesterForGreengrassFullAccess":{ + "CreateDate":"2020-02-20T21:21:27+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "iot.amazonaws.com", + "lambda.amazonaws.com", + "greengrass.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/idt-*", + "Sid":"VisualEditor1" + }, + { + "Action":[ + "lambda:CreateFunction", + "iot:DeleteCertificate", + "lambda:DeleteFunction", + "execute-api:Invoke", + "iot:UpdateCertificate" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:execute-api:us-east-1:098862408343:9xpmnvs5h4/prod/POST/metrics", + "arn:aws:lambda:*:*:function:idt-*", + "arn:aws:iot:*:*:cert/*" + ], + "Sid":"VisualEditor2" + }, + { + "Action":[ + "iot:CreateThing", + "iot:DeleteThing" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iot:*:*:thing/idt-*", + "arn:aws:iot:*:*:cert/*" + ], + "Sid":"VisualEditor3" + }, + { + "Action":[ + "iot:AttachPolicy", + "iot:DetachPolicy", + "iot:DeletePolicy" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iot:*:*:policy/idt-*", + "arn:aws:iot:*:*:cert/*" + ], + "Sid":"VisualEditor4" + }, + { + "Action":[ + "iot:CreateJob", + "iot:DescribeJob", + "iot:DescribeJobExecution", + "iot:DeleteJob" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iot:*:*:thing/idt-*", + "arn:aws:iot:*:*:job/*" + ], + "Sid":"VisualEditor5" + }, + { + "Action":[ + "iot:DescribeEndpoint", + "greengrass:*", + "iam:ListAttachedRolePolicies", + "iot:CreatePolicy", + "iot:GetThingShadow", + "iot:CreateKeysAndCertificate", + "iot:ListThings", + "iot:UpdateThingShadow", + "iot:CreateCertificateFromCsr", + "iot-device-tester:SendMetrics", + "iot-device-tester:SupportedVersion", + "iot-device-tester:LatestIdt", + "iot-device-tester:CheckVersion", + "iot-device-tester:DownloadTestSuite" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"VisualEditor6" + }, + { + "Action":[ + "iot:DetachThingPrincipal", + "iot:AttachThingPrincipal" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iot:*:*:thing/idt-*", + "arn:aws:iot:*:*:cert/*" + ], + "Sid":"VisualEditor7" + }, + { + "Action":[ + "s3:PutObject", + "s3:DeleteObjectVersion", + "s3:ListBucketVersions", + "s3:CreateBucket", + "s3:DeleteObject", + "s3:DeleteBucket" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::idt*", + "Sid":"VisualEditor8" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-25T17:01:56+00:00" + }, + "AWSIoTEventsFullAccess":{ + "CreateDate":"2019-01-10T22:51:57+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iotevents:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-01-10T22:51:57+00:00" + }, + "AWSIoTEventsReadOnlyAccess":{ + "CreateDate":"2019-01-10T22:50:08+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "iotevents:Describe*", + "iotevents:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-09-23T17:22:04+00:00" + }, + "AWSIoTFleetHubFederationAccess":{ + "CreateDate":"2020-12-15T08:08:05+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "iot:DescribeIndex", + "iot:DescribeThingGroup", + "iot:GetBucketsAggregation", + "iot:GetCardinality", + "iot:GetIndexingConfiguration", + "iot:GetPercentiles", + "iot:GetStatistics", + "iot:SearchIndex", + "iot:CreateFleetMetric", + "iot:ListFleetMetrics", + "iot:DeleteFleetMetric", + "iot:DescribeFleetMetric", + "iot:UpdateFleetMetric", + "iot:DescribeCustomMetric", + "iot:ListCustomMetrics", + "iot:ListDimensions", + "iot:ListMetricValues", + "iot:ListThingGroups", + "iot:ListThingsInThingGroup", + "iot:ListJobTemplates", + "iot:DescribeJobTemplate", + "iot:ListJobs", + "iot:CreateJob", + "iot:CancelJob", + "iot:DescribeJob", + "iot:ListJobExecutionsForJob", + "iot:ListJobExecutionsForThing", + "iot:DescribeJobExecution", + "iot:ListSecurityProfiles", + "iot:DescribeSecurityProfile", + "iot:ListActiveViolations", + "iot:GetThingShadow", + "iot:ListNamedShadowsForThing", + "iot:CancelJobExecution", + "iot:DescribeEndpoint", + "iotfleethub:DescribeApplication", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricData", + "cloudwatch:ListMetrics", + "sns:ListTopics" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sns:CreateTopic", + "sns:DeleteTopic", + "sns:ListSubscriptionsByTopic", + "sns:Subscribe", + "sns:Unsubscribe" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:iotfleethub*" + }, + { + "Action":[ + "cloudwatch:PutMetricAlarm", + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarmHistory" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudwatch:*:*:iotfleethub*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-04T18:03:01+00:00" + }, + "AWSIoTFullAccess":{ + "CreateDate":"2015-10-08T15:19:49+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "iot:*", + "iotjobsdata:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-19T21:39:11+00:00" + }, + "AWSIoTLogging":{ + "CreateDate":"2015-10-08T15:17:25+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:PutMetricFilter", + "logs:PutRetentionPolicy", + "logs:GetLogEvents", + "logs:DeleteLogStream" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-10-08T15:17:25+00:00" + }, + "AWSIoTOTAUpdate":{ + "CreateDate":"2017-12-20T20:36:53+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":{ + "Action":[ + "iot:CreateJob", + "signer:DescribeSigningJob" + ], + "Effect":"Allow", + "Resource":"*" + }, + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-12-20T20:36:53+00:00" + }, + "AWSIoTRuleActions":{ + "CreateDate":"2015-10-08T15:14:51+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":{ + "Action":[ + "dynamodb:PutItem", + "kinesis:PutRecord", + "iot:Publish", + "s3:PutObject", + "sns:Publish", + "sqs:SendMessage*", + "cloudwatch:SetAlarmState", + "cloudwatch:PutMetricData", + "es:ESHttpPut", + "firehose:PutRecord" + ], + "Effect":"Allow", + "Resource":"*" + }, + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-01-16T19:28:19+00:00" + }, + "AWSIoTSiteWiseConsoleFullAccess":{ + "CreateDate":"2019-05-31T21:37:49+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"iotsitewise:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iotanalytics:List*", + "iotanalytics:Describe*", + "iotanalytics:Create*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iot:DescribeEndpoint", + "iot:GetThingShadow" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "greengrass:GetGroup", + "greengrass:GetGroupVersion", + "greengrass:GetCoreDefinitionVersion", + "greengrass:ListGroups" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "secretsmanager:ListSecrets", + "secretsmanager:CreateSecret" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "secretsmanager:UpdateSecret" + ], + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:greengrass-*" + }, + { + "Action":[ + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"iotsitewise.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/iotsitewise.amazonaws.com/AWSServiceRoleForIoTSiteWise*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"iotsitewise.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/iotsitewise.amazonaws.com/AWSServiceRoleForIoTSiteWise*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-05-31T21:37:49+00:00" + }, + "AWSIoTSiteWiseFullAccess":{ + "CreateDate":"2018-12-04T20:53:39+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iotsitewise:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-12-04T20:53:39+00:00" + }, + "AWSIoTSiteWiseMonitorPortalAccess":{ + "CreateDate":"2020-05-19T20:01:21+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iotsitewise:CreateProject", + "iotsitewise:DescribeProject", + "iotsitewise:UpdateProject", + "iotsitewise:DeleteProject", + "iotsitewise:ListProjects", + "iotsitewise:BatchAssociateProjectAssets", + "iotsitewise:BatchDisassociateProjectAssets", + "iotsitewise:ListProjectAssets", + "iotsitewise:CreateDashboard", + "iotsitewise:DescribeDashboard", + "iotsitewise:UpdateDashboard", + "iotsitewise:DeleteDashboard", + "iotsitewise:ListDashboards", + "iotsitewise:CreateAccessPolicy", + "iotsitewise:DescribeAccessPolicy", + "iotsitewise:UpdateAccessPolicy", + "iotsitewise:DeleteAccessPolicy", + "iotsitewise:ListAccessPolicies", + "iotsitewise:DescribeAsset", + "iotsitewise:ListAssets", + "iotsitewise:ListAssociatedAssets", + "iotsitewise:DescribeAssetProperty", + "iotsitewise:GetAssetPropertyValue", + "iotsitewise:GetAssetPropertyValueHistory", + "iotsitewise:GetAssetPropertyAggregates", + "sso-directory:DescribeUsers" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-05-19T20:01:21+00:00" + }, + "AWSIoTSiteWiseMonitorServiceRolePolicy":{ + "CreateDate":"2019-11-14T00:59:10+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "iotsitewise:CreateProject", + "iotsitewise:DescribeProject", + "iotsitewise:UpdateProject", + "iotsitewise:DeleteProject", + "iotsitewise:ListProjects", + "iotsitewise:BatchAssociateProjectAssets", + "iotsitewise:BatchDisassociateProjectAssets", + "iotsitewise:ListProjectAssets", + "iotsitewise:CreateDashboard", + "iotsitewise:DescribeDashboard", + "iotsitewise:UpdateDashboard", + "iotsitewise:DeleteDashboard", + "iotsitewise:ListDashboards", + "iotsitewise:CreateAccessPolicy", + "iotsitewise:DescribeAccessPolicy", + "iotsitewise:UpdateAccessPolicy", + "iotsitewise:DeleteAccessPolicy", + "iotsitewise:ListAccessPolicies", + "iotsitewise:DescribeAsset", + "iotsitewise:ListAssets", + "iotsitewise:ListAssociatedAssets", + "iotsitewise:DescribeAssetProperty", + "iotsitewise:GetAssetPropertyValue", + "iotsitewise:GetAssetPropertyValueHistory", + "iotsitewise:GetAssetPropertyAggregates", + "sso-directory:DescribeUsers" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-12-13T22:19:25+00:00" + }, + "AWSIoTSiteWiseReadOnlyAccess":{ + "CreateDate":"2018-12-04T20:55:11+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iotsitewise:Describe*", + "iotsitewise:List*", + "iotsitewise:Get*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-12-04T20:55:11+00:00" + }, + "AWSIoTThingsRegistration":{ + "CreateDate":"2017-12-01T20:21:52+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "iot:AddThingToThingGroup", + "iot:AttachPolicy", + "iot:AttachPrincipalPolicy", + "iot:AttachThingPrincipal", + "iot:CreateCertificateFromCsr", + "iot:CreatePolicy", + "iot:CreateThing", + "iot:DescribeCertificate", + "iot:DescribeThing", + "iot:DescribeThingGroup", + "iot:DescribeThingType", + "iot:DetachPolicy", + "iot:DetachThingPrincipal", + "iot:GetPolicy", + "iot:ListAttachedPolicies", + "iot:ListPolicyPrincipals", + "iot:ListPrincipalPolicies", + "iot:ListPrincipalThings", + "iot:ListTargetsForPolicy", + "iot:ListThingGroupsForThing", + "iot:ListThingPrincipals", + "iot:RegisterCertificate", + "iot:RegisterThing", + "iot:RemoveThingFromThingGroup", + "iot:UpdateCertificate", + "iot:UpdateThing", + "iot:UpdateThingGroupsForThing", + "iot:AddThingToBillingGroup", + "iot:DescribeBillingGroup", + "iot:RemoveThingFromBillingGroup" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-10-05T19:20:12+00:00" + }, + "AWSIoTWirelessDataAccess":{ + "CreateDate":"2020-12-15T15:31:39+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iotwireless:SendDataToWirelessDevice" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-15T15:31:39+00:00" + }, + "AWSIoTWirelessFullAccess":{ + "CreateDate":"2020-12-15T15:27:57+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iotwireless:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-15T15:27:57+00:00" + }, + "AWSIoTWirelessFullPublishAccess":{ + "CreateDate":"2020-12-15T15:29:59+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iot:DescribeEndpoint", + "iot:Publish" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-15T15:29:59+00:00" + }, + "AWSIoTWirelessGatewayCertManager":{ + "CreateDate":"2020-12-15T15:30:48+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iot:CreateKeysAndCertificate", + "iot:DescribeCertificate", + "iot:ListCertificates" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"IoTWirelessGatewayCertManager" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-15T15:30:48+00:00" + }, + "AWSIoTWirelessLogging":{ + "CreateDate":"2020-12-15T15:32:40+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/iotwireless*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-15T15:32:40+00:00" + }, + "AWSIoTWirelessReadOnlyAccess":{ + "CreateDate":"2020-12-15T15:28:56+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iotwireless:List*", + "iotwireless:Get*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-15T15:28:56+00:00" + }, + "AWSIotRoboRunnerFullAccess":{ + "CreateDate":"2021-11-29T03:54:37+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"iotroborunner:*", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-29T03:54:37+00:00" + }, + "AWSIotRoboRunnerReadOnly":{ + "CreateDate":"2021-11-29T03:43:32+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iotroborunner:GetTask", + "iotroborunner:ListActivities", + "iotroborunner:GetSite", + "iotroborunner:GetDestinationRelationship", + "iotroborunner:GetWorker", + "iotroborunner:ListTasks", + "iotroborunner:GetAction", + "iotroborunner:GetActivity", + "iotroborunner:ListDestinationRelationships", + "iotroborunner:ListActionTemplates", + "iotroborunner:ListWorkerFleets", + "iotroborunner:ListSites", + "iotroborunner:ListActions", + "iotroborunner:ListWorkers", + "iotroborunner:GetDestination", + "iotroborunner:GetActionTemplate", + "iotroborunner:GetWorkerFleet", + "iotroborunner:ListDestinations" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-29T03:43:32+00:00" + }, + "AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy":{ + "CreateDate":"2018-11-14T20:10:53+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudhsm:Describe*", + "ec2:CreateNetworkInterface", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateSecurityGroup", + "ec2:DescribeSecurityGroups", + "ec2:RevokeSecurityGroupEgress", + "ec2:DeleteSecurityGroup" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-11-14T20:10:53+00:00" + }, + "AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy":{ + "CreateDate":"2021-06-16T15:37:37+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "kms:SynchronizeMultiRegionKey" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-06-16T15:37:37+00:00" + }, + "AWSKeyManagementServicePowerUser":{ + "CreateDate":"2015-02-06T18:40:40+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "kms:CreateAlias", + "kms:CreateKey", + "kms:DeleteAlias", + "kms:Describe*", + "kms:GenerateRandom", + "kms:Get*", + "kms:List*", + "kms:TagResource", + "kms:UntagResource", + "iam:ListGroups", + "iam:ListRoles", + "iam:ListUsers" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-03-07T00:55:11+00:00" + }, + "AWSLakeFormationCrossAccountManager":{ + "CreateDate":"2020-08-04T20:59:46+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "ram:CreateResourceShare" + ], + "Condition":{ + "StringLikeIfExists":{ + "ram:RequestedResourceType":[ + "glue:Table", + "glue:Database", + "glue:Catalog" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ram:UpdateResourceShare", + "ram:DeleteResourceShare", + "ram:AssociateResourceShare", + "ram:DisassociateResourceShare", + "ram:GetResourceShares" + ], + "Condition":{ + "StringLike":{ + "ram:ResourceShareName":[ + "LakeFormation*" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "glue:PutResourcePolicy", + "glue:DeleteResourcePolicy", + "organizations:DescribeOrganization", + "organizations:DescribeAccount", + "ram:Get*", + "ram:List*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "organizations:ListRoots", + "organizations:ListAccountsForParent", + "organizations:ListOrganizationalUnitsForParent" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-20T22:19:37+00:00" + }, + "AWSLakeFormationDataAdmin":{ + "CreateDate":"2019-08-08T17:33:44+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "lakeformation:*", + "cloudtrail:DescribeTrails", + "cloudtrail:LookupEvents", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:CreateDatabase", + "glue:UpdateDatabase", + "glue:DeleteDatabase", + "glue:GetConnections", + "glue:SearchTables", + "glue:GetTable", + "glue:CreateTable", + "glue:UpdateTable", + "glue:DeleteTable", + "glue:GetTableVersions", + "glue:GetPartitions", + "glue:GetTables", + "glue:GetWorkflow", + "glue:ListWorkflows", + "glue:BatchGetWorkflows", + "glue:DeleteWorkflow", + "glue:GetWorkflowRuns", + "glue:StartWorkflowRun", + "glue:GetWorkflow", + "s3:ListBucket", + "s3:GetBucketLocation", + "s3:ListAllMyBuckets", + "s3:GetBucketAcl", + "iam:ListUsers", + "iam:ListRoles", + "iam:GetRole", + "iam:GetRolePolicy" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "lakeformation:PutDataLakeSettings" + ], + "Effect":"Deny", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-12-16T22:41:40+00:00" + }, + "AWSLambdaBasicExecutionRole":{ + "CreateDate":"2015-04-09T15:03:43+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-04-09T15:03:43+00:00" + }, + "AWSLambdaDynamoDBExecutionRole":{ + "CreateDate":"2015-04-09T15:09:29+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "dynamodb:DescribeStream", + "dynamodb:GetRecords", + "dynamodb:GetShardIterator", + "dynamodb:ListStreams", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-04-09T15:09:29+00:00" + }, + "AWSLambdaENIManagementAccess":{ + "CreateDate":"2016-12-06T00:37:27+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteNetworkInterface", + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-10-01T20:07:26+00:00" + }, + "AWSLambdaExecute":{ + "CreateDate":"2015-02-06T18:40:46+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:*" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:*" + }, + { + "Action":[ + "s3:GetObject", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:40:46+00:00" + }, + "AWSLambdaInvocation-DynamoDB":{ + "CreateDate":"2015-02-06T18:40:47+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "lambda:InvokeFunction" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "dynamodb:DescribeStream", + "dynamodb:GetRecords", + "dynamodb:GetShardIterator", + "dynamodb:ListStreams" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:40:47+00:00" + }, + "AWSLambdaKinesisExecutionRole":{ + "CreateDate":"2015-04-09T15:14:16+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "kinesis:DescribeStream", + "kinesis:DescribeStreamSummary", + "kinesis:GetRecords", + "kinesis:GetShardIterator", + "kinesis:ListShards", + "kinesis:ListStreams", + "kinesis:SubscribeToShard", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-11-19T20:09:24+00:00" + }, + "AWSLambdaMSKExecutionRole":{ + "CreateDate":"2020-08-11T17:35:05+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "kafka:DescribeCluster", + "kafka:GetBootstrapBrokers", + "ec2:CreateNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeVpcs", + "ec2:DeleteNetworkInterface", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-11T17:35:05+00:00" + }, + "AWSLambdaReplicator":{ + "CreateDate":"2017-05-23T17:53:03+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "lambda:CreateFunction", + "lambda:DeleteFunction", + "lambda:DisableReplication" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:function:*" + ], + "Sid":"LambdaCreateDeletePermission" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLikeIfExists":{ + "iam:PassedToService":"lambda.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"IamPassRolePermission" + }, + { + "Action":[ + "cloudfront:ListDistributionsByLambdaFunction" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"CloudFrontListDistributions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-12-08T00:17:54+00:00" + }, + "AWSLambdaRole":{ + "CreateDate":"2015-02-06T18:41:28+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "lambda:InvokeFunction" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:41:28+00:00" + }, + "AWSLambdaSQSQueueExecutionRole":{ + "CreateDate":"2018-06-14T21:50:45+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sqs:ReceiveMessage", + "sqs:DeleteMessage", + "sqs:GetQueueAttributes", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-06-14T21:50:45+00:00" + }, + "AWSLambdaVPCAccessExecutionRole":{ + "CreateDate":"2016-02-11T23:15:26+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + "ec2:CreateNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteNetworkInterface", + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-10-15T22:53:03+00:00" + }, + "AWSLambda_FullAccess":{ + "CreateDate":"2020-11-17T21:14:08+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:DescribeStacks", + "cloudformation:ListStackResources", + "cloudwatch:ListMetrics", + "cloudwatch:GetMetricData", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "kms:ListAliases", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:ListAttachedRolePolicies", + "iam:ListRolePolicies", + "iam:ListRoles", + "lambda:*", + "logs:DescribeLogGroups", + "states:DescribeStateMachine", + "states:ListStateMachines", + "tag:GetResources", + "xray:GetTraceSummaries", + "xray:BatchGetTraces" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"lambda.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:DescribeLogStreams", + "logs:GetLogEvents", + "logs:FilterLogEvents" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/lambda/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-11-17T21:14:08+00:00" + }, + "AWSLambda_ReadOnlyAccess":{ + "CreateDate":"2020-11-17T21:10:32+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:DescribeStacks", + "cloudformation:ListStackResources", + "cloudwatch:GetMetricData", + "cloudwatch:ListMetrics", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "kms:ListAliases", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:ListAttachedRolePolicies", + "iam:ListRolePolicies", + "iam:ListRoles", + "logs:DescribeLogGroups", + "lambda:Get*", + "lambda:List*", + "states:DescribeStateMachine", + "states:ListStateMachines", + "tag:GetResources", + "xray:GetTraceSummaries", + "xray:BatchGetTraces" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:DescribeLogStreams", + "logs:GetLogEvents", + "logs:FilterLogEvents" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/lambda/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-11-17T21:10:32+00:00" + }, + "AWSLicenseManagerConsumptionPolicy":{ + "CreateDate":"2021-08-11T23:18:08+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":{ + "Action":[ + "license-manager:CheckoutLicense", + "license-manager:CheckInLicense", + "license-manager:ExtendLicenseConsumption", + "license-manager:GetLicense" + ], + "Effect":"Allow", + "Resource":"*" + }, + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-11T23:18:08+00:00" + }, + "AWSLicenseManagerMasterAccountRolePolicy":{ + "CreateDate":"2018-11-26T19:03:51+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:GetLifecycleConfiguration", + "s3:PutLifecycleConfiguration", + "s3:GetBucketPolicy", + "s3:PutBucketPolicy" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-license-manager-service-*" + ], + "Sid":"S3BucketPermissions" + }, + { + "Action":[ + "s3:AbortMultipartUpload", + "s3:PutObject", + "s3:GetObject", + "s3:ListBucketMultipartUploads", + "s3:ListMultipartUploadParts" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-license-manager-service-*" + ], + "Sid":"S3ObjectPermissions1" + }, + { + "Action":[ + "s3:DeleteObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-license-manager-service-*/resource_sync/*" + ], + "Sid":"S3ObjectPermissions2" + }, + { + "Action":[ + "athena:GetQueryExecution", + "athena:GetQueryResults", + "athena:StartQueryExecution" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"AthenaPermissions" + }, + { + "Action":[ + "glue:GetTable", + "glue:GetPartition", + "glue:GetPartitions" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"GluePermissions" + }, + { + "Action":[ + "organizations:DescribeOrganization", + "organizations:ListAccounts", + "organizations:DescribeAccount", + "organizations:ListChildren", + "organizations:ListParents", + "organizations:ListAccountsForParent", + "organizations:ListRoots", + "organizations:ListAWSServiceAccessForOrganization" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"OrganizationPermissions" + }, + { + "Action":[ + "ram:GetResourceShares", + "ram:GetResourceShareAssociations", + "ram:TagResource" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"RAMPermissions1" + }, + { + "Action":[ + "ram:CreateResourceShare" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/Service":"LicenseManager" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"RAMPermissions2" + }, + { + "Action":[ + "ram:AssociateResourceShare", + "ram:DisassociateResourceShare", + "ram:UpdateResourceShare", + "ram:DeleteResourceShare" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/Service":"LicenseManager" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"RAMPermissions3" + }, + { + "Action":[ + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"IAMGetRoles" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "cloudformation.amazonaws.com", + "glue.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/LicenseManagerServiceResourceDataSyncRole*" + ], + "Sid":"IAMPassRoles" + }, + { + "Action":[ + "cloudformation:UpdateStack", + "cloudformation:CreateStack", + "cloudformation:DeleteStack", + "cloudformation:DescribeStacks" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/LicenseManagerCrossAccountCloudDiscoveryStack/*" + ], + "Sid":"CloudformationPermission" + }, + { + "Action":[ + "glue:CreateTable", + "glue:UpdateTable", + "glue:DeleteTable", + "glue:UpdateJob", + "glue:UpdateCrawler" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:crawler/LicenseManagerResourceSynDataCrawler", + "arn:aws:glue:*:*:job/LicenseManagerResourceSynDataProcessJob", + "arn:aws:glue:*:*:table/license_manager_resource_inventory_db/*", + "arn:aws:glue:*:*:table/license_manager_resource_sync/*", + "arn:aws:glue:*:*:database/license_manager_resource_inventory_db", + "arn:aws:glue:*:*:database/license_manager_resource_sync" + ], + "Sid":"GlueUpdatePermissions" + }, + { + "Action":[ + "resource-groups:PutGroupPolicy" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "ram.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"RGPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-31T20:50:26+00:00" + }, + "AWSLicenseManagerMemberAccountRolePolicy":{ + "CreateDate":"2018-11-26T19:04:32+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "license-manager:UpdateLicenseSpecificationsForResource", + "license-manager:GetLicenseConfiguration" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"LicenseManagerPermissions" + }, + { + "Action":[ + "ssm:ListInventoryEntries", + "ssm:GetInventory", + "ssm:CreateAssociation", + "ssm:CreateResourceDataSync", + "ssm:DeleteResourceDataSync", + "ssm:ListResourceDataSync", + "ssm:ListAssociations" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"SSMPermissions" + }, + { + "Action":[ + "ram:AcceptResourceShareInvitation", + "ram:GetResourceShareInvitations" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"RAMPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-11-15T22:09:32+00:00" + }, + "AWSLicenseManagerServiceRolePolicy":{ + "CreateDate":"2018-11-26T19:02:53+00:00", + "DefaultVersionId":"v7", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"license-management.marketplace.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/license-management.marketplace.amazonaws.com/AWSServiceRoleForMarketplaceLicenseManagement" + ], + "Sid":"IAMPermissions" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"license-manager.member-account.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:*:iam::*:role/aws-service-role/license-manager.member-account.amazonaws.com/AWSServiceRoleForAWSLicenseManagerMemberAccountRole" + ], + "Sid":"IAMPermissionsForCreatingMemberSLR" + }, + { + "Action":[ + "s3:GetBucketLocation", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-license-manager-service-*" + ], + "Sid":"S3BucketPermissions1" + }, + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"S3BucketPermissions2" + }, + { + "Action":[ + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-license-manager-service-*" + ], + "Sid":"S3ObjectPermissions" + }, + { + "Action":[ + "sns:Publish" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sns:*:*:aws-license-manager-service-*" + ], + "Sid":"SNSAccountPermissions" + }, + { + "Action":[ + "sns:ListTopics" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"SNSTopicPermissions" + }, + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeImages", + "ec2:DescribeHosts" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"EC2Permissions" + }, + { + "Action":[ + "ssm:ListInventoryEntries", + "ssm:GetInventory", + "ssm:CreateAssociation" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"SSMPermissions" + }, + { + "Action":[ + "organizations:ListAWSServiceAccessForOrganization", + "organizations:DescribeOrganization", + "organizations:ListDelegatedAdministrators" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"OrganizationPermissions" + }, + { + "Action":[ + "license-manager:GetServiceSettings", + "license-manager:GetLicense*", + "license-manager:UpdateLicenseSpecificationsForResource", + "license-manager:List*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"LicenseManagerPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-07-30T01:43:19+00:00" + }, + "AWSM2ServicePolicy":{ + "CreateDate":"2022-06-07T20:26:39+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeSubnets", + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:CreateNetworkInterfacePermission", + "ec2:ModifyNetworkInterfaceAttribute" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "elasticfilesystem:DescribeMountTargets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:DeregisterTargets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "fsx:DescribeFileSystems" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":[ + "AWS/M2" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-07T20:26:39+00:00" + }, + "AWSManagedServicesDeploymentToolkitPolicy":{ + "CreateDate":"2022-06-09T18:33:03+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:GetBucketPolicy", + "s3:CreateBucket", + "s3:DeleteBucket", + "s3:DeleteBucketPolicy", + "s3:DeleteObject*", + "s3:ListBucketVersions", + "s3:PutBucketAcl", + "s3:PutBucketLogging", + "s3:PutBucketObjectLockConfiguration", + "s3:PutBucketPolicy", + "s3:PutBucketPublicAccessBlock", + "s3:PutBucketTagging", + "s3:PutBucketVersioning", + "s3:PutEncryptionConfiguration" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::ams-cdktoolkit*" + }, + { + "Action":[ + "cloudformation:CreateChangeSet", + "cloudformation:DeleteStack", + "cloudformation:DescribeChangeSet", + "cloudformation:DescribeStackResources", + "cloudformation:DescribeStacks", + "cloudformation:ExecuteChangeSet", + "cloudformation:GetTemplateSummary", + "cloudformation:UpdateTermination*" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudformation:*:*:stack/ams-cdk-toolkit*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-09T18:33:03+00:00" + }, + "AWSMarketplaceAmiIngestion":{ + "CreateDate":"2020-09-25T20:55:10+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:ModifySnapshotAttribute" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:us-east-1::snapshot/snap-*" + }, + { + "Action":[ + "ec2:DescribeImageAttribute", + "ec2:DescribeImages", + "ec2:DescribeSnapshotAttribute", + "ec2:ModifyImageAttribute" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-09-25T20:55:10+00:00" + }, + "AWSMarketplaceFullAccess":{ + "CreateDate":"2015-02-11T17:21:45+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-marketplace:*", + "cloudformation:CreateStack", + "cloudformation:DescribeStackResource", + "cloudformation:DescribeStackResources", + "cloudformation:DescribeStacks", + "cloudformation:List*", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateSecurityGroup", + "ec2:CreateTags", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DeleteSecurityGroup", + "ec2:DescribeAccountAttributes", + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeKeyPairs", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeTags", + "ec2:DescribeVpcs", + "ec2:RunInstances", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CopyImage", + "ec2:DeregisterImage", + "ec2:DescribeSnapshots", + "ec2:DeleteSnapshot", + "ec2:CreateImage", + "ec2:DescribeInstanceStatus", + "ssm:GetAutomationExecution", + "ssm:ListDocuments", + "ssm:DescribeDocument", + "sns:ListTopics", + "sns:GetTopicAttributes", + "sns:CreateTopic", + "iam:GetRole", + "iam:GetInstanceProfile", + "iam:ListRoles", + "iam:ListInstanceProfiles" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:ListBucket", + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*image-build*" + ] + }, + { + "Action":[ + "sns:Publish", + "sns:setTopicAttributes" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:*image-build*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":[ + "ec2.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ssm:StartAutomationExecution" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:eu-central-1:906690553262:automation-definition/*", + "arn:aws:ssm:us-east-1:058657716661:automation-definition/*", + "arn:aws:ssm:ap-northeast-1:340648487307:automation-definition/*", + "arn:aws:ssm:eu-west-1:564714592864:automation-definition/*", + "arn:aws:ssm:us-west-2:243045473901:automation-definition/*", + "arn:aws:ssm:ap-southeast-2:362149219987:automation-definition/*", + "arn:aws:ssm:eu-west-2:587945719687:automation-definition/*", + "arn:aws:ssm:us-east-2:134937423163:automation-definition/*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:AssociatedResourceARN":[ + "arn:aws:ssm:eu-central-1:906690553262:automation-definition/*", + "arn:aws:ssm:us-east-1:058657716661:automation-definition/*", + "arn:aws:ssm:ap-northeast-1:340648487307:automation-definition/*", + "arn:aws:ssm:eu-west-1:564714592864:automation-definition/*", + "arn:aws:ssm:us-west-2:243045473901:automation-definition/*", + "arn:aws:ssm:ap-southeast-2:362149219987:automation-definition/*", + "arn:aws:ssm:eu-west-2:587945719687:automation-definition/*", + "arn:aws:ssm:us-east-2:134937423163:automation-definition/*" + ], + "iam:PassedToService":[ + "ssm.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-03-04T17:04:00+00:00" + }, + "AWSMarketplaceGetEntitlements":{ + "CreateDate":"2017-03-27T19:37:24+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-marketplace:GetEntitlements" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-03-27T19:37:24+00:00" + }, + "AWSMarketplaceImageBuildFullAccess":{ + "CreateDate":"2018-07-31T23:29:49+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-marketplace:ListBuilds", + "aws-marketplace:StartBuild", + "aws-marketplace:DescribeBuilds" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:TerminateInstances", + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/marketplace-image-build:build-id":"*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "ec2.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/*Automation*", + "arn:aws:iam::*:role/*Instance*" + ] + }, + { + "Action":[ + "ssm:GetAutomationExecution", + "ssm:ListDocuments", + "ssm:DescribeDocument", + "ec2:DeregisterImage", + "ec2:CopyImage", + "ec2:DescribeSnapshots", + "ec2:DescribeSecurityGroups", + "ec2:DescribeImages", + "ec2:DescribeSubnets", + "ec2:DeleteSnapshot", + "ec2:CreateImage", + "ec2:RunInstances", + "ec2:DescribeInstanceStatus", + "sns:GetTopicAttributes", + "iam:GetRole", + "iam:GetInstanceProfile" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetObject", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*image-build*" + ] + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*::image/*", + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":[ + "sns:Publish" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sns:*:*:*image-build*" + ] + }, + { + "Action":[ + "ssm:StartAutomationExecution" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:eu-central-1:906690553262:automation-definition/*", + "arn:aws:ssm:us-east-1:058657716661:automation-definition/*", + "arn:aws:ssm:ap-northeast-1:340648487307:automation-definition/*", + "arn:aws:ssm:eu-west-1:564714592864:automation-definition/*", + "arn:aws:ssm:us-west-2:243045473901:automation-definition/*", + "arn:aws:ssm:ap-southeast-2:362149219987:automation-definition/*", + "arn:aws:ssm:eu-west-2:587945719687:automation-definition/*", + "arn:aws:ssm:us-east-2:134937423163:automation-definition/*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:AssociatedResourceARN":[ + "arn:aws:ssm:eu-central-1:906690553262:automation-definition/*", + "arn:aws:ssm:us-east-1:058657716661:automation-definition/*", + "arn:aws:ssm:ap-northeast-1:340648487307:automation-definition/*", + "arn:aws:ssm:eu-west-1:564714592864:automation-definition/*", + "arn:aws:ssm:us-west-2:243045473901:automation-definition/*", + "arn:aws:ssm:ap-southeast-2:362149219987:automation-definition/*", + "arn:aws:ssm:eu-west-2:587945719687:automation-definition/*", + "arn:aws:ssm:us-east-2:134937423163:automation-definition/*" + ], + "iam:PassedToService":[ + "ssm.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/marketplace-image-build:build-id":"*" + }, + "StringNotEquals":{ + "ec2:CreateAction":"RunInstances" + } + }, + "Effect":"Deny", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-03-04T17:05:09+00:00" + }, + "AWSMarketplaceLicenseManagementServiceRolePolicy":{ + "CreateDate":"2020-12-03T08:33:40+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "organizations:DescribeOrganization", + "license-manager:ListReceivedGrants", + "license-manager:ListDistributedGrants", + "license-manager:GetGrant", + "license-manager:CreateGrant", + "license-manager:CreateGrantVersion", + "license-manager:DeleteGrant", + "license-manager:AcceptGrant" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"AllowLicenseManagerActions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-03T08:33:40+00:00" + }, + "AWSMarketplaceManageSubscriptions":{ + "CreateDate":"2015-02-06T18:40:32+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-marketplace:ViewSubscriptions", + "aws-marketplace:Subscribe", + "aws-marketplace:Unsubscribe" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "aws-marketplace:CreatePrivateMarketplaceRequests", + "aws-marketplace:ListPrivateMarketplaceRequests", + "aws-marketplace:DescribePrivateMarketplaceRequests" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-10-28T21:49:43+00:00" + }, + "AWSMarketplaceMeteringFullAccess":{ + "CreateDate":"2016-03-17T22:39:22+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-marketplace:MeterUsage" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-03-17T22:39:22+00:00" + }, + "AWSMarketplaceMeteringRegisterUsage":{ + "CreateDate":"2019-11-21T01:17:54+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-marketplace:RegisterUsage" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-11-21T01:17:54+00:00" + }, + "AWSMarketplaceProcurementSystemAdminFullAccess":{ + "CreateDate":"2019-06-25T13:07:47+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-marketplace:PutProcurementSystemConfiguration", + "aws-marketplace:DescribeProcurementSystemConfiguration", + "organizations:Describe*", + "organizations:List*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-25T13:07:47+00:00" + }, + "AWSMarketplacePurchaseOrdersServiceRolePolicy":{ + "CreateDate":"2021-10-27T15:12:37+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "purchase-orders:ViewPurchaseOrders", + "purchase-orders:ModifyPurchaseOrders" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"AllowPurchaseOrderActions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-10-27T15:12:37+00:00" + }, + "AWSMarketplaceRead-only":{ + "CreateDate":"2015-02-06T18:40:31+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-marketplace:ViewSubscriptions", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeKeyPairs", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "aws-marketplace:ListBuilds", + "aws-marketplace:DescribeBuilds", + "iam:ListRoles", + "iam:ListInstanceProfiles", + "sns:GetTopicAttributes", + "sns:ListTopics" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "aws-marketplace:ListPrivateMarketplaceRequests", + "aws-marketplace:DescribePrivateMarketplaceRequests" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-10-28T21:51:31+00:00" + }, + "AWSMarketplaceSellerFullAccess":{ + "CreateDate":"2019-07-02T20:40:09+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-marketplace-management:uploadFiles", + "aws-marketplace-management:viewMarketing", + "aws-marketplace-management:viewReports", + "aws-marketplace-management:viewSupport", + "aws-marketplace-management:viewSettings", + "aws-marketplace:ListChangeSets", + "aws-marketplace:DescribeChangeSet", + "aws-marketplace:StartChangeSet", + "aws-marketplace:CancelChangeSet", + "aws-marketplace:ListEntities", + "aws-marketplace:DescribeEntity", + "aws-marketplace:ListTasks", + "aws-marketplace:DescribeTask", + "aws-marketplace:UpdateTask", + "aws-marketplace:CompleteTask", + "ec2:DescribeImages", + "ec2:DescribeSnapshots", + "ec2:ModifyImageAttribute", + "ec2:ModifySnapshotAttribute" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "aws-marketplace:SearchAgreements", + "aws-marketplace:DescribeAgreement", + "aws-marketplace:GetAgreementTerms" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws-marketplace:AgreementType":[ + "PurchaseAgreement" + ] + }, + "StringEquals":{ + "aws-marketplace:PartyType":"Proposer" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"assets.marketplace.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-30T19:26:49+00:00" + }, + "AWSMarketplaceSellerProductsFullAccess":{ + "CreateDate":"2019-07-02T21:06:25+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-marketplace:ListChangeSets", + "aws-marketplace:DescribeChangeSet", + "aws-marketplace:StartChangeSet", + "aws-marketplace:CancelChangeSet", + "aws-marketplace:ListEntities", + "aws-marketplace:DescribeEntity", + "aws-marketplace:ListTasks", + "aws-marketplace:DescribeTask", + "aws-marketplace:UpdateTask", + "aws-marketplace:CompleteTask", + "ec2:DescribeImages", + "ec2:DescribeSnapshots", + "ec2:ModifyImageAttribute", + "ec2:ModifySnapshotAttribute" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"assets.marketplace.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-26T18:50:50+00:00" + }, + "AWSMarketplaceSellerProductsReadOnly":{ + "CreateDate":"2019-07-02T21:40:47+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-marketplace:ListChangeSets", + "aws-marketplace:DescribeChangeSet", + "aws-marketplace:ListEntities", + "aws-marketplace:DescribeEntity", + "aws-marketplace:ListTasks", + "aws-marketplace:DescribeTask", + "ec2:DescribeImages", + "ec2:DescribeSnapshots" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-03-05T23:11:53+00:00" + }, + "AWSMediaTailorServiceRolePolicy":{ + "CreateDate":"2021-09-17T22:27:10+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"logs:PutLogEvents", + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:MediaTailor/*:log-stream:*" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:CreateLogGroup", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:MediaTailor/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-17T22:27:10+00:00" + }, + "AWSMigrationHubDMSAccess":{ + "CreateDate":"2017-08-14T14:00:06+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "mgh:CreateProgressUpdateStream" + ], + "Effect":"Allow", + "Resource":"arn:aws:mgh:*:*:progressUpdateStream/DMS" + }, + { + "Action":[ + "mgh:AssociateCreatedArtifact", + "mgh:DescribeMigrationTask", + "mgh:DisassociateCreatedArtifact", + "mgh:ImportMigrationTask", + "mgh:ListCreatedArtifacts", + "mgh:NotifyMigrationTaskState", + "mgh:PutResourceAttributes", + "mgh:NotifyApplicationState", + "mgh:DescribeApplicationState", + "mgh:AssociateDiscoveredResource", + "mgh:DisassociateDiscoveredResource", + "mgh:ListDiscoveredResources" + ], + "Effect":"Allow", + "Resource":"arn:aws:mgh:*:*:progressUpdateStream/DMS/*" + }, + { + "Action":[ + "mgh:ListMigrationTasks", + "mgh:GetHomeRegion" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-10-07T17:51:53+00:00" + }, + "AWSMigrationHubDiscoveryAccess":{ + "CreateDate":"2017-08-14T13:30:51+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "discovery:ListConfigurations", + "discovery:DescribeConfigurations" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"aws:migrationhub:source-id" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:image/*", + "arn:aws:ec2:*:*:volume/*" + ] + }, + { + "Action":"dms:AddTagsToResource", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"aws:migrationhub:source-id" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:dms:*:*:endpoint:*" + ] + }, + { + "Action":[ + "ec2:DescribeInstanceAttribute" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-06T17:34:42+00:00" + }, + "AWSMigrationHubFullAccess":{ + "CreateDate":"2017-08-14T14:02:54+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "mgh:*", + "discovery:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"continuousexport.discovery.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*" + }, + { + "Action":[ + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "migrationhub.amazonaws.com", + "dmsintegration.migrationhub.amazonaws.com", + "smsintegration.migrationhub.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-19T21:14:41+00:00" + }, + "AWSMigrationHubOrchestratorConsoleFullAccess":{ + "CreateDate":"2022-04-20T02:26:28+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "migrationhub-orchestrator:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*" + }, + { + "Action":[ + "s3:GetObject", + "s3:GetBucketAcl", + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::migrationhub-orchestrator-*", + "arn:aws:s3:::migrationhub-orchestrator-*/*" + ] + }, + { + "Action":[ + "secretsmanager:ListSecrets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "discovery:DescribeConfigurations", + "discovery:ListConfigurations", + "discovery:GetDiscoverySummary" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "mgh:GetHomeRegion" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeInstances" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:ListInstanceProfiles" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"migrationhub-orchestrator.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/migrationhub-orchestrator.amazonaws.com/AWSServiceRoleForMigrationHubOrchestrator*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-20T02:26:28+00:00" + }, + "AWSMigrationHubOrchestratorInstanceRolePolicy":{ + "CreateDate":"2022-04-20T02:43:50+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "secretsmanager:GetSecretValue" + ], + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:migrationhub-orchestrator-*" + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::migrationhub-orchestrator-*", + "arn:aws:s3:::aws-migrationhub-orchestrator-*/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-20T02:43:50+00:00" + }, + "AWSMigrationHubOrchestratorPlugin":{ + "CreateDate":"2022-04-20T02:25:10+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:CreateBucket", + "s3:PutObject", + "s3:GetObject", + "s3:GetBucketAcl" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::migrationhub-orchestrator-*" + }, + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*" + }, + { + "Action":[ + "execute-api:Invoke", + "execute-api:ManageConnections" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:execute-api:*:*:*/prod/*/put-log-data", + "arn:aws:execute-api:*:*:*/prod/*/put-metric-data" + ] + }, + { + "Action":[ + "migrationhub-orchestrator:RegisterPlugin", + "migrationhub-orchestrator:GetMessage", + "migrationhub-orchestrator:SendMessage" + ], + "Effect":"Allow", + "Resource":"arn:aws:migrationhub-orchestrator:*:*:*" + }, + { + "Action":[ + "secretsmanager:GetSecretValue" + ], + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:migrationhub-orchestrator-*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-20T02:25:10+00:00" + }, + "AWSMigrationHubOrchestratorServiceRolePolicy":{ + "CreateDate":"2022-04-20T02:24:04+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "discovery:DescribeConfigurations", + "discovery:ListConfigurations" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "launchwizard:ListProvisionedApps", + "launchwizard:DescribeProvisionedApp" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeInstances" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateLaunchTemplateVersion", + "ec2:ModifyLaunchTemplate" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/AWSApplicationMigrationServiceManaged":"mgn.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "mgh:GetHomeRegion" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssm:SendCommand", + "ssm:GetCommandInvocation", + "ssm:CancelCommand" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*::document/AWS-RunRemoteScript", + "arn:aws:ec2:*:*:instance/*", + "arn:aws:s3:::aws-migrationhub-orchestrator-*", + "arn:aws:s3:::migrationhub-orchestrator-*" + ] + }, + { + "Action":[ + "ssm:DescribeInstanceInformation", + "ssm:GetCommandInvocation" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::migrationhub-orchestrator-*", + "arn:aws:s3:::migrationhub-orchestrator-*/*" + ] + }, + { + "Action":[ + "events:PutTargets", + "events:DescribeRule", + "events:DeleteRule", + "events:PutRule" + ], + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/MigrationHubOrchestratorManagedRule*" + }, + { + "Action":[ + "mgn:GetReplicationConfiguration", + "mgn:GetLaunchConfiguration", + "mgn:StartCutover", + "mgn:FinalizeCutover", + "mgn:StartTest", + "mgn:UpdateReplicationConfiguration", + "mgn:DescribeSourceServers", + "mgn:MarkAsArchived", + "mgn:ChangeServerLifeCycleState" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-20T02:24:04+00:00" + }, + "AWSMigrationHubRefactorSpacesFullAccess":{ + "CreateDate":"2021-11-29T07:12:55+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "refactor-spaces:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"RefactorSpaces" + }, + { + "Action":[ + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcEndpointServiceConfigurations", + "ec2:DescribeVpcs", + "ec2:DescribeTransitGatewayVpcAttachments", + "ec2:DescribeTransitGateways", + "ec2:DescribeTags", + "ec2:DescribeTransitGateways", + "ec2:DescribeAccountAttributes", + "ec2:DescribeInternetGateways" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateTransitGateway", + "ec2:CreateSecurityGroup", + "ec2:CreateTransitGatewayVpcAttachment" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/refactor-spaces:environment-id":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateTransitGateway", + "ec2:CreateSecurityGroup", + "ec2:CreateTransitGatewayVpcAttachment" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/refactor-spaces:environment-id":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateVpcEndpointServiceConfiguration" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DeleteTransitGateway", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup", + "ec2:DeleteTransitGatewayVpcAttachment", + "ec2:CreateRoute", + "ec2:DeleteRoute", + "ec2:DeleteTags" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/refactor-spaces:environment-id":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:DeleteVpcEndpointServiceConfigurations", + "Condition":{ + "Null":{ + "aws:ResourceTag/refactor-spaces:application-id":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "elasticloadbalancing:CreateLoadBalancer" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/refactor-spaces:application-id":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeListeners" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:CreateLoadBalancerListeners", + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:DeleteTargetGroup" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/refactor-spaces:route-id":[ + "*" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"elasticloadbalancing:DeleteLoadBalancer", + "Effect":"Allow", + "Resource":"arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*" + }, + { + "Action":[ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:CreateListener" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/refactor-spaces:route-id":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*" + }, + { + "Action":"elasticloadbalancing:DeleteListener", + "Effect":"Allow", + "Resource":"arn:*:elasticloadbalancing:*:*:listener/net/refactor-spaces-nlb-*" + }, + { + "Action":[ + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:RegisterTargets" + ], + "Effect":"Allow", + "Resource":"arn:*:elasticloadbalancing:*:*:targetgroup/refactor-spaces-tg-*" + }, + { + "Action":[ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:CreateTargetGroup" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/refactor-spaces:route-id":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:*:elasticloadbalancing:*:*:targetgroup/refactor-spaces-tg-*" + }, + { + "Action":[ + "apigateway:GET", + "apigateway:DELETE", + "apigateway:PATCH", + "apigateway:POST", + "apigateway:PUT", + "apigateway:UpdateRestApiPolicy" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/refactor-spaces:application-id":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:apigateway:*::/restapis", + "arn:aws:apigateway:*::/restapis/*", + "arn:aws:apigateway:*::/vpclinks", + "arn:aws:apigateway:*::/vpclinks/*", + "arn:aws:apigateway:*::/tags", + "arn:aws:apigateway:*::/tags/*" + ] + }, + { + "Action":"apigateway:GET", + "Effect":"Allow", + "Resource":[ + "arn:aws:apigateway:*::/vpclinks", + "arn:aws:apigateway:*::/vpclinks/*" + ] + }, + { + "Action":[ + "organizations:DescribeOrganization" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudformation:CreateStack" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"refactor-spaces.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"elasticloadbalancing.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-03-21T17:41:49+00:00" + }, + "AWSMigrationHubRefactorSpacesServiceRolePolicy":{ + "CreateDate":"2021-11-29T06:50:15+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRouteTables", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeVpcEndpointServiceConfigurations", + "ec2:DescribeTransitGatewayVpcAttachments", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeTargetGroups", + "ram:GetResourceShareAssociations" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteSecurityGroup", + "ec2:DeleteTransitGatewayVpcAttachment", + "ec2:CreateRoute", + "ec2:DeleteRoute", + "ec2:DeleteTags", + "ram:DeleteResourceShare", + "ram:AssociateResourceShare", + "ram:DisassociateResourceShare" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/refactor-spaces:environment-id":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:DeleteVpcEndpointServiceConfigurations", + "Condition":{ + "Null":{ + "aws:ResourceTag/refactor-spaces:application-id":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:CreateLoadBalancerListeners", + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:DeleteTargetGroup" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/refactor-spaces:route-id":[ + "*" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "apigateway:PUT", + "apigateway:POST", + "apigateway:GET", + "apigateway:PATCH", + "apigateway:DELETE" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/refactor-spaces:application-id":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:apigateway:*::/restapis", + "arn:aws:apigateway:*::/restapis/*", + "arn:aws:apigateway:*::/vpclinks/*", + "arn:aws:apigateway:*::/tags", + "arn:aws:apigateway:*::/tags/*" + ] + }, + { + "Action":"apigateway:GET", + "Effect":"Allow", + "Resource":"arn:aws:apigateway:*::/vpclinks/*" + }, + { + "Action":"elasticloadbalancing:DeleteLoadBalancer", + "Effect":"Allow", + "Resource":"arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*" + }, + { + "Action":[ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:CreateListener" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/refactor-spaces:route-id":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:*:elasticloadbalancing:*:*:loadbalancer/net/refactor-spaces-nlb-*" + }, + { + "Action":"elasticloadbalancing:DeleteListener", + "Effect":"Allow", + "Resource":"arn:*:elasticloadbalancing:*:*:listener/net/refactor-spaces-nlb-*" + }, + { + "Action":[ + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:RegisterTargets" + ], + "Effect":"Allow", + "Resource":"arn:*:elasticloadbalancing:*:*:targetgroup/refactor-spaces-tg-*" + }, + { + "Action":[ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:CreateTargetGroup" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/refactor-spaces:route-id":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:*:elasticloadbalancing:*:*:targetgroup/refactor-spaces-tg-*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-29T06:50:15+00:00" + }, + "AWSMigrationHubSMSAccess":{ + "CreateDate":"2017-08-14T13:57:54+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "mgh:CreateProgressUpdateStream" + ], + "Effect":"Allow", + "Resource":"arn:aws:mgh:*:*:progressUpdateStream/SMS" + }, + { + "Action":[ + "mgh:AssociateCreatedArtifact", + "mgh:DescribeMigrationTask", + "mgh:DisassociateCreatedArtifact", + "mgh:ImportMigrationTask", + "mgh:ListCreatedArtifacts", + "mgh:NotifyMigrationTaskState", + "mgh:PutResourceAttributes", + "mgh:NotifyApplicationState", + "mgh:DescribeApplicationState", + "mgh:AssociateDiscoveredResource", + "mgh:DisassociateDiscoveredResource", + "mgh:ListDiscoveredResources" + ], + "Effect":"Allow", + "Resource":"arn:aws:mgh:*:*:progressUpdateStream/SMS/*" + }, + { + "Action":[ + "mgh:ListMigrationTasks", + "mgh:GetHomeRegion" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-10-07T18:01:22+00:00" + }, + "AWSMigrationHubStrategyCollector":{ + "CreateDate":"2021-10-19T20:15:15+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:PutObject", + "s3:GetBucketAcl" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::migrationhub-strategy-*" + }, + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*" + }, + { + "Action":[ + "execute-api:Invoke", + "execute-api:ManageConnections" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:execute-api:*:*:*/prod/*/put-log-data", + "arn:aws:execute-api:*:*:*/prod/*/put-metric-data" + ] + }, + { + "Action":[ + "migrationhub-strategy:RegisterCollector", + "migrationhub-strategy:GetAntiPattern", + "migrationhub-strategy:GetMessage", + "migrationhub-strategy:SendMessage", + "migrationhub-strategy:ListAntiPatterns", + "migrationhub-strategy:ListJarArtifacts" + ], + "Effect":"Allow", + "Resource":"arn:aws:migrationhub-strategy:*:*:*" + }, + { + "Action":[ + "secretsmanager:GetSecretValue" + ], + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:migrationhub-strategy-*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-10-19T20:15:15+00:00" + }, + "AWSMigrationHubStrategyConsoleFullAccess":{ + "CreateDate":"2021-10-19T20:13:26+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "migrationhub-strategy:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*" + }, + { + "Action":[ + "s3:GetObject", + "s3:CreateBucket", + "s3:PutEncryptionConfiguration", + "s3:PutBucketPublicAccessBlock", + "s3:PutBucketPolicy", + "s3:PutBucketVersioning", + "s3:PutLifecycleConfiguration" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::migrationhub-strategy-*" + }, + { + "Action":[ + "secretsmanager:ListSecrets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "discovery:GetDiscoverySummary" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"migrationhub-strategy.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/migrationhub-strategy.amazonaws.com/AWSMigrationHubStrategyServiceRolePolicy*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-10-19T20:13:26+00:00" + }, + "AWSMigrationHubStrategyServiceRolePolicy":{ + "CreateDate":"2021-10-19T20:02:37+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "discovery:ListConfigurations", + "discovery:DescribeConfigurations", + "mgh:GetHomeRegion" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"permissionsForAds" + }, + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*" + }, + { + "Action":[ + "s3:GetBucketAcl", + "s3:GetBucketLocation", + "s3:GetObject", + "s3:ListBucket", + "s3:PutObject", + "s3:PutObjectAcl" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::migrationhub-strategy-*", + "Sid":"permissionsForS3" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-10-19T20:02:37+00:00" + }, + "AWSMobileHub_FullAccess":{ + "CreateDate":"2016-01-05T19:56:01+00:00", + "DefaultVersionId":"v14", + "Document":{ + "Statement":[ + { + "Action":[ + "apigateway:GET", + "apigateway:POST", + "cloudfront:GetDistribution", + "devicefarm:CreateProject", + "devicefarm:ListJobs", + "devicefarm:ListRuns", + "devicefarm:GetProject", + "devicefarm:GetRun", + "devicefarm:ListArtifacts", + "devicefarm:ListProjects", + "devicefarm:ScheduleRun", + "dynamodb:DescribeTable", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "iam:ListSAMLProviders", + "lambda:ListFunctions", + "sns:ListTopics", + "lex:GetIntent", + "lex:GetIntents", + "lex:GetSlotType", + "lex:GetSlotTypes", + "lex:GetBot", + "lex:GetBots", + "lex:GetBotAlias", + "lex:GetBotAliases", + "mobilehub:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*/aws-my-sample-app*.zip" + }, + { + "Action":[ + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*-mobilehub-*/*" + }, + { + "Action":[ + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*-mobilehub-*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-12-19T23:15:52+00:00" + }, + "AWSMobileHub_ReadOnly":{ + "CreateDate":"2016-01-05T19:55:48+00:00", + "DefaultVersionId":"v10", + "Document":{ + "Statement":[ + { + "Action":[ + "dynamodb:DescribeTable", + "iam:ListSAMLProviders", + "lambda:ListFunctions", + "sns:ListTopics", + "lex:GetIntent", + "lex:GetIntents", + "lex:GetSlotType", + "lex:GetSlotTypes", + "lex:GetBot", + "lex:GetBots", + "lex:GetBotAlias", + "lex:GetBotAliases", + "mobilehub:ExportProject", + "mobilehub:GenerateProjectParameters", + "mobilehub:GetProject", + "mobilehub:SynchronizeProject", + "mobilehub:GetProjectSnapshot", + "mobilehub:ListProjectSnapshots", + "mobilehub:ListAvailableConnectors", + "mobilehub:ListAvailableFeatures", + "mobilehub:ListAvailableRegions", + "mobilehub:ListProjects", + "mobilehub:ValidateProject", + "mobilehub:VerifyServiceRole", + "mobilehub:DescribeBundle", + "mobilehub:ExportBundle", + "mobilehub:ListBundles" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*/aws-my-sample-app*.zip" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-07-23T21:59:05+00:00" + }, + "AWSNetworkFirewallServiceRolePolicy":{ + "CreateDate":"2020-11-17T17:17:26+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:CreateVpcEndpoint", + "ec2:DescribeVpcEndpoints" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/AWSNetworkFirewallManaged":"true", + "ec2:CreateAction":"CreateVpcEndpoint" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*" + }, + { + "Action":[ + "ec2:DeleteVpcEndpoints" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/AWSNetworkFirewallManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-11-17T17:17:26+00:00" + }, + "AWSNetworkManagerFullAccess":{ + "CreateDate":"2019-12-03T17:37:58+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"networkmanager:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "networkmanager.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-12-03T17:37:58+00:00" + }, + "AWSNetworkManagerReadOnlyAccess":{ + "CreateDate":"2019-12-03T17:35:05+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "networkmanager:Describe*", + "networkmanager:Get*", + "networkmanager:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-12-03T17:35:05+00:00" + }, + "AWSNetworkManagerServiceRolePolicy":{ + "CreateDate":"2019-12-03T14:03:35+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "directconnect:DescribeDirectConnectGateways", + "directconnect:DescribeConnections", + "directconnect:DescribeDirectConnectGatewayAttachments", + "directconnect:DescribeLocations", + "directconnect:DescribeVirtualInterfaces", + "ec2:DescribeCustomerGateways", + "ec2:DescribeTransitGatewayAttachments", + "ec2:DescribeTransitGatewayRouteTables", + "ec2:DescribeTransitGateways", + "ec2:DescribeVpnConnections", + "ec2:DescribeVpcs", + "ec2:GetTransitGatewayRouteTableAssociations", + "ec2:SearchTransitGatewayRoutes", + "ec2:DescribeTransitGatewayPeeringAttachments", + "ec2:DescribeTransitGatewayConnects", + "ec2:DescribeTransitGatewayConnectPeers", + "ec2:DescribeRegions", + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:ListAccounts", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListDelegatedAdministrators" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-24T14:42:03+00:00" + }, + "AWSOpsWorksCMInstanceProfileRole":{ + "CreateDate":"2016-11-24T09:48:22+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:DescribeStackResource", + "cloudformation:SignalResource" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "s3:AbortMultipartUpload", + "s3:DeleteObject", + "s3:GetObject", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:ListMultipartUploadParts", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::aws-opsworks-cm-*" + }, + { + "Action":"acm:GetCertificate", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"secretsmanager:GetSecretValue", + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:opsworks-cm!aws-opsworks-cm-secrets-*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-04-23T17:34:03+00:00" + }, + "AWSOpsWorksCMServiceRole":{ + "CreateDate":"2016-11-24T09:49:46+00:00", + "DefaultVersionId":"v14", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:CreateBucket", + "s3:DeleteObject", + "s3:DeleteBucket", + "s3:GetObject", + "s3:ListBucket", + "s3:PutBucketPolicy", + "s3:PutObject", + "s3:GetBucketTagging", + "s3:PutBucketTagging" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-opsworks-cm-*" + ] + }, + { + "Action":[ + "tag:UntagResources", + "tag:TagResources" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ssm:DescribeInstanceInformation", + "ssm:GetCommandInvocation", + "ssm:ListCommandInvocations", + "ssm:ListCommands" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ssm:SendCommand" + ], + "Condition":{ + "StringLike":{ + "ssm:resourceTag/aws:cloudformation:stack-name":"aws-opsworks-cm-*" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ssm:SendCommand" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*::document/*", + "arn:aws:s3:::aws-opsworks-cm-*" + ] + }, + { + "Action":[ + "ec2:AllocateAddress", + "ec2:AssociateAddress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateImage", + "ec2:CreateSecurityGroup", + "ec2:CreateSnapshot", + "ec2:CreateTags", + "ec2:DeleteSecurityGroup", + "ec2:DeleteSnapshot", + "ec2:DeregisterImage", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeImages", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstances", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSnapshots", + "ec2:DescribeSubnets", + "ec2:DisassociateAddress", + "ec2:ReleaseAddress", + "ec2:RunInstances", + "ec2:StopInstances" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ec2:TerminateInstances", + "ec2:RebootInstances" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/aws:cloudformation:stack-name":"aws-opsworks-cm-*" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "opsworks-cm:DeleteServer", + "opsworks-cm:StartMaintenance" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:opsworks-cm:*:*:server/*" + ] + }, + { + "Action":[ + "cloudformation:CreateStack", + "cloudformation:DeleteStack", + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStackResources", + "cloudformation:DescribeStacks", + "cloudformation:UpdateStack" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/aws-opsworks-cm-*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-opsworks-cm-*", + "arn:aws:iam::*:role/service-role/aws-opsworks-cm-*" + ] + }, + { + "Action":[ + "acm:DeleteCertificate", + "acm:ImportCertificate" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "secretsmanager:CreateSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:UpdateSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:TagResource", + "secretsmanager:UntagResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:opsworks-cm!aws-opsworks-cm-secrets-*" + }, + { + "Action":"ec2:DeleteTags", + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:elastic-ip/*", + "arn:aws:ec2:*:*:security-group/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-04-23T17:32:13+00:00" + }, + "AWSOpsWorksCloudWatchLogs":{ + "CreateDate":"2017-03-30T17:47:19+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-03-30T17:47:19+00:00" + }, + "AWSOpsWorksInstanceRegistration":{ + "CreateDate":"2016-06-03T14:23:15+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "opsworks:DescribeStackProvisioningParameters", + "opsworks:DescribeStacks", + "opsworks:RegisterInstance" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-06-03T14:23:15+00:00" + }, + "AWSOpsWorksRegisterCLI_EC2":{ + "CreateDate":"2019-06-18T15:56:17+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "opsworks:AssignInstance", + "opsworks:CreateLayer", + "opsworks:DeregisterInstance", + "opsworks:DescribeInstances", + "opsworks:DescribeStackProvisioningParameters", + "opsworks:DescribeStacks", + "opsworks:UnassignInstance" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ec2:DescribeInstances" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-18T15:56:17+00:00" + }, + "AWSOpsWorksRegisterCLI_OnPremises":{ + "CreateDate":"2019-06-18T15:33:16+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "opsworks:AssignInstance", + "opsworks:CreateLayer", + "opsworks:DeregisterInstance", + "opsworks:DescribeInstances", + "opsworks:DescribeStackProvisioningParameters", + "opsworks:DescribeStacks", + "opsworks:UnassignInstance" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ec2:DescribeInstances" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "iam:CreateGroup", + "iam:AddUserToGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:group/AWS/OpsWorks/OpsWorks-*" + ] + }, + { + "Action":[ + "iam:CreateUser", + "iam:CreateAccessKey" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:user/AWS/OpsWorks/OpsWorks-*" + ] + }, + { + "Action":[ + "iam:AttachUserPolicy" + ], + "Condition":{ + "ArnEquals":{ + "iam:PolicyARN":"arn:aws:iam::aws:policy/AWSOpsWorksInstanceRegistration" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:user/AWS/OpsWorks/OpsWorks-*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-18T15:33:16+00:00" + }, + "AWSOpsWorks_FullAccess":{ + "CreateDate":"2021-01-22T16:29:08+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:GetMetricStatistics", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInstances", + "ec2:DescribeKeyPairs", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "elasticloadbalancing:DescribeInstanceHealth", + "elasticloadbalancing:DescribeLoadBalancers", + "iam:GetRolePolicy", + "iam:ListInstanceProfiles", + "iam:ListRoles", + "iam:ListUsers", + "opsworks:*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"opsworks.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-01-22T16:29:08+00:00" + }, + "AWSOrganizationsFullAccess":{ + "CreateDate":"2018-11-06T20:31:57+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":"organizations:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "account:PutAlternateContact", + "account:DeleteAlternateContact", + "account:GetAlternateContact" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-02-07T18:26:04+00:00" + }, + "AWSOrganizationsReadOnlyAccess":{ + "CreateDate":"2018-11-06T20:32:38+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "organizations:Describe*", + "organizations:List*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "account:GetAlternateContact" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-02-07T18:17:19+00:00" + }, + "AWSOrganizationsServiceTrustPolicy":{ + "CreateDate":"2017-10-10T23:04:07+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:DeleteRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/organizations.amazonaws.com/*" + ], + "Sid":"AllowDeletionOfServiceLinkedRoleForOrganizations" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowCreationOfServiceLinkedRoles" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-11-01T06:01:18+00:00" + }, + "AWSOutpostsServiceRolePolicy":{ + "CreateDate":"2020-11-09T22:55:56+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-11-09T22:55:56+00:00" + }, + "AWSPanoramaApplianceRolePolicy":{ + "CreateDate":"2020-12-01T13:13:18+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogStream", + "logs:DescribeLogStreams", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/panorama_device*:log-stream:*", + "Sid":"PanoramaDeviceCreateLogStream" + }, + { + "Action":"logs:CreateLogGroup", + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/panorama_device*", + "Sid":"PanoramaDeviceCreateLogGroup" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-01T13:13:18+00:00" + }, + "AWSPanoramaApplianceServiceRolePolicy":{ + "CreateDate":"2021-10-20T12:14:03+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogStream", + "logs:DescribeLogStreams", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/panorama_device*:log-stream:*", + "arn:aws:logs:*:*:log-group:/aws/panorama/devices/*" + ], + "Sid":"PanoramaDeviceCreateLogStream" + }, + { + "Action":"logs:CreateLogGroup", + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/panorama_device*", + "arn:aws:logs:*:*:log-group:/aws/panorama/devices/*" + ], + "Sid":"PanoramaDeviceCreateLogGroup" + }, + { + "Action":"cloudwatch:PutMetricData", + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"PanoramaDeviceMetrics" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"PanoramaDevicePutMetric" + }, + { + "Action":[ + "s3:GetObject", + "s3:ListBucket" + ], + "Condition":{ + "StringLike":{ + "s3:DataAccessPointArn":"arn:aws:s3:*:*:accesspoint/panorama*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"PanoramaDeviceS3Access" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-10-20T12:14:03+00:00" + }, + "AWSPanoramaFullAccess":{ + "CreateDate":"2020-12-01T13:12:47+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "panorama:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:PutObject", + "s3:PutObjectAcl", + "s3:DeleteObject", + "s3:GetObject", + "s3:ListBucket" + ], + "Condition":{ + "StringLike":{ + "s3:DataAccessPointArn":"arn:aws:s3:*:*:accesspoint/panorama*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "secretsmanager:GetSecretValue", + "secretsmanager:DescribeSecret", + "secretsmanager:ListSecretVersionIds", + "secretsmanager:PutSecretValue", + "secretsmanager:UpdateSecret" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:secretsmanager:*:*:secret:panorama*", + "arn:aws:secretsmanager:*:*:secret:Panorama*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"panorama.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:Describe*", + "logs:Get*", + "logs:List*", + "logs:StartQuery", + "logs:StopQuery", + "logs:TestMetricFilter", + "logs:FilterLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/panorama_device*:log-stream:*", + "arn:aws:logs:*:*:log-group:/aws/panorama/devices/*" + ] + }, + { + "Action":[ + "logs:DescribeLogGroups" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:*" + ] + }, + { + "Action":[ + "cloudwatch:ListMetrics", + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:ListRoles", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"panorama.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-01-12T21:21:04+00:00" + }, + "AWSPanoramaGreengrassGroupRolePolicy":{ + "CreateDate":"2020-12-01T13:10:22+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:ListBucket", + "s3:GetBucket*", + "s3:GetObject", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*aws-panorama*" + ], + "Sid":"PanoramaS3Access" + }, + { + "Action":"cloudwatch:PutDashboard", + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudwatch::*:dashboard/panorama*" + ], + "Sid":"PanoramaCLoudWatchPutDashboard" + }, + { + "Action":"cloudwatch:PutMetricData", + "Effect":"Allow", + "Resource":"*", + "Sid":"PanoramaCloudWatchPutMetricData" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:DescribeLogStreams", + "logs:PutLogEvents", + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/greengrass/*", + "Sid":"PanoramaGreenGrassCloudWatchAccess" + }, + { + "Action":[ + "panorama:*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"PanoramaAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-01-06T19:30:35+00:00" + }, + "AWSPanoramaSageMakerRolePolicy":{ + "CreateDate":"2020-12-01T13:13:54+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:GetObject", + "s3:PutObject", + "s3:GetBucket*" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*aws-panorama*" + ], + "Sid":"PanoramaSageMakerS3Access" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-01T13:13:54+00:00" + }, + "AWSPanoramaServiceLinkedRolePolicy":{ + "CreateDate":"2021-10-20T12:12:50+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iot:CreateThing", + "iot:DeleteThing", + "iot:DeleteThingShadow", + "iot:DescribeThing", + "iot:GetThingShadow", + "iot:UpdateThing", + "iot:UpdateThingShadow" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iot:*:*:thing/panorama*" + ], + "Sid":"PanoramaIoTThingAccess" + }, + { + "Action":[ + "iot:AttachThingPrincipal", + "iot:DetachThingPrincipal", + "iot:UpdateCertificate", + "iot:DeleteCertificate", + "iot:AttachPrincipalPolicy", + "iot:DetachPrincipalPolicy" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iot:*:*:thing/panorama*", + "arn:aws:iot:*:*:cert/*" + ], + "Sid":"PanoramaIoTCertificateAccess" + }, + { + "Action":[ + "iot:CreateKeysAndCertificate" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"PanoramaIoTCreateCertificateAccess" + }, + { + "Action":[ + "iot:CreatePolicy", + "iot:CreatePolicyVersion", + "iot:AttachPolicy" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iot:*:*:policy/panorama*" + ], + "Sid":"PanoramaIoTCreatePolicyAndVersionAccess" + }, + { + "Action":[ + "iot:DescribeJobExecution", + "iot:CreateJob", + "iot:DeleteJob" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iot:*:*:job/panorama*", + "arn:aws:iot:*:*:thing/panorama*" + ], + "Sid":"PanoramaIoTJobAccess" + }, + { + "Action":[ + "iot:DescribeEndpoint" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"PanoramaIoTEndpointAccess" + }, + { + "Action":[ + "panorama:Describe*", + "panorama:List*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"PanoramaReadOnlyAccess" + }, + { + "Action":[ + "secretsmanager:GetSecretValue", + "secretsmanager:DescribeSecret", + "secretsmanager:CreateSecret", + "secretsmanager:ListSecretVersionIds", + "secretsmanager:DeleteSecret" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:secretsmanager:*:*:secret:panorama*", + "arn:aws:secretsmanager:*:*:secret:Panorama*" + ], + "Sid":"SecretsManagerPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-10-20T12:12:50+00:00" + }, + "AWSPanoramaServiceRolePolicy":{ + "CreateDate":"2020-12-01T13:14:43+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iot:CreateThing", + "iot:DeleteThing", + "iot:DeleteThingShadow", + "iot:DescribeThing", + "iot:GetThingShadow", + "iot:UpdateThing", + "iot:UpdateThingShadow" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iot:*:*:thing/panorama*" + ], + "Sid":"PanoramaIoTThingAccess" + }, + { + "Action":[ + "iot:AttachThingPrincipal", + "iot:DetachThingPrincipal", + "iot:UpdateCertificate", + "iot:DeleteCertificate", + "iot:AttachPrincipalPolicy", + "iot:DetachPrincipalPolicy" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iot:*:*:thing/panorama*", + "arn:aws:iot:*:*:cert/*" + ], + "Sid":"PanoramaIoTCertificateAccess" + }, + { + "Action":[ + "iot:CreateKeysAndCertificate", + "iot:CreatePolicy" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"PanoramaIoTCreateCertificateAndPolicyAccess" + }, + { + "Action":[ + "iot:CreatePolicyVersion" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iot:*:*:policy/panorama*" + ], + "Sid":"PanoramaIoTCreatePolicyVersionAccess" + }, + { + "Action":[ + "iot:DescribeJobExecution", + "iot:CreateJob", + "iot:DeleteJob" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iot:*:*:job/panorama*", + "arn:aws:iot:*:*:thing/panorama*" + ], + "Sid":"PanoramaIoTJobAccess" + }, + { + "Action":[ + "iot:DescribeEndpoint" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"PanoramaIoTEndpointAccess" + }, + { + "Action":[ + "panorama:Describe*", + "panorama:List*", + "panorama:Get*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"PanoramaAccess" + }, + { + "Action":[ + "s3:GetObject", + "s3:PutObject", + "s3:DeleteObject", + "s3:DeleteBucket", + "s3:ListBucket", + "s3:GetBucket*", + "s3:CreateBucket" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*aws-panorama*" + ], + "Sid":"PanoramaS3Access" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "sagemaker.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/AWSPanoramaSageMakerRole", + "arn:aws:iam::*:role/service-role/AWSPanoramaSageMakerRole" + ], + "Sid":"PanoramaIAMPassSageMakerRoleAccess" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "greengrass.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/AWSPanoramaGreengrassGroupRole", + "arn:aws:iam::*:role/service-role/AWSPanoramaGreengrassGroupRole", + "arn:aws:iam::*:role/AWSPanoramaGreengrassRole", + "arn:aws:iam::*:role/service-role/AWSPanoramaGreengrassRole" + ], + "Sid":"PanoramaIAMPassGreengrassRoleAccess" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEqualsIfExists":{ + "iam:PassedToService":"iot.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/AWSPanoramaApplianceRole", + "arn:aws:iam::*:role/service-role/AWSPanoramaApplianceRole" + ], + "Sid":"PanoramaIAMPassIoTRoleAccess" + }, + { + "Action":[ + "greengrass:AssociateRoleToGroup", + "greengrass:AssociateServiceRoleToAccount", + "greengrass:CreateResourceDefinition", + "greengrass:CreateResourceDefinitionVersion", + "greengrass:CreateCoreDefinition", + "greengrass:CreateCoreDefinitionVersion", + "greengrass:CreateDeployment", + "greengrass:CreateFunctionDefinition", + "greengrass:CreateFunctionDefinitionVersion", + "greengrass:CreateGroup", + "greengrass:CreateGroupCertificateAuthority", + "greengrass:CreateGroupVersion", + "greengrass:CreateLoggerDefinition", + "greengrass:CreateLoggerDefinitionVersion", + "greengrass:CreateSubscriptionDefinition", + "greengrass:CreateSubscriptionDefinitionVersion", + "greengrass:DeleteCoreDefinition", + "greengrass:DeleteFunctionDefinition", + "greengrass:DeleteResourceDefinition", + "greengrass:DeleteGroup", + "greengrass:DeleteLoggerDefinition", + "greengrass:DeleteSubscriptionDefinition", + "greengrass:DisassociateRoleFromGroup", + "greengrass:DisassociateServiceRoleFromAccount", + "greengrass:GetAssociatedRole", + "greengrass:GetConnectivityInfo", + "greengrass:GetCoreDefinition", + "greengrass:GetCoreDefinitionVersion", + "greengrass:GetDeploymentStatus", + "greengrass:GetDeviceDefinition", + "greengrass:GetDeviceDefinitionVersion", + "greengrass:GetFunctionDefinition", + "greengrass:GetFunctionDefinitionVersion", + "greengrass:GetGroup", + "greengrass:GetGroupCertificateAuthority", + "greengrass:GetGroupCertificateConfiguration", + "greengrass:GetGroupVersion", + "greengrass:GetLoggerDefinition", + "greengrass:GetLoggerDefinitionVersion", + "greengrass:GetResourceDefinition", + "greengrass:GetServiceRoleForAccount", + "greengrass:GetSubscriptionDefinition", + "greengrass:GetSubscriptionDefinitionVersion", + "greengrass:ListCoreDefinitionVersions", + "greengrass:ListCoreDefinitions", + "greengrass:ListDeployments", + "greengrass:ListDeviceDefinitionVersions", + "greengrass:ListDeviceDefinitions", + "greengrass:ListFunctionDefinitionVersions", + "greengrass:ListFunctionDefinitions", + "greengrass:ListGroupCertificateAuthorities", + "greengrass:ListGroupVersions", + "greengrass:ListGroups", + "greengrass:ListLoggerDefinitionVersions", + "greengrass:ListLoggerDefinitions", + "greengrass:ListSubscriptionDefinitionVersions", + "greengrass:ListSubscriptionDefinitions", + "greengrass:ResetDeployments", + "greengrass:UpdateConnectivityInfo", + "greengrass:UpdateCoreDefinition", + "greengrass:UpdateDeviceDefinition", + "greengrass:UpdateFunctionDefinition", + "greengrass:UpdateGroup", + "greengrass:UpdateGroupCertificateConfiguration", + "greengrass:UpdateLoggerDefinition", + "greengrass:UpdateSubscriptionDefinition", + "greengrass:UpdateResourceDefinition" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"PanoramaGreenGrassAccess" + }, + { + "Action":[ + "lambda:GetFunction", + "lambda:GetFunctionConfiguration", + "lambda:ListFunctions", + "lambda:ListVersionsByFunction" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:function:*" + ], + "Sid":"PanoramaLambdaUsersFunctionAccess" + }, + { + "Action":[ + "sagemaker:CreateTrainingJob", + "sagemaker:StopTrainingJob", + "sagemaker:CreateCompilationJob", + "sagemaker:DescribeCompilationJob", + "sagemaker:StopCompilationJob" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sagemaker:*:*:training-job/panorama*", + "arn:aws:sagemaker:*:*:compilation-job/panorama*" + ], + "Sid":"PanoramaSageMakerWriteAccess" + }, + { + "Action":[ + "sagemaker:ListCompilationJobs" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"PanoramaSageMakerListAccess" + }, + { + "Action":[ + "sagemaker:DescribeTrainingJob" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sagemaker:*:*:training-job/*" + ], + "Sid":"PanoramaSageMakerReadAccess" + }, + { + "Action":[ + "iot:AttachPolicy", + "iot:CreateRoleAlias" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iot:*:*:policy/panorama*", + "arn:aws:iot:*:*:rolealias/panorama*" + ], + "Sid":"PanoramaCWLogsAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-01T13:14:43+00:00" + }, + "AWSPriceListServiceFullAccess":{ + "CreateDate":"2017-11-22T00:36:27+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "pricing:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-11-22T00:36:27+00:00" + }, + "AWSPrivateMarketplaceAdminFullAccess":{ + "CreateDate":"2018-11-27T16:32:32+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-marketplace:AssociateProductsWithPrivateMarketplace", + "aws-marketplace:DisassociateProductsFromPrivateMarketplace", + "aws-marketplace:ListPrivateMarketplaceRequests", + "aws-marketplace:DescribePrivateMarketplaceRequests" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "aws-marketplace:ListEntities", + "aws-marketplace:DescribeEntity", + "aws-marketplace:StartChangeSet", + "aws-marketplace:ListChangeSets", + "aws-marketplace:DescribeChangeSet", + "aws-marketplace:CancelChangeSet" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-27T15:34:07+00:00" + }, + "AWSPrivateMarketplaceRequests":{ + "CreateDate":"2019-10-28T21:44:03+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-marketplace:CreatePrivateMarketplaceRequests", + "aws-marketplace:ListPrivateMarketplaceRequests", + "aws-marketplace:DescribePrivateMarketplaceRequests" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-10-28T21:44:03+00:00" + }, + "AWSPrivateNetworksServiceRolePolicy":{ + "CreateDate":"2021-12-16T23:17:46+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/Private5G" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-12-16T23:17:46+00:00" + }, + "AWSProtonDeveloperAccess":{ + "CreateDate":"2021-02-17T19:02:08+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "codecommit:ListRepositories", + "codepipeline:GetPipeline", + "codepipeline:GetPipelineExecution", + "codepipeline:GetPipelineState", + "codepipeline:ListPipelineExecutions", + "codepipeline:ListPipelines", + "codestar-connections:ListConnections", + "codestar-connections:UseConnection", + "proton:CancelServiceInstanceDeployment", + "proton:CancelServicePipelineDeployment", + "proton:CreateService", + "proton:DeleteService", + "proton:GetAccountRoles", + "proton:GetAccountSettings", + "proton:GetEnvironment", + "proton:GetEnvironmentAccountConnection", + "proton:GetEnvironmentTemplate", + "proton:GetEnvironmentTemplateMajorVersion", + "proton:GetEnvironmentTemplateMinorVersion", + "proton:GetEnvironmentTemplateVersion", + "proton:GetRepository", + "proton:GetRepositorySyncStatus", + "proton:GetService", + "proton:GetServiceInstance", + "proton:GetServiceTemplate", + "proton:GetServiceTemplateMajorVersion", + "proton:GetServiceTemplateMinorVersion", + "proton:GetServiceTemplateVersion", + "proton:GetTemplateSyncConfig", + "proton:GetTemplateSyncStatus", + "proton:ListEnvironmentAccountConnections", + "proton:ListEnvironmentOutputs", + "proton:ListEnvironmentProvisionedResources", + "proton:ListEnvironments", + "proton:ListEnvironmentTemplateMajorVersions", + "proton:ListEnvironmentTemplateMinorVersions", + "proton:ListEnvironmentTemplates", + "proton:ListEnvironmentTemplateVersions", + "proton:ListRepositories", + "proton:ListRepositorySyncDefinitions", + "proton:ListServiceInstanceOutputs", + "proton:ListServiceInstanceProvisionedResources", + "proton:ListServiceInstances", + "proton:ListServicePipelineOutputs", + "proton:ListServicePipelineProvisionedResources", + "proton:ListServices", + "proton:ListServiceTemplateMajorVersions", + "proton:ListServiceTemplateMinorVersions", + "proton:ListServiceTemplates", + "proton:ListServiceTemplateVersions", + "proton:ListTagsForResource", + "proton:UpdateService", + "proton:UpdateServiceInstance", + "proton:UpdateServicePipeline", + "s3:ListAllMyBuckets", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"codestar-connections:PassConnection", + "Condition":{ + "StringEquals":{ + "codestar-connections:PassedToService":"proton.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:codestar-connections:*:*:connection/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-21T12:57:14+00:00" + }, + "AWSProtonFullAccess":{ + "CreateDate":"2021-02-17T19:07:18+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "proton:*", + "codestar-connections:ListConnections", + "kms:ListAliases", + "kms:DescribeKey" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:CreateGrant" + ], + "Condition":{ + "StringLike":{ + "kms:ViaService":"proton.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"proton.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"sync.proton.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/sync.proton.amazonaws.com/AWSServiceRoleForProtonSync" + }, + { + "Action":[ + "codestar-connections:PassConnection" + ], + "Condition":{ + "StringEquals":{ + "codestar-connections:PassedToService":"proton.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:codestar-connections:*:*:connection/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-20T12:36:26+00:00" + }, + "AWSProtonReadOnlyAccess":{ + "CreateDate":"2021-02-17T19:09:12+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "codepipeline:ListPipelineExecutions", + "codepipeline:ListPipelines", + "codepipeline:GetPipeline", + "codepipeline:GetPipelineState", + "codepipeline:GetPipelineExecution", + "proton:GetAccountRoles", + "proton:GetAccountSettings", + "proton:GetEnvironment", + "proton:GetEnvironmentAccountConnection", + "proton:GetEnvironmentTemplate", + "proton:GetEnvironmentTemplateMajorVersion", + "proton:GetEnvironmentTemplateMinorVersion", + "proton:GetEnvironmentTemplateVersion", + "proton:GetRepository", + "proton:GetRepositorySyncStatus", + "proton:GetService", + "proton:GetServiceInstance", + "proton:GetServiceTemplate", + "proton:GetServiceTemplateMajorVersion", + "proton:GetServiceTemplateMinorVersion", + "proton:GetServiceTemplateVersion", + "proton:GetTemplateSyncConfig", + "proton:GetTemplateSyncStatus", + "proton:ListEnvironmentAccountConnections", + "proton:ListEnvironmentOutputs", + "proton:ListEnvironmentProvisionedResources", + "proton:ListEnvironments", + "proton:ListEnvironmentTemplateMajorVersions", + "proton:ListEnvironmentTemplateMinorVersions", + "proton:ListEnvironmentTemplates", + "proton:ListEnvironmentTemplateVersions", + "proton:ListRepositories", + "proton:ListRepositorySyncDefinitions", + "proton:ListServiceInstanceOutputs", + "proton:ListServiceInstanceProvisionedResources", + "proton:ListServiceInstances", + "proton:ListServicePipelineOutputs", + "proton:ListServicePipelineProvisionedResources", + "proton:ListServices", + "proton:ListServiceTemplateMajorVersions", + "proton:ListServiceTemplateMinorVersions", + "proton:ListServiceTemplates", + "proton:ListServiceTemplateVersions", + "proton:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-21T12:33:42+00:00" + }, + "AWSProtonSyncServiceRolePolicy":{ + "CreateDate":"2021-11-23T21:14:36+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "proton:UpdateServiceTemplateVersion", + "proton:UpdateServiceTemplate", + "proton:UpdateEnvironmentTemplateVersion", + "proton:UpdateEnvironmentTemplate", + "proton:GetServiceTemplateVersion", + "proton:GetServiceTemplate", + "proton:GetEnvironmentTemplateVersion", + "proton:GetEnvironmentTemplate", + "proton:DeleteServiceTemplateVersion", + "proton:DeleteEnvironmentTemplateVersion", + "proton:CreateServiceTemplateVersion", + "proton:CreateServiceTemplate", + "proton:CreateEnvironmentTemplateVersion", + "proton:CreateEnvironmentTemplate", + "proton:ListEnvironmentTemplateVersions", + "proton:ListServiceTemplateVersions", + "proton:CreateEnvironmentTemplateMajorVersion", + "proton:CreateServiceTemplateMajorVersion" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SyncToProton" + }, + { + "Action":[ + "codestar-connections:UseConnection" + ], + "Effect":"Allow", + "Resource":"arn:aws:codestar-connections:*:*:connection/*", + "Sid":"AccessGitRepos" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-23T21:14:36+00:00" + }, + "AWSPurchaseOrdersServiceRolePolicy":{ + "CreateDate":"2020-05-06T18:15:47+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-portal:*Billing", + "purchase-orders:*PurchaseOrders" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-22T20:06:47+00:00" + }, + "AWSQuickSightDescribeRDS":{ + "CreateDate":"2015-11-10T23:24:50+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "rds:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-11-10T23:24:50+00:00" + }, + "AWSQuickSightDescribeRedshift":{ + "CreateDate":"2015-11-10T23:25:01+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "redshift:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-11-10T23:25:01+00:00" + }, + "AWSQuickSightElasticsearchPolicy":{ + "CreateDate":"2020-09-09T17:27:19+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "es:ESHttpGet" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:es:*:*:domain/*/", + "arn:aws:es:*:*:domain/*/_cluster/settings", + "arn:aws:es:*:*:domain/*/_cat/indices" + ] + }, + { + "Action":"es:ListDomainNames", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "es:DescribeElasticsearchDomain", + "es:DescribeDomain" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:es:*:*:domain/*" + ] + }, + { + "Action":[ + "es:ESHttpPost", + "es:ESHttpGet" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:es:*:*:domain/*/_opendistro/_sql", + "arn:aws:es:*:*:domain/*/_plugin/_sql" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-07T23:25:55+00:00" + }, + "AWSQuickSightIoTAnalyticsAccess":{ + "CreateDate":"2017-11-29T17:00:54+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iotanalytics:ListDatasets", + "iotanalytics:DescribeDataset", + "iotanalytics:GetDatasetContent" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-11-29T17:00:54+00:00" + }, + "AWSQuickSightListIAM":{ + "CreateDate":"2015-11-10T23:25:07+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-11-10T23:25:07+00:00" + }, + "AWSQuickSightSageMakerPolicy":{ + "CreateDate":"2020-01-17T17:18:13+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sagemaker:DescribeTransformJob", + "sagemaker:StopTransformJob", + "sagemaker:CreateTransformJob" + ], + "Effect":"Allow", + "Resource":"arn:aws:sagemaker:*:*:transform-job/quicksight-auto-generated-*" + }, + { + "Action":"sagemaker:ListModels", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"s3:GetObject", + "Effect":"Allow", + "Resource":"arn:aws:s3:::quicksight-ml.*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-01-17T17:18:13+00:00" + }, + "AWSQuickSightTimestreamPolicy":{ + "CreateDate":"2020-09-30T21:47:03+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "timestream:Select", + "timestream:CancelQuery", + "timestream:ListTables", + "timestream:ListDatabases", + "timestream:ListMeasures", + "timestream:DescribeTable", + "timestream:DescribeDatabase", + "timestream:SelectValues", + "timestream:DescribeEndpoints" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-09-30T21:47:03+00:00" + }, + "AWSQuicksightAthenaAccess":{ + "CreateDate":"2016-12-09T02:31:03+00:00", + "DefaultVersionId":"v10", + "Document":{ + "Statement":[ + { + "Action":[ + "athena:BatchGetQueryExecution", + "athena:CancelQueryExecution", + "athena:GetCatalogs", + "athena:GetExecutionEngine", + "athena:GetExecutionEngines", + "athena:GetNamespace", + "athena:GetNamespaces", + "athena:GetQueryExecution", + "athena:GetQueryExecutions", + "athena:GetQueryResults", + "athena:GetQueryResultsStream", + "athena:GetTable", + "athena:GetTables", + "athena:ListQueryExecutions", + "athena:RunQuery", + "athena:StartQueryExecution", + "athena:StopQueryExecution", + "athena:ListWorkGroups", + "athena:ListEngineVersions", + "athena:GetWorkGroup", + "athena:GetDataCatalog", + "athena:GetDatabase", + "athena:GetTableMetadata", + "athena:ListDataCatalogs", + "athena:ListDatabases", + "athena:ListTableMetadata" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "glue:CreateDatabase", + "glue:DeleteDatabase", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:UpdateDatabase", + "glue:CreateTable", + "glue:DeleteTable", + "glue:BatchDeleteTable", + "glue:UpdateTable", + "glue:GetTable", + "glue:GetTables", + "glue:BatchCreatePartition", + "glue:CreatePartition", + "glue:DeletePartition", + "glue:BatchDeletePartition", + "glue:UpdatePartition", + "glue:GetPartition", + "glue:GetPartitions", + "glue:BatchGetPartition" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "s3:GetBucketLocation", + "s3:GetObject", + "s3:ListBucket", + "s3:ListBucketMultipartUploads", + "s3:ListMultipartUploadParts", + "s3:AbortMultipartUpload", + "s3:CreateBucket", + "s3:PutObject", + "s3:PutBucketPublicAccessBlock" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-athena-query-results-*" + ] + }, + { + "Action":[ + "lakeformation:GetDataAccess" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-07-07T20:09:06+00:00" + }, + "AWSQuicksightOpenSearchPolicy":{ + "CreateDate":"2021-09-07T23:26:19+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "es:ESHttpGet" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:es:*:*:domain/*/", + "arn:aws:es:*:*:domain/*/_cluster/settings", + "arn:aws:es:*:*:domain/*/_cat/indices" + ] + }, + { + "Action":"es:ListDomainNames", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "es:DescribeDomain" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:es:*:*:domain/*" + ] + }, + { + "Action":[ + "es:ESHttpPost", + "es:ESHttpGet" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:es:*:*:domain/*/_opendistro/_sql", + "arn:aws:es:*:*:domain/*/_plugin/_sql" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-07T23:26:19+00:00" + }, + "AWSResourceAccessManagerFullAccess":{ + "CreateDate":"2019-06-04T17:28:22+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ram:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-04T17:28:22+00:00" + }, + "AWSResourceAccessManagerReadOnlyAccess":{ + "CreateDate":"2019-12-09T20:58:37+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ram:Get*", + "ram:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-12-09T20:58:37+00:00" + }, + "AWSResourceAccessManagerResourceShareParticipantAccess":{ + "CreateDate":"2019-12-09T20:41:37+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ram:AcceptResourceShareInvitation", + "ram:GetResourcePolicies", + "ram:GetResourceShareInvitations", + "ram:GetResourceShares", + "ram:ListPendingInvitationResources", + "ram:ListPrincipals", + "ram:ListResources", + "ram:RejectResourceShareInvitation" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-12-09T20:41:37+00:00" + }, + "AWSResourceAccessManagerServiceRolePolicy":{ + "CreateDate":"2018-11-14T19:28:28+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:DescribeOrganizationalUnit", + "organizations:ListAccounts", + "organizations:ListAccountsForParent", + "organizations:ListChildren", + "organizations:ListOrganizationalUnitsForParent", + "organizations:ListParents", + "organizations:ListRoots" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:DeleteRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/ram.amazonaws.com/*" + ], + "Sid":"AllowDeletionOfServiceLinkedRoleForResourceAccessManager" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-11-14T19:28:28+00:00" + }, + "AWSResourceGroupsReadOnlyAccess":{ + "CreateDate":"2018-03-07T10:27:04+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "resource-groups:Get*", + "resource-groups:List*", + "resource-groups:Search*", + "tag:Get*", + "cloudformation:DescribeStacks", + "cloudformation:ListStackResources", + "ec2:DescribeInstances", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSnapshots", + "ec2:DescribeVolumes", + "ec2:DescribeVpcs", + "elasticache:DescribeCacheClusters", + "elasticache:DescribeSnapshots", + "elasticache:ListTagsForResource", + "elasticbeanstalk:DescribeEnvironments", + "elasticmapreduce:DescribeCluster", + "elasticmapreduce:ListClusters", + "glacier:ListVaults", + "glacier:DescribeVault", + "glacier:ListTagsForVault", + "kinesis:ListStreams", + "kinesis:DescribeStream", + "kinesis:ListTagsForStream", + "opsworks:DescribeStacks", + "opsworks:ListTags", + "rds:DescribeDBInstances", + "rds:DescribeDBSnapshots", + "rds:ListTagsForResource", + "redshift:DescribeClusters", + "redshift:DescribeTags", + "route53domains:ListDomains", + "route53:ListHealthChecks", + "route53:GetHealthCheck", + "route53:ListHostedZones", + "route53:GetHostedZone", + "route53:ListTagsForResource", + "storagegateway:ListGateways", + "storagegateway:DescribeGatewayInformation", + "storagegateway:ListTagsForResource", + "s3:ListAllMyBuckets", + "s3:GetBucketTagging", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTags", + "ssm:ListDocuments" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-02-05T17:56:25+00:00" + }, + "AWSRoboMakerReadOnlyAccess":{ + "CreateDate":"2018-11-26T05:30:50+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "robomaker:List*", + "robomaker:BatchDescribe*", + "robomaker:Describe*", + "robomaker:Get*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"VisualEditor0" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-28T23:10:18+00:00" + }, + "AWSRoboMakerServicePolicy":{ + "CreateDate":"2018-11-26T06:30:08+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateNetworkInterfacePermission", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteNetworkInterface", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeSecurityGroups", + "greengrass:CreateDeployment", + "greengrass:CreateGroupVersion", + "greengrass:CreateFunctionDefinition", + "greengrass:CreateFunctionDefinitionVersion", + "greengrass:GetDeploymentStatus", + "greengrass:GetGroup", + "greengrass:GetGroupVersion", + "greengrass:GetCoreDefinitionVersion", + "greengrass:GetFunctionDefinitionVersion", + "greengrass:GetAssociatedRole", + "lambda:CreateFunction", + "robomaker:CreateSimulationJob", + "robomaker:CancelSimulationJob" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "robomaker:TagResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:robomaker:*:*:simulation-job/*" + }, + { + "Action":[ + "lambda:UpdateFunctionCode", + "lambda:GetFunction", + "lambda:UpdateFunctionConfiguration", + "lambda:DeleteFunction", + "lambda:ListVersionsByFunction", + "lambda:GetAlias", + "lambda:UpdateAlias", + "lambda:CreateAlias", + "lambda:DeleteAlias" + ], + "Effect":"Allow", + "Resource":"arn:aws:lambda:*:*:function:aws-robomaker-*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "lambda.amazonaws.com", + "robomaker.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-11T22:23:45+00:00" + }, + "AWSRoboMakerServiceRolePolicy":{ + "CreateDate":"2018-11-26T05:33:19+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateNetworkInterfacePermission", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteNetworkInterface", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeSecurityGroups", + "greengrass:CreateDeployment", + "greengrass:CreateGroupVersion", + "greengrass:CreateFunctionDefinition", + "greengrass:CreateFunctionDefinitionVersion", + "greengrass:GetDeploymentStatus", + "greengrass:GetGroup", + "greengrass:GetGroupVersion", + "greengrass:GetCoreDefinitionVersion", + "greengrass:GetFunctionDefinitionVersion", + "greengrass:GetAssociatedRole", + "lambda:CreateFunction" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "lambda:UpdateFunctionCode", + "lambda:GetFunction", + "lambda:UpdateFunctionConfiguration" + ], + "Effect":"Allow", + "Resource":"arn:aws:lambda:*:*:function:aws-robomaker-*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEqualsIfExists":{ + "iam:PassedToService":"lambda.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-11-26T05:33:19+00:00" + }, + "AWSRoboMaker_FullAccess":{ + "CreateDate":"2020-09-10T18:34:18+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":"robomaker:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"s3:GetObject", + "Condition":{ + "StringEquals":{ + "aws:CalledViaFirst":"robomaker.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ecr:BatchGetImage", + "Condition":{ + "StringEquals":{ + "aws:CalledViaFirst":"robomaker.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ecr-public:DescribeImages", + "Condition":{ + "StringEquals":{ + "aws:CalledViaFirst":"robomaker.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"robomaker.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-16T21:06:10+00:00" + }, + "AWSSSMOpsInsightsServiceRolePolicy":{ + "CreateDate":"2021-06-16T20:12:52+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ssm:CreateOpsItem", + "ssm:AddTagsToResource" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowCreateOpsItem" + }, + { + "Action":[ + "ssm:UpdateOpsItem", + "ssm:GetOpsItem" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/SsmOperationalInsight":"true" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowAccessOpsItem" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-06-16T20:12:52+00:00" + }, + "AWSSSODirectoryAdministrator":{ + "CreateDate":"2018-10-31T23:54:00+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "sso-directory:*", + "identitystore:*", + "sso:ListDirectoryAssociations" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AWSSSODirectoryAdministrator" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-03-25T20:31:19+00:00" + }, + "AWSSSODirectoryReadOnly":{ + "CreateDate":"2018-10-31T23:49:32+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "sso-directory:Search*", + "sso-directory:Describe*", + "sso-directory:List*", + "sso-directory:Get*", + "identitystore:Describe*", + "identitystore:List*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AWSSSODirectoryReadOnly" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-03-25T20:57:20+00:00" + }, + "AWSSSOMasterAccountAdministrator":{ + "CreateDate":"2018-06-27T20:36:51+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"sso.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO", + "Sid":"AWSSSOCreateSLR" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":"sso.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO", + "Sid":"AWSSSOMasterAccountAdministrator" + }, + { + "Action":[ + "ds:DescribeTrusts", + "ds:UnauthorizeApplication", + "ds:DescribeDirectories", + "ds:AuthorizeApplication", + "iam:ListPolicies", + "organizations:EnableAWSServiceAccess", + "organizations:ListRoots", + "organizations:ListAccounts", + "organizations:ListOrganizationalUnitsForParent", + "organizations:ListAccountsForParent", + "organizations:DescribeOrganization", + "organizations:ListChildren", + "organizations:DescribeAccount", + "organizations:ListParents", + "sso:*", + "sso-directory:*", + "identitystore:*", + "ds:CreateAlias", + "access-analyzer:ValidatePolicy" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AWSSSOMemberAccountAdministrator" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-28T18:38:55+00:00" + }, + "AWSSSOMemberAccountAdministrator":{ + "CreateDate":"2018-06-27T20:45:42+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "ds:DescribeDirectories", + "ds:AuthorizeApplication", + "ds:UnauthorizeApplication", + "ds:DescribeTrusts", + "iam:ListPolicies", + "organizations:EnableAWSServiceAccess", + "organizations:DescribeOrganization", + "organizations:DescribeAccount", + "organizations:ListRoots", + "organizations:ListAccounts", + "organizations:ListAccountsForParent", + "organizations:ListParents", + "organizations:ListChildren", + "organizations:ListOrganizationalUnitsForParent", + "sso:*", + "sso-directory:*", + "identitystore:*", + "ds:CreateAlias", + "access-analyzer:ValidatePolicy" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AWSSSOMemberAccountAdministrator" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-28T18:53:46+00:00" + }, + "AWSSSOReadOnly":{ + "CreateDate":"2018-06-27T20:24:34+00:00", + "DefaultVersionId":"v7", + "Document":{ + "Statement":[ + { + "Action":[ + "ds:DescribeDirectories", + "ds:DescribeTrusts", + "iam:ListPolicies", + "organizations:DescribeOrganization", + "organizations:DescribeAccount", + "organizations:ListParents", + "organizations:ListChildren", + "organizations:ListAccounts", + "organizations:ListRoots", + "organizations:ListAccountsForParent", + "organizations:ListOrganizationalUnitsForParent", + "sso:Describe*", + "sso:Get*", + "sso:List*", + "sso:Search*", + "sso-directory:DescribeDirectory", + "access-analyzer:ValidatePolicy" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AWSSSOReadOnly" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-28T18:46:11+00:00" + }, + "AWSSSOServiceRolePolicy":{ + "CreateDate":"2017-12-05T18:36:15+00:00", + "DefaultVersionId":"v15", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:AttachRolePolicy", + "iam:CreateRole", + "iam:PutRolePolicy", + "iam:UpdateRole", + "iam:UpdateRoleDescription", + "iam:UpdateAssumeRolePolicy" + ], + "Condition":{ + "StringNotEquals":{ + "aws:PrincipalOrgMasterAccountId":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-reserved/sso.amazonaws.com/*" + ], + "Sid":"IAMRoleProvisioningActions" + }, + { + "Action":[ + "iam:GetRole", + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"IAMRoleReadActions" + }, + { + "Action":[ + "iam:DeleteRole", + "iam:DeleteRolePolicy", + "iam:DetachRolePolicy", + "iam:ListRolePolicies", + "iam:ListAttachedRolePolicies" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-reserved/sso.amazonaws.com/*" + ], + "Sid":"IAMRoleCleanupActions" + }, + { + "Action":[ + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus", + "iam:DeleteRole", + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO" + ], + "Sid":"IAMSLRCleanupActions" + }, + { + "Action":[ + "iam:CreateSAMLProvider", + "iam:UpdateSAMLProvider" + ], + "Condition":{ + "StringNotEquals":{ + "aws:PrincipalOrgMasterAccountId":"${aws:PrincipalAccount}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:saml-provider/AWSSSO_*" + ], + "Sid":"IAMSAMLProviderProvisioningActions" + }, + { + "Action":[ + "iam:DeleteSAMLProvider", + "iam:GetSAMLProvider" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:saml-provider/AWSSSO_*" + ], + "Sid":"IAMSAMLProviderCleanupActions" + }, + { + "Action":[ + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:ListAccounts", + "organizations:ListDelegatedAdministrators", + "organizations:ListAWSServiceAccessForOrganization" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ds:UnauthorizeApplication" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"AllowUnauthAppForDirectory" + }, + { + "Action":[ + "ds:DescribeDirectories", + "ds:DescribeTrusts" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"AllowDescribeForDirectory" + }, + { + "Action":[ + "identitystore:DescribeUser", + "identitystore:DescribeGroup", + "identitystore:ListGroups", + "identitystore:ListUsers" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"AllowDescribeAndListOperationsOnIdentitySource" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-12T21:14:40+00:00" + }, + "AWSSavingsPlansFullAccess":{ + "CreateDate":"2019-11-06T22:45:18+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"savingsplans:*", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-11-06T22:45:18+00:00" + }, + "AWSSavingsPlansReadOnlyAccess":{ + "CreateDate":"2019-11-06T22:45:10+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "savingsplans:Describe*", + "savingsplans:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-11-06T22:45:10+00:00" + }, + "AWSSecurityHubFullAccess":{ + "CreateDate":"2018-11-27T23:54:34+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"securityhub:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"securityhub.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-11-27T23:54:34+00:00" + }, + "AWSSecurityHubOrganizationsAccess":{ + "CreateDate":"2021-03-15T20:53:03+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "organizations:ListAccounts", + "organizations:DescribeOrganization" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"organizations:EnableAWSServiceAccess", + "Condition":{ + "StringEquals":{ + "organizations:ServicePrincipal":"securityhub.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "organizations:RegisterDelegatedAdministrator", + "organizations:DeregisterDelegatedAdministrator" + ], + "Condition":{ + "StringEquals":{ + "organizations:ServicePrincipal":"securityhub.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:organizations::*:account/o-*/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-03-15T20:53:03+00:00" + }, + "AWSSecurityHubReadOnlyAccess":{ + "CreateDate":"2018-11-28T01:34:29+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "securityhub:Get*", + "securityhub:List*", + "securityhub:BatchGet*", + "securityhub:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-04T17:46:51+00:00" + }, + "AWSSecurityHubServiceRolePolicy":{ + "CreateDate":"2018-11-27T23:47:51+00:00", + "DefaultVersionId":"v9", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudtrail:DescribeTrails", + "cloudtrail:GetTrailStatus", + "cloudtrail:GetEventSelectors", + "cloudwatch:DescribeAlarms", + "cloudwatch:DescribeAlarmsForMetric", + "logs:DescribeMetricFilters", + "sns:ListSubscriptionsByTopic", + "config:DescribeConfigurationRecorders", + "config:DescribeConfigurationRecorderStatus", + "config:DescribeConfigRules", + "config:BatchGetResourceConfig", + "config:SelectResourceConfig", + "iam:GenerateCredentialReport", + "iam:GetCredentialReport", + "organizations:ListAccounts", + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "config:PutEvaluations" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "config:PutConfigRule", + "config:DeleteConfigRule", + "config:GetComplianceDetailsByConfigRule", + "config:DescribeConfigRuleEvaluationStatus" + ], + "Effect":"Allow", + "Resource":"arn:aws:config:*:*:config-rule/aws-service-rule/*securityhub*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-07-14T20:32:48+00:00" + }, + "AWSServiceCatalogAdminFullAccess":{ + "CreateDate":"2018-02-15T17:19:40+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:CreateStack", + "cloudformation:DeleteStack", + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStacks", + "cloudformation:SetStackPolicy", + "cloudformation:UpdateStack", + "cloudformation:CreateChangeSet", + "cloudformation:DescribeChangeSet", + "cloudformation:ExecuteChangeSet", + "cloudformation:ListChangeSets", + "cloudformation:DeleteChangeSet", + "cloudformation:ListStackResources", + "cloudformation:TagResource", + "cloudformation:CreateStackSet", + "cloudformation:CreateStackInstances", + "cloudformation:UpdateStackSet", + "cloudformation:UpdateStackInstances", + "cloudformation:DeleteStackSet", + "cloudformation:DeleteStackInstances", + "cloudformation:DescribeStackSet", + "cloudformation:DescribeStackInstance", + "cloudformation:DescribeStackSetOperation", + "cloudformation:ListStackInstances", + "cloudformation:ListStackSetOperations", + "cloudformation:ListStackSetOperationResults" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/SC-*", + "arn:aws:cloudformation:*:*:stack/StackSet-SC-*", + "arn:aws:cloudformation:*:*:changeSet/SC-*", + "arn:aws:cloudformation:*:*:stackset/SC-*" + ] + }, + { + "Action":[ + "cloudformation:CreateUploadBucket", + "cloudformation:GetTemplateSummary", + "cloudformation:ValidateTemplate", + "iam:GetGroup", + "iam:GetRole", + "iam:GetUser", + "iam:ListGroups", + "iam:ListRoles", + "iam:ListUsers", + "servicecatalog:*", + "ssm:DescribeDocument", + "ssm:GetAutomationExecution", + "ssm:ListDocuments", + "ssm:ListDocumentVersions", + "config:DescribeConfigurationRecorders", + "config:DescribeConfigurationRecorderStatus" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"servicecatalog.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-02-06T01:57:54+00:00" + }, + "AWSServiceCatalogAdminReadOnlyAccess":{ + "CreateDate":"2019-10-25T18:53:38+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStacks", + "cloudformation:DescribeChangeSet", + "cloudformation:ListChangeSets", + "cloudformation:ListStackResources", + "cloudformation:DescribeStackSet", + "cloudformation:DescribeStackInstance", + "cloudformation:DescribeStackSetOperation", + "cloudformation:ListStackInstances", + "cloudformation:ListStackSetOperations", + "cloudformation:ListStackSetOperationResults" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/SC-*", + "arn:aws:cloudformation:*:*:stack/StackSet-SC-*", + "arn:aws:cloudformation:*:*:changeSet/SC-*", + "arn:aws:cloudformation:*:*:stackset/SC-*" + ] + }, + { + "Action":[ + "cloudformation:GetTemplateSummary", + "iam:GetGroup", + "iam:GetRole", + "iam:GetUser", + "iam:ListGroups", + "iam:ListRoles", + "iam:ListUsers", + "servicecatalog:Get*", + "servicecatalog:List*", + "servicecatalog:Describe*", + "servicecatalog:ScanProvisionedProducts", + "servicecatalog:Search*", + "ssm:DescribeDocument", + "ssm:GetAutomationExecution", + "ssm:ListDocuments", + "ssm:ListDocumentVersions", + "config:DescribeConfigurationRecorders", + "config:DescribeConfigurationRecorderStatus" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-10-25T18:53:38+00:00" + }, + "AWSServiceCatalogAppRegistryFullAccess":{ + "CreateDate":"2020-11-12T22:25:58+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:UpdateStack" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"servicecatalog-appregistry.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"servicecatalog-appregistry.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/servicecatalog-appregistry.amazonaws.com/AWSServiceRoleForAWSServiceCatalogAppRegistry*" + }, + { + "Action":[ + "cloudformation:DescribeStacks", + "servicecatalog:CreateApplication", + "servicecatalog:GetApplication", + "servicecatalog:UpdateApplication", + "servicecatalog:DeleteApplication", + "servicecatalog:ListApplications", + "servicecatalog:AssociateResource", + "servicecatalog:DisassociateResource", + "servicecatalog:GetAssociatedResource", + "servicecatalog:ListAssociatedResources", + "servicecatalog:AssociateAttributeGroup", + "servicecatalog:DisassociateAttributeGroup", + "servicecatalog:ListAssociatedAttributeGroups", + "servicecatalog:CreateAttributeGroup", + "servicecatalog:UpdateAttributeGroup", + "servicecatalog:DeleteAttributeGroup", + "servicecatalog:GetAttributeGroup", + "servicecatalog:ListAttributeGroups", + "servicecatalog:SyncResource", + "servicecatalog:ListAttributeGroupsForApplication" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "servicecatalog:ListTagsForResource", + "servicecatalog:UntagResource", + "servicecatalog:TagResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:servicecatalog:*:*:*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-15T22:01:01+00:00" + }, + "AWSServiceCatalogAppRegistryReadOnlyAccess":{ + "CreateDate":"2020-11-12T22:34:32+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "servicecatalog:GetApplication", + "servicecatalog:ListApplications", + "servicecatalog:GetAssociatedResource", + "servicecatalog:ListAssociatedResources", + "servicecatalog:ListAssociatedAttributeGroups", + "servicecatalog:GetAttributeGroup", + "servicecatalog:ListAttributeGroups", + "servicecatalog:ListTagsForResource", + "servicecatalog:ListAttributeGroupsForApplication" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-15T20:20:31+00:00" + }, + "AWSServiceCatalogAppRegistryServiceRolePolicy":{ + "CreateDate":"2021-05-18T22:18:55+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":"cloudformation:DescribeStacks", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "resource-groups:CreateGroup", + "resource-groups:Tag" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/EnableAWSServiceCatalogAppRegistry":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "resource-groups:DeleteGroup", + "resource-groups:UpdateGroup", + "resource-groups:GetGroup", + "resource-groups:GetTags", + "resource-groups:Tag", + "resource-groups:Untag", + "resource-groups:GetGroupConfiguration" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/EnableAWSServiceCatalogAppRegistry":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-03-04T21:06:44+00:00" + }, + "AWSServiceCatalogEndUserFullAccess":{ + "CreateDate":"2018-02-15T17:22:32+00:00", + "DefaultVersionId":"v7", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:CreateStack", + "cloudformation:DeleteStack", + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStacks", + "cloudformation:SetStackPolicy", + "cloudformation:ValidateTemplate", + "cloudformation:UpdateStack", + "cloudformation:CreateChangeSet", + "cloudformation:DescribeChangeSet", + "cloudformation:ExecuteChangeSet", + "cloudformation:ListChangeSets", + "cloudformation:DeleteChangeSet", + "cloudformation:TagResource", + "cloudformation:CreateStackSet", + "cloudformation:CreateStackInstances", + "cloudformation:UpdateStackSet", + "cloudformation:UpdateStackInstances", + "cloudformation:DeleteStackSet", + "cloudformation:DeleteStackInstances", + "cloudformation:DescribeStackSet", + "cloudformation:DescribeStackInstance", + "cloudformation:DescribeStackSetOperation", + "cloudformation:ListStackInstances", + "cloudformation:ListStackResources", + "cloudformation:ListStackSetOperations", + "cloudformation:ListStackSetOperationResults" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/SC-*", + "arn:aws:cloudformation:*:*:stack/StackSet-SC-*", + "arn:aws:cloudformation:*:*:changeSet/SC-*", + "arn:aws:cloudformation:*:*:stackset/SC-*" + ] + }, + { + "Action":[ + "cloudformation:GetTemplateSummary", + "servicecatalog:DescribeProduct", + "servicecatalog:DescribeProductView", + "servicecatalog:DescribeProvisioningParameters", + "servicecatalog:ListLaunchPaths", + "servicecatalog:ProvisionProduct", + "servicecatalog:SearchProducts", + "ssm:DescribeDocument", + "ssm:GetAutomationExecution", + "config:DescribeConfigurationRecorders", + "config:DescribeConfigurationRecorderStatus" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "servicecatalog:DescribeProvisionedProduct", + "servicecatalog:DescribeRecord", + "servicecatalog:ListRecordHistory", + "servicecatalog:ListStackInstancesForProvisionedProduct", + "servicecatalog:ScanProvisionedProducts", + "servicecatalog:TerminateProvisionedProduct", + "servicecatalog:UpdateProvisionedProduct", + "servicecatalog:SearchProvisionedProducts", + "servicecatalog:CreateProvisionedProductPlan", + "servicecatalog:DescribeProvisionedProductPlan", + "servicecatalog:ExecuteProvisionedProductPlan", + "servicecatalog:DeleteProvisionedProductPlan", + "servicecatalog:ListProvisionedProductPlans", + "servicecatalog:ListServiceActionsForProvisioningArtifact", + "servicecatalog:ExecuteProvisionedProductServiceAction", + "servicecatalog:DescribeServiceActionExecutionParameters" + ], + "Condition":{ + "StringEquals":{ + "servicecatalog:userLevel":"self" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-07-10T20:30:52+00:00" + }, + "AWSServiceCatalogEndUserReadOnlyAccess":{ + "CreateDate":"2019-10-25T18:49:34+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStacks", + "cloudformation:DescribeChangeSet", + "cloudformation:ListChangeSets", + "cloudformation:DescribeStackSet", + "cloudformation:DescribeStackInstance", + "cloudformation:DescribeStackSetOperation", + "cloudformation:ListStackInstances", + "cloudformation:ListStackResources", + "cloudformation:ListStackSetOperations", + "cloudformation:ListStackSetOperationResults" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/SC-*", + "arn:aws:cloudformation:*:*:stack/StackSet-SC-*", + "arn:aws:cloudformation:*:*:changeSet/SC-*", + "arn:aws:cloudformation:*:*:stackset/SC-*" + ] + }, + { + "Action":[ + "cloudformation:GetTemplateSummary", + "servicecatalog:DescribeProduct", + "servicecatalog:DescribeProductView", + "servicecatalog:DescribeProvisioningParameters", + "servicecatalog:ListLaunchPaths", + "servicecatalog:SearchProducts", + "ssm:DescribeDocument", + "ssm:GetAutomationExecution", + "config:DescribeConfigurationRecorders", + "config:DescribeConfigurationRecorderStatus" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "servicecatalog:DescribeProvisionedProduct", + "servicecatalog:DescribeRecord", + "servicecatalog:ListRecordHistory", + "servicecatalog:ListStackInstancesForProvisionedProduct", + "servicecatalog:ScanProvisionedProducts", + "servicecatalog:SearchProvisionedProducts", + "servicecatalog:DescribeProvisionedProductPlan", + "servicecatalog:ListProvisionedProductPlans", + "servicecatalog:ListServiceActionsForProvisioningArtifact", + "servicecatalog:DescribeServiceActionExecutionParameters" + ], + "Condition":{ + "StringEquals":{ + "servicecatalog:userLevel":"self" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-10-25T18:49:34+00:00" + }, + "AWSServiceRoleForAmazonEKSNodegroup":{ + "CreateDate":"2019-11-07T01:34:26+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:RevokeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:DescribeInstances", + "ec2:RevokeSecurityGroupEgress", + "ec2:DeleteSecurityGroup" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/eks":"*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"SharedSecurityGroupRelatedPermissions" + }, + { + "Action":[ + "ec2:RevokeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:DescribeInstances", + "ec2:RevokeSecurityGroupEgress", + "ec2:DeleteSecurityGroup" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/eks:nodegroup-name":"*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"EKSCreatedSecurityGroupRelatedPermissions" + }, + { + "Action":[ + "ec2:DeleteLaunchTemplate", + "ec2:CreateLaunchTemplateVersion" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/eks:nodegroup-name":"*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"LaunchTemplateRelatedPermissions" + }, + { + "Action":[ + "autoscaling:UpdateAutoScalingGroup", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:TerminateInstanceInAutoScalingGroup", + "autoscaling:CompleteLifecycleAction", + "autoscaling:PutLifecycleHook", + "autoscaling:PutNotificationConfiguration", + "autoscaling:EnableMetricsCollection" + ], + "Effect":"Allow", + "Resource":"arn:aws:autoscaling:*:*:*:autoScalingGroupName/eks-*", + "Sid":"AutoscalingRelatedPermissions" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"autoscaling.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowAutoscalingToCreateSLR" + }, + { + "Action":[ + "autoscaling:CreateOrUpdateTags", + "autoscaling:CreateAutoScalingGroup" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:TagKeys":[ + "eks", + "eks:cluster-name", + "eks:nodegroup-name" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowASGCreationByEKS" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"autoscaling.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowPassRoleToAutoscaling" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEqualsIfExists":{ + "iam:PassedToService":[ + "ec2.amazonaws.com", + "ec2.amazonaws.com.cn" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowPassRoleToEC2" + }, + { + "Action":[ + "iam:GetRole", + "ec2:CreateLaunchTemplate", + "ec2:DescribeInstances", + "iam:GetInstanceProfile", + "ec2:DescribeLaunchTemplates", + "autoscaling:DescribeAutoScalingGroups", + "ec2:CreateSecurityGroup", + "ec2:DescribeLaunchTemplateVersions", + "ec2:RunInstances", + "ec2:DescribeSecurityGroups", + "ec2:GetConsoleOutput", + "ec2:DescribeRouteTables", + "ec2:DescribeSubnets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"PermissionsToManageResourcesForNodegroups" + }, + { + "Action":[ + "iam:CreateInstanceProfile", + "iam:DeleteInstanceProfile", + "iam:RemoveRoleFromInstanceProfile", + "iam:AddRoleToInstanceProfile" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:instance-profile/eks-*", + "Sid":"PermissionsToCreateAndManageInstanceProfiles" + }, + { + "Action":[ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition":{ + "ForAnyValue:StringLike":{ + "aws:TagKeys":[ + "eks", + "eks:cluster-name", + "eks:nodegroup-name", + "kubernetes.io/cluster/*" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"PermissionsToManageEKSAndKubernetesTags" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-01-14T00:33:26+00:00" + }, + "AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy":{ + "CreateDate":"2020-10-01T09:49:01+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ssm:CreateOpsItem" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-10-01T09:49:01+00:00" + }, + "AWSServiceRoleForCodeGuru-Profiler":{ + "CreateDate":"2020-06-26T22:04:26+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sns:Publish" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowSNSPublishToSendNotifications" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-26T22:04:26+00:00" + }, + "AWSServiceRoleForEC2ScheduledInstances":{ + "CreateDate":"2017-10-12T18:31:55+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "aws:ec2sri:scheduledInstanceId" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":[ + "ec2:TerminateInstances" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/aws:ec2sri:scheduledInstanceId":"*" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-10-12T18:31:55+00:00" + }, + "AWSServiceRoleForImageBuilder":{ + "CreateDate":"2019-11-29T22:02:13+00:00", + "DefaultVersionId":"v17", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:RunInstances" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*::image/*", + "arn:aws:ec2:*::snapshot/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:key-pair/*", + "arn:aws:ec2:*:*:launch-template/*", + "arn:aws:license-manager:*:*:license-configuration:*" + ] + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/CreatedBy":[ + "EC2 Image Builder", + "EC2 Fast Launch" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "ec2.amazonaws.com", + "ec2.amazonaws.com.cn", + "vmie.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:StopInstances", + "ec2:StartInstances", + "ec2:TerminateInstances" + ], + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/CreatedBy":"EC2 Image Builder" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CopyImage", + "ec2:CreateImage", + "ec2:CreateLaunchTemplate", + "ec2:DeregisterImage", + "ec2:DescribeImages", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstances", + "ec2:DescribeInstanceTypeOfferings", + "ec2:DescribeInstanceTypes", + "ec2:DescribeSubnets", + "ec2:DescribeTags", + "ec2:ModifyImageAttribute", + "ec2:DescribeImportImageTasks", + "ec2:DescribeExportImageTasks", + "ec2:DescribeSnapshots" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:ModifySnapshotAttribute" + ], + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/CreatedBy":"EC2 Image Builder" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*::snapshot/*" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/CreatedBy":[ + "EC2 Image Builder", + "EC2 Fast Launch" + ], + "ec2:CreateAction":[ + "RunInstances", + "CreateImage" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*::image/*", + "arn:aws:ec2:*:*:export-image-task/*" + ] + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/CreatedBy":[ + "EC2 Image Builder", + "EC2 Fast Launch" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*::snapshot/*", + "arn:aws:ec2:*:*:launch-template/*" + ] + }, + { + "Action":[ + "license-manager:UpdateLicenseSpecificationsForResource" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sns:Publish" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssm:ListCommands", + "ssm:ListCommandInvocations", + "ssm:AddTagsToResource", + "ssm:DescribeInstanceInformation", + "ssm:GetAutomationExecution", + "ssm:StopAutomationExecution", + "ssm:ListInventoryEntries", + "ssm:SendAutomationSignal", + "ssm:DescribeInstanceAssociationsStatus", + "ssm:DescribeAssociationExecutions" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ssm:SendCommand", + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:document/AWS-RunPowerShellScript", + "arn:aws:ssm:*:*:document/AWS-RunShellScript", + "arn:aws:ssm:*:*:document/AWSEC2-RunSysprep", + "arn:aws:s3:::*" + ] + }, + { + "Action":[ + "ssm:SendCommand" + ], + "Condition":{ + "StringEquals":{ + "ssm:resourceTag/CreatedBy":[ + "EC2 Image Builder" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":"ssm:StartAutomationExecution", + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:automation-definition/ImageBuilder*" + }, + { + "Action":[ + "ssm:CreateAssociation", + "ssm:DeleteAssociation" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:document/AWS-GatherSoftwareInventory", + "arn:aws:ssm:*:*:association/*", + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":[ + "kms:Encrypt", + "kms:Decrypt", + "kms:ReEncryptFrom", + "kms:ReEncryptTo", + "kms:GenerateDataKeyWithoutPlaintext" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "kms:EncryptionContextKeys":[ + "aws:ebs:id" + ] + }, + "StringLike":{ + "kms:ViaService":[ + "ec2.*.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:DescribeKey" + ], + "Condition":{ + "StringLike":{ + "kms:ViaService":[ + "ec2.*.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"kms:CreateGrant", + "Condition":{ + "Bool":{ + "kms:GrantIsForAWSResource":true + }, + "StringLike":{ + "kms:ViaService":[ + "ec2.*.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"sts:AssumeRole", + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/EC2ImageBuilderDistributionCrossAccountRole" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:CreateLogGroup", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/imagebuilder/*" + }, + { + "Action":[ + "ec2:CreateLaunchTemplateVersion", + "ec2:DescribeLaunchTemplates", + "ec2:ModifyLaunchTemplate", + "ec2:DescribeLaunchTemplateVersions" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:ExportImage" + ], + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/CreatedBy":"EC2 Image Builder" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*::image/*" + }, + { + "Action":[ + "ec2:ExportImage" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:export-image-task/*" + }, + { + "Action":[ + "ec2:CancelExportTask" + ], + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/CreatedBy":"EC2 Image Builder" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:export-image-task/*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "ssm.amazonaws.com", + "ec2fastlaunch.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:EnableFastLaunch" + ], + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/CreatedBy":"EC2 Image Builder" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*::image/*", + "arn:aws:ec2:*:*:launch-template/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-16T00:09:27+00:00" + }, + "AWSServiceRoleForIoTSiteWise":{ + "CreateDate":"2018-11-14T19:19:17+00:00", + "DefaultVersionId":"v7", + "Document":{ + "Statement":[ + { + "Action":[ + "greengrass:GetAssociatedRole", + "greengrass:GetCoreDefinition", + "greengrass:GetCoreDefinitionVersion", + "greengrass:GetGroup", + "greengrass:GetGroupVersion" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:DescribeLogGroups" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/iotsitewise*" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:DescribeLogStreams", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/iotsitewise*:log-stream:*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-04-25T02:15:01+00:00" + }, + "AWSServiceRoleForLogDeliveryPolicy":{ + "CreateDate":"2019-10-04T17:31:19+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "firehose:PutRecord", + "firehose:PutRecordBatch", + "firehose:ListTagsForDeliveryStream" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/LogDeliveryEnabled":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-07-15T20:07:44+00:00" + }, + "AWSServiceRoleForMonitronPolicy":{ + "CreateDate":"2020-12-02T19:06:08+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sso:GetManagedApplicationInstance", + "sso:GetProfile", + "sso:ListProfiles", + "sso:AssociateProfile", + "sso:ListDirectoryAssociations", + "sso-directory:DescribeUsers", + "sso-directory:SearchUsers" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-02T19:06:08+00:00" + }, + "AWSServiceRoleForSMS":{ + "CreateDate":"2019-08-06T18:39:29+00:00", + "DefaultVersionId":"v10", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:CreateChangeSet", + "cloudformation:CreateStack" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "cloudformation:ResourceTypes":[ + "AWS::EC2::Instance", + "AWS::ApplicationInsights::Application", + "AWS::ResourceGroups::Group" + ] + }, + "Null":{ + "cloudformation:ResourceTypes":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:cloudformation:*:*:stack/sms-app-*/*" + }, + { + "Action":[ + "cloudformation:DeleteStack", + "cloudformation:ExecuteChangeSet", + "cloudformation:DeleteChangeSet", + "cloudformation:DescribeChangeSet", + "cloudformation:DescribeStacks", + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStackResource", + "cloudformation:DescribeStackResources", + "cloudformation:GetTemplate" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudformation:*:*:stack/sms-app-*/*" + }, + { + "Action":[ + "cloudformation:ValidateTemplate", + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:CreateBucket", + "s3:DeleteBucket", + "s3:DeleteObject", + "s3:GetBucketAcl", + "s3:GetBucketLocation", + "s3:GetObject", + "s3:ListBucket", + "s3:PutObject", + "s3:PutObjectAcl", + "s3:PutLifecycleConfiguration" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::sms-app-*" + }, + { + "Action":[ + "sms:CreateReplicationJob", + "sms:DeleteReplicationJob", + "sms:GetReplicationJobs", + "sms:GetReplicationRuns", + "sms:GetServers", + "sms:ImportServerCatalog", + "sms:StartOnDemandReplicationRun", + "sms:UpdateReplicationJob" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ssm:SendCommand", + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*::document/AWS-RunRemoteScript", + "arn:aws:s3:::sms-app-*" + ] + }, + { + "Action":"ssm:SendCommand", + "Condition":{ + "StringEquals":{ + "ssm:resourceTag/UseForSMSApplicationValidation":[ + "true" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ssm:CancelCommand", + "ssm:GetCommandInvocation" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"CopySnapshot" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*" + }, + { + "Action":"ec2:CopySnapshot", + "Condition":{ + "StringLike":{ + "aws:RequestTag/SMSJobId":[ + "sms-*" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*" + }, + { + "Action":[ + "ec2:ModifySnapshotAttribute", + "ec2:DeleteSnapshot" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/SMSJobId":[ + "sms-*" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*" + }, + { + "Action":[ + "ec2:CopyImage", + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeSnapshots", + "ec2:DescribeSnapshotAttribute", + "ec2:DeregisterImage", + "ec2:ImportImage", + "ec2:DescribeImportImageTasks", + "ec2:GetEbsEncryptionByDefault" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:GetRole", + "iam:GetInstanceProfile" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DisassociateIamInstanceProfile", + "ec2:AssociateIamInstanceProfile", + "ec2:ReplaceIamInstanceProfileAssociation" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/sms-app-*/*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"ec2.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEqualsIfExists":{ + "iam:PassedToService":"cloudformation.amazonaws.com" + }, + "StringLike":{ + "iam:AssociatedResourceArn":"arn:aws:cloudformation:*:*:stack/sms-app-*/*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ec2:ModifyInstanceAttribute", + "ec2:StopInstances", + "ec2:StartInstances", + "ec2:TerminateInstances" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/sms-app-*/*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "applicationinsights:Describe*", + "applicationinsights:List*", + "cloudformation:ListStackResources" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "applicationinsights:CreateApplication", + "applicationinsights:CreateComponent", + "applicationinsights:UpdateApplication", + "applicationinsights:DeleteApplication", + "applicationinsights:UpdateComponentConfiguration", + "applicationinsights:DeleteComponent" + ], + "Effect":"Allow", + "Resource":"arn:aws:applicationinsights:*:*:application/resource-group/sms-app-*" + }, + { + "Action":[ + "resource-groups:CreateGroup", + "resource-groups:GetGroup", + "resource-groups:UpdateGroup", + "resource-groups:DeleteGroup" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/sms-app-*/*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:resource-groups:*:*:group/sms-app-*" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"application-insights.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/application-insights.amazonaws.com/AWSServiceRoleForApplicationInsights" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-10-15T17:28:13+00:00" + }, + "AWSServiceRolePolicyForBackupReports":{ + "CreateDate":"2021-08-19T21:16:45+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "backup:DescribeFramework", + "backup:ListBackupJobs", + "backup:ListRestoreJobs", + "backup:ListCopyJobs" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "config:DescribeConfigurationRecorders", + "config:DescribeConfigurationRecorderStatus", + "config:BatchGetResourceConfig", + "config:SelectResourceConfig", + "config:DescribeConfigurationAggregators", + "config:SelectAggregateResourceConfig", + "s3:GetBucketLocation" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "config:GetComplianceDetailsByConfigRule", + "config:DescribeConfigRuleEvaluationStatus", + "config:DescribeConfigRules", + "config:PutConfigRule", + "config:DeleteConfigRule" + ], + "Effect":"Allow", + "Resource":"arn:aws:config:*:*:config-rule/aws-service-rule/backup.amazonaws.com*" + }, + { + "Action":[ + "config:DeleteConfigurationAggregator", + "config:PutConfigurationAggregator" + ], + "Effect":"Allow", + "Resource":"arn:aws:config:*:*:config-aggregator/aws-service-config-aggregator/backup.amazonaws.com*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-19T21:16:45+00:00" + }, + "AWSShieldDRTAccessPolicy":{ + "CreateDate":"2018-06-05T22:29:39+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudfront:List*", + "route53:List*", + "elasticloadbalancing:Describe*", + "cloudwatch:Describe*", + "cloudwatch:Get*", + "cloudwatch:List*", + "cloudfront:GetDistribution*", + "globalaccelerator:ListAccelerators", + "globalaccelerator:DescribeAccelerator", + "ec2:DescribeRegions", + "ec2:DescribeAddresses" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SRTAccessProtectedResources" + }, + { + "Action":[ + "shield:*", + "waf:*", + "wafv2:*", + "waf-regional:*", + "elasticloadbalancing:SetWebACL", + "cloudfront:UpdateDistribution", + "apigateway:SetWebACL" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SRTManageProtections" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-15T17:28:15+00:00" + }, + "AWSShieldServiceRolePolicy":{ + "CreateDate":"2021-11-17T19:17:46+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "wafv2:GetWebACL", + "wafv2:UpdateWebACL", + "wafv2:GetWebACLForResource", + "wafv2:ListResourcesForWebACL", + "cloudfront:ListDistributions", + "cloudfront:GetDistribution" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AWSShield" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-17T19:17:46+00:00" + }, + "AWSStepFunctionsConsoleFullAccess":{ + "CreateDate":"2017-01-11T21:54:31+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":"states:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:ListRoles", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/service-role/StatesExecutionRole*" + }, + { + "Action":"lambda:ListFunctions", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-01-12T00:19:34+00:00" + }, + "AWSStepFunctionsFullAccess":{ + "CreateDate":"2017-01-11T21:51:32+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"states:*", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-01-11T21:51:32+00:00" + }, + "AWSStepFunctionsReadOnlyAccess":{ + "CreateDate":"2017-01-11T21:46:19+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "states:ListStateMachines", + "states:ListActivities", + "states:DescribeStateMachine", + "states:DescribeStateMachineForExecution", + "states:ListExecutions", + "states:DescribeExecution", + "states:GetExecutionHistory", + "states:DescribeActivity" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-11-10T22:03:49+00:00" + }, + "AWSStorageGatewayFullAccess":{ + "CreateDate":"2015-02-06T18:41:09+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "storagegateway:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeSnapshots", + "ec2:DeleteSnapshot" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:41:09+00:00" + }, + "AWSStorageGatewayReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:41:10+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "storagegateway:List*", + "storagegateway:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeSnapshots" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:41:10+00:00" + }, + "AWSStorageGatewayServiceRolePolicy":{ + "CreateDate":"2021-02-17T19:03:19+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "fsx:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:fsx:*:*:backup/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-02-17T19:03:19+00:00" + }, + "AWSSupportAccess":{ + "CreateDate":"2015-02-06T18:41:11+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "support:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:41:11+00:00" + }, + "AWSSupportServiceRolePolicy":{ + "CreateDate":"2018-04-19T18:04:44+00:00", + "DefaultVersionId":"v24", + "Document":{ + "Statement":[ + { + "Action":[ + "apigateway:GET" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:apigateway:*::/account", + "arn:aws:apigateway:*::/apis", + "arn:aws:apigateway:*::/apis/*", + "arn:aws:apigateway:*::/apis/*/authorizers", + "arn:aws:apigateway:*::/apis/*/authorizers/*", + "arn:aws:apigateway:*::/apis/*/deployments", + "arn:aws:apigateway:*::/apis/*/deployments/*", + "arn:aws:apigateway:*::/apis/*/integrations", + "arn:aws:apigateway:*::/apis/*/integrations/*", + "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses", + "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses/*", + "arn:aws:apigateway:*::/apis/*/models", + "arn:aws:apigateway:*::/apis/*/models/*", + "arn:aws:apigateway:*::/apis/*/routes", + "arn:aws:apigateway:*::/apis/*/routes/*", + "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses", + "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses/*", + "arn:aws:apigateway:*::/apis/*/stages", + "arn:aws:apigateway:*::/apis/*/stages/*", + "arn:aws:apigateway:*::/clientcertificates", + "arn:aws:apigateway:*::/clientcertificates/*", + "arn:aws:apigateway:*::/domainnames", + "arn:aws:apigateway:*::/domainnames/*", + "arn:aws:apigateway:*::/domainnames/*/apimappings", + "arn:aws:apigateway:*::/domainnames/*/apimappings/*", + "arn:aws:apigateway:*::/domainnames/*/basepathmappings", + "arn:aws:apigateway:*::/domainnames/*/basepathmappings/*", + "arn:aws:apigateway:*::/restapis", + "arn:aws:apigateway:*::/restapis/*", + "arn:aws:apigateway:*::/restapis/*/authorizers", + "arn:aws:apigateway:*::/restapis/*/authorizers/*", + "arn:aws:apigateway:*::/restapis/*/deployments", + "arn:aws:apigateway:*::/restapis/*/deployments/*", + "arn:aws:apigateway:*::/restapis/*/models", + "arn:aws:apigateway:*::/restapis/*/models/*", + "arn:aws:apigateway:*::/restapis/*/models/*/default_template", + "arn:aws:apigateway:*::/restapis/*/resources", + "arn:aws:apigateway:*::/restapis/*/resources/*", + "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration/responses/*", + "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/responses/*", + "arn:aws:apigateway:*::/restapis/*/stages/*/sdks/*", + "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", + "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration", + "arn:aws:apigateway:*::/restapis/*/stages", + "arn:aws:apigateway:*::/restapis/*/stages/*" + ] + }, + { + "Action":[ + "iam:DeleteRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport" + ] + }, + { + "Action":[ + "a4b:getDevice", + "a4b:getProfile", + "a4b:getRoom", + "a4b:getRoomSkillParameter", + "a4b:getSkillGroup", + "a4b:searchDevices", + "a4b:searchProfiles", + "a4b:searchRooms", + "a4b:searchSkillGroups", + "access-analyzer:getFinding", + "access-analyzer:listAnalyzers", + "access-analyzer:listArchiveRules", + "access-analyzer:listFindings", + "acm-pca:describeCertificateAuthority", + "acm-pca:describeCertificateAuthorityAuditReport", + "acm-pca:getCertificate", + "acm-pca:getCertificateAuthorityCertificate", + "acm-pca:getCertificateAuthorityCsr", + "acm-pca:listCertificateAuthorities", + "acm-pca:listTags", + "acm:describeCertificate", + "acm:getCertificate", + "acm:listCertificates", + "acm:listTagsForCertificate", + "airflow:getEnvironment", + "airflow:listEnvironments", + "airflow:listTagsForResource", + "amplify:getApp", + "amplify:getBranch", + "amplify:getDomainAssociation", + "amplify:getJob", + "amplify:getWebhook", + "amplify:listApps", + "amplify:listWebhooks", + "amplifyuibuilder:exportComponents", + "amplifyuibuilder:exportThemes", + "appflow:describeConnectorEntity", + "appflow:describeConnectorProfiles", + "appflow:describeConnectors", + "appflow:describeFlow", + "appflow:describeFlowExecutionRecords", + "appflow:listConnectorEntities", + "appflow:listFlows", + "application-autoscaling:describeScalableTargets", + "application-autoscaling:describeScalingActivities", + "application-autoscaling:describeScalingPolicies", + "application-autoscaling:describeScheduledActions", + "applicationinsights:describeComponentConfiguration", + "applicationinsights:describeComponentConfigurationRecommendation", + "applicationinsights:listApplications", + "applicationinsights:listComponents", + "applicationinsights:listConfigurationHistory", + "applicationinsights:listLogPatterns", + "applicationinsights:listLogPatternSets", + "appmesh:describeGatewayRoute", + "appmesh:describeMesh", + "appmesh:describeRoute", + "appmesh:describeVirtualGateway", + "appmesh:describeVirtualNode", + "appmesh:describeVirtualRouter", + "appmesh:describeVirtualService", + "appmesh:listGatewayRoutes", + "appmesh:listMeshes", + "appmesh:listRoutes", + "appmesh:listTagsForResource", + "appmesh:listVirtualGateways", + "appmesh:listVirtualNodes", + "appmesh:listVirtualRouters", + "appmesh:listVirtualServices", + "apprunner:describeAutoScalingConfiguration", + "apprunner:describeCustomDomains", + "apprunner:describeOperation", + "apprunner:describeService", + "apprunner:listAutoScalingConfigurations", + "apprunner:listConnections", + "apprunner:listOperations", + "apprunner:listServices", + "apprunner:listTagsForResource", + "appstream:describeAppBlocks", + "appstream:describeApplicationFleetAssociations", + "appstream:describeApplications", + "appstream:describeDirectoryConfigs", + "appstream:describeFleets", + "appstream:describeImageBuilders", + "appstream:describeImages", + "appstream:describeSessions", + "appstream:describeStacks", + "appstream:listAssociatedFleets", + "appstream:listAssociatedStacks", + "appstream:listTagsForResource", + "appsync:getFunction", + "appsync:getGraphqlApi", + "appsync:getIntrospectionSchema", + "appsync:getResolver", + "appsync:getSchemaCreationStatus", + "appsync:getType", + "appsync:listDataSources", + "appsync:listFunctions", + "appsync:listGraphqlApis", + "appsync:listResolvers", + "appsync:listTypes", + "athena:batchGetNamedQuery", + "athena:batchGetQueryExecution", + "athena:getNamedQuery", + "athena:getQueryExecution", + "athena:getWorkGroup", + "athena:listNamedQueries", + "athena:listQueryExecutions", + "athena:listTagsForResource", + "athena:listWorkGroups", + "auditmanager:getAccountStatus", + "auditmanager:getDelegations", + "auditmanager:listAssessmentFrameworks", + "auditmanager:listAssessmentReports", + "auditmanager:listAssessments", + "auditmanager:listControls", + "auditmanager:listKeywordsForDataSource", + "auditmanager:listNotifications", + "autoscaling-plans:describeScalingPlanResources", + "autoscaling-plans:describeScalingPlans", + "autoscaling-plans:getScalingPlanResourceForecastData", + "autoscaling:describeAccountLimits", + "autoscaling:describeAdjustmentTypes", + "autoscaling:describeAutoScalingGroups", + "autoscaling:describeAutoScalingInstances", + "autoscaling:describeAutoScalingNotificationTypes", + "autoscaling:describeInstanceRefreshes", + "autoscaling:describeLaunchConfigurations", + "autoscaling:describeLifecycleHooks", + "autoscaling:describeLifecycleHookTypes", + "autoscaling:describeLoadBalancers", + "autoscaling:describeLoadBalancerTargetGroups", + "autoscaling:describeMetricCollectionTypes", + "autoscaling:describeNotificationConfigurations", + "autoscaling:describePolicies", + "autoscaling:describeScalingActivities", + "autoscaling:describeScalingProcessTypes", + "autoscaling:describeScheduledActions", + "autoscaling:describeTags", + "autoscaling:describeTerminationPolicyTypes", + "backup:describeBackupJob", + "backup:describeBackupVault", + "backup:describeCopyJob", + "backup:describeFramework", + "backup:describeGlobalSettings", + "backup:describeProtectedResource", + "backup:describeRecoveryPoint", + "backup:describeRegionSettings", + "backup:describeReportJob", + "backup:describeReportPlan", + "backup:describeRestoreJob", + "backup:getBackupPlan", + "backup:getBackupPlanFromJSON", + "backup:getBackupPlanFromTemplate", + "backup:getBackupSelection", + "backup:getBackupVaultAccessPolicy", + "backup:getBackupVaultNotifications", + "backup:getRecoveryPointRestoreMetadata", + "backup:getSupportedResourceTypes", + "backup:listBackupJobs", + "backup:listBackupPlans", + "backup:listBackupPlanTemplates", + "backup:listBackupPlanVersions", + "backup:listBackupSelections", + "backup:listBackupVaults", + "backup:listCopyJobs", + "backup:listFrameworks", + "backup:listProtectedResources", + "backup:listRecoveryPointsByBackupVault", + "backup:listRecoveryPointsByResource", + "backup:listReportJobs", + "backup:listReportPlans", + "backup:listRestoreJobs", + "backup:listTags", + "batch:describeComputeEnvironments", + "batch:describeJobDefinitions", + "batch:describeJobQueues", + "batch:describeJobs", + "batch:listJobs", + "braket:getDevice", + "braket:getQuantumTask", + "braket:searchDevices", + "braket:searchQuantumTasks", + "budgets:viewBudget", + "ce:getCostAndUsage", + "ce:getCostAndUsageWithResources", + "ce:getCostForecast", + "ce:getDimensionValues", + "ce:getReservationCoverage", + "ce:getReservationPurchaseRecommendation", + "ce:getReservationUtilization", + "ce:getRightsizingRecommendation", + "ce:getSavingsPlansCoverage", + "ce:getSavingsPlansPurchaseRecommendation", + "ce:getSavingsPlansUtilization", + "ce:getSavingsPlansUtilizationDetails", + "ce:getTags", + "cloud9:describeEnvironmentMemberships", + "cloud9:describeEnvironments", + "cloud9:listEnvironments", + "clouddirectory:getDirectory", + "clouddirectory:listDirectories", + "cloudformation:batchDescribeTypeConfigurations", + "cloudformation:describeAccountLimits", + "cloudformation:describeChangeSet", + "cloudformation:describePublisher", + "cloudformation:describeStackEvents", + "cloudformation:describeStackInstance", + "cloudformation:describeStackResource", + "cloudformation:describeStackResources", + "cloudformation:describeStacks", + "cloudformation:describeStackSet", + "cloudformation:describeStackSetOperation", + "cloudformation:describeType", + "cloudformation:describeTypeRegistration", + "cloudformation:estimateTemplateCost", + "cloudformation:getStackPolicy", + "cloudformation:getTemplate", + "cloudformation:getTemplateSummary", + "cloudformation:listChangeSets", + "cloudformation:listExports", + "cloudformation:listImports", + "cloudformation:listStackInstances", + "cloudformation:listStackResources", + "cloudformation:listStacks", + "cloudformation:listStackSetOperationResults", + "cloudformation:listStackSetOperations", + "cloudformation:listStackSets", + "cloudformation:listTypeRegistrations", + "cloudformation:listTypes", + "cloudformation:listTypeVersions", + "cloudfront:getCloudFrontOriginAccessIdentity", + "cloudfront:getCloudFrontOriginAccessIdentityConfig", + "cloudfront:getDistribution", + "cloudfront:getDistributionConfig", + "cloudfront:getInvalidation", + "cloudfront:getStreamingDistribution", + "cloudfront:getStreamingDistributionConfig", + "cloudfront:listCloudFrontOriginAccessIdentities", + "cloudfront:listDistributions", + "cloudfront:listDistributionsByWebACLId", + "cloudfront:listInvalidations", + "cloudfront:listStreamingDistributions", + "cloudhsm:describeBackups", + "cloudhsm:describeClusters", + "cloudsearch:describeAnalysisSchemes", + "cloudsearch:describeAvailabilityOptions", + "cloudsearch:describeDomains", + "cloudsearch:describeExpressions", + "cloudsearch:describeIndexFields", + "cloudsearch:describeScalingParameters", + "cloudsearch:describeServiceAccessPolicies", + "cloudsearch:describeSuggesters", + "cloudsearch:listDomainNames", + "cloudtrail:describeTrails", + "cloudtrail:getEventSelectors", + "cloudtrail:getInsightSelectors", + "cloudtrail:getTrail", + "cloudtrail:getTrailStatus", + "cloudtrail:listPublicKeys", + "cloudtrail:listTags", + "cloudtrail:listTrails", + "cloudtrail:lookupEvents", + "cloudwatch:describeAlarmHistory", + "cloudwatch:describeAlarms", + "cloudwatch:describeAlarmsForMetric", + "cloudwatch:describeAnomalyDetectors", + "cloudwatch:describeInsightRules", + "cloudwatch:getDashboard", + "cloudwatch:getInsightRuleReport", + "cloudwatch:getMetricData", + "cloudwatch:getMetricStatistics", + "cloudwatch:listDashboards", + "cloudwatch:listMetrics", + "codeartifact:describeDomain", + "codeartifact:describePackageVersion", + "codeartifact:describeRepository", + "codeartifact:getDomainPermissionsPolicy", + "codeartifact:getRepositoryEndpoint", + "codeartifact:getRepositoryPermissionsPolicy", + "codeartifact:listDomains", + "codeartifact:listPackages", + "codeartifact:listPackageVersionAssets", + "codeartifact:listPackageVersions", + "codeartifact:listRepositories", + "codeartifact:listRepositoriesInDomain", + "codebuild:batchGetBuildBatches", + "codebuild:batchGetBuilds", + "codebuild:batchGetProjects", + "codebuild:listBuildBatches", + "codebuild:listBuildBatchesForProject", + "codebuild:listBuilds", + "codebuild:listBuildsForProject", + "codebuild:listCuratedEnvironmentImages", + "codebuild:listProjects", + "codebuild:listSourceCredentials", + "codecommit:batchGetRepositories", + "codecommit:getBranch", + "codecommit:getRepository", + "codecommit:getRepositoryTriggers", + "codecommit:listBranches", + "codecommit:listRepositories", + "codedeploy:batchGetApplicationRevisions", + "codedeploy:batchGetApplications", + "codedeploy:batchGetDeploymentGroups", + "codedeploy:batchGetDeploymentInstances", + "codedeploy:batchGetDeployments", + "codedeploy:batchGetDeploymentTargets", + "codedeploy:batchGetOnPremisesInstances", + "codedeploy:getApplication", + "codedeploy:getApplicationRevision", + "codedeploy:getDeployment", + "codedeploy:getDeploymentConfig", + "codedeploy:getDeploymentGroup", + "codedeploy:getDeploymentInstance", + "codedeploy:getDeploymentTarget", + "codedeploy:getOnPremisesInstance", + "codedeploy:listApplicationRevisions", + "codedeploy:listApplications", + "codedeploy:listDeploymentConfigs", + "codedeploy:listDeploymentGroups", + "codedeploy:listDeploymentInstances", + "codedeploy:listDeployments", + "codedeploy:listDeploymentTargets", + "codedeploy:listGitHubAccountTokenNames", + "codedeploy:listOnPremisesInstances", + "codepipeline:getJobDetails", + "codepipeline:getPipeline", + "codepipeline:getPipelineExecution", + "codepipeline:getPipelineState", + "codepipeline:listActionExecutions", + "codepipeline:listActionTypes", + "codepipeline:listPipelineExecutions", + "codepipeline:listPipelines", + "codepipeline:listWebhooks", + "codestar:describeProject", + "codestar:listProjects", + "codestar:listResources", + "codestar:listTeamMembers", + "codestar:listUserProfiles", + "cognito-identity:describeIdentityPool", + "cognito-identity:getIdentityPoolRoles", + "cognito-identity:listIdentities", + "cognito-identity:listIdentityPools", + "cognito-idp:describeIdentityProvider", + "cognito-idp:describeResourceServer", + "cognito-idp:describeRiskConfiguration", + "cognito-idp:describeUserImportJob", + "cognito-idp:describeUserPool", + "cognito-idp:describeUserPoolClient", + "cognito-idp:describeUserPoolDomain", + "cognito-idp:getGroup", + "cognito-idp:getUICustomization", + "cognito-idp:getUserPoolMfaConfig", + "cognito-idp:listGroups", + "cognito-idp:listIdentityProviders", + "cognito-idp:listResourceServers", + "cognito-idp:listUserImportJobs", + "cognito-idp:listUserPoolClients", + "cognito-idp:listUserPools", + "cognito-sync:describeDataset", + "cognito-sync:describeIdentityPoolUsage", + "cognito-sync:describeIdentityUsage", + "cognito-sync:getCognitoEvents", + "cognito-sync:getIdentityPoolConfiguration", + "cognito-sync:listDatasets", + "cognito-sync:listIdentityPoolUsage", + "compute-optimizer:getAutoScalingGroupRecommendations", + "compute-optimizer:getEBSVolumeRecommendations", + "compute-optimizer:getEC2InstanceRecommendations", + "compute-optimizer:getEC2RecommendationProjectedMetrics", + "compute-optimizer:getEnrollmentStatus", + "compute-optimizer:getRecommendationSummaries", + "config:batchGetAggregateResourceConfig", + "config:batchGetResourceConfig", + "config:describeAggregateComplianceByConfigRules", + "config:describeAggregationAuthorizations", + "config:describeComplianceByConfigRule", + "config:describeComplianceByResource", + "config:describeConfigRuleEvaluationStatus", + "config:describeConfigRules", + "config:describeConfigurationAggregators", + "config:describeConfigurationAggregatorSourcesStatus", + "config:describeConfigurationRecorders", + "config:describeConfigurationRecorderStatus", + "config:describeConformancePackCompliance", + "config:describeConformancePacks", + "config:describeConformancePackStatus", + "config:describeDeliveryChannels", + "config:describeDeliveryChannelStatus", + "config:describeOrganizationConfigRules", + "config:describeOrganizationConfigRuleStatuses", + "config:describeOrganizationConformancePacks", + "config:describeOrganizationConformancePackStatuses", + "config:describePendingAggregationRequests", + "config:describeRemediationConfigurations", + "config:describeRemediationExceptions", + "config:describeRemediationExecutionStatus", + "config:describeRetentionConfigurations", + "config:getAggregateComplianceDetailsByConfigRule", + "config:getAggregateConfigRuleComplianceSummary", + "config:getAggregateDiscoveredResourceCounts", + "config:getAggregateResourceConfig", + "config:getComplianceDetailsByConfigRule", + "config:getComplianceDetailsByResource", + "config:getComplianceSummaryByConfigRule", + "config:getComplianceSummaryByResourceType", + "config:getConformancePackComplianceDetails", + "config:getConformancePackComplianceSummary", + "config:getDiscoveredResourceCounts", + "config:getOrganizationConfigRuleDetailedStatus", + "config:getOrganizationConformancePackDetailedStatus", + "config:getResourceConfigHistory", + "config:listAggregateDiscoveredResources", + "config:listDiscoveredResources", + "config:listTagsForResource", + "connect:describeUser", + "connect:getCurrentMetricData", + "connect:getMetricData", + "connect:listRoutingProfiles", + "connect:listSecurityProfiles", + "connect:listUsers", + "controltower:describeAccountFactoryConfig", + "controltower:describeCoreService", + "controltower:describeGuardrail", + "controltower:describeGuardrailForTarget", + "controltower:describeManagedAccount", + "controltower:describeSingleSignOn", + "controltower:getAvailableUpdates", + "controltower:getHomeRegion", + "controltower:getLandingZoneStatus", + "controltower:listDirectoryGroups", + "controltower:listGuardrailsForTarget", + "controltower:listGuardrailViolations", + "controltower:listManagedAccounts", + "controltower:listManagedAccountsForGuardrail", + "controltower:listManagedAccountsForParent", + "controltower:listManagedOrganizationalUnits", + "controltower:listManagedOrganizationalUnitsForGuardrail", + "databrew:describeDataset", + "databrew:describeJob", + "databrew:describeProject", + "databrew:describeRecipe", + "databrew:listDatasets", + "databrew:listJobRuns", + "databrew:listJobs", + "databrew:listProjects", + "databrew:listRecipes", + "databrew:listRecipeVersions", + "databrew:listTagsForResource", + "datapipeline:describeObjects", + "datapipeline:describePipelines", + "datapipeline:getPipelineDefinition", + "datapipeline:listPipelines", + "datapipeline:queryObjects", + "datasync:describeAgent", + "datasync:describeLocationEfs", + "datasync:describeLocationFsxWindows", + "datasync:describeLocationNfs", + "datasync:describeLocationObjectStorage", + "datasync:describeLocationS3", + "datasync:describeLocationSmb", + "datasync:describeTask", + "datasync:describeTaskExecution", + "datasync:listAgents", + "datasync:listLocations", + "datasync:listTaskExecutions", + "datasync:listTasks", + "dax:describeClusters", + "dax:describeDefaultParameters", + "dax:describeEvents", + "dax:describeParameterGroups", + "dax:describeParameters", + "dax:describeSubnetGroups", + "detective:getMembers", + "detective:listGraphs", + "detective:listInvitations", + "detective:listMembers", + "devicefarm:getAccountSettings", + "devicefarm:getDevice", + "devicefarm:getDevicePool", + "devicefarm:getDevicePoolCompatibility", + "devicefarm:getJob", + "devicefarm:getProject", + "devicefarm:getRemoteAccessSession", + "devicefarm:getRun", + "devicefarm:getSuite", + "devicefarm:getTest", + "devicefarm:getTestGridProject", + "devicefarm:getTestGridSession", + "devicefarm:getUpload", + "devicefarm:listArtifacts", + "devicefarm:listDevicePools", + "devicefarm:listDevices", + "devicefarm:listJobs", + "devicefarm:listProjects", + "devicefarm:listRemoteAccessSessions", + "devicefarm:listRuns", + "devicefarm:listSamples", + "devicefarm:listSuites", + "devicefarm:listTestGridProjects", + "devicefarm:listTestGridSessionActions", + "devicefarm:listTestGridSessionArtifacts", + "devicefarm:listTestGridSessions", + "devicefarm:listTests", + "devicefarm:listUniqueProblems", + "devicefarm:listUploads", + "directconnect:describeConnections", + "directconnect:describeConnectionsOnInterconnect", + "directconnect:describeInterconnects", + "directconnect:describeLocations", + "directconnect:describeVirtualGateways", + "directconnect:describeVirtualInterfaces", + "dlm:getLifecyclePolicies", + "dlm:getLifecyclePolicy", + "dms:describeAccountAttributes", + "dms:describeConnections", + "dms:describeEndpoints", + "dms:describeEndpointTypes", + "dms:describeOrderableReplicationInstances", + "dms:describeRefreshSchemasStatus", + "dms:describeReplicationInstances", + "dms:describeReplicationSubnetGroups", + "drs:describeJobLogItems", + "drs:describeJobs", + "drs:describeRecoveryInstances", + "drs:describeRecoverySnapshots", + "drs:describeReplicationConfigurationTemplates", + "drs:describeSourceServers", + "drs:getLaunchConfiguration", + "drs:getReplicationConfiguration", + "ds:describeConditionalForwarders", + "ds:describeDirectories", + "ds:describeEventTopics", + "ds:describeSnapshots", + "ds:describeTrusts", + "ds:getDirectoryLimits", + "ds:getSnapshotLimits", + "ds:listIpRoutes", + "ds:listSchemaExtensions", + "ds:listTagsForResource", + "dynamodb:describeBackup", + "dynamodb:describeContinuousBackups", + "dynamodb:describeGlobalTable", + "dynamodb:describeLimits", + "dynamodb:describeStream", + "dynamodb:describeTable", + "dynamodb:describeTimeToLive", + "dynamodb:listBackups", + "dynamodb:listGlobalTables", + "dynamodb:listStreams", + "dynamodb:listTables", + "dynamodb:listTagsOfResource", + "ec2:describeAccountAttributes", + "ec2:describeAddresses", + "ec2:describeAvailabilityZones", + "ec2:describeBundleTasks", + "ec2:describeByoipCidrs", + "ec2:describeCapacityReservations", + "ec2:describeClassicLinkInstances", + "ec2:describeClientVpnAuthorizationRules", + "ec2:describeClientVpnConnections", + "ec2:describeClientVpnEndpoints", + "ec2:describeClientVpnRoutes", + "ec2:describeClientVpnTargetNetworks", + "ec2:describeCoipPools", + "ec2:describeConversionTasks", + "ec2:describeCustomerGateways", + "ec2:describeDhcpOptions", + "ec2:describeElasticGpus", + "ec2:describeExportImageTasks", + "ec2:describeExportTasks", + "ec2:describeFastSnapshotRestores", + "ec2:describeFleetHistory", + "ec2:describeFleetInstances", + "ec2:describeFleets", + "ec2:describeFlowLogs", + "ec2:describeHostReservationOfferings", + "ec2:describeHostReservations", + "ec2:describeHosts", + "ec2:describeIdentityIdFormat", + "ec2:describeIdFormat", + "ec2:describeImageAttribute", + "ec2:describeImages", + "ec2:describeImportImageTasks", + "ec2:describeImportSnapshotTasks", + "ec2:describeInstanceAttribute", + "ec2:describeInstances", + "ec2:describeInstanceStatus", + "ec2:describeInternetGateways", + "ec2:describeIpamPools", + "ec2:describeIpams", + "ec2:describeIpamScopes", + "ec2:describeKeyPairs", + "ec2:describeLaunchTemplates", + "ec2:describeLaunchTemplateVersions", + "ec2:describeLocalGatewayRouteTables", + "ec2:describeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", + "ec2:describeLocalGatewayRouteTableVpcAssociations", + "ec2:describeLocalGateways", + "ec2:describeLocalGatewayVirtualInterfaceGroups", + "ec2:describeLocalGatewayVirtualInterfaces", + "ec2:describeManagedPrefixLists", + "ec2:describeMovingAddresses", + "ec2:describeNatGateways", + "ec2:describeNetworkAcls", + "ec2:describeNetworkInterfaceAttribute", + "ec2:describeNetworkInterfaces", + "ec2:describePlacementGroups", + "ec2:describePrefixLists", + "ec2:describePublicIpv4Pools", + "ec2:describeRegions", + "ec2:describeReservedInstances", + "ec2:describeReservedInstancesListings", + "ec2:describeReservedInstancesModifications", + "ec2:describeReservedInstancesOfferings", + "ec2:describeRouteTables", + "ec2:describeScheduledInstances", + "ec2:describeSecurityGroups", + "ec2:describeSnapshotAttribute", + "ec2:describeSnapshots", + "ec2:describeSpotDatafeedSubscription", + "ec2:describeSpotFleetInstances", + "ec2:describeSpotFleetRequestHistory", + "ec2:describeSpotFleetRequests", + "ec2:describeSpotInstanceRequests", + "ec2:describeSpotPriceHistory", + "ec2:describeSubnets", + "ec2:describeTags", + "ec2:describeTrafficMirrorFilters", + "ec2:describeTrafficMirrorSessions", + "ec2:describeTrafficMirrorTargets", + "ec2:describeTransitGatewayAttachments", + "ec2:describeTransitGatewayRouteTables", + "ec2:describeTransitGateways", + "ec2:describeTransitGatewayVpcAttachments", + "ec2:describeVolumeAttribute", + "ec2:describeVolumes", + "ec2:describeVolumesModifications", + "ec2:describeVolumeStatus", + "ec2:describeVpcAttribute", + "ec2:describeVpcClassicLink", + "ec2:describeVpcClassicLinkDnsSupport", + "ec2:describeVpcEndpointConnectionNotifications", + "ec2:describeVpcEndpointConnections", + "ec2:describeVpcEndpoints", + "ec2:describeVpcEndpointServiceConfigurations", + "ec2:describeVpcEndpointServicePermissions", + "ec2:describeVpcEndpointServices", + "ec2:describeVpcPeeringConnections", + "ec2:describeVpcs", + "ec2:describeVpnConnections", + "ec2:describeVpnGateways", + "ec2:getCoipPoolUsage", + "ec2:getConsoleScreenshot", + "ec2:getIpamAddressHistory", + "ec2:getIpamPoolAllocations", + "ec2:getIpamPoolCidrs", + "ec2:getIpamResourceCidrs", + "ec2:getManagedPrefixListAssociations", + "ec2:getManagedPrefixListEntries", + "ec2:getReservedInstancesExchangeQuote", + "ec2:searchLocalGatewayRoutes", + "ecr-public:describeImages", + "ecr-public:describeImageTags", + "ecr-public:describeRegistries", + "ecr-public:describeRepositories", + "ecr-public:getRegistryCatalogData", + "ecr-public:getRepositoryCatalogData", + "ecr-public:getRepositoryPolicy", + "ecr-public:listTagsForResource", + "ecr:batchCheckLayerAvailability", + "ecr:describeImages", + "ecr:describeImageScanFindings", + "ecr:describeRegistry", + "ecr:describeRepositories", + "ecr:getLifecyclePolicy", + "ecr:getRegistryPolicy", + "ecr:getRepositoryPolicy", + "ecr:listImages", + "ecr:listTagsForResource", + "ecs:describeCapacityProviders", + "ecs:describeClusters", + "ecs:describeContainerInstances", + "ecs:describeServices", + "ecs:describeTaskDefinition", + "ecs:describeTasks", + "ecs:describeTaskSets", + "ecs:listAccountSettings", + "ecs:listAttributes", + "ecs:listClusters", + "ecs:listContainerInstances", + "ecs:listServices", + "ecs:listTagsForResource", + "ecs:listTaskDefinitionFamilies", + "ecs:listTaskDefinitions", + "ecs:listTasks", + "eks:describeCluster", + "eks:describeFargateProfile", + "eks:describeNodegroup", + "eks:describeUpdate", + "eks:listClusters", + "eks:listFargateProfiles", + "eks:listNodegroups", + "eks:listUpdates", + "elasticache:describeCacheClusters", + "elasticache:describeCacheEngineVersions", + "elasticache:describeCacheParameterGroups", + "elasticache:describeCacheParameters", + "elasticache:describeCacheSecurityGroups", + "elasticache:describeCacheSubnetGroups", + "elasticache:describeEngineDefaultParameters", + "elasticache:describeEvents", + "elasticache:describeReplicationGroups", + "elasticache:describeReservedCacheNodes", + "elasticache:describeReservedCacheNodesOfferings", + "elasticache:describeSnapshots", + "elasticache:listAllowedNodeTypeModifications", + "elasticache:listTagsForResource", + "elasticbeanstalk:checkDNSAvailability", + "elasticbeanstalk:describeApplicationVersions", + "elasticbeanstalk:describeConfigurationOptions", + "elasticbeanstalk:describeEnvironmentHealth", + "elasticbeanstalk:describeEnvironmentManagedActionHistory", + "elasticbeanstalk:describeEnvironmentManagedActions", + "elasticbeanstalk:describeEnvironmentResources", + "elasticbeanstalk:describeEnvironments", + "elasticbeanstalk:describeEvents", + "elasticbeanstalk:describeInstancesHealth", + "elasticbeanstalk:describePlatformVersion", + "elasticbeanstalk:listAvailableSolutionStacks", + "elasticbeanstalk:listPlatformVersions", + "elasticbeanstalk:validateConfigurationSettings", + "elasticfilesystem:describeAccessPoints", + "elasticfilesystem:describeFileSystemPolicy", + "elasticfilesystem:describeFileSystems", + "elasticfilesystem:describeLifecycleConfiguration", + "elasticfilesystem:describeMountTargets", + "elasticfilesystem:describeMountTargetSecurityGroups", + "elasticfilesystem:describeTags", + "elasticfilesystem:listTagsForResource", + "elasticloadbalancing:describeAccountLimits", + "elasticloadbalancing:describeInstanceHealth", + "elasticloadbalancing:describeListenerCertificates", + "elasticloadbalancing:describeListeners", + "elasticloadbalancing:describeLoadBalancerAttributes", + "elasticloadbalancing:describeLoadBalancerPolicies", + "elasticloadbalancing:describeLoadBalancerPolicyTypes", + "elasticloadbalancing:describeLoadBalancers", + "elasticloadbalancing:describeRules", + "elasticloadbalancing:describeSSLPolicies", + "elasticloadbalancing:describeTags", + "elasticloadbalancing:describeTargetGroupAttributes", + "elasticloadbalancing:describeTargetGroups", + "elasticloadbalancing:describeTargetHealth", + "elasticmapreduce:describeCluster", + "elasticmapreduce:describeSecurityConfiguration", + "elasticmapreduce:describeStep", + "elasticmapreduce:listBootstrapActions", + "elasticmapreduce:listClusters", + "elasticmapreduce:listInstanceGroups", + "elasticmapreduce:listInstances", + "elasticmapreduce:listSecurityConfigurations", + "elasticmapreduce:listSteps", + "elastictranscoder:listJobsByPipeline", + "elastictranscoder:listJobsByStatus", + "elastictranscoder:listPipelines", + "elastictranscoder:listPresets", + "elastictranscoder:readPipeline", + "elastictranscoder:readPreset", + "es:describeElasticsearchDomain", + "es:describeElasticsearchDomainConfig", + "es:describeElasticsearchDomains", + "es:listDomainNames", + "events:describeApiDestination", + "events:describeEventBus", + "events:describeEventSource", + "events:describePartnerEventSource", + "events:describeRule", + "events:listApiDestinations", + "events:listConnections", + "events:listEventBuses", + "events:listEventSources", + "events:listPartnerEventSourceAccounts", + "events:listPartnerEventSources", + "events:listRuleNamesByTarget", + "events:listRules", + "events:listTargetsByRule", + "events:testEventPattern", + "firehose:describeDeliveryStream", + "firehose:listDeliveryStreams", + "fms:getAdminAccount", + "fms:getComplianceDetail", + "fms:getNotificationChannel", + "fms:getPolicy", + "fms:getProtectionStatus", + "fms:listComplianceStatus", + "fms:listMemberAccounts", + "fms:listPolicies", + "forecast:describeDataset", + "forecast:describeDatasetGroup", + "forecast:describeDatasetImportJob", + "forecast:describeForecast", + "forecast:describeForecastExportJob", + "forecast:describePredictor", + "forecast:getAccuracyMetrics", + "forecast:listDatasetGroups", + "forecast:listDatasetImportJobs", + "forecast:listDatasets", + "forecast:listForecastExportJobs", + "forecast:listForecasts", + "forecast:listPredictors", + "fsx:describeBackups", + "fsx:describeDataRepositoryTasks", + "fsx:describeFileSystems", + "fsx:describeSnapshots", + "fsx:describeStorageVirtualMachines", + "fsx:describeVolumes", + "fsx:listTagsForResource", + "glacier:describeJob", + "glacier:describeVault", + "glacier:getDataRetrievalPolicy", + "glacier:getVaultAccessPolicy", + "glacier:getVaultLock", + "glacier:getVaultNotifications", + "glacier:listJobs", + "glacier:listTagsForVault", + "glacier:listVaults", + "globalaccelerator:describeAccelerator", + "globalaccelerator:describeAcceleratorAttributes", + "globalaccelerator:describeEndpointGroup", + "globalaccelerator:describeListener", + "globalaccelerator:listAccelerators", + "globalaccelerator:listEndpointGroups", + "globalaccelerator:listListeners", + "glue:batchGetPartition", + "glue:checkSchemaVersionValidity", + "glue:getCatalogImportStatus", + "glue:getClassifier", + "glue:getClassifiers", + "glue:getCrawler", + "glue:getCrawlerMetrics", + "glue:getCrawlers", + "glue:getDatabase", + "glue:getDatabases", + "glue:getDataflowGraph", + "glue:getDevEndpoint", + "glue:getDevEndpoints", + "glue:getJob", + "glue:getJobRun", + "glue:getJobRuns", + "glue:getJobs", + "glue:getMapping", + "glue:getPartition", + "glue:getPartitions", + "glue:getRegistry", + "glue:getSchema", + "glue:getSchemaByDefinition", + "glue:getSchemaVersion", + "glue:getSchemaVersionsDiff", + "glue:getTable", + "glue:getTables", + "glue:getTableVersions", + "glue:getTrigger", + "glue:getTriggers", + "glue:getUserDefinedFunction", + "glue:getUserDefinedFunctions", + "glue:listRegistries", + "glue:listSchemas", + "glue:listSchemaVersions", + "glue:querySchemaVersionMetadata", + "greengrass:getConnectivityInfo", + "greengrass:getCoreDefinition", + "greengrass:getCoreDefinitionVersion", + "greengrass:getDeploymentStatus", + "greengrass:getDeviceDefinition", + "greengrass:getDeviceDefinitionVersion", + "greengrass:getFunctionDefinition", + "greengrass:getFunctionDefinitionVersion", + "greengrass:getGroup", + "greengrass:getGroupCertificateAuthority", + "greengrass:getGroupVersion", + "greengrass:getLoggerDefinition", + "greengrass:getLoggerDefinitionVersion", + "greengrass:getResourceDefinitionVersion", + "greengrass:getServiceRoleForAccount", + "greengrass:getSubscriptionDefinition", + "greengrass:getSubscriptionDefinitionVersion", + "greengrass:listCoreDefinitions", + "greengrass:listCoreDefinitionVersions", + "greengrass:listDeployments", + "greengrass:listDeviceDefinitions", + "greengrass:listDeviceDefinitionVersions", + "greengrass:listFunctionDefinitions", + "greengrass:listFunctionDefinitionVersions", + "greengrass:listGroups", + "greengrass:listGroupVersions", + "greengrass:listLoggerDefinitions", + "greengrass:listLoggerDefinitionVersions", + "greengrass:listResourceDefinitions", + "greengrass:listResourceDefinitionVersions", + "greengrass:listSubscriptionDefinitions", + "greengrass:listSubscriptionDefinitionVersions", + "guardduty:getDetector", + "guardduty:getFindings", + "guardduty:getFindingsStatistics", + "guardduty:getInvitationsCount", + "guardduty:getIPSet", + "guardduty:getMasterAccount", + "guardduty:getMembers", + "guardduty:getThreatIntelSet", + "guardduty:listDetectors", + "guardduty:listFindings", + "guardduty:listInvitations", + "guardduty:listIPSets", + "guardduty:listMembers", + "guardduty:listThreatIntelSets", + "health:describeAffectedAccountsForOrganization", + "health:describeAffectedEntities", + "health:describeAffectedEntitiesForOrganization", + "health:describeEntityAggregates", + "health:describeEventAggregates", + "health:describeEventDetails", + "health:describeEventDetailsForOrganization", + "health:describeEvents", + "health:describeEventsForOrganization", + "health:describeEventTypes", + "health:describeHealthServiceStatusForOrganization", + "iam:getAccessKeyLastUsed", + "iam:getAccountAuthorizationDetails", + "iam:getAccountPasswordPolicy", + "iam:getAccountSummary", + "iam:getContextKeysForCustomPolicy", + "iam:getContextKeysForPrincipalPolicy", + "iam:getCredentialReport", + "iam:getGroup", + "iam:getGroupPolicy", + "iam:getInstanceProfile", + "iam:getLoginProfile", + "iam:getOpenIDConnectProvider", + "iam:getPolicy", + "iam:getPolicyVersion", + "iam:getRole", + "iam:getRolePolicy", + "iam:getSAMLProvider", + "iam:getServerCertificate", + "iam:getSSHPublicKey", + "iam:getUser", + "iam:getUserPolicy", + "iam:listAccessKeys", + "iam:listAccountAliases", + "iam:listAttachedGroupPolicies", + "iam:listAttachedRolePolicies", + "iam:listAttachedUserPolicies", + "iam:listEntitiesForPolicy", + "iam:listGroupPolicies", + "iam:listGroups", + "iam:listGroupsForUser", + "iam:listInstanceProfiles", + "iam:listInstanceProfilesForRole", + "iam:listMFADevices", + "iam:listOpenIDConnectProviders", + "iam:listPolicies", + "iam:listPolicyVersions", + "iam:listRolePolicies", + "iam:listRoles", + "iam:listSAMLProviders", + "iam:listServerCertificates", + "iam:listSigningCertificates", + "iam:listSSHPublicKeys", + "iam:listUserPolicies", + "iam:listUsers", + "iam:listVirtualMFADevices", + "iam:simulateCustomPolicy", + "iam:simulatePrincipalPolicy", + "imagebuilder:getComponent", + "imagebuilder:getComponentPolicy", + "imagebuilder:getContainerRecipe", + "imagebuilder:getDistributionConfiguration", + "imagebuilder:getImage", + "imagebuilder:getImagePipeline", + "imagebuilder:getImagePolicy", + "imagebuilder:getImageRecipe", + "imagebuilder:getImageRecipePolicy", + "imagebuilder:getInfrastructureConfiguration", + "imagebuilder:listComponentBuildVersions", + "imagebuilder:listComponents", + "imagebuilder:listContainerRecipes", + "imagebuilder:listDistributionConfigurations", + "imagebuilder:listImageBuildVersions", + "imagebuilder:listImagePipelineImages", + "imagebuilder:listImagePipelines", + "imagebuilder:listImageRecipes", + "imagebuilder:listImages", + "imagebuilder:listInfrastructureConfigurations", + "imagebuilder:listTagsForResource", + "inspector:describeAssessmentRuns", + "inspector:describeAssessmentTargets", + "inspector:describeAssessmentTemplates", + "inspector:describeCrossAccountAccessRole", + "inspector:describeResourceGroups", + "inspector:describeRulesPackages", + "inspector:getTelemetryMetadata", + "inspector:listAssessmentRunAgents", + "inspector:listAssessmentRuns", + "inspector:listAssessmentTargets", + "inspector:listAssessmentTemplates", + "inspector:listEventSubscriptions", + "inspector:listRulesPackages", + "inspector:listTagsForResource", + "inspector2:batchGetAccountStatus", + "inspector2:batchGetFreeTrialInfo", + "inspector2:describeOrganizationConfiguration", + "inspector2:getDelegatedAdminAccount", + "inspector2:getMember", + "inspector2:listCoverage", + "inspector2:listDelegatedAdminAccounts", + "inspector2:listFilters", + "inspector2:listFindings", + "inspector2:listMembers", + "inspector2:listUsageTotals", + "iot:describeAuthorizer", + "iot:describeCACertificate", + "iot:describeCertificate", + "iot:describeDefaultAuthorizer", + "iot:describeEndpoint", + "iot:describeIndex", + "iot:describeJobExecution", + "iot:describeThing", + "iot:describeThingGroup", + "iot:describeTunnel", + "iot:getEffectivePolicies", + "iot:getIndexingConfiguration", + "iot:getLoggingOptions", + "iot:getPolicy", + "iot:getPolicyVersion", + "iot:getTopicRule", + "iot:getV2LoggingOptions", + "iot:listAttachedPolicies", + "iot:listAuthorizers", + "iot:listCACertificates", + "iot:listCertificates", + "iot:listCertificatesByCA", + "iot:listJobExecutionsForJob", + "iot:listJobExecutionsForThing", + "iot:listJobs", + "iot:listOutgoingCertificates", + "iot:listPolicies", + "iot:listPolicyPrincipals", + "iot:listPolicyVersions", + "iot:listPrincipalPolicies", + "iot:listPrincipalThings", + "iot:listRoleAliases", + "iot:listTargetsForPolicy", + "iot:listThingGroups", + "iot:listThingGroupsForThing", + "iot:listThingPrincipals", + "iot:listThingRegistrationTasks", + "iot:listThings", + "iot:listThingTypes", + "iot:listTopicRules", + "iot:listTunnels", + "iot:listV2LoggingLevels", + "iotevents:describeDetector", + "iotevents:describeDetectorModel", + "iotevents:describeInput", + "iotevents:describeLoggingOptions", + "iotevents:listDetectorModels", + "iotevents:listDetectorModelVersions", + "iotevents:listDetectors", + "iotevents:listInputs", + "iotsitewise:describeAccessPolicy", + "iotsitewise:describeAsset", + "iotsitewise:describeAssetModel", + "iotsitewise:describeAssetProperty", + "iotsitewise:describeDashboard", + "iotsitewise:describeGateway", + "iotsitewise:describeGatewayCapabilityConfiguration", + "iotsitewise:describeLoggingOptions", + "iotsitewise:describePortal", + "iotsitewise:describeProject", + "iotsitewise:listAccessPolicies", + "iotsitewise:listAssetModels", + "iotsitewise:listAssets", + "iotsitewise:listAssociatedAssets", + "iotsitewise:listDashboards", + "iotsitewise:listGateways", + "iotsitewise:listPortals", + "iotsitewise:listProjectAssets", + "iotsitewise:listProjects", + "iotwireless:getDestination", + "iotwireless:getDeviceProfile", + "iotwireless:getPartnerAccount", + "iotwireless:getServiceEndpoint", + "iotwireless:getServiceProfile", + "iotwireless:getWirelessDevice", + "iotwireless:getWirelessDeviceStatistics", + "iotwireless:getWirelessGateway", + "iotwireless:getWirelessGatewayCertificate", + "iotwireless:getWirelessGatewayFirmwareInformation", + "iotwireless:getWirelessGatewayStatistics", + "iotwireless:getWirelessGatewayTask", + "iotwireless:getWirelessGatewayTaskDefinition", + "iotwireless:listDestinations", + "iotwireless:listDeviceProfiles", + "iotwireless:listPartnerAccounts", + "iotwireless:listServiceProfiles", + "iotwireless:listTagsForResource", + "iotwireless:listWirelessDevices", + "iotwireless:listWirelessGateways", + "iotwireless:listWirelessGatewayTaskDefinitions", + "ivs:listChannels", + "ivs:listStreams", + "ivs:listStreamSessions", + "kafka:describeCluster", + "kafka:getBootstrapBrokers", + "kafka:listClusters", + "kafka:listNodes", + "kendra:describeDataSource", + "kendra:describeFaq", + "kendra:describeIndex", + "kendra:listDataSources", + "kendra:listFaqs", + "kendra:listIndices", + "kinesis:describeStream", + "kinesis:describeStreamConsumer", + "kinesis:describeStreamSummary", + "kinesis:listShards", + "kinesis:listStreams", + "kinesis:listStreamConsumers", + "kinesis:listTagsForStream", + "kinesisanalytics:describeApplication", + "kinesisanalytics:describeApplicationSnapshot", + "kinesisanalytics:listApplications", + "kinesisanalytics:listApplicationSnapshots", + "kms:describeKey", + "kms:getKeyPolicy", + "kms:getKeyRotationStatus", + "kms:listAliases", + "kms:listGrants", + "kms:listKeyPolicies", + "kms:listKeys", + "kms:listResourceTags", + "kms:listRetirableGrants", + "lambda:getAccountSettings", + "lambda:getAlias", + "lambda:getCodeSigningConfig", + "lambda:getEventSourceMapping", + "lambda:getFunction", + "lambda:getFunctionCodeSigningConfig", + "lambda:getFunctionConcurrency", + "lambda:getFunctionConfiguration", + "lambda:getFunctionEventInvokeConfig", + "lambda:getLayerVersion", + "lambda:getLayerVersionPolicy", + "lambda:getPolicy", + "lambda:getProvisionedConcurrencyConfig", + "lambda:listAliases", + "lambda:listCodeSigningConfigs", + "lambda:listEventSourceMappings", + "lambda:listFunctionEventInvokeConfigs", + "lambda:listFunctions", + "lambda:listFunctionsByCodeSigningConfig", + "lambda:listLayers", + "lambda:listLayerVersions", + "lambda:listProvisionedConcurrencyConfigs", + "lambda:listVersionsByFunction", + "launchwizard:describeProvisionedApp", + "launchwizard:describeProvisioningEvents", + "launchwizard:listProvisionedApps", + "lex:getBot", + "lex:getBotAlias", + "lex:getBotAliases", + "lex:getBotChannelAssociation", + "lex:getBotChannelAssociations", + "lex:getBots", + "lex:getBotVersions", + "lex:getBuiltinIntent", + "lex:getBuiltinIntents", + "lex:getBuiltinSlotTypes", + "lex:getIntent", + "lex:getIntents", + "lex:getIntentVersions", + "lex:getSlotType", + "lex:getSlotTypes", + "lex:getSlotTypeVersions", + "license-manager:getLicenseConfiguration", + "license-manager:getServiceSettings", + "license-manager:listAssociationsForLicenseConfiguration", + "license-manager:listFailuresForLicenseConfigurationOperations", + "license-manager:listLicenseConfigurations", + "license-manager:listLicenseSpecificationsForResource", + "license-manager:listResourceInventory", + "license-manager:listUsageForLicenseConfiguration", + "lightsail:getActiveNames", + "lightsail:getAlarms", + "lightsail:getAutoSnapshots", + "lightsail:getBlueprints", + "lightsail:getBucketBundles", + "lightsail:getBucketMetricData", + "lightsail:getBuckets", + "lightsail:getBundles", + "lightsail:getCertificates", + "lightsail:getContainerImages", + "lightsail:getContainerServiceDeployments", + "lightsail:getContainerServiceMetricData", + "lightsail:getContainerServicePowers", + "lightsail:getContainerServices", + "lightsail:getDisk", + "lightsail:getDisks", + "lightsail:getDiskSnapshot", + "lightsail:getDiskSnapshots", + "lightsail:getDistributionBundles", + "lightsail:getDistributionMetricData", + "lightsail:getDistributions", + "lightsail:getDomain", + "lightsail:getDomains", + "lightsail:getExportSnapshotRecords", + "lightsail:getInstance", + "lightsail:getInstanceMetricData", + "lightsail:getInstancePortStates", + "lightsail:getInstances", + "lightsail:getInstanceSnapshot", + "lightsail:getInstanceSnapshots", + "lightsail:getInstanceState", + "lightsail:getKeyPair", + "lightsail:getKeyPairs", + "lightsail:getLoadBalancer", + "lightsail:getLoadBalancerMetricData", + "lightsail:getLoadBalancers", + "lightsail:getLoadBalancerTlsCertificates", + "lightsail:getOperation", + "lightsail:getOperations", + "lightsail:getOperationsForResource", + "lightsail:getRegions", + "lightsail:getRelationalDatabase", + "lightsail:getRelationalDatabaseMetricData", + "lightsail:getRelationalDatabases", + "lightsail:getRelationalDatabaseSnapshot", + "lightsail:getRelationalDatabaseSnapshots", + "lightsail:getStaticIp", + "lightsail:getStaticIps", + "lightsail:isVpcPeered", + "logs:describeDestinations", + "logs:describeExportTasks", + "logs:describeLogGroups", + "logs:describeLogStreams", + "logs:describeMetricFilters", + "logs:describeQueries", + "logs:describeResourcePolicies", + "logs:describeSubscriptionFilters", + "logs:getLogDelivery", + "logs:listLogDeliveries", + "logs:testMetricFilter", + "lookoutmetrics:describeAlert", + "lookoutmetrics:describeAnomalyDetectionExecutions", + "lookoutmetrics:describeAnomalyDetector", + "lookoutmetrics:describeMetricSet", + "lookoutmetrics:getAnomalyGroup", + "lookoutmetrics:getDataQualityMetrics", + "lookoutmetrics:getFeedback", + "lookoutmetrics:getSampleData", + "lookoutmetrics:listAlerts", + "lookoutmetrics:listAnomalyDetectors", + "lookoutmetrics:listAnomalyGroupSummaries", + "lookoutmetrics:listAnomalyGroupTimeSeries", + "lookoutmetrics:listMetricSets", + "lookoutmetrics:listTagsForResource", + "machinelearning:describeBatchPredictions", + "machinelearning:describeDataSources", + "machinelearning:describeEvaluations", + "machinelearning:describeMLModels", + "machinelearning:getBatchPrediction", + "machinelearning:getDataSource", + "machinelearning:getEvaluation", + "machinelearning:getMLModel", + "macie2:getClassificationExportConfiguration", + "macie2:getCustomDataIdentifier", + "macie2:getFindings", + "macie2:getFindingStatistics", + "macie2:listClassificationJobs", + "macie2:listCustomDataIdentifiers", + "macie2:listFindings", + "managedblockchain:getMember", + "managedblockchain:getNetwork", + "managedblockchain:getNode", + "managedblockchain:listMembers", + "managedblockchain:listNetworks", + "managedblockchain:listNodes", + "mediaconnect:describeFlow", + "mediaconnect:listEntitlements", + "mediaconnect:listFlows", + "mediaconvert:describeEndpoints", + "mediaconvert:getJob", + "mediaconvert:getJobTemplate", + "mediaconvert:getPreset", + "mediaconvert:getQueue", + "mediaconvert:listJobs", + "mediaconvert:listJobTemplates", + "medialive:describeChannel", + "medialive:describeInput", + "medialive:describeInputDevice", + "medialive:describeInputSecurityGroup", + "medialive:describeMultiplex", + "medialive:describeOffering", + "medialive:describeReservation", + "medialive:describeSchedule", + "medialive:listChannels", + "medialive:listInputDevices", + "medialive:listInputs", + "medialive:listInputSecurityGroups", + "medialive:listMultiplexes", + "medialive:listOfferings", + "medialive:listReservations", + "mediapackage:describeChannel", + "mediapackage:describeOriginEndpoint", + "mediapackage:listChannels", + "mediapackage:listOriginEndpoints", + "mediastore:describeContainer", + "mediastore:getContainerPolicy", + "mediastore:getCorsPolicy", + "mediastore:listContainers", + "mediatailor:getPlaybackConfiguration", + "mediatailor:listPlaybackConfigurations", + "mgn:describeJobLogItems", + "mgn:describeJobs", + "mgn:describeReplicationConfigurationTemplates", + "mgn:describeSourceServers", + "mgn:describeVcenterClients", + "mgn:getLaunchConfiguration", + "mgn:getReplicationConfiguration", + "mobiletargeting:getAdmChannel", + "mobiletargeting:getApnsChannel", + "mobiletargeting:getApnsSandboxChannel", + "mobiletargeting:getApnsVoipChannel", + "mobiletargeting:getApnsVoipSandboxChannel", + "mobiletargeting:getApp", + "mobiletargeting:getApplicationSettings", + "mobiletargeting:getApps", + "mobiletargeting:getBaiduChannel", + "mobiletargeting:getCampaign", + "mobiletargeting:getCampaignActivities", + "mobiletargeting:getCampaigns", + "mobiletargeting:getCampaignVersion", + "mobiletargeting:getCampaignVersions", + "mobiletargeting:getEmailChannel", + "mobiletargeting:getEndpoint", + "mobiletargeting:getEventStream", + "mobiletargeting:getExportJob", + "mobiletargeting:getExportJobs", + "mobiletargeting:getGcmChannel", + "mobiletargeting:getImportJob", + "mobiletargeting:getImportJobs", + "mobiletargeting:getSegment", + "mobiletargeting:getSegmentImportJobs", + "mobiletargeting:getSegments", + "mobiletargeting:getSegmentVersion", + "mobiletargeting:getSegmentVersions", + "mobiletargeting:getSmsChannel", + "mq:describeBroker", + "mq:describeConfiguration", + "mq:describeConfigurationRevision", + "mq:describeUser", + "mq:listBrokers", + "mq:listConfigurationRevisions", + "mq:listConfigurations", + "mq:listUsers", + "network-firewall:describeFirewall", + "network-firewall:describeFirewallPolicy", + "network-firewall:describeLoggingConfiguration", + "network-firewall:describeRuleGroup", + "network-firewall:listFirewallPolicies", + "network-firewall:listFirewalls", + "network-firewall:listRuleGroups", + "networkmanager:describeGlobalNetworks", + "networkmanager:getConnectAttachment", + "networkmanager:getConnections", + "networkmanager:getConnectPeer", + "networkmanager:getConnectPeerAssociations", + "networkmanager:getCoreNetwork", + "networkmanager:getCoreNetworkChangeSet", + "networkmanager:getCoreNetworkPolicy", + "networkmanager:getCustomerGatewayAssociations", + "networkmanager:getDevices", + "networkmanager:getLinkAssociations", + "networkmanager:getLinks", + "networkmanager:getNetworkResourceCounts", + "networkmanager:getNetworkResourceRelationships", + "networkmanager:getNetworkResources", + "networkmanager:getNetworkRoutes", + "networkmanager:getNetworkTelemetry", + "networkmanager:getResourcePolicy", + "networkmanager:getRouteAnalysis", + "networkmanager:getSites", + "networkmanager:getSiteToSiteVpnAttachment", + "networkmanager:getTransitGatewayConnectPeerAssociations", + "networkmanager:getTransitGatewayRegistrations", + "networkmanager:getVpcAttachment", + "networkmanager:listAttachments", + "networkmanager:listConnectPeers", + "networkmanager:listCoreNetworkPolicyVersions", + "networkmanager:listCoreNetworks", + "networkmanager:listTagsForResource", + "opsworks-cm:describeAccountAttributes", + "opsworks-cm:describeBackups", + "opsworks-cm:describeEvents", + "opsworks-cm:describeNodeAssociationStatus", + "opsworks-cm:describeServers", + "opsworks:describeAgentVersions", + "opsworks:describeApps", + "opsworks:describeCommands", + "opsworks:describeDeployments", + "opsworks:describeEcsClusters", + "opsworks:describeElasticIps", + "opsworks:describeElasticLoadBalancers", + "opsworks:describeInstances", + "opsworks:describeLayers", + "opsworks:describeLoadBasedAutoScaling", + "opsworks:describeMyUserProfile", + "opsworks:describePermissions", + "opsworks:describeRaidArrays", + "opsworks:describeRdsDbInstances", + "opsworks:describeServiceErrors", + "opsworks:describeStackProvisioningParameters", + "opsworks:describeStacks", + "opsworks:describeStackSummary", + "opsworks:describeTimeBasedAutoScaling", + "opsworks:describeUserProfiles", + "opsworks:describeVolumes", + "opsworks:getHostnameSuggestion", + "organizations:listAccounts", + "organizations:listTagsForResource", + "outposts:getOutpost", + "outposts:getOutpostInstanceTypes", + "outposts:listOutposts", + "outposts:listSites", + "personalize:describeAlgorithm", + "personalize:describeCampaign", + "personalize:describeDataset", + "personalize:describeDatasetGroup", + "personalize:describeDatasetImportJob", + "personalize:describeEventTracker", + "personalize:describeFeatureTransformation", + "personalize:describeRecipe", + "personalize:describeSchema", + "personalize:describeSolution", + "personalize:describeSolutionVersion", + "personalize:listCampaigns", + "personalize:listDatasetGroups", + "personalize:listDatasetImportJobs", + "personalize:listDatasets", + "personalize:listEventTrackers", + "personalize:listRecipes", + "personalize:listSchemas", + "personalize:listSolutions", + "personalize:listSolutionVersions", + "polly:describeVoices", + "polly:getLexicon", + "polly:listLexicons", + "pricing:describeServices", + "pricing:getAttributeValues", + "pricing:getProducts", + "quicksight:describeDashboard", + "quicksight:describeDashboardPermissions", + "quicksight:describeGroup", + "quicksight:describeIAMPolicyAssignment", + "quicksight:describeTemplate", + "quicksight:describeTemplateAlias", + "quicksight:describeTemplatePermissions", + "quicksight:describeUser", + "quicksight:listDashboards", + "quicksight:listGroupMemberships", + "quicksight:listGroups", + "quicksight:listIAMPolicyAssignments", + "quicksight:listIAMPolicyAssignmentsForUser", + "quicksight:listTemplateAliases", + "quicksight:listTemplates", + "quicksight:listTemplateVersions", + "quicksight:listUserGroups", + "quicksight:listUsers", + "ram:getPermission", + "ram:getResourceShareAssociations", + "ram:getResourceShareInvitations", + "ram:getResourceShares", + "ram:listPendingInvitationResources", + "ram:listPrincipals", + "ram:listResources", + "ram:listResourceSharePermissions", + "rbin:getRule", + "rbin:listRules", + "rds:describeAccountAttributes", + "rds:describeCertificates", + "rds:describeDBClusterParameterGroups", + "rds:describeDBClusterParameters", + "rds:describeDBClusters", + "rds:describeDBClusterSnapshots", + "rds:describeDBEngineVersions", + "rds:describeDBInstances", + "rds:describeDBParameterGroups", + "rds:describeDBParameters", + "rds:describeDBSecurityGroups", + "rds:describeDBSnapshotAttributes", + "rds:describeDBSnapshots", + "rds:describeDBSubnetGroups", + "rds:describeEngineDefaultClusterParameters", + "rds:describeEngineDefaultParameters", + "rds:describeEventCategories", + "rds:describeEvents", + "rds:describeEventSubscriptions", + "rds:describeExportTasks", + "rds:describeOptionGroupOptions", + "rds:describeOptionGroups", + "rds:describeOrderableDBInstanceOptions", + "rds:describePendingMaintenanceActions", + "rds:describeReservedDBInstances", + "rds:describeReservedDBInstancesOfferings", + "rds:listTagsForResource", + "redshift-data:describeStatement", + "redshift-data:listStatements", + "redshift:describeClusterParameterGroups", + "redshift:describeClusterParameters", + "redshift:describeClusters", + "redshift:describeClusterSecurityGroups", + "redshift:describeClusterSnapshots", + "redshift:describeClusterSubnetGroups", + "redshift:describeClusterVersions", + "redshift:describeDefaultClusterParameters", + "redshift:describeEventCategories", + "redshift:describeEvents", + "redshift:describeEventSubscriptions", + "redshift:describeHsmClientCertificates", + "redshift:describeHsmConfigurations", + "redshift:describeLoggingStatus", + "redshift:describeOrderableClusterOptions", + "redshift:describeReservedNodeOfferings", + "redshift:describeReservedNodes", + "redshift:describeResize", + "redshift:describeSnapshotCopyGrants", + "redshift:describeStorage", + "redshift:describeTableRestoreStatus", + "redshift:describeTags", + "rekognition:listCollections", + "rekognition:listFaces", + "resource-groups:getGroup", + "resource-groups:getGroupQuery", + "resource-groups:getTags", + "resource-groups:listGroupResources", + "resource-groups:listGroups", + "resource-groups:searchResources", + "robomaker:batchDescribeSimulationJob", + "robomaker:describeDeploymentJob", + "robomaker:describeFleet", + "robomaker:describeRobot", + "robomaker:describeRobotApplication", + "robomaker:describeSimulationApplication", + "robomaker:describeSimulationJob", + "robomaker:listDeploymentJobs", + "robomaker:listFleets", + "robomaker:listRobotApplications", + "robomaker:listRobots", + "robomaker:listSimulationApplications", + "robomaker:listSimulationJobs", + "route53-recovery-readiness:getCell", + "route53-recovery-readiness:getCellReadinessSummary", + "route53-recovery-readiness:getReadinessCheck", + "route53-recovery-readiness:getReadinessCheckResourceStatus", + "route53-recovery-readiness:getReadinessCheckStatus", + "route53-recovery-readiness:getRecoveryGroup", + "route53-recovery-readiness:getRecoveryGroupReadinessSummary", + "route53-recovery-readiness:listCells", + "route53-recovery-readiness:listReadinessChecks", + "route53-recovery-readiness:listRecoveryGroups", + "route53-recovery-readiness:listResourceSets", + "route53:getChange", + "route53:getCheckerIpRanges", + "route53:getGeoLocation", + "route53:getHealthCheck", + "route53:getHealthCheckCount", + "route53:getHealthCheckLastFailureReason", + "route53:getHealthCheckStatus", + "route53:getHostedZone", + "route53:getHostedZoneCount", + "route53:getReusableDelegationSet", + "route53:getTrafficPolicy", + "route53:getTrafficPolicyInstance", + "route53:getTrafficPolicyInstanceCount", + "route53:listGeoLocations", + "route53:listHealthChecks", + "route53:listHostedZones", + "route53:listHostedZonesByName", + "route53:listResourceRecordSets", + "route53:listReusableDelegationSets", + "route53:listTrafficPolicies", + "route53:listTrafficPolicyInstances", + "route53:listTrafficPolicyInstancesByHostedZone", + "route53:listTrafficPolicyInstancesByPolicy", + "route53:listTrafficPolicyVersions", + "route53domains:checkDomainAvailability", + "route53domains:getContactReachabilityStatus", + "route53domains:getDomainDetail", + "route53domains:getOperationDetail", + "route53domains:listDomains", + "route53domains:listOperations", + "route53domains:listTagsForDomain", + "route53domains:viewBilling", + "route53resolver:getFirewallConfig", + "route53resolver:getFirewallDomainList", + "route53resolver:getFirewallRuleGroup", + "route53resolver:getFirewallRuleGroupAssociation", + "route53resolver:getResolverDnssecConfig", + "route53resolver:getResolverRulePolicy", + "route53resolver:listFirewallConfigs", + "route53resolver:listFirewallDomainLists", + "route53resolver:listFirewallDomains", + "route53resolver:listFirewallRuleGroupAssociations", + "route53resolver:listFirewallRuleGroups", + "route53resolver:listFirewallRules", + "route53resolver:listResolverDnssecConfigs", + "route53resolver:listResolverEndpointIpAddresses", + "route53resolver:listResolverEndpoints", + "route53resolver:listResolverRuleAssociations", + "route53resolver:listResolverRules", + "route53resolver:listTagsForResource", + "s3:describeJob", + "s3:describeMultiRegionAccessPointOperation", + "s3:getAccelerateConfiguration", + "s3:getAccessPoint", + "s3:getAccessPointConfigurationForObjectLambda", + "s3:getAccessPointForObjectLambda", + "s3:getAccessPointPolicy", + "s3:getAccessPointPolicyForObjectLambda", + "s3:getAccessPointPolicyStatus", + "s3:getAccessPointPolicyStatusForObjectLambda", + "s3:getAccountPublicAccessBlock", + "s3:getAnalyticsConfiguration", + "s3:getBucketAcl", + "s3:getBucketCORS", + "s3:getBucketLocation", + "s3:getBucketLogging", + "s3:getBucketNotification", + "s3:getBucketObjectLockConfiguration", + "s3:getBucketOwnershipControls", + "s3:getBucketPolicy", + "s3:getBucketPolicyStatus", + "s3:getBucketPublicAccessBlock", + "s3:getBucketRequestPayment", + "s3:getBucketVersioning", + "s3:getBucketWebsite", + "s3:getEncryptionConfiguration", + "s3:getIntelligentTieringConfiguration", + "s3:getInventoryConfiguration", + "s3:getLifecycleConfiguration", + "s3:getMetricsConfiguration", + "s3:getMultiRegionAccessPoint", + "s3:getMultiRegionAccessPointPolicy", + "s3:getMultiRegionAccessPointPolicyStatus", + "s3:getObjectLegalHold", + "s3:getObjectRetention", + "s3:getReplicationConfiguration", + "s3:getStorageLensConfiguration", + "s3:listAccessPoints", + "s3:listAccessPointsForObjectLambda", + "s3:listAllMyBuckets", + "s3:listBucket", + "s3:listBucketMultipartUploads", + "s3:listBucketVersions", + "s3:listJobs", + "s3:listMultipartUploadParts", + "s3:listMultiRegionAccessPoints", + "s3:listStorageLensConfigurations", + "sagemaker:describeAction", + "sagemaker:describeAlgorithm", + "sagemaker:describeApp", + "sagemaker:describeArtifact", + "sagemaker:describeAutoMLJob", + "sagemaker:describeCompilationJob", + "sagemaker:describeContext", + "sagemaker:describeDataQualityJobDefinition", + "sagemaker:describeDevice", + "sagemaker:describeDeviceFleet", + "sagemaker:describeDomain", + "sagemaker:describeEdgePackagingJob", + "sagemaker:describeEndpoint", + "sagemaker:describeEndpointConfig", + "sagemaker:describeExperiment", + "sagemaker:describeFeatureGroup", + "sagemaker:describeHumanTaskUi", + "sagemaker:describeHyperParameterTuningJob", + "sagemaker:describeImage", + "sagemaker:describeImageVersion", + "sagemaker:describeLabelingJob", + "sagemaker:describeModel", + "sagemaker:describeModelBiasJobDefinition", + "sagemaker:describeModelExplainabilityJobDefinition", + "sagemaker:describeModelPackage", + "sagemaker:describeModelPackageGroup", + "sagemaker:describeModelQualityJobDefinition", + "sagemaker:describeMonitoringSchedule", + "sagemaker:describeNotebookInstance", + "sagemaker:describeNotebookInstanceLifecycleConfig", + "sagemaker:describePipeline", + "sagemaker:describePipelineDefinitionForExecution", + "sagemaker:describePipelineExecution", + "sagemaker:describeProcessingJob", + "sagemaker:describeProject", + "sagemaker:describeSubscribedWorkteam", + "sagemaker:describeTrainingJob", + "sagemaker:describeTransformJob", + "sagemaker:describeTrial", + "sagemaker:describeTrialComponent", + "sagemaker:describeUserProfile", + "sagemaker:describeWorkteam", + "sagemaker:listActions", + "sagemaker:listAlgorithms", + "sagemaker:listApps", + "sagemaker:listArtifacts", + "sagemaker:listAssociations", + "sagemaker:listAutoMLJobs", + "sagemaker:listCandidatesForAutoMLJob", + "sagemaker:listCodeRepositories", + "sagemaker:listCompilationJobs", + "sagemaker:listContexts", + "sagemaker:listDataQualityJobDefinitions", + "sagemaker:listDeviceFleets", + "sagemaker:listDevices", + "sagemaker:listDomains", + "sagemaker:listEdgePackagingJobs", + "sagemaker:listEndpointConfigs", + "sagemaker:listEndpoints", + "sagemaker:listExperiments", + "sagemaker:listFeatureGroups", + "sagemaker:listFlowDefinitions", + "sagemaker:listHumanTaskUis", + "sagemaker:listHyperParameterTuningJobs", + "sagemaker:listImages", + "sagemaker:listImageVersions", + "sagemaker:listLabelingJobs", + "sagemaker:listLabelingJobsForWorkteam", + "sagemaker:listModelBiasJobDefinitions", + "sagemaker:listModelExplainabilityJobDefinitions", + "sagemaker:listModelPackageGroups", + "sagemaker:listModelPackages", + "sagemaker:listModelQualityJobDefinitions", + "sagemaker:listModels", + "sagemaker:listMonitoringExecutions", + "sagemaker:listMonitoringSchedules", + "sagemaker:listNotebookInstanceLifecycleConfigs", + "sagemaker:listNotebookInstances", + "sagemaker:listPipelineExecutions", + "sagemaker:listPipelineExecutionSteps", + "sagemaker:listPipelineParametersForExecution", + "sagemaker:listPipelines", + "sagemaker:listProcessingJobs", + "sagemaker:listProjects", + "sagemaker:listSubscribedWorkteams", + "sagemaker:listTags", + "sagemaker:listTrainingJobs", + "sagemaker:listTrainingJobsForHyperParameterTuningJob", + "sagemaker:listTransformJobs", + "sagemaker:listTrialComponents", + "sagemaker:listTrials", + "sagemaker:listUserProfiles", + "sagemaker:listWorkteams", + "savingsplans:describeSavingsPlans", + "sdb:domainMetadata", + "sdb:listDomains", + "secretsmanager:describeSecret", + "secretsmanager:getResourcePolicy", + "secretsmanager:listSecrets", + "secretsmanager:listSecretVersionIds", + "securityhub:getEnabledStandards", + "securityhub:getFindings", + "securityhub:getInsightResults", + "securityhub:getInsights", + "securityhub:getMasterAccount", + "securityhub:getMembers", + "securityhub:listEnabledProductsForImport", + "securityhub:listInvitations", + "securityhub:listMembers", + "serverlessrepo:getApplication", + "serverlessrepo:getApplicationPolicy", + "serverlessrepo:getCloudFormationTemplate", + "serverlessrepo:listApplicationDependencies", + "serverlessrepo:listApplications", + "serverlessrepo:listApplicationVersions", + "servicecatalog:describeConstraint", + "servicecatalog:describePortfolio", + "servicecatalog:describeProduct", + "servicecatalog:describeProductAsAdmin", + "servicecatalog:describeProductView", + "servicecatalog:describeProvisioningArtifact", + "servicecatalog:describeProvisioningParameters", + "servicecatalog:describeRecord", + "servicecatalog:listAcceptedPortfolioShares", + "servicecatalog:listConstraintsForPortfolio", + "servicecatalog:listLaunchPaths", + "servicecatalog:listPortfolioAccess", + "servicecatalog:listPortfolios", + "servicecatalog:listPortfoliosForProduct", + "servicecatalog:listPrincipalsForPortfolio", + "servicecatalog:listProvisioningArtifacts", + "servicecatalog:listRecordHistory", + "servicecatalog:scanProvisionedProducts", + "servicecatalog:searchProducts", + "servicequotas:getAssociationForServiceQuotaTemplate", + "servicequotas:getAWSDefaultServiceQuota", + "servicequotas:getRequestedServiceQuotaChange", + "servicequotas:getServiceQuota", + "servicequotas:getServiceQuotaIncreaseRequestFromTemplate", + "servicequotas:listAWSDefaultServiceQuotas", + "servicequotas:listRequestedServiceQuotaChangeHistory", + "servicequotas:listRequestedServiceQuotaChangeHistoryByQuota", + "servicequotas:listServiceQuotaIncreaseRequestsInTemplate", + "servicequotas:listServiceQuotas", + "servicequotas:listServices", + "ses:describeActiveReceiptRuleSet", + "ses:describeReceiptRule", + "ses:describeReceiptRuleSet", + "ses:getAccount", + "ses:getBlacklistReports", + "ses:getConfigurationSet", + "ses:getConfigurationSetEventDestinations", + "ses:getDedicatedIp", + "ses:getDedicatedIps", + "ses:getDeliverabilityDashboardOptions", + "ses:getDeliverabilityTestReport", + "ses:getDomainDeliverabilityCampaign", + "ses:getDomainStatisticsReport", + "ses:getEmailIdentity", + "ses:getIdentityDkimAttributes", + "ses:getIdentityMailFromDomainAttributes", + "ses:getIdentityNotificationAttributes", + "ses:getIdentityPolicies", + "ses:getIdentityVerificationAttributes", + "ses:getSendQuota", + "ses:getSendStatistics", + "ses:listConfigurationSets", + "ses:listDedicatedIpPools", + "ses:listDeliverabilityTestReports", + "ses:listDomainDeliverabilityCampaigns", + "ses:listEmailIdentities", + "ses:listIdentities", + "ses:listIdentityPolicies", + "ses:listReceiptFilters", + "ses:listReceiptRuleSets", + "ses:listTagsForResource", + "ses:listVerifiedEmailAddresses", + "shield:describeAttack", + "shield:describeProtection", + "shield:describeSubscription", + "shield:listAttacks", + "shield:listProtections", + "sms-voice:getConfigurationSetEventDestinations", + "sms:getConnectors", + "sms:getReplicationJobs", + "sms:getReplicationRuns", + "sms:getServers", + "snowball:describeAddress", + "snowball:describeAddresses", + "snowball:describeJob", + "snowball:getSnowballUsage", + "snowball:listJobs", + "sns:checkIfPhoneNumberIsOptedOut", + "sns:getEndpointAttributes", + "sns:getPlatformApplicationAttributes", + "sns:getSMSAttributes", + "sns:getSubscriptionAttributes", + "sns:getTopicAttributes", + "sns:listEndpointsByPlatformApplication", + "sns:listPhoneNumbersOptedOut", + "sns:listPlatformApplications", + "sns:listSubscriptions", + "sns:listSubscriptionsByTopic", + "sns:listTopics", + "sqs:getQueueAttributes", + "sqs:getQueueUrl", + "sqs:listDeadLetterSourceQueues", + "sqs:listQueues", + "ssm-contacts:describeEngagement", + "ssm-contacts:describePage", + "ssm-contacts:getContact", + "ssm-contacts:getContactChannel", + "ssm-contacts:listContactChannels", + "ssm-contacts:listContacts", + "ssm-contacts:listEngagements", + "ssm-contacts:listPageReceipts", + "ssm-contacts:listPagesByContact", + "ssm-contacts:listPagesByEngagement", + "ssm-incidents:getIncidentRecord", + "ssm-incidents:getReplicationSet", + "ssm-incidents:getResponsePlan", + "ssm-incidents:listIncidentRecords", + "ssm-incidents:listReplicationSets", + "ssm-incidents:listResponsePlans", + "ssm-incidents:listTimelineEvents", + "ssm:describeActivations", + "ssm:describeAssociation", + "ssm:describeAssociationExecutions", + "ssm:describeAssociationExecutionTargets", + "ssm:describeAutomationExecutions", + "ssm:describeAutomationStepExecutions", + "ssm:describeAvailablePatches", + "ssm:describeDocument", + "ssm:describeDocumentPermission", + "ssm:describeEffectiveInstanceAssociations", + "ssm:describeEffectivePatchesForPatchBaseline", + "ssm:describeInstanceAssociationsStatus", + "ssm:describeInstanceInformation", + "ssm:describeInstancePatches", + "ssm:describeInstancePatchStates", + "ssm:describeInstancePatchStatesForPatchGroup", + "ssm:describeInventoryDeletions", + "ssm:describeMaintenanceWindowExecutions", + "ssm:describeMaintenanceWindowExecutionTaskInvocations", + "ssm:describeMaintenanceWindowExecutionTasks", + "ssm:describeMaintenanceWindows", + "ssm:describeMaintenanceWindowSchedule", + "ssm:describeMaintenanceWindowsForTarget", + "ssm:describeMaintenanceWindowTargets", + "ssm:describeMaintenanceWindowTasks", + "ssm:describeOpsItems", + "ssm:describeParameters", + "ssm:describePatchBaselines", + "ssm:describePatchGroups", + "ssm:describePatchGroupState", + "ssm:describePatchProperties", + "ssm:describeSessions", + "ssm:getAutomationExecution", + "ssm:getCommandInvocation", + "ssm:getConnectionStatus", + "ssm:getDefaultPatchBaseline", + "ssm:getDeployablePatchSnapshotForInstance", + "ssm:getInventorySchema", + "ssm:getMaintenanceWindow", + "ssm:getMaintenanceWindowExecution", + "ssm:getMaintenanceWindowExecutionTask", + "ssm:getMaintenanceWindowExecutionTaskInvocation", + "ssm:getMaintenanceWindowTask", + "ssm:getOpsItem", + "ssm:getPatchBaseline", + "ssm:getPatchBaselineForPatchGroup", + "ssm:getServiceSetting", + "ssm:listAssociations", + "ssm:listAssociationVersions", + "ssm:listCommandInvocations", + "ssm:listCommands", + "ssm:listComplianceItems", + "ssm:listComplianceSummaries", + "ssm:listDocuments", + "ssm:listDocumentVersions", + "ssm:listOpsItemEvents", + "ssm:listResourceComplianceSummaries", + "ssm:listResourceDataSync", + "ssm:listTagsForResource", + "states:describeActivity", + "states:describeExecution", + "states:describeStateMachine", + "states:describeStateMachineForExecution", + "states:getExecutionHistory", + "states:listActivities", + "states:listExecutions", + "states:listStateMachines", + "storagegateway:describeBandwidthRateLimit", + "storagegateway:describeCache", + "storagegateway:describeCachediSCSIVolumes", + "storagegateway:describeFileSystemAssociations", + "storagegateway:describeGatewayInformation", + "storagegateway:describeMaintenanceStartTime", + "storagegateway:describeNFSFileShares", + "storagegateway:describeSMBFileShares", + "storagegateway:describeSMBSettings", + "storagegateway:describeSnapshotSchedule", + "storagegateway:describeStorediSCSIVolumes", + "storagegateway:describeTapeArchives", + "storagegateway:describeTapeRecoveryPoints", + "storagegateway:describeTapes", + "storagegateway:describeUploadBuffer", + "storagegateway:describeVTLDevices", + "storagegateway:describeWorkingStorage", + "storagegateway:listAutomaticTapeCreationPolicies", + "storagegateway:listFileShares", + "storagegateway:listFileSystemAssociations", + "storagegateway:listGateways", + "storagegateway:listLocalDisks", + "storagegateway:listTagsForResource", + "storagegateway:listTapes", + "storagegateway:listVolumeInitiators", + "storagegateway:listVolumeRecoveryPoints", + "storagegateway:listVolumes", + "swf:countClosedWorkflowExecutions", + "swf:countOpenWorkflowExecutions", + "swf:countPendingActivityTasks", + "swf:countPendingDecisionTasks", + "swf:describeActivityType", + "swf:describeDomain", + "swf:describeWorkflowExecution", + "swf:describeWorkflowType", + "swf:getWorkflowExecutionHistory", + "swf:listActivityTypes", + "swf:listClosedWorkflowExecutions", + "swf:listDomains", + "swf:listOpenWorkflowExecutions", + "swf:listWorkflowTypes", + "synthetics:describeCanaries", + "synthetics:describeCanariesLastRun", + "synthetics:describeRuntimeVersions", + "synthetics:getCanary", + "synthetics:getCanaryRuns", + "transfer:describeExecution", + "transfer:describeServer", + "transfer:describeUser", + "transfer:describeWorkflow", + "transfer:listExecutions", + "transfer:listServers", + "transfer:listTagsForResource", + "transfer:listUsers", + "transfer:listWorkflows", + "transfer:sendWorkflowStepState", + "waf-regional:getByteMatchSet", + "waf-regional:getChangeTokenStatus", + "waf-regional:getIPSet", + "waf-regional:getRule", + "waf-regional:getSqlInjectionMatchSet", + "waf-regional:getWebACL", + "waf-regional:getWebACLForResource", + "waf-regional:listByteMatchSets", + "waf-regional:listIPSets", + "waf-regional:listResourcesForWebACL", + "waf-regional:listRules", + "waf-regional:listSqlInjectionMatchSets", + "waf-regional:listWebACLs", + "waf:getByteMatchSet", + "waf:getChangeTokenStatus", + "waf:getIPSet", + "waf:getRule", + "waf:getSampledRequests", + "waf:getSizeConstraintSet", + "waf:getSqlInjectionMatchSet", + "waf:getWebACL", + "waf:getXssMatchSet", + "waf:listByteMatchSets", + "waf:listIPSets", + "waf:listRules", + "waf:listSizeConstraintSets", + "waf:listSqlInjectionMatchSets", + "waf:listWebACLs", + "waf:listXssMatchSets", + "wafv2:checkCapacity", + "wafv2:describeManagedRuleGroup", + "wafv2:getIPSet", + "wafv2:getLoggingConfiguration", + "wafv2:getPermissionPolicy", + "wafv2:getRateBasedStatementManagedKeys", + "wafv2:getRegexPatternSet", + "wafv2:getRuleGroup", + "wafv2:getSampledRequests", + "wafv2:getWebACL", + "wafv2:getWebACLForResource", + "wafv2:listAvailableManagedRuleGroups", + "wafv2:listIPSets", + "wafv2:listLoggingConfigurations", + "wafv2:listRegexPatternSets", + "wafv2:listResourcesForWebACL", + "wafv2:listRuleGroups", + "wafv2:listTagsForResource", + "wafv2:listWebACLs", + "workdocs:checkAlias", + "workdocs:describeAvailableDirectories", + "workdocs:describeInstances", + "workmail:describeGroup", + "workmail:describeOrganization", + "workmail:describeResource", + "workmail:describeUser", + "workmail:listAliases", + "workmail:listGroupMembers", + "workmail:listGroups", + "workmail:listMailboxPermissions", + "workmail:listOrganizations", + "workmail:listResourceDelegates", + "workmail:listResources", + "workmail:listUsers", + "workspaces-web:getBrowserSettings", + "workspaces-web:getIdentityProvider", + "workspaces-web:getNetworkSettings", + "workspaces-web:getPortal", + "workspaces-web:getPortalServiceProviderMetadata", + "workspaces-web:getTrustStoreCertificate", + "workspaces-web:getUserSettings", + "workspaces-web:listBrowserSettings", + "workspaces-web:listIdentityProviders", + "workspaces-web:listNetworkSettings", + "workspaces-web:listPortals", + "workspaces-web:listTagsForResource", + "workspaces-web:listTrustStoreCertificates", + "workspaces-web:listTrustStores", + "workspaces-web:listUserSettings", + "workspaces:describeAccount", + "workspaces:describeAccountModifications", + "workspaces:describeIpGroups", + "workspaces:describeTags", + "workspaces:describeWorkspaceBundles", + "workspaces:describeWorkspaceDirectories", + "workspaces:describeWorkspaceImages", + "workspaces:describeWorkspaces", + "workspaces:describeWorkspacesConnectionStatus" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-24T16:27:09+00:00" + }, + "AWSSystemsManagerAccountDiscoveryServicePolicy":{ + "CreateDate":"2019-10-24T17:21:05+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:ListAccounts", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListChildren", + "organizations:ListParents", + "organizations:ListDelegatedServicesForAccount", + "organizations:ListDelegatedAdministrators" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-05-27T18:04:51+00:00" + }, + "AWSSystemsManagerChangeManagementServicePolicy":{ + "CreateDate":"2020-12-07T22:21:57+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ssm:CreateAssociation", + "ssm:DeleteAssociation", + "ssm:CreateOpsItem", + "ssm:GetOpsItem", + "ssm:UpdateOpsItem", + "ssm:StartAutomationExecution", + "ssm:StopAutomationExecution", + "ssm:GetAutomationExecution", + "ssm:GetCalendarState", + "ssm:GetDocument" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "cloudwatch:DescribeAlarms" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "sso:ListDirectoryAssociations" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "sso-directory:DescribeUsers", + "sso-directory:IsMemberInGroup" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"iam:GetGroup", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "ssm.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-07T22:21:57+00:00" + }, + "AWSSystemsManagerOpsDataSyncServiceRolePolicy":{ + "CreateDate":"2021-04-26T20:42:39+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ssm:GetOpsItem", + "ssm:UpdateOpsItem" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/ExplorerSecurityHubOpsItem":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssm:CreateOpsItem" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssm:AddTagsToResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:opsitem/*" + }, + { + "Action":[ + "ssm:UpdateServiceSetting", + "ssm:GetServiceSetting" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:servicesetting/ssm/opsitem/*", + "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/*" + ] + }, + { + "Action":[ + "securityhub:GetFindings", + "securityhub:BatchUpdateFindings" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"securityhub:BatchUpdateFindings", + "Condition":{ + "Null":{ + "securityhub:ASFFSyntaxPath/Confidence":false, + "securityhub:ASFFSyntaxPath/Criticality":false, + "securityhub:ASFFSyntaxPath/Note":false, + "securityhub:ASFFSyntaxPath/RelatedFindings":false, + "securityhub:ASFFSyntaxPath/Types":false, + "securityhub:ASFFSyntaxPath/UserDefinedFields":false, + "securityhub:ASFFSyntaxPath/VerificationState":false + }, + "StringEquals":{ + "securityhub:ASFFSyntaxPath/Workflow.Status":"SUPPRESSED" + } + }, + "Effect":"Deny", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-04-26T20:42:39+00:00" + }, + "AWSThinkboxAWSPortalAdminPolicy":{ + "CreateDate":"2020-05-27T19:41:02+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:AttachInternetGateway", + "ec2:AssociateAddress", + "ec2:AssociateRouteTable", + "ec2:AllocateAddress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateFleet", + "ec2:CreateLaunchTemplate", + "ec2:CreateInternetGateway", + "ec2:CreateNatGateway", + "ec2:CreatePlacementGroup", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSecurityGroup", + "ec2:CreateSubnet", + "ec2:CreateVpc", + "ec2:CreateVpcEndpoint", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeAddresses", + "ec2:DescribeFleets", + "ec2:DescribeFleetHistory", + "ec2:DescribeFleetInstances", + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeInternetGateways", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeRouteTables", + "ec2:DescribeNatGateways", + "ec2:DescribeTags", + "ec2:DescribeKeyPairs", + "ec2:DescribePlacementGroups", + "ec2:DescribeInstanceTypeOfferings", + "ec2:DescribeRegions", + "ec2:DescribeSpotFleetRequestHistory", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSpotFleetInstances", + "ec2:DescribeSpotFleetRequests", + "ec2:DescribeSpotPriceHistory", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeVpcEndpoints", + "ec2:GetConsoleOutput", + "ec2:ImportKeyPair", + "ec2:ReleaseAddress", + "ec2:RequestSpotFleet", + "ec2:CancelSpotFleetRequests", + "ec2:DisassociateAddress", + "ec2:DeleteFleets", + "ec2:DeleteLaunchTemplate", + "ec2:DeleteVpc", + "ec2:DeletePlacementGroup", + "ec2:DeleteVpcEndpoints", + "ec2:DeleteInternetGateway", + "ec2:DeleteSecurityGroup", + "ec2:RevokeSecurityGroupIngress", + "ec2:DeleteRoute", + "ec2:DeleteRouteTable", + "ec2:DisassociateRouteTable", + "ec2:DeleteSubnet", + "ec2:DeleteNatGateway", + "ec2:DetachInternetGateway", + "ec2:ModifyInstanceAttribute", + "ec2:ModifyFleet", + "ec2:ModifySpotFleetRequest", + "ec2:ModifyVpcAttribute" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:RunInstances", + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:key-pair/*", + "arn:aws:ec2:*::snapshot/*", + "arn:aws:ec2:*:*:launch-template/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:placement-group/*", + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*::image/*" + ] + }, + { + "Action":"ec2:RunInstances", + "Condition":{ + "StringLike":{ + "ec2:InstanceProfile":"arn:aws:iam::*:instance-profile/AWSPortal*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":"ec2:TerminateInstances", + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/aws:cloudformation:logical-id":"ReverseForwarder" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:TerminateInstances", + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/aws:ec2spot:fleet-request-id":"*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:TerminateInstances", + "Condition":{ + "StringLike":{ + "ec2:PlacementGroup":"*DeadlinePlacementGroup*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringLike":{ + "ec2:PlacementGroup":"*DeadlinePlacementGroup*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringLike":{ + "ec2:CreateAction":"RunInstances" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:internet-gateway/*", + "arn:aws:ec2:*:*:route-table/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:vpc/*", + "arn:aws:ec2:*:*:natgateway/*" + ] + }, + { + "Action":[ + "iam:GetUser" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:GetInstanceProfile" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:instance-profile/AWSPortal*" + ] + }, + { + "Action":[ + "iam:GetPolicy", + "iam:ListEntitiesForPolicy", + "iam:ListPolicyVersions" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:policy/AWSPortal*" + ] + }, + { + "Action":[ + "iam:GetRole", + "iam:GetRolePolicy" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/AWSPortal*", + "arn:aws:iam::*:role/DeadlineSpot*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "ec2.amazonaws.com", + "ec2fleet.amazonaws.com", + "spot.amazonaws.com", + "spotfleet.amazonaws.com", + "cloudformation.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/AWSPortal*", + "arn:aws:iam::*:role/DeadlineSpot*" + ] + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "ec2fleet.amazonaws.com", + "spot.amazonaws.com", + "spotfleet.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/*" + }, + { + "Action":[ + "s3:CreateBucket", + "s3:GetBucketLocation", + "s3:GetBucketLogging", + "s3:GetBucketVersioning", + "s3:PutBucketAcl", + "s3:PutBucketCORS", + "s3:PutBucketVersioning", + "s3:GetBucketAcl", + "s3:GetObject", + "s3:PutBucketLogging", + "s3:PutBucketTagging", + "s3:PutObject", + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:PutEncryptionConfiguration", + "s3:PutLifecycleConfiguration", + "s3:DeleteBucket", + "s3:DeleteObject", + "s3:DeleteBucketPolicy", + "s3:DeleteObjectVersion" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3::*:awsportal*", + "arn:aws:s3::*:stack*", + "arn:aws:s3::*:aws-portal-cache*", + "arn:aws:s3::*:logs-for-aws-portal-cache*", + "arn:aws:s3::*:logs-for-stack*" + ] + }, + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "dynamodb:Scan" + ], + "Effect":"Allow", + "Resource":"arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" + }, + { + "Action":[ + "cloudformation:CreateStack", + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStackResources", + "cloudformation:DeleteStack", + "cloudformation:DeleteChangeSet", + "cloudformation:ListStackResources", + "cloudformation:CreateChangeSet", + "cloudformation:DescribeChangeSet", + "cloudformation:ExecuteChangeSet", + "cloudformation:UpdateTerminationProtection" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/stack*/*", + "arn:aws:cloudformation:*:*:stack/Deadline*/*" + ] + }, + { + "Action":[ + "cloudformation:EstimateTemplateCost", + "cloudformation:DescribeStacks" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:DescribeLogStreams", + "logs:GetLogEvents", + "logs:PutRetentionPolicy", + "logs:DeleteRetentionPolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/thinkbox*" + }, + { + "Action":[ + "logs:DescribeLogGroups", + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:Encrypt", + "kms:GenerateDataKey" + ], + "Condition":{ + "StringLike":{ + "kms:ViaService":[ + "s3.*.amazonaws.com", + "secretsmanager.*.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "secretsmanager:CreateSecret" + ], + "Condition":{ + "StringLike":{ + "secretsmanager:Name":[ + "rcs-tls-pw*" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "secretsmanager:DeleteSecret", + "secretsmanager:UpdateSecret", + "secretsmanager:DescribeSecret", + "secretsmanager:TagResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:rcs-tls-pw*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-20T17:16:03+00:00" + }, + "AWSThinkboxAWSPortalGatewayPolicy":{ + "CreateDate":"2020-05-27T19:05:00+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:PutLogEvents", + "logs:DescribeLogStreams", + "logs:DescribeLogGroups", + "logs:CreateLogStream" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/thinkbox*" + ] + }, + { + "Action":[ + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "s3:GetObject", + "s3:PutObject", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-portal-cache*" + ] + }, + { + "Action":"dynamodb:Scan", + "Effect":"Allow", + "Resource":[ + "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" + ] + }, + { + "Action":[ + "s3:ListBucket", + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::stack*" + ] + }, + { + "Action":[ + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::stack*/gateway_certs/*" + ] + }, + { + "Action":[ + "secretsmanager:GetSecretValue" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:secretsmanager:*:*:secret:rcs-tls-pw-stack*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-30T16:02:07+00:00" + }, + "AWSThinkboxAWSPortalWorkerPolicy":{ + "CreateDate":"2020-05-27T19:15:05+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeTags" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ec2:TerminateInstances" + ], + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/DeadlineRole":"DeadlineRenderNode" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":[ + "s3:GetObject", + "s3:PutObject", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-portal-cache*" + ] + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::stack*/gateway_certs/*" + ] + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams", + "logs:DescribeLogGroups" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/thinkbox*" + ] + }, + { + "Action":[ + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "sqs:SendMessage", + "sqs:GetQueueUrl" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sqs:*:*:DeadlineAWS*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-07T23:27:47+00:00" + }, + "AWSThinkboxAssetServerPolicy":{ + "CreateDate":"2020-05-27T19:18:53+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:GetLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/thinkbox*" + ] + }, + { + "Action":[ + "s3:GetObject", + "s3:PutObject", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-portal-cache*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-05-27T19:18:53+00:00" + }, + "AWSThinkboxDeadlineResourceTrackerAccessPolicy":{ + "CreateDate":"2020-05-27T19:25:05+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "dynamodb:ListStreams" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "dynamodb:BatchWriteItem", + "dynamodb:DeleteItem", + "dynamodb:DescribeStream", + "dynamodb:DescribeTable", + "dynamodb:GetItem", + "dynamodb:GetRecords", + "dynamodb:GetShardIterator", + "dynamodb:PutItem", + "dynamodb:Scan", + "dynamodb:UpdateItem", + "dynamodb:UpdateTable" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeHealth*", + "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeInfo*", + "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" + ] + }, + { + "Action":[ + "ec2:CancelSpotFleetRequests", + "ec2:DeleteFleets", + "ec2:DescribeFleetInstances", + "ec2:DescribeFleets", + "ec2:DescribeInstances", + "ec2:DescribeSpotFleetInstances", + "ec2:DescribeSpotFleetRequests" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ec2:RebootInstances", + "ec2:TerminateInstances" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/DeadlineTrackedAWSResource":"*" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":[ + "events:PutEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:events:*:*:event-bus/default" + ] + }, + { + "Action":[ + "lambda:InvokeFunction" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:function:DeadlineResourceTracker*" + ] + }, + { + "Action":[ + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/lambda/DeadlineResourceTracker*" + ] + }, + { + "Action":[ + "sqs:DeleteMessage", + "sqs:GetQueueAttributes", + "sqs:ReceiveMessage" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sqs:*:*:DeadlineAWSComputeNodeStateMessageQueue*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-05-27T19:25:05+00:00" + }, + "AWSThinkboxDeadlineResourceTrackerAdminPolicy":{ + "CreateDate":"2020-05-27T19:29:09+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "application-autoscaling:DeleteScalingPolicy", + "application-autoscaling:DeregisterScalableTarget", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:PutScalingPolicy", + "application-autoscaling:RegisterScalableTarget" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "cloudformation:ListStacks" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "cloudformation:CreateStack", + "cloudformation:DeleteStack", + "cloudformation:UpdateStack", + "cloudformation:DescribeStacks", + "cloudformation:UpdateTerminationProtection" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/DeadlineResourceTracker*" + ] + }, + { + "Action":[ + "dynamodb:CreateTable", + "dynamodb:DeleteTable", + "dynamodb:DescribeTable", + "dynamodb:ListTagsOfResource", + "dynamodb:TagResource", + "dynamodb:UntagResource" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeHealth*", + "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeInfo*", + "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" + ] + }, + { + "Action":[ + "dynamodb:BatchWriteItem", + "dynamodb:Scan" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" + ] + }, + { + "Action":[ + "events:DeleteRule", + "events:DescribeRule", + "events:PutRule", + "events:PutTargets", + "events:RemoveTargets" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:events:*:*:rule/DeadlineResourceTracker*" + ] + }, + { + "Action":[ + "iam:GetRole", + "iam:ListAttachedRolePolicies" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/DeadlineResourceTracker*" + ] + }, + { + "Action":[ + "iam:GetUser" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "dynamodb.application-autoscaling.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "lambda.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/DeadlineResourceTrackerAccess*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "application-autoscaling.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/dynamodb.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_DynamoDBTable" + ] + }, + { + "Action":[ + "lambda:GetEventSourceMapping" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "lambda:CreateEventSourceMapping", + "lambda:DeleteEventSourceMapping" + ], + "Condition":{ + "StringLike":{ + "lambda:FunctionArn":[ + "arn:aws:lambda:*:*:function:DeadlineResourceTracker*" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "lambda:AddPermission", + "lambda:RemovePermission" + ], + "Condition":{ + "StringLike":{ + "lambda:Principal":"events.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:function:DeadlineResourceTracker*" + ] + }, + { + "Action":[ + "lambda:CreateFunction", + "lambda:DeleteFunction", + "lambda:DeleteFunctionConcurrency", + "lambda:GetFunction", + "lambda:GetFunctionConfiguration", + "lambda:ListTags", + "lambda:PutFunctionConcurrency", + "lambda:TagResource", + "lambda:UntagResource", + "lambda:UpdateFunctionCode", + "lambda:UpdateFunctionConfiguration" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:function:DeadlineResourceTracker*" + ] + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*/deadline_aws_resource_tracker-*.zip", + "arn:aws:s3:::*/DeadlineAWSResourceTrackerTemplate-*.yaml" + ] + }, + { + "Action":[ + "sqs:CreateQueue", + "sqs:DeleteQueue", + "sqs:GetQueueAttributes", + "sqs:ListQueueTags", + "sqs:TagQueue", + "sqs:UntagQueue" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sqs:*:*:DeadlineAWSComputeNodeState*", + "arn:aws:sqs:*:*:DeadlineResourceTracker*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-22T18:08:40+00:00" + }, + "AWSThinkboxDeadlineSpotEventPluginAdminPolicy":{ + "CreateDate":"2020-05-27T19:38:34+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CancelSpotFleetRequests", + "ec2:DescribeSpotFleetInstances", + "ec2:DescribeSpotFleetRequests", + "ec2:ModifySpotFleetRequest", + "ec2:RequestSpotFleet" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"RunInstances" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ec2:TerminateInstances" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/aws:ec2spot:fleet-request-id":"*" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "spot.amazonaws.com", + "spotfleet.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/*" + ] + }, + { + "Action":[ + "iam:GetInstanceProfile" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:instance-profile/*" + ] + }, + { + "Action":[ + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-ec2-spot-fleet-tagging-role", + "arn:aws:iam::*:role/DeadlineSpot*" + ] + }, + { + "Action":[ + "iam:GetUser" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":"ec2.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-ec2-spot-fleet-tagging-role", + "arn:aws:iam::*:role/DeadlineSpot*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-05-27T19:38:34+00:00" + }, + "AWSThinkboxDeadlineSpotEventPluginWorkerPolicy":{ + "CreateDate":"2020-05-27T19:35:00+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeTags" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ec2:TerminateInstances" + ], + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/DeadlineTrackedAWSResource":"SpotEventPlugin" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":[ + "ec2:TerminateInstances" + ], + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/DeadlineResourceTracker":"SpotEventPlugin" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":[ + "sqs:GetQueueUrl", + "sqs:SendMessage" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sqs:*:*:DeadlineAWSComputeNodeState*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-07T23:31:31+00:00" + }, + "AWSTransferConsoleFullAccess":{ + "CreateDate":"2020-12-14T19:33:25+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"transfer.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "acm:ListCertificates", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeVpcEndpoints", + "health:DescribeEventAggregates", + "iam:GetPolicyVersion", + "iam:ListPolicies", + "iam:ListRoles", + "route53:ListHostedZones", + "s3:ListAllMyBuckets", + "transfer:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-14T19:33:25+00:00" + }, + "AWSTransferFullAccess":{ + "CreateDate":"2020-12-14T19:37:23+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"transfer:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"transfer.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeVpcEndpoints", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeAddresses" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-14T19:37:23+00:00" + }, + "AWSTransferLoggingAccess":{ + "CreateDate":"2019-01-14T15:32:50+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogStream", + "logs:DescribeLogStreams", + "logs:CreateLogGroup", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-01-14T15:32:50+00:00" + }, + "AWSTransferReadOnlyAccess":{ + "CreateDate":"2020-08-27T17:54:51+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "transfer:DescribeUser", + "transfer:DescribeServer", + "transfer:ListUsers", + "transfer:ListServers", + "transfer:TestIdentityProvider", + "transfer:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-27T17:54:51+00:00" + }, + "AWSTrustedAdvisorReportingServiceRolePolicy":{ + "CreateDate":"2019-11-19T17:41:13+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "organizations:DescribeOrganization", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListAccounts", + "organizations:ListAccountsForParent", + "organizations:ListOrganizationalUnitsForParent", + "organizations:ListChildren", + "organizations:ListParents", + "organizations:DescribeOrganizationalUnit", + "organizations:DescribeAccount" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-09-11T21:36:48+00:00" + }, + "AWSTrustedAdvisorServiceRolePolicy":{ + "CreateDate":"2018-02-22T21:24:25+00:00", + "DefaultVersionId":"v9", + "Document":{ + "Statement":[ + { + "Action":[ + "autoscaling:DescribeAccountLimits", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeLaunchConfigurations", + "cloudformation:DescribeAccountLimits", + "cloudformation:DescribeStacks", + "cloudformation:ListStacks", + "cloudfront:ListDistributions", + "cloudtrail:DescribeTrails", + "cloudtrail:GetTrailStatus", + "dynamodb:DescribeLimits", + "dynamodb:DescribeTable", + "dynamodb:ListTables", + "ec2:DescribeAddresses", + "ec2:DescribeReservedInstances", + "ec2:DescribeInstances", + "ec2:DescribeVpcs", + "ec2:DescribeInternetGateways", + "ec2:DescribeImages", + "ec2:DescribeVolumes", + "ec2:DescribeSecurityGroups", + "ec2:DescribeReservedInstancesOfferings", + "ec2:DescribeSnapshots", + "ec2:DescribeVpnConnections", + "ec2:DescribeVpnGateways", + "ec2:DescribeLaunchTemplateVersions", + "elasticloadbalancing:DescribeAccountLimits", + "elasticloadbalancing:DescribeInstanceHealth", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeLoadBalancerPolicies", + "elasticloadbalancing:DescribeLoadBalancerPolicyTypes", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTargetGroups", + "iam:GenerateCredentialReport", + "iam:GetAccountPasswordPolicy", + "iam:GetAccountSummary", + "iam:GetCredentialReport", + "iam:GetServerCertificate", + "iam:ListServerCertificates", + "kinesis:DescribeLimits", + "rds:DescribeAccountAttributes", + "rds:DescribeDBClusters", + "rds:DescribeDBEngineVersions", + "rds:DescribeDBInstances", + "rds:DescribeDBParameterGroups", + "rds:DescribeDBParameters", + "rds:DescribeDBSecurityGroups", + "rds:DescribeDBSnapshots", + "rds:DescribeDBSubnetGroups", + "rds:DescribeEngineDefaultParameters", + "rds:DescribeEvents", + "rds:DescribeOptionGroupOptions", + "rds:DescribeOptionGroups", + "rds:DescribeOrderableDBInstanceOptions", + "rds:DescribeReservedDBInstances", + "rds:DescribeReservedDBInstancesOfferings", + "rds:ListTagsForResource", + "redshift:DescribeClusters", + "redshift:DescribeReservedNodeOfferings", + "redshift:DescribeReservedNodes", + "route53:GetAccountLimit", + "route53:GetHealthCheck", + "route53:GetHostedZone", + "route53:ListHealthChecks", + "route53:ListHostedZones", + "route53:ListHostedZonesByName", + "route53:ListResourceRecordSets", + "s3:GetAccountPublicAccessBlock", + "s3:GetBucketAcl", + "s3:GetBucketPolicy", + "s3:GetBucketPolicyStatus", + "s3:GetBucketLocation", + "s3:GetBucketLogging", + "s3:GetBucketVersioning", + "s3:GetBucketPublicAccessBlock", + "s3:ListBucket", + "s3:ListAllMyBuckets", + "ses:GetSendQuota", + "sqs:ListQueues", + "cloudwatch:GetMetricStatistics", + "ce:GetReservationPurchaseRecommendation", + "ce:GetSavingsPlansPurchaseRecommendation" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-10T22:41:30+00:00" + }, + "AWSVPCS2SVpnServiceRolePolicy":{ + "CreateDate":"2019-08-06T14:13:58+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "acm:ExportCertificate", + "acm:DescribeCertificate", + "acm:ListCertificates", + "acm-pca:DescribeCertificateAuthority" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"0" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-08-06T14:13:58+00:00" + }, + "AWSVPCTransitGatewayServiceRolePolicy":{ + "CreateDate":"2018-11-26T16:21:17+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:DeleteNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:AssignIpv6Addresses", + "ec2:UnAssignIpv6Addresses" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"0" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-04-15T16:31:44+00:00" + }, + "AWSWAFConsoleFullAccess":{ + "CreateDate":"2020-04-06T18:38:38+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "apigateway:GET", + "apigateway:SetWebACL", + "cloudfront:ListDistributions", + "cloudfront:ListDistributionsByWebACLId", + "cloudfront:UpdateDistribution", + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "ec2:DescribeRegions", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:SetWebACL", + "appsync:ListGraphqlApis", + "appsync:SetWebACL", + "waf-regional:*", + "waf:*", + "wafv2:*", + "s3:ListAllMyBuckets", + "logs:DescribeResourcePolicies", + "logs:DescribeLogGroups" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowUseOfAWSWAF" + }, + { + "Action":[ + "logs:CreateLogDelivery", + "logs:DeleteLogDelivery" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowLogDeliverySubscription" + }, + { + "Action":[ + "s3:PutBucketPolicy", + "s3:GetBucketPolicy" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-waf-logs-*" + ], + "Sid":"GrantLogDeliveryPermissionForS3Bucket" + }, + { + "Action":[ + "logs:PutResourcePolicy" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "wafv2.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"GrantLogDeliveryPermissionForCloudWatchLogGroup" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-01-11T19:34:04+00:00" + }, + "AWSWAFConsoleReadOnlyAccess":{ + "CreateDate":"2020-04-06T18:43:24+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "apigateway:GET", + "cloudfront:ListDistributions", + "cloudfront:ListDistributionsByWebACLId", + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "ec2:DescribeRegions", + "elasticloadbalancing:DescribeLoadBalancers", + "appsync:ListGraphqlApis", + "waf-regional:Get*", + "waf-regional:List*", + "waf:Get*", + "waf:List*", + "wafv2:Describe*", + "wafv2:Get*", + "wafv2:List*", + "wafv2:CheckCapacity" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-10-01T20:13:54+00:00" + }, + "AWSWAFFullAccess":{ + "CreateDate":"2015-10-06T20:44:00+00:00", + "DefaultVersionId":"v7", + "Document":{ + "Statement":[ + { + "Action":[ + "waf:*", + "waf-regional:*", + "wafv2:*", + "elasticloadbalancing:SetWebACL", + "apigateway:SetWebACL", + "appsync:SetWebACL", + "logs:DescribeResourcePolicies", + "logs:DescribeLogGroups" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowUseOfAWSWAF" + }, + { + "Action":[ + "logs:CreateLogDelivery", + "logs:DeleteLogDelivery" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowLogDeliverySubscription" + }, + { + "Action":[ + "s3:PutBucketPolicy", + "s3:GetBucketPolicy" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-waf-logs-*" + ], + "Sid":"GrantLogDeliveryPermissionForS3Bucket" + }, + { + "Action":[ + "logs:PutResourcePolicy" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "wafv2.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"GrantLogDeliveryPermissionForCloudWatchLogGroup" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-01-11T19:33:38+00:00" + }, + "AWSWAFReadOnlyAccess":{ + "CreateDate":"2015-10-06T20:43:45+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "waf:Get*", + "waf:List*", + "waf-regional:Get*", + "waf-regional:List*", + "wafv2:Get*", + "wafv2:List*", + "wafv2:Describe*", + "wafv2:CheckCapacity" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-22T22:38:54+00:00" + }, + "AWSWellArchitectedOrganizationsServiceRolePolicy":{ + "CreateDate":"2022-06-23T17:15:26+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:ListAccounts", + "organizations:ListAccountsForParent", + "organizations:ListChildren", + "organizations:ListParents", + "organizations:ListRoots" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-23T17:15:26+00:00" + }, + "AWSXRayDaemonWriteAccess":{ + "CreateDate":"2018-08-28T23:00:33+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + "xray:GetSamplingRules", + "xray:GetSamplingTargets", + "xray:GetSamplingStatisticSummaries" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-08-28T23:00:33+00:00" + }, + "AWSXrayFullAccess":{ + "CreateDate":"2016-12-01T18:30:55+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "xray:*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-12-01T18:30:55+00:00" + }, + "AWSXrayReadOnlyAccess":{ + "CreateDate":"2016-12-01T18:27:02+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "xray:GetSamplingRules", + "xray:GetSamplingTargets", + "xray:GetSamplingStatisticSummaries", + "xray:BatchGetTraces", + "xray:GetServiceGraph", + "xray:GetTraceGraph", + "xray:GetTraceSummaries", + "xray:GetGroups", + "xray:GetGroup", + "xray:ListTagsForResource", + "xray:GetTimeSeriesServiceStatistics", + "xray:GetInsightSummaries", + "xray:GetInsight", + "xray:GetInsightEvents", + "xray:GetInsightImpactGraph" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-09-03T22:19:40+00:00" + }, + "AWSXrayWriteOnlyAccess":{ + "CreateDate":"2016-12-01T18:19:53+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "xray:PutTraceSegments", + "xray:PutTelemetryRecords", + "xray:GetSamplingRules", + "xray:GetSamplingTargets", + "xray:GetSamplingStatisticSummaries" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-08-28T23:03:04+00:00" + }, + "AWS_ConfigRole":{ + "CreateDate":"2020-09-15T20:30:30+00:00", + "DefaultVersionId":"v13", + "Document":{ + "Statement":[ + { + "Action":[ + "access-analyzer:GetAnalyzer", + "access-analyzer:GetArchiveRule", + "access-analyzer:ListAnalyzers", + "access-analyzer:ListArchiveRules", + "access-analyzer:ListTagsForResource", + "account:GetAlternateContact", + "acm:DescribeCertificate", + "acm:ListCertificates", + "acm:ListTagsForCertificate", + "apigateway:GET", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingPolicies", + "athena:GetDataCatalog", + "athena:GetWorkGroup", + "athena:ListDataCatalogs", + "athena:ListTagsForResource", + "athena:ListWorkGroups", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribeLifecycleHooks", + "autoscaling:DescribePolicies", + "autoscaling:DescribeScheduledActions", + "autoscaling:DescribeTags", + "backup-gateway:ListTagsForResource", + "backup-gateway:ListVirtualMachines", + "backup:DescribeBackupVault", + "backup:DescribeRecoveryPoint", + "backup:GetBackupPlan", + "backup:GetBackupSelection", + "backup:GetBackupVaultAccessPolicy", + "backup:GetBackupVaultNotifications", + "backup:ListBackupPlans", + "backup:ListBackupSelections", + "backup:ListBackupVaults", + "backup:ListRecoveryPointsByBackupVault", + "backup:ListTags", + "batch:DescribeComputeEnvironments", + "batch:DescribeJobQueues", + "batch:ListTagsForResource", + "cloudformation:DescribeType", + "cloudformation:GetResource", + "cloudformation:ListResources", + "cloudformation:ListTypes", + "cloudfront:ListDistributions", + "cloudfront:ListTagsForResource", + "cloudtrail:DescribeTrails", + "cloudtrail:GetEventDataStore", + "cloudtrail:GetEventSelectors", + "cloudtrail:GetTrailStatus", + "cloudtrail:ListEventDataStores", + "cloudtrail:ListTags", + "cloudwatch:DescribeAlarms", + "codedeploy:GetDeploymentConfig", + "codepipeline:GetPipeline", + "codepipeline:GetPipelineState", + "codepipeline:ListPipelines", + "config:BatchGet*", + "config:Describe*", + "config:Get*", + "config:List*", + "config:Put*", + "config:Select*", + "dax:DescribeClusters", + "dax:DescribeParameterGroups", + "dax:DescribeParameters", + "dax:DescribeSubnetGroups", + "dax:ListTags", + "detective:ListTagsForResource", + "detective:ListGraphs", + "dms:DescribeCertificates", + "dms:DescribeEventSubscriptions", + "dms:DescribeReplicationInstances", + "dms:DescribeReplicationTasks", + "dms:DescribeReplicationSubnetGroups", + "dms:ListTagsForResource", + "dynamodb:DescribeContinuousBackups", + "dynamodb:DescribeGlobalTable", + "dynamodb:DescribeGlobalTableSettings", + "dynamodb:DescribeLimits", + "dynamodb:DescribeTable", + "dynamodb:ListTables", + "dynamodb:ListTagsOfResource", + "ec2:Describe*", + "ec2:DescribeClientVpnAuthorizationRules", + "ec2:DescribeClientVpnEndpoints", + "ec2:DescribeDhcpOptions", + "ec2:DescribeFleets", + "ec2:DescribeNetworkAcls", + "ec2:DescribePlacementGroups", + "ec2:DescribeSpotFleetRequests", + "ec2:DescribeVolumeAttribute", + "ec2:DescribeVolumes", + "ec2:GetEbsEncryptionByDefault", + "ecr-public:DescribeRepositories", + "ecr-public:GetRepositoryCatalogData", + "ecr-public:GetRepositoryPolicy", + "ecr-public:ListTagsForResource", + "ecr:DescribeRepositories", + "ecr:GetLifecyclePolicy", + "ecr:GetRepositoryPolicy", + "ecr:ListTagsForResource", + "ecs:DescribeClusters", + "ecs:DescribeServices", + "ecs:DescribeTaskDefinition", + "ecs:DescribeTaskSets", + "ecs:ListClusters", + "ecs:ListServices", + "ecs:ListTagsForResource", + "ecs:ListTaskDefinitionFamilies", + "ecs:ListTaskDefinitions", + "eks:DescribeCluster", + "eks:DescribeFargateProfile", + "eks:DescribeNodegroup", + "eks:ListClusters", + "eks:ListFargateProfiles", + "eks:ListNodegroups", + "eks:ListTagsForResource", + "elasticache:DescribeCacheClusters", + "elasticache:DescribeCacheParameterGroups", + "elasticache:DescribeCacheSubnetGroups", + "elasticache:DescribeReplicationGroups", + "elasticache:DescribeSnapshots", + "elasticache:ListTagsForResource", + "elasticbeanstalk:DescribeConfigurationSettings", + "elasticbeanstalk:DescribeEnvironments", + "elasticfilesystem:DescribeAccessPoints", + "elasticfilesystem:DescribeBackupPolicy", + "elasticfilesystem:DescribeFileSystemPolicy", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeLifecycleConfiguration", + "elasticfilesystem:DescribeMountTargets", + "elasticfilesystem:DescribeMountTargetSecurityGroups", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeLoadBalancerPolicies", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTags", + "elasticmapreduce:DescribeCluster", + "elasticmapreduce:DescribeSecurityConfiguration", + "elasticmapreduce:DescribeStep", + "elasticmapreduce:GetBlockPublicAccessConfiguration", + "elasticmapreduce:GetManagedScalingPolicy", + "elasticmapreduce:ListClusters", + "elasticmapreduce:ListInstanceFleets", + "elasticmapreduce:ListInstanceGroups", + "elasticmapreduce:ListInstances", + "elasticmapreduce:ListSecurityConfigurations", + "elasticmapreduce:ListSteps", + "es:DescribeDomain", + "es:DescribeDomains", + "es:DescribeElasticsearchDomain", + "es:DescribeElasticsearchDomains", + "es:GetCompatibleElasticsearchVersions", + "es:GetCompatibleVersions", + "es:ListDomainNames", + "es:ListTags", + "firehose:DescribeDeliveryStream", + "firehose:ListDeliveryStreams", + "firehose:ListTagsForDeliveryStream", + "fsx:DescribeFileSystems", + "fsx:ListTagsForResource", + "globalaccelerator:DescribeAccelerator", + "globalaccelerator:DescribeEndpointGroup", + "globalaccelerator:DescribeListener", + "globalaccelerator:ListAccelerators", + "globalaccelerator:ListEndpointGroups", + "globalaccelerator:ListListeners", + "globalaccelerator:ListTagsForResource", + "glue:BatchGetDevEndpoints", + "glue:GetDevEndpoint", + "glue:GetDevEndpoints", + "glue:GetSecurityConfiguration", + "glue:GetSecurityConfigurations", + "glue:GetTags", + "glue:ListCrawlers", + "glue:ListDevEndpoints", + "glue:ListJobs", + "glue:ListWorkflows", + "guardduty:GetDetector", + "guardduty:GetFilter", + "guardduty:GetFindings", + "guardduty:GetIPSet", + "guardduty:GetMasterAccount", + "guardduty:GetMembers", + "guardduty:GetThreatIntelSet", + "guardduty:ListDetectors", + "guardduty:ListFilters", + "guardduty:ListFindings", + "guardduty:ListIPSets", + "guardduty:ListMembers", + "guardduty:ListOrganizationAdminAccounts", + "guardduty:ListTagsForResource", + "guardduty:ListThreatIntelSets", + "iam:GenerateCredentialReport", + "iam:GetAccountAuthorizationDetails", + "iam:GetAccountPasswordPolicy", + "iam:GetAccountSummary", + "iam:GetCredentialReport", + "iam:GetGroup", + "iam:GetGroupPolicy", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:GetUser", + "iam:GetUserPolicy", + "iam:ListAttachedGroupPolicies", + "iam:ListAttachedRolePolicies", + "iam:ListAttachedUserPolicies", + "iam:ListEntitiesForPolicy", + "iam:ListGroupPolicies", + "iam:ListGroupsForUser", + "iam:ListInstanceProfilesForRole", + "iam:ListPolicyVersions", + "iam:ListRolePolicies", + "iam:ListUserPolicies", + "iam:ListVirtualMFADevices", + "kafka:DescribeCluster", + "kafka:ListClusters", + "kinesis:DescribeStreamConsumer", + "kinesis:DescribeStreamSummary", + "kinesis:ListStreamConsumers", + "kinesis:ListStreams", + "kinesis:ListTagsForStream", + "kms:DescribeKey", + "kms:GetKeyPolicy", + "kms:GetKeyRotationStatus", + "kms:ListAliases", + "kms:ListKeys", + "kms:ListResourceTags", + "lambda:GetAlias", + "lambda:GetFunction", + "lambda:GetFunctionCodeSigningConfig", + "lambda:GetPolicy", + "lambda:ListAliases", + "lambda:ListFunctions", + "lambda:ListVersionsByFunction", + "logs:DescribeLogGroups", + "logs:ListTagsLogGroup", + "macie2:GetMacieSession", + "network-firewall:DescribeLoggingConfiguration", + "network-firewall:ListFirewalls", + "opsworks:DescribeLayers", + "opsworks:ListTags", + "organizations:DescribeOrganization", + "organizations:DescribePolicy", + "organizations:ListParents", + "organizations:ListPolicies", + "organizations:ListPoliciesForTarget", + "ram:GetResourceShareAssociations", + "ram:GetResourceShares", + "rds:DescribeDBClusterParameterGroups", + "rds:DescribeDBClusterParameters", + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshotAttributes", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBEngineVersions", + "rds:DescribeDBInstances", + "rds:DescribeDBParameterGroups", + "rds:DescribeDBParameterGroups", + "rds:DescribeDBParameters", + "rds:DescribeDBSecurityGroups", + "rds:DescribeDBSnapshotAttributes", + "rds:DescribeDBSnapshots", + "rds:DescribeDBSubnetGroups", + "rds:DescribeEventSubscriptions", + "rds:DescribeOptionGroups", + "rds:ListTagsForResource", + "redshift:DescribeClusterParameterGroups", + "redshift:DescribeClusterParameters", + "redshift:DescribeClusters", + "redshift:DescribeClusterSecurityGroups", + "redshift:DescribeClusterSnapshots", + "redshift:DescribeClusterSubnetGroups", + "redshift:DescribeEventSubscriptions", + "redshift:DescribeLoggingStatus", + "route53:GetHealthCheck", + "route53:GetHostedZone", + "route53:ListHealthChecks", + "route53:ListHostedZones", + "route53:ListHostedZonesByName", + "route53:ListQueryLoggingConfigs", + "route53:ListResourceRecordSets", + "route53:ListTagsForResource", + "route53resolver:GetResolverEndpoint", + "route53resolver:GetResolverRule", + "route53resolver:GetResolverRuleAssociation", + "route53resolver:ListResolverEndpointIpAddresses", + "route53resolver:ListResolverEndpoints", + "route53resolver:ListResolverRuleAssociations", + "route53resolver:ListResolverRules", + "route53resolver:ListTagsForResource", + "s3:GetAccelerateConfiguration", + "s3:GetAccessPoint", + "s3:GetAccessPointPolicy", + "s3:GetAccessPointPolicyStatus", + "s3:GetAccountPublicAccessBlock", + "s3:GetBucketAcl", + "s3:GetBucketCORS", + "s3:GetBucketLocation", + "s3:GetBucketLogging", + "s3:GetBucketNotification", + "s3:GetBucketObjectLockConfiguration", + "s3:GetBucketPolicy", + "s3:GetBucketPublicAccessBlock", + "s3:GetBucketRequestPayment", + "s3:GetBucketTagging", + "s3:GetBucketVersioning", + "s3:GetBucketWebsite", + "s3:GetEncryptionConfiguration", + "s3:GetLifecycleConfiguration", + "s3:GetReplicationConfiguration", + "s3:ListAccessPoints", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "sagemaker:DescribeCodeRepository", + "sagemaker:DescribeEndpoint", + "sagemaker:DescribeEndpointConfig", + "sagemaker:DescribeModel", + "sagemaker:DescribeMonitoringSchedule", + "sagemaker:DescribeNotebookInstance", + "sagemaker:DescribeNotebookInstanceLifecycleConfig", + "sagemaker:DescribeWorkteam", + "sagemaker:ListCodeRepositories", + "sagemaker:ListEndpointConfigs", + "sagemaker:ListEndpoints", + "sagemaker:ListModels", + "sagemaker:ListMonitoringSchedules", + "sagemaker:ListNotebookInstanceLifecycleConfigs", + "sagemaker:ListNotebookInstances", + "sagemaker:ListTags", + "sagemaker:ListWorkteams", + "secretsmanager:ListSecrets", + "secretsmanager:ListSecretVersionIds", + "securityhub:DescribeHub", + "ses:GetConfigurationSet", + "ses:GetConfigurationSetEventDestinations", + "ses:ListConfigurationSets", + "shield:DescribeDRTAccess", + "shield:DescribeProtection", + "shield:DescribeSubscription", + "sns:GetSubscriptionAttributes", + "sns:GetTopicAttributes", + "sns:ListSubscriptions", + "sns:ListSubscriptionsByTopic", + "sns:ListTagsForResource", + "sns:ListTopics", + "sqs:GetQueueAttributes", + "sqs:ListQueues", + "sqs:ListQueueTags", + "ssm:DescribeAutomationExecutions", + "ssm:DescribeDocument", + "ssm:DescribeDocumentPermission", + "ssm:GetAutomationExecution", + "ssm:GetDocument", + "ssm:ListDocuments", + "sso:DescribeInstanceAccessControlAttributeConfiguration", + "sso:DescribePermissionSet", + "sso:ListManagedPoliciesInPermissionSet", + "sso:ListPermissionSets", + "sso:ListTagsForResource", + "states:DescribeActivity", + "states:DescribeStateMachine", + "states:ListActivities", + "states:ListStateMachines", + "states:ListTagsForResource", + "storagegateway:ListGateways", + "storagegateway:ListTagsForResource", + "storagegateway:ListVolumes", + "support:DescribeCases", + "tag:GetResources", + "waf-regional:GetLoggingConfiguration", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", + "waf:GetLoggingConfiguration", + "waf:GetWebACL", + "wafv2:GetLoggingConfiguration", + "wafv2:GetRuleGroup", + "wafv2:ListRuleGroups", + "wafv2:ListTagsForResource", + "workspaces:DescribeConnectionAliases", + "workspaces:DescribeTags", + "workspaces:DescribeWorkspaces" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/config/*" + }, + { + "Action":"logs:PutLogEvents", + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/config/*:log-stream:config-rule-evaluation/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-27T03:11:37+00:00" + }, + "AccessAnalyzerServiceRolePolicy":{ + "CreateDate":"2019-12-02T17:13:10+00:00", + "DefaultVersionId":"v7", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeAddresses", + "ec2:DescribeByoipCidrs", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs", + "iam:GetRole", + "iam:ListRoles", + "kms:DescribeKey", + "kms:GetKeyPolicy", + "kms:ListGrants", + "kms:ListKeyPolicies", + "kms:ListKeys", + "lambda:GetFunctionUrlConfig", + "lambda:GetLayerVersionPolicy", + "lambda:GetPolicy", + "lambda:ListAliases", + "lambda:ListFunctions", + "lambda:ListLayers", + "lambda:ListLayerVersions", + "lambda:ListVersionsByFunction", + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:DescribeOrganizationalUnit", + "organizations:ListAccounts", + "organizations:ListAccountsForParent", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListChildren", + "organizations:ListDelegatedAdministrators", + "organizations:ListOrganizationalUnitsForParent", + "organizations:ListParents", + "organizations:ListRoots", + "s3:DescribeMultiRegionAccessPointOperation", + "s3:GetAccessPoint", + "s3:GetAccessPointPolicy", + "s3:GetAccessPointPolicyStatus", + "s3:GetAccountPublicAccessBlock", + "s3:GetBucketAcl", + "s3:GetBucketLocation", + "s3:GetBucketPolicyStatus", + "s3:GetBucketPolicy", + "s3:GetBucketPublicAccessBlock", + "s3:GetMultiRegionAccessPoint", + "s3:GetMultiRegionAccessPointPolicy", + "s3:GetMultiRegionAccessPointPolicyStatus", + "s3:ListAccessPoints", + "s3:ListAllMyBuckets", + "s3:ListMultiRegionAccessPoints", + "sns:GetTopicAttributes", + "sns:ListTopics", + "secretsmanager:DescribeSecret", + "secretsmanager:GetResourcePolicy", + "secretsmanager:ListSecrets", + "sqs:GetQueueAttributes", + "sqs:ListQueues" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-06T20:18:51+00:00" + }, + "AdministratorAccess":{ + "CreateDate":"2015-02-06T18:39:46+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"*", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:39:46+00:00" + }, + "AdministratorAccess-AWSElasticBeanstalk":{ + "CreateDate":"2021-01-22T19:36:54+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "acm:Describe*", + "acm:List*", + "autoscaling:Describe*", + "cloudformation:Describe*", + "cloudformation:Estimate*", + "cloudformation:Get*", + "cloudformation:List*", + "cloudformation:Validate*", + "cloudtrail:LookupEvents", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "codecommit:Get*", + "codecommit:UploadArchive", + "ec2:AllocateAddress", + "ec2:AssociateAddress", + "ec2:AuthorizeSecurityGroup*", + "ec2:CreateLaunchTemplate*", + "ec2:CreateSecurityGroup", + "ec2:CreateTags", + "ec2:DeleteLaunchTemplate*", + "ec2:DeleteSecurityGroup", + "ec2:DeleteTags", + "ec2:Describe*", + "ec2:DisassociateAddress", + "ec2:ReleaseAddress", + "ec2:RevokeSecurityGroup*", + "ecs:CreateCluster", + "ecs:DeRegisterTaskDefinition", + "ecs:Describe*", + "ecs:List*", + "ecs:RegisterTaskDefinition", + "elasticbeanstalk:*", + "elasticloadbalancing:Describe*", + "iam:GetRole", + "iam:ListAttachedRolePolicies", + "iam:ListInstanceProfiles", + "iam:ListRolePolicies", + "iam:ListRoles", + "iam:ListServerCertificates", + "logs:Describe*", + "rds:Describe*", + "s3:ListAllMyBuckets", + "sns:ListSubscriptionsByTopic", + "sns:ListTopics", + "sqs:ListQueues" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "autoscaling:*" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", + "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*", + "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*", + "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*" + ] + }, + { + "Action":[ + "cloudformation:CancelUpdateStack", + "cloudformation:ContinueUpdateRollback", + "cloudformation:CreateStack", + "cloudformation:DeleteStack", + "cloudformation:GetTemplate", + "cloudformation:ListStackResources", + "cloudformation:SignalResource", + "cloudformation:TagResource", + "cloudformation:UntagResource", + "cloudformation:UpdateStack" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/awseb-*", + "arn:aws:cloudformation:*:*:stack/eb-*" + ] + }, + { + "Action":[ + "cloudwatch:DeleteAlarms", + "cloudwatch:PutMetricAlarm" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudwatch:*:*:alarm:awseb-*", + "arn:aws:cloudwatch:*:*:alarm:eb-*" + ] + }, + { + "Action":[ + "codebuild:BatchGetBuilds", + "codebuild:CreateProject", + "codebuild:DeleteProject", + "codebuild:StartBuild" + ], + "Effect":"Allow", + "Resource":"arn:aws:codebuild:*:*:project/Elastic-Beanstalk-*" + }, + { + "Action":[ + "dynamodb:CreateTable", + "dynamodb:DeleteTable", + "dynamodb:DescribeTable", + "dynamodb:TagResource" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:dynamodb:*:*:table/awseb-e-*", + "arn:aws:dynamodb:*:*:table/eb-*" + ] + }, + { + "Action":[ + "ec2:RebootInstances", + "ec2:TerminateInstances" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/aws:cloudformation:stack-id":[ + "arn:aws:cloudformation:*:*:stack/awseb-e-*", + "arn:aws:cloudformation:*:*:stack/eb-*" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":"ec2:RunInstances", + "Condition":{ + "ArnLike":{ + "ec2:LaunchTemplate":"arn:aws:ec2:*:*:launch-template/*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ecs:DeleteCluster" + ], + "Effect":"Allow", + "Resource":"arn:aws:ecs:*:*:cluster/awseb-*" + }, + { + "Action":[ + "elasticloadbalancing:*Rule", + "elasticloadbalancing:*Tags", + "elasticloadbalancing:SetRulePriorities", + "elasticloadbalancing:SetSecurityGroups" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*/*" + ] + }, + { + "Action":[ + "elasticloadbalancing:*" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", + "arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/*/awseb-*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/*/eb-*/*", + "arn:aws:elasticloadbalancing:*:*:listener/awseb-*", + "arn:aws:elasticloadbalancing:*:*:listener/eb-*", + "arn:aws:elasticloadbalancing:*:*:listener/*/awseb-*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/*/eb-*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/awseb-*/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/eb-*/*/*/*" + ] + }, + { + "Action":[ + "iam:AddRoleToInstanceProfile", + "iam:CreateInstanceProfile", + "iam:CreateRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-elasticbeanstalk*", + "arn:aws:iam::*:instance-profile/aws-elasticbeanstalk*" + ] + }, + { + "Action":[ + "iam:AttachRolePolicy" + ], + "Condition":{ + "StringLike":{ + "iam:PolicyArn":[ + "arn:aws:iam::aws:policy/AWSElasticBeanstalk*", + "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalk*" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-elasticbeanstalk*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "elasticbeanstalk.amazonaws.com", + "ec2.amazonaws.com", + "ec2.amazonaws.com.cn", + "autoscaling.amazonaws.com", + "elasticloadbalancing.amazonaws.com", + "ecs.amazonaws.com", + "cloudformation.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":[ + "autoscaling.amazonaws.com", + "elasticbeanstalk.amazonaws.com", + "elasticloadbalancing.amazonaws.com", + "managedupdates.elasticbeanstalk.amazonaws.com", + "maintenance.elasticbeanstalk.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling*", + "arn:aws:iam::*:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*", + "arn:aws:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing*", + "arn:aws:iam::*:role/aws-service-role/managedupdates.elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*", + "arn:aws:iam::*:role/aws-service-role/maintenance.elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*" + ] + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:DeleteLogGroup", + "logs:PutRetentionPolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*" + }, + { + "Action":[ + "rds:*DBSubnetGroup", + "rds:AuthorizeDBSecurityGroupIngress", + "rds:CreateDBInstance", + "rds:CreateDBSecurityGroup", + "rds:DeleteDBInstance", + "rds:DeleteDBSecurityGroup", + "rds:ModifyDBInstance", + "rds:RestoreDBInstanceFromDBSnapshot" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:rds:*:*:db:*", + "arn:aws:rds:*:*:secgrp:awseb-e-*", + "arn:aws:rds:*:*:secgrp:eb-*", + "arn:aws:rds:*:*:snapshot:*", + "arn:aws:rds:*:*:subgrp:awseb-e-*", + "arn:aws:rds:*:*:subgrp:eb-*" + ] + }, + { + "Action":[ + "s3:Delete*", + "s3:Get*", + "s3:Put*" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::elasticbeanstalk-*/*" + }, + { + "Action":[ + "s3:CreateBucket", + "s3:GetBucket*", + "s3:ListBucket", + "s3:PutBucketPolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::elasticbeanstalk-*" + }, + { + "Action":[ + "sns:CreateTopic", + "sns:DeleteTopic", + "sns:GetTopicAttributes", + "sns:Publish", + "sns:SetTopicAttributes", + "sns:Subscribe", + "sns:Unsubscribe" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:ElasticBeanstalkNotifications-*" + }, + { + "Action":[ + "sqs:*QueueAttributes", + "sqs:CreateQueue", + "sqs:DeleteQueue", + "sqs:SendMessage", + "sqs:TagQueue" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sqs:*:*:awseb-e-*", + "arn:aws:sqs:*:*:eb-*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-03-09T22:36:27+00:00" + }, + "AdministratorAccess-Amplify":{ + "CreateDate":"2020-12-01T19:03:08+00:00", + "DefaultVersionId":"v8", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:CreateChangeSet", + "cloudformation:CreateStack", + "cloudformation:DeleteStack", + "cloudformation:DescribeChangeSet", + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStackResource", + "cloudformation:DescribeStackResources", + "cloudformation:DescribeStacks", + "cloudformation:ExecuteChangeSet", + "cloudformation:GetTemplate", + "cloudformation:UpdateStack", + "cloudformation:ListStackResources", + "cloudformation:DeleteStackSet", + "cloudformation:DescribeStackSet", + "cloudformation:UpdateStackSet" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/amplify-*" + ], + "Sid":"CLICloudformationPolicy" + }, + { + "Action":[ + "iam:ListRoleTags", + "iam:TagRole", + "iam:AttachRolePolicy", + "iam:CreatePolicy", + "iam:DeletePolicy", + "iam:DeleteRole", + "iam:DeleteRolePolicy", + "iam:DetachRolePolicy", + "iam:PutRolePolicy", + "iam:UpdateRole", + "iam:GetRole", + "iam:GetPolicy", + "iam:GetRolePolicy", + "iam:PassRole", + "iam:ListPolicyVersions", + "iam:CreatePolicyVersion", + "iam:DeletePolicyVersion", + "iam:CreateRole", + "iam:ListRolePolicies", + "iam:PutRolePermissionsBoundary", + "iam:DeleteRolePermissionsBoundary", + "appsync:CreateApiKey", + "appsync:CreateDataSource", + "appsync:CreateFunction", + "appsync:CreateResolver", + "appsync:CreateType", + "appsync:DeleteApiKey", + "appsync:DeleteDataSource", + "appsync:DeleteFunction", + "appsync:DeleteResolver", + "appsync:DeleteType", + "appsync:GetDataSource", + "appsync:GetFunction", + "appsync:GetIntrospectionSchema", + "appsync:GetResolver", + "appsync:GetSchemaCreationStatus", + "appsync:GetType", + "appsync:GraphQL", + "appsync:ListApiKeys", + "appsync:ListDataSources", + "appsync:ListFunctions", + "appsync:ListGraphqlApis", + "appsync:ListResolvers", + "appsync:ListResolversByFunction", + "appsync:ListTypes", + "appsync:StartSchemaCreation", + "appsync:UpdateApiKey", + "appsync:UpdateDataSource", + "appsync:UpdateFunction", + "appsync:UpdateResolver", + "appsync:UpdateType", + "appsync:TagResource", + "appsync:CreateGraphqlApi", + "appsync:DeleteGraphqlApi", + "appsync:GetGraphqlApi", + "appsync:ListTagsForResource", + "appsync:UpdateGraphqlApi", + "apigateway:DELETE", + "apigateway:GET", + "apigateway:PATCH", + "apigateway:POST", + "apigateway:PUT", + "cognito-idp:CreateUserPool", + "cognito-identity:CreateIdentityPool", + "cognito-identity:DeleteIdentityPool", + "cognito-identity:DescribeIdentity", + "cognito-identity:DescribeIdentityPool", + "cognito-identity:SetIdentityPoolRoles", + "cognito-identity:GetIdentityPoolRoles", + "cognito-identity:UpdateIdentityPool", + "cognito-idp:CreateUserPoolClient", + "cognito-idp:DeleteUserPool", + "cognito-idp:DeleteUserPoolClient", + "cognito-idp:DescribeUserPool", + "cognito-idp:DescribeUserPoolClient", + "cognito-idp:ListTagsForResource", + "cognito-idp:ListUserPoolClients", + "cognito-idp:UpdateUserPoolClient", + "cognito-idp:CreateGroup", + "cognito-idp:DeleteGroup", + "cognito-identity:TagResource", + "cognito-idp:TagResource", + "cognito-idp:UpdateUserPool", + "cognito-idp:SetUserPoolMfaConfig", + "lambda:AddPermission", + "lambda:CreateFunction", + "lambda:DeleteFunction", + "lambda:GetFunction", + "lambda:GetFunctionConfiguration", + "lambda:InvokeAsync", + "lambda:InvokeFunction", + "lambda:RemovePermission", + "lambda:UpdateFunctionCode", + "lambda:UpdateFunctionConfiguration", + "lambda:ListTags", + "lambda:TagResource", + "lambda:UntagResource", + "lambda:AddLayerVersionPermission", + "lambda:CreateEventSourceMapping", + "lambda:DeleteEventSourceMapping", + "lambda:DeleteLayerVersion", + "lambda:GetEventSourceMapping", + "lambda:GetLayerVersion", + "lambda:ListEventSourceMappings", + "lambda:ListLayerVersions", + "lambda:PublishLayerVersion", + "lambda:RemoveLayerVersionPermission", + "lambda:UpdateEventSourceMapping", + "dynamodb:CreateTable", + "dynamodb:DeleteItem", + "dynamodb:DeleteTable", + "dynamodb:DescribeContinuousBackups", + "dynamodb:DescribeTable", + "dynamodb:DescribeTimeToLive", + "dynamodb:ListStreams", + "dynamodb:PutItem", + "dynamodb:TagResource", + "dynamodb:ListTagsOfResource", + "dynamodb:UpdateContinuousBackups", + "dynamodb:UpdateItem", + "dynamodb:UpdateTable", + "dynamodb:UpdateTimeToLive", + "s3:CreateBucket", + "s3:ListBucket", + "s3:PutBucketAcl", + "s3:PutBucketCORS", + "s3:PutBucketNotification", + "s3:PutBucketPolicy", + "s3:PutBucketWebsite", + "s3:PutObjectAcl", + "cloudfront:CreateCloudFrontOriginAccessIdentity", + "cloudfront:CreateDistribution", + "cloudfront:DeleteCloudFrontOriginAccessIdentity", + "cloudfront:DeleteDistribution", + "cloudfront:GetCloudFrontOriginAccessIdentity", + "cloudfront:GetCloudFrontOriginAccessIdentityConfig", + "cloudfront:GetDistribution", + "cloudfront:GetDistributionConfig", + "cloudfront:TagResource", + "cloudfront:UntagResource", + "cloudfront:UpdateCloudFrontOriginAccessIdentity", + "cloudfront:UpdateDistribution", + "events:DeleteRule", + "events:DescribeRule", + "events:ListRuleNamesByTarget", + "events:PutRule", + "events:PutTargets", + "events:RemoveTargets", + "mobiletargeting:GetApp", + "kinesis:AddTagsToStream", + "kinesis:CreateStream", + "kinesis:DeleteStream", + "kinesis:DescribeStream", + "kinesis:DescribeStreamSummary", + "kinesis:ListTagsForStream", + "kinesis:PutRecords", + "es:AddTags", + "es:CreateElasticsearchDomain", + "es:DeleteElasticsearchDomain", + "es:DescribeElasticsearchDomain", + "s3:PutEncryptionConfiguration" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "cloudformation.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CLIManageviaCFNPolicy" + }, + { + "Action":[ + "appsync:GetIntrospectionSchema", + "appsync:GraphQL", + "appsync:UpdateApiKey", + "appsync:ListApiKeys", + "amplify:*", + "amplifybackend:*", + "amplifyuibuilder:*", + "sts:AssumeRole", + "mobiletargeting:*", + "cognito-idp:AdminAddUserToGroup", + "cognito-idp:AdminCreateUser", + "cognito-idp:CreateGroup", + "cognito-idp:DeleteGroup", + "cognito-idp:DeleteUser", + "cognito-idp:ListUsers", + "cognito-idp:AdminGetUser", + "cognito-idp:ListUsersInGroup", + "cognito-idp:AdminDisableUser", + "cognito-idp:AdminRemoveUserFromGroup", + "cognito-idp:AdminResetUserPassword", + "cognito-idp:AdminListGroupsForUser", + "cognito-idp:ListGroups", + "cognito-idp:AdminListUserAuthEvents", + "cognito-idp:AdminDeleteUser", + "cognito-idp:AdminConfirmSignUp", + "cognito-idp:AdminEnableUser", + "cognito-idp:AdminUpdateUserAttributes", + "cognito-idp:DescribeIdentityProvider", + "cognito-idp:DescribeUserPool", + "cognito-idp:DeleteUserPool", + "cognito-idp:DescribeUserPoolClient", + "cognito-idp:CreateUserPool", + "cognito-idp:CreateUserPoolClient", + "cognito-idp:UpdateUserPool", + "cognito-idp:AdminSetUserPassword", + "cognito-idp:ListUserPools", + "cognito-idp:ListUserPoolClients", + "cognito-idp:ListIdentityProviders", + "cognito-idp:GetUserPoolMfaConfig", + "cognito-identity:GetIdentityPoolRoles", + "cognito-identity:SetIdentityPoolRoles", + "cognito-identity:CreateIdentityPool", + "cognito-identity:DeleteIdentityPool", + "cognito-identity:ListIdentityPools", + "cognito-identity:DescribeIdentityPool", + "dynamodb:DescribeTable", + "dynamodb:ListTables", + "lambda:GetFunction", + "lambda:CreateFunction", + "lambda:AddPermission", + "lambda:DeleteFunction", + "lambda:DeleteLayerVersion", + "lambda:InvokeFunction", + "lambda:ListLayerVersions", + "iam:PutRolePolicy", + "iam:CreatePolicy", + "iam:AttachRolePolicy", + "iam:ListPolicyVersions", + "iam:ListAttachedRolePolicies", + "iam:CreateRole", + "iam:PassRole", + "iam:ListRolePolicies", + "iam:DeleteRolePolicy", + "iam:CreatePolicyVersion", + "iam:DeletePolicyVersion", + "iam:DeleteRole", + "iam:DetachRolePolicy", + "cloudformation:ListStacks", + "sns:CreateSMSSandboxPhoneNumber", + "sns:GetSMSSandboxAccountStatus", + "sns:VerifySMSSandboxPhoneNumber", + "sns:DeleteSMSSandboxPhoneNumber", + "sns:ListSMSSandboxPhoneNumbers", + "sns:ListOriginationNumbers", + "rekognition:DescribeCollection", + "logs:DescribeLogStreams", + "logs:GetLogEvents", + "lex:GetBot", + "lex:GetBuiltinIntent", + "lex:GetBuiltinIntents", + "lex:GetBuiltinSlotTypes", + "cloudformation:GetTemplateSummary", + "codecommit:GitPull" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CLISDKCalls" + }, + { + "Action":[ + "ssm:PutParameter", + "ssm:DeleteParameter", + "ssm:GetParametersByPath", + "ssm:GetParameters", + "ssm:GetParameter", + "ssm:DeleteParameters" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:parameter/amplify/*", + "Sid":"AmplifySSMCalls" + }, + { + "Action":[ + "geo:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"GeoPowerUser" + }, + { + "Action":[ + "s3:CreateBucket", + "s3:DeleteBucket", + "s3:DeleteBucketPolicy", + "s3:DeleteBucketWebsite", + "s3:DeleteObject", + "s3:DeleteObjectVersion", + "s3:GetBucketLocation", + "s3:GetObject", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:ListBucketVersions", + "s3:PutBucketAcl", + "s3:PutBucketCORS", + "s3:PutBucketNotification", + "s3:PutBucketPolicy", + "s3:PutBucketVersioning", + "s3:PutBucketWebsite", + "s3:PutEncryptionConfiguration", + "s3:PutLifecycleConfiguration", + "s3:PutObject", + "s3:PutObjectAcl" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AmplifyStorageSDKCalls" + }, + { + "Action":[ + "cloudfront:CreateCloudFrontOriginAccessIdentity", + "cloudfront:CreateDistribution", + "cloudfront:CreateInvalidation", + "cloudfront:GetDistribution", + "cloudfront:GetDistributionConfig", + "cloudfront:ListCloudFrontOriginAccessIdentities", + "cloudfront:ListDistributions", + "cloudfront:ListDistributionsByLambdaFunction", + "cloudfront:ListDistributionsByWebACLId", + "cloudfront:ListFieldLevelEncryptionConfigs", + "cloudfront:ListFieldLevelEncryptionProfiles", + "cloudfront:ListInvalidations", + "cloudfront:ListPublicKeys", + "cloudfront:ListStreamingDistributions", + "cloudfront:UpdateDistribution", + "cloudfront:TagResource", + "cloudfront:UntagResource", + "cloudfront:ListTagsForResource", + "cloudfront:DeleteDistribution", + "iam:AttachRolePolicy", + "iam:CreateRole", + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "iam:PutRolePolicy", + "iam:PassRole", + "lambda:CreateFunction", + "lambda:EnableReplication", + "lambda:DeleteFunction", + "lambda:GetFunction", + "lambda:GetFunctionConfiguration", + "lambda:PublishVersion", + "lambda:UpdateFunctionCode", + "lambda:UpdateFunctionConfiguration", + "lambda:ListTags", + "lambda:TagResource", + "lambda:UntagResource", + "route53:ChangeResourceRecordSets", + "route53:ListHostedZonesByName", + "route53:ListResourceRecordSets", + "s3:CreateBucket", + "s3:GetAccelerateConfiguration", + "s3:GetObject", + "s3:ListBucket", + "s3:PutAccelerateConfiguration", + "s3:PutBucketPolicy", + "s3:PutObject", + "s3:PutBucketTagging", + "s3:GetBucketTagging", + "lambda:ListEventSourceMappings", + "lambda:CreateEventSourceMapping", + "iam:UpdateAssumeRolePolicy", + "iam:DeleteRolePolicy", + "sqs:CreateQueue", + "sqs:DeleteQueue", + "sqs:GetQueueAttributes", + "sqs:SetQueueAttributes", + "amplify:GetApp", + "amplify:GetBranch", + "amplify:UpdateApp", + "amplify:UpdateBranch" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AmplifySSRCalls" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-13T22:42:11+00:00" + }, + "AlexaForBusinessDeviceSetup":{ + "CreateDate":"2017-11-30T16:47:16+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "a4b:RegisterDevice", + "a4b:CompleteRegistration", + "a4b:SearchDevices", + "a4b:SearchNetworkProfiles", + "a4b:GetNetworkProfile", + "a4b:PutDeviceSetupEvents" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "secretsmanager:GetSecretValue" + ], + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:A4BNetworkProfile*", + "Sid":"A4bDeviceSetupAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-05-20T21:05:39+00:00" + }, + "AlexaForBusinessFullAccess":{ + "CreateDate":"2017-11-30T16:47:09+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "a4b:*", + "kms:DescribeKey" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":[ + "*a4b.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/*a4b.amazonaws.com/AWSServiceRoleForAlexaForBusiness*" + }, + { + "Action":[ + "secretsmanager:GetSecretValue", + "secretsmanager:DeleteSecret", + "secretsmanager:UpdateSecret" + ], + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:A4B*" + }, + { + "Action":"secretsmanager:CreateSecret", + "Condition":{ + "StringLike":{ + "secretsmanager:Name":"A4B*" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-07-01T21:01:55+00:00" + }, + "AlexaForBusinessGatewayExecution":{ + "CreateDate":"2017-11-30T16:47:19+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "a4b:Send*", + "a4b:Get*" + ], + "Effect":"Allow", + "Resource":"arn:aws:a4b:*:*:gateway/*" + }, + { + "Action":[ + "sqs:ReceiveMessage", + "sqs:DeleteMessage" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sqs:*:*:dd-*", + "arn:aws:sqs:*:*:sd-*" + ] + }, + { + "Action":[ + "a4b:List*", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:DescribeLogGroups", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-11-30T16:47:19+00:00" + }, + "AlexaForBusinessLifesizeDelegatedAccessPolicy":{ + "CreateDate":"2020-06-04T19:46:56+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "a4b:DisassociateDeviceFromRoom", + "a4b:DeleteDevice", + "a4b:UpdateDevice", + "a4b:GetDevice" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:a4b:us-east-1:*:device/*/*:A2IWO7UEGWV4TL" + ] + }, + { + "Action":[ + "a4b:RegisterAVSDevice" + ], + "Condition":{ + "StringEquals":{ + "a4b:amazonId":[ + "A2IWO7UEGWV4TL" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "a4b:SearchDevices" + ], + "Condition":{ + "ForAllValues:StringLike":{ + "a4b:filters_deviceType":[ + "*A2IWO7UEGWV4TL" + ] + }, + "Null":{ + "a4b:filters_deviceType":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "a4b:AssociateDeviceWithRoom" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:a4b:us-east-1:*:device/*/*:A2IWO7UEGWV4TL", + "arn:aws:a4b:us-east-1:*:room/*" + ] + }, + { + "Action":[ + "a4b:GetRoom", + "a4b:GetAddressBook", + "a4b:SearchRooms", + "a4b:CreateContact", + "a4b:CreateRoom", + "a4b:UpdateContact", + "a4b:ListConferenceProviders", + "a4b:DeleteRoom", + "a4b:CreateAddressBook", + "a4b:DisassociateContactFromAddressBook", + "a4b:CreateConferenceProvider", + "a4b:PutConferencePreference", + "a4b:DeleteAddressBook", + "a4b:AssociateContactWithAddressBook", + "a4b:DeleteContact", + "a4b:SearchProfiles", + "a4b:UpdateProfile", + "a4b:GetContact" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:DescribeKey" + ], + "Effect":"Allow", + "Resource":"arn:aws:kms:*:*:key/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-12T20:31:59+00:00" + }, + "AlexaForBusinessNetworkProfileServicePolicy":{ + "CreateDate":"2019-03-13T00:53:40+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "acm-pca:GetCertificate", + "acm-pca:IssueCertificate", + "acm-pca:RevokeCertificate" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/a4b":"enabled" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"A4bPcaTagAccess" + }, + { + "Action":[ + "secretsmanager:GetSecretValue" + ], + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:A4BNetworkProfile*", + "Sid":"A4bNetworkProfileAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-04-05T21:57:56+00:00" + }, + "AlexaForBusinessPolyDelegatedAccessPolicy":{ + "CreateDate":"2019-10-16T19:48:45+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "a4b:DisassociateDeviceFromRoom", + "a4b:DeleteDevice", + "a4b:UpdateDevice", + "a4b:GetDevice" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:a4b:us-east-1:*:device/*/*:A238TWV36W3S92", + "arn:aws:a4b:us-east-1:*:device/*/*:A1FUZ1SC53VJXD" + ] + }, + { + "Action":[ + "a4b:RegisterAVSDevice" + ], + "Condition":{ + "StringEquals":{ + "a4b:amazonId":[ + "A238TWV36W3S92", + "A1FUZ1SC53VJXD" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "a4b:SearchDevices" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "a4b:AssociateDeviceWithRoom" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:a4b:us-east-1:*:device/*/*:A238TWV36W3S92", + "arn:aws:a4b:us-east-1:*:device/*/*:A1FUZ1SC53VJXD", + "arn:aws:a4b:us-east-1:*:room/*" + ] + }, + { + "Action":[ + "a4b:GetRoom", + "a4b:SearchRooms", + "a4b:CreateRoom", + "a4b:GetProfile", + "a4b:SearchSkillGroups", + "a4b:DisassociateSkillGroupFromRoom", + "a4b:AssociateSkillGroupWithRoom", + "a4b:GetSkillGroup", + "a4b:SearchProfiles", + "a4b:GetAddressBook", + "a4b:UpdateRoom" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-10-16T19:48:45+00:00" + }, + "AlexaForBusinessReadOnlyAccess":{ + "CreateDate":"2017-11-30T16:47:12+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "a4b:Get*", + "a4b:List*", + "a4b:Search*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-11-20T00:25:33+00:00" + }, + "AmazonAPIGatewayAdministrator":{ + "CreateDate":"2015-07-09T17:34:45+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "apigateway:*" + ], + "Effect":"Allow", + "Resource":"arn:aws:apigateway:*::/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-07-09T17:34:45+00:00" + }, + "AmazonAPIGatewayInvokeFullAccess":{ + "CreateDate":"2015-07-09T17:36:12+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "execute-api:Invoke", + "execute-api:ManageConnections" + ], + "Effect":"Allow", + "Resource":"arn:aws:execute-api:*:*:*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-12-18T18:25:10+00:00" + }, + "AmazonAPIGatewayPushToCloudWatchLogs":{ + "CreateDate":"2015-11-11T23:41:46+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:PutLogEvents", + "logs:GetLogEvents", + "logs:FilterLogEvents" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-11-11T23:41:46+00:00" + }, + "AmazonAppFlowFullAccess":{ + "CreateDate":"2020-06-02T23:30:14+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":"appflow:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:ListRoles", + "Effect":"Allow", + "Resource":"*", + "Sid":"ListRolesForRedshift" + }, + { + "Action":[ + "kms:ListKeys", + "kms:DescribeKey", + "kms:ListAliases" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"KMSListAccess" + }, + { + "Action":[ + "kms:CreateGrant" + ], + "Condition":{ + "Bool":{ + "kms:GrantIsForAWSResource":"true" + }, + "StringLike":{ + "kms:ViaService":"appflow.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"KMSGrantAccess" + }, + { + "Action":[ + "kms:ListGrants" + ], + "Condition":{ + "StringLike":{ + "kms:ViaService":"appflow.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"KMSListGrantAccess" + }, + { + "Action":[ + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:GetBucketLocation", + "s3:GetBucketPolicy" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"S3ReadAccess" + }, + { + "Action":[ + "s3:PutBucketPolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::appflow-*", + "Sid":"S3PutBucketPolicyAccess" + }, + { + "Action":"secretsmanager:CreateSecret", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "appflow.amazonaws.com" + ] + }, + "StringLike":{ + "secretsmanager:Name":"appflow!*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"SecretsManagerCreateSecretAccess" + }, + { + "Action":[ + "secretsmanager:PutResourcePolicy" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "appflow.amazonaws.com" + ] + }, + "StringEqualsIgnoreCase":{ + "secretsmanager:ResourceTag/aws:secretsmanager:owningService":"appflow" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"SecretsManagerPutResourcePolicyAccess" + }, + { + "Action":[ + "lambda:ListFunctions" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"LambdaListFunctions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-02-28T23:11:23+00:00" + }, + "AmazonAppFlowReadOnlyAccess":{ + "CreateDate":"2020-06-02T23:26:51+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "appflow:DescribeConnector", + "appflow:DescribeConnectors", + "appflow:DescribeConnectorProfiles", + "appflow:DescribeFlows", + "appflow:DescribeFlowExecution", + "appflow:DescribeConnectorFields", + "appflow:ListConnectors", + "appflow:ListConnectorFields", + "appflow:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-02-28T20:42:58+00:00" + }, + "AmazonAppStreamFullAccess":{ + "CreateDate":"2015-02-06T18:40:09+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "appstream:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "application-autoscaling:DeleteScalingPolicy", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:PutScalingPolicy", + "application-autoscaling:RegisterScalableTarget", + "application-autoscaling:DescribeScheduledActions", + "application-autoscaling:PutScheduledAction", + "application-autoscaling:DeleteScheduledAction" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricStatistics", + "cloudwatch:PutMetricAlarm" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeVpcEndpoints" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:ListRoles", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":"application-autoscaling.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/service-role/ApplicationAutoScalingForAmazonAppStreamAccess" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"appstream.application-autoscaling.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/appstream.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_AppStreamFleet" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-28T17:24:35+00:00" + }, + "AmazonAppStreamReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:40:10+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "appstream:Get*", + "appstream:List*", + "appstream:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-12-07T21:00:06+00:00" + }, + "AmazonAppStreamServiceAccess":{ + "CreateDate":"2016-11-19T04:17:37+00:00", + "DefaultVersionId":"v8", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeAvailabilityZones", + "ec2:CreateNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteNetworkInterface", + "ec2:DescribeSubnets", + "ec2:AssociateAddress", + "ec2:DisassociateAddress", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeVpcEndpoints", + "s3:ListAllMyBuckets", + "ds:DescribeDirectories" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:CreateBucket", + "s3:ListBucket", + "s3:GetObject", + "s3:PutObject", + "s3:DeleteObject", + "s3:GetObjectVersion", + "s3:DeleteObjectVersion", + "s3:GetBucketPolicy", + "s3:PutBucketPolicy", + "s3:PutEncryptionConfiguration" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::appstream2-36fb080bb8-*", + "arn:aws:s3:::appstream-app-settings-*", + "arn:aws:s3:::appstream-logs-*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-26T16:33:54+00:00" + }, + "AmazonAthenaFullAccess":{ + "CreateDate":"2016-11-30T16:46:01+00:00", + "DefaultVersionId":"v7", + "Document":{ + "Statement":[ + { + "Action":[ + "athena:*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "glue:CreateDatabase", + "glue:DeleteDatabase", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:UpdateDatabase", + "glue:CreateTable", + "glue:DeleteTable", + "glue:BatchDeleteTable", + "glue:UpdateTable", + "glue:GetTable", + "glue:GetTables", + "glue:BatchCreatePartition", + "glue:CreatePartition", + "glue:DeletePartition", + "glue:BatchDeletePartition", + "glue:UpdatePartition", + "glue:GetPartition", + "glue:GetPartitions", + "glue:BatchGetPartition" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "s3:GetBucketLocation", + "s3:GetObject", + "s3:ListBucket", + "s3:ListBucketMultipartUploads", + "s3:ListMultipartUploadParts", + "s3:AbortMultipartUpload", + "s3:CreateBucket", + "s3:PutObject", + "s3:PutBucketPublicAccessBlock" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-athena-query-results-*" + ] + }, + { + "Action":[ + "s3:GetObject", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::athena-examples*" + ] + }, + { + "Action":[ + "s3:ListBucket", + "s3:GetBucketLocation", + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "sns:ListTopics", + "sns:GetTopicAttributes" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "cloudwatch:PutMetricAlarm", + "cloudwatch:DescribeAlarms", + "cloudwatch:DeleteAlarms" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "lakeformation:GetDataAccess" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-07-07T20:15:04+00:00" + }, + "AmazonAugmentedAIFullAccess":{ + "CreateDate":"2019-12-03T16:21:56+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sagemaker:*HumanLoop", + "sagemaker:*HumanLoops", + "sagemaker:*FlowDefinition", + "sagemaker:*FlowDefinitions", + "sagemaker:*HumanTaskUi", + "sagemaker:*HumanTaskUis" + ], + "Condition":{ + "StringEqualsIfExists":{ + "sagemaker:WorkteamType":[ + "private-crowd", + "vendor-crowd" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "sagemaker.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-12-03T16:21:56+00:00" + }, + "AmazonAugmentedAIHumanLoopFullAccess":{ + "CreateDate":"2019-12-03T16:20:47+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sagemaker:*HumanLoop", + "sagemaker:*HumanLoops" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-12-03T16:20:47+00:00" + }, + "AmazonAugmentedAIIntegratedAPIAccess":{ + "CreateDate":"2020-04-22T20:47:32+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sagemaker:*HumanLoop", + "sagemaker:*HumanLoops", + "sagemaker:*FlowDefinition", + "sagemaker:*FlowDefinitions", + "sagemaker:*HumanTaskUi", + "sagemaker:*HumanTaskUis" + ], + "Condition":{ + "StringEqualsIfExists":{ + "sagemaker:WorkteamType":[ + "private-crowd", + "vendor-crowd" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "textract:AnalyzeDocument" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "rekognition:DetectModerationLabels" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "sagemaker.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-04-22T20:47:32+00:00" + }, + "AmazonBraketFullAccess":{ + "CreateDate":"2020-08-06T20:12:37+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:GetObject", + "s3:PutObject", + "s3:ListBucket", + "s3:CreateBucket", + "s3:PutBucketPublicAccessBlock", + "s3:PutBucketPolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::amazon-braket-*" + }, + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ecr:GetDownloadUrlForLayer", + "ecr:BatchGetImage", + "ecr:BatchCheckLayerAvailability" + ], + "Effect":"Allow", + "Resource":"arn:aws:ecr:*:*:repository/amazon-braket*" + }, + { + "Action":[ + "ecr:GetAuthorizationToken" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:Describe*", + "logs:Get*", + "logs:List*", + "logs:StartQuery", + "logs:StopQuery", + "logs:TestMetricFilter", + "logs:FilterLogEvents" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/braket*" + }, + { + "Action":[ + "iam:ListRoles", + "iam:ListRolePolicies", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:ListAttachedRolePolicies" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sagemaker:ListNotebookInstances" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sagemaker:CreatePresignedNotebookInstanceUrl", + "sagemaker:CreateNotebookInstance", + "sagemaker:DeleteNotebookInstance", + "sagemaker:DescribeNotebookInstance", + "sagemaker:StartNotebookInstance", + "sagemaker:StopNotebookInstance", + "sagemaker:UpdateNotebookInstance", + "sagemaker:ListTags", + "sagemaker:AddTags", + "sagemaker:DeleteTags" + ], + "Effect":"Allow", + "Resource":"arn:aws:sagemaker:*:*:notebook-instance/amazon-braket-*" + }, + { + "Action":[ + "sagemaker:DescribeNotebookInstanceLifecycleConfig", + "sagemaker:CreateNotebookInstanceLifecycleConfig", + "sagemaker:DeleteNotebookInstanceLifecycleConfig", + "sagemaker:ListNotebookInstanceLifecycleConfigs", + "sagemaker:UpdateNotebookInstanceLifecycleConfig" + ], + "Effect":"Allow", + "Resource":"arn:aws:sagemaker:*:*:notebook-instance-lifecycle-config/amazon-braket-*" + }, + { + "Action":"braket:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"braket.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/braket.amazonaws.com/AWSServiceRoleForAmazonBraket*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":[ + "sagemaker.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/service-role/AmazonBraketServiceSageMakerNotebookRole*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":[ + "braket.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/service-role/AmazonBraketJobsExecutionRole*" + }, + { + "Action":[ + "logs:GetQueryResults" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:*" + ] + }, + { + "Action":[ + "logs:PutLogEvents", + "logs:CreateLogStream", + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/braket*" + }, + { + "Action":"cloudwatch:PutMetricData", + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"/aws/braket" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-03-31T19:03:33+00:00" + }, + "AmazonBraketJobsExecutionPolicy":{ + "CreateDate":"2021-11-26T19:34:41+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:GetObject", + "s3:PutObject", + "s3:ListBucket", + "s3:CreateBucket", + "s3:PutBucketPublicAccessBlock", + "s3:PutBucketPolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::amazon-braket-*" + }, + { + "Action":[ + "ecr:GetDownloadUrlForLayer", + "ecr:BatchGetImage", + "ecr:BatchCheckLayerAvailability" + ], + "Effect":"Allow", + "Resource":"arn:aws:ecr:*:*:repository/amazon-braket*" + }, + { + "Action":[ + "ecr:GetAuthorizationToken" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "braket:CancelJob", + "braket:CancelQuantumTask", + "braket:CreateJob", + "braket:CreateQuantumTask", + "braket:GetDevice", + "braket:GetJob", + "braket:GetQuantumTask", + "braket:SearchDevices", + "braket:SearchJobs", + "braket:SearchQuantumTasks", + "braket:ListTagsForResource", + "braket:TagResource", + "braket:UntagResource" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":[ + "braket.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/service-role/AmazonBraketJobsExecutionRole*" + }, + { + "Action":[ + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*" + }, + { + "Action":[ + "logs:GetQueryResults" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:*" + ] + }, + { + "Action":[ + "logs:PutLogEvents", + "logs:CreateLogStream", + "logs:CreateLogGroup", + "logs:GetLogEvents", + "logs:DescribeLogStreams", + "logs:StartQuery", + "logs:StopQuery" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/braket*" + }, + { + "Action":"cloudwatch:PutMetricData", + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"/aws/braket" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-28T05:34:55+00:00" + }, + "AmazonBraketServiceRolePolicy":{ + "CreateDate":"2020-08-04T17:12:23+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:PutObject", + "s3:GetObject", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::amazon-braket-*" + }, + { + "Action":[ + "logs:PutLogEvents", + "logs:CreateLogStream", + "logs:DescribeLogStreams", + "logs:CreateLogGroup", + "logs:DescribeLogGroups" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/braket:*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-06T20:10:42+00:00" + }, + "AmazonChimeFullAccess":{ + "CreateDate":"2017-11-01T22:15:43+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "chime:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:ListBucket", + "s3:ListAllMyBuckets", + "s3:GetBucketAcl", + "s3:GetBucketLocation", + "s3:GetBucketLogging", + "s3:GetBucketVersioning", + "s3:GetBucketWebsite" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:CreateLogDelivery", + "logs:DeleteLogDelivery", + "logs:GetLogDelivery", + "logs:ListLogDeliveries", + "logs:DescribeResourcePolicies", + "logs:PutResourcePolicy", + "logs:CreateLogGroup", + "logs:DescribeLogGroups" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sns:CreateTopic", + "sns:GetTopicAttributes" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sns:*:*:ChimeVoiceConnector-Streaming*" + ] + }, + { + "Action":[ + "sqs:GetQueueAttributes", + "sqs:CreateQueue" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sqs:*:*:ChimeVoiceConnector-Streaming*" + ] + }, + { + "Action":[ + "kinesis:ListStreams" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kinesis:DescribeStream" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:kinesis:*:*:stream/chime-chat-*", + "arn:aws:kinesis:*:*:stream/chime-messaging-*" + ] + }, + { + "Action":[ + "s3:GetEncryptionConfiguration", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::chime-chat-*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-14T21:00:52+00:00" + }, + "AmazonChimeReadOnly":{ + "CreateDate":"2017-11-01T22:04:17+00:00", + "DefaultVersionId":"v10", + "Document":{ + "Statement":[ + { + "Action":[ + "chime:List*", + "chime:Get*", + "chime:Describe*", + "chime:SearchAvailablePhoneNumbers" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-14T20:53:57+00:00" + }, + "AmazonChimeSDK":{ + "CreateDate":"2020-02-04T21:53:37+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "chime:CreateMeeting", + "chime:CreateMeetingWithAttendees", + "chime:DeleteMeeting", + "chime:GetMeeting", + "chime:ListMeetings", + "chime:CreateAttendee", + "chime:BatchCreateAttendee", + "chime:DeleteAttendee", + "chime:GetAttendee", + "chime:ListAttendees", + "chime:ListAttendeeTags", + "chime:ListMeetingTags", + "chime:ListTagsForResource", + "chime:TagAttendee", + "chime:TagMeeting", + "chime:TagResource", + "chime:UntagAttendee", + "chime:UntagMeeting", + "chime:UntagResource", + "chime:StartMeetingTranscription", + "chime:StopMeetingTranscription" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-10-21T18:04:27+00:00" + }, + "AmazonChimeSDKMediaPipelinesServiceLinkedRolePolicy":{ + "CreateDate":"2022-04-04T22:02:05+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "chime:GetMeeting", + "chime:CreateAttendee", + "chime:DeleteAttendee" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-04T22:02:05+00:00" + }, + "AmazonChimeServiceRolePolicy":{ + "CreateDate":"2019-09-30T22:25:06+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"chime.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/chime.amazonaws.com/AWSServiceRoleForAmazonChime" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-09-30T22:25:06+00:00" + }, + "AmazonChimeTranscriptionServiceLinkedRolePolicy":{ + "CreateDate":"2021-08-04T21:47:41+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "transcribe:StartStreamTranscription", + "transcribe:StartMedicalStreamTranscription" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-04T21:47:41+00:00" + }, + "AmazonChimeUserManagement":{ + "CreateDate":"2017-11-01T22:17:26+00:00", + "DefaultVersionId":"v8", + "Document":{ + "Statement":[ + { + "Action":[ + "chime:ListAccounts", + "chime:GetAccount", + "chime:GetAccountSettings", + "chime:UpdateAccountSettings", + "chime:ListUsers", + "chime:GetUser", + "chime:GetUserByEmail", + "chime:InviteUsers", + "chime:InviteUsersFromProvider", + "chime:SuspendUsers", + "chime:ActivateUsers", + "chime:UpdateUserLicenses", + "chime:ResetPersonalPIN", + "chime:LogoutUser", + "chime:ListDomains", + "chime:GetDomain", + "chime:ListDirectories", + "chime:ListGroups", + "chime:SubmitSupportRequest", + "chime:ListDelegates", + "chime:ListAccountUsageReportData", + "chime:GetMeetingDetail", + "chime:ListMeetingEvents", + "chime:ListMeetingsReportData", + "chime:GetUserActivityReportData", + "chime:UpdateUser", + "chime:BatchUpdateUser", + "chime:BatchSuspendUser", + "chime:BatchUnsuspendUser", + "chime:AssociatePhoneNumberWithUser", + "chime:DisassociatePhoneNumberFromUser", + "chime:GetPhoneNumber", + "chime:ListPhoneNumbers", + "chime:GetUserSettings", + "chime:UpdateUserSettings", + "chime:CreateUser", + "chime:AssociateSigninDelegateGroupsWithAccount", + "chime:DisassociateSigninDelegateGroupsFromAccount" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-02-18T19:26:10+00:00" + }, + "AmazonChimeVoiceConnectorServiceLinkedRolePolicy":{ + "CreateDate":"2019-09-30T22:16:42+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "chime:GetVoiceConnector*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "kinesisvideo:GetDataEndpoint", + "kinesisvideo:PutMedia", + "kinesisvideo:UpdateDataRetention", + "kinesisvideo:DescribeStream", + "kinesisvideo:CreateStream" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:kinesisvideo:*:*:stream/ChimeVoiceConnector-*" + ] + }, + { + "Action":[ + "kinesisvideo:ListStreams" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "SNS:Publish" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sns:*:*:ChimeVoiceConnector-Streaming*" + ] + }, + { + "Action":[ + "sqs:SendMessage" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sqs:*:*:ChimeVoiceConnector-Streaming*" + ] + }, + { + "Action":[ + "polly:SynthesizeSpeech" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-03-17T16:18:11+00:00" + }, + "AmazonCloudDirectoryFullAccess":{ + "CreateDate":"2017-02-25T00:41:39+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "clouddirectory:*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-02-25T00:41:39+00:00" + }, + "AmazonCloudDirectoryReadOnlyAccess":{ + "CreateDate":"2017-02-28T23:42:06+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "clouddirectory:List*", + "clouddirectory:Get*", + "clouddirectory:LookupPolicy", + "clouddirectory:BatchRead" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-02-28T23:42:06+00:00" + }, + "AmazonCloudWatchEvidentlyFullAccess":{ + "CreateDate":"2021-11-29T15:10:14+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "evidently:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/CloudWatchRUMEvidentlyRole-*" + ] + }, + { + "Action":[ + "s3:GetBucketLocation", + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*" + }, + { + "Action":[ + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics", + "cloudwatch:DescribeAlarmHistory", + "cloudwatch:DescribeAlarmsForMetric", + "cloudwatch:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:DescribeAlarms", + "cloudwatch:TagResource", + "cloudwatch:UnTagResource" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudwatch:*:*:alarm:*" + ] + }, + { + "Action":[ + "cloudtrail:LookupEvents" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:PutMetricAlarm" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudwatch:*:*:alarm:Evidently-Alarm-*" + ] + }, + { + "Action":[ + "sns:ListTopics" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "sns:CreateTopic", + "sns:Subscribe", + "sns:ListSubscriptionsByTopic" + ], + "Effect":"Allow", + "Resource":[ + "arn:*:sns:*:*:Evidently-*" + ] + }, + { + "Action":[ + "logs:DescribeLogGroups" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-29T15:10:14+00:00" + }, + "AmazonCloudWatchEvidentlyReadOnlyAccess":{ + "CreateDate":"2021-11-29T15:08:38+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "evidently:GetExperiment", + "evidently:GetFeature", + "evidently:GetLaunch", + "evidently:GetProject", + "evidently:ListExperiments", + "evidently:ListFeatures", + "evidently:ListLaunches", + "evidently:ListProjects" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-29T15:08:38+00:00" + }, + "AmazonCloudWatchRUMFullAccess":{ + "CreateDate":"2021-11-29T15:46:12+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "rum:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:GetRole", + "iam:CreateServiceLinkedRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/rum.amazonaws.com/AWSServiceRoleForRealUserMonitoring" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "cognito-identity.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/RUM-Monitor*" + ] + }, + { + "Action":[ + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:DescribeAlarms" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudwatch:*:*:alarm:*" + }, + { + "Action":[ + "cognito-identity:CreateIdentityPool", + "cognito-identity:ListIdentityPools", + "cognito-identity:DescribeIdentityPool", + "cognito-identity:GetIdentityPoolRoles", + "cognito-identity:SetIdentityPoolRoles" + ], + "Effect":"Allow", + "Resource":"arn:aws:cognito-identity:*:*:identitypool/*" + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:DeleteLogGroup", + "logs:PutRetentionPolicy", + "logs:CreateLogStream" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:*RUMService*" + }, + { + "Action":[ + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:DeleteLogDelivery", + "logs:ListLogDeliveries", + "logs:DescribeResourcePolicies" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:DescribeLogGroups" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group::log-stream:*" + }, + { + "Action":[ + "synthetics:describeCanaries", + "synthetics:describeCanariesLastRun" + ], + "Effect":"Allow", + "Resource":"arn:aws:synthetics:*:*:canary:*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-29T15:46:12+00:00" + }, + "AmazonCloudWatchRUMReadOnlyAccess":{ + "CreateDate":"2021-11-29T15:43:47+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "rum:GetAppMonitor", + "rum:GetAppMonitorData", + "rum:ListAppMonitors" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-29T15:43:47+00:00" + }, + "AmazonCloudWatchRUMServiceRolePolicy":{ + "CreateDate":"2021-11-17T23:17:23+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "xray:PutTraceSegments" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-17T23:17:23+00:00" + }, + "AmazonCodeGuruProfilerAgentAccess":{ + "CreateDate":"2021-02-05T22:11:56+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "codeguru-profiler:ConfigureAgent", + "codeguru-profiler:CreateProfilingGroup", + "codeguru-profiler:PostAgentProfile" + ], + "Effect":"Allow", + "Resource":"arn:aws:codeguru-profiler:*:*:profilingGroup/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-05T18:11:03+00:00" + }, + "AmazonCodeGuruProfilerFullAccess":{ + "CreateDate":"2019-12-03T10:13:27+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "codeguru-profiler:*", + "iam:ListRoles", + "iam:ListUsers", + "sns:ListTopics", + "codeguru:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"codeguru-profiler.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*AWSServiceRoleForCodeGuruProfiler*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-07-15T03:23:08+00:00" + }, + "AmazonCodeGuruProfilerReadOnlyAccess":{ + "CreateDate":"2019-12-03T10:30:15+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "codeguru:Get*", + "codeguru-profiler:BatchGet*", + "codeguru-profiler:Describe*", + "codeguru-profiler:Get*", + "codeguru-profiler:List*", + "iam:ListRoles", + "iam:ListUsers" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-27T23:52:52+00:00" + }, + "AmazonCodeGuruReviewerFullAccess":{ + "CreateDate":"2019-12-03T08:33:47+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "codeguru-reviewer:*", + "codeguru:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonCodeGuruReviewerFullAccess" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"codeguru-reviewer.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", + "Sid":"AmazonCodeGuruReviewerSLRCreation" + }, + { + "Action":[ + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", + "Sid":"AmazonCodeGuruReviewerSLRDeletion" + }, + { + "Action":[ + "codecommit:ListRepositories" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeCommitAccess" + }, + { + "Action":[ + "codecommit:TagResource", + "codecommit:UntagResource" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"codeguru-reviewer" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeCommitTagManagement" + }, + { + "Action":[ + "codestar-connections:TagResource", + "codestar-connections:UntagResource", + "codestar-connections:ListTagsForResource" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"codeguru-reviewer" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeConnectTagManagement" + }, + { + "Action":[ + "codestar-connections:UseConnection", + "codestar-connections:ListConnections", + "codestar-connections:PassConnection" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "codestar-connections:ProviderAction":[ + "ListRepositories", + "ListOwners" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CodeConnectManagedRules" + }, + { + "Action":[ + "events:PutRule", + "events:PutTargets", + "events:DeleteRule", + "events:RemoveTargets" + ], + "Condition":{ + "StringEquals":{ + "events:ManagedBy":"codeguru-reviewer.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudWatchEventsManagedRules" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-29T04:16:08+00:00" + }, + "AmazonCodeGuruReviewerReadOnlyAccess":{ + "CreateDate":"2019-12-03T08:48:24+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "codeguru:Get*", + "codeguru-reviewer:List*", + "codeguru-reviewer:Describe*", + "codeguru-reviewer:Get*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonCodeGuruReviewerReadOnlyAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-29T04:15:32+00:00" + }, + "AmazonCodeGuruReviewerServiceRolePolicy":{ + "CreateDate":"2019-12-03T05:31:12+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "codecommit:GetRepository", + "codecommit:GetBranch", + "codecommit:DescribePullRequestEvents", + "codecommit:GetCommentsForPullRequest", + "codecommit:GetDifferences", + "codecommit:GetPullRequest", + "codecommit:ListPullRequests", + "codecommit:PostCommentForPullRequest", + "codecommit:GitPull", + "codecommit:UntagResource" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/codeguru-reviewer":"enabled" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AccessCodeGuruReviewerEnabledRepositories" + }, + { + "Action":[ + "codestar-connections:UseConnection" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "codestar-connections:ProviderAction":[ + "ListBranches", + "GetBranch", + "ListRepositories", + "ListOwners", + "ListPullRequests", + "GetPullRequest", + "ListPullRequestComments", + "ListPullRequestCommits", + "ListCommitFiles", + "ListBranchCommits", + "CreatePullRequestDiffComment", + "GitPull" + ] + }, + "Null":{ + "aws:ResourceTag/codeguru-reviewer":"false" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AccessCodeGuruReviewerEnabledConnections" + }, + { + "Action":[ + "events:DeleteRule", + "events:RemoveTargets" + ], + "Condition":{ + "StringEquals":{ + "events:ManagedBy":"codeguru-reviewer.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudWatchEventsResourceCleanup" + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::codeguru-reviewer-*", + "arn:aws:s3:::codeguru-reviewer-*/*" + ], + "Sid":"AllowGuruS3GetObject" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-11-27T15:09:46+00:00" + }, + "AmazonCognitoDeveloperAuthenticatedIdentities":{ + "CreateDate":"2015-03-24T17:22:23+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cognito-identity:GetOpenIdTokenForDeveloperIdentity", + "cognito-identity:LookupDeveloperIdentity", + "cognito-identity:MergeDeveloperIdentities", + "cognito-identity:UnlinkDeveloperIdentity" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-03-24T17:22:23+00:00" + }, + "AmazonCognitoIdpEmailServiceRolePolicy":{ + "CreateDate":"2019-03-21T21:32:25+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ses:SendEmail", + "ses:SendRawEmail" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ses:List*" + ], + "Effect":"Deny", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-03-21T21:32:25+00:00" + }, + "AmazonCognitoIdpServiceRolePolicy":{ + "CreateDate":"2020-06-26T22:30:20+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cognito-idp:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-26T22:30:20+00:00" + }, + "AmazonCognitoPowerUser":{ + "CreateDate":"2015-03-24T17:14:56+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "cognito-identity:*", + "cognito-idp:*", + "cognito-sync:*", + "iam:ListRoles", + "iam:ListOpenIdConnectProviders", + "iam:GetRole", + "iam:ListSAMLProviders", + "iam:GetSAMLProvider", + "kinesis:ListStreams", + "lambda:GetPolicy", + "lambda:ListFunctions", + "sns:GetSMSSandboxAccountStatus", + "sns:ListPlatformApplications", + "ses:ListIdentities", + "ses:GetIdentityVerificationAttributes", + "mobiletargeting:GetApps", + "acm:ListCertificates" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "cognito-idp.amazonaws.com", + "email.cognito-idp.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdp*", + "arn:aws:iam::*:role/aws-service-role/email.cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdpEmail*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-06-01T17:33:32+00:00" + }, + "AmazonCognitoReadOnly":{ + "CreateDate":"2015-03-24T17:06:46+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "cognito-identity:Describe*", + "cognito-identity:Get*", + "cognito-identity:List*", + "cognito-idp:Describe*", + "cognito-idp:AdminGet*", + "cognito-idp:AdminList*", + "cognito-idp:List*", + "cognito-idp:Get*", + "cognito-sync:Describe*", + "cognito-sync:Get*", + "cognito-sync:List*", + "iam:ListOpenIdConnectProviders", + "iam:ListRoles", + "sns:ListPlatformApplications" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-08-01T19:21:04+00:00" + }, + "AmazonConnectCampaignsServiceLinkedRolePolicy":{ + "CreateDate":"2021-09-23T20:54:26+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "connect-campaigns:ListCampaigns" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-23T20:54:26+00:00" + }, + "AmazonConnectReadOnlyAccess":{ + "CreateDate":"2018-10-17T21:00:44+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "connect:Get*", + "connect:Describe*", + "connect:List*", + "ds:DescribeDirectories" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"connect:GetFederationTokens", + "Effect":"Deny", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-11-06T22:10:18+00:00" + }, + "AmazonConnectServiceLinkedRolePolicy":{ + "CreateDate":"2018-09-07T00:21:43+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "connect:*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "iam:DeleteRole" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect_*" + }, + { + "Action":[ + "s3:GetObject", + "s3:GetObjectAcl", + "s3:PutObject", + "s3:PutObjectAcl", + "s3:DeleteObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::amazon-connect-*/*" + ] + }, + { + "Action":[ + "s3:GetBucketLocation", + "s3:GetBucketAcl" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::amazon-connect-*" + ] + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:DescribeLogStreams", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/connect/*:*" + ] + }, + { + "Action":[ + "lex:ListBots", + "lex:ListBotAliases" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "profile:SearchProfiles", + "profile:CreateProfile", + "profile:UpdateProfile", + "profile:AddProfileKey" + ], + "Effect":"Allow", + "Resource":"arn:aws:profile:*:*:domains/amazon-connect-*" + }, + { + "Action":[ + "profile:ListProfileObjects" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:profile:*:*:domains/amazon-connect-*/object-types/CTR", + "arn:aws:profile:*:*:domains/amazon-connect-*/object-types/_asset" + ] + }, + { + "Action":[ + "profile:ListAccountIntegrations" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"cloudwatch:PutMetricData", + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/Connect" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-12-09T22:12:26+00:00" + }, + "AmazonConnectVoiceIDFullAccess":{ + "CreateDate":"2021-09-26T19:04:10+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"voiceid:*", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-26T19:04:10+00:00" + }, + "AmazonConnect_FullAccess":{ + "CreateDate":"2020-11-20T19:54:21+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "connect:*", + "ds:CreateAlias", + "ds:AuthorizeApplication", + "ds:CreateIdentityPoolDirectory", + "ds:DeleteDirectory", + "ds:DescribeDirectories", + "ds:UnauthorizeApplication", + "firehose:DescribeDeliveryStream", + "firehose:ListDeliveryStreams", + "kinesis:DescribeStream", + "kinesis:ListStreams", + "kms:DescribeKey", + "kms:ListAliases", + "lex:GetBots", + "lex:ListBots", + "lex:ListBotAliases", + "logs:CreateLogGroup", + "s3:GetBucketLocation", + "s3:ListAllMyBuckets", + "lambda:ListFunctions", + "ds:CheckAlias", + "profile:ListAccountIntegrations", + "profile:GetDomain", + "profile:ListDomains", + "profile:GetProfileObjectType", + "profile:ListProfileObjectTypeTemplates" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "profile:AddProfileKey", + "profile:CreateDomain", + "profile:CreateProfile", + "profile:DeleteDomain", + "profile:DeleteIntegration", + "profile:DeleteProfile", + "profile:DeleteProfileKey", + "profile:DeleteProfileObject", + "profile:DeleteProfileObjectType", + "profile:GetIntegration", + "profile:GetMatches", + "profile:GetProfileObjectType", + "profile:ListIntegrations", + "profile:ListProfileObjects", + "profile:ListProfileObjectTypes", + "profile:ListTagsForResource", + "profile:MergeProfiles", + "profile:PutIntegration", + "profile:PutProfileObject", + "profile:PutProfileObjectType", + "profile:SearchProfiles", + "profile:TagResource", + "profile:UntagResource", + "profile:UpdateDomain", + "profile:UpdateProfile" + ], + "Effect":"Allow", + "Resource":"arn:aws:profile:*:*:domains/amazon-connect-*" + }, + { + "Action":[ + "s3:CreateBucket", + "s3:GetBucketAcl" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::amazon-connect-*" + }, + { + "Action":[ + "servicequotas:GetServiceQuota" + ], + "Effect":"Allow", + "Resource":"arn:aws:servicequotas:*:*:connect/*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"connect.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:DeleteServiceLinkedRole", + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-23T22:05:12+00:00" + }, + "AmazonDMSCloudWatchLogsRole":{ + "CreateDate":"2016-01-07T23:44:53+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:DescribeLogGroups" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"AllowDescribeOnAllLogGroups" + }, + { + "Action":[ + "logs:DescribeLogStreams" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:dms-tasks-*" + ], + "Sid":"AllowDescribeOfAllLogStreamsOnDmsTasksLogGroup" + }, + { + "Action":[ + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:dms-tasks-*" + ], + "Sid":"AllowCreationOfDmsTasksLogGroups" + }, + { + "Action":[ + "logs:CreateLogStream" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:dms-tasks-*:log-stream:dms-task-*" + ], + "Sid":"AllowCreationOfDmsTaskLogStream" + }, + { + "Action":[ + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:dms-tasks-*:log-stream:dms-task-*" + ], + "Sid":"AllowUploadOfLogEventsToDmsTaskLogStream" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-01-07T23:44:53+00:00" + }, + "AmazonDMSRedshiftS3Role":{ + "CreateDate":"2016-04-20T17:05:56+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:CreateBucket", + "s3:ListBucket", + "s3:DeleteBucket", + "s3:GetBucketLocation", + "s3:GetObject", + "s3:PutObject", + "s3:DeleteObject", + "s3:GetObjectVersion", + "s3:GetBucketPolicy", + "s3:PutBucketPolicy", + "s3:GetBucketAcl", + "s3:PutBucketVersioning", + "s3:GetBucketVersioning", + "s3:PutLifecycleConfiguration", + "s3:GetLifecycleConfiguration", + "s3:DeleteBucketPolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::dms-*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-07-08T18:19:14+00:00" + }, + "AmazonDMSVPCManagementRole":{ + "CreateDate":"2015-11-18T16:33:19+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateNetworkInterface", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DeleteNetworkInterface", + "ec2:ModifyNetworkInterfaceAttribute" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-05-23T16:29:57+00:00" + }, + "AmazonDRSVPCManagement":{ + "CreateDate":"2015-09-02T00:09:20+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs", + "ec2:DeleteNetworkInterface", + "ec2:DeleteSecurityGroup", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:RevokeSecurityGroupIngress" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-09-02T00:09:20+00:00" + }, + "AmazonDetectiveFullAccess":{ + "CreateDate":"2020-04-30T17:57:15+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "detective:*", + "organizations:DescribeOrganization", + "organizations:ListAccounts" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "guardduty:ArchiveFindings" + ], + "Effect":"Allow", + "Resource":"arn:aws:guardduty:*:*:detector/*" + }, + { + "Action":[ + "guardduty:ListDetectors" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-10-21T22:07:28+00:00" + }, + "AmazonDetectiveServiceLinkedRolePolicy":{ + "CreateDate":"2021-11-18T19:47:32+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "organizations:DescribeAccount", + "organizations:ListAccounts" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-18T19:47:32+00:00" + }, + "AmazonDevOpsGuruConsoleFullAccess":{ + "CreateDate":"2021-12-17T18:43:09+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "devops-guru:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DevOpsGuruFullAccess" + }, + { + "Action":[ + "cloudformation:DescribeStacks", + "cloudformation:ListStacks" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudFormationListStacksAccess" + }, + { + "Action":[ + "cloudwatch:GetMetricData" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudWatchGetMetricDataAccess" + }, + { + "Action":[ + "sns:ListTopics" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SnsListTopicsAccess" + }, + { + "Action":[ + "sns:CreateTopic", + "sns:GetTopicAttributes", + "sns:SetTopicAttributes", + "sns:Publish" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:DevOps-Guru-*", + "Sid":"SnsTopicOperations" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"devops-guru.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru", + "Sid":"DevOpsGuruSlrCreation" + }, + { + "Action":[ + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru", + "Sid":"DevOpsGuruSlrDeletion" + }, + { + "Action":[ + "rds:DescribeDBInstances" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"RDSDescribeDBInstancesAccess" + }, + { + "Action":[ + "pi:GetResourceMetrics", + "pi:DescribeDimensionKeys" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"PerformanceInsightsMetricsDataAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-12-17T18:43:09+00:00" + }, + "AmazonDevOpsGuruFullAccess":{ + "CreateDate":"2020-12-01T16:38:12+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "devops-guru:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DevOpsGuruFullAccess" + }, + { + "Action":[ + "cloudformation:DescribeStacks", + "cloudformation:ListStacks" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudFormationListStacksAccess" + }, + { + "Action":[ + "cloudwatch:GetMetricData" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudWatchGetMetricDataAccess" + }, + { + "Action":[ + "sns:ListTopics" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SnsListTopicsAccess" + }, + { + "Action":[ + "sns:CreateTopic", + "sns:GetTopicAttributes", + "sns:SetTopicAttributes", + "sns:Publish" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:DevOps-Guru-*", + "Sid":"SnsTopicOperations" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"devops-guru.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru", + "Sid":"DevOpsGuruSlrCreation" + }, + { + "Action":[ + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru", + "Sid":"DevOpsGuruSlrDeletion" + }, + { + "Action":[ + "rds:DescribeDBInstances" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"RDSDescribeDBInstancesAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-26T20:39:13+00:00" + }, + "AmazonDevOpsGuruOrganizationsAccess":{ + "CreateDate":"2021-11-15T23:50:52+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "devops-guru:DescribeOrganizationHealth", + "devops-guru:DescribeOrganizationResourceCollectionHealth", + "devops-guru:DescribeOrganizationOverview", + "devops-guru:ListOrganizationInsights", + "devops-guru:SearchOrganizationInsights" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DevOpsGuruOrganizationsAccess" + }, + { + "Action":[ + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListAccounts", + "organizations:ListChildren", + "organizations:ListOrganizationalUnitsForParent", + "organizations:ListRoots" + ], + "Effect":"Allow", + "Resource":"arn:aws:organizations::*:", + "Sid":"OrganizationsDataAccess" + }, + { + "Action":[ + "organizations:DeregisterDelegatedAdministrator", + "organizations:RegisterDelegatedAdministrator", + "organizations:ListDelegatedAdministrators", + "organizations:EnableAWSServiceAccess", + "organizations:DisableAWSServiceAccess" + ], + "Condition":{ + "StringEquals":{ + "organizations:ServicePrincipal":[ + "devops-guru.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"OrganizationsAdminDataAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-15T23:50:52+00:00" + }, + "AmazonDevOpsGuruReadOnlyAccess":{ + "CreateDate":"2020-12-01T16:34:40+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "devops-guru:DescribeAccountHealth", + "devops-guru:DescribeAccountOverview", + "devops-guru:DescribeAnomaly", + "devops-guru:DescribeEventSourcesConfig", + "devops-guru:DescribeFeedback", + "devops-guru:DescribeInsight", + "devops-guru:DescribeResourceCollectionHealth", + "devops-guru:DescribeServiceIntegration", + "devops-guru:GetCostEstimation", + "devops-guru:GetResourceCollection", + "devops-guru:ListAnomaliesForInsight", + "devops-guru:ListEvents", + "devops-guru:ListInsights", + "devops-guru:ListNotificationChannels", + "devops-guru:ListRecommendations", + "devops-guru:SearchInsights", + "devops-guru:StartCostEstimation" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DevOpsGuruReadOnlyAccess" + }, + { + "Action":[ + "cloudformation:DescribeStacks", + "cloudformation:ListStacks" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudFormationListStacksAccess" + }, + { + "Action":[ + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru" + }, + { + "Action":[ + "cloudwatch:GetMetricData" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudWatchGetMetricDataAccess" + }, + { + "Action":[ + "rds:DescribeDBInstances" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"RDSDescribeDBInstancesAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-03-04T02:37:19+00:00" + }, + "AmazonDevOpsGuruServiceRolePolicy":{ + "CreateDate":"2020-12-01T10:24:42+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "autoscaling:DescribeAutoScalingGroups", + "cloudtrail:LookupEvents", + "cloudwatch:GetMetricData", + "cloudwatch:ListMetrics", + "cloudwatch:DescribeAnomalyDetectors", + "cloudwatch:DescribeAlarms", + "cloudwatch:ListDashboards", + "cloudwatch:GetDashboard", + "cloudformation:GetTemplate", + "cloudformation:ListStacks", + "cloudformation:ListStackResources", + "cloudformation:DescribeStacks", + "cloudformation:ListImports", + "codedeploy:BatchGetDeployments", + "codedeploy:GetDeploymentGroup", + "codedeploy:ListDeployments", + "config:DescribeConfigurationRecorderStatus", + "config:GetResourceConfigHistory", + "events:ListRuleNamesByTarget", + "xray:GetServiceGraph", + "organizations:ListRoots", + "organizations:ListChildren", + "organizations:ListDelegatedAdministrators", + "pi:GetResourceMetrics", + "tag:GetResources", + "lambda:GetFunction", + "lambda:GetFunctionConcurrency", + "lambda:GetAccountSettings", + "lambda:ListProvisionedConcurrencyConfigs", + "lambda:ListAliases", + "lambda:ListEventSourceMappings", + "lambda:GetPolicy", + "ec2:DescribeSubnets", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingPolicies", + "sqs:GetQueueAttributes", + "kinesis:DescribeStream", + "kinesis:DescribeLimits", + "dynamodb:DescribeTable", + "dynamodb:DescribeLimits", + "dynamodb:DescribeContinuousBackups", + "dynamodb:DescribeStream", + "dynamodb:ListStreams", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "rds:DescribeDBInstances", + "rds:DescribeDBClusters", + "rds:DescribeOptionGroups", + "rds:DescribeDBClusterParameters", + "rds:DescribeDBInstanceAutomatedBackups", + "rds:DescribeAccountAttributes" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "events:PutTargets", + "events:PutRule" + ], + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/DevOps-Guru-managed-*", + "Sid":"AllowPutTargetsOnASpecificRule" + }, + { + "Action":[ + "ssm:CreateOpsItem" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowCreateOpsItem" + }, + { + "Action":[ + "ssm:AddTagsToResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:opsitem/*", + "Sid":"AllowAddTagsToOpsItem" + }, + { + "Action":[ + "ssm:GetOpsItem", + "ssm:UpdateOpsItem" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/DevOps-GuruInsightSsmOpsItemRelated":"true" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowAccessOpsItem" + }, + { + "Action":"events:PutRule", + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/DevOpsGuruManagedRule*", + "Sid":"AllowCreateManagedRule" + }, + { + "Action":[ + "events:DescribeRule", + "events:ListTargetsByRule" + ], + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/DevOpsGuruManagedRule*", + "Sid":"AllowAccessManagedRule" + }, + { + "Action":[ + "events:DeleteRule", + "events:EnableRule", + "events:DisableRule", + "events:PutTargets", + "events:RemoveTargets" + ], + "Condition":{ + "StringEquals":{ + "events:ManagedBy":"devops-guru.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/DevOpsGuruManagedRule*", + "Sid":"AllowOtherOperationsOnManagedRule" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-02-07T19:30:10+00:00" + }, + "AmazonDocDBConsoleFullAccess":{ + "CreateDate":"2019-01-09T20:37:28+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "rds:AddRoleToDBCluster", + "rds:AddSourceIdentifierToSubscription", + "rds:AddTagsToResource", + "rds:ApplyPendingMaintenanceAction", + "rds:CopyDBClusterParameterGroup", + "rds:CopyDBClusterSnapshot", + "rds:CopyDBParameterGroup", + "rds:CreateDBCluster", + "rds:CreateDBClusterParameterGroup", + "rds:CreateDBClusterSnapshot", + "rds:CreateDBInstance", + "rds:CreateDBParameterGroup", + "rds:CreateDBSubnetGroup", + "rds:CreateEventSubscription", + "rds:DeleteDBCluster", + "rds:DeleteDBClusterParameterGroup", + "rds:DeleteDBClusterSnapshot", + "rds:DeleteDBInstance", + "rds:DeleteDBParameterGroup", + "rds:DeleteDBSubnetGroup", + "rds:DeleteEventSubscription", + "rds:DescribeAccountAttributes", + "rds:DescribeCertificates", + "rds:DescribeDBClusterParameterGroups", + "rds:DescribeDBClusterParameters", + "rds:DescribeDBClusterSnapshotAttributes", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBClusters", + "rds:DescribeDBEngineVersions", + "rds:DescribeDBInstances", + "rds:DescribeDBLogFiles", + "rds:DescribeDBParameterGroups", + "rds:DescribeDBParameters", + "rds:DescribeDBSecurityGroups", + "rds:DescribeDBSubnetGroups", + "rds:DescribeEngineDefaultClusterParameters", + "rds:DescribeEngineDefaultParameters", + "rds:DescribeEventCategories", + "rds:DescribeEventSubscriptions", + "rds:DescribeEvents", + "rds:DescribeOptionGroups", + "rds:DescribeOrderableDBInstanceOptions", + "rds:DescribePendingMaintenanceActions", + "rds:DescribeValidDBInstanceModifications", + "rds:DownloadDBLogFilePortion", + "rds:FailoverDBCluster", + "rds:ListTagsForResource", + "rds:ModifyDBCluster", + "rds:ModifyDBClusterParameterGroup", + "rds:ModifyDBClusterSnapshotAttribute", + "rds:ModifyDBInstance", + "rds:ModifyDBParameterGroup", + "rds:ModifyDBSubnetGroup", + "rds:ModifyEventSubscription", + "rds:PromoteReadReplicaDBCluster", + "rds:RebootDBInstance", + "rds:RemoveRoleFromDBCluster", + "rds:RemoveSourceIdentifierFromSubscription", + "rds:RemoveTagsFromResource", + "rds:ResetDBClusterParameterGroup", + "rds:ResetDBParameterGroup", + "rds:RestoreDBClusterFromSnapshot", + "rds:RestoreDBClusterToPointInTime" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "iam:GetRole", + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "ec2:AllocateAddress", + "ec2:AssignIpv6Addresses", + "ec2:AssignPrivateIpAddresses", + "ec2:AssociateAddress", + "ec2:AssociateRouteTable", + "ec2:AssociateSubnetCidrBlock", + "ec2:AssociateVpcCidrBlock", + "ec2:AttachInternetGateway", + "ec2:AttachNetworkInterface", + "ec2:CreateCustomerGateway", + "ec2:CreateDefaultSubnet", + "ec2:CreateDefaultVpc", + "ec2:CreateInternetGateway", + "ec2:CreateNatGateway", + "ec2:CreateNetworkInterface", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSecurityGroup", + "ec2:CreateSubnet", + "ec2:CreateVpc", + "ec2:CreateVpcEndpoint", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeCustomerGateways", + "ec2:DescribeInstances", + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribePrefixLists", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroupReferences", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:ModifySubnetAttribute", + "ec2:ModifyVpcAttribute", + "ec2:ModifyVpcEndpoint", + "kms:DescribeKey", + "kms:ListAliases", + "kms:ListKeyPolicies", + "kms:ListKeys", + "kms:ListRetirableGrants", + "logs:DescribeLogStreams", + "logs:GetLogEvents", + "sns:ListSubscriptions", + "sns:ListTopics", + "sns:Publish" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"rds.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-04-05T22:42:40+00:00" + }, + "AmazonDocDBFullAccess":{ + "CreateDate":"2019-01-09T20:21:44+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "rds:AddRoleToDBCluster", + "rds:AddSourceIdentifierToSubscription", + "rds:AddTagsToResource", + "rds:ApplyPendingMaintenanceAction", + "rds:CopyDBClusterParameterGroup", + "rds:CopyDBClusterSnapshot", + "rds:CopyDBParameterGroup", + "rds:CreateDBCluster", + "rds:CreateDBClusterParameterGroup", + "rds:CreateDBClusterSnapshot", + "rds:CreateDBInstance", + "rds:CreateDBParameterGroup", + "rds:CreateDBSubnetGroup", + "rds:CreateEventSubscription", + "rds:DeleteDBCluster", + "rds:DeleteDBClusterParameterGroup", + "rds:DeleteDBClusterSnapshot", + "rds:DeleteDBInstance", + "rds:DeleteDBParameterGroup", + "rds:DeleteDBSubnetGroup", + "rds:DeleteEventSubscription", + "rds:DescribeAccountAttributes", + "rds:DescribeCertificates", + "rds:DescribeDBClusterParameterGroups", + "rds:DescribeDBClusterParameters", + "rds:DescribeDBClusterSnapshotAttributes", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBClusters", + "rds:DescribeDBEngineVersions", + "rds:DescribeDBInstances", + "rds:DescribeDBLogFiles", + "rds:DescribeDBParameterGroups", + "rds:DescribeDBParameters", + "rds:DescribeDBSecurityGroups", + "rds:DescribeDBSubnetGroups", + "rds:DescribeEngineDefaultClusterParameters", + "rds:DescribeEngineDefaultParameters", + "rds:DescribeEventCategories", + "rds:DescribeEventSubscriptions", + "rds:DescribeEvents", + "rds:DescribeOptionGroups", + "rds:DescribeOrderableDBInstanceOptions", + "rds:DescribePendingMaintenanceActions", + "rds:DescribeValidDBInstanceModifications", + "rds:DownloadDBLogFilePortion", + "rds:FailoverDBCluster", + "rds:ListTagsForResource", + "rds:ModifyDBCluster", + "rds:ModifyDBClusterParameterGroup", + "rds:ModifyDBClusterSnapshotAttribute", + "rds:ModifyDBInstance", + "rds:ModifyDBParameterGroup", + "rds:ModifyDBSubnetGroup", + "rds:ModifyEventSubscription", + "rds:PromoteReadReplicaDBCluster", + "rds:RebootDBInstance", + "rds:RemoveRoleFromDBCluster", + "rds:RemoveSourceIdentifierFromSubscription", + "rds:RemoveTagsFromResource", + "rds:ResetDBClusterParameterGroup", + "rds:ResetDBParameterGroup", + "rds:RestoreDBClusterFromSnapshot", + "rds:RestoreDBClusterToPointInTime" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs", + "kms:ListAliases", + "kms:ListKeyPolicies", + "kms:ListKeys", + "kms:ListRetirableGrants", + "logs:DescribeLogStreams", + "logs:GetLogEvents", + "sns:ListSubscriptions", + "sns:ListTopics", + "sns:Publish" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"rds.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-01-09T20:21:44+00:00" + }, + "AmazonDocDBReadOnlyAccess":{ + "CreateDate":"2019-01-09T20:30:28+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "rds:DescribeAccountAttributes", + "rds:DescribeCertificates", + "rds:DescribeDBClusterParameterGroups", + "rds:DescribeDBClusterParameters", + "rds:DescribeDBClusterSnapshotAttributes", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBClusters", + "rds:DescribeDBEngineVersions", + "rds:DescribeDBInstances", + "rds:DescribeDBLogFiles", + "rds:DescribeDBParameterGroups", + "rds:DescribeDBParameters", + "rds:DescribeDBSubnetGroups", + "rds:DescribeEventCategories", + "rds:DescribeEventSubscriptions", + "rds:DescribeEvents", + "rds:DescribeOrderableDBInstanceOptions", + "rds:DescribePendingMaintenanceActions", + "rds:DownloadDBLogFilePortion", + "rds:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:ListKeys", + "kms:ListRetirableGrants", + "kms:ListAliases", + "kms:ListKeyPolicies" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:DescribeLogStreams", + "logs:GetLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*", + "arn:aws:logs:*:*:log-group:/aws/docdb/*:log-stream:*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-01-09T20:30:28+00:00" + }, + "AmazonDynamoDBFullAccess":{ + "CreateDate":"2015-02-06T18:40:11+00:00", + "DefaultVersionId":"v15", + "Document":{ + "Statement":[ + { + "Action":[ + "dynamodb:*", + "dax:*", + "application-autoscaling:DeleteScalingPolicy", + "application-autoscaling:DeregisterScalableTarget", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingActivities", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:PutScalingPolicy", + "application-autoscaling:RegisterScalableTarget", + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarmHistory", + "cloudwatch:DescribeAlarms", + "cloudwatch:DescribeAlarmsForMetric", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "cloudwatch:PutMetricAlarm", + "cloudwatch:GetMetricData", + "datapipeline:ActivatePipeline", + "datapipeline:CreatePipeline", + "datapipeline:DeletePipeline", + "datapipeline:DescribeObjects", + "datapipeline:DescribePipelines", + "datapipeline:GetPipelineDefinition", + "datapipeline:ListPipelines", + "datapipeline:PutPipelineDefinition", + "datapipeline:QueryObjects", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "iam:GetRole", + "iam:ListRoles", + "kms:DescribeKey", + "kms:ListAliases", + "sns:CreateTopic", + "sns:DeleteTopic", + "sns:ListSubscriptions", + "sns:ListSubscriptionsByTopic", + "sns:ListTopics", + "sns:Subscribe", + "sns:Unsubscribe", + "sns:SetTopicAttributes", + "lambda:CreateFunction", + "lambda:ListFunctions", + "lambda:ListEventSourceMappings", + "lambda:CreateEventSourceMapping", + "lambda:DeleteEventSourceMapping", + "lambda:GetFunctionConfiguration", + "lambda:DeleteFunction", + "resource-groups:ListGroups", + "resource-groups:ListGroupResources", + "resource-groups:GetGroup", + "resource-groups:GetGroupQuery", + "resource-groups:DeleteGroup", + "resource-groups:CreateGroup", + "tag:GetResources", + "kinesis:ListStreams", + "kinesis:DescribeStream", + "kinesis:DescribeStreamSummary" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"cloudwatch:GetInsightRuleReport", + "Effect":"Allow", + "Resource":"arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":[ + "application-autoscaling.amazonaws.com", + "application-autoscaling.amazonaws.com.cn", + "dax.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "replication.dynamodb.amazonaws.com", + "dax.amazonaws.com", + "dynamodb.application-autoscaling.amazonaws.com", + "contributorinsights.dynamodb.amazonaws.com", + "kinesisreplication.dynamodb.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-01-29T17:38:30+00:00" + }, + "AmazonDynamoDBFullAccesswithDataPipeline":{ + "CreateDate":"2015-02-06T18:40:14+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarmHistory", + "cloudwatch:DescribeAlarms", + "cloudwatch:DescribeAlarmsForMetric", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "cloudwatch:PutMetricAlarm", + "dynamodb:*", + "sns:CreateTopic", + "sns:DeleteTopic", + "sns:ListSubscriptions", + "sns:ListSubscriptionsByTopic", + "sns:ListTopics", + "sns:Subscribe", + "sns:Unsubscribe", + "sns:SetTopicAttributes" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DDBConsole" + }, + { + "Action":[ + "lambda:*", + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DDBConsoleTriggers" + }, + { + "Action":[ + "datapipeline:*", + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DDBConsoleImportExport" + }, + { + "Action":[ + "iam:GetRolePolicy", + "iam:PassRole" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"IAMEDPRoles" + }, + { + "Action":[ + "ec2:CreateTags", + "ec2:DescribeInstances", + "ec2:RunInstances", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances", + "elasticmapreduce:*", + "datapipeline:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"EMR" + }, + { + "Action":[ + "s3:DeleteObject", + "s3:Get*", + "s3:List*", + "s3:Put*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"S3" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-11-12T02:17:42+00:00" + }, + "AmazonDynamoDBReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:40:12+00:00", + "DefaultVersionId":"v13", + "Document":{ + "Statement":[ + { + "Action":[ + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingActivities", + "application-autoscaling:DescribeScalingPolicies", + "cloudwatch:DescribeAlarmHistory", + "cloudwatch:DescribeAlarms", + "cloudwatch:DescribeAlarmsForMetric", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "cloudwatch:GetMetricData", + "datapipeline:DescribeObjects", + "datapipeline:DescribePipelines", + "datapipeline:GetPipelineDefinition", + "datapipeline:ListPipelines", + "datapipeline:QueryObjects", + "dynamodb:BatchGetItem", + "dynamodb:Describe*", + "dynamodb:List*", + "dynamodb:GetItem", + "dynamodb:Query", + "dynamodb:Scan", + "dynamodb:PartiQLSelect", + "dax:Describe*", + "dax:List*", + "dax:GetItem", + "dax:BatchGetItem", + "dax:Query", + "dax:Scan", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "iam:GetRole", + "iam:ListRoles", + "kms:DescribeKey", + "kms:ListAliases", + "sns:ListSubscriptionsByTopic", + "sns:ListTopics", + "lambda:ListFunctions", + "lambda:ListEventSourceMappings", + "lambda:GetFunctionConfiguration", + "resource-groups:ListGroups", + "resource-groups:ListGroupResources", + "resource-groups:GetGroup", + "resource-groups:GetGroupQuery", + "tag:GetResources", + "kinesis:ListStreams", + "kinesis:DescribeStream", + "kinesis:DescribeStreamSummary" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"cloudwatch:GetInsightRuleReport", + "Effect":"Allow", + "Resource":"arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-01-27T01:01:47+00:00" + }, + "AmazonEBSCSIDriverPolicy":{ + "CreateDate":"2022-04-04T17:24:29+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateSnapshot", + "ec2:AttachVolume", + "ec2:DetachVolume", + "ec2:ModifyVolume", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInstances", + "ec2:DescribeSnapshots", + "ec2:DescribeTags", + "ec2:DescribeVolumes", + "ec2:DescribeVolumesModifications" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":[ + "CreateVolume", + "CreateSnapshot" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:snapshot/*" + ] + }, + { + "Action":[ + "ec2:DeleteTags" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:snapshot/*" + ] + }, + { + "Action":[ + "ec2:CreateVolume" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/ebs.csi.aws.com/cluster":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateVolume" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/CSIVolumeName":"*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateVolume" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/kubernetes.io/cluster/*":"owned" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DeleteVolume" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/ebs.csi.aws.com/cluster":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DeleteVolume" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/CSIVolumeName":"*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DeleteVolume" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/kubernetes.io/cluster/*":"owned" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DeleteSnapshot" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/CSIVolumeSnapshotName":"*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DeleteSnapshot" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/ebs.csi.aws.com/cluster":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-04T17:24:29+00:00" + }, + "AmazonEC2ContainerRegistryFullAccess":{ + "CreateDate":"2015-12-21T17:06:48+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "ecr:*", + "cloudtrail:LookupEvents" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "replication.ecr.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-05T00:04:19+00:00" + }, + "AmazonEC2ContainerRegistryPowerUser":{ + "CreateDate":"2015-12-21T17:05:33+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "ecr:GetAuthorizationToken", + "ecr:BatchCheckLayerAvailability", + "ecr:GetDownloadUrlForLayer", + "ecr:GetRepositoryPolicy", + "ecr:DescribeRepositories", + "ecr:ListImages", + "ecr:DescribeImages", + "ecr:BatchGetImage", + "ecr:GetLifecyclePolicy", + "ecr:GetLifecyclePolicyPreview", + "ecr:ListTagsForResource", + "ecr:DescribeImageScanFindings", + "ecr:InitiateLayerUpload", + "ecr:UploadLayerPart", + "ecr:CompleteLayerUpload", + "ecr:PutImage" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-12-10T20:48:08+00:00" + }, + "AmazonEC2ContainerRegistryReadOnly":{ + "CreateDate":"2015-12-21T17:04:15+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "ecr:GetAuthorizationToken", + "ecr:BatchCheckLayerAvailability", + "ecr:GetDownloadUrlForLayer", + "ecr:GetRepositoryPolicy", + "ecr:DescribeRepositories", + "ecr:ListImages", + "ecr:DescribeImages", + "ecr:BatchGetImage", + "ecr:GetLifecyclePolicy", + "ecr:GetLifecyclePolicyPreview", + "ecr:ListTagsForResource", + "ecr:DescribeImageScanFindings" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-12-10T20:56:32+00:00" + }, + "AmazonEC2ContainerServiceAutoscaleRole":{ + "CreateDate":"2016-05-12T23:25:44+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ecs:DescribeServices", + "ecs:UpdateService" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "cloudwatch:DescribeAlarms", + "cloudwatch:PutMetricAlarm" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-02-05T19:15:15+00:00" + }, + "AmazonEC2ContainerServiceEventsRole":{ + "CreateDate":"2017-05-30T16:51:35+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ecs:RunTask" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":"ecs-tasks.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-05-22T19:13:11+00:00" + }, + "AmazonEC2ContainerServiceRole":{ + "CreateDate":"2015-04-09T16:14:19+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:Describe*", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:DeregisterTargets", + "elasticloadbalancing:Describe*", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer", + "elasticloadbalancing:RegisterTargets" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-08-11T13:08:01+00:00" + }, + "AmazonEC2ContainerServiceforEC2Role":{ + "CreateDate":"2015-03-19T18:45:18+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeTags", + "ecs:CreateCluster", + "ecs:DeregisterContainerInstance", + "ecs:DiscoverPollEndpoint", + "ecs:Poll", + "ecs:RegisterContainerInstance", + "ecs:StartTelemetrySession", + "ecs:UpdateContainerInstancesState", + "ecs:Submit*", + "ecr:GetAuthorizationToken", + "ecr:BatchCheckLayerAvailability", + "ecr:GetDownloadUrlForLayer", + "ecr:BatchGetImage", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-13T19:11:37+00:00" + }, + "AmazonEC2FullAccess":{ + "CreateDate":"2015-02-06T18:40:15+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":"ec2:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"elasticloadbalancing:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"cloudwatch:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"autoscaling:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "autoscaling.amazonaws.com", + "ec2scheduled.amazonaws.com", + "elasticloadbalancing.amazonaws.com", + "spot.amazonaws.com", + "spotfleet.amazonaws.com", + "transitgateway.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-11-27T02:16:56+00:00" + }, + "AmazonEC2ReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:40:17+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"ec2:Describe*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"elasticloadbalancing:Describe*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:ListMetrics", + "cloudwatch:GetMetricStatistics", + "cloudwatch:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"autoscaling:Describe*", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:40:17+00:00" + }, + "AmazonEC2RolePolicyForLaunchWizard":{ + "CreateDate":"2019-11-13T08:05:53+00:00", + "DefaultVersionId":"v10", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:AttachVolume", + "ec2:RebootInstances", + "ec2:StartInstances", + "ec2:StopInstances" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/LaunchWizardResourceGroupID":"*" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":[ + "ec2:ReplaceRoute" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/LaunchWizardApplicationType":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:route-table/*" + }, + { + "Action":[ + "ec2:DescribeAddresses", + "ec2:AssociateAddress", + "ec2:DescribeInstances", + "ec2:DescribeImages", + "ec2:DescribeRegions", + "ec2:DescribeVolumes", + "ec2:DescribeRouteTables", + "ec2:ModifyInstanceAttribute", + "cloudwatch:GetMetricStatistics", + "cloudwatch:PutMetricData", + "ssm:GetCommandInvocation" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateTags", + "ec2:CreateVolume" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "LaunchWizardResourceGroupID", + "LaunchWizardApplicationType" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*" + }, + { + "Action":[ + "s3:GetObject", + "s3:ListBucket", + "s3:PutObject", + "s3:PutObjectTagging", + "s3:GetBucketLocation", + "logs:PutLogEvents", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:*", + "arn:aws:s3:::launchwizard*", + "arn:aws:s3:::aws-sap-data-provider/config.properties" + ] + }, + { + "Action":"logs:Create*", + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:*" + }, + { + "Action":[ + "ec2:Describe*", + "cloudformation:DescribeStackResources", + "cloudformation:SignalResource", + "cloudformation:DescribeStackResource", + "cloudformation:DescribeStacks" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"LaunchWizardResourceGroupID" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "dynamodb:BatchGetItem", + "dynamodb:PutItem", + "sqs:ReceiveMessage", + "sqs:SendMessage", + "dynamodb:Scan", + "s3:ListBucket", + "dynamodb:Query", + "dynamodb:UpdateItem", + "dynamodb:DeleteTable", + "dynamodb:CreateTable", + "s3:GetObject", + "dynamodb:DescribeTable", + "s3:GetBucketLocation", + "dynamodb:UpdateTable" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::launchwizard*", + "arn:aws:dynamodb:*:*:table/LaunchWizard*", + "arn:aws:sqs:*:*:LaunchWizard*" + ] + }, + { + "Action":"ssm:SendCommand", + "Condition":{ + "StringLike":{ + "ssm:resourceTag/LaunchWizardApplicationType":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ssm:SendCommand", + "ssm:GetDocument" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:document/AWSSAP-InstallBackint" + ] + }, + { + "Action":[ + "fsx:DescribeFileSystems", + "fsx:ListTagsForResource", + "fsx:DescribeStorageVirtualMachines" + ], + "Condition":{ + "ForAllValues:StringLike":{ + "aws:TagKeys":"LaunchWizard*" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-16T21:16:38+00:00" + }, + "AmazonEC2RoleforAWSCodeDeploy":{ + "CreateDate":"2015-05-19T18:10:14+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:GetObject", + "s3:GetObjectVersion", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-03-20T17:14:10+00:00" + }, + "AmazonEC2RoleforAWSCodeDeployLimited":{ + "CreateDate":"2020-08-24T17:55:18+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:GetObject", + "s3:GetObjectVersion", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*/CodeDeploy/*" + }, + { + "Action":[ + "s3:GetObject", + "s3:GetObjectVersion" + ], + "Condition":{ + "StringEquals":{ + "s3:ExistingObjectTag/UseWithCodeDeploy":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-01-20T21:37:31+00:00" + }, + "AmazonEC2RoleforDataPipelineRole":{ + "CreateDate":"2015-02-06T18:41:25+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:*", + "datapipeline:*", + "dynamodb:*", + "ec2:Describe*", + "elasticmapreduce:AddJobFlowSteps", + "elasticmapreduce:Describe*", + "elasticmapreduce:ListInstance*", + "elasticmapreduce:ModifyInstanceGroups", + "rds:Describe*", + "redshift:DescribeClusters", + "redshift:DescribeClusterSecurityGroups", + "s3:*", + "sdb:*", + "sns:*", + "sqs:*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-02-22T17:24:05+00:00" + }, + "AmazonEC2RoleforSSM":{ + "CreateDate":"2015-05-29T17:48:35+00:00", + "DefaultVersionId":"v8", + "Document":{ + "Statement":[ + { + "Action":[ + "ssm:DescribeAssociation", + "ssm:GetDeployablePatchSnapshotForInstance", + "ssm:GetDocument", + "ssm:DescribeDocument", + "ssm:GetManifest", + "ssm:GetParameters", + "ssm:ListAssociations", + "ssm:ListInstanceAssociations", + "ssm:PutInventory", + "ssm:PutComplianceItems", + "ssm:PutConfigurePackageResult", + "ssm:UpdateAssociationStatus", + "ssm:UpdateInstanceAssociationStatus", + "ssm:UpdateInstanceInformation" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2messages:AcknowledgeMessage", + "ec2messages:DeleteMessage", + "ec2messages:FailMessage", + "ec2messages:GetEndpoint", + "ec2messages:GetMessages", + "ec2messages:SendReply" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeInstanceStatus" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ds:CreateComputer", + "ds:DescribeDirectories" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetBucketLocation", + "s3:PutObject", + "s3:GetObject", + "s3:GetEncryptionConfiguration", + "s3:AbortMultipartUpload", + "s3:ListMultipartUploadParts", + "s3:ListBucket", + "s3:ListBucketMultipartUploads" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-01-24T19:20:51+00:00" + }, + "AmazonEC2SpotFleetAutoscaleRole":{ + "CreateDate":"2016-08-19T18:27:22+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeSpotFleetRequests", + "ec2:ModifySpotFleetRequest" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "cloudwatch:DescribeAlarms", + "cloudwatch:PutMetricAlarm", + "cloudwatch:DeleteAlarms" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"ec2.application-autoscaling.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/ec2.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_EC2SpotFleetRequest" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-02-18T19:17:03+00:00" + }, + "AmazonEC2SpotFleetTaggingRole":{ + "CreateDate":"2017-06-29T18:19:29+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeImages", + "ec2:DescribeSubnets", + "ec2:RequestSpotInstances", + "ec2:TerminateInstances", + "ec2:DescribeInstanceStatus", + "ec2:CreateTags", + "ec2:RunInstances" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "ec2.amazonaws.com", + "ec2.amazonaws.com.cn" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "elasticloadbalancing:RegisterInstancesWithLoadBalancer" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:elasticloadbalancing:*:*:loadbalancer/*" + ] + }, + { + "Action":[ + "elasticloadbalancing:RegisterTargets" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:elasticloadbalancing:*:*:*/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-04-23T19:30:49+00:00" + }, + "AmazonECSServiceRolePolicy":{ + "CreateDate":"2017-10-14T01:18:58+00:00", + "DefaultVersionId":"v8", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:AttachNetworkInterface", + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:DeleteNetworkInterface", + "ec2:DeleteNetworkInterfacePermission", + "ec2:Describe*", + "ec2:DetachNetworkInterface", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:DeregisterTargets", + "elasticloadbalancing:Describe*", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer", + "elasticloadbalancing:RegisterTargets", + "route53:ChangeResourceRecordSets", + "route53:CreateHealthCheck", + "route53:DeleteHealthCheck", + "route53:Get*", + "route53:List*", + "route53:UpdateHealthCheck", + "servicediscovery:DeregisterInstance", + "servicediscovery:Get*", + "servicediscovery:List*", + "servicediscovery:RegisterInstance", + "servicediscovery:UpdateInstanceCustomHealthStatus" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ECSTaskManagement" + }, + { + "Action":[ + "autoscaling:Describe*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AutoScaling" + }, + { + "Action":[ + "autoscaling:DeletePolicy", + "autoscaling:PutScalingPolicy", + "autoscaling:SetInstanceProtection", + "autoscaling:UpdateAutoScalingGroup" + ], + "Condition":{ + "Null":{ + "autoscaling:ResourceTag/AmazonECSManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AutoScalingManagement" + }, + { + "Action":[ + "autoscaling-plans:CreateScalingPlan", + "autoscaling-plans:DeleteScalingPlan", + "autoscaling-plans:DescribeScalingPlans" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AutoScalingPlanManagement" + }, + { + "Action":[ + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarms", + "cloudwatch:PutMetricAlarm" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudwatch:*:*:alarm:*", + "Sid":"CWAlarmManagement" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*", + "Sid":"ECSTagging" + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:DescribeLogGroups", + "logs:PutRetentionPolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/ecs/*", + "Sid":"CWLogGroupManagement" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:DescribeLogStreams", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/ecs/*:log-stream:*", + "Sid":"CWLogStreamManagement" + }, + { + "Action":[ + "ssm:DescribeSessions" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ExecuteCommandSessionManagement" + }, + { + "Action":[ + "ssm:StartSession" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ecs:*:*:task/*", + "arn:aws:ssm:*:*:document/AmazonECS-ExecuteInteractiveCommand" + ], + "Sid":"ExecuteCommand" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-01-13T20:04:13+00:00" + }, + "AmazonECSTaskExecutionRolePolicy":{ + "CreateDate":"2017-11-16T18:48:22+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ecr:GetAuthorizationToken", + "ecr:BatchCheckLayerAvailability", + "ecr:GetDownloadUrlForLayer", + "ecr:BatchGetImage", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-11-16T18:48:22+00:00" + }, + "AmazonECS_FullAccess":{ + "CreateDate":"2017-11-07T21:36:54+00:00", + "DefaultVersionId":"v19", + "Document":{ + "Statement":[ + { + "Action":[ + "application-autoscaling:DeleteScalingPolicy", + "application-autoscaling:DeregisterScalableTarget", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingActivities", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:PutScalingPolicy", + "application-autoscaling:RegisterScalableTarget", + "appmesh:DescribeVirtualGateway", + "appmesh:DescribeVirtualNode", + "appmesh:ListMeshes", + "appmesh:ListVirtualGateways", + "appmesh:ListVirtualNodes", + "autoscaling:CreateAutoScalingGroup", + "autoscaling:CreateLaunchConfiguration", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:DeleteLaunchConfiguration", + "autoscaling:Describe*", + "autoscaling:UpdateAutoScalingGroup", + "cloudformation:CreateStack", + "cloudformation:DeleteStack", + "cloudformation:DescribeStack*", + "cloudformation:UpdateStack", + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricStatistics", + "cloudwatch:PutMetricAlarm", + "codedeploy:BatchGetApplicationRevisions", + "codedeploy:BatchGetApplications", + "codedeploy:BatchGetDeploymentGroups", + "codedeploy:BatchGetDeployments", + "codedeploy:ContinueDeployment", + "codedeploy:CreateApplication", + "codedeploy:CreateDeployment", + "codedeploy:CreateDeploymentGroup", + "codedeploy:GetApplication", + "codedeploy:GetApplicationRevision", + "codedeploy:GetDeployment", + "codedeploy:GetDeploymentConfig", + "codedeploy:GetDeploymentGroup", + "codedeploy:GetDeploymentTarget", + "codedeploy:ListApplicationRevisions", + "codedeploy:ListApplications", + "codedeploy:ListDeploymentConfigs", + "codedeploy:ListDeploymentGroups", + "codedeploy:ListDeployments", + "codedeploy:ListDeploymentTargets", + "codedeploy:RegisterApplicationRevision", + "codedeploy:StopDeployment", + "ec2:AssociateRouteTable", + "ec2:AttachInternetGateway", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CancelSpotFleetRequests", + "ec2:CreateInternetGateway", + "ec2:CreateLaunchTemplate", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSecurityGroup", + "ec2:CreateSubnet", + "ec2:CreateVpc", + "ec2:DeleteLaunchTemplate", + "ec2:DeleteSubnet", + "ec2:DeleteVpc", + "ec2:Describe*", + "ec2:DetachInternetGateway", + "ec2:DisassociateRouteTable", + "ec2:ModifySubnetAttribute", + "ec2:ModifyVpcAttribute", + "ec2:RequestSpotFleet", + "ec2:RunInstances", + "ecs:*", + "elasticfilesystem:DescribeAccessPoints", + "elasticfilesystem:DescribeFileSystems", + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:CreateTargetGroup", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:DeleteRule", + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTargetGroups", + "events:DeleteRule", + "events:DescribeRule", + "events:ListRuleNamesByTarget", + "events:ListTargetsByRule", + "events:PutRule", + "events:PutTargets", + "events:RemoveTargets", + "fsx:DescribeFileSystems", + "iam:ListAttachedRolePolicies", + "iam:ListInstanceProfiles", + "iam:ListRoles", + "lambda:ListFunctions", + "logs:CreateLogGroup", + "logs:DescribeLogGroups", + "logs:FilterLogEvents", + "route53:CreateHostedZone", + "route53:DeleteHostedZone", + "route53:GetHealthCheck", + "route53:GetHostedZone", + "route53:ListHostedZonesByName", + "servicediscovery:CreatePrivateDnsNamespace", + "servicediscovery:CreateService", + "servicediscovery:DeleteService", + "servicediscovery:GetNamespace", + "servicediscovery:GetOperation", + "servicediscovery:GetService", + "servicediscovery:ListNamespaces", + "servicediscovery:ListServices", + "servicediscovery:UpdateService", + "sns:ListTopics" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ssm:GetParameter", + "ssm:GetParameters", + "ssm:GetParametersByPath" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:parameter/aws/service/ecs*" + }, + { + "Action":[ + "ec2:DeleteInternetGateway", + "ec2:DeleteRoute", + "ec2:DeleteRouteTable", + "ec2:DeleteSecurityGroup" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/aws:cloudformation:stack-name":"EC2ContainerService-*" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":"ecs-tasks.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":[ + "ec2.amazonaws.com", + "ec2.amazonaws.com.cn" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/ecsInstanceRole*" + ] + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":[ + "application-autoscaling.amazonaws.com", + "application-autoscaling.amazonaws.com.cn" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/ecsAutoscaleRole*" + ] + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":[ + "autoscaling.amazonaws.com", + "ecs.amazonaws.com", + "ecs.application-autoscaling.amazonaws.com", + "spot.amazonaws.com", + "spotfleet.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-10-12T21:02:23+00:00" + }, + "AmazonEKSClusterPolicy":{ + "CreateDate":"2018-05-27T21:06:14+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:UpdateAutoScalingGroup", + "ec2:AttachVolume", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateRoute", + "ec2:CreateSecurityGroup", + "ec2:CreateTags", + "ec2:CreateVolume", + "ec2:DeleteRoute", + "ec2:DeleteSecurityGroup", + "ec2:DeleteVolume", + "ec2:DescribeInstances", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVolumes", + "ec2:DescribeVolumesModifications", + "ec2:DescribeVpcs", + "ec2:DescribeDhcpOptions", + "ec2:DescribeNetworkInterfaces", + "ec2:DetachVolume", + "ec2:ModifyInstanceAttribute", + "ec2:ModifyVolume", + "ec2:RevokeSecurityGroupIngress", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeInternetGateways", + "elasticloadbalancing:AddTags", + "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", + "elasticloadbalancing:AttachLoadBalancerToSubnets", + "elasticloadbalancing:ConfigureHealthCheck", + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:CreateLoadBalancer", + "elasticloadbalancing:CreateLoadBalancerListeners", + "elasticloadbalancing:CreateLoadBalancerPolicy", + "elasticloadbalancing:CreateTargetGroup", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:DeleteLoadBalancerListeners", + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", + "elasticloadbalancing:DeregisterTargets", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeLoadBalancerPolicies", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth", + "elasticloadbalancing:DetachLoadBalancerFromSubnets", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:RegisterInstancesWithLoadBalancer", + "elasticloadbalancing:RegisterTargets", + "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer", + "elasticloadbalancing:SetLoadBalancerPoliciesOfListener", + "kms:DescribeKey" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"elasticloadbalancing.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-06-15T20:57:05+00:00" + }, + "AmazonEKSConnectorServiceRolePolicy":{ + "CreateDate":"2021-09-04T20:31:08+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ssm:CreateActivation", + "ssm:DescribeInstanceInformation", + "ssm:DeleteActivation" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AccessSSMService" + }, + { + "Action":[ + "ssm:StartSession" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:eks:*:*:cluster/*", + "arn:aws:ssm:*::document/AmazonEKS-ExecuteNonInteractiveCommand" + ], + "Sid":"ConnectorAgentStartSession" + }, + { + "Action":[ + "ssm:DeregisterManagedInstance" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:eks:*:*:cluster/*" + ], + "Sid":"ConnectorAgentDeregister" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "ssm.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"PassAnyRoleToSsm" + }, + { + "Action":"events:PutRule", + "Condition":{ + "StringEquals":{ + "events:ManagedBy":"eks-connector.amazonaws.com", + "events:source":"aws.ssm" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"PutManagedEventRule" + }, + { + "Action":"events:PutTargets", + "Condition":{ + "StringEquals":{ + "events:ManagedBy":"eks-connector.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"PutManagedEventTarget" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-04T20:31:08+00:00" + }, + "AmazonEKSFargatePodExecutionRolePolicy":{ + "CreateDate":"2019-11-22T04:34:29+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ecr:GetAuthorizationToken", + "ecr:BatchCheckLayerAvailability", + "ecr:GetDownloadUrlForLayer", + "ecr:BatchGetImage" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-11-22T04:34:29+00:00" + }, + "AmazonEKSForFargateServiceRolePolicy":{ + "CreateDate":"2019-11-22T04:36:25+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeDhcpOptions", + "ec2:DescribeRouteTables" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-11-22T04:36:25+00:00" + }, + "AmazonEKSServicePolicy":{ + "CreateDate":"2018-05-27T21:08:21+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:DeleteNetworkInterface", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DetachNetworkInterface", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:ModifyNetworkInterfaceAttribute", + "iam:ListAttachedRolePolicies", + "eks:UpdateClusterVersion" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:vpc/*", + "arn:aws:ec2:*:*:subnet/*" + ] + }, + { + "Action":"route53:AssociateVPCWithHostedZone", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"logs:CreateLogGroup", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:DescribeLogStreams" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/eks/*:*" + }, + { + "Action":"logs:PutLogEvents", + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/eks/*:*:*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"eks.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-05-27T19:27:03+00:00" + }, + "AmazonEKSServiceRolePolicy":{ + "CreateDate":"2020-02-21T20:10:47+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DetachNetworkInterface", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:CreateNetworkInterfacePermission", + "iam:ListAttachedRolePolicies", + "ec2:CreateSecurityGroup" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DeleteSecurityGroup", + "ec2:RevokeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupIngress" + ], + "Condition":{ + "ForAnyValue:StringLike":{ + "ec2:ResourceTag/Name":"eks-cluster-sg*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:security-group/*" + }, + { + "Action":[ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition":{ + "ForAnyValue:StringLike":{ + "aws:TagKeys":[ + "kubernetes.io/cluster/*" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:vpc/*", + "arn:aws:ec2:*:*:subnet/*" + ] + }, + { + "Action":[ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition":{ + "ForAnyValue:StringLike":{ + "aws:RequestTag/Name":"eks-cluster-sg*", + "aws:TagKeys":[ + "kubernetes.io/cluster/*" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*" + ] + }, + { + "Action":"route53:AssociateVPCWithHostedZone", + "Effect":"Allow", + "Resource":"arn:aws:route53:::hostedzone/*" + }, + { + "Action":"logs:CreateLogGroup", + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/eks/*" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:DescribeLogStreams" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/eks/*:*" + }, + { + "Action":"logs:PutLogEvents", + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/eks/*:*:*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-05-27T19:30:19+00:00" + }, + "AmazonEKSVPCResourceController":{ + "CreateDate":"2020-08-12T00:55:34+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"ec2:CreateNetworkInterfacePermission", + "Condition":{ + "ForAnyValue:StringEquals":{ + "ec2:ResourceTag/eks:eni:owner":"eks-vpc-resource-controller" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateNetworkInterface", + "ec2:DetachNetworkInterface", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:DeleteNetworkInterface", + "ec2:AttachNetworkInterface", + "ec2:UnassignPrivateIpAddresses", + "ec2:AssignPrivateIpAddresses" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-12T00:55:34+00:00" + }, + "AmazonEKSWorkerNodePolicy":{ + "CreateDate":"2018-05-27T21:09:01+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeInstanceTypes", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVolumes", + "ec2:DescribeVolumesModifications", + "ec2:DescribeVpcs", + "eks:DescribeCluster" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-03-21T22:39:36+00:00" + }, + "AmazonEKS_CNI_Policy":{ + "CreateDate":"2018-05-27T21:07:42+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:AssignPrivateIpAddresses", + "ec2:AttachNetworkInterface", + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeInstances", + "ec2:DescribeTags", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeInstanceTypes", + "ec2:DetachNetworkInterface", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:UnassignPrivateIpAddresses" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-04-20T20:52:01+00:00" + }, + "AmazonEMRCleanupPolicy":{ + "CreateDate":"2017-09-26T23:54:19+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeSpotInstanceRequests", + "ec2:DeleteLaunchTemplate", + "ec2:ModifyInstanceAttribute", + "ec2:TerminateInstances", + "ec2:CancelSpotInstanceRequests", + "ec2:DeleteNetworkInterface", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeVolumeStatus", + "ec2:DescribeVolumes", + "ec2:DetachVolume", + "ec2:DeleteVolume", + "ec2:DescribePlacementGroups", + "ec2:DeletePlacementGroup" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-09-29T21:11:54+00:00" + }, + "AmazonEMRContainersServiceRolePolicy":{ + "CreateDate":"2020-12-09T00:38:19+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "eks:DescribeCluster", + "ec2:DescribeRouteTables", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "elasticloadbalancing:DescribeInstanceHealth", + "elasticloadbalancing:DescribeLoadBalancers" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "acm:ImportCertificate", + "acm:AddTagsToCertificate" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/emr-container:endpoint:managed-certificate":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "acm:DeleteCertificate" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/emr-container:endpoint:managed-certificate":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-12-03T19:55:44+00:00" + }, + "AmazonEMRFullAccessPolicy_v2":{ + "CreateDate":"2021-03-12T01:50:29+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "elasticmapreduce:RunJobFlow" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/for-use-with-amazon-emr-managed-policies":"true" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"RunJobFlowExplicitlyWithEMRManagedTag" + }, + { + "Action":[ + "elasticmapreduce:AddInstanceFleet", + "elasticmapreduce:AddInstanceGroups", + "elasticmapreduce:AddJobFlowSteps", + "elasticmapreduce:AddTags", + "elasticmapreduce:CancelSteps", + "elasticmapreduce:CreateEditor", + "elasticmapreduce:CreateSecurityConfiguration", + "elasticmapreduce:DeleteEditor", + "elasticmapreduce:DeleteSecurityConfiguration", + "elasticmapreduce:DescribeCluster", + "elasticmapreduce:DescribeEditor", + "elasticmapreduce:DescribeJobFlows", + "elasticmapreduce:DescribeSecurityConfiguration", + "elasticmapreduce:DescribeStep", + "elasticmapreduce:DescribeReleaseLabel", + "elasticmapreduce:GetBlockPublicAccessConfiguration", + "elasticmapreduce:GetManagedScalingPolicy", + "elasticmapreduce:GetAutoTerminationPolicy", + "elasticmapreduce:ListBootstrapActions", + "elasticmapreduce:ListClusters", + "elasticmapreduce:ListEditors", + "elasticmapreduce:ListInstanceFleets", + "elasticmapreduce:ListInstanceGroups", + "elasticmapreduce:ListInstances", + "elasticmapreduce:ListSecurityConfigurations", + "elasticmapreduce:ListSteps", + "elasticmapreduce:ModifyCluster", + "elasticmapreduce:ModifyInstanceFleet", + "elasticmapreduce:ModifyInstanceGroups", + "elasticmapreduce:OpenEditorInConsole", + "elasticmapreduce:PutAutoScalingPolicy", + "elasticmapreduce:PutBlockPublicAccessConfiguration", + "elasticmapreduce:PutManagedScalingPolicy", + "elasticmapreduce:RemoveAutoScalingPolicy", + "elasticmapreduce:RemoveManagedScalingPolicy", + "elasticmapreduce:RemoveTags", + "elasticmapreduce:SetTerminationProtection", + "elasticmapreduce:StartEditor", + "elasticmapreduce:StopEditor", + "elasticmapreduce:TerminateJobFlows", + "elasticmapreduce:ViewEventsFromAllClustersInConsole" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ElasticMapReduceActions" + }, + { + "Action":[ + "cloudwatch:GetMetricStatistics" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ViewMetricsInEMRConsole" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":"elasticmapreduce.amazonaws.com*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/EMR_DefaultRole_V2", + "Sid":"PassRoleForElasticMapReduce" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":"ec2.amazonaws.com*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/EMR_EC2_DefaultRole", + "Sid":"PassRoleForEC2" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":"application-autoscaling.amazonaws.com*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/EMR_AutoScaling_DefaultRole", + "Sid":"PassRoleForAutoScaling" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "elasticmapreduce.amazonaws.com", + "elasticmapreduce.amazonaws.com.cn" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/elasticmapreduce.amazonaws.com*/AWSServiceRoleForEMRCleanup*", + "Sid":"ElasticMapReduceServiceLinkedRole" + }, + { + "Action":[ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeImages", + "ec2:DescribeKeyPairs", + "ec2:DescribeNatGateways", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeVpcEndpoints", + "s3:ListAllMyBuckets", + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ConsoleUIActions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-21T22:31:45+00:00" + }, + "AmazonEMRReadOnlyAccessPolicy_v2":{ + "CreateDate":"2021-03-12T01:39:16+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "elasticmapreduce:DescribeCluster", + "elasticmapreduce:DescribeEditor", + "elasticmapreduce:DescribeJobFlows", + "elasticmapreduce:DescribeSecurityConfiguration", + "elasticmapreduce:DescribeStep", + "elasticmapreduce:DescribeReleaseLabel", + "elasticmapreduce:GetBlockPublicAccessConfiguration", + "elasticmapreduce:GetManagedScalingPolicy", + "elasticmapreduce:GetAutoTerminationPolicy", + "elasticmapreduce:ListBootstrapActions", + "elasticmapreduce:ListClusters", + "elasticmapreduce:ListEditors", + "elasticmapreduce:ListInstanceFleets", + "elasticmapreduce:ListInstanceGroups", + "elasticmapreduce:ListInstances", + "elasticmapreduce:ListSecurityConfigurations", + "elasticmapreduce:ListSteps", + "elasticmapreduce:ViewEventsFromAllClustersInConsole" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ElasticMapReduceActions" + }, + { + "Action":[ + "cloudwatch:GetMetricStatistics" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ViewMetricsInEMRConsole" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-21T22:31:26+00:00" + }, + "AmazonEMRServerlessServiceRolePolicy":{ + "CreateDate":"2022-05-20T23:15:42+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeDhcpOptions", + "ec2:DescribeRouteTables" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/EMRServerless" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-20T23:15:42+00:00" + }, + "AmazonEMRServicePolicy_v2":{ + "CreateDate":"2021-03-12T01:11:08+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateNetworkInterface", + "ec2:RunInstances", + "ec2:CreateFleet", + "ec2:CreateLaunchTemplate", + "ec2:CreateLaunchTemplateVersion" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/for-use-with-amazon-emr-managed-policies":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*" + ], + "Sid":"CreateInTaggedNetwork" + }, + { + "Action":[ + "ec2:CreateFleet", + "ec2:RunInstances", + "ec2:CreateLaunchTemplateVersion" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/for-use-with-amazon-emr-managed-policies":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:launch-template/*", + "Sid":"CreateWithEMRTaggedLaunchTemplate" + }, + { + "Action":"ec2:CreateLaunchTemplate", + "Condition":{ + "StringEquals":{ + "aws:RequestTag/for-use-with-amazon-emr-managed-policies":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:launch-template/*", + "Sid":"CreateEMRTaggedLaunchTemplate" + }, + { + "Action":[ + "ec2:RunInstances", + "ec2:CreateFleet" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/for-use-with-amazon-emr-managed-policies":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:volume/*" + ], + "Sid":"CreateEMRTaggedInstancesAndVolumes" + }, + { + "Action":[ + "ec2:RunInstances", + "ec2:CreateFleet", + "ec2:CreateLaunchTemplate", + "ec2:CreateLaunchTemplateVersion" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*::image/ami-*", + "arn:aws:ec2:*:*:key-pair/*", + "arn:aws:ec2:*:*:capacity-reservation/*", + "arn:aws:ec2:*:*:placement-group/EMR_*", + "arn:aws:ec2:*:*:fleet/*", + "arn:aws:ec2:*:*:dedicated-host/*", + "arn:aws:resource-groups:*:*:group/*" + ], + "Sid":"ResourcesToLaunchEC2" + }, + { + "Action":[ + "ec2:CreateLaunchTemplateVersion", + "ec2:DeleteLaunchTemplate", + "ec2:DeleteNetworkInterface", + "ec2:ModifyInstanceAttribute", + "ec2:TerminateInstances" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/for-use-with-amazon-emr-managed-policies":"true" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"ManageEMRTaggedResources" + }, + { + "Action":[ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/for-use-with-amazon-emr-managed-policies":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:launch-template/*" + ], + "Sid":"ManageTagsOnEMRTaggedResources" + }, + { + "Action":[ + "ec2:CreateNetworkInterface" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/for-use-with-amazon-emr-managed-policies":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*" + ], + "Sid":"CreateNetworkInterfaceNeededForPrivateSubnet" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":[ + "RunInstances", + "CreateFleet", + "CreateLaunchTemplate", + "CreateNetworkInterface" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:launch-template/*" + ], + "Sid":"TagOnCreateTaggedEMRResources" + }, + { + "Action":[ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:placement-group/EMR_*" + ], + "Sid":"TagPlacementGroups" + }, + { + "Action":[ + "ec2:DescribeAccountAttributes", + "ec2:DescribeCapacityReservations", + "ec2:DescribeDhcpOptions", + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeNetworkAcls", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribePlacementGroups", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVolumes", + "ec2:DescribeVolumeStatus", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ListActionsForEC2Resources" + }, + { + "Action":[ + "ec2:CreateSecurityGroup" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/for-use-with-amazon-emr-managed-policies":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*" + ], + "Sid":"CreateDefaultSecurityGroupWithEMRTags" + }, + { + "Action":[ + "ec2:CreateSecurityGroup" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/for-use-with-amazon-emr-managed-policies":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:vpc/*" + ], + "Sid":"CreateDefaultSecurityGroupInVPCWithEMRTags" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/for-use-with-amazon-emr-managed-policies":"true", + "ec2:CreateAction":"CreateSecurityGroup" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:security-group/*", + "Sid":"TagOnCreateDefaultSecurityGroupWithEMRTags" + }, + { + "Action":[ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/for-use-with-amazon-emr-managed-policies":"true" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"ManageSecurityGroups" + }, + { + "Action":[ + "ec2:CreatePlacementGroup" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:placement-group/EMR_*", + "Sid":"CreateEMRPlacementGroups" + }, + { + "Action":[ + "ec2:DeletePlacementGroup" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DeletePlacementGroups" + }, + { + "Action":[ + "application-autoscaling:DeleteScalingPolicy", + "application-autoscaling:DeregisterScalableTarget", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:PutScalingPolicy", + "application-autoscaling:RegisterScalableTarget" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AutoScaling" + }, + { + "Action":[ + "resource-groups:ListGroupResources" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ResourceGroupsForCapacityReservations" + }, + { + "Action":[ + "cloudwatch:PutMetricAlarm", + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarms" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudwatch:*:*:alarm:*_EMR_Auto_Scaling", + "Sid":"AutoScalingCloudWatch" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":"application-autoscaling.amazonaws.com*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/EMR_AutoScaling_DefaultRole", + "Sid":"PassRoleForAutoScaling" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":"ec2.amazonaws.com*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/EMR_EC2_DefaultRole", + "Sid":"PassRoleForEC2" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-02-15T16:48:29+00:00" + }, + "AmazonESCognitoAccess":{ + "CreateDate":"2018-02-28T22:29:18+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "cognito-idp:DescribeUserPool", + "cognito-idp:CreateUserPoolClient", + "cognito-idp:DeleteUserPoolClient", + "cognito-idp:UpdateUserPoolClient", + "cognito-idp:DescribeUserPoolClient", + "cognito-idp:AdminInitiateAuth", + "cognito-idp:AdminUserGlobalSignOut", + "cognito-idp:ListUserPoolClients", + "cognito-identity:DescribeIdentityPool", + "cognito-identity:UpdateIdentityPool", + "cognito-identity:SetIdentityPoolRoles", + "cognito-identity:GetIdentityPoolRoles" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":[ + "cognito-identity.amazonaws.com", + "cognito-identity-us-gov.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-12-20T14:04:44+00:00" + }, + "AmazonESFullAccess":{ + "CreateDate":"2015-10-01T19:14:00+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "es:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-10-01T19:14:00+00:00" + }, + "AmazonESReadOnlyAccess":{ + "CreateDate":"2015-10-01T19:18:24+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "es:Describe*", + "es:List*", + "es:Get*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-10-03T03:32:56+00:00" + }, + "AmazonElastiCacheFullAccess":{ + "CreateDate":"2015-02-06T18:40:20+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":"elasticache:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"elasticache.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/elasticache.amazonaws.com/AWSServiceRoleForElastiCache" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-12-07T17:48:26+00:00" + }, + "AmazonElastiCacheReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:40:21+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "elasticache:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:40:21+00:00" + }, + "AmazonElasticContainerRegistryPublicFullAccess":{ + "CreateDate":"2020-12-01T17:25:52+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ecr-public:*", + "sts:GetServiceBearerToken" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-01T17:25:52+00:00" + }, + "AmazonElasticContainerRegistryPublicPowerUser":{ + "CreateDate":"2020-12-01T16:16:54+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ecr-public:GetAuthorizationToken", + "sts:GetServiceBearerToken", + "ecr-public:BatchCheckLayerAvailability", + "ecr-public:GetRepositoryPolicy", + "ecr-public:DescribeRepositories", + "ecr-public:DescribeRegistries", + "ecr-public:DescribeImages", + "ecr-public:DescribeImageTags", + "ecr-public:GetRepositoryCatalogData", + "ecr-public:GetRegistryCatalogData", + "ecr-public:InitiateLayerUpload", + "ecr-public:UploadLayerPart", + "ecr-public:CompleteLayerUpload", + "ecr-public:PutImage" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-01T16:16:54+00:00" + }, + "AmazonElasticContainerRegistryPublicReadOnly":{ + "CreateDate":"2020-12-01T17:27:04+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ecr-public:GetAuthorizationToken", + "sts:GetServiceBearerToken", + "ecr-public:BatchCheckLayerAvailability", + "ecr-public:GetRepositoryPolicy", + "ecr-public:DescribeRepositories", + "ecr-public:DescribeRegistries", + "ecr-public:DescribeImages", + "ecr-public:DescribeImageTags", + "ecr-public:GetRepositoryCatalogData", + "ecr-public:GetRegistryCatalogData" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-01T17:27:04+00:00" + }, + "AmazonElasticFileSystemClientFullAccess":{ + "CreateDate":"2020-01-13T16:27:00+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "elasticfilesystem:ClientMount", + "elasticfilesystem:ClientRootAccess", + "elasticfilesystem:ClientWrite", + "elasticfilesystem:DescribeMountTargets" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-01-13T16:27:00+00:00" + }, + "AmazonElasticFileSystemClientReadOnlyAccess":{ + "CreateDate":"2020-01-13T16:24:36+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "elasticfilesystem:ClientMount", + "elasticfilesystem:DescribeMountTargets" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-01-13T16:24:36+00:00" + }, + "AmazonElasticFileSystemClientReadWriteAccess":{ + "CreateDate":"2020-01-13T16:21:55+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "elasticfilesystem:ClientMount", + "elasticfilesystem:ClientWrite", + "elasticfilesystem:DescribeMountTargets" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-01-13T16:21:55+00:00" + }, + "AmazonElasticFileSystemFullAccess":{ + "CreateDate":"2015-05-27T16:22:28+00:00", + "DefaultVersionId":"v8", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:DescribeAlarmsForMetric", + "cloudwatch:GetMetricData", + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs", + "ec2:ModifyNetworkInterfaceAttribute", + "elasticfilesystem:CreateFileSystem", + "elasticfilesystem:CreateMountTarget", + "elasticfilesystem:CreateTags", + "elasticfilesystem:CreateAccessPoint", + "elasticfilesystem:CreateReplicationConfiguration", + "elasticfilesystem:DeleteFileSystem", + "elasticfilesystem:DeleteMountTarget", + "elasticfilesystem:DeleteTags", + "elasticfilesystem:DeleteAccessPoint", + "elasticfilesystem:DeleteFileSystemPolicy", + "elasticfilesystem:DeleteReplicationConfiguration", + "elasticfilesystem:DescribeAccountPreferences", + "elasticfilesystem:DescribeBackupPolicy", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeFileSystemPolicy", + "elasticfilesystem:DescribeLifecycleConfiguration", + "elasticfilesystem:DescribeMountTargets", + "elasticfilesystem:DescribeMountTargetSecurityGroups", + "elasticfilesystem:DescribeTags", + "elasticfilesystem:DescribeAccessPoints", + "elasticfilesystem:DescribeReplicationConfigurations", + "elasticfilesystem:ModifyMountTargetSecurityGroups", + "elasticfilesystem:PutAccountPreferences", + "elasticfilesystem:PutBackupPolicy", + "elasticfilesystem:PutLifecycleConfiguration", + "elasticfilesystem:PutFileSystemPolicy", + "elasticfilesystem:UpdateFileSystem", + "elasticfilesystem:TagResource", + "elasticfilesystem:UntagResource", + "elasticfilesystem:ListTagsForResource", + "elasticfilesystem:Backup", + "elasticfilesystem:Restore", + "kms:DescribeKey", + "kms:ListAliases" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "elasticfilesystem.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-01-10T19:03:16+00:00" + }, + "AmazonElasticFileSystemReadOnlyAccess":{ + "CreateDate":"2015-05-27T16:25:25+00:00", + "DefaultVersionId":"v7", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:DescribeAlarmsForMetric", + "cloudwatch:GetMetricData", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs", + "elasticfilesystem:DescribeAccountPreferences", + "elasticfilesystem:DescribeBackupPolicy", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeFileSystemPolicy", + "elasticfilesystem:DescribeLifecycleConfiguration", + "elasticfilesystem:DescribeMountTargets", + "elasticfilesystem:DescribeMountTargetSecurityGroups", + "elasticfilesystem:DescribeTags", + "elasticfilesystem:DescribeAccessPoints", + "elasticfilesystem:DescribeReplicationConfigurations", + "elasticfilesystem:ListTagsForResource", + "kms:ListAliases" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-01-10T18:53:37+00:00" + }, + "AmazonElasticFileSystemServiceRolePolicy":{ + "CreateDate":"2019-11-05T16:52:41+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "backup-storage:MountCapsule", + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:ModifyNetworkInterfaceAttribute", + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:DescribeKey" + ], + "Effect":"Allow", + "Resource":"arn:aws:kms:*:*:key/*" + }, + { + "Action":[ + "backup:CreateBackupVault", + "backup:PutBackupVaultAccessPolicy" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:backup:*:*:backup-vault:aws/efs/automatic-backup-vault" + ] + }, + { + "Action":[ + "backup:CreateBackupPlan", + "backup:CreateBackupSelection" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:backup:*:*:backup-plan:*" + ] + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "backup.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":"backup.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/backup.amazonaws.com/AWSServiceRoleForBackup" + ] + }, + { + "Action":[ + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:CreateReplicationConfiguration", + "elasticfilesystem:DescribeReplicationConfigurations", + "elasticfilesystem:DeleteReplicationConfiguration" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-01-10T19:27:33+00:00" + }, + "AmazonElasticFileSystemsUtils":{ + "CreateDate":"2020-09-29T15:16:47+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ssm:DescribeAssociation", + "ssm:GetDeployablePatchSnapshotForInstance", + "ssm:GetDocument", + "ssm:DescribeDocument", + "ssm:GetManifest", + "ssm:GetParameter", + "ssm:GetParameters", + "ssm:ListAssociations", + "ssm:ListInstanceAssociations", + "ssm:PutInventory", + "ssm:PutComplianceItems", + "ssm:PutConfigurePackageResult", + "ssm:UpdateAssociationStatus", + "ssm:UpdateInstanceAssociationStatus", + "ssm:UpdateInstanceInformation" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2messages:AcknowledgeMessage", + "ec2messages:DeleteMessage", + "ec2messages:FailMessage", + "ec2messages:GetEndpoint", + "ec2messages:GetMessages", + "ec2messages:SendReply" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "elasticfilesystem:DescribeMountTargets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeAvailabilityZones" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:PutLogEvents", + "logs:DescribeLogStreams", + "logs:DescribeLogGroups", + "logs:CreateLogStream", + "logs:CreateLogGroup", + "logs:PutRetentionPolicy" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-09-29T15:16:47+00:00" + }, + "AmazonElasticMapReduceEditorsRole":{ + "CreateDate":"2018-11-16T21:55:25+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateSecurityGroup", + "ec2:DescribeSecurityGroups", + "ec2:RevokeSecurityGroupEgress", + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:DeleteNetworkInterface", + "ec2:DeleteNetworkInterfacePermission", + "ec2:DescribeNetworkInterfaces", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:DescribeTags", + "ec2:DescribeInstances", + "ec2:DescribeSubnets", + "elasticmapreduce:ListInstances", + "elasticmapreduce:DescribeCluster" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "aws:elasticmapreduce:editor-id", + "aws:elasticmapreduce:job-flow-id" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-11-16T21:55:25+00:00" + }, + "AmazonElasticMapReduceFullAccess":{ + "CreateDate":"2015-02-06T18:40:22+00:00", + "DefaultVersionId":"v7", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:*", + "cloudformation:CreateStack", + "cloudformation:DescribeStackEvents", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:CancelSpotInstanceRequests", + "ec2:CreateRoute", + "ec2:CreateSecurityGroup", + "ec2:CreateTags", + "ec2:DeleteRoute", + "ec2:DeleteTags", + "ec2:DeleteSecurityGroup", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeAccountAttributes", + "ec2:DescribeInstances", + "ec2:DescribeKeyPairs", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSpotInstanceRequests", + "ec2:DescribeSpotPriceHistory", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs", + "ec2:DescribeRouteTables", + "ec2:DescribeNetworkAcls", + "ec2:CreateVpcEndpoint", + "ec2:ModifyImageAttribute", + "ec2:ModifyInstanceAttribute", + "ec2:RequestSpotInstances", + "ec2:RevokeSecurityGroupEgress", + "ec2:RunInstances", + "ec2:TerminateInstances", + "elasticmapreduce:*", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:ListRoles", + "iam:PassRole", + "kms:List*", + "s3:*", + "sdb:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":[ + "elasticmapreduce.amazonaws.com", + "elasticmapreduce.amazonaws.com.cn" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-10-11T15:19:30+00:00" + }, + "AmazonElasticMapReducePlacementGroupPolicy":{ + "CreateDate":"2020-09-29T00:37:08+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DeletePlacementGroup", + "ec2:DescribePlacementGroups" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreatePlacementGroup" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:placement-group/EMR_*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-09-29T00:37:08+00:00" + }, + "AmazonElasticMapReduceReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:40:23+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "elasticmapreduce:Describe*", + "elasticmapreduce:List*", + "elasticmapreduce:GetBlockPublicAccessConfiguration", + "elasticmapreduce:ViewEventsFromAllClustersInConsole", + "s3:GetObject", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "sdb:Select", + "cloudwatch:GetMetricStatistics" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-07-29T23:14:09+00:00" + }, + "AmazonElasticMapReduceRole":{ + "CreateDate":"2015-02-06T18:41:20+00:00", + "DefaultVersionId":"v10", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CancelSpotInstanceRequests", + "ec2:CreateFleet", + "ec2:CreateLaunchTemplate", + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup", + "ec2:CreateTags", + "ec2:DeleteLaunchTemplate", + "ec2:DeleteNetworkInterface", + "ec2:DeleteSecurityGroup", + "ec2:DeleteTags", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeAccountAttributes", + "ec2:DescribeDhcpOptions", + "ec2:DescribeImages", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstances", + "ec2:DescribeKeyPairs", + "ec2:DescribeLaunchTemplates", + "ec2:DescribeNetworkAcls", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribePrefixLists", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSpotInstanceRequests", + "ec2:DescribeSpotPriceHistory", + "ec2:DescribeSubnets", + "ec2:DescribeTags", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcEndpointServices", + "ec2:DescribeVpcs", + "ec2:DetachNetworkInterface", + "ec2:ModifyImageAttribute", + "ec2:ModifyInstanceAttribute", + "ec2:RequestSpotInstances", + "ec2:RevokeSecurityGroupEgress", + "ec2:RunInstances", + "ec2:TerminateInstances", + "ec2:DeleteVolume", + "ec2:DescribeVolumeStatus", + "ec2:DescribeVolumes", + "ec2:DetachVolume", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:ListInstanceProfiles", + "iam:ListRolePolicies", + "iam:PassRole", + "s3:CreateBucket", + "s3:Get*", + "s3:List*", + "sdb:BatchPutAttributes", + "sdb:Select", + "sqs:CreateQueue", + "sqs:Delete*", + "sqs:GetQueue*", + "sqs:PurgeQueue", + "sqs:ReceiveMessage", + "cloudwatch:PutMetricAlarm", + "cloudwatch:DescribeAlarms", + "cloudwatch:DeleteAlarms", + "application-autoscaling:RegisterScalableTarget", + "application-autoscaling:DeregisterScalableTarget", + "application-autoscaling:PutScalingPolicy", + "application-autoscaling:DeleteScalingPolicy", + "application-autoscaling:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"spot.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-24T22:24:20+00:00" + }, + "AmazonElasticMapReduceforAutoScalingRole":{ + "CreateDate":"2016-11-18T01:09:10+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:DescribeAlarms", + "elasticmapreduce:ListInstanceGroups", + "elasticmapreduce:ModifyInstanceGroups" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-11-18T01:09:10+00:00" + }, + "AmazonElasticMapReduceforEC2Role":{ + "CreateDate":"2015-02-06T18:41:21+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:*", + "dynamodb:*", + "ec2:Describe*", + "elasticmapreduce:Describe*", + "elasticmapreduce:ListBootstrapActions", + "elasticmapreduce:ListClusters", + "elasticmapreduce:ListInstanceGroups", + "elasticmapreduce:ListInstances", + "elasticmapreduce:ListSteps", + "kinesis:CreateStream", + "kinesis:DeleteStream", + "kinesis:DescribeStream", + "kinesis:GetRecords", + "kinesis:GetShardIterator", + "kinesis:MergeShards", + "kinesis:PutRecord", + "kinesis:SplitShard", + "rds:Describe*", + "s3:*", + "sdb:*", + "sns:*", + "sqs:*", + "glue:CreateDatabase", + "glue:UpdateDatabase", + "glue:DeleteDatabase", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:CreateTable", + "glue:UpdateTable", + "glue:DeleteTable", + "glue:GetTable", + "glue:GetTables", + "glue:GetTableVersions", + "glue:CreatePartition", + "glue:BatchCreatePartition", + "glue:UpdatePartition", + "glue:DeletePartition", + "glue:BatchDeletePartition", + "glue:GetPartition", + "glue:GetPartitions", + "glue:BatchGetPartition", + "glue:CreateUserDefinedFunction", + "glue:UpdateUserDefinedFunction", + "glue:DeleteUserDefinedFunction", + "glue:GetUserDefinedFunction", + "glue:GetUserDefinedFunctions" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-08-11T23:57:30+00:00" + }, + "AmazonElasticTranscoderRole":{ + "CreateDate":"2015-02-06T18:41:26+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:ListBucket", + "s3:Get*", + "s3:PutObject", + "s3:PutObjectAcl", + "s3:*MultipartUpload*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"1" + }, + { + "Action":[ + "sns:Publish" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"2" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-13T22:48:22+00:00" + }, + "AmazonElasticTranscoder_FullAccess":{ + "CreateDate":"2018-04-27T18:59:35+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "elastictranscoder:*", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "iam:ListRoles", + "sns:ListTopics" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":[ + "elastictranscoder.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-10T22:51:51+00:00" + }, + "AmazonElasticTranscoder_JobsSubmitter":{ + "CreateDate":"2018-06-07T21:12:16+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "elastictranscoder:Read*", + "elastictranscoder:List*", + "elastictranscoder:*Job", + "elastictranscoder:*Preset", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "iam:ListRoles", + "sns:ListTopics" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-10T22:49:34+00:00" + }, + "AmazonElasticTranscoder_ReadOnlyAccess":{ + "CreateDate":"2018-06-07T21:09:56+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "elastictranscoder:Read*", + "elastictranscoder:List*", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "iam:ListRoles", + "sns:ListTopics" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-10T22:48:32+00:00" + }, + "AmazonElasticsearchServiceRolePolicy":{ + "CreateDate":"2017-07-07T00:15:31+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Stmt1480452973134" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-31T10:30:23+00:00" + }, + "AmazonEventBridgeApiDestinationsServiceRolePolicy":{ + "CreateDate":"2021-02-11T20:52:05+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "secretsmanager:CreateSecret", + "secretsmanager:UpdateSecret", + "secretsmanager:DescribeSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:PutSecretValue" + ], + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:events!connection/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-02-11T20:52:05+00:00" + }, + "AmazonEventBridgeFullAccess":{ + "CreateDate":"2019-07-11T14:08:55+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":"events:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"apidestinations.events.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/AmazonEventBridgeApiDestinationsServiceRolePolicy" + }, + { + "Action":[ + "secretsmanager:CreateSecret", + "secretsmanager:UpdateSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:PutSecretValue" + ], + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:events!*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":"events.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-03-04T18:56:38+00:00" + }, + "AmazonEventBridgeReadOnlyAccess":{ + "CreateDate":"2019-07-11T13:59:07+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "events:DescribeRule", + "events:DescribeEventBus", + "events:DescribeEventSource", + "events:ListEventBuses", + "events:ListEventSources", + "events:ListRuleNamesByTarget", + "events:ListRules", + "events:ListTargetsByRule", + "events:TestEventPattern", + "events:DescribeArchive", + "events:ListArchives", + "events:DescribeReplay", + "events:ListReplays", + "events:DescribeConnection", + "events:ListConnections", + "events:DescribeApiDestination", + "events:ListApiDestinations", + "events:DescribeEndpoint", + "events:ListEndpoints" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-08T20:42:18+00:00" + }, + "AmazonEventBridgeSchemasFullAccess":{ + "CreateDate":"2019-11-28T23:12:53+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "schemas:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonEventBridgeSchemasFullAccess" + }, + { + "Action":[ + "events:PutRule", + "events:PutTargets", + "events:EnableRule", + "events:DisableRule", + "events:DeleteRule", + "events:RemoveTargets", + "events:ListTargetsByRule" + ], + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/*Schemas*", + "Sid":"AmazonEventBridgeManageRule" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/schemas.amazonaws.com/AWSServiceRoleForSchemas", + "Sid":"IAMCreateServiceLinkedRoleForAmazonEventBridgeSchemas" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-11-28T23:12:53+00:00" + }, + "AmazonEventBridgeSchemasReadOnlyAccess":{ + "CreateDate":"2019-11-28T23:05:57+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "schemas:ListDiscoverers", + "schemas:DescribeDiscoverer", + "schemas:ListRegistries", + "schemas:DescribeRegistry", + "schemas:SearchSchemas", + "schemas:ListSchemas", + "schemas:ListSchemaVersions", + "schemas:DescribeSchema", + "schemas:GetDiscoveredSchema", + "schemas:DescribeCodeBinding", + "schemas:GetCodeBindingSource", + "schemas:ListTagsForResource", + "schemas:GetResourcePolicy" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonEventBridgeSchemasReadOnlyAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-05-01T00:50:53+00:00" + }, + "AmazonEventBridgeSchemasServiceRolePolicy":{ + "CreateDate":"2019-11-27T01:10:40+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "events:PutRule", + "events:PutTargets", + "events:EnableRule", + "events:DisableRule", + "events:DeleteRule", + "events:RemoveTargets", + "events:ListTargetsByRule" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:events:*:*:rule/*Schemas-*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-11-27T01:10:40+00:00" + }, + "AmazonFISServiceRolePolicy":{ + "CreateDate":"2020-12-21T21:18:19+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "events:PutRule", + "events:DeleteRule", + "events:PutTargets", + "events:RemoveTargets" + ], + "Condition":{ + "StringEquals":{ + "events:ManagedBy":"fis.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"EventBridge" + }, + { + "Action":[ + "events:DescribeRule" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"EventBridgeDescribe" + }, + { + "Action":[ + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Tagging" + }, + { + "Action":[ + "cloudwatch:DescribeAlarms", + "cloudwatch:DescribeAlarmHistory" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudWatch" + }, + { + "Action":[ + "ec2:DescribeInstances", + "iam:GetUser", + "iam:GetRole", + "iam:ListUsers", + "iam:ListRoles", + "rds:DescribeDBClusters", + "rds:DescribeDBInstances", + "ecs:DescribeClusters", + "ecs:DescribeTasks", + "ecs:ListTasks", + "eks:DescribeNodegroup" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DescribeUserResources" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-02-07T11:13:04+00:00" + }, + "AmazonFSxConsoleFullAccess":{ + "CreateDate":"2018-11-28T16:36:05+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:DescribeAlarms", + "ds:DescribeDirectories", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "firehose:ListDeliveryStreams", + "fsx:*", + "kms:ListAliases", + "logs:DescribeLogGroups", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "fsx.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "s3.data-source.lustre.fsx.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "fsx.amazonaws.com" + ] + }, + "StringEquals":{ + "aws:RequestTag/AmazonFSx":"ManagedByAmazonFSx" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:route-table/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-26T13:18:46+00:00" + }, + "AmazonFSxConsoleReadOnlyAccess":{ + "CreateDate":"2018-11-28T16:35:24+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:DescribeAlarms", + "ds:DescribeDirectories", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "firehose:ListDeliveryStreams", + "fsx:Describe*", + "fsx:ListTagsForResource", + "kms:DescribeKey", + "logs:DescribeLogGroups" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-06-08T12:21:09+00:00" + }, + "AmazonFSxFullAccess":{ + "CreateDate":"2018-11-28T16:34:43+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "ds:DescribeDirectories", + "fsx:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "fsx.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "s3.data-source.lustre.fsx.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/fsx/*:log-group:*" + ] + }, + { + "Action":[ + "firehose:PutRecord" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:firehose:*:*:deliverystream/aws-fsx-*" + ] + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "fsx.amazonaws.com" + ] + }, + "StringEquals":{ + "aws:RequestTag/AmazonFSx":"ManagedByAmazonFSx" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:route-table/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-26T13:17:29+00:00" + }, + "AmazonFSxReadOnlyAccess":{ + "CreateDate":"2018-11-28T16:33:32+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "fsx:Describe*", + "fsx:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-11-28T16:33:32+00:00" + }, + "AmazonFSxServiceRolePolicy":{ + "CreateDate":"2018-11-28T10:38:37+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:PutMetricData", + "ds:AuthorizeApplication", + "ds:GetAuthorizedApplicationDetails", + "ds:UnauthorizeApplication", + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:DeleteNetworkInterface", + "ec2:DescribeAddresses", + "ec2:DescribeDhcpOptions", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DisassociateAddress", + "route53:AssociateVPCWithHostedZone" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"AmazonFSx.FileSystemId" + }, + "StringEquals":{ + "ec2:CreateAction":"CreateNetworkInterface" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*" + ] + }, + { + "Action":[ + "ec2:AssignPrivateIpAddresses", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:UnassignPrivateIpAddresses" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AmazonFSx.FileSystemId":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*" + ] + }, + { + "Action":[ + "ec2:CreateRoute", + "ec2:ReplaceRoute", + "ec2:DeleteRoute" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/AmazonFSx":"ManagedByAmazonFSx" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:route-table/*" + ] + }, + { + "Action":[ + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/fsx/*" + }, + { + "Action":[ + "firehose:DescribeDeliveryStream", + "firehose:PutRecord", + "firehose:PutRecordBatch" + ], + "Effect":"Allow", + "Resource":"arn:aws:firehose:*:*:deliverystream/aws-fsx-*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-20T12:51:29+00:00" + }, + "AmazonForecastFullAccess":{ + "CreateDate":"2019-01-18T01:52:29+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "forecast:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"forecast.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-01-18T01:52:29+00:00" + }, + "AmazonFraudDetectorFullAccessPolicy":{ + "CreateDate":"2019-12-03T22:46:26+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "frauddetector:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sagemaker:ListEndpoints", + "sagemaker:DescribeEndpoint" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:ListAllMyBuckets", + "s3:GetBucketLocation" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"frauddetector.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-12-03T22:46:26+00:00" + }, + "AmazonFreeRTOSFullAccess":{ + "CreateDate":"2017-11-29T15:32:51+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "freertos:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-11-29T15:32:51+00:00" + }, + "AmazonFreeRTOSOTAUpdate":{ + "CreateDate":"2018-08-27T22:43:07+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:GetObjectVersion", + "s3:PutObject", + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::afr-ota*" + }, + { + "Action":[ + "signer:StartSigningJob", + "signer:DescribeSigningJob", + "signer:GetSigningProfile", + "signer:PutSigningProfile" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:ListBucketVersions", + "s3:ListBucket", + "s3:ListAllMyBuckets", + "s3:GetBucketLocation" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iot:DeleteJob", + "iot:DescribeJob" + ], + "Effect":"Allow", + "Resource":"arn:aws:iot:*:*:job/AFR_OTA*" + }, + { + "Action":[ + "iot:DeleteStream" + ], + "Effect":"Allow", + "Resource":"arn:aws:iot:*:*:stream/AFR_OTA*" + }, + { + "Action":[ + "iot:CreateStream", + "iot:CreateJob" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-18T17:47:30+00:00" + }, + "AmazonGlacierFullAccess":{ + "CreateDate":"2015-02-06T18:40:28+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"glacier:*", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:40:28+00:00" + }, + "AmazonGlacierReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:40:27+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "glacier:DescribeJob", + "glacier:DescribeVault", + "glacier:GetDataRetrievalPolicy", + "glacier:GetJobOutput", + "glacier:GetVaultAccessPolicy", + "glacier:GetVaultLock", + "glacier:GetVaultNotifications", + "glacier:ListJobs", + "glacier:ListMultipartUploads", + "glacier:ListParts", + "glacier:ListTagsForVault", + "glacier:ListVaults" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-05-05T18:46:10+00:00" + }, + "AmazonGrafanaAthenaAccess":{ + "CreateDate":"2021-11-22T17:11:11+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "athena:GetDatabase", + "athena:GetDataCatalog", + "athena:GetTableMetadata", + "athena:ListDatabases", + "athena:ListDataCatalogs", + "athena:ListTableMetadata", + "athena:ListWorkGroups" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "athena:GetQueryExecution", + "athena:GetQueryResults", + "athena:GetWorkGroup", + "athena:StartQueryExecution", + "athena:StopQueryExecution" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/GrafanaDataSource":"false" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "glue:GetDatabase", + "glue:GetDatabases", + "glue:GetTable", + "glue:GetTables", + "glue:GetPartition", + "glue:GetPartitions", + "glue:BatchGetPartition" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "s3:GetBucketLocation", + "s3:GetObject", + "s3:ListBucket", + "s3:ListBucketMultipartUploads", + "s3:ListMultipartUploadParts", + "s3:AbortMultipartUpload", + "s3:CreateBucket", + "s3:PutObject", + "s3:PutBucketPublicAccessBlock" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::grafana-athena-query-results-*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-22T17:11:11+00:00" + }, + "AmazonGrafanaRedshiftAccess":{ + "CreateDate":"2021-11-26T23:15:15+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "redshift:DescribeClusters", + "redshift-data:GetStatementResult", + "redshift-data:DescribeStatement", + "secretsmanager:ListSecrets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "redshift-data:DescribeTable", + "redshift-data:ExecuteStatement", + "redshift-data:ListTables", + "redshift-data:ListSchemas" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/GrafanaDataSource":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"redshift:GetClusterCredentials", + "Effect":"Allow", + "Resource":[ + "arn:aws:redshift:*:*:dbname:*/*", + "arn:aws:redshift:*:*:dbuser:*/redshift_data_api_user" + ] + }, + { + "Action":[ + "secretsmanager:GetSecretValue" + ], + "Condition":{ + "Null":{ + "secretsmanager:ResourceTag/RedshiftQueryOwner":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-26T23:15:15+00:00" + }, + "AmazonGuardDutyFullAccess":{ + "CreateDate":"2017-11-28T22:31:30+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":"guardduty:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"guardduty.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "organizations:EnableAWSServiceAccess", + "organizations:RegisterDelegatedAdministrator", + "organizations:ListDelegatedAdministrators", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:DescribeOrganizationalUnit", + "organizations:DescribeAccount", + "organizations:DescribeOrganization" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-02-16T23:39:53+00:00" + }, + "AmazonGuardDutyReadOnlyAccess":{ + "CreateDate":"2017-11-28T22:29:40+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "guardduty:Describe*", + "guardduty:Get*", + "guardduty:List*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "organizations:ListDelegatedAdministrators", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:DescribeOrganizationalUnit", + "organizations:DescribeAccount", + "organizations:DescribeOrganization" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-02-16T23:37:57+00:00" + }, + "AmazonGuardDutyServiceRolePolicy":{ + "CreateDate":"2017-11-28T20:12:59+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeImages", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeSubnets", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeTransitGatewayAttachments", + "organizations:ListAccounts", + "organizations:DescribeAccount", + "s3:GetBucketPublicAccessBlock", + "s3:GetEncryptionConfiguration", + "s3:GetBucketTagging", + "s3:GetAccountPublicAccessBlock", + "s3:ListAllMyBuckets", + "s3:GetBucketAcl", + "s3:GetBucketPolicy", + "s3:GetBucketPolicyStatus" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-03T23:14:07+00:00" + }, + "AmazonHealthLakeFullAccess":{ + "CreateDate":"2021-02-17T01:07:05+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "healthlake:*", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:GetBucketLocation", + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"healthlake.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-02-17T01:07:05+00:00" + }, + "AmazonHealthLakeReadOnlyAccess":{ + "CreateDate":"2021-02-17T02:43:31+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "healthlake:ListFHIRDatastores", + "healthlake:DescribeFHIRDatastore", + "healthlake:DescribeFHIRImportJob", + "healthlake:DescribeFHIRExportJob", + "healthlake:GetCapabilities", + "healthlake:ReadResource", + "healthlake:SearchWithGet", + "healthlake:SearchWithPost" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-02-17T02:43:31+00:00" + }, + "AmazonHoneycodeFullAccess":{ + "CreateDate":"2020-06-24T20:28:11+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "honeycode:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-24T20:28:11+00:00" + }, + "AmazonHoneycodeReadOnlyAccess":{ + "CreateDate":"2020-06-24T20:28:16+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "honeycode:List*", + "honeycode:Get*", + "honeycode:Describe*", + "honeycode:Query*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-01T17:27:53+00:00" + }, + "AmazonHoneycodeServiceRolePolicy":{ + "CreateDate":"2020-11-18T18:03:08+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sso:GetManagedApplicationInstance" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-11-18T18:03:08+00:00" + }, + "AmazonHoneycodeTeamAssociationFullAccess":{ + "CreateDate":"2020-06-24T20:28:27+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "honeycode:ListTeamAssociations", + "honeycode:ApproveTeamAssociation", + "honeycode:RejectTeamAssociation" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-24T20:28:27+00:00" + }, + "AmazonHoneycodeTeamAssociationReadOnlyAccess":{ + "CreateDate":"2020-06-24T20:27:46+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "honeycode:ListTeamAssociations" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-24T20:27:46+00:00" + }, + "AmazonHoneycodeWorkbookFullAccess":{ + "CreateDate":"2020-06-24T20:28:46+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "honeycode:GetScreenData", + "honeycode:InvokeScreenAutomation", + "honeycode:BatchCreateTableRows", + "honeycode:BatchDeleteTableRows", + "honeycode:BatchUpdateTableRows", + "honeycode:BatchUpsertTableRows", + "honeycode:DescribeTableDataImportJob", + "honeycode:ListTableColumns", + "honeycode:ListTableRows", + "honeycode:ListTables", + "honeycode:QueryTableRows", + "honeycode:StartTableDataImportJob" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-01T17:30:06+00:00" + }, + "AmazonHoneycodeWorkbookReadOnlyAccess":{ + "CreateDate":"2020-06-24T20:28:07+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "honeycode:GetScreenData", + "honeycode:DescribeTableDataImportJob", + "honeycode:ListTableColumns", + "honeycode:ListTableRows", + "honeycode:ListTables", + "honeycode:QueryTableRows" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-01T17:32:49+00:00" + }, + "AmazonInspector2FullAccess":{ + "CreateDate":"2021-11-29T19:10:15+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"inspector2:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"inspector2.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "organizations:EnableAWSServiceAccess", + "organizations:RegisterDelegatedAdministrator", + "organizations:ListDelegatedAdministrators", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:DescribeOrganizationalUnit", + "organizations:DescribeAccount", + "organizations:DescribeOrganization" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-29T19:10:15+00:00" + }, + "AmazonInspector2ReadOnlyAccess":{ + "CreateDate":"2022-01-21T14:45:14+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "organizations:ListDelegatedAdministrators", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:DescribeOrganizationalUnit", + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "inspector2:ListAccountPermissions", + "inspector2:ListMembers", + "inspector2:ListFilters", + "inspector2:DescribeOrganizationConfiguration", + "inspector2:GetMember", + "inspector2:BatchGetFreeTrialInfo", + "inspector2:ListUsageTotals", + "inspector2:ListCoverageStatistics", + "inspector2:BatchGetAccountStatus", + "inspector2:ListFindings", + "inspector2:ListFindingAggregations", + "inspector2:ListCoverage", + "inspector2:GetDelegatedAdminAccount", + "inspector2:GetFindingsReportStatus", + "inspector2:ListDelegatedAdminAccounts", + "inspector2:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-01-21T14:45:14+00:00" + }, + "AmazonInspector2ServiceRolePolicy":{ + "CreateDate":"2021-11-16T20:27:48+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "directconnect:DescribeConnections", + "directconnect:DescribeDirectConnectGatewayAssociations", + "directconnect:DescribeDirectConnectGatewayAttachments", + "directconnect:DescribeDirectConnectGateways", + "directconnect:DescribeVirtualGateways", + "directconnect:DescribeVirtualInterfaces", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeCustomerGateways", + "ec2:DescribeInstances", + "ec2:DescribeInternetGateways", + "ec2:DescribeManagedPrefixLists", + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkAcls", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribePrefixLists", + "ec2:DescribeRegions", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeTransitGatewayAttachments", + "ec2:DescribeTransitGatewayConnects", + "ec2:DescribeTransitGatewayPeeringAttachments", + "ec2:DescribeTransitGatewayRouteTables", + "ec2:DescribeTransitGatewayVpcAttachments", + "ec2:DescribeTransitGateways", + "ec2:DescribeVpcEndpointServiceConfigurations", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeVpcs", + "ec2:DescribeVpnConnections", + "ec2:DescribeVpnGateways", + "ec2:GetManagedPrefixListEntries", + "ec2:GetTransitGatewayRouteTablePropagations", + "ec2:SearchTransitGatewayRoutes", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth", + "network-firewall:DescribeFirewall", + "network-firewall:DescribeFirewallPolicy", + "network-firewall:DescribeResourcePolicy", + "network-firewall:DescribeRuleGroup", + "network-firewall:ListFirewallPolicies", + "network-firewall:ListFirewalls", + "network-firewall:ListRuleGroups", + "tiros:CreateQuery", + "tiros:GetQueryAnswer" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"TirosPolicy" + }, + { + "Action":[ + "ecr:BatchGetImage", + "ecr:BatchGetRepositoryScanningConfiguration", + "ecr:DescribeImages", + "ecr:DescribeRegistry", + "ecr:DescribeRepositories", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer", + "ecr:GetRegistryScanningConfiguration", + "ecr:ListImages", + "ecr:PutRegistryScanningConfiguration", + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:ListAccounts", + "ssm:DescribeAssociation", + "ssm:DescribeInstanceInformation", + "ssm:ListAssociations", + "ssm:ListResourceDataSync", + "ssm:StartAssociationsOnce", + "ssm:DeleteAssociation", + "ssm:UpdateAssociation" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"PackageVulnerabilityScanning" + }, + { + "Action":[ + "ssm:CreateAssociation" + ], + "Effect":"Allow", + "Resource":[ + "arn:*:ec2:*:*:instance/*", + "arn:aws:ssm:*:*:document/AWS-GatherSoftwareInventory", + "arn:*:ssm:*:*:managed-instance/*" + ], + "Sid":"GatherInventory" + }, + { + "Action":[ + "ssm:CreateResourceDataSync", + "ssm:DeleteResourceDataSync" + ], + "Effect":"Allow", + "Resource":[ + "arn:*:ssm:*:*:resource-data-sync/InspectorResourceDataSync-do-not-delete" + ], + "Sid":"DataSyncCleanup" + }, + { + "Action":[ + "events:PutRule", + "events:DeleteRule", + "events:DescribeRule", + "events:ListTargetsByRule", + "events:PutTargets", + "events:RemoveTargets" + ], + "Effect":"Allow", + "Resource":[ + "arn:*:events:*:*:rule/DO-NOT-DELETE-AmazonInspector*ManagedRule" + ], + "Sid":"ManagedRules" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-16T20:27:48+00:00" + }, + "AmazonInspectorFullAccess":{ + "CreateDate":"2015-10-07T17:08:04+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "inspector:*", + "ec2:DescribeInstances", + "ec2:DescribeTags", + "sns:ListTopics", + "events:DescribeRule", + "events:ListRuleNamesByTarget" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "inspector.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"inspector.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/inspector.amazonaws.com/AWSServiceRoleForAmazonInspector" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-12-21T14:53:31+00:00" + }, + "AmazonInspectorReadOnlyAccess":{ + "CreateDate":"2015-10-07T17:08:01+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "inspector:Describe*", + "inspector:Get*", + "inspector:List*", + "inspector:Preview*", + "ec2:DescribeInstances", + "ec2:DescribeTags", + "sns:ListTopics", + "events:DescribeRule", + "events:ListRuleNamesByTarget" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-10-01T15:17:54+00:00" + }, + "AmazonInspectorServiceRolePolicy":{ + "CreateDate":"2017-11-21T15:48:27+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "directconnect:DescribeConnections", + "directconnect:DescribeDirectConnectGateways", + "directconnect:DescribeDirectConnectGatewayAssociations", + "directconnect:DescribeDirectConnectGatewayAttachments", + "directconnect:DescribeVirtualGateways", + "directconnect:DescribeVirtualInterfaces", + "directconnect:DescribeTags", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeCustomerGateways", + "ec2:DescribeInstances", + "ec2:DescribeTags", + "ec2:DescribeInternetGateways", + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkAcls", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribePrefixLists", + "ec2:DescribeRegions", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeVpcs", + "ec2:DescribeVpnConnections", + "ec2:DescribeVpnGateways", + "ec2:DescribeManagedPrefixLists", + "ec2:GetManagedPrefixListEntries", + "ec2:DescribeVpcEndpointServiceConfigurations", + "ec2:DescribeTransitGateways", + "ec2:DescribeTransitGatewayAttachments", + "ec2:DescribeTransitGatewayVpcAttachments", + "ec2:DescribeTransitGatewayRouteTables", + "ec2:SearchTransitGatewayRoutes", + "ec2:DescribeTransitGatewayPeeringAttachments", + "ec2:GetTransitGatewayRouteTablePropagations", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeRules", + "elasticloadbalancing:DescribeTags", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-09-11T17:12:02+00:00" + }, + "AmazonKendraFullAccess":{ + "CreateDate":"2019-12-03T16:15:37+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"kendra.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeSecurityGroups", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:ListKeys", + "kms:ListAliases", + "kms:DescribeKey" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:ListAllMyBuckets", + "s3:GetBucketLocation" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "secretsmanager:ListSecrets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:GetMetricData" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "secretsmanager:CreateSecret", + "secretsmanager:DescribeSecret" + ], + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:AmazonKendra-*" + }, + { + "Action":"kendra:*", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-12-03T16:15:37+00:00" + }, + "AmazonKendraReadOnlyAccess":{ + "CreateDate":"2019-12-03T16:13:45+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "kendra:Describe*", + "kendra:List*", + "kendra:Query", + "kendra:GetQuerySuggestions" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-05-27T17:01:20+00:00" + }, + "AmazonKeyspacesFullAccess":{ + "CreateDate":"2020-04-23T17:06:37+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "cassandra:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "application-autoscaling:DeleteScalingPolicy", + "application-autoscaling:DeleteScheduledAction", + "application-autoscaling:DeregisterScalableTarget", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingActivities", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:DescribeScheduledActions", + "application-autoscaling:PutScheduledAction", + "application-autoscaling:PutScalingPolicy", + "application-autoscaling:RegisterScalableTarget", + "kms:DescribeKey", + "kms:ListAliases" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarms", + "cloudwatch:PutMetricAlarm" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"cassandra.application-autoscaling.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/cassandra.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_CassandraTable" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-06-01T19:31:39+00:00" + }, + "AmazonKeyspacesReadOnlyAccess":{ + "CreateDate":"2020-04-23T17:07:14+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "cassandra:Select" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingActivities", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:DescribeScheduledActions", + "cloudwatch:DescribeAlarms", + "kms:DescribeKey", + "kms:ListAliases" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-06-01T19:32:47+00:00" + }, + "AmazonKinesisAnalyticsFullAccess":{ + "CreateDate":"2016-09-21T19:01:14+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"kinesisanalytics:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kinesis:CreateStream", + "kinesis:DeleteStream", + "kinesis:DescribeStream", + "kinesis:ListStreams", + "kinesis:PutRecord", + "kinesis:PutRecords" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "firehose:DescribeDeliveryStream", + "firehose:ListDeliveryStreams" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"logs:GetLogEvents", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:ListPolicyVersions", + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/service-role/kinesis-analytics*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-09-21T19:01:14+00:00" + }, + "AmazonKinesisAnalyticsReadOnly":{ + "CreateDate":"2016-09-21T18:16:43+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "kinesisanalytics:Describe*", + "kinesisanalytics:Get*", + "kinesisanalytics:List*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kinesis:DescribeStream", + "kinesis:ListStreams" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "firehose:DescribeDeliveryStream", + "firehose:ListDeliveryStreams" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"logs:GetLogEvents", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:ListPolicyVersions", + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-09-21T18:16:43+00:00" + }, + "AmazonKinesisFirehoseFullAccess":{ + "CreateDate":"2015-10-07T18:45:26+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "firehose:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-10-07T18:45:26+00:00" + }, + "AmazonKinesisFirehoseReadOnlyAccess":{ + "CreateDate":"2015-10-07T18:43:39+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "firehose:Describe*", + "firehose:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-10-07T18:43:39+00:00" + }, + "AmazonKinesisFullAccess":{ + "CreateDate":"2015-02-06T18:40:29+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"kinesis:*", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:40:29+00:00" + }, + "AmazonKinesisReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:40:30+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "kinesis:Get*", + "kinesis:List*", + "kinesis:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:40:30+00:00" + }, + "AmazonKinesisVideoStreamsFullAccess":{ + "CreateDate":"2017-12-01T23:27:18+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"kinesisvideo:*", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-12-01T23:27:18+00:00" + }, + "AmazonKinesisVideoStreamsReadOnlyAccess":{ + "CreateDate":"2017-12-01T23:14:32+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "kinesisvideo:Describe*", + "kinesisvideo:Get*", + "kinesisvideo:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-12-01T23:14:32+00:00" + }, + "AmazonLaunchWizard_Fullaccess":{ + "CreateDate":"2020-08-06T17:47:30+00:00", + "DefaultVersionId":"v13", + "Document":{ + "Statement":[ + { + "Action":"applicationinsights:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"resource-groups:List*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "route53:ChangeResourceRecordSets", + "route53:GetChange", + "route53:ListResourceRecordSets", + "route53:ListHostedZones", + "route53:ListHostedZonesByName" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:GetBucketLocation" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:ListKeys", + "kms:ListAliases" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:List*", + "cloudwatch:Get*", + "cloudwatch:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateInternetGateway", + "ec2:CreateNatGateway", + "ec2:CreateVpc", + "ec2:CreateKeyPair", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSubnet" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:AllocateAddress", + "ec2:AllocateHosts", + "ec2:AssignPrivateIpAddresses", + "ec2:AssociateAddress", + "ec2:CreateDhcpOptions", + "ec2:CreateEgressOnlyInternetGateway", + "ec2:CreateNetworkInterface", + "ec2:CreateVolume", + "ec2:CreateVpcEndpoint", + "ec2:CreateTags", + "ec2:DeleteTags", + "ec2:RunInstances", + "ec2:StartInstances", + "ec2:ModifyInstanceAttribute", + "ec2:ModifySubnetAttribute", + "ec2:ModifyVolumeAttribute", + "ec2:ModifyVpcAttribute", + "ec2:AssociateDhcpOptions", + "ec2:AssociateSubnetCidrBlock", + "ec2:AttachInternetGateway", + "ec2:AttachNetworkInterface", + "ec2:AttachVolume", + "ec2:DeleteDhcpOptions", + "ec2:DeleteInternetGateway", + "ec2:DeleteKeyPair", + "ec2:DeleteNatGateway", + "ec2:DeleteSecurityGroup", + "ec2:DeleteVolume", + "ec2:DeleteVpc", + "ec2:DetachInternetGateway", + "ec2:DetachVolume", + "ec2:DeleteSnapshot", + "ec2:AssociateRouteTable", + "ec2:AssociateVpcCidrBlock", + "ec2:DeleteNetworkAcl", + "ec2:DeleteNetworkInterface", + "ec2:DeleteNetworkInterfacePermission", + "ec2:DeleteRoute", + "ec2:DeleteRouteTable", + "ec2:DeleteSubnet", + "ec2:DetachNetworkInterface", + "ec2:DisassociateAddress", + "ec2:DisassociateVpcCidrBlock", + "ec2:GetLaunchTemplateData", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:ModifyVolume", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:GetConsoleOutput", + "ec2:GetPasswordData", + "ec2:ReleaseAddress", + "ec2:ReplaceRoute", + "ec2:ReplaceRouteTableAssociation", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:DisassociateIamInstanceProfile", + "ec2:DisassociateRouteTable", + "ec2:DisassociateSubnetCidrBlock", + "ec2:ModifyInstancePlacement", + "ec2:DeletePlacementGroup", + "ec2:CreatePlacementGroup", + "elasticfilesystem:DeleteFileSystem", + "elasticfilesystem:DeleteMountTarget", + "ds:AddIpRoutes", + "ds:CreateComputer", + "ds:CreateMicrosoftAD", + "ds:DeleteDirectory", + "servicecatalog:AssociateProductWithPortfolio", + "cloudformation:GetTemplateSummary", + "sts:GetCallerIdentity" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"launchwizard.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudformation:DescribeStack*", + "cloudformation:Get*", + "cloudformation:ListStacks", + "cloudformation:SignalResource", + "cloudformation:DeleteStack" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/LaunchWizard*/*", + "arn:aws:cloudformation:*:*:stack/ApplicationInsights*/*" + ] + }, + { + "Action":[ + "ec2:StopInstances", + "ec2:TerminateInstances" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/LaunchWizard-*/*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:CreateInstanceProfile", + "iam:DeleteInstanceProfile", + "iam:RemoveRoleFromInstanceProfile", + "iam:AddRoleToInstanceProfile" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard*", + "arn:aws:iam::*:instance-profile/LaunchWizard*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEqualsIfExists":{ + "iam:PassedToService":[ + "lambda.amazonaws.com", + "ec2.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard*", + "arn:aws:iam::*:role/service-role/AmazonLambdaRoleForLaunchWizard*", + "arn:aws:iam::*:instance-profile/LaunchWizard*" + ] + }, + { + "Action":[ + "autoscaling:AttachInstances", + "autoscaling:CreateAutoScalingGroup", + "autoscaling:CreateLaunchConfiguration", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:DeleteLaunchConfiguration", + "autoscaling:UpdateAutoScalingGroup", + "logs:CreateLogStream", + "logs:DeleteLogGroup", + "logs:DeleteLogStream", + "logs:DescribeLog*", + "logs:PutLogEvents", + "resource-groups:CreateGroup", + "resource-groups:DeleteGroup", + "sns:ListSubscriptionsByTopic", + "sns:Publish", + "ssm:DeleteDocument", + "ssm:DeleteParameter*", + "ssm:DescribeDocument*", + "ssm:GetDocument", + "ssm:PutParameter" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:resource-groups:*:*:group/LaunchWizard*", + "arn:aws:sns:*:*:*", + "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/LaunchWizard*", + "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/LaunchWizard*", + "arn:aws:ssm:*:*:parameter/LaunchWizard*", + "arn:aws:ssm:*:*:document/LaunchWizard*", + "arn:aws:logs:*:*:log-group:*:*:*", + "arn:aws:logs:*:*:log-group:LaunchWizard*" + ] + }, + { + "Action":[ + "ssm:GetDocument", + "ssm:SendCommand" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*::document/AWS-RunShellScript" + ] + }, + { + "Action":[ + "ssm:SendCommand" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/LaunchWizard-*/*" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":[ + "logs:DeleteLogStream", + "logs:GetLogEvents", + "logs:PutLogEvents", + "ssm:AddTagsToResource", + "ssm:DescribeDocument", + "ssm:GetDocument", + "ssm:ListTagsForResource", + "ssm:RemoveTagsFromResource" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:*:*:*", + "arn:aws:logs:*:*:log-group:LaunchWizard*", + "arn:aws:ssm:*:*:parameter/LaunchWizard*", + "arn:aws:ssm:*:*:document/LaunchWizard*" + ] + }, + { + "Action":[ + "autoscaling:Describe*", + "cloudformation:DescribeAccountLimits", + "cloudformation:DescribeStackDriftDetectionStatus", + "cloudformation:List*", + "cloudformation:ValidateTemplate", + "ds:Describe*", + "ds:ListAuthorizedApplications", + "ec2:Describe*", + "ec2:Get*", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:GetUser", + "iam:GetPolicyVersion", + "iam:GetPolicy", + "iam:List*", + "logs:CreateLogGroup", + "logs:GetLogDelivery", + "logs:GetLogRecord", + "logs:ListLogDeliveries", + "resource-groups:Get*", + "resource-groups:List*", + "servicequotas:GetServiceQuota", + "servicequotas:ListServiceQuotas", + "sns:ListSubscriptions", + "sns:ListTopics", + "ssm:CreateDocument", + "ssm:DescribeAutomation*", + "ssm:DescribeInstanceInformation", + "ssm:DescribeParameters", + "ssm:GetAutomationExecution", + "ssm:GetCommandInvocation", + "ssm:GetParameter*", + "ssm:GetConnectionStatus", + "ssm:ListCommand*", + "ssm:ListDocument*", + "ssm:ListInstanceAssociations", + "ssm:SendAutomationSignal", + "tag:Get*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssm:StartAutomationExecution", + "ssm:StopAutomationExecution" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"launchwizard.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:automation-definition/LaunchWizard-*:*" + }, + { + "Action":"logs:GetLog*", + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:*:*:*", + "arn:aws:logs:*:*:log-group:LaunchWizard*" + ] + }, + { + "Action":[ + "cloudformation:List*", + "cloudformation:Describe*" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudformation:*:*:stack/LaunchWizard*/" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "autoscaling.amazonaws.com", + "application-insights.amazonaws.com", + "events.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"launchwizard:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sqs:TagQueue", + "sqs:GetQueueUrl", + "sqs:AddPermission", + "sqs:ListQueues", + "sqs:DeleteQueue", + "sqs:GetQueueAttributes", + "sqs:ListQueueTags", + "sqs:CreateQueue", + "sqs:SetQueueAttributes" + ], + "Effect":"Allow", + "Resource":"arn:aws:sqs:*:*:LaunchWizard*" + }, + { + "Action":[ + "cloudwatch:PutMetricAlarm", + "iam:GetInstanceProfile", + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarms" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudwatch:*:*:alarm:LaunchWizard*", + "arn:aws:iam::*:instance-profile/LaunchWizard*" + ] + }, + { + "Action":[ + "cloudformation:CreateStack", + "route53:ListHostedZones", + "ec2:CreateSecurityGroup", + "ec2:AuthorizeSecurityGroupIngress", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:CreateFileSystem", + "elasticfilesystem:CreateMountTarget", + "elasticfilesystem:DescribeMountTargets", + "elasticfilesystem:DescribeMountTargetSecurityGroups" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetObject", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::launchwizard*", + "arn:aws:s3:::launchwizard*/*", + "arn:aws:s3:::aws-sap-data-provider/config.properties" + ] + }, + { + "Action":"cloudformation:TagResource", + "Condition":{ + "ForAllValues:StringLike":{ + "aws:TagKeys":"LaunchWizard*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:CreateBucket", + "s3:PutBucketVersioning", + "s3:DeleteBucket", + "lambda:CreateFunction", + "lambda:DeleteFunction", + "lambda:GetFunction", + "lambda:GetFunctionConfiguration", + "lambda:InvokeFunction" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:function:LaunchWizard*", + "arn:aws:s3:::launchwizard*" + ] + }, + { + "Action":[ + "dynamodb:CreateTable", + "dynamodb:DescribeTable", + "dynamodb:DeleteTable" + ], + "Effect":"Allow", + "Resource":"arn:aws:dynamodb:*:*:table/LaunchWizard*" + }, + { + "Action":[ + "secretsmanager:CreateSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:TagResource", + "secretsmanager:UntagResource", + "secretsmanager:PutResourcePolicy", + "secretsmanager:DeleteResourcePolicy", + "secretsmanager:ListSecretVersionIds", + "secretsmanager:GetSecretValue" + ], + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:LaunchWizard*" + }, + { + "Action":[ + "secretsmanager:GetRandomPassword", + "secretsmanager:ListSecrets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssm:CreateOpsMetadata" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ssm:DeleteOpsMetadata", + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:opsmetadata/aws/ssm/LaunchWizard*" + }, + { + "Action":[ + "sns:CreateTopic", + "sns:DeleteTopic", + "sns:Subscribe", + "sns:Unsubscribe" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:LaunchWizard*" + }, + { + "Action":[ + "fsx:UntagResource", + "fsx:TagResource", + "fsx:DeleteFileSystem", + "fsx:ListTagsForResource" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/Name":"LaunchWizard*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "fsx:CreateFileSystem" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/Name":[ + "LaunchWizard*" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "fsx:DescribeFileSystems" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "servicecatalog:CreatePortfolio", + "servicecatalog:DescribePortfolio", + "servicecatalog:CreateConstraint", + "servicecatalog:CreateProduct", + "servicecatalog:AssociatePrincipalWithPortfolio", + "servicecatalog:CreateProvisioningArtifact" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":"launchwizard.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:servicecatalog:*:*:*/*", + "arn:aws:catalog:*:*:*/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-12T19:16:27+00:00" + }, + "AmazonLexChannelsAccess":{ + "CreateDate":"2021-01-13T20:12:46+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "lex:ListBots" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-01-13T20:12:46+00:00" + }, + "AmazonLexFullAccess":{ + "CreateDate":"2017-04-11T23:20:36+00:00", + "DefaultVersionId":"v7", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:GetMetricStatistics", + "cloudwatch:DescribeAlarms", + "cloudwatch:DescribeAlarmsForMetric", + "kms:DescribeKey", + "kms:ListAliases", + "lambda:GetPolicy", + "lambda:ListFunctions", + "lex:*", + "polly:DescribeVoices", + "polly:SynthesizeSpeech", + "kendra:ListIndices", + "iam:ListRoles", + "s3:ListAllMyBuckets", + "logs:DescribeLogGroups", + "s3:GetBucketLocation" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "lambda:AddPermission", + "lambda:RemovePermission" + ], + "Condition":{ + "StringEquals":{ + "lambda:Principal":"lex.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:lambda:*:*:function:AmazonLex*" + }, + { + "Action":[ + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots", + "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels", + "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*", + "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*" + ] + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"lex.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots" + ] + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"channels.lex.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels" + ] + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"lexv2.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*" + ] + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"channels.lexv2.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*" + ] + }, + { + "Action":[ + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots", + "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels", + "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*", + "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "lex.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "lexv2.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "channels.lexv2.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-07-26T21:48:05+00:00" + }, + "AmazonLexReadOnly":{ + "CreateDate":"2017-04-11T23:13:33+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "lex:GetBot", + "lex:GetBotAlias", + "lex:GetBotAliases", + "lex:GetBots", + "lex:GetBotChannelAssociation", + "lex:GetBotChannelAssociations", + "lex:GetBotVersions", + "lex:GetBuiltinIntent", + "lex:GetBuiltinIntents", + "lex:GetBuiltinSlotTypes", + "lex:GetIntent", + "lex:GetIntents", + "lex:GetIntentVersions", + "lex:GetSlotType", + "lex:GetSlotTypes", + "lex:GetSlotTypeVersions", + "lex:GetUtterancesView", + "lex:DescribeBot", + "lex:DescribeBotAlias", + "lex:DescribeBotChannel", + "lex:DescribeBotLocale", + "lex:DescribeBotRecommendation", + "lex:DescribeBotVersion", + "lex:DescribeExport", + "lex:DescribeImport", + "lex:DescribeIntent", + "lex:DescribeResourcePolicy", + "lex:DescribeSlot", + "lex:DescribeSlotType", + "lex:ListBots", + "lex:ListBotLocales", + "lex:ListBotAliases", + "lex:ListBotChannels", + "lex:ListBotRecommendations", + "lex:ListBotVersions", + "lex:ListBuiltInIntents", + "lex:ListBuiltInSlotTypes", + "lex:ListExports", + "lex:ListImports", + "lex:ListIntents", + "lex:ListRecommendedIntents", + "lex:ListSlots", + "lex:ListSlotTypes", + "lex:ListTagsForResource", + "lex:SearchAssociatedTranscripts" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-27T23:43:22+00:00" + }, + "AmazonLexRunBotsOnly":{ + "CreateDate":"2017-04-11T23:06:24+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "lex:PostContent", + "lex:PostText", + "lex:PutSession", + "lex:GetSession", + "lex:DeleteSession", + "lex:RecognizeText", + "lex:RecognizeUtterance", + "lex:StartConversation" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-18T00:15:48+00:00" + }, + "AmazonLexV2BotPolicy":{ + "CreateDate":"2021-01-13T20:10:29+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "polly:SynthesizeSpeech" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-01-13T20:10:29+00:00" + }, + "AmazonLookoutEquipmentFullAccess":{ + "CreateDate":"2021-04-08T15:52:08+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "lookoutequipment:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "lookoutequipment.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:CreateGrant" + ], + "Condition":{ + "StringLike":{ + "kms:ViaService":"lookoutequipment.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:DescribeKey", + "kms:ListAliases" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-24T21:00:13+00:00" + }, + "AmazonLookoutEquipmentReadOnlyAccess":{ + "CreateDate":"2021-05-05T16:47:55+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "lookoutequipment:DescribeDataset", + "lookoutequipment:DescribeDataIngestionJob", + "lookoutequipment:DescribeModel", + "lookoutequipment:DescribeInferenceScheduler", + "lookoutequipment:ListDatasets", + "lookoutequipment:ListDataIngestionJobs", + "lookoutequipment:ListModels", + "lookoutequipment:ListInferenceSchedulers", + "lookoutequipment:ListInferenceExecutions", + "lookoutequipment:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-05-05T16:47:55+00:00" + }, + "AmazonLookoutMetricsFullAccess":{ + "CreateDate":"2021-05-07T00:43:38+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "lookoutmetrics:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"lookoutmetrics.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*LookoutMetrics*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-05-07T00:43:38+00:00" + }, + "AmazonLookoutMetricsReadOnlyAccess":{ + "CreateDate":"2021-05-07T00:43:34+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "lookoutmetrics:DescribeMetricSet", + "lookoutmetrics:ListMetricSets", + "lookoutmetrics:DescribeAnomalyDetector", + "lookoutmetrics:ListAnomalyDetectors", + "lookoutmetrics:DescribeAnomalyDetectionExecutions", + "lookoutmetrics:DescribeAlert", + "lookoutmetrics:ListAlerts", + "lookoutmetrics:ListTagsForResource", + "lookoutmetrics:ListAnomalyGroupSummaries", + "lookoutmetrics:ListAnomalyGroupTimeSeries", + "lookoutmetrics:ListAnomalyGroupRelatedMetrics", + "lookoutmetrics:GetAnomalyGroup", + "lookoutmetrics:GetDataQualityMetrics", + "lookoutmetrics:GetSampleData", + "lookoutmetrics:GetFeedback" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-01-04T18:19:27+00:00" + }, + "AmazonLookoutVisionConsoleFullAccess":{ + "CreateDate":"2021-05-11T19:37:17+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "lookoutvision:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"LookoutVisionFullAccess" + }, + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"LookoutVisionConsoleS3BucketSearchAccess" + }, + { + "Action":[ + "s3:CreateBucket", + "s3:PutBucketVersioning", + "s3:PutLifecycleConfiguration", + "s3:PutEncryptionConfiguration", + "s3:PutBucketPublicAccessBlock" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::lookoutvision-*", + "Sid":"LookoutVisionConsoleS3BucketFirstUseSetupAccess" + }, + { + "Action":[ + "s3:ListBucket", + "s3:GetBucketLocation", + "s3:GetBucketVersioning" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::lookoutvision-*", + "Sid":"LookoutVisionConsoleS3BucketAccess" + }, + { + "Action":[ + "s3:GetObject", + "s3:GetObjectVersion", + "s3:PutObject", + "s3:AbortMultipartUpload", + "s3:ListMultipartUploadParts" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::lookoutvision-*/*", + "Sid":"LookoutVisionConsoleS3ObjectAccess" + }, + { + "Action":[ + "groundtruthlabeling:RunGenerateManifestByCrawlingJob", + "groundtruthlabeling:AssociatePatchToManifestJob", + "groundtruthlabeling:DescribeConsoleJob" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"LookoutVisionConsoleDatasetLabelingToolsAccess" + }, + { + "Action":[ + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"LookoutVisionConsoleDashboardAccess" + }, + { + "Action":[ + "tag:GetTagKeys", + "tag:GetTagValues" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"LookoutVisionConsoleTagSelectorAccess" + }, + { + "Action":[ + "kms:ListAliases" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"LookoutVisionConsoleKmsKeySelectorAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-05-11T19:37:17+00:00" + }, + "AmazonLookoutVisionConsoleReadOnlyAccess":{ + "CreateDate":"2021-05-11T19:32:02+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "lookoutvision:DescribeDataset", + "lookoutvision:DescribeModel", + "lookoutvision:DescribeProject", + "lookoutvision:DescribeTrialDetection", + "lookoutvision:DescribeModelPackagingJob", + "lookoutvision:ListDatasetEntries", + "lookoutvision:ListModels", + "lookoutvision:ListProjects", + "lookoutvision:ListTagsForResource", + "lookoutvision:ListTrialDetections", + "lookoutvision:ListModelPackagingJobs" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"LookoutVisionReadOnlyAccess" + }, + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"LookoutVisionConsoleS3BucketSearchAccess" + }, + { + "Action":[ + "s3:GetObject", + "s3:GetObjectVersion" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::lookoutvision-*/*", + "Sid":"LookoutVisionConsoleS3ObjectReadAccess" + }, + { + "Action":[ + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"LookoutVisionConsoleDashboardAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-12-09T02:46:29+00:00" + }, + "AmazonLookoutVisionFullAccess":{ + "CreateDate":"2021-05-11T19:24:54+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "lookoutvision:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"LookoutVisionFullAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-05-11T19:24:54+00:00" + }, + "AmazonLookoutVisionReadOnlyAccess":{ + "CreateDate":"2021-05-11T19:11:07+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "lookoutvision:DescribeDataset", + "lookoutvision:DescribeModel", + "lookoutvision:DescribeProject", + "lookoutvision:DescribeModelPackagingJob", + "lookoutvision:ListDatasetEntries", + "lookoutvision:ListModels", + "lookoutvision:ListProjects", + "lookoutvision:ListTagsForResource", + "lookoutvision:ListModelPackagingJobs" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"LookoutVisionReadOnlyAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-12-09T03:01:51+00:00" + }, + "AmazonMCSFullAccess":{ + "CreateDate":"2019-12-03T13:45:25+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "application-autoscaling:DeleteScalingPolicy", + "application-autoscaling:DeregisterScalableTarget", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingActivities", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:PutScalingPolicy", + "application-autoscaling:RegisterScalableTarget", + "application-autoscaling:PutScheduledAction", + "application-autoscaling:DeleteScheduledAction", + "application-autoscaling:DescribeScheduledActions" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cassandra:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarms", + "cloudwatch:PutMetricAlarm" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"cassandra.application-autoscaling.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/cassandra.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_CassandraTable" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-04-17T19:19:29+00:00" + }, + "AmazonMCSReadOnlyAccess":{ + "CreateDate":"2019-12-03T13:46:21+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "cassandra:Select" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingActivities", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:DescribeScheduledActions", + "cloudwatch:DescribeAlarms" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-04-17T19:21:34+00:00" + }, + "AmazonMQApiFullAccess":{ + "CreateDate":"2018-12-18T20:31:31+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "mq:*", + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:DeleteNetworkInterface", + "ec2:DeleteNetworkInterfacePermission", + "ec2:DetachNetworkInterface", + "ec2:DescribeInternetGateways", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeNetworkInterfacePermissions", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/amazonmq/*" + ] + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"mq.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-11-04T16:45:35+00:00" + }, + "AmazonMQApiReadOnlyAccess":{ + "CreateDate":"2018-12-18T20:31:13+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "mq:Describe*", + "mq:List*", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-12-18T20:31:13+00:00" + }, + "AmazonMQFullAccess":{ + "CreateDate":"2017-11-28T15:28:29+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "mq:*", + "cloudformation:CreateStack", + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:DeleteNetworkInterface", + "ec2:DeleteNetworkInterfacePermission", + "ec2:DetachNetworkInterface", + "ec2:DescribeInternetGateways", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeNetworkInterfacePermissions", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:CreateSecurityGroup", + "ec2:AuthorizeSecurityGroupIngress" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/amazonmq/*" + ] + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"mq.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-11-04T16:34:09+00:00" + }, + "AmazonMQReadOnlyAccess":{ + "CreateDate":"2017-11-28T15:30:32+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "mq:Describe*", + "mq:List*", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-11-28T19:02:03+00:00" + }, + "AmazonMQServiceRolePolicy":{ + "CreateDate":"2020-11-04T16:07:17+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeVpcEndpoints" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateVpcEndpoint" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:vpc/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*" + ] + }, + { + "Action":[ + "ec2:CreateVpcEndpoint" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/AMQManaged":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:vpc-endpoint/*" + ] + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"CreateVpcEndpoint" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*" + }, + { + "Action":[ + "ec2:DeleteVpcEndpoints" + ], + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/AMQManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*" + }, + { + "Action":[ + "logs:PutLogEvents", + "logs:DescribeLogStreams", + "logs:DescribeLogGroups", + "logs:CreateLogStream", + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/amazonmq/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-11-04T16:07:17+00:00" + }, + "AmazonMSKConnectReadOnlyAccess":{ + "CreateDate":"2021-09-20T10:18:43+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "kafkaconnect:ListConnectors", + "kafkaconnect:ListCustomPlugins", + "kafkaconnect:ListWorkerConfigurations" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kafkaconnect:DescribeConnector" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:kafkaconnect:*:*:connector/*" + ] + }, + { + "Action":[ + "kafkaconnect:DescribeCustomPlugin" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:kafkaconnect:*:*:custom-plugin/*" + ] + }, + { + "Action":[ + "kafkaconnect:DescribeWorkerConfiguration" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:kafkaconnect:*:*:worker-configuration/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-10-18T09:16:26+00:00" + }, + "AmazonMSKFullAccess":{ + "CreateDate":"2019-01-14T22:07:52+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "kafka:*", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeSecurityGroups", + "ec2:DescribeRouteTables", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcAttribute", + "kms:DescribeKey", + "kms:CreateGrant", + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:DeleteLogDelivery", + "logs:ListLogDeliveries", + "logs:PutResourcePolicy", + "logs:DescribeResourcePolicies", + "logs:DescribeLogGroups", + "S3:GetBucketPolicy", + "firehose:TagDeliveryStream" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateVpcEndpoint" + ], + "Effect":"Allow", + "Resource":[ + "arn:*:ec2:*:*:vpc/*", + "arn:*:ec2:*:*:subnet/*", + "arn:*:ec2:*:*:security-group/*" + ] + }, + { + "Action":[ + "ec2:CreateVpcEndpoint" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/AWSMSKManaged":"true" + }, + "StringLike":{ + "aws:RequestTag/ClusterArn":"*" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:*:ec2:*:*:vpc-endpoint/*" + ] + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"CreateVpcEndpoint" + } + }, + "Effect":"Allow", + "Resource":"arn:*:ec2:*:*:vpc-endpoint/*" + }, + { + "Action":[ + "ec2:DeleteVpcEndpoints" + ], + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/AWSMSKManaged":"true" + }, + "StringLike":{ + "ec2:ResourceTag/ClusterArn":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:*:ec2:*:*:vpc-endpoint/*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"kafka.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/kafka.amazonaws.com/AWSServiceRoleForKafka*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"delivery.logs.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/delivery.logs.amazonaws.com/AWSServiceRoleForLogDelivery*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-01-06T21:18:01+00:00" + }, + "AmazonMSKReadOnlyAccess":{ + "CreateDate":"2019-01-14T22:28:45+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "kafka:Describe*", + "kafka:List*", + "kafka:Get*", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "kms:DescribeKey" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-01-14T22:28:45+00:00" + }, + "AmazonMWAAServiceRolePolicy":{ + "CreateDate":"2020-11-24T14:13:41+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogStream", + "logs:CreateLogGroup", + "logs:DescribeLogGroups" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:airflow-*:*" + }, + { + "Action":[ + "ec2:AttachNetworkInterface", + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:DeleteNetworkInterface", + "ec2:DeleteNetworkInterfacePermission", + "ec2:DescribeDhcpOptions", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs", + "ec2:DetachNetworkInterface" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:CreateVpcEndpoint", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:TagKeys":"AmazonMWAAManaged" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*" + }, + { + "Action":[ + "ec2:ModifyVpcEndpoint", + "ec2:DeleteVpcEndpoints" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AmazonMWAAManaged":false + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*" + }, + { + "Action":[ + "ec2:CreateVpcEndpoint", + "ec2:ModifyVpcEndpoint" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:vpc/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:subnet/*" + ] + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:TagKeys":"AmazonMWAAManaged" + }, + "StringEquals":{ + "ec2:CreateAction":"CreateVpcEndpoint" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-11-24T14:13:41+00:00" + }, + "AmazonMachineLearningBatchPredictionsAccess":{ + "CreateDate":"2015-04-09T17:12:19+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "machinelearning:CreateBatchPrediction", + "machinelearning:DeleteBatchPrediction", + "machinelearning:DescribeBatchPredictions", + "machinelearning:GetBatchPrediction", + "machinelearning:UpdateBatchPrediction" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-04-09T17:12:19+00:00" + }, + "AmazonMachineLearningCreateOnlyAccess":{ + "CreateDate":"2015-04-09T17:18:09+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "machinelearning:Add*", + "machinelearning:Create*", + "machinelearning:Delete*", + "machinelearning:Describe*", + "machinelearning:Get*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-06-29T20:55:03+00:00" + }, + "AmazonMachineLearningFullAccess":{ + "CreateDate":"2015-04-09T17:25:41+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "machinelearning:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-04-09T17:25:41+00:00" + }, + "AmazonMachineLearningManageRealTimeEndpointOnlyAccess":{ + "CreateDate":"2015-04-09T17:32:41+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "machinelearning:CreateRealtimeEndpoint", + "machinelearning:DeleteRealtimeEndpoint" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-04-09T17:32:41+00:00" + }, + "AmazonMachineLearningReadOnlyAccess":{ + "CreateDate":"2015-04-09T17:40:02+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "machinelearning:Describe*", + "machinelearning:Get*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-04-09T17:40:02+00:00" + }, + "AmazonMachineLearningRealTimePredictionOnlyAccess":{ + "CreateDate":"2015-04-09T17:44:06+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "machinelearning:Predict" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-04-09T17:44:06+00:00" + }, + "AmazonMachineLearningRoleforRedshiftDataSourceV3":{ + "CreateDate":"2020-06-24T18:00:09+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateSecurityGroup", + "ec2:DescribeInternetGateways", + "ec2:DescribeSecurityGroups", + "ec2:RevokeSecurityGroupIngress", + "redshift:AuthorizeClusterSecurityGroupIngress", + "redshift:CreateClusterSecurityGroup", + "redshift:DescribeClusters", + "redshift:DescribeClusterSecurityGroups", + "redshift:ModifyCluster", + "redshift:RevokeClusterSecurityGroupIngress" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:PutBucketPolicy", + "s3:GetBucketLocation", + "s3:GetBucketPolicy", + "s3:GetObject", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::amazon-machine-learning*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-24T18:00:09+00:00" + }, + "AmazonMacieFullAccess":{ + "CreateDate":"2017-08-14T14:54:30+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "macie2:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"macie.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/AWSServiceRoleForAmazonMacie" + }, + { + "Action":"pricing:GetProducts", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-03-07T18:08:14+00:00" + }, + "AmazonMacieHandshakeRole":{ + "CreateDate":"2018-06-28T15:46:10+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "ForAnyValue:StringEquals":{ + "iam:AWSServiceName":"macie.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-06-28T15:46:10+00:00" + }, + "AmazonMacieServiceRole":{ + "CreateDate":"2017-08-14T14:53:26+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:Get*", + "s3:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-08-14T14:53:26+00:00" + }, + "AmazonMacieServiceRolePolicy":{ + "CreateDate":"2018-06-19T22:17:38+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:ListAccountAliases", + "organizations:DescribeAccount", + "organizations:ListAccounts", + "s3:GetAccountPublicAccessBlock", + "s3:ListAllMyBuckets", + "s3:GetBucketAcl", + "s3:GetBucketLocation", + "s3:GetBucketLogging", + "s3:GetBucketPolicy", + "s3:GetBucketPolicyStatus", + "s3:GetBucketPublicAccessBlock", + "s3:GetBucketTagging", + "s3:GetBucketVersioning", + "s3:GetBucketWebsite", + "s3:GetEncryptionConfiguration", + "s3:GetLifecycleConfiguration", + "s3:GetReplicationConfiguration", + "s3:ListBucket", + "s3:GetObject", + "s3:GetObjectAcl", + "s3:GetObjectTagging" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/macie/*" + ] + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/macie/*:log-stream:*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-19T19:16:56+00:00" + }, + "AmazonManagedBlockchainConsoleFullAccess":{ + "CreateDate":"2019-04-29T21:23:25+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "managedblockchain:*", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:CreateVpcEndpoint", + "kms:ListAliases", + "kms:DescribeKey" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-04-29T21:23:25+00:00" + }, + "AmazonManagedBlockchainFullAccess":{ + "CreateDate":"2019-04-29T21:39:29+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "managedblockchain:*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-04-29T21:39:29+00:00" + }, + "AmazonManagedBlockchainReadOnlyAccess":{ + "CreateDate":"2019-04-30T18:17:31+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "managedblockchain:Get*", + "managedblockchain:List*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-04-30T18:17:31+00:00" + }, + "AmazonManagedBlockchainServiceRolePolicy":{ + "CreateDate":"2020-01-17T19:51:28+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/managedblockchain/*" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/managedblockchain/*:log-stream:*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-01-17T19:51:28+00:00" + }, + "AmazonMechanicalTurkFullAccess":{ + "CreateDate":"2015-12-11T19:08:19+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "mechanicalturk:*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-12-11T19:08:19+00:00" + }, + "AmazonMechanicalTurkReadOnly":{ + "CreateDate":"2015-12-11T19:08:28+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "mechanicalturk:Get*", + "mechanicalturk:List*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-09-25T21:06:26+00:00" + }, + "AmazonMemoryDBFullAccess":{ + "CreateDate":"2021-10-08T19:24:16+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"memorydb:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"memorydb.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/memorydb.amazonaws.com/AWSServiceRoleForMemoryDB" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-10-08T19:24:16+00:00" + }, + "AmazonMemoryDBReadOnlyAccess":{ + "CreateDate":"2021-10-08T19:27:28+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "memorydb:Describe*", + "memorydb:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-10-08T19:27:28+00:00" + }, + "AmazonMobileAnalyticsFinancialReportAccess":{ + "CreateDate":"2015-02-06T18:40:35+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "mobileanalytics:GetReports", + "mobileanalytics:GetFinancialReports" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:40:35+00:00" + }, + "AmazonMobileAnalyticsFullAccess":{ + "CreateDate":"2015-02-06T18:40:34+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"mobileanalytics:*", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:40:34+00:00" + }, + "AmazonMobileAnalyticsNon-financialReportAccess":{ + "CreateDate":"2015-02-06T18:40:36+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"mobileanalytics:GetReports", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:40:36+00:00" + }, + "AmazonMobileAnalyticsWriteOnlyAccess":{ + "CreateDate":"2015-02-06T18:40:37+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"mobileanalytics:PutEvents", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:40:37+00:00" + }, + "AmazonMonitronFullAccess":{ + "CreateDate":"2020-12-02T22:40:28+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"monitron.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "monitron:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:ListKeys", + "kms:DescribeKey", + "kms:ListAliases" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"kms:CreateGrant", + "Condition":{ + "Bool":{ + "kms:GrantIsForAWSResource":true + }, + "StringLike":{ + "kms:ViaService":[ + "monitron.*.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "ds:DescribeDirectories", + "ds:DescribeTrusts" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AWSSSOPermissions" + }, + { + "Action":[ + "kinesis:DescribeStream", + "kinesis:ListStreams" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:GetLogEvents", + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/monitron/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-08T16:27:42+00:00" + }, + "AmazonNimbleStudio-LaunchProfileWorker":{ + "CreateDate":"2021-04-28T04:47:02+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "fsx:DescribeFileSystems", + "ds:DescribeDirectories" + ], + "Condition":{ + "StringEquals":{ + "aws:CalledViaLast":"nimble.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"GetLaunchProfileInitializationDependencies" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-04-28T04:47:02+00:00" + }, + "AmazonNimbleStudio-StudioAdmin":{ + "CreateDate":"2021-04-28T04:47:36+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "nimble:CreateStreamingSession", + "nimble:GetStreamingSession", + "nimble:StartStreamingSession", + "nimble:StopStreamingSession", + "nimble:CreateStreamingSessionStream", + "nimble:GetStreamingSessionStream", + "nimble:DeleteStreamingSession", + "nimble:ListEulas", + "nimble:ListEulaAcceptances", + "nimble:GetEula", + "nimble:AcceptEulas", + "nimble:ListStudioMembers", + "nimble:GetStudioMember", + "nimble:ListStreamingSessions", + "nimble:GetStreamingImage", + "nimble:ListStreamingImages", + "nimble:GetLaunchProfileInitialization", + "nimble:GetLaunchProfileDetails", + "nimble:GetFeatureMap", + "nimble:PutStudioLogEvents", + "nimble:ListLaunchProfiles", + "nimble:GetLaunchProfile", + "nimble:GetLaunchProfileMember", + "nimble:ListLaunchProfileMembers", + "nimble:PutLaunchProfileMembers", + "nimble:UpdateLaunchProfileMember", + "nimble:DeleteLaunchProfileMember" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"StudioAdminFullAccess" + }, + { + "Action":[ + "sso-directory:DescribeUsers", + "sso-directory:SearchUsers" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ds:CreateComputer", + "ds:DescribeDirectories", + "ec2:DescribeSubnets", + "ec2:CreateNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:DeleteNetworkInterfacePermission", + "ec2:DescribeSecurityGroups", + "fsx:DescribeFileSystems" + ], + "Condition":{ + "StringEquals":{ + "aws:CalledViaLast":"nimble.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-01T20:02:36+00:00" + }, + "AmazonNimbleStudio-StudioUser":{ + "CreateDate":"2021-04-28T04:48:11+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "ds:CreateComputer", + "ec2:DescribeSubnets", + "ec2:CreateNetworkInterfacePermission", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteNetworkInterfacePermission", + "ec2:DeleteNetworkInterface", + "ec2:CreateNetworkInterface", + "ec2:DescribeSecurityGroups", + "fsx:DescribeFileSystems", + "ds:DescribeDirectories" + ], + "Condition":{ + "StringEquals":{ + "aws:CalledViaLast":"nimble.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "sso-directory:DescribeUsers", + "sso-directory:SearchUsers" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "nimble:ListLaunchProfiles" + ], + "Condition":{ + "StringEquals":{ + "nimble:requesterPrincipalId":"${nimble:principalId}" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "nimble:ListStudioMembers", + "nimble:GetStudioMember", + "nimble:ListEulas", + "nimble:ListEulaAcceptances", + "nimble:GetFeatureMap", + "nimble:PutStudioLogEvents" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "nimble:DeleteStreamingSession", + "nimble:GetStreamingSession", + "nimble:StartStreamingSession", + "nimble:StopStreamingSession", + "nimble:CreateStreamingSessionStream", + "nimble:GetStreamingSessionStream", + "nimble:ListStreamingSessions" + ], + "Condition":{ + "StringEquals":{ + "nimble:ownedBy":"${nimble:requesterPrincipalId}" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-01T20:01:52+00:00" + }, + "AmazonOpenSearchServiceCognitoAccess":{ + "CreateDate":"2021-09-02T06:31:49+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "cognito-idp:DescribeUserPool", + "cognito-idp:CreateUserPoolClient", + "cognito-idp:DeleteUserPoolClient", + "cognito-idp:UpdateUserPoolClient", + "cognito-idp:DescribeUserPoolClient", + "cognito-idp:AdminInitiateAuth", + "cognito-idp:AdminUserGlobalSignOut", + "cognito-idp:ListUserPoolClients", + "cognito-identity:DescribeIdentityPool", + "cognito-identity:UpdateIdentityPool", + "cognito-identity:GetIdentityPoolRoles" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cognito-identity:*:*:identitypool/*", + "arn:aws:cognito-idp:*:*:userpool/*" + ] + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":[ + "cognito-identity.amazonaws.com", + "cognito-identity-us-gov.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*" + }, + { + "Action":"cognito-identity:SetIdentityPoolRoles", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-12-20T14:04:18+00:00" + }, + "AmazonOpenSearchServiceFullAccess":{ + "CreateDate":"2021-09-08T05:33:47+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "es:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-08T05:33:47+00:00" + }, + "AmazonOpenSearchServiceReadOnlyAccess":{ + "CreateDate":"2021-09-08T05:38:13+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "es:Describe*", + "es:List*", + "es:Get*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-08T05:38:13+00:00" + }, + "AmazonOpenSearchServiceRolePolicy":{ + "CreateDate":"2021-08-26T09:27:09+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateNetworkInterface" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*" + ], + "Sid":"Stmt1480452973134" + }, + { + "Action":[ + "ec2:DescribeNetworkInterfaces" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Stmt1480452973145" + }, + { + "Action":[ + "ec2:DeleteNetworkInterface" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*" + ], + "Sid":"Stmt1480452973144" + }, + { + "Action":[ + "ec2:ModifyNetworkInterfaceAttribute" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:security-group/*" + ], + "Sid":"Stmt1480452973165" + }, + { + "Action":[ + "ec2:DescribeSecurityGroups" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Stmt1480452973154" + }, + { + "Action":[ + "ec2:DescribeSubnets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Stmt1480452973164" + }, + { + "Action":[ + "ec2:DescribeVpcs" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Stmt1480452973174" + }, + { + "Action":[ + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:elasticloadbalancing:*:*:listener/*" + ], + "Sid":"Stmt1480452973184" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*" + ], + "Sid":"Stmt1480452973194" + }, + { + "Action":[ + "ec2:DescribeTags" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Stmt1480452973195" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-09T10:43:21+00:00" + }, + "AmazonPersonalizeFullAccess":{ + "CreateDate":"2018-12-04T22:24:33+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "personalize:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:PutMetricData", + "cloudwatch:ListMetrics" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetObject", + "s3:PutObject", + "s3:DeleteObject", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*Personalize*", + "arn:aws:s3:::*personalize*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"personalize.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-05-30T23:46:59+00:00" + }, + "AmazonPollyFullAccess":{ + "CreateDate":"2016-11-30T18:59:06+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "polly:*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-11-30T18:59:06+00:00" + }, + "AmazonPollyReadOnlyAccess":{ + "CreateDate":"2016-11-30T18:59:24+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "polly:DescribeVoices", + "polly:GetLexicon", + "polly:GetSpeechSynthesisTask", + "polly:ListLexicons", + "polly:ListSpeechSynthesisTasks", + "polly:SynthesizeSpeech" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-07-17T16:41:07+00:00" + }, + "AmazonPrometheusConsoleFullAccess":{ + "CreateDate":"2020-12-15T18:11:10+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "tag:GetTagValues", + "tag:GetTagKeys" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "aps:CreateWorkspace", + "aps:DescribeWorkspace", + "aps:UpdateWorkspaceAlias", + "aps:DeleteWorkspace", + "aps:ListWorkspaces", + "aps:DescribeAlertManagerDefinition", + "aps:DescribeRuleGroupsNamespace", + "aps:CreateAlertManagerDefinition", + "aps:CreateRuleGroupsNamespace", + "aps:DeleteAlertManagerDefinition", + "aps:DeleteRuleGroupsNamespace", + "aps:ListRuleGroupsNamespaces", + "aps:PutAlertManagerDefinition", + "aps:PutRuleGroupsNamespace", + "aps:TagResource", + "aps:UntagResource" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-29T15:29:28+00:00" + }, + "AmazonPrometheusFullAccess":{ + "CreateDate":"2020-12-15T18:10:46+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "aps:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-15T18:10:46+00:00" + }, + "AmazonPrometheusQueryAccess":{ + "CreateDate":"2020-12-19T01:02:58+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "aps:GetLabels", + "aps:GetMetricMetadata", + "aps:GetSeries", + "aps:QueryMetrics" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-19T01:02:58+00:00" + }, + "AmazonPrometheusRemoteWriteAccess":{ + "CreateDate":"2020-12-19T01:04:32+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "aps:RemoteWrite" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-19T01:04:32+00:00" + }, + "AmazonQLDBConsoleFullAccess":{ + "CreateDate":"2019-09-05T18:24:20+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "qldb:CreateLedger", + "qldb:UpdateLedger", + "qldb:UpdateLedgerPermissionsMode", + "qldb:DeleteLedger", + "qldb:ListLedgers", + "qldb:DescribeLedger", + "qldb:ExportJournalToS3", + "qldb:ListJournalS3Exports", + "qldb:ListJournalS3ExportsForLedger", + "qldb:DescribeJournalS3Export", + "qldb:CancelJournalKinesisStream", + "qldb:DescribeJournalKinesisStream", + "qldb:ListJournalKinesisStreamsForLedger", + "qldb:StreamJournalToKinesis", + "qldb:GetBlock", + "qldb:GetDigest", + "qldb:GetRevision", + "qldb:TagResource", + "qldb:UntagResource", + "qldb:ListTagsForResource", + "qldb:SendCommand", + "qldb:ExecuteStatement", + "qldb:ShowCatalog", + "qldb:InsertSampleData", + "qldb:PartiQLCreateTable", + "qldb:PartiQLCreateIndex", + "qldb:PartiQLDropTable", + "qldb:PartiQLDropIndex", + "qldb:PartiQLUndropTable", + "qldb:PartiQLDelete", + "qldb:PartiQLInsert", + "qldb:PartiQLUpdate", + "qldb:PartiQLSelect", + "qldb:PartiQLHistoryFunction" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "dbqms:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kinesis:ListStreams", + "kinesis:DescribeStream" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"qldb.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-02T23:21:23+00:00" + }, + "AmazonQLDBFullAccess":{ + "CreateDate":"2019-09-05T18:23:32+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "qldb:CreateLedger", + "qldb:UpdateLedger", + "qldb:UpdateLedgerPermissionsMode", + "qldb:DeleteLedger", + "qldb:ListLedgers", + "qldb:DescribeLedger", + "qldb:ExportJournalToS3", + "qldb:ListJournalS3Exports", + "qldb:ListJournalS3ExportsForLedger", + "qldb:DescribeJournalS3Export", + "qldb:CancelJournalKinesisStream", + "qldb:DescribeJournalKinesisStream", + "qldb:ListJournalKinesisStreamsForLedger", + "qldb:StreamJournalToKinesis", + "qldb:GetDigest", + "qldb:GetRevision", + "qldb:GetBlock", + "qldb:TagResource", + "qldb:UntagResource", + "qldb:ListTagsForResource", + "qldb:SendCommand", + "qldb:PartiQLCreateTable", + "qldb:PartiQLCreateIndex", + "qldb:PartiQLDropTable", + "qldb:PartiQLDropIndex", + "qldb:PartiQLUndropTable", + "qldb:PartiQLDelete", + "qldb:PartiQLInsert", + "qldb:PartiQLUpdate", + "qldb:PartiQLSelect", + "qldb:PartiQLHistoryFunction" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"qldb.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-02T23:21:04+00:00" + }, + "AmazonQLDBReadOnly":{ + "CreateDate":"2019-09-05T18:19:24+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "qldb:ListLedgers", + "qldb:DescribeLedger", + "qldb:ListJournalS3Exports", + "qldb:ListJournalS3ExportsForLedger", + "qldb:DescribeJournalS3Export", + "qldb:DescribeJournalKinesisStream", + "qldb:ListJournalKinesisStreamsForLedger", + "qldb:GetBlock", + "qldb:GetDigest", + "qldb:GetRevision", + "qldb:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-07-02T02:17:25+00:00" + }, + "AmazonRDSBetaServiceRolePolicy":{ + "CreateDate":"2018-05-02T19:41:04+00:00", + "DefaultVersionId":"v7", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:AllocateAddress", + "ec2:AssociateAddress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateCoipPoolPermission", + "ec2:CreateLocalGatewayRouteTablePermission", + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup", + "ec2:DeleteCoipPoolPermission", + "ec2:DeleteLocalGatewayRouteTablePermission", + "ec2:DeleteNetworkInterface", + "ec2:DeleteSecurityGroup", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeCoipPools", + "ec2:DescribeInternetGateways", + "ec2:DescribeLocalGatewayRouteTablePermissions", + "ec2:DescribeLocalGatewayRouteTables", + "ec2:DescribeLocalGatewayRouteTableVpcAssociations", + "ec2:DescribeLocalGateways", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs", + "ec2:DisassociateAddress", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:ModifyVpcEndpoint", + "ec2:ReleaseAddress", + "ec2:RevokeSecurityGroupIngress", + "ec2:CreateVpcEndpoint", + "ec2:DescribeVpcEndpoints", + "ec2:DeleteVpcEndpoints" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sns:Publish" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/rds/*" + ] + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*" + ] + }, + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":[ + "AWS/DocDB", + "AWS/Neptune", + "AWS/RDS", + "AWS/Usage" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-07T17:10:39+00:00" + }, + "AmazonRDSCustomPreviewServiceRolePolicy":{ + "CreateDate":"2021-10-08T21:44:15+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeRegions", + "ec2:DescribeSnapshots", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeVolumes", + "ec2:DescribeInstanceStatus", + "ec2:DescribeIamInstanceProfileAssociations", + "ec2:DescribeImages", + "ec2:DescribeVpcs", + "ec2:RegisterImage", + "ec2:DeregisterImage", + "ec2:DescribeTags", + "ec2:DescribeSecurityGroups", + "ec2:DescribeVolumesModifications", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"ecc1" + }, + { + "Action":[ + "ec2:DisassociateIamInstanceProfile", + "ec2:AssociateIamInstanceProfile", + "ec2:ReplaceIamInstanceProfileAssociation", + "ec2:TerminateInstances", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:RebootInstances" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"ecc2" + }, + { + "Action":[ + "ec2:AllocateAddress" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"ecc1scoping" + }, + { + "Action":[ + "ec2:AssociateAddress", + "ec2:DisassociateAddress", + "ec2:ReleaseAddress" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"ecc1scoping2" + }, + { + "Action":"ec2:RunInstances", + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:network-interface/*" + ], + "Sid":"eccRunInstances1" + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*::image/*", + "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*", + "arn:aws:ec2:*:*:placement-group/*" + ], + "Sid":"eccRunInstances2" + }, + { + "Action":[ + "ec2:RunInstances", + "ec2:DeleteKeyPair" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*" + ], + "Sid":"eccRunInstances3keyPair1" + }, + { + "Action":[ + "ec2:CreateKeyPair" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*" + ], + "Sid":"eccKeyPair2" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"eccCreateTag1" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ], + "ec2:CreateAction":[ + "CreateKeyPair", + "RunInstances", + "CreateVolume", + "CreateSnapshots", + "CopySnapshot", + "AllocateAddress" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"eccCreateTag2" + }, + { + "Action":[ + "ec2:DetachVolume", + "ec2:AttachVolume" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:volume/*" + ], + "Sid":"eccVolume1" + }, + { + "Action":"ec2:CreateVolume", + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"eccVolume2" + }, + { + "Action":[ + "ec2:ModifyVolumeAttribute", + "ec2:DeleteVolume", + "ec2:ModifyVolume" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"eccVolume3" + }, + { + "Action":[ + "ec2:CreateVolume", + "ec2:DeleteSnapshot" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*::snapshot/*", + "Sid":"eccVolume4snapshot1" + }, + { + "Action":[ + "ec2:CopySnapshot", + "ec2:CreateSnapshots" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*::snapshot/*", + "Sid":"eccSnapshot2" + }, + { + "Action":"ec2:CreateSnapshots", + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:volume/*" + ], + "Sid":"eccSnapshot3" + }, + { + "Action":[ + "iam:ListInstanceProfiles", + "iam:GetInstanceProfile", + "iam:GetRole", + "iam:ListRolePolicies", + "iam:GetRolePolicy", + "iam:ListAttachedRolePolicies", + "iam:GetPolicy", + "iam:GetPolicyVersion" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"iam1" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":"ec2.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/AWSRDSCustom*", + "Sid":"iam2" + }, + { + "Action":[ + "cloudtrail:GetTrailStatus" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudtrail:*:*:trail/do-not-delete-rds-custom-*", + "Sid":"cloudtrail1" + }, + { + "Action":[ + "cloudwatch:EnableAlarmActions", + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarms" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:cloudwatch:*:*:alarm:do-not-delete-rds-custom-*", + "Sid":"cw1" + }, + { + "Action":[ + "cloudwatch:PutMetricAlarm", + "cloudwatch:TagResource" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:cloudwatch:*:*:alarm:do-not-delete-rds-custom-*", + "Sid":"cw2" + }, + { + "Action":"ssm:SendCommand", + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:document/*", + "Sid":"ssm1" + }, + { + "Action":"ssm:SendCommand", + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"ssm2" + }, + { + "Action":[ + "ssm:GetCommandInvocation", + "ssm:GetConnectionStatus", + "ssm:DescribeInstanceInformation" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ssm3" + }, + { + "Action":[ + "events:PutRule", + "events:TagResource" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", + "Sid":"eb1" + }, + { + "Action":[ + "events:PutTargets", + "events:DescribeRule", + "events:EnableRule", + "events:ListTargetsByRule", + "events:DeleteRule", + "events:RemoveTargets", + "events:DisableRule" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", + "Sid":"eb2" + }, + { + "Action":[ + "secretsmanager:TagResource", + "secretsmanager:CreateSecret" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*", + "Sid":"secretmanager1" + }, + { + "Action":[ + "secretsmanager:TagResource", + "secretsmanager:DescribeSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:PutSecretValue" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*", + "Sid":"secretmanager2" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-10-08T21:44:15+00:00" + }, + "AmazonRDSCustomServiceRolePolicy":{ + "CreateDate":"2021-10-08T21:39:12+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeRegions", + "ec2:DescribeSnapshots", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeVolumes", + "ec2:DescribeInstanceStatus", + "ec2:DescribeIamInstanceProfileAssociations", + "ec2:DescribeImages", + "ec2:DescribeVpcs", + "ec2:RegisterImage", + "ec2:DeregisterImage", + "ec2:DescribeTags", + "ec2:DescribeSecurityGroups", + "ec2:DescribeVolumesModifications", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"ecc1" + }, + { + "Action":[ + "ec2:DisassociateIamInstanceProfile", + "ec2:AssociateIamInstanceProfile", + "ec2:ReplaceIamInstanceProfileAssociation", + "ec2:TerminateInstances", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:RebootInstances" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"ecc2" + }, + { + "Action":[ + "ec2:AllocateAddress" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"ecc1scoping" + }, + { + "Action":[ + "ec2:AssociateAddress", + "ec2:DisassociateAddress", + "ec2:ReleaseAddress" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"ecc1scoping2" + }, + { + "Action":"ec2:RunInstances", + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:network-interface/*" + ], + "Sid":"eccRunInstances1" + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*::image/*", + "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*", + "arn:aws:ec2:*:*:placement-group/*" + ], + "Sid":"eccRunInstances2" + }, + { + "Action":[ + "ec2:RunInstances", + "ec2:DeleteKeyPair" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*" + ], + "Sid":"eccRunInstances3keyPair1" + }, + { + "Action":[ + "ec2:CreateKeyPair" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:key-pair/do-not-delete-rds-custom-*" + ], + "Sid":"eccKeyPair2" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"eccCreateTag1" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ], + "ec2:CreateAction":[ + "CreateKeyPair", + "RunInstances", + "CreateVolume", + "CreateSnapshots", + "CopySnapshot", + "AllocateAddress" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"eccCreateTag2" + }, + { + "Action":[ + "ec2:DetachVolume", + "ec2:AttachVolume" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:volume/*" + ], + "Sid":"eccVolume1" + }, + { + "Action":"ec2:CreateVolume", + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"eccVolume2" + }, + { + "Action":[ + "ec2:ModifyVolumeAttribute", + "ec2:DeleteVolume", + "ec2:ModifyVolume" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:volume/*", + "Sid":"eccVolume3" + }, + { + "Action":[ + "ec2:CreateVolume", + "ec2:DeleteSnapshot" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*::snapshot/*", + "Sid":"eccVolume4snapshot1" + }, + { + "Action":[ + "ec2:CopySnapshot", + "ec2:CreateSnapshots" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*::snapshot/*", + "Sid":"eccSnapshot2" + }, + { + "Action":"ec2:CreateSnapshots", + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:volume/*" + ], + "Sid":"eccSnapshot3" + }, + { + "Action":[ + "iam:ListInstanceProfiles", + "iam:GetInstanceProfile", + "iam:GetRole", + "iam:ListRolePolicies", + "iam:GetRolePolicy", + "iam:ListAttachedRolePolicies", + "iam:GetPolicy", + "iam:GetPolicyVersion" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"iam1" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":"ec2.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/AWSRDSCustom*", + "Sid":"iam2" + }, + { + "Action":[ + "cloudtrail:GetTrailStatus" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudtrail:*:*:trail/do-not-delete-rds-custom-*", + "Sid":"cloudtrail1" + }, + { + "Action":[ + "cloudwatch:EnableAlarmActions", + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarms" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:cloudwatch:*:*:alarm:do-not-delete-rds-custom-*", + "Sid":"cw1" + }, + { + "Action":[ + "cloudwatch:PutMetricAlarm", + "cloudwatch:TagResource" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:cloudwatch:*:*:alarm:do-not-delete-rds-custom-*", + "Sid":"cw2" + }, + { + "Action":"ssm:SendCommand", + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:document/*", + "Sid":"ssm1" + }, + { + "Action":"ssm:SendCommand", + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*", + "Sid":"ssm2" + }, + { + "Action":[ + "ssm:GetCommandInvocation", + "ssm:GetConnectionStatus", + "ssm:DescribeInstanceInformation" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ssm3" + }, + { + "Action":[ + "events:PutRule", + "events:TagResource" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", + "Sid":"eb1" + }, + { + "Action":[ + "events:PutTargets", + "events:DescribeRule", + "events:EnableRule", + "events:ListTargetsByRule", + "events:DeleteRule", + "events:RemoveTargets", + "events:DisableRule" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/do-not-delete-rds-custom-*", + "Sid":"eb2" + }, + { + "Action":[ + "secretsmanager:TagResource", + "secretsmanager:CreateSecret" + ], + "Condition":{ + "StringLike":{ + "aws:RequestTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*", + "Sid":"secretmanager1" + }, + { + "Action":[ + "secretsmanager:TagResource", + "secretsmanager:DescribeSecret", + "secretsmanager:DeleteSecret", + "secretsmanager:PutSecretValue" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/AWSRDSCustom":[ + "custom-oracle", + "custom-sqlserver" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:do-not-delete-rds-custom-*", + "Sid":"secretmanager2" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-10-08T21:39:12+00:00" + }, + "AmazonRDSDataFullAccess":{ + "CreateDate":"2018-11-20T21:29:36+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "secretsmanager:GetSecretValue", + "secretsmanager:PutResourcePolicy", + "secretsmanager:PutSecretValue", + "secretsmanager:DeleteSecret", + "secretsmanager:DescribeSecret", + "secretsmanager:TagResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:rds-db-credentials/*", + "Sid":"SecretsManagerDbCredentialsAccess" + }, + { + "Action":[ + "dbqms:CreateFavoriteQuery", + "dbqms:DescribeFavoriteQueries", + "dbqms:UpdateFavoriteQuery", + "dbqms:DeleteFavoriteQueries", + "dbqms:GetQueryString", + "dbqms:CreateQueryHistory", + "dbqms:DescribeQueryHistory", + "dbqms:UpdateQueryHistory", + "dbqms:DeleteQueryHistory", + "rds-data:ExecuteSql", + "rds-data:ExecuteStatement", + "rds-data:BatchExecuteStatement", + "rds-data:BeginTransaction", + "rds-data:CommitTransaction", + "rds-data:RollbackTransaction", + "secretsmanager:CreateSecret", + "secretsmanager:ListSecrets", + "secretsmanager:GetRandomPassword", + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"RDSDataServiceAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-11-20T21:58:46+00:00" + }, + "AmazonRDSDirectoryServiceAccess":{ + "CreateDate":"2016-02-26T02:02:05+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ds:DescribeDirectories", + "ds:AuthorizeApplication", + "ds:UnauthorizeApplication", + "ds:GetAuthorizedApplicationDetails" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-05-15T16:51:50+00:00" + }, + "AmazonRDSEnhancedMonitoringRole":{ + "CreateDate":"2015-11-11T19:58:29+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogGroup", + "logs:PutRetentionPolicy" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:RDS*" + ], + "Sid":"EnableCreationAndManagementOfRDSCloudwatchLogGroups" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams", + "logs:GetLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:RDS*:log-stream:*" + ], + "Sid":"EnableCreationAndManagementOfRDSCloudwatchLogStreams" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-11-11T19:58:29+00:00" + }, + "AmazonRDSFullAccess":{ + "CreateDate":"2015-02-06T18:40:52+00:00", + "DefaultVersionId":"v9", + "Document":{ + "Statement":[ + { + "Action":[ + "rds:*", + "application-autoscaling:DeleteScalingPolicy", + "application-autoscaling:DeregisterScalableTarget", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingActivities", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:PutScalingPolicy", + "application-autoscaling:RegisterScalableTarget", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricStatistics", + "cloudwatch:PutMetricAlarm", + "cloudwatch:DeleteAlarms", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeCoipPools", + "ec2:DescribeInternetGateways", + "ec2:DescribeLocalGatewayRouteTablePermissions", + "ec2:DescribeLocalGatewayRouteTables", + "ec2:DescribeLocalGatewayRouteTableVpcAssociations", + "ec2:DescribeLocalGateways", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs", + "ec2:GetCoipPoolUsage", + "sns:ListSubscriptions", + "sns:ListTopics", + "sns:Publish", + "logs:DescribeLogStreams", + "logs:GetLogEvents", + "outposts:GetOutpostInstanceTypes" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"pi:*", + "Effect":"Allow", + "Resource":"arn:aws:pi:*:*:metrics/rds/*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":[ + "rds.amazonaws.com", + "rds.application-autoscaling.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-03-07T21:11:46+00:00" + }, + "AmazonRDSPerformanceInsightsReadOnly":{ + "CreateDate":"2022-04-05T00:02:08+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"rds:DescribeDBInstances", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"rds:DescribeDBClusters", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"pi:DescribeDimensionKeys", + "Effect":"Allow", + "Resource":"arn:aws:pi:*:*:metrics/rds/*" + }, + { + "Action":"pi:GetDimensionKeyDetails", + "Effect":"Allow", + "Resource":"arn:aws:pi:*:*:metrics/rds/*" + }, + { + "Action":"pi:GetResourceMetadata", + "Effect":"Allow", + "Resource":"arn:aws:pi:*:*:metrics/rds/*" + }, + { + "Action":"pi:GetResourceMetrics", + "Effect":"Allow", + "Resource":"arn:aws:pi:*:*:metrics/rds/*" + }, + { + "Action":"pi:ListAvailableResourceDimensions", + "Effect":"Allow", + "Resource":"arn:aws:pi:*:*:metrics/rds/*" + }, + { + "Action":"pi:ListAvailableResourceMetrics", + "Effect":"Allow", + "Resource":"arn:aws:pi:*:*:metrics/rds/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-05T00:02:08+00:00" + }, + "AmazonRDSPreviewServiceRolePolicy":{ + "CreateDate":"2018-05-31T18:02:00+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "rds:CrossRegionCommunication" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:AllocateAddress", + "ec2:AssociateAddress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateCoipPoolPermission", + "ec2:CreateLocalGatewayRouteTablePermission", + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup", + "ec2:DeleteCoipPoolPermission", + "ec2:DeleteLocalGatewayRouteTablePermission", + "ec2:DeleteNetworkInterface", + "ec2:DeleteSecurityGroup", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeCoipPools", + "ec2:DescribeInternetGateways", + "ec2:DescribeLocalGatewayRouteTablePermissions", + "ec2:DescribeLocalGatewayRouteTables", + "ec2:DescribeLocalGatewayRouteTableVpcAssociations", + "ec2:DescribeLocalGateways", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs", + "ec2:DisassociateAddress", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:ReleaseAddress", + "ec2:RevokeSecurityGroupIngress" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sns:Publish" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/rds/*" + ] + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*" + ] + }, + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":[ + "AWS/DocDB", + "AWS/Neptune", + "AWS/RDS", + "AWS/Usage" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-07T16:55:33+00:00" + }, + "AmazonRDSReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:40:53+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "rds:Describe*", + "rds:ListTagsForResource", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:GetMetricStatistics", + "logs:DescribeLogStreams", + "logs:GetLogEvents" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-08-28T21:36:32+00:00" + }, + "AmazonRDSServiceRolePolicy":{ + "CreateDate":"2018-01-08T18:17:46+00:00", + "DefaultVersionId":"v11", + "Document":{ + "Statement":[ + { + "Action":[ + "rds:CrossRegionCommunication" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:AllocateAddress", + "ec2:AssociateAddress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateCoipPoolPermission", + "ec2:CreateLocalGatewayRouteTablePermission", + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup", + "ec2:DeleteCoipPoolPermission", + "ec2:DeleteLocalGatewayRouteTablePermission", + "ec2:DeleteNetworkInterface", + "ec2:DeleteSecurityGroup", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeCoipPools", + "ec2:DescribeInternetGateways", + "ec2:DescribeLocalGatewayRouteTablePermissions", + "ec2:DescribeLocalGatewayRouteTables", + "ec2:DescribeLocalGatewayRouteTableVpcAssociations", + "ec2:DescribeLocalGateways", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs", + "ec2:DisassociateAddress", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:ModifyVpcEndpoint", + "ec2:ReleaseAddress", + "ec2:RevokeSecurityGroupIngress", + "ec2:CreateVpcEndpoint", + "ec2:DescribeVpcEndpoints", + "ec2:DeleteVpcEndpoints", + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sns:Publish" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/rds/*", + "arn:aws:logs:*:*:log-group:/aws/docdb/*", + "arn:aws:logs:*:*:log-group:/aws/neptune/*" + ] + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*", + "arn:aws:logs:*:*:log-group:/aws/docdb/*:log-stream:*", + "arn:aws:logs:*:*:log-group:/aws/neptune/*:log-stream:*" + ] + }, + { + "Action":[ + "kinesis:CreateStream", + "kinesis:PutRecord", + "kinesis:PutRecords", + "kinesis:DescribeStream", + "kinesis:SplitShard", + "kinesis:MergeShards", + "kinesis:DeleteStream", + "kinesis:UpdateShardCount" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:kinesis:*:*:stream/aws-rds-das-*" + ] + }, + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":[ + "AWS/DocDB", + "AWS/Neptune", + "AWS/RDS", + "AWS/Usage" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-03-21T15:03:27+00:00" + }, + "AmazonRedshiftAllCommandsFullAccess":{ + "CreateDate":"2021-11-04T00:48:08+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "sagemaker:CreateTrainingJob", + "sagemaker:CreateAutoMLJob", + "sagemaker:CreateCompilationJob", + "sagemaker:CreateEndpoint", + "sagemaker:DescribeAutoMLJob", + "sagemaker:DescribeTrainingJob", + "sagemaker:DescribeCompilationJob", + "sagemaker:DescribeProcessingJob", + "sagemaker:DescribeTransformJob", + "sagemaker:ListCandidatesForAutoMLJob", + "sagemaker:StopAutoMLJob", + "sagemaker:StopCompilationJob", + "sagemaker:StopTrainingJob", + "sagemaker:DescribeEndpoint", + "sagemaker:InvokeEndpoint", + "sagemaker:StopProcessingJob", + "sagemaker:CreateModel", + "sagemaker:CreateProcessingJob" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sagemaker:*:*:model/*redshift*", + "arn:aws:sagemaker:*:*:training-job/*redshift*", + "arn:aws:sagemaker:*:*:automl-job/*redshift*", + "arn:aws:sagemaker:*:*:compilation-job/*redshift*", + "arn:aws:sagemaker:*:*:processing-job/*redshift*", + "arn:aws:sagemaker:*:*:transform-job/*redshift*", + "arn:aws:sagemaker:*:*:endpoint/*redshift*" + ] + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:DescribeLogStreams", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/sagemaker/Endpoints/*redshift*", + "arn:aws:logs:*:*:log-group:/aws/sagemaker/ProcessingJobs/*redshift*", + "arn:aws:logs:*:*:log-group:/aws/sagemaker/TrainingJobs/*redshift*", + "arn:aws:logs:*:*:log-group:/aws/sagemaker/TransformJobs/*redshift*" + ] + }, + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":[ + "SageMaker", + "/aws/sagemaker/Endpoints", + "/aws/sagemaker/ProcessingJobs", + "/aws/sagemaker/TrainingJobs", + "/aws/sagemaker/TransformJobs" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetObject", + "s3:GetBucketAcl", + "s3:GetBucketCors", + "s3:GetEncryptionConfiguration", + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:ListAllMyBuckets", + "s3:ListMultipartUploadParts", + "s3:ListBucketMultipartUploads", + "s3:PutObject", + "s3:PutBucketAcl", + "s3:PutBucketCors", + "s3:DeleteObject", + "s3:AbortMultipartUpload", + "s3:CreateBucket" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::redshift-downloads", + "arn:aws:s3:::redshift-downloads/*", + "arn:aws:s3:::*redshift*", + "arn:aws:s3:::*redshift*/*" + ] + }, + { + "Action":[ + "s3:GetObject" + ], + "Condition":{ + "StringEqualsIgnoreCase":{ + "s3:ExistingObjectTag/Redshift":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "dynamodb:Scan", + "dynamodb:DescribeTable", + "dynamodb:Getitem" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:dynamodb:*:*:table/*redshift*", + "arn:aws:dynamodb:*:*:table/*redshift*/index/*" + ] + }, + { + "Action":[ + "elasticmapreduce:ListInstances" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:elasticmapreduce:*:*:cluster/*redshift*" + ] + }, + { + "Action":[ + "elasticmapreduce:ListInstances" + ], + "Condition":{ + "StringEqualsIgnoreCase":{ + "elasticmapreduce:ResourceTag/Redshift":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "lambda:InvokeFunction" + ], + "Effect":"Allow", + "Resource":"arn:aws:lambda:*:*:function:*redshift*" + }, + { + "Action":[ + "glue:CreateDatabase", + "glue:DeleteDatabase", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:UpdateDatabase", + "glue:CreateTable", + "glue:DeleteTable", + "glue:BatchDeleteTable", + "glue:UpdateTable", + "glue:GetTable", + "glue:GetTables", + "glue:BatchCreatePartition", + "glue:CreatePartition", + "glue:DeletePartition", + "glue:BatchDeletePartition", + "glue:UpdatePartition", + "glue:GetPartition", + "glue:GetPartitions", + "glue:BatchGetPartition" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:table/*redshift*/*", + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:database/*redshift*" + ] + }, + { + "Action":[ + "secretsmanager:GetResourcePolicy", + "secretsmanager:GetSecretValue", + "secretsmanager:DescribeSecret", + "secretsmanager:ListSecretVersionIds" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:secretsmanager:*:*:secret:*redshift*" + ] + }, + { + "Action":[ + "secretsmanager:GetRandomPassword", + "secretsmanager:ListSecrets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "redshift.amazonaws.com", + "glue.amazonaws.com", + "sagemaker.amazonaws.com", + "athena.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-25T02:27:31+00:00" + }, + "AmazonRedshiftDataFullAccess":{ + "CreateDate":"2020-09-09T19:23:55+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "redshift-data:BatchExecuteStatement", + "redshift-data:ExecuteStatement", + "redshift-data:CancelStatement", + "redshift-data:ListStatements", + "redshift-data:GetStatementResult", + "redshift-data:DescribeStatement", + "redshift-data:ListDatabases", + "redshift-data:ListSchemas", + "redshift-data:ListTables", + "redshift-data:DescribeTable" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DataAPIPermissions" + }, + { + "Action":[ + "secretsmanager:GetSecretValue" + ], + "Condition":{ + "StringLike":{ + "secretsmanager:ResourceTag/RedshiftDataFullAccess":"*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"SecretsManagerPermissions" + }, + { + "Action":"redshift:GetClusterCredentials", + "Effect":"Allow", + "Resource":[ + "arn:aws:redshift:*:*:dbname:*/*", + "arn:aws:redshift:*:*:dbuser:*/redshift_data_api_user" + ], + "Sid":"GetCredentialsForAPIUser" + }, + { + "Action":"redshift:CreateClusterUser", + "Effect":"Deny", + "Resource":[ + "arn:aws:redshift:*:*:dbuser:*/redshift_data_api_user" + ], + "Sid":"DenyCreateAPIUser" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"redshift-data.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/redshift-data.amazonaws.com/AWSServiceRoleForRedshift", + "Sid":"ServiceLinkedRole" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-07-27T20:05:33+00:00" + }, + "AmazonRedshiftFullAccess":{ + "CreateDate":"2015-02-06T18:40:50+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "redshift:*", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeInternetGateways", + "sns:CreateTopic", + "sns:Get*", + "sns:List*", + "cloudwatch:Describe*", + "cloudwatch:Get*", + "cloudwatch:List*", + "cloudwatch:PutMetricAlarm", + "cloudwatch:EnableAlarmActions", + "cloudwatch:DisableAlarmActions", + "tag:GetResources", + "tag:UntagResources", + "tag:GetTagValues", + "tag:GetTagKeys", + "tag:TagResources" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"redshift.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/redshift.amazonaws.com/AWSServiceRoleForRedshift" + }, + { + "Action":[ + "redshift-data:ExecuteStatement", + "redshift-data:CancelStatement", + "redshift-data:ListStatements", + "redshift-data:GetStatementResult", + "redshift-data:DescribeStatement", + "redshift-data:ListDatabases", + "redshift-data:ListSchemas", + "redshift-data:ListTables", + "redshift-data:DescribeTable" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DataAPIPermissions" + }, + { + "Action":[ + "secretsmanager:ListSecrets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SecretsManagerListPermissions" + }, + { + "Action":[ + "secretsmanager:CreateSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:TagResource" + ], + "Condition":{ + "StringLike":{ + "secretsmanager:ResourceTag/RedshiftDataFullAccess":"*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"SecretsManagerCreateGetPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-09-09T19:51:19+00:00" + }, + "AmazonRedshiftQueryEditor":{ + "CreateDate":"2018-10-04T22:50:32+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "redshift:GetClusterCredentials", + "redshift:ListSchemas", + "redshift:ListTables", + "redshift:ListDatabases", + "redshift:ExecuteQuery", + "redshift:FetchResults", + "redshift:CancelQuery", + "redshift:DescribeClusters", + "redshift:DescribeQuery", + "redshift:DescribeTable", + "redshift:ViewQueriesFromConsole", + "redshift:DescribeSavedQueries", + "redshift:CreateSavedQuery", + "redshift:DeleteSavedQueries", + "redshift:ModifySavedQuery" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "redshift-data:ExecuteStatement", + "redshift-data:ListDatabases", + "redshift-data:ListSchemas", + "redshift-data:ListTables", + "redshift-data:DescribeTable" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"DataAPIPermissions" + }, + { + "Action":[ + "redshift-data:GetStatementResult", + "redshift-data:CancelStatement", + "redshift-data:DescribeStatement", + "redshift-data:ListStatements" + ], + "Condition":{ + "StringEquals":{ + "redshift-data:statement-owner-iam-userid":"${aws:userid}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"DataAPIIAMSessionPermissionsRestriction" + }, + { + "Action":[ + "secretsmanager:ListSecrets" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SecretsManagerListPermissions" + }, + { + "Action":[ + "secretsmanager:CreateSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:TagResource" + ], + "Condition":{ + "StringEquals":{ + "secretsmanager:ResourceTag/RedshiftQueryOwner":"${aws:userid}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:*", + "Sid":"SecretsManagerCreateGetPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-02-16T19:33:45+00:00" + }, + "AmazonRedshiftQueryEditorV2FullAccess":{ + "CreateDate":"2021-09-24T14:06:02+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":"redshift:DescribeClusters", + "Effect":"Allow", + "Resource":"*", + "Sid":"RedshiftPermissions" + }, + { + "Action":[ + "kms:DescribeKey", + "kms:ListAliases" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"KeyManagementServicePermissions" + }, + { + "Action":[ + "secretsmanager:CreateSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:DeleteSecret", + "secretsmanager:TagResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:sqlworkbench!*", + "Sid":"SecretsManagerPermissions" + }, + { + "Action":[ + "tag:GetResources" + ], + "Condition":{ + "StringEquals":{ + "aws:CalledViaLast":"sqlworkbench.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"ResourceGroupsTaggingPermissions" + }, + { + "Action":"sqlworkbench:*", + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonRedshiftQueryEditorV2Permissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-02-23T17:05:06+00:00" + }, + "AmazonRedshiftQueryEditorV2NoSharing":{ + "CreateDate":"2021-09-24T14:18:42+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":"redshift:DescribeClusters", + "Effect":"Allow", + "Resource":"*", + "Sid":"RedshiftPermissions" + }, + { + "Action":[ + "secretsmanager:CreateSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:DeleteSecret", + "secretsmanager:TagResource" + ], + "Condition":{ + "StringEquals":{ + "secretsmanager:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:sqlworkbench!*", + "Sid":"SecretsManagerPermissions" + }, + { + "Action":[ + "tag:GetResources" + ], + "Condition":{ + "StringEquals":{ + "aws:CalledViaLast":"sqlworkbench.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"ResourceGroupsTaggingPermissions" + }, + { + "Action":[ + "sqlworkbench:CreateFolder", + "sqlworkbench:PutTab", + "sqlworkbench:BatchDeleteFolder", + "sqlworkbench:DeleteTab", + "sqlworkbench:GenerateSession", + "sqlworkbench:GetAccountInfo", + "sqlworkbench:GetAccountSettings", + "sqlworkbench:GetUserInfo", + "sqlworkbench:GetUserWorkspaceSettings", + "sqlworkbench:PutUserWorkspaceSettings", + "sqlworkbench:ListConnections", + "sqlworkbench:ListFiles", + "sqlworkbench:ListTabs", + "sqlworkbench:UpdateFolder", + "sqlworkbench:ListRedshiftClusters", + "sqlworkbench:DriverExecute", + "sqlworkbench:ListTaggedResources" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonRedshiftQueryEditorV2NonResourceLevelPermissions" + }, + { + "Action":[ + "sqlworkbench:CreateConnection", + "sqlworkbench:CreateSavedQuery", + "sqlworkbench:CreateChart" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/sqlworkbench-resource-owner":"${aws:userid}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonRedshiftQueryEditorV2CreateOwnedResourcePermissions" + }, + { + "Action":[ + "sqlworkbench:DeleteChart", + "sqlworkbench:DeleteConnection", + "sqlworkbench:DeleteSavedQuery", + "sqlworkbench:GetChart", + "sqlworkbench:GetConnection", + "sqlworkbench:GetSavedQuery", + "sqlworkbench:ListSavedQueryVersions", + "sqlworkbench:UpdateChart", + "sqlworkbench:UpdateConnection", + "sqlworkbench:UpdateSavedQuery", + "sqlworkbench:AssociateConnectionWithTab", + "sqlworkbench:AssociateQueryWithTab", + "sqlworkbench:AssociateConnectionWithChart", + "sqlworkbench:UpdateFileFolder", + "sqlworkbench:ListTagsForResource" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonRedshiftQueryEditorV2OwnerSpecificPermissions" + }, + { + "Action":"sqlworkbench:TagResource", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"sqlworkbench-resource-owner" + }, + "StringEquals":{ + "aws:RequestTag/sqlworkbench-resource-owner":"${aws:userid}", + "aws:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonRedshiftQueryEditorV2TagOnlyUserIdPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-15T09:48:24+00:00" + }, + "AmazonRedshiftQueryEditorV2ReadSharing":{ + "CreateDate":"2021-09-24T14:22:21+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":"redshift:DescribeClusters", + "Effect":"Allow", + "Resource":"*", + "Sid":"RedshiftPermissions" + }, + { + "Action":[ + "secretsmanager:CreateSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:DeleteSecret", + "secretsmanager:TagResource" + ], + "Condition":{ + "StringEquals":{ + "secretsmanager:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:sqlworkbench!*", + "Sid":"SecretsManagerPermissions" + }, + { + "Action":[ + "tag:GetResources" + ], + "Condition":{ + "StringEquals":{ + "aws:CalledViaLast":"sqlworkbench.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"ResourceGroupsTaggingPermissions" + }, + { + "Action":[ + "sqlworkbench:CreateFolder", + "sqlworkbench:PutTab", + "sqlworkbench:BatchDeleteFolder", + "sqlworkbench:DeleteTab", + "sqlworkbench:GenerateSession", + "sqlworkbench:GetAccountInfo", + "sqlworkbench:GetAccountSettings", + "sqlworkbench:GetUserInfo", + "sqlworkbench:GetUserWorkspaceSettings", + "sqlworkbench:PutUserWorkspaceSettings", + "sqlworkbench:ListConnections", + "sqlworkbench:ListFiles", + "sqlworkbench:ListTabs", + "sqlworkbench:UpdateFolder", + "sqlworkbench:ListRedshiftClusters", + "sqlworkbench:DriverExecute", + "sqlworkbench:ListTaggedResources" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonRedshiftQueryEditorV2NonResourceLevelPermissions" + }, + { + "Action":[ + "sqlworkbench:CreateConnection", + "sqlworkbench:CreateSavedQuery", + "sqlworkbench:CreateChart" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/sqlworkbench-resource-owner":"${aws:userid}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonRedshiftQueryEditorV2CreateOwnedResourcePermissions" + }, + { + "Action":[ + "sqlworkbench:DeleteChart", + "sqlworkbench:DeleteConnection", + "sqlworkbench:DeleteSavedQuery", + "sqlworkbench:GetChart", + "sqlworkbench:GetConnection", + "sqlworkbench:GetSavedQuery", + "sqlworkbench:ListSavedQueryVersions", + "sqlworkbench:UpdateChart", + "sqlworkbench:UpdateConnection", + "sqlworkbench:UpdateSavedQuery", + "sqlworkbench:AssociateConnectionWithTab", + "sqlworkbench:AssociateQueryWithTab", + "sqlworkbench:AssociateConnectionWithChart", + "sqlworkbench:UpdateFileFolder", + "sqlworkbench:ListTagsForResource" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonRedshiftQueryEditorV2OwnerSpecificPermissions" + }, + { + "Action":"sqlworkbench:TagResource", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"sqlworkbench-resource-owner" + }, + "StringEquals":{ + "aws:RequestTag/sqlworkbench-resource-owner":"${aws:userid}", + "aws:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonRedshiftQueryEditorV2TagOnlyUserIdPermissions" + }, + { + "Action":[ + "sqlworkbench:GetChart", + "sqlworkbench:GetConnection", + "sqlworkbench:GetSavedQuery", + "sqlworkbench:ListSavedQueryVersions", + "sqlworkbench:ListTagsForResource", + "sqlworkbench:AssociateQueryWithTab" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/sqlworkbench-team":"${aws:PrincipalTag/sqlworkbench-team}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonRedshiftQueryEditorV2TeamReadAccessPermissions" + }, + { + "Action":"sqlworkbench:TagResource", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"sqlworkbench-team" + }, + "StringEquals":{ + "aws:RequestTag/sqlworkbench-team":"${aws:PrincipalTag/sqlworkbench-team}", + "aws:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonRedshiftQueryEditorV2TagOnlyTeamPermissions" + }, + { + "Action":"sqlworkbench:UntagResource", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"sqlworkbench-team" + }, + "StringEquals":{ + "aws:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonRedshiftQueryEditorV2UntagOnlyTeamPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-15T10:16:40+00:00" + }, + "AmazonRedshiftQueryEditorV2ReadWriteSharing":{ + "CreateDate":"2021-09-24T14:25:37+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":"redshift:DescribeClusters", + "Effect":"Allow", + "Resource":"*", + "Sid":"RedshiftPermissions" + }, + { + "Action":[ + "secretsmanager:CreateSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:DeleteSecret", + "secretsmanager:TagResource" + ], + "Condition":{ + "StringEquals":{ + "secretsmanager:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:sqlworkbench!*", + "Sid":"SecretsManagerPermissions" + }, + { + "Action":[ + "tag:GetResources" + ], + "Condition":{ + "StringEquals":{ + "aws:CalledViaLast":"sqlworkbench.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"ResourceGroupsTaggingPermissions" + }, + { + "Action":[ + "sqlworkbench:CreateFolder", + "sqlworkbench:PutTab", + "sqlworkbench:BatchDeleteFolder", + "sqlworkbench:DeleteTab", + "sqlworkbench:GenerateSession", + "sqlworkbench:GetAccountInfo", + "sqlworkbench:GetAccountSettings", + "sqlworkbench:GetUserInfo", + "sqlworkbench:GetUserWorkspaceSettings", + "sqlworkbench:PutUserWorkspaceSettings", + "sqlworkbench:ListConnections", + "sqlworkbench:ListFiles", + "sqlworkbench:ListTabs", + "sqlworkbench:UpdateFolder", + "sqlworkbench:ListRedshiftClusters", + "sqlworkbench:DriverExecute", + "sqlworkbench:ListTaggedResources" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonRedshiftQueryEditorV2NonResourceLevelPermissions" + }, + { + "Action":[ + "sqlworkbench:CreateConnection", + "sqlworkbench:CreateSavedQuery", + "sqlworkbench:CreateChart" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/sqlworkbench-resource-owner":"${aws:userid}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonRedshiftQueryEditorV2CreateOwnedResourcePermissions" + }, + { + "Action":[ + "sqlworkbench:DeleteChart", + "sqlworkbench:DeleteConnection", + "sqlworkbench:DeleteSavedQuery", + "sqlworkbench:GetChart", + "sqlworkbench:GetConnection", + "sqlworkbench:GetSavedQuery", + "sqlworkbench:ListSavedQueryVersions", + "sqlworkbench:UpdateChart", + "sqlworkbench:UpdateConnection", + "sqlworkbench:UpdateSavedQuery", + "sqlworkbench:AssociateConnectionWithTab", + "sqlworkbench:AssociateQueryWithTab", + "sqlworkbench:AssociateConnectionWithChart", + "sqlworkbench:UpdateFileFolder", + "sqlworkbench:ListTagsForResource" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonRedshiftQueryEditorV2OwnerSpecificPermissions" + }, + { + "Action":"sqlworkbench:TagResource", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"sqlworkbench-resource-owner" + }, + "StringEquals":{ + "aws:RequestTag/sqlworkbench-resource-owner":"${aws:userid}", + "aws:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonRedshiftQueryEditorV2TagOnlyUserIdPermissions" + }, + { + "Action":[ + "sqlworkbench:GetChart", + "sqlworkbench:GetConnection", + "sqlworkbench:GetSavedQuery", + "sqlworkbench:ListSavedQueryVersions", + "sqlworkbench:ListTagsForResource", + "sqlworkbench:UpdateChart", + "sqlworkbench:UpdateConnection", + "sqlworkbench:UpdateSavedQuery", + "sqlworkbench:AssociateConnectionWithTab", + "sqlworkbench:AssociateQueryWithTab", + "sqlworkbench:AssociateConnectionWithChart" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/sqlworkbench-team":"${aws:PrincipalTag/sqlworkbench-team}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonRedshiftQueryEditorV2TeamReadWriteAccessPermissions" + }, + { + "Action":"sqlworkbench:TagResource", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"sqlworkbench-team" + }, + "StringEquals":{ + "aws:RequestTag/sqlworkbench-team":"${aws:PrincipalTag/sqlworkbench-team}", + "aws:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonRedshiftQueryEditorV2TagOnlyTeamPermissions" + }, + { + "Action":"sqlworkbench:UntagResource", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"sqlworkbench-team" + }, + "StringEquals":{ + "aws:ResourceTag/sqlworkbench-resource-owner":"${aws:userid}" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"AmazonRedshiftQueryEditorV2UntagOnlyTeamPermissions" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-15T10:59:24+00:00" + }, + "AmazonRedshiftReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:40:51+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "redshift:Describe*", + "redshift:ViewQueriesInConsole", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeInternetGateways", + "sns:Get*", + "sns:List*", + "cloudwatch:Describe*", + "cloudwatch:List*", + "cloudwatch:Get*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:40:51+00:00" + }, + "AmazonRedshiftServiceLinkedRolePolicy":{ + "CreateDate":"2017-09-18T19:19:45+00:00", + "DefaultVersionId":"v7", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeAddresses", + "ec2:AssociateAddress", + "ec2:DisassociateAddress", + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:CreateVpcEndpoint", + "ec2:DeleteVpcEndpoints", + "ec2:DescribeVpcEndpoints", + "ec2:ModifyVpcEndpoint" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:AllocateAddress" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/Redshift":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:elastic-ip/*" + ] + }, + { + "Action":[ + "ec2:ReleaseAddress" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/Redshift":"true" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:elastic-ip/*" + ] + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:PutRetentionPolicy" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/redshift/*" + ], + "Sid":"EnableCreationAndManagementOfRedshiftCloudwatchLogGroups" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams", + "logs:GetLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/redshift/*:log-stream:*" + ], + "Sid":"EnableCreationAndManagementOfRedshiftCloudwatchLogStreams" + }, + { + "Action":[ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:UpdateSecurityGroupRuleDescriptionsEgress", + "ec2:ReplaceRouteTableAssociation", + "ec2:CreateRouteTable", + "ec2:AttachInternetGateway", + "ec2:UpdateSecurityGroupRuleDescriptionsIngress", + "ec2:AssociateRouteTable", + "ec2:RevokeSecurityGroupIngress", + "ec2:CreateRoute", + "ec2:CreateSecurityGroup", + "ec2:RevokeSecurityGroupEgress", + "ec2:ModifyVpcAttribute", + "ec2:CreateSubnet" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/Purpose":"RedshiftMigrateToVpc" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:route-table/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:vpc/*", + "arn:aws:ec2:*:*:internet-gateway/*" + ] + }, + { + "Action":[ + "ec2:CreateSecurityGroup", + "ec2:CreateInternetGateway", + "ec2:CreateVpc", + "ec2:CreateRouteTable", + "ec2:CreateSubnet" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/Purpose":"RedshiftMigrateToVpc" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:route-table/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:vpc/*", + "arn:aws:ec2:*:*:internet-gateway/*" + ] + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":[ + "CreateVpc", + "CreateSecurityGroup", + "CreateSubnet", + "CreateInternetGateway", + "CreateRouteTable", + "AllocateAddress" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:route-table/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:vpc/*", + "arn:aws:ec2:*:*:internet-gateway/*", + "arn:aws:ec2:*:*:elastic-ip/*" + ] + }, + { + "Action":[ + "ec2:DescribeVpcAttribute", + "ec2:DescribeSecurityGroups", + "ec2:DescribeInternetGateways", + "ec2:DescribeSecurityGroupRules", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeNetworkAcls", + "ec2:DescribeRouteTables" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":[ + "AWS/Redshift-Serverless" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-01T00:34:09+00:00" + }, + "AmazonRekognitionCustomLabelsFullAccess":{ + "CreateDate":"2020-01-08T19:18:34+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:ListBucket", + "s3:ListAllMyBuckets", + "s3:GetBucketAcl", + "s3:GetBucketLocation", + "s3:GetObject", + "s3:GetObjectAcl", + "s3:GetObjectTagging", + "s3:GetObjectVersion", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*custom-labels*" + }, + { + "Action":[ + "rekognition:CreateProject", + "rekognition:CreateProjectVersion", + "rekognition:StartProjectVersion", + "rekognition:StopProjectVersion", + "rekognition:DescribeProjects", + "rekognition:DescribeProjectVersions", + "rekognition:DetectCustomLabels", + "rekognition:DeleteProject", + "rekognition:DeleteProjectVersion", + "rekognition:TagResource", + "rekognition:UntagResource", + "rekognition:ListTagsForResource", + "rekognition:CreateDataset", + "rekognition:ListDatasetEntries", + "rekognition:ListDatasetLabels", + "rekognition:DescribeDataset", + "rekognition:UpdateDatasetEntries", + "rekognition:DistributeDatasetEntries", + "rekognition:DeleteDataset" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-03T02:53:05+00:00" + }, + "AmazonRekognitionFullAccess":{ + "CreateDate":"2016-11-30T14:40:44+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "rekognition:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-11-30T14:40:44+00:00" + }, + "AmazonRekognitionReadOnlyAccess":{ + "CreateDate":"2016-11-30T14:58:06+00:00", + "DefaultVersionId":"v7", + "Document":{ + "Statement":[ + { + "Action":[ + "rekognition:CompareFaces", + "rekognition:DetectFaces", + "rekognition:DetectLabels", + "rekognition:ListCollections", + "rekognition:ListFaces", + "rekognition:SearchFaces", + "rekognition:SearchFacesByImage", + "rekognition:DetectText", + "rekognition:GetCelebrityInfo", + "rekognition:RecognizeCelebrities", + "rekognition:DetectModerationLabels", + "rekognition:GetLabelDetection", + "rekognition:GetFaceDetection", + "rekognition:GetContentModeration", + "rekognition:GetPersonTracking", + "rekognition:GetCelebrityRecognition", + "rekognition:GetFaceSearch", + "rekognition:GetTextDetection", + "rekognition:GetSegmentDetection", + "rekognition:DescribeStreamProcessor", + "rekognition:ListStreamProcessors", + "rekognition:DescribeProjects", + "rekognition:DescribeProjectVersions", + "rekognition:DetectCustomLabels", + "rekognition:DetectProtectiveEquipment", + "rekognition:ListTagsForResource", + "rekognition:ListDatasetEntries", + "rekognition:ListDatasetLabels", + "rekognition:DescribeDataset" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-03T02:53:36+00:00" + }, + "AmazonRekognitionServiceRole":{ + "CreateDate":"2017-11-29T16:52:13+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sns:Publish" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:AmazonRekognition*" + }, + { + "Action":[ + "kinesis:PutRecord", + "kinesis:PutRecords" + ], + "Effect":"Allow", + "Resource":"arn:aws:kinesis:*:*:stream/AmazonRekognition*" + }, + { + "Action":[ + "kinesisvideo:GetDataEndpoint", + "kinesisvideo:GetMedia" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-11-29T16:52:13+00:00" + }, + "AmazonRoute53AutoNamingFullAccess":{ + "CreateDate":"2018-01-18T18:40:41+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "route53:GetHostedZone", + "route53:ListHostedZonesByName", + "route53:CreateHostedZone", + "route53:DeleteHostedZone", + "route53:ChangeResourceRecordSets", + "route53:CreateHealthCheck", + "route53:GetHealthCheck", + "route53:DeleteHealthCheck", + "route53:UpdateHealthCheck", + "ec2:DescribeVpcs", + "ec2:DescribeRegions", + "servicediscovery:*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-01-18T18:40:41+00:00" + }, + "AmazonRoute53AutoNamingReadOnlyAccess":{ + "CreateDate":"2018-01-18T03:02:59+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "servicediscovery:Get*", + "servicediscovery:List*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-01-18T03:02:59+00:00" + }, + "AmazonRoute53AutoNamingRegistrantAccess":{ + "CreateDate":"2018-03-12T22:33:20+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "route53:GetHostedZone", + "route53:ListHostedZonesByName", + "route53:ChangeResourceRecordSets", + "route53:CreateHealthCheck", + "route53:GetHealthCheck", + "route53:DeleteHealthCheck", + "route53:UpdateHealthCheck", + "servicediscovery:Get*", + "servicediscovery:List*", + "servicediscovery:RegisterInstance", + "servicediscovery:DeregisterInstance" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-03-12T22:33:20+00:00" + }, + "AmazonRoute53DomainsFullAccess":{ + "CreateDate":"2015-02-06T18:40:56+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "route53:CreateHostedZone", + "route53domains:*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:40:56+00:00" + }, + "AmazonRoute53DomainsReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:40:57+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "route53domains:Get*", + "route53domains:List*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:40:57+00:00" + }, + "AmazonRoute53FullAccess":{ + "CreateDate":"2015-02-06T18:40:54+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "route53:*", + "route53domains:*", + "cloudfront:ListDistributions", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticbeanstalk:DescribeEnvironments", + "s3:ListBucket", + "s3:GetBucketLocation", + "s3:GetBucketWebsite", + "ec2:DescribeVpcs", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeRegions", + "sns:ListTopics", + "sns:ListSubscriptionsByTopic", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricStatistics" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"apigateway:GET", + "Effect":"Allow", + "Resource":"arn:aws:apigateway:*::/domainnames" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-12-20T21:42:00+00:00" + }, + "AmazonRoute53ReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:40:55+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "route53:Get*", + "route53:List*", + "route53:TestDNSAnswer" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-11-15T21:15:16+00:00" + }, + "AmazonRoute53RecoveryClusterFullAccess":{ + "CreateDate":"2021-08-18T18:37:00+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "route53-recovery-cluster:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-18T18:37:00+00:00" + }, + "AmazonRoute53RecoveryClusterReadOnlyAccess":{ + "CreateDate":"2021-08-18T17:36:01+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "route53-recovery-cluster:GetRoutingControlState", + "route53-recovery-cluster:ListRoutingControls" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-01T17:37:55+00:00" + }, + "AmazonRoute53RecoveryControlConfigFullAccess":{ + "CreateDate":"2021-08-18T17:48:35+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "route53-recovery-control-config:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-18T17:48:35+00:00" + }, + "AmazonRoute53RecoveryControlConfigReadOnlyAccess":{ + "CreateDate":"2021-08-18T18:01:12+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "route53-recovery-control-config:DescribeCluster", + "route53-recovery-control-config:DescribeControlPanel", + "route53-recovery-control-config:DescribeRoutingControl", + "route53-recovery-control-config:DescribeRoutingControlByName", + "route53-recovery-control-config:DescribeSafetyRule", + "route53-recovery-control-config:ListAssociatedRoute53HealthChecks", + "route53-recovery-control-config:ListClusters", + "route53-recovery-control-config:ListControlPanels", + "route53-recovery-control-config:ListRoutingControls", + "route53-recovery-control-config:ListSafetyRules", + "route53-recovery-control-config:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-12-09T23:38:51+00:00" + }, + "AmazonRoute53RecoveryReadinessFullAccess":{ + "CreateDate":"2021-08-18T16:45:07+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "route53-recovery-readiness:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-18T16:45:07+00:00" + }, + "AmazonRoute53RecoveryReadinessReadOnlyAccess":{ + "CreateDate":"2021-08-18T18:11:33+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "route53-recovery-readiness:GetCell", + "route53-recovery-readiness:GetReadinessCheck", + "route53-recovery-readiness:GetReadinessCheckResourceStatus", + "route53-recovery-readiness:GetReadinessCheckStatus", + "route53-recovery-readiness:GetRecoveryGroup", + "route53-recovery-readiness:GetRecoveryGroupReadinessSummary", + "route53-recovery-readiness:GetResourceSet", + "route53-recovery-readiness:ListCells", + "route53-recovery-readiness:ListCrossAccountAuthorizations", + "route53-recovery-readiness:ListReadinessChecks", + "route53-recovery-readiness:ListRecoveryGroups", + "route53-recovery-readiness:ListResourceSets", + "route53-recovery-readiness:ListRules", + "route53-recovery-readiness:ListTagsForResources" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "route53-recovery-readiness:GetArchitectureRecommendations", + "route53-recovery-readiness:GetCellReadinessSummary" + ], + "Effect":"Allow", + "Resource":"arn:aws:route53-recovery-readiness::*:*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-09T20:14:51+00:00" + }, + "AmazonRoute53ResolverFullAccess":{ + "CreateDate":"2019-05-30T18:10:50+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "route53resolver:*", + "ec2:DescribeSubnets", + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:DescribeNetworkInterfaces", + "ec2:CreateNetworkInterfacePermission", + "ec2:DescribeSecurityGroups", + "ec2:DescribeVpcs", + "ec2:DescribeAvailabilityZones" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-07-17T19:03:27+00:00" + }, + "AmazonRoute53ResolverReadOnlyAccess":{ + "CreateDate":"2019-05-30T18:11:31+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "route53resolver:Get*", + "route53resolver:List*", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-09-27T16:37:48+00:00" + }, + "AmazonS3FullAccess":{ + "CreateDate":"2015-02-06T18:40:58+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:*", + "s3-object-lambda:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-27T20:16:37+00:00" + }, + "AmazonS3ObjectLambdaExecutionRolePolicy":{ + "CreateDate":"2021-08-18T10:07:41+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + "s3-object-lambda:WriteGetObjectResponse" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-18T10:07:41+00:00" + }, + "AmazonS3OutpostsFullAccess":{ + "CreateDate":"2020-10-02T17:26:30+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"s3-outposts:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "datasync:ListTasks", + "datasync:ListLocations", + "datasync:DescribeTask", + "datasync:DescribeLocation*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeNetworkInterfaces" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "outposts:ListOutposts", + "outposts:GetOutpost" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-10-02T17:26:30+00:00" + }, + "AmazonS3OutpostsReadOnlyAccess":{ + "CreateDate":"2020-10-02T18:55:58+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "s3-outposts:Get*", + "s3-outposts:List*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "datasync:ListTasks", + "datasync:ListLocations", + "datasync:DescribeTask", + "datasync:DescribeLocation*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeNetworkInterfaces" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "outposts:ListOutposts", + "outposts:GetOutpost" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-10-02T18:55:58+00:00" + }, + "AmazonS3ReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:40:59+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:Get*", + "s3:List*", + "s3-object-lambda:Get*", + "s3-object-lambda:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-27T20:24:58+00:00" + }, + "AmazonSESFullAccess":{ + "CreateDate":"2015-02-06T18:41:02+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ses:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:41:02+00:00" + }, + "AmazonSESReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:41:03+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ses:Get*", + "ses:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:41:03+00:00" + }, + "AmazonSNSFullAccess":{ + "CreateDate":"2015-02-06T18:41:05+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sns:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:41:05+00:00" + }, + "AmazonSNSReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:41:06+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sns:GetTopicAttributes", + "sns:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:41:06+00:00" + }, + "AmazonSNSRole":{ + "CreateDate":"2015-02-06T18:41:30+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:PutMetricFilter", + "logs:PutRetentionPolicy" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:41:30+00:00" + }, + "AmazonSQSFullAccess":{ + "CreateDate":"2015-02-06T18:41:07+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sqs:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:41:07+00:00" + }, + "AmazonSQSReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:41:08+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "sqs:ListDeadLetterSourceQueues", + "sqs:ListQueues" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-08-20T23:35:49+00:00" + }, + "AmazonSSMAutomationApproverAccess":{ + "CreateDate":"2017-08-07T23:07:28+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ssm:DescribeAutomationExecutions", + "ssm:GetAutomationExecution", + "ssm:SendAutomationSignal" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-08-07T23:07:28+00:00" + }, + "AmazonSSMAutomationRole":{ + "CreateDate":"2016-12-05T22:09:55+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "lambda:InvokeFunction" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:function:Automation*" + ] + }, + { + "Action":[ + "ec2:CreateImage", + "ec2:CopyImage", + "ec2:DeregisterImage", + "ec2:DescribeImages", + "ec2:DeleteSnapshot", + "ec2:StartInstances", + "ec2:RunInstances", + "ec2:StopInstances", + "ec2:TerminateInstances", + "ec2:DescribeInstanceStatus", + "ec2:CreateTags", + "ec2:DeleteTags", + "ec2:DescribeTags", + "cloudformation:CreateStack", + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStacks", + "cloudformation:UpdateStack", + "cloudformation:DeleteStack" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ssm:*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "sns:Publish" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sns:*:*:Automation*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-07-24T23:29:12+00:00" + }, + "AmazonSSMDirectoryServiceAccess":{ + "CreateDate":"2019-03-15T17:44:38+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ds:CreateComputer", + "ds:DescribeDirectories" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-03-15T17:44:38+00:00" + }, + "AmazonSSMFullAccess":{ + "CreateDate":"2015-05-29T17:39:47+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:PutMetricData", + "ds:CreateComputer", + "ds:DescribeDirectories", + "ec2:DescribeInstanceStatus", + "logs:*", + "ssm:*", + "ec2messages:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"ssm.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*" + }, + { + "Action":[ + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*" + }, + { + "Action":[ + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-11-20T20:08:56+00:00" + }, + "AmazonSSMMaintenanceWindowRole":{ + "CreateDate":"2016-12-01T15:57:54+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "ssm:GetAutomationExecution", + "ssm:GetParameters", + "ssm:ListCommands", + "ssm:SendCommand", + "ssm:StartAutomationExecution" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "lambda:InvokeFunction" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:function:SSM*", + "arn:aws:lambda:*:*:function:*:SSM*" + ] + }, + { + "Action":[ + "states:DescribeExecution", + "states:StartExecution" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:states:*:*:stateMachine:SSM*", + "arn:aws:states:*:*:execution:SSM*" + ] + }, + { + "Action":[ + "resource-groups:ListGroups", + "resource-groups:ListGroupResources" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-07-27T00:16:05+00:00" + }, + "AmazonSSMManagedInstanceCore":{ + "CreateDate":"2019-03-15T17:22:12+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ssm:DescribeAssociation", + "ssm:GetDeployablePatchSnapshotForInstance", + "ssm:GetDocument", + "ssm:DescribeDocument", + "ssm:GetManifest", + "ssm:GetParameter", + "ssm:GetParameters", + "ssm:ListAssociations", + "ssm:ListInstanceAssociations", + "ssm:PutInventory", + "ssm:PutComplianceItems", + "ssm:PutConfigurePackageResult", + "ssm:UpdateAssociationStatus", + "ssm:UpdateInstanceAssociationStatus", + "ssm:UpdateInstanceInformation" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssmmessages:CreateControlChannel", + "ssmmessages:CreateDataChannel", + "ssmmessages:OpenControlChannel", + "ssmmessages:OpenDataChannel" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2messages:AcknowledgeMessage", + "ec2messages:DeleteMessage", + "ec2messages:FailMessage", + "ec2messages:GetEndpoint", + "ec2messages:GetMessages", + "ec2messages:SendReply" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-05-23T16:54:21+00:00" + }, + "AmazonSSMPatchAssociation":{ + "CreateDate":"2020-05-13T16:00:42+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"ssm:DescribeEffectivePatchesForPatchBaseline", + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:patchbaseline/*" + }, + { + "Action":"ssm:GetPatchBaseline", + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:patchbaseline/*" + }, + { + "Action":"tag:GetResources", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ssm:DescribePatchBaselines", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-05-13T16:00:42+00:00" + }, + "AmazonSSMReadOnlyAccess":{ + "CreateDate":"2015-05-29T17:44:19+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ssm:Describe*", + "ssm:Get*", + "ssm:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-05-29T17:44:19+00:00" + }, + "AmazonSSMServiceRolePolicy":{ + "CreateDate":"2017-11-13T19:20:08+00:00", + "DefaultVersionId":"v13", + "Document":{ + "Statement":[ + { + "Action":[ + "ssm:CancelCommand", + "ssm:GetCommandInvocation", + "ssm:ListCommandInvocations", + "ssm:ListCommands", + "ssm:SendCommand", + "ssm:GetAutomationExecution", + "ssm:GetParameters", + "ssm:StartAutomationExecution", + "ssm:ListTagsForResource", + "ssm:GetCalendarState" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ssm:UpdateServiceSetting", + "ssm:GetServiceSetting" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*:*:servicesetting/ssm/opsitem/*", + "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/*" + ] + }, + { + "Action":[ + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstances" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "lambda:InvokeFunction" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:function:SSM*", + "arn:aws:lambda:*:*:function:*:SSM*" + ] + }, + { + "Action":[ + "states:DescribeExecution", + "states:StartExecution" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:states:*:*:stateMachine:SSM*", + "arn:aws:states:*:*:execution:SSM*" + ] + }, + { + "Action":[ + "resource-groups:ListGroups", + "resource-groups:ListGroupResources", + "resource-groups:GetGroupQuery" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "cloudformation:DescribeStacks", + "cloudformation:ListStackResources" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "config:SelectResourceConfig" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "compute-optimizer:GetEC2InstanceRecommendations", + "compute-optimizer:GetEnrollmentStatus" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "support:DescribeTrustedAdvisorChecks", + "support:DescribeTrustedAdvisorCheckSummaries", + "support:DescribeTrustedAdvisorCheckResult", + "support:DescribeCases" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "config:DescribeComplianceByConfigRule", + "config:DescribeComplianceByResource", + "config:DescribeRemediationConfigurations", + "config:DescribeConfigurationRecorders" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "ssm.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"organizations:DescribeOrganization", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"cloudformation:ListStackSets", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudformation:ListStackInstances", + "cloudformation:DescribeStackSetOperation", + "cloudformation:DeleteStackSet" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudformation:*:*:stackset/AWS-QuickSetup-SSM*:*" + }, + { + "Action":"cloudformation:DeleteStackInstances", + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stackset/AWS-QuickSetup-SSM*:*", + "arn:aws:cloudformation:*:*:stackset-target/AWS-QuickSetup-SSM*:*", + "arn:aws:cloudformation:*:*:type/resource/*" + ] + }, + { + "Action":[ + "events:PutRule", + "events:PutTargets" + ], + "Condition":{ + "StringEquals":{ + "events:ManagedBy":"ssm.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "events:RemoveTargets", + "events:DeleteRule" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:events:*:*:rule/SSMExplorerManagedRule" + ] + }, + { + "Action":"events:DescribeRule", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"securityhub:DescribeHub", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-04-26T20:43:46+00:00" + }, + "AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy":{ + "CreateDate":"2020-11-27T18:48:07+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "apigateway:GET", + "apigateway:POST", + "apigateway:PUT", + "apigateway:PATCH", + "apigateway:DELETE" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/sagemaker:launch-source":"*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "apigateway:POST" + ], + "Condition":{ + "ForAnyValue:StringLike":{ + "aws:TagKeys":[ + "sagemaker:launch-source" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "apigateway:PATCH" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:apigateway:*::/account" + ] + }, + { + "Action":[ + "cloudformation:CreateStack", + "cloudformation:UpdateStack", + "cloudformation:DeleteStack" + ], + "Condition":{ + "ArnLikeIfExists":{ + "cloudformation:RoleArn":[ + "arn:aws:sts::*:assumed-role/AmazonSageMakerServiceCatalog*" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:cloudformation:*:*:stack/SC-*" + }, + { + "Action":[ + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStacks" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudformation:*:*:stack/SC-*" + }, + { + "Action":[ + "cloudformation:GetTemplateSummary", + "cloudformation:ValidateTemplate" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "codebuild:CreateProject", + "codebuild:DeleteProject", + "codebuild:UpdateProject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:codebuild:*:*:project/sagemaker-*" + ] + }, + { + "Action":[ + "codecommit:CreateCommit", + "codecommit:CreateRepository", + "codecommit:DeleteRepository", + "codecommit:GetRepository", + "codecommit:TagResource" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:codecommit:*:*:sagemaker-*" + ] + }, + { + "Action":[ + "codecommit:ListRepositories" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "codepipeline:CreatePipeline", + "codepipeline:DeletePipeline", + "codepipeline:GetPipeline", + "codepipeline:GetPipelineState", + "codepipeline:StartPipelineExecution", + "codepipeline:TagResource", + "codepipeline:UpdatePipeline" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:codepipeline:*:*:sagemaker-*" + ] + }, + { + "Action":[ + "cognito-idp:CreateUserPool", + "cognito-idp:TagResource" + ], + "Condition":{ + "ForAnyValue:StringLike":{ + "aws:TagKeys":[ + "sagemaker:launch-source" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cognito-idp:CreateGroup", + "cognito-idp:CreateUserPoolDomain", + "cognito-idp:CreateUserPoolClient", + "cognito-idp:DeleteGroup", + "cognito-idp:DeleteUserPool", + "cognito-idp:DeleteUserPoolClient", + "cognito-idp:DeleteUserPoolDomain", + "cognito-idp:DescribeUserPool", + "cognito-idp:DescribeUserPoolClient", + "cognito-idp:UpdateUserPool", + "cognito-idp:UpdateUserPoolClient" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/sagemaker:launch-source":"*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ecr:CreateRepository", + "ecr:DeleteRepository", + "ecr:TagResource" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ecr:*:*:repository/sagemaker-*" + ] + }, + { + "Action":[ + "events:DescribeRule", + "events:DeleteRule", + "events:DisableRule", + "events:EnableRule", + "events:PutRule", + "events:PutTargets", + "events:RemoveTargets" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:events:*:*:rule/sagemaker-*" + ] + }, + { + "Action":[ + "firehose:CreateDeliveryStream", + "firehose:DeleteDeliveryStream", + "firehose:DescribeDeliveryStream", + "firehose:StartDeliveryStreamEncryption", + "firehose:StopDeliveryStreamEncryption", + "firehose:UpdateDestination" + ], + "Effect":"Allow", + "Resource":"arn:aws:firehose:*:*:deliverystream/sagemaker-*" + }, + { + "Action":[ + "glue:CreateDatabase", + "glue:DeleteDatabase" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:database/sagemaker-*", + "arn:aws:glue:*:*:table/sagemaker-*", + "arn:aws:glue:*:*:userDefinedFunction/sagemaker-*" + ] + }, + { + "Action":[ + "glue:CreateClassifier", + "glue:DeleteClassifier", + "glue:DeleteCrawler", + "glue:DeleteJob", + "glue:DeleteTrigger", + "glue:DeleteWorkflow", + "glue:StopCrawler" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "glue:CreateWorkflow" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:workflow/sagemaker-*" + ] + }, + { + "Action":[ + "glue:CreateJob" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:job/sagemaker-*" + ] + }, + { + "Action":[ + "glue:CreateCrawler", + "glue:GetCrawler" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:crawler/sagemaker-*" + ] + }, + { + "Action":[ + "glue:CreateTrigger", + "glue:GetTrigger" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:trigger/sagemaker-*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalog*" + ] + }, + { + "Action":[ + "lambda:AddPermission", + "lambda:CreateFunction", + "lambda:DeleteFunction", + "lambda:GetFunction", + "lambda:GetFunctionConfiguration", + "lambda:InvokeFunction", + "lambda:RemovePermission" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:function:sagemaker-*" + ] + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:DeleteLogGroup", + "logs:DeleteLogStream", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:PutRetentionPolicy" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/apigateway/AccessLogs/*", + "arn:aws:logs:*:*:log-group::log-stream:*" + ] + }, + { + "Action":"s3:GetObject", + "Condition":{ + "StringEquals":{ + "s3:ExistingObjectTag/servicecatalog:provisioning":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"s3:GetObject", + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::sagemaker-*" + ] + }, + { + "Action":[ + "s3:CreateBucket", + "s3:DeleteBucket", + "s3:DeleteBucketPolicy", + "s3:GetBucketPolicy", + "s3:PutBucketAcl", + "s3:PutBucketNotification", + "s3:PutBucketPolicy", + "s3:PutBucketPublicAccessBlock", + "s3:PutBucketLogging", + "s3:PutEncryptionConfiguration", + "s3:PutBucketCORS", + "s3:PutBucketTagging", + "s3:PutObjectTagging" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::sagemaker-*" + }, + { + "Action":[ + "sagemaker:CreateEndpoint", + "sagemaker:CreateEndpointConfig", + "sagemaker:CreateModel", + "sagemaker:CreateWorkteam", + "sagemaker:DeleteEndpoint", + "sagemaker:DeleteEndpointConfig", + "sagemaker:DeleteModel", + "sagemaker:DeleteWorkteam", + "sagemaker:DescribeModel", + "sagemaker:DescribeEndpointConfig", + "sagemaker:DescribeEndpoint", + "sagemaker:DescribeWorkteam", + "sagemaker:CreateCodeRepository", + "sagemaker:DescribeCodeRepository", + "sagemaker:UpdateCodeRepository", + "sagemaker:DeleteCodeRepository" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sagemaker:*:*:*" + ] + }, + { + "Action":[ + "sagemaker:CreateImage", + "sagemaker:DeleteImage", + "sagemaker:DescribeImage", + "sagemaker:UpdateImage", + "sagemaker:ListTags" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sagemaker:*:*:image/*" + ] + }, + { + "Action":[ + "states:CreateStateMachine", + "states:DeleteStateMachine", + "states:UpdateStateMachine" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:states:*:*:stateMachine:sagemaker-*" + ] + }, + { + "Action":"codestar-connections:PassConnection", + "Condition":{ + "StringEquals":{ + "codestar-connections:PassedToService":"codepipeline.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:codestar-connections:*:*:connection/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-03-21T17:33:28+00:00" + }, + "AmazonSageMakerCoreServiceRolePolicy":{ + "CreateDate":"2020-12-21T21:40:47+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DeleteNetworkInterfacePermission" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateNetworkInterfacePermission" + ], + "Condition":{ + "StringEquals":{ + "ec2:AuthorizedService":"sagemaker.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeDhcpOptions", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-21T21:40:47+00:00" + }, + "AmazonSageMakerEdgeDeviceFleetPolicy":{ + "CreateDate":"2020-12-08T16:17:22+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:PutObject", + "s3:GetBucketLocation" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*SageMaker*", + "arn:aws:s3:::*Sagemaker*", + "arn:aws:s3:::*sagemaker*" + ], + "Sid":"DeviceS3Access" + }, + { + "Action":[ + "sagemaker:SendHeartbeat", + "sagemaker:GetDeviceRegistration" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SageMakerEdgeApis" + }, + { + "Action":[ + "iot:CreateRoleAlias", + "iot:DescribeRoleAlias", + "iot:UpdateRoleAlias", + "iot:ListTagsForResource", + "iot:TagResource" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iot:*:*:rolealias/SageMakerEdge*" + ], + "Sid":"CreateIoTRoleAlias" + }, + { + "Action":[ + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/*SageMaker*", + "arn:aws:iam::*:role/*Sagemaker*", + "arn:aws:iam::*:role/*sagemaker*" + ], + "Sid":"CreateIoTRoleAliasIamPermissionsGetRole" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEqualsIfExists":{ + "iam:PassedToService":[ + "iot.amazonaws.com", + "credentials.iot.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/*SageMaker*", + "arn:aws:iam::*:role/*Sagemaker*", + "arn:aws:iam::*:role/*sagemaker*" + ], + "Sid":"CreateIoTRoleAliasIamPermissionsPassRole" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-08T16:17:22+00:00" + }, + "AmazonSageMakerFeatureStoreAccess":{ + "CreateDate":"2020-12-01T16:24:05+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:PutObject", + "s3:GetBucketAcl", + "s3:PutObjectAcl" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*SageMaker*", + "arn:aws:s3:::*Sagemaker*", + "arn:aws:s3:::*sagemaker*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-02-24T02:18:50+00:00" + }, + "AmazonSageMakerFullAccess":{ + "CreateDate":"2017-11-29T13:07:59+00:00", + "DefaultVersionId":"v22", + "Document":{ + "Statement":[ + { + "Action":[ + "sagemaker:*" + ], + "Effect":"Allow", + "NotResource":[ + "arn:aws:sagemaker:*:*:domain/*", + "arn:aws:sagemaker:*:*:user-profile/*", + "arn:aws:sagemaker:*:*:app/*", + "arn:aws:sagemaker:*:*:flow-definition/*" + ] + }, + { + "Action":[ + "sagemaker:CreatePresignedDomainUrl", + "sagemaker:DescribeDomain", + "sagemaker:ListDomains", + "sagemaker:DescribeUserProfile", + "sagemaker:ListUserProfiles", + "sagemaker:*App", + "sagemaker:ListApps" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"sagemaker:*", + "Condition":{ + "StringEqualsIfExists":{ + "sagemaker:WorkteamType":[ + "private-crowd", + "vendor-crowd" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:sagemaker:*:*:flow-definition/*" + ] + }, + { + "Action":[ + "application-autoscaling:DeleteScalingPolicy", + "application-autoscaling:DeleteScheduledAction", + "application-autoscaling:DeregisterScalableTarget", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingActivities", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:DescribeScheduledActions", + "application-autoscaling:PutScalingPolicy", + "application-autoscaling:PutScheduledAction", + "application-autoscaling:RegisterScalableTarget", + "aws-marketplace:ViewSubscriptions", + "cloudformation:GetTemplateSummary", + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "cloudwatch:PutMetricAlarm", + "cloudwatch:PutMetricData", + "codecommit:BatchGetRepositories", + "codecommit:CreateRepository", + "codecommit:GetRepository", + "codecommit:List*", + "cognito-idp:AdminAddUserToGroup", + "cognito-idp:AdminCreateUser", + "cognito-idp:AdminDeleteUser", + "cognito-idp:AdminDisableUser", + "cognito-idp:AdminEnableUser", + "cognito-idp:AdminRemoveUserFromGroup", + "cognito-idp:CreateGroup", + "cognito-idp:CreateUserPool", + "cognito-idp:CreateUserPoolClient", + "cognito-idp:CreateUserPoolDomain", + "cognito-idp:DescribeUserPool", + "cognito-idp:DescribeUserPoolClient", + "cognito-idp:List*", + "cognito-idp:UpdateUserPool", + "cognito-idp:UpdateUserPoolClient", + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:CreateVpcEndpoint", + "ec2:DeleteNetworkInterface", + "ec2:DeleteNetworkInterfacePermission", + "ec2:DescribeDhcpOptions", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs", + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:CreateRepository", + "ecr:Describe*", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer", + "ecr:StartImageScan", + "elastic-inference:Connect", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeMountTargets", + "fsx:DescribeFileSystems", + "glue:CreateJob", + "glue:DeleteJob", + "glue:GetJob*", + "glue:GetTable*", + "glue:GetWorkflowRun", + "glue:ResetJobBookmark", + "glue:StartJobRun", + "glue:StartWorkflowRun", + "glue:UpdateJob", + "groundtruthlabeling:*", + "iam:ListRoles", + "kms:DescribeKey", + "kms:ListAliases", + "lambda:ListFunctions", + "logs:CreateLogDelivery", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:DeleteLogDelivery", + "logs:Describe*", + "logs:GetLogDelivery", + "logs:GetLogEvents", + "logs:ListLogDeliveries", + "logs:PutLogEvents", + "logs:PutResourcePolicy", + "logs:UpdateLogDelivery", + "robomaker:CreateSimulationApplication", + "robomaker:DescribeSimulationApplication", + "robomaker:DeleteSimulationApplication", + "robomaker:CreateSimulationJob", + "robomaker:DescribeSimulationJob", + "robomaker:CancelSimulationJob", + "secretsmanager:ListSecrets", + "servicecatalog:Describe*", + "servicecatalog:List*", + "servicecatalog:ScanProvisionedProducts", + "servicecatalog:SearchProducts", + "servicecatalog:SearchProvisionedProducts", + "sns:ListTopics", + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ecr:SetRepositoryPolicy", + "ecr:CompleteLayerUpload", + "ecr:BatchDeleteImage", + "ecr:UploadLayerPart", + "ecr:DeleteRepositoryPolicy", + "ecr:InitiateLayerUpload", + "ecr:DeleteRepository", + "ecr:PutImage" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ecr:*:*:repository/*sagemaker*" + ] + }, + { + "Action":[ + "codecommit:GitPull", + "codecommit:GitPush" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:codecommit:*:*:*sagemaker*", + "arn:aws:codecommit:*:*:*SageMaker*", + "arn:aws:codecommit:*:*:*Sagemaker*" + ] + }, + { + "Action":[ + "codebuild:BatchGetBuilds", + "codebuild:StartBuild" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:codebuild:*:*:project/sagemaker*", + "arn:aws:codebuild:*:*:build/*" + ] + }, + { + "Action":[ + "states:DescribeExecution", + "states:GetExecutionHistory", + "states:StartExecution", + "states:StopExecution", + "states:UpdateStateMachine" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:states:*:*:statemachine:*sagemaker*", + "arn:aws:states:*:*:execution:*sagemaker*:*" + ] + }, + { + "Action":[ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue", + "secretsmanager:CreateSecret" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:secretsmanager:*:*:secret:AmazonSageMaker-*" + ] + }, + { + "Action":[ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Condition":{ + "StringEquals":{ + "secretsmanager:ResourceTag/SageMaker":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "servicecatalog:ProvisionProduct" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "servicecatalog:TerminateProvisionedProduct", + "servicecatalog:UpdateProvisionedProduct" + ], + "Condition":{ + "StringEquals":{ + "servicecatalog:userLevel":"self" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetObject", + "s3:PutObject", + "s3:DeleteObject", + "s3:AbortMultipartUpload" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*SageMaker*", + "arn:aws:s3:::*Sagemaker*", + "arn:aws:s3:::*sagemaker*", + "arn:aws:s3:::*aws-glue*" + ] + }, + { + "Action":[ + "s3:GetObject" + ], + "Condition":{ + "StringEqualsIgnoreCase":{ + "s3:ExistingObjectTag/SageMaker":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetObject" + ], + "Condition":{ + "StringEquals":{ + "s3:ExistingObjectTag/servicecatalog:provisioning":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:CreateBucket", + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:ListAllMyBuckets", + "s3:GetBucketCors", + "s3:PutBucketCors" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetBucketAcl", + "s3:PutObjectAcl" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*SageMaker*", + "arn:aws:s3:::*Sagemaker*", + "arn:aws:s3:::*sagemaker*" + ] + }, + { + "Action":[ + "lambda:InvokeFunction" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:function:*SageMaker*", + "arn:aws:lambda:*:*:function:*sagemaker*", + "arn:aws:lambda:*:*:function:*Sagemaker*", + "arn:aws:lambda:*:*:function:*LabelingFunction*" + ] + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"sagemaker.application-autoscaling.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"robomaker.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sns:Subscribe", + "sns:CreateTopic", + "sns:Publish" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sns:*:*:*SageMaker*", + "arn:aws:sns:*:*:*Sagemaker*", + "arn:aws:sns:*:*:*sagemaker*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "glue.amazonaws.com", + "robomaker.amazonaws.com", + "states.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*AmazonSageMaker*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"sagemaker.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*" + }, + { + "Action":[ + "athena:ListDataCatalogs", + "athena:ListDatabases", + "athena:ListTableMetadata", + "athena:GetQueryExecution", + "athena:GetQueryResults", + "athena:StartQueryExecution", + "athena:StopQueryExecution" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "glue:CreateTable" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:table/*/sagemaker_tmp_*", + "arn:aws:glue:*:*:table/sagemaker_featurestore/*", + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:database/*" + ] + }, + { + "Action":[ + "glue:DeleteTable" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:table/*/sagemaker_tmp_*", + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:database/*" + ] + }, + { + "Action":[ + "glue:GetDatabases", + "glue:GetTable", + "glue:GetTables" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:table/*", + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:database/*" + ] + }, + { + "Action":[ + "glue:CreateDatabase", + "glue:GetDatabase" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:database/sagemaker_featurestore", + "arn:aws:glue:*:*:database/sagemaker_processing", + "arn:aws:glue:*:*:database/default", + "arn:aws:glue:*:*:database/sagemaker_data_wrangler" + ] + }, + { + "Action":[ + "redshift-data:ExecuteStatement", + "redshift-data:DescribeStatement", + "redshift-data:CancelStatement", + "redshift-data:GetStatementResult", + "redshift-data:ListSchemas", + "redshift-data:ListTables" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "redshift:GetClusterCredentials" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:redshift:*:*:dbuser:*/sagemaker_access*", + "arn:aws:redshift:*:*:dbname:*" + ] + }, + { + "Action":[ + "cloudformation:ListStackResources" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudformation:*:*:stack/SC-*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-02T06:19:13+00:00" + }, + "AmazonSageMakerGroundTruthExecution":{ + "CreateDate":"2020-07-09T19:30:20+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "lambda:InvokeFunction" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:function:*GtRecipe*", + "arn:aws:lambda:*:*:function:*LabelingFunction*", + "arn:aws:lambda:*:*:function:*SageMaker*", + "arn:aws:lambda:*:*:function:*sagemaker*", + "arn:aws:lambda:*:*:function:*Sagemaker*" + ], + "Sid":"CustomLabelingJobs" + }, + { + "Action":[ + "s3:AbortMultipartUpload", + "s3:GetObject", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*GroundTruth*", + "arn:aws:s3:::*Groundtruth*", + "arn:aws:s3:::*groundtruth*", + "arn:aws:s3:::*SageMaker*", + "arn:aws:s3:::*Sagemaker*", + "arn:aws:s3:::*sagemaker*" + ] + }, + { + "Action":[ + "s3:GetObject" + ], + "Condition":{ + "StringEqualsIgnoreCase":{ + "s3:ExistingObjectTag/SageMaker":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetBucketLocation", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:PutMetricData", + "logs:CreateLogStream", + "logs:CreateLogGroup", + "logs:DescribeLogStreams", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudWatch" + }, + { + "Action":[ + "sqs:CreateQueue", + "sqs:DeleteMessage", + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "sqs:ReceiveMessage", + "sqs:SendMessage", + "sqs:SetQueueAttributes" + ], + "Effect":"Allow", + "Resource":"arn:aws:sqs:*:*:*GroundTruth*", + "Sid":"StreamingQueue" + }, + { + "Action":"sns:Subscribe", + "Condition":{ + "StringEquals":{ + "sns:Protocol":"sqs" + }, + "StringLike":{ + "sns:Endpoint":"arn:aws:sqs:*:*:*GroundTruth*" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:sns:*:*:*GroundTruth*", + "arn:aws:sns:*:*:*Groundtruth*", + "arn:aws:sns:*:*:*groundTruth*", + "arn:aws:sns:*:*:*groundtruth*", + "arn:aws:sns:*:*:*SageMaker*", + "arn:aws:sns:*:*:*Sagemaker*", + "arn:aws:sns:*:*:*sageMaker*", + "arn:aws:sns:*:*:*sagemaker*" + ], + "Sid":"StreamingTopicSubscribe" + }, + { + "Action":[ + "sns:Publish" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sns:*:*:*GroundTruth*", + "arn:aws:sns:*:*:*Groundtruth*", + "arn:aws:sns:*:*:*groundTruth*", + "arn:aws:sns:*:*:*groundtruth*", + "arn:aws:sns:*:*:*SageMaker*", + "arn:aws:sns:*:*:*Sagemaker*", + "arn:aws:sns:*:*:*sageMaker*", + "arn:aws:sns:*:*:*sagemaker*" + ], + "Sid":"StreamingTopic" + }, + { + "Action":[ + "sns:Unsubscribe" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"StreamingTopicUnsubscribe" + }, + { + "Action":[ + "ec2:CreateVpcEndpoint", + "ec2:DescribeVpcEndpoints", + "ec2:DeleteVpcEndpoints" + ], + "Condition":{ + "StringLikeIfExists":{ + "ec2:VpceServiceName":[ + "*sagemaker-task-resources*", + "aws.sagemaker*labeling*" + ] + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"WorkforceVPC" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-29T20:49:54+00:00" + }, + "AmazonSageMakerMechanicalTurkAccess":{ + "CreateDate":"2019-12-03T16:19:36+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sagemaker:*FlowDefinition", + "sagemaker:*FlowDefinitions" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-12-03T16:19:36+00:00" + }, + "AmazonSageMakerNotebooksServiceRolePolicy":{ + "CreateDate":"2019-10-18T20:27:37+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":"elasticfilesystem:CreateFileSystem", + "Condition":{ + "StringLike":{ + "aws:RequestTag/ManagedByAmazonSageMakerResource":"*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "elasticfilesystem:CreateMountTarget", + "elasticfilesystem:DeleteFileSystem", + "elasticfilesystem:DeleteMountTarget" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/ManagedByAmazonSageMakerResource":"*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeMountTargets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:CreateTags", + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:security-group/*" + ] + }, + { + "Action":[ + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup", + "ec2:DeleteNetworkInterface", + "ec2:DescribeDhcpOptions", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:ModifyNetworkInterfaceAttribute" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateNetworkInterfacePermission", + "ec2:DeleteNetworkInterfacePermission", + "ec2:DeleteSecurityGroup", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/ManagedByAmazonSageMakerResource":"*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sso:CreateManagedApplicationInstance", + "sso:DeleteManagedApplicationInstance", + "sso:GetManagedApplicationInstance" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sagemaker:CreateUserProfile", + "sagemaker:DescribeUserProfile" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-28T22:39:39+00:00" + }, + "AmazonSageMakerPipelinesIntegrations":{ + "CreateDate":"2021-07-30T16:35:10+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "lambda:CreateFunction", + "lambda:DeleteFunction", + "lambda:GetFunction", + "lambda:InvokeFunction", + "lambda:UpdateFunctionCode" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:function:*sagemaker*", + "arn:aws:lambda:*:*:function:*sageMaker*", + "arn:aws:lambda:*:*:function:*SageMaker*" + ] + }, + { + "Action":[ + "sqs:CreateQueue", + "sqs:SendMessage" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sqs:*:*:*sagemaker*", + "arn:aws:sqs:*:*:*sageMaker*", + "arn:aws:sqs:*:*:*SageMaker*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "lambda.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*" + }, + { + "Action":[ + "events:DescribeRule", + "events:PutRule", + "events:PutTargets" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:events:*:*:rule/SageMakerPipelineExecutionEMRStepStatusUpdateRule" + ] + }, + { + "Action":[ + "elasticmapreduce:AddJobFlowSteps", + "elasticmapreduce:CancelSteps", + "elasticmapreduce:DescribeStep" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:elasticmapreduce:*:*:cluster/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-20T18:39:06+00:00" + }, + "AmazonSageMakerReadOnly":{ + "CreateDate":"2017-11-29T13:07:09+00:00", + "DefaultVersionId":"v11", + "Document":{ + "Statement":[ + { + "Action":[ + "sagemaker:Describe*", + "sagemaker:List*", + "sagemaker:BatchGetMetrics", + "sagemaker:GetDeviceRegistration", + "sagemaker:GetDeviceFleetReport", + "sagemaker:GetSearchSuggestions", + "sagemaker:BatchGetRecord", + "sagemaker:GetRecord", + "sagemaker:Search", + "sagemaker:QueryLineage", + "sagemaker:GetLineageGroupPolicy", + "sagemaker:BatchDescribeModelPackage", + "sagemaker:GetModelPackageGroupPolicy" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingActivities", + "application-autoscaling:DescribeScalingPolicies", + "application-autoscaling:DescribeScheduledActions", + "aws-marketplace:ViewSubscriptions", + "cloudwatch:DescribeAlarms", + "cognito-idp:DescribeUserPool", + "cognito-idp:DescribeUserPoolClient", + "cognito-idp:ListGroups", + "cognito-idp:ListIdentityProviders", + "cognito-idp:ListUserPoolClients", + "cognito-idp:ListUserPools", + "cognito-idp:ListUsers", + "cognito-idp:ListUsersInGroup", + "ecr:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-12-01T16:29:20+00:00" + }, + "AmazonSageMakerServiceCatalogProductsApiGatewayServiceRolePolicy":{ + "CreateDate":"2022-03-25T04:25:36+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogDelivery", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:DescribeResourcePolicies", + "logs:DescribeDestinations", + "logs:DescribeExportTasks", + "logs:DescribeMetricFilters", + "logs:DescribeQueries", + "logs:DescribeQueryDefinitions", + "logs:DescribeSubscriptionFilters", + "logs:GetLogDelivery", + "logs:GetLogEvents", + "logs:PutLogEvents", + "logs:PutResourcePolicy", + "logs:UpdateLogDelivery" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/apigateway/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-03-25T04:25:36+00:00" + }, + "AmazonSageMakerServiceCatalogProductsCloudformationServiceRolePolicy":{ + "CreateDate":"2022-03-25T04:26:40+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sagemaker:AddAssociation", + "sagemaker:AddTags", + "sagemaker:AssociateTrialComponent", + "sagemaker:BatchDescribeModelPackage", + "sagemaker:BatchGetMetrics", + "sagemaker:BatchGetRecord", + "sagemaker:BatchPutMetrics", + "sagemaker:CreateAction", + "sagemaker:CreateAlgorithm", + "sagemaker:CreateApp", + "sagemaker:CreateAppImageConfig", + "sagemaker:CreateArtifact", + "sagemaker:CreateAutoMLJob", + "sagemaker:CreateCodeRepository", + "sagemaker:CreateCompilationJob", + "sagemaker:CreateContext", + "sagemaker:CreateDataQualityJobDefinition", + "sagemaker:CreateDeviceFleet", + "sagemaker:CreateDomain", + "sagemaker:CreateEdgePackagingJob", + "sagemaker:CreateEndpoint", + "sagemaker:CreateEndpointConfig", + "sagemaker:CreateExperiment", + "sagemaker:CreateFeatureGroup", + "sagemaker:CreateFlowDefinition", + "sagemaker:CreateHumanTaskUi", + "sagemaker:CreateHyperParameterTuningJob", + "sagemaker:CreateImage", + "sagemaker:CreateImageVersion", + "sagemaker:CreateInferenceRecommendationsJob", + "sagemaker:CreateLabelingJob", + "sagemaker:CreateLineageGroupPolicy", + "sagemaker:CreateModel", + "sagemaker:CreateModelBiasJobDefinition", + "sagemaker:CreateModelExplainabilityJobDefinition", + "sagemaker:CreateModelPackage", + "sagemaker:CreateModelPackageGroup", + "sagemaker:CreateModelQualityJobDefinition", + "sagemaker:CreateMonitoringSchedule", + "sagemaker:CreateNotebookInstance", + "sagemaker:CreateNotebookInstanceLifecycleConfig", + "sagemaker:CreatePipeline", + "sagemaker:CreatePresignedDomainUrl", + "sagemaker:CreatePresignedNotebookInstanceUrl", + "sagemaker:CreateProcessingJob", + "sagemaker:CreateProject", + "sagemaker:CreateTrainingJob", + "sagemaker:CreateTransformJob", + "sagemaker:CreateTrial", + "sagemaker:CreateTrialComponent", + "sagemaker:CreateUserProfile", + "sagemaker:CreateWorkforce", + "sagemaker:CreateWorkteam", + "sagemaker:DeleteAction", + "sagemaker:DeleteAlgorithm", + "sagemaker:DeleteApp", + "sagemaker:DeleteAppImageConfig", + "sagemaker:DeleteArtifact", + "sagemaker:DeleteAssociation", + "sagemaker:DeleteCodeRepository", + "sagemaker:DeleteContext", + "sagemaker:DeleteDataQualityJobDefinition", + "sagemaker:DeleteDeviceFleet", + "sagemaker:DeleteDomain", + "sagemaker:DeleteEndpoint", + "sagemaker:DeleteEndpointConfig", + "sagemaker:DeleteExperiment", + "sagemaker:DeleteFeatureGroup", + "sagemaker:DeleteFlowDefinition", + "sagemaker:DeleteHumanLoop", + "sagemaker:DeleteHumanTaskUi", + "sagemaker:DeleteImage", + "sagemaker:DeleteImageVersion", + "sagemaker:DeleteLineageGroupPolicy", + "sagemaker:DeleteModel", + "sagemaker:DeleteModelBiasJobDefinition", + "sagemaker:DeleteModelExplainabilityJobDefinition", + "sagemaker:DeleteModelPackage", + "sagemaker:DeleteModelPackageGroup", + "sagemaker:DeleteModelPackageGroupPolicy", + "sagemaker:DeleteModelQualityJobDefinition", + "sagemaker:DeleteMonitoringSchedule", + "sagemaker:DeleteNotebookInstance", + "sagemaker:DeleteNotebookInstanceLifecycleConfig", + "sagemaker:DeletePipeline", + "sagemaker:DeleteProject", + "sagemaker:DeleteRecord", + "sagemaker:DeleteTags", + "sagemaker:DeleteTrial", + "sagemaker:DeleteTrialComponent", + "sagemaker:DeleteUserProfile", + "sagemaker:DeleteWorkforce", + "sagemaker:DeleteWorkteam", + "sagemaker:DeregisterDevices", + "sagemaker:DescribeAction", + "sagemaker:DescribeAlgorithm", + "sagemaker:DescribeApp", + "sagemaker:DescribeAppImageConfig", + "sagemaker:DescribeArtifact", + "sagemaker:DescribeAutoMLJob", + "sagemaker:DescribeCodeRepository", + "sagemaker:DescribeCompilationJob", + "sagemaker:DescribeContext", + "sagemaker:DescribeDataQualityJobDefinition", + "sagemaker:DescribeDevice", + "sagemaker:DescribeDeviceFleet", + "sagemaker:DescribeDomain", + "sagemaker:DescribeEdgePackagingJob", + "sagemaker:DescribeEndpoint", + "sagemaker:DescribeEndpointConfig", + "sagemaker:DescribeExperiment", + "sagemaker:DescribeFeatureGroup", + "sagemaker:DescribeFlowDefinition", + "sagemaker:DescribeHumanLoop", + "sagemaker:DescribeHumanTaskUi", + "sagemaker:DescribeHyperParameterTuningJob", + "sagemaker:DescribeImage", + "sagemaker:DescribeImageVersion", + "sagemaker:DescribeInferenceRecommendationsJob", + "sagemaker:DescribeLabelingJob", + "sagemaker:DescribeLineageGroup", + "sagemaker:DescribeModel", + "sagemaker:DescribeModelBiasJobDefinition", + "sagemaker:DescribeModelExplainabilityJobDefinition", + "sagemaker:DescribeModelPackage", + "sagemaker:DescribeModelPackageGroup", + "sagemaker:DescribeModelQualityJobDefinition", + "sagemaker:DescribeMonitoringSchedule", + "sagemaker:DescribeNotebookInstance", + "sagemaker:DescribeNotebookInstanceLifecycleConfig", + "sagemaker:DescribePipeline", + "sagemaker:DescribePipelineDefinitionForExecution", + "sagemaker:DescribePipelineExecution", + "sagemaker:DescribeProcessingJob", + "sagemaker:DescribeProject", + "sagemaker:DescribeSubscribedWorkteam", + "sagemaker:DescribeTrainingJob", + "sagemaker:DescribeTransformJob", + "sagemaker:DescribeTrial", + "sagemaker:DescribeTrialComponent", + "sagemaker:DescribeUserProfile", + "sagemaker:DescribeWorkforce", + "sagemaker:DescribeWorkteam", + "sagemaker:DisableSagemakerServicecatalogPortfolio", + "sagemaker:DisassociateTrialComponent", + "sagemaker:EnableSagemakerServicecatalogPortfolio", + "sagemaker:GetDeviceFleetReport", + "sagemaker:GetDeviceRegistration", + "sagemaker:GetLineageGroupPolicy", + "sagemaker:GetModelPackageGroupPolicy", + "sagemaker:GetRecord", + "sagemaker:GetSagemakerServicecatalogPortfolioStatus", + "sagemaker:GetSearchSuggestions", + "sagemaker:InvokeEndpoint", + "sagemaker:InvokeEndpointAsync", + "sagemaker:ListActions", + "sagemaker:ListAlgorithms", + "sagemaker:ListAppImageConfigs", + "sagemaker:ListApps", + "sagemaker:ListArtifacts", + "sagemaker:ListAssociations", + "sagemaker:ListAutoMLJobs", + "sagemaker:ListCandidatesForAutoMLJob", + "sagemaker:ListCodeRepositories", + "sagemaker:ListCompilationJobs", + "sagemaker:ListContexts", + "sagemaker:ListDataQualityJobDefinitions", + "sagemaker:ListDeviceFleets", + "sagemaker:ListDevices", + "sagemaker:ListDomains", + "sagemaker:ListEdgePackagingJobs", + "sagemaker:ListEndpointConfigs", + "sagemaker:ListEndpoints", + "sagemaker:ListExperiments", + "sagemaker:ListFeatureGroups", + "sagemaker:ListFlowDefinitions", + "sagemaker:ListHumanLoops", + "sagemaker:ListHumanTaskUis", + "sagemaker:ListHyperParameterTuningJobs", + "sagemaker:ListImageVersions", + "sagemaker:ListImages", + "sagemaker:ListInferenceRecommendationsJobs", + "sagemaker:ListLabelingJobs", + "sagemaker:ListLabelingJobsForWorkteam", + "sagemaker:ListLineageGroups", + "sagemaker:ListModelBiasJobDefinitions", + "sagemaker:ListModelExplainabilityJobDefinitions", + "sagemaker:ListModelMetadata", + "sagemaker:ListModelPackageGroups", + "sagemaker:ListModelPackages", + "sagemaker:ListModelQualityJobDefinitions", + "sagemaker:ListModels", + "sagemaker:ListMonitoringExecutions", + "sagemaker:ListMonitoringSchedules", + "sagemaker:ListNotebookInstanceLifecycleConfigs", + "sagemaker:ListNotebookInstances", + "sagemaker:ListPipelineExecutionSteps", + "sagemaker:ListPipelineExecutions", + "sagemaker:ListPipelineParametersForExecution", + "sagemaker:ListPipelines", + "sagemaker:ListProcessingJobs", + "sagemaker:ListProjects", + "sagemaker:ListSubscribedWorkteams", + "sagemaker:ListTags", + "sagemaker:ListTrainingJobs", + "sagemaker:ListTrainingJobsForHyperParameterTuningJob", + "sagemaker:ListTransformJobs", + "sagemaker:ListTrialComponents", + "sagemaker:ListTrials", + "sagemaker:ListUserProfiles", + "sagemaker:ListWorkforces", + "sagemaker:ListWorkteams", + "sagemaker:PutLineageGroupPolicy", + "sagemaker:PutModelPackageGroupPolicy", + "sagemaker:PutRecord", + "sagemaker:QueryLineage", + "sagemaker:RegisterDevices", + "sagemaker:RenderUiTemplate", + "sagemaker:Search", + "sagemaker:SendHeartbeat", + "sagemaker:SendPipelineExecutionStepFailure", + "sagemaker:SendPipelineExecutionStepSuccess", + "sagemaker:StartHumanLoop", + "sagemaker:StartMonitoringSchedule", + "sagemaker:StartNotebookInstance", + "sagemaker:StartPipelineExecution", + "sagemaker:StopAutoMLJob", + "sagemaker:StopCompilationJob", + "sagemaker:StopEdgePackagingJob", + "sagemaker:StopHumanLoop", + "sagemaker:StopHyperParameterTuningJob", + "sagemaker:StopInferenceRecommendationsJob", + "sagemaker:StopLabelingJob", + "sagemaker:StopMonitoringSchedule", + "sagemaker:StopNotebookInstance", + "sagemaker:StopPipelineExecution", + "sagemaker:StopProcessingJob", + "sagemaker:StopTrainingJob", + "sagemaker:StopTransformJob", + "sagemaker:UpdateAction", + "sagemaker:UpdateAppImageConfig", + "sagemaker:UpdateArtifact", + "sagemaker:UpdateCodeRepository", + "sagemaker:UpdateContext", + "sagemaker:UpdateDeviceFleet", + "sagemaker:UpdateDevices", + "sagemaker:UpdateDomain", + "sagemaker:UpdateEndpoint", + "sagemaker:UpdateEndpointWeightsAndCapacities", + "sagemaker:UpdateExperiment", + "sagemaker:UpdateImage", + "sagemaker:UpdateModelPackage", + "sagemaker:UpdateMonitoringSchedule", + "sagemaker:UpdateNotebookInstance", + "sagemaker:UpdateNotebookInstanceLifecycleConfig", + "sagemaker:UpdatePipeline", + "sagemaker:UpdatePipelineExecution", + "sagemaker:UpdateProject", + "sagemaker:UpdateTrainingJob", + "sagemaker:UpdateTrial", + "sagemaker:UpdateTrialComponent", + "sagemaker:UpdateUserProfile", + "sagemaker:UpdateWorkforce", + "sagemaker:UpdateWorkteam" + ], + "Effect":"Allow", + "NotResource":[ + "arn:aws:sagemaker:*:*:domain/*", + "arn:aws:sagemaker:*:*:user-profile/*", + "arn:aws:sagemaker:*:*:app/*", + "arn:aws:sagemaker:*:*:flow-definition/*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsCodeBuildRole", + "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsExecutionRole" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-03-25T04:26:40+00:00" + }, + "AmazonSageMakerServiceCatalogProductsCodeBuildServiceRolePolicy":{ + "CreateDate":"2022-03-25T04:27:46+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "codecommit:CancelUploadArchive", + "codecommit:GetBranch", + "codecommit:GetCommit", + "codecommit:GetUploadArchiveStatus", + "codecommit:UploadArchive" + ], + "Effect":"Allow", + "Resource":"arn:aws:codecommit:*:*:sagemaker-*" + }, + { + "Action":[ + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:DescribeImageScanFindings", + "ecr:DescribeRegistry", + "ecr:DescribeImageReplicationStatus", + "ecr:DescribeRepositories", + "ecr:DescribeImageReplicationStatus", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ecr:CompleteLayerUpload", + "ecr:CreateRepository", + "ecr:InitiateLayerUpload", + "ecr:PutImage", + "ecr:UploadLayerPart" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ecr:*:*:repository/sagemaker-*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "events.amazonaws.com", + "codepipeline.amazonaws.com", + "cloudformation.amazonaws.com", + "codebuild.amazonaws.com", + "sagemaker.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsEventsRole", + "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsCodePipelineRole", + "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsCloudformationRole", + "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsCodeBuildRole", + "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsExecutionRole" + ] + }, + { + "Action":[ + "logs:CreateLogDelivery", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:DescribeResourcePolicies", + "logs:DescribeDestinations", + "logs:DescribeExportTasks", + "logs:DescribeMetricFilters", + "logs:DescribeQueries", + "logs:DescribeQueryDefinitions", + "logs:DescribeSubscriptionFilters", + "logs:GetLogDelivery", + "logs:GetLogEvents", + "logs:ListLogDeliveries", + "logs:PutLogEvents", + "logs:PutResourcePolicy", + "logs:UpdateLogDelivery" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/codebuild/*" + }, + { + "Action":[ + "s3:CreateBucket", + "s3:DeleteBucket", + "s3:GetBucketAcl", + "s3:GetBucketCors", + "s3:GetBucketLocation", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:ListBucketMultipartUploads", + "s3:PutBucketCors", + "s3:AbortMultipartUpload", + "s3:DeleteObject", + "s3:GetObject", + "s3:GetObjectVersion", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-glue-*", + "arn:aws:s3:::sagemaker-*" + ] + }, + { + "Action":[ + "sagemaker:AddAssociation", + "sagemaker:AddTags", + "sagemaker:AssociateTrialComponent", + "sagemaker:BatchDescribeModelPackage", + "sagemaker:BatchGetMetrics", + "sagemaker:BatchGetRecord", + "sagemaker:BatchPutMetrics", + "sagemaker:CreateAction", + "sagemaker:CreateAlgorithm", + "sagemaker:CreateApp", + "sagemaker:CreateAppImageConfig", + "sagemaker:CreateArtifact", + "sagemaker:CreateAutoMLJob", + "sagemaker:CreateCodeRepository", + "sagemaker:CreateCompilationJob", + "sagemaker:CreateContext", + "sagemaker:CreateDataQualityJobDefinition", + "sagemaker:CreateDeviceFleet", + "sagemaker:CreateDomain", + "sagemaker:CreateEdgePackagingJob", + "sagemaker:CreateEndpoint", + "sagemaker:CreateEndpointConfig", + "sagemaker:CreateExperiment", + "sagemaker:CreateFeatureGroup", + "sagemaker:CreateFlowDefinition", + "sagemaker:CreateHumanTaskUi", + "sagemaker:CreateHyperParameterTuningJob", + "sagemaker:CreateImage", + "sagemaker:CreateImageVersion", + "sagemaker:CreateInferenceRecommendationsJob", + "sagemaker:CreateLabelingJob", + "sagemaker:CreateLineageGroupPolicy", + "sagemaker:CreateModel", + "sagemaker:CreateModelBiasJobDefinition", + "sagemaker:CreateModelExplainabilityJobDefinition", + "sagemaker:CreateModelPackage", + "sagemaker:CreateModelPackageGroup", + "sagemaker:CreateModelQualityJobDefinition", + "sagemaker:CreateMonitoringSchedule", + "sagemaker:CreateNotebookInstance", + "sagemaker:CreateNotebookInstanceLifecycleConfig", + "sagemaker:CreatePipeline", + "sagemaker:CreatePresignedDomainUrl", + "sagemaker:CreatePresignedNotebookInstanceUrl", + "sagemaker:CreateProcessingJob", + "sagemaker:CreateProject", + "sagemaker:CreateTrainingJob", + "sagemaker:CreateTransformJob", + "sagemaker:CreateTrial", + "sagemaker:CreateTrialComponent", + "sagemaker:CreateUserProfile", + "sagemaker:CreateWorkforce", + "sagemaker:CreateWorkteam", + "sagemaker:DeleteAction", + "sagemaker:DeleteAlgorithm", + "sagemaker:DeleteApp", + "sagemaker:DeleteAppImageConfig", + "sagemaker:DeleteArtifact", + "sagemaker:DeleteAssociation", + "sagemaker:DeleteCodeRepository", + "sagemaker:DeleteContext", + "sagemaker:DeleteDataQualityJobDefinition", + "sagemaker:DeleteDeviceFleet", + "sagemaker:DeleteDomain", + "sagemaker:DeleteEndpoint", + "sagemaker:DeleteEndpointConfig", + "sagemaker:DeleteExperiment", + "sagemaker:DeleteFeatureGroup", + "sagemaker:DeleteFlowDefinition", + "sagemaker:DeleteHumanLoop", + "sagemaker:DeleteHumanTaskUi", + "sagemaker:DeleteImage", + "sagemaker:DeleteImageVersion", + "sagemaker:DeleteLineageGroupPolicy", + "sagemaker:DeleteModel", + "sagemaker:DeleteModelBiasJobDefinition", + "sagemaker:DeleteModelExplainabilityJobDefinition", + "sagemaker:DeleteModelPackage", + "sagemaker:DeleteModelPackageGroup", + "sagemaker:DeleteModelPackageGroupPolicy", + "sagemaker:DeleteModelQualityJobDefinition", + "sagemaker:DeleteMonitoringSchedule", + "sagemaker:DeleteNotebookInstance", + "sagemaker:DeleteNotebookInstanceLifecycleConfig", + "sagemaker:DeletePipeline", + "sagemaker:DeleteProject", + "sagemaker:DeleteRecord", + "sagemaker:DeleteTags", + "sagemaker:DeleteTrial", + "sagemaker:DeleteTrialComponent", + "sagemaker:DeleteUserProfile", + "sagemaker:DeleteWorkforce", + "sagemaker:DeleteWorkteam", + "sagemaker:DeregisterDevices", + "sagemaker:DescribeAction", + "sagemaker:DescribeAlgorithm", + "sagemaker:DescribeApp", + "sagemaker:DescribeAppImageConfig", + "sagemaker:DescribeArtifact", + "sagemaker:DescribeAutoMLJob", + "sagemaker:DescribeCodeRepository", + "sagemaker:DescribeCompilationJob", + "sagemaker:DescribeContext", + "sagemaker:DescribeDataQualityJobDefinition", + "sagemaker:DescribeDevice", + "sagemaker:DescribeDeviceFleet", + "sagemaker:DescribeDomain", + "sagemaker:DescribeEdgePackagingJob", + "sagemaker:DescribeEndpoint", + "sagemaker:DescribeEndpointConfig", + "sagemaker:DescribeExperiment", + "sagemaker:DescribeFeatureGroup", + "sagemaker:DescribeFlowDefinition", + "sagemaker:DescribeHumanLoop", + "sagemaker:DescribeHumanTaskUi", + "sagemaker:DescribeHyperParameterTuningJob", + "sagemaker:DescribeImage", + "sagemaker:DescribeImageVersion", + "sagemaker:DescribeInferenceRecommendationsJob", + "sagemaker:DescribeLabelingJob", + "sagemaker:DescribeLineageGroup", + "sagemaker:DescribeModel", + "sagemaker:DescribeModelBiasJobDefinition", + "sagemaker:DescribeModelExplainabilityJobDefinition", + "sagemaker:DescribeModelPackage", + "sagemaker:DescribeModelPackageGroup", + "sagemaker:DescribeModelQualityJobDefinition", + "sagemaker:DescribeMonitoringSchedule", + "sagemaker:DescribeNotebookInstance", + "sagemaker:DescribeNotebookInstanceLifecycleConfig", + "sagemaker:DescribePipeline", + "sagemaker:DescribePipelineDefinitionForExecution", + "sagemaker:DescribePipelineExecution", + "sagemaker:DescribeProcessingJob", + "sagemaker:DescribeProject", + "sagemaker:DescribeSubscribedWorkteam", + "sagemaker:DescribeTrainingJob", + "sagemaker:DescribeTransformJob", + "sagemaker:DescribeTrial", + "sagemaker:DescribeTrialComponent", + "sagemaker:DescribeUserProfile", + "sagemaker:DescribeWorkforce", + "sagemaker:DescribeWorkteam", + "sagemaker:DisableSagemakerServicecatalogPortfolio", + "sagemaker:DisassociateTrialComponent", + "sagemaker:EnableSagemakerServicecatalogPortfolio", + "sagemaker:GetDeviceFleetReport", + "sagemaker:GetDeviceRegistration", + "sagemaker:GetLineageGroupPolicy", + "sagemaker:GetModelPackageGroupPolicy", + "sagemaker:GetRecord", + "sagemaker:GetSagemakerServicecatalogPortfolioStatus", + "sagemaker:GetSearchSuggestions", + "sagemaker:InvokeEndpoint", + "sagemaker:InvokeEndpointAsync", + "sagemaker:ListActions", + "sagemaker:ListAlgorithms", + "sagemaker:ListAppImageConfigs", + "sagemaker:ListApps", + "sagemaker:ListArtifacts", + "sagemaker:ListAssociations", + "sagemaker:ListAutoMLJobs", + "sagemaker:ListCandidatesForAutoMLJob", + "sagemaker:ListCodeRepositories", + "sagemaker:ListCompilationJobs", + "sagemaker:ListContexts", + "sagemaker:ListDataQualityJobDefinitions", + "sagemaker:ListDeviceFleets", + "sagemaker:ListDevices", + "sagemaker:ListDomains", + "sagemaker:ListEdgePackagingJobs", + "sagemaker:ListEndpointConfigs", + "sagemaker:ListEndpoints", + "sagemaker:ListExperiments", + "sagemaker:ListFeatureGroups", + "sagemaker:ListFlowDefinitions", + "sagemaker:ListHumanLoops", + "sagemaker:ListHumanTaskUis", + "sagemaker:ListHyperParameterTuningJobs", + "sagemaker:ListImageVersions", + "sagemaker:ListImages", + "sagemaker:ListInferenceRecommendationsJobs", + "sagemaker:ListLabelingJobs", + "sagemaker:ListLabelingJobsForWorkteam", + "sagemaker:ListLineageGroups", + "sagemaker:ListModelBiasJobDefinitions", + "sagemaker:ListModelExplainabilityJobDefinitions", + "sagemaker:ListModelMetadata", + "sagemaker:ListModelPackageGroups", + "sagemaker:ListModelPackages", + "sagemaker:ListModelQualityJobDefinitions", + "sagemaker:ListModels", + "sagemaker:ListMonitoringExecutions", + "sagemaker:ListMonitoringSchedules", + "sagemaker:ListNotebookInstanceLifecycleConfigs", + "sagemaker:ListNotebookInstances", + "sagemaker:ListPipelineExecutionSteps", + "sagemaker:ListPipelineExecutions", + "sagemaker:ListPipelineParametersForExecution", + "sagemaker:ListPipelines", + "sagemaker:ListProcessingJobs", + "sagemaker:ListProjects", + "sagemaker:ListSubscribedWorkteams", + "sagemaker:ListTags", + "sagemaker:ListTrainingJobs", + "sagemaker:ListTrainingJobsForHyperParameterTuningJob", + "sagemaker:ListTransformJobs", + "sagemaker:ListTrialComponents", + "sagemaker:ListTrials", + "sagemaker:ListUserProfiles", + "sagemaker:ListWorkforces", + "sagemaker:ListWorkteams", + "sagemaker:PutLineageGroupPolicy", + "sagemaker:PutModelPackageGroupPolicy", + "sagemaker:PutRecord", + "sagemaker:QueryLineage", + "sagemaker:RegisterDevices", + "sagemaker:RenderUiTemplate", + "sagemaker:Search", + "sagemaker:SendHeartbeat", + "sagemaker:SendPipelineExecutionStepFailure", + "sagemaker:SendPipelineExecutionStepSuccess", + "sagemaker:StartHumanLoop", + "sagemaker:StartMonitoringSchedule", + "sagemaker:StartNotebookInstance", + "sagemaker:StartPipelineExecution", + "sagemaker:StopAutoMLJob", + "sagemaker:StopCompilationJob", + "sagemaker:StopEdgePackagingJob", + "sagemaker:StopHumanLoop", + "sagemaker:StopHyperParameterTuningJob", + "sagemaker:StopInferenceRecommendationsJob", + "sagemaker:StopLabelingJob", + "sagemaker:StopMonitoringSchedule", + "sagemaker:StopNotebookInstance", + "sagemaker:StopPipelineExecution", + "sagemaker:StopProcessingJob", + "sagemaker:StopTrainingJob", + "sagemaker:StopTransformJob", + "sagemaker:UpdateAction", + "sagemaker:UpdateAppImageConfig", + "sagemaker:UpdateArtifact", + "sagemaker:UpdateCodeRepository", + "sagemaker:UpdateContext", + "sagemaker:UpdateDeviceFleet", + "sagemaker:UpdateDevices", + "sagemaker:UpdateDomain", + "sagemaker:UpdateEndpoint", + "sagemaker:UpdateEndpointWeightsAndCapacities", + "sagemaker:UpdateExperiment", + "sagemaker:UpdateImage", + "sagemaker:UpdateModelPackage", + "sagemaker:UpdateMonitoringSchedule", + "sagemaker:UpdateNotebookInstance", + "sagemaker:UpdateNotebookInstanceLifecycleConfig", + "sagemaker:UpdatePipeline", + "sagemaker:UpdatePipelineExecution", + "sagemaker:UpdateProject", + "sagemaker:UpdateTrainingJob", + "sagemaker:UpdateTrial", + "sagemaker:UpdateTrialComponent", + "sagemaker:UpdateUserProfile", + "sagemaker:UpdateWorkforce", + "sagemaker:UpdateWorkteam" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sagemaker:*:*:endpoint/*", + "arn:aws:sagemaker:*:*:endpoint-config/*", + "arn:aws:sagemaker:*:*:model/*", + "arn:aws:sagemaker:*:*:pipeline/*", + "arn:aws:sagemaker:*:*:project/*", + "arn:aws:sagemaker:*:*:model-package/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-03-25T04:27:46+00:00" + }, + "AmazonSageMakerServiceCatalogProductsCodePipelineServiceRolePolicy":{ + "CreateDate":"2022-02-22T09:53:17+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:CreateChangeSet", + "cloudformation:CreateStack", + "cloudformation:DescribeChangeSet", + "cloudformation:DeleteChangeSet", + "cloudformation:DeleteStack", + "cloudformation:DescribeStacks", + "cloudformation:ExecuteChangeSet", + "cloudformation:SetStackPolicy", + "cloudformation:UpdateStack" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudformation:*:*:stack/sagemaker-*" + }, + { + "Action":[ + "s3:AbortMultipartUpload", + "s3:DeleteObject", + "s3:GetObject", + "s3:GetObjectVersion", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::sagemaker-*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsCloudformationRole" + ] + }, + { + "Action":[ + "codebuild:BatchGetBuilds", + "codebuild:StartBuild" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:codebuild:*:*:project/sagemaker-*", + "arn:aws:codebuild:*:*:build/sagemaker-*" + ] + }, + { + "Action":[ + "codecommit:CancelUploadArchive", + "codecommit:GetBranch", + "codecommit:GetCommit", + "codecommit:GetUploadArchiveStatus", + "codecommit:UploadArchive" + ], + "Effect":"Allow", + "Resource":"arn:aws:codecommit:*:*:sagemaker-*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-02-22T09:53:17+00:00" + }, + "AmazonSageMakerServiceCatalogProductsEventsServiceRolePolicy":{ + "CreateDate":"2022-02-22T09:53:59+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"codepipeline:StartPipelineExecution", + "Effect":"Allow", + "Resource":"arn:aws:codepipeline:*:*:sagemaker-*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-02-22T09:53:59+00:00" + }, + "AmazonSageMakerServiceCatalogProductsFirehoseServiceRolePolicy":{ + "CreateDate":"2022-02-22T09:54:35+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "firehose:PutRecord", + "firehose:PutRecordBatch" + ], + "Effect":"Allow", + "Resource":"arn:aws:firehose:*:*:deliverystream/sagemaker-*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-02-22T09:54:35+00:00" + }, + "AmazonSageMakerServiceCatalogProductsGlueServiceRolePolicy":{ + "CreateDate":"2022-02-22T09:51:13+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "glue:BatchCreatePartition", + "glue:BatchDeletePartition", + "glue:BatchDeleteTable", + "glue:BatchDeleteTableVersion", + "glue:BatchGetPartition", + "glue:CreateDatabase", + "glue:CreatePartition", + "glue:CreateTable", + "glue:DeletePartition", + "glue:DeleteTable", + "glue:DeleteTableVersion", + "glue:GetDatabase", + "glue:GetPartition", + "glue:GetPartitions", + "glue:GetTable", + "glue:GetTables", + "glue:GetTableVersion", + "glue:GetTableVersions", + "glue:SearchTables", + "glue:UpdatePartition", + "glue:UpdateTable" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:database/default", + "arn:aws:glue:*:*:database/global_temp", + "arn:aws:glue:*:*:database/sagemaker-*", + "arn:aws:glue:*:*:table/sagemaker-*", + "arn:aws:glue:*:*:tableVersion/sagemaker-*" + ] + }, + { + "Action":[ + "s3:CreateBucket", + "s3:DeleteBucket", + "s3:GetBucketAcl", + "s3:GetBucketCors", + "s3:GetBucketLocation", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:ListBucketMultipartUploads", + "s3:PutBucketCors" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-glue-*", + "arn:aws:s3:::sagemaker-*" + ] + }, + { + "Action":[ + "s3:AbortMultipartUpload", + "s3:DeleteObject", + "s3:GetObject", + "s3:GetObjectVersion", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-glue-*", + "arn:aws:s3:::sagemaker-*" + ] + }, + { + "Action":[ + "logs:CreateLogDelivery", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:DeleteLogDelivery", + "logs:Describe*", + "logs:GetLogDelivery", + "logs:GetLogEvents", + "logs:ListLogDeliveries", + "logs:PutLogEvents", + "logs:PutResourcePolicy", + "logs:UpdateLogDelivery" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/glue/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-02-22T09:51:13+00:00" + }, + "AmazonSageMakerServiceCatalogProductsLambdaServiceRolePolicy":{ + "CreateDate":"2022-04-04T16:34:43+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ecr:DescribeImages", + "ecr:BatchDeleteImage", + "ecr:CompleteLayerUpload", + "ecr:CreateRepository", + "ecr:DeleteRepository", + "ecr:InitiateLayerUpload", + "ecr:PutImage", + "ecr:UploadLayerPart" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ecr:*:*:repository/sagemaker-*" + ] + }, + { + "Action":[ + "events:DeleteRule", + "events:DescribeRule", + "events:PutRule", + "events:PutTargets", + "events:RemoveTargets" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:events:*:*:rule/sagemaker-*" + ] + }, + { + "Action":[ + "s3:CreateBucket", + "s3:DeleteBucket", + "s3:GetBucketAcl", + "s3:GetBucketCors", + "s3:GetBucketLocation", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:ListBucketMultipartUploads", + "s3:PutBucketCors" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-glue-*", + "arn:aws:s3:::sagemaker-*" + ] + }, + { + "Action":[ + "s3:AbortMultipartUpload", + "s3:DeleteObject", + "s3:GetObject", + "s3:GetObjectVersion", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-glue-*", + "arn:aws:s3:::sagemaker-*" + ] + }, + { + "Action":[ + "sagemaker:AddAssociation", + "sagemaker:AddTags", + "sagemaker:AssociateTrialComponent", + "sagemaker:BatchDescribeModelPackage", + "sagemaker:BatchGetMetrics", + "sagemaker:BatchGetRecord", + "sagemaker:BatchPutMetrics", + "sagemaker:CreateAction", + "sagemaker:CreateAlgorithm", + "sagemaker:CreateApp", + "sagemaker:CreateAppImageConfig", + "sagemaker:CreateArtifact", + "sagemaker:CreateAutoMLJob", + "sagemaker:CreateCodeRepository", + "sagemaker:CreateCompilationJob", + "sagemaker:CreateContext", + "sagemaker:CreateDataQualityJobDefinition", + "sagemaker:CreateDeviceFleet", + "sagemaker:CreateDomain", + "sagemaker:CreateEdgePackagingJob", + "sagemaker:CreateEndpoint", + "sagemaker:CreateEndpointConfig", + "sagemaker:CreateExperiment", + "sagemaker:CreateFeatureGroup", + "sagemaker:CreateFlowDefinition", + "sagemaker:CreateHumanTaskUi", + "sagemaker:CreateHyperParameterTuningJob", + "sagemaker:CreateImage", + "sagemaker:CreateImageVersion", + "sagemaker:CreateInferenceRecommendationsJob", + "sagemaker:CreateLabelingJob", + "sagemaker:CreateLineageGroupPolicy", + "sagemaker:CreateModel", + "sagemaker:CreateModelBiasJobDefinition", + "sagemaker:CreateModelExplainabilityJobDefinition", + "sagemaker:CreateModelPackage", + "sagemaker:CreateModelPackageGroup", + "sagemaker:CreateModelQualityJobDefinition", + "sagemaker:CreateMonitoringSchedule", + "sagemaker:CreateNotebookInstance", + "sagemaker:CreateNotebookInstanceLifecycleConfig", + "sagemaker:CreatePipeline", + "sagemaker:CreatePresignedDomainUrl", + "sagemaker:CreatePresignedNotebookInstanceUrl", + "sagemaker:CreateProcessingJob", + "sagemaker:CreateProject", + "sagemaker:CreateTrainingJob", + "sagemaker:CreateTransformJob", + "sagemaker:CreateTrial", + "sagemaker:CreateTrialComponent", + "sagemaker:CreateUserProfile", + "sagemaker:CreateWorkforce", + "sagemaker:CreateWorkteam", + "sagemaker:DeleteAction", + "sagemaker:DeleteAlgorithm", + "sagemaker:DeleteApp", + "sagemaker:DeleteAppImageConfig", + "sagemaker:DeleteArtifact", + "sagemaker:DeleteAssociation", + "sagemaker:DeleteCodeRepository", + "sagemaker:DeleteContext", + "sagemaker:DeleteDataQualityJobDefinition", + "sagemaker:DeleteDeviceFleet", + "sagemaker:DeleteDomain", + "sagemaker:DeleteEndpoint", + "sagemaker:DeleteEndpointConfig", + "sagemaker:DeleteExperiment", + "sagemaker:DeleteFeatureGroup", + "sagemaker:DeleteFlowDefinition", + "sagemaker:DeleteHumanLoop", + "sagemaker:DeleteHumanTaskUi", + "sagemaker:DeleteImage", + "sagemaker:DeleteImageVersion", + "sagemaker:DeleteLineageGroupPolicy", + "sagemaker:DeleteModel", + "sagemaker:DeleteModelBiasJobDefinition", + "sagemaker:DeleteModelExplainabilityJobDefinition", + "sagemaker:DeleteModelPackage", + "sagemaker:DeleteModelPackageGroup", + "sagemaker:DeleteModelPackageGroupPolicy", + "sagemaker:DeleteModelQualityJobDefinition", + "sagemaker:DeleteMonitoringSchedule", + "sagemaker:DeleteNotebookInstance", + "sagemaker:DeleteNotebookInstanceLifecycleConfig", + "sagemaker:DeletePipeline", + "sagemaker:DeleteProject", + "sagemaker:DeleteRecord", + "sagemaker:DeleteTags", + "sagemaker:DeleteTrial", + "sagemaker:DeleteTrialComponent", + "sagemaker:DeleteUserProfile", + "sagemaker:DeleteWorkforce", + "sagemaker:DeleteWorkteam", + "sagemaker:DeregisterDevices", + "sagemaker:DescribeAction", + "sagemaker:DescribeAlgorithm", + "sagemaker:DescribeApp", + "sagemaker:DescribeAppImageConfig", + "sagemaker:DescribeArtifact", + "sagemaker:DescribeAutoMLJob", + "sagemaker:DescribeCodeRepository", + "sagemaker:DescribeCompilationJob", + "sagemaker:DescribeContext", + "sagemaker:DescribeDataQualityJobDefinition", + "sagemaker:DescribeDevice", + "sagemaker:DescribeDeviceFleet", + "sagemaker:DescribeDomain", + "sagemaker:DescribeEdgePackagingJob", + "sagemaker:DescribeEndpoint", + "sagemaker:DescribeEndpointConfig", + "sagemaker:DescribeExperiment", + "sagemaker:DescribeFeatureGroup", + "sagemaker:DescribeFlowDefinition", + "sagemaker:DescribeHumanLoop", + "sagemaker:DescribeHumanTaskUi", + "sagemaker:DescribeHyperParameterTuningJob", + "sagemaker:DescribeImage", + "sagemaker:DescribeImageVersion", + "sagemaker:DescribeInferenceRecommendationsJob", + "sagemaker:DescribeLabelingJob", + "sagemaker:DescribeLineageGroup", + "sagemaker:DescribeModel", + "sagemaker:DescribeModelBiasJobDefinition", + "sagemaker:DescribeModelExplainabilityJobDefinition", + "sagemaker:DescribeModelPackage", + "sagemaker:DescribeModelPackageGroup", + "sagemaker:DescribeModelQualityJobDefinition", + "sagemaker:DescribeMonitoringSchedule", + "sagemaker:DescribeNotebookInstance", + "sagemaker:DescribeNotebookInstanceLifecycleConfig", + "sagemaker:DescribePipeline", + "sagemaker:DescribePipelineDefinitionForExecution", + "sagemaker:DescribePipelineExecution", + "sagemaker:DescribeProcessingJob", + "sagemaker:DescribeProject", + "sagemaker:DescribeSubscribedWorkteam", + "sagemaker:DescribeTrainingJob", + "sagemaker:DescribeTransformJob", + "sagemaker:DescribeTrial", + "sagemaker:DescribeTrialComponent", + "sagemaker:DescribeUserProfile", + "sagemaker:DescribeWorkforce", + "sagemaker:DescribeWorkteam", + "sagemaker:DisableSagemakerServicecatalogPortfolio", + "sagemaker:DisassociateTrialComponent", + "sagemaker:EnableSagemakerServicecatalogPortfolio", + "sagemaker:GetDeviceFleetReport", + "sagemaker:GetDeviceRegistration", + "sagemaker:GetLineageGroupPolicy", + "sagemaker:GetModelPackageGroupPolicy", + "sagemaker:GetRecord", + "sagemaker:GetSagemakerServicecatalogPortfolioStatus", + "sagemaker:GetSearchSuggestions", + "sagemaker:InvokeEndpoint", + "sagemaker:InvokeEndpointAsync", + "sagemaker:ListActions", + "sagemaker:ListAlgorithms", + "sagemaker:ListAppImageConfigs", + "sagemaker:ListApps", + "sagemaker:ListArtifacts", + "sagemaker:ListAssociations", + "sagemaker:ListAutoMLJobs", + "sagemaker:ListCandidatesForAutoMLJob", + "sagemaker:ListCodeRepositories", + "sagemaker:ListCompilationJobs", + "sagemaker:ListContexts", + "sagemaker:ListDataQualityJobDefinitions", + "sagemaker:ListDeviceFleets", + "sagemaker:ListDevices", + "sagemaker:ListDomains", + "sagemaker:ListEdgePackagingJobs", + "sagemaker:ListEndpointConfigs", + "sagemaker:ListEndpoints", + "sagemaker:ListExperiments", + "sagemaker:ListFeatureGroups", + "sagemaker:ListFlowDefinitions", + "sagemaker:ListHumanLoops", + "sagemaker:ListHumanTaskUis", + "sagemaker:ListHyperParameterTuningJobs", + "sagemaker:ListImageVersions", + "sagemaker:ListImages", + "sagemaker:ListInferenceRecommendationsJobs", + "sagemaker:ListLabelingJobs", + "sagemaker:ListLabelingJobsForWorkteam", + "sagemaker:ListLineageGroups", + "sagemaker:ListModelBiasJobDefinitions", + "sagemaker:ListModelExplainabilityJobDefinitions", + "sagemaker:ListModelMetadata", + "sagemaker:ListModelPackageGroups", + "sagemaker:ListModelPackages", + "sagemaker:ListModelQualityJobDefinitions", + "sagemaker:ListModels", + "sagemaker:ListMonitoringExecutions", + "sagemaker:ListMonitoringSchedules", + "sagemaker:ListNotebookInstanceLifecycleConfigs", + "sagemaker:ListNotebookInstances", + "sagemaker:ListPipelineExecutionSteps", + "sagemaker:ListPipelineExecutions", + "sagemaker:ListPipelineParametersForExecution", + "sagemaker:ListPipelines", + "sagemaker:ListProcessingJobs", + "sagemaker:ListProjects", + "sagemaker:ListSubscribedWorkteams", + "sagemaker:ListTags", + "sagemaker:ListTrainingJobs", + "sagemaker:ListTrainingJobsForHyperParameterTuningJob", + "sagemaker:ListTransformJobs", + "sagemaker:ListTrialComponents", + "sagemaker:ListTrials", + "sagemaker:ListUserProfiles", + "sagemaker:ListWorkforces", + "sagemaker:ListWorkteams", + "sagemaker:PutLineageGroupPolicy", + "sagemaker:PutModelPackageGroupPolicy", + "sagemaker:PutRecord", + "sagemaker:QueryLineage", + "sagemaker:RegisterDevices", + "sagemaker:RenderUiTemplate", + "sagemaker:Search", + "sagemaker:SendHeartbeat", + "sagemaker:SendPipelineExecutionStepFailure", + "sagemaker:SendPipelineExecutionStepSuccess", + "sagemaker:StartHumanLoop", + "sagemaker:StartMonitoringSchedule", + "sagemaker:StartNotebookInstance", + "sagemaker:StartPipelineExecution", + "sagemaker:StopAutoMLJob", + "sagemaker:StopCompilationJob", + "sagemaker:StopEdgePackagingJob", + "sagemaker:StopHumanLoop", + "sagemaker:StopHyperParameterTuningJob", + "sagemaker:StopInferenceRecommendationsJob", + "sagemaker:StopLabelingJob", + "sagemaker:StopMonitoringSchedule", + "sagemaker:StopNotebookInstance", + "sagemaker:StopPipelineExecution", + "sagemaker:StopProcessingJob", + "sagemaker:StopTrainingJob", + "sagemaker:StopTransformJob", + "sagemaker:UpdateAction", + "sagemaker:UpdateAppImageConfig", + "sagemaker:UpdateArtifact", + "sagemaker:UpdateCodeRepository", + "sagemaker:UpdateContext", + "sagemaker:UpdateDeviceFleet", + "sagemaker:UpdateDevices", + "sagemaker:UpdateDomain", + "sagemaker:UpdateEndpoint", + "sagemaker:UpdateEndpointWeightsAndCapacities", + "sagemaker:UpdateExperiment", + "sagemaker:UpdateImage", + "sagemaker:UpdateModelPackage", + "sagemaker:UpdateMonitoringSchedule", + "sagemaker:UpdateNotebookInstance", + "sagemaker:UpdateNotebookInstanceLifecycleConfig", + "sagemaker:UpdatePipeline", + "sagemaker:UpdatePipelineExecution", + "sagemaker:UpdateProject", + "sagemaker:UpdateTrainingJob", + "sagemaker:UpdateTrial", + "sagemaker:UpdateTrialComponent", + "sagemaker:UpdateUserProfile", + "sagemaker:UpdateWorkforce", + "sagemaker:UpdateWorkteam" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:sagemaker:*:*:action/*", + "arn:aws:sagemaker:*:*:algorithm/*", + "arn:aws:sagemaker:*:*:app-image-config/*", + "arn:aws:sagemaker:*:*:artifact/*", + "arn:aws:sagemaker:*:*:automl-job/*", + "arn:aws:sagemaker:*:*:code-repository/*", + "arn:aws:sagemaker:*:*:compilation-job/*", + "arn:aws:sagemaker:*:*:context/*", + "arn:aws:sagemaker:*:*:data-quality-job-definition/*", + "arn:aws:sagemaker:*:*:device-fleet/*/device/*", + "arn:aws:sagemaker:*:*:device-fleet/*", + "arn:aws:sagemaker:*:*:edge-packaging-job/*", + "arn:aws:sagemaker:*:*:endpoint/*", + "arn:aws:sagemaker:*:*:endpoint-config/*", + "arn:aws:sagemaker:*:*:experiment/*", + "arn:aws:sagemaker:*:*:experiment-trial/*", + "arn:aws:sagemaker:*:*:experiment-trial-component/*", + "arn:aws:sagemaker:*:*:feature-group/*", + "arn:aws:sagemaker:*:*:human-loop/*", + "arn:aws:sagemaker:*:*:human-task-ui/*", + "arn:aws:sagemaker:*:*:hyper-parameter-tuning-job/*", + "arn:aws:sagemaker:*:*:image/*", + "arn:aws:sagemaker:*:*:image-version/*/*", + "arn:aws:sagemaker:*:*:inference-recommendations-job/*", + "arn:aws:sagemaker:*:*:labeling-job/*", + "arn:aws:sagemaker:*:*:model/*", + "arn:aws:sagemaker:*:*:model-bias-job-definition/*", + "arn:aws:sagemaker:*:*:model-explainability-job-definition/*", + "arn:aws:sagemaker:*:*:model-package/*", + "arn:aws:sagemaker:*:*:model-package-group/*", + "arn:aws:sagemaker:*:*:model-quality-job-definition/*", + "arn:aws:sagemaker:*:*:monitoring-schedule/*", + "arn:aws:sagemaker:*:*:notebook-instance/*", + "arn:aws:sagemaker:*:*:notebook-instance-lifecycle-config/*", + "arn:aws:sagemaker:*:*:pipeline/*", + "arn:aws:sagemaker:*:*:pipeline/*/execution/*", + "arn:aws:sagemaker:*:*:processing-job/*", + "arn:aws:sagemaker:*:*:project/*", + "arn:aws:sagemaker:*:*:training-job/*", + "arn:aws:sagemaker:*:*:transform-job/*", + "arn:aws:sagemaker:*:*:workforce/*", + "arn:aws:sagemaker:*:*:workteam/*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalogProductsExecutionRole" + ] + }, + { + "Action":[ + "logs:CreateLogDelivery", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:DeleteLogDelivery", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:DescribeResourcePolicies", + "logs:DescribeDestinations", + "logs:DescribeExportTasks", + "logs:DescribeMetricFilters", + "logs:DescribeQueries", + "logs:DescribeQueryDefinitions", + "logs:DescribeSubscriptionFilters", + "logs:GetLogDelivery", + "logs:GetLogEvents", + "logs:ListLogDeliveries", + "logs:PutLogEvents", + "logs:PutResourcePolicy", + "logs:UpdateLogDelivery" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/lambda/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-04T16:34:43+00:00" + }, + "AmazonSumerianFullAccess":{ + "CreateDate":"2018-04-24T20:14:16+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sumerian:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-04-24T20:14:16+00:00" + }, + "AmazonTextractFullAccess":{ + "CreateDate":"2018-11-28T19:07:42+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "textract:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-11-28T19:07:42+00:00" + }, + "AmazonTextractServiceRole":{ + "CreateDate":"2018-11-28T19:12:16+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sns:Publish" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:AmazonTextract*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-11-28T19:12:16+00:00" + }, + "AmazonTimestreamConsoleFullAccess":{ + "CreateDate":"2020-09-30T21:47:18+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "timestream:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:DescribeKey", + "kms:ListKeys", + "kms:ListAliases" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:CreateGrant" + ], + "Condition":{ + "Bool":{ + "kms:GrantIsForAWSResource":true + }, + "ForAnyValue:StringEquals":{ + "kms:EncryptionContextKeys":"aws:timestream:database-name" + }, + "StringLike":{ + "kms:ViaService":"timestream.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "dbqms:CreateFavoriteQuery", + "dbqms:DescribeFavoriteQueries", + "dbqms:UpdateFavoriteQuery", + "dbqms:DeleteFavoriteQueries", + "dbqms:GetQueryString", + "dbqms:CreateQueryHistory", + "dbqms:DescribeQueryHistory", + "dbqms:UpdateQueryHistory", + "dbqms:DeleteQueryHistory" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sns:ListTopics", + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-02-01T21:37:31+00:00" + }, + "AmazonTimestreamFullAccess":{ + "CreateDate":"2020-09-30T21:47:14+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "timestream:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:DescribeKey" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:CreateGrant" + ], + "Condition":{ + "Bool":{ + "kms:GrantIsForAWSResource":true + }, + "ForAnyValue:StringEquals":{ + "kms:EncryptionContextKeys":"aws:timestream:database-name" + }, + "StringLike":{ + "kms:ViaService":"timestream.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-26T23:42:00+00:00" + }, + "AmazonTimestreamReadOnlyAccess":{ + "CreateDate":"2020-09-30T21:47:08+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "timestream:CancelQuery", + "timestream:DescribeDatabase", + "timestream:DescribeEndpoints", + "timestream:DescribeTable", + "timestream:ListDatabases", + "timestream:ListMeasures", + "timestream:ListTables", + "timestream:ListTagsForResource", + "timestream:Select", + "timestream:SelectValues", + "timestream:DescribeScheduledQuery", + "timestream:ListScheduledQueries" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-26T23:39:30+00:00" + }, + "AmazonTranscribeFullAccess":{ + "CreateDate":"2018-04-04T16:06:16+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "transcribe:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*transcribe*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-04-04T16:06:16+00:00" + }, + "AmazonTranscribeReadOnlyAccess":{ + "CreateDate":"2018-04-04T16:05:06+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "transcribe:Get*", + "transcribe:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-04-04T16:05:06+00:00" + }, + "AmazonVPCCrossAccountNetworkInterfaceOperations":{ + "CreateDate":"2017-07-18T20:47:16+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeRouteTables", + "ec2:CreateRoute", + "ec2:DeleteRoute", + "ec2:ReplaceRoute" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ec2:DescribeNetworkInterfaces", + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:DeleteNetworkInterfacePermission", + "ec2:DescribeNetworkInterfacePermissions", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeRegions", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-16T14:16:49+00:00" + }, + "AmazonVPCFullAccess":{ + "CreateDate":"2015-02-06T18:41:16+00:00", + "DefaultVersionId":"v9", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:AcceptVpcPeeringConnection", + "ec2:AcceptVpcEndpointConnections", + "ec2:AllocateAddress", + "ec2:AssignIpv6Addresses", + "ec2:AssignPrivateIpAddresses", + "ec2:AssociateAddress", + "ec2:AssociateDhcpOptions", + "ec2:AssociateRouteTable", + "ec2:AssociateSubnetCidrBlock", + "ec2:AssociateVpcCidrBlock", + "ec2:AttachClassicLinkVpc", + "ec2:AttachInternetGateway", + "ec2:AttachNetworkInterface", + "ec2:AttachVpnGateway", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateCarrierGateway", + "ec2:CreateCustomerGateway", + "ec2:CreateDefaultSubnet", + "ec2:CreateDefaultVpc", + "ec2:CreateDhcpOptions", + "ec2:CreateEgressOnlyInternetGateway", + "ec2:CreateFlowLogs", + "ec2:CreateInternetGateway", + "ec2:CreateLocalGatewayRouteTableVpcAssociation", + "ec2:CreateNatGateway", + "ec2:CreateNetworkAcl", + "ec2:CreateNetworkAclEntry", + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSecurityGroup", + "ec2:CreateSubnet", + "ec2:CreateTags", + "ec2:CreateVpc", + "ec2:CreateVpcEndpoint", + "ec2:CreateVpcEndpointConnectionNotification", + "ec2:CreateVpcEndpointServiceConfiguration", + "ec2:CreateVpcPeeringConnection", + "ec2:CreateVpnConnection", + "ec2:CreateVpnConnectionRoute", + "ec2:CreateVpnGateway", + "ec2:DeleteCarrierGateway", + "ec2:DeleteCustomerGateway", + "ec2:DeleteDhcpOptions", + "ec2:DeleteEgressOnlyInternetGateway", + "ec2:DeleteFlowLogs", + "ec2:DeleteInternetGateway", + "ec2:DeleteLocalGatewayRouteTableVpcAssociation", + "ec2:DeleteNatGateway", + "ec2:DeleteNetworkAcl", + "ec2:DeleteNetworkAclEntry", + "ec2:DeleteNetworkInterface", + "ec2:DeleteNetworkInterfacePermission", + "ec2:DeleteRoute", + "ec2:DeleteRouteTable", + "ec2:DeleteSecurityGroup", + "ec2:DeleteSubnet", + "ec2:DeleteTags", + "ec2:DeleteVpc", + "ec2:DeleteVpcEndpoints", + "ec2:DeleteVpcEndpointConnectionNotifications", + "ec2:DeleteVpcEndpointServiceConfigurations", + "ec2:DeleteVpcPeeringConnection", + "ec2:DeleteVpnConnection", + "ec2:DeleteVpnConnectionRoute", + "ec2:DeleteVpnGateway", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeCarrierGateways", + "ec2:DescribeClassicLinkInstances", + "ec2:DescribeCustomerGateways", + "ec2:DescribeDhcpOptions", + "ec2:DescribeEgressOnlyInternetGateways", + "ec2:DescribeFlowLogs", + "ec2:DescribeInstances", + "ec2:DescribeInternetGateways", + "ec2:DescribeIpv6Pools", + "ec2:DescribeLocalGatewayRouteTables", + "ec2:DescribeLocalGatewayRouteTableVpcAssociations", + "ec2:DescribeKeyPairs", + "ec2:DescribeMovingAddresses", + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkAcls", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeNetworkInterfacePermissions", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribePrefixLists", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroupReferences", + "ec2:DescribeSecurityGroupRules", + "ec2:DescribeSecurityGroups", + "ec2:DescribeStaleSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeTags", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcClassicLink", + "ec2:DescribeVpcClassicLinkDnsSupport", + "ec2:DescribeVpcEndpointConnectionNotifications", + "ec2:DescribeVpcEndpointConnections", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcEndpointServiceConfigurations", + "ec2:DescribeVpcEndpointServicePermissions", + "ec2:DescribeVpcEndpointServices", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeVpcs", + "ec2:DescribeVpnConnections", + "ec2:DescribeVpnGateways", + "ec2:DetachClassicLinkVpc", + "ec2:DetachInternetGateway", + "ec2:DetachNetworkInterface", + "ec2:DetachVpnGateway", + "ec2:DisableVgwRoutePropagation", + "ec2:DisableVpcClassicLink", + "ec2:DisableVpcClassicLinkDnsSupport", + "ec2:DisassociateAddress", + "ec2:DisassociateRouteTable", + "ec2:DisassociateSubnetCidrBlock", + "ec2:DisassociateVpcCidrBlock", + "ec2:EnableVgwRoutePropagation", + "ec2:EnableVpcClassicLink", + "ec2:EnableVpcClassicLinkDnsSupport", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:ModifySecurityGroupRules", + "ec2:ModifySubnetAttribute", + "ec2:ModifyVpcAttribute", + "ec2:ModifyVpcEndpoint", + "ec2:ModifyVpcEndpointConnectionNotification", + "ec2:ModifyVpcEndpointServiceConfiguration", + "ec2:ModifyVpcEndpointServicePermissions", + "ec2:ModifyVpcPeeringConnectionOptions", + "ec2:ModifyVpcTenancy", + "ec2:MoveAddressToVpc", + "ec2:RejectVpcEndpointConnections", + "ec2:RejectVpcPeeringConnection", + "ec2:ReleaseAddress", + "ec2:ReplaceNetworkAclAssociation", + "ec2:ReplaceNetworkAclEntry", + "ec2:ReplaceRoute", + "ec2:ReplaceRouteTableAssociation", + "ec2:ResetNetworkInterfaceAttribute", + "ec2:RestoreAddressToClassic", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:UnassignIpv6Addresses", + "ec2:UnassignPrivateIpAddresses", + "ec2:UpdateSecurityGroupRuleDescriptionsEgress", + "ec2:UpdateSecurityGroupRuleDescriptionsIngress" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-02T19:12:14+00:00" + }, + "AmazonVPCReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:41:17+00:00", + "DefaultVersionId":"v8", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeCarrierGateways", + "ec2:DescribeClassicLinkInstances", + "ec2:DescribeCustomerGateways", + "ec2:DescribeDhcpOptions", + "ec2:DescribeEgressOnlyInternetGateways", + "ec2:DescribeFlowLogs", + "ec2:DescribeInternetGateways", + "ec2:DescribeLocalGatewayRouteTables", + "ec2:DescribeLocalGatewayRouteTableVpcAssociations", + "ec2:DescribeMovingAddresses", + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkAcls", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeNetworkInterfacePermissions", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribePrefixLists", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroupReferences", + "ec2:DescribeSecurityGroupRules", + "ec2:DescribeSecurityGroups", + "ec2:DescribeStaleSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeTags", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcClassicLink", + "ec2:DescribeVpcClassicLinkDnsSupport", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcEndpointConnectionNotifications", + "ec2:DescribeVpcEndpointConnections", + "ec2:DescribeVpcEndpointServiceConfigurations", + "ec2:DescribeVpcEndpointServicePermissions", + "ec2:DescribeVpcEndpointServices", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeVpcs", + "ec2:DescribeVpnConnections", + "ec2:DescribeVpnGateways" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-02T15:47:38+00:00" + }, + "AmazonWorkDocsFullAccess":{ + "CreateDate":"2020-04-16T23:05:11+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "workdocs:*", + "ds:DescribeDirectories", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-04-16T23:05:11+00:00" + }, + "AmazonWorkDocsReadOnlyAccess":{ + "CreateDate":"2020-01-08T23:49:59+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "workdocs:Describe*", + "ds:DescribeDirectories", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-01-08T23:49:59+00:00" + }, + "AmazonWorkLinkFullAccess":{ + "CreateDate":"2019-01-23T18:52:09+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "worklink:*" + ], + "Effect":"Allow", + "Resource":"arn:aws:worklink:*:*:*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-09-23T18:37:42+00:00" + }, + "AmazonWorkLinkReadOnly":{ + "CreateDate":"2019-01-23T19:07:10+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "worklink:Describe*", + "worklink:List*", + "worklink:Search*" + ], + "Effect":"Allow", + "Resource":"arn:aws:worklink:*:*:*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-09-23T18:37:21+00:00" + }, + "AmazonWorkLinkServiceRolePolicy":{ + "CreateDate":"2019-03-18T18:00:16+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterfacePermission", + "ec2:CreateNetworkInterfacePermission", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:DeleteNetworkInterface" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kinesis:PutRecord", + "kinesis:PutRecords" + ], + "Effect":"Allow", + "Resource":"arn:aws:kinesis:*:*:stream/AmazonWorkLink-*" + }, + { + "Action":[ + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-02-07T20:48:49+00:00" + }, + "AmazonWorkMailEventsServiceRolePolicy":{ + "CreateDate":"2019-04-16T16:52:43+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-04-16T16:52:43+00:00" + }, + "AmazonWorkMailFullAccess":{ + "CreateDate":"2015-02-06T18:40:41+00:00", + "DefaultVersionId":"v10", + "Document":{ + "Statement":[ + { + "Action":[ + "ds:AuthorizeApplication", + "ds:CheckAlias", + "ds:CreateAlias", + "ds:CreateDirectory", + "ds:CreateIdentityPoolDirectory", + "ds:DeleteDirectory", + "ds:DescribeDirectories", + "ds:GetDirectoryLimits", + "ds:ListAuthorizedApplications", + "ds:UnauthorizeApplication", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup", + "ec2:CreateSubnet", + "ec2:CreateTags", + "ec2:CreateVpc", + "ec2:DeleteSecurityGroup", + "ec2:DeleteSubnet", + "ec2:DeleteVpc", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeRouteTables", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "kms:DescribeKey", + "kms:ListAliases", + "lambda:ListFunctions", + "route53:ChangeResourceRecordSets", + "route53:ListHostedZones", + "route53:ListResourceRecordSets", + "route53:GetHostedZone", + "route53domains:CheckDomainAvailability", + "route53domains:ListDomains", + "ses:*", + "workmail:*", + "iam:ListRoles", + "logs:DescribeLogGroups", + "logs:CreateLogGroup", + "logs:PutRetentionPolicy", + "cloudwatch:GetMetricData" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"events.workmail.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/events.workmail.amazonaws.com/AWSServiceRoleForAmazonWorkMailEvents*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringLike":{ + "iam:PassedToService":"events.workmail.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*workmail*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-21T14:13:40+00:00" + }, + "AmazonWorkMailMessageFlowFullAccess":{ + "CreateDate":"2021-02-11T11:08:35+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "workmailmessageflow:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-02-11T11:08:35+00:00" + }, + "AmazonWorkMailMessageFlowReadOnlyAccess":{ + "CreateDate":"2021-01-28T12:40:08+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "workmailmessageflow:Get*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-01-28T12:40:08+00:00" + }, + "AmazonWorkMailReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:40:42+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "ses:Describe*", + "ses:Get*", + "workmail:Describe*", + "workmail:Get*", + "workmail:List*", + "workmail:Search*", + "lambda:ListFunctions", + "iam:ListRoles", + "logs:DescribeLogGroups", + "cloudwatch:GetMetricData" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-07-25T08:24:50+00:00" + }, + "AmazonWorkSpacesAdmin":{ + "CreateDate":"2015-09-22T22:21:15+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "workspaces:CreateWorkspaces", + "workspaces:DescribeWorkspaces", + "workspaces:RebootWorkspaces", + "workspaces:RebuildWorkspaces", + "workspaces:TerminateWorkspaces", + "workspaces:DescribeWorkspaceDirectories", + "workspaces:DescribeWorkspaceBundles", + "workspaces:ModifyWorkspaceProperties", + "workspaces:StopWorkspaces", + "workspaces:StartWorkspaces", + "workspaces:DescribeWorkspacesConnectionStatus", + "workspaces:CreateTags", + "workspaces:DeleteTags", + "workspaces:DescribeTags", + "kms:ListKeys", + "kms:ListAliases", + "kms:DescribeKey" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-08-18T23:08:42+00:00" + }, + "AmazonWorkSpacesApplicationManagerAdminAccess":{ + "CreateDate":"2015-04-09T14:03:18+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"wam:AuthenticatePackager", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-04-09T14:03:18+00:00" + }, + "AmazonWorkSpacesSelfServiceAccess":{ + "CreateDate":"2019-06-27T19:22:52+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "workspaces:RebootWorkspaces", + "workspaces:RebuildWorkspaces", + "workspaces:ModifyWorkspaceProperties" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-27T19:22:52+00:00" + }, + "AmazonWorkSpacesServiceAccess":{ + "CreateDate":"2019-06-27T19:19:09+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DescribeNetworkInterfaces" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-03-18T23:32:10+00:00" + }, + "AmazonWorkSpacesWebReadOnly":{ + "CreateDate":"2021-11-30T14:20:36+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "workspaces-web:GetBrowserSettings", + "workspaces-web:GetIdentityProvider", + "workspaces-web:GetNetworkSettings", + "workspaces-web:GetPortal", + "workspaces-web:GetPortalServiceProviderMetadata", + "workspaces-web:GetTrustStore", + "workspaces-web:GetTrustStoreCertificate", + "workspaces-web:GetUserSettings", + "workspaces-web:ListBrowserSettings", + "workspaces-web:ListIdentityProviders", + "workspaces-web:ListNetworkSettings", + "workspaces-web:ListPortals", + "workspaces-web:ListTagsForResource", + "workspaces-web:ListTrustStoreCertificates", + "workspaces-web:ListTrustStores", + "workspaces-web:ListUserSettings" + ], + "Effect":"Allow", + "Resource":"arn:aws:workspaces-web:*:*:*" + }, + { + "Action":[ + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-30T14:20:36+00:00" + }, + "AmazonWorkSpacesWebServiceRolePolicy":{ + "CreateDate":"2021-11-30T13:15:53+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeAvailabilityZones", + "ec2:CreateNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteNetworkInterface", + "ec2:AssociateAddress", + "ec2:DisassociateAddress", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeVpcEndpoints" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":[ + "AWS/WorkSpacesWeb", + "AWS/Usage" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-05T22:01:09+00:00" + }, + "AmazonZocaloFullAccess":{ + "CreateDate":"2015-02-06T18:41:13+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "zocalo:*", + "ds:*", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup", + "ec2:CreateSubnet", + "ec2:CreateTags", + "ec2:CreateVpc", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DeleteNetworkInterface", + "ec2:DeleteSecurityGroup", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:41:13+00:00" + }, + "AmazonZocaloReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:41:14+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "zocalo:Describe*", + "ds:DescribeDirectories", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:41:14+00:00" + }, + "AppRunnerNetworkingServiceRolePolicy":{ + "CreateDate":"2022-01-12T21:02:40+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeVpcs", + "ec2:DescribeDhcpOptions", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:CreateNetworkInterface", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "AWSAppRunnerManaged" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"CreateNetworkInterface" + }, + "StringLike":{ + "aws:RequestTag/AWSAppRunnerManaged":"*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + }, + { + "Action":"ec2:DeleteNetworkInterface", + "Condition":{ + "Null":{ + "ec2:ResourceTag/AWSAppRunnerManaged":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-01-12T21:02:40+00:00" + }, + "AppRunnerServiceRolePolicy":{ + "CreateDate":"2021-05-14T19:15:04+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogGroup", + "logs:PutRetentionPolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/apprunner/*" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/apprunner/*:log-stream:*" + ] + }, + { + "Action":[ + "events:PutRule", + "events:PutTargets", + "events:DeleteRule", + "events:RemoveTargets", + "events:DescribeRule", + "events:EnableRule", + "events:DisableRule" + ], + "Effect":"Allow", + "Resource":"arn:aws:events:*:*:rule/AWSAppRunnerManagedRule*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-05-14T19:15:04+00:00" + }, + "ApplicationAutoScalingForAmazonAppStreamAccess":{ + "CreateDate":"2017-02-06T21:39:56+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "appstream:UpdateFleet", + "appstream:DescribeFleets" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "cloudwatch:DescribeAlarms" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-02-06T21:39:56+00:00" + }, + "ApplicationDiscoveryServiceContinuousExportServiceRolePolicy":{ + "CreateDate":"2018-08-09T20:22:01+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "glue:CreateDatabase", + "glue:UpdateDatabase", + "glue:CreateTable", + "glue:UpdateTable", + "firehose:CreateDeliveryStream", + "firehose:DescribeDeliveryStream", + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "firehose:DeleteDeliveryStream", + "firehose:PutRecord", + "firehose:PutRecordBatch", + "firehose:UpdateDestination" + ], + "Effect":"Allow", + "Resource":"arn:aws:firehose:*:*:deliverystream/aws-application-discovery-service*" + }, + { + "Action":[ + "s3:CreateBucket", + "s3:ListBucket", + "s3:PutBucketLogging", + "s3:PutEncryptionConfiguration" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::aws-application-discovery-service*" + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::aws-application-discovery-service*/*" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:PutRetentionPolicy" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/application-discovery-service/firehose*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":"firehose.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/AWSApplicationDiscoveryServiceFirehose" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":"firehose.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/service-role/AWSApplicationDiscoveryServiceFirehose" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-08-13T22:31:21+00:00" + }, + "AutoScalingConsoleFullAccess":{ + "CreateDate":"2017-01-12T19:43:16+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateKeyPair", + "ec2:CreateSecurityGroup", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeImages", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstances", + "ec2:DescribeKeyPairs", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribePlacementGroups", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSpotInstanceRequests", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeVpcClassicLink", + "ec2:ImportKeyPair" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"elasticloadbalancing:Describe*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:ListMetrics", + "cloudwatch:GetMetricStatistics", + "cloudwatch:PutMetricAlarm", + "cloudwatch:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"autoscaling:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sns:ListSubscriptions", + "sns:ListTopics" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:ListRoles", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"autoscaling.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-02-06T23:15:36+00:00" + }, + "AutoScalingConsoleReadOnlyAccess":{ + "CreateDate":"2017-01-12T19:48:53+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeVpcs", + "ec2:DescribeVpcClassicLink", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSubnets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"elasticloadbalancing:Describe*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:ListMetrics", + "cloudwatch:GetMetricStatistics", + "cloudwatch:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"autoscaling:Describe*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sns:ListSubscriptions", + "sns:ListTopics" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-01-12T19:48:53+00:00" + }, + "AutoScalingFullAccess":{ + "CreateDate":"2017-01-12T19:31:58+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":"autoscaling:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"cloudwatch:PutMetricAlarm", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeImages", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstances", + "ec2:DescribeKeyPairs", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribePlacementGroups", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSpotInstanceRequests", + "ec2:DescribeSubnets", + "ec2:DescribeVpcClassicLink" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTargetGroups" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"autoscaling.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-02-06T21:59:13+00:00" + }, + "AutoScalingNotificationAccessRole":{ + "CreateDate":"2015-02-06T18:41:22+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sqs:SendMessage", + "sqs:GetQueueUrl", + "sns:Publish" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:41:22+00:00" + }, + "AutoScalingReadOnlyAccess":{ + "CreateDate":"2017-01-12T19:39:35+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"autoscaling:Describe*", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-01-12T19:39:35+00:00" + }, + "AutoScalingServiceRolePolicy":{ + "CreateDate":"2018-01-08T23:10:55+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:AttachClassicLinkVpc", + "ec2:CancelSpotInstanceRequests", + "ec2:CreateFleet", + "ec2:CreateTags", + "ec2:DeleteTags", + "ec2:Describe*", + "ec2:DetachClassicLinkVpc", + "ec2:ModifyInstanceAttribute", + "ec2:RequestSpotInstances", + "ec2:RunInstances", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"EC2InstanceManagement" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":"ec2.amazonaws.com*" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"EC2InstanceProfileManagement" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"spot.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"EC2SpotManagement" + }, + { + "Action":[ + "elasticloadbalancing:Register*", + "elasticloadbalancing:Deregister*", + "elasticloadbalancing:Describe*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ELBManagement" + }, + { + "Action":[ + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricData", + "cloudwatch:PutMetricAlarm" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CWManagement" + }, + { + "Action":[ + "sns:Publish" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SNSManagement" + }, + { + "Action":[ + "events:PutRule", + "events:PutTargets", + "events:RemoveTargets", + "events:DeleteRule", + "events:DescribeRule" + ], + "Condition":{ + "StringEquals":{ + "events:ManagedBy":"autoscaling.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*", + "Sid":"EventBridgeRuleManagement" + }, + { + "Action":[ + "ssm:GetParameters" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"SystemsManagerParameterManagement" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-10-29T22:06:23+00:00" + }, + "AwsGlueDataBrewFullAccessPolicy":{ + "CreateDate":"2020-11-11T16:51:39+00:00", + "DefaultVersionId":"v8", + "Document":{ + "Statement":[ + { + "Action":[ + "databrew:CreateDataset", + "databrew:DescribeDataset", + "databrew:ListDatasets", + "databrew:UpdateDataset", + "databrew:DeleteDataset", + "databrew:CreateProject", + "databrew:DescribeProject", + "databrew:ListProjects", + "databrew:StartProjectSession", + "databrew:SendProjectSessionAction", + "databrew:UpdateProject", + "databrew:DeleteProject", + "databrew:CreateRecipe", + "databrew:DescribeRecipe", + "databrew:ListRecipes", + "databrew:ListRecipeVersions", + "databrew:PublishRecipe", + "databrew:UpdateRecipe", + "databrew:BatchDeleteRecipeVersion", + "databrew:DeleteRecipeVersion", + "databrew:CreateRecipeJob", + "databrew:CreateProfileJob", + "databrew:DescribeJob", + "databrew:DescribeJobRun", + "databrew:ListJobRuns", + "databrew:ListJobs", + "databrew:StartJobRun", + "databrew:StopJobRun", + "databrew:UpdateProfileJob", + "databrew:UpdateRecipeJob", + "databrew:DeleteJob", + "databrew:CreateSchedule", + "databrew:DescribeSchedule", + "databrew:ListSchedules", + "databrew:UpdateSchedule", + "databrew:DeleteSchedule", + "databrew:CreateRuleset", + "databrew:DeleteRuleset", + "databrew:DescribeRuleset", + "databrew:ListRulesets", + "databrew:UpdateRuleset", + "databrew:ListTagsForResource", + "databrew:TagResource", + "databrew:UntagResource" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "appflow:DescribeFlow", + "appflow:DescribeFlowExecutionRecords", + "appflow:ListFlows", + "glue:GetConnection", + "glue:GetConnections", + "glue:GetDatabases", + "glue:GetPartitions", + "glue:GetTable", + "glue:GetTables", + "glue:GetDataCatalogEncryptionSettings", + "dataexchange:ListDataSets", + "dataexchange:ListDataSetRevisions", + "dataexchange:ListRevisionAssets", + "dataexchange:CreateJob", + "dataexchange:StartJob", + "dataexchange:GetJob", + "ec2:DescribeSecurityGroups", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "kms:DescribeKey", + "kms:ListKeys", + "kms:ListAliases", + "redshift:DescribeClusters", + "redshift:DescribeClusterSubnetGroups", + "redshift-data:DescribeStatement", + "redshift-data:ListDatabases", + "redshift-data:ListSchemas", + "redshift-data:ListTables", + "s3:ListAllMyBuckets", + "s3:GetBucketCORS", + "s3:GetBucketLocation", + "s3:GetEncryptionConfiguration", + "s3:GetLifecycleConfiguration", + "secretsmanager:ListSecrets", + "secretsmanager:DescribeSecret", + "sts:GetCallerIdentity", + "cloudtrail:LookupEvents", + "iam:ListRoles", + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "glue:CreateConnection" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:connection/AwsGlueDataBrew-*" + ] + }, + { + "Action":[ + "glue:GetDatabases" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:database/*" + ] + }, + { + "Action":[ + "glue:CreateTable" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:catalog", + "arn:aws:glue:*:*:database/*", + "arn:aws:glue:*:*:table/*/awsgluedatabrew*" + ] + }, + { + "Action":[ + "s3:ListBucket", + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::databrew-public-datasets-*" + ] + }, + { + "Action":[ + "kms:GenerateDataKey" + ], + "Condition":{ + "StringLike":{ + "kms:ViaService":"s3.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "secretsmanager:CreateSecret" + ], + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:AwsGlueDataBrew-*" + }, + { + "Action":[ + "kms:GenerateRandom" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "secretsmanager:GetSecretValue" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "databrew.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:databrew!default-*" + }, + { + "Action":[ + "secretsmanager:CreateSecret" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "databrew.amazonaws.com" + ] + }, + "StringLike":{ + "secretsmanager:Name":"databrew!default" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:secretsmanager:*:*:secret:databrew!default-*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "databrew.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-02-04T18:28:33+00:00" + }, + "AwsGlueSessionUserRestrictedNotebookPolicy":{ + "CreateDate":"2022-04-18T15:24:56+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "glue:CreateSession" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:TagKeys":[ + "owner" + ] + }, + "StringEquals":{ + "aws:RequestTag/owner":"${aws:PrincipalTag/owner}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:session/*" + ] + }, + { + "Action":[ + "glue:RunStatement", + "glue:GetStatement", + "glue:ListStatements", + "glue:CancelStatement", + "glue:StopSession", + "glue:DeleteSession", + "glue:GetSession" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/owner":"${aws:PrincipalTag/owner}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:session/*" + ] + }, + { + "Action":[ + "glue:ListSessions" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "glue:TagResource", + "glue:UntagResource", + "tag:TagResources", + "tag:UntagResources" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:TagKeys":[ + "owner" + ] + } + }, + "Effect":"Deny", + "Resource":[ + "arn:aws:glue:*:*:session/*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":[ + "glue.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AwsGlueSessionServiceRoleUserRestrictedForNotebook*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-18T15:24:56+00:00" + }, + "AwsGlueSessionUserRestrictedNotebookServiceRole":{ + "CreateDate":"2022-04-18T15:27:11+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"glue:*", + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:catalog/*", + "arn:aws:glue:*:*:database/*", + "arn:aws:glue:*:*:table/*", + "arn:aws:glue:*:*:tableVersion/*", + "arn:aws:glue:*:*:connection/*", + "arn:aws:glue:*:*:userDefinedFunction/*", + "arn:aws:glue:*:*:devEndpoint/*", + "arn:aws:glue:*:*:job/*", + "arn:aws:glue:*:*:trigger/*", + "arn:aws:glue:*:*:crawler/*", + "arn:aws:glue:*:*:workflow/*", + "arn:aws:glue:*:*:mlTransform/*", + "arn:aws:glue:*:*:registry/*", + "arn:aws:glue:*:*:schema/*" + ] + }, + { + "Action":[ + "glue:CreateSession" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:TagKeys":[ + "owner" + ] + }, + "StringEquals":{ + "aws:RequestTag/owner":"${aws:PrincipalTag/owner}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:session/*" + ] + }, + { + "Action":[ + "glue:RunStatement", + "glue:GetStatement", + "glue:ListStatements", + "glue:CancelStatement", + "glue:StopSession", + "glue:DeleteSession", + "glue:GetSession" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/owner":"${aws:PrincipalTag/owner}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:session/*" + ] + }, + { + "Action":[ + "glue:ListSessions" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "glue:TagResource", + "glue:UntagResource", + "tag:TagResources", + "tag:UntagResources" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:TagKeys":[ + "owner" + ] + } + }, + "Effect":"Deny", + "Resource":[ + "arn:aws:glue:*:*:session/*" + ] + }, + { + "Action":[ + "s3:CreateBucket" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-glue-*" + ] + }, + { + "Action":[ + "s3:GetObject", + "s3:PutObject", + "s3:DeleteObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-glue-*/*", + "arn:aws:s3:::*/*aws-glue-*/*" + ] + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::crawler-public*" + ] + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:/aws-glue/*" + ] + }, + { + "Action":[ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "aws-glue-service-resource" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:instance/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-18T15:27:11+00:00" + }, + "AwsGlueSessionUserRestrictedPolicy":{ + "CreateDate":"2022-04-14T21:31:01+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "glue:CreateSession" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:TagKeys":[ + "owner" + ] + }, + "StringEquals":{ + "aws:RequestTag/owner":"${aws:userid}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:session/*" + ] + }, + { + "Action":[ + "glue:RunStatement", + "glue:GetStatement", + "glue:ListStatements", + "glue:CancelStatement", + "glue:StopSession", + "glue:DeleteSession", + "glue:GetSession" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/owner":"${aws:userid}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:session/*" + ] + }, + { + "Action":[ + "glue:ListSessions" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "glue:TagResource", + "glue:UntagResource", + "tag:TagResources", + "tag:UntagResources" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:TagKeys":[ + "owner" + ] + } + }, + "Effect":"Deny", + "Resource":[ + "arn:aws:glue:*:*:session/*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringLike":{ + "iam:PassedToService":[ + "glue.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/AwsGlueSessionServiceRoleUserRestricted*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-14T21:31:01+00:00" + }, + "AwsGlueSessionUserRestrictedServiceRole":{ + "CreateDate":"2022-04-14T21:30:07+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"glue:*", + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:catalog/*", + "arn:aws:glue:*:*:database/*", + "arn:aws:glue:*:*:table/*", + "arn:aws:glue:*:*:tableVersion/*", + "arn:aws:glue:*:*:connection/*", + "arn:aws:glue:*:*:userDefinedFunction/*", + "arn:aws:glue:*:*:devEndpoint/*", + "arn:aws:glue:*:*:job/*", + "arn:aws:glue:*:*:trigger/*", + "arn:aws:glue:*:*:crawler/*", + "arn:aws:glue:*:*:workflow/*", + "arn:aws:glue:*:*:mlTransform/*", + "arn:aws:glue:*:*:registry/*", + "arn:aws:glue:*:*:schema/*" + ] + }, + { + "Action":[ + "glue:CreateSession" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:TagKeys":[ + "owner" + ] + }, + "StringEquals":{ + "aws:RequestTag/owner":"${aws:userid}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:session/*" + ] + }, + { + "Action":[ + "glue:RunStatement", + "glue:GetStatement", + "glue:ListStatements", + "glue:CancelStatement", + "glue:StopSession", + "glue:DeleteSession", + "glue:GetSession" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/owner":"${aws:userid}" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:glue:*:*:session/*" + ] + }, + { + "Action":[ + "glue:ListSessions" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "glue:TagResource", + "glue:UntagResource", + "tag:TagResources", + "tag:UntagResources" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:TagKeys":[ + "owner" + ] + } + }, + "Effect":"Deny", + "Resource":[ + "arn:aws:glue:*:*:session/*" + ] + }, + { + "Action":[ + "s3:CreateBucket" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-glue-*" + ] + }, + { + "Action":[ + "s3:GetObject", + "s3:PutObject", + "s3:DeleteObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::aws-glue-*/*", + "arn:aws:s3:::*/*aws-glue-*/*" + ] + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::crawler-public*" + ] + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:/aws-glue/*" + ] + }, + { + "Action":[ + "ec2:CreateTags", + "ec2:DeleteTags" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "aws-glue-service-resource" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:instance/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-14T21:30:07+00:00" + }, + "BatchServiceRolePolicy":{ + "CreateDate":"2021-03-10T06:55:36+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeAccountAttributes", + "ec2:DescribeInstances", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups", + "ec2:DescribeKeyPairs", + "ec2:DescribeImages", + "ec2:DescribeImageAttribute", + "ec2:DescribeSpotInstanceRequests", + "ec2:DescribeSpotFleetInstances", + "ec2:DescribeSpotFleetRequests", + "ec2:DescribeSpotPriceHistory", + "ec2:DescribeVpcClassicLink", + "ec2:DescribeLaunchTemplateVersions", + "ec2:RequestSpotFleet", + "autoscaling:DescribeAccountLimits", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeLaunchConfigurations", + "autoscaling:DescribeAutoScalingInstances", + "ecs:DescribeClusters", + "ecs:DescribeContainerInstances", + "ecs:DescribeTaskDefinition", + "ecs:DescribeTasks", + "ecs:ListClusters", + "ecs:ListContainerInstances", + "ecs:ListTaskDefinitionFamilies", + "ecs:ListTaskDefinitions", + "ecs:ListTasks", + "ecs:DeregisterTaskDefinition", + "ecs:TagResource", + "ecs:ListAccountSettings", + "logs:DescribeLogGroups", + "iam:GetInstanceProfile", + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/batch/job*" + }, + { + "Action":[ + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/batch/job*:log-stream:*" + }, + { + "Action":[ + "autoscaling:CreateOrUpdateTags" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/AWSBatchServiceTag":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "ec2.amazonaws.com", + "ec2.amazonaws.com.cn", + "ecs-tasks.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "spot.amazonaws.com", + "spotfleet.amazonaws.com", + "autoscaling.amazonaws.com", + "ecs.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:CreateLaunchTemplate" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/AWSBatchServiceTag":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:TerminateInstances", + "ec2:CancelSpotFleetRequests", + "ec2:ModifySpotFleetRequest", + "ec2:DeleteLaunchTemplate" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/AWSBatchServiceTag":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "autoscaling:CreateLaunchConfiguration", + "autoscaling:DeleteLaunchConfiguration" + ], + "Effect":"Allow", + "Resource":"arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/AWSBatch*" + }, + { + "Action":[ + "autoscaling:CreateAutoScalingGroup", + "autoscaling:UpdateAutoScalingGroup", + "autoscaling:SetDesiredCapacity", + "autoscaling:DeleteAutoScalingGroup", + "autoscaling:SuspendProcesses", + "autoscaling:PutNotificationConfiguration", + "autoscaling:TerminateInstanceInAutoScalingGroup" + ], + "Effect":"Allow", + "Resource":"arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/AWSBatch*" + }, + { + "Action":[ + "ecs:DeleteCluster", + "ecs:DeregisterContainerInstance", + "ecs:RunTask", + "ecs:StartTask", + "ecs:StopTask" + ], + "Effect":"Allow", + "Resource":"arn:aws:ecs:*:*:cluster/AWSBatch*" + }, + { + "Action":[ + "ecs:RunTask", + "ecs:StartTask", + "ecs:StopTask" + ], + "Effect":"Allow", + "Resource":"arn:aws:ecs:*:*:task-definition/*" + }, + { + "Action":[ + "ecs:StopTask" + ], + "Effect":"Allow", + "Resource":"arn:aws:ecs:*:*:task/*/*" + }, + { + "Action":[ + "ecs:CreateCluster", + "ecs:RegisterTaskDefinition" + ], + "Condition":{ + "Null":{ + "aws:RequestTag/AWSBatchServiceTag":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:RunInstances", + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*::image/*", + "arn:aws:ec2:*::snapshot/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:key-pair/*", + "arn:aws:ec2:*:*:launch-template/*", + "arn:aws:ec2:*:*:placement-group/*", + "arn:aws:ec2:*:*:capacity-reservation/*", + "arn:aws:ec2:*:*:elastic-gpu/*", + "arn:aws:elastic-inference:*:*:elastic-inference-accelerator/*", + "arn:aws:resource-groups:*:*:group/*" + ] + }, + { + "Action":"ec2:RunInstances", + "Condition":{ + "Null":{ + "aws:RequestTag/AWSBatchServiceTag":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":[ + "RunInstances", + "CreateLaunchTemplate", + "RequestSpotFleet" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-18T20:05:56+00:00" + }, + "Billing":{ + "CreateDate":"2016-11-10T17:33:18+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-portal:*Billing", + "aws-portal:*Usage", + "aws-portal:*PaymentMethods", + "budgets:ViewBudget", + "budgets:ModifyBudget", + "ce:UpdatePreferences", + "ce:CreateReport", + "ce:UpdateReport", + "ce:DeleteReport", + "ce:CreateNotificationSubscription", + "ce:UpdateNotificationSubscription", + "ce:DeleteNotificationSubscription", + "cur:DescribeReportDefinitions", + "cur:PutReportDefinition", + "cur:ModifyReportDefinition", + "cur:DeleteReportDefinition", + "purchase-orders:*PurchaseOrders" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/job-function/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-10-05T20:37:01+00:00" + }, + "CertificateManagerServiceRolePolicy":{ + "CreateDate":"2020-06-25T17:56:49+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "acm-pca:IssueCertificate", + "acm-pca:GetCertificate" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-25T17:56:49+00:00" + }, + "ClientVPNServiceConnectionsRolePolicy":{ + "CreateDate":"2020-08-12T19:48:06+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "lambda:InvokeFunction" + ], + "Effect":"Allow", + "Resource":"arn:aws:lambda:*:*:function:AWSClientVPN-*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-12T19:48:06+00:00" + }, + "ClientVPNServiceRolePolicy":{ + "CreateDate":"2018-12-10T21:20:25+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:DescribeSecurityGroups", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeInternetGateways", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:DeleteNetworkInterface", + "ec2:DescribeAccountAttributes", + "ds:AuthorizeApplication", + "ds:DescribeDirectories", + "ds:GetDirectoryLimits", + "ds:UnauthorizeApplication", + "logs:DescribeLogStreams", + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogGroups", + "acm:GetCertificate", + "acm:DescribeCertificate", + "iam:GetSAMLProvider", + "lambda:GetFunctionConfiguration" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-12T19:39:34+00:00" + }, + "CloudFormationStackSetsOrgAdminServiceRolePolicy":{ + "CreateDate":"2019-12-10T00:20:05+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "organizations:List*", + "organizations:Describe*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AllowsAWSOrganizationsReadAPIs" + }, + { + "Action":"sts:AssumeRole", + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/stacksets-exec-*", + "Sid":"AllowAssumeRoleInMemberAccounts" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-12-10T00:20:05+00:00" + }, + "CloudFormationStackSetsOrgMemberServiceRolePolicy":{ + "CreateDate":"2019-12-09T23:52:37+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:CreateRole", + "iam:DeleteRole", + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/stacksets-exec-*" + ] + }, + { + "Action":[ + "iam:DetachRolePolicy", + "iam:AttachRolePolicy" + ], + "Condition":{ + "StringEquals":{ + "iam:PolicyARN":"arn:aws:iam::aws:policy/AdministratorAccess" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/stacksets-exec-*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-12-09T23:52:37+00:00" + }, + "CloudFrontFullAccess":{ + "CreateDate":"2015-02-06T18:39:50+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*" + }, + { + "Action":[ + "acm:ListCertificates", + "cloudfront:*", + "iam:ListServerCertificates", + "waf:ListWebACLs", + "waf:GetWebACL", + "wafv2:ListWebACLs", + "wafv2:GetWebACL", + "kinesis:ListStreams" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kinesis:DescribeStream" + ], + "Effect":"Allow", + "Resource":"arn:aws:kinesis:*:*:*" + }, + { + "Action":[ + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-09-03T20:18:42+00:00" + }, + "CloudFrontReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:39:55+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "acm:ListCertificates", + "cloudfront:DescribeFunction", + "cloudfront:Get*", + "cloudfront:List*", + "iam:ListServerCertificates", + "route53:List*", + "waf:ListWebACLs", + "waf:GetWebACL", + "wafv2:ListWebACLs", + "wafv2:GetWebACL" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-08T22:10:54+00:00" + }, + "CloudHSMServiceRolePolicy":{ + "CreateDate":"2017-11-06T19:12:46+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + "logs:DescribeLogStreams" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-11-06T19:12:46+00:00" + }, + "CloudSearchFullAccess":{ + "CreateDate":"2015-02-06T18:39:56+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudsearch:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:39:56+00:00" + }, + "CloudSearchReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:39:57+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudsearch:Describe*", + "cloudsearch:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:39:57+00:00" + }, + "CloudTrailServiceRolePolicy":{ + "CreateDate":"2018-10-24T21:21:44+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudtrail:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudTrailFullAccess" + }, + { + "Action":[ + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:ListAccounts", + "organizations:ListAWSServiceAccessForOrganization" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"AwsOrgsAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-10-24T21:21:44+00:00" + }, + "CloudWatch-CrossAccountAccess":{ + "CreateDate":"2019-07-23T09:59:27+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "sts:AssumeRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/CloudWatch-CrossAccountSharing*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-07-23T09:59:27+00:00" + }, + "CloudWatchActionsEC2Access":{ + "CreateDate":"2015-07-07T00:00:33+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:Describe*", + "ec2:Describe*", + "ec2:RebootInstances", + "ec2:StopInstances", + "ec2:TerminateInstances" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-07-07T00:00:33+00:00" + }, + "CloudWatchAgentAdminPolicy":{ + "CreateDate":"2018-03-07T00:52:31+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:PutMetricData", + "ec2:DescribeTags", + "logs:PutLogEvents", + "logs:DescribeLogStreams", + "logs:DescribeLogGroups", + "logs:CreateLogStream", + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssm:GetParameter", + "ssm:PutParameter" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-03-07T00:52:31+00:00" + }, + "CloudWatchAgentServerPolicy":{ + "CreateDate":"2018-03-07T01:06:44+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:PutMetricData", + "ec2:DescribeVolumes", + "ec2:DescribeTags", + "logs:PutLogEvents", + "logs:DescribeLogStreams", + "logs:DescribeLogGroups", + "logs:CreateLogStream", + "logs:CreateLogGroup" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssm:GetParameter" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-10-17T23:08:51+00:00" + }, + "CloudWatchApplicationInsightsFullAccess":{ + "CreateDate":"2020-11-24T18:44:14+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":"applicationinsights:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeVolumes", + "rds:DescribeDBInstances", + "rds:DescribeDBClusters", + "sqs:ListQueues", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth", + "autoscaling:DescribeAutoScalingGroups", + "lambda:ListFunctions", + "dynamodb:ListTables", + "s3:ListAllMyBuckets", + "sns:ListTopics", + "states:ListStateMachines", + "apigateway:GET", + "ecs:ListClusters", + "ecs:DescribeTaskDefinition", + "ecs:ListServices", + "ecs:ListTasks", + "eks:ListClusters", + "eks:ListNodegroups", + "fsx:DescribeFileSystems", + "logs:DescribeLogGroups" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"application-insights.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/application-insights.amazonaws.com/AWSServiceRoleForApplicationInsights" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-01-25T17:51:29+00:00" + }, + "CloudWatchApplicationInsightsReadOnlyAccess":{ + "CreateDate":"2020-11-24T18:48:00+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "applicationinsights:Describe*", + "applicationinsights:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-11-24T18:48:00+00:00" + }, + "CloudWatchAutomaticDashboardsAccess":{ + "CreateDate":"2019-07-23T10:01:08+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "autoscaling:DescribeAutoScalingGroups", + "cloudfront:GetDistribution", + "cloudfront:ListDistributions", + "dynamodb:DescribeTable", + "dynamodb:ListTables", + "ec2:DescribeInstances", + "ec2:DescribeVolumes", + "ecs:DescribeClusters", + "ecs:DescribeContainerInstances", + "ecs:ListClusters", + "ecs:ListContainerInstances", + "ecs:ListServices", + "elasticache:DescribeCacheClusters", + "elasticbeanstalk:DescribeEnvironments", + "elasticfilesystem:DescribeFileSystems", + "elasticloadbalancing:DescribeLoadBalancers", + "kinesis:DescribeStream", + "kinesis:ListStreams", + "lambda:GetFunction", + "lambda:ListFunctions", + "rds:DescribeDBClusters", + "rds:DescribeDBInstances", + "resource-groups:ListGroupResources", + "resource-groups:ListGroups", + "route53:GetHealthCheck", + "route53:ListHealthChecks", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "sns:ListTopics", + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "sqs:ListQueues", + "synthetics:DescribeCanariesLastRun", + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "apigateway:GET" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:apigateway:*::/restapis*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-04-20T13:05:40+00:00" + }, + "CloudWatchEventsBuiltInTargetExecutionAccess":{ + "CreateDate":"2016-01-14T18:35:49+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:Describe*", + "ec2:RebootInstances", + "ec2:StopInstances", + "ec2:TerminateInstances", + "ec2:CreateSnapshot" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudWatchEventsBuiltInTargetExecutionAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-01-14T18:35:49+00:00" + }, + "CloudWatchEventsFullAccess":{ + "CreateDate":"2016-01-14T18:37:08+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"events:*", + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudWatchEventsFullAccess" + }, + { + "Action":"iam:PassRole", + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/AWS_Events_Invoke_Targets", + "Sid":"IAMPassRoleForCloudWatchEvents" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-01-14T18:37:08+00:00" + }, + "CloudWatchEventsInvocationAccess":{ + "CreateDate":"2016-01-14T18:36:33+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "kinesis:PutRecord" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudWatchEventsInvocationAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-01-14T18:36:33+00:00" + }, + "CloudWatchEventsReadOnlyAccess":{ + "CreateDate":"2016-01-14T18:27:18+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "events:DescribeRule", + "events:ListRuleNamesByTarget", + "events:ListRules", + "events:ListTargetsByRule", + "events:TestEventPattern", + "events:DescribeEventBus" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudWatchEventsReadOnlyAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-08-10T17:25:34+00:00" + }, + "CloudWatchEventsServiceRolePolicy":{ + "CreateDate":"2017-11-17T00:42:04+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:DescribeAlarms", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstances", + "ec2:DescribeSnapshots", + "ec2:DescribeVolumeStatus", + "ec2:DescribeVolumes", + "ec2:RebootInstances", + "ec2:StopInstances", + "ec2:TerminateInstances", + "ec2:CreateSnapshot" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-11-17T00:42:04+00:00" + }, + "CloudWatchFullAccess":{ + "CreateDate":"2015-02-06T18:40:00+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "autoscaling:Describe*", + "cloudwatch:*", + "logs:*", + "sns:*", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"events.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-08-09T19:10:43+00:00" + }, + "CloudWatchLambdaInsightsExecutionRolePolicy":{ + "CreateDate":"2020-10-07T19:27:06+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"logs:CreateLogGroup", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/lambda-insights:*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-10-07T19:27:06+00:00" + }, + "CloudWatchLogsFullAccess":{ + "CreateDate":"2015-02-06T18:40:02+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:40:02+00:00" + }, + "CloudWatchLogsReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:40:03+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:Describe*", + "logs:Get*", + "logs:List*", + "logs:StartQuery", + "logs:StopQuery", + "logs:TestMetricFilter", + "logs:FilterLogEvents" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-01-14T19:32:45+00:00" + }, + "CloudWatchReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:40:01+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "autoscaling:Describe*", + "cloudwatch:Describe*", + "cloudwatch:Get*", + "cloudwatch:List*", + "logs:Get*", + "logs:List*", + "logs:StartQuery", + "logs:StopQuery", + "logs:Describe*", + "logs:TestMetricFilter", + "logs:FilterLogEvents", + "sns:Get*", + "sns:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-07-17T17:49:09+00:00" + }, + "CloudWatchSyntheticsFullAccess":{ + "CreateDate":"2019-11-25T17:39:46+00:00", + "DefaultVersionId":"v9", + "Document":{ + "Statement":[ + { + "Action":[ + "synthetics:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:CreateBucket", + "s3:PutEncryptionConfiguration" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::cw-syn-results-*" + ] + }, + { + "Action":[ + "iam:ListRoles", + "s3:ListAllMyBuckets", + "xray:GetTraceSummaries", + "xray:BatchGetTraces", + "apigateway:GET" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetBucketLocation" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::*" + }, + { + "Action":[ + "s3:GetObject", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::cw-syn-*" + }, + { + "Action":[ + "s3:GetObjectVersion" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::aws-synthetics-library-*" + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "lambda.amazonaws.com", + "synthetics.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/CloudWatchSyntheticsRole*" + ] + }, + { + "Action":[ + "iam:GetRole", + "iam:ListAttachedRolePolicies" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/service-role/CloudWatchSyntheticsRole*" + ] + }, + { + "Action":[ + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:PutMetricAlarm", + "cloudwatch:DeleteAlarms" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudwatch:*:*:alarm:Synthetics-*" + ] + }, + { + "Action":[ + "cloudwatch:DescribeAlarms" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudwatch:*:*:alarm:*" + ] + }, + { + "Action":[ + "lambda:CreateFunction", + "lambda:AddPermission", + "lambda:PublishVersion", + "lambda:UpdateFunctionCode", + "lambda:UpdateFunctionConfiguration", + "lambda:GetFunctionConfiguration", + "lambda:DeleteFunction" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:function:cwsyn-*" + ] + }, + { + "Action":[ + "lambda:GetLayerVersion", + "lambda:PublishLayerVersion", + "lambda:DeleteLayerVersion" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:lambda:*:*:layer:cwsyn-*", + "arn:aws:lambda:*:*:layer:Synthetics:*" + ] + }, + { + "Action":[ + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "sns:ListTopics" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "sns:CreateTopic", + "sns:Subscribe", + "sns:ListSubscriptionsByTopic" + ], + "Effect":"Allow", + "Resource":[ + "arn:*:sns:*:*:Synthetics-*" + ] + }, + { + "Action":[ + "kms:ListAliases" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:DescribeKey" + ], + "Effect":"Allow", + "Resource":"arn:aws:kms:*:*:key/*" + }, + { + "Action":[ + "kms:Decrypt" + ], + "Condition":{ + "StringLike":{ + "kms:ViaService":[ + "s3.*.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:kms:*:*:key/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-06T18:14:01+00:00" + }, + "CloudWatchSyntheticsReadOnlyAccess":{ + "CreateDate":"2019-11-25T17:45:40+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "synthetics:Describe*", + "synthetics:Get*", + "synthetics:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-03-06T19:26:01+00:00" + }, + "CloudwatchApplicationInsightsServiceLinkedRolePolicy":{ + "CreateDate":"2018-12-01T16:22:12+00:00", + "DefaultVersionId":"v19", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:DescribeAlarmHistory", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricData", + "cloudwatch:ListMetrics", + "cloudwatch:PutMetricAlarm", + "cloudwatch:DeleteAlarms", + "cloudwatch:PutAnomalyDetector", + "cloudwatch:DeleteAnomalyDetector", + "cloudwatch:DescribeAnomalyDetectors" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "logs:FilterLogEvents", + "logs:GetLogEvents", + "logs:DescribeLogStreams", + "logs:DescribeLogGroups" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "events:DescribeRule" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "cloudFormation:CreateStack", + "cloudFormation:UpdateStack", + "cloudFormation:DeleteStack", + "cloudFormation:DescribeStackResources" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:cloudformation:*:*:stack/ApplicationInsights-*" + ] + }, + { + "Action":[ + "cloudFormation:DescribeStacks", + "cloudFormation:ListStackResources" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "resource-groups:ListGroupResources", + "resource-groups:GetGroupQuery", + "resource-groups:GetGroup" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "resource-groups:CreateGroup", + "resource-groups:DeleteGroup" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:resource-groups:*:*:group/ApplicationInsights-*" + ] + }, + { + "Action":[ + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "autoscaling:DescribeAutoScalingGroups" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ssm:PutParameter", + "ssm:DeleteParameter", + "ssm:AddTagsToResource", + "ssm:RemoveTagsFromResource", + "ssm:GetParameters" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:parameter/AmazonCloudWatch-ApplicationInsights-*" + }, + { + "Action":[ + "ssm:CreateAssociation", + "ssm:UpdateAssociation", + "ssm:DeleteAssociation", + "ssm:DescribeAssociation" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ssm:*:*:association/*", + "arn:aws:ssm:*:*:managed-instance/*", + "arn:aws:ssm:*:*:document/AWSEC2-ApplicationInsightsCloudwatchAgentInstallAndConfigure", + "arn:aws:ssm:*:*:document/AWS-ConfigureAWSPackage", + "arn:aws:ssm:*:*:document/AmazonCloudWatch-ManageAgent" + ] + }, + { + "Action":[ + "ssm:GetOpsItem", + "ssm:CreateOpsItem", + "ssm:DescribeOpsItems", + "ssm:UpdateOpsItem", + "ssm:DescribeInstanceInformation" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ssm:AddTagsToResource" + ], + "Effect":"Allow", + "Resource":"arn:aws:ssm:*:*:opsitem/*" + }, + { + "Action":[ + "ssm:ListCommandInvocations" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"ssm:SendCommand", + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ssm:*:*:document/AWSEC2-CheckPerformanceCounterSets", + "arn:aws:ssm:*:*:document/AWS-ConfigureAWSPackage", + "arn:aws:ssm:*:*:document/AWSEC2-DetectWorkload", + "arn:aws:ssm:*:*:document/AmazonCloudWatch-ManageAgent" + ] + }, + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeVolumes", + "ec2:DescribeVolumeStatus" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "rds:DescribeDBInstances", + "rds:DescribeDBClusters" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "lambda:ListFunctions", + "lambda:GetFunctionConfiguration", + "lambda:ListEventSourceMappings" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "events:PutRule", + "events:PutTargets", + "events:RemoveTargets", + "events:DeleteRule" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:events:*:*:rule/AmazonCloudWatch-ApplicationInsights-*" + ] + }, + { + "Action":[ + "xray:GetServiceGraph", + "xray:GetTraceSummaries", + "xray:GetTimeSeriesServiceStatistics", + "xray:GetTraceGraph" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "dynamodb:ListTables", + "dynamodb:DescribeTable", + "dynamodb:DescribeContributorInsights", + "dynamodb:DescribeTimeToLive" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "application-autoscaling:DescribeScalableTargets" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "s3:ListAllMyBuckets", + "s3:GetMetricsConfiguration", + "s3:GetReplicationConfiguration" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "states:ListStateMachines", + "states:DescribeExecution", + "states:DescribeStateMachine", + "states:GetExecutionHistory" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "apigateway:GET" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ecs:DescribeClusters", + "ecs:DescribeContainerInstances", + "ecs:DescribeServices", + "ecs:DescribeTaskDefinition", + "ecs:DescribeTasks", + "ecs:DescribeTaskSets", + "ecs:ListClusters", + "ecs:ListContainerInstances", + "ecs:ListServices", + "ecs:ListTasks" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ecs:UpdateClusterSettings" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ecs:*:*:cluster/*" + ] + }, + { + "Action":[ + "eks:DescribeCluster", + "eks:DescribeFargateProfile", + "eks:DescribeNodegroup", + "eks:ListClusters", + "eks:ListFargateProfiles", + "eks:ListNodegroups", + "fsx:DescribeFileSystems" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "sns:GetSubscriptionAttributes", + "sns:GetTopicAttributes", + "sns:GetSMSAttributes", + "sns:ListSubscriptionsByTopic", + "sns:ListTopics" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "sqs:ListQueues" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:DeleteSubscriptionFilter" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:*" + ] + }, + { + "Action":[ + "logs:PutSubscriptionFilter" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:*", + "arn:aws:logs:*:*:destination:AmazonCloudWatch-ApplicationInsights-LogIngestionDestination*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-01-25T17:51:32+00:00" + }, + "ComprehendDataAccessRolePolicy":{ + "CreateDate":"2019-03-06T22:28:15+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":{ + "Action":[ + "s3:GetObject", + "s3:ListBucket", + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*Comprehend*", + "arn:aws:s3:::*comprehend*" + ] + }, + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-03-06T22:28:15+00:00" + }, + "ComprehendFullAccess":{ + "CreateDate":"2017-11-29T18:08:43+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "comprehend:*", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:GetBucketLocation", + "iam:ListRoles", + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-12-05T01:36:24+00:00" + }, + "ComprehendMedicalFullAccess":{ + "CreateDate":"2018-11-27T17:55:52+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "comprehendmedical:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-11-27T17:55:52+00:00" + }, + "ComprehendReadOnly":{ + "CreateDate":"2017-11-29T18:10:19+00:00", + "DefaultVersionId":"v11", + "Document":{ + "Statement":[ + { + "Action":[ + "comprehend:DetectDominantLanguage", + "comprehend:BatchDetectDominantLanguage", + "comprehend:DetectEntities", + "comprehend:BatchDetectEntities", + "comprehend:DetectKeyPhrases", + "comprehend:BatchDetectKeyPhrases", + "comprehend:DetectPiiEntities", + "comprehend:ContainsPiiEntities", + "comprehend:DetectSentiment", + "comprehend:BatchDetectSentiment", + "comprehend:DetectSyntax", + "comprehend:BatchDetectSyntax", + "comprehend:ClassifyDocument", + "comprehend:DescribeTopicsDetectionJob", + "comprehend:ListTopicsDetectionJobs", + "comprehend:DescribeDominantLanguageDetectionJob", + "comprehend:ListDominantLanguageDetectionJobs", + "comprehend:DescribeEntitiesDetectionJob", + "comprehend:ListEntitiesDetectionJobs", + "comprehend:DescribeKeyPhrasesDetectionJob", + "comprehend:ListKeyPhrasesDetectionJobs", + "comprehend:DescribePiiEntitiesDetectionJob", + "comprehend:ListPiiEntitiesDetectionJobs", + "comprehend:DescribeSentimentDetectionJob", + "comprehend:DescribeTargetedSentimentDetectionJob", + "comprehend:ListSentimentDetectionJobs", + "comprehend:ListTargetedSentimentDetectionJobs", + "comprehend:DescribeDocumentClassifier", + "comprehend:ListDocumentClassifiers", + "comprehend:DescribeDocumentClassificationJob", + "comprehend:ListDocumentClassificationJobs", + "comprehend:DescribeEntityRecognizer", + "comprehend:ListEntityRecognizers", + "comprehend:ListTagsForResource", + "comprehend:DescribeEndpoint", + "comprehend:ListEndpoints", + "comprehend:ListDocumentClassifierSummaries", + "comprehend:ListEntityRecognizerSummaries", + "comprehend:DescribeResourcePolicy" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-26T21:32:41+00:00" + }, + "ComputeOptimizerReadOnlyAccess":{ + "CreateDate":"2020-03-07T00:11:02+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "compute-optimizer:DescribeRecommendationExportJobs", + "compute-optimizer:GetEnrollmentStatus", + "compute-optimizer:GetEnrollmentStatusesForOrganization", + "compute-optimizer:GetRecommendationSummaries", + "compute-optimizer:GetEC2InstanceRecommendations", + "compute-optimizer:GetEC2RecommendationProjectedMetrics", + "compute-optimizer:GetAutoScalingGroupRecommendations", + "compute-optimizer:GetEBSVolumeRecommendations", + "compute-optimizer:GetLambdaFunctionRecommendations", + "compute-optimizer:GetRecommendationPreferences", + "compute-optimizer:GetEffectiveRecommendationPreferences", + "ec2:DescribeInstances", + "ec2:DescribeVolumes", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeAutoScalingInstances", + "lambda:ListFunctions", + "lambda:ListProvisionedConcurrencyConfigs", + "cloudwatch:GetMetricData", + "organizations:ListAccounts", + "organizations:DescribeOrganization", + "organizations:DescribeAccount" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-11-29T16:03:07+00:00" + }, + "ComputeOptimizerServiceRolePolicy":{ + "CreateDate":"2019-12-03T08:45:19+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "compute-optimizer:*" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ComputeOptimizerFullAccess" + }, + { + "Action":[ + "organizations:DescribeOrganization", + "organizations:ListAccounts", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListDelegatedAdministrators" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"AwsOrgsAccess" + }, + { + "Action":[ + "cloudwatch:GetMetricData" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"CloudWatchAccess" + }, + { + "Action":[ + "autoscaling:DescribeAutoScalingInstances", + "autoscaling:DescribeAutoScalingGroups" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"AutoScalingAccess" + }, + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeVolumes" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"Ec2Access" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-13T19:05:04+00:00" + }, + "ConfigConformsServiceRolePolicy":{ + "CreateDate":"2019-07-25T21:38:05+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "config:PutConfigRule", + "config:DeleteConfigRule", + "config:DescribeConfigRules" + ], + "Effect":"Allow", + "Resource":"arn:aws:config:*:*:config-rule/aws-service-rule/config-conforms.amazonaws.com*" + }, + { + "Action":[ + "config:DescribeRemediationConfigurations", + "config:DeleteRemediationConfiguration", + "config:PutRemediationConfigurations" + ], + "Effect":"Allow", + "Resource":"arn:aws:config:*:*:remediation-configuration/aws-service-remediation-configuration/config-conforms.amazonaws.com*" + }, + { + "Action":[ + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/*" + }, + { + "Action":[ + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/remediation.config.amazonaws.com/AWSServiceRoleForConfigRemediation" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"remediation.config.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/remediation.config.amazonaws.com/AWSServiceRoleForConfigRemediation" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"ssm.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ssm:DescribeDocument", + "ssm:GetDocument" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:PutObject", + "s3:PutObjectAcl", + "s3:GetObject", + "s3:GetBucketAcl" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::awsconfigconforms*" + }, + { + "Action":[ + "cloudformation:CreateStack", + "cloudformation:DeleteStack", + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStackResource", + "cloudformation:DescribeStackResources", + "cloudformation:DescribeStacks", + "cloudformation:GetStackPolicy", + "cloudformation:SetStackPolicy", + "cloudformation:UpdateStack", + "cloudformation:UpdateTerminationProtection", + "cloudformation:ValidateTemplate", + "cloudformation:ListStackResources" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudformation:*:*:stack/awsconfigconforms-*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-11-13T18:29:21+00:00" + }, + "DAXServiceRolePolicy":{ + "CreateDate":"2018-03-05T17:51:25+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup", + "ec2:DeleteNetworkInterface", + "ec2:DeleteSecurityGroup", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:RevokeSecurityGroupIngress" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-03-05T17:51:25+00:00" + }, + "DataScientist":{ + "CreateDate":"2016-11-10T17:28:48+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "autoscaling:*", + "cloudwatch:*", + "cloudformation:CreateStack", + "cloudformation:DescribeStackEvents", + "datapipeline:Describe*", + "datapipeline:ListPipelines", + "datapipeline:GetPipelineDefinition", + "datapipeline:QueryObjects", + "dynamodb:*", + "ec2:CancelSpotInstanceRequests", + "ec2:CancelSpotFleetRequests", + "ec2:CreateTags", + "ec2:DeleteTags", + "ec2:Describe*", + "ec2:ModifyImageAttribute", + "ec2:ModifyInstanceAttribute", + "ec2:ModifySpotFleetRequest", + "ec2:RequestSpotInstances", + "ec2:RequestSpotFleet", + "elasticfilesystem:*", + "elasticmapreduce:*", + "es:*", + "firehose:*", + "fsx:DescribeFileSystems", + "iam:GetInstanceProfile", + "iam:GetRole", + "iam:GetPolicy", + "iam:GetPolicyVersion", + "iam:ListRoles", + "kinesis:*", + "kms:List*", + "lambda:Create*", + "lambda:Delete*", + "lambda:Get*", + "lambda:InvokeFunction", + "lambda:PublishVersion", + "lambda:Update*", + "lambda:List*", + "machinelearning:*", + "sdb:*", + "rds:*", + "sns:ListSubscriptions", + "sns:ListTopics", + "logs:DescribeLogStreams", + "logs:GetLogEvents", + "redshift:*", + "s3:CreateBucket", + "sns:CreateTopic", + "sns:Get*", + "sns:List*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:Abort*", + "s3:DeleteObject", + "s3:Get*", + "s3:List*", + "s3:PutAccelerateConfiguration", + "s3:PutBucketCors", + "s3:PutBucketLogging", + "s3:PutBucketNotification", + "s3:PutBucketTagging", + "s3:PutObject", + "s3:Replicate*", + "s3:RestoreObject" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ec2:RunInstances", + "ec2:TerminateInstances" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/DataPipelineDefaultRole", + "arn:aws:iam::*:role/DataPipelineDefaultResourceRole", + "arn:aws:iam::*:role/EMR_EC2_DefaultRole", + "arn:aws:iam::*:role/EMR_DefaultRole", + "arn:aws:iam::*:role/kinesis-*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"sagemaker.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sagemaker:*" + ], + "Effect":"Allow", + "NotResource":[ + "arn:aws:sagemaker:*:*:domain/*", + "arn:aws:sagemaker:*:*:user-profile/*", + "arn:aws:sagemaker:*:*:app/*", + "arn:aws:sagemaker:*:*:flow-definition/*" + ] + }, + { + "Action":[ + "sagemaker:CreatePresignedDomainUrl", + "sagemaker:DescribeDomain", + "sagemaker:ListDomains", + "sagemaker:DescribeUserProfile", + "sagemaker:ListUserProfiles", + "sagemaker:*App", + "sagemaker:ListApps" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sagemaker:*FlowDefinition", + "sagemaker:*FlowDefinitions" + ], + "Condition":{ + "StringEqualsIfExists":{ + "sagemaker:WorkteamType":[ + "private-crowd", + "vendor-crowd" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/job-function/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-12-03T16:48:34+00:00" + }, + "DatabaseAdministrator":{ + "CreateDate":"2016-11-10T17:25:43+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:DeleteAlarms", + "cloudwatch:Describe*", + "cloudwatch:DisableAlarmActions", + "cloudwatch:EnableAlarmActions", + "cloudwatch:Get*", + "cloudwatch:List*", + "cloudwatch:PutMetricAlarm", + "datapipeline:ActivatePipeline", + "datapipeline:CreatePipeline", + "datapipeline:DeletePipeline", + "datapipeline:DescribeObjects", + "datapipeline:DescribePipelines", + "datapipeline:GetPipelineDefinition", + "datapipeline:ListPipelines", + "datapipeline:PutPipelineDefinition", + "datapipeline:QueryObjects", + "dynamodb:*", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "elasticache:*", + "iam:ListRoles", + "iam:GetRole", + "kms:ListKeys", + "lambda:CreateEventSourceMapping", + "lambda:CreateFunction", + "lambda:DeleteEventSourceMapping", + "lambda:DeleteFunction", + "lambda:GetFunctionConfiguration", + "lambda:ListEventSourceMappings", + "lambda:ListFunctions", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:FilterLogEvents", + "logs:GetLogEvents", + "logs:Create*", + "logs:PutLogEvents", + "logs:PutMetricFilter", + "rds:*", + "redshift:*", + "s3:CreateBucket", + "sns:CreateTopic", + "sns:DeleteTopic", + "sns:Get*", + "sns:List*", + "sns:SetTopicAttributes", + "sns:Subscribe", + "sns:Unsubscribe" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:AbortMultipartUpload", + "s3:DeleteObject*", + "s3:Get*", + "s3:List*", + "s3:PutAccelerateConfiguration", + "s3:PutBucketTagging", + "s3:PutBucketVersioning", + "s3:PutBucketWebsite", + "s3:PutLifecycleConfiguration", + "s3:PutReplicationConfiguration", + "s3:PutObject*", + "s3:Replicate*", + "s3:RestoreObject" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/rds-monitoring-role", + "arn:aws:iam::*:role/rdbms-lambda-access", + "arn:aws:iam::*:role/lambda_exec_role", + "arn:aws:iam::*:role/lambda-dynamodb-*", + "arn:aws:iam::*:role/lambda-vpc-execution-role", + "arn:aws:iam::*:role/DataPipelineDefaultRole", + "arn:aws:iam::*:role/DataPipelineDefaultResourceRole" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/job-function/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-01-08T00:48:02+00:00" + }, + "DynamoDBCloudWatchContributorInsightsServiceRolePolicy":{ + "CreateDate":"2019-11-15T21:13:58+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudwatch:DeleteInsightRules", + "cloudwatch:PutInsightRule" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*" + }, + { + "Action":[ + "cloudwatch:DescribeInsightRules" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-11-15T21:13:58+00:00" + }, + "DynamoDBKinesisReplicationServiceRolePolicy":{ + "CreateDate":"2020-11-12T00:43:25+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"kms:GenerateDataKey", + "Condition":{ + "StringLike":{ + "kms:ViaService":"kinesis.*.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kinesis:PutRecord", + "kinesis:PutRecords", + "kinesis:DescribeStream" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-11-12T00:43:25+00:00" + }, + "DynamoDBReplicationServiceRolePolicy":{ + "CreateDate":"2017-11-09T23:55:34+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "dynamodb:GetItem", + "dynamodb:PutItem", + "dynamodb:UpdateItem", + "dynamodb:DeleteItem", + "dynamodb:DescribeTable", + "dynamodb:UpdateTable", + "dynamodb:Scan", + "dynamodb:DescribeStream", + "dynamodb:GetRecords", + "dynamodb:GetShardIterator", + "dynamodb:DescribeTimeToLive", + "dynamodb:UpdateTimeToLive", + "dynamodb:DescribeLimits", + "application-autoscaling:RegisterScalableTarget", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:PutScalingPolicy", + "application-autoscaling:DescribeScalingPolicies" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "dynamodb.application-autoscaling.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-09-09T18:43:04+00:00" + }, + "EC2FastLaunchServiceRolePolicy":{ + "CreateDate":"2022-01-10T13:08:21+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:RunInstances" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*::image/*", + "arn:aws:ec2:*:*:key-pair/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:launch-template/*" + ] + }, + { + "Action":[ + "ec2:RunInstances" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/CreatedBy":"EC2 Fast Launch" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "ec2.amazonaws.com", + "ec2.amazonaws.com.cn" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:StopInstances", + "ec2:TerminateInstances" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/CreatedBy":"EC2 Fast Launch" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":"ec2:CreateSnapshot", + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/CreatedBy":"EC2 Fast Launch" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:volume/*" + ] + }, + { + "Action":"ec2:CreateSnapshot", + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:TagKeys":[ + "CreatedByLaunchTemplateName", + "CreatedByLaunchTemplateId" + ] + }, + "StringEquals":{ + "aws:RequestTag/CreatedBy":"EC2 Fast Launch" + }, + "StringLike":{ + "aws:RequestTag/CreatedByLaunchTemplateVersion":"*" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:snapshot/*" + ], + "Sid":"AllowCreateTaggedSnapshot" + }, + { + "Action":"ec2:CreateLaunchTemplate", + "Condition":{ + "StringEquals":{ + "aws:RequestTag/CreatedBy":"EC2 Fast Launch" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:launch-template/*" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":[ + "CreateSnapshot", + "RunInstances", + "CreateLaunchTemplate" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:volume/*", + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:snapshot/*", + "arn:aws:ec2:*:*:launch-template/*" + ] + }, + { + "Action":[ + "ec2:DeleteSnapshot" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/CreatedBy":"EC2 Fast Launch" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:snapshot/*" + ] + }, + { + "Action":[ + "ec2:DescribeImages", + "ec2:DescribeSnapshots", + "ec2:DescribeSubnets", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstanceStatus", + "ec2:DescribeInstances", + "ec2:DescribeInstanceTypeOfferings", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeLaunchTemplates" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"cloudwatch:PutMetricData", + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/EC2" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-01-10T13:08:21+00:00" + }, + "EC2FleetTimeShiftableServiceRolePolicy":{ + "CreateDate":"2019-12-23T19:47:15+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeImages", + "ec2:DescribeSubnets", + "ec2:DescribeInstances", + "ec2:RunInstances", + "ec2:CreateFleet" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "iam:PassRole" + ], + "Condition":{ + "StringEquals":{ + "iam:PassedToService":[ + "ec2.amazonaws.com", + "ec2.amazonaws.com.cn" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:spot-instances-request/*" + ] + }, + { + "Action":[ + "ec2:TerminateInstances" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/aws:ec2:fleet-id":"*" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-12-23T19:47:15+00:00" + }, + "EC2InstanceConnect":{ + "CreateDate":"2019-06-27T18:53:34+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:DescribeInstances", + "ec2-instance-connect:SendSSHPublicKey" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"EC2InstanceConnect" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-27T18:53:34+00:00" + }, + "EC2InstanceProfileForImageBuilder":{ + "CreateDate":"2019-12-01T19:08:23+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "imagebuilder:GetComponent" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:Decrypt" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "imagebuilder.amazonaws.com" + ], + "kms:EncryptionContextKeys":"aws:imagebuilder:arn" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::ec2imagebuilder*" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:CreateLogGroup", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/imagebuilder/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-27T16:40:50+00:00" + }, + "EC2InstanceProfileForImageBuilderECRContainerBuilds":{ + "CreateDate":"2020-12-11T19:48:15+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "imagebuilder:GetComponent", + "imagebuilder:GetContainerRecipe", + "ecr:GetAuthorizationToken", + "ecr:BatchGetImage", + "ecr:InitiateLayerUpload", + "ecr:UploadLayerPart", + "ecr:CompleteLayerUpload", + "ecr:BatchCheckLayerAvailability", + "ecr:GetDownloadUrlForLayer", + "ecr:PutImage" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:Decrypt" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws:CalledVia":[ + "imagebuilder.amazonaws.com" + ], + "kms:EncryptionContextKeys":"aws:imagebuilder:arn" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::ec2imagebuilder*" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:CreateLogGroup", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/imagebuilder/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-11T19:48:15+00:00" + }, + "ECRReplicationServiceRolePolicy":{ + "CreateDate":"2020-12-04T22:11:28+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ecr:CreateRepository", + "ecr:ReplicateImage" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-04T22:11:28+00:00" + }, + "Ec2ImageBuilderCrossAccountDistributionAccess":{ + "CreateDate":"2020-09-30T19:22:54+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"ec2:CreateTags", + "Effect":"Allow", + "Resource":"arn:aws:ec2:*::image/*" + }, + { + "Action":[ + "ec2:DescribeImages", + "ec2:CopyImage", + "ec2:ModifyImageAttribute" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-09-30T19:22:54+00:00" + }, + "ElastiCacheServiceRolePolicy":{ + "CreateDate":"2017-12-07T17:50:04+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateNetworkInterface", + "ec2:CreateSecurityGroup", + "ec2:DeleteNetworkInterface", + "ec2:DeleteSecurityGroup", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:RevokeSecurityGroupIngress", + "cloudwatch:PutMetricData", + "outposts:GetOutpost", + "outposts:GetOutpostInstanceTypes", + "outposts:ListOutposts", + "outposts:ListSites" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-02-06T21:27:13+00:00" + }, + "ElasticLoadBalancingFullAccess":{ + "CreateDate":"2018-09-20T20:42:07+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":"elasticloadbalancing:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeInternetGateways", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "ec2:DescribeVpcClassicLink", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeClassicLinkInstances", + "ec2:DescribeRouteTables", + "ec2:DescribeCoipPools", + "ec2:GetCoipPoolUsage", + "ec2:DescribeVpcPeeringConnections", + "cognito-idp:DescribeUserPoolClient" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"elasticloadbalancing.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-26T18:32:13+00:00" + }, + "ElasticLoadBalancingReadOnly":{ + "CreateDate":"2018-09-20T20:17:09+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"elasticloadbalancing:Describe*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeInstances", + "ec2:DescribeClassicLinkInstances", + "ec2:DescribeSecurityGroups" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-09-20T20:17:09+00:00" + }, + "ElementalActivationsDownloadSoftwareAccess":{ + "CreateDate":"2020-09-08T17:26:09+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "elemental-activations:Get*", + "elemental-activations:Download*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-09-08T17:26:09+00:00" + }, + "ElementalActivationsFullAccess":{ + "CreateDate":"2020-06-04T21:00:13+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "elemental-activations:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-04T21:00:13+00:00" + }, + "ElementalActivationsGenerateLicenses":{ + "CreateDate":"2020-08-28T18:28:58+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "elemental-activations:Get*", + "elemental-activations:GenerateLicenses", + "elemental-activations:StartFileUpload", + "elemental-activations:CompleteFileUpload" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-28T18:28:58+00:00" + }, + "ElementalActivationsReadOnlyAccess":{ + "CreateDate":"2020-08-28T16:51:01+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "elemental-activations:Get*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-28T16:51:01+00:00" + }, + "ElementalAppliancesSoftwareFullAccess":{ + "CreateDate":"2019-07-31T16:28:53+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "elemental-appliances-software:*", + "elemental-activations:CompleteAccountRegistration" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-02-05T21:01:25+00:00" + }, + "ElementalAppliancesSoftwareReadOnlyAccess":{ + "CreateDate":"2020-04-01T22:31:09+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "elemental-appliances-software:List*", + "elemental-appliances-software:Get*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-04-01T22:31:09+00:00" + }, + "ElementalSupportCenterFullAccess":{ + "CreateDate":"2020-11-25T18:08:30+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "elemental-support-cases:*", + "elemental-support-content:*", + "elemental-activations:CompleteAccountRegistration" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-02-05T21:02:54+00:00" + }, + "FMSServiceRolePolicy":{ + "CreateDate":"2018-03-28T23:01:12+00:00", + "DefaultVersionId":"v25", + "Document":{ + "Statement":[ + { + "Action":[ + "waf:UpdateWebACL", + "waf:DeleteWebACL", + "waf:GetWebACL", + "waf:GetRuleGroup", + "waf:ListSubscribedRuleGroups", + "waf-regional:UpdateWebACL", + "waf-regional:DeleteWebACL", + "waf-regional:GetWebACL", + "waf-regional:GetRuleGroup", + "waf-regional:ListSubscribedRuleGroups", + "waf-regional:ListResourcesForWebACL", + "waf-regional:AssociateWebACL", + "waf-regional:DisassociateWebACL", + "elasticloadbalancing:SetWebACL", + "apigateway:SetWebACL", + "elasticloadbalancing:SetSecurityGroups", + "waf:ListTagsForResource", + "waf-regional:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:waf:*:*:webacl/*", + "arn:aws:waf-regional:*:*:webacl/*", + "arn:aws:waf:*:*:rulegroup/*", + "arn:aws:waf-regional:*:*:rulegroup/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*", + "arn:aws:apigateway:*::/restapis/*/stages/*" + ] + }, + { + "Action":[ + "wafv2:PutLoggingConfiguration", + "wafv2:GetLoggingConfiguration", + "wafv2:ListLoggingConfigurations", + "wafv2:DeleteLoggingConfiguration" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:wafv2:*:*:regional/webacl/*", + "arn:aws:wafv2:*:*:global/webacl/*" + ] + }, + { + "Action":[ + "waf:CreateWebACL", + "waf-regional:CreateWebACL", + "waf:GetChangeToken", + "waf-regional:GetChangeToken", + "waf-regional:GetWebACLForResource" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:waf:*:*:*", + "arn:aws:waf-regional:*:*:*" + ] + }, + { + "Action":[ + "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", + "elasticloadbalancing:DescribeTags" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "waf:PutPermissionPolicy", + "waf:GetPermissionPolicy", + "waf:DeletePermissionPolicy", + "waf-regional:PutPermissionPolicy", + "waf-regional:GetPermissionPolicy", + "waf-regional:DeletePermissionPolicy" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:waf:*:*:webacl/*", + "arn:aws:waf:*:*:rulegroup/*", + "arn:aws:waf-regional:*:*:webacl/*", + "arn:aws:waf-regional:*:*:rulegroup/*" + ] + }, + { + "Action":[ + "cloudfront:GetDistribution", + "cloudfront:UpdateDistribution", + "cloudfront:ListDistributionsByWebACLId", + "cloudfront:ListDistributions" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "config:DeleteConfigRule", + "config:DescribeComplianceByConfigRule", + "config:DescribeConfigRuleEvaluationStatus", + "config:DescribeConfigRules", + "config:GetComplianceDetailsByConfigRule", + "config:PutConfigRule", + "config:StartConfigRulesEvaluation" + ], + "Effect":"Allow", + "Resource":"arn:aws:config:*:*:config-rule/aws-service-rule/fms.amazonaws.com/*" + }, + { + "Action":[ + "config:DescribeConfigurationRecorders", + "config:DescribeConfigurationRecorderStatus", + "config:PutConfigurationRecorder", + "config:StartConfigurationRecorder", + "config:PutDeliveryChannel", + "config:DescribeDeliveryChannels", + "config:DescribeDeliveryChannelStatus", + "config:GetComplianceSummaryByConfigRule", + "config:GetDiscoveredResourceCounts", + "config:PutEvaluations", + "config:SelectResourceConfig" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS" + ] + }, + { + "Action":[ + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:ListAccounts", + "organizations:DescribeOrganizationalUnit", + "organizations:ListChildren", + "organizations:ListRoots", + "organizations:ListParents", + "organizations:ListOrganizationalUnitsForParent", + "organizations:ListAWSServiceAccessForOrganization" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "shield:CreateProtection", + "shield:DeleteProtection", + "shield:DescribeProtection", + "shield:ListProtections", + "shield:ListAttacks", + "shield:CreateSubscription", + "shield:DescribeSubscription", + "shield:GetSubscriptionState", + "shield:DescribeDRTAccess", + "shield:DescribeEmergencyContactSettings", + "shield:UpdateEmergencyContactSettings", + "elasticloadbalancing:DescribeLoadBalancers", + "ec2:DescribeAddresses", + "shield:EnableApplicationLayerAutomaticResponse", + "shield:DisableApplicationLayerAutomaticResponse", + "shield:UpdateApplicationLayerAutomaticResponse" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:DeleteSecurityGroup", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:UpdateSecurityGroupRuleDescriptionsEgress", + "ec2:UpdateSecurityGroupRuleDescriptionsIngress", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeInstances" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:security-group/*", + "arn:aws:ec2:*:*:instance/*" + ] + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"CreateSecurityGroup" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*" + ] + }, + { + "Action":[ + "ec2:DeleteTags", + "ec2:CreateTags" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/FMManaged":"*" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:security-group/*" + ] + }, + { + "Action":[ + "ec2:CreateSecurityGroup", + "ec2:DescribeSecurityGroupReferences", + "ec2:DescribeSecurityGroups", + "ec2:DescribeStaleSecurityGroups", + "ec2:DescribeNetworkInterfaces", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:DescribeVpcs", + "ec2:DescribeVpcPeeringConnections" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "wafv2:TagResource", + "wafv2:ListResourcesForWebACL", + "wafv2:AssociateWebACL", + "wafv2:ListTagsForResource", + "wafv2:UntagResource", + "wafv2:GetWebACL", + "wafv2:DisassociateFirewallManager", + "wafv2:DeleteWebACL", + "wafv2:DisassociateWebACL" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:wafv2:*:*:global/webacl/*", + "arn:aws:wafv2:*:*:regional/webacl/*" + ] + }, + { + "Action":[ + "wafv2:UpdateWebACL", + "wafv2:CreateWebACL", + "wafv2:DeleteFirewallManagerRuleGroups", + "wafv2:PutFirewallManagerRuleGroups" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:wafv2:*:*:global/webacl/*", + "arn:aws:wafv2:*:*:regional/webacl/*", + "arn:aws:wafv2:*:*:global/rulegroup/*", + "arn:aws:wafv2:*:*:regional/rulegroup/*", + "arn:aws:wafv2:*:*:global/managedruleset/*", + "arn:aws:wafv2:*:*:regional/managedruleset/*", + "arn:aws:wafv2:*:*:global/ipset/*", + "arn:aws:wafv2:*:*:regional/ipset/*", + "arn:aws:wafv2:*:*:global/regexpatternset/*", + "arn:aws:wafv2:*:*:regional/regexpatternset/*" + ] + }, + { + "Action":[ + "wafv2:PutPermissionPolicy", + "wafv2:GetPermissionPolicy", + "wafv2:DeletePermissionPolicy" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:wafv2:*:*:global/rulegroup/*", + "arn:aws:wafv2:*:*:regional/rulegroup/*" + ] + }, + { + "Action":[ + "cloudfront:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "wafv2:GetWebACLForResource" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:wafv2:*:*:regional/webacl/*" + ] + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "Name", + "FMManaged" + ] + }, + "StringEquals":{ + "ec2:CreateAction":"CreateRouteTable" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:route-table/*" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "Name", + "FMManaged" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*" + ] + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "Name", + "FMManaged" + ] + }, + "StringEquals":{ + "ec2:CreateAction":"CreateVpcEndpoint" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:vpc-endpoint/*" + ] + }, + { + "Action":"ec2:DeleteRouteTable", + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/FMManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:route-table/*" + }, + { + "Action":[ + "ec2:AssociateRouteTable", + "ec2:CreateSubnet", + "ec2:CreateRouteTable", + "ec2:DeleteSubnet", + "ec2:DisassociateRouteTable", + "ec2:ReplaceRouteTableAssociation" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeInternetGateways", + "ec2:DescribeRouteTables", + "ec2:DescribeSubnets", + "ec2:DescribeTags", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeAvailabilityZones" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:CreateVpcEndpoint", + "Condition":{ + "StringEquals":{ + "aws:RequestTag/FMManaged":[ + "true" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:vpc-endpoint/*" + ] + }, + { + "Action":"ec2:CreateVpcEndpoint", + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:vpc/*" + ] + }, + { + "Action":[ + "ec2:DeleteVpcEndpoints" + ], + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/FMManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:vpc-endpoint/*" + }, + { + "Action":[ + "ram:TagResource" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "Name", + "FMManaged" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ram:*:*:resource-share/*" + ] + }, + { + "Action":[ + "ram:AssociateResourceShare", + "ram:UpdateResourceShare", + "ram:DeleteResourceShare" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/FMManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ram:*:*:resource-share/*" + }, + { + "Action":"ram:CreateResourceShare", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "Name", + "FMManaged" + ] + }, + "StringEquals":{ + "aws:RequestTag/FMManaged":[ + "true" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ram:GetResourceShareAssociations", + "ram:GetResourceShares" + ], + "Effect":"Allow", + "Resource":"*", + "Sid":"ram" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":[ + "network-firewall.amazonaws.com", + "shield.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:GetRole", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "network-firewall:TagResource" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "Name", + "FMManaged" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "network-firewall:AssociateSubnets", + "network-firewall:CreateFirewall", + "network-firewall:CreateFirewallPolicy", + "network-firewall:DisassociateSubnets", + "network-firewall:UpdateFirewallDeleteProtection", + "network-firewall:UpdateFirewallPolicy", + "network-firewall:UpdateFirewallPolicyChangeProtection", + "network-firewall:UpdateSubnetChangeProtection", + "network-firewall:AssociateFirewallPolicy", + "network-firewall:DescribeFirewall", + "network-firewall:DescribeFirewallPolicy", + "network-firewall:DescribeRuleGroup", + "network-firewall:ListFirewallPolicies", + "network-firewall:ListFirewalls", + "network-firewall:ListRuleGroups", + "network-firewall:PutResourcePolicy", + "network-firewall:DescribeResourcePolicy", + "network-firewall:DeleteResourcePolicy", + "network-firewall:DescribeLoggingConfiguration", + "network-firewall:UpdateLoggingConfiguration" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "network-firewall:DeleteFirewallPolicy", + "network-firewall:DeleteFirewall" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/FMManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:ListLogDeliveries", + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:DeleteLogDelivery" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "route53resolver:ListFirewallRuleGroupAssociations", + "route53resolver:ListTagsForResource", + "route53resolver:ListFirewallRuleGroups", + "route53resolver:GetFirewallRuleGroupAssociation", + "route53resolver:GetFirewallRuleGroup", + "route53resolver:GetFirewallRuleGroupPolicy", + "route53resolver:PutFirewallRuleGroupPolicy" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "route53resolver:UpdateFirewallRuleGroupAssociation", + "route53resolver:DisassociateFirewallRuleGroup" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/FMManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:route53resolver:*:*:firewall-rule-group-association/*" + }, + { + "Action":[ + "route53resolver:AssociateFirewallRuleGroup", + "route53resolver:TagResource" + ], + "Condition":{ + "StringEquals":{ + "aws:RequestTag/FMManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:route53resolver:*:*:firewall-rule-group-association/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-06-24T20:29:28+00:00" + }, + "FSxDeleteServiceLinkedRoleAccess":{ + "CreateDate":"2018-11-28T10:40:24+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus", + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"arn:*:iam::*:role/aws-service-role/s3.data-source.lustre.fsx.amazonaws.com/AWSServiceRoleForFSxS3Access_*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-11-28T10:40:24+00:00" + }, + "GameLiftGameServerGroupPolicy":{ + "CreateDate":"2020-04-03T23:12:19+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":"ec2:TerminateInstances", + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/GameLift":"GameServerGroups" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "autoscaling:CompleteLifecycleAction", + "autoscaling:ResumeProcesses", + "autoscaling:EnterStandby", + "autoscaling:SetInstanceProtection", + "autoscaling:UpdateAutoScalingGroup", + "autoscaling:SuspendProcesses", + "autoscaling:DetachInstances" + ], + "Condition":{ + "StringEquals":{ + "aws:ResourceTag/GameLift":"GameServerGroups" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeImages", + "ec2:DescribeInstances", + "autoscaling:DescribeAutoScalingGroups", + "ec2:DescribeLaunchTemplateVersions", + "ec2:DescribeSubnets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"sns:Publish", + "Effect":"Allow", + "Resource":[ + "arn:*:sns:*:*:ActivatingLifecycleHookTopic-*", + "arn:*:sns:*:*:TerminatingLifecycleHookTopic-*" + ] + }, + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/GameLift" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-05-13T17:27:43+00:00" + }, + "GlobalAcceleratorFullAccess":{ + "CreateDate":"2018-11-27T02:44:44+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "globalaccelerator:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"elasticloadbalancing:DescribeLoadBalancers", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeAddresses", + "ec2:DescribeInstances", + "ec2:DescribeInternetGateways", + "ec2:DescribeRegions", + "ec2:DescribeSubnets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"globalaccelerator.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/globalaccelerator.amazonaws.com/AWSServiceRoleForGlobalAccelerator*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-04T19:17:26+00:00" + }, + "GlobalAcceleratorReadOnlyAccess":{ + "CreateDate":"2018-11-27T02:41:00+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "globalaccelerator:Describe*", + "globalaccelerator:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-11-27T02:41:00+00:00" + }, + "GreengrassOTAUpdateArtifactAccess":{ + "CreateDate":"2017-11-29T18:11:47+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*-greengrass-updates/*" + ], + "Sid":"AllowsIotToAccessGreengrassOTAUpdateArtifacts" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-12-18T00:59:43+00:00" + }, + "Health_OrganizationsServiceRolePolicy":{ + "CreateDate":"2019-12-16T13:28:21+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":"organizations:ListAccounts", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"organizations:ListAWSServiceAccessForOrganization", + "Effect":"Allow", + "Resource":"*", + "Sid":"ListAWSServiceAccessForOrganization0" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-08T12:48:44+00:00" + }, + "IAMAccessAdvisorReadOnly":{ + "CreateDate":"2019-06-21T19:33:45+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:ListRoles", + "iam:ListUsers", + "iam:ListGroups", + "iam:ListPolicies", + "iam:ListPoliciesGrantingServiceAccess", + "iam:GenerateServiceLastAccessedDetails", + "iam:GenerateOrganizationsAccessReport", + "iam:GenerateCredentialReport", + "iam:GetRole", + "iam:GetPolicy", + "iam:GetServiceLastAccessedDetails", + "iam:GetServiceLastAccessedDetailsWithEntities", + "iam:GetOrganizationsAccessReport", + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:DescribeOrganizationalUnit", + "organizations:DescribePolicy", + "organizations:ListChildren", + "organizations:ListParents", + "organizations:ListPoliciesForTarget", + "organizations:ListRoots", + "organizations:ListPolicies", + "organizations:ListTargetsForPolicy" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-21T19:33:45+00:00" + }, + "IAMAccessAnalyzerFullAccess":{ + "CreateDate":"2019-12-02T17:12:40+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "access-analyzer:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"access-analyzer.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:DescribeOrganizationalUnit", + "organizations:ListAccounts", + "organizations:ListAccountsForParent", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListChildren", + "organizations:ListDelegatedAdministrators", + "organizations:ListOrganizationalUnitsForParent", + "organizations:ListParents", + "organizations:ListRoots" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-12-02T17:12:40+00:00" + }, + "IAMAccessAnalyzerReadOnlyAccess":{ + "CreateDate":"2019-12-02T17:12:53+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "access-analyzer:Get*", + "access-analyzer:List*", + "access-analyzer:ValidatePolicy" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-03-16T20:37:30+00:00" + }, + "IAMFullAccess":{ + "CreateDate":"2015-02-06T18:40:38+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:*", + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:DescribeOrganizationalUnit", + "organizations:DescribePolicy", + "organizations:ListChildren", + "organizations:ListParents", + "organizations:ListPoliciesForTarget", + "organizations:ListRoots", + "organizations:ListPolicies", + "organizations:ListTargetsForPolicy" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-21T19:40:00+00:00" + }, + "IAMReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:40:39+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:GenerateCredentialReport", + "iam:GenerateServiceLastAccessedDetails", + "iam:Get*", + "iam:List*", + "iam:SimulateCustomPolicy", + "iam:SimulatePrincipalPolicy" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-01-25T19:11:27+00:00" + }, + "IAMSelfManageServiceSpecificCredentials":{ + "CreateDate":"2016-12-22T17:25:18+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:CreateServiceSpecificCredential", + "iam:ListServiceSpecificCredentials", + "iam:UpdateServiceSpecificCredential", + "iam:DeleteServiceSpecificCredential", + "iam:ResetServiceSpecificCredential" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:user/${aws:username}" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-12-22T17:25:18+00:00" + }, + "IAMUserChangePassword":{ + "CreateDate":"2016-11-15T00:25:16+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:ChangePassword" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:user/${aws:username}" + ] + }, + { + "Action":[ + "iam:GetAccountPasswordPolicy" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-11-15T23:18:55+00:00" + }, + "IAMUserSSHKeys":{ + "CreateDate":"2015-07-09T17:08:54+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:DeleteSSHPublicKey", + "iam:GetSSHPublicKey", + "iam:ListSSHPublicKeys", + "iam:UpdateSSHPublicKey", + "iam:UploadSSHPublicKey" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:user/${aws:username}" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-07-09T17:08:54+00:00" + }, + "IVSRecordToS3":{ + "CreateDate":"2020-12-05T00:10:43+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:PutObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::AWSIVS_*/ivs/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-05T00:10:43+00:00" + }, + "KafkaConnectServiceRolePolicy":{ + "CreateDate":"2021-09-07T13:12:44+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateNetworkInterface" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"AmazonMSKConnectManaged" + }, + "StringEquals":{ + "aws:RequestTag/AmazonMSKConnectManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + }, + { + "Action":[ + "ec2:CreateNetworkInterface" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*" + ] + }, + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"CreateNetworkInterface" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + }, + { + "Action":[ + "ec2:DescribeNetworkInterfaces", + "ec2:CreateNetworkInterfacePermission", + "ec2:AttachNetworkInterface", + "ec2:DetachNetworkInterface", + "ec2:DeleteNetworkInterface" + ], + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/AmazonMSKConnectManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-07T13:12:44+00:00" + }, + "KafkaServiceRolePolicy":{ + "CreateDate":"2018-11-15T23:31:48+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:CreateNetworkInterfacePermission", + "ec2:AttachNetworkInterface", + "ec2:DeleteNetworkInterface", + "ec2:DetachNetworkInterface", + "acm-pca:GetCertificateAuthorityCertificate", + "secretsmanager:ListSecrets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "secretsmanager:GetResourcePolicy", + "secretsmanager:PutResourcePolicy", + "secretsmanager:DeleteResourcePolicy", + "secretsmanager:DescribeSecret" + ], + "Condition":{ + "ArnLike":{ + "secretsmanager:SecretId":"arn:*:secretsmanager:*:*:secret:AmazonMSK_*" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-26T20:40:53+00:00" + }, + "LakeFormationDataAccessServiceRolePolicy":{ + "CreateDate":"2019-06-20T20:46:19+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-20T20:46:19+00:00" + }, + "LexBotPolicy":{ + "CreateDate":"2017-02-17T22:18:13+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "polly:SynthesizeSpeech" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "comprehend:DetectSentiment" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-11-13T22:29:16+00:00" + }, + "LexChannelPolicy":{ + "CreateDate":"2017-02-17T23:23:24+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "lex:PostText" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2017-02-17T23:23:24+00:00" + }, + "LightsailExportAccess":{ + "CreateDate":"2018-09-28T16:35:54+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/lightsail.amazonaws.com/AWSServiceRoleForLightsail*" + }, + { + "Action":[ + "ec2:CopySnapshot", + "ec2:DescribeSnapshots", + "ec2:CopyImage", + "ec2:DescribeImages" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetAccountPublicAccessBlock" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-01-15T01:45:33+00:00" + }, + "MediaPackageServiceRolePolicy":{ + "CreateDate":"2020-09-18T17:45:47+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"logs:PutLogEvents", + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/MediaPackage/*:log-stream:*" + }, + { + "Action":[ + "logs:CreateLogStream", + "logs:CreateLogGroup", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams" + ], + "Effect":"Allow", + "Resource":"arn:aws:logs:*:*:log-group:/aws/MediaPackage/*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-09-18T17:45:47+00:00" + }, + "MemoryDBServiceRolePolicy":{ + "CreateDate":"2021-08-17T22:34:59+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateTags" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":[ + "AmazonMemoryDBManaged" + ] + }, + "StringEquals":{ + "ec2:CreateAction":"CreateNetworkInterface" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + }, + { + "Action":[ + "ec2:CreateNetworkInterface" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:network-interface/*", + "arn:aws:ec2:*:*:subnet/*", + "arn:aws:ec2:*:*:security-group/*" + ] + }, + { + "Action":[ + "ec2:DeleteNetworkInterface", + "ec2:ModifyNetworkInterfaceAttribute" + ], + "Condition":{ + "StringEquals":{ + "ec2:ResourceTag/AmazonMemoryDBManaged":"true" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:network-interface/*" + }, + { + "Action":[ + "ec2:DeleteNetworkInterface", + "ec2:ModifyNetworkInterfaceAttribute" + ], + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:security-group/*" + }, + { + "Action":[ + "ec2:DescribeSecurityGroups", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:PutMetricData" + ], + "Condition":{ + "StringEquals":{ + "cloudwatch:namespace":"AWS/MemoryDB" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-08-18T23:48:16+00:00" + }, + "MigrationHubDMSAccessServiceRolePolicy":{ + "CreateDate":"2019-06-12T17:50:39+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":"mgh:CreateProgressUpdateStream", + "Effect":"Allow", + "Resource":"arn:aws:mgh:*:*:progressUpdateStream/DMS" + }, + { + "Action":[ + "mgh:DescribeMigrationTask", + "mgh:AssociateDiscoveredResource", + "mgh:ListDiscoveredResources", + "mgh:ImportMigrationTask", + "mgh:ListCreatedArtifacts", + "mgh:DisassociateDiscoveredResource", + "mgh:AssociateCreatedArtifact", + "mgh:NotifyMigrationTaskState", + "mgh:DisassociateCreatedArtifact", + "mgh:PutResourceAttributes" + ], + "Effect":"Allow", + "Resource":"arn:aws:mgh:*:*:progressUpdateStream/DMS/migrationTask/*" + }, + { + "Action":[ + "mgh:ListMigrationTasks", + "mgh:NotifyApplicationState", + "mgh:DescribeApplicationState", + "mgh:GetHomeRegion" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-10-07T17:57:44+00:00" + }, + "MigrationHubSMSAccessServiceRolePolicy":{ + "CreateDate":"2019-06-12T18:30:28+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":"mgh:CreateProgressUpdateStream", + "Effect":"Allow", + "Resource":"arn:aws:mgh:*:*:progressUpdateStream/SMS" + }, + { + "Action":[ + "mgh:DescribeMigrationTask", + "mgh:AssociateDiscoveredResource", + "mgh:ListDiscoveredResources", + "mgh:ImportMigrationTask", + "mgh:ListCreatedArtifacts", + "mgh:DisassociateDiscoveredResource", + "mgh:AssociateCreatedArtifact", + "mgh:NotifyMigrationTaskState", + "mgh:DisassociateCreatedArtifact", + "mgh:PutResourceAttributes" + ], + "Effect":"Allow", + "Resource":"arn:aws:mgh:*:*:progressUpdateStream/SMS/migrationTask/*" + }, + { + "Action":[ + "mgh:ListMigrationTasks", + "mgh:NotifyApplicationState", + "mgh:DescribeApplicationState", + "mgh:GetHomeRegion" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-10-07T18:02:22+00:00" + }, + "MigrationHubServiceRolePolicy":{ + "CreateDate":"2019-06-12T17:22:16+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "discovery:ListConfigurations", + "discovery:DescribeConfigurations" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"aws:migrationhub:source-id" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:ec2:*:*:instance/*", + "arn:aws:ec2:*:*:image/*", + "arn:aws:ec2:*:*:volume/*" + ] + }, + { + "Action":"dms:AddTagsToResource", + "Condition":{ + "ForAllValues:StringEquals":{ + "aws:TagKeys":"aws:migrationhub:source-id" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:dms:*:*:endpoint:*" + ] + }, + { + "Action":[ + "ec2:DescribeInstanceAttribute" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-06T18:08:46+00:00" + }, + "MonitronServiceRolePolicy":{ + "CreateDate":"2022-05-02T19:22:03+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/monitron/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-02T19:22:03+00:00" + }, + "NeptuneConsoleFullAccess":{ + "CreateDate":"2018-06-19T21:35:19+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "rds:CreateDBCluster", + "rds:CreateDBInstance" + ], + "Condition":{ + "StringEquals":{ + "rds:DatabaseEngine":[ + "graphdb", + "neptune" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:rds:*:*:*" + ] + }, + { + "Action":[ + "rds:AddRoleToDBCluster", + "rds:AddSourceIdentifierToSubscription", + "rds:AddTagsToResource", + "rds:ApplyPendingMaintenanceAction", + "rds:CopyDBClusterParameterGroup", + "rds:CopyDBClusterSnapshot", + "rds:CopyDBParameterGroup", + "rds:CreateDBClusterParameterGroup", + "rds:CreateDBClusterSnapshot", + "rds:CreateDBParameterGroup", + "rds:CreateDBSubnetGroup", + "rds:CreateEventSubscription", + "rds:DeleteDBCluster", + "rds:DeleteDBClusterParameterGroup", + "rds:DeleteDBClusterSnapshot", + "rds:DeleteDBInstance", + "rds:DeleteDBParameterGroup", + "rds:DeleteDBSubnetGroup", + "rds:DeleteEventSubscription", + "rds:DescribeAccountAttributes", + "rds:DescribeCertificates", + "rds:DescribeDBClusterParameterGroups", + "rds:DescribeDBClusterParameters", + "rds:DescribeDBClusterSnapshotAttributes", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBClusters", + "rds:DescribeDBEngineVersions", + "rds:DescribeDBInstances", + "rds:DescribeDBLogFiles", + "rds:DescribeDBParameterGroups", + "rds:DescribeDBParameters", + "rds:DescribeDBSecurityGroups", + "rds:DescribeDBSubnetGroups", + "rds:DescribeEngineDefaultClusterParameters", + "rds:DescribeEngineDefaultParameters", + "rds:DescribeEventCategories", + "rds:DescribeEventSubscriptions", + "rds:DescribeEvents", + "rds:DescribeOptionGroups", + "rds:DescribeOrderableDBInstanceOptions", + "rds:DescribePendingMaintenanceActions", + "rds:DescribeValidDBInstanceModifications", + "rds:DownloadDBLogFilePortion", + "rds:FailoverDBCluster", + "rds:ListTagsForResource", + "rds:ModifyDBCluster", + "rds:ModifyDBClusterParameterGroup", + "rds:ModifyDBClusterSnapshotAttribute", + "rds:ModifyDBInstance", + "rds:ModifyDBParameterGroup", + "rds:ModifyDBSubnetGroup", + "rds:ModifyEventSubscription", + "rds:PromoteReadReplicaDBCluster", + "rds:RebootDBInstance", + "rds:RemoveRoleFromDBCluster", + "rds:RemoveSourceIdentifierFromSubscription", + "rds:RemoveTagsFromResource", + "rds:ResetDBClusterParameterGroup", + "rds:ResetDBParameterGroup", + "rds:RestoreDBClusterFromSnapshot", + "rds:RestoreDBClusterToPointInTime" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "ec2:AllocateAddress", + "ec2:AssignIpv6Addresses", + "ec2:AssignPrivateIpAddresses", + "ec2:AssociateAddress", + "ec2:AssociateRouteTable", + "ec2:AssociateSubnetCidrBlock", + "ec2:AssociateVpcCidrBlock", + "ec2:AttachInternetGateway", + "ec2:AttachNetworkInterface", + "ec2:CreateCustomerGateway", + "ec2:CreateDefaultSubnet", + "ec2:CreateDefaultVpc", + "ec2:CreateInternetGateway", + "ec2:CreateNatGateway", + "ec2:CreateNetworkInterface", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSecurityGroup", + "ec2:CreateSubnet", + "ec2:CreateVpc", + "ec2:CreateVpcEndpoint", + "ec2:CreateVpcEndpoint", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeCustomerGateways", + "ec2:DescribeInstances", + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribePrefixLists", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroupReferences", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs", + "ec2:DescribeVpcs", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:ModifySubnetAttribute", + "ec2:ModifyVpcAttribute", + "ec2:ModifyVpcEndpoint", + "iam:ListRoles", + "kms:ListAliases", + "kms:ListKeyPolicies", + "kms:ListKeys", + "kms:ListRetirableGrants", + "logs:DescribeLogStreams", + "logs:GetLogEvents", + "sns:ListSubscriptions", + "sns:ListTopics", + "sns:Publish" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:passedToService":"rds.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"rds.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-09-02T17:25:07+00:00" + }, + "NeptuneFullAccess":{ + "CreateDate":"2018-05-30T19:17:31+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "rds:CreateDBCluster", + "rds:CreateDBInstance" + ], + "Condition":{ + "StringEquals":{ + "rds:DatabaseEngine":[ + "graphdb", + "neptune" + ] + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:rds:*:*:*" + ] + }, + { + "Action":[ + "rds:AddRoleToDBCluster", + "rds:AddSourceIdentifierToSubscription", + "rds:AddTagsToResource", + "rds:ApplyPendingMaintenanceAction", + "rds:CopyDBClusterParameterGroup", + "rds:CopyDBClusterSnapshot", + "rds:CopyDBParameterGroup", + "rds:CreateDBClusterParameterGroup", + "rds:CreateDBClusterSnapshot", + "rds:CreateDBParameterGroup", + "rds:CreateDBSubnetGroup", + "rds:CreateEventSubscription", + "rds:DeleteDBCluster", + "rds:DeleteDBClusterParameterGroup", + "rds:DeleteDBClusterSnapshot", + "rds:DeleteDBInstance", + "rds:DeleteDBParameterGroup", + "rds:DeleteDBSubnetGroup", + "rds:DeleteEventSubscription", + "rds:DescribeAccountAttributes", + "rds:DescribeCertificates", + "rds:DescribeDBClusterParameterGroups", + "rds:DescribeDBClusterParameters", + "rds:DescribeDBClusterSnapshotAttributes", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBClusters", + "rds:DescribeDBEngineVersions", + "rds:DescribeDBInstances", + "rds:DescribeDBLogFiles", + "rds:DescribeDBParameterGroups", + "rds:DescribeDBParameters", + "rds:DescribeDBSecurityGroups", + "rds:DescribeDBSubnetGroups", + "rds:DescribeEngineDefaultClusterParameters", + "rds:DescribeEngineDefaultParameters", + "rds:DescribeEventCategories", + "rds:DescribeEventSubscriptions", + "rds:DescribeEvents", + "rds:DescribeOptionGroups", + "rds:DescribeOrderableDBInstanceOptions", + "rds:DescribePendingMaintenanceActions", + "rds:DescribeValidDBInstanceModifications", + "rds:DownloadDBLogFilePortion", + "rds:FailoverDBCluster", + "rds:ListTagsForResource", + "rds:ModifyDBCluster", + "rds:ModifyDBClusterParameterGroup", + "rds:ModifyDBClusterSnapshotAttribute", + "rds:ModifyDBInstance", + "rds:ModifyDBParameterGroup", + "rds:ModifyDBSubnetGroup", + "rds:ModifyEventSubscription", + "rds:PromoteReadReplicaDBCluster", + "rds:RebootDBInstance", + "rds:RemoveRoleFromDBCluster", + "rds:RemoveSourceIdentifierFromSubscription", + "rds:RemoveTagsFromResource", + "rds:ResetDBClusterParameterGroup", + "rds:ResetDBParameterGroup", + "rds:RestoreDBClusterFromSnapshot", + "rds:RestoreDBClusterToPointInTime" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs", + "kms:ListAliases", + "kms:ListKeyPolicies", + "kms:ListKeys", + "kms:ListRetirableGrants", + "logs:DescribeLogStreams", + "logs:GetLogEvents", + "sns:ListSubscriptions", + "sns:ListTopics", + "sns:Publish" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:passedToService":"rds.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:CreateServiceLinkedRole", + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"rds.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-09-02T17:24:56+00:00" + }, + "NeptuneReadOnlyAccess":{ + "CreateDate":"2018-05-30T19:16:37+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "rds:DescribeAccountAttributes", + "rds:DescribeCertificates", + "rds:DescribeDBClusterParameterGroups", + "rds:DescribeDBClusterParameters", + "rds:DescribeDBClusterSnapshotAttributes", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBClusters", + "rds:DescribeDBEngineVersions", + "rds:DescribeDBInstances", + "rds:DescribeDBLogFiles", + "rds:DescribeDBParameterGroups", + "rds:DescribeDBParameters", + "rds:DescribeDBSubnetGroups", + "rds:DescribeEventCategories", + "rds:DescribeEventSubscriptions", + "rds:DescribeEvents", + "rds:DescribeOrderableDBInstanceOptions", + "rds:DescribePendingMaintenanceActions", + "rds:DownloadDBLogFilePortion", + "rds:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DescribeAccountAttributes", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInternetGateways", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcs" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kms:ListKeys", + "kms:ListRetirableGrants", + "kms:ListAliases", + "kms:ListKeyPolicies" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "logs:DescribeLogStreams", + "logs:GetLogEvents" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*", + "arn:aws:logs:*:*:log-group:/aws/neptune/*:log-stream:*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-05-30T19:16:37+00:00" + }, + "NetworkAdministrator":{ + "CreateDate":"2016-11-10T17:31:35+00:00", + "DefaultVersionId":"v11", + "Document":{ + "Statement":[ + { + "Action":[ + "autoscaling:Describe*", + "cloudfront:ListDistributions", + "cloudwatch:DeleteAlarms", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricStatistics", + "cloudwatch:PutMetricAlarm", + "directconnect:*", + "ec2:AcceptVpcEndpointConnections", + "ec2:AllocateAddress", + "ec2:AssignIpv6Addresses", + "ec2:AssignPrivateIpAddresses", + "ec2:AssociateAddress", + "ec2:AssociateDhcpOptions", + "ec2:AssociateRouteTable", + "ec2:AssociateSubnetCidrBlock", + "ec2:AssociateVpcCidrBlock", + "ec2:AttachInternetGateway", + "ec2:AttachNetworkInterface", + "ec2:AttachVpnGateway", + "ec2:CreateCarrierGateway", + "ec2:CreateCustomerGateway", + "ec2:CreateDefaultSubnet", + "ec2:CreateDefaultVpc", + "ec2:CreateDhcpOptions", + "ec2:CreateEgressOnlyInternetGateway", + "ec2:CreateFlowLogs", + "ec2:CreateInternetGateway", + "ec2:CreateNatGateway", + "ec2:CreateNetworkAcl", + "ec2:CreateNetworkAclEntry", + "ec2:CreateNetworkInterface", + "ec2:CreateNetworkInterfacePermission", + "ec2:CreatePlacementGroup", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSecurityGroup", + "ec2:CreateSubnet", + "ec2:CreateTags", + "ec2:CreateVpc", + "ec2:CreateVpcEndpoint", + "ec2:CreateVpcEndpointConnectionNotification", + "ec2:CreateVpcEndpointServiceConfiguration", + "ec2:CreateVpnConnection", + "ec2:CreateVpnConnectionRoute", + "ec2:CreateVpnGateway", + "ec2:DeleteCarrierGateway", + "ec2:DeleteEgressOnlyInternetGateway", + "ec2:DeleteFlowLogs", + "ec2:DeleteNatGateway", + "ec2:DeleteNetworkInterface", + "ec2:DeleteNetworkInterfacePermission", + "ec2:DeletePlacementGroup", + "ec2:DeleteSubnet", + "ec2:DeleteTags", + "ec2:DeleteVpc", + "ec2:DeleteVpcEndpointConnectionNotifications", + "ec2:DeleteVpcEndpointServiceConfigurations", + "ec2:DeleteVpcEndpoints", + "ec2:DeleteVpnConnection", + "ec2:DeleteVpnConnectionRoute", + "ec2:DeleteVpnGateway", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeCarrierGateways", + "ec2:DescribeClassicLinkInstances", + "ec2:DescribeCustomerGateways", + "ec2:DescribeDhcpOptions", + "ec2:DescribeEgressOnlyInternetGateways", + "ec2:DescribeFlowLogs", + "ec2:DescribeInstances", + "ec2:DescribeInternetGateways", + "ec2:DescribeKeyPairs", + "ec2:DescribeMovingAddresses", + "ec2:DescribeNatGateways", + "ec2:DescribeNetworkAcls", + "ec2:DescribeNetworkInterfaceAttribute", + "ec2:DescribeNetworkInterfacePermissions", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribePlacementGroups", + "ec2:DescribePrefixLists", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroupReferences", + "ec2:DescribeSecurityGroupRules", + "ec2:DescribeSecurityGroups", + "ec2:DescribeStaleSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeTags", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcClassicLink", + "ec2:DescribeVpcClassicLinkDnsSupport", + "ec2:DescribeVpcEndpointConnectionNotifications", + "ec2:DescribeVpcEndpointConnections", + "ec2:DescribeVpcEndpointServiceConfigurations", + "ec2:DescribeVpcEndpointServicePermissions", + "ec2:DescribeVpcEndpointServices", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeVpcs", + "ec2:DescribeVpnConnections", + "ec2:DescribeVpnGateways", + "ec2:DescribePublicIpv4Pools", + "ec2:DescribeIpv6Pools", + "ec2:DetachInternetGateway", + "ec2:DetachNetworkInterface", + "ec2:DetachVpnGateway", + "ec2:DisableVgwRoutePropagation", + "ec2:DisableVpcClassicLinkDnsSupport", + "ec2:DisassociateAddress", + "ec2:DisassociateRouteTable", + "ec2:DisassociateSubnetCidrBlock", + "ec2:DisassociateVpcCidrBlock", + "ec2:EnableVgwRoutePropagation", + "ec2:EnableVpcClassicLinkDnsSupport", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:ModifySecurityGroupRules", + "ec2:ModifySubnetAttribute", + "ec2:ModifyVpcAttribute", + "ec2:ModifyVpcEndpoint", + "ec2:ModifyVpcEndpointConnectionNotification", + "ec2:ModifyVpcEndpointServiceConfiguration", + "ec2:ModifyVpcEndpointServicePermissions", + "ec2:ModifyVpcPeeringConnectionOptions", + "ec2:ModifyVpcTenancy", + "ec2:MoveAddressToVpc", + "ec2:RejectVpcEndpointConnections", + "ec2:ReleaseAddress", + "ec2:ReplaceNetworkAclAssociation", + "ec2:ReplaceNetworkAclEntry", + "ec2:ReplaceRoute", + "ec2:ReplaceRouteTableAssociation", + "ec2:ResetNetworkInterfaceAttribute", + "ec2:RestoreAddressToClassic", + "ec2:UnassignIpv6Addresses", + "ec2:UnassignPrivateIpAddresses", + "ec2:UpdateSecurityGroupRuleDescriptionsEgress", + "ec2:UpdateSecurityGroupRuleDescriptionsIngress", + "elasticbeanstalk:Describe*", + "elasticbeanstalk:List*", + "elasticbeanstalk:RequestEnvironmentInfo", + "elasticbeanstalk:RetrieveEnvironmentInfo", + "elasticloadbalancing:*", + "logs:DescribeLogGroups", + "logs:DescribeLogStreams", + "logs:GetLogEvents", + "route53:*", + "route53domains:*", + "sns:CreateTopic", + "sns:ListSubscriptionsByTopic", + "sns:ListTopics" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:AcceptVpcPeeringConnection", + "ec2:AttachClassicLinkVpc", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateVpcPeeringConnection", + "ec2:DeleteCustomerGateway", + "ec2:DeleteDhcpOptions", + "ec2:DeleteInternetGateway", + "ec2:DeleteNetworkAcl", + "ec2:DeleteNetworkAclEntry", + "ec2:DeleteRoute", + "ec2:DeleteRouteTable", + "ec2:DeleteSecurityGroup", + "ec2:DeleteVolume", + "ec2:DeleteVpcPeeringConnection", + "ec2:DetachClassicLinkVpc", + "ec2:DisableVpcClassicLink", + "ec2:EnableVpcClassicLink", + "ec2:GetConsoleScreenshot", + "ec2:RejectVpcPeeringConnection", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "ec2:CreateLocalGatewayRoute", + "ec2:CreateLocalGatewayRouteTableVpcAssociation", + "ec2:DeleteLocalGatewayRoute", + "ec2:DeleteLocalGatewayRouteTableVpcAssociation", + "ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", + "ec2:DescribeLocalGatewayRouteTableVpcAssociations", + "ec2:DescribeLocalGatewayRouteTables", + "ec2:DescribeLocalGatewayVirtualInterfaceGroups", + "ec2:DescribeLocalGatewayVirtualInterfaces", + "ec2:DescribeLocalGateways", + "ec2:SearchLocalGatewayRoutes" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:GetBucketLocation", + "s3:GetBucketWebsite", + "s3:ListBucket" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "iam:GetRole", + "iam:ListRoles", + "iam:PassRole" + ], + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/flow-logs-*" + }, + { + "Action":[ + "networkmanager:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:AcceptTransitGatewayVpcAttachment", + "ec2:AssociateTransitGatewayRouteTable", + "ec2:CreateTransitGateway", + "ec2:CreateTransitGatewayRoute", + "ec2:CreateTransitGatewayRouteTable", + "ec2:CreateTransitGatewayVpcAttachment", + "ec2:DeleteTransitGateway", + "ec2:DeleteTransitGatewayRoute", + "ec2:DeleteTransitGatewayRouteTable", + "ec2:DeleteTransitGatewayVpcAttachment", + "ec2:DescribeTransitGatewayAttachments", + "ec2:DescribeTransitGatewayRouteTables", + "ec2:DescribeTransitGatewayVpcAttachments", + "ec2:DescribeTransitGateways", + "ec2:DisableTransitGatewayRouteTablePropagation", + "ec2:DisassociateTransitGatewayRouteTable", + "ec2:EnableTransitGatewayRouteTablePropagation", + "ec2:ExportTransitGatewayRoutes", + "ec2:GetTransitGatewayAttachmentPropagations", + "ec2:GetTransitGatewayRouteTableAssociations", + "ec2:GetTransitGatewayRouteTablePropagations", + "ec2:ModifyTransitGateway", + "ec2:ModifyTransitGatewayVpcAttachment", + "ec2:RejectTransitGatewayVpcAttachment", + "ec2:ReplaceTransitGatewayRoute", + "ec2:SearchTransitGatewayRoutes" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":[ + "transitgateway.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/job-function/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-09-16T20:22:54+00:00" + }, + "PowerUserAccess":{ + "CreateDate":"2015-02-06T18:39:47+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Effect":"Allow", + "NotAction":[ + "iam:*", + "organizations:*", + "account:*" + ], + "Resource":"*" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole", + "iam:DeleteServiceLinkedRole", + "iam:ListRoles", + "organizations:DescribeOrganization", + "account:ListRegions" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-03-20T22:19:03+00:00" + }, + "QuickSightAccessForS3StorageManagementAnalyticsReadOnly":{ + "CreateDate":"2017-06-12T18:18:38+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::s3-analytics-export-shared-*" + ] + }, + { + "Action":[ + "s3:GetAnalyticsConfiguration", + "s3:ListAllMyBuckets", + "s3:GetBucketLocation" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-10-08T23:53:11+00:00" + }, + "RDSCloudHsmAuthorizationRole":{ + "CreateDate":"2015-02-06T18:41:29+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudhsm:CreateLunaClient", + "cloudhsm:DeleteLunaClient", + "cloudhsm:DescribeHapg", + "cloudhsm:DescribeLunaClient", + "cloudhsm:GetConfig", + "cloudhsm:ModifyHapg", + "cloudhsm:ModifyLunaClient" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-09-26T22:14:29+00:00" + }, + "ROSAManageSubscription":{ + "CreateDate":"2022-04-11T20:58:08+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "aws-marketplace:Subscribe", + "aws-marketplace:Unsubscribe" + ], + "Condition":{ + "ForAnyValue:StringEquals":{ + "aws-marketplace:ProductId":[ + "34850061-abaf-402d-92df-94325c9e947f" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "aws-marketplace:ViewSubscriptions" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-04-11T20:58:08+00:00" + }, + "ReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:39:48+00:00", + "DefaultVersionId":"v87", + "Document":{ + "Statement":[ + { + "Action":[ + "a4b:Get*", + "a4b:List*", + "a4b:Search*", + "access-analyzer:GetAccessPreview", + "access-analyzer:GetAnalyzedResource", + "access-analyzer:GetAnalyzer", + "access-analyzer:GetArchiveRule", + "access-analyzer:GetFinding", + "access-analyzer:GetGeneratedPolicy", + "access-analyzer:ListAccessPreviewFindings", + "access-analyzer:ListAccessPreviews", + "access-analyzer:ListAnalyzedResources", + "access-analyzer:ListAnalyzers", + "access-analyzer:ListArchiveRules", + "access-analyzer:ListFindings", + "access-analyzer:ListPolicyGenerations", + "access-analyzer:ListTagsForResource", + "access-analyzer:ValidatePolicy", + "acm-pca:Describe*", + "acm-pca:Get*", + "acm-pca:List*", + "acm:Describe*", + "acm:Get*", + "acm:List*", + "airflow:ListEnvironments", + "airflow:ListTagsForResource", + "amplify:GetApp", + "amplify:GetBranch", + "amplify:GetDomainAssociation", + "amplify:GetJob", + "amplify:ListApps", + "amplify:ListBranches", + "amplify:ListDomainAssociations", + "amplify:ListJobs", + "apigateway:GET", + "appconfig:GetApplication", + "appconfig:GetConfiguration", + "appconfig:GetConfigurationProfile", + "appconfig:GetDeployment", + "appconfig:GetDeploymentStrategy", + "appconfig:GetEnvironment", + "appconfig:GetHostedConfigurationVersion", + "appconfig:ListApplications", + "appconfig:ListConfigurationProfiles", + "appconfig:ListDeployments", + "appconfig:ListDeploymentStrategies", + "appconfig:ListEnvironments", + "appconfig:ListHostedConfigurationVersions", + "appconfig:ListTagsForResource", + "appflow:DescribeConnectorEntity", + "appflow:DescribeConnectorFields", + "appflow:DescribeConnectorProfiles", + "appflow:DescribeConnectors", + "appflow:DescribeFlowExecution", + "appflow:DescribeFlows", + "appflow:ListConnectorEntities", + "appflow:ListConnectorFields", + "appflow:ListFlows", + "appflow:ListTagsForResource", + "application-autoscaling:Describe*", + "applicationinsights:Describe*", + "applicationinsights:List*", + "appmesh:Describe*", + "appmesh:List*", + "appstream:Describe*", + "appstream:List*", + "appsync:Get*", + "appsync:List*", + "aps:DescribeAlertManagerDefinition", + "aps:DescribeRuleGroupsNamespace", + "aps:DescribeWorkspace", + "aps:GetAlertManagerSilence", + "aps:GetAlertManagerStatus", + "aps:GetLabels", + "aps:GetMetricMetadata", + "aps:GetSeries", + "aps:ListAlertManagerAlertGroups", + "aps:ListAlertManagerAlerts", + "aps:ListAlertManagerReceivers", + "aps:ListAlertManagerSilences", + "aps:ListAlerts", + "aps:ListRuleGroupsNamespaces", + "aps:ListRules", + "aps:ListTagsForResource", + "aps:ListWorkspaces", + "aps:QueryMetrics", + "athena:Batch*", + "athena:Get*", + "athena:List*", + "auditmanager:GetAccountStatus", + "auditmanager:GetAssessment", + "auditmanager:GetAssessmentFramework", + "auditmanager:GetAssessmentReportUrl", + "auditmanager:GetChangeLogs", + "auditmanager:GetControl", + "auditmanager:GetDelegations", + "auditmanager:GetEvidence", + "auditmanager:GetEvidenceByEvidenceFolder", + "auditmanager:GetEvidenceFolder", + "auditmanager:GetEvidenceFoldersByAssessment", + "auditmanager:GetEvidenceFoldersByAssessmentControl", + "auditmanager:GetOrganizationAdminAccount", + "auditmanager:GetServicesInScope", + "auditmanager:GetSettings", + "auditmanager:ListAssessmentFrameworks", + "auditmanager:ListAssessmentReports", + "auditmanager:ListAssessments", + "auditmanager:ListControls", + "auditmanager:ListKeywordsForDataSource", + "auditmanager:ListNotifications", + "auditmanager:ListTagsForResource", + "auditmanager:ValidateAssessmentReportIntegrity", + "autoscaling-plans:Describe*", + "autoscaling-plans:GetScalingPlanResourceForecastData", + "autoscaling:Describe*", + "autoscaling:GetPredictiveScalingForecast", + "aws-portal:View*", + "backup-gateway:ListGateways", + "backup-gateway:ListHypervisors", + "backup-gateway:ListTagsForResource", + "backup-gateway:ListVirtualMachines", + "backup:Describe*", + "backup:Get*", + "backup:List*", + "batch:Describe*", + "batch:List*", + "billingconductor:ListAccountAssociations", + "billingconductor:ListBillingGroupCostReports", + "billingconductor:ListBillingGroups", + "billingconductor:ListCustomLineItems", + "billingconductor:ListPricingPlans", + "billingconductor:ListPricingPlansAssociatedWithPricingRule", + "billingconductor:ListPricingRules", + "billingconductor:ListPricingRulesAssociatedToPricingPlan", + "billingconductor:ListResourcesAssociatedToCustomLineItem", + "billingconductor:ListTagsForResource", + "braket:GetDevice", + "braket:GetQuantumTask", + "braket:SearchDevices", + "braket:SearchQuantumTasks", + "budgets:Describe*", + "budgets:View*", + "cassandra:Select", + "ce:DescribeCostCategoryDefinition", + "ce:DescribeNotificationSubscription", + "ce:DescribeReport", + "ce:GetAnomalies", + "ce:GetAnomalyMonitors", + "ce:GetAnomalySubscriptions", + "ce:GetCostAndUsage", + "ce:GetCostAndUsageWithResources", + "ce:GetCostCategories", + "ce:GetCostForecast", + "ce:GetDimensionValues", + "ce:GetPreferences", + "ce:GetReservationCoverage", + "ce:GetReservationPurchaseRecommendation", + "ce:GetReservationUtilization", + "ce:GetRightsizingRecommendation", + "ce:GetSavingsPlansCoverage", + "ce:GetSavingsPlansPurchaseRecommendation", + "ce:GetSavingsPlansUtilization", + "ce:GetSavingsPlansUtilizationDetails", + "ce:GetTags", + "ce:GetUsageForecast", + "ce:ListCostCategoryDefinitions", + "ce:ListTagsForResource", + "chatbot:Describe*", + "chatbot:Get*", + "chime:Get*", + "chime:List*", + "chime:Retrieve*", + "chime:Search*", + "chime:Validate*", + "cloud9:Describe*", + "cloud9:List*", + "clouddirectory:BatchRead", + "clouddirectory:Get*", + "clouddirectory:List*", + "clouddirectory:LookupPolicy", + "cloudformation:Describe*", + "cloudformation:Detect*", + "cloudformation:Estimate*", + "cloudformation:Get*", + "cloudformation:List*", + "cloudfront:DescribeFunction", + "cloudfront:Get*", + "cloudfront:List*", + "cloudhsm:Describe*", + "cloudhsm:Get*", + "cloudhsm:List*", + "cloudsearch:Describe*", + "cloudsearch:List*", + "cloudtrail:Describe*", + "cloudtrail:Get*", + "cloudtrail:List*", + "cloudtrail:LookupEvents", + "cloudwatch:Describe*", + "cloudwatch:Get*", + "cloudwatch:List*", + "codeartifact:DescribeDomain", + "codeartifact:DescribePackageVersion", + "codeartifact:DescribeRepository", + "codeartifact:GetAuthorizationToken", + "codeartifact:GetDomainPermissionsPolicy", + "codeartifact:GetPackageVersionAsset", + "codeartifact:GetPackageVersionReadme", + "codeartifact:GetRepositoryEndpoint", + "codeartifact:GetRepositoryPermissionsPolicy", + "codeartifact:ListDomains", + "codeartifact:ListPackages", + "codeartifact:ListPackageVersionAssets", + "codeartifact:ListPackageVersionDependencies", + "codeartifact:ListPackageVersions", + "codeartifact:ListRepositories", + "codeartifact:ListRepositoriesInDomain", + "codeartifact:ListTagsForResource", + "codeartifact:ReadFromRepository", + "codebuild:BatchGet*", + "codebuild:DescribeCodeCoverages", + "codebuild:DescribeTestCases", + "codebuild:List*", + "codecommit:BatchGet*", + "codecommit:Describe*", + "codecommit:Get*", + "codecommit:GitPull", + "codecommit:List*", + "codedeploy:BatchGet*", + "codedeploy:Get*", + "codedeploy:List*", + "codeguru-profiler:Describe*", + "codeguru-profiler:Get*", + "codeguru-profiler:List*", + "codeguru-reviewer:Describe*", + "codeguru-reviewer:Get*", + "codeguru-reviewer:List*", + "codepipeline:Get*", + "codepipeline:List*", + "codestar-connections:GetConnection", + "codestar-connections:GetHost", + "codestar-connections:ListConnections", + "codestar-connections:ListHosts", + "codestar-connections:ListTagsForResource", + "codestar-notifications:describeNotificationRule", + "codestar-notifications:listEventTypes", + "codestar-notifications:listNotificationRules", + "codestar-notifications:listTagsForResource", + "codestar-notifications:ListTargets", + "codestar:Describe*", + "codestar:Get*", + "codestar:List*", + "codestar:Verify*", + "cognito-identity:Describe*", + "cognito-identity:GetCredentialsForIdentity", + "cognito-identity:GetIdentityPoolRoles", + "cognito-identity:GetOpenIdToken", + "cognito-identity:GetOpenIdTokenForDeveloperIdentity", + "cognito-identity:List*", + "cognito-identity:Lookup*", + "cognito-idp:AdminGet*", + "cognito-idp:AdminList*", + "cognito-idp:Describe*", + "cognito-idp:Get*", + "cognito-idp:List*", + "cognito-sync:Describe*", + "cognito-sync:Get*", + "cognito-sync:List*", + "cognito-sync:QueryRecords", + "comprehend:BatchDetect*", + "comprehend:Classify*", + "comprehend:Contains*", + "comprehend:Describe*", + "comprehend:Detect*", + "comprehend:List*", + "compute-optimizer:DescribeRecommendationExportJobs", + "compute-optimizer:GetAutoScalingGroupRecommendations", + "compute-optimizer:GetEBSVolumeRecommendations", + "compute-optimizer:GetEC2InstanceRecommendations", + "compute-optimizer:GetEC2RecommendationProjectedMetrics", + "compute-optimizer:GetEnrollmentStatus", + "compute-optimizer:GetEnrollmentStatusesForOrganization", + "compute-optimizer:GetLambdaFunctionRecommendations", + "compute-optimizer:GetRecommendationSummaries", + "config:BatchGetAggregateResourceConfig", + "config:BatchGetResourceConfig", + "config:Deliver*", + "config:Describe*", + "config:Get*", + "config:List*", + "config:SelectAggregateResourceConfig", + "config:SelectResourceConfig", + "connect:Describe*", + "connect:GetFederationToken", + "connect:List*", + "databrew:DescribeDataset", + "databrew:DescribeJob", + "databrew:DescribeJobRun", + "databrew:DescribeProject", + "databrew:DescribeRecipe", + "databrew:DescribeRuleset", + "databrew:DescribeSchedule", + "databrew:ListDatasets", + "databrew:ListJobRuns", + "databrew:ListJobs", + "databrew:ListProjects", + "databrew:ListRecipes", + "databrew:ListRecipeVersions", + "databrew:ListRulesets", + "databrew:ListSchedules", + "databrew:ListTagsForResource", + "dataexchange:Get*", + "dataexchange:List*", + "datapipeline:Describe*", + "datapipeline:EvaluateExpression", + "datapipeline:Get*", + "datapipeline:List*", + "datapipeline:QueryObjects", + "datapipeline:Validate*", + "datasync:Describe*", + "datasync:List*", + "dax:BatchGetItem", + "dax:Describe*", + "dax:GetItem", + "dax:ListTags", + "dax:Query", + "dax:Scan", + "deepcomposer:GetComposition", + "deepcomposer:GetModel", + "deepcomposer:GetSampleModel", + "deepcomposer:ListCompositions", + "deepcomposer:ListModels", + "deepcomposer:ListSampleModels", + "deepcomposer:ListTrainingTopics", + "detective:Get*", + "detective:List*", + "detective:SearchGraph", + "devicefarm:Get*", + "devicefarm:List*", + "devops-guru:DescribeAccountHealth", + "devops-guru:DescribeAccountOverview", + "devops-guru:DescribeAnomaly", + "devops-guru:DescribeEventSourcesConfig", + "devops-guru:DescribeFeedback", + "devops-guru:DescribeInsight", + "devops-guru:DescribeResourceCollectionHealth", + "devops-guru:DescribeServiceIntegration", + "devops-guru:GetCostEstimation", + "devops-guru:GetResourceCollection", + "devops-guru:ListAnomaliesForInsight", + "devops-guru:ListEvents", + "devops-guru:ListInsights", + "devops-guru:ListNotificationChannels", + "devops-guru:ListRecommendations", + "devops-guru:SearchInsights", + "devops-guru:StartCostEstimation", + "directconnect:Describe*", + "discovery:Describe*", + "discovery:Get*", + "discovery:List*", + "dlm:Get*", + "dms:Describe*", + "dms:List*", + "dms:Test*", + "drs:DescribeJobLogItems", + "drs:DescribeJobs", + "drs:DescribeRecoveryInstances", + "drs:DescribeRecoverySnapshots", + "drs:DescribeReplicationConfigurationTemplates", + "drs:DescribeSourceServers", + "drs:GetFailbackReplicationConfiguration", + "drs:GetLaunchConfiguration", + "drs:GetReplicationConfiguration", + "drs:ListTagsForResource", + "ds:Check*", + "ds:Describe*", + "ds:Get*", + "ds:List*", + "ds:Verify*", + "dynamodb:BatchGet*", + "dynamodb:Describe*", + "dynamodb:Get*", + "dynamodb:List*", + "dynamodb:Query", + "dynamodb:Scan", + "ec2:Describe*", + "ec2:Get*", + "ec2:ListSnapshotsInRecycleBin", + "ec2:SearchLocalGatewayRoutes", + "ec2:SearchTransitGatewayRoutes", + "ec2messages:Get*", + "ecr-public:BatchCheckLayerAvailability", + "ecr-public:DescribeImages", + "ecr-public:DescribeImageTags", + "ecr-public:DescribeRegistries", + "ecr-public:DescribeRepositories", + "ecr-public:GetAuthorizationToken", + "ecr-public:GetRegistryCatalogData", + "ecr-public:GetRepositoryCatalogData", + "ecr-public:GetRepositoryPolicy", + "ecr-public:ListTagsForResource", + "ecr:BatchCheck*", + "ecr:BatchGet*", + "ecr:Describe*", + "ecr:Get*", + "ecr:List*", + "ecs:Describe*", + "ecs:List*", + "eks:Describe*", + "eks:List*", + "elastic-inference:DescribeAcceleratorOfferings", + "elastic-inference:DescribeAccelerators", + "elastic-inference:DescribeAcceleratorTypes", + "elastic-inference:ListTagsForResource", + "elasticache:Describe*", + "elasticache:List*", + "elasticbeanstalk:Check*", + "elasticbeanstalk:Describe*", + "elasticbeanstalk:List*", + "elasticbeanstalk:Request*", + "elasticbeanstalk:Retrieve*", + "elasticbeanstalk:Validate*", + "elasticfilesystem:Describe*", + "elasticloadbalancing:Describe*", + "elasticmapreduce:Describe*", + "elasticmapreduce:GetBlockPublicAccessConfiguration", + "elasticmapreduce:List*", + "elasticmapreduce:View*", + "elastictranscoder:List*", + "elastictranscoder:Read*", + "elemental-appliances-software:Get*", + "elemental-appliances-software:List*", + "emr-containers:DescribeJobRun", + "emr-containers:DescribeManagedEndpoint", + "emr-containers:DescribeVirtualCluster", + "emr-containers:ListJobRuns", + "emr-containers:ListManagedEndpoints", + "emr-containers:ListTagsForResource", + "emr-containers:ListVirtualClusters", + "es:Describe*", + "es:ESHttpGet", + "es:ESHttpHead", + "es:Get*", + "es:List*", + "events:Describe*", + "events:List*", + "events:Test*", + "firehose:Describe*", + "firehose:List*", + "fis:GetAction", + "fis:GetExperiment", + "fis:GetExperimentTemplate", + "fis:GetTargetResourceType", + "fis:ListActions", + "fis:ListExperiments", + "fis:ListExperimentTemplates", + "fis:ListTagsForResource", + "fis:ListTargetResourceTypes", + "fms:GetAdminAccount", + "fms:GetAppsList", + "fms:GetComplianceDetail", + "fms:GetNotificationChannel", + "fms:GetPolicy", + "fms:GetProtectionStatus", + "fms:GetProtocolsList", + "fms:GetViolationDetails", + "fms:ListAppsLists", + "fms:ListComplianceStatus", + "fms:ListMemberAccounts", + "fms:ListPolicies", + "fms:ListProtocolsLists", + "fms:ListTagsForResource", + "forecast:DescribeDataset", + "forecast:DescribeDatasetGroup", + "forecast:DescribeDatasetImportJob", + "forecast:DescribeForecast", + "forecast:DescribeForecastExportJob", + "forecast:DescribePredictor", + "forecast:DescribePredictorBacktestExportJob", + "forecast:GetAccuracyMetrics", + "forecast:ListDatasetGroups", + "forecast:ListDatasetImportJobs", + "forecast:ListDatasets", + "forecast:ListForecastExportJobs", + "forecast:ListForecasts", + "forecast:ListPredictorBacktestExportJobs", + "forecast:ListPredictors", + "forecast:QueryForecast", + "freertos:Describe*", + "freertos:List*", + "fsx:Describe*", + "fsx:List*", + "frauddetector:BatchGetVariable", + "frauddetector:DescribeDetector", + "frauddetector:DescribeModelVersions", + "frauddetector:GetBatchImportJobs", + "frauddetector:GetBatchPredictionJobs", + "frauddetector:GetDeleteEventsByEventTypeStatus", + "frauddetector:GetDetectors", + "frauddetector:GetDetectorVersion", + "frauddetector:GetEntityTypes", + "frauddetector:GetEvent", + "frauddetector:GetEventPredictionMetadata", + "frauddetector:GetEventTypes", + "frauddetector:GetExternalModels", + "frauddetector:GetKMSEncryptionKey", + "frauddetector:GetLabels", + "frauddetector:GetModels", + "frauddetector:GetModelVersion", + "frauddetector:GetOutcomes", + "frauddetector:GetRules", + "frauddetector:GetVariables", + "frauddetector:ListEventPredictions", + "frauddetector:ListTagsForResource", + "gamelift:Describe*", + "gamelift:Get*", + "gamelift:List*", + "gamelift:ResolveAlias", + "gamelift:Search*", + "gamesparks:GetExtension", + "gamesparks:GetExtensionVersion", + "gamesparks:GetGame", + "gamesparks:GetGameConfiguration", + "gamesparks:GetGeneratedCodeJob", + "gamesparks:GetPlayerConnectionStatus", + "gamesparks:GetSnapshot", + "gamesparks:GetStage", + "gamesparks:GetStageDeployment", + "gamesparks:ListExtensions", + "gamesparks:ListExtensionVersions", + "gamesparks:ListGames", + "gamesparks:ListGeneratedCodeJobs", + "gamesparks:ListSnapshots", + "gamesparks:ListStageDeployments", + "gamesparks:ListStages", + "gamesparks:ListTagsForResource", + "glacier:Describe*", + "glacier:Get*", + "glacier:List*", + "globalaccelerator:Describe*", + "globalaccelerator:List*", + "glue:BatchGetDevEndpoints", + "glue:BatchGetJobs", + "glue:BatchGetPartition", + "glue:BatchGetTriggers", + "glue:BatchGetWorkflows", + "glue:CheckSchemaVersionValidity", + "glue:GetCatalogImportStatus", + "glue:GetClassifier", + "glue:GetClassifiers", + "glue:GetCrawler", + "glue:GetCrawlerMetrics", + "glue:GetCrawlers", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:GetDataCatalogEncryptionSettings", + "glue:GetDataflowGraph", + "glue:GetDevEndpoint", + "glue:GetDevEndpoints", + "glue:GetJob", + "glue:GetJobBookmark", + "glue:GetJobRun", + "glue:GetJobRuns", + "glue:GetJobs", + "glue:GetMapping", + "glue:GetMLTaskRun", + "glue:GetMLTaskRuns", + "glue:GetMLTransform", + "glue:GetMLTransforms", + "glue:GetPartition", + "glue:GetPartitions", + "glue:GetPlan", + "glue:GetRegistry", + "glue:GetResourcePolicy", + "glue:GetSchema", + "glue:GetSchemaByDefinition", + "glue:GetSchemaVersion", + "glue:GetSchemaVersionsDiff", + "glue:GetSecurityConfiguration", + "glue:GetSecurityConfigurations", + "glue:GetTable", + "glue:GetTables", + "glue:GetTableVersion", + "glue:GetTableVersions", + "glue:GetTags", + "glue:GetTrigger", + "glue:GetTriggers", + "glue:GetUserDefinedFunction", + "glue:GetUserDefinedFunctions", + "glue:GetWorkflow", + "glue:GetWorkflowRun", + "glue:GetWorkflowRunProperties", + "glue:GetWorkflowRuns", + "glue:ListCrawlers", + "glue:ListDevEndpoints", + "glue:ListJobs", + "glue:ListMLTransforms", + "glue:ListRegistries", + "glue:ListSchemas", + "glue:ListSchemaVersions", + "glue:ListTriggers", + "glue:ListWorkflows", + "glue:QuerySchemaVersionMetadata", + "grafana:ListWorkspaces", + "greengrass:DescribeComponent", + "greengrass:Get*", + "greengrass:List*", + "groundstation:DescribeContact", + "groundstation:GetConfig", + "groundstation:GetDataflowEndpointGroup", + "groundstation:GetMinuteUsage", + "groundstation:GetMissionProfile", + "groundstation:GetSatellite", + "groundstation:ListConfigs", + "groundstation:ListContacts", + "groundstation:ListDataflowEndpointGroups", + "groundstation:ListGroundStations", + "groundstation:ListMissionProfiles", + "groundstation:ListSatellites", + "groundstation:ListTagsForResource", + "guardduty:DescribeOrganizationConfiguration", + "guardduty:DescribePublishingDestination", + "guardduty:Get*", + "guardduty:List*", + "health:Describe*", + "iam:Generate*", + "iam:Get*", + "iam:List*", + "iam:Simulate*", + "identity-sync:GetSyncProfile", + "identity-sync:GetSyncTarget", + "identity-sync:ListSyncFilters", + "imagebuilder:Get*", + "imagebuilder:List*", + "importexport:Get*", + "importexport:List*", + "inspector2:BatchGetAccountStatus", + "inspector2:BatchGetFreeTrialInfo", + "inspector2:DescribeOrganizationConfiguration", + "inspector2:GetDelegatedAdminAccount", + "inspector2:GetFindingsReportStatus", + "inspector2:GetMember", + "inspector2:ListAccountPermissions", + "inspector2:ListCoverage", + "inspector2:ListCoverageStatistics", + "inspector2:ListDelegatedAdminAccounts", + "inspector2:ListFilters", + "inspector2:ListFindingAggregations", + "inspector2:ListFindings", + "inspector2:ListMembers", + "inspector2:ListTagsForResource", + "inspector2:ListUsageTotals", + "inspector:Describe*", + "inspector:Get*", + "inspector:List*", + "inspector:Preview*", + "iot1click:DescribeDevice", + "iot1click:DescribePlacement", + "iot1click:DescribeProject", + "iot1click:GetDeviceMethods", + "iot1click:GetDevicesInPlacement", + "iot1click:ListDeviceEvents", + "iot1click:ListDevices", + "iot1click:ListPlacements", + "iot1click:ListProjects", + "iot1click:ListTagsForResource", + "iot:Describe*", + "iot:Get*", + "iot:List*", + "iotanalytics:Describe*", + "iotanalytics:Get*", + "iotanalytics:List*", + "iotanalytics:SampleChannelData", + "iotevents:DescribeAlarm", + "iotevents:DescribeAlarmModel", + "iotevents:DescribeDetector", + "iotevents:DescribeDetectorModel", + "iotevents:DescribeInput", + "iotevents:DescribeLoggingOptions", + "iotevents:ListAlarmModels", + "iotevents:ListAlarmModelVersions", + "iotevents:ListAlarms", + "iotevents:ListDetectorModels", + "iotevents:ListDetectorModelVersions", + "iotevents:ListDetectors", + "iotevents:ListInputs", + "iotevents:ListTagsForResource", + "iotfleethub:DescribeApplication", + "iotfleethub:ListApplications", + "iotroborunner:GetAction", + "iotroborunner:GetActionTemplate", + "iotroborunner:GetActivity", + "iotroborunner:GetDestination", + "iotroborunner:GetDestinationRelationship", + "iotroborunner:GetSite", + "iotroborunner:GetTask", + "iotroborunner:GetWorker", + "iotroborunner:GetWorkerFleet", + "iotroborunner:ListActions", + "iotroborunner:ListActionTemplates", + "iotroborunner:ListActivities", + "iotroborunner:ListDestinationRelationships", + "iotroborunner:ListDestinations", + "iotroborunner:ListSites", + "iotroborunner:ListTasks", + "iotroborunner:ListWorkerFleets", + "iotroborunner:ListWorkers", + "iotsitewise:Describe*", + "iotsitewise:Get*", + "iotsitewise:List*", + "iotwireless:GetDestination", + "iotwireless:GetDeviceProfile", + "iotwireless:GetPartnerAccount", + "iotwireless:GetServiceEndpoint", + "iotwireless:GetServiceProfile", + "iotwireless:GetWirelessDevice", + "iotwireless:GetWirelessDeviceStatistics", + "iotwireless:GetWirelessGateway", + "iotwireless:GetWirelessGatewayCertificate", + "iotwireless:GetWirelessGatewayFirmwareInformation", + "iotwireless:GetWirelessGatewayStatistics", + "iotwireless:GetWirelessGatewayTask", + "iotwireless:GetWirelessGatewayTaskDefinition", + "iotwireless:ListDestinations", + "iotwireless:ListDeviceProfiles", + "iotwireless:ListPartnerAccounts", + "iotwireless:ListServiceProfiles", + "iotwireless:ListTagsForResource", + "iotwireless:ListWirelessDevices", + "iotwireless:ListWirelessGateways", + "iotwireless:ListWirelessGatewayTaskDefinitions", + "ivs:GetStreamSession", + "ivs:ListStreamSessions", + "ivs:BatchGetChannel", + "ivs:GetChannel", + "ivs:GetPlaybackKeyPair", + "ivs:GetRecordingConfiguration", + "ivs:ListChannels", + "ivs:ListPlaybackKeyPairs", + "ivs:ListRecordingConfigurations", + "ivs:ListStreams", + "ivs:ListTagsForResource", + "ivschat:GetRoom", + "ivschat:ListRooms", + "ivschat:ListTagsForResource", + "kafka:Describe*", + "kafka:Get*", + "kafka:List*", + "kafkaconnect:DescribeConnector", + "kafkaconnect:DescribeCustomPlugin", + "kafkaconnect:DescribeWorkerConfiguration", + "kafkaconnect:ListConnectors", + "kafkaconnect:ListCustomPlugins", + "kafkaconnect:ListWorkerConfigurations", + "kendra:BatchGetDocumentStatus", + "kendra:DescribeDataSource", + "kendra:DescribeExperience", + "kendra:DescribeFaq", + "kendra:DescribeIndex", + "kendra:DescribePrincipalMapping", + "kendra:DescribeQuerySuggestionsBlockList", + "kendra:DescribeQuerySuggestionsConfig", + "kendra:DescribeThesaurus", + "kendra:GetQuerySuggestions", + "kendra:GetSnapshots", + "kendra:ListDataSources", + "kendra:ListDataSourceSyncJobs", + "kendra:ListEntityPersonas", + "kendra:ListExperienceEntities", + "kendra:ListExperiences", + "kendra:ListFaqs", + "kendra:ListGroupsOlderThanOrderingId", + "kendra:ListIndices", + "kendra:ListQuerySuggestionsBlockLists", + "kendra:ListTagsForResource", + "kendra:ListThesauri", + "kendra:Query", + "kinesis:Describe*", + "kinesis:Get*", + "kinesis:List*", + "kinesisanalytics:Describe*", + "kinesisanalytics:Discover*", + "kinesisanalytics:Get*", + "kinesisanalytics:List*", + "kinesisvideo:Describe*", + "kinesisvideo:Get*", + "kinesisvideo:List*", + "kms:Describe*", + "kms:Get*", + "kms:List*", + "lambda:Get*", + "lambda:List*", + "lex:DescribeBot", + "lex:DescribeBotAlias", + "lex:DescribeBotChannel", + "lex:DescribeBotLocale", + "lex:DescribeBotVersion", + "lex:DescribeExport", + "lex:DescribeImport", + "lex:DescribeIntent", + "lex:DescribeResourcePolicy", + "lex:DescribeSlot", + "lex:DescribeSlotType", + "lex:Get*", + "lex:ListBotAliases", + "lex:ListBotChannels", + "lex:ListBotLocales", + "lex:ListBots", + "lex:ListBotVersions", + "lex:ListBuiltInIntents", + "lex:ListBuiltInSlotTypes", + "lex:ListExports", + "lex:ListImports", + "lex:ListIntents", + "lex:ListSlots", + "lex:ListSlotTypes", + "lex:ListTagsForResource", + "license-manager:Get*", + "license-manager:List*", + "lightsail:GetActiveNames", + "lightsail:GetAlarms", + "lightsail:GetAutoSnapshots", + "lightsail:GetBlueprints", + "lightsail:GetBucketAccessKeys", + "lightsail:GetBucketBundles", + "lightsail:GetBucketMetricData", + "lightsail:GetBuckets", + "lightsail:GetBundles", + "lightsail:GetCertificates", + "lightsail:GetCloudFormationStackRecords", + "lightsail:GetContainerAPIMetadata", + "lightsail:GetContainerImages", + "lightsail:GetContainerServiceDeployments", + "lightsail:GetContainerServiceMetricData", + "lightsail:GetContainerServicePowers", + "lightsail:GetContainerServices", + "lightsail:GetDisk", + "lightsail:GetDisks", + "lightsail:GetDiskSnapshot", + "lightsail:GetDiskSnapshots", + "lightsail:GetDistributionBundles", + "lightsail:GetDistributionLatestCacheReset", + "lightsail:GetDistributionMetricData", + "lightsail:GetDistributions", + "lightsail:GetDomain", + "lightsail:GetDomains", + "lightsail:GetExportSnapshotRecords", + "lightsail:GetInstance", + "lightsail:GetInstanceMetricData", + "lightsail:GetInstancePortStates", + "lightsail:GetInstances", + "lightsail:GetInstanceSnapshot", + "lightsail:GetInstanceSnapshots", + "lightsail:GetInstanceState", + "lightsail:GetKeyPair", + "lightsail:GetKeyPairs", + "lightsail:GetLoadBalancer", + "lightsail:GetLoadBalancerMetricData", + "lightsail:GetLoadBalancers", + "lightsail:GetLoadBalancerTlsCertificates", + "lightsail:GetOperation", + "lightsail:GetOperations", + "lightsail:GetOperationsForResource", + "lightsail:GetRegions", + "lightsail:GetRelationalDatabase", + "lightsail:GetRelationalDatabaseBlueprints", + "lightsail:GetRelationalDatabaseBundles", + "lightsail:GetRelationalDatabaseEvents", + "lightsail:GetRelationalDatabaseLogEvents", + "lightsail:GetRelationalDatabaseLogStreams", + "lightsail:GetRelationalDatabaseMetricData", + "lightsail:GetRelationalDatabaseParameters", + "lightsail:GetRelationalDatabases", + "lightsail:GetRelationalDatabaseSnapshot", + "lightsail:GetRelationalDatabaseSnapshots", + "lightsail:GetStaticIp", + "lightsail:GetStaticIps", + "lightsail:Is*", + "logs:Describe*", + "logs:FilterLogEvents", + "logs:Get*", + "logs:ListTagsLogGroup", + "logs:StartQuery", + "logs:StopQuery", + "logs:TestMetricFilter", + "lookoutvision:DescribeDataset", + "lookoutvision:DescribeModel", + "lookoutvision:DescribeModelPackagingJob", + "lookoutvision:DescribeProject", + "lookoutvision:ListDatasetEntries", + "lookoutvision:ListModelPackagingJobs", + "lookoutvision:ListModels", + "lookoutvision:ListProjects", + "lookoutvision:ListTagsForResource", + "lookoutmetrics:Describe*", + "lookoutmetrics:List*", + "lookoutmetrics:Get*", + "machinelearning:Describe*", + "machinelearning:Get*", + "macie2:BatchGetCustomDataIdentifiers", + "macie2:DescribeBuckets", + "macie2:DescribeClassificationJob", + "macie2:DescribeOrganizationConfiguration", + "macie2:GetAdministratorAccount", + "macie2:GetBucketStatistics", + "macie2:GetClassificationExportConfiguration", + "macie2:GetCustomDataIdentifier", + "macie2:GetFindings", + "macie2:GetFindingsFilter", + "macie2:GetFindingsPublicationConfiguration", + "macie2:GetFindingStatistics", + "macie2:GetInvitationsCount", + "macie2:GetMacieSession", + "macie2:GetMember", + "macie2:GetUsageStatistics", + "macie2:GetUsageTotals", + "macie2:ListClassificationJobs", + "macie2:ListCustomDataIdentifiers", + "macie2:ListFindings", + "macie2:ListFindingsFilters", + "macie2:ListInvitations", + "macie2:ListMembers", + "macie2:ListOrganizationAdminAccounts", + "macie2:ListTagsForResource", + "macie2:SearchResources", + "macie:ListMemberAccounts", + "macie:ListS3Resources", + "managedblockchain:GetMember", + "managedblockchain:GetNetwork", + "managedblockchain:GetNode", + "managedblockchain:GetProposal", + "managedblockchain:ListInvitations", + "managedblockchain:ListMembers", + "managedblockchain:ListNetworks", + "managedblockchain:ListNodes", + "managedblockchain:ListProposals", + "managedblockchain:ListProposalVotes", + "managedblockchain:ListTagsForResource", + "mediaconnect:DescribeFlow", + "mediaconnect:DescribeOffering", + "mediaconnect:DescribeReservation", + "mediaconnect:ListEntitlements", + "mediaconnect:ListFlows", + "mediaconnect:ListOfferings", + "mediaconnect:ListReservations", + "mediaconnect:ListTagsForResource", + "mediaconvert:DescribeEndpoints", + "mediaconvert:Get*", + "mediaconvert:List*", + "mediapackage-vod:Describe*", + "mediapackage-vod:List*", + "mediapackage:Describe*", + "mediapackage:List*", + "mediastore:DescribeContainer", + "mediastore:DescribeObject", + "mediastore:GetContainerPolicy", + "mediastore:GetCorsPolicy", + "mediastore:GetLifecyclePolicy", + "mediastore:GetMetricPolicy", + "mediastore:GetObject", + "mediastore:ListContainers", + "mediastore:ListItems", + "mediastore:ListTagsForResource", + "mgh:Describe*", + "mgh:GetHomeRegion", + "mgh:List*", + "mgn:DescribeJobLogItems", + "mgn:DescribeJobs", + "mgn:DescribeReplicationConfigurationTemplates", + "mgn:DescribeSourceServers", + "mgn:GetLaunchConfiguration", + "mgn:GetReplicationConfiguration", + "mobileanalytics:Get*", + "mobilehub:Describe*", + "mobilehub:Export*", + "mobilehub:Generate*", + "mobilehub:Get*", + "mobilehub:List*", + "mobilehub:Validate*", + "mobilehub:Verify*", + "mobiletargeting:Get*", + "mobiletargeting:List*", + "monitron:GetProject", + "monitron:GetProjectAdminUser", + "monitron:ListProjects", + "monitron:ListTagsForResource", + "mq:Describe*", + "mq:List*", + "network-firewall:DescribeFirewall", + "network-firewall:DescribeFirewallPolicy", + "network-firewall:DescribeLoggingConfiguration", + "network-firewall:DescribeResourcePolicy", + "network-firewall:DescribeRuleGroup", + "network-firewall:DescribeRuleGroupMetadata", + "network-firewall:ListFirewallPolicies", + "network-firewall:ListFirewalls", + "network-firewall:ListRuleGroups", + "network-firewall:ListTagsForResource", + "networkmanager:DescribeGlobalNetworks", + "networkmanager:GetConnectAttachment", + "networkmanager:GetConnections", + "networkmanager:GetConnectPeer", + "networkmanager:GetConnectPeerAssociations", + "networkmanager:GetCoreNetwork", + "networkmanager:GetCoreNetworkChangeSet", + "networkmanager:GetCoreNetworkPolicy", + "networkmanager:GetCustomerGatewayAssociations", + "networkmanager:GetDevices", + "networkmanager:GetLinkAssociations", + "networkmanager:GetLinks", + "networkmanager:GetNetworkResourceCounts", + "networkmanager:GetNetworkResourceRelationships", + "networkmanager:GetNetworkResources", + "networkmanager:GetNetworkRoutes", + "networkmanager:GetNetworkTelemetry", + "networkmanager:GetResourcePolicy", + "networkmanager:GetRouteAnalysis", + "networkmanager:GetSites", + "networkmanager:GetSiteToSiteVpnAttachment", + "networkmanager:GetTransitGatewayConnectPeerAssociations", + "networkmanager:GetTransitGatewayRegistrations", + "networkmanager:GetVpcAttachment", + "networkmanager:ListAttachments", + "networkmanager:ListConnectPeers", + "networkmanager:ListCoreNetworkPolicyVersions", + "networkmanager:ListCoreNetworks", + "networkmanager:ListTagsForResource", + "opsworks-cm:Describe*", + "opsworks-cm:List*", + "opsworks:Describe*", + "opsworks:Get*", + "organizations:Describe*", + "organizations:List*", + "outposts:Get*", + "outposts:List*", + "personalize:Describe*", + "personalize:Get*", + "personalize:List*", + "pi:DescribeDimensionKeys", + "pi:GetDimensionKeyDetails", + "pi:GetResourceMetadata", + "pi:GetResourceMetrics", + "pi:ListAvailableResourceDimensions", + "pi:ListAvailableResourceMetrics", + "polly:Describe*", + "polly:Get*", + "polly:List*", + "polly:SynthesizeSpeech", + "proton:GetEnvironment", + "proton:GetEnvironmentTemplate", + "proton:GetEnvironmentTemplateVersion", + "proton:GetService", + "proton:GetServiceInstance", + "proton:GetServiceTemplate", + "proton:GetServiceTemplateVersion", + "proton:ListEnvironmentAccountConnections", + "proton:ListEnvironments", + "proton:ListEnvironmentTemplates", + "proton:ListServiceInstances", + "proton:ListServices", + "proton:ListServiceTemplates", + "proton:ListTagsForResource", + "qldb:DescribeJournalS3Export", + "qldb:DescribeLedger", + "qldb:GetBlock", + "qldb:GetDigest", + "qldb:GetRevision", + "qldb:ListJournalS3Exports", + "qldb:ListJournalS3ExportsForLedger", + "qldb:ListLedgers", + "qldb:ListTagsForResource", + "ram:Get*", + "ram:List*", + "rbin:GetRule", + "rbin:ListRules", + "rbin:ListTagsForResource", + "rds:Describe*", + "rds:Download*", + "rds:List*", + "redshift:Describe*", + "redshift:GetReservedNodeExchangeOfferings", + "redshift:View*", + "refactor-spaces:GetApplication", + "refactor-spaces:GetEnvironment", + "refactor-spaces:GetResourcePolicy", + "refactor-spaces:GetRoute", + "refactor-spaces:GetService", + "refactor-spaces:ListApplications", + "refactor-spaces:ListEnvironments", + "refactor-spaces:ListEnvironmentVpcs", + "refactor-spaces:ListRoutes", + "refactor-spaces:ListServices", + "refactor-spaces:ListTagsForResource", + "rekognition:CompareFaces", + "rekognition:Detect*", + "rekognition:List*", + "rekognition:Search*", + "resiliencehub:DescribeApp", + "resiliencehub:DescribeAppAssessment", + "resiliencehub:DescribeAppVersionResourcesResolutionStatus", + "resiliencehub:DescribeAppVersionTemplate", + "resiliencehub:DescribeDraftAppVersionResourcesImportStatus", + "resiliencehub:DescribeResiliencyPolicy", + "resiliencehub:ListAlarmRecommendations", + "resiliencehub:ListAppAssessments", + "resiliencehub:ListAppComponentCompliances", + "resiliencehub:ListAppComponentRecommendations", + "resiliencehub:ListApps", + "resiliencehub:ListAppVersionResourceMappings", + "resiliencehub:ListAppVersionResources", + "resiliencehub:ListAppVersions", + "resiliencehub:ListRecommendationTemplates", + "resiliencehub:ListResiliencyPolicies", + "resiliencehub:ListSopRecommendations", + "resiliencehub:ListSuggestedResiliencyPolicies", + "resiliencehub:ListTagsForResource", + "resiliencehub:ListTestRecommendations", + "resiliencehub:ListUnsupportedAppVersionResources", + "resource-groups:Get*", + "resource-groups:List*", + "resource-groups:Search*", + "robomaker:BatchDescribe*", + "robomaker:Describe*", + "robomaker:Get*", + "robomaker:List*", + "route53-recovery-cluster:Get*", + "route53-recovery-cluster:ListRoutingControls", + "route53-recovery-control-config:Describe*", + "route53-recovery-control-config:List*", + "route53-recovery-readiness:Get*", + "route53-recovery-readiness:List*", + "route53:Get*", + "route53:List*", + "route53:Test*", + "route53domains:Check*", + "route53domains:Get*", + "route53domains:List*", + "route53domains:View*", + "route53resolver:Get*", + "route53resolver:List*", + "rum:GetAppMonitor", + "rum:GetAppMonitorData", + "rum:ListAppMonitors", + "s3-object-lambda:GetObject", + "s3-object-lambda:GetObjectAcl", + "s3-object-lambda:GetObjectLegalHold", + "s3-object-lambda:GetObjectRetention", + "s3-object-lambda:GetObjectTagging", + "s3-object-lambda:GetObjectVersion", + "s3-object-lambda:GetObjectVersionAcl", + "s3-object-lambda:GetObjectVersionTagging", + "s3-object-lambda:ListBucket", + "s3-object-lambda:ListBucketMultipartUploads", + "s3-object-lambda:ListBucketVersions", + "s3-object-lambda:ListMultipartUploadParts", + "s3:DescribeJob", + "s3:Get*", + "s3:List*", + "sagemaker:Describe*", + "sagemaker:GetSearchSuggestions", + "sagemaker:List*", + "sagemaker:Search", + "savingsplans:DescribeSavingsPlanRates", + "savingsplans:DescribeSavingsPlans", + "savingsplans:DescribeSavingsPlansOfferingRates", + "savingsplans:DescribeSavingsPlansOfferings", + "savingsplans:ListTagsForResource", + "schemas:Describe*", + "schemas:Get*", + "schemas:List*", + "schemas:Search*", + "sdb:Get*", + "sdb:List*", + "sdb:Select*", + "secretsmanager:Describe*", + "secretsmanager:GetResourcePolicy", + "secretsmanager:List*", + "securityhub:BatchGetStandardsControlAssociations", + "securityhub:Describe*", + "securityhub:Get*", + "securityhub:List*", + "serverlessrepo:Get*", + "serverlessrepo:List*", + "serverlessrepo:SearchApplications", + "servicecatalog:Describe*", + "servicecatalog:GetApplication", + "servicecatalog:GetAttributeGroup", + "servicecatalog:List*", + "servicecatalog:Scan*", + "servicecatalog:Search*", + "servicediscovery:Get*", + "servicediscovery:List*", + "servicequotas:GetAssociationForServiceQuotaTemplate", + "servicequotas:GetAWSDefaultServiceQuota", + "servicequotas:GetRequestedServiceQuotaChange", + "servicequotas:GetServiceQuota", + "servicequotas:GetServiceQuotaIncreaseRequestFromTemplate", + "servicequotas:ListAWSDefaultServiceQuotas", + "servicequotas:ListRequestedServiceQuotaChangeHistory", + "servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota", + "servicequotas:ListServiceQuotaIncreaseRequestsInTemplate", + "servicequotas:ListServiceQuotas", + "servicequotas:ListServices", + "ses:Describe*", + "ses:Get*", + "ses:List*", + "shield:Describe*", + "shield:Get*", + "shield:List*", + "signer:DescribeSigningJob", + "signer:GetSigningPlatform", + "signer:GetSigningProfile", + "signer:ListProfilePermissions", + "signer:ListSigningJobs", + "signer:ListSigningPlatforms", + "signer:ListSigningProfiles", + "signer:ListTagsForResource", + "sms-voice:DescribeAccountAttributes", + "sms-voice:DescribeAccountLimits", + "sms-voice:DescribeConfigurationSets", + "sms-voice:DescribeKeywords", + "sms-voice:DescribeOptedOutNumbers", + "sms-voice:DescribeOptOutLists", + "sms-voice:DescribePhoneNumbers", + "sms-voice:DescribePools", + "sms-voice:DescribeSenderIds", + "sms-voice:DescribeSpendLimits", + "sms-voice:ListPoolOriginationIdentities", + "sms-voice:ListTagsForResource", + "snowball:Describe*", + "snowball:Get*", + "snowball:List*", + "sns:Check*", + "sns:Get*", + "sns:List*", + "sqs:Get*", + "sqs:List*", + "sqs:Receive*", + "ssm-contacts:DescribeEngagement", + "ssm-contacts:DescribePage", + "ssm-contacts:GetContact", + "ssm-contacts:GetContactChannel", + "ssm-contacts:ListContactChannels", + "ssm-contacts:ListContacts", + "ssm-contacts:ListEngagements", + "ssm-contacts:ListPageReceipts", + "ssm-contacts:ListPagesByContact", + "ssm-contacts:ListPagesByEngagement", + "ssm-incidents:GetIncidentRecord", + "ssm-incidents:GetReplicationSet", + "ssm-incidents:GetResourcePolicies", + "ssm-incidents:GetResponsePlan", + "ssm-incidents:GetTimelineEvent", + "ssm-incidents:ListIncidentRecords", + "ssm-incidents:ListRelatedItems", + "ssm-incidents:ListReplicationSets", + "ssm-incidents:ListResponsePlans", + "ssm-incidents:ListTagsForResource", + "ssm-incidents:ListTimelineEvents", + "ssm:Describe*", + "ssm:Get*", + "ssm:List*", + "sso-directory:Describe*", + "sso-directory:List*", + "sso-directory:Search*", + "sso:Describe*", + "sso:Get*", + "sso:List*", + "sso:Search*", + "states:Describe*", + "states:GetExecutionHistory", + "states:List*", + "storagegateway:Describe*", + "storagegateway:List*", + "sts:GetAccessKeyInfo", + "sts:GetCallerIdentity", + "sts:GetSessionToken", + "support:DescribeCases", + "sustainability:GetCarbonFootprintSummary", + "swf:Count*", + "swf:Describe*", + "swf:Get*", + "swf:List*", + "synthetics:Describe*", + "synthetics:Get*", + "synthetics:List*", + "tag:DescribeReportCreation", + "tag:Get*", + "tax:GetExemptions", + "timestream:DescribeDatabase", + "timestream:DescribeEndpoints", + "timestream:DescribeTable", + "timestream:ListDatabases", + "timestream:ListMeasures", + "timestream:ListTables", + "timestream:ListTagsForResource", + "transcribe:Get*", + "transcribe:List*", + "transfer:Describe*", + "transfer:List*", + "transfer:TestIdentityProvider", + "trustedadvisor:Describe*", + "waf-regional:Get*", + "waf-regional:List*", + "waf:Get*", + "waf:List*", + "wafv2:CheckCapacity", + "wafv2:Describe*", + "wafv2:Get*", + "wafv2:List*", + "workdocs:CheckAlias", + "workdocs:Describe*", + "workdocs:Get*", + "worklink:Describe*", + "worklink:List*", + "workmail:Describe*", + "workmail:Get*", + "workmail:List*", + "workmail:Search*", + "workspaces:Describe*", + "xray:BatchGet*", + "xray:Get*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-23T20:16:18+00:00" + }, + "ResourceGroupsandTagEditorFullAccess":{ + "CreateDate":"2015-02-06T18:39:53+00:00", + "DefaultVersionId":"v5", + "Document":{ + "Statement":[ + { + "Action":[ + "tag:getResources", + "tag:getTagKeys", + "tag:getTagValues", + "tag:TagResources", + "tag:UntagResources", + "resource-groups:*", + "cloudformation:DescribeStacks", + "cloudformation:ListStackResources" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-10-02T23:57:57+00:00" + }, + "ResourceGroupsandTagEditorReadOnlyAccess":{ + "CreateDate":"2015-02-06T18:39:54+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "tag:getResources", + "tag:getTagKeys", + "tag:getTagValues", + "resource-groups:Get*", + "resource-groups:List*", + "resource-groups:Search*", + "cloudformation:DescribeStacks", + "cloudformation:ListStackResources" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-03-07T19:43:17+00:00" + }, + "Route53RecoveryReadinessServiceRolePolicy":{ + "CreateDate":"2021-07-15T16:06:21+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "dynamodb:DescribeReservedCapacity", + "dynamodb:DescribeReservedCapacityOfferings" + ], + "Effect":"Allow", + "Resource":"arn:aws:dynamodb:*:*:*" + }, + { + "Action":[ + "dynamodb:DescribeTable", + "dynamodb:DescribeTimeToLive" + ], + "Effect":"Allow", + "Resource":"arn:aws:dynamodb:*:*:table/*" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringLike":{ + "iam:AWSServiceName":"servicequotas.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:iam::*:role/aws-service-role/servicequotas.amazonaws.com/AWSServiceRoleForServiceQuotas" + }, + { + "Action":[ + "lambda:GetFunctionConcurrency", + "lambda:GetFunctionConfiguration", + "lambda:GetProvisionedConcurrencyConfig", + "lambda:ListAliases", + "lambda:ListVersionsByFunction" + ], + "Effect":"Allow", + "Resource":"arn:aws:lambda:*:*:function:*" + }, + { + "Action":[ + "rds:DescribeDBClusters" + ], + "Effect":"Allow", + "Resource":"arn:aws:rds:*:*:cluster:*" + }, + { + "Action":[ + "rds:DescribeDBInstances" + ], + "Effect":"Allow", + "Resource":"arn:aws:rds:*:*:db:*" + }, + { + "Action":[ + "route53:ListResourceRecordSets" + ], + "Effect":"Allow", + "Resource":"arn:aws:route53:::hostedzone/*" + }, + { + "Action":[ + "route53:GetHealthCheck", + "route53:GetHealthCheckStatus" + ], + "Effect":"Allow", + "Resource":"arn:aws:route53:::healthcheck/*" + }, + { + "Action":[ + "servicequotas:RequestServiceQuotaIncrease" + ], + "Effect":"Allow", + "Resource":"arn:aws:servicequotas:*:*:*" + }, + { + "Action":[ + "sns:GetTopicAttributes", + "sns:ListSubscriptionsByTopic" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:*" + }, + { + "Action":[ + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl" + ], + "Effect":"Allow", + "Resource":"arn:aws:sqs:*:*:*" + }, + { + "Action":[ + "apigateway:GET", + "application-autoscaling:DescribeScalableTargets", + "application-autoscaling:DescribeScalingPolicies", + "autoscaling:DescribeAccountLimits", + "autoscaling:DescribeAutoScalingGroups", + "autoscaling:DescribeAutoScalingInstances", + "autoscaling:DescribeLifecycleHooks", + "autoscaling:DescribeLoadBalancers", + "autoscaling:DescribeLoadBalancerTargetGroups", + "autoscaling:DescribeNotificationConfigurations", + "autoscaling:DescribePolicies", + "cloudwatch:GetMetricData", + "cloudwatch:DescribeAlarms", + "dynamodb:DescribeLimits", + "dynamodb:ListGlobalTables", + "dynamodb:ListTables", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInstances", + "ec2:DescribeSubnets", + "ec2:DescribeVolumes", + "ec2:DescribeVpcs", + "ec2:DescribeVpnConnections", + "ec2:GetEbsEncryptionByDefault", + "ec2:GetEbsDefaultKmsKeyId", + "elasticloadbalancing:DescribeInstanceHealth", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth", + "kafka:DescribeCluster", + "kafka:DescribeConfigurationRevision", + "lambda:ListEventSourceMappings", + "lambda:ListFunctions", + "rds:DescribeAccountAttributes", + "route53:GetHostedZone", + "servicequotas:ListAWSDefaultServiceQuotas", + "servicequotas:ListRequestedServiceQuotaChangeHistory", + "servicequotas:ListServiceQuotas", + "servicequotas:ListServices", + "sns:GetEndpointAttributes", + "sns:GetSubscriptionAttributes" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-10-29T07:09:46+00:00" + }, + "Route53ResolverServiceRolePolicy":{ + "CreateDate":"2020-08-12T17:47:24+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "logs:CreateLogDelivery", + "logs:GetLogDelivery", + "logs:UpdateLogDelivery", + "logs:DeleteLogDelivery", + "logs:ListLogDeliveries", + "logs:DescribeResourcePolicies", + "logs:DescribeLogGroups", + "s3:GetBucketPolicy" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-12T17:47:24+00:00" + }, + "S3StorageLensServiceRolePolicy":{ + "CreateDate":"2020-11-18T18:15:40+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "organizations:DescribeOrganization", + "organizations:ListAccounts", + "organizations:ListAWSServiceAccessForOrganization", + "organizations:ListDelegatedAdministrators" + ], + "Effect":"Allow", + "Resource":[ + "*" + ], + "Sid":"AwsOrgsAccess" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-11-18T18:15:40+00:00" + }, + "SecretsManagerReadWrite":{ + "CreateDate":"2018-04-04T18:05:29+00:00", + "DefaultVersionId":"v3", + "Document":{ + "Statement":[ + { + "Action":[ + "secretsmanager:*", + "cloudformation:CreateChangeSet", + "cloudformation:DescribeChangeSet", + "cloudformation:DescribeStackResource", + "cloudformation:DescribeStacks", + "cloudformation:ExecuteChangeSet", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "kms:DescribeKey", + "kms:ListAliases", + "kms:ListKeys", + "lambda:ListFunctions", + "rds:DescribeDBClusters", + "rds:DescribeDBInstances", + "redshift:DescribeClusters", + "tag:GetResources" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "lambda:AddPermission", + "lambda:CreateFunction", + "lambda:GetFunction", + "lambda:InvokeFunction", + "lambda:UpdateFunctionConfiguration" + ], + "Effect":"Allow", + "Resource":"arn:aws:lambda:*:*:function:SecretsManager*" + }, + { + "Action":[ + "serverlessrepo:CreateCloudFormationChangeSet", + "serverlessrepo:GetApplication" + ], + "Effect":"Allow", + "Resource":"arn:aws:serverlessrepo:*:*:applications/SecretsManager*" + }, + { + "Action":[ + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::awsserverlessrepo-changesets*", + "arn:aws:s3:::secrets-manager-rotation-apps-*/*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-06-24T18:01:22+00:00" + }, + "SecurityAudit":{ + "CreateDate":"2015-02-06T18:41:01+00:00", + "DefaultVersionId":"v35", + "Document":{ + "Statement":[ + { + "Action":[ + "access-analyzer:GetAnalyzedResource", + "access-analyzer:GetAnalyzer", + "access-analyzer:GetArchiveRule", + "access-analyzer:GetFinding", + "access-analyzer:ListAnalyzedResources", + "access-analyzer:ListAnalyzers", + "access-analyzer:ListArchiveRules", + "access-analyzer:ListFindings", + "access-analyzer:ListTagsForResource", + "acm-pca:ListPermissions", + "acm:Describe*", + "acm:List*", + "application-autoscaling:Describe*", + "appmesh:Describe*", + "appmesh:List*", + "appsync:List*", + "athena:GetWorkGroup", + "athena:List*", + "autoscaling-plans:DescribeScalingPlans", + "autoscaling:Describe*", + "batch:DescribeComputeEnvironments", + "batch:DescribeJobDefinitions", + "chime:List*", + "cloud9:Describe*", + "cloud9:ListEnvironments", + "clouddirectory:ListDirectories", + "cloudformation:DescribeStack*", + "cloudformation:GetStackPolicy", + "cloudformation:GetTemplate", + "cloudformation:ListStack*", + "cloudfront:Get*", + "cloudfront:List*", + "cloudhsm:ListHapgs", + "cloudhsm:ListHsms", + "cloudhsm:ListLunaClients", + "cloudsearch:DescribeDomainEndpointOptions", + "cloudsearch:DescribeDomains", + "cloudsearch:DescribeServiceAccessPolicies", + "cloudtrail:DescribeTrails", + "cloudtrail:GetEventSelectors", + "cloudtrail:GetTrailStatus", + "cloudtrail:ListTags", + "cloudtrail:LookupEvents", + "cloudwatch:Describe*", + "cloudwatch:ListTagsForResource", + "codebuild:ListProjects", + "codecommit:BatchGetRepositories", + "codecommit:GetBranch", + "codecommit:GetObjectIdentifier", + "codecommit:GetRepository", + "codecommit:GetRepositoryTriggers", + "codecommit:List*", + "codedeploy:Batch*", + "codedeploy:Get*", + "codedeploy:List*", + "codepipeline:GetJobDetails", + "codepipeline:GetPipeline", + "codepipeline:GetPipelineExecution", + "codepipeline:GetPipelineState", + "codepipeline:ListPipelines", + "codestar:Describe*", + "codestar:List*", + "cognito-identity:ListIdentityPools", + "cognito-idp:DescribeIdentityProvider", + "cognito-idp:DescribeResourceServer", + "cognito-idp:DescribeRiskConfiguration", + "cognito-idp:DescribeUserImportJob", + "cognito-idp:DescribeUserPool", + "cognito-idp:DescribeUserPoolClient", + "cognito-idp:DescribeUserPoolDomain", + "cognito-idp:ListDevices", + "cognito-idp:ListGroups", + "cognito-idp:ListIdentityProviders", + "cognito-idp:ListResourceServers", + "cognito-idp:ListTagsForResource", + "cognito-idp:ListUserImportJobs", + "cognito-idp:ListUserPoolClients", + "cognito-idp:ListUserPools", + "cognito-idp:ListUsers", + "cognito-idp:ListUsersInGroup", + "cognito-sync:Describe*", + "cognito-sync:List*", + "comprehend:Describe*", + "comprehend:List*", + "config:BatchGetAggregateResourceConfig", + "config:BatchGetResourceConfig", + "config:Deliver*", + "config:Describe*", + "config:Get*", + "config:List*", + "datapipeline:DescribeObjects", + "datapipeline:DescribePipelines", + "datapipeline:EvaluateExpression", + "datapipeline:GetPipelineDefinition", + "datapipeline:ListPipelines", + "datapipeline:QueryObjects", + "datapipeline:ValidatePipelineDefinition", + "datasync:Describe*", + "datasync:List*", + "dax:Describe*", + "dax:ListTags", + "detective:GetGraphIngestState", + "detective:ListGraphs", + "detective:ListMembers", + "directconnect:Describe*", + "dms:Describe*", + "dms:ListTagsForResource", + "ds:DescribeDirectories", + "dynamodb:DescribeContinuousBackups", + "dynamodb:DescribeGlobalTable", + "dynamodb:DescribeTable", + "dynamodb:DescribeTimeToLive", + "dynamodb:ListBackups", + "dynamodb:ListGlobalTables", + "dynamodb:ListStreams", + "dynamodb:ListTables", + "dynamodb:ListTagsOfResource", + "ec2:Describe*", + "ec2:DescribeTransitGatewayAttachments", + "ec2:DescribeTransitGatewayMulticastDomains", + "ec2:DescribeTransitGatewayPeeringAttachments", + "ec2:DescribeTransitGatewayRouteTables", + "ec2:DescribeTransitGatewayVpcAttachments", + "ec2:DescribeTransitGateways", + "ec2:GetManagedPrefixListAssociations", + "ec2:GetManagedPrefixListEntries", + "ec2:GetTransitGatewayAttachmentPropagations", + "ec2:GetTransitGatewayMulticastDomainAssociations", + "ec2:GetTransitGatewayPrefixListReferences", + "ec2:GetTransitGatewayRouteTableAssociations", + "ec2:GetTransitGatewayRouteTablePropagations", + "ecr-public:DescribeImageTags", + "ecr-public:DescribeImages", + "ecr-public:DescribeRegistries", + "ecr-public:DescribeRepositories", + "ecr-public:GetRegistryCatalogData", + "ecr-public:GetRepositoryCatalogData", + "ecr-public:GetRepositoryPolicy", + "ecr:DescribeImageScanFindings", + "ecr:DescribeImages", + "ecr:DescribeRepositories", + "ecr:GetLifecyclePolicy", + "ecr:GetRepositoryPolicy", + "ecr:ListImages", + "ecr:ListTagsForResource", + "ecs:Describe*", + "ecs:List*", + "eks:DescribeCluster", + "eks:DescribeNodeGroup", + "eks:ListClusters", + "eks:ListNodeGroups", + "elasticache:Describe*", + "elasticache:ListTagsForResource", + "elasticbeanstalk:Describe*", + "elasticbeanstalk:DescribeApplications", + "elasticbeanstalk:ListTagsForResource", + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeMountTargetSecurityGroups", + "elasticfilesystem:DescribeMountTargets", + "elasticloadbalancing:Describe*", + "elasticmapreduce:Describe*", + "elasticmapreduce:GetBlockPublicAccessConfiguration", + "elasticmapreduce:ListClusters", + "elasticmapreduce:ListInstances", + "elasticmapreduce:ListSecurityConfigurations", + "es:Describe*", + "es:ListDomainNames", + "es:ListElasticsearchInstanceTypeDetails", + "es:ListElasticsearchVersions", + "es:ListTags", + "events:Describe*", + "events:List*", + "events:TestEventPattern", + "firehose:Describe*", + "firehose:List*", + "fms:ListComplianceStatus", + "fms:ListPolicies", + "fsx:Describe*", + "fsx:List*", + "gamelift:ListBuilds", + "gamelift:ListFleets", + "glacier:DescribeVault", + "glacier:GetVaultAccessPolicy", + "glacier:ListVaults", + "globalaccelerator:Describe*", + "globalaccelerator:List*", + "glue:GetCrawlers", + "glue:GetDataCatalogEncryptionSettings", + "glue:GetDatabases", + "glue:GetDevEndpoints", + "glue:GetJobs", + "greengrass:List*", + "guardduty:DescribePublishingDestination", + "guardduty:Get*", + "guardduty:List*", + "iam:GenerateCredentialReport", + "iam:GenerateServiceLastAccessedDetails", + "iam:Get*", + "iam:List*", + "iam:SimulateCustomPolicy", + "iam:SimulatePrincipalPolicy", + "inspector:Describe*", + "inspector:Get*", + "inspector:List*", + "inspector:Preview*", + "iot:Describe*", + "iot:GetPolicy", + "iot:GetPolicyVersion", + "iot:List*", + "kinesis:DescribeLimits", + "kinesis:DescribeStream", + "kinesis:DescribeStreamConsumer", + "kinesis:DescribeStreamSummary", + "kinesis:ListStreamConsumers", + "kinesis:ListStreams", + "kinesis:ListTagsForStream", + "kinesisanalytics:ListApplications", + "kms:Describe*", + "kms:Get*", + "kms:List*", + "lambda:GetAccountSettings", + "lambda:GetFunctionConfiguration", + "lambda:GetFunctionEventInvokeConfig", + "lambda:GetLayerVersionPolicy", + "lambda:GetPolicy", + "lambda:List*", + "license-manager:List*", + "lightsail:GetInstances", + "lightsail:GetLoadBalancers", + "logs:Describe*", + "logs:ListTagsLogGroup", + "machinelearning:DescribeMLModels", + "mediaconnect:Describe*", + "mediaconnect:List*", + "mediastore:GetContainerPolicy", + "mediastore:ListContainers", + "mq:DescribeBroker", + "mq:DescribeBrokerEngineTypes", + "mq:DescribeBrokerInstanceOptions", + "mq:DescribeConfiguration", + "mq:DescribeConfigurationRevision", + "mq:DescribeUser", + "mq:ListBrokers", + "mq:ListConfigurationRevisions", + "mq:ListConfigurations", + "mq:ListTags", + "mq:ListUsers", + "network-firewall:ListFirewalls", + "opsworks-cm:DescribeServers", + "opsworks:DescribeStacks", + "organizations:Describe*", + "organizations:List*", + "quicksight:Describe*", + "quicksight:List*", + "ram:List*", + "rds:Describe*", + "rds:DownloadDBLogFilePortion", + "rds:ListTagsForResource", + "redshift:Describe*", + "rekognition:Describe*", + "rekognition:List*", + "robomaker:Describe*", + "robomaker:List*", + "route53:Get*", + "route53:List*", + "route53domains:GetDomainDetail", + "route53domains:GetOperationDetail", + "route53domains:ListDomains", + "route53domains:ListOperations", + "route53domains:ListTagsForDomain", + "route53resolver:Get*", + "route53resolver:List*", + "s3:GetAccelerateConfiguration", + "s3:GetAccessPoint", + "s3:GetAccessPointPolicy", + "s3:GetAccessPointPolicyStatus", + "s3:GetAccountPublicAccessBlock", + "s3:GetAnalyticsConfiguration", + "s3:GetBucket*", + "s3:GetEncryptionConfiguration", + "s3:GetInventoryConfiguration", + "s3:GetLifecycleConfiguration", + "s3:GetMetricsConfiguration", + "s3:GetObjectAcl", + "s3:GetObjectVersionAcl", + "s3:GetReplicationConfiguration", + "s3:ListAccessPoints", + "s3:ListAllMyBuckets", + "sagemaker:Describe*", + "sagemaker:List*", + "schemas:DescribeCodeBinding", + "schemas:DescribeDiscoverer", + "schemas:DescribeRegistry", + "schemas:DescribeSchema", + "schemas:ListDiscoverers", + "schemas:ListRegistries", + "schemas:ListSchemaVersions", + "schemas:ListSchemas", + "schemas:ListTagsForResource", + "sdb:DomainMetadata", + "sdb:ListDomains", + "secretsmanager:DescribeSecret", + "secretsmanager:GetResourcePolicy", + "secretsmanager:ListSecretVersionIds", + "secretsmanager:ListSecrets", + "securityhub:Describe*", + "securityhub:Get*", + "securityhub:List*", + "serverlessrepo:GetApplicationPolicy", + "serverlessrepo:List*", + "servicequotas:GetAWSDefaultServiceQuota", + "servicequotas:GetAssociationForServiceQuotaTemplate", + "servicequotas:GetRequestedServiceQuotaChange", + "servicequotas:GetServiceQuota", + "servicequotas:GetServiceQuotaIncreaseRequestFromTemplate", + "servicequotas:ListAWSDefaultServiceQuotas", + "servicequotas:ListRequestedServiceQuotaChangeHistory", + "servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota", + "servicequotas:ListServiceQuotaIncreaseRequestsInTemplate", + "servicequotas:ListServiceQuotas", + "servicequotas:ListServices", + "servicequotas:ListTagsForResource", + "ses:GetIdentityDkimAttributes", + "ses:GetIdentityPolicies", + "ses:GetIdentityVerificationAttributes", + "ses:ListIdentities", + "ses:ListIdentityPolicies", + "ses:ListVerifiedEmailAddresses", + "shield:Describe*", + "shield:List*", + "snowball:ListClusters", + "snowball:ListJobs", + "sns:GetTopicAttributes", + "sns:ListSubscriptions", + "sns:ListSubscriptionsByTopic", + "sns:ListTagsForResource", + "sns:ListTopics", + "sqs:GetQueueAttributes", + "sqs:ListDeadLetterSourceQueues", + "sqs:ListQueueTags", + "sqs:ListQueues", + "ssm:Describe*", + "ssm:GetAutomationExecution", + "ssm:ListAssociationVersions", + "ssm:ListAssociations", + "ssm:ListCommands", + "ssm:ListComplianceItems", + "ssm:ListComplianceSummaries", + "ssm:ListDocumentMetadataHistory", + "ssm:ListDocumentVersions", + "ssm:ListDocuments", + "ssm:ListInventoryEntries", + "ssm:ListOpsMetadata", + "ssm:ListResourceComplianceSummaries", + "ssm:ListResourceDataSync", + "ssm:ListTagsForResource", + "sso:DescribePermissionsPolicies", + "sso:List*", + "states:ListStateMachines", + "storagegateway:DescribeBandwidthRateLimit", + "storagegateway:DescribeCache", + "storagegateway:DescribeCachediSCSIVolumes", + "storagegateway:DescribeGatewayInformation", + "storagegateway:DescribeMaintenanceStartTime", + "storagegateway:DescribeNFSFileShares", + "storagegateway:DescribeSnapshotSchedule", + "storagegateway:DescribeStorediSCSIVolumes", + "storagegateway:DescribeTapeArchives", + "storagegateway:DescribeTapeRecoveryPoints", + "storagegateway:DescribeTapes", + "storagegateway:DescribeUploadBuffer", + "storagegateway:DescribeVTLDevices", + "storagegateway:DescribeWorkingStorage", + "storagegateway:List*", + "support:DescribeTrustedAdvisorCheckRefreshStatuses", + "support:DescribeTrustedAdvisorCheckResult", + "support:DescribeTrustedAdvisorCheckSummaries", + "support:DescribeTrustedAdvisorChecks", + "tag:GetResources", + "tag:GetTagKeys", + "transfer:Describe*", + "transfer:List*", + "translate:List*", + "trustedadvisor:Describe*", + "waf-regional:GetWebACL", + "waf-regional:ListResourcesForWebACL", + "waf-regional:ListTagsForResource", + "waf-regional:ListWebACLs", + "waf:GetWebACL", + "waf:ListTagsForResource", + "waf:ListWebACLs", + "wafv2:GetWebACL", + "wafv2:ListAvailableManagedRuleGroups", + "wafv2:ListIPSets", + "wafv2:ListLoggingConfigurations", + "wafv2:ListRegexPatternSets", + "wafv2:ListResourcesForWebACL", + "wafv2:ListRuleGroups", + "wafv2:ListTagsForResource", + "wafv2:ListWebACLs", + "workdocs:DescribeResourcePermissions", + "workspaces:Describe*", + "xray:GetEncryptionConfig", + "xray:GetGroup", + "xray:GetGroups", + "xray:GetSamplingRules", + "xray:GetSamplingTargets", + "xray:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "apigateway:GET" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:apigateway:*::/apis", + "arn:aws:apigateway:*::/apis/*/routes", + "arn:aws:apigateway:*::/apis/*/stages", + "arn:aws:apigateway:*::/apis/*/stages/*", + "arn:aws:apigateway:*::/clientcertificates/*", + "arn:aws:apigateway:*::/restapis", + "arn:aws:apigateway:*::/restapis/*/authorizers", + "arn:aws:apigateway:*::/restapis/*/authorizers/*", + "arn:aws:apigateway:*::/restapis/*/documentation/versions", + "arn:aws:apigateway:*::/restapis/*/resources", + "arn:aws:apigateway:*::/restapis/*/resources/*", + "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", + "arn:aws:apigateway:*::/restapis/*/stages", + "arn:aws:apigateway:*::/restapis/*/stages/*", + "arn:aws:apigateway:*::/tags/*", + "arn:aws:apigateway:*::/vpclinks" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-04-14T20:28:28+00:00" + }, + "ServerMigrationConnector":{ + "CreateDate":"2016-10-24T21:45:56+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"iam:GetUser", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "sms:SendMessage", + "sms:GetMessages" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:CreateBucket", + "s3:DeleteBucket", + "s3:DeleteObject", + "s3:GetBucketLocation", + "s3:GetObject", + "s3:ListBucket", + "s3:PutObject", + "s3:PutObjectAcl", + "s3:PutLifecycleConfiguration", + "s3:AbortMultipartUpload", + "s3:ListBucketMultipartUploads", + "s3:ListMultipartUploadParts" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::sms-b-*", + "arn:aws:s3:::import-to-ec2-*", + "arn:aws:s3:::server-migration-service-upgrade", + "arn:aws:s3:::server-migration-service-upgrade/*", + "arn:aws:s3:::connector-platform-upgrade-info/*", + "arn:aws:s3:::connector-platform-upgrade-info", + "arn:aws:s3:::connector-platform-upgrade-bundles/*", + "arn:aws:s3:::connector-platform-upgrade-bundles", + "arn:aws:s3:::connector-platform-release-notes/*", + "arn:aws:s3:::connector-platform-release-notes" + ] + }, + { + "Action":"awsconnector:*", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "SNS:Publish" + ], + "Effect":"Allow", + "Resource":"arn:aws:sns:*:*:metrics-sns-topic-for-*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2016-10-24T21:45:56+00:00" + }, + "ServerMigrationServiceConsoleFullAccess":{ + "CreateDate":"2020-05-09T17:18:57+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "sms:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudformation:ListStacks", + "cloudformation:DescribeStacks", + "cloudformation:DescribeStackResources" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"s3:ListAllMyBuckets", + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"s3:GetObject", + "Effect":"Allow", + "Resource":"arn:aws:s3:::sms-app-*/*" + }, + { + "Action":[ + "ec2:DescribeKeyPairs", + "ec2:DescribeVpcs", + "ec2:DescribeSubnets", + "ec2:DescribeSecurityGroups" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:ListRoles" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"sms.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:GetInstanceProfile", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-07-20T22:00:37+00:00" + }, + "ServerMigrationServiceLaunchRole":{ + "CreateDate":"2018-11-26T19:53:06+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:ModifyInstanceAttribute", + "ec2:StopInstances", + "ec2:StartInstances", + "ec2:TerminateInstances" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/sms-app-*/*" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:CreateTags", + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ec2:DisassociateIamInstanceProfile", + "ec2:AssociateIamInstanceProfile", + "ec2:ReplaceIamInstanceProfileAssociation" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/sms-app-*/*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"ec2.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:RunInstances", + "ec2:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "applicationinsights:Describe*", + "applicationinsights:List*", + "cloudformation:ListStackResources", + "cloudformation:DescribeStacks" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "applicationinsights:CreateApplication", + "applicationinsights:CreateComponent", + "applicationinsights:UpdateApplication", + "applicationinsights:DeleteApplication", + "applicationinsights:UpdateComponentConfiguration", + "applicationinsights:DeleteComponent" + ], + "Effect":"Allow", + "Resource":"arn:aws:applicationinsights:*:*:application/resource-group/sms-app-*" + }, + { + "Action":[ + "resource-groups:CreateGroup", + "resource-groups:GetGroup", + "resource-groups:UpdateGroup", + "resource-groups:DeleteGroup" + ], + "Condition":{ + "StringLike":{ + "aws:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/sms-app-*/*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:resource-groups:*:*:group/sms-app-*" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"application-insights.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/aws-service-role/application-insights.amazonaws.com/AWSServiceRoleForApplicationInsights" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-10-15T17:29:00+00:00" + }, + "ServerMigrationServiceRoleForInstanceValidation":{ + "CreateDate":"2020-07-20T22:25:07+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":"s3:GetObject", + "Effect":"Allow", + "Resource":"arn:aws:s3:::sms-app-*/*" + }, + { + "Action":"sms:NotifyAppValidationOutput", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-07-20T22:25:07+00:00" + }, + "ServerMigration_ServiceRole":{ + "CreateDate":"2020-08-11T20:41:44+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "cloudformation:CreateChangeSet", + "cloudformation:CreateStack" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "cloudformation:ResourceTypes":[ + "AWS::EC2::Instance", + "AWS::ApplicationInsights::Application", + "AWS::ResourceGroups::Group" + ] + }, + "Null":{ + "cloudformation:ResourceTypes":"false" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:cloudformation:*:*:stack/sms-app-*/*" + }, + { + "Action":[ + "cloudformation:DeleteStack", + "cloudformation:ExecuteChangeSet", + "cloudformation:DeleteChangeSet", + "cloudformation:DescribeChangeSet", + "cloudformation:DescribeStacks", + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStackResource", + "cloudformation:DescribeStackResources", + "cloudformation:GetTemplate" + ], + "Effect":"Allow", + "Resource":"arn:aws:cloudformation:*:*:stack/sms-app-*/*" + }, + { + "Action":[ + "cloudformation:ValidateTemplate", + "s3:ListAllMyBuckets" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "s3:CreateBucket", + "s3:DeleteBucket", + "s3:DeleteObject", + "s3:GetBucketAcl", + "s3:GetBucketLocation", + "s3:GetObject", + "s3:ListBucket", + "s3:PutObject", + "s3:PutObjectAcl", + "s3:PutLifecycleConfiguration" + ], + "Effect":"Allow", + "Resource":"arn:aws:s3:::sms-app-*" + }, + { + "Action":[ + "sms:CreateReplicationJob", + "sms:DeleteReplicationJob", + "sms:GetReplicationJobs", + "sms:GetReplicationRuns", + "sms:GetServers", + "sms:ImportServerCatalog", + "sms:StartOnDemandReplicationRun", + "sms:UpdateReplicationJob" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ssm:SendCommand", + "Effect":"Allow", + "Resource":[ + "arn:aws:ssm:*::document/AWS-RunRemoteScript", + "arn:aws:s3:::sms-app-*" + ] + }, + { + "Action":"ssm:SendCommand", + "Condition":{ + "StringEquals":{ + "ssm:resourceTag/UseForSMSApplicationValidation":[ + "true" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":[ + "ssm:CancelCommand", + "ssm:GetCommandInvocation" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"ec2:CreateTags", + "Condition":{ + "StringEquals":{ + "ec2:CreateAction":"CopySnapshot" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*" + }, + { + "Action":"ec2:CopySnapshot", + "Condition":{ + "StringLike":{ + "aws:RequestTag/SMSJobId":[ + "sms-*" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*" + }, + { + "Action":[ + "ec2:ModifySnapshotAttribute", + "ec2:DeleteSnapshot" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/SMSJobId":[ + "sms-*" + ] + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:snapshot/*" + }, + { + "Action":[ + "ec2:CopyImage", + "ec2:DescribeImages", + "ec2:DescribeInstances", + "ec2:DescribeSnapshots", + "ec2:DescribeSnapshotAttribute", + "ec2:DeregisterImage", + "ec2:ImportImage", + "ec2:DescribeImportImageTasks", + "ec2:GetEbsEncryptionByDefault" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:GetRole", + "iam:GetInstanceProfile" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:DisassociateIamInstanceProfile", + "ec2:AssociateIamInstanceProfile", + "ec2:ReplaceIamInstanceProfileAssociation" + ], + "Condition":{ + "StringLike":{ + "ec2:ResourceTag/aws:cloudformation:stack-id":"arn:aws:cloudformation:*:*:stack/sms-app-*/*" + } + }, + "Effect":"Allow", + "Resource":"arn:aws:ec2:*:*:instance/*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEquals":{ + "iam:PassedToService":"ec2.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":"iam:PassRole", + "Condition":{ + "StringEqualsIfExists":{ + "iam:PassedToService":"cloudformation.amazonaws.com" + }, + "StringLike":{ + "iam:AssociatedResourceArn":"arn:aws:cloudformation:*:*:stack/sms-app-*/*" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-10-15T17:26:32+00:00" + }, + "ServiceQuotasFullAccess":{ + "CreateDate":"2019-06-24T15:44:35+00:00", + "DefaultVersionId":"v4", + "Document":{ + "Statement":[ + { + "Action":[ + "autoscaling:DescribeAccountLimits", + "cloudformation:DescribeAccountLimits", + "cloudwatch:DescribeAlarmsForMetric", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics", + "cloudwatch:PutMetricAlarm", + "dynamodb:DescribeLimits", + "elasticloadbalancing:DescribeAccountLimits", + "iam:GetAccountSummary", + "kinesis:DescribeLimits", + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:ListAWSServiceAccessForOrganization", + "rds:DescribeAccountAttributes", + "route53:GetAccountLimit", + "tag:GetTagKeys", + "tag:GetTagValues", + "servicequotas:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "cloudwatch:DeleteAlarms" + ], + "Condition":{ + "Null":{ + "aws:ResourceTag/ServiceQuotaMonitor":"false" + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "organizations:EnableAWSServiceAccess" + ], + "Condition":{ + "StringLike":{ + "organizations:ServicePrincipal":[ + "servicequotas.amazonaws.com" + ] + } + }, + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "iam:CreateServiceLinkedRole" + ], + "Condition":{ + "StringEquals":{ + "iam:AWSServiceName":"servicequotas.amazonaws.com" + } + }, + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2021-02-04T21:29:43+00:00" + }, + "ServiceQuotasReadOnlyAccess":{ + "CreateDate":"2019-06-24T15:31:06+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "autoscaling:DescribeAccountLimits", + "cloudformation:DescribeAccountLimits", + "cloudwatch:DescribeAlarmsForMetric", + "cloudwatch:DescribeAlarms", + "cloudwatch:GetMetricData", + "cloudwatch:GetMetricStatistics", + "dynamodb:DescribeLimits", + "elasticloadbalancing:DescribeAccountLimits", + "iam:GetAccountSummary", + "kinesis:DescribeLimits", + "organizations:DescribeAccount", + "organizations:DescribeOrganization", + "organizations:ListAWSServiceAccessForOrganization", + "rds:DescribeAccountAttributes", + "route53:GetAccountLimit", + "tag:GetTagKeys", + "tag:GetTagValues", + "servicequotas:GetAssociationForServiceQuotaTemplate", + "servicequotas:GetAWSDefaultServiceQuota", + "servicequotas:GetRequestedServiceQuotaChange", + "servicequotas:GetServiceQuota", + "servicequotas:GetServiceQuotaIncreaseRequestFromTemplate", + "servicequotas:ListAWSDefaultServiceQuotas", + "servicequotas:ListRequestedServiceQuotaChangeHistory", + "servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota", + "servicequotas:ListServices", + "servicequotas:ListServiceQuotas", + "servicequotas:ListServiceQuotaIncreaseRequestsInTemplate", + "servicequotas:ListTagsForResource" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-12-21T18:11:57+00:00" + }, + "ServiceQuotasServiceRolePolicy":{ + "CreateDate":"2019-05-22T20:44:17+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "support:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-06-24T14:52:56+00:00" + }, + "SimpleWorkflowFullAccess":{ + "CreateDate":"2015-02-06T18:41:04+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "swf:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-02-06T18:41:04+00:00" + }, + "SupportUser":{ + "CreateDate":"2016-11-10T17:21:53+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "support:*", + "acm:DescribeCertificate", + "acm:GetCertificate", + "acm:List*", + "acm-pca:DescribeCertificateAuthority", + "acm-pca:ListCertificateAuthorities", + "apigateway:GET", + "autoscaling:Describe*", + "aws-marketplace:ViewSubscriptions", + "cloudformation:Describe*", + "cloudformation:Get*", + "cloudformation:List*", + "cloudformation:EstimateTemplateCost", + "cloudfront:Get*", + "cloudfront:List*", + "cloudsearch:Describe*", + "cloudsearch:List*", + "cloudtrail:DescribeTrails", + "cloudtrail:GetTrailStatus", + "cloudtrail:LookupEvents", + "cloudtrail:ListTags", + "cloudtrail:ListPublicKeys", + "cloudwatch:Describe*", + "cloudwatch:Get*", + "cloudwatch:List*", + "codecommit:BatchGetRepositories", + "codecommit:Get*", + "codecommit:List*", + "codedeploy:Batch*", + "codedeploy:Get*", + "codedeploy:List*", + "codepipeline:AcknowledgeJob", + "codepipeline:AcknowledgeThirdPartyJob", + "codepipeline:ListActionTypes", + "codepipeline:ListPipelines", + "codepipeline:PollForJobs", + "codepipeline:PollForThirdPartyJobs", + "codepipeline:GetPipelineState", + "codepipeline:GetPipeline", + "cognito-identity:List*", + "cognito-identity:LookupDeveloperIdentity", + "cognito-identity:Describe*", + "cognito-idp:DescribeResourceServer", + "cognito-idp:DescribeRiskConfiguration", + "cognito-idp:DescribeUserImportJob", + "cognito-idp:DescribeUserPool", + "cognito-idp:DescribeUserPoolDomain", + "cognito-idp:List*", + "cognito-sync:Describe*", + "cognito-sync:GetBulkPublishDetails", + "cognito-sync:GetCognitoEvents", + "cognito-sync:GetIdentityPoolConfiguration", + "cognito-sync:List*", + "config:DescribeConfigurationRecorders", + "config:DescribeConfigurationRecorderStatus", + "config:DescribeConfigRuleEvaluationStatus", + "config:DescribeConfigRules", + "config:DescribeDeliveryChannels", + "config:DescribeDeliveryChannelStatus", + "config:GetResourceConfigHistory", + "config:ListDiscoveredResources", + "datapipeline:DescribeObjects", + "datapipeline:DescribePipelines", + "datapipeline:GetPipelineDefinition", + "datapipeline:ListPipelines", + "datapipeline:QueryObjects", + "datapipeline:ReportTaskProgress", + "datapipeline:ReportTaskRunnerHeartbeat", + "devicefarm:List*", + "devicefarm:Get*", + "directconnect:Describe*", + "discovery:Describe*", + "discovery:ListConfigurations", + "dms:Describe*", + "dms:List*", + "ds:DescribeDirectories", + "ds:DescribeSnapshots", + "ds:GetDirectoryLimits", + "ds:GetSnapshotLimits", + "ds:ListAuthorizedApplications", + "dynamodb:DescribeLimits", + "dynamodb:DescribeTable", + "dynamodb:ListTables", + "ec2:Describe*", + "ec2:DescribeHosts", + "ec2:describeIdentityIdFormat", + "ec2:DescribeIdFormat", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeNatGateways", + "ec2:DescribeReservedInstancesModifications", + "ec2:DescribeTags", + "ecr:GetRepositoryPolicy", + "ecr:BatchCheckLayerAvailability", + "ecr:DescribeRepositories", + "ecr:ListImages", + "ecs:Describe*", + "ecs:List*", + "elasticache:Describe*", + "elasticache:List*", + "elasticbeanstalk:Check*", + "elasticbeanstalk:Describe*", + "elasticbeanstalk:List*", + "elasticbeanstalk:RequestEnvironmentInfo", + "elasticbeanstalk:RetrieveEnvironmentInfo", + "elasticbeanstalk:ValidateConfigurationSettings", + "elasticfilesystem:Describe*", + "elasticloadbalancing:Describe*", + "elasticmapreduce:Describe*", + "elasticmapreduce:List*", + "elastictranscoder:List*", + "elastictranscoder:ReadJob", + "elasticfilesystem:DescribeFileSystems", + "es:Describe*", + "es:List*", + "es:ESHttpGet", + "es:ESHttpHead", + "events:DescribeRule", + "events:List*", + "events:TestEventPattern", + "firehose:Describe*", + "firehose:List*", + "gamelift:List*", + "gamelift:Describe*", + "glacier:ListVaults", + "glacier:DescribeVault", + "glacier:DescribeJob", + "glacier:Get*", + "glacier:List*", + "iam:GenerateCredentialReport", + "iam:GenerateServiceLastAccessedDetails", + "iam:Get*", + "iam:List*", + "importexport:GetStatus", + "importexport:ListJobs", + "inspector:Describe*", + "inspector:List*", + "iot:Describe*", + "iot:Get*", + "iot:List*", + "kinesisanalytics:DescribeApplication", + "kinesisanalytics:DiscoverInputSchema", + "kinesisanalytics:GetApplicationState", + "kinesisanalytics:ListApplications", + "kinesis:Describe*", + "kinesis:Get*", + "kinesis:List*", + "kms:Describe*", + "kms:Get*", + "kms:List*", + "lambda:List*", + "lambda:Get*", + "logs:Describe*", + "logs:TestMetricFilter", + "machinelearning:Describe*", + "machinelearning:Get*", + "mobilehub:GetProject", + "mobilehub:List*", + "mobilehub:ValidateProject", + "mobilehub:VerifyServiceRole", + "opsworks:Describe*", + "rds:Describe*", + "rds:ListTagsForResource", + "redshift:Describe*", + "route53:Get*", + "route53:List*", + "route53domains:CheckDomainAvailability", + "route53domains:GetDomainDetail", + "route53domains:GetOperationDetail", + "route53domains:List*", + "s3:List*", + "sdb:GetAttributes", + "sdb:List*", + "sdb:Select*", + "servicecatalog:SearchProducts", + "servicecatalog:DescribeProduct", + "servicecatalog:DescribeProductView", + "servicecatalog:ListLaunchPaths", + "servicecatalog:DescribeProvisioningParameters", + "servicecatalog:ListRecordHistory", + "servicecatalog:DescribeRecord", + "servicecatalog:ScanProvisionedProducts", + "ses:Get*", + "ses:List*", + "sns:Get*", + "sns:List*", + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "sqs:ListQueues", + "sqs:ReceiveMessage", + "ssm:List*", + "ssm:Describe*", + "storagegateway:Describe*", + "storagegateway:List*", + "swf:Count*", + "swf:Describe*", + "swf:Get*", + "swf:List*", + "waf:Get*", + "waf:List*", + "workdocs:Describe*", + "workmail:Describe*", + "workmail:Get*", + "workspaces:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/job-function/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-02-02T15:11:42+00:00" + }, + "SystemAdministrator":{ + "CreateDate":"2016-11-10T17:23:56+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "acm:Describe*", + "acm:Get*", + "acm:List*", + "acm:Request*", + "acm:Resend*", + "autoscaling:*", + "cloudtrail:DescribeTrails", + "cloudtrail:GetTrailStatus", + "cloudtrail:ListPublicKeys", + "cloudtrail:ListTags", + "cloudtrail:LookupEvents", + "cloudtrail:StartLogging", + "cloudtrail:StopLogging", + "cloudwatch:*", + "codecommit:BatchGetRepositories", + "codecommit:CreateBranch", + "codecommit:CreateRepository", + "codecommit:Get*", + "codecommit:GitPull", + "codecommit:GitPush", + "codecommit:List*", + "codecommit:Put*", + "codecommit:Test*", + "codecommit:Update*", + "codedeploy:*", + "codepipeline:*", + "config:*", + "ds:*", + "ec2:Allocate*", + "ec2:AssignPrivateIpAddresses*", + "ec2:Associate*", + "ec2:Allocate*", + "ec2:AttachInternetGateway", + "ec2:AttachNetworkInterface", + "ec2:AttachVpnGateway", + "ec2:Bundle*", + "ec2:Cancel*", + "ec2:Copy*", + "ec2:CreateCustomerGateway", + "ec2:CreateDhcpOptions", + "ec2:CreateFlowLogs", + "ec2:CreateImage", + "ec2:CreateInstanceExportTask", + "ec2:CreateInternetGateway", + "ec2:CreateKeyPair", + "ec2:CreateLaunchTemplate", + "ec2:CreateLaunchTemplateVersion", + "ec2:CreateNatGateway", + "ec2:CreateNetworkInterface", + "ec2:CreatePlacementGroup", + "ec2:CreateReservedInstancesListing", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateSecurityGroup", + "ec2:CreateSnapshot", + "ec2:CreateSpotDatafeedSubscription", + "ec2:CreateSubnet", + "ec2:CreateTags", + "ec2:CreateVolume", + "ec2:CreateVpc", + "ec2:CreateVpcEndpoint", + "ec2:CreateVpnConnection", + "ec2:CreateVpnConnectionRoute", + "ec2:CreateVpnGateway", + "ec2:DeleteFlowLogs", + "ec2:DeleteKeyPair", + "ec2:DeleteLaunchTemplate", + "ec2:DeleteLaunchTemplateVersions", + "ec2:DeleteNatGateway", + "ec2:DeleteNetworkInterface", + "ec2:DeletePlacementGroup", + "ec2:DeleteSnapshot", + "ec2:DeleteSpotDatafeedSubscription", + "ec2:DeleteSubnet", + "ec2:DeleteTags", + "ec2:DeleteVpc", + "ec2:DeleteVpcEndpoints", + "ec2:DeleteVpnConnection", + "ec2:DeleteVpnConnectionRoute", + "ec2:DeleteVpnGateway", + "ec2:DeregisterImage", + "ec2:Describe*", + "ec2:DetachInternetGateway", + "ec2:DetachNetworkInterface", + "ec2:DetachVpnGateway", + "ec2:DisableVgwRoutePropagation", + "ec2:DisableVpcClassicLinkDnsSupport", + "ec2:DisassociateAddress", + "ec2:DisassociateRouteTable", + "ec2:EnableVgwRoutePropagation", + "ec2:EnableVolumeIO", + "ec2:EnableVpcClassicLinkDnsSupport", + "ec2:GetConsoleOutput", + "ec2:GetHostReservationPurchasePreview", + "ec2:GetLaunchTemplateData", + "ec2:GetPasswordData", + "ec2:Import*", + "ec2:Modify*", + "ec2:MonitorInstances", + "ec2:MoveAddressToVpc", + "ec2:Purchase*", + "ec2:RegisterImage", + "ec2:Release*", + "ec2:Replace*", + "ec2:ReportInstanceStatus", + "ec2:Request*", + "ec2:Reset*", + "ec2:RestoreAddressToClassic", + "ec2:RunScheduledInstances", + "ec2:UnassignPrivateIpAddresses", + "ec2:UnmonitorInstances", + "ec2:UpdateSecurityGroupRuleDescriptionsEgress", + "ec2:UpdateSecurityGroupRuleDescriptionsIngress", + "elasticloadbalancing:*", + "events:*", + "iam:GetAccount*", + "iam:GetContextKeys*", + "iam:GetCredentialReport", + "iam:ListAccountAliases", + "iam:ListGroups", + "iam:ListOpenIDConnectProviders", + "iam:ListPolicies", + "iam:ListPoliciesGrantingServiceAccess", + "iam:ListRoles", + "iam:ListSAMLProviders", + "iam:ListServerCertificates", + "iam:Simulate*", + "iam:UpdateServerCertificate", + "iam:UpdateSigningCertificate", + "kinesis:ListStreams", + "kinesis:PutRecord", + "kms:CreateAlias", + "kms:CreateKey", + "kms:DeleteAlias", + "kms:Describe*", + "kms:GenerateRandom", + "kms:Get*", + "kms:List*", + "kms:Encrypt", + "kms:ReEncrypt*", + "lambda:Create*", + "lambda:Delete*", + "lambda:Get*", + "lambda:InvokeFunction", + "lambda:List*", + "lambda:PublishVersion", + "lambda:Update*", + "logs:*", + "rds:Describe*", + "rds:ListTagsForResource", + "route53:*", + "route53domains:*", + "ses:*", + "sns:*", + "sqs:*", + "trustedadvisor:*" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "ec2:AcceptVpcPeeringConnection", + "ec2:AttachClassicLinkVpc", + "ec2:AttachVolume", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateVpcPeeringConnection", + "ec2:DeleteCustomerGateway", + "ec2:DeleteDhcpOptions", + "ec2:DeleteInternetGateway", + "ec2:DeleteNetworkAcl*", + "ec2:DeleteRoute", + "ec2:DeleteRouteTable", + "ec2:DeleteSecurityGroup", + "ec2:DeleteVolume", + "ec2:DeleteVpcPeeringConnection", + "ec2:DetachClassicLinkVpc", + "ec2:DetachVolume", + "ec2:DisableVpcClassicLink", + "ec2:EnableVpcClassicLink", + "ec2:GetConsoleScreenshot", + "ec2:RebootInstances", + "ec2:RejectVpcPeeringConnection", + "ec2:RevokeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RunInstances", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":"s3:*", + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "iam:GetAccessKeyLastUsed", + "iam:GetGroup*", + "iam:GetInstanceProfile", + "iam:GetLoginProfile", + "iam:GetOpenIDConnectProvider", + "iam:GetPolicy*", + "iam:GetRole*", + "iam:GetSAMLProvider", + "iam:GetSSHPublicKey", + "iam:GetServerCertificate", + "iam:GetServiceLastAccessed*", + "iam:GetUser*", + "iam:ListAccessKeys", + "iam:ListAttached*", + "iam:ListEntitiesForPolicy", + "iam:ListGroupPolicies", + "iam:ListGroupsForUser", + "iam:ListInstanceProfiles*", + "iam:ListMFADevices", + "iam:ListPolicyVersions", + "iam:ListRolePolicies", + "iam:ListSSHPublicKeys", + "iam:ListSigningCertificates", + "iam:ListUserPolicies", + "iam:Upload*" + ], + "Effect":"Allow", + "Resource":[ + "*" + ] + }, + { + "Action":[ + "iam:GetRole", + "iam:ListRoles", + "iam:PassRole" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:iam::*:role/rds-monitoring-role", + "arn:aws:iam::*:role/ec2-sysadmin-*", + "arn:aws:iam::*:role/ecr-sysadmin-*", + "arn:aws:iam::*:role/lambda-sysadmin-*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/job-function/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-08-24T20:05:29+00:00" + }, + "TranslateFullAccess":{ + "CreateDate":"2018-11-27T23:36:20+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "translate:*", + "comprehend:DetectDominantLanguage", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "s3:GetBucketLocation", + "iam:ListRoles", + "iam:GetRole" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-01-08T21:22:27+00:00" + }, + "TranslateReadOnly":{ + "CreateDate":"2017-11-29T18:22:00+00:00", + "DefaultVersionId":"v6", + "Document":{ + "Statement":[ + { + "Action":[ + "translate:TranslateText", + "translate:GetTerminology", + "translate:ListTerminologies", + "translate:ListTextTranslationJobs", + "translate:DescribeTextTranslationJob", + "translate:GetParallelData", + "translate:ListParallelData", + "comprehend:DetectDominantLanguage", + "cloudwatch:GetMetricStatistics", + "cloudwatch:ListMetrics" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-11-23T17:31:06+00:00" + }, + "VMImportExportRoleForAWSConnector":{ + "CreateDate":"2015-09-03T20:48:59+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "s3:ListBucket", + "s3:GetBucketLocation", + "s3:GetObject" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:s3:::import-to-ec2-*" + ] + }, + { + "Action":[ + "ec2:ModifySnapshotAttribute", + "ec2:CopySnapshot", + "ec2:RegisterImage", + "ec2:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2015-09-03T20:48:59+00:00" + }, + "ViewOnlyAccess":{ + "CreateDate":"2016-11-10T17:20:15+00:00", + "DefaultVersionId":"v15", + "Document":{ + "Statement":[ + { + "Action":[ + "acm:ListCertificates", + "athena:List*", + "autoscaling:Describe*", + "aws-marketplace:ViewSubscriptions", + "batch:ListJobs", + "clouddirectory:ListAppliedSchemaArns", + "clouddirectory:ListDevelopmentSchemaArns", + "clouddirectory:ListDirectories", + "clouddirectory:ListPublishedSchemaArns", + "cloudformation:DescribeStacks", + "cloudformation:List*", + "cloudfront:List*", + "cloudhsm:ListAvailableZones", + "cloudhsm:ListHapgs", + "cloudhsm:ListHsms", + "cloudhsm:ListLunaClients", + "cloudsearch:DescribeDomains", + "cloudsearch:List*", + "cloudtrail:DescribeTrails", + "cloudtrail:LookupEvents", + "cloudwatch:Get*", + "cloudwatch:List*", + "codebuild:ListBuilds*", + "codebuild:ListProjects", + "codecommit:List*", + "codedeploy:Get*", + "codedeploy:List*", + "codepipeline:ListPipelines", + "codestar:List*", + "cognito-identity:ListIdentities", + "cognito-identity:ListIdentityPools", + "cognito-idp:List*", + "cognito-sync:ListDatasets", + "config:Describe*", + "config:List*", + "connect:List*", + "comprehend:Describe*", + "comprehend:List*", + "datapipeline:DescribePipelines", + "datapipeline:GetAccountLimits", + "datapipeline:ListPipelines", + "dax:DescribeClusters", + "dax:DescribeDefaultParameters", + "dax:DescribeEvents", + "dax:DescribeParameterGroups", + "dax:DescribeParameters", + "dax:DescribeSubnetGroups", + "dax:ListTags", + "devicefarm:List*", + "directconnect:Describe*", + "discovery:List*", + "dms:List*", + "ds:DescribeDirectories", + "dynamodb:DescribeBackup", + "dynamodb:DescribeContinuousBackups", + "dynamodb:DescribeGlobalTable", + "dynamodb:DescribeGlobalTableSettings", + "dynamodb:DescribeLimits", + "dynamodb:DescribeReservedCapacity", + "dynamodb:DescribeReservedCapacityOfferings", + "dynamodb:DescribeStream", + "dynamodb:DescribeTable", + "dynamodb:DescribeTimeToLive", + "dynamodb:ListBackups", + "dynamodb:ListGlobalTables", + "dynamodb:ListStreams", + "dynamodb:ListTables", + "dynamodb:ListTagsOfResource", + "ec2:DescribeAccountAttributes", + "ec2:DescribeAddresses", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeBundleTasks", + "ec2:DescribeCarrierGateways", + "ec2:DescribeClassicLinkInstances", + "ec2:DescribeConversionTasks", + "ec2:DescribeCustomerGateways", + "ec2:DescribeDhcpOptions", + "ec2:DescribeExportTasks", + "ec2:DescribeFlowLogs", + "ec2:DescribeHost*", + "ec2:DescribeIdFormat", + "ec2:DescribeIdentityIdFormat", + "ec2:DescribeImage*", + "ec2:DescribeImport*", + "ec2:DescribeInstance*", + "ec2:DescribeInternetGateways", + "ec2:DescribeKeyPairs", + "ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", + "ec2:DescribeLocalGatewayRouteTableVpcAssociations", + "ec2:DescribeLocalGatewayRouteTables", + "ec2:DescribeLocalGatewayVirtualInterfaceGroups", + "ec2:DescribeLocalGatewayVirtualInterfaces", + "ec2:DescribeLocalGateways", + "ec2:DescribeMovingAddresses", + "ec2:DescribeNatGateways", + "ec2:DescribeNetwork*", + "ec2:DescribePlacementGroups", + "ec2:DescribePrefixLists", + "ec2:DescribeRegions", + "ec2:DescribeReserved*", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSnapshot*", + "ec2:DescribeSpot*", + "ec2:DescribeSubnets", + "ec2:DescribeTags", + "ec2:DescribeVolume*", + "ec2:DescribeVpc*", + "ec2:DescribeVpnGateways", + "ec2:SearchLocalGatewayRoutes", + "ecr:DescribeRepositories", + "ecr:ListImages", + "ecs:Describe*", + "ecs:List*", + "elastic-inference:DescribeAccelerators", + "elastic-inference:DescribeAcceleratorTypes", + "elastic-inference:DescribeAcceleratorOfferings", + "elastic-inference:ListTagsForResource", + "elasticache:Describe*", + "elasticbeanstalk:DescribeApplicationVersions", + "elasticbeanstalk:DescribeApplications", + "elasticbeanstalk:DescribeEnvironments", + "elasticbeanstalk:ListAvailableSolutionStacks", + "elasticfilesystem:DescribeFileSystems", + "elasticloadbalancing:DescribeInstanceHealth", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancers", + "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeTargetHealth", + "elasticmapreduce:List*", + "elastictranscoder:List*", + "es:DescribeElasticsearchDomain", + "es:DescribeElasticsearchDomains", + "es:ListDomainNames", + "events:ListRuleNamesByTarget", + "events:ListRules", + "events:ListTargetsByRule", + "firehose:DescribeDeliveryStream", + "firehose:List*", + "fsx:DescribeFileSystems", + "gamelift:List*", + "glacier:List*", + "greengrass:List*", + "iam:GetAccountSummary", + "iam:GetLoginProfile", + "iam:List*", + "importexport:ListJobs", + "inspector:List*", + "iot:List*", + "kinesis:ListStreams", + "kinesisanalytics:ListApplications", + "kms:ListKeys", + "lambda:List*", + "lex:GetBotAliases", + "lex:GetBotChannelAssociations", + "lex:GetBotVersions", + "lex:GetBots", + "lex:GetIntentVersions", + "lex:GetIntents", + "lex:GetSlotTypeVersions", + "lex:GetSlotTypes", + "lex:GetUtterancesView", + "lightsail:GetBlueprints", + "lightsail:GetBundles", + "lightsail:GetInstanceSnapshots", + "lightsail:GetInstances", + "lightsail:GetKeyPair", + "lightsail:GetRegions", + "lightsail:GetStaticIps", + "lightsail:IsVpcPeered", + "logs:Describe*", + "lookoutvision:ListModelPackagingJobs", + "lookoutvision:ListModels", + "lookoutvision:ListProjects", + "machinelearning:Describe*", + "mediaconnect:ListEntitlements", + "mediaconnect:ListFlows", + "mediaconnect:ListOfferings", + "mediaconnect:ListReservations", + "mobilehub:ListAvailableFeatures", + "mobilehub:ListAvailableRegions", + "mobilehub:ListProjects", + "mobiletargeting:GetApplicationSettings", + "mobiletargeting:GetCampaigns", + "mobiletargeting:GetImportJobs", + "mobiletargeting:GetSegments", + "opsworks-cm:Describe*", + "opsworks:Describe*", + "organizations:List*", + "outposts:GetOutpost", + "outposts:GetOutpostInstanceTypes", + "outposts:ListOutposts", + "outposts:ListSites", + "outposts:ListTagsForResource", + "polly:Describe*", + "polly:List*", + "rds:Describe*", + "redshift:DescribeClusters", + "redshift:DescribeEvents", + "redshift:ViewQueriesInConsole", + "route53:Get*", + "route53:List*", + "route53domains:List*", + "route53resolver:Get*", + "route53resolver:List*", + "s3:ListAllMyBuckets", + "s3:ListBucket", + "sagemaker:Describe*", + "sagemaker:List*", + "sdb:List*", + "servicecatalog:List*", + "ses:List*", + "shield:List*", + "sns:List*", + "sqs:ListQueues", + "ssm:ListAssociations", + "ssm:ListDocuments", + "states:ListActivities", + "states:ListStateMachines", + "storagegateway:ListGateways", + "storagegateway:ListLocalDisks", + "storagegateway:ListVolumeRecoveryPoints", + "storagegateway:ListVolumes", + "swf:List*", + "trustedadvisor:Describe*", + "waf-regional:List*", + "waf:List*", + "wafv2:List*", + "workdocs:DescribeAvailableDirectories", + "workdocs:DescribeInstances", + "workmail:Describe*", + "workspaces:Describe*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/job-function/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2022-05-06T21:01:44+00:00" + }, + "WAFLoggingServiceRolePolicy":{ + "CreateDate":"2018-08-24T21:05:47+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "firehose:PutRecord", + "firehose:PutRecordBatch" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:firehose:*:*:deliverystream/aws-waf-logs-*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-08-24T21:05:47+00:00" + }, + "WAFRegionalLoggingServiceRolePolicy":{ + "CreateDate":"2018-08-24T18:40:55+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "firehose:PutRecord", + "firehose:PutRecordBatch" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:firehose:*:*:deliverystream/aws-waf-logs-*" + ] + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-08-24T18:40:55+00:00" + }, + "WAFV2LoggingServiceRolePolicy":{ + "CreateDate":"2019-11-07T00:40:56+00:00", + "DefaultVersionId":"v2", + "Document":{ + "Statement":[ + { + "Action":[ + "firehose:PutRecord", + "firehose:PutRecordBatch" + ], + "Effect":"Allow", + "Resource":[ + "arn:aws:firehose:*:*:deliverystream/aws-waf-logs-*" + ] + }, + { + "Action":"organizations:DescribeOrganization", + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/aws-service-role/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2020-07-23T17:04:25+00:00" + }, + "WellArchitectedConsoleFullAccess":{ + "CreateDate":"2018-11-29T18:19:23+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "wellarchitected:*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-11-29T18:19:23+00:00" + }, + "WellArchitectedConsoleReadOnlyAccess":{ + "CreateDate":"2018-11-29T18:21:08+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "wellarchitected:Get*", + "wellarchitected:List*" + ], + "Effect":"Allow", + "Resource":"*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2018-11-29T18:21:08+00:00" + }, + "WorkLinkServiceRolePolicy":{ + "CreateDate":"2019-01-23T19:03:45+00:00", + "DefaultVersionId":"v1", + "Document":{ + "Statement":[ + { + "Action":[ + "ec2:CreateNetworkInterface", + "ec2:DeleteNetworkInterfacePermission", + "ec2:CreateNetworkInterfacePermission", + "ec2:ModifyNetworkInterfaceAttribute", + "ec2:DeleteNetworkInterface" + ], + "Effect":"Allow", + "Resource":"*" + }, + { + "Action":[ + "kinesis:PutRecord", + "kinesis:PutRecords" + ], + "Effect":"Allow", + "Resource":"arn:aws:kinesis:*:*:stream/AmazonWorkLink-*" + } + ], + "Version":"2012-10-17" + }, + "Path":"/", + "PermissionsBoundaryUsageCount":0, + "UpdateDate":"2019-01-23T19:03:45+00:00" + } }""" diff --git a/scripts/update_managed_policies.py b/scripts/update_managed_policies.py index 2e227b752..a5a63c0f3 100755 --- a/scripts/update_managed_policies.py +++ b/scripts/update_managed_policies.py @@ -32,7 +32,12 @@ try: response_iterator = paginator.paginate(Scope="AWS") for response in response_iterator: for policy in response["Policies"]: - policies[policy["PolicyName"]] = policy + policy.pop("AttachmentCount", None) + policy.pop("IsAttachable", None) + policy.pop("IsDefaultVersion", None) + policy.pop("PolicyId", None) + policy_name = policy.pop("PolicyName") + policies[policy_name] = policy except NoCredentialsError: print("USAGE:") print("Put your AWS credentials into ~/.aws/credentials and run:") @@ -48,14 +53,14 @@ except NoCredentialsError: sys.exit(1) for policy_name in policies: + # We don't need the ARN afterwards + policy_arn = policies[policy_name].pop("Arn") response = client.get_policy_version( - PolicyArn=policies[policy_name]["Arn"], + PolicyArn=policy_arn, VersionId=policies[policy_name]["DefaultVersionId"], ) for key in response["PolicyVersion"]: - if ( - key != "CreateDate" - ): # the policy's CreateDate should not be overwritten by its version's CreateDate + if key in ["DefaultVersionId", "Path", "Document", "UpdateDate"]: policies[policy_name][key] = response["PolicyVersion"][key] with open(output_file, "w") as f: @@ -67,8 +72,8 @@ with open(output_file, "w") as f: json.dumps( policies, sort_keys=True, - indent=4, - separators=(",", ": "), + indent=1, + separators=(",", ":"), default=json_serial, ) )