Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
moto/moto/iam/aws_managed_policies.py
Bert Blommers cbeeefbec9
Prep release 2.0.9 (#4007) 
* Update implementation coverage

* EC2 - Update instance type offerings

* IAM - update list of managed policies

* Changelog for release 2.0.9

* Instance Type Offerings - fix number of available offerings
2021-06-12 13:57:29 +01:00

54609 lines
2.1 MiB
Raw Blame History

# Imported via `make aws_managed_policies`
aws_managed_policies_data = """
{
"APIGatewayServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/APIGatewayServiceRolePolicy",
"AttachmentCount": 1,
"CreateDate": "2017-10-20T17:23:10+00:00",
"DefaultVersionId": "v8",
"Document": {
"Statement": [
{
"Action": [
"elasticloadbalancing:AddListenerCertificates",
"elasticloadbalancing:RemoveListenerCertificates",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"xray:PutTraceSegments",
"xray:PutTelemetryRecords",
"xray:GetSamplingTargets",
"xray:GetSamplingRules",
"logs:CreateLogDelivery",
"logs:GetLogDelivery",
"logs:UpdateLogDelivery",
"logs:DeleteLogDelivery",
"logs:ListLogDeliveries",
"servicediscovery:DiscoverInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"firehose:DescribeDeliveryStream",
"firehose:PutRecord",
"firehose:PutRecordBatch"
],
"Effect": "Allow",
"Resource": "arn:aws:firehose:*:*:deliverystream/amazon-apigateway-*"
},
{
"Action": [
"acm:DescribeCertificate"
],
"Effect": "Allow",
"Resource": "arn:aws:acm:*:*:certificate/*"
},
{
"Action": "ec2:CreateNetworkInterfacePermission",
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:network-interface/*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"Owner",
"VpcLinkId"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:network-interface/*"
},
{
"Action": [
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DeleteNetworkInterface",
"ec2:AssignPrivateIpAddresses",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeVpcs",
"ec2:DescribeNetworkInterfacePermissions",
"ec2:UnassignPrivateIpAddresses",
"ec2:DescribeSubnets",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "servicediscovery:GetNamespace",
"Effect": "Allow",
"Resource": "arn:aws:servicediscovery:*:*:namespace/*"
},
{
"Action": "servicediscovery:GetService",
"Effect": "Allow",
"Resource": "arn:aws:servicediscovery:*:*:service/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJQQDZNLDBF2ULTWK6",
"PolicyName": "APIGatewayServiceRolePolicy",
"UpdateDate": "2020-02-25T20:24:49+00:00",
"VersionId": "v8"
},
"AWSAccountActivityAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSAccountActivityAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:18+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"aws-portal:ViewBilling"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJQRYCWMFX5J3E333K",
"PolicyName": "AWSAccountActivityAccess",
"UpdateDate": "2015-02-06T18:41:18+00:00",
"VersionId": "v1"
},
"AWSAccountUsageReportAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSAccountUsageReportAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:19+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"aws-portal:ViewUsage"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJLIB4VSBVO47ZSBB6",
"PolicyName": "AWSAccountUsageReportAccess",
"UpdateDate": "2015-02-06T18:41:19+00:00",
"VersionId": "v1"
},
"AWSAgentlessDiscoveryService": {
"Arn": "arn:aws:iam::aws:policy/AWSAgentlessDiscoveryService",
"AttachmentCount": 0,
"CreateDate": "2016-08-02T01:35:11+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"awsconnector:RegisterConnector",
"awsconnector:GetConnectorHealth"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:GetUser",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::connector-platform-upgrade-info/*",
"arn:aws:s3:::connector-platform-upgrade-info",
"arn:aws:s3:::connector-platform-upgrade-bundles/*",
"arn:aws:s3:::connector-platform-upgrade-bundles",
"arn:aws:s3:::connector-platform-release-notes/*",
"arn:aws:s3:::connector-platform-release-notes",
"arn:aws:s3:::prod.agentless.discovery.connector.upgrade/*",
"arn:aws:s3:::prod.agentless.discovery.connector.upgrade"
]
},
{
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::import-to-ec2-connector-debug-logs/*"
]
},
{
"Action": [
"SNS:Publish"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:metrics-sns-topic-for-*"
},
{
"Action": [
"Discovery:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "Discovery"
},
{
"Action": [
"arsenal:RegisterOnPremisesAgent"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "arsenal"
},
{
"Action": [
"mgh:GetHomeRegion"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIA3DIL7BYQ35ISM4K",
"PolicyName": "AWSAgentlessDiscoveryService",
"UpdateDate": "2020-02-24T23:08:23+00:00",
"VersionId": "v2"
},
"AWSAppMeshEnvoyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSAppMeshEnvoyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-07-03T21:29:37+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"appmesh:StreamAggregatedResources"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4PMG6ZGSZZ",
"PolicyName": "AWSAppMeshEnvoyAccess",
"UpdateDate": "2019-07-03T21:29:37+00:00",
"VersionId": "v1"
},
"AWSAppMeshFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSAppMeshFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-04-16T17:50:40+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"appmesh:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringLike": {
"iam:AWSServiceName": [
"appmesh.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/appmesh.amazonaws.com/AWSServiceRoleForAppMesh"
},
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStack*",
"cloudformation:UpdateStack"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudformation:*:*:stack/AWSAppMesh-GettingStarted-*"
},
{
"Action": [
"acm:ListCertificates",
"acm:DescribeCertificate",
"acm-pca:DescribeCertificateAuthority",
"acm-pca:ListCertificateAuthorities"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"servicediscovery:ListNamespaces",
"servicediscovery:ListServices",
"servicediscovery:ListInstances"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4ILVZ5BWFU",
"PolicyName": "AWSAppMeshFullAccess",
"UpdateDate": "2021-01-07T19:54:08+00:00",
"VersionId": "v6"
},
"AWSAppMeshPreviewEnvoyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSAppMeshPreviewEnvoyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-08-05T23:32:39+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"appmesh-preview:StreamAggregatedResources"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4NKURE3R2M",
"PolicyName": "AWSAppMeshPreviewEnvoyAccess",
"UpdateDate": "2019-08-05T23:32:39+00:00",
"VersionId": "v1"
},
"AWSAppMeshPreviewServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAppMeshPreviewServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-06-19T19:07:00+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"servicediscovery:DiscoverInstances"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudMapServiceDiscovery"
},
{
"Action": [
"acm:DescribeCertificate"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ACMCertificateVerification"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4FAQWKJYPJ",
"PolicyName": "AWSAppMeshPreviewServiceRolePolicy",
"UpdateDate": "2019-08-21T21:06:29+00:00",
"VersionId": "v3"
},
"AWSAppMeshReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AWSAppMeshReadOnly",
"AttachmentCount": 0,
"CreateDate": "2019-04-16T17:51:11+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"appmesh:Describe*",
"appmesh:List*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudformation:DescribeStack*"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudformation:*:*:stack/AWSAppMesh-GettingStarted-*"
},
{
"Action": [
"acm:ListCertificates",
"acm:DescribeCertificate",
"acm-pca:DescribeCertificateAuthority",
"acm-pca:ListCertificateAuthorities"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"servicediscovery:ListNamespaces",
"servicediscovery:ListServices",
"servicediscovery:ListInstances"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4HOPFCIWXP",
"PolicyName": "AWSAppMeshReadOnly",
"UpdateDate": "2021-01-07T19:53:16+00:00",
"VersionId": "v5"
},
"AWSAppMeshServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAppMeshServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-06-03T18:30:51+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"servicediscovery:DiscoverInstances"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudMapServiceDiscovery"
},
{
"Action": [
"acm:DescribeCertificate"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ACMCertificateVerification"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4B5IHMMEND",
"PolicyName": "AWSAppMeshServiceRolePolicy",
"UpdateDate": "2019-09-10T22:44:43+00:00",
"VersionId": "v2"
},
"AWSAppRunnerServicePolicyForECRAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSAppRunnerServicePolicyForECRAccess",
"AttachmentCount": 0,
"CreateDate": "2021-05-14T19:17:21+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"ecr:DescribeImages",
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4LYM3IT6IY",
"PolicyName": "AWSAppRunnerServicePolicyForECRAccess",
"UpdateDate": "2021-05-14T19:17:21+00:00",
"VersionId": "v1"
},
"AWSAppSyncAdministrator": {
"Arn": "arn:aws:iam::aws:policy/AWSAppSyncAdministrator",
"AttachmentCount": 0,
"CreateDate": "2018-03-20T21:20:28+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"appsync:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"appsync.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "appsync.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/appsync.amazonaws.com/AWSServiceRoleForAppSync*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJBYY36AJPXTTWIXCY",
"PolicyName": "AWSAppSyncAdministrator",
"UpdateDate": "2019-11-04T19:23:49+00:00",
"VersionId": "v2"
},
"AWSAppSyncInvokeFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSAppSyncInvokeFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-03-20T21:21:20+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"appsync:GraphQL",
"appsync:GetGraphqlApi",
"appsync:ListGraphqlApis",
"appsync:ListApiKeys"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAILMPWRRZN27MPE3VM",
"PolicyName": "AWSAppSyncInvokeFullAccess",
"UpdateDate": "2018-03-20T21:21:20+00:00",
"VersionId": "v1"
},
"AWSAppSyncPushToCloudWatchLogs": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs",
"AttachmentCount": 0,
"CreateDate": "2018-04-09T19:38:55+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIWN7WNO34HLMJPUQS",
"PolicyName": "AWSAppSyncPushToCloudWatchLogs",
"UpdateDate": "2018-04-09T19:38:55+00:00",
"VersionId": "v1"
},
"AWSAppSyncSchemaAuthor": {
"Arn": "arn:aws:iam::aws:policy/AWSAppSyncSchemaAuthor",
"AttachmentCount": 0,
"CreateDate": "2018-03-20T21:21:06+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"appsync:GraphQL",
"appsync:CreateResolver",
"appsync:CreateType",
"appsync:DeleteResolver",
"appsync:DeleteType",
"appsync:GetResolver",
"appsync:GetType",
"appsync:GetDataSource",
"appsync:GetSchemaCreationStatus",
"appsync:GetIntrospectionSchema",
"appsync:GetGraphqlApi",
"appsync:ListTypes",
"appsync:ListApiKeys",
"appsync:ListResolvers",
"appsync:ListDataSources",
"appsync:ListGraphqlApis",
"appsync:StartSchemaCreation",
"appsync:UpdateResolver",
"appsync:UpdateType"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIUCF5WVTOFQXFKY5E",
"PolicyName": "AWSAppSyncSchemaAuthor",
"UpdateDate": "2018-03-20T21:21:06+00:00",
"VersionId": "v1"
},
"AWSAppSyncServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAppSyncServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-01-21T19:56:53+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"xray:PutTraceSegments",
"xray:PutTelemetryRecords",
"xray:GetSamplingTargets",
"xray:GetSamplingRules",
"xray:GetSamplingStatisticSummaries"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4IKBIQXBOO",
"PolicyName": "AWSAppSyncServiceRolePolicy",
"UpdateDate": "2020-01-21T19:56:53+00:00",
"VersionId": "v1"
},
"AWSApplicationAutoScalingCustomResourcePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoScalingCustomResourcePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-06-04T23:22:44+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"execute-api:Invoke",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJYTKXPX6DO32Z4XXA",
"PolicyName": "AWSApplicationAutoScalingCustomResourcePolicy",
"UpdateDate": "2018-06-04T23:22:44+00:00",
"VersionId": "v1"
},
"AWSApplicationAutoscalingAppStreamFleetPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingAppStreamFleetPolicy",
"AttachmentCount": 0,
"CreateDate": "2017-10-20T19:04:06+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"appstream:UpdateFleet",
"appstream:DescribeFleets",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIRI724OWKP56ZG62M",
"PolicyName": "AWSApplicationAutoscalingAppStreamFleetPolicy",
"UpdateDate": "2017-10-20T19:04:06+00:00",
"VersionId": "v1"
},
"AWSApplicationAutoscalingCassandraTablePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingCassandraTablePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-03-18T22:49:23+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "cassandra:Select",
"Effect": "Allow",
"Resource": [
"arn:*:cassandra:*:*:/keyspace/system/table/*",
"arn:*:cassandra:*:*:/keyspace/system_schema/table/*",
"arn:*:cassandra:*:*:/keyspace/system_schema_mcs/table/*"
]
},
{
"Action": [
"cassandra:Alter",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4BOOOZAOTV",
"PolicyName": "AWSApplicationAutoscalingCassandraTablePolicy",
"UpdateDate": "2020-03-18T22:49:23+00:00",
"VersionId": "v1"
},
"AWSApplicationAutoscalingComprehendEndpointPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingComprehendEndpointPolicy",
"AttachmentCount": 0,
"CreateDate": "2019-11-14T18:39:07+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"comprehend:UpdateEndpoint",
"comprehend:DescribeEndpoint",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4HD4ODS6K6",
"PolicyName": "AWSApplicationAutoscalingComprehendEndpointPolicy",
"UpdateDate": "2019-11-14T18:39:07+00:00",
"VersionId": "v1"
},
"AWSApplicationAutoscalingDynamoDBTablePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingDynamoDBTablePolicy",
"AttachmentCount": 1,
"CreateDate": "2017-10-20T21:34:57+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"dynamodb:DescribeTable",
"dynamodb:UpdateTable",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJOVQMDI3JFCBW4LFO",
"PolicyName": "AWSApplicationAutoscalingDynamoDBTablePolicy",
"UpdateDate": "2017-10-20T21:34:57+00:00",
"VersionId": "v1"
},
"AWSApplicationAutoscalingEC2SpotFleetRequestPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingEC2SpotFleetRequestPolicy",
"AttachmentCount": 0,
"CreateDate": "2017-10-25T18:23:27+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeSpotFleetRequests",
"ec2:ModifySpotFleetRequest",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJNRH3VE3WW4Q4RDTU",
"PolicyName": "AWSApplicationAutoscalingEC2SpotFleetRequestPolicy",
"UpdateDate": "2017-10-25T18:23:27+00:00",
"VersionId": "v1"
},
"AWSApplicationAutoscalingECSServicePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingECSServicePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-10-25T23:53:08+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ecs:DescribeServices",
"ecs:UpdateService",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJFXLLV7AKH5PSFOYG",
"PolicyName": "AWSApplicationAutoscalingECSServicePolicy",
"UpdateDate": "2017-10-25T23:53:08+00:00",
"VersionId": "v1"
},
"AWSApplicationAutoscalingEMRInstanceGroupPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingEMRInstanceGroupPolicy",
"AttachmentCount": 0,
"CreateDate": "2017-10-26T00:57:39+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"elasticmapreduce:ListInstanceGroups",
"elasticmapreduce:ModifyInstanceGroups",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIQ6M5Z7LQY2YSG2JS",
"PolicyName": "AWSApplicationAutoscalingEMRInstanceGroupPolicy",
"UpdateDate": "2017-10-26T00:57:39+00:00",
"VersionId": "v1"
},
"AWSApplicationAutoscalingKafkaClusterPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingKafkaClusterPolicy",
"AttachmentCount": 0,
"CreateDate": "2020-08-24T18:36:01+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"kafka:DescribeCluster",
"kafka:DescribeClusterOperation",
"kafka:UpdateBrokerStorage",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4FTCIZBJA2",
"PolicyName": "AWSApplicationAutoscalingKafkaClusterPolicy",
"UpdateDate": "2020-08-24T18:36:01+00:00",
"VersionId": "v1"
},
"AWSApplicationAutoscalingLambdaConcurrencyPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingLambdaConcurrencyPolicy",
"AttachmentCount": 0,
"CreateDate": "2019-10-21T20:04:17+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"lambda:PutProvisionedConcurrencyConfig",
"lambda:GetProvisionedConcurrencyConfig",
"lambda:DeleteProvisionedConcurrencyConfig",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4KIR2KPJCU",
"PolicyName": "AWSApplicationAutoscalingLambdaConcurrencyPolicy",
"UpdateDate": "2019-10-21T20:04:17+00:00",
"VersionId": "v1"
},
"AWSApplicationAutoscalingRDSClusterPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingRDSClusterPolicy",
"AttachmentCount": 0,
"CreateDate": "2017-10-17T17:46:56+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"rds:AddTagsToResource",
"rds:CreateDBInstance",
"rds:DeleteDBInstance",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:ModifyDBCluster",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": "rds.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ7XS52I27Q2JVKALU",
"PolicyName": "AWSApplicationAutoscalingRDSClusterPolicy",
"UpdateDate": "2018-08-07T19:14:24+00:00",
"VersionId": "v3"
},
"AWSApplicationAutoscalingSageMakerEndpointPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingSageMakerEndpointPolicy",
"AttachmentCount": 0,
"CreateDate": "2018-02-06T19:58:21+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"sagemaker:DescribeEndpoint",
"sagemaker:DescribeEndpointConfig",
"sagemaker:UpdateEndpointWeightsAndCapacities",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI5DBEBNRZQ4SXYTAW",
"PolicyName": "AWSApplicationAutoscalingSageMakerEndpointPolicy",
"UpdateDate": "2018-02-06T19:58:21+00:00",
"VersionId": "v1"
},
"AWSApplicationDiscoveryAgentAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSApplicationDiscoveryAgentAccess",
"AttachmentCount": 0,
"CreateDate": "2016-05-11T21:38:47+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"arsenal:RegisterOnPremisesAgent"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"mgh:GetHomeRegion"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAICZIOVAGC6JPF3WHC",
"PolicyName": "AWSApplicationDiscoveryAgentAccess",
"UpdateDate": "2020-02-24T22:26:45+00:00",
"VersionId": "v2"
},
"AWSApplicationDiscoveryServiceFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSApplicationDiscoveryServiceFullAccess",
"AttachmentCount": 0,
"CreateDate": "2016-05-11T21:30:50+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"mgh:*",
"discovery:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:GetRole"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "continuousexport.discovery.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*"
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"migrationhub.amazonaws.com",
"dmsintegration.migrationhub.amazonaws.com",
"smsintegration.migrationhub.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJBNJEA6ZXM2SBOPDU",
"PolicyName": "AWSApplicationDiscoveryServiceFullAccess",
"UpdateDate": "2019-06-19T21:21:26+00:00",
"VersionId": "v4"
},
"AWSApplicationMigrationAgentPolicy": {
"Arn": "arn:aws:iam::aws:policy/AWSApplicationMigrationAgentPolicy",
"AttachmentCount": 0,
"CreateDate": "2021-04-07T07:00:21+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"mgn:SendAgentMetricsForMgn",
"mgn:SendAgentLogsForMgn",
"mgn:SendClientLogsForMgn"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"mgn:RegisterAgentForMgn",
"mgn:UpdateAgentSourcePropertiesForMgn",
"mgn:UpdateAgentReplicationInfoForMgn",
"mgn:UpdateAgentConversionInfoForMgn",
"mgn:GetAgentInstallationAssetsForMgn",
"mgn:GetAgentCommandForMgn",
"mgn:GetAgentConfirmedResumeInfoForMgn",
"mgn:GetAgentRuntimeConfigurationForMgn",
"mgn:UpdateAgentBacklogForMgn",
"mgn:GetAgentReplicationInfoForMgn"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "mgn:TagResource",
"Effect": "Allow",
"Resource": "arn:aws:mgn:*:*:source-server/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4D2GD5QYXR",
"PolicyName": "AWSApplicationMigrationAgentPolicy",
"UpdateDate": "2021-04-07T07:00:21+00:00",
"VersionId": "v1"
},
"AWSApplicationMigrationConversionServerPolicy": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSApplicationMigrationConversionServerPolicy",
"AttachmentCount": 0,
"CreateDate": "2021-04-07T06:48:58+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"mgn:SendClientMetricsForMgn",
"mgn:SendClientLogsForMgn",
"mgn:GetChannelCommandsForMgn",
"mgn:SendChannelCommandResultForMgn"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4OPUSQRTYL",
"PolicyName": "AWSApplicationMigrationConversionServerPolicy",
"UpdateDate": "2021-04-07T06:48:58+00:00",
"VersionId": "v1"
},
"AWSApplicationMigrationEC2Access": {
"Arn": "arn:aws:iam::aws:policy/AWSApplicationMigrationEC2Access",
"AttachmentCount": 0,
"CreateDate": "2021-04-07T07:05:22+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "ec2.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/service-role/AWSApplicationMigrationConversionServerRole"
]
},
{
"Action": [
"ec2:DeleteSnapshot"
],
"Condition": {
"Null": {
"aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:snapshot/*"
},
{
"Action": [
"ec2:CreateLaunchTemplateVersion",
"ec2:ModifyLaunchTemplate",
"ec2:DeleteLaunchTemplateVersions"
],
"Condition": {
"Null": {
"aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:launch-template/*"
},
{
"Action": [
"ec2:DeleteVolume"
],
"Condition": {
"Null": {
"aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:volume/*"
},
{
"Action": [
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances",
"ec2:ModifyInstanceAttribute",
"ec2:GetConsoleOutput",
"ec2:GetConsoleScreenshot"
],
"Condition": {
"Null": {
"aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": [
"ec2:RevokeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:AuthorizeSecurityGroupEgress"
],
"Condition": {
"Null": {
"aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:security-group/*"
},
{
"Action": [
"ec2:CreateVolume"
],
"Condition": {
"Null": {
"aws:RequestTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:volume/*"
},
{
"Action": "ec2:CreateSecurityGroup",
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:vpc/*"
},
{
"Action": [
"ec2:CreateSecurityGroup"
],
"Condition": {
"Null": {
"aws:RequestTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:security-group/*"
},
{
"Action": [
"ec2:CreateSnapshot"
],
"Condition": {
"Null": {
"ec2:ResourceTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:volume/*"
},
{
"Action": [
"ec2:CreateSnapshot"
],
"Condition": {
"Null": {
"aws:RequestTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:snapshot/*"
},
{
"Action": [
"ec2:DetachVolume",
"ec2:AttachVolume"
],
"Condition": {
"Null": {
"ec2:ResourceTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": [
"ec2:AttachVolume"
],
"Condition": {
"Null": {
"ec2:ResourceTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:volume/*"
},
{
"Action": [
"ec2:DetachVolume"
],
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:volume/*"
},
{
"Action": [
"ec2:RunInstances"
],
"Condition": {
"Null": {
"aws:RequestTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": [
"ec2:RunInstances"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:image/*",
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:launch-template/*"
]
},
{
"Action": "ec2:CreateTags",
"Condition": {
"StringEquals": {
"ec2:CreateAction": [
"CreateSecurityGroup",
"CreateVolume",
"CreateSnapshot",
"RunInstances"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:snapshot/*",
"arn:aws:ec2:*:*:instance/*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4OBKWG2D2O",
"PolicyName": "AWSApplicationMigrationEC2Access",
"UpdateDate": "2021-04-07T07:05:22+00:00",
"VersionId": "v1"
},
"AWSApplicationMigrationFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSApplicationMigrationFullAccess",
"AttachmentCount": 0,
"CreateDate": "2021-04-07T06:56:05+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"mgn:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:ListAliases",
"kms:DescribeKey"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeInstanceTypes",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstanceTypeOfferings",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes",
"ec2:GetEbsEncryptionByDefault",
"ec2:GetEbsDefaultKmsKeyId"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4HPQNMM2HL",
"PolicyName": "AWSApplicationMigrationFullAccess",
"UpdateDate": "2021-04-07T06:56:05+00:00",
"VersionId": "v1"
},
"AWSApplicationMigrationMGHAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSApplicationMigrationMGHAccess",
"AttachmentCount": 0,
"CreateDate": "2021-04-07T07:10:01+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"mgh:AssociateCreatedArtifact",
"mgh:CreateProgressUpdateStream",
"mgh:DisassociateCreatedArtifact",
"mgh:GetHomeRegion",
"mgh:ImportMigrationTask",
"mgh:NotifyMigrationTaskState",
"mgh:PutResourceAttributes"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4KOE4CJMGD",
"PolicyName": "AWSApplicationMigrationMGHAccess",
"UpdateDate": "2021-04-07T07:10:01+00:00",
"VersionId": "v1"
},
"AWSApplicationMigrationReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSApplicationMigrationReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2021-04-07T07:15:26+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"mgn:DescribeJobLogItems",
"mgn:DescribeJobs",
"mgn:DescribeSourceServers",
"mgn:DescribeReplicationConfigurationTemplates",
"mgn:GetLaunchConfiguration",
"mgn:GetReplicationConfiguration"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4M2IUSVNLL",
"PolicyName": "AWSApplicationMigrationReadOnlyAccess",
"UpdateDate": "2021-04-07T07:15:26+00:00",
"VersionId": "v1"
},
"AWSApplicationMigrationReplicationServerPolicy": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSApplicationMigrationReplicationServerPolicy",
"AttachmentCount": 0,
"CreateDate": "2021-04-07T07:21:57+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"mgn:SendClientMetricsForMgn",
"mgn:SendClientLogsForMgn",
"mgn:GetChannelCommandsForMgn",
"mgn:SendChannelCommandResultForMgn",
"mgn:GetAgentSnapshotCreditsForMgn",
"mgn:DescribeReplicationServerAssociationsForMgn",
"mgn:DescribeSnapshotRequestsForMgn",
"mgn:BatchDeleteSnapshotRequestForMgn",
"mgn:NotifyAgentAuthenticationForMgn",
"mgn:BatchCreateVolumeSnapshotGroupForMgn",
"mgn:UpdateAgentReplicationProcessStateForMgn",
"mgn:NotifyAgentReplicationProgressForMgn",
"mgn:NotifyAgentConnectedForMgn",
"mgn:NotifyAgentDisconnectedForMgn"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeSnapshots"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateSnapshot"
],
"Condition": {
"Null": {
"aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:volume/*"
},
{
"Action": [
"ec2:CreateSnapshot"
],
"Condition": {
"Null": {
"aws:RequestTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:snapshot/*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
"StringEquals": {
"ec2:CreateAction": "CreateSnapshot"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4PXFWAA3SE",
"PolicyName": "AWSApplicationMigrationReplicationServerPolicy",
"UpdateDate": "2021-04-07T07:21:57+00:00",
"VersionId": "v1"
},
"AWSApplicationMigrationServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationMigrationServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2021-04-07T06:43:20+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "mgn:ListTagsForResource",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "kms:ListRetirableGrants",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"mgh:AssociateCreatedArtifact",
"mgh:CreateProgressUpdateStream",
"mgh:DisassociateCreatedArtifact",
"mgh:GetHomeRegion",
"mgh:ImportMigrationTask",
"mgh:NotifyMigrationTaskState",
"mgh:PutResourceAttributes"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeInstanceTypes",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstanceStatus",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes",
"ec2:GetEbsDefaultKmsKeyId",
"ec2:GetEbsEncryptionByDefault"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:RegisterImage",
"ec2:DeregisterImage"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DeleteSnapshot"
],
"Condition": {
"Null": {
"aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:snapshot/*"
},
{
"Action": [
"ec2:CreateLaunchTemplateVersion",
"ec2:ModifyLaunchTemplate",
"ec2:DeleteLaunchTemplate",
"ec2:DeleteLaunchTemplateVersions"
],
"Condition": {
"Null": {
"aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:launch-template/*"
},
{
"Action": [
"ec2:DeleteVolume"
],
"Condition": {
"Null": {
"aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:volume/*"
},
{
"Action": [
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances",
"ec2:ModifyInstanceAttribute",
"ec2:GetConsoleOutput",
"ec2:GetConsoleScreenshot"
],
"Condition": {
"Null": {
"aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": [
"ec2:RevokeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:AuthorizeSecurityGroupEgress"
],
"Condition": {
"Null": {
"aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:security-group/*"
},
{
"Action": [
"ec2:CreateVolume"
],
"Condition": {
"Null": {
"aws:RequestTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:volume/*"
},
{
"Action": [
"ec2:CreateSecurityGroup"
],
"Condition": {
"Null": {
"aws:RequestTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:security-group/*"
},
{
"Action": [
"ec2:CreateSecurityGroup"
],
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:vpc/*"
},
{
"Action": [
"ec2:CreateLaunchTemplate"
],
"Condition": {
"Null": {
"aws:RequestTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:launch-template/*"
},
{
"Action": [
"ec2:CreateSnapshot"
],
"Condition": {
"Null": {
"ec2:ResourceTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:volume/*"
},
{
"Action": [
"ec2:CreateSnapshot"
],
"Condition": {
"Null": {
"aws:RequestTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:snapshot/*"
},
{
"Action": [
"ec2:DetachVolume",
"ec2:AttachVolume"
],
"Condition": {
"Null": {
"ec2:ResourceTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": [
"ec2:AttachVolume"
],
"Condition": {
"Null": {
"ec2:ResourceTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:volume/*"
},
{
"Action": [
"ec2:DetachVolume"
],
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:volume/*"
},
{
"Action": [
"ec2:RunInstances"
],
"Condition": {
"Null": {
"aws:RequestTag/AWSApplicationMigrationServiceManaged": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": [
"ec2:RunInstances"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:image/*",
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:launch-template/*"
]
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "ec2.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/service-role/AWSApplicationMigrationReplicationServerRole",
"arn:aws:iam::*:role/service-role/AWSApplicationMigrationConversionServerRole"
]
},
{
"Action": "ec2:CreateTags",
"Condition": {
"StringEquals": {
"ec2:CreateAction": [
"CreateLaunchTemplate",
"CreateSecurityGroup",
"CreateVolume",
"CreateSnapshot",
"RunInstances"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:launch-template/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:snapshot/*",
"arn:aws:ec2:*:*:instance/*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4LGJRHTEPG",
"PolicyName": "AWSApplicationMigrationServiceRolePolicy",
"UpdateDate": "2021-04-07T06:43:20+00:00",
"VersionId": "v1"
},
"AWSArtifactAccountSync": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSArtifactAccountSync",
"AttachmentCount": 0,
"CreateDate": "2018-04-10T23:04:33+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"organizations:ListAccounts",
"organizations:DescribeOrganization"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJMVPXRWZJZWDTYDNC",
"PolicyName": "AWSArtifactAccountSync",
"UpdateDate": "2018-04-10T23:04:33+00:00",
"VersionId": "v1"
},
"AWSAuditManagerAdministratorAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSAuditManagerAdministratorAccess",
"AttachmentCount": 0,
"CreateDate": "2020-12-11T20:02:42+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"auditmanager:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AuditManagerAccess"
},
{
"Action": [
"organizations:ListAccountsForParent",
"organizations:ListAccounts",
"organizations:DescribeOrganization",
"organizations:DescribeOrganizationalUnit",
"organizations:DescribeAccount",
"organizations:ListParents",
"organizations:ListChildren"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "OrganizationsAccess"
},
{
"Action": [
"organizations:RegisterDelegatedAdministrator",
"organizations:DeregisterDelegatedAdministrator",
"organizations:EnableAWSServiceAccess"
],
"Condition": {
"StringLikeIfExists": {
"organizations:ServicePrincipal": [
"auditmanager.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowOnlyAuditManagerIntegration"
},
{
"Action": [
"iam:GetUser",
"iam:ListUsers",
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "IAMAccess"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "auditmanager.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/auditmanager.amazonaws.com/AWSServiceRoleForAuditManager*",
"Sid": "IAMAccessCreateSLR"
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:UpdateRoleDescription",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/auditmanager.amazonaws.com/AWSServiceRoleForAuditManager*",
"Sid": "IAMAccessManageSLR"
},
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "S3Access"
},
{
"Action": [
"kms:DescribeKey",
"kms:ListKeys",
"kms:ListAliases"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "KmsAccess"
},
{
"Action": [
"kms:CreateGrant"
],
"Condition": {
"Bool": {
"kms:GrantIsForAWSResource": "true"
},
"StringLike": {
"kms:ViaService": "auditmanager.*.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "KmsCreateGrantAccess"
},
{
"Action": [
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "SNSAccess"
},
{
"Action": [
"events:PutRule"
],
"Condition": {
"StringEquals": {
"events:detail-type": "Security Hub Findings - Imported",
"events:source": "aws.securityhub"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CreateEventsAccess"
},
{
"Action": [
"events:DeleteRule",
"events:DescribeRule",
"events:EnableRule",
"events:DisableRule",
"events:ListTargetsByRule",
"events:PutTargets",
"events:RemoveTargets"
],
"Effect": "Allow",
"Resource": "arn:aws:events:*:*:rule/AuditManagerSecurityHubFindingsReceiver",
"Sid": "EventsAccess"
},
{
"Action": [
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "TagAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4EBAFCQQJX",
"PolicyName": "AWSAuditManagerAdministratorAccess",
"UpdateDate": "2020-12-11T20:02:42+00:00",
"VersionId": "v1"
},
"AWSAuditManagerServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAuditManagerServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-12-08T15:12:12+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"license-manager:ListLicenseConfigurations",
"license-manager:ListAssociationsForLicenseConfiguration",
"license-manager:ListUsageForLicenseConfiguration"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "LicenseManagerAccess"
},
{
"Action": [
"iam:GenerateCredentialReport",
"iam:GetAccountSummary",
"iam:ListPolicies",
"iam:GetAccountPasswordPolicy",
"iam:ListUsers",
"iam:ListUserPolicies",
"iam:ListRoles",
"iam:ListRolePolicies",
"iam:ListGroups",
"iam:ListGroupPolicies",
"iam:ListEntitiesForPolicy"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "IAMAccess"
},
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeFlowLogs",
"ec2:DescribeVpcs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeNetworkAcls",
"ec2:DescribeRouteTables",
"ec2:DescribeSnapshots",
"ec2:DescribeVpcEndpoints"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "EC2Access"
},
{
"Action": [
"cloudtrail:DescribeTrails"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudtrailAccess"
},
{
"Action": [
"config:DescribeDeliveryChannels",
"config:ListDiscoveredResources",
"config:DescribeConfigRules"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ConfigAccess"
},
{
"Action": [
"securityhub:DescribeStandards"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "SecurityHubAccess"
},
{
"Action": [
"kms:ListKeys",
"kms:DescribeKey",
"kms:ListGrants"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "KMSAccess"
},
{
"Action": [
"cloudwatch:DescribeAlarms"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudwatchAccess"
},
{
"Action": [
"s3:GetLifecycleConfiguration"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "S3Access"
},
{
"Action": [
"events:DescribeRule"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "EventBridgeAccess"
},
{
"Action": [
"waf:ListActivatedRulesInRuleGroup"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "WAFAccess"
},
{
"Action": [
"guardduty:ListDetectors"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "GuardDutyAccess"
},
{
"Action": [
"route53:GetQueryLoggingConfig"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "Route53Access"
},
{
"Action": [
"organizations:DescribePolicy"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "OrganizationsAccess"
},
{
"Action": [
"cognito-idp:DescribeUserPool"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CognitoAccess"
},
{
"Action": [
"elasticfilesystem:DescribeFileSystems"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "EFSAccess"
},
{
"Action": [
"events:PutRule"
],
"Condition": {
"StringEquals": {
"events:detail-type": "Security Hub Findings - Imported",
"events:source": "aws.securityhub"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CreateEventsAccess"
},
{
"Action": [
"events:DeleteRule",
"events:DescribeRule",
"events:EnableRule",
"events:DisableRule",
"events:ListTargetsByRule",
"events:PutTargets",
"events:RemoveTargets"
],
"Effect": "Allow",
"Resource": "arn:aws:events:*:*:rule/AuditManagerSecurityHubFindingsReceiver",
"Sid": "EventsAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4C5N52UWST",
"PolicyName": "AWSAuditManagerServiceRolePolicy",
"UpdateDate": "2020-12-08T15:12:12+00:00",
"VersionId": "v1"
},
"AWSAutoScalingPlansEC2AutoScalingPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAutoScalingPlansEC2AutoScalingPolicy",
"AttachmentCount": 0,
"CreateDate": "2018-08-23T22:46:59+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:GetMetricData",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeScheduledActions",
"autoscaling:BatchPutScheduledUpdateGroupAction",
"autoscaling:BatchDeleteScheduledAction"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIXWLPZPD4RYBM3JSU",
"PolicyName": "AWSAutoScalingPlansEC2AutoScalingPolicy",
"UpdateDate": "2018-08-23T22:46:59+00:00",
"VersionId": "v1"
},
"AWSBackupFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSBackupFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-11-18T22:21:52+00:00",
"DefaultVersionId": "v7",
"Document": {
"Statement": [
{
"Action": "backup:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "backup-storage:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"rds:DescribeDBSnapshots",
"rds:ListTagsForResource",
"rds:DescribeDBInstances",
"rds:describeDBEngineVersions",
"rds:describeOptionGroups",
"rds:describeOrderableDBInstanceOptions",
"rds:describeDBSubnetGroups",
"rds:describeDBClusterSnapshots",
"rds:describeDBClusters",
"rds:describeDBParameterGroups",
"rds:DescribeDBClusterParameterGroups",
"rds:DescribeDBInstanceAutomatedBackups"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"rds:DeleteDBSnapshot",
"rds:DeleteDBClusterSnapshot"
],
"Condition": {
"ForAnyValue:StringEquals": {
"aws:CalledVia": [
"backup.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"dynamodb:ListBackups",
"dynamodb:ListTables"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"dynamodb:DeleteBackup"
],
"Condition": {
"ForAnyValue:StringEquals": {
"aws:CalledVia": [
"backup.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"elasticfilesystem:DescribeFilesystems"
],
"Effect": "Allow",
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
},
{
"Action": [
"ec2:DescribeSnapshots",
"ec2:DescribeVolumes",
"ec2:describeAvailabilityZones",
"ec2:DescribeVpcs",
"ec2:DescribeAccountAttributes",
"ec2:DescribeSecurityGroups",
"ec2:DescribeImages",
"ec2:DescribeSubnets",
"ec2:DescribePlacementGroups",
"ec2:DescribeInstances",
"ec2:DescribeInstanceTypes"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DeleteSnapshot",
"ec2:DeregisterImage"
],
"Condition": {
"ForAnyValue:StringEquals": {
"aws:CalledVia": [
"backup.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"tag:GetTagKeys",
"tag:GetTagValues",
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"storagegateway:DescribeCachediSCSIVolumes",
"storagegateway:DescribeStorediSCSIVolumes"
],
"Effect": "Allow",
"Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*"
},
{
"Action": [
"storagegateway:ListGateways"
],
"Effect": "Allow",
"Resource": "arn:aws:storagegateway:*:*:*"
},
{
"Action": [
"storagegateway:DescribeGatewayInformation",
"storagegateway:ListVolumes",
"storagegateway:ListLocalDisks"
],
"Effect": "Allow",
"Resource": "arn:aws:storagegateway:*:*:gateway/*"
},
{
"Action": [
"iam:ListRoles",
"iam:GetRole"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": "backup.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/*AwsBackup*",
"arn:aws:iam::*:role/*AWSBackup*"
]
},
{
"Action": "organizations:DescribeOrganization",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:ListKeys",
"kms:DescribeKey",
"kms:GenerateDataKey",
"kms:ListAliases"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:CreateGrant"
],
"Condition": {
"Bool": {
"kms:GrantIsForAWSResource": true
},
"ForAnyValue:StringEquals": {
"kms:EncryptionContextKeys": "aws:backup:backup-vault"
},
"StringLike": {
"kms:ViaService": "backup.*.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ssm:CancelCommand",
"ssm:GetCommandInvocation"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ssm:SendCommand",
"Effect": "Allow",
"Resource": [
"arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot",
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": "fsx:DescribeFileSystems",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "fsx:DescribeBackups",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "fsx:DeleteBackup",
"Condition": {
"ForAnyValue:StringEquals": {
"aws:CalledVia": [
"backup.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:fsx:*:*:backup/*"
},
{
"Action": "ds:DescribeDirectories",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4LL52EIPJX",
"PolicyName": "AWSBackupFullAccess",
"UpdateDate": "2021-03-10T18:32:22+00:00",
"VersionId": "v7"
},
"AWSBackupOperatorAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSBackupOperatorAccess",
"AttachmentCount": 0,
"CreateDate": "2019-11-18T22:23:17+00:00",
"DefaultVersionId": "v7",
"Document": {
"Statement": [
{
"Action": [
"backup:Get*",
"backup:List*",
"backup:Describe*",
"backup:CreateBackupSelection",
"backup:DeleteBackupSelection",
"backup:GetRecoveryPointRestoreMetadata",
"backup:StartBackupJob",
"backup:StartRestoreJob",
"backup:StartCopyJob"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"rds:DescribeDBSnapshots",
"rds:ListTagsForResource",
"rds:DescribeDBInstances",
"rds:describeDBSnapshots",
"rds:describeDBEngineVersions",
"rds:describeOptionGroups",
"rds:describeOrderableDBInstanceOptions",
"rds:describeDBSubnetGroups",
"rds:DescribeDBClusterSnapshots",
"rds:DescribeDBClusters",
"rds:DescribeDBParameterGroups",
"rds:DescribeDBClusterParameterGroups",
"rds:DescribeDBInstanceAutomatedBackups"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"dynamodb:ListBackups",
"dynamodb:ListTables"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"elasticfilesystem:DescribeFilesystems"
],
"Effect": "Allow",
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
},
{
"Action": [
"ec2:DescribeSnapshots",
"ec2:DescribeVolumes",
"ec2:describeAvailabilityZones",
"ec2:DescribeVpcs",
"ec2:DescribeAccountAttributes",
"ec2:DescribeSecurityGroups",
"ec2:DescribeImages",
"ec2:DescribeSubnets",
"ec2:DescribePlacementGroups",
"ec2:DescribeInstances",
"ec2:DescribeInstanceTypes"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"tag:GetTagKeys",
"tag:GetTagValues",
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"storagegateway:DescribeCachediSCSIVolumes",
"storagegateway:DescribeStorediSCSIVolumes"
],
"Effect": "Allow",
"Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*"
},
{
"Action": [
"storagegateway:ListGateways"
],
"Effect": "Allow",
"Resource": "arn:aws:storagegateway:*:*:*"
},
{
"Action": [
"storagegateway:DescribeGatewayInformation",
"storagegateway:ListVolumes",
"storagegateway:ListLocalDisks"
],
"Effect": "Allow",
"Resource": "arn:aws:storagegateway:*:*:gateway/*"
},
{
"Action": [
"iam:ListRoles",
"iam:GetRole"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": "backup.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/*AwsBackup*",
"arn:aws:iam::*:role/*AWSBackup*"
]
},
{
"Action": "organizations:DescribeOrganization",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ssm:CancelCommand",
"ssm:GetCommandInvocation"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ssm:SendCommand",
"Effect": "Allow",
"Resource": [
"arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot",
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": "fsx:DescribeBackups",
"Effect": "Allow",
"Resource": "arn:aws:fsx:*:*:backup/*"
},
{
"Action": "fsx:DescribeFileSystems",
"Effect": "Allow",
"Resource": "arn:aws:fsx:*:*:file-system/*"
},
{
"Action": "ds:DescribeDirectories",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4KHXVYMY4O",
"PolicyName": "AWSBackupOperatorAccess",
"UpdateDate": "2021-03-10T18:31:50+00:00",
"VersionId": "v7"
},
"AWSBackupOrganizationAdminAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSBackupOrganizationAdminAccess",
"AttachmentCount": 0,
"CreateDate": "2020-06-24T16:23:14+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"organizations:DisableAWSServiceAccess",
"organizations:EnableAWSServiceAccess"
],
"Condition": {
"StringEquals": {
"organizations:ServicePrincipal": [
"backup.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"organizations:AttachPolicy",
"organizations:ListPoliciesForTarget",
"organizations:ListTargetsForPolicy",
"organizations:DetachPolicy",
"organizations:DisablePolicyType",
"organizations:DescribePolicy",
"organizations:DescribeEffectivePolicy",
"organizations:ListPolicies",
"organizations:EnablePolicyType",
"organizations:CreatePolicy",
"organizations:UpdatePolicy",
"organizations:DeletePolicy"
],
"Condition": {
"StringLikeIfExists": {
"organizations:PolicyType": [
"BACKUP_POLICY"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"organizations:ListRoots",
"organizations:ListParents",
"organizations:ListAWSServiceAccessForOrganization",
"organizations:ListAccountsForParent",
"organizations:ListAccounts",
"organizations:DescribeOrganization",
"organizations:ListOrganizationalUnitsForParent",
"organizations:ListChildren",
"organizations:DescribeAccount",
"organizations:DescribeOrganizationalUnit"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4E5BC3XLFS",
"PolicyName": "AWSBackupOrganizationAdminAccess",
"UpdateDate": "2020-11-24T22:09:43+00:00",
"VersionId": "v2"
},
"AWSBackupServiceLinkedRolePolicyForBackup": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackup",
"AttachmentCount": 0,
"CreateDate": "2020-06-02T23:08:40+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"elasticfilesystem:Backup",
"elasticfilesystem:DescribeTags"
],
"Condition": {
"StringLike": {
"aws:ResourceTag/aws:elasticfilesystem:default-backup": "enabled"
}
},
"Effect": "Allow",
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
},
{
"Action": [
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
"StringEquals": {
"ec2:CreateAction": "CopySnapshot"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*::snapshot/*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"AWSBackupManagedResource"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*::image/*",
"arn:aws:ec2:*::snapshot/*"
]
},
{
"Action": "ec2:CreateTags",
"Condition": {
"Null": {
"ec2:ResourceTag/AWSBackupManagedResource": "false"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*::image/*",
"arn:aws:ec2:*::snapshot/*"
]
},
{
"Action": [
"ec2:DescribeSnapshots",
"ec2:DescribeImages",
"rds:DescribeDBSnapshots",
"rds:DescribeDBClusterSnapshots"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CopySnapshot",
"Effect": "Allow",
"Resource": "arn:aws:ec2:*::snapshot/*"
},
{
"Action": "ec2:CopyImage",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DeregisterImage",
"ec2:DeleteSnapshot"
],
"Condition": {
"Null": {
"ec2:ResourceTag/AWSBackupManagedResource": "false"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"rds:AddTagsToResource",
"rds:CopyDBSnapshot",
"rds:DeleteDBSnapshot"
],
"Effect": "Allow",
"Resource": "arn:aws:rds:*:*:snapshot:awsbackup:*"
},
{
"Action": [
"rds:AddTagsToResource",
"rds:CopyDBClusterSnapshot",
"rds:DeleteDBClusterSnapshot"
],
"Effect": "Allow",
"Resource": "arn:aws:rds:*:*:cluster-snapshot:awsbackup:*"
},
{
"Action": "kms:DescribeKey",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:ListGrants",
"kms:ReEncryptFrom",
"kms:GenerateDataKeyWithoutPlaintext"
],
"Condition": {
"StringLike": {
"kms:ViaService": [
"ec2.*.amazonaws.com",
"rds.*.amazonaws.com",
"fsx.*.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "kms:CreateGrant",
"Condition": {
"Bool": {
"kms:GrantIsForAWSResource": "true"
},
"StringLike": {
"kms:ViaService": [
"ec2.*.amazonaws.com",
"rds.*.amazonaws.com",
"fsx.*.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"fsx:CopyBackup",
"fsx:TagResource",
"fsx:DescribeBackups",
"fsx:DeleteBackup"
],
"Effect": "Allow",
"Resource": "arn:aws:fsx:*:*:backup/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4ONJBD4ZY2",
"PolicyName": "AWSBackupServiceLinkedRolePolicyForBackup",
"UpdateDate": "2021-04-12T18:11:02+00:00",
"VersionId": "v3"
},
"AWSBackupServiceLinkedRolePolicyForBackupTest": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackupTest",
"AttachmentCount": 0,
"CreateDate": "2020-05-12T17:37:29+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"elasticfilesystem:Backup",
"elasticfilesystem:DescribeTags"
],
"Condition": {
"StringLike": {
"aws:ResourceTag/aws:elasticfilesystem:default-backup": "enabled"
}
},
"Effect": "Allow",
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
},
{
"Action": [
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4KMHRZD5LV",
"PolicyName": "AWSBackupServiceLinkedRolePolicyForBackupTest",
"UpdateDate": "2020-05-12T17:37:29+00:00",
"VersionId": "v1"
},
"AWSBackupServiceRolePolicyForBackup": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup",
"AttachmentCount": 0,
"CreateDate": "2019-01-10T21:01:28+00:00",
"DefaultVersionId": "v10",
"Document": {
"Statement": [
{
"Action": [
"dynamodb:DescribeTable",
"dynamodb:CreateBackup"
],
"Effect": "Allow",
"Resource": "arn:aws:dynamodb:*:*:table/*"
},
{
"Action": [
"dynamodb:DescribeBackup",
"dynamodb:DeleteBackup"
],
"Effect": "Allow",
"Resource": "arn:aws:dynamodb:*:*:table/*/backup/*"
},
{
"Action": [
"rds:AddTagsToResource",
"rds:ListTagsForResource",
"rds:DescribeDBSnapshots",
"rds:CreateDBSnapshot",
"rds:CopyDBSnapshot",
"rds:DescribeDBInstances",
"rds:CreateDBClusterSnapshot",
"rds:DescribeDBClusters",
"rds:DescribeDBClusterSnapshots",
"rds:CopyDBClusterSnapshot"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"rds:ModifyDBInstance"
],
"Effect": "Allow",
"Resource": [
"arn:aws:rds:*:*:db:*"
]
},
{
"Action": [
"rds:DeleteDBSnapshot",
"rds:ModifyDBSnapshotAttribute"
],
"Effect": "Allow",
"Resource": [
"arn:aws:rds:*:*:snapshot:awsbackup:*"
]
},
{
"Action": [
"rds:DeleteDBClusterSnapshot",
"rds:ModifyDBClusterSnapshotAttribute"
],
"Effect": "Allow",
"Resource": [
"arn:aws:rds:*:*:cluster-snapshot:awsbackup:*"
]
},
{
"Action": [
"storagegateway:CreateSnapshot",
"storagegateway:ListTagsForResource"
],
"Effect": "Allow",
"Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*"
},
{
"Action": [
"ec2:CopySnapshot"
],
"Effect": "Allow",
"Resource": "arn:aws:ec2:*::snapshot/*"
},
{
"Action": [
"ec2:CopyImage"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteSnapshot"
],
"Effect": "Allow",
"Resource": "arn:aws:ec2:*::snapshot/*"
},
{
"Action": [
"ec2:CreateImage",
"ec2:DeregisterImage"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateTags"
],
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:image/*"
},
{
"Action": [
"ec2:DescribeSnapshots",
"ec2:DescribeTags",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstanceCreditSpecifications",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeElasticGpus",
"ec2:DescribeSpotInstanceRequests"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifySnapshotAttribute",
"ec2:ModifyImageAttribute"
],
"Condition": {
"Null": {
"aws:ResourceTag/aws:backup:source-resource": "false"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"backup:DescribeBackupVault",
"backup:CopyIntoBackupVault"
],
"Effect": "Allow",
"Resource": "arn:aws:backup:*:*:backup-vault:*"
},
{
"Action": [
"backup:CopyFromBackupVault"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"elasticfilesystem:Backup",
"elasticfilesystem:DescribeTags"
],
"Effect": "Allow",
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
},
{
"Action": [
"ec2:CreateSnapshot",
"ec2:DeleteSnapshot",
"ec2:DescribeVolumes",
"ec2:DescribeSnapshots"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*:*:volume/*"
]
},
{
"Action": [
"kms:Decrypt",
"kms:GenerateDataKey"
],
"Condition": {
"StringLike": {
"kms:ViaService": [
"dynamodb.*.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "kms:DescribeKey",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "kms:CreateGrant",
"Condition": {
"Bool": {
"kms:GrantIsForAWSResource": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:GenerateDataKeyWithoutPlaintext"
],
"Condition": {
"StringLike": {
"kms:ViaService": [
"ec2.*.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:kms:*:*:key/*"
},
{
"Action": [
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ssm:CancelCommand",
"ssm:GetCommandInvocation"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ssm:SendCommand",
"Effect": "Allow",
"Resource": [
"arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot",
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": "fsx:DescribeBackups",
"Effect": "Allow",
"Resource": "arn:aws:fsx:*:*:backup/*"
},
{
"Action": "fsx:CreateBackup",
"Effect": "Allow",
"Resource": [
"arn:aws:fsx:*:*:file-system/*",
"arn:aws:fsx:*:*:backup/*"
]
},
{
"Action": "fsx:DescribeFileSystems",
"Effect": "Allow",
"Resource": "arn:aws:fsx:*:*:file-system/*"
},
{
"Action": "fsx:ListTagsForResource",
"Effect": "Allow",
"Resource": "arn:aws:fsx:*:*:file-system/*"
},
{
"Action": "fsx:DeleteBackup",
"Effect": "Allow",
"Resource": "arn:aws:fsx:*:*:backup/*"
},
{
"Action": [
"fsx:ListTagsForResource",
"fsx:ManageBackupPrincipalAssociations",
"fsx:CopyBackup",
"fsx:TagResource"
],
"Effect": "Allow",
"Resource": "arn:aws:fsx:*:*:backup/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIOOYZSLZZXWFJJ5N2",
"PolicyName": "AWSBackupServiceRolePolicyForBackup",
"UpdateDate": "2021-04-12T18:07:46+00:00",
"VersionId": "v10"
},
"AWSBackupServiceRolePolicyForRestores": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForRestores",
"AttachmentCount": 0,
"CreateDate": "2019-01-12T00:23:54+00:00",
"DefaultVersionId": "v9",
"Document": {
"Statement": [
{
"Action": [
"dynamodb:Scan",
"dynamodb:Query",
"dynamodb:UpdateItem",
"dynamodb:PutItem",
"dynamodb:GetItem",
"dynamodb:DeleteItem",
"dynamodb:BatchWriteItem",
"dynamodb:DescribeTable"
],
"Effect": "Allow",
"Resource": "arn:aws:dynamodb:*:*:table/*"
},
{
"Action": [
"dynamodb:RestoreTableFromBackup"
],
"Effect": "Allow",
"Resource": "arn:aws:dynamodb:*:*:table/*/backup/*"
},
{
"Action": [
"ec2:CreateVolume",
"ec2:DeleteVolume"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*:*:volume/*"
]
},
{
"Action": [
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeSnapshots",
"ec2:DescribeVolumes"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"storagegateway:DeleteVolume",
"storagegateway:DescribeCachediSCSIVolumes",
"storagegateway:DescribeStorediSCSIVolumes"
],
"Effect": "Allow",
"Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*"
},
{
"Action": [
"storagegateway:DescribeGatewayInformation",
"storagegateway:CreateStorediSCSIVolume",
"storagegateway:CreateCachediSCSIVolume"
],
"Effect": "Allow",
"Resource": "arn:aws:storagegateway:*:*:gateway/*"
},
{
"Action": [
"storagegateway:ListVolumes"
],
"Effect": "Allow",
"Resource": "arn:aws:storagegateway:*:*:*"
},
{
"Action": [
"rds:DescribeDBInstances",
"rds:DescribeDBSnapshots",
"rds:ListTagsForResource",
"rds:RestoreDBInstanceFromDBSnapshot",
"rds:DeleteDBInstance",
"rds:AddTagsToResource",
"rds:DescribeDBClusters",
"rds:RestoreDBClusterFromSnapshot",
"rds:DeleteDBCluster",
"rds:RestoreDBInstanceToPointInTime"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"elasticfilesystem:Restore",
"elasticfilesystem:CreateFilesystem",
"elasticfilesystem:DescribeFilesystems",
"elasticfilesystem:DeleteFilesystem"
],
"Effect": "Allow",
"Resource": "arn:aws:elasticfilesystem:*:*:file-system/*"
},
{
"Action": "kms:DescribeKey",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:Decrypt",
"kms:Encrypt",
"kms:GenerateDataKey",
"kms:ReEncryptTo",
"kms:ReEncryptFrom"
],
"Condition": {
"StringLike": {
"kms:ViaService": [
"dynamodb.*.amazonaws.com",
"ec2.*.amazonaws.com",
"elasticfilesystem.*.amazonaws.com",
"rds.*.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "kms:CreateGrant",
"Condition": {
"Bool": {
"kms:GrantIsForAWSResource": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:RunInstances"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:TerminateInstances"
],
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": [
"fsx:CreateFileSystemFromBackup"
],
"Effect": "Allow",
"Resource": [
"arn:aws:fsx:*:*:file-system/*",
"arn:aws:fsx:*:*:backup/*"
]
},
{
"Action": [
"fsx:DescribeFileSystems",
"fsx:TagResource"
],
"Effect": "Allow",
"Resource": "arn:aws:fsx:*:*:file-system/*"
},
{
"Action": "fsx:DescribeBackups",
"Effect": "Allow",
"Resource": "arn:aws:fsx:*:*:backup/*"
},
{
"Action": [
"fsx:DeleteFileSystem",
"fsx:UntagResource"
],
"Condition": {
"Null": {
"aws:ResourceTag/aws:backup:source-resource": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:fsx:*:*:file-system/*"
},
{
"Action": "ds:DescribeDirectories",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJZCCL6F2WPVOUXZKI",
"PolicyName": "AWSBackupServiceRolePolicyForRestores",
"UpdateDate": "2021-05-25T00:02:53+00:00",
"VersionId": "v9"
},
"AWSBatchFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSBatchFullAccess",
"AttachmentCount": 0,
"CreateDate": "2016-12-06T19:35:42+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"batch:*",
"cloudwatch:GetMetricStatistics",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeKeyPairs",
"ec2:DescribeVpcs",
"ec2:DescribeImages",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeLaunchTemplateVersions",
"ecs:DescribeClusters",
"ecs:Describe*",
"ecs:List*",
"logs:Describe*",
"logs:Get*",
"logs:TestMetricFilter",
"logs:FilterLogEvents",
"iam:ListInstanceProfiles",
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/AWSBatchServiceRole",
"arn:aws:iam::*:role/service-role/AWSBatchServiceRole",
"arn:aws:iam::*:role/ecsInstanceRole",
"arn:aws:iam::*:instance-profile/ecsInstanceRole",
"arn:aws:iam::*:role/iaws-ec2-spot-fleet-role",
"arn:aws:iam::*:role/aws-ec2-spot-fleet-role",
"arn:aws:iam::*:role/AWSBatchJobRole*"
]
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "batch.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/*Batch*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ7K2KIWB3HZVK3CUO",
"PolicyName": "AWSBatchFullAccess",
"UpdateDate": "2021-03-10T07:02:45+00:00",
"VersionId": "v6"
},
"AWSBatchServiceEventTargetRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSBatchServiceEventTargetRole",
"AttachmentCount": 0,
"CreateDate": "2018-02-28T22:31:13+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"batch:SubmitJob"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAICVHHZ6XHNMA6VE3Q",
"PolicyName": "AWSBatchServiceEventTargetRole",
"UpdateDate": "2018-02-28T22:31:13+00:00",
"VersionId": "v1"
},
"AWSBatchServiceRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole",
"AttachmentCount": 0,
"CreateDate": "2016-12-06T19:36:24+00:00",
"DefaultVersionId": "v11",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeKeyPairs",
"ec2:DescribeImages",
"ec2:DescribeImageAttribute",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeSpotFleetInstances",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeSpotPriceHistory",
"ec2:DescribeVpcClassicLink",
"ec2:DescribeLaunchTemplateVersions",
"ec2:CreateLaunchTemplate",
"ec2:DeleteLaunchTemplate",
"ec2:RequestSpotFleet",
"ec2:CancelSpotFleetRequests",
"ec2:ModifySpotFleetRequest",
"ec2:TerminateInstances",
"ec2:RunInstances",
"autoscaling:DescribeAccountLimits",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:CreateLaunchConfiguration",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:SetDesiredCapacity",
"autoscaling:DeleteLaunchConfiguration",
"autoscaling:DeleteAutoScalingGroup",
"autoscaling:CreateOrUpdateTags",
"autoscaling:SuspendProcesses",
"autoscaling:PutNotificationConfiguration",
"autoscaling:TerminateInstanceInAutoScalingGroup",
"ecs:DescribeClusters",
"ecs:DescribeContainerInstances",
"ecs:DescribeTaskDefinition",
"ecs:DescribeTasks",
"ecs:ListAccountSettings",
"ecs:ListClusters",
"ecs:ListContainerInstances",
"ecs:ListTaskDefinitionFamilies",
"ecs:ListTaskDefinitions",
"ecs:ListTasks",
"ecs:CreateCluster",
"ecs:DeleteCluster",
"ecs:RegisterTaskDefinition",
"ecs:DeregisterTaskDefinition",
"ecs:RunTask",
"ecs:StartTask",
"ecs:StopTask",
"ecs:UpdateContainerAgent",
"ecs:DeregisterContainerInstance",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogGroups",
"iam:GetInstanceProfile",
"iam:GetRole"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ecs:TagResource",
"Effect": "Allow",
"Resource": [
"arn:aws:ecs:*:*:task/*_Batch_*"
]
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn",
"ecs-tasks.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"spot.amazonaws.com",
"spotfleet.amazonaws.com",
"autoscaling.amazonaws.com",
"ecs.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateTags"
],
"Condition": {
"StringEquals": {
"ec2:CreateAction": "RunInstances"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIUETIXPCKASQJURFE",
"PolicyName": "AWSBatchServiceRole",
"UpdateDate": "2020-11-23T18:19:27+00:00",
"VersionId": "v11"
},
"AWSBillingReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSBillingReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-08-27T20:08:51+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"aws-portal:ViewBilling"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4LJ3OSZ5SX",
"PolicyName": "AWSBillingReadOnlyAccess",
"UpdateDate": "2020-08-27T20:08:51+00:00",
"VersionId": "v1"
},
"AWSBudgetsActionsRolePolicyForResourceAdministrationWithSSM": {
"Arn": "arn:aws:iam::aws:policy/AWSBudgetsActionsRolePolicyForResourceAdministrationWithSSM",
"AttachmentCount": 0,
"CreateDate": "2020-10-15T17:20:48+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeInstanceStatus",
"ec2:StartInstances",
"ec2:StopInstances",
"rds:DescribeDBInstances",
"rds:StartDBInstance",
"rds:StopDBInstance"
],
"Condition": {
"ForAnyValue:StringEquals": {
"aws:CalledVia": [
"ssm.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ssm:StartAutomationExecution"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4KIUIYBT2X",
"PolicyName": "AWSBudgetsActionsRolePolicyForResourceAdministrationWithSSM",
"UpdateDate": "2020-10-15T17:20:48+00:00",
"VersionId": "v1"
},
"AWSBudgetsActionsWithAWSResourceControlAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSBudgetsActionsWithAWSResourceControlAccess",
"AttachmentCount": 0,
"CreateDate": "2020-10-15T17:19:12+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"budgets:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"aws-portal:ViewBilling"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "budgets.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"aws-portal:ModifyBilling",
"ec2:DescribeInstances",
"iam:ListGroups",
"iam:ListPolicies",
"iam:ListRoles",
"iam:ListUsers",
"organizations:ListAccounts",
"organizations:ListOrganizationalUnitsForParent",
"organizations:ListPolicies",
"organizations:ListRoots",
"rds:DescribeDBInstances",
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4AHTKKGHHS",
"PolicyName": "AWSBudgetsActionsWithAWSResourceControlAccess",
"UpdateDate": "2020-10-15T17:19:12+00:00",
"VersionId": "v1"
},
"AWSBudgetsReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSBudgetsReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-10-15T17:18:28+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"aws-portal:ViewBilling",
"budgets:ViewBudget",
"budgets:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4EZCFS6BHW",
"PolicyName": "AWSBudgetsReadOnlyAccess",
"UpdateDate": "2020-10-15T17:18:28+00:00",
"VersionId": "v1"
},
"AWSCertificateManagerFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerFullAccess",
"AttachmentCount": 0,
"CreateDate": "2016-01-21T17:02:36+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"acm:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "acm.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager*"
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus",
"iam:GetRole"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJYCHABBP6VQIVBCBQ",
"PolicyName": "AWSCertificateManagerFullAccess",
"UpdateDate": "2020-08-17T22:18:28+00:00",
"VersionId": "v2"
},
"AWSCertificateManagerPrivateCAAuditor": {
"Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAAuditor",
"AttachmentCount": 0,
"CreateDate": "2018-10-23T16:51:08+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"acm-pca:CreateCertificateAuthorityAuditReport",
"acm-pca:DescribeCertificateAuthority",
"acm-pca:DescribeCertificateAuthorityAuditReport",
"acm-pca:GetCertificateAuthorityCsr",
"acm-pca:GetCertificateAuthorityCertificate",
"acm-pca:GetCertificate",
"acm-pca:GetPolicy",
"acm-pca:ListPermissions",
"acm-pca:ListTags"
],
"Effect": "Allow",
"Resource": "arn:aws:acm-pca:*:*:certificate-authority/*"
},
{
"Action": [
"acm-pca:ListCertificateAuthorities"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJW77VE4UEBJ4PEXEY",
"PolicyName": "AWSCertificateManagerPrivateCAAuditor",
"UpdateDate": "2020-08-17T22:54:12+00:00",
"VersionId": "v4"
},
"AWSCertificateManagerPrivateCAFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-10-23T16:54:50+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"acm-pca:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIRTQUC55CREAWFLBG",
"PolicyName": "AWSCertificateManagerPrivateCAFullAccess",
"UpdateDate": "2018-10-23T16:54:50+00:00",
"VersionId": "v1"
},
"AWSCertificateManagerPrivateCAPrivilegedUser": {
"Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAPrivilegedUser",
"AttachmentCount": 0,
"CreateDate": "2019-06-20T17:43:13+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"acm-pca:IssueCertificate"
],
"Condition": {
"StringLike": {
"acm-pca:TemplateArn": [
"arn:aws:acm-pca:::template/*CACertificate*/V*"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:acm-pca:*:*:certificate-authority/*"
},
{
"Action": [
"acm-pca:IssueCertificate"
],
"Condition": {
"StringNotLike": {
"acm-pca:TemplateArn": [
"arn:aws:acm-pca:::template/*CACertificate*/V*"
]
}
},
"Effect": "Deny",
"Resource": "arn:aws:acm-pca:*:*:certificate-authority/*"
},
{
"Action": [
"acm-pca:RevokeCertificate",
"acm-pca:GetCertificate",
"acm-pca:ListPermissions"
],
"Effect": "Allow",
"Resource": "arn:aws:acm-pca:*:*:certificate-authority/*"
},
{
"Action": [
"acm-pca:ListCertificateAuthorities"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4EQ6CWU5X5",
"PolicyName": "AWSCertificateManagerPrivateCAPrivilegedUser",
"UpdateDate": "2019-06-20T17:43:13+00:00",
"VersionId": "v1"
},
"AWSCertificateManagerPrivateCAReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAReadOnly",
"AttachmentCount": 0,
"CreateDate": "2018-10-23T16:57:04+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": {
"Action": [
"acm-pca:DescribeCertificateAuthority",
"acm-pca:DescribeCertificateAuthorityAuditReport",
"acm-pca:ListCertificateAuthorities",
"acm-pca:GetCertificateAuthorityCsr",
"acm-pca:GetCertificateAuthorityCertificate",
"acm-pca:GetCertificate",
"acm-pca:GetPolicy",
"acm-pca:ListPermissions",
"acm-pca:ListTags"
],
"Effect": "Allow",
"Resource": "*"
},
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJQAQT3WIXOXY7TD4A",
"PolicyName": "AWSCertificateManagerPrivateCAReadOnly",
"UpdateDate": "2020-08-17T22:54:22+00:00",
"VersionId": "v3"
},
"AWSCertificateManagerPrivateCAUser": {
"Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAUser",
"AttachmentCount": 0,
"CreateDate": "2018-10-23T16:53:33+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"acm-pca:IssueCertificate"
],
"Condition": {
"StringLike": {
"acm-pca:TemplateArn": [
"arn:aws:acm-pca:::template/EndEntityCertificate/V*"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:acm-pca:*:*:certificate-authority/*"
},
{
"Action": [
"acm-pca:IssueCertificate"
],
"Condition": {
"StringNotLike": {
"acm-pca:TemplateArn": [
"arn:aws:acm-pca:::template/EndEntityCertificate/V*"
]
}
},
"Effect": "Deny",
"Resource": "arn:aws:acm-pca:*:*:certificate-authority/*"
},
{
"Action": [
"acm-pca:RevokeCertificate",
"acm-pca:GetCertificate",
"acm-pca:ListPermissions"
],
"Effect": "Allow",
"Resource": "arn:aws:acm-pca:*:*:certificate-authority/*"
},
{
"Action": [
"acm-pca:ListCertificateAuthorities"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJBXCSJJULLMRWSNII",
"PolicyName": "AWSCertificateManagerPrivateCAUser",
"UpdateDate": "2019-06-20T17:42:37+00:00",
"VersionId": "v4"
},
"AWSCertificateManagerReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerReadOnly",
"AttachmentCount": 0,
"CreateDate": "2016-01-21T17:07:33+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": {
"Action": [
"acm:DescribeCertificate",
"acm:ListCertificates",
"acm:GetCertificate",
"acm:ListTagsForCertificate",
"acm:GetAccountConfiguration"
],
"Effect": "Allow",
"Resource": "*"
},
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI4GSWX6S4MESJ3EWC",
"PolicyName": "AWSCertificateManagerReadOnly",
"UpdateDate": "2021-03-15T16:25:21+00:00",
"VersionId": "v4"
},
"AWSChatbotServiceLinkedRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSChatbotServiceLinkedRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-11-18T16:39:50+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"sns:Unsubscribe",
"sns:Subscribe",
"sns:ListSubscriptions"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:PutLogEvents",
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:CreateLogGroup",
"logs:DescribeLogGroups"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/chatbot/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4ID4WRYKST",
"PolicyName": "AWSChatbotServiceLinkedRolePolicy",
"UpdateDate": "2019-11-18T16:39:50+00:00",
"VersionId": "v1"
},
"AWSCloud9Administrator": {
"Arn": "arn:aws:iam::aws:policy/AWSCloud9Administrator",
"AttachmentCount": 0,
"CreateDate": "2017-11-30T16:17:28+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"cloud9:*",
"iam:GetUser",
"iam:ListUsers",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringLike": {
"iam:AWSServiceName": "cloud9.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ssm:StartSession",
"Condition": {
"StringEquals": {
"aws:CalledViaFirst": "cloud9.amazonaws.com"
},
"StringLike": {
"ssm:resourceTag/aws:cloud9:environment": "*"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": [
"ssm:StartSession"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ssm:*:*:document/*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIQ4KWP455WDTCBGWK",
"PolicyName": "AWSCloud9Administrator",
"UpdateDate": "2020-07-29T06:28:54+00:00",
"VersionId": "v2"
},
"AWSCloud9EnvironmentMember": {
"Arn": "arn:aws:iam::aws:policy/AWSCloud9EnvironmentMember",
"AttachmentCount": 0,
"CreateDate": "2017-11-30T16:18:28+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"cloud9:GetUserSettings",
"cloud9:UpdateUserSettings",
"iam:GetUser",
"iam:ListUsers"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloud9:DescribeEnvironmentMemberships"
],
"Condition": {
"Null": {
"cloud9:EnvironmentId": "true",
"cloud9:UserArn": "true"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "ssm:StartSession",
"Condition": {
"StringEquals": {
"aws:CalledViaFirst": "cloud9.amazonaws.com"
},
"StringLike": {
"ssm:resourceTag/aws:cloud9:environment": "*"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": [
"ssm:StartSession"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ssm:*:*:document/*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI54ULAIPVT5HFTYGK",
"PolicyName": "AWSCloud9EnvironmentMember",
"UpdateDate": "2020-07-29T06:29:08+00:00",
"VersionId": "v2"
},
"AWSCloud9SSMInstanceProfile": {
"Arn": "arn:aws:iam::aws:policy/AWSCloud9SSMInstanceProfile",
"AttachmentCount": 0,
"CreateDate": "2020-05-14T11:40:49+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel",
"ssm:UpdateInstanceInformation"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4IQOSNAKW6",
"PolicyName": "AWSCloud9SSMInstanceProfile",
"UpdateDate": "2020-05-14T11:40:49+00:00",
"VersionId": "v1"
},
"AWSCloud9ServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSCloud9ServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-11-30T13:44:08+00:00",
"DefaultVersionId": "v7",
"Document": {
"Statement": [
{
"Action": [
"ec2:RunInstances",
"ec2:CreateSecurityGroup",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"cloudformation:CreateStack",
"cloudformation:DescribeStacks",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:TerminateInstances",
"ec2:DeleteSecurityGroup",
"ec2:AuthorizeSecurityGroupIngress"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudformation:DeleteStack"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudformation:*:*:stack/aws-cloud9-*"
},
{
"Action": [
"ec2:CreateTags"
],
"Condition": {
"StringLike": {
"aws:RequestTag/Name": "aws-cloud9-*"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:security-group/*"
]
},
{
"Action": [
"ec2:StartInstances",
"ec2:StopInstances"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:cloudformation:stack-name": "aws-cloud9-*"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:ListInstanceProfiles",
"iam:GetInstanceProfile"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:instance-profile/cloud9/*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": "ec2.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/service-role/AWSCloud9SSMAccessRole"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJFXGCBXQIZATFZ4YG",
"PolicyName": "AWSCloud9ServiceRolePolicy",
"UpdateDate": "2020-10-06T12:43:49+00:00",
"VersionId": "v7"
},
"AWSCloud9User": {
"Arn": "arn:aws:iam::aws:policy/AWSCloud9User",
"AttachmentCount": 0,
"CreateDate": "2017-11-30T16:16:17+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"cloud9:ValidateEnvironmentName",
"cloud9:UpdateUserSettings",
"cloud9:GetUserSettings",
"iam:GetUser",
"iam:ListUsers",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloud9:CreateEnvironmentEC2",
"cloud9:CreateEnvironmentSSH"
],
"Condition": {
"Null": {
"cloud9:OwnerArn": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloud9:GetUserPublicKey"
],
"Condition": {
"Null": {
"cloud9:UserArn": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloud9:DescribeEnvironmentMemberships"
],
"Condition": {
"Null": {
"cloud9:EnvironmentId": "true",
"cloud9:UserArn": "true"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringLike": {
"iam:AWSServiceName": "cloud9.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ssm:StartSession",
"Condition": {
"StringEquals": {
"aws:CalledViaFirst": "cloud9.amazonaws.com"
},
"StringLike": {
"ssm:resourceTag/aws:cloud9:environment": "*"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": [
"ssm:StartSession"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ssm:*:*:document/*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJPFGFWQF67QVARP6U",
"PolicyName": "AWSCloud9User",
"UpdateDate": "2020-07-29T06:26:43+00:00",
"VersionId": "v4"
},
"AWSCloudFormationFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCloudFormationFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-07-26T21:50:35+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cloudformation:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4CRR3ZS723",
"PolicyName": "AWSCloudFormationFullAccess",
"UpdateDate": "2019-07-26T21:50:35+00:00",
"VersionId": "v1"
},
"AWSCloudFormationReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:39:49+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"cloudformation:Describe*",
"cloudformation:EstimateTemplateCost",
"cloudformation:Get*",
"cloudformation:List*",
"cloudformation:ValidateTemplate",
"cloudformation:Detect*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJWVBEE4I2POWLODLW",
"PolicyName": "AWSCloudFormationReadOnlyAccess",
"UpdateDate": "2019-11-13T17:40:07+00:00",
"VersionId": "v4"
},
"AWSCloudFrontLogger": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSCloudFrontLogger",
"AttachmentCount": 0,
"CreateDate": "2018-06-12T20:15:23+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/cloudfront/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIOI7RPKLCNINBTRP4",
"PolicyName": "AWSCloudFrontLogger",
"UpdateDate": "2019-11-22T19:33:51+00:00",
"VersionId": "v2"
},
"AWSCloudHSMFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCloudHSMFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:39:51+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "cloudhsm:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIMBQYQZM7F63DA2UU",
"PolicyName": "AWSCloudHSMFullAccess",
"UpdateDate": "2015-02-06T18:39:51+00:00",
"VersionId": "v1"
},
"AWSCloudHSMReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCloudHSMReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:39:52+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cloudhsm:Get*",
"cloudhsm:List*",
"cloudhsm:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAISVCBSY7YDBOT67KE",
"PolicyName": "AWSCloudHSMReadOnlyAccess",
"UpdateDate": "2015-02-06T18:39:52+00:00",
"VersionId": "v1"
},
"AWSCloudHSMRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSCloudHSMRole",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:23+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:CreateTags",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DetachNetworkInterface"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI7QIUU4GC66SF26WE",
"PolicyName": "AWSCloudHSMRole",
"UpdateDate": "2015-02-06T18:41:23+00:00",
"VersionId": "v1"
},
"AWSCloudMapDiscoverInstanceAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCloudMapDiscoverInstanceAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-29T00:02:42+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"servicediscovery:DiscoverInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIPRD7PYYQVYPDME4K",
"PolicyName": "AWSCloudMapDiscoverInstanceAccess",
"UpdateDate": "2018-11-29T00:02:42+00:00",
"VersionId": "v1"
},
"AWSCloudMapFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCloudMapFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-28T23:57:31+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"route53:GetHostedZone",
"route53:ListHostedZonesByName",
"route53:CreateHostedZone",
"route53:DeleteHostedZone",
"route53:ChangeResourceRecordSets",
"route53:CreateHealthCheck",
"route53:GetHealthCheck",
"route53:DeleteHealthCheck",
"route53:UpdateHealthCheck",
"ec2:DescribeVpcs",
"ec2:DescribeRegions",
"ec2:DescribeInstances",
"servicediscovery:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIZPIMAQZJS3WUXUJM",
"PolicyName": "AWSCloudMapFullAccess",
"UpdateDate": "2020-07-29T19:15:35+00:00",
"VersionId": "v2"
},
"AWSCloudMapReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCloudMapReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-28T23:45:26+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"servicediscovery:Get*",
"servicediscovery:List*",
"servicediscovery:DiscoverInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIOHISHKLCJTVQQL5E",
"PolicyName": "AWSCloudMapReadOnlyAccess",
"UpdateDate": "2018-11-28T23:45:26+00:00",
"VersionId": "v1"
},
"AWSCloudMapRegisterInstanceAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCloudMapRegisterInstanceAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-29T00:04:57+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"route53:GetHostedZone",
"route53:ListHostedZonesByName",
"route53:ChangeResourceRecordSets",
"route53:CreateHealthCheck",
"route53:GetHealthCheck",
"route53:DeleteHealthCheck",
"route53:UpdateHealthCheck",
"servicediscovery:Get*",
"servicediscovery:List*",
"servicediscovery:RegisterInstance",
"servicediscovery:DeregisterInstance",
"servicediscovery:DiscoverInstances",
"ec2:DescribeInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI4P5Z5HXVWJ75WQBC",
"PolicyName": "AWSCloudMapRegisterInstanceAccess",
"UpdateDate": "2020-07-29T17:57:24+00:00",
"VersionId": "v2"
},
"AWSCloudShellFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCloudShellFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-12-15T18:07:44+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cloudshell:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4HEDUXFSA3",
"PolicyName": "AWSCloudShellFullAccess",
"UpdateDate": "2020-12-15T18:07:44+00:00",
"VersionId": "v1"
},
"AWSCloudTrailReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCloudTrailReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:39:59+00:00",
"DefaultVersionId": "v9",
"Document": {
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudtrail:GetTrail",
"cloudtrail:GetTrailStatus",
"cloudtrail:DescribeTrails",
"cloudtrail:ListTrails",
"cloudtrail:LookupEvents",
"cloudtrail:ListTags",
"cloudtrail:ListPublicKeys",
"cloudtrail:GetEventSelectors",
"cloudtrail:GetInsightSelectors",
"s3:ListAllMyBuckets",
"kms:ListAliases",
"lambda:ListFunctions"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJDU7KJADWBSEQ3E7S",
"PolicyName": "AWSCloudTrailReadOnlyAccess",
"UpdateDate": "2019-11-20T21:06:49+00:00",
"VersionId": "v9"
},
"AWSCloudTrail_FullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCloudTrail_FullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-10-08T23:41:15+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"sns:AddPermission",
"sns:CreateTopic",
"sns:SetTopicAttributes",
"sns:GetTopicAttributes"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sns:*:*:aws-cloudtrail-logs*"
]
},
{
"Action": [
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:CreateBucket",
"s3:PutBucketPolicy",
"s3:PutBucketPublicAccessBlock"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-cloudtrail-logs*"
]
},
{
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation",
"s3:GetBucketPolicy"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "cloudtrail:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:aws-cloudtrail-logs*"
]
},
{
"Action": [
"iam:ListRoles",
"iam:GetRolePolicy",
"iam:GetUser"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "cloudtrail.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:CreateKey",
"kms:CreateAlias",
"kms:ListKeys",
"kms:ListAliases"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"lambda:ListFunctions"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"dynamodb:ListGlobalTables",
"dynamodb:ListTables"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4CA4SIJQAM",
"PolicyName": "AWSCloudTrail_FullAccess",
"UpdateDate": "2021-02-22T19:01:00+00:00",
"VersionId": "v3"
},
"AWSCloudWatchAlarms_ActionSSMIncidentsServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSCloudWatchAlarms_ActionSSMIncidentsServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2021-04-27T13:30:52+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "ssm-incidents:StartIncident",
"Effect": "Allow",
"Resource": "*",
"Sid": "StartIncidentPermissions"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4JS7SI2RZY",
"PolicyName": "AWSCloudWatchAlarms_ActionSSMIncidentsServiceRolePolicy",
"UpdateDate": "2021-04-27T13:30:52+00:00",
"VersionId": "v1"
},
"AWSCodeArtifactAdminAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeArtifactAdminAccess",
"AttachmentCount": 0,
"CreateDate": "2020-06-16T23:53:23+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"codeartifact:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "sts:GetServiceBearerToken",
"Condition": {
"StringEquals": {
"sts:AWSServiceName": "codeartifact.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MBONPJNI5",
"PolicyName": "AWSCodeArtifactAdminAccess",
"UpdateDate": "2020-06-16T23:53:23+00:00",
"VersionId": "v1"
},
"AWSCodeArtifactReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeArtifactReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-06-25T21:23:52+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"codeartifact:Describe*",
"codeartifact:Get*",
"codeartifact:List*",
"codeartifact:ReadFromRepository"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "sts:GetServiceBearerToken",
"Condition": {
"StringEquals": {
"sts:AWSServiceName": "codeartifact.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4PVTKOJHFB",
"PolicyName": "AWSCodeArtifactReadOnlyAccess",
"UpdateDate": "2020-06-25T21:23:52+00:00",
"VersionId": "v1"
},
"AWSCodeBuildAdminAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess",
"AttachmentCount": 0,
"CreateDate": "2016-12-01T19:04:44+00:00",
"DefaultVersionId": "v12",
"Document": {
"Statement": [
{
"Action": [
"codebuild:*",
"codecommit:GetBranch",
"codecommit:GetCommit",
"codecommit:GetRepository",
"codecommit:ListBranches",
"codecommit:ListRepositories",
"cloudwatch:GetMetricStatistics",
"ec2:DescribeVpcs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ecr:DescribeRepositories",
"ecr:ListImages",
"elasticfilesystem:DescribeFileSystems",
"events:DeleteRule",
"events:DescribeRule",
"events:DisableRule",
"events:EnableRule",
"events:ListTargetsByRule",
"events:ListRuleNamesByTarget",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"logs:GetLogEvents",
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:DeleteLogGroup"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/codebuild/*:log-stream:*"
},
{
"Action": [
"ssm:PutParameter"
],
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:parameter/CodeBuild/*"
},
{
"Action": [
"ssm:StartSession"
],
"Effect": "Allow",
"Resource": "arn:aws:ecs:*:*:task/*/*"
},
{
"Action": [
"codestar-connections:CreateConnection",
"codestar-connections:DeleteConnection",
"codestar-connections:UpdateConnectionInstallation",
"codestar-connections:TagResource",
"codestar-connections:UntagResource",
"codestar-connections:ListConnections",
"codestar-connections:ListInstallationTargets",
"codestar-connections:ListTagsForResource",
"codestar-connections:GetConnection",
"codestar-connections:GetIndividualAccessToken",
"codestar-connections:GetInstallationUrl",
"codestar-connections:PassConnection",
"codestar-connections:StartOAuthHandshake",
"codestar-connections:UseConnection"
],
"Effect": "Allow",
"Resource": "arn:aws:codestar-connections:*:*:connection/*",
"Sid": "CodeStarConnectionsReadWriteAccess"
},
{
"Action": [
"codestar-notifications:CreateNotificationRule",
"codestar-notifications:DescribeNotificationRule",
"codestar-notifications:UpdateNotificationRule",
"codestar-notifications:DeleteNotificationRule",
"codestar-notifications:Subscribe",
"codestar-notifications:Unsubscribe"
],
"Condition": {
"StringLike": {
"codestar-notifications:NotificationsForResource": "arn:aws:codebuild:*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsReadWriteAccess"
},
{
"Action": [
"codestar-notifications:ListNotificationRules",
"codestar-notifications:ListEventTypes",
"codestar-notifications:ListTargets",
"codestar-notifications:ListTagsforResource"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsListAccess"
},
{
"Action": [
"sns:CreateTopic",
"sns:SetTopicAttributes"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:codestar-notifications*",
"Sid": "CodeStarNotificationsSNSTopicCreateAccess"
},
{
"Action": [
"sns:ListTopics",
"sns:GetTopicAttributes"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "SNSTopicListAccess"
},
{
"Action": [
"chatbot:DescribeSlackChannelConfigurations"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsChatbotAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJQJGIOIE3CD2TQXDS",
"PolicyName": "AWSCodeBuildAdminAccess",
"UpdateDate": "2020-09-14T16:03:39+00:00",
"VersionId": "v12"
},
"AWSCodeBuildDeveloperAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess",
"AttachmentCount": 0,
"CreateDate": "2016-12-01T19:02:32+00:00",
"DefaultVersionId": "v13",
"Document": {
"Statement": [
{
"Action": [
"codebuild:StartBuild",
"codebuild:StopBuild",
"codebuild:StartBuildBatch",
"codebuild:StopBuildBatch",
"codebuild:RetryBuild",
"codebuild:RetryBuildBatch",
"codebuild:BatchGet*",
"codebuild:GetResourcePolicy",
"codebuild:DescribeTestCases",
"codebuild:DescribeCodeCoverages",
"codebuild:List*",
"codecommit:GetBranch",
"codecommit:GetCommit",
"codecommit:GetRepository",
"codecommit:ListBranches",
"cloudwatch:GetMetricStatistics",
"events:DescribeRule",
"events:ListTargetsByRule",
"events:ListRuleNamesByTarget",
"logs:GetLogEvents",
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ssm:PutParameter"
],
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:parameter/CodeBuild/*"
},
{
"Action": [
"ssm:StartSession"
],
"Effect": "Allow",
"Resource": "arn:aws:ecs:*:*:task/*/*"
},
{
"Action": [
"codestar-connections:ListConnections",
"codestar-connections:GetConnection"
],
"Effect": "Allow",
"Resource": "arn:aws:codestar-connections:*:*:connection/*",
"Sid": "CodeStarConnectionsUserAccess"
},
{
"Action": [
"codestar-notifications:CreateNotificationRule",
"codestar-notifications:DescribeNotificationRule",
"codestar-notifications:UpdateNotificationRule",
"codestar-notifications:Subscribe",
"codestar-notifications:Unsubscribe"
],
"Condition": {
"StringLike": {
"codestar-notifications:NotificationsForResource": "arn:aws:codebuild:*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsReadWriteAccess"
},
{
"Action": [
"codestar-notifications:ListNotificationRules",
"codestar-notifications:ListEventTypes",
"codestar-notifications:ListTargets",
"codestar-notifications:ListTagsforResource"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsListAccess"
},
{
"Action": [
"sns:ListTopics",
"sns:GetTopicAttributes"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "SNSTopicListAccess"
},
{
"Action": [
"chatbot:DescribeSlackChannelConfigurations"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsChatbotAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIMKTMR34XSBQW45HS",
"PolicyName": "AWSCodeBuildDeveloperAccess",
"UpdateDate": "2020-09-14T16:03:44+00:00",
"VersionId": "v13"
},
"AWSCodeBuildReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeBuildReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2016-12-01T19:03:41+00:00",
"DefaultVersionId": "v11",
"Document": {
"Statement": [
{
"Action": [
"codebuild:BatchGet*",
"codebuild:GetResourcePolicy",
"codebuild:List*",
"codebuild:DescribeTestCases",
"codebuild:DescribeCodeCoverages",
"codecommit:GetBranch",
"codecommit:GetCommit",
"codecommit:GetRepository",
"cloudwatch:GetMetricStatistics",
"events:DescribeRule",
"events:ListTargetsByRule",
"events:ListRuleNamesByTarget",
"logs:GetLogEvents"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"codestar-connections:ListConnections",
"codestar-connections:GetConnection"
],
"Effect": "Allow",
"Resource": "arn:aws:codestar-connections:*:*:connection/*",
"Sid": "CodeStarConnectionsUserAccess"
},
{
"Action": [
"codestar-notifications:DescribeNotificationRule"
],
"Condition": {
"StringLike": {
"codestar-notifications:NotificationsForResource": "arn:aws:codebuild:*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsPowerUserAccess"
},
{
"Action": [
"codestar-notifications:ListNotificationRules",
"codestar-notifications:ListEventTypes",
"codestar-notifications:ListTargets"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsListAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJIZZWN6557F5HVP2K",
"PolicyName": "AWSCodeBuildReadOnlyAccess",
"UpdateDate": "2020-09-14T16:04:04+00:00",
"VersionId": "v11"
},
"AWSCodeCommitFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeCommitFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-07-09T17:02:19+00:00",
"DefaultVersionId": "v9",
"Document": {
"Statement": [
{
"Action": [
"codecommit:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"events:DeleteRule",
"events:DescribeRule",
"events:DisableRule",
"events:EnableRule",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"events:ListTargetsByRule"
],
"Effect": "Allow",
"Resource": "arn:aws:events:*:*:rule/codecommit*",
"Sid": "CloudWatchEventsCodeCommitRulesAccess"
},
{
"Action": [
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:Subscribe",
"sns:Unsubscribe",
"sns:SetTopicAttributes"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:codecommit*",
"Sid": "SNSTopicAndSubscriptionAccess"
},
{
"Action": [
"sns:ListTopics",
"sns:ListSubscriptionsByTopic",
"sns:GetTopicAttributes"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "SNSTopicAndSubscriptionReadAccess"
},
{
"Action": [
"lambda:ListFunctions"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "LambdaReadOnlyListAccess"
},
{
"Action": [
"iam:ListUsers"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "IAMReadOnlyListAccess"
},
{
"Action": [
"iam:ListAccessKeys",
"iam:ListSSHPublicKeys",
"iam:ListServiceSpecificCredentials"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}",
"Sid": "IAMReadOnlyConsoleAccess"
},
{
"Action": [
"iam:DeleteSSHPublicKey",
"iam:GetSSHPublicKey",
"iam:ListSSHPublicKeys",
"iam:UpdateSSHPublicKey",
"iam:UploadSSHPublicKey"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}",
"Sid": "IAMUserSSHKeys"
},
{
"Action": [
"iam:CreateServiceSpecificCredential",
"iam:UpdateServiceSpecificCredential",
"iam:DeleteServiceSpecificCredential",
"iam:ResetServiceSpecificCredential"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}",
"Sid": "IAMSelfManageServiceSpecificCredentials"
},
{
"Action": [
"codestar-notifications:CreateNotificationRule",
"codestar-notifications:DescribeNotificationRule",
"codestar-notifications:UpdateNotificationRule",
"codestar-notifications:DeleteNotificationRule",
"codestar-notifications:Subscribe",
"codestar-notifications:Unsubscribe"
],
"Condition": {
"StringLike": {
"codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsReadWriteAccess"
},
{
"Action": [
"codestar-notifications:ListNotificationRules",
"codestar-notifications:ListTargets",
"codestar-notifications:ListTagsforResource",
"codestar-notifications:ListEventTypes"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsListAccess"
},
{
"Action": [
"sns:CreateTopic",
"sns:SetTopicAttributes"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:codestar-notifications*",
"Sid": "CodeStarNotificationsSNSTopicCreateAccess"
},
{
"Action": [
"codeguru-reviewer:AssociateRepository",
"codeguru-reviewer:DescribeRepositoryAssociation",
"codeguru-reviewer:ListRepositoryAssociations",
"codeguru-reviewer:DisassociateRepository",
"codeguru-reviewer:DescribeCodeReview",
"codeguru-reviewer:ListCodeReviews"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AmazonCodeGuruReviewerFullAccess"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "codeguru-reviewer.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer",
"Sid": "AmazonCodeGuruReviewerSLRCreation"
},
{
"Action": [
"events:PutRule",
"events:PutTargets",
"events:DeleteRule",
"events:RemoveTargets"
],
"Condition": {
"StringEquals": {
"events:ManagedBy": "codeguru-reviewer.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudWatchEventsManagedRules"
},
{
"Action": [
"chatbot:DescribeSlackChannelConfigurations"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsChatbotAccess"
},
{
"Action": [
"codestar-connections:ListConnections",
"codestar-connections:GetConnection"
],
"Effect": "Allow",
"Resource": "arn:aws:codestar-connections:*:*:connection/*",
"Sid": "CodeStarConnectionsReadOnlyAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI4VCZ3XPIZLQ5NZV2",
"PolicyName": "AWSCodeCommitFullAccess",
"UpdateDate": "2020-07-30T23:17:35+00:00",
"VersionId": "v9"
},
"AWSCodeCommitPowerUser": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeCommitPowerUser",
"AttachmentCount": 0,
"CreateDate": "2015-07-09T17:06:49+00:00",
"DefaultVersionId": "v14",
"Document": {
"Statement": [
{
"Action": [
"codecommit:AssociateApprovalRuleTemplateWithRepository",
"codecommit:BatchAssociateApprovalRuleTemplateWithRepositories",
"codecommit:BatchDisassociateApprovalRuleTemplateFromRepositories",
"codecommit:BatchGet*",
"codecommit:BatchDescribe*",
"codecommit:Create*",
"codecommit:DeleteBranch",
"codecommit:DeleteFile",
"codecommit:Describe*",
"codecommit:DisassociateApprovalRuleTemplateFromRepository",
"codecommit:EvaluatePullRequestApprovalRules",
"codecommit:Get*",
"codecommit:List*",
"codecommit:Merge*",
"codecommit:OverridePullRequestApprovalRules",
"codecommit:Put*",
"codecommit:Post*",
"codecommit:TagResource",
"codecommit:Test*",
"codecommit:UntagResource",
"codecommit:Update*",
"codecommit:GitPull",
"codecommit:GitPush"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"events:DeleteRule",
"events:DescribeRule",
"events:DisableRule",
"events:EnableRule",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"events:ListTargetsByRule"
],
"Effect": "Allow",
"Resource": "arn:aws:events:*:*:rule/codecommit*",
"Sid": "CloudWatchEventsCodeCommitRulesAccess"
},
{
"Action": [
"sns:Subscribe",
"sns:Unsubscribe"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:codecommit*",
"Sid": "SNSTopicAndSubscriptionAccess"
},
{
"Action": [
"sns:ListTopics",
"sns:ListSubscriptionsByTopic",
"sns:GetTopicAttributes"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "SNSTopicAndSubscriptionReadAccess"
},
{
"Action": [
"lambda:ListFunctions"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "LambdaReadOnlyListAccess"
},
{
"Action": [
"iam:ListUsers"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "IAMReadOnlyListAccess"
},
{
"Action": [
"iam:ListAccessKeys",
"iam:ListSSHPublicKeys",
"iam:ListServiceSpecificCredentials"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}",
"Sid": "IAMReadOnlyConsoleAccess"
},
{
"Action": [
"iam:DeleteSSHPublicKey",
"iam:GetSSHPublicKey",
"iam:ListSSHPublicKeys",
"iam:UpdateSSHPublicKey",
"iam:UploadSSHPublicKey"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}",
"Sid": "IAMUserSSHKeys"
},
{
"Action": [
"iam:CreateServiceSpecificCredential",
"iam:UpdateServiceSpecificCredential",
"iam:DeleteServiceSpecificCredential",
"iam:ResetServiceSpecificCredential"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}",
"Sid": "IAMSelfManageServiceSpecificCredentials"
},
{
"Action": [
"codestar-notifications:CreateNotificationRule",
"codestar-notifications:DescribeNotificationRule",
"codestar-notifications:UpdateNotificationRule",
"codestar-notifications:Subscribe",
"codestar-notifications:Unsubscribe"
],
"Condition": {
"StringLike": {
"codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsReadWriteAccess"
},
{
"Action": [
"codestar-notifications:ListNotificationRules",
"codestar-notifications:ListTargets",
"codestar-notifications:ListTagsforResource",
"codestar-notifications:ListEventTypes"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsListAccess"
},
{
"Action": [
"codeguru-reviewer:AssociateRepository",
"codeguru-reviewer:DescribeRepositoryAssociation",
"codeguru-reviewer:ListRepositoryAssociations",
"codeguru-reviewer:DisassociateRepository",
"codeguru-reviewer:DescribeCodeReview",
"codeguru-reviewer:ListCodeReviews"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AmazonCodeGuruReviewerFullAccess"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "codeguru-reviewer.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer",
"Sid": "AmazonCodeGuruReviewerSLRCreation"
},
{
"Action": [
"events:PutRule",
"events:PutTargets",
"events:DeleteRule",
"events:RemoveTargets"
],
"Condition": {
"StringEquals": {
"events:ManagedBy": "codeguru-reviewer.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudWatchEventsManagedRules"
},
{
"Action": [
"chatbot:DescribeSlackChannelConfigurations"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsChatbotAccess"
},
{
"Action": [
"codestar-connections:ListConnections",
"codestar-connections:GetConnection"
],
"Effect": "Allow",
"Resource": "arn:aws:codestar-connections:*:*:connection/*",
"Sid": "CodeStarConnectionsReadOnlyAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI4UIINUVGB5SEC57G",
"PolicyName": "AWSCodeCommitPowerUser",
"UpdateDate": "2020-07-30T23:12:48+00:00",
"VersionId": "v14"
},
"AWSCodeCommitReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeCommitReadOnly",
"AttachmentCount": 0,
"CreateDate": "2015-07-09T17:05:06+00:00",
"DefaultVersionId": "v10",
"Document": {
"Statement": [
{
"Action": [
"codecommit:BatchGet*",
"codecommit:BatchDescribe*",
"codecommit:Describe*",
"codecommit:EvaluatePullRequestApprovalRules",
"codecommit:Get*",
"codecommit:List*",
"codecommit:GitPull"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"events:DescribeRule",
"events:ListTargetsByRule"
],
"Effect": "Allow",
"Resource": "arn:aws:events:*:*:rule/codecommit*",
"Sid": "CloudWatchEventsCodeCommitRulesReadOnlyAccess"
},
{
"Action": [
"sns:ListTopics",
"sns:ListSubscriptionsByTopic",
"sns:GetTopicAttributes"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "SNSSubscriptionAccess"
},
{
"Action": [
"lambda:ListFunctions"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "LambdaReadOnlyListAccess"
},
{
"Action": [
"iam:ListUsers"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "IAMReadOnlyListAccess"
},
{
"Action": [
"iam:ListAccessKeys",
"iam:ListSSHPublicKeys",
"iam:ListServiceSpecificCredentials",
"iam:ListAccessKeys",
"iam:GetSSHPublicKey"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}",
"Sid": "IAMReadOnlyConsoleAccess"
},
{
"Action": [
"codestar-connections:ListConnections",
"codestar-connections:GetConnection"
],
"Effect": "Allow",
"Resource": "arn:aws:codestar-connections:*:*:connection/*",
"Sid": "CodeStarConnectionsReadOnlyAccess"
},
{
"Action": [
"codestar-notifications:DescribeNotificationRule"
],
"Condition": {
"StringLike": {
"codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsReadOnlyAccess"
},
{
"Action": [
"codestar-notifications:ListNotificationRules",
"codestar-notifications:ListEventTypes",
"codestar-notifications:ListTargets"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsListAccess"
},
{
"Action": [
"codeguru-reviewer:DescribeRepositoryAssociation",
"codeguru-reviewer:ListRepositoryAssociations",
"codeguru-reviewer:DescribeCodeReview",
"codeguru-reviewer:ListCodeReviews"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AmazonCodeGuruReviewerReadOnlyAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJACNSXR7Z2VLJW3D6",
"PolicyName": "AWSCodeCommitReadOnly",
"UpdateDate": "2020-07-30T23:08:05+00:00",
"VersionId": "v10"
},
"AWSCodeDeployDeployerAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess",
"AttachmentCount": 0,
"CreateDate": "2015-05-19T18:18:43+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"codedeploy:Batch*",
"codedeploy:CreateDeployment",
"codedeploy:Get*",
"codedeploy:List*",
"codedeploy:RegisterApplicationRevision"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"codestar-notifications:CreateNotificationRule",
"codestar-notifications:DescribeNotificationRule",
"codestar-notifications:UpdateNotificationRule",
"codestar-notifications:Subscribe",
"codestar-notifications:Unsubscribe"
],
"Condition": {
"StringLike": {
"codestar-notifications:NotificationsForResource": "arn:aws:codedeploy:*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsReadWriteAccess"
},
{
"Action": [
"codestar-notifications:ListNotificationRules",
"codestar-notifications:ListTargets",
"codestar-notifications:ListTagsforResource",
"codestar-notifications:ListEventTypes"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsListAccess"
},
{
"Action": [
"chatbot:DescribeSlackChannelConfigurations"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsChatbotAccess"
},
{
"Action": [
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "SNSTopicListAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJUWEPOMGLMVXJAPUI",
"PolicyName": "AWSCodeDeployDeployerAccess",
"UpdateDate": "2020-04-02T16:16:11+00:00",
"VersionId": "v3"
},
"AWSCodeDeployFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeDeployFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-05-19T18:13:23+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": "codedeploy:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"codestar-notifications:CreateNotificationRule",
"codestar-notifications:DescribeNotificationRule",
"codestar-notifications:UpdateNotificationRule",
"codestar-notifications:DeleteNotificationRule",
"codestar-notifications:Subscribe",
"codestar-notifications:Unsubscribe"
],
"Condition": {
"StringLike": {
"codestar-notifications:NotificationsForResource": "arn:aws:codedeploy:*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsReadWriteAccess"
},
{
"Action": [
"codestar-notifications:ListNotificationRules",
"codestar-notifications:ListTargets",
"codestar-notifications:ListTagsforResource",
"codestar-notifications:ListEventTypes"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsListAccess"
},
{
"Action": [
"sns:CreateTopic",
"sns:SetTopicAttributes"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:codestar-notifications*",
"Sid": "CodeStarNotificationsSNSTopicCreateAccess"
},
{
"Action": [
"chatbot:DescribeSlackChannelConfigurations"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsChatbotAccess"
},
{
"Action": [
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "SNSTopicListAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIONKN3TJZUKXCHXWC",
"PolicyName": "AWSCodeDeployFullAccess",
"UpdateDate": "2020-04-02T16:14:47+00:00",
"VersionId": "v3"
},
"AWSCodeDeployReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeDeployReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-05-19T18:21:32+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"codedeploy:Batch*",
"codedeploy:Get*",
"codedeploy:List*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"codestar-notifications:DescribeNotificationRule"
],
"Condition": {
"StringLike": {
"codestar-notifications:NotificationsForResource": "arn:aws:codedeploy:*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsPowerUserAccess"
},
{
"Action": [
"codestar-notifications:ListNotificationRules",
"codestar-notifications:ListEventTypes",
"codestar-notifications:ListTargets"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsListAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAILZHHKCKB4NE7XOIQ",
"PolicyName": "AWSCodeDeployReadOnlyAccess",
"UpdateDate": "2020-04-02T16:20:09+00:00",
"VersionId": "v3"
},
"AWSCodeDeployRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole",
"AttachmentCount": 0,
"CreateDate": "2015-05-04T18:05:37+00:00",
"DefaultVersionId": "v9",
"Document": {
"Statement": [
{
"Action": [
"autoscaling:CompleteLifecycleAction",
"autoscaling:DeleteLifecycleHook",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLifecycleHooks",
"autoscaling:PutLifecycleHook",
"autoscaling:RecordLifecycleActionHeartbeat",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:EnableMetricsCollection",
"autoscaling:DescribePolicies",
"autoscaling:DescribeScheduledActions",
"autoscaling:DescribeNotificationConfigurations",
"autoscaling:SuspendProcesses",
"autoscaling:ResumeProcesses",
"autoscaling:AttachLoadBalancers",
"autoscaling:AttachLoadBalancerTargetGroups",
"autoscaling:PutScalingPolicy",
"autoscaling:PutScheduledUpdateGroupAction",
"autoscaling:PutNotificationConfiguration",
"autoscaling:PutWarmPool",
"autoscaling:DescribeScalingActivities",
"autoscaling:DeleteAutoScalingGroup",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:TerminateInstances",
"tag:GetResources",
"sns:Publish",
"cloudwatch:DescribeAlarms",
"cloudwatch:PutMetricAlarm",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:DeregisterTargets"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ2NKMKD73QS5NBFLA",
"PolicyName": "AWSCodeDeployRole",
"UpdateDate": "2021-05-19T00:42:51+00:00",
"VersionId": "v9"
},
"AWSCodeDeployRoleForCloudFormation": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForCloudFormation",
"AttachmentCount": 0,
"CreateDate": "2020-05-19T17:12:52+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": "arn:aws:lambda:*:*:function:CodeDeployHook_*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4CO24UTMFH",
"PolicyName": "AWSCodeDeployRoleForCloudFormation",
"UpdateDate": "2020-05-19T17:12:52+00:00",
"VersionId": "v1"
},
"AWSCodeDeployRoleForECS": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeDeployRoleForECS",
"AttachmentCount": 0,
"CreateDate": "2018-11-27T20:40:57+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"ecs:DescribeServices",
"ecs:CreateTaskSet",
"ecs:UpdateServicePrimaryTaskSet",
"ecs:DeleteTaskSet",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:ModifyRule",
"lambda:InvokeFunction",
"cloudwatch:DescribeAlarms",
"sns:Publish",
"s3:GetObject",
"s3:GetObjectVersion"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"ecs-tasks.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIIL3KXEKRGEN2HFIO",
"PolicyName": "AWSCodeDeployRoleForECS",
"UpdateDate": "2019-09-23T22:37:46+00:00",
"VersionId": "v3"
},
"AWSCodeDeployRoleForECSLimited": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeDeployRoleForECSLimited",
"AttachmentCount": 0,
"CreateDate": "2018-11-27T20:42:42+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"ecs:DescribeServices",
"ecs:CreateTaskSet",
"ecs:UpdateServicePrimaryTaskSet",
"ecs:DeleteTaskSet",
"cloudwatch:DescribeAlarms"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:CodeDeployTopic_*"
},
{
"Action": [
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:ModifyRule"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": "arn:aws:lambda:*:*:function:CodeDeployHook_*"
},
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion"
],
"Condition": {
"StringEquals": {
"s3:ExistingObjectTag/UseWithCodeDeploy": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"ecs-tasks.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/ecsTaskExecutionRole",
"arn:aws:iam::*:role/ECSTaskExecution*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ6Z7L2IOXEFFOGD2M",
"PolicyName": "AWSCodeDeployRoleForECSLimited",
"UpdateDate": "2019-09-23T22:10:29+00:00",
"VersionId": "v3"
},
"AWSCodeDeployRoleForLambda": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda",
"AttachmentCount": 0,
"CreateDate": "2017-11-28T14:05:44+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:DescribeAlarms",
"lambda:UpdateAlias",
"lambda:GetAlias",
"lambda:GetProvisionedConcurrencyConfig",
"sns:Publish"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*/CodeDeploy/*"
},
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion"
],
"Condition": {
"StringEquals": {
"s3:ExistingObjectTag/UseWithCodeDeploy": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": "arn:aws:lambda:*:*:function:CodeDeployHook_*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJA3RQZIKNOSJ4ZQSA",
"PolicyName": "AWSCodeDeployRoleForLambda",
"UpdateDate": "2019-12-03T19:53:10+00:00",
"VersionId": "v3"
},
"AWSCodeDeployRoleForLambdaLimited": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited",
"AttachmentCount": 0,
"CreateDate": "2020-08-17T17:14:14+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:DescribeAlarms",
"lambda:UpdateAlias",
"lambda:GetAlias",
"lambda:GetProvisionedConcurrencyConfig"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*/CodeDeploy/*"
},
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion"
],
"Condition": {
"StringEquals": {
"s3:ExistingObjectTag/UseWithCodeDeploy": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": "arn:aws:lambda:*:*:function:CodeDeployHook_*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4C55RUFGEB",
"PolicyName": "AWSCodeDeployRoleForLambdaLimited",
"UpdateDate": "2020-08-17T17:14:14+00:00",
"VersionId": "v1"
},
"AWSCodePipelineApproverAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodePipelineApproverAccess",
"AttachmentCount": 0,
"CreateDate": "2016-07-28T18:59:17+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"codepipeline:GetPipeline",
"codepipeline:GetPipelineState",
"codepipeline:GetPipelineExecution",
"codepipeline:ListPipelineExecutions",
"codepipeline:ListPipelines",
"codepipeline:PutApprovalResult"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAICXNWK42SQ6LMDXM2",
"PolicyName": "AWSCodePipelineApproverAccess",
"UpdateDate": "2017-08-02T17:24:58+00:00",
"VersionId": "v3"
},
"AWSCodePipelineCustomActionAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodePipelineCustomActionAccess",
"AttachmentCount": 0,
"CreateDate": "2015-07-09T17:02:54+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"codepipeline:AcknowledgeJob",
"codepipeline:GetJobDetails",
"codepipeline:PollForJobs",
"codepipeline:PutJobFailureResult",
"codepipeline:PutJobSuccessResult"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJFW5Z32BTVF76VCYC",
"PolicyName": "AWSCodePipelineCustomActionAccess",
"UpdateDate": "2015-07-09T17:02:54+00:00",
"VersionId": "v1"
},
"AWSCodePipelineFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodePipelineFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-07-09T16:58:07+00:00",
"DefaultVersionId": "v10",
"Document": {
"Statement": [
{
"Action": [
"codepipeline:*",
"cloudformation:DescribeStacks",
"cloudformation:ListChangeSets",
"cloudtrail:CreateTrail",
"cloudtrail:DescribeTrails",
"cloudtrail:GetEventSelectors",
"cloudtrail:PutEventSelectors",
"cloudtrail:StartLogging",
"codebuild:BatchGetProjects",
"codebuild:CreateProject",
"codebuild:ListCuratedEnvironmentImages",
"codebuild:ListProjects",
"codecommit:GetBranch",
"codecommit:GetRepositoryTriggers",
"codecommit:ListBranches",
"codecommit:ListRepositories",
"codecommit:PutRepositoryTriggers",
"codecommit:GetReferences",
"codedeploy:GetApplication",
"codedeploy:BatchGetApplications",
"codedeploy:GetDeploymentGroup",
"codedeploy:BatchGetDeploymentGroups",
"codedeploy:ListApplications",
"codedeploy:ListDeploymentGroups",
"devicefarm:GetDevicePool",
"devicefarm:GetProject",
"devicefarm:ListDevicePools",
"devicefarm:ListProjects",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecs:ListClusters",
"ecs:ListServices",
"elasticbeanstalk:DescribeApplications",
"elasticbeanstalk:DescribeEnvironments",
"iam:ListRoles",
"iam:GetRole",
"lambda:GetFunctionConfiguration",
"lambda:ListFunctions",
"events:ListRules",
"events:ListTargetsByRule",
"events:DescribeRule",
"opsworks:DescribeApps",
"opsworks:DescribeLayers",
"opsworks:DescribeStacks",
"s3:GetBucketPolicy",
"s3:GetBucketVersioning",
"s3:GetObjectVersion",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"sns:ListTopics",
"codestar-notifications:ListNotificationRules",
"codestar-notifications:ListTargets",
"codestar-notifications:ListTagsforResource",
"codestar-notifications:ListEventTypes",
"states:ListStateMachines"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject",
"s3:CreateBucket",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:s3::*:codepipeline-*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"events.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/service-role/cwe-role-*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"codepipeline.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"events:PutRule",
"events:PutTargets",
"events:DeleteRule",
"events:DisableRule",
"events:RemoveTargets"
],
"Effect": "Allow",
"Resource": [
"arn:aws:events:*:*:rule/codepipeline-*"
]
},
{
"Action": [
"codestar-notifications:CreateNotificationRule",
"codestar-notifications:DescribeNotificationRule",
"codestar-notifications:UpdateNotificationRule",
"codestar-notifications:DeleteNotificationRule",
"codestar-notifications:Subscribe",
"codestar-notifications:Unsubscribe"
],
"Condition": {
"StringLike": {
"codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsReadWriteAccess"
},
{
"Action": [
"sns:CreateTopic",
"sns:SetTopicAttributes"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:codestar-notifications*",
"Sid": "CodeStarNotificationsSNSTopicCreateAccess"
},
{
"Action": [
"chatbot:DescribeSlackChannelConfigurations"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsChatbotAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJP5LH77KSAT2KHQGG",
"PolicyName": "AWSCodePipelineFullAccess",
"UpdateDate": "2020-05-21T22:03:13+00:00",
"VersionId": "v10"
},
"AWSCodePipelineReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodePipelineReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-07-09T16:43:57+00:00",
"DefaultVersionId": "v9",
"Document": {
"Statement": [
{
"Action": [
"codepipeline:GetPipeline",
"codepipeline:GetPipelineState",
"codepipeline:GetPipelineExecution",
"codepipeline:ListPipelineExecutions",
"codepipeline:ListActionExecutions",
"codepipeline:ListActionTypes",
"codepipeline:ListPipelines",
"codepipeline:ListTagsForResource",
"iam:ListRoles",
"s3:GetBucketPolicy",
"s3:GetObject",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"codecommit:ListBranches",
"codecommit:ListRepositories",
"codedeploy:GetApplication",
"codedeploy:GetDeploymentGroup",
"codedeploy:ListApplications",
"codedeploy:ListDeploymentGroups",
"elasticbeanstalk:DescribeApplications",
"elasticbeanstalk:DescribeEnvironments",
"lambda:GetFunctionConfiguration",
"lambda:ListFunctions",
"opsworks:DescribeApps",
"opsworks:DescribeLayers",
"opsworks:DescribeStacks",
"codestar-notifications:ListNotificationRules",
"codestar-notifications:ListEventTypes",
"codestar-notifications:ListTargets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"codestar-notifications:DescribeNotificationRule"
],
"Condition": {
"StringLike": {
"codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsReadOnlyAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAILFKZXIBOTNC5TO2Q",
"PolicyName": "AWSCodePipelineReadOnlyAccess",
"UpdateDate": "2020-03-26T16:07:17+00:00",
"VersionId": "v9"
},
"AWSCodePipeline_FullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodePipeline_FullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-08-03T22:38:28+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"codepipeline:*",
"cloudformation:DescribeStacks",
"cloudformation:ListChangeSets",
"cloudtrail:DescribeTrails",
"codebuild:BatchGetProjects",
"codebuild:CreateProject",
"codebuild:ListCuratedEnvironmentImages",
"codebuild:ListProjects",
"codecommit:ListBranches",
"codecommit:GetReferences",
"codecommit:ListRepositories",
"codedeploy:BatchGetDeploymentGroups",
"codedeploy:ListApplications",
"codedeploy:ListDeploymentGroups",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecs:ListClusters",
"ecs:ListServices",
"elasticbeanstalk:DescribeApplications",
"elasticbeanstalk:DescribeEnvironments",
"iam:ListRoles",
"iam:GetRole",
"lambda:ListFunctions",
"events:ListRules",
"events:ListTargetsByRule",
"events:DescribeRule",
"opsworks:DescribeApps",
"opsworks:DescribeLayers",
"opsworks:DescribeStacks",
"s3:ListAllMyBuckets",
"sns:ListTopics",
"codestar-notifications:ListNotificationRules",
"codestar-notifications:ListTargets",
"codestar-notifications:ListTagsforResource",
"codestar-notifications:ListEventTypes",
"states:ListStateMachines"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:GetBucketPolicy",
"s3:GetBucketVersioning",
"s3:GetObjectVersion",
"s3:CreateBucket",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:s3::*:codepipeline-*"
},
{
"Action": [
"cloudtrail:PutEventSelectors",
"cloudtrail:CreateTrail",
"cloudtrail:GetEventSelectors",
"cloudtrail:StartLogging"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudtrail:*:*:trail/codepipeline-source-trail"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"events.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/service-role/cwe-role-*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"codepipeline.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"events:PutRule",
"events:PutTargets",
"events:DeleteRule",
"events:DisableRule",
"events:RemoveTargets"
],
"Effect": "Allow",
"Resource": [
"arn:aws:events:*:*:rule/codepipeline-*"
]
},
{
"Action": [
"codestar-notifications:CreateNotificationRule",
"codestar-notifications:DescribeNotificationRule",
"codestar-notifications:UpdateNotificationRule",
"codestar-notifications:DeleteNotificationRule",
"codestar-notifications:Subscribe",
"codestar-notifications:Unsubscribe"
],
"Condition": {
"StringLike": {
"codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsReadWriteAccess"
},
{
"Action": [
"sns:CreateTopic",
"sns:SetTopicAttributes"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:codestar-notifications*",
"Sid": "CodeStarNotificationsSNSTopicCreateAccess"
},
{
"Action": [
"chatbot:DescribeSlackChannelConfigurations"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsChatbotAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4A6ZKP3LKA",
"PolicyName": "AWSCodePipeline_FullAccess",
"UpdateDate": "2020-08-03T22:38:28+00:00",
"VersionId": "v1"
},
"AWSCodePipeline_ReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodePipeline_ReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-08-03T22:25:17+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"codepipeline:GetPipeline",
"codepipeline:GetPipelineState",
"codepipeline:GetPipelineExecution",
"codepipeline:ListPipelineExecutions",
"codepipeline:ListActionExecutions",
"codepipeline:ListActionTypes",
"codepipeline:ListPipelines",
"codepipeline:ListTagsForResource",
"s3:ListAllMyBuckets",
"codestar-notifications:ListNotificationRules",
"codestar-notifications:ListEventTypes",
"codestar-notifications:ListTargets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:GetBucketPolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:s3::*:codepipeline-*"
},
{
"Action": [
"codestar-notifications:DescribeNotificationRule"
],
"Condition": {
"StringLike": {
"codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarNotificationsReadOnlyAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4IGBTPGT6W",
"PolicyName": "AWSCodePipeline_ReadOnlyAccess",
"UpdateDate": "2020-08-03T22:25:17+00:00",
"VersionId": "v1"
},
"AWSCodeStarFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSCodeStarFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-04-19T16:23:19+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"codestar:*",
"ec2:DescribeKeyPairs",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"cloud9:DescribeEnvironment*",
"cloud9:ValidateEnvironmentName"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeStarEC2"
},
{
"Action": [
"cloudformation:DescribeStack*",
"cloudformation:GetTemplateSummary"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/awscodestar-*"
],
"Sid": "CodeStarCF"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIXI233TFUGLZOJBEC",
"PolicyName": "AWSCodeStarFullAccess",
"UpdateDate": "2018-01-10T21:54:06+00:00",
"VersionId": "v2"
},
"AWSCodeStarNotificationsServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSCodeStarNotificationsServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-11-05T16:10:21+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"events:PutTargets",
"events:PutRule",
"events:DescribeRule"
],
"Effect": "Allow",
"Resource": "arn:aws:events:*:*:rule/awscodestarnotifications-*"
},
{
"Action": [
"sns:CreateTopic"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:CodeStarNotifications-*"
},
{
"Action": [
"codecommit:GetCommentsForPullRequest",
"codecommit:GetCommentsForComparedCommit",
"chatbot:DescribeSlackChannelConfigurations",
"chatbot:UpdateSlackChannelConfiguration",
"codecommit:GetDifferences",
"codepipeline:ListActionExecutions"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"codecommit:GetFile"
],
"Condition": {
"StringNotEquals": {
"aws:ResourceTag/ExcludeFileContentFromNotifications": "true"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4BGRXOB2GH",
"PolicyName": "AWSCodeStarNotificationsServiceRolePolicy",
"UpdateDate": "2020-03-19T16:01:55+00:00",
"VersionId": "v4"
},
"AWSCodeStarServiceRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeStarServiceRole",
"AttachmentCount": 0,
"CreateDate": "2017-04-19T15:20:50+00:00",
"DefaultVersionId": "v10",
"Document": {
"Statement": [
{
"Action": [
"events:PutTargets",
"events:RemoveTargets",
"events:PutRule",
"events:DeleteRule",
"events:DescribeRule"
],
"Effect": "Allow",
"Resource": [
"arn:aws:events:*:*:rule/awscodestar-*"
],
"Sid": "ProjectEventRules"
},
{
"Action": [
"cloudformation:*Stack*",
"cloudformation:CreateChangeSet",
"cloudformation:ExecuteChangeSet",
"cloudformation:DeleteChangeSet",
"cloudformation:GetTemplate"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/awscodestar-*",
"arn:aws:cloudformation:*:*:stack/awseb-*",
"arn:aws:cloudformation:*:*:stack/aws-cloud9-*",
"arn:aws:cloudformation:*:aws:transform/CodeStar*"
],
"Sid": "ProjectStack"
},
{
"Action": [
"cloudformation:GetTemplateSummary",
"cloudformation:DescribeChangeSet"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ProjectStackTemplate"
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::awscodestar-*/*"
],
"Sid": "ProjectQuickstarts"
},
{
"Action": [
"s3:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-codestar-*",
"arn:aws:s3:::aws-codestar-*/*",
"arn:aws:s3:::elasticbeanstalk-*",
"arn:aws:s3:::elasticbeanstalk-*/*"
],
"Sid": "ProjectS3Buckets"
},
{
"Action": [
"codestar:*",
"codecommit:*",
"codepipeline:*",
"codedeploy:*",
"codebuild:*",
"ec2:RunInstances",
"autoscaling:*",
"cloudwatch:Put*",
"ec2:*",
"elasticbeanstalk:*",
"elasticloadbalancing:*",
"iam:ListRoles",
"logs:*",
"sns:*",
"cloud9:CreateEnvironmentEC2",
"cloud9:DeleteEnvironment",
"cloud9:DescribeEnvironment*",
"cloud9:ListEnvironments"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ProjectServices"
},
{
"Action": [
"iam:AttachRolePolicy",
"iam:CreateRole",
"iam:DeleteRole",
"iam:DeleteRolePolicy",
"iam:DetachRolePolicy",
"iam:GetRole",
"iam:PassRole",
"iam:GetRolePolicy",
"iam:PutRolePolicy",
"iam:SetDefaultPolicyVersion",
"iam:CreatePolicy",
"iam:DeletePolicy",
"iam:AddRoleToInstanceProfile",
"iam:CreateInstanceProfile",
"iam:DeleteInstanceProfile",
"iam:RemoveRoleFromInstanceProfile"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/CodeStarWorker*",
"arn:aws:iam::*:policy/CodeStarWorker*",
"arn:aws:iam::*:instance-profile/awscodestar-*"
],
"Sid": "ProjectWorkerRoles"
},
{
"Action": [
"iam:AttachUserPolicy",
"iam:DetachUserPolicy"
],
"Condition": {
"ArnEquals": {
"iam:PolicyArn": [
"arn:aws:iam::*:policy/CodeStar_*"
]
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "ProjectTeamMembers"
},
{
"Action": [
"iam:CreatePolicy",
"iam:DeletePolicy",
"iam:CreatePolicyVersion",
"iam:DeletePolicyVersion",
"iam:ListEntitiesForPolicy",
"iam:ListPolicyVersions",
"iam:GetPolicy",
"iam:GetPolicyVersion"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:policy/CodeStar_*"
],
"Sid": "ProjectRoles"
},
{
"Action": [
"iam:ListAttachedRolePolicies"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-codestar-service-role",
"arn:aws:iam::*:role/service-role/aws-codestar-service-role"
],
"Sid": "InspectServiceRole"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "cloud9.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "IAMLinkRole"
},
{
"Action": [
"config:DescribeConfigRules"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "DescribeConfigRuleForARN"
},
{
"Action": [
"codestar-connections:UseConnection",
"codestar-connections:GetConnection"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ProjectCodeStarConnections"
},
{
"Action": "codestar-connections:PassConnection",
"Condition": {
"ForAnyValue:StringEqualsIfExists": {
"codestar-connections:PassedToService": "codepipeline.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "ProjectCodeStarConnectionsPassConnections"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIN6D4M2KD3NBOC4M4",
"PolicyName": "AWSCodeStarServiceRole",
"UpdateDate": "2021-02-15T22:25:37+00:00",
"VersionId": "v10"
},
"AWSCompromisedKeyQuarantine": {
"Arn": "arn:aws:iam::aws:policy/AWSCompromisedKeyQuarantine",
"AttachmentCount": 0,
"CreateDate": "2020-08-11T18:04:13+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iam:AttachGroupPolicy",
"iam:AttachRolePolicy",
"iam:AttachUserPolicy",
"iam:ChangePassword",
"iam:CreateAccessKey",
"iam:CreateInstanceProfile",
"iam:CreateLoginProfile",
"iam:CreateRole",
"iam:CreateUser",
"iam:DetachUserPolicy",
"iam:PutUserPermissionsBoundary",
"iam:PutUserPolicy",
"iam:UpdateAccessKey",
"iam:UpdateAccountPasswordPolicy",
"iam:UpdateUser",
"ec2:RequestSpotInstances",
"ec2:RunInstances",
"ec2:StartInstances",
"organizations:CreateAccount",
"organizations:CreateOrganization",
"organizations:InviteAccountToOrganization",
"lambda:CreateFunction",
"lightsail:Create*",
"lightsail:Start*",
"lightsail:Delete*",
"lightsail:Update*",
"lightsail:GetInstanceAccessDetails",
"lightsail:DownloadDefaultKeyPair"
],
"Effect": "Deny",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4PLD3NKX4L",
"PolicyName": "AWSCompromisedKeyQuarantine",
"UpdateDate": "2020-08-11T18:04:13+00:00",
"VersionId": "v1"
},
"AWSCompromisedKeyQuarantineV2": {
"Arn": "arn:aws:iam::aws:policy/AWSCompromisedKeyQuarantineV2",
"AttachmentCount": 0,
"CreateDate": "2021-04-21T22:30:59+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:RequestSpotInstances",
"ec2:RunInstances",
"ec2:StartInstances",
"iam:AddUserToGroup",
"iam:AttachGroupPolicy",
"iam:AttachRolePolicy",
"iam:AttachUserPolicy",
"iam:ChangePassword",
"iam:CreateAccessKey",
"iam:CreateInstanceProfile",
"iam:CreateLoginProfile",
"iam:CreatePolicyVersion",
"iam:CreateRole",
"iam:CreateUser",
"iam:DetachUserPolicy",
"iam:PassRole",
"iam:PutGroupPolicy",
"iam:PutRolePolicy",
"iam:PutUserPermissionsBoundary",
"iam:PutUserPolicy",
"iam:SetDefaultPolicyVersion",
"iam:UpdateAccessKey",
"iam:UpdateAccountPasswordPolicy",
"iam:UpdateAssumeRolePolicy",
"iam:UpdateLoginProfile",
"iam:UpdateUser",
"lambda:AddLayerVersionPermission",
"lambda:AddPermission",
"lambda:CreateFunction",
"lambda:GetPolicy",
"lambda:ListTags",
"lambda:PutProvisionedConcurrencyConfig",
"lambda:TagResource",
"lambda:UntagResource",
"lambda:UpdateFunctionCode",
"lightsail:Create*",
"lightsail:Delete*",
"lightsail:DownloadDefaultKeyPair",
"lightsail:GetInstanceAccessDetails",
"lightsail:Start*",
"lightsail:Update*",
"organizations:CreateAccount",
"organizations:CreateOrganization",
"organizations:InviteAccountToOrganization",
"s3:DeleteBucket",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutLifecycleConfiguration",
"s3:PutBucketAcl",
"s3:DeleteBucketOwnershipControls",
"s3:DeleteBucketPolicy",
"s3:ObjectOwnerOverrideToBucketOwner",
"s3:PutAccountPublicAccessBlock",
"s3:PutBucketPolicy",
"s3:ListAllMyBuckets"
],
"Effect": "Deny",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4PFYMROIMI",
"PolicyName": "AWSCompromisedKeyQuarantineV2",
"UpdateDate": "2021-04-21T22:30:59+00:00",
"VersionId": "v1"
},
"AWSConfigMultiAccountSetupPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSConfigMultiAccountSetupPolicy",
"AttachmentCount": 0,
"CreateDate": "2019-06-17T18:03:16+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"config:PutConfigRule",
"config:DeleteConfigRule"
],
"Effect": "Allow",
"Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/config-multiaccountsetup.amazonaws.com/*"
},
{
"Action": [
"config:DescribeConfigurationRecorders"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"organizations:ListAccounts",
"organizations:DescribeOrganization",
"organizations:ListAWSServiceAccessForOrganization",
"organizations:DescribeAccount"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"config:PutConformancePack",
"config:DeleteConformancePack",
"config:DescribeConformancePackStatus"
],
"Effect": "Allow",
"Resource": "arn:aws:config:*:*:conformance-pack/aws-service-conformance-pack/config-multiaccountsetup.amazonaws.com/*"
},
{
"Action": [
"iam:GetRole"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringLike": {
"iam:AWSServiceName": "config-conforms.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "ssm.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4L5NAGNGTD",
"PolicyName": "AWSConfigMultiAccountSetupPolicy",
"UpdateDate": "2020-05-21T22:59:26+00:00",
"VersionId": "v4"
},
"AWSConfigRemediationServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSConfigRemediationServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-06-18T21:21:35+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ssm:GetDocument",
"ssm:DescribeDocument",
"ssm:StartAutomationExecution"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "ssm.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4BC7ZOM6NP",
"PolicyName": "AWSConfigRemediationServiceRolePolicy",
"UpdateDate": "2019-06-18T21:21:35+00:00",
"VersionId": "v1"
},
"AWSConfigRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSConfigRole",
"AttachmentCount": 0,
"CreateDate": "2015-04-02T17:36:23+00:00",
"DefaultVersionId": "v39",
"Document": {
"Statement": [
{
"Action": [
"access-analyzer:GetAnalyzer",
"access-analyzer:ListAnalyzers",
"access-analyzer:ListArchiveRules",
"access-analyzer:ListTagsForResource",
"acm:DescribeCertificate",
"acm:ListCertificates",
"acm:ListTagsForCertificate",
"apigateway:GET",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingPolicies",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeLifecycleHooks",
"autoscaling:DescribePolicies",
"autoscaling:DescribeScheduledActions",
"autoscaling:DescribeTags",
"backup:DescribeBackupVault",
"backup:DescribeRecoveryPoint",
"backup:GetBackupPlan",
"backup:GetBackupSelection",
"backup:GetBackupVaultAccessPolicy",
"backup:GetBackupVaultNotifications",
"backup:ListBackupPlans",
"backup:ListBackupSelections",
"backup:ListBackupVaults",
"backup:ListRecoveryPointsByBackupVault",
"backup:ListTags",
"cloudformation:DescribeType",
"cloudformation:ListTypes",
"cloudfront:ListDistributions",
"cloudfront:ListTagsForResource",
"cloudtrail:DescribeTrails",
"cloudtrail:GetEventSelectors",
"cloudtrail:GetTrailStatus",
"cloudtrail:ListTags",
"cloudwatch:DescribeAlarms",
"codepipeline:GetPipeline",
"codepipeline:GetPipelineState",
"codepipeline:ListPipelines",
"config:BatchGet*",
"config:Describe*",
"config:Get*",
"config:List*",
"config:Put*",
"config:Select*",
"dax:DescribeClusters",
"dms:DescribeReplicationInstances",
"dms:DescribeReplicationSubnetGroups",
"dms:ListTagsForResource",
"dynamodb:DescribeContinuousBackups",
"dynamodb:DescribeLimits",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:Describe*",
"ec2:GetEbsEncryptionByDefault",
"ecr:DescribeRepositories",
"ecr:GetLifecyclePolicy",
"ecr:GetRepositoryPolicy",
"ecr:ListTagsForResource",
"ecs:DescribeClusters",
"ecs:DescribeServices",
"ecs:DescribeTaskDefinition",
"ecs:DescribeTaskSets",
"ecs:ListClusters",
"ecs:ListServices",
"ecs:ListTagsForResource",
"ecs:ListTaskDefinitions",
"eks:DescribeCluster",
"eks:DescribeNodegroup",
"eks:ListClusters",
"eks:ListNodegroups",
"elasticache:DescribeCacheClusters",
"elasticache:DescribeCacheParameterGroups",
"elasticache:DescribeCacheSubnetGroups",
"elasticache:DescribeReplicationGroups",
"elasticache:ListTagsForResource",
"elasticfilesystem:DescribeAccessPoints",
"elasticfilesystem:DescribeBackupPolicy",
"elasticfilesystem:DescribeFileSystemPolicy",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:DescribeLifecycleConfiguration",
"elasticfilesystem:DescribeMountTargets",
"elasticfilesystem:DescribeMountTargetSecurityGroups",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticmapreduce:DescribeCluster",
"elasticmapreduce:DescribeSecurityConfiguration",
"elasticmapreduce:DescribeStep",
"elasticmapreduce:GetBlockPublicAccessConfiguration",
"elasticmapreduce:GetManagedScalingPolicy",
"elasticmapreduce:ListClusters",
"elasticmapreduce:ListInstanceFleets",
"elasticmapreduce:ListInstanceGroups",
"elasticmapreduce:ListInstances",
"elasticmapreduce:ListSecurityConfigurations",
"elasticmapreduce:ListSteps",
"es:DescribeElasticsearchDomain",
"es:DescribeElasticsearchDomains",
"es:ListDomainNames",
"es:ListTags",
"guardduty:GetDetector",
"guardduty:GetFindings",
"guardduty:GetMasterAccount",
"guardduty:ListDetectors",
"guardduty:ListFindings",
"iam:GenerateCredentialReport",
"iam:GetAccountAuthorizationDetails",
"iam:GetAccountPasswordPolicy",
"iam:GetAccountSummary",
"iam:GetCredentialReport",
"iam:GetGroup",
"iam:GetGroupPolicy",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:GetUser",
"iam:GetUserPolicy",
"iam:ListAttachedGroupPolicies",
"iam:ListAttachedRolePolicies",
"iam:ListAttachedUserPolicies",
"iam:ListEntitiesForPolicy",
"iam:ListGroupPolicies",
"iam:ListGroupsForUser",
"iam:ListInstanceProfilesForRole",
"iam:ListPolicyVersions",
"iam:ListRolePolicies",
"iam:ListUserPolicies",
"iam:ListVirtualMFADevices",
"kinesis:DescribeStreamConsumer",
"kinesis:DescribeStreamSummary",
"kinesis:ListStreamConsumers",
"kinesis:ListStreams",
"kinesis:ListTagsForStream",
"kms:DescribeKey",
"kms:GetKeyPolicy",
"kms:GetKeyRotationStatus",
"kms:ListKeys",
"kms:ListResourceTags",
"lambda:GetAlias",
"lambda:GetFunction",
"lambda:GetFunctionCodeSigningConfig",
"lambda:GetPolicy",
"lambda:ListAliases",
"lambda:ListFunctions",
"lambda:ListVersionsByFunction",
"logs:DescribeLogGroups",
"network-firewall:DescribeLoggingConfiguration",
"network-firewall:ListFirewalls",
"organizations:DescribeOrganization",
"rds:DescribeDBClusters",
"rds:DescribeDBClusterSnapshotAttributes",
"rds:DescribeDBClusterSnapshots",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeDBSecurityGroups",
"rds:DescribeDBSnapshotAttributes",
"rds:DescribeDBSnapshots",
"rds:DescribeDBSubnetGroups",
"rds:DescribeEventSubscriptions",
"rds:ListTagsForResource",
"redshift:DescribeClusterParameterGroups",
"redshift:DescribeClusterParameters",
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"redshift:DescribeClusterSnapshots",
"redshift:DescribeClusterSubnetGroups",
"redshift:DescribeEventSubscriptions",
"redshift:DescribeLoggingStatus",
"route53:GetHealthCheck",
"route53:GetHostedZone",
"route53:ListHealthChecks",
"route53:ListHostedZones",
"route53:ListHostedZonesByName",
"route53:ListQueryLoggingConfigs",
"route53:ListResourceRecordSets",
"route53:ListTagsForResource",
"s3:GetAccelerateConfiguration",
"s3:GetAccessPoint",
"s3:GetAccessPointPolicy",
"s3:GetAccessPointPolicyStatus",
"s3:GetAccountPublicAccessBlock",
"s3:GetBucketAcl",
"s3:GetBucketCORS",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketObjectLockConfiguration",
"s3:GetBucketPolicy",
"s3:GetBucketPublicAccessBlock",
"s3:GetBucketRequestPayment",
"s3:GetBucketTagging",
"s3:GetBucketVersioning",
"s3:GetBucketWebsite",
"s3:GetEncryptionConfiguration",
"s3:GetLifecycleConfiguration",
"s3:GetObject",
"s3:GetReplicationConfiguration",
"s3:ListAccessPoints",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"sagemaker:DescribeCodeRepository",
"sagemaker:DescribeEndpointConfig",
"sagemaker:DescribeNotebookInstance",
"sagemaker:ListCodeRepositories",
"sagemaker:ListEndpointConfigs",
"sagemaker:ListNotebookInstances",
"sagemaker:ListTags",
"secretsmanager:ListSecrets",
"secretsmanager:ListSecretVersionIds",
"securityhub:DescribeHub",
"shield:DescribeDRTAccess",
"shield:DescribeProtection",
"shield:DescribeSubscription",
"sns:GetTopicAttributes",
"sns:ListSubscriptions",
"sns:ListTagsForResource",
"sns:ListTopics",
"sqs:GetQueueAttributes",
"sqs:ListQueues",
"sqs:ListQueueTags",
"ssm:DescribeAutomationExecutions",
"ssm:DescribeDocument",
"ssm:DescribeDocumentPermission",
"ssm:GetAutomationExecution",
"ssm:GetDocument",
"ssm:ListDocuments",
"storagegateway:ListGateways",
"storagegateway:ListVolumes",
"support:DescribeCases",
"tag:GetResources",
"waf-regional:GetLoggingConfiguration",
"waf-regional:GetWebACL",
"waf-regional:GetWebACLForResource",
"waf:GetLoggingConfiguration",
"waf:GetWebACL",
"wafv2:GetLoggingConfiguration"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIQRXRDRGJUA33ELIO",
"PolicyName": "AWSConfigRole",
"UpdateDate": "2021-06-07T23:03:51+00:00",
"VersionId": "v39"
},
"AWSConfigRoleForOrganizations": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations",
"AttachmentCount": 0,
"CreateDate": "2018-03-19T22:53:01+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"organizations:ListAccounts",
"organizations:DescribeOrganization",
"organizations:ListAWSServiceAccessForOrganization",
"organizations:ListDelegatedAdministrators"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIEHGYAUTHXSXZAW2E",
"PolicyName": "AWSConfigRoleForOrganizations",
"UpdateDate": "2020-11-24T20:19:13+00:00",
"VersionId": "v2"
},
"AWSConfigRulesExecutionRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSConfigRulesExecutionRole",
"AttachmentCount": 0,
"CreateDate": "2016-03-25T17:59:36+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*/AWSLogs/*/Config/*"
},
{
"Action": [
"config:Put*",
"config:Get*",
"config:List*",
"config:Describe*",
"config:BatchGet*",
"config:Select*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJUB3KIKTA4PU4OYAA",
"PolicyName": "AWSConfigRulesExecutionRole",
"UpdateDate": "2019-05-13T21:33:30+00:00",
"VersionId": "v3"
},
"AWSConfigServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSConfigServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-05-30T23:31:46+00:00",
"DefaultVersionId": "v25",
"Document": {
"Statement": [
{
"Action": [
"access-analyzer:GetAnalyzer",
"access-analyzer:ListAnalyzers",
"access-analyzer:ListArchiveRules",
"access-analyzer:ListTagsForResource",
"acm:DescribeCertificate",
"acm:ListCertificates",
"acm:ListTagsForCertificate",
"apigateway:GET",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingPolicies",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeLifecycleHooks",
"autoscaling:DescribePolicies",
"autoscaling:DescribeScheduledActions",
"autoscaling:DescribeTags",
"backup:DescribeBackupVault",
"backup:DescribeRecoveryPoint",
"backup:GetBackupPlan",
"backup:GetBackupSelection",
"backup:GetBackupVaultAccessPolicy",
"backup:GetBackupVaultNotifications",
"backup:ListBackupPlans",
"backup:ListBackupSelections",
"backup:ListBackupVaults",
"backup:ListRecoveryPointsByBackupVault",
"backup:ListTags",
"cloudformation:DescribeType",
"cloudformation:ListTypes",
"cloudfront:ListDistributions",
"cloudfront:ListTagsForResource",
"cloudtrail:DescribeTrails",
"cloudtrail:GetEventSelectors",
"cloudtrail:GetTrailStatus",
"cloudtrail:ListTags",
"cloudwatch:DescribeAlarms",
"codepipeline:GetPipeline",
"codepipeline:GetPipelineState",
"codepipeline:ListPipelines",
"config:BatchGet*",
"config:Describe*",
"config:Get*",
"config:List*",
"config:Put*",
"config:Select*",
"dax:DescribeClusters",
"dms:DescribeReplicationInstances",
"dms:DescribeReplicationSubnetGroups",
"dms:ListTagsForResource",
"dynamodb:DescribeContinuousBackups",
"dynamodb:DescribeLimits",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:Describe*",
"ec2:GetEbsEncryptionByDefault",
"ecr:DescribeRepositories",
"ecr:GetLifecyclePolicy",
"ecr:GetRepositoryPolicy",
"ecr:ListTagsForResource",
"ecs:DescribeClusters",
"ecs:DescribeServices",
"ecs:DescribeTaskDefinition",
"ecs:DescribeTaskSets",
"ecs:ListClusters",
"ecs:ListServices",
"ecs:ListTagsForResource",
"ecs:ListTaskDefinitions",
"eks:DescribeCluster",
"eks:DescribeNodegroup",
"eks:ListClusters",
"eks:ListNodegroups",
"elasticache:DescribeCacheClusters",
"elasticache:DescribeCacheParameterGroups",
"elasticache:DescribeCacheSubnetGroups",
"elasticache:DescribeReplicationGroups",
"elasticache:ListTagsForResource",
"elasticfilesystem:DescribeAccessPoints",
"elasticfilesystem:DescribeBackupPolicy",
"elasticfilesystem:DescribeFileSystemPolicy",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:DescribeLifecycleConfiguration",
"elasticfilesystem:DescribeMountTargets",
"elasticfilesystem:DescribeMountTargetSecurityGroups",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticmapreduce:DescribeCluster",
"elasticmapreduce:DescribeSecurityConfiguration",
"elasticmapreduce:DescribeStep",
"elasticmapreduce:GetBlockPublicAccessConfiguration",
"elasticmapreduce:GetManagedScalingPolicy",
"elasticmapreduce:ListClusters",
"elasticmapreduce:ListInstanceFleets",
"elasticmapreduce:ListInstanceGroups",
"elasticmapreduce:ListInstances",
"elasticmapreduce:ListSecurityConfigurations",
"elasticmapreduce:ListSteps",
"es:DescribeElasticsearchDomain",
"es:DescribeElasticsearchDomains",
"es:ListDomainNames",
"es:ListTags",
"guardduty:GetDetector",
"guardduty:GetFindings",
"guardduty:GetMasterAccount",
"guardduty:ListDetectors",
"guardduty:ListFindings",
"iam:GenerateCredentialReport",
"iam:GetAccountAuthorizationDetails",
"iam:GetAccountPasswordPolicy",
"iam:GetAccountSummary",
"iam:GetCredentialReport",
"iam:GetGroup",
"iam:GetGroupPolicy",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:GetUser",
"iam:GetUserPolicy",
"iam:ListAttachedGroupPolicies",
"iam:ListAttachedRolePolicies",
"iam:ListAttachedUserPolicies",
"iam:ListEntitiesForPolicy",
"iam:ListGroupPolicies",
"iam:ListGroupsForUser",
"iam:ListInstanceProfilesForRole",
"iam:ListPolicyVersions",
"iam:ListRolePolicies",
"iam:ListUserPolicies",
"iam:ListVirtualMFADevices",
"kinesis:DescribeStreamConsumer",
"kinesis:DescribeStreamSummary",
"kinesis:ListStreamConsumers",
"kinesis:ListStreams",
"kinesis:ListTagsForStream",
"kms:DescribeKey",
"kms:GetKeyPolicy",
"kms:GetKeyRotationStatus",
"kms:ListKeys",
"kms:ListResourceTags",
"lambda:GetAlias",
"lambda:GetFunction",
"lambda:GetFunctionCodeSigningConfig",
"lambda:GetPolicy",
"lambda:ListAliases",
"lambda:ListFunctions",
"lambda:ListVersionsByFunction",
"logs:DescribeLogGroups",
"network-firewall:DescribeLoggingConfiguration",
"network-firewall:ListFirewalls",
"organizations:DescribeOrganization",
"rds:DescribeDBClusters",
"rds:DescribeDBClusterSnapshotAttributes",
"rds:DescribeDBClusterSnapshots",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeDBSecurityGroups",
"rds:DescribeDBSnapshotAttributes",
"rds:DescribeDBSnapshots",
"rds:DescribeDBSubnetGroups",
"rds:DescribeEventSubscriptions",
"rds:ListTagsForResource",
"redshift:DescribeClusterParameterGroups",
"redshift:DescribeClusterParameters",
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"redshift:DescribeClusterSnapshots",
"redshift:DescribeClusterSubnetGroups",
"redshift:DescribeEventSubscriptions",
"redshift:DescribeLoggingStatus",
"route53:GetHealthCheck",
"route53:GetHostedZone",
"route53:ListHealthChecks",
"route53:ListHostedZones",
"route53:ListHostedZonesByName",
"route53:ListQueryLoggingConfigs",
"route53:ListResourceRecordSets",
"route53:ListTagsForResource",
"s3:GetAccelerateConfiguration",
"s3:GetAccessPoint",
"s3:GetAccessPointPolicy",
"s3:GetAccessPointPolicyStatus",
"s3:GetAccountPublicAccessBlock",
"s3:GetBucketAcl",
"s3:GetBucketCORS",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketObjectLockConfiguration",
"s3:GetBucketPolicy",
"s3:GetBucketPublicAccessBlock",
"s3:GetBucketRequestPayment",
"s3:GetBucketTagging",
"s3:GetBucketVersioning",
"s3:GetBucketWebsite",
"s3:GetEncryptionConfiguration",
"s3:GetLifecycleConfiguration",
"s3:GetReplicationConfiguration",
"s3:ListAccessPoints",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"sagemaker:DescribeCodeRepository",
"sagemaker:DescribeEndpointConfig",
"sagemaker:DescribeNotebookInstance",
"sagemaker:ListCodeRepositories",
"sagemaker:ListEndpointConfigs",
"sagemaker:ListNotebookInstances",
"sagemaker:ListTags",
"secretsmanager:ListSecrets",
"secretsmanager:ListSecretVersionIds",
"securityhub:DescribeHub",
"shield:DescribeDRTAccess",
"shield:DescribeProtection",
"shield:DescribeSubscription",
"sns:GetTopicAttributes",
"sns:ListSubscriptions",
"sns:ListTagsForResource",
"sns:ListTopics",
"sqs:GetQueueAttributes",
"sqs:ListQueues",
"sqs:ListQueueTags",
"ssm:DescribeAutomationExecutions",
"ssm:DescribeDocument",
"ssm:DescribeDocumentPermission",
"ssm:GetAutomationExecution",
"ssm:GetDocument",
"ssm:ListDocuments",
"storagegateway:ListGateways",
"storagegateway:ListVolumes",
"support:DescribeCases",
"tag:GetResources",
"waf-regional:GetLoggingConfiguration",
"waf-regional:GetWebACL",
"waf-regional:GetWebACLForResource",
"waf:GetLoggingConfiguration",
"waf:GetWebACL",
"wafv2:GetLoggingConfiguration"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJUCWFHNZER665LLQQ",
"PolicyName": "AWSConfigServiceRolePolicy",
"UpdateDate": "2021-06-07T23:01:42+00:00",
"VersionId": "v25"
},
"AWSConfigUserAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSConfigUserAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-18T19:38:41+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"config:Get*",
"config:Describe*",
"config:Deliver*",
"config:List*",
"config:Select*",
"tag:GetResources",
"tag:GetTagKeys",
"cloudtrail:DescribeTrails",
"cloudtrail:GetTrailStatus",
"cloudtrail:LookupEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIWTTSFJ7KKJE3MWGA",
"PolicyName": "AWSConfigUserAccess",
"UpdateDate": "2019-03-18T20:27:47+00:00",
"VersionId": "v4"
},
"AWSConnector": {
"Arn": "arn:aws:iam::aws:policy/AWSConnector",
"AttachmentCount": 0,
"CreateDate": "2015-02-11T17:14:31+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": "iam:GetUser",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:AbortMultipartUpload",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::import-to-ec2-*"
},
{
"Action": [
"ec2:CancelConversionTask",
"ec2:CancelExportTask",
"ec2:CreateImage",
"ec2:CreateInstanceExportTask",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DeleteTags",
"ec2:DeleteVolume",
"ec2:DescribeConversionTasks",
"ec2:DescribeExportTasks",
"ec2:DescribeImages",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstances",
"ec2:DescribeRegions",
"ec2:DescribeTags",
"ec2:DetachVolume",
"ec2:ImportInstance",
"ec2:ImportVolume",
"ec2:ModifyInstanceAttribute",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances",
"ec2:ImportImage",
"ec2:DescribeImportImageTasks",
"ec2:DeregisterImage",
"ec2:DescribeSnapshots",
"ec2:DeleteSnapshot",
"ec2:CancelImportTask",
"ec2:ImportSnapshot",
"ec2:DescribeImportSnapshotTasks"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"SNS:Publish"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:metrics-sns-topic-for-*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ6YATONJHICG3DJ3U",
"PolicyName": "AWSConnector",
"UpdateDate": "2015-09-28T19:50:38+00:00",
"VersionId": "v3"
},
"AWSControlTowerServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSControlTowerServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-05-03T18:19:11+00:00",
"DefaultVersionId": "v7",
"Document": {
"Statement": [
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:CreateStackInstances",
"cloudformation:CreateStackSet",
"cloudformation:DeleteStack",
"cloudformation:DeleteStackInstances",
"cloudformation:DeleteStackSet",
"cloudformation:DescribeStackInstance",
"cloudformation:DescribeStacks",
"cloudformation:DescribeStackSet",
"cloudformation:DescribeStackSetOperation",
"cloudformation:ListStackInstances",
"cloudformation:UpdateStack",
"cloudformation:UpdateStackInstances",
"cloudformation:UpdateStackSet"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:type/resource/AWS-IAM-Role"
]
},
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:CreateStackInstances",
"cloudformation:CreateStackSet",
"cloudformation:DeleteStack",
"cloudformation:DeleteStackInstances",
"cloudformation:DeleteStackSet",
"cloudformation:DescribeStackInstance",
"cloudformation:DescribeStacks",
"cloudformation:DescribeStackSet",
"cloudformation:DescribeStackSetOperation",
"cloudformation:GetTemplate",
"cloudformation:ListStackInstances",
"cloudformation:UpdateStack",
"cloudformation:UpdateStackInstances",
"cloudformation:UpdateStackSet"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/AWSControlTower*/*",
"arn:aws:cloudformation:*:*:stack/StackSet-AWSControlTower*/*",
"arn:aws:cloudformation:*:*:stackset/AWSControlTower*:*",
"arn:aws:cloudformation:*:*:stackset-target/AWSControlTower*/*"
]
},
{
"Action": [
"cloudtrail:CreateTrail",
"cloudtrail:DeleteTrail",
"cloudtrail:GetTrailStatus",
"cloudtrail:StartLogging",
"cloudtrail:StopLogging",
"cloudtrail:UpdateTrail",
"cloudtrail:PutEventSelectors",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:PutRetentionPolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:aws-controltower/CloudTrailLogs:*",
"arn:aws:cloudtrail:*:*:trail/aws-controltower*"
]
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-controltower*/*"
]
},
{
"Action": [
"sts:AssumeRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/AWSControlTowerExecution"
]
},
{
"Action": [
"cloudtrail:DescribeTrails",
"ec2:DescribeAvailabilityZones",
"iam:ListRoles",
"logs:CreateLogGroup",
"logs:DescribeLogGroups",
"organizations:CreateAccount",
"organizations:DescribeAccount",
"organizations:DescribeCreateAccountStatus",
"organizations:DescribeOrganization",
"organizations:DescribeOrganizationalUnit",
"organizations:DescribePolicy",
"organizations:ListAccounts",
"organizations:ListAccountsForParent",
"organizations:ListAWSServiceAccessForOrganization",
"organizations:ListChildren",
"organizations:ListOrganizationalUnitsForParent",
"organizations:ListParents",
"organizations:ListPoliciesForTarget",
"organizations:ListTargetsForPolicy",
"organizations:ListRoots",
"organizations:MoveAccount",
"servicecatalog:AssociatePrincipalWithPortfolio"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:GetRole",
"iam:GetUser",
"iam:ListAttachedRolePolicies",
"iam:GetRolePolicy"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/service-role/AWSControlTowerStackSetRole",
"arn:aws:iam::*:role/service-role/AWSControlTowerCloudTrailRole",
"arn:aws:iam::*:role/service-role/AWSControlTowerConfigAggregatorRoleForOrganizations"
]
},
{
"Action": [
"config:DeleteConfigurationAggregator",
"config:PutConfigurationAggregator",
"config:TagResource"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/aws-control-tower": "managed-by-control-tower"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "organizations:EnableAWSServiceAccess",
"Condition": {
"StringLike": {
"organizations:ServicePrincipal": "config.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MW35THVLF",
"PolicyName": "AWSControlTowerServiceRolePolicy",
"UpdateDate": "2021-06-04T23:00:46+00:00",
"VersionId": "v7"
},
"AWSDataExchangeFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSDataExchangeFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-11-13T19:27:59+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"dataexchange:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "s3:GetObject",
"Condition": {
"ForAnyValue:StringEquals": {
"aws:CalledVia": [
"dataexchange.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:s3:::*aws-data-exchange*"
},
{
"Action": "s3:GetObject",
"Condition": {
"ForAnyValue:StringEquals": {
"aws:CalledVia": [
"dataexchange.amazonaws.com"
]
},
"StringEqualsIgnoreCase": {
"s3:ExistingObjectTag/AWSDataExchange": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Condition": {
"ForAnyValue:StringEquals": {
"aws:CalledVia": [
"dataexchange.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:s3:::*aws-data-exchange*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"aws-marketplace:DescribeEntity",
"aws-marketplace:ListEntities",
"aws-marketplace:StartChangeSet",
"aws-marketplace:ListChangeSets",
"aws-marketplace:DescribeChangeSet",
"aws-marketplace:CancelChangeSet",
"aws-marketplace:GetAgreementApprovalRequest",
"aws-marketplace:ListAgreementApprovalRequests",
"aws-marketplace:AcceptAgreementApprovalRequest",
"aws-marketplace:RejectAgreementApprovalRequest",
"aws-marketplace:UpdateAgreementApprovalRequest",
"aws-marketplace:SearchAgreements",
"aws-marketplace:GetAgreementTerms"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"aws-marketplace:Subscribe",
"aws-marketplace:Unsubscribe",
"aws-marketplace:ViewSubscriptions",
"aws-marketplace:GetAgreementRequest",
"aws-marketplace:ListAgreementRequests",
"aws-marketplace:CancelAgreementRequest"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:DescribeKey",
"kms:ListAliases",
"kms:ListKeys"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MPDTDB3FH",
"PolicyName": "AWSDataExchangeFullAccess",
"UpdateDate": "2021-05-10T21:07:38+00:00",
"VersionId": "v4"
},
"AWSDataExchangeProviderFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSDataExchangeProviderFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-11-13T19:27:55+00:00",
"DefaultVersionId": "v7",
"Document": {
"Statement": [
{
"Action": [
"dataexchange:CreateDataSet",
"dataexchange:CreateRevision",
"dataexchange:CreateAsset",
"dataexchange:Get*",
"dataexchange:Update*",
"dataexchange:List*",
"dataexchange:Delete*",
"dataexchange:TagResource",
"dataexchange:UntagResource",
"dataexchange:PublishDataSet",
"tag:GetTagKeys",
"tag:GetTagValues"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"dataexchange:CreateJob",
"dataexchange:StartJob",
"dataexchange:CancelJob"
],
"Condition": {
"StringEquals": {
"dataexchange:JobType": [
"IMPORT_ASSETS_FROM_S3",
"IMPORT_ASSET_FROM_SIGNED_URL",
"EXPORT_ASSETS_TO_S3",
"EXPORT_ASSET_TO_SIGNED_URL"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "s3:GetObject",
"Condition": {
"ForAnyValue:StringEquals": {
"aws:CalledVia": [
"dataexchange.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:s3:::*aws-data-exchange*"
},
{
"Action": "s3:GetObject",
"Condition": {
"ForAnyValue:StringEquals": {
"aws:CalledVia": [
"dataexchange.amazonaws.com"
]
},
"StringEqualsIgnoreCase": {
"s3:ExistingObjectTag/AWSDataExchange": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:PutObject",
"s3:PutObjectAcl"
],
"Condition": {
"ForAnyValue:StringEquals": {
"aws:CalledVia": [
"dataexchange.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:s3:::*aws-data-exchange*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"aws-marketplace:DescribeEntity",
"aws-marketplace:ListEntities",
"aws-marketplace:DescribeChangeSet",
"aws-marketplace:ListChangeSets",
"aws-marketplace:StartChangeSet",
"aws-marketplace:CancelChangeSet",
"aws-marketplace:GetAgreementApprovalRequest",
"aws-marketplace:ListAgreementApprovalRequests",
"aws-marketplace:AcceptAgreementApprovalRequest",
"aws-marketplace:RejectAgreementApprovalRequest",
"aws-marketplace:UpdateAgreementApprovalRequest",
"aws-marketplace:SearchAgreements",
"aws-marketplace:GetAgreementTerms"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:DescribeKey",
"kms:ListAliases",
"kms:ListKeys"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MQSUGZZPZ",
"PolicyName": "AWSDataExchangeProviderFullAccess",
"UpdateDate": "2021-05-25T19:26:14+00:00",
"VersionId": "v7"
},
"AWSDataExchangeReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AWSDataExchangeReadOnly",
"AttachmentCount": 0,
"CreateDate": "2019-11-13T19:27:37+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"dataexchange:Get*",
"dataexchange:List*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"aws-marketplace:ViewSubscriptions",
"aws-marketplace:GetAgreementRequest",
"aws-marketplace:ListAgreementRequests",
"aws-marketplace:GetAgreementApprovalRequest",
"aws-marketplace:ListAgreementApprovalRequests",
"aws-marketplace:DescribeEntity",
"aws-marketplace:ListEntities",
"aws-marketplace:DescribeChangeSet",
"aws-marketplace:ListChangeSets",
"aws-marketplace:SearchAgreements",
"aws-marketplace:GetAgreementTerms"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4DQNFEZURI",
"PolicyName": "AWSDataExchangeReadOnly",
"UpdateDate": "2021-05-10T21:15:26+00:00",
"VersionId": "v2"
},
"AWSDataExchangeSubscriberFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSDataExchangeSubscriberFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-11-13T19:27:52+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"dataexchange:Get*",
"dataexchange:List*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"dataexchange:CreateJob",
"dataexchange:StartJob",
"dataexchange:CancelJob"
],
"Condition": {
"StringEquals": {
"dataexchange:JobType": [
"EXPORT_ASSETS_TO_S3",
"EXPORT_ASSET_TO_SIGNED_URL",
"EXPORT_REVISIONS_TO_S3"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "s3:GetObject",
"Condition": {
"ForAnyValue:StringEquals": {
"aws:CalledVia": [
"dataexchange.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:s3:::*aws-data-exchange*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"aws-marketplace:Subscribe",
"aws-marketplace:Unsubscribe",
"aws-marketplace:ViewSubscriptions",
"aws-marketplace:GetAgreementRequest",
"aws-marketplace:ListAgreementRequests",
"aws-marketplace:CancelAgreementRequest"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:DescribeKey",
"kms:ListAliases",
"kms:ListKeys"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MAWRW4GF7",
"PolicyName": "AWSDataExchangeSubscriberFullAccess",
"UpdateDate": "2021-02-08T23:34:25+00:00",
"VersionId": "v4"
},
"AWSDataLifecycleManagerServiceRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerServiceRole",
"AttachmentCount": 0,
"CreateDate": "2018-07-06T19:34:16+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateSnapshot",
"ec2:CreateSnapshots",
"ec2:DeleteSnapshot",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeSnapshots",
"ec2:EnableFastSnapshotRestores",
"ec2:DescribeFastSnapshotRestores",
"ec2:DisableFastSnapshotRestores",
"ec2:CopySnapshot",
"ec2:ModifySnapshotAttribute",
"ec2:DescribeSnapshotAttribute"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateTags"
],
"Effect": "Allow",
"Resource": "arn:aws:ec2:*::snapshot/*"
},
{
"Action": [
"events:PutRule",
"events:DeleteRule",
"events:DescribeRule",
"events:EnableRule",
"events:DisableRule",
"events:ListTargetsByRule",
"events:PutTargets",
"events:RemoveTargets"
],
"Effect": "Allow",
"Resource": "arn:aws:events:*:*:rule/AwsDataLifecycleRule.managed-cwe.*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIZRLOKFUFE7YXQOJS",
"PolicyName": "AWSDataLifecycleManagerServiceRole",
"UpdateDate": "2020-12-11T18:15:06+00:00",
"VersionId": "v6"
},
"AWSDataLifecycleManagerServiceRoleForAMIManagement": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerServiceRoleForAMIManagement",
"AttachmentCount": 0,
"CreateDate": "2020-10-21T19:39:41+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "ec2:CreateTags",
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*::image/*"
]
},
{
"Action": [
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeImageAttribute",
"ec2:DescribeVolumes",
"ec2:DescribeSnapshots"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:DeleteSnapshot",
"Effect": "Allow",
"Resource": "arn:aws:ec2:*::snapshot/*"
},
{
"Action": [
"ec2:ResetImageAttribute",
"ec2:DeregisterImage",
"ec2:CreateImage",
"ec2:CopyImage",
"ec2:ModifyImageAttribute"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MG6O7FWSP",
"PolicyName": "AWSDataLifecycleManagerServiceRoleForAMIManagement",
"UpdateDate": "2020-10-21T19:39:41+00:00",
"VersionId": "v1"
},
"AWSDataPipelineRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSDataPipelineRole",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:24+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:*",
"datapipeline:DescribeObjects",
"datapipeline:EvaluateExpression",
"dynamodb:BatchGetItem",
"dynamodb:DescribeTable",
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:UpdateTable",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CancelSpotInstanceRequests",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:Describe*",
"ec2:ModifyImageAttribute",
"ec2:ModifyInstanceAttribute",
"ec2:RequestSpotInstances",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:DeleteSecurityGroup",
"ec2:RevokeSecurityGroupEgress",
"ec2:DescribeNetworkInterfaces",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DetachNetworkInterface",
"elasticmapreduce:*",
"iam:GetInstanceProfile",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:ListAttachedRolePolicies",
"iam:ListRolePolicies",
"iam:ListInstanceProfiles",
"iam:PassRole",
"rds:DescribeDBInstances",
"rds:DescribeDBSecurityGroups",
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"s3:CreateBucket",
"s3:DeleteObject",
"s3:Get*",
"s3:List*",
"s3:Put*",
"sdb:BatchPutAttributes",
"sdb:Select*",
"sns:GetTopicAttributes",
"sns:ListTopics",
"sns:Publish",
"sns:Subscribe",
"sns:Unsubscribe",
"sqs:CreateQueue",
"sqs:Delete*",
"sqs:GetQueue*",
"sqs:PurgeQueue",
"sqs:ReceiveMessage"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": [
"elasticmapreduce.amazonaws.com",
"spot.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIKCP6XS3ESGF4GLO2",
"PolicyName": "AWSDataPipelineRole",
"UpdateDate": "2017-12-22T23:43:28+00:00",
"VersionId": "v6"
},
"AWSDataPipeline_FullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSDataPipeline_FullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-01-19T23:14:54+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"s3:List*",
"dynamodb:DescribeTable",
"rds:DescribeDBInstances",
"rds:DescribeDBSecurityGroups",
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"sns:ListTopics",
"sns:Subscribe",
"iam:ListRoles",
"iam:GetRolePolicy",
"iam:GetInstanceProfile",
"iam:ListInstanceProfiles",
"datapipeline:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:PassRole",
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/DataPipelineDefaultResourceRole",
"arn:aws:iam::*:role/DataPipelineDefaultRole"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIXOFIG7RSBMRPHXJ4",
"PolicyName": "AWSDataPipeline_FullAccess",
"UpdateDate": "2017-08-17T18:48:39+00:00",
"VersionId": "v2"
},
"AWSDataPipeline_PowerUser": {
"Arn": "arn:aws:iam::aws:policy/AWSDataPipeline_PowerUser",
"AttachmentCount": 0,
"CreateDate": "2017-01-19T23:16:46+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"s3:List*",
"dynamodb:DescribeTable",
"rds:DescribeDBInstances",
"rds:DescribeDBSecurityGroups",
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"sns:ListTopics",
"iam:ListRoles",
"iam:GetRolePolicy",
"iam:GetInstanceProfile",
"iam:ListInstanceProfiles",
"datapipeline:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:PassRole",
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/DataPipelineDefaultResourceRole",
"arn:aws:iam::*:role/DataPipelineDefaultRole"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIMXGLVY6DVR24VTYS",
"PolicyName": "AWSDataPipeline_PowerUser",
"UpdateDate": "2017-08-17T18:49:42+00:00",
"VersionId": "v2"
},
"AWSDataSyncFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSDataSyncFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-01-18T19:40:36+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"datasync:*",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:ModifyNetworkInterfaceAttribute",
"fsx:DescribeFileSystems",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:DescribeMountTargets",
"iam:GetRole",
"iam:ListRoles",
"logs:CreateLogGroup",
"logs:DescribeLogGroups",
"logs:DescribeResourcePolicies",
"s3:ListAllMyBuckets",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"datasync.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJGOHCDUQULZJKDGT4",
"PolicyName": "AWSDataSyncFullAccess",
"UpdateDate": "2020-06-30T17:58:58+00:00",
"VersionId": "v3"
},
"AWSDataSyncReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSDataSyncReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-01-18T19:18:44+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"datasync:Describe*",
"datasync:List*",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:DescribeMountTargets",
"fsx:DescribeFileSystems",
"iam:GetRole",
"iam:ListRoles",
"logs:DescribeLogGroups",
"logs:DescribeResourcePolicies",
"s3:ListAllMyBuckets",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJRYVEZEDR7ZEAGYLY",
"PolicyName": "AWSDataSyncReadOnlyAccess",
"UpdateDate": "2020-06-30T17:59:22+00:00",
"VersionId": "v3"
},
"AWSDeepLensLambdaFunctionAccessPolicy": {
"Arn": "arn:aws:iam::aws:policy/AWSDeepLensLambdaFunctionAccessPolicy",
"AttachmentCount": 0,
"CreateDate": "2017-11-29T15:47:18+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::deeplens*/*",
"arn:aws:s3:::deeplens*"
],
"Sid": "DeepLensS3ObjectAccess"
},
{
"Action": [
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:PutLogEvents",
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/greengrass/*",
"Sid": "DeepLensGreenGrassCloudWatchAccess"
},
{
"Action": [
"deeplens:*"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "DeepLensAccess"
},
{
"Action": [
"kinesisvideo:DescribeStream",
"kinesisvideo:CreateStream",
"kinesisvideo:GetDataEndpoint",
"kinesisvideo:PutMedia"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "DeepLensKinesisVideoAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIKIEE4PRM54V4G3ZG",
"PolicyName": "AWSDeepLensLambdaFunctionAccessPolicy",
"UpdateDate": "2019-06-11T23:11:55+00:00",
"VersionId": "v4"
},
"AWSDeepLensServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSDeepLensServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-11-29T15:46:36+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"iot:CreateThing",
"iot:DeleteThing",
"iot:DeleteThingShadow",
"iot:DescribeThing",
"iot:GetThingShadow",
"iot:UpdateThing",
"iot:UpdateThingShadow"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:*:*:thing/deeplens*"
],
"Sid": "DeepLensIoTThingAccess"
},
{
"Action": [
"iot:AttachThingPrincipal",
"iot:DetachThingPrincipal",
"iot:UpdateCertificate",
"iot:DeleteCertificate",
"iot:DetachPrincipalPolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:*:*:thing/deeplens*",
"arn:aws:iot:*:*:cert/*"
],
"Sid": "DeepLensIoTCertificateAccess"
},
{
"Action": [
"iot:CreateKeysAndCertificate",
"iot:CreatePolicy",
"iot:CreatePolicyVersion"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "DeepLensIoTCreateCertificateAndPolicyAccess"
},
{
"Action": [
"iot:AttachPrincipalPolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:*:*:policy/deeplens*",
"arn:aws:iot:*:*:cert/*"
],
"Sid": "DeepLensIoTAttachCertificatePolicyAccess"
},
{
"Action": [
"iot:GetThingShadow",
"iot:UpdateThingShadow"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:*:*:thing/deeplens*"
],
"Sid": "DeepLensIoTDataAccess"
},
{
"Action": [
"iot:DescribeEndpoint"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "DeepLensIoTEndpointAccess"
},
{
"Action": [
"deeplens:*"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "DeepLensAccess"
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::deeplens*"
],
"Sid": "DeepLensS3ObjectAccess"
},
{
"Action": [
"s3:DeleteBucket",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::deeplens*"
],
"Sid": "DeepLensS3Buckets"
},
{
"Action": [
"s3:CreateBucket"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "DeepLensCreateS3Buckets"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"greengrass.amazonaws.com",
"sagemaker.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "DeepLensIAMPassRoleAccess"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEqualsIfExists": {
"iam:PassedToService": "lambda.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/AWSDeepLens*",
"arn:aws:iam::*:role/service-role/AWSDeepLens*"
],
"Sid": "DeepLensIAMLambdaPassRoleAccess"
},
{
"Action": [
"greengrass:AssociateRoleToGroup",
"greengrass:AssociateServiceRoleToAccount",
"greengrass:CreateResourceDefinition",
"greengrass:CreateResourceDefinitionVersion",
"greengrass:CreateCoreDefinition",
"greengrass:CreateCoreDefinitionVersion",
"greengrass:CreateDeployment",
"greengrass:CreateFunctionDefinition",
"greengrass:CreateFunctionDefinitionVersion",
"greengrass:CreateGroup",
"greengrass:CreateGroupCertificateAuthority",
"greengrass:CreateGroupVersion",
"greengrass:CreateLoggerDefinition",
"greengrass:CreateLoggerDefinitionVersion",
"greengrass:CreateSubscriptionDefinition",
"greengrass:CreateSubscriptionDefinitionVersion",
"greengrass:DeleteCoreDefinition",
"greengrass:DeleteFunctionDefinition",
"greengrass:DeleteGroup",
"greengrass:DeleteLoggerDefinition",
"greengrass:DeleteSubscriptionDefinition",
"greengrass:DisassociateRoleFromGroup",
"greengrass:DisassociateServiceRoleFromAccount",
"greengrass:GetAssociatedRole",
"greengrass:GetConnectivityInfo",
"greengrass:GetCoreDefinition",
"greengrass:GetCoreDefinitionVersion",
"greengrass:GetDeploymentStatus",
"greengrass:GetDeviceDefinition",
"greengrass:GetDeviceDefinitionVersion",
"greengrass:GetFunctionDefinition",
"greengrass:GetFunctionDefinitionVersion",
"greengrass:GetGroup",
"greengrass:GetGroupCertificateAuthority",
"greengrass:GetGroupCertificateConfiguration",
"greengrass:GetGroupVersion",
"greengrass:GetLoggerDefinition",
"greengrass:GetLoggerDefinitionVersion",
"greengrass:GetResourceDefinition",
"greengrass:GetServiceRoleForAccount",
"greengrass:GetSubscriptionDefinition",
"greengrass:GetSubscriptionDefinitionVersion",
"greengrass:ListCoreDefinitionVersions",
"greengrass:ListCoreDefinitions",
"greengrass:ListDeployments",
"greengrass:ListDeviceDefinitionVersions",
"greengrass:ListDeviceDefinitions",
"greengrass:ListFunctionDefinitionVersions",
"greengrass:ListFunctionDefinitions",
"greengrass:ListGroupCertificateAuthorities",
"greengrass:ListGroupVersions",
"greengrass:ListGroups",
"greengrass:ListLoggerDefinitionVersions",
"greengrass:ListLoggerDefinitions",
"greengrass:ListSubscriptionDefinitionVersions",
"greengrass:ListSubscriptionDefinitions",
"greengrass:ResetDeployments",
"greengrass:UpdateConnectivityInfo",
"greengrass:UpdateCoreDefinition",
"greengrass:UpdateDeviceDefinition",
"greengrass:UpdateFunctionDefinition",
"greengrass:UpdateGroup",
"greengrass:UpdateGroupCertificateConfiguration",
"greengrass:UpdateLoggerDefinition",
"greengrass:UpdateSubscriptionDefinition",
"greengrass:UpdateResourceDefinition"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "DeepLensGreenGrassAccess"
},
{
"Action": [
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:GetFunction",
"lambda:GetFunctionConfiguration",
"lambda:ListFunctions",
"lambda:ListVersionsByFunction",
"lambda:PublishVersion",
"lambda:UpdateFunctionCode",
"lambda:UpdateFunctionConfiguration"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:deeplens*"
],
"Sid": "DeepLensLambdaAdminFunctionAccess"
},
{
"Action": [
"lambda:GetFunction",
"lambda:GetFunctionConfiguration",
"lambda:ListFunctions",
"lambda:ListVersionsByFunction"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:*"
],
"Sid": "DeepLensLambdaUsersFunctionAccess"
},
{
"Action": [
"sagemaker:CreateTrainingJob",
"sagemaker:DescribeTrainingJob",
"sagemaker:StopTrainingJob"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sagemaker:*:*:training-job/deeplens*"
],
"Sid": "DeepLensSageMakerWriteAccess"
},
{
"Action": [
"sagemaker:DescribeTrainingJob"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sagemaker:*:*:training-job/*"
],
"Sid": "DeepLensSageMakerReadAccess"
},
{
"Action": [
"kinesisvideo:CreateStream",
"kinesisvideo:DescribeStream",
"kinesisvideo:DeleteStream"
],
"Effect": "Allow",
"Resource": [
"arn:aws:kinesisvideo:*:*:stream/deeplens*/*"
],
"Sid": "DeepLensKinesisVideoStreamAccess"
},
{
"Action": [
"kinesisvideo:GetDataEndpoint"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "DeepLensKinesisVideoEndpointAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJK2Z2S7FPJFCYGR72",
"PolicyName": "AWSDeepLensServiceRolePolicy",
"UpdateDate": "2019-09-25T19:25:06+00:00",
"VersionId": "v6"
},
"AWSDeepRacerCloudFormationAccessPolicy": {
"Arn": "arn:aws:iam::aws:policy/AWSDeepRacerCloudFormationAccessPolicy",
"AttachmentCount": 0,
"CreateDate": "2019-02-28T21:59:49+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"cloudformation:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AllocateAddress",
"ec2:AttachInternetGateway",
"ec2:AssociateRouteTable",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateInternetGateway",
"ec2:CreateNatGateway",
"ec2:CreateNetworkAcl",
"ec2:CreateNetworkAclEntry",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateTags",
"ec2:CreateVpc",
"ec2:CreateVpcEndpoint",
"ec2:DeleteInternetGateway",
"ec2:DeleteNatGateway",
"ec2:DeleteNetworkAcl",
"ec2:DeleteNetworkAclEntry",
"ec2:DeleteRoute",
"ec2:DeleteRouteTable",
"ec2:DeleteSecurityGroup",
"ec2:DeleteSubnet",
"ec2:DeleteTags",
"ec2:DeleteVpc",
"ec2:DeleteVpcEndpoints",
"ec2:DescribeAddresses",
"ec2:DescribeInternetGateways",
"ec2:DescribeNatGateways",
"ec2:DescribeNetworkAcls",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcs",
"ec2:DetachInternetGateway",
"ec2:DisassociateRouteTable",
"ec2:ModifySubnetAttribute",
"ec2:ModifyVpcAttribute",
"ec2:ReleaseAddress",
"ec2:ReplaceNetworkAclAssociation",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLikeIfExists": {
"iam:PassedToService": "lambda.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/service-role/AWSDeepRacerLambdaAccessRole"
},
{
"Action": [
"lambda:CreateFunction",
"lambda:GetFunction",
"lambda:DeleteFunction",
"lambda:TagResource",
"lambda:UpdateFunctionCode"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:*DeepRacer*",
"arn:aws:lambda:*:*:function:*Deepracer*",
"arn:aws:lambda:*:*:function:*deepracer*"
]
},
{
"Action": [
"s3:PutBucketPolicy",
"s3:CreateBucket",
"s3:ListBucket",
"s3:GetBucketAcl",
"s3:DeleteBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*DeepRacer*",
"arn:aws:s3:::*Deepracer*",
"arn:aws:s3:::*deepracer*"
]
},
{
"Action": [
"robomaker:CreateSimulationApplication",
"robomaker:CreateSimulationApplicationVersion",
"robomaker:DeleteSimulationApplication",
"robomaker:DescribeSimulationApplication",
"robomaker:ListSimulationApplications",
"robomaker:TagResource",
"robomaker:UpdateSimulationApplication"
],
"Effect": "Allow",
"Resource": [
"arn:aws:robomaker:*:*:/createSimulationApplication",
"arn:aws:robomaker:*:*:simulation-application/deepracer*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJYG7FM75UF5CW5ICS",
"PolicyName": "AWSDeepRacerCloudFormationAccessPolicy",
"UpdateDate": "2019-06-14T17:02:04+00:00",
"VersionId": "v2"
},
"AWSDeepRacerFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSDeepRacerFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-10-05T22:03:10+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:GetBucketPolicy",
"s3:PutBucketPolicy",
"s3:ListBucket",
"s3:GetBucketAcl",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetObjectAcl",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*DeepRacer*",
"arn:aws:s3:::*Deepracer*",
"arn:aws:s3:::*deepracer*",
"arn:aws:s3:::dr-*",
"arn:aws:s3:::*DeepRacer*/*",
"arn:aws:s3:::*Deepracer*/*",
"arn:aws:s3:::*deepracer*/*",
"arn:aws:s3:::dr-*/*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4JFTOPTVBM",
"PolicyName": "AWSDeepRacerFullAccess",
"UpdateDate": "2020-10-05T22:03:10+00:00",
"VersionId": "v1"
},
"AWSDeepRacerRoboMakerAccessPolicy": {
"Arn": "arn:aws:iam::aws:policy/AWSDeepRacerRoboMakerAccessPolicy",
"AttachmentCount": 0,
"CreateDate": "2019-02-28T21:59:58+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"robomaker:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:PutMetricData",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcs"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/robomaker/SimulationJobs",
"arn:aws:logs:*:*:log-group:/aws/robomaker/SimulationJobs:log-stream:*"
]
},
{
"Action": [
"s3:GetObject",
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListAllMyBuckets",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*DeepRacer*",
"arn:aws:s3:::*Deepracer*",
"arn:aws:s3:::*deepracer*",
"arn:aws:s3:::dr-*"
]
},
{
"Action": [
"s3:GetObject"
],
"Condition": {
"StringEqualsIgnoreCase": {
"s3:ExistingObjectTag/DeepRacer": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kinesisvideo:CreateStream",
"kinesisvideo:DescribeStream",
"kinesisvideo:GetDataEndpoint",
"kinesisvideo:PutMedia",
"kinesisvideo:TagStream"
],
"Effect": "Allow",
"Resource": [
"arn:aws:kinesisvideo:*:*:stream/dr-*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIUKGYRTDCUFOMRGAM",
"PolicyName": "AWSDeepRacerRoboMakerAccessPolicy",
"UpdateDate": "2019-02-28T21:59:58+00:00",
"VersionId": "v1"
},
"AWSDeepRacerServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSDeepRacerServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-02-28T21:58:09+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"deepracer:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"robomaker:*",
"sagemaker:*",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudformation:ListStackResources",
"cloudformation:DescribeStacks",
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:DescribeStackEvents",
"cloudformation:DetectStackDrift",
"cloudformation:DescribeStackDriftDetectionStatus",
"cloudformation:DescribeStackResourceDrifts"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "robomaker.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/AWSDeepRacer*",
"arn:aws:iam::*:role/service-role/AWSDeepRacer*"
]
},
{
"Action": [
"cloudwatch:GetMetricData",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:GetLogEvents",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:GetFunction",
"lambda:InvokeFunction",
"lambda:UpdateFunctionCode"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:*DeepRacer*",
"arn:aws:lambda:*:*:function:*Deepracer*",
"arn:aws:lambda:*:*:function:*deepracer*",
"arn:aws:lambda:*:*:function:*dr-*"
]
},
{
"Action": [
"s3:GetObject",
"s3:GetBucketLocation",
"s3:DeleteObject",
"s3:ListBucket",
"s3:PutObject",
"s3:PutBucketPolicy",
"s3:GetBucketAcl"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*DeepRacer*",
"arn:aws:s3:::*Deepracer*",
"arn:aws:s3:::*deepracer*",
"arn:aws:s3:::dr-*"
]
},
{
"Action": [
"s3:GetObject"
],
"Condition": {
"StringEqualsIgnoreCase": {
"s3:ExistingObjectTag/DeepRacer": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kinesisvideo:CreateStream",
"kinesisvideo:DeleteStream",
"kinesisvideo:DescribeStream",
"kinesisvideo:GetDataEndpoint",
"kinesisvideo:GetHLSStreamingSessionURL",
"kinesisvideo:GetMedia",
"kinesisvideo:PutMedia",
"kinesisvideo:TagStream"
],
"Effect": "Allow",
"Resource": [
"arn:aws:kinesisvideo:*:*:stream/dr-*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJTUAQLIAVBJ7LZ32S",
"PolicyName": "AWSDeepRacerServiceRolePolicy",
"UpdateDate": "2019-06-12T20:55:34+00:00",
"VersionId": "v3"
},
"AWSDenyAll": {
"Arn": "arn:aws:iam::aws:policy/AWSDenyAll",
"AttachmentCount": 0,
"CreateDate": "2019-05-01T22:36:14+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"*"
],
"Effect": "Deny",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4P43IUQ5E5",
"PolicyName": "AWSDenyAll",
"UpdateDate": "2019-05-01T22:36:14+00:00",
"VersionId": "v1"
},
"AWSDeviceFarmFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSDeviceFarmFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-07-13T16:37:38+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"devicefarm:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJO7KEDP4VYJPNT5UW",
"PolicyName": "AWSDeviceFarmFullAccess",
"UpdateDate": "2015-07-13T16:37:38+00:00",
"VersionId": "v1"
},
"AWSDeviceFarmTestGridServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSDeviceFarmTestGridServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2021-05-26T22:01:35+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateNetworkInterface"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:security-group/*"
]
},
{
"Action": [
"ec2:CreateNetworkInterface"
],
"Condition": {
"StringEquals": {
"aws:RequestTag/AWSDeviceFarmManaged": "true"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:network-interface/*"
]
},
{
"Action": [
"ec2:CreateTags"
],
"Condition": {
"StringEquals": {
"ec2:CreateAction": "CreateNetworkInterface"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:network-interface/*"
},
{
"Action": [
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/AWSDeviceFarmManaged": "true"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:network-interface/*"
},
{
"Action": [
"ec2:ModifyNetworkInterfaceAttribute"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": [
"ec2:ModifyNetworkInterfaceAttribute"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/AWSDeviceFarmManaged": "true"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:network-interface/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4KOLIVAOCV",
"PolicyName": "AWSDeviceFarmTestGridServiceRolePolicy",
"UpdateDate": "2021-05-26T22:01:35+00:00",
"VersionId": "v1"
},
"AWSDirectConnectFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSDirectConnectFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:07+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"directconnect:*",
"ec2:DescribeVpnGateways",
"ec2:DescribeTransitGateways"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJQF2QKZSK74KTIHOW",
"PolicyName": "AWSDirectConnectFullAccess",
"UpdateDate": "2019-04-30T15:29:29+00:00",
"VersionId": "v3"
},
"AWSDirectConnectReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSDirectConnectReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:08+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"directconnect:Describe*",
"directconnect:List*",
"ec2:DescribeVpnGateways",
"ec2:DescribeTransitGateways"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI23HZ27SI6FQMGNQ2",
"PolicyName": "AWSDirectConnectReadOnlyAccess",
"UpdateDate": "2020-05-18T18:48:22+00:00",
"VersionId": "v4"
},
"AWSDirectConnectServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSDirectConnectServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2021-01-14T18:35:27+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"secretsmanager:DescribeSecret",
"secretsmanager:ListSecretVersionIds",
"secretsmanager:GetSecretValue"
],
"Effect": "Allow",
"Resource": [
"arn:aws:secretsmanager:*:*:secret:*directconnect*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4O7743JCTQ",
"PolicyName": "AWSDirectConnectServiceRolePolicy",
"UpdateDate": "2021-01-14T18:35:27+00:00",
"VersionId": "v1"
},
"AWSDirectoryServiceFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:11+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"ds:*",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"ec2:DescribeSecurityGroups",
"sns:GetTopicAttributes",
"sns:ListSubscriptions",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"iam:ListRoles",
"organizations:ListAccountsForParent",
"organizations:ListRoots",
"organizations:ListAccounts",
"organizations:DescribeOrganization",
"organizations:DescribeAccount",
"organizations:ListOrganizationalUnitsForParent",
"organizations:ListAWSServiceAccessForOrganization"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:SetTopicAttributes",
"sns:Subscribe",
"sns:Unsubscribe"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:DirectoryMonitoring*"
},
{
"Action": [
"organizations:EnableAWSServiceAccess",
"organizations:DisableAWSServiceAccess"
],
"Condition": {
"StringEquals": {
"organizations:ServicePrincipal": "ds.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:security-group/*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAINAW5ANUWTH3R4ANI",
"PolicyName": "AWSDirectoryServiceFullAccess",
"UpdateDate": "2020-11-24T23:24:10+00:00",
"VersionId": "v5"
},
"AWSDirectoryServiceReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSDirectoryServiceReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:12+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"ds:Check*",
"ds:Describe*",
"ds:Get*",
"ds:List*",
"ds:Verify*",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"sns:ListTopics",
"sns:GetTopicAttributes",
"sns:ListSubscriptions",
"sns:ListSubscriptionsByTopic",
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
"organizations:ListAWSServiceAccessForOrganization"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIHWYO6WSDNCG64M2W",
"PolicyName": "AWSDirectoryServiceReadOnlyAccess",
"UpdateDate": "2018-09-25T21:54:01+00:00",
"VersionId": "v4"
},
"AWSDiscoveryContinuousExportFirehosePolicy": {
"Arn": "arn:aws:iam::aws:policy/AWSDiscoveryContinuousExportFirehosePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-08-09T18:29:39+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"glue:GetTableVersions"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:AbortMultipartUpload",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-application-discovery-service-*"
]
},
{
"Action": [
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/application-discovery-service/firehose:log-stream:*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIX6FHUTEUNXYDFZ7C",
"PolicyName": "AWSDiscoveryContinuousExportFirehosePolicy",
"UpdateDate": "2021-06-08T17:32:46+00:00",
"VersionId": "v2"
},
"AWSEC2FleetServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2FleetServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-03-21T00:08:55+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeImages",
"ec2:DescribeSubnets",
"ec2:RequestSpotInstances",
"ec2:DescribeInstanceStatus",
"ec2:RunInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "spot.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "EC2SpotManagement"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:CreateTags"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:spot-instances-request/*"
]
},
{
"Action": [
"ec2:CreateTags"
],
"Condition": {
"StringEquals": {
"ec2:CreateAction": "RunInstances"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:volume/*"
]
},
{
"Action": [
"ec2:TerminateInstances"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:ec2:fleet-id": "*"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJCL355O4TC27CPKVC",
"PolicyName": "AWSEC2FleetServiceRolePolicy",
"UpdateDate": "2020-05-04T20:10:31+00:00",
"VersionId": "v3"
},
"AWSEC2SpotFleetServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotFleetServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-10-23T19:13:06+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeImages",
"ec2:DescribeSubnets",
"ec2:RequestSpotInstances",
"ec2:DescribeInstanceStatus",
"ec2:RunInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:CreateTags"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:spot-instances-request/*",
"arn:aws:ec2:*:*:spot-fleet-request/*",
"arn:aws:ec2:*:*:volume/*"
]
},
{
"Action": [
"ec2:TerminateInstances"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:ec2spot:fleet-request-id": "*"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"elasticloadbalancing:RegisterInstancesWithLoadBalancer"
],
"Effect": "Allow",
"Resource": [
"arn:aws:elasticloadbalancing:*:*:loadbalancer/*"
]
},
{
"Action": [
"elasticloadbalancing:RegisterTargets"
],
"Effect": "Allow",
"Resource": [
"arn:aws:elasticloadbalancing:*:*:*/*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAILWCVTZD57EMYWMBO",
"PolicyName": "AWSEC2SpotFleetServiceRolePolicy",
"UpdateDate": "2020-03-16T19:16:21+00:00",
"VersionId": "v4"
},
"AWSEC2SpotServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotServiceRolePolicy",
"AttachmentCount": 1,
"CreateDate": "2017-09-18T18:51:54+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:RunInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:RunInstances"
],
"Condition": {
"StringNotEquals": {
"ec2:InstanceMarketType": "spot"
}
},
"Effect": "Deny",
"Resource": [
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:CreateTags"
],
"Condition": {
"StringEquals": {
"ec2:CreateAction": "RunInstances"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIZJJBQNXQYVKTEXGM",
"PolicyName": "AWSEC2SpotServiceRolePolicy",
"UpdateDate": "2018-12-12T00:13:51+00:00",
"VersionId": "v4"
},
"AWSElasticBeanstalkCustomPlatformforEC2Role": {
"Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkCustomPlatformforEC2Role",
"AttachmentCount": 0,
"CreateDate": "2017-02-21T22:50:30+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CopyImage",
"ec2:CreateImage",
"ec2:CreateKeypair",
"ec2:CreateSecurityGroup",
"ec2:CreateSnapshot",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DeleteKeypair",
"ec2:DeleteSecurityGroup",
"ec2:DeleteSnapshot",
"ec2:DeleteVolume",
"ec2:DeregisterImage",
"ec2:DescribeImageAttribute",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeRegions",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DetachVolume",
"ec2:GetPasswordData",
"ec2:ModifyImageAttribute",
"ec2:ModifyInstanceAttribute",
"ec2:ModifySnapshotAttribute",
"ec2:RegisterImage",
"ec2:RunInstances",
"ec2:StopInstances",
"ec2:TerminateInstances"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "EC2Access"
},
{
"Action": [
"s3:Get*",
"s3:List*",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::elasticbeanstalk-*",
"arn:aws:s3:::elasticbeanstalk-*/*"
],
"Sid": "BucketAccess"
},
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/platform/*",
"Sid": "CloudWatchLogsAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJRVFXSS6LEIQGBKDY",
"PolicyName": "AWSElasticBeanstalkCustomPlatformforEC2Role",
"UpdateDate": "2017-02-21T22:50:30+00:00",
"VersionId": "v1"
},
"AWSElasticBeanstalkEnhancedHealth": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkEnhancedHealth",
"AttachmentCount": 0,
"CreateDate": "2016-02-08T23:17:27+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetHealth",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:GetConsoleOutput",
"ec2:AssociateAddress",
"ec2:DescribeAddresses",
"ec2:DescribeSecurityGroups",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeScalingActivities",
"autoscaling:DescribeNotificationConfigurations",
"sns:Publish"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"logs:DescribeLogStreams",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*:log-stream:*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIH5EFJNMOGUUTKLFE",
"PolicyName": "AWSElasticBeanstalkEnhancedHealth",
"UpdateDate": "2018-04-09T22:12:53+00:00",
"VersionId": "v4"
},
"AWSElasticBeanstalkMaintenance": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkMaintenance",
"AttachmentCount": 0,
"CreateDate": "2019-01-11T23:22:52+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"cloudformation:CreateChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:ExecuteChangeSet",
"cloudformation:DeleteChangeSet",
"cloudformation:ListChangeSets",
"cloudformation:DescribeStacks"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/awseb-*",
"arn:aws:cloudformation:*:*:stack/eb-*"
],
"Sid": "AllowCloudformationChangeSetOperationsOnElasticBeanstalkStacks"
},
{
"Action": "elasticloadbalancing:DescribeLoadBalancers",
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowElasticBeanstalkStacksUpdateExecuteSuccessfully"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJQPH22XGBH2VV2LSW",
"PolicyName": "AWSElasticBeanstalkMaintenance",
"UpdateDate": "2019-06-04T17:48:27+00:00",
"VersionId": "v2"
},
"AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2021-03-03T22:18:00+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"elasticbeanstalk:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ElasticBeanstalkPermissions"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"elasticbeanstalk.amazonaws.com",
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn",
"autoscaling.amazonaws.com",
"elasticloadbalancing.amazonaws.com",
"ecs.amazonaws.com",
"cloudformation.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/*",
"Sid": "AllowPassRoleToElasticBeanstalkAndDownstreamServices"
},
{
"Action": [
"autoscaling:DescribeAccountLimits",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeLoadBalancers",
"autoscaling:DescribeNotificationConfigurations",
"autoscaling:DescribeScalingActivities",
"autoscaling:DescribeScheduledActions",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeImages",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeSubnets",
"ec2:DescribeVpcClassicLink",
"ec2:DescribeVpcs",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"logs:DescribeLogGroups",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeOrderableDBInstanceOptions",
"sns:ListSubscriptionsByTopic"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "ReadOnlyPermissions"
},
{
"Action": [
"ec2:AllocateAddress",
"ec2:AssociateAddress",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateLaunchTemplate",
"ec2:CreateLaunchTemplateVersion",
"ec2:CreateSecurityGroup",
"ec2:DeleteLaunchTemplate",
"ec2:DeleteLaunchTemplateVersions",
"ec2:DeleteSecurityGroup",
"ec2:DisassociateAddress",
"ec2:ReleaseAddress",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "EC2BroadOperationPermissions"
},
{
"Action": "ec2:RunInstances",
"Condition": {
"ArnLike": {
"ec2:LaunchTemplate": "arn:aws:ec2:*:*:launch-template/*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "EC2RunInstancesOperationPermissions"
},
{
"Action": [
"ec2:TerminateInstances"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:cloudformation:stack-id": [
"arn:aws:cloudformation:*:*:stack/awseb-e-*",
"arn:aws:cloudformation:*:*:stack/eb-*"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*",
"Sid": "EC2TerminateInstancesOperationPermissions"
},
{
"Action": [
"ecs:CreateCluster",
"ecs:DescribeClusters",
"ecs:RegisterTaskDefinition"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ECSBroadOperationPermissions"
},
{
"Action": "ecs:DeleteCluster",
"Effect": "Allow",
"Resource": "arn:aws:ecs:*:*:cluster/awseb-*",
"Sid": "ECSDeleteClusterOperationPermissions"
},
{
"Action": [
"autoscaling:AttachInstances",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:CreateLaunchConfiguration",
"autoscaling:DeleteLaunchConfiguration",
"autoscaling:DeleteAutoScalingGroup",
"autoscaling:DeleteScheduledAction",
"autoscaling:DetachInstances",
"autoscaling:DeletePolicy",
"autoscaling:PutScalingPolicy",
"autoscaling:PutScheduledUpdateGroupAction",
"autoscaling:PutNotificationConfiguration",
"autoscaling:ResumeProcesses",
"autoscaling:SetDesiredCapacity",
"autoscaling:SuspendProcesses",
"autoscaling:TerminateInstanceInAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup"
],
"Effect": "Allow",
"Resource": [
"arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*",
"arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*",
"arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*",
"arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*"
],
"Sid": "ASGOperationPermissions"
},
{
"Action": [
"cloudformation:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/awseb-*",
"arn:aws:cloudformation:*:*:stack/eb-*"
],
"Sid": "CFNOperationPermissions"
},
{
"Action": [
"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
"elasticloadbalancing:ConfigureHealthCheck",
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:RegisterTargets"
],
"Effect": "Allow",
"Resource": [
"arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*",
"arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*",
"arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-*",
"arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*",
"arn:aws:elasticloadbalancing:*:*:loadbalancer/*/awseb-*/*",
"arn:aws:elasticloadbalancing:*:*:loadbalancer/*/eb-*/*"
],
"Sid": "ELBOperationPermissions"
},
{
"Action": [
"logs:CreateLogGroup",
"logs:DeleteLogGroup",
"logs:PutRetentionPolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*",
"Sid": "CWLogsOperationPermissions"
},
{
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectVersionAcl"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::elasticbeanstalk-*/*",
"Sid": "S3ObjectOperationPermissions"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetBucketPolicy",
"s3:ListBucket",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::elasticbeanstalk-*",
"Sid": "S3BucketOperationPermissions"
},
{
"Action": [
"sns:CreateTopic",
"sns:GetTopicAttributes",
"sns:SetTopicAttributes",
"sns:Subscribe"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:ElasticBeanstalkNotifications-*",
"Sid": "SNSOperationPermissions"
},
{
"Action": [
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sqs:*:*:awseb-e-*",
"arn:aws:sqs:*:*:eb-*"
],
"Sid": "SQSOperationPermissions"
},
{
"Action": [
"cloudwatch:PutMetricAlarm"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudwatch:*:*:alarm:awseb-*",
"arn:aws:cloudwatch:*:*:alarm:eb-*"
],
"Sid": "CWPutMetricAlarmOperationPermissions"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4AKB7QD2CZ",
"PolicyName": "AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy",
"UpdateDate": "2021-03-09T22:36:04+00:00",
"VersionId": "v2"
},
"AWSElasticBeanstalkManagedUpdatesServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkManagedUpdatesServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-11-21T22:35:06+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": "iam:PassRole",
"Condition": {
"StringLikeIfExists": {
"iam:PassedToService": [
"elasticbeanstalk.amazonaws.com",
"ec2.amazonaws.com",
"autoscaling.amazonaws.com",
"elasticloadbalancing.amazonaws.com",
"ecs.amazonaws.com",
"cloudformation.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowPassRoleToElasticBeanstalkAndDownstreamServices"
},
{
"Action": [
"ec2:releaseAddress",
"ec2:allocateAddress",
"ec2:DisassociateAddress",
"ec2:AssociateAddress"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "SingleInstanceAPIs"
},
{
"Action": [
"ecs:RegisterTaskDefinition",
"ecs:DeRegisterTaskDefinition",
"ecs:List*",
"ecs:Describe*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ECS"
},
{
"Action": [
"elasticbeanstalk:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ElasticBeanstalkAPIs"
},
{
"Action": [
"cloudformation:Describe*",
"cloudformation:List*",
"ec2:Describe*",
"autoscaling:Describe*",
"elasticloadbalancing:Describe*",
"logs:DescribeLogGroups",
"sns:GetTopicAttributes",
"sns:ListSubscriptionsByTopic"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ReadOnlyAPIs"
},
{
"Action": [
"autoscaling:AttachInstances",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:CreateLaunchConfiguration",
"autoscaling:DeleteAutoScalingGroup",
"autoscaling:DeleteLaunchConfiguration",
"autoscaling:DeleteScheduledAction",
"autoscaling:DetachInstances",
"autoscaling:PutNotificationConfiguration",
"autoscaling:PutScalingPolicy",
"autoscaling:PutScheduledUpdateGroupAction",
"autoscaling:ResumeProcesses",
"autoscaling:SuspendProcesses",
"autoscaling:TerminateInstanceInAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup"
],
"Effect": "Allow",
"Resource": [
"arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*",
"arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*",
"arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*",
"arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*"
],
"Sid": "ASG"
},
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:CancelUpdateStack",
"cloudformation:DeleteStack",
"cloudformation:GetTemplate",
"cloudformation:UpdateStack"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/awseb-e-*",
"arn:aws:cloudformation:*:*:stack/eb-*"
],
"Sid": "CFN"
},
{
"Action": [
"ec2:TerminateInstances"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:cloudformation:stack-id": [
"arn:aws:cloudformation:*:*:stack/awseb-e-*",
"arn:aws:cloudformation:*:*:stack/eb-*"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*",
"Sid": "EC2"
},
{
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectVersionAcl"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::elasticbeanstalk-*/*",
"Sid": "S3Obj"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetBucketPolicy",
"s3:ListBucket",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::elasticbeanstalk-*",
"Sid": "S3Bucket"
},
{
"Action": [
"logs:CreateLogGroup",
"logs:DeleteLogGroup",
"logs:PutRetentionPolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*",
"Sid": "CWL"
},
{
"Action": [
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:DeRegisterTargets",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer"
],
"Effect": "Allow",
"Resource": [
"arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*",
"arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-e-*",
"arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*",
"arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*"
],
"Sid": "ELB"
},
{
"Action": [
"sns:CreateTopic"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:ElasticBeanstalkNotifications-Environment-*",
"Sid": "SNS"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4HVFNJB4NR",
"PolicyName": "AWSElasticBeanstalkManagedUpdatesServiceRolePolicy",
"UpdateDate": "2020-12-11T18:21:32+00:00",
"VersionId": "v5"
},
"AWSElasticBeanstalkMulticontainerDocker": {
"Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker",
"AttachmentCount": 0,
"CreateDate": "2016-02-08T23:15:29+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"ecs:Poll",
"ecs:StartTask",
"ecs:StopTask",
"ecs:DiscoverPollEndpoint",
"ecs:StartTelemetrySession",
"ecs:RegisterContainerInstance",
"ecs:DeregisterContainerInstance",
"ecs:DescribeContainerInstances",
"ecs:Submit*",
"ecs:DescribeTasks"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ECSAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ45SBYG72SD6SHJEY",
"PolicyName": "AWSElasticBeanstalkMulticontainerDocker",
"UpdateDate": "2016-06-06T23:45:37+00:00",
"VersionId": "v2"
},
"AWSElasticBeanstalkReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkReadOnly",
"AttachmentCount": 0,
"CreateDate": "2021-01-22T19:02:37+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"acm:ListCertificates",
"autoscaling:DescribeAccountLimits",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribePolicies",
"autoscaling:DescribeLoadBalancers",
"autoscaling:DescribeNotificationConfigurations",
"autoscaling:DescribeScalingActivities",
"autoscaling:DescribeScheduledActions",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:DescribeStacks",
"cloudformation:GetTemplate",
"cloudformation:ListStackResources",
"cloudformation:ListStacks",
"cloudformation:ValidateTemplate",
"cloudtrail:LookupEvents",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeImages",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeKeyPairs",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"elasticbeanstalk:Check*",
"elasticbeanstalk:Describe*",
"elasticbeanstalk:List*",
"elasticbeanstalk:RequestEnvironmentInfo",
"elasticbeanstalk:RetrieveEnvironmentInfo",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeSSLPolicies",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"iam:GetRole",
"iam:ListAttachedRolePolicies",
"iam:ListInstanceProfiles",
"iam:ListRolePolicies",
"iam:ListRoles",
"iam:ListServerCertificates",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeOrderableDBInstanceOptions",
"rds:DescribeDBSnapshots",
"s3:ListAllMyBuckets",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"sqs:ListQueues"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowAPIs"
},
{
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:GetBucketLocation",
"s3:GetBucketPolicy",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::elasticbeanstalk-*",
"Sid": "AllowS3"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4BYFSOYIWH",
"PolicyName": "AWSElasticBeanstalkReadOnly",
"UpdateDate": "2021-01-22T19:02:37+00:00",
"VersionId": "v1"
},
"AWSElasticBeanstalkRoleCWL": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleCWL",
"AttachmentCount": 0,
"CreateDate": "2020-06-05T21:49:06+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:DeleteLogGroup",
"logs:PutRetentionPolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*",
"Sid": "AllowCWL"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4G4S2QMTW3",
"PolicyName": "AWSElasticBeanstalkRoleCWL",
"UpdateDate": "2020-06-05T21:49:06+00:00",
"VersionId": "v1"
},
"AWSElasticBeanstalkRoleCore": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleCore",
"AttachmentCount": 0,
"CreateDate": "2020-06-05T21:48:24+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"ec2:TerminateInstances"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/awseb-e-*"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*",
"Sid": "TerminateInstances"
},
{
"Action": [
"ec2:ReleaseAddress",
"ec2:AllocateAddress",
"ec2:DisassociateAddress",
"ec2:AssociateAddress",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:CreateSecurityGroup",
"ec2:DeleteSecurityGroup",
"ec2:AuthorizeSecurityGroup*",
"ec2:RevokeSecurityGroup*",
"ec2:CreateLaunchTemplate*",
"ec2:DeleteLaunchTemplate*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "EC2"
},
{
"Action": "ec2:RunInstances",
"Condition": {
"ArnLike": {
"ec2:LaunchTemplate": "arn:aws:ec2:*:*:launch-template/*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "LTRunInstances"
},
{
"Action": [
"autoscaling:AttachInstances",
"autoscaling:*LoadBalancer*",
"autoscaling:*AutoScalingGroup",
"autoscaling:*LaunchConfiguration",
"autoscaling:DeleteScheduledAction",
"autoscaling:DetachInstances",
"autoscaling:PutNotificationConfiguration",
"autoscaling:PutScalingPolicy",
"autoscaling:PutScheduledUpdateGroupAction",
"autoscaling:ResumeProcesses",
"autoscaling:SuspendProcesses",
"autoscaling:*Tags"
],
"Effect": "Allow",
"Resource": [
"arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*",
"arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*"
],
"Sid": "ASG"
},
{
"Action": [
"autoscaling:DeletePolicy"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "ASGPolicy"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringLike": {
"iam:AWSServiceName": "elasticbeanstalk.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*"
],
"Sid": "EBSLR"
},
{
"Action": [
"s3:Delete*",
"s3:Get*",
"s3:Put*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::elasticbeanstalk-*/*",
"arn:aws:s3:::elasticbeanstalk-env-resources-*/*"
],
"Sid": "S3Obj"
},
{
"Action": [
"s3:GetBucket*",
"s3:ListBucket",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::elasticbeanstalk-*",
"Sid": "S3Bucket"
},
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:GetTemplate",
"cloudformation:ListStackResources",
"cloudformation:UpdateStack",
"cloudformation:ContinueUpdateRollback",
"cloudformation:CancelUpdateStack"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudformation:*:*:stack/awseb-e-*",
"Sid": "CFN"
},
{
"Action": [
"cloudwatch:PutMetricAlarm",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudwatch:*:*:alarm:awseb-*",
"Sid": "CloudWatch"
},
{
"Action": [
"elasticloadbalancing:Create*",
"elasticloadbalancing:Delete*",
"elasticloadbalancing:Modify*",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:DeRegisterTargets",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:*Tags",
"elasticloadbalancing:ConfigureHealthCheck",
"elasticloadbalancing:SetRulePriorities",
"elasticloadbalancing:SetLoadBalancerPoliciesOfListener"
],
"Effect": "Allow",
"Resource": [
"arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*",
"arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-*",
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/awseb-*/*",
"arn:aws:elasticloadbalancing:*:*:loadbalancer/net/awseb-*/*",
"arn:aws:elasticloadbalancing:*:*:listener/awseb-*",
"arn:aws:elasticloadbalancing:*:*:listener/app/awseb-*",
"arn:aws:elasticloadbalancing:*:*:listener/net/awseb-*",
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/awseb-*/*/*/*"
],
"Sid": "ELB"
},
{
"Action": [
"autoscaling:Describe*",
"cloudformation:Describe*",
"logs:Describe*",
"ec2:Describe*",
"ecs:Describe*",
"ecs:List*",
"elasticloadbalancing:Describe*",
"rds:Describe*",
"sns:List*",
"iam:List*",
"acm:Describe*",
"acm:List*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ListAPIs"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"elasticbeanstalk.amazonaws.com",
"ec2.amazonaws.com",
"autoscaling.amazonaws.com",
"elasticloadbalancing.amazonaws.com",
"ecs.amazonaws.com",
"cloudformation.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-elasticbeanstalk-*",
"Sid": "AllowPassRole"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4OXQ5DMW6K",
"PolicyName": "AWSElasticBeanstalkRoleCore",
"UpdateDate": "2020-09-09T20:31:14+00:00",
"VersionId": "v2"
},
"AWSElasticBeanstalkRoleECS": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleECS",
"AttachmentCount": 0,
"CreateDate": "2020-06-05T21:47:27+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ecs:CreateCluster",
"ecs:DeleteCluster",
"ecs:RegisterTaskDefinition",
"ecs:DeRegisterTaskDefinition"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "AllowECS"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4ORP4E3ZEZ",
"PolicyName": "AWSElasticBeanstalkRoleECS",
"UpdateDate": "2020-06-05T21:47:27+00:00",
"VersionId": "v1"
},
"AWSElasticBeanstalkRoleRDS": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleRDS",
"AttachmentCount": 0,
"CreateDate": "2020-06-05T21:46:55+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"rds:CreateDBSecurityGroup",
"rds:DeleteDBSecurityGroup",
"rds:AuthorizeDBSecurityGroupIngress",
"rds:CreateDBInstance",
"rds:ModifyDBInstance",
"rds:DeleteDBInstance"
],
"Effect": "Allow",
"Resource": [
"arn:aws:rds:*:*:secgrp:awseb-e-*",
"arn:aws:rds:*:*:db:*"
],
"Sid": "AllowRDS"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4G5JWEESE4",
"PolicyName": "AWSElasticBeanstalkRoleRDS",
"UpdateDate": "2020-06-05T21:46:55+00:00",
"VersionId": "v1"
},
"AWSElasticBeanstalkRoleSNS": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleSNS",
"AttachmentCount": 0,
"CreateDate": "2020-06-05T21:46:22+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"sns:CreateTopic",
"sns:SetTopicAttributes",
"sns:DeleteTopic"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sns:*:*:ElasticBeanstalkNotifications-*"
],
"Sid": "AllowBeanstalkManageSNS"
},
{
"Action": [
"sns:GetTopicAttributes",
"sns:Subscribe",
"sns:Unsubscribe",
"sns:Publish"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowSNSPublish"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4PARPZJ2UZ",
"PolicyName": "AWSElasticBeanstalkRoleSNS",
"UpdateDate": "2020-06-05T21:46:22+00:00",
"VersionId": "v1"
},
"AWSElasticBeanstalkRoleWorkerTier": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleWorkerTier",
"AttachmentCount": 0,
"CreateDate": "2020-06-05T21:43:37+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"sqs:TagQueue",
"sqs:DeleteQueue",
"sqs:GetQueueAttributes",
"sqs:CreateQueue"
],
"Effect": "Allow",
"Resource": "arn:aws:sqs:*:*:awseb-e-*",
"Sid": "AllowSQS"
},
{
"Action": [
"dynamodb:CreateTable",
"dynamodb:TagResource",
"dynamodb:DescribeTable",
"dynamodb:DeleteTable"
],
"Effect": "Allow",
"Resource": "arn:aws:dynamodb:*:*:table/awseb-e-*",
"Sid": "AllowDDB"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4LTO4NS2Z5",
"PolicyName": "AWSElasticBeanstalkRoleWorkerTier",
"UpdateDate": "2020-06-05T21:43:37+00:00",
"VersionId": "v1"
},
"AWSElasticBeanstalkService": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService",
"AttachmentCount": 0,
"CreateDate": "2016-04-11T20:27:23+00:00",
"DefaultVersionId": "v16",
"Document": {
"Statement": [
{
"Action": [
"cloudformation:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/awseb-*",
"arn:aws:cloudformation:*:*:stack/eb-*"
],
"Sid": "AllowCloudformationOperationsOnElasticBeanstalkStacks"
},
{
"Action": [
"logs:DeleteLogGroup"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*"
],
"Sid": "AllowDeleteCloudwatchLogGroups"
},
{
"Action": [
"s3:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::elasticbeanstalk-*",
"arn:aws:s3:::elasticbeanstalk-*/*"
],
"Sid": "AllowS3OperationsOnElasticBeanstalkBuckets"
},
{
"Action": "ec2:RunInstances",
"Condition": {
"ArnLike": {
"ec2:LaunchTemplate": "arn:aws:ec2:*:*:launch-template/*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowLaunchTemplateRunInstances"
},
{
"Action": [
"autoscaling:AttachInstances",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:CreateLaunchConfiguration",
"autoscaling:DeleteLaunchConfiguration",
"autoscaling:DeleteAutoScalingGroup",
"autoscaling:DeleteScheduledAction",
"autoscaling:DescribeAccountLimits",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeLoadBalancers",
"autoscaling:DescribeNotificationConfigurations",
"autoscaling:DescribeScalingActivities",
"autoscaling:DescribeScheduledActions",
"autoscaling:DetachInstances",
"autoscaling:DeletePolicy",
"autoscaling:PutScalingPolicy",
"autoscaling:PutScheduledUpdateGroupAction",
"autoscaling:PutNotificationConfiguration",
"autoscaling:ResumeProcesses",
"autoscaling:SetDesiredCapacity",
"autoscaling:SuspendProcesses",
"autoscaling:TerminateInstanceInAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup",
"cloudwatch:PutMetricAlarm",
"ec2:AssociateAddress",
"ec2:AllocateAddress",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateLaunchTemplate",
"ec2:CreateLaunchTemplateVersion",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DeleteLaunchTemplate",
"ec2:DeleteLaunchTemplateVersions",
"ec2:CreateSecurityGroup",
"ec2:DeleteSecurityGroup",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeVpcClassicLink",
"ec2:DisassociateAddress",
"ec2:ReleaseAddress",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"ec2:TerminateInstances",
"ecs:CreateCluster",
"ecs:DeleteCluster",
"ecs:DescribeClusters",
"ecs:RegisterTaskDefinition",
"elasticbeanstalk:*",
"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
"elasticloadbalancing:ConfigureHealthCheck",
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:DeregisterTargets",
"iam:ListRoles",
"iam:PassRole",
"logs:CreateLogGroup",
"logs:PutRetentionPolicy",
"logs:DescribeLogGroups",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeOrderableDBInstanceOptions",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:ListBucket",
"sns:CreateTopic",
"sns:GetTopicAttributes",
"sns:ListSubscriptionsByTopic",
"sns:Subscribe",
"sns:SetTopicAttributes",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
"codebuild:CreateProject",
"codebuild:DeleteProject",
"codebuild:BatchGetBuilds",
"codebuild:StartBuild"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "AllowOperations"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJKQ5SN74ZQ4WASXBM",
"PolicyName": "AWSElasticBeanstalkService",
"UpdateDate": "2019-06-14T23:18:46+00:00",
"VersionId": "v16"
},
"AWSElasticBeanstalkServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-09-13T23:46:37+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:DescribeStacks"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/awseb-*",
"arn:aws:cloudformation:*:*:stack/eb-*"
],
"Sid": "AllowCloudformationReadOperationsOnElasticBeanstalkStacks"
},
{
"Action": [
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeNotificationConfigurations",
"autoscaling:DescribeScalingActivities",
"autoscaling:PutNotificationConfiguration",
"ec2:DescribeInstanceStatus",
"ec2:AssociateAddress",
"ec2:DescribeAddresses",
"ec2:DescribeInstances",
"ec2:DescribeSecurityGroups",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:DescribeTargetGroups",
"lambda:GetFunction",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
"sns:Publish"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "AllowOperations"
},
{
"Action": [
"logs:CreateLogStream",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:DeleteLogGroup",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*",
"Sid": "AllowOperationsOnHealthStreamingLogs"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIID62QSI3OSIPQXTM",
"PolicyName": "AWSElasticBeanstalkServiceRolePolicy",
"UpdateDate": "2019-06-06T21:59:51+00:00",
"VersionId": "v6"
},
"AWSElasticBeanstalkWebTier": {
"Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier",
"AttachmentCount": 0,
"CreateDate": "2016-02-08T23:08:54+00:00",
"DefaultVersionId": "v7",
"Document": {
"Statement": [
{
"Action": [
"s3:Get*",
"s3:List*",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::elasticbeanstalk-*",
"arn:aws:s3:::elasticbeanstalk-*/*"
],
"Sid": "BucketAccess"
},
{
"Action": [
"xray:PutTraceSegments",
"xray:PutTelemetryRecords",
"xray:GetSamplingRules",
"xray:GetSamplingTargets",
"xray:GetSamplingStatisticSummaries"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "XRayAccess"
},
{
"Action": [
"logs:PutLogEvents",
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:DescribeLogGroups"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*"
],
"Sid": "CloudWatchLogsAccess"
},
{
"Action": [
"elasticbeanstalk:PutInstanceStatistics"
],
"Effect": "Allow",
"Resource": [
"arn:aws:elasticbeanstalk:*:*:application/*",
"arn:aws:elasticbeanstalk:*:*:environment/*"
],
"Sid": "ElasticBeanstalkHealthAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIUF4325SJYOREKW3A",
"PolicyName": "AWSElasticBeanstalkWebTier",
"UpdateDate": "2020-09-09T19:38:36+00:00",
"VersionId": "v7"
},
"AWSElasticBeanstalkWorkerTier": {
"Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier",
"AttachmentCount": 0,
"CreateDate": "2016-02-08T23:12:02+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:PutMetricData"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "MetricsAccess"
},
{
"Action": [
"xray:PutTraceSegments",
"xray:PutTelemetryRecords",
"xray:GetSamplingRules",
"xray:GetSamplingTargets",
"xray:GetSamplingStatisticSummaries"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "XRayAccess"
},
{
"Action": [
"sqs:ChangeMessageVisibility",
"sqs:DeleteMessage",
"sqs:ReceiveMessage",
"sqs:SendMessage"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "QueueAccess"
},
{
"Action": [
"s3:Get*",
"s3:List*",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::elasticbeanstalk-*",
"arn:aws:s3:::elasticbeanstalk-*/*"
],
"Sid": "BucketAccess"
},
{
"Action": [
"dynamodb:BatchGetItem",
"dynamodb:BatchWriteItem",
"dynamodb:DeleteItem",
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:UpdateItem"
],
"Effect": "Allow",
"Resource": [
"arn:aws:dynamodb:*:*:table/*-stack-AWSEBWorkerCronLeaderRegistry*"
],
"Sid": "DynamoPeriodicTasks"
},
{
"Action": [
"logs:PutLogEvents",
"logs:CreateLogStream"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*"
],
"Sid": "CloudWatchLogsAccess"
},
{
"Action": [
"elasticbeanstalk:PutInstanceStatistics"
],
"Effect": "Allow",
"Resource": [
"arn:aws:elasticbeanstalk:*:*:application/*",
"arn:aws:elasticbeanstalk:*:*:environment/*"
],
"Sid": "ElasticBeanstalkHealthAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJQDLBRSJVKVF4JMSK",
"PolicyName": "AWSElasticBeanstalkWorkerTier",
"UpdateDate": "2020-09-09T19:53:40+00:00",
"VersionId": "v6"
},
"AWSElasticLoadBalancingClassicServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticLoadBalancingClassicServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-09-19T22:36:18+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeAddresses",
"ec2:DescribeInstances",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcs",
"ec2:DescribeInternetGateways",
"ec2:DescribeAccountAttributes",
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeVpcClassicLink",
"ec2:CreateSecurityGroup",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:AssociateAddress",
"ec2:DisassociateAddress",
"ec2:AttachNetworkInterface",
"ec2:DetachNetworkInterface",
"ec2:AssignPrivateIpAddresses",
"ec2:AssignIpv6Addresses",
"ec2:UnassignIpv6Addresses"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIUMWW3QP7DPZPNVU4",
"PolicyName": "AWSElasticLoadBalancingClassicServiceRolePolicy",
"UpdateDate": "2019-10-07T23:04:27+00:00",
"VersionId": "v2"
},
"AWSElasticLoadBalancingServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticLoadBalancingServiceRolePolicy",
"AttachmentCount": 1,
"CreateDate": "2017-09-19T22:19:04+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeAddresses",
"ec2:DescribeCoipPools",
"ec2:DescribeInstances",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcs",
"ec2:DescribeInternetGateways",
"ec2:DescribeAccountAttributes",
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeVpcClassicLink",
"ec2:CreateSecurityGroup",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:GetCoipPoolUsage",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:AllocateAddress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:AssociateAddress",
"ec2:DisassociateAddress",
"ec2:AttachNetworkInterface",
"ec2:DetachNetworkInterface",
"ec2:AssignPrivateIpAddresses",
"ec2:AssignIpv6Addresses",
"ec2:ReleaseAddress",
"ec2:UnassignIpv6Addresses",
"logs:CreateLogDelivery",
"logs:GetLogDelivery",
"logs:UpdateLogDelivery",
"logs:DeleteLogDelivery",
"logs:ListLogDeliveries",
"outposts:GetOutpostInstanceTypes"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIMHWGGSRHLOQUICJQ",
"PolicyName": "AWSElasticLoadBalancingServiceRolePolicy",
"UpdateDate": "2020-05-19T16:40:28+00:00",
"VersionId": "v6"
},
"AWSElementalMediaConvertFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSElementalMediaConvertFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-06-25T19:25:35+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"mediaconvert:*",
"s3:ListAllMyBuckets",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"mediaconvert.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIXDREOCL6LV7RBJWC",
"PolicyName": "AWSElementalMediaConvertFullAccess",
"UpdateDate": "2019-06-10T22:52:25+00:00",
"VersionId": "v2"
},
"AWSElementalMediaConvertReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AWSElementalMediaConvertReadOnly",
"AttachmentCount": 0,
"CreateDate": "2018-06-25T19:25:14+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"mediaconvert:Get*",
"mediaconvert:List*",
"mediaconvert:DescribeEndpoints",
"s3:ListAllMyBuckets",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJSXYOBSLJN3JEDO42",
"PolicyName": "AWSElementalMediaConvertReadOnly",
"UpdateDate": "2019-06-10T22:52:18+00:00",
"VersionId": "v2"
},
"AWSElementalMediaLiveFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSElementalMediaLiveFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-07-08T17:07:14+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": {
"Action": "medialive:*",
"Effect": "Allow",
"Resource": "*"
},
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4K5KSJBKUE",
"PolicyName": "AWSElementalMediaLiveFullAccess",
"UpdateDate": "2020-07-08T17:07:14+00:00",
"VersionId": "v1"
},
"AWSElementalMediaLiveReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AWSElementalMediaLiveReadOnly",
"AttachmentCount": 0,
"CreateDate": "2020-07-08T16:38:07+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": {
"Action": [
"medialive:List*",
"medialive:Describe*"
],
"Effect": "Allow",
"Resource": "*"
},
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4L7DTGZPRO",
"PolicyName": "AWSElementalMediaLiveReadOnly",
"UpdateDate": "2020-07-08T16:38:07+00:00",
"VersionId": "v1"
},
"AWSElementalMediaPackageFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSElementalMediaPackageFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-12-29T23:39:52+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": {
"Action": "mediapackage:*",
"Effect": "Allow",
"Resource": "*"
},
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIYI6IYR3JRFAVNQHC",
"PolicyName": "AWSElementalMediaPackageFullAccess",
"UpdateDate": "2017-12-29T23:39:52+00:00",
"VersionId": "v1"
},
"AWSElementalMediaPackageReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AWSElementalMediaPackageReadOnly",
"AttachmentCount": 0,
"CreateDate": "2017-12-30T00:04:29+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": {
"Action": [
"mediapackage:List*",
"mediapackage:Describe*"
],
"Effect": "Allow",
"Resource": "*"
},
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ42DVTPUHKXNYZQCO",
"PolicyName": "AWSElementalMediaPackageReadOnly",
"UpdateDate": "2017-12-30T00:04:29+00:00",
"VersionId": "v1"
},
"AWSElementalMediaStoreFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSElementalMediaStoreFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-03-05T23:15:31+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"mediastore:*"
],
"Condition": {
"Bool": {
"aws:SecureTransport": "true"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJZFYFW2QXSNK7OH6Y",
"PolicyName": "AWSElementalMediaStoreFullAccess",
"UpdateDate": "2018-03-05T23:15:31+00:00",
"VersionId": "v1"
},
"AWSElementalMediaStoreReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AWSElementalMediaStoreReadOnly",
"AttachmentCount": 0,
"CreateDate": "2018-03-08T19:48:22+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"mediastore:Get*",
"mediastore:List*",
"mediastore:Describe*"
],
"Condition": {
"Bool": {
"aws:SecureTransport": "true"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI4EFXRATQYOFTAEFM",
"PolicyName": "AWSElementalMediaStoreReadOnly",
"UpdateDate": "2018-03-08T19:48:22+00:00",
"VersionId": "v1"
},
"AWSEnhancedClassicNetworkingMangementPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEnhancedClassicNetworkingMangementPolicy",
"AttachmentCount": 0,
"CreateDate": "2017-09-20T17:29:09+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeSecurityGroups"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI7T4V2HZTS72QVO52",
"PolicyName": "AWSEnhancedClassicNetworkingMangementPolicy",
"UpdateDate": "2017-09-20T17:29:09+00:00",
"VersionId": "v1"
},
"AWSFMAdminFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSFMAdminFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-05-09T18:06:18+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"fms:*",
"waf:*",
"waf-regional:*",
"elasticloadbalancing:SetWebACL",
"organizations:DescribeOrganization"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJLAGM5X6WSNPF4EAQ",
"PolicyName": "AWSFMAdminFullAccess",
"UpdateDate": "2018-05-09T18:06:18+00:00",
"VersionId": "v1"
},
"AWSFMAdminReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSFMAdminReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-05-09T20:07:39+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"fms:Get*",
"fms:List*",
"waf:Get*",
"waf:List*",
"waf-regional:Get*",
"waf-regional:List*",
"organizations:DescribeOrganization"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJA3UKVVBN62QFIKLW",
"PolicyName": "AWSFMAdminReadOnlyAccess",
"UpdateDate": "2018-05-09T20:07:39+00:00",
"VersionId": "v1"
},
"AWSFMMemberReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSFMMemberReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-05-09T21:05:29+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"fms:GetAdminAccount",
"waf:Get*",
"waf:List*",
"waf-regional:Get*",
"waf-regional:List*",
"organizations:DescribeOrganization"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIB2IVAQ4XXNHHA3DW",
"PolicyName": "AWSFMMemberReadOnlyAccess",
"UpdateDate": "2018-05-09T21:05:29+00:00",
"VersionId": "v1"
},
"AWSForWordPressPluginPolicy": {
"Arn": "arn:aws:iam::aws:policy/AWSForWordPressPluginPolicy",
"AttachmentCount": 0,
"CreateDate": "2019-10-30T00:27:46+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"polly:SynthesizeSpeech",
"polly:DescribeVoices",
"translate:TranslateText"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "Permissions1"
},
{
"Action": [
"s3:ListBucket",
"s3:GetBucketAcl",
"s3:GetBucketPolicy",
"s3:PutObject",
"s3:DeleteObject",
"s3:CreateBucket",
"s3:PutObjectAcl"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::audio_for_wordpress*",
"arn:aws:s3:::audio-for-wordpress*"
],
"Sid": "Permissions2"
},
{
"Action": [
"acm:AddTagsToCertificate",
"acm:DescribeCertificate",
"acm:RequestCertificate",
"cloudformation:CreateStack",
"cloudfront:ListDistributions"
],
"Condition": {
"StringEquals": {
"aws:RequestedRegion": "us-east-1"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "Permissions3"
},
{
"Action": [
"acm:DeleteCertificate",
"cloudformation:DeleteStack",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResources",
"cloudformation:UpdateStack",
"cloudfront:CreateDistribution",
"cloudfront:CreateInvalidation",
"cloudfront:DeleteDistribution",
"cloudfront:GetDistribution",
"cloudfront:GetInvalidation",
"cloudfront:TagResource",
"cloudfront:UpdateDistribution"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/createdBy": "AWSForWordPressPlugin"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "Permissions4"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4KEKYXDWNJ",
"PolicyName": "AWSForWordPressPluginPolicy",
"UpdateDate": "2020-01-20T23:20:47+00:00",
"VersionId": "v2"
},
"AWSGlobalAcceleratorSLRPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSGlobalAcceleratorSLRPolicy",
"AttachmentCount": 0,
"CreateDate": "2019-04-05T19:39:13+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeInstances",
"ec2:DescribeInternetGateways",
"ec2:DescribeSubnets",
"ec2:DescribeRegions",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DeleteNetworkInterface"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:DeleteSecurityGroup",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/AWSServiceName": "GlobalAccelerator"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateSecurityGroup",
"ec2:DescribeSecurityGroups"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "elasticloadbalancing:DescribeLoadBalancers",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:network-interface/*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4EJ5ZEQR2C",
"PolicyName": "AWSGlobalAcceleratorSLRPolicy",
"UpdateDate": "2021-05-19T17:10:49+00:00",
"VersionId": "v5"
},
"AWSGlueConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSGlueConsoleFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-08-14T13:37:39+00:00",
"DefaultVersionId": "v12",
"Document": {
"Statement": [
{
"Action": [
"glue:*",
"redshift:DescribeClusters",
"redshift:DescribeClusterSubnetGroups",
"iam:ListRoles",
"iam:ListUsers",
"iam:ListGroups",
"iam:ListRolePolicies",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:ListAttachedRolePolicies",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeRouteTables",
"ec2:DescribeVpcAttribute",
"ec2:DescribeKeyPairs",
"ec2:DescribeInstances",
"ec2:DescribeImages",
"rds:DescribeDBInstances",
"rds:DescribeDBClusters",
"rds:DescribeDBSubnetGroups",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"cloudformation:DescribeStacks",
"cloudformation:GetTemplateSummary",
"dynamodb:ListTables",
"kms:ListAliases",
"kms:DescribeKey",
"cloudwatch:GetMetricData",
"cloudwatch:ListDashboards"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-glue-*/*",
"arn:aws:s3:::*/*aws-glue-*/*",
"arn:aws:s3:::aws-glue-*"
]
},
{
"Action": [
"tag:GetResources"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:CreateBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-glue-*"
]
},
{
"Action": [
"logs:GetLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:/aws-glue/*"
]
},
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:DeleteStack"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudformation:*:*:stack/aws-glue*/*"
},
{
"Action": [
"ec2:RunInstances"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:key-pair/*",
"arn:aws:ec2:*:*:image/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:volume/*"
]
},
{
"Action": [
"ec2:TerminateInstances",
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/aws:cloudformation:logical-id": "ZeppelinInstance"
},
"StringLike": {
"ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/aws-glue-*/*"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"glue.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/AWSGlueServiceRole*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"ec2.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/AWSGlueServiceNotebookRole*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"glue.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/service-role/AWSGlueServiceRole*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJNZGDEOD7MISOVSVI",
"PolicyName": "AWSGlueConsoleFullAccess",
"UpdateDate": "2019-02-11T19:49:01+00:00",
"VersionId": "v12"
},
"AWSGlueConsoleSageMakerNotebookFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSGlueConsoleSageMakerNotebookFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-10-05T17:52:35+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"glue:*",
"redshift:DescribeClusters",
"redshift:DescribeClusterSubnetGroups",
"iam:ListRoles",
"iam:ListRolePolicies",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:ListAttachedRolePolicies",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeRouteTables",
"ec2:DescribeVpcAttribute",
"ec2:DescribeKeyPairs",
"ec2:DescribeInstances",
"ec2:DescribeImages",
"ec2:CreateNetworkInterface",
"ec2:AttachNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DeleteNetworkInterface",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInternetGateways",
"ec2:DescribeNetworkInterfaces",
"rds:DescribeDBInstances",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"cloudformation:DescribeStacks",
"cloudformation:GetTemplateSummary",
"dynamodb:ListTables",
"kms:ListAliases",
"kms:DescribeKey",
"sagemaker:ListNotebookInstances",
"cloudformation:ListStacks",
"cloudwatch:GetMetricData",
"cloudwatch:ListDashboards"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-glue-*/*",
"arn:aws:s3:::*/*aws-glue-*/*",
"arn:aws:s3:::aws-glue-*"
]
},
{
"Action": [
"s3:CreateBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-glue-*"
]
},
{
"Action": [
"logs:GetLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:/aws-glue/*"
]
},
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:DeleteStack"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudformation:*:*:stack/aws-glue*/*"
},
{
"Action": [
"sagemaker:CreatePresignedNotebookInstanceUrl",
"sagemaker:CreateNotebookInstance",
"sagemaker:DeleteNotebookInstance",
"sagemaker:DescribeNotebookInstance",
"sagemaker:StartNotebookInstance",
"sagemaker:StopNotebookInstance",
"sagemaker:UpdateNotebookInstance",
"sagemaker:ListTags"
],
"Effect": "Allow",
"Resource": "arn:aws:sagemaker:*:*:notebook-instance/aws-glue-*"
},
{
"Action": [
"sagemaker:DescribeNotebookInstanceLifecycleConfig",
"sagemaker:CreateNotebookInstanceLifecycleConfig",
"sagemaker:DeleteNotebookInstanceLifecycleConfig",
"sagemaker:ListNotebookInstanceLifecycleConfigs"
],
"Effect": "Allow",
"Resource": "arn:aws:sagemaker:*:*:notebook-instance-lifecycle-config/aws-glue-*"
},
{
"Action": [
"ec2:RunInstances"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:key-pair/*",
"arn:aws:ec2:*:*:image/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:volume/*"
]
},
{
"Action": [
"ec2:TerminateInstances",
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/aws:cloudformation:logical-id": "ZeppelinInstance"
},
"StringLike": {
"ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/aws-glue-*/*"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": [
"tag:GetResources"
],
"Condition": {
"StringEquals": {
"aws:TagKeys": "aws-glue-*"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"glue.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/AWSGlueServiceRole*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"ec2.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/AWSGlueServiceNotebookRole*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"sagemaker.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/AWSGlueServiceSageMakerNotebookRole*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"glue.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/service-role/AWSGlueServiceRole*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJELFOHJC42QS3ZSYY",
"PolicyName": "AWSGlueConsoleSageMakerNotebookFullAccess",
"UpdateDate": "2019-09-26T17:14:11+00:00",
"VersionId": "v2"
},
"AWSGlueDataBrewServiceRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSGlueDataBrewServiceRole",
"AttachmentCount": 0,
"CreateDate": "2020-12-04T21:26:50+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"glue:GetDatabases",
"glue:GetPartitions",
"glue:GetTable",
"glue:GetTables",
"glue:GetConnection"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::databrew-public-datasets-*"
]
},
{
"Action": [
"ec2:DescribeVpcEndpoints",
"ec2:DescribeRouteTables",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:CreateNetworkInterface"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "ec2:DeleteNetworkInterface",
"Condition": {
"StringLike": {
"aws:ResourceTag/aws-glue-service-resource": "*"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"aws-glue-service-resource"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:security-group/*"
]
},
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws-glue-databrew/*"
]
},
{
"Action": [
"lakeformation:GetDataAccess"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4HSXDEANHC",
"PolicyName": "AWSGlueDataBrewServiceRole",
"UpdateDate": "2020-12-04T21:26:50+00:00",
"VersionId": "v1"
},
"AWSGlueSchemaRegistryFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSGlueSchemaRegistryFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-11-20T00:19:00+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"glue:CreateRegistry",
"glue:UpdateRegistry",
"glue:DeleteRegistry",
"glue:GetRegistry",
"glue:ListRegistries",
"glue:CreateSchema",
"glue:UpdateSchema",
"glue:DeleteSchema",
"glue:GetSchema",
"glue:ListSchemas",
"glue:RegisterSchemaVersion",
"glue:DeleteSchemaVersions",
"glue:GetSchemaByDefinition",
"glue:GetSchemaVersion",
"glue:GetSchemaVersionsDiff",
"glue:ListSchemaVersions",
"glue:CheckSchemaVersionValidity",
"glue:PutSchemaVersionMetadata",
"glue:RemoveSchemaVersionMetadata",
"glue:QuerySchemaVersionMetadata"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "AWSGlueSchemaRegistryFullAccess"
},
{
"Action": [
"glue:GetTags",
"glue:TagResource",
"glue:UnTagResource"
],
"Effect": "Allow",
"Resource": [
"arn:aws:glue:*:*:schema/*",
"arn:aws:glue:*:*:registry/*"
],
"Sid": "AWSGlueSchemaRegistryTagsFullAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4H2OHGXA4A",
"PolicyName": "AWSGlueSchemaRegistryFullAccess",
"UpdateDate": "2020-11-20T00:19:00+00:00",
"VersionId": "v1"
},
"AWSGlueSchemaRegistryReadonlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSGlueSchemaRegistryReadonlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-11-20T00:20:06+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"glue:GetRegistry",
"glue:ListRegistries",
"glue:GetSchema",
"glue:ListSchemas",
"glue:GetSchemaByDefinition",
"glue:GetSchemaVersion",
"glue:ListSchemaVersions",
"glue:GetSchemaVersionsDiff",
"glue:CheckSchemaVersionValidity",
"glue:QuerySchemaVersionMetadata",
"glue:GetTags"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "AWSGlueSchemaRegistryReadonlyAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4B2SFYL4LZ",
"PolicyName": "AWSGlueSchemaRegistryReadonlyAccess",
"UpdateDate": "2020-11-20T00:20:06+00:00",
"VersionId": "v1"
},
"AWSGlueServiceNotebookRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSGlueServiceNotebookRole",
"AttachmentCount": 0,
"CreateDate": "2017-08-14T13:37:42+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"glue:CreateDatabase",
"glue:CreatePartition",
"glue:CreateTable",
"glue:DeleteDatabase",
"glue:DeletePartition",
"glue:DeleteTable",
"glue:GetDatabase",
"glue:GetDatabases",
"glue:GetPartition",
"glue:GetPartitions",
"glue:GetTable",
"glue:GetTableVersions",
"glue:GetTables",
"glue:UpdateDatabase",
"glue:UpdatePartition",
"glue:UpdateTable",
"glue:CreateConnection",
"glue:CreateJob",
"glue:DeleteConnection",
"glue:DeleteJob",
"glue:GetConnection",
"glue:GetConnections",
"glue:GetDevEndpoint",
"glue:GetDevEndpoints",
"glue:GetJob",
"glue:GetJobs",
"glue:UpdateJob",
"glue:BatchDeleteConnection",
"glue:UpdateConnection",
"glue:GetUserDefinedFunction",
"glue:UpdateUserDefinedFunction",
"glue:GetUserDefinedFunctions",
"glue:DeleteUserDefinedFunction",
"glue:CreateUserDefinedFunction",
"glue:BatchGetPartition",
"glue:BatchDeletePartition",
"glue:BatchCreatePartition",
"glue:BatchDeleteTable",
"glue:UpdateDevEndpoint",
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListAllMyBuckets",
"s3:GetBucketAcl"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::crawler-public*",
"arn:aws:s3:::aws-glue*"
]
},
{
"Action": [
"s3:PutObject",
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-glue*"
]
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"aws-glue-service-resource"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:instance/*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIMRC6VZUHJYCTKWFI",
"PolicyName": "AWSGlueServiceNotebookRole",
"UpdateDate": "2019-10-07T18:05:54+00:00",
"VersionId": "v3"
},
"AWSGlueServiceRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole",
"AttachmentCount": 0,
"CreateDate": "2017-08-14T13:37:21+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"glue:*",
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListAllMyBuckets",
"s3:GetBucketAcl",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeRouteTables",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"iam:ListRolePolicies",
"iam:GetRole",
"iam:GetRolePolicy",
"cloudwatch:PutMetricData"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:CreateBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-glue-*"
]
},
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-glue-*/*",
"arn:aws:s3:::*/*aws-glue-*/*"
]
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::crawler-public*",
"arn:aws:s3:::aws-glue-*"
]
},
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:/aws-glue/*"
]
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"aws-glue-service-resource"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:instance/*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIRUJCPEBPMEZFAS32",
"PolicyName": "AWSGlueServiceRole",
"UpdateDate": "2018-06-25T18:23:09+00:00",
"VersionId": "v4"
},
"AWSGrafanaAccountAdministrator": {
"Arn": "arn:aws:iam::aws:policy/AWSGrafanaAccountAdministrator",
"AttachmentCount": 0,
"CreateDate": "2021-02-23T00:20:38+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AWSGrafanaOrganizationAdmin"
},
{
"Action": "iam:GetRole",
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/*",
"Sid": "GrafanaIAMGetRolePermission"
},
{
"Action": [
"grafana:*"
],
"Effect": "Allow",
"Resource": "arn:aws:grafana:*:*:/workspaces*",
"Sid": "AWSGrafanaPermissions"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": "grafana.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/*",
"Sid": "GrafanaIAMPassRolePermission"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "sso.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO",
"Sid": "SSOSLRPermission"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4KHVCM25DH",
"PolicyName": "AWSGrafanaAccountAdministrator",
"UpdateDate": "2021-02-23T00:20:38+00:00",
"VersionId": "v1"
},
"AWSGrafanaConsoleReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSGrafanaConsoleReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2021-02-23T00:10:40+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"grafana:DescribeWorkspace",
"grafana:ListPermissions",
"grafana:ListWorkspaces"
],
"Effect": "Allow",
"Resource": "arn:aws:grafana:*:*:/workspaces*",
"Sid": "AWSGrafanaConsoleReadOnlyAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4OHSWBMKNF",
"PolicyName": "AWSGrafanaConsoleReadOnlyAccess",
"UpdateDate": "2021-02-23T00:10:40+00:00",
"VersionId": "v1"
},
"AWSGrafanaWorkspacePermissionManagement": {
"Arn": "arn:aws:iam::aws:policy/AWSGrafanaWorkspacePermissionManagement",
"AttachmentCount": 0,
"CreateDate": "2021-02-23T00:15:54+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"grafana:DescribeWorkspace",
"grafana:UpdatePermissions",
"grafana:ListPermissions",
"grafana:ListWorkspaces"
],
"Effect": "Allow",
"Resource": "arn:aws:grafana:*:*:/workspaces*",
"Sid": "AWSGrafanaPermissions"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4G37QQNGZW",
"PolicyName": "AWSGrafanaWorkspacePermissionManagement",
"UpdateDate": "2021-02-23T00:15:54+00:00",
"VersionId": "v1"
},
"AWSGreengrassFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSGreengrassFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-05-03T00:47:37+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"greengrass:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJWPV6OBK4QONH4J3O",
"PolicyName": "AWSGreengrassFullAccess",
"UpdateDate": "2017-05-03T00:47:37+00:00",
"VersionId": "v1"
},
"AWSGreengrassReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSGreengrassReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-10-30T16:01:43+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"greengrass:List*",
"greengrass:Get*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJLSKLXFVTQTZ5GY3I",
"PolicyName": "AWSGreengrassReadOnlyAccess",
"UpdateDate": "2018-10-30T16:01:43+00:00",
"VersionId": "v1"
},
"AWSGreengrassResourceAccessRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSGreengrassResourceAccessRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-02-14T21:17:24+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"iot:DeleteThingShadow",
"iot:GetThingShadow",
"iot:UpdateThingShadow"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:*:*:thing/GG_*",
"arn:aws:iot:*:*:thing/*-gcm",
"arn:aws:iot:*:*:thing/*-gda",
"arn:aws:iot:*:*:thing/*-gci"
],
"Sid": "AllowGreengrassAccessToShadows"
},
{
"Action": [
"iot:DescribeThing"
],
"Effect": "Allow",
"Resource": "arn:aws:iot:*:*:thing/*",
"Sid": "AllowGreengrassToDescribeThings"
},
{
"Action": [
"iot:DescribeCertificate"
],
"Effect": "Allow",
"Resource": "arn:aws:iot:*:*:cert/*",
"Sid": "AllowGreengrassToDescribeCertificates"
},
{
"Action": [
"greengrass:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowGreengrassToCallGreengrassServices"
},
{
"Action": [
"lambda:GetFunction",
"lambda:GetFunctionConfiguration"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowGreengrassToGetLambdaFunctions"
},
{
"Action": [
"secretsmanager:GetSecretValue"
],
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:*:*:secret:greengrass-*",
"Sid": "AllowGreengrassToGetGreengrassSecrets"
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*Greengrass*",
"arn:aws:s3:::*GreenGrass*",
"arn:aws:s3:::*greengrass*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*sagemaker*"
],
"Sid": "AllowGreengrassAccessToS3Objects"
},
{
"Action": [
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowGreengrassAccessToS3BucketLocation"
},
{
"Action": [
"sagemaker:DescribeTrainingJob"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sagemaker:*:*:training-job/*"
],
"Sid": "AllowGreengrassAccessToSageMakerTrainingJobs"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJPKEIMB6YMXDEVRTM",
"PolicyName": "AWSGreengrassResourceAccessRolePolicy",
"UpdateDate": "2018-11-14T00:35:02+00:00",
"VersionId": "v5"
},
"AWSHealthFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSHealthFullAccess",
"AttachmentCount": 0,
"CreateDate": "2016-12-06T12:30:31+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"organizations:EnableAWSServiceAccess",
"organizations:DisableAWSServiceAccess"
],
"Condition": {
"StringEquals": {
"organizations:ServicePrincipal": "health.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"health:*",
"organizations:ListAccounts",
"organizations:ListParents",
"organizations:DescribeAccount",
"organizations:ListDelegatedAdministrators"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "health.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI3CUMPCPEUPCSXC4Y",
"PolicyName": "AWSHealthFullAccess",
"UpdateDate": "2020-11-16T18:11:34+00:00",
"VersionId": "v3"
},
"AWSIQContractServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSIQContractServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-08-22T19:28:39+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"aws-marketplace:Subscribe"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4E26ATDUIP",
"PolicyName": "AWSIQContractServiceRolePolicy",
"UpdateDate": "2019-08-22T19:28:39+00:00",
"VersionId": "v1"
},
"AWSIQFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIQFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-04-04T23:13:42+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"iq:*",
"iq-permission:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"permission.iq.amazonaws.com",
"contract.iq.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4P4TAHETXT",
"PolicyName": "AWSIQFullAccess",
"UpdateDate": "2019-09-25T20:22:34+00:00",
"VersionId": "v2"
},
"AWSIQPermissionServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSIQPermissionServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-08-22T19:36:29+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iam:DeleteRole",
"iam:ListAttachedRolePolicies"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/AWSIQPermission-*"
},
{
"Action": [
"iam:AttachRolePolicy"
],
"Condition": {
"ArnEquals": {
"iam:PolicyARN": "arn:aws:iam::aws:policy/AWSDenyAll"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/AWSIQPermission-*"
},
{
"Action": [
"iam:DetachRolePolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/AWSIQPermission-*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4J77DMGFZ5",
"PolicyName": "AWSIQPermissionServiceRolePolicy",
"UpdateDate": "2019-08-22T19:36:29+00:00",
"VersionId": "v1"
},
"AWSImageBuilderFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSImageBuilderFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-12-20T18:25:12+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"imagebuilder:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:*imagebuilder*"
},
{
"Action": [
"license-manager:ListLicenseConfigurations",
"license-manager:ListLicenseSpecificationsForResource"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:GetRole"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder"
},
{
"Action": [
"iam:GetInstanceProfile"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:instance-profile/*imagebuilder*"
},
{
"Action": [
"iam:ListInstanceProfiles",
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "ec2.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:instance-profile/*imagebuilder*",
"arn:aws:iam::*:role/*imagebuilder*"
]
},
{
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "arn:aws:s3::*:*imagebuilder*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "imagebuilder.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder"
},
{
"Action": [
"ec2:DescribeImages",
"ec2:DescribeSnapshots",
"ec2:DescribeVpcs",
"ec2:DescribeRegions",
"ec2:DescribeVolumes",
"ec2:DescribeSubnets",
"ec2:DescribeKeyPairs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeInstanceTypeOfferings",
"ec2:DescribeLaunchTemplates"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4EO4HCSNZH",
"PolicyName": "AWSImageBuilderFullAccess",
"UpdateDate": "2021-04-13T17:33:42+00:00",
"VersionId": "v2"
},
"AWSImageBuilderReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSImageBuilderReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-12-19T22:29:23+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"imagebuilder:Get*",
"imagebuilder:List*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:GetRole"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4OD5TC5BXP",
"PolicyName": "AWSImageBuilderReadOnlyAccess",
"UpdateDate": "2019-12-19T22:29:23+00:00",
"VersionId": "v1"
},
"AWSImportExportFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSImportExportFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:43+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"importexport:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJCQCT4JGTLC6722MQ",
"PolicyName": "AWSImportExportFullAccess",
"UpdateDate": "2015-02-06T18:40:43+00:00",
"VersionId": "v1"
},
"AWSImportExportReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSImportExportReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:42+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"importexport:ListJobs",
"importexport:GetStatus"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJNTV4OG52ESYZHCNK",
"PolicyName": "AWSImportExportReadOnlyAccess",
"UpdateDate": "2015-02-06T18:40:42+00:00",
"VersionId": "v1"
},
"AWSIncidentManagerResolverAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIncidentManagerResolverAccess",
"AttachmentCount": 0,
"CreateDate": "2021-05-10T06:12:34+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ssm-incidents:StartIncident"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "StartIncidentPermissions"
},
{
"Action": [
"ssm-incidents:ListResponsePlans",
"ssm-incidents:GetResponsePlan"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ResponsePlanReadOnlyPermissions"
},
{
"Action": [
"ssm-incidents:ListIncidentRecords",
"ssm-incidents:GetIncidentRecord",
"ssm-incidents:UpdateIncidentRecord",
"ssm-incidents:ListTimelineEvents",
"ssm-incidents:CreateTimelineEvent",
"ssm-incidents:GetTimelineEvent",
"ssm-incidents:UpdateTimelineEvent",
"ssm-incidents:DeleteTimelineEvent",
"ssm-incidents:ListRelatedItems",
"ssm-incidents:UpdateRelatedItems"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "IncidentRecordResolverPermissions"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4EQ4SDPENY",
"PolicyName": "AWSIncidentManagerResolverAccess",
"UpdateDate": "2021-05-10T06:12:34+00:00",
"VersionId": "v1"
},
"AWSIncidentManagerServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSIncidentManagerServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2021-05-10T03:34:45+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ssm-incidents:ListIncidentRecords",
"ssm-incidents:CreateTimelineEvent"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "UpdateIncidentRecordPermissions"
},
{
"Action": [
"ssm:CreateOpsItem",
"ssm:AssociateOpsItemRelatedItem"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "RelatedOpsItemPermissions"
},
{
"Action": "ssm-contacts:StartEngagement",
"Effect": "Allow",
"Resource": "*",
"Sid": "IncidentEngagementPermissions"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4INCMTEIEV",
"PolicyName": "AWSIncidentManagerServiceRolePolicy",
"UpdateDate": "2021-05-10T03:34:45+00:00",
"VersionId": "v1"
},
"AWSIoT1ClickFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoT1ClickFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-05-11T22:10:14+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iot1click:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJPQNJPDUDESCCAMIA",
"PolicyName": "AWSIoT1ClickFullAccess",
"UpdateDate": "2018-05-11T22:10:14+00:00",
"VersionId": "v1"
},
"AWSIoT1ClickReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoT1ClickReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-05-11T21:49:24+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iot1click:Describe*",
"iot1click:Get*",
"iot1click:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI35VTLD3EBNY2JGXS",
"PolicyName": "AWSIoT1ClickReadOnlyAccess",
"UpdateDate": "2018-05-11T21:49:24+00:00",
"VersionId": "v1"
},
"AWSIoTAnalyticsFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTAnalyticsFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-06-18T23:02:45+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iotanalytics:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ7FB5ZEKQN445QGKY",
"PolicyName": "AWSIoTAnalyticsFullAccess",
"UpdateDate": "2018-06-18T23:02:45+00:00",
"VersionId": "v1"
},
"AWSIoTAnalyticsReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTAnalyticsReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-06-18T21:37:49+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iotanalytics:Describe*",
"iotanalytics:List*",
"iotanalytics:Get*",
"iotanalytics:SampleChannelData"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ3Z4LYBELMXGFLGMI",
"PolicyName": "AWSIoTAnalyticsReadOnlyAccess",
"UpdateDate": "2018-06-18T21:37:49+00:00",
"VersionId": "v1"
},
"AWSIoTConfigAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTConfigAccess",
"AttachmentCount": 0,
"CreateDate": "2015-10-27T21:52:07+00:00",
"DefaultVersionId": "v9",
"Document": {
"Statement": [
{
"Action": [
"iot:AcceptCertificateTransfer",
"iot:AddThingToThingGroup",
"iot:AssociateTargetsWithJob",
"iot:AttachPolicy",
"iot:AttachPrincipalPolicy",
"iot:AttachThingPrincipal",
"iot:CancelCertificateTransfer",
"iot:CancelJob",
"iot:CancelJobExecution",
"iot:ClearDefaultAuthorizer",
"iot:CreateAuthorizer",
"iot:CreateCertificateFromCsr",
"iot:CreateJob",
"iot:CreateKeysAndCertificate",
"iot:CreateOTAUpdate",
"iot:CreatePolicy",
"iot:CreatePolicyVersion",
"iot:CreateRoleAlias",
"iot:CreateStream",
"iot:CreateThing",
"iot:CreateThingGroup",
"iot:CreateThingType",
"iot:CreateTopicRule",
"iot:DeleteAuthorizer",
"iot:DeleteCACertificate",
"iot:DeleteCertificate",
"iot:DeleteJob",
"iot:DeleteJobExecution",
"iot:DeleteOTAUpdate",
"iot:DeletePolicy",
"iot:DeletePolicyVersion",
"iot:DeleteRegistrationCode",
"iot:DeleteRoleAlias",
"iot:DeleteStream",
"iot:DeleteThing",
"iot:DeleteThingGroup",
"iot:DeleteThingType",
"iot:DeleteTopicRule",
"iot:DeleteV2LoggingLevel",
"iot:DeprecateThingType",
"iot:DescribeAuthorizer",
"iot:DescribeCACertificate",
"iot:DescribeCertificate",
"iot:DescribeDefaultAuthorizer",
"iot:DescribeEndpoint",
"iot:DescribeEventConfigurations",
"iot:DescribeIndex",
"iot:DescribeJob",
"iot:DescribeJobExecution",
"iot:DescribeRoleAlias",
"iot:DescribeStream",
"iot:DescribeThing",
"iot:DescribeThingGroup",
"iot:DescribeThingRegistrationTask",
"iot:DescribeThingType",
"iot:DetachPolicy",
"iot:DetachPrincipalPolicy",
"iot:DetachThingPrincipal",
"iot:DisableTopicRule",
"iot:EnableTopicRule",
"iot:GetEffectivePolicies",
"iot:GetIndexingConfiguration",
"iot:GetJobDocument",
"iot:GetLoggingOptions",
"iot:GetOTAUpdate",
"iot:GetPolicy",
"iot:GetPolicyVersion",
"iot:GetRegistrationCode",
"iot:GetTopicRule",
"iot:GetV2LoggingOptions",
"iot:ListAttachedPolicies",
"iot:ListAuthorizers",
"iot:ListCACertificates",
"iot:ListCertificates",
"iot:ListCertificatesByCA",
"iot:ListIndices",
"iot:ListJobExecutionsForJob",
"iot:ListJobExecutionsForThing",
"iot:ListJobs",
"iot:ListOTAUpdates",
"iot:ListOutgoingCertificates",
"iot:ListPolicies",
"iot:ListPolicyPrincipals",
"iot:ListPolicyVersions",
"iot:ListPrincipalPolicies",
"iot:ListPrincipalThings",
"iot:ListRoleAliases",
"iot:ListStreams",
"iot:ListTargetsForPolicy",
"iot:ListThingGroups",
"iot:ListThingGroupsForThing",
"iot:ListThingPrincipals",
"iot:ListThingRegistrationTaskReports",
"iot:ListThingRegistrationTasks",
"iot:ListThings",
"iot:ListThingsInThingGroup",
"iot:ListThingTypes",
"iot:ListTopicRules",
"iot:ListV2LoggingLevels",
"iot:RegisterCACertificate",
"iot:RegisterCertificate",
"iot:RegisterThing",
"iot:RejectCertificateTransfer",
"iot:RemoveThingFromThingGroup",
"iot:ReplaceTopicRule",
"iot:SearchIndex",
"iot:SetDefaultAuthorizer",
"iot:SetDefaultPolicyVersion",
"iot:SetLoggingOptions",
"iot:SetV2LoggingLevel",
"iot:SetV2LoggingOptions",
"iot:StartThingRegistrationTask",
"iot:StopThingRegistrationTask",
"iot:TestAuthorization",
"iot:TestInvokeAuthorizer",
"iot:TransferCertificate",
"iot:UpdateAuthorizer",
"iot:UpdateCACertificate",
"iot:UpdateCertificate",
"iot:UpdateEventConfigurations",
"iot:UpdateIndexingConfiguration",
"iot:UpdateRoleAlias",
"iot:UpdateStream",
"iot:UpdateThing",
"iot:UpdateThingGroup",
"iot:UpdateThingGroupsForThing",
"iot:UpdateAccountAuditConfiguration",
"iot:DescribeAccountAuditConfiguration",
"iot:DeleteAccountAuditConfiguration",
"iot:StartOnDemandAuditTask",
"iot:CancelAuditTask",
"iot:DescribeAuditTask",
"iot:ListAuditTasks",
"iot:CreateScheduledAudit",
"iot:UpdateScheduledAudit",
"iot:DeleteScheduledAudit",
"iot:DescribeScheduledAudit",
"iot:ListScheduledAudits",
"iot:ListAuditFindings",
"iot:CreateSecurityProfile",
"iot:DescribeSecurityProfile",
"iot:UpdateSecurityProfile",
"iot:DeleteSecurityProfile",
"iot:AttachSecurityProfile",
"iot:DetachSecurityProfile",
"iot:ListSecurityProfiles",
"iot:ListSecurityProfilesForTarget",
"iot:ListTargetsForSecurityProfile",
"iot:ListActiveViolations",
"iot:ListViolationEvents",
"iot:ValidateSecurityProfileBehaviors"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIWWGD4LM4EMXNRL7I",
"PolicyName": "AWSIoTConfigAccess",
"UpdateDate": "2019-09-27T20:48:00+00:00",
"VersionId": "v9"
},
"AWSIoTConfigReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTConfigReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-10-27T21:52:31+00:00",
"DefaultVersionId": "v8",
"Document": {
"Statement": [
{
"Action": [
"iot:DescribeAuthorizer",
"iot:DescribeCACertificate",
"iot:DescribeCertificate",
"iot:DescribeDefaultAuthorizer",
"iot:DescribeEndpoint",
"iot:DescribeEventConfigurations",
"iot:DescribeIndex",
"iot:DescribeJob",
"iot:DescribeJobExecution",
"iot:DescribeRoleAlias",
"iot:DescribeStream",
"iot:DescribeThing",
"iot:DescribeThingGroup",
"iot:DescribeThingRegistrationTask",
"iot:DescribeThingType",
"iot:GetEffectivePolicies",
"iot:GetIndexingConfiguration",
"iot:GetJobDocument",
"iot:GetLoggingOptions",
"iot:GetOTAUpdate",
"iot:GetPolicy",
"iot:GetPolicyVersion",
"iot:GetRegistrationCode",
"iot:GetTopicRule",
"iot:GetV2LoggingOptions",
"iot:ListAttachedPolicies",
"iot:ListAuthorizers",
"iot:ListCACertificates",
"iot:ListCertificates",
"iot:ListCertificatesByCA",
"iot:ListIndices",
"iot:ListJobExecutionsForJob",
"iot:ListJobExecutionsForThing",
"iot:ListJobs",
"iot:ListOTAUpdates",
"iot:ListOutgoingCertificates",
"iot:ListPolicies",
"iot:ListPolicyPrincipals",
"iot:ListPolicyVersions",
"iot:ListPrincipalPolicies",
"iot:ListPrincipalThings",
"iot:ListRoleAliases",
"iot:ListStreams",
"iot:ListTargetsForPolicy",
"iot:ListThingGroups",
"iot:ListThingGroupsForThing",
"iot:ListThingPrincipals",
"iot:ListThingRegistrationTaskReports",
"iot:ListThingRegistrationTasks",
"iot:ListThings",
"iot:ListThingsInThingGroup",
"iot:ListThingTypes",
"iot:ListTopicRules",
"iot:ListV2LoggingLevels",
"iot:SearchIndex",
"iot:TestAuthorization",
"iot:TestInvokeAuthorizer",
"iot:DescribeAccountAuditConfiguration",
"iot:DescribeAuditTask",
"iot:ListAuditTasks",
"iot:DescribeScheduledAudit",
"iot:ListScheduledAudits",
"iot:ListAuditFindings",
"iot:DescribeSecurityProfile",
"iot:ListSecurityProfiles",
"iot:ListSecurityProfilesForTarget",
"iot:ListTargetsForSecurityProfile",
"iot:ListActiveViolations",
"iot:ListViolationEvents",
"iot:ValidateSecurityProfileBehaviors"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJHENEMXGX4XMFOIOI",
"PolicyName": "AWSIoTConfigReadOnlyAccess",
"UpdateDate": "2019-09-27T20:52:40+00:00",
"VersionId": "v8"
},
"AWSIoTDataAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTDataAccess",
"AttachmentCount": 0,
"CreateDate": "2015-10-27T21:51:18+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"iot:Connect",
"iot:Publish",
"iot:Subscribe",
"iot:Receive",
"iot:GetThingShadow",
"iot:UpdateThingShadow",
"iot:DeleteThingShadow"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJM2KI2UJDR24XPS2K",
"PolicyName": "AWSIoTDataAccess",
"UpdateDate": "2017-11-16T18:24:11+00:00",
"VersionId": "v2"
},
"AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction",
"AttachmentCount": 0,
"CreateDate": "2019-08-07T17:55:37+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iot:ListPrincipalThings",
"iot:AddThingToThingGroup"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4HEHG3RV6B",
"PolicyName": "AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction",
"UpdateDate": "2019-08-07T17:55:37+00:00",
"VersionId": "v1"
},
"AWSIoTDeviceDefenderAudit": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderAudit",
"AttachmentCount": 0,
"CreateDate": "2018-07-18T21:17:40+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"iot:GetLoggingOptions",
"iot:GetV2LoggingOptions",
"iot:ListCACertificates",
"iot:ListCertificates",
"iot:DescribeCACertificate",
"iot:DescribeCertificate",
"iot:ListPolicies",
"iot:GetPolicy",
"iot:GetEffectivePolicies",
"iot:ListRoleAliases",
"iot:DescribeRoleAlias",
"cognito-identity:GetIdentityPoolRoles",
"iam:ListRolePolicies",
"iam:ListAttachedRolePolicies",
"iam:GetRole",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:GetRolePolicy",
"iam:GenerateServiceLastAccessedDetails",
"iam:GetServiceLastAccessedDetails"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJKUN6OAGIHZ66TRKO",
"PolicyName": "AWSIoTDeviceDefenderAudit",
"UpdateDate": "2019-11-25T23:52:43+00:00",
"VersionId": "v3"
},
"AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction",
"AttachmentCount": 0,
"CreateDate": "2019-08-07T17:04:07+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iot:SetV2LoggingOptions"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"iot.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4G34KP2NLZ",
"PolicyName": "AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction",
"UpdateDate": "2019-08-07T17:04:07+00:00",
"VersionId": "v1"
},
"AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction",
"AttachmentCount": 0,
"CreateDate": "2019-08-07T17:04:37+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4GZL2FL6JV",
"PolicyName": "AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction",
"UpdateDate": "2019-08-07T17:04:37+00:00",
"VersionId": "v1"
},
"AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction",
"AttachmentCount": 0,
"CreateDate": "2019-08-07T17:04:57+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iot:CreatePolicyVersion"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4HN4VCIBCR",
"PolicyName": "AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction",
"UpdateDate": "2019-08-07T17:04:57+00:00",
"VersionId": "v1"
},
"AWSIoTDeviceDefenderUpdateCACertMitigationAction": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderUpdateCACertMitigationAction",
"AttachmentCount": 0,
"CreateDate": "2019-08-07T17:05:49+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iot:UpdateCACertificate"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4KLBGET6KX",
"PolicyName": "AWSIoTDeviceDefenderUpdateCACertMitigationAction",
"UpdateDate": "2019-08-07T17:05:49+00:00",
"VersionId": "v1"
},
"AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction",
"AttachmentCount": 0,
"CreateDate": "2019-08-07T17:06:00+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iot:UpdateCertificate"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4KB4AHFGEB",
"PolicyName": "AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction",
"UpdateDate": "2019-08-07T17:06:00+00:00",
"VersionId": "v1"
},
"AWSIoTDeviceTesterForFreeRTOSFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTDeviceTesterForFreeRTOSFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-02-12T20:33:53+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "iot.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/idt-*",
"Sid": "VisualEditor0"
},
{
"Action": [
"iot:DeleteThing",
"iot:AttachThingPrincipal",
"iot:DeleteCertificate",
"iot:GetRegistrationCode",
"iot:CreatePolicy",
"iot:UpdateCACertificate",
"s3:ListBucket",
"iot:DescribeEndpoint",
"iot:CreateOTAUpdate",
"iot:CreateStream",
"signer:ListSigningJobs",
"acm:ListCertificates",
"iot:CreateKeysAndCertificate",
"iot:UpdateCertificate",
"iot:CreateCertificateFromCsr",
"iot:DetachThingPrincipal",
"iot:RegisterCACertificate",
"iot:CreateThing",
"freertos:ListHardwarePlatforms",
"iam:ListRoles",
"iot:RegisterCertificate",
"iot:DeleteCACertificate",
"signer:PutSigningProfile",
"s3:ListAllMyBuckets",
"signer:ListSigningPlatforms",
"iot-device-tester:SendMetrics",
"iot-device-tester:SupportedVersion",
"iot-device-tester:LatestIdt",
"iot-device-tester:CheckVersion",
"iot-device-tester:DownloadTestSuite"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "VisualEditor1"
},
{
"Action": [
"iam:GetRole",
"signer:StartSigningJob",
"acm:GetCertificate",
"signer:DescribeSigningJob",
"s3:CreateBucket",
"execute-api:Invoke",
"s3:DeleteBucket",
"s3:PutBucketVersioning",
"signer:CancelSigningProfile"
],
"Effect": "Allow",
"Resource": [
"arn:aws:execute-api:us-east-1:098862408343:9xpmnvs5h4/prod/POST/metrics",
"arn:aws:signer:*:*:/signing-profiles/*",
"arn:aws:signer:*:*:/signing-jobs/*",
"arn:aws:iam::*:role/idt-*",
"arn:aws:acm:*:*:certificate/*",
"arn:aws:s3:::idt-*",
"arn:aws:s3:::afr-ota*"
],
"Sid": "VisualEditor2"
},
{
"Action": [
"iot:DeleteStream",
"iot:DeleteCertificate",
"iot:AttachPolicy",
"iot:DetachPolicy",
"iot:DeletePolicy",
"s3:ListBucketVersions",
"iot:UpdateCertificate",
"iot:GetOTAUpdate",
"iot:DeleteOTAUpdate",
"iot:DescribeJobExecution"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::afr-ota*",
"arn:aws:iot:*:*:thinggroup/idt*",
"arn:aws:iam::*:role/idt-*"
],
"Sid": "VisualEditor3"
},
{
"Action": [
"iot:DeleteCertificate",
"iot:AttachPolicy",
"iot:DetachPolicy",
"s3:DeleteObjectVersion",
"iot:DeleteOTAUpdate",
"s3:PutObject",
"s3:GetObject",
"iot:DeleteStream",
"iot:DeletePolicy",
"s3:DeleteObject",
"iot:UpdateCertificate",
"iot:GetOTAUpdate",
"s3:GetObjectVersion",
"iot:DescribeJobExecution"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::afr-ota*/*",
"arn:aws:s3:::idt-*/*",
"arn:aws:iot:*:*:policy/idt*",
"arn:aws:iam::*:role/idt-*",
"arn:aws:iot:*:*:otaupdate/idt*",
"arn:aws:iot:*:*:thing/idt*",
"arn:aws:iot:*:*:cert/*",
"arn:aws:iot:*:*:job/*",
"arn:aws:iot:*:*:stream/*"
],
"Sid": "VisualEditor4"
},
{
"Action": [
"s3:PutObject",
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::afr-ota*/*",
"arn:aws:s3:::idt-*/*"
],
"Sid": "VisualEditor5"
},
{
"Action": [
"iot:CancelJobExecution"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:*:*:job/*",
"arn:aws:iot:*:*:thing/idt*"
],
"Sid": "VisualEditor6"
},
{
"Action": [
"ec2:TerminateInstances"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/Owner": "IoTDeviceTester"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*"
],
"Sid": "VisualEditor7"
},
{
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:DeleteSecurityGroup"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/Owner": "IoTDeviceTester"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:security-group/*"
],
"Sid": "VisualEditor8"
},
{
"Action": [
"ec2:RunInstances"
],
"Condition": {
"StringEquals": {
"aws:RequestTag/Owner": "IoTDeviceTester"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*"
],
"Sid": "VisualEditor9"
},
{
"Action": [
"ec2:RunInstances"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:image/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:key-pair/*",
"arn:aws:ec2:*:*:placement-group/*",
"arn:aws:ec2:*:*:snapshot/*",
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:subnet/*"
],
"Sid": "VisualEditor10"
},
{
"Action": [
"ec2:CreateSecurityGroup"
],
"Condition": {
"StringEquals": {
"aws:RequestTag/Owner": "IoTDeviceTester"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:security-group/*"
],
"Sid": "VisualEditor11"
},
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeSecurityGroups",
"ssm:DescribeParameters",
"ssm:GetParameters"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "VisualEditor12"
},
{
"Action": [
"ec2:CreateTags"
],
"Condition": {
"ForAnyValue:StringEquals": {
"aws:TagKeys": [
"Owner"
],
"ec2:CreateAction": [
"RunInstances",
"CreateSecurityGroup"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:instance/*"
],
"Sid": "VisualEditor13"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4ADNJ2YUUH",
"PolicyName": "AWSIoTDeviceTesterForFreeRTOSFullAccess",
"UpdateDate": "2020-12-15T18:03:46+00:00",
"VersionId": "v5"
},
"AWSIoTDeviceTesterForGreengrassFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTDeviceTesterForGreengrassFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-02-20T21:21:27+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"iot.amazonaws.com",
"lambda.amazonaws.com",
"greengrass.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/idt-*",
"Sid": "VisualEditor1"
},
{
"Action": [
"lambda:CreateFunction",
"iot:DeleteCertificate",
"lambda:DeleteFunction",
"execute-api:Invoke",
"iot:UpdateCertificate"
],
"Effect": "Allow",
"Resource": [
"arn:aws:execute-api:us-east-1:098862408343:9xpmnvs5h4/prod/POST/metrics",
"arn:aws:lambda:*:*:function:idt-*",
"arn:aws:iot:*:*:cert/*"
],
"Sid": "VisualEditor2"
},
{
"Action": [
"iot:CreateThing",
"iot:DeleteThing"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:*:*:thing/idt-*",
"arn:aws:iot:*:*:cert/*"
],
"Sid": "VisualEditor3"
},
{
"Action": [
"iot:AttachPolicy",
"iot:DetachPolicy",
"iot:DeletePolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:*:*:policy/idt-*",
"arn:aws:iot:*:*:cert/*"
],
"Sid": "VisualEditor4"
},
{
"Action": [
"iot:CreateJob",
"iot:DescribeJob",
"iot:DescribeJobExecution",
"iot:DeleteJob"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:*:*:thing/idt-*",
"arn:aws:iot:*:*:job/*"
],
"Sid": "VisualEditor5"
},
{
"Action": [
"iot:DescribeEndpoint",
"greengrass:*",
"iam:ListAttachedRolePolicies",
"iot:CreatePolicy",
"iot:GetThingShadow",
"iot:CreateKeysAndCertificate",
"iot:ListThings",
"iot:UpdateThingShadow",
"iot:CreateCertificateFromCsr",
"iot-device-tester:SendMetrics",
"iot-device-tester:SupportedVersion",
"iot-device-tester:LatestIdt",
"iot-device-tester:CheckVersion",
"iot-device-tester:DownloadTestSuite"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "VisualEditor6"
},
{
"Action": [
"iot:DetachThingPrincipal",
"iot:AttachThingPrincipal"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:*:*:thing/idt-*",
"arn:aws:iot:*:*:cert/*"
],
"Sid": "VisualEditor7"
},
{
"Action": [
"s3:PutObject",
"s3:DeleteObjectVersion",
"s3:ListBucketVersions",
"s3:CreateBucket",
"s3:DeleteObject",
"s3:DeleteBucket"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::idt*",
"Sid": "VisualEditor8"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4ORKVZSPY7",
"PolicyName": "AWSIoTDeviceTesterForGreengrassFullAccess",
"UpdateDate": "2020-06-25T17:01:56+00:00",
"VersionId": "v4"
},
"AWSIoTEventsFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTEventsFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-01-10T22:51:57+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iotevents:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJGA726P7LVUWJZ2LM",
"PolicyName": "AWSIoTEventsFullAccess",
"UpdateDate": "2019-01-10T22:51:57+00:00",
"VersionId": "v1"
},
"AWSIoTEventsReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTEventsReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-01-10T22:50:08+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"iotevents:Describe*",
"iotevents:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJYJFNAR7CN5JW52PG",
"PolicyName": "AWSIoTEventsReadOnlyAccess",
"UpdateDate": "2019-09-23T17:22:04+00:00",
"VersionId": "v2"
},
"AWSIoTFleetHubFederationAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTFleetHubFederationAccess",
"AttachmentCount": 0,
"CreateDate": "2020-12-15T08:08:05+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"iot:DescribeIndex",
"iot:DescribeThingGroup",
"iot:GetBucketsAggregation",
"iot:GetCardinality",
"iot:GetIndexingConfiguration",
"iot:GetPercentiles",
"iot:GetStatistics",
"iot:SearchIndex",
"iot:CreateFleetMetric",
"iot:ListFleetMetrics",
"iot:DeleteFleetMetric",
"iot:DescribeFleetMetric",
"iot:UpdateFleetMetric",
"iot:ListThingGroups",
"iot:ListThingsInThingGroup",
"iot:ListJobTemplates",
"iot:DescribeJobTemplate",
"iot:ListJobs",
"iot:CreateJob",
"iot:CancelJob",
"iot:DescribeJob",
"iot:ListJobExecutionsForJob",
"iot:ListJobExecutionsForThing",
"iot:DescribeJobExecution",
"iotfleethub:DescribeApplication",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:ListMetrics",
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:ListSubscriptionsByTopic",
"sns:Subscribe",
"sns:Unsubscribe"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:iotfleethub*"
},
{
"Action": [
"cloudwatch:PutMetricAlarm",
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarmHistory"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudwatch:*:*:iotfleethub*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4H4EGQA254",
"PolicyName": "AWSIoTFleetHubFederationAccess",
"UpdateDate": "2021-05-24T14:12:59+00:00",
"VersionId": "v3"
},
"AWSIoTFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-10-08T15:19:49+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iot:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJU2FPGG6PQWN72V2G",
"PolicyName": "AWSIoTFullAccess",
"UpdateDate": "2015-10-08T15:19:49+00:00",
"VersionId": "v1"
},
"AWSIoTLogging": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTLogging",
"AttachmentCount": 0,
"CreateDate": "2015-10-08T15:17:25+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:PutMetricFilter",
"logs:PutRetentionPolicy",
"logs:GetLogEvents",
"logs:DeleteLogStream"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI6R6Z2FHHGS454W7W",
"PolicyName": "AWSIoTLogging",
"UpdateDate": "2015-10-08T15:17:25+00:00",
"VersionId": "v1"
},
"AWSIoTOTAUpdate": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTOTAUpdate",
"AttachmentCount": 0,
"CreateDate": "2017-12-20T20:36:53+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": {
"Action": [
"iot:CreateJob",
"signer:DescribeSigningJob"
],
"Effect": "Allow",
"Resource": "*"
},
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJLJYWX53STBZFPUEY",
"PolicyName": "AWSIoTOTAUpdate",
"UpdateDate": "2017-12-20T20:36:53+00:00",
"VersionId": "v1"
},
"AWSIoTRuleActions": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTRuleActions",
"AttachmentCount": 0,
"CreateDate": "2015-10-08T15:14:51+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": {
"Action": [
"dynamodb:PutItem",
"kinesis:PutRecord",
"iot:Publish",
"s3:PutObject",
"sns:Publish",
"sqs:SendMessage*",
"cloudwatch:SetAlarmState",
"cloudwatch:PutMetricData",
"es:ESHttpPut",
"firehose:PutRecord"
],
"Effect": "Allow",
"Resource": "*"
},
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJEZ6FS7BUZVUHMOKY",
"PolicyName": "AWSIoTRuleActions",
"UpdateDate": "2018-01-16T19:28:19+00:00",
"VersionId": "v2"
},
"AWSIoTSiteWiseConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTSiteWiseConsoleFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-05-31T21:37:49+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "iotsitewise:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iotanalytics:List*",
"iotanalytics:Describe*",
"iotanalytics:Create*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iot:DescribeEndpoint",
"iot:GetThingShadow"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"greengrass:GetGroup",
"greengrass:GetGroupVersion",
"greengrass:GetCoreDefinitionVersion",
"greengrass:ListGroups"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"secretsmanager:ListSecrets",
"secretsmanager:CreateSecret"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"secretsmanager:UpdateSecret"
],
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:*:*:secret:greengrass-*"
},
{
"Action": [
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "iotsitewise.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/iotsitewise.amazonaws.com/AWSServiceRoleForIoTSiteWise*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "iotsitewise.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/iotsitewise.amazonaws.com/AWSServiceRoleForIoTSiteWise*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4K7KP5VA7F",
"PolicyName": "AWSIoTSiteWiseConsoleFullAccess",
"UpdateDate": "2019-05-31T21:37:49+00:00",
"VersionId": "v1"
},
"AWSIoTSiteWiseFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTSiteWiseFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-12-04T20:53:39+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iotsitewise:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAILUK3XBM6TZ5Q3PX2",
"PolicyName": "AWSIoTSiteWiseFullAccess",
"UpdateDate": "2018-12-04T20:53:39+00:00",
"VersionId": "v1"
},
"AWSIoTSiteWiseMonitorPortalAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTSiteWiseMonitorPortalAccess",
"AttachmentCount": 0,
"CreateDate": "2020-05-19T20:01:21+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iotsitewise:CreateProject",
"iotsitewise:DescribeProject",
"iotsitewise:UpdateProject",
"iotsitewise:DeleteProject",
"iotsitewise:ListProjects",
"iotsitewise:BatchAssociateProjectAssets",
"iotsitewise:BatchDisassociateProjectAssets",
"iotsitewise:ListProjectAssets",
"iotsitewise:CreateDashboard",
"iotsitewise:DescribeDashboard",
"iotsitewise:UpdateDashboard",
"iotsitewise:DeleteDashboard",
"iotsitewise:ListDashboards",
"iotsitewise:CreateAccessPolicy",
"iotsitewise:DescribeAccessPolicy",
"iotsitewise:UpdateAccessPolicy",
"iotsitewise:DeleteAccessPolicy",
"iotsitewise:ListAccessPolicies",
"iotsitewise:DescribeAsset",
"iotsitewise:ListAssets",
"iotsitewise:ListAssociatedAssets",
"iotsitewise:DescribeAssetProperty",
"iotsitewise:GetAssetPropertyValue",
"iotsitewise:GetAssetPropertyValueHistory",
"iotsitewise:GetAssetPropertyAggregates",
"sso-directory:DescribeUsers"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4E6CZDALWJ",
"PolicyName": "AWSIoTSiteWiseMonitorPortalAccess",
"UpdateDate": "2020-05-19T20:01:21+00:00",
"VersionId": "v1"
},
"AWSIoTSiteWiseMonitorServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSIoTSiteWiseMonitorServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-11-14T00:59:10+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"iotsitewise:CreateProject",
"iotsitewise:DescribeProject",
"iotsitewise:UpdateProject",
"iotsitewise:DeleteProject",
"iotsitewise:ListProjects",
"iotsitewise:BatchAssociateProjectAssets",
"iotsitewise:BatchDisassociateProjectAssets",
"iotsitewise:ListProjectAssets",
"iotsitewise:CreateDashboard",
"iotsitewise:DescribeDashboard",
"iotsitewise:UpdateDashboard",
"iotsitewise:DeleteDashboard",
"iotsitewise:ListDashboards",
"iotsitewise:CreateAccessPolicy",
"iotsitewise:DescribeAccessPolicy",
"iotsitewise:UpdateAccessPolicy",
"iotsitewise:DeleteAccessPolicy",
"iotsitewise:ListAccessPolicies",
"iotsitewise:DescribeAsset",
"iotsitewise:ListAssets",
"iotsitewise:ListAssociatedAssets",
"iotsitewise:DescribeAssetProperty",
"iotsitewise:GetAssetPropertyValue",
"iotsitewise:GetAssetPropertyValueHistory",
"iotsitewise:GetAssetPropertyAggregates",
"sso-directory:DescribeUsers"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4CR556M6Y5",
"PolicyName": "AWSIoTSiteWiseMonitorServiceRolePolicy",
"UpdateDate": "2019-12-13T22:19:25+00:00",
"VersionId": "v2"
},
"AWSIoTSiteWiseReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTSiteWiseReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-12-04T20:55:11+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iotsitewise:Describe*",
"iotsitewise:List*",
"iotsitewise:Get*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJLHEAFKME2QL64WKK",
"PolicyName": "AWSIoTSiteWiseReadOnlyAccess",
"UpdateDate": "2018-12-04T20:55:11+00:00",
"VersionId": "v1"
},
"AWSIoTThingsRegistration": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration",
"AttachmentCount": 0,
"CreateDate": "2017-12-01T20:21:52+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"iot:AddThingToThingGroup",
"iot:AttachPolicy",
"iot:AttachPrincipalPolicy",
"iot:AttachThingPrincipal",
"iot:CreateCertificateFromCsr",
"iot:CreatePolicy",
"iot:CreateThing",
"iot:DescribeCertificate",
"iot:DescribeThing",
"iot:DescribeThingGroup",
"iot:DescribeThingType",
"iot:DetachPolicy",
"iot:DetachThingPrincipal",
"iot:GetPolicy",
"iot:ListAttachedPolicies",
"iot:ListPolicyPrincipals",
"iot:ListPrincipalPolicies",
"iot:ListPrincipalThings",
"iot:ListTargetsForPolicy",
"iot:ListThingGroupsForThing",
"iot:ListThingPrincipals",
"iot:RegisterCertificate",
"iot:RegisterThing",
"iot:RemoveThingFromThingGroup",
"iot:UpdateCertificate",
"iot:UpdateThing",
"iot:UpdateThingGroupsForThing",
"iot:AddThingToBillingGroup",
"iot:DescribeBillingGroup",
"iot:RemoveThingFromBillingGroup"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI3YQXTC5XAEVTJNEU",
"PolicyName": "AWSIoTThingsRegistration",
"UpdateDate": "2020-10-05T19:20:12+00:00",
"VersionId": "v3"
},
"AWSIoTWirelessDataAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessDataAccess",
"AttachmentCount": 0,
"CreateDate": "2020-12-15T15:31:39+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iotwireless:SendDataToWirelessDevice"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4HH6GBXNUO",
"PolicyName": "AWSIoTWirelessDataAccess",
"UpdateDate": "2020-12-15T15:31:39+00:00",
"VersionId": "v1"
},
"AWSIoTWirelessFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-12-15T15:27:57+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iotwireless:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4L5RZVVSRQ",
"PolicyName": "AWSIoTWirelessFullAccess",
"UpdateDate": "2020-12-15T15:27:57+00:00",
"VersionId": "v1"
},
"AWSIoTWirelessFullPublishAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessFullPublishAccess",
"AttachmentCount": 0,
"CreateDate": "2020-12-15T15:29:59+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iot:DescribeEndpoint",
"iot:Publish"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4JSRC2FZ22",
"PolicyName": "AWSIoTWirelessFullPublishAccess",
"UpdateDate": "2020-12-15T15:29:59+00:00",
"VersionId": "v1"
},
"AWSIoTWirelessGatewayCertManager": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessGatewayCertManager",
"AttachmentCount": 0,
"CreateDate": "2020-12-15T15:30:48+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iot:CreateKeysAndCertificate",
"iot:DescribeCertificate",
"iot:ListCertificates"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "IoTWirelessGatewayCertManager"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4O6BH33Y6U",
"PolicyName": "AWSIoTWirelessGatewayCertManager",
"UpdateDate": "2020-12-15T15:30:48+00:00",
"VersionId": "v1"
},
"AWSIoTWirelessLogging": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessLogging",
"AttachmentCount": 0,
"CreateDate": "2020-12-15T15:32:40+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/iotwireless*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4L3X44AIHR",
"PolicyName": "AWSIoTWirelessLogging",
"UpdateDate": "2020-12-15T15:32:40+00:00",
"VersionId": "v1"
},
"AWSIoTWirelessReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-12-15T15:28:56+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iotwireless:List*",
"iotwireless:Get*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4FJYYSL3ZA",
"PolicyName": "AWSIoTWirelessReadOnlyAccess",
"UpdateDate": "2020-12-15T15:28:56+00:00",
"VersionId": "v1"
},
"AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-11-14T20:10:53+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cloudhsm:Describe*",
"ec2:CreateNetworkInterface",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:DescribeSecurityGroups",
"ec2:RevokeSecurityGroupEgress",
"ec2:DeleteSecurityGroup"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIADMJEHVVYK5AUQOO",
"PolicyName": "AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy",
"UpdateDate": "2018-11-14T20:10:53+00:00",
"VersionId": "v1"
},
"AWSKeyManagementServicePowerUser": {
"Arn": "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:40+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"kms:CreateAlias",
"kms:CreateKey",
"kms:DeleteAlias",
"kms:Describe*",
"kms:GenerateRandom",
"kms:Get*",
"kms:List*",
"kms:TagResource",
"kms:UntagResource",
"iam:ListGroups",
"iam:ListRoles",
"iam:ListUsers"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJNPP7PPPPMJRV2SA4",
"PolicyName": "AWSKeyManagementServicePowerUser",
"UpdateDate": "2017-03-07T00:55:11+00:00",
"VersionId": "v2"
},
"AWSLakeFormationCrossAccountManager": {
"Arn": "arn:aws:iam::aws:policy/AWSLakeFormationCrossAccountManager",
"AttachmentCount": 0,
"CreateDate": "2020-08-04T20:59:46+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"ram:CreateResourceShare"
],
"Condition": {
"StringLikeIfExists": {
"ram:RequestedResourceType": [
"glue:Table",
"glue:Database",
"glue:Catalog"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ram:UpdateResourceShare",
"ram:DeleteResourceShare"
],
"Condition": {
"StringLike": {
"ram:ResourceShareName": [
"LakeFormation*"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"glue:PutResourcePolicy",
"glue:DeleteResourcePolicy",
"organizations:DescribeOrganization",
"organizations:DescribeAccount",
"ram:Get*",
"ram:List*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"organizations:ListRoots",
"organizations:ListAccountsForParent",
"organizations:ListOrganizationalUnitsForParent"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4HPT7Y7QL3",
"PolicyName": "AWSLakeFormationCrossAccountManager",
"UpdateDate": "2020-12-07T23:11:36+00:00",
"VersionId": "v3"
},
"AWSLakeFormationDataAdmin": {
"Arn": "arn:aws:iam::aws:policy/AWSLakeFormationDataAdmin",
"AttachmentCount": 0,
"CreateDate": "2019-08-08T17:33:44+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"lakeformation:*",
"cloudtrail:DescribeTrails",
"cloudtrail:LookupEvents",
"glue:GetDatabase",
"glue:GetDatabases",
"glue:CreateDatabase",
"glue:UpdateDatabase",
"glue:DeleteDatabase",
"glue:GetConnections",
"glue:SearchTables",
"glue:GetTable",
"glue:CreateTable",
"glue:UpdateTable",
"glue:DeleteTable",
"glue:GetTableVersions",
"glue:GetPartitions",
"glue:GetTables",
"glue:GetWorkflow",
"glue:ListWorkflows",
"glue:BatchGetWorkflows",
"glue:DeleteWorkflow",
"glue:GetWorkflowRuns",
"glue:StartWorkflowRun",
"glue:GetWorkflow",
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListAllMyBuckets",
"s3:GetBucketAcl",
"iam:ListUsers",
"iam:ListRoles",
"iam:GetRole",
"iam:GetRolePolicy"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"lakeformation:PutDataLakeSettings"
],
"Effect": "Deny",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4OWCH3ENIA",
"PolicyName": "AWSLakeFormationDataAdmin",
"UpdateDate": "2019-12-16T22:41:40+00:00",
"VersionId": "v2"
},
"AWSLambdaBasicExecutionRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole",
"AttachmentCount": 0,
"CreateDate": "2015-04-09T15:03:43+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJNCQGXC42545SKXIK",
"PolicyName": "AWSLambdaBasicExecutionRole",
"UpdateDate": "2015-04-09T15:03:43+00:00",
"VersionId": "v1"
},
"AWSLambdaDynamoDBExecutionRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole",
"AttachmentCount": 0,
"CreateDate": "2015-04-09T15:09:29+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"dynamodb:DescribeStream",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:ListStreams",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIP7WNAGMIPYNW4WQG",
"PolicyName": "AWSLambdaDynamoDBExecutionRole",
"UpdateDate": "2015-04-09T15:09:29+00:00",
"VersionId": "v1"
},
"AWSLambdaENIManagementAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaENIManagementAccess",
"AttachmentCount": 0,
"CreateDate": "2016-12-06T00:37:27+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface",
"ec2:AssignPrivateIpAddresses",
"ec2:UnassignPrivateIpAddresses"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJXAW2Q3KPTURUT2QC",
"PolicyName": "AWSLambdaENIManagementAccess",
"UpdateDate": "2020-10-01T20:07:26+00:00",
"VersionId": "v2"
},
"AWSLambdaExecute": {
"Arn": "arn:aws:iam::aws:policy/AWSLambdaExecute",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:46+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"logs:*"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:*"
},
{
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJE5FX7FQZSU5XAKGO",
"PolicyName": "AWSLambdaExecute",
"UpdateDate": "2015-02-06T18:40:46+00:00",
"VersionId": "v1"
},
"AWSLambdaInvocation-DynamoDB": {
"Arn": "arn:aws:iam::aws:policy/AWSLambdaInvocation-DynamoDB",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:47+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"dynamodb:DescribeStream",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:ListStreams"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJTHQ3EKCQALQDYG5G",
"PolicyName": "AWSLambdaInvocation-DynamoDB",
"UpdateDate": "2015-02-06T18:40:47+00:00",
"VersionId": "v1"
},
"AWSLambdaKinesisExecutionRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole",
"AttachmentCount": 0,
"CreateDate": "2015-04-09T15:14:16+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"kinesis:DescribeStream",
"kinesis:DescribeStreamSummary",
"kinesis:GetRecords",
"kinesis:GetShardIterator",
"kinesis:ListShards",
"kinesis:ListStreams",
"kinesis:SubscribeToShard",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJHOLKJPXV4GBRMJUQ",
"PolicyName": "AWSLambdaKinesisExecutionRole",
"UpdateDate": "2018-11-19T20:09:24+00:00",
"VersionId": "v2"
},
"AWSLambdaMSKExecutionRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaMSKExecutionRole",
"AttachmentCount": 0,
"CreateDate": "2020-08-11T17:35:05+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"kafka:DescribeCluster",
"kafka:GetBootstrapBrokers",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeVpcs",
"ec2:DeleteNetworkInterface",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4FHMXOHIS5",
"PolicyName": "AWSLambdaMSKExecutionRole",
"UpdateDate": "2020-08-11T17:35:05+00:00",
"VersionId": "v1"
},
"AWSLambdaReplicator": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLambdaReplicator",
"AttachmentCount": 0,
"CreateDate": "2017-05-23T17:53:03+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:DisableReplication"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:*"
],
"Sid": "LambdaCreateDeletePermission"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLikeIfExists": {
"iam:PassedToService": "lambda.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "IamPassRolePermission"
},
{
"Action": [
"cloudfront:ListDistributionsByLambdaFunction"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "CloudFrontListDistributions"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIIQFXZNNLL3E2HKTG",
"PolicyName": "AWSLambdaReplicator",
"UpdateDate": "2017-12-08T00:17:54+00:00",
"VersionId": "v3"
},
"AWSLambdaRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaRole",
"AttachmentCount": 1,
"CreateDate": "2015-02-06T18:41:28+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJX4DPCRGTC4NFDUXI",
"PolicyName": "AWSLambdaRole",
"UpdateDate": "2015-02-06T18:41:28+00:00",
"VersionId": "v1"
},
"AWSLambdaSQSQueueExecutionRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole",
"AttachmentCount": 0,
"CreateDate": "2018-06-14T21:50:45+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"sqs:ReceiveMessage",
"sqs:DeleteMessage",
"sqs:GetQueueAttributes",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJFWJZI6JNND4TSELK",
"PolicyName": "AWSLambdaSQSQueueExecutionRole",
"UpdateDate": "2018-06-14T21:50:45+00:00",
"VersionId": "v1"
},
"AWSLambdaVPCAccessExecutionRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole",
"AttachmentCount": 0,
"CreateDate": "2016-02-11T23:15:26+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface",
"ec2:AssignPrivateIpAddresses",
"ec2:UnassignPrivateIpAddresses"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJVTME3YLVNL72YR2K",
"PolicyName": "AWSLambdaVPCAccessExecutionRole",
"UpdateDate": "2020-10-15T22:53:03+00:00",
"VersionId": "v2"
},
"AWSLambda_FullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSLambda_FullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-11-17T21:14:08+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cloudformation:DescribeStacks",
"cloudformation:ListStackResources",
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricData",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"kms:ListAliases",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:ListAttachedRolePolicies",
"iam:ListRolePolicies",
"iam:ListRoles",
"lambda:*",
"logs:DescribeLogGroups",
"states:DescribeStateMachine",
"states:ListStateMachines",
"tag:GetResources",
"xray:GetTraceSummaries",
"xray:BatchGetTraces"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "lambda.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:DescribeLogStreams",
"logs:GetLogEvents",
"logs:FilterLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4OXQPYWZ5D",
"PolicyName": "AWSLambda_FullAccess",
"UpdateDate": "2020-11-17T21:14:08+00:00",
"VersionId": "v1"
},
"AWSLambda_ReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSLambda_ReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-11-17T21:10:32+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cloudformation:DescribeStacks",
"cloudformation:ListStackResources",
"cloudwatch:GetMetricData",
"cloudwatch:ListMetrics",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"kms:ListAliases",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:ListAttachedRolePolicies",
"iam:ListRolePolicies",
"iam:ListRoles",
"logs:DescribeLogGroups",
"lambda:Get*",
"lambda:List*",
"states:DescribeStateMachine",
"states:ListStateMachines",
"tag:GetResources",
"xray:GetTraceSummaries",
"xray:BatchGetTraces"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:DescribeLogStreams",
"logs:GetLogEvents",
"logs:FilterLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4IERNVMNPE",
"PolicyName": "AWSLambda_ReadOnlyAccess",
"UpdateDate": "2020-11-17T21:10:32+00:00",
"VersionId": "v1"
},
"AWSLicenseManagerMasterAccountRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerMasterAccountRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-11-26T19:03:51+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:GetLifecycleConfiguration",
"s3:PutLifecycleConfiguration",
"s3:GetBucketPolicy",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-license-manager-service-*"
],
"Sid": "S3BucketPermissions"
},
{
"Action": [
"s3:AbortMultipartUpload",
"s3:PutObject",
"s3:GetObject",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-license-manager-service-*"
],
"Sid": "S3ObjectPermissions1"
},
{
"Action": [
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-license-manager-service-*/resource_sync/*"
],
"Sid": "S3ObjectPermissions2"
},
{
"Action": [
"athena:GetQueryExecution",
"athena:GetQueryResults",
"athena:StartQueryExecution"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "AthenaPermissions"
},
{
"Action": [
"glue:GetTable",
"glue:GetPartition",
"glue:GetPartitions"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "GluePermissions"
},
{
"Action": [
"organizations:DescribeOrganization",
"organizations:ListAccounts",
"organizations:DescribeAccount",
"organizations:ListChildren",
"organizations:ListParents",
"organizations:ListAccountsForParent",
"organizations:ListRoots",
"organizations:ListAWSServiceAccessForOrganization"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "OrganizationPermissions"
},
{
"Action": [
"ram:GetResourceShares",
"ram:GetResourceShareAssociations",
"ram:TagResource"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "RAMPermissions1"
},
{
"Action": [
"ram:CreateResourceShare"
],
"Condition": {
"StringEquals": {
"aws:RequestTag/Service": "LicenseManager"
}
},
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "RAMPermissions2"
},
{
"Action": [
"ram:AssociateResourceShare",
"ram:DisassociateResourceShare",
"ram:UpdateResourceShare",
"ram:DeleteResourceShare"
],
"Condition": {
"StringEquals": {
"ram:ResourceTag/Service": "LicenseManager"
}
},
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "RAMPermissions3"
},
{
"Action": [
"iam:GetRole"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "IAMGetRoles"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"cloudformation.amazonaws.com",
"glue.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/LicenseManagerServiceResourceDataSyncRole*"
],
"Sid": "IAMPassRoles"
},
{
"Action": [
"cloudformation:UpdateStack",
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStacks"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/LicenseManagerCrossAccountCloudDiscoveryStack/*"
],
"Sid": "CloudformationPermission"
},
{
"Action": [
"glue:CreateTable",
"glue:UpdateTable",
"glue:DeleteTable",
"glue:UpdateJob",
"glue:UpdateCrawler"
],
"Effect": "Allow",
"Resource": [
"arn:aws:glue:*:*:catalog",
"arn:aws:glue:*:*:crawler/LicenseManagerResourceSynDataCrawler",
"arn:aws:glue:*:*:job/LicenseManagerResourceSynDataProcessJob",
"arn:aws:glue:*:*:table/license_manager_resource_inventory_db/*",
"arn:aws:glue:*:*:table/license_manager_resource_sync/*",
"arn:aws:glue:*:*:database/license_manager_resource_inventory_db",
"arn:aws:glue:*:*:database/license_manager_resource_sync"
],
"Sid": "GlueUpdatePermissions"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIJE2NOZW2BDEHYUH2",
"PolicyName": "AWSLicenseManagerMasterAccountRolePolicy",
"UpdateDate": "2019-08-29T22:56:41+00:00",
"VersionId": "v3"
},
"AWSLicenseManagerMemberAccountRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerMemberAccountRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-11-26T19:04:32+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"license-manager:UpdateLicenseSpecificationsForResource",
"license-manager:GetLicenseConfiguration"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "LicenseManagerPermissions"
},
{
"Action": [
"ssm:ListInventoryEntries",
"ssm:GetInventory",
"ssm:CreateAssociation",
"ssm:CreateResourceDataSync",
"ssm:DeleteResourceDataSync",
"ssm:ListResourceDataSync",
"ssm:ListAssociations"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "SSMPermissions"
},
{
"Action": [
"ram:AcceptResourceShareInvitation",
"ram:GetResourceShareInvitations"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "RAMPermissions"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJZTYEY2LEGBYAVUY4",
"PolicyName": "AWSLicenseManagerMemberAccountRolePolicy",
"UpdateDate": "2019-11-15T22:09:32+00:00",
"VersionId": "v2"
},
"AWSLicenseManagerServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-11-26T19:02:53+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "license-management.marketplace.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/license-management.marketplace.amazonaws.com/AWSServiceRoleForMarketplaceLicenseManagement"
],
"Sid": "IAMPermissions"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-license-manager-service-*"
],
"Sid": "S3BucketPermissions1"
},
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "S3BucketPermissions2"
},
{
"Action": [
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-license-manager-service-*"
],
"Sid": "S3ObjectPermissions"
},
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sns:*:*:aws-license-manager-service-*"
],
"Sid": "SNSAccountPermissions"
},
{
"Action": [
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "SNSTopicPermissions"
},
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeImages",
"ec2:DescribeHosts"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "EC2Permissions"
},
{
"Action": [
"ssm:ListInventoryEntries",
"ssm:GetInventory",
"ssm:CreateAssociation"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "SSMPermissions"
},
{
"Action": [
"organizations:ListAWSServiceAccessForOrganization",
"organizations:DescribeOrganization"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "OrganizationPermissions"
},
{
"Action": [
"license-manager:GetServiceSettings",
"license-manager:GetLicense*",
"license-manager:UpdateLicenseSpecificationsForResource",
"license-manager:ListUsageForLicenseConfiguration",
"license-manager:ListDistributedGrants"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "LicenseManagerPermissions"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIM7JPETWHTYNBQSZE",
"PolicyName": "AWSLicenseManagerServiceRolePolicy",
"UpdateDate": "2021-03-09T20:23:10+00:00",
"VersionId": "v4"
},
"AWSMarketplaceAmiIngestion": {
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceAmiIngestion",
"AttachmentCount": 0,
"CreateDate": "2020-09-25T20:55:10+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:ModifySnapshotAttribute"
],
"Effect": "Allow",
"Resource": "arn:aws:ec2:us-east-1::snapshot/snap-*"
},
{
"Action": [
"ec2:DescribeImageAttribute",
"ec2:DescribeImages",
"ec2:DescribeSnapshotAttribute",
"ec2:ModifyImageAttribute"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4AV3OZYWEM",
"PolicyName": "AWSMarketplaceAmiIngestion",
"UpdateDate": "2020-09-25T20:55:10+00:00",
"VersionId": "v1"
},
"AWSMarketplaceFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-11T17:21:45+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"aws-marketplace:*",
"cloudformation:CreateStack",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:DescribeStacks",
"cloudformation:List*",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DeleteSecurityGroup",
"ec2:DescribeAccountAttributes",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVpcs",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CopyImage",
"ec2:DeregisterImage",
"ec2:DescribeSnapshots",
"ec2:DeleteSnapshot",
"ec2:CreateImage",
"ec2:DescribeInstanceStatus",
"ssm:GetAutomationExecution",
"ssm:UpdateDocumentDefaultVersion",
"ssm:CreateDocument",
"ssm:StartAutomationExecution",
"ssm:ListDocuments",
"ssm:UpdateDocument",
"ssm:DescribeDocument",
"sns:ListTopics",
"sns:GetTopicAttributes",
"sns:CreateTopic",
"iam:GetRole",
"iam:GetInstanceProfile",
"iam:ListRoles",
"iam:ListInstanceProfiles"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*image-build*"
]
},
{
"Action": [
"sns:Publish",
"sns:setTopicAttributes"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:*image-build*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"ec2.amazonaws.com",
"ssm.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI2DV5ULJSO2FYVPYG",
"PolicyName": "AWSMarketplaceFullAccess",
"UpdateDate": "2018-08-08T21:13:02+00:00",
"VersionId": "v3"
},
"AWSMarketplaceGetEntitlements": {
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceGetEntitlements",
"AttachmentCount": 0,
"CreateDate": "2017-03-27T19:37:24+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"aws-marketplace:GetEntitlements"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJLPIMQE4WMHDC2K7C",
"PolicyName": "AWSMarketplaceGetEntitlements",
"UpdateDate": "2017-03-27T19:37:24+00:00",
"VersionId": "v1"
},
"AWSMarketplaceImageBuildFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceImageBuildFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-07-31T23:29:49+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"aws-marketplace:ListBuilds",
"aws-marketplace:StartBuild",
"aws-marketplace:DescribeBuilds"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:TerminateInstances",
"Condition": {
"StringLike": {
"ec2:ResourceTag/marketplace-image-build:build-id": "*"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"ec2.amazonaws.com",
"ssm.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/*Automation*",
"arn:aws:iam::*:role/*Instance*"
]
},
{
"Action": [
"ssm:GetAutomationExecution",
"ssm:CreateDocument",
"ssm:StartAutomationExecution",
"ssm:ListDocuments",
"ssm:UpdateDocument",
"ssm:UpdateDocumentDefaultVersion",
"ssm:DescribeDocument",
"ec2:DeregisterImage",
"ec2:CopyImage",
"ec2:DescribeSnapshots",
"ec2:DescribeSecurityGroups",
"ec2:DescribeImages",
"ec2:DescribeSubnets",
"ec2:DeleteSnapshot",
"ec2:CreateImage",
"ec2:RunInstances",
"ec2:DescribeInstanceStatus",
"sns:GetTopicAttributes",
"iam:GetRole",
"iam:GetInstanceProfile"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*image-build*"
]
},
{
"Action": [
"ec2:CreateTags"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*::image/*",
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sns:*:*:*image-build*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI4QBMJWC3BNHBHN6I",
"PolicyName": "AWSMarketplaceImageBuildFullAccess",
"UpdateDate": "2018-08-08T21:11:59+00:00",
"VersionId": "v2"
},
"AWSMarketplaceLicenseManagementServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSMarketplaceLicenseManagementServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-12-03T08:33:40+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"organizations:DescribeOrganization",
"license-manager:ListReceivedGrants",
"license-manager:ListDistributedGrants",
"license-manager:GetGrant",
"license-manager:CreateGrant",
"license-manager:CreateGrantVersion",
"license-manager:DeleteGrant",
"license-manager:AcceptGrant"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "AllowLicenseManagerActions"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4DTCV6FSO7",
"PolicyName": "AWSMarketplaceLicenseManagementServiceRolePolicy",
"UpdateDate": "2020-12-03T08:33:40+00:00",
"VersionId": "v1"
},
"AWSMarketplaceManageSubscriptions": {
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceManageSubscriptions",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:32+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"aws-marketplace:ViewSubscriptions",
"aws-marketplace:Subscribe",
"aws-marketplace:Unsubscribe"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"aws-marketplace:CreatePrivateMarketplaceRequests",
"aws-marketplace:ListPrivateMarketplaceRequests",
"aws-marketplace:DescribePrivateMarketplaceRequests"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJRDW2WIFN7QLUAKBQ",
"PolicyName": "AWSMarketplaceManageSubscriptions",
"UpdateDate": "2019-10-28T21:49:43+00:00",
"VersionId": "v2"
},
"AWSMarketplaceMeteringFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess",
"AttachmentCount": 0,
"CreateDate": "2016-03-17T22:39:22+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"aws-marketplace:MeterUsage"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ65YJPG7CC7LDXNA6",
"PolicyName": "AWSMarketplaceMeteringFullAccess",
"UpdateDate": "2016-03-17T22:39:22+00:00",
"VersionId": "v1"
},
"AWSMarketplaceMeteringRegisterUsage": {
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceMeteringRegisterUsage",
"AttachmentCount": 0,
"CreateDate": "2019-11-21T01:17:54+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"aws-marketplace:RegisterUsage"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4OIHJX73MZ",
"PolicyName": "AWSMarketplaceMeteringRegisterUsage",
"UpdateDate": "2019-11-21T01:17:54+00:00",
"VersionId": "v1"
},
"AWSMarketplaceProcurementSystemAdminFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceProcurementSystemAdminFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-06-25T13:07:47+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"aws-marketplace:PutProcurementSystemConfiguration",
"aws-marketplace:DescribeProcurementSystemConfiguration",
"organizations:Describe*",
"organizations:List*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4FIYNR3TC4",
"PolicyName": "AWSMarketplaceProcurementSystemAdminFullAccess",
"UpdateDate": "2019-06-25T13:07:47+00:00",
"VersionId": "v1"
},
"AWSMarketplaceRead-only": {
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceRead-only",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:31+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"aws-marketplace:ViewSubscriptions",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"aws-marketplace:ListBuilds",
"aws-marketplace:DescribeBuilds",
"iam:ListRoles",
"iam:ListInstanceProfiles",
"sns:GetTopicAttributes",
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"aws-marketplace:ListPrivateMarketplaceRequests",
"aws-marketplace:DescribePrivateMarketplaceRequests"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJOOM6LETKURTJ3XZ2",
"PolicyName": "AWSMarketplaceRead-only",
"UpdateDate": "2019-10-28T21:51:31+00:00",
"VersionId": "v3"
},
"AWSMarketplaceSellerFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceSellerFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-07-02T20:40:09+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"aws-marketplace-management:uploadFiles",
"aws-marketplace-management:viewMarketing",
"aws-marketplace-management:viewReports",
"aws-marketplace-management:viewSupport",
"aws-marketplace-management:viewSettings",
"aws-marketplace:ListChangeSets",
"aws-marketplace:DescribeChangeSet",
"aws-marketplace:StartChangeSet",
"aws-marketplace:CancelChangeSet",
"aws-marketplace:ListEntities",
"aws-marketplace:DescribeEntity",
"aws-marketplace:ListTasks",
"aws-marketplace:DescribeTask",
"aws-marketplace:UpdateTask",
"aws-marketplace:CompleteTask",
"ec2:DescribeImages",
"ec2:DescribeSnapshots",
"ec2:ModifyImageAttribute",
"ec2:ModifySnapshotAttribute"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"aws-marketplace:SearchAgreements",
"aws-marketplace:DescribeAgreement",
"aws-marketplace:GetAgreementTerms"
],
"Condition": {
"ForAllValues:StringEquals": {
"aws-marketplace:AgreementType": [
"PurchaseAgreement"
]
},
"StringEquals": {
"aws-marketplace:PartyType": "Proposer"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:GetRole",
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "assets.marketplace.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4JF7OFUANW",
"PolicyName": "AWSMarketplaceSellerFullAccess",
"UpdateDate": "2020-10-09T22:23:38+00:00",
"VersionId": "v4"
},
"AWSMarketplaceSellerProductsFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceSellerProductsFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-07-02T21:06:25+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"aws-marketplace:ListChangeSets",
"aws-marketplace:DescribeChangeSet",
"aws-marketplace:StartChangeSet",
"aws-marketplace:CancelChangeSet",
"aws-marketplace:ListEntities",
"aws-marketplace:DescribeEntity",
"aws-marketplace:ListTasks",
"aws-marketplace:DescribeTask",
"aws-marketplace:UpdateTask",
"aws-marketplace:CompleteTask",
"ec2:DescribeImages",
"ec2:DescribeSnapshots",
"ec2:ModifyImageAttribute",
"ec2:ModifySnapshotAttribute"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:GetRole",
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "assets.marketplace.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4DS2YFEG4N",
"PolicyName": "AWSMarketplaceSellerProductsFullAccess",
"UpdateDate": "2020-10-09T22:22:38+00:00",
"VersionId": "v3"
},
"AWSMarketplaceSellerProductsReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AWSMarketplaceSellerProductsReadOnly",
"AttachmentCount": 0,
"CreateDate": "2019-07-02T21:40:47+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"aws-marketplace:ListChangeSets",
"aws-marketplace:DescribeChangeSet",
"aws-marketplace:ListEntities",
"aws-marketplace:DescribeEntity",
"aws-marketplace:ListTasks",
"aws-marketplace:DescribeTask",
"ec2:DescribeImages",
"ec2:DescribeSnapshots"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4K5Y2Q5F7D",
"PolicyName": "AWSMarketplaceSellerProductsReadOnly",
"UpdateDate": "2020-03-05T23:11:53+00:00",
"VersionId": "v2"
},
"AWSMigrationHubDMSAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSMigrationHubDMSAccess",
"AttachmentCount": 0,
"CreateDate": "2017-08-14T14:00:06+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"mgh:CreateProgressUpdateStream"
],
"Effect": "Allow",
"Resource": "arn:aws:mgh:*:*:progressUpdateStream/DMS"
},
{
"Action": [
"mgh:AssociateCreatedArtifact",
"mgh:DescribeMigrationTask",
"mgh:DisassociateCreatedArtifact",
"mgh:ImportMigrationTask",
"mgh:ListCreatedArtifacts",
"mgh:NotifyMigrationTaskState",
"mgh:PutResourceAttributes",
"mgh:NotifyApplicationState",
"mgh:DescribeApplicationState",
"mgh:AssociateDiscoveredResource",
"mgh:DisassociateDiscoveredResource",
"mgh:ListDiscoveredResources"
],
"Effect": "Allow",
"Resource": "arn:aws:mgh:*:*:progressUpdateStream/DMS/*"
},
{
"Action": [
"mgh:ListMigrationTasks",
"mgh:GetHomeRegion"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIUQB56VA4JHLN7G2W",
"PolicyName": "AWSMigrationHubDMSAccess",
"UpdateDate": "2019-10-07T17:51:53+00:00",
"VersionId": "v2"
},
"AWSMigrationHubDiscoveryAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSMigrationHubDiscoveryAccess",
"AttachmentCount": 0,
"CreateDate": "2017-08-14T13:30:51+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"discovery:ListConfigurations",
"discovery:DescribeConfigurations"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "ec2:CreateTags",
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": "aws:migrationhub:source-id"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:image/*",
"arn:aws:ec2:*:*:volume/*"
]
},
{
"Action": "dms:AddTagsToResource",
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": "aws:migrationhub:source-id"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:dms:*:*:endpoint:*"
]
},
{
"Action": [
"ec2:DescribeInstanceAttribute"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAITRMRLSV7JAL6YIGG",
"PolicyName": "AWSMigrationHubDiscoveryAccess",
"UpdateDate": "2020-08-06T17:34:42+00:00",
"VersionId": "v3"
},
"AWSMigrationHubFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSMigrationHubFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-08-14T14:02:54+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"mgh:*",
"discovery:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:GetRole"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "continuousexport.discovery.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*"
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"migrationhub.amazonaws.com",
"dmsintegration.migrationhub.amazonaws.com",
"smsintegration.migrationhub.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ4A2SZKHUYHDYIGOK",
"PolicyName": "AWSMigrationHubFullAccess",
"UpdateDate": "2019-06-19T21:14:41+00:00",
"VersionId": "v4"
},
"AWSMigrationHubSMSAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSMigrationHubSMSAccess",
"AttachmentCount": 0,
"CreateDate": "2017-08-14T13:57:54+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"mgh:CreateProgressUpdateStream"
],
"Effect": "Allow",
"Resource": "arn:aws:mgh:*:*:progressUpdateStream/SMS"
},
{
"Action": [
"mgh:AssociateCreatedArtifact",
"mgh:DescribeMigrationTask",
"mgh:DisassociateCreatedArtifact",
"mgh:ImportMigrationTask",
"mgh:ListCreatedArtifacts",
"mgh:NotifyMigrationTaskState",
"mgh:PutResourceAttributes",
"mgh:NotifyApplicationState",
"mgh:DescribeApplicationState",
"mgh:AssociateDiscoveredResource",
"mgh:DisassociateDiscoveredResource",
"mgh:ListDiscoveredResources"
],
"Effect": "Allow",
"Resource": "arn:aws:mgh:*:*:progressUpdateStream/SMS/*"
},
{
"Action": [
"mgh:ListMigrationTasks",
"mgh:GetHomeRegion"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIWQYYT6TSVIRJO4TY",
"PolicyName": "AWSMigrationHubSMSAccess",
"UpdateDate": "2019-10-07T18:01:22+00:00",
"VersionId": "v2"
},
"AWSMobileHub_FullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSMobileHub_FullAccess",
"AttachmentCount": 0,
"CreateDate": "2016-01-05T19:56:01+00:00",
"DefaultVersionId": "v14",
"Document": {
"Statement": [
{
"Action": [
"apigateway:GET",
"apigateway:POST",
"cloudfront:GetDistribution",
"devicefarm:CreateProject",
"devicefarm:ListJobs",
"devicefarm:ListRuns",
"devicefarm:GetProject",
"devicefarm:GetRun",
"devicefarm:ListArtifacts",
"devicefarm:ListProjects",
"devicefarm:ScheduleRun",
"dynamodb:DescribeTable",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"iam:ListSAMLProviders",
"lambda:ListFunctions",
"sns:ListTopics",
"lex:GetIntent",
"lex:GetIntents",
"lex:GetSlotType",
"lex:GetSlotTypes",
"lex:GetBot",
"lex:GetBots",
"lex:GetBotAlias",
"lex:GetBotAliases",
"mobilehub:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*/aws-my-sample-app*.zip"
},
{
"Action": [
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*-mobilehub-*/*"
},
{
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*-mobilehub-*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIJLU43R6AGRBK76DM",
"PolicyName": "AWSMobileHub_FullAccess",
"UpdateDate": "2019-12-19T23:15:52+00:00",
"VersionId": "v14"
},
"AWSMobileHub_ReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AWSMobileHub_ReadOnly",
"AttachmentCount": 0,
"CreateDate": "2016-01-05T19:55:48+00:00",
"DefaultVersionId": "v10",
"Document": {
"Statement": [
{
"Action": [
"dynamodb:DescribeTable",
"iam:ListSAMLProviders",
"lambda:ListFunctions",
"sns:ListTopics",
"lex:GetIntent",
"lex:GetIntents",
"lex:GetSlotType",
"lex:GetSlotTypes",
"lex:GetBot",
"lex:GetBots",
"lex:GetBotAlias",
"lex:GetBotAliases",
"mobilehub:ExportProject",
"mobilehub:GenerateProjectParameters",
"mobilehub:GetProject",
"mobilehub:SynchronizeProject",
"mobilehub:GetProjectSnapshot",
"mobilehub:ListProjectSnapshots",
"mobilehub:ListAvailableConnectors",
"mobilehub:ListAvailableFeatures",
"mobilehub:ListAvailableRegions",
"mobilehub:ListProjects",
"mobilehub:ValidateProject",
"mobilehub:VerifyServiceRole",
"mobilehub:DescribeBundle",
"mobilehub:ExportBundle",
"mobilehub:ListBundles"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*/aws-my-sample-app*.zip"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIBXVYVL3PWQFBZFGW",
"PolicyName": "AWSMobileHub_ReadOnly",
"UpdateDate": "2018-07-23T21:59:05+00:00",
"VersionId": "v10"
},
"AWSNetworkFirewallServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSNetworkFirewallServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-11-17T17:17:26+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:CreateVpcEndpoint",
"ec2:DescribeVpcEndpoints"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateTags"
],
"Condition": {
"StringEquals": {
"aws:RequestTag/AWSNetworkFirewallManaged": "true",
"ec2:CreateAction": "CreateVpcEndpoint"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:vpc-endpoint/*"
},
{
"Action": [
"ec2:DeleteVpcEndpoints"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/AWSNetworkFirewallManaged": "true"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4DF6QQZAL3",
"PolicyName": "AWSNetworkFirewallServiceRolePolicy",
"UpdateDate": "2020-11-17T17:17:26+00:00",
"VersionId": "v1"
},
"AWSNetworkManagerFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSNetworkManagerFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-12-03T17:37:58+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "networkmanager:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"networkmanager.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4ARXJ4NU7I",
"PolicyName": "AWSNetworkManagerFullAccess",
"UpdateDate": "2019-12-03T17:37:58+00:00",
"VersionId": "v1"
},
"AWSNetworkManagerReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSNetworkManagerReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-12-03T17:35:05+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"networkmanager:Describe*",
"networkmanager:Get*",
"networkmanager:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4LZFJOS62Z",
"PolicyName": "AWSNetworkManagerReadOnlyAccess",
"UpdateDate": "2019-12-03T17:35:05+00:00",
"VersionId": "v1"
},
"AWSNetworkManagerServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSNetworkManagerServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-12-03T14:03:35+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"directconnect:DescribeDirectConnectGateways",
"directconnect:DescribeConnections",
"directconnect:DescribeDirectConnectGatewayAttachments",
"directconnect:DescribeLocations",
"directconnect:DescribeVirtualInterfaces",
"ec2:DescribeCustomerGateways",
"ec2:DescribeTransitGatewayAttachments",
"ec2:DescribeTransitGatewayRouteTables",
"ec2:DescribeTransitGateways",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpcs",
"ec2:GetTransitGatewayRouteTableAssociations",
"ec2:SearchTransitGatewayRoutes",
"ec2:DescribeTransitGatewayPeeringAttachments",
"ec2:DescribeTransitGatewayConnects",
"ec2:DescribeTransitGatewayConnectPeers"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4B346KOB7I",
"PolicyName": "AWSNetworkManagerServiceRolePolicy",
"UpdateDate": "2021-06-07T16:18:24+00:00",
"VersionId": "v4"
},
"AWSOpsWorksCMInstanceProfileRole": {
"Arn": "arn:aws:iam::aws:policy/AWSOpsWorksCMInstanceProfileRole",
"AttachmentCount": 0,
"CreateDate": "2016-11-24T09:48:22+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"cloudformation:DescribeStackResource",
"cloudformation:SignalResource"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:ListMultipartUploadParts",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::aws-opsworks-cm-*"
},
{
"Action": "acm:GetCertificate",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "secretsmanager:GetSecretValue",
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:*:*:opsworks-cm!aws-opsworks-cm-secrets-*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAICSU3OSHCURP2WIZW",
"PolicyName": "AWSOpsWorksCMInstanceProfileRole",
"UpdateDate": "2021-04-23T17:34:03+00:00",
"VersionId": "v5"
},
"AWSOpsWorksCMServiceRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSOpsWorksCMServiceRole",
"AttachmentCount": 0,
"CreateDate": "2016-11-24T09:49:46+00:00",
"DefaultVersionId": "v14",
"Document": {
"Statement": [
{
"Action": [
"s3:CreateBucket",
"s3:DeleteObject",
"s3:DeleteBucket",
"s3:GetObject",
"s3:ListBucket",
"s3:PutBucketPolicy",
"s3:PutObject",
"s3:GetBucketTagging",
"s3:PutBucketTagging"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-opsworks-cm-*"
]
},
{
"Action": [
"tag:UntagResources",
"tag:TagResources"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ssm:DescribeInstanceInformation",
"ssm:GetCommandInvocation",
"ssm:ListCommandInvocations",
"ssm:ListCommands"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ssm:SendCommand"
],
"Condition": {
"StringLike": {
"ssm:resourceTag/aws:cloudformation:stack-name": "aws-opsworks-cm-*"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ssm:SendCommand"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ssm:*::document/*",
"arn:aws:s3:::aws-opsworks-cm-*"
]
},
{
"Action": [
"ec2:AllocateAddress",
"ec2:AssociateAddress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateImage",
"ec2:CreateSecurityGroup",
"ec2:CreateSnapshot",
"ec2:CreateTags",
"ec2:DeleteSecurityGroup",
"ec2:DeleteSnapshot",
"ec2:DeregisterImage",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeImages",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstances",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeSubnets",
"ec2:DisassociateAddress",
"ec2:ReleaseAddress",
"ec2:RunInstances",
"ec2:StopInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:TerminateInstances",
"ec2:RebootInstances"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:cloudformation:stack-name": "aws-opsworks-cm-*"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"opsworks-cm:DeleteServer",
"opsworks-cm:StartMaintenance"
],
"Effect": "Allow",
"Resource": [
"arn:aws:opsworks-cm:*:*:server/*"
]
},
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResources",
"cloudformation:DescribeStacks",
"cloudformation:UpdateStack"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/aws-opsworks-cm-*"
]
},
{
"Action": [
"iam:PassRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-opsworks-cm-*",
"arn:aws:iam::*:role/service-role/aws-opsworks-cm-*"
]
},
{
"Action": [
"acm:DeleteCertificate",
"acm:ImportCertificate"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"secretsmanager:CreateSecret",
"secretsmanager:GetSecretValue",
"secretsmanager:UpdateSecret",
"secretsmanager:DeleteSecret",
"secretsmanager:TagResource",
"secretsmanager:UntagResource"
],
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:*:*:opsworks-cm!aws-opsworks-cm-secrets-*"
},
{
"Action": "ec2:DeleteTags",
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:elastic-ip/*",
"arn:aws:ec2:*:*:security-group/*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ6I6MPGJE62URSHCO",
"PolicyName": "AWSOpsWorksCMServiceRole",
"UpdateDate": "2021-04-23T17:32:13+00:00",
"VersionId": "v14"
},
"AWSOpsWorksCloudWatchLogs": {
"Arn": "arn:aws:iam::aws:policy/AWSOpsWorksCloudWatchLogs",
"AttachmentCount": 0,
"CreateDate": "2017-03-30T17:47:19+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJXFIK7WABAY5CPXM4",
"PolicyName": "AWSOpsWorksCloudWatchLogs",
"UpdateDate": "2017-03-30T17:47:19+00:00",
"VersionId": "v1"
},
"AWSOpsWorksInstanceRegistration": {
"Arn": "arn:aws:iam::aws:policy/AWSOpsWorksInstanceRegistration",
"AttachmentCount": 0,
"CreateDate": "2016-06-03T14:23:15+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"opsworks:DescribeStackProvisioningParameters",
"opsworks:DescribeStacks",
"opsworks:RegisterInstance"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJG3LCPVNI4WDZCIMU",
"PolicyName": "AWSOpsWorksInstanceRegistration",
"UpdateDate": "2016-06-03T14:23:15+00:00",
"VersionId": "v1"
},
"AWSOpsWorksRegisterCLI_EC2": {
"Arn": "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI_EC2",
"AttachmentCount": 0,
"CreateDate": "2019-06-18T15:56:17+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"opsworks:AssignInstance",
"opsworks:CreateLayer",
"opsworks:DeregisterInstance",
"opsworks:DescribeInstances",
"opsworks:DescribeStackProvisioningParameters",
"opsworks:DescribeStacks",
"opsworks:UnassignInstance"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4NCE3CMCRC",
"PolicyName": "AWSOpsWorksRegisterCLI_EC2",
"UpdateDate": "2019-06-18T15:56:17+00:00",
"VersionId": "v1"
},
"AWSOpsWorksRegisterCLI_OnPremises": {
"Arn": "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI_OnPremises",
"AttachmentCount": 0,
"CreateDate": "2019-06-18T15:33:16+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"opsworks:AssignInstance",
"opsworks:CreateLayer",
"opsworks:DeregisterInstance",
"opsworks:DescribeInstances",
"opsworks:DescribeStackProvisioningParameters",
"opsworks:DescribeStacks",
"opsworks:UnassignInstance"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:CreateGroup",
"iam:AddUserToGroup"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:group/AWS/OpsWorks/OpsWorks-*"
]
},
{
"Action": [
"iam:CreateUser",
"iam:CreateAccessKey"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:user/AWS/OpsWorks/OpsWorks-*"
]
},
{
"Action": [
"iam:AttachUserPolicy"
],
"Condition": {
"ArnEquals": {
"iam:PolicyARN": "arn:aws:iam::aws:policy/AWSOpsWorksInstanceRegistration"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:user/AWS/OpsWorks/OpsWorks-*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4EZJ5DYEPG",
"PolicyName": "AWSOpsWorksRegisterCLI_OnPremises",
"UpdateDate": "2019-06-18T15:33:16+00:00",
"VersionId": "v1"
},
"AWSOpsWorks_FullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSOpsWorks_FullAccess",
"AttachmentCount": 0,
"CreateDate": "2021-01-22T16:29:08+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:GetMetricStatistics",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeLoadBalancers",
"iam:GetRolePolicy",
"iam:ListInstanceProfiles",
"iam:ListRoles",
"iam:ListUsers",
"opsworks:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "opsworks.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4D626GOURR",
"PolicyName": "AWSOpsWorks_FullAccess",
"UpdateDate": "2021-01-22T16:29:08+00:00",
"VersionId": "v1"
},
"AWSOrganizationsFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSOrganizationsFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-06T20:31:57+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "organizations:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJZXBNRCJKNLQHSB5M",
"PolicyName": "AWSOrganizationsFullAccess",
"UpdateDate": "2018-11-06T20:31:57+00:00",
"VersionId": "v1"
},
"AWSOrganizationsReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSOrganizationsReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-06T20:32:38+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"organizations:Describe*",
"organizations:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJY5RQATUV77PEPVOM",
"PolicyName": "AWSOrganizationsReadOnlyAccess",
"UpdateDate": "2018-11-06T20:32:38+00:00",
"VersionId": "v1"
},
"AWSOrganizationsServiceTrustPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSOrganizationsServiceTrustPolicy",
"AttachmentCount": 1,
"CreateDate": "2017-10-10T23:04:07+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"iam:DeleteRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/organizations.amazonaws.com/*"
],
"Sid": "AllowDeletionOfServiceLinkedRoleForOrganizations"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowCreationOfServiceLinkedRoles"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIQH6ROMVVECFVRJPK",
"PolicyName": "AWSOrganizationsServiceTrustPolicy",
"UpdateDate": "2017-11-01T06:01:18+00:00",
"VersionId": "v2"
},
"AWSOutpostsServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSOutpostsServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-11-09T22:55:56+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4NM7FW2RO7",
"PolicyName": "AWSOutpostsServiceRolePolicy",
"UpdateDate": "2020-11-09T22:55:56+00:00",
"VersionId": "v1"
},
"AWSPanoramaApplianceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSPanoramaApplianceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-12-01T13:13:18+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/panorama_device*:log-stream:*",
"Sid": "PanoramaDeviceCreateLogStream"
},
{
"Action": "logs:CreateLogGroup",
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/panorama_device*",
"Sid": "PanoramaDeviceCreateLogGroup"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4CWIHTBB4Y",
"PolicyName": "AWSPanoramaApplianceRolePolicy",
"UpdateDate": "2020-12-01T13:13:18+00:00",
"VersionId": "v1"
},
"AWSPanoramaFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSPanoramaFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-12-01T13:12:47+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"panorama:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4IAPULBSWQ",
"PolicyName": "AWSPanoramaFullAccess",
"UpdateDate": "2020-12-01T13:12:47+00:00",
"VersionId": "v1"
},
"AWSPanoramaGreengrassGroupRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSPanoramaGreengrassGroupRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-12-01T13:10:22+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"s3:ListBucket",
"s3:GetBucket*",
"s3:GetObject",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*aws-panorama*"
],
"Sid": "PanoramaS3Access"
},
{
"Action": "cloudwatch:PutDashboard",
"Effect": "Allow",
"Resource": [
"arn:aws:cloudwatch::*:dashboard/panorama*"
],
"Sid": "PanoramaCLoudWatchPutDashboard"
},
{
"Action": "cloudwatch:PutMetricData",
"Effect": "Allow",
"Resource": "*",
"Sid": "PanoramaCloudWatchPutMetricData"
},
{
"Action": [
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:PutLogEvents",
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/greengrass/*",
"Sid": "PanoramaGreenGrassCloudWatchAccess"
},
{
"Action": [
"panorama:*"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "PanoramaAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4IRCPXKCEG",
"PolicyName": "AWSPanoramaGreengrassGroupRolePolicy",
"UpdateDate": "2021-01-06T19:30:35+00:00",
"VersionId": "v2"
},
"AWSPanoramaSageMakerRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSPanoramaSageMakerRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-12-01T13:13:54+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:GetBucket*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*aws-panorama*"
],
"Sid": "PanoramaSageMakerS3Access"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4O23KYQMI2",
"PolicyName": "AWSPanoramaSageMakerRolePolicy",
"UpdateDate": "2020-12-01T13:13:54+00:00",
"VersionId": "v1"
},
"AWSPanoramaServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSPanoramaServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-12-01T13:14:43+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iot:CreateThing",
"iot:DeleteThing",
"iot:DeleteThingShadow",
"iot:DescribeThing",
"iot:GetThingShadow",
"iot:UpdateThing",
"iot:UpdateThingShadow"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:*:*:thing/panorama*"
],
"Sid": "PanoramaIoTThingAccess"
},
{
"Action": [
"iot:AttachThingPrincipal",
"iot:DetachThingPrincipal",
"iot:UpdateCertificate",
"iot:DeleteCertificate",
"iot:AttachPrincipalPolicy",
"iot:DetachPrincipalPolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:*:*:thing/panorama*",
"arn:aws:iot:*:*:cert/*"
],
"Sid": "PanoramaIoTCertificateAccess"
},
{
"Action": [
"iot:CreateKeysAndCertificate",
"iot:CreatePolicy"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "PanoramaIoTCreateCertificateAndPolicyAccess"
},
{
"Action": [
"iot:CreatePolicyVersion"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:*:*:policy/panorama*"
],
"Sid": "PanoramaIoTCreatePolicyVersionAccess"
},
{
"Action": [
"iot:DescribeJobExecution",
"iot:CreateJob",
"iot:DeleteJob"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:*:*:job/panorama*",
"arn:aws:iot:*:*:thing/panorama*"
],
"Sid": "PanoramaIoTJobAccess"
},
{
"Action": [
"iot:DescribeEndpoint"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "PanoramaIoTEndpointAccess"
},
{
"Action": [
"panorama:Describe*",
"panorama:List*",
"panorama:Get*"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "PanoramaAccess"
},
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:DeleteBucket",
"s3:ListBucket",
"s3:GetBucket*",
"s3:CreateBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*aws-panorama*"
],
"Sid": "PanoramaS3Access"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"sagemaker.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/AWSPanoramaSageMakerRole",
"arn:aws:iam::*:role/service-role/AWSPanoramaSageMakerRole"
],
"Sid": "PanoramaIAMPassSageMakerRoleAccess"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"greengrass.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/AWSPanoramaGreengrassGroupRole",
"arn:aws:iam::*:role/service-role/AWSPanoramaGreengrassGroupRole",
"arn:aws:iam::*:role/AWSPanoramaGreengrassRole",
"arn:aws:iam::*:role/service-role/AWSPanoramaGreengrassRole"
],
"Sid": "PanoramaIAMPassGreengrassRoleAccess"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEqualsIfExists": {
"iam:PassedToService": "iot.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/AWSPanoramaApplianceRole",
"arn:aws:iam::*:role/service-role/AWSPanoramaApplianceRole"
],
"Sid": "PanoramaIAMPassIoTRoleAccess"
},
{
"Action": [
"greengrass:AssociateRoleToGroup",
"greengrass:AssociateServiceRoleToAccount",
"greengrass:CreateResourceDefinition",
"greengrass:CreateResourceDefinitionVersion",
"greengrass:CreateCoreDefinition",
"greengrass:CreateCoreDefinitionVersion",
"greengrass:CreateDeployment",
"greengrass:CreateFunctionDefinition",
"greengrass:CreateFunctionDefinitionVersion",
"greengrass:CreateGroup",
"greengrass:CreateGroupCertificateAuthority",
"greengrass:CreateGroupVersion",
"greengrass:CreateLoggerDefinition",
"greengrass:CreateLoggerDefinitionVersion",
"greengrass:CreateSubscriptionDefinition",
"greengrass:CreateSubscriptionDefinitionVersion",
"greengrass:DeleteCoreDefinition",
"greengrass:DeleteFunctionDefinition",
"greengrass:DeleteResourceDefinition",
"greengrass:DeleteGroup",
"greengrass:DeleteLoggerDefinition",
"greengrass:DeleteSubscriptionDefinition",
"greengrass:DisassociateRoleFromGroup",
"greengrass:DisassociateServiceRoleFromAccount",
"greengrass:GetAssociatedRole",
"greengrass:GetConnectivityInfo",
"greengrass:GetCoreDefinition",
"greengrass:GetCoreDefinitionVersion",
"greengrass:GetDeploymentStatus",
"greengrass:GetDeviceDefinition",
"greengrass:GetDeviceDefinitionVersion",
"greengrass:GetFunctionDefinition",
"greengrass:GetFunctionDefinitionVersion",
"greengrass:GetGroup",
"greengrass:GetGroupCertificateAuthority",
"greengrass:GetGroupCertificateConfiguration",
"greengrass:GetGroupVersion",
"greengrass:GetLoggerDefinition",
"greengrass:GetLoggerDefinitionVersion",
"greengrass:GetResourceDefinition",
"greengrass:GetServiceRoleForAccount",
"greengrass:GetSubscriptionDefinition",
"greengrass:GetSubscriptionDefinitionVersion",
"greengrass:ListCoreDefinitionVersions",
"greengrass:ListCoreDefinitions",
"greengrass:ListDeployments",
"greengrass:ListDeviceDefinitionVersions",
"greengrass:ListDeviceDefinitions",
"greengrass:ListFunctionDefinitionVersions",
"greengrass:ListFunctionDefinitions",
"greengrass:ListGroupCertificateAuthorities",
"greengrass:ListGroupVersions",
"greengrass:ListGroups",
"greengrass:ListLoggerDefinitionVersions",
"greengrass:ListLoggerDefinitions",
"greengrass:ListSubscriptionDefinitionVersions",
"greengrass:ListSubscriptionDefinitions",
"greengrass:ResetDeployments",
"greengrass:UpdateConnectivityInfo",
"greengrass:UpdateCoreDefinition",
"greengrass:UpdateDeviceDefinition",
"greengrass:UpdateFunctionDefinition",
"greengrass:UpdateGroup",
"greengrass:UpdateGroupCertificateConfiguration",
"greengrass:UpdateLoggerDefinition",
"greengrass:UpdateSubscriptionDefinition",
"greengrass:UpdateResourceDefinition"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "PanoramaGreenGrassAccess"
},
{
"Action": [
"lambda:GetFunction",
"lambda:GetFunctionConfiguration",
"lambda:ListFunctions",
"lambda:ListVersionsByFunction"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:*"
],
"Sid": "PanoramaLambdaUsersFunctionAccess"
},
{
"Action": [
"sagemaker:CreateTrainingJob",
"sagemaker:StopTrainingJob",
"sagemaker:CreateCompilationJob",
"sagemaker:DescribeCompilationJob",
"sagemaker:StopCompilationJob"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sagemaker:*:*:training-job/panorama*",
"arn:aws:sagemaker:*:*:compilation-job/panorama*"
],
"Sid": "PanoramaSageMakerWriteAccess"
},
{
"Action": [
"sagemaker:ListCompilationJobs"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "PanoramaSageMakerListAccess"
},
{
"Action": [
"sagemaker:DescribeTrainingJob"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sagemaker:*:*:training-job/*"
],
"Sid": "PanoramaSageMakerReadAccess"
},
{
"Action": [
"iot:AttachPolicy",
"iot:CreateRoleAlias"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:*:*:policy/panorama*",
"arn:aws:iot:*:*:rolealias/panorama*"
],
"Sid": "PanoramaCWLogsAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4G7G35B6C5",
"PolicyName": "AWSPanoramaServiceRolePolicy",
"UpdateDate": "2020-12-01T13:14:43+00:00",
"VersionId": "v1"
},
"AWSPriceListServiceFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSPriceListServiceFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-11-22T00:36:27+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"pricing:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIADJ4GBYNHKABML3Q",
"PolicyName": "AWSPriceListServiceFullAccess",
"UpdateDate": "2017-11-22T00:36:27+00:00",
"VersionId": "v1"
},
"AWSPrivateMarketplaceAdminFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSPrivateMarketplaceAdminFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-27T16:32:32+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"aws-marketplace:CreatePrivateMarketplace",
"aws-marketplace:StartPrivateMarketplace",
"aws-marketplace:StopPrivateMarketplace",
"aws-marketplace:DescribePrivateMarketplaceStatus",
"aws-marketplace:AssociateProductsWithPrivateMarketplace",
"aws-marketplace:DisassociateProductsFromPrivateMarketplace",
"aws-marketplace:ListPrivateMarketplaceProducts",
"aws-marketplace:DescribePrivateMarketplaceProducts",
"aws-marketplace:ListPrivateMarketplaceRequests",
"aws-marketplace:DescribePrivateMarketplaceRequests",
"aws-marketplace:UpdatePrivateMarketplaceSettings",
"aws-marketplace:DescribePrivateMarketplaceSettings",
"aws-marketplace:CreatePrivateMarketplaceProfile",
"aws-marketplace:UpdatePrivateMarketplaceProfile",
"aws-marketplace:DescribePrivateMarketplaceProfile"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"aws-marketplace:ListEntities",
"aws-marketplace:DescribeEntity",
"aws-marketplace:StartChangeSet",
"aws-marketplace:ListChangeSets",
"aws-marketplace:DescribeChangeSet",
"aws-marketplace:CancelChangeSet"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ6VRZDDCYDOVCOCEI",
"PolicyName": "AWSPrivateMarketplaceAdminFullAccess",
"UpdateDate": "2020-12-03T15:12:31+00:00",
"VersionId": "v3"
},
"AWSPrivateMarketplaceRequests": {
"Arn": "arn:aws:iam::aws:policy/AWSPrivateMarketplaceRequests",
"AttachmentCount": 0,
"CreateDate": "2019-10-28T21:44:03+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"aws-marketplace:CreatePrivateMarketplaceRequests",
"aws-marketplace:ListPrivateMarketplaceRequests",
"aws-marketplace:DescribePrivateMarketplaceRequests"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4AV6W3DAIW",
"PolicyName": "AWSPrivateMarketplaceRequests",
"UpdateDate": "2019-10-28T21:44:03+00:00",
"VersionId": "v1"
},
"AWSProtonDeveloperAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSProtonDeveloperAccess",
"AttachmentCount": 0,
"CreateDate": "2021-02-17T19:02:08+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"proton:ListServiceTemplates",
"proton:ListServiceTemplateMajorVersions",
"proton:ListServiceTemplateMinorVersions",
"proton:ListServices",
"proton:ListServiceInstances",
"proton:ListEnvironments",
"proton:GetServiceTemplate",
"proton:GetServiceTemplateMajorVersion",
"proton:GetServiceTemplateMinorVersion",
"proton:GetService",
"proton:GetServiceInstance",
"proton:GetEnvironment",
"proton:CreateService",
"proton:UpdateService",
"proton:UpdateServiceInstance",
"proton:UpdateServicePipeline",
"proton:DeleteService",
"codestar-connections:ListConnections"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"codestar-connections:PassConnection"
],
"Condition": {
"StringEquals": {
"codestar-connections:PassedToService": "proton.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:codestar-connections:*:*:connection/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4FWOFPRNSU",
"PolicyName": "AWSProtonDeveloperAccess",
"UpdateDate": "2021-02-17T19:02:08+00:00",
"VersionId": "v1"
},
"AWSProtonFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSProtonFullAccess",
"AttachmentCount": 0,
"CreateDate": "2021-02-17T19:07:18+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"proton:*",
"codestar-connections:ListConnections",
"kms:ListAliases",
"kms:DescribeKey"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:CreateGrant"
],
"Condition": {
"StringLike": {
"kms:ViaService": "proton.*.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "proton.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"codestar-connections:PassConnection"
],
"Condition": {
"StringEquals": {
"codestar-connections:PassedToService": "proton.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:codestar-connections:*:*:connection/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4IOK6P734E",
"PolicyName": "AWSProtonFullAccess",
"UpdateDate": "2021-02-17T19:07:18+00:00",
"VersionId": "v1"
},
"AWSProtonReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSProtonReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2021-02-17T19:09:12+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": {
"Action": [
"proton:List*",
"proton:Get*"
],
"Effect": "Allow",
"Resource": "*"
},
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4DW2EHEZB3",
"PolicyName": "AWSProtonReadOnlyAccess",
"UpdateDate": "2021-02-17T19:09:12+00:00",
"VersionId": "v1"
},
"AWSPurchaseOrdersServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/AWSPurchaseOrdersServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-05-06T18:15:47+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"aws-portal:*Billing",
"awsbillingconsole:*Billing",
"purchase-orders:*PurchaseOrders"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4KQXTYO5FP",
"PolicyName": "AWSPurchaseOrdersServiceRolePolicy",
"UpdateDate": "2020-05-06T18:15:47+00:00",
"VersionId": "v1"
},
"AWSQuickSightDescribeRDS": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightDescribeRDS",
"AttachmentCount": 0,
"CreateDate": "2015-11-10T23:24:50+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"rds:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJU5J6OAMCJD3OO76O",
"PolicyName": "AWSQuickSightDescribeRDS",
"UpdateDate": "2015-11-10T23:24:50+00:00",
"VersionId": "v1"
},
"AWSQuickSightDescribeRedshift": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightDescribeRedshift",
"AttachmentCount": 0,
"CreateDate": "2015-11-10T23:25:01+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"redshift:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJFEM6MLSLTW4ZNBW2",
"PolicyName": "AWSQuickSightDescribeRedshift",
"UpdateDate": "2015-11-10T23:25:01+00:00",
"VersionId": "v1"
},
"AWSQuickSightElasticsearchPolicy": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightElasticsearchPolicy",
"AttachmentCount": 0,
"CreateDate": "2020-09-09T17:27:19+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"es:ESHttpGet"
],
"Effect": "Allow",
"Resource": [
"arn:aws:es:*:*:domain/*/",
"arn:aws:es:*:*:domain/*/_cluster/settings",
"arn:aws:es:*:*:domain/*/_cat/indices"
]
},
{
"Action": "es:ListDomainNames",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"es:DescribeElasticsearchDomain"
],
"Effect": "Allow",
"Resource": [
"arn:aws:es:*:*:domain/*"
]
},
{
"Action": [
"es:ESHttpPost",
"es:ESHttpGet"
],
"Effect": "Allow",
"Resource": [
"arn:aws:es:*:*:domain/*/_opendistro/_sql"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4BLUM3JVIN",
"PolicyName": "AWSQuickSightElasticsearchPolicy",
"UpdateDate": "2020-10-15T17:09:55+00:00",
"VersionId": "v2"
},
"AWSQuickSightIoTAnalyticsAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSQuickSightIoTAnalyticsAccess",
"AttachmentCount": 0,
"CreateDate": "2017-11-29T17:00:54+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iotanalytics:ListDatasets",
"iotanalytics:DescribeDataset",
"iotanalytics:GetDatasetContent"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJIZNDRUTKCN5HLZOE",
"PolicyName": "AWSQuickSightIoTAnalyticsAccess",
"UpdateDate": "2017-11-29T17:00:54+00:00",
"VersionId": "v1"
},
"AWSQuickSightListIAM": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightListIAM",
"AttachmentCount": 0,
"CreateDate": "2015-11-10T23:25:07+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iam:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI3CH5UUWZN4EKGILO",
"PolicyName": "AWSQuickSightListIAM",
"UpdateDate": "2015-11-10T23:25:07+00:00",
"VersionId": "v1"
},
"AWSQuickSightSageMakerPolicy": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightSageMakerPolicy",
"AttachmentCount": 0,
"CreateDate": "2020-01-17T17:18:13+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"sagemaker:DescribeTransformJob",
"sagemaker:StopTransformJob",
"sagemaker:CreateTransformJob"
],
"Effect": "Allow",
"Resource": "arn:aws:sagemaker:*:*:transform-job/quicksight-auto-generated-*"
},
{
"Action": "sagemaker:ListModels",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "s3:GetObject",
"Effect": "Allow",
"Resource": "arn:aws:s3:::quicksight-ml.*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MCLBVDT2I",
"PolicyName": "AWSQuickSightSageMakerPolicy",
"UpdateDate": "2020-01-17T17:18:13+00:00",
"VersionId": "v1"
},
"AWSQuickSightTimestreamPolicy": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightTimestreamPolicy",
"AttachmentCount": 0,
"CreateDate": "2020-09-30T21:47:03+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"timestream:Select",
"timestream:CancelQuery",
"timestream:ListTables",
"timestream:ListDatabases",
"timestream:ListMeasures",
"timestream:DescribeTable",
"timestream:DescribeDatabase",
"timestream:SelectValues",
"timestream:DescribeEndpoints"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4CFKVDHQJH",
"PolicyName": "AWSQuickSightTimestreamPolicy",
"UpdateDate": "2020-09-30T21:47:03+00:00",
"VersionId": "v1"
},
"AWSQuicksightAthenaAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSQuicksightAthenaAccess",
"AttachmentCount": 0,
"CreateDate": "2016-12-09T02:31:03+00:00",
"DefaultVersionId": "v9",
"Document": {
"Statement": [
{
"Action": [
"athena:BatchGetQueryExecution",
"athena:CancelQueryExecution",
"athena:GetCatalogs",
"athena:GetExecutionEngine",
"athena:GetExecutionEngines",
"athena:GetNamespace",
"athena:GetNamespaces",
"athena:GetQueryExecution",
"athena:GetQueryExecutions",
"athena:GetQueryResults",
"athena:GetQueryResultsStream",
"athena:GetTable",
"athena:GetTables",
"athena:ListQueryExecutions",
"athena:RunQuery",
"athena:StartQueryExecution",
"athena:StopQueryExecution",
"athena:ListWorkGroups",
"athena:ListEngineVersions",
"athena:GetWorkGroup",
"athena:GetDataCatalog",
"athena:GetDatabase",
"athena:GetTableMetadata",
"athena:ListDataCatalogs",
"athena:ListDatabases",
"athena:ListTableMetadata"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"glue:CreateDatabase",
"glue:DeleteDatabase",
"glue:GetDatabase",
"glue:GetDatabases",
"glue:UpdateDatabase",
"glue:CreateTable",
"glue:DeleteTable",
"glue:BatchDeleteTable",
"glue:UpdateTable",
"glue:GetTable",
"glue:GetTables",
"glue:BatchCreatePartition",
"glue:CreatePartition",
"glue:DeletePartition",
"glue:BatchDeletePartition",
"glue:UpdatePartition",
"glue:GetPartition",
"glue:GetPartitions",
"glue:BatchGetPartition"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload",
"s3:CreateBucket",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-athena-query-results-*"
]
},
{
"Action": [
"lakeformation:GetDataAccess"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI4JB77JXFQXDWNRPM",
"PolicyName": "AWSQuicksightAthenaAccess",
"UpdateDate": "2021-01-29T02:07:58+00:00",
"VersionId": "v9"
},
"AWSResourceAccessManagerFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSResourceAccessManagerFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-06-04T17:28:22+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ram:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4FYRGF63DP",
"PolicyName": "AWSResourceAccessManagerFullAccess",
"UpdateDate": "2019-06-04T17:28:22+00:00",
"VersionId": "v1"
},
"AWSResourceAccessManagerReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSResourceAccessManagerReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-12-09T20:58:37+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ram:Get*",
"ram:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4BQV2LHYJY",
"PolicyName": "AWSResourceAccessManagerReadOnlyAccess",
"UpdateDate": "2019-12-09T20:58:37+00:00",
"VersionId": "v1"
},
"AWSResourceAccessManagerResourceShareParticipantAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSResourceAccessManagerResourceShareParticipantAccess",
"AttachmentCount": 0,
"CreateDate": "2019-12-09T20:41:37+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ram:AcceptResourceShareInvitation",
"ram:GetResourcePolicies",
"ram:GetResourceShareInvitations",
"ram:GetResourceShares",
"ram:ListPendingInvitationResources",
"ram:ListPrincipals",
"ram:ListResources",
"ram:RejectResourceShareInvitation"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4LIFEGGUIU",
"PolicyName": "AWSResourceAccessManagerResourceShareParticipantAccess",
"UpdateDate": "2019-12-09T20:41:37+00:00",
"VersionId": "v1"
},
"AWSResourceAccessManagerServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceAccessManagerServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-11-14T19:28:28+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
"organizations:DescribeOrganizationalUnit",
"organizations:ListAccounts",
"organizations:ListAccountsForParent",
"organizations:ListChildren",
"organizations:ListOrganizationalUnitsForParent",
"organizations:ListParents",
"organizations:ListRoots"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:DeleteRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/ram.amazonaws.com/*"
],
"Sid": "AllowDeletionOfServiceLinkedRoleForResourceAccessManager"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJU667A3V5UAXC4YNE",
"PolicyName": "AWSResourceAccessManagerServiceRolePolicy",
"UpdateDate": "2018-11-14T19:28:28+00:00",
"VersionId": "v1"
},
"AWSResourceGroupsReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSResourceGroupsReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-03-07T10:27:04+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"resource-groups:Get*",
"resource-groups:List*",
"resource-groups:Search*",
"tag:Get*",
"cloudformation:DescribeStacks",
"cloudformation:ListStackResources",
"ec2:DescribeInstances",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshots",
"ec2:DescribeVolumes",
"ec2:DescribeVpcs",
"elasticache:DescribeCacheClusters",
"elasticache:DescribeSnapshots",
"elasticache:ListTagsForResource",
"elasticbeanstalk:DescribeEnvironments",
"elasticmapreduce:DescribeCluster",
"elasticmapreduce:ListClusters",
"glacier:ListVaults",
"glacier:DescribeVault",
"glacier:ListTagsForVault",
"kinesis:ListStreams",
"kinesis:DescribeStream",
"kinesis:ListTagsForStream",
"opsworks:DescribeStacks",
"opsworks:ListTags",
"rds:DescribeDBInstances",
"rds:DescribeDBSnapshots",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"redshift:DescribeTags",
"route53domains:ListDomains",
"route53:ListHealthChecks",
"route53:GetHealthCheck",
"route53:ListHostedZones",
"route53:GetHostedZone",
"route53:ListTagsForResource",
"storagegateway:ListGateways",
"storagegateway:DescribeGatewayInformation",
"storagegateway:ListTagsForResource",
"s3:ListAllMyBuckets",
"s3:GetBucketTagging",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTags",
"ssm:ListDocuments"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIXFKM2WGBJAEWMFEG",
"PolicyName": "AWSResourceGroupsReadOnlyAccess",
"UpdateDate": "2019-02-05T17:56:25+00:00",
"VersionId": "v2"
},
"AWSRoboMakerReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSRoboMakerReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-26T05:30:50+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"robomaker:List*",
"robomaker:BatchDescribe*",
"robomaker:Describe*",
"robomaker:Get*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "VisualEditor0"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIXFHP2ALXXGGECYJI",
"PolicyName": "AWSRoboMakerReadOnlyAccess",
"UpdateDate": "2020-08-28T23:10:18+00:00",
"VersionId": "v2"
},
"AWSRoboMakerServicePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSRoboMakerServicePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-11-26T06:30:08+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterfacePermission",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeSecurityGroups",
"greengrass:CreateDeployment",
"greengrass:CreateGroupVersion",
"greengrass:CreateFunctionDefinition",
"greengrass:CreateFunctionDefinitionVersion",
"greengrass:GetDeploymentStatus",
"greengrass:GetGroup",
"greengrass:GetGroupVersion",
"greengrass:GetCoreDefinitionVersion",
"greengrass:GetFunctionDefinitionVersion",
"greengrass:GetAssociatedRole",
"lambda:CreateFunction",
"robomaker:CreateSimulationJob",
"robomaker:CancelSimulationJob"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"robomaker:TagResource"
],
"Effect": "Allow",
"Resource": [
"arn:aws:robomaker:*:*:/createsimulationjob",
"arn:aws:robomaker:*:*:simulation-job/*"
]
},
{
"Action": [
"lambda:UpdateFunctionCode",
"lambda:GetFunction",
"lambda:UpdateFunctionConfiguration",
"lambda:DeleteFunction",
"lambda:ListVersionsByFunction",
"lambda:GetAlias",
"lambda:UpdateAlias",
"lambda:CreateAlias",
"lambda:DeleteAlias"
],
"Effect": "Allow",
"Resource": "arn:aws:lambda:*:*:function:aws-robomaker-*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"lambda.amazonaws.com",
"robomaker.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJYLVVUUQMAEEZ3ZNY",
"PolicyName": "AWSRoboMakerServicePolicy",
"UpdateDate": "2020-08-04T20:38:08+00:00",
"VersionId": "v5"
},
"AWSRoboMakerServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/AWSRoboMakerServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-11-26T05:33:19+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterfacePermission",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeSecurityGroups",
"greengrass:CreateDeployment",
"greengrass:CreateGroupVersion",
"greengrass:CreateFunctionDefinition",
"greengrass:CreateFunctionDefinitionVersion",
"greengrass:GetDeploymentStatus",
"greengrass:GetGroup",
"greengrass:GetGroupVersion",
"greengrass:GetCoreDefinitionVersion",
"greengrass:GetFunctionDefinitionVersion",
"greengrass:GetAssociatedRole",
"lambda:CreateFunction"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"lambda:UpdateFunctionCode",
"lambda:GetFunction",
"lambda:UpdateFunctionConfiguration"
],
"Effect": "Allow",
"Resource": "arn:aws:lambda:*:*:function:aws-robomaker-*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEqualsIfExists": {
"iam:PassedToService": "lambda.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIOSFFLBBLCTKS3ATC",
"PolicyName": "AWSRoboMakerServiceRolePolicy",
"UpdateDate": "2018-11-26T05:33:19+00:00",
"VersionId": "v1"
},
"AWSRoboMaker_FullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSRoboMaker_FullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-09-10T18:34:18+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "robomaker:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "s3:GetObject",
"Condition": {
"StringEquals": {
"aws:CalledViaFirst": "robomaker.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "robomaker.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4FACURHLCA",
"PolicyName": "AWSRoboMaker_FullAccess",
"UpdateDate": "2020-09-10T18:34:18+00:00",
"VersionId": "v1"
},
"AWSSSODirectoryAdministrator": {
"Arn": "arn:aws:iam::aws:policy/AWSSSODirectoryAdministrator",
"AttachmentCount": 0,
"CreateDate": "2018-10-31T23:54:00+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"sso-directory:*",
"sso:ListDirectoryAssociations"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AWSSSODirectoryAdministrator"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI2TCZRD7WRD5D2E2Q",
"PolicyName": "AWSSSODirectoryAdministrator",
"UpdateDate": "2020-08-18T17:17:40+00:00",
"VersionId": "v2"
},
"AWSSSODirectoryReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AWSSSODirectoryReadOnly",
"AttachmentCount": 0,
"CreateDate": "2018-10-31T23:49:32+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"sso-directory:Search*",
"sso-directory:Describe*",
"sso-directory:List*",
"sso-directory:Get*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AWSSSODirectoryReadOnly"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJDPMQELJXZD2NC6JG",
"PolicyName": "AWSSSODirectoryReadOnly",
"UpdateDate": "2019-11-26T22:37:16+00:00",
"VersionId": "v2"
},
"AWSSSOMasterAccountAdministrator": {
"Arn": "arn:aws:iam::aws:policy/AWSSSOMasterAccountAdministrator",
"AttachmentCount": 0,
"CreateDate": "2018-06-27T20:36:51+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": "sso.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO",
"Sid": "AWSSSOMasterAccountAdministrator"
},
{
"Action": [
"ds:DescribeTrusts",
"ds:UnauthorizeApplication",
"ds:DescribeDirectories",
"ds:AuthorizeApplication",
"iam:ListPolicies",
"organizations:EnableAWSServiceAccess",
"organizations:ListRoots",
"organizations:ListAccounts",
"organizations:ListOrganizationalUnitsForParent",
"organizations:ListAccountsForParent",
"organizations:DescribeOrganization",
"organizations:ListChildren",
"organizations:DescribeAccount",
"organizations:ListParents",
"sso:*",
"sso-directory:DescribeDirectory",
"ds:CreateAlias"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AWSSSOMemberAccountAdministrator"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIHXAQZIS3GOYIETUC",
"PolicyName": "AWSSSOMasterAccountAdministrator",
"UpdateDate": "2018-10-17T20:41:20+00:00",
"VersionId": "v3"
},
"AWSSSOMemberAccountAdministrator": {
"Arn": "arn:aws:iam::aws:policy/AWSSSOMemberAccountAdministrator",
"AttachmentCount": 0,
"CreateDate": "2018-06-27T20:45:42+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"ds:DescribeDirectories",
"ds:AuthorizeApplication",
"ds:UnauthorizeApplication",
"ds:DescribeTrusts",
"iam:ListPolicies",
"organizations:EnableAWSServiceAccess",
"organizations:DescribeOrganization",
"organizations:DescribeAccount",
"organizations:ListRoots",
"organizations:ListAccounts",
"organizations:ListAccountsForParent",
"organizations:ListParents",
"organizations:ListChildren",
"organizations:ListOrganizationalUnitsForParent",
"sso:*",
"sso-directory:DescribeDirectory",
"ds:CreateAlias"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AWSSSOMemberAccountAdministrator"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIQYHEY7KJWXZFNDPY",
"PolicyName": "AWSSSOMemberAccountAdministrator",
"UpdateDate": "2018-10-17T20:35:52+00:00",
"VersionId": "v2"
},
"AWSSSOReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AWSSSOReadOnly",
"AttachmentCount": 0,
"CreateDate": "2018-06-27T20:24:34+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"ds:DescribeDirectories",
"ds:DescribeTrusts",
"iam:ListPolicies",
"organizations:DescribeOrganization",
"organizations:DescribeAccount",
"organizations:ListParents",
"organizations:ListChildren",
"organizations:ListAccounts",
"organizations:ListRoots",
"organizations:ListAccountsForParent",
"organizations:ListOrganizationalUnitsForParent",
"sso:Describe*",
"sso:Get*",
"sso:List*",
"sso:Search*",
"sso-directory:DescribeDirectory"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AWSSSOReadOnly"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJBSMEEZXFDMKMY43I",
"PolicyName": "AWSSSOReadOnly",
"UpdateDate": "2020-09-10T21:26:29+00:00",
"VersionId": "v6"
},
"AWSSSOServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSSOServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-12-05T18:36:15+00:00",
"DefaultVersionId": "v13",
"Document": {
"Statement": [
{
"Action": [
"iam:AttachRolePolicy",
"iam:CreateRole",
"iam:PutRolePolicy",
"iam:UpdateRole",
"iam:UpdateRoleDescription",
"iam:UpdateAssumeRolePolicy"
],
"Condition": {
"StringNotEquals": {
"aws:PrincipalOrgMasterAccountId": "${aws:PrincipalAccount}"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-reserved/sso.amazonaws.com/*"
],
"Sid": "IAMRoleProvisioningActions"
},
{
"Action": [
"iam:GetRole",
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "IAMRoleReadActions"
},
{
"Action": [
"iam:DeleteRole",
"iam:DeleteRolePolicy",
"iam:DetachRolePolicy",
"iam:ListRolePolicies",
"iam:ListAttachedRolePolicies"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-reserved/sso.amazonaws.com/*"
],
"Sid": "IAMRoleCleanupActions"
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus",
"iam:DeleteRole",
"iam:GetRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO"
],
"Sid": "IAMSLRCleanupActions"
},
{
"Action": [
"iam:CreateSAMLProvider",
"iam:UpdateSAMLProvider"
],
"Condition": {
"StringNotEquals": {
"aws:PrincipalOrgMasterAccountId": "${aws:PrincipalAccount}"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:saml-provider/AWSSSO_*"
],
"Sid": "IAMSAMLProviderProvisioningActions"
},
{
"Action": [
"iam:DeleteSAMLProvider",
"iam:GetSAMLProvider"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:saml-provider/AWSSSO_*"
],
"Sid": "IAMSAMLProviderCleanupActions"
},
{
"Action": [
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
"organizations:ListAccounts"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ds:UnauthorizeApplication"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "AllowUnauthAppForDirectory"
},
{
"Action": [
"ds:DescribeDirectories",
"ds:DescribeTrusts"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "AllowDescribeForDirectory"
},
{
"Action": [
"identitystore:DescribeUser",
"identitystore:DescribeGroup",
"identitystore:ListGroups",
"identitystore:ListUsers"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "AllowDescribeAndListOperationsOnIdentitySource"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIJ52KSWOD4GI54XP2",
"PolicyName": "AWSSSOServiceRolePolicy",
"UpdateDate": "2020-11-19T00:02:00+00:00",
"VersionId": "v13"
},
"AWSSavingsPlansFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSSavingsPlansFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-11-06T22:45:18+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "savingsplans:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4NDDOS76AO",
"PolicyName": "AWSSavingsPlansFullAccess",
"UpdateDate": "2019-11-06T22:45:18+00:00",
"VersionId": "v1"
},
"AWSSavingsPlansReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSSavingsPlansReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-11-06T22:45:10+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"savingsplans:Describe*",
"savingsplans:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4OQ26WIHJ5",
"PolicyName": "AWSSavingsPlansReadOnlyAccess",
"UpdateDate": "2019-11-06T22:45:10+00:00",
"VersionId": "v1"
},
"AWSSecurityHubFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSSecurityHubFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-27T23:54:34+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "securityhub:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "securityhub.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ4262VZCA4HPBZSO6",
"PolicyName": "AWSSecurityHubFullAccess",
"UpdateDate": "2018-11-27T23:54:34+00:00",
"VersionId": "v1"
},
"AWSSecurityHubOrganizationsAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSSecurityHubOrganizationsAccess",
"AttachmentCount": 0,
"CreateDate": "2021-03-15T20:53:03+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"organizations:ListAccounts",
"organizations:DescribeOrganization"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "organizations:EnableAWSServiceAccess",
"Condition": {
"StringEquals": {
"organizations:ServicePrincipal": "securityhub.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"organizations:RegisterDelegatedAdministrator",
"organizations:DeregisterDelegatedAdministrator"
],
"Condition": {
"StringEquals": {
"organizations:ServicePrincipal": "securityhub.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:organizations::*:account/o-*/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4KVIUTRVOZ",
"PolicyName": "AWSSecurityHubOrganizationsAccess",
"UpdateDate": "2021-03-15T20:53:03+00:00",
"VersionId": "v1"
},
"AWSSecurityHubReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSSecurityHubReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-28T01:34:29+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"securityhub:Get*",
"securityhub:List*",
"securityhub:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIEBAQNOFUCLFJ3UHG",
"PolicyName": "AWSSecurityHubReadOnlyAccess",
"UpdateDate": "2019-06-25T22:45:52+00:00",
"VersionId": "v2"
},
"AWSSecurityHubServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSecurityHubServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-11-27T23:47:51+00:00",
"DefaultVersionId": "v7",
"Document": {
"Statement": [
{
"Action": [
"cloudtrail:DescribeTrails",
"cloudtrail:GetTrailStatus",
"cloudtrail:GetEventSelectors",
"cloudwatch:DescribeAlarms",
"cloudwatch:DescribeAlarmsForMetric",
"logs:DescribeMetricFilters",
"sns:ListSubscriptionsByTopic",
"config:DescribeConfigurationRecorders",
"config:DescribeConfigurationRecorderStatus",
"config:DescribeConfigRules",
"config:BatchGetResourceConfig",
"config:SelectResourceConfig",
"iam:GenerateCredentialReport",
"iam:GetCredentialReport",
"organizations:ListAccounts",
"organizations:DescribeAccount",
"organizations:DescribeOrganization"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"config:PutConfigRule",
"config:DeleteConfigRule",
"config:GetComplianceDetailsByConfigRule",
"config:DescribeConfigRuleEvaluationStatus"
],
"Effect": "Allow",
"Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/*securityhub*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJQPCESDDYDLLSOGYO",
"PolicyName": "AWSSecurityHubServiceRolePolicy",
"UpdateDate": "2020-09-21T19:59:01+00:00",
"VersionId": "v7"
},
"AWSServiceCatalogAdminFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogAdminFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-02-15T17:19:40+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStacks",
"cloudformation:SetStackPolicy",
"cloudformation:UpdateStack",
"cloudformation:CreateChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:ExecuteChangeSet",
"cloudformation:ListChangeSets",
"cloudformation:DeleteChangeSet",
"cloudformation:ListStackResources",
"cloudformation:TagResource",
"cloudformation:CreateStackSet",
"cloudformation:CreateStackInstances",
"cloudformation:UpdateStackSet",
"cloudformation:UpdateStackInstances",
"cloudformation:DeleteStackSet",
"cloudformation:DeleteStackInstances",
"cloudformation:DescribeStackSet",
"cloudformation:DescribeStackInstance",
"cloudformation:DescribeStackSetOperation",
"cloudformation:ListStackInstances",
"cloudformation:ListStackSetOperations",
"cloudformation:ListStackSetOperationResults"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/SC-*",
"arn:aws:cloudformation:*:*:stack/StackSet-SC-*",
"arn:aws:cloudformation:*:*:changeSet/SC-*",
"arn:aws:cloudformation:*:*:stackset/SC-*"
]
},
{
"Action": [
"cloudformation:CreateUploadBucket",
"cloudformation:GetTemplateSummary",
"cloudformation:ValidateTemplate",
"iam:GetGroup",
"iam:GetRole",
"iam:GetUser",
"iam:ListGroups",
"iam:ListRoles",
"iam:ListUsers",
"servicecatalog:*",
"ssm:DescribeDocument",
"ssm:GetAutomationExecution",
"ssm:ListDocuments",
"ssm:ListDocumentVersions",
"config:DescribeConfigurationRecorders",
"config:DescribeConfigurationRecorderStatus"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "servicecatalog.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJWLJU4BZ7AQUJSBVM",
"PolicyName": "AWSServiceCatalogAdminFullAccess",
"UpdateDate": "2019-02-06T01:57:54+00:00",
"VersionId": "v5"
},
"AWSServiceCatalogAdminReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogAdminReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-10-25T18:53:38+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStacks",
"cloudformation:DescribeChangeSet",
"cloudformation:ListChangeSets",
"cloudformation:ListStackResources",
"cloudformation:DescribeStackSet",
"cloudformation:DescribeStackInstance",
"cloudformation:DescribeStackSetOperation",
"cloudformation:ListStackInstances",
"cloudformation:ListStackSetOperations",
"cloudformation:ListStackSetOperationResults"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/SC-*",
"arn:aws:cloudformation:*:*:stack/StackSet-SC-*",
"arn:aws:cloudformation:*:*:changeSet/SC-*",
"arn:aws:cloudformation:*:*:stackset/SC-*"
]
},
{
"Action": [
"cloudformation:GetTemplateSummary",
"iam:GetGroup",
"iam:GetRole",
"iam:GetUser",
"iam:ListGroups",
"iam:ListRoles",
"iam:ListUsers",
"servicecatalog:Get*",
"servicecatalog:List*",
"servicecatalog:Describe*",
"servicecatalog:ScanProvisionedProducts",
"servicecatalog:Search*",
"ssm:DescribeDocument",
"ssm:GetAutomationExecution",
"ssm:ListDocuments",
"ssm:ListDocumentVersions",
"config:DescribeConfigurationRecorders",
"config:DescribeConfigurationRecorderStatus"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MC6ZR7YFX",
"PolicyName": "AWSServiceCatalogAdminReadOnlyAccess",
"UpdateDate": "2019-10-25T18:53:38+00:00",
"VersionId": "v1"
},
"AWSServiceCatalogAppRegistryFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogAppRegistryFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-11-12T22:25:58+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cloudformation:DescribeStacks",
"servicecatalog:CreateApplication",
"servicecatalog:GetApplication",
"servicecatalog:UpdateApplication",
"servicecatalog:DeleteApplication",
"servicecatalog:ListApplications",
"servicecatalog:AssociateResource",
"servicecatalog:DisassociateResource",
"servicecatalog:ListAssociatedResources",
"servicecatalog:AssociateAttributeGroup",
"servicecatalog:DisassociateAttributeGroup",
"servicecatalog:ListAssociatedAttributeGroups",
"servicecatalog:CreateAttributeGroup",
"servicecatalog:UpdateAttributeGroup",
"servicecatalog:DeleteAttributeGroup",
"servicecatalog:GetAttributeGroup",
"servicecatalog:ListAttributeGroups"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4N2G3EPAYN",
"PolicyName": "AWSServiceCatalogAppRegistryFullAccess",
"UpdateDate": "2020-11-12T22:25:58+00:00",
"VersionId": "v1"
},
"AWSServiceCatalogAppRegistryReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogAppRegistryReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-11-12T22:34:32+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"servicecatalog:GetApplication",
"servicecatalog:ListApplications",
"servicecatalog:ListAssociatedResources",
"servicecatalog:ListAssociatedAttributeGroups",
"servicecatalog:GetAttributeGroup",
"servicecatalog:ListAttributeGroups"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4M3SSCJCST",
"PolicyName": "AWSServiceCatalogAppRegistryReadOnlyAccess",
"UpdateDate": "2020-11-12T22:34:32+00:00",
"VersionId": "v1"
},
"AWSServiceCatalogAppRegistryServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceCatalogAppRegistryServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2021-05-18T22:18:55+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "cloudformation:DescribeStacks",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "resource-groups:CreateGroup",
"Condition": {
"StringEquals": {
"aws:RequestTag/EnableAWSServiceCatalogAppRegistry": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"resource-groups:DeleteGroup",
"resource-groups:UpdateGroup",
"resource-groups:GetGroup",
"resource-groups:GetTags",
"resource-groups:Tag",
"resource-groups:Untag"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/EnableAWSServiceCatalogAppRegistry": "true"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4H3V4QGJFH",
"PolicyName": "AWSServiceCatalogAppRegistryServiceRolePolicy",
"UpdateDate": "2021-05-18T22:18:55+00:00",
"VersionId": "v1"
},
"AWSServiceCatalogEndUserFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogEndUserFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-02-15T17:22:32+00:00",
"DefaultVersionId": "v7",
"Document": {
"Statement": [
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStacks",
"cloudformation:SetStackPolicy",
"cloudformation:ValidateTemplate",
"cloudformation:UpdateStack",
"cloudformation:CreateChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:ExecuteChangeSet",
"cloudformation:ListChangeSets",
"cloudformation:DeleteChangeSet",
"cloudformation:TagResource",
"cloudformation:CreateStackSet",
"cloudformation:CreateStackInstances",
"cloudformation:UpdateStackSet",
"cloudformation:UpdateStackInstances",
"cloudformation:DeleteStackSet",
"cloudformation:DeleteStackInstances",
"cloudformation:DescribeStackSet",
"cloudformation:DescribeStackInstance",
"cloudformation:DescribeStackSetOperation",
"cloudformation:ListStackInstances",
"cloudformation:ListStackResources",
"cloudformation:ListStackSetOperations",
"cloudformation:ListStackSetOperationResults"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/SC-*",
"arn:aws:cloudformation:*:*:stack/StackSet-SC-*",
"arn:aws:cloudformation:*:*:changeSet/SC-*",
"arn:aws:cloudformation:*:*:stackset/SC-*"
]
},
{
"Action": [
"cloudformation:GetTemplateSummary",
"servicecatalog:DescribeProduct",
"servicecatalog:DescribeProductView",
"servicecatalog:DescribeProvisioningParameters",
"servicecatalog:ListLaunchPaths",
"servicecatalog:ProvisionProduct",
"servicecatalog:SearchProducts",
"ssm:DescribeDocument",
"ssm:GetAutomationExecution",
"config:DescribeConfigurationRecorders",
"config:DescribeConfigurationRecorderStatus"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"servicecatalog:DescribeProvisionedProduct",
"servicecatalog:DescribeRecord",
"servicecatalog:ListRecordHistory",
"servicecatalog:ListStackInstancesForProvisionedProduct",
"servicecatalog:ScanProvisionedProducts",
"servicecatalog:TerminateProvisionedProduct",
"servicecatalog:UpdateProvisionedProduct",
"servicecatalog:SearchProvisionedProducts",
"servicecatalog:CreateProvisionedProductPlan",
"servicecatalog:DescribeProvisionedProductPlan",
"servicecatalog:ExecuteProvisionedProductPlan",
"servicecatalog:DeleteProvisionedProductPlan",
"servicecatalog:ListProvisionedProductPlans",
"servicecatalog:ListServiceActionsForProvisioningArtifact",
"servicecatalog:ExecuteProvisionedProductServiceAction",
"servicecatalog:DescribeServiceActionExecutionParameters"
],
"Condition": {
"StringEquals": {
"servicecatalog:userLevel": "self"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJTLLC4DGDMTZB54M4",
"PolicyName": "AWSServiceCatalogEndUserFullAccess",
"UpdateDate": "2019-07-10T20:30:52+00:00",
"VersionId": "v7"
},
"AWSServiceCatalogEndUserReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogEndUserReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-10-25T18:49:34+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStacks",
"cloudformation:DescribeChangeSet",
"cloudformation:ListChangeSets",
"cloudformation:DescribeStackSet",
"cloudformation:DescribeStackInstance",
"cloudformation:DescribeStackSetOperation",
"cloudformation:ListStackInstances",
"cloudformation:ListStackResources",
"cloudformation:ListStackSetOperations",
"cloudformation:ListStackSetOperationResults"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/SC-*",
"arn:aws:cloudformation:*:*:stack/StackSet-SC-*",
"arn:aws:cloudformation:*:*:changeSet/SC-*",
"arn:aws:cloudformation:*:*:stackset/SC-*"
]
},
{
"Action": [
"cloudformation:GetTemplateSummary",
"servicecatalog:DescribeProduct",
"servicecatalog:DescribeProductView",
"servicecatalog:DescribeProvisioningParameters",
"servicecatalog:ListLaunchPaths",
"servicecatalog:SearchProducts",
"ssm:DescribeDocument",
"ssm:GetAutomationExecution",
"config:DescribeConfigurationRecorders",
"config:DescribeConfigurationRecorderStatus"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"servicecatalog:DescribeProvisionedProduct",
"servicecatalog:DescribeRecord",
"servicecatalog:ListRecordHistory",
"servicecatalog:ListStackInstancesForProvisionedProduct",
"servicecatalog:ScanProvisionedProducts",
"servicecatalog:SearchProvisionedProducts",
"servicecatalog:DescribeProvisionedProductPlan",
"servicecatalog:ListProvisionedProductPlans",
"servicecatalog:ListServiceActionsForProvisioningArtifact",
"servicecatalog:DescribeServiceActionExecutionParameters"
],
"Condition": {
"StringEquals": {
"servicecatalog:userLevel": "self"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4IWYKXJJED",
"PolicyName": "AWSServiceCatalogEndUserReadOnlyAccess",
"UpdateDate": "2019-10-25T18:49:34+00:00",
"VersionId": "v1"
},
"AWSServiceRoleForAmazonEKSNodegroup": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForAmazonEKSNodegroup",
"AttachmentCount": 0,
"CreateDate": "2019-11-07T01:34:26+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"ec2:RevokeSecurityGroupIngress",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:DescribeInstances",
"ec2:RevokeSecurityGroupEgress",
"ec2:DeleteSecurityGroup"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/eks": "*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "SharedSecurityGroupRelatedPermissions"
},
{
"Action": [
"ec2:RevokeSecurityGroupIngress",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:DescribeInstances",
"ec2:RevokeSecurityGroupEgress",
"ec2:DeleteSecurityGroup"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/eks:nodegroup-name": "*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "EKSCreatedSecurityGroupRelatedPermissions"
},
{
"Action": [
"ec2:DeleteLaunchTemplate",
"ec2:CreateLaunchTemplateVersion"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/eks:nodegroup-name": "*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "LaunchTemplateRelatedPermissions"
},
{
"Action": [
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:DeleteAutoScalingGroup",
"autoscaling:TerminateInstanceInAutoScalingGroup",
"autoscaling:CompleteLifecycleAction",
"autoscaling:PutLifecycleHook",
"autoscaling:PutNotificationConfiguration"
],
"Effect": "Allow",
"Resource": "arn:aws:autoscaling:*:*:*:autoScalingGroupName/eks-*",
"Sid": "AutoscalingRelatedPermissions"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "autoscaling.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowAutoscalingToCreateSLR"
},
{
"Action": [
"autoscaling:CreateOrUpdateTags",
"autoscaling:CreateAutoScalingGroup"
],
"Condition": {
"ForAnyValue:StringEquals": {
"aws:TagKeys": [
"eks",
"eks:cluster-name",
"eks:nodegroup-name"
]
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowASGCreationByEKS"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "autoscaling.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowPassRoleToAutoscaling"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEqualsIfExists": {
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowPassRoleToEC2"
},
{
"Action": [
"iam:GetRole",
"ec2:CreateLaunchTemplate",
"ec2:DescribeInstances",
"iam:GetInstanceProfile",
"ec2:DescribeLaunchTemplates",
"autoscaling:DescribeAutoScalingGroups",
"ec2:CreateSecurityGroup",
"ec2:DescribeLaunchTemplateVersions",
"ec2:RunInstances",
"ec2:DescribeSecurityGroups",
"ec2:GetConsoleOutput",
"ec2:DescribeRouteTables",
"ec2:DescribeSubnets"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "PermissionsToManageResourcesForNodegroups"
},
{
"Action": [
"iam:CreateInstanceProfile",
"iam:DeleteInstanceProfile",
"iam:RemoveRoleFromInstanceProfile",
"iam:AddRoleToInstanceProfile"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:instance-profile/eks-*",
"Sid": "PermissionsToCreateAndManageInstanceProfiles"
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Condition": {
"ForAnyValue:StringLike": {
"aws:TagKeys": [
"eks",
"eks:cluster-name",
"eks:nodegroup-name",
"kubernetes.io/cluster/*"
]
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "PermissionsToManageEKSAndKubernetesTags"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4KH2AAMJJG",
"PolicyName": "AWSServiceRoleForAmazonEKSNodegroup",
"UpdateDate": "2020-08-31T19:07:38+00:00",
"VersionId": "v5"
},
"AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-10-01T09:49:01+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ssm:CreateOpsItem"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4M4BX2KX5V",
"PolicyName": "AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy",
"UpdateDate": "2020-10-01T09:49:01+00:00",
"VersionId": "v1"
},
"AWSServiceRoleForCodeGuru-Profiler": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForCodeGuru-Profiler",
"AttachmentCount": 0,
"CreateDate": "2020-06-26T22:04:26+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowSNSPublishToSendNotifications"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4GNVXVLNQT",
"PolicyName": "AWSServiceRoleForCodeGuru-Profiler",
"UpdateDate": "2020-06-26T22:04:26+00:00",
"VersionId": "v1"
},
"AWSServiceRoleForEC2ScheduledInstances": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForEC2ScheduledInstances",
"AttachmentCount": 0,
"CreateDate": "2017-10-12T18:31:55+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateTags"
],
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"aws:ec2sri:scheduledInstanceId"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": [
"ec2:TerminateInstances"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:ec2sri:scheduledInstanceId": "*"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ7Y4TT63D6QBKCY4O",
"PolicyName": "AWSServiceRoleForEC2ScheduledInstances",
"UpdateDate": "2017-10-12T18:31:55+00:00",
"VersionId": "v1"
},
"AWSServiceRoleForImageBuilder": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForImageBuilder",
"AttachmentCount": 0,
"CreateDate": "2019-11-29T22:02:13+00:00",
"DefaultVersionId": "v12",
"Document": {
"Statement": [
{
"Action": [
"ec2:RunInstances"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*::image/*",
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:key-pair/*"
]
},
{
"Action": [
"ec2:RunInstances"
],
"Condition": {
"StringEquals": {
"aws:RequestTag/CreatedBy": "EC2 Image Builder"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:StopInstances",
"ec2:TerminateInstances"
],
"Condition": {
"ForAnyValue:StringEquals": {
"ec2:ResourceTag/CreatedBy": "EC2 Image Builder"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CopyImage",
"ec2:CreateImage",
"ec2:CreateLaunchTemplate",
"ec2:DeregisterImage",
"ec2:DescribeImages",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstances",
"ec2:DescribeInstanceTypeOfferings",
"ec2:DescribeInstanceTypes",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:ModifyImageAttribute"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:ModifySnapshotAttribute"
],
"Condition": {
"ForAnyValue:StringEquals": {
"ec2:ResourceTag/CreatedBy": "EC2 Image Builder"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*::snapshot/*"
},
{
"Action": [
"ec2:CreateTags"
],
"Effect": "Allow",
"Resource": "arn:aws:ec2:*::image/*"
},
{
"Action": [
"ec2:CreateTags"
],
"Condition": {
"ForAnyValue:StringEquals": {
"aws:RequestTag/CreatedBy": "EC2 Image Builder"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"license-manager:UpdateLicenseSpecificationsForResource"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ssm:ListCommands",
"ssm:ListCommandInvocations",
"ssm:AddTagsToResource",
"ssm:DescribeInstanceInformation",
"ssm:GetAutomationExecution",
"ssm:StopAutomationExecution",
"ssm:ListInventoryEntries",
"ssm:SendAutomationSignal",
"ssm:DescribeInstanceAssociationsStatus"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ssm:SendCommand",
"Effect": "Allow",
"Resource": [
"arn:aws:ssm:*:*:document/AWS-RunPowerShellScript",
"arn:aws:ssm:*:*:document/AWS-RunShellScript",
"arn:aws:ssm:*:*:document/AWSEC2-RunSysprep",
"arn:aws:s3:::*"
]
},
{
"Action": [
"ssm:SendCommand"
],
"Condition": {
"ForAnyValue:StringEquals": {
"ssm:resourceTag/CreatedBy": [
"EC2 Image Builder"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": "ssm:StartAutomationExecution",
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:automation-definition/ImageBuilder*"
},
{
"Action": [
"ssm:CreateAssociation",
"ssm:DeleteAssociation"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ssm:*:*:document/AWS-GatherSoftwareInventory",
"arn:aws:ssm:*:*:association/*",
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncryptFrom",
"kms:ReEncryptTo",
"kms:GenerateDataKeyWithoutPlaintext",
"kms:DescribeKey"
],
"Condition": {
"ForAllValues:StringEquals": {
"kms:EncryptionContextKeys": [
"aws:ebs:id"
]
},
"StringLike": {
"kms:ViaService": [
"ec2.*.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "kms:CreateGrant",
"Condition": {
"Bool": {
"kms:GrantIsForAWSResource": true
},
"StringLike": {
"kms:ViaService": [
"ec2.*.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/EC2ImageBuilderDistributionCrossAccountRole"
},
{
"Action": [
"logs:CreateLogStream",
"logs:CreateLogGroup",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/imagebuilder/*"
},
{
"Action": [
"ec2:CreateLaunchTemplateVersion",
"ec2:DescribeLaunchTemplates",
"ec2:ModifyLaunchTemplate"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "ssm.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4NE22WISEW",
"PolicyName": "AWSServiceRoleForImageBuilder",
"UpdateDate": "2020-12-04T23:27:05+00:00",
"VersionId": "v12"
},
"AWSServiceRoleForIoTSiteWise": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForIoTSiteWise",
"AttachmentCount": 0,
"CreateDate": "2018-11-14T19:19:17+00:00",
"DefaultVersionId": "v7",
"Document": {
"Statement": [
{
"Action": [
"greengrass:GetAssociatedRole",
"greengrass:GetCoreDefinition",
"greengrass:GetCoreDefinitionVersion",
"greengrass:GetGroup",
"greengrass:GetGroupVersion"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogGroup",
"logs:DescribeLogGroups"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/iotsitewise*"
},
{
"Action": [
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/iotsitewise*:log-stream:*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJGQU4DZIQP6HLYQPE",
"PolicyName": "AWSServiceRoleForIoTSiteWise",
"UpdateDate": "2020-04-25T02:15:01+00:00",
"VersionId": "v7"
},
"AWSServiceRoleForLogDeliveryPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForLogDeliveryPolicy",
"AttachmentCount": 0,
"CreateDate": "2019-10-04T17:31:19+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"firehose:PutRecord",
"firehose:PutRecordBatch",
"firehose:ListTagsForDeliveryStream"
],
"Condition": {
"StringEquals": {
"firehose:ResourceTag/LogDeliveryEnabled": "true"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4EMA7ANTDG",
"PolicyName": "AWSServiceRoleForLogDeliveryPolicy",
"UpdateDate": "2020-07-27T19:38:52+00:00",
"VersionId": "v2"
},
"AWSServiceRoleForMonitronPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForMonitronPolicy",
"AttachmentCount": 0,
"CreateDate": "2020-12-02T19:06:08+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"sso:GetManagedApplicationInstance",
"sso:GetProfile",
"sso:ListProfiles",
"sso:AssociateProfile",
"sso:ListDirectoryAssociations",
"sso-directory:DescribeUsers",
"sso-directory:SearchUsers"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4NYRIH2RCH",
"PolicyName": "AWSServiceRoleForMonitronPolicy",
"UpdateDate": "2020-12-02T19:06:08+00:00",
"VersionId": "v1"
},
"AWSServiceRoleForSMS": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForSMS",
"AttachmentCount": 0,
"CreateDate": "2019-08-06T18:39:29+00:00",
"DefaultVersionId": "v10",
"Document": {
"Statement": [
{
"Action": [
"cloudformation:CreateChangeSet",
"cloudformation:CreateStack"
],
"Condition": {
"ForAllValues:StringEquals": {
"cloudformation:ResourceTypes": [
"AWS::EC2::Instance",
"AWS::ApplicationInsights::Application",
"AWS::ResourceGroups::Group"
]
},
"Null": {
"cloudformation:ResourceTypes": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
},
{
"Action": [
"cloudformation:DeleteStack",
"cloudformation:ExecuteChangeSet",
"cloudformation:DeleteChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:DescribeStacks",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:GetTemplate"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
},
{
"Action": [
"cloudformation:ValidateTemplate",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:DeleteObject",
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutLifecycleConfiguration"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::sms-app-*"
},
{
"Action": [
"sms:CreateReplicationJob",
"sms:DeleteReplicationJob",
"sms:GetReplicationJobs",
"sms:GetReplicationRuns",
"sms:GetServers",
"sms:ImportServerCatalog",
"sms:StartOnDemandReplicationRun",
"sms:UpdateReplicationJob"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ssm:SendCommand",
"Effect": "Allow",
"Resource": [
"arn:aws:ssm:*::document/AWS-RunRemoteScript",
"arn:aws:s3:::sms-app-*"
]
},
{
"Action": "ssm:SendCommand",
"Condition": {
"StringEquals": {
"ssm:resourceTag/UseForSMSApplicationValidation": [
"true"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": [
"ssm:CancelCommand",
"ssm:GetCommandInvocation"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
"StringEquals": {
"ec2:CreateAction": "CopySnapshot"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:snapshot/*"
},
{
"Action": "ec2:CopySnapshot",
"Condition": {
"StringLike": {
"aws:RequestTag/SMSJobId": [
"sms-*"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:snapshot/*"
},
{
"Action": [
"ec2:ModifySnapshotAttribute",
"ec2:DeleteSnapshot"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/SMSJobId": [
"sms-*"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:snapshot/*"
},
{
"Action": [
"ec2:CopyImage",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeSnapshots",
"ec2:DescribeSnapshotAttribute",
"ec2:DeregisterImage",
"ec2:ImportImage",
"ec2:DescribeImportImageTasks",
"ec2:GetEbsEncryptionByDefault"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:GetRole",
"iam:GetInstanceProfile"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DisassociateIamInstanceProfile",
"ec2:AssociateIamInstanceProfile",
"ec2:ReplaceIamInstanceProfileAssociation"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "ec2.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEqualsIfExists": {
"iam:PassedToService": "cloudformation.amazonaws.com"
},
"StringLike": {
"iam:AssociatedResourceArn": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:RunInstances"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": [
"ec2:ModifyInstanceAttribute",
"ec2:StopInstances",
"ec2:StartInstances",
"ec2:TerminateInstances"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"applicationinsights:Describe*",
"applicationinsights:List*",
"cloudformation:ListStackResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"applicationinsights:CreateApplication",
"applicationinsights:CreateComponent",
"applicationinsights:UpdateApplication",
"applicationinsights:DeleteApplication",
"applicationinsights:UpdateComponentConfiguration",
"applicationinsights:DeleteComponent"
],
"Effect": "Allow",
"Resource": "arn:aws:applicationinsights:*:*:application/resource-group/sms-app-*"
},
{
"Action": [
"resource-groups:CreateGroup",
"resource-groups:GetGroup",
"resource-groups:UpdateGroup",
"resource-groups:DeleteGroup"
],
"Condition": {
"StringLike": {
"aws:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
}
},
"Effect": "Allow",
"Resource": "arn:aws:resource-groups:*:*:group/sms-app-*"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "application-insights.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/application-insights.amazonaws.com/AWSServiceRoleForApplicationInsights"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4OSYRD2VJZ",
"PolicyName": "AWSServiceRoleForSMS",
"UpdateDate": "2020-10-15T17:28:13+00:00",
"VersionId": "v10"
},
"AWSShieldDRTAccessPolicy": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy",
"AttachmentCount": 0,
"CreateDate": "2018-06-05T22:29:39+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"cloudfront:List*",
"route53:List*",
"elasticloadbalancing:Describe*",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"cloudfront:GetDistribution*",
"globalaccelerator:ListAccelerators",
"globalaccelerator:DescribeAccelerator",
"ec2:DescribeRegions",
"ec2:DescribeAddresses"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "SRTAccessProtectedResources"
},
{
"Action": [
"shield:*",
"waf:*",
"wafv2:*",
"waf-regional:*",
"elasticloadbalancing:SetWebACL",
"cloudfront:UpdateDistribution",
"apigateway:SetWebACL"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "SRTManageProtections"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJWNCSZ4PARLO37VVY",
"PolicyName": "AWSShieldDRTAccessPolicy",
"UpdateDate": "2020-12-15T17:28:15+00:00",
"VersionId": "v6"
},
"AWSStepFunctionsConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSStepFunctionsConsoleFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-01-11T21:54:31+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": "states:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:ListRoles",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/service-role/StatesExecutionRole*"
},
{
"Action": "lambda:ListFunctions",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJIYC52YWRX6OSMJWK",
"PolicyName": "AWSStepFunctionsConsoleFullAccess",
"UpdateDate": "2017-01-12T00:19:34+00:00",
"VersionId": "v2"
},
"AWSStepFunctionsFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSStepFunctionsFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-01-11T21:51:32+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "states:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJXKA6VP3UFBVHDPPA",
"PolicyName": "AWSStepFunctionsFullAccess",
"UpdateDate": "2017-01-11T21:51:32+00:00",
"VersionId": "v1"
},
"AWSStepFunctionsReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSStepFunctionsReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2017-01-11T21:46:19+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"states:ListStateMachines",
"states:ListActivities",
"states:DescribeStateMachine",
"states:DescribeStateMachineForExecution",
"states:ListExecutions",
"states:DescribeExecution",
"states:GetExecutionHistory",
"states:DescribeActivity"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJONHB2TJQDJPFW5TM",
"PolicyName": "AWSStepFunctionsReadOnlyAccess",
"UpdateDate": "2017-11-10T22:03:49+00:00",
"VersionId": "v2"
},
"AWSStorageGatewayFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSStorageGatewayFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:09+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"storagegateway:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeSnapshots",
"ec2:DeleteSnapshot"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJG5SSPAVOGK3SIDGU",
"PolicyName": "AWSStorageGatewayFullAccess",
"UpdateDate": "2015-02-06T18:41:09+00:00",
"VersionId": "v1"
},
"AWSStorageGatewayReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSStorageGatewayReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:10+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"storagegateway:List*",
"storagegateway:Describe*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeSnapshots"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIFKCTUVOPD5NICXJK",
"PolicyName": "AWSStorageGatewayReadOnlyAccess",
"UpdateDate": "2015-02-06T18:41:10+00:00",
"VersionId": "v1"
},
"AWSStorageGatewayServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSStorageGatewayServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2021-02-17T19:03:19+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"fsx:ListTagsForResource"
],
"Effect": "Allow",
"Resource": "arn:aws:fsx:*:*:backup/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4E4ZEKWU2U",
"PolicyName": "AWSStorageGatewayServiceRolePolicy",
"UpdateDate": "2021-02-17T19:03:19+00:00",
"VersionId": "v1"
},
"AWSSupportAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSSupportAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:11+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"support:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJSNKQX2OW67GF4S7E",
"PolicyName": "AWSSupportAccess",
"UpdateDate": "2015-02-06T18:41:11+00:00",
"VersionId": "v1"
},
"AWSSupportServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy",
"AttachmentCount": 1,
"CreateDate": "2018-04-19T18:04:44+00:00",
"DefaultVersionId": "v15",
"Document": {
"Statement": [
{
"Action": [
"apigateway:GET"
],
"Effect": "Allow",
"Resource": [
"arn:aws:apigateway:*::/account",
"arn:aws:apigateway:*::/apis",
"arn:aws:apigateway:*::/apis/*",
"arn:aws:apigateway:*::/apis/*/authorizers",
"arn:aws:apigateway:*::/apis/*/authorizers/*",
"arn:aws:apigateway:*::/apis/*/deployments",
"arn:aws:apigateway:*::/apis/*/deployments/*",
"arn:aws:apigateway:*::/apis/*/integrations",
"arn:aws:apigateway:*::/apis/*/integrations/*",
"arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses",
"arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses/*",
"arn:aws:apigateway:*::/apis/*/models",
"arn:aws:apigateway:*::/apis/*/models/*",
"arn:aws:apigateway:*::/apis/*/routes",
"arn:aws:apigateway:*::/apis/*/routes/*",
"arn:aws:apigateway:*::/apis/*/routes/*/routeresponses",
"arn:aws:apigateway:*::/apis/*/routes/*/routeresponses/*",
"arn:aws:apigateway:*::/apis/*/stages",
"arn:aws:apigateway:*::/apis/*/stages/*",
"arn:aws:apigateway:*::/clientcertificates",
"arn:aws:apigateway:*::/clientcertificates/*",
"arn:aws:apigateway:*::/domainnames",
"arn:aws:apigateway:*::/domainnames/*",
"arn:aws:apigateway:*::/domainnames/*/apimappings",
"arn:aws:apigateway:*::/domainnames/*/apimappings/*",
"arn:aws:apigateway:*::/domainnames/*/basepathmappings",
"arn:aws:apigateway:*::/domainnames/*/basepathmappings/*",
"arn:aws:apigateway:*::/restapis",
"arn:aws:apigateway:*::/restapis/*",
"arn:aws:apigateway:*::/restapis/*/authorizers",
"arn:aws:apigateway:*::/restapis/*/authorizers/*",
"arn:aws:apigateway:*::/restapis/*/deployments",
"arn:aws:apigateway:*::/restapis/*/deployments/*",
"arn:aws:apigateway:*::/restapis/*/models",
"arn:aws:apigateway:*::/restapis/*/models/*",
"arn:aws:apigateway:*::/restapis/*/models/*/default_template",
"arn:aws:apigateway:*::/restapis/*/resources",
"arn:aws:apigateway:*::/restapis/*/resources/*",
"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration/responses/*",
"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/responses/*",
"arn:aws:apigateway:*::/restapis/*/stages/*/sdks/*",
"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*",
"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration",
"arn:aws:apigateway:*::/restapis/*/stages",
"arn:aws:apigateway:*::/restapis/*/stages/*"
]
},
{
"Action": [
"iam:DeleteRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport"
]
},
{
"Action": [
"a4b:getDevice",
"a4b:getProfile",
"a4b:getRoom",
"a4b:getRoomSkillParameter",
"a4b:getSkillGroup",
"a4b:searchDevices",
"a4b:searchProfiles",
"a4b:searchRooms",
"a4b:searchSkillGroups",
"access-analyzer:getFinding",
"access-analyzer:listAnalyzers",
"access-analyzer:listArchiveRules",
"access-analyzer:listFindings",
"acm-pca:describeCertificateAuthority",
"acm-pca:describeCertificateAuthorityAuditReport",
"acm-pca:getCertificate",
"acm-pca:getCertificateAuthorityCertificate",
"acm-pca:getCertificateAuthorityCsr",
"acm-pca:listCertificateAuthorities",
"acm-pca:listTags",
"acm:describeCertificate",
"acm:getCertificate",
"acm:listCertificates",
"acm:listTagsForCertificate",
"amplify:getApp",
"amplify:getBranch",
"amplify:getDomainAssociation",
"amplify:getJob",
"amplify:getWebhook",
"amplify:listApps",
"amplify:listWebhooks",
"application-autoscaling:describeScalableTargets",
"application-autoscaling:describeScalingActivities",
"application-autoscaling:describeScalingPolicies",
"application-autoscaling:describeScheduledActions",
"appmesh:describeMesh",
"appmesh:describeRoute",
"appmesh:describeVirtualNode",
"appmesh:describeVirtualRouter",
"appmesh:describeVirtualService",
"appmesh:listMeshes",
"appmesh:listRoutes",
"appmesh:listVirtualNodes",
"appmesh:listVirtualRouters",
"appmesh:listVirtualServices",
"appstream:describeDirectoryConfigs",
"appstream:describeFleets",
"appstream:describeImageBuilders",
"appstream:describeImages",
"appstream:describeSessions",
"appstream:describeStacks",
"appstream:listAssociatedFleets",
"appstream:listAssociatedStacks",
"appstream:listTagsForResource",
"appsync:getFunction",
"appsync:getGraphqlApi",
"appsync:getIntrospectionSchema",
"appsync:getResolver",
"appsync:getSchemaCreationStatus",
"appsync:getType",
"appsync:listDataSources",
"appsync:listFunctions",
"appsync:listGraphqlApis",
"appsync:listResolvers",
"appsync:listTypes",
"athena:batchGetNamedQuery",
"athena:batchGetQueryExecution",
"athena:getNamedQuery",
"athena:getQueryExecution",
"athena:getWorkGroup",
"athena:listNamedQueries",
"athena:listQueryExecutions",
"athena:listTagsForResource",
"athena:listWorkGroups",
"autoscaling-plans:describeScalingPlanResources",
"autoscaling-plans:describeScalingPlans",
"autoscaling-plans:getScalingPlanResourceForecastData",
"autoscaling:describeAccountLimits",
"autoscaling:describeAdjustmentTypes",
"autoscaling:describeAutoScalingGroups",
"autoscaling:describeAutoScalingInstances",
"autoscaling:describeAutoScalingNotificationTypes",
"autoscaling:describeInstanceRefreshes",
"autoscaling:describeLaunchConfigurations",
"autoscaling:describeLifecycleHookTypes",
"autoscaling:describeLifecycleHooks",
"autoscaling:describeLoadBalancerTargetGroups",
"autoscaling:describeLoadBalancers",
"autoscaling:describeMetricCollectionTypes",
"autoscaling:describeNotificationConfigurations",
"autoscaling:describePolicies",
"autoscaling:describeScalingActivities",
"autoscaling:describeScalingProcessTypes",
"autoscaling:describeScheduledActions",
"autoscaling:describeTags",
"autoscaling:describeTerminationPolicyTypes",
"backup:describeBackupJob",
"backup:describeBackupVault",
"backup:describeProtectedResource",
"backup:describeRecoveryPoint",
"backup:describeRestoreJob",
"backup:getBackupPlan",
"backup:getBackupPlanFromJSON",
"backup:getBackupPlanFromTemplate",
"backup:getBackupSelection",
"backup:getBackupVaultAccessPolicy",
"backup:getBackupVaultNotifications",
"backup:getRecoveryPointRestoreMetadata",
"backup:getSupportedResourceTypes",
"backup:listBackupJobs",
"backup:listBackupPlanTemplates",
"backup:listBackupPlanVersions",
"backup:listBackupPlans",
"backup:listBackupSelections",
"backup:listBackupVaults",
"backup:listProtectedResources",
"backup:listRecoveryPointsByBackupVault",
"backup:listRecoveryPointsByResource",
"backup:listRestoreJobs",
"backup:listTags",
"batch:describeComputeEnvironments",
"batch:describeJobDefinitions",
"batch:describeJobQueues",
"batch:describeJobs",
"batch:listJobs",
"braket:getDevice",
"braket:getQuantumTask",
"braket:searchDevices",
"braket:searchQuantumTasks",
"budgets:viewBudget",
"ce:getCostAndUsage",
"ce:getCostAndUsageWithResources",
"ce:getCostForecast",
"ce:getDimensionValues",
"ce:getReservationCoverage",
"ce:getReservationPurchaseRecommendation",
"ce:getReservationUtilization",
"ce:getRightsizingRecommendation",
"ce:getSavingsPlansCoverage",
"ce:getSavingsPlansPurchaseRecommendation",
"ce:getSavingsPlansUtilization",
"ce:getSavingsPlansUtilizationDetails",
"ce:getTags",
"cloud9:describeEnvironmentMemberships",
"cloud9:describeEnvironments",
"cloud9:listEnvironments",
"clouddirectory:getDirectory",
"clouddirectory:listDirectories",
"cloudformation:describeAccountLimits",
"cloudformation:describeChangeSet",
"cloudformation:describeStackEvents",
"cloudformation:describeStackInstance",
"cloudformation:describeStackResource",
"cloudformation:describeStackResources",
"cloudformation:describeStackSet",
"cloudformation:describeStackSetOperation",
"cloudformation:describeStacks",
"cloudformation:estimateTemplateCost",
"cloudformation:getStackPolicy",
"cloudformation:getTemplate",
"cloudformation:getTemplateSummary",
"cloudformation:listChangeSets",
"cloudformation:listExports",
"cloudformation:listImports",
"cloudformation:listStackInstances",
"cloudformation:listStackResources",
"cloudformation:listStackSetOperationResults",
"cloudformation:listStackSetOperations",
"cloudformation:listStackSets",
"cloudformation:listStacks",
"cloudfront:getCloudFrontOriginAccessIdentity",
"cloudfront:getCloudFrontOriginAccessIdentityConfig",
"cloudfront:getDistribution",
"cloudfront:getDistributionConfig",
"cloudfront:getInvalidation",
"cloudfront:getStreamingDistribution",
"cloudfront:getStreamingDistributionConfig",
"cloudfront:listCloudFrontOriginAccessIdentities",
"cloudfront:listDistributions",
"cloudfront:listDistributionsByWebACLId",
"cloudfront:listInvalidations",
"cloudfront:listStreamingDistributions",
"cloudhsm:describeBackups",
"cloudhsm:describeClusters",
"cloudsearch:describeAnalysisSchemes",
"cloudsearch:describeAvailabilityOptions",
"cloudsearch:describeDomains",
"cloudsearch:describeExpressions",
"cloudsearch:describeIndexFields",
"cloudsearch:describeScalingParameters",
"cloudsearch:describeServiceAccessPolicies",
"cloudsearch:describeSuggesters",
"cloudsearch:listDomainNames",
"cloudtrail:describeTrails",
"cloudtrail:getEventSelectors",
"cloudtrail:getInsightSelectors",
"cloudtrail:getTrail",
"cloudtrail:getTrailStatus",
"cloudtrail:listPublicKeys",
"cloudtrail:listTags",
"cloudtrail:listTrails",
"cloudtrail:lookupEvents",
"cloudwatch:describeAlarmHistory",
"cloudwatch:describeAlarms",
"cloudwatch:describeAlarmsForMetric",
"cloudwatch:describeAnomalyDetectors",
"cloudwatch:getDashboard",
"cloudwatch:getMetricData",
"cloudwatch:getMetricStatistics",
"cloudwatch:listDashboards",
"cloudwatch:listMetrics",
"codeartifact:describeDomain",
"codeartifact:describePackageVersion",
"codeartifact:describeRepository",
"codeartifact:getDomainPermissionsPolicy",
"codeartifact:getRepositoryEndPoint",
"codeartifact:getRepositoryPermissionsPolicy",
"codeartifact:listDomains",
"codeartifact:listPackageVersionAssets",
"codeartifact:listPackageVersions",
"codeartifact:listPackages",
"codeartifact:listRepositories",
"codeartifact:listRepositoriesInDomain",
"codebuild:batchGetBuildBatches",
"codebuild:batchGetBuilds",
"codebuild:batchGetProjects",
"codebuild:listBuildBatches",
"codebuild:listBuildBatchesForProject",
"codebuild:listBuilds",
"codebuild:listBuildsForProject",
"codebuild:listCuratedEnvironmentImages",
"codebuild:listProjects",
"codebuild:listSourceCredentials",
"codecommit:batchGetRepositories",
"codecommit:getBranch",
"codecommit:getRepository",
"codecommit:getRepositoryTriggers",
"codecommit:listBranches",
"codecommit:listRepositories",
"codedeploy:batchGetApplicationRevisions",
"codedeploy:batchGetApplications",
"codedeploy:batchGetDeploymentGroups",
"codedeploy:batchGetDeploymentInstances",
"codedeploy:batchGetDeploymentTargets",
"codedeploy:batchGetDeployments",
"codedeploy:batchGetOnPremisesInstances",
"codedeploy:getApplication",
"codedeploy:getApplicationRevision",
"codedeploy:getDeployment",
"codedeploy:getDeploymentConfig",
"codedeploy:getDeploymentGroup",
"codedeploy:getDeploymentInstance",
"codedeploy:getDeploymentTarget",
"codedeploy:getOnPremisesInstance",
"codedeploy:listApplicationRevisions",
"codedeploy:listApplications",
"codedeploy:listDeploymentConfigs",
"codedeploy:listDeploymentGroups",
"codedeploy:listDeploymentInstances",
"codedeploy:listDeploymentTargets",
"codedeploy:listDeployments",
"codedeploy:listGitHubAccountTokenNames",
"codedeploy:listOnPremisesInstances",
"codepipeline:getJobDetails",
"codepipeline:getPipeline",
"codepipeline:getPipelineExecution",
"codepipeline:getPipelineState",
"codepipeline:listActionExecutions",
"codepipeline:listActionTypes",
"codepipeline:listPipelineExecutions",
"codepipeline:listPipelines",
"codepipeline:listWebhooks",
"codestar:describeProject",
"codestar:listProjects",
"codestar:listResources",
"codestar:listTeamMembers",
"codestar:listUserProfiles",
"cognito-identity:describeIdentityPool",
"cognito-identity:getIdentityPoolRoles",
"cognito-identity:listIdentities",
"cognito-identity:listIdentityPools",
"cognito-idp:adminGetUser",
"cognito-idp:describeIdentityProvider",
"cognito-idp:describeResourceServer",
"cognito-idp:describeRiskConfiguration",
"cognito-idp:describeUserImportJob",
"cognito-idp:describeUserPool",
"cognito-idp:describeUserPoolClient",
"cognito-idp:describeUserPoolDomain",
"cognito-idp:getGroup",
"cognito-idp:getUICustomization",
"cognito-idp:getUser",
"cognito-idp:getUserPoolMfaConfig",
"cognito-idp:listGroups",
"cognito-idp:listIdentityProviders",
"cognito-idp:listResourceServers",
"cognito-idp:listUserImportJobs",
"cognito-idp:listUserPoolClients",
"cognito-idp:listUserPools",
"cognito-sync:describeDataset",
"cognito-sync:describeIdentityPoolUsage",
"cognito-sync:describeIdentityUsage",
"cognito-sync:getCognitoEvents",
"cognito-sync:getIdentityPoolConfiguration",
"cognito-sync:listDatasets",
"cognito-sync:listIdentityPoolUsage",
"compute-optimizer:getAutoScalingGroupRecommendations",
"compute-optimizer:getEC2InstanceRecommendations",
"compute-optimizer:getEC2RecommendationProjectedMetrics",
"compute-optimizer:getEnrollmentStatus",
"compute-optimizer:getRecommendationSummaries",
"compute-optimizer:getEBSVolumeRecommendations",
"config:describeConfigRuleEvaluationStatus",
"config:describeConfigRules",
"config:describeConfigurationRecorderStatus",
"config:describeConfigurationRecorders",
"config:describeDeliveryChannelStatus",
"config:describeDeliveryChannels",
"config:getResourceConfigHistory",
"config:listDiscoveredResources",
"connect:describeUser",
"connect:getCurrentMetricData",
"connect:getMetricData",
"connect:listRoutingProfiles",
"connect:listSecurityProfiles",
"connect:listUsers",
"controltower:describeAccountFactoryConfig",
"controltower:describeCoreService",
"controltower:describeGuardrail",
"controltower:describeGuardrailForTarget",
"controltower:describeManagedAccount",
"controltower:describeSingleSignOn",
"controltower:getAvailableUpdates",
"controltower:getHomeRegion",
"controltower:getLandingZoneStatus",
"controltower:listDirectoryGroups",
"controltower:listGuardrailViolations",
"controltower:listGuardrailsForTarget",
"controltower:listManagedAccounts",
"controltower:listManagedAccountsForGuardrail",
"controltower:listManagedAccountsForParent",
"controltower:listManagedOrganizationalUnits",
"controltower:listManagedOrganizationalUnitsForGuardrail",
"databrew:describeDataset",
"databrew:describeJob",
"databrew:describeProject",
"databrew:describeRecipe",
"databrew:listDatasets",
"databrew:listJobRuns",
"databrew:listJobs",
"databrew:listProjects",
"databrew:listRecipes",
"databrew:listRecipeVersions",
"databrew:listTagsForResource",
"datapipeline:describeObjects",
"datapipeline:describePipelines",
"datapipeline:getPipelineDefinition",
"datapipeline:listPipelines",
"datapipeline:queryObjects",
"datasync:describeAgent",
"datasync:describeLocationEfs",
"datasync:describeLocationFsxWindows",
"datasync:describeLocationNfs",
"datasync:describeLocationObjectStorage",
"datasync:describeLocationS3",
"datasync:describeLocationSmb",
"datasync:describeTask",
"datasync:describeTaskExecution",
"datasync:listAgents",
"datasync:listLocations",
"datasync:listTaskExecutions",
"datasync:listTasks",
"dax:describeClusters",
"dax:describeDefaultParameters",
"dax:describeEvents",
"dax:describeParameterGroups",
"dax:describeParameters",
"dax:describeSubnetGroups",
"detective:getMembers",
"detective:listGraphs",
"detective:listInvitations",
"detective:listMembers",
"devicefarm:getAccountSettings",
"devicefarm:getDevice",
"devicefarm:getDevicePool",
"devicefarm:getDevicePoolCompatibility",
"devicefarm:getJob",
"devicefarm:getProject",
"devicefarm:getRemoteAccessSession",
"devicefarm:getRun",
"devicefarm:getSuite",
"devicefarm:getTest",
"devicefarm:getTestGridProject",
"devicefarm:getTestGridSession",
"devicefarm:getUpload",
"devicefarm:listArtifacts",
"devicefarm:listDevicePools",
"devicefarm:listDevices",
"devicefarm:listJobs",
"devicefarm:listProjects",
"devicefarm:listRemoteAccessSessions",
"devicefarm:listRuns",
"devicefarm:listSamples",
"devicefarm:listSuites",
"devicefarm:listTestGridProjects",
"devicefarm:listTestGridSessionActions",
"devicefarm:listTestGridSessionArtifacts",
"devicefarm:listTestGridSessions",
"devicefarm:listTests",
"devicefarm:listUniqueProblems",
"devicefarm:listUploads",
"directconnect:describeConnections",
"directconnect:describeConnectionsOnInterconnect",
"directconnect:describeInterconnects",
"directconnect:describeLocations",
"directconnect:describeVirtualGateways",
"directconnect:describeVirtualInterfaces",
"dlm:getLifecyclePolicies",
"dlm:getLifecyclePolicy",
"dms:describeAccountAttributes",
"dms:describeConnections",
"dms:describeEndpointTypes",
"dms:describeEndpoints",
"dms:describeOrderableReplicationInstances",
"dms:describeRefreshSchemasStatus",
"dms:describeReplicationInstances",
"dms:describeReplicationSubnetGroups",
"ds:describeConditionalForwarders",
"ds:describeDirectories",
"ds:describeEventTopics",
"ds:describeSnapshots",
"ds:describeTrusts",
"ds:getDirectoryLimits",
"ds:getSnapshotLimits",
"ds:listIpRoutes",
"ds:listSchemaExtensions",
"ds:listTagsForResource",
"dynamodb:describeBackup",
"dynamodb:describeContinuousBackups",
"dynamodb:describeGlobalTable",
"dynamodb:describeLimits",
"dynamodb:describeStream",
"dynamodb:describeTable",
"dynamodb:describeTimeToLive",
"dynamodb:listBackups",
"dynamodb:listGlobalTables",
"dynamodb:listStreams",
"dynamodb:listTables",
"dynamodb:listTagsOfResource",
"ec2:acceptReservedInstancesExchangeQuote",
"ec2:cancelReservedInstancesListing",
"ec2:createReservedInstancesListing",
"ec2:describeAccountAttributes",
"ec2:describeAddresses",
"ec2:describeAvailabilityZones",
"ec2:describeBundleTasks",
"ec2:describeByoipCidrs",
"ec2:describeCapacityReservations",
"ec2:describeClassicLinkInstances",
"ec2:describeClientVpnAuthorizationRules",
"ec2:describeClientVpnConnections",
"ec2:describeClientVpnEndpoints",
"ec2:describeClientVpnRoutes",
"ec2:describeClientVpnTargetNetworks",
"ec2:describeCoipPools",
"ec2:describeConversionTasks",
"ec2:describeCustomerGateways",
"ec2:describeDhcpOptions",
"ec2:describeElasticGpus",
"ec2:describeExportImageTasks",
"ec2:describeExportTasks",
"ec2:describeFastSnapshotRestores",
"ec2:describeFleetHistory",
"ec2:describeFleetInstances",
"ec2:describeFleets",
"ec2:describeFlowLogs",
"ec2:describeHostReservationOfferings",
"ec2:describeHostReservations",
"ec2:describeHosts",
"ec2:describeIdFormat",
"ec2:describeIdentityIdFormat",
"ec2:describeImageAttribute",
"ec2:describeImages",
"ec2:describeImportImageTasks",
"ec2:describeImportSnapshotTasks",
"ec2:describeInstanceAttribute",
"ec2:describeInstanceStatus",
"ec2:describeInstances",
"ec2:describeInternetGateways",
"ec2:describeKeyPairs",
"ec2:describeLaunchTemplateVersions",
"ec2:describeLaunchTemplates",
"ec2:describeLocalGatewayRouteTableVirtualInterfaceGroupAssociations",
"ec2:describeLocalGatewayRouteTableVpcAssociations",
"ec2:describeLocalGatewayRouteTables",
"ec2:describeLocalGatewayVirtualInterfaceGroups",
"ec2:describeLocalGatewayVirtualInterfaces",
"ec2:describeLocalGateways",
"ec2:describeMovingAddresses",
"ec2:describeNatGateways",
"ec2:describeNetworkAcls",
"ec2:describeNetworkInterfaceAttribute",
"ec2:describeNetworkInterfaces",
"ec2:describePlacementGroups",
"ec2:describePrefixLists",
"ec2:describePublicIpv4Pools",
"ec2:describeRegions",
"ec2:describeReservedInstances",
"ec2:describeReservedInstancesListings",
"ec2:describeReservedInstancesModifications",
"ec2:describeReservedInstancesOfferings",
"ec2:describeRouteTables",
"ec2:describeScheduledInstances",
"ec2:describeSecurityGroups",
"ec2:describeSnapshotAttribute",
"ec2:describeSnapshots",
"ec2:describeSpotDatafeedSubscription",
"ec2:describeSpotFleetInstances",
"ec2:describeSpotFleetRequestHistory",
"ec2:describeSpotFleetRequests",
"ec2:describeSpotInstanceRequests",
"ec2:describeSpotPriceHistory",
"ec2:describeSubnets",
"ec2:describeTags",
"ec2:describeTrafficMirrorFilters",
"ec2:describeTrafficMirrorSessions",
"ec2:describeTrafficMirrorTargets",
"ec2:describeTransitGatewayAttachments",
"ec2:describeTransitGatewayRouteTables",
"ec2:describeTransitGatewayVpcAttachments",
"ec2:describeTransitGateways",
"ec2:describeVolumeAttribute",
"ec2:describeVolumeStatus",
"ec2:describeVolumes",
"ec2:describeVolumesModifications",
"ec2:describeVpcAttribute",
"ec2:describeVpcClassicLink",
"ec2:describeVpcClassicLinkDnsSupport",
"ec2:describeVpcEndpointConnectionNotifications",
"ec2:describeVpcEndpointConnections",
"ec2:describeVpcEndpointServiceConfigurations",
"ec2:describeVpcEndpointServicePermissions",
"ec2:describeVpcEndpointServices",
"ec2:describeVpcEndpoints",
"ec2:describeVpcPeeringConnections",
"ec2:describeVpcs",
"ec2:describeVpnConnections",
"ec2:describeVpnGateways",
"ec2:getCoipPoolUsage",
"ec2:getConsoleScreenshot",
"ec2:getReservedInstancesExchangeQuote",
"ec2:getTransitGatewayAttachmentPropagations",
"ec2:getTransitGatewayRouteTableAssociations",
"ec2:getTransitGatewayRouteTablePropagations",
"ec2:modifyReservedInstances",
"ec2:purchaseReservedInstancesOffering",
"ec2:searchLocalGatewayRoutes",
"ecr:batchCheckLayerAvailability",
"ecr:describeImages",
"ecr:describeRepositories",
"ecr:getRepositoryPolicy",
"ecr:listImages",
"ecs:describeClusters",
"ecs:describeContainerInstances",
"ecs:describeServices",
"ecs:describeTaskDefinition",
"ecs:describeTasks",
"ecs:listClusters",
"ecs:listContainerInstances",
"ecs:listServices",
"ecs:listTaskDefinitions",
"ecs:listTasks",
"eks:describeCluster",
"eks:describeFargateProfile",
"eks:describeNodegroup",
"eks:describeUpdate",
"eks:listClusters",
"eks:listFargateProfiles",
"eks:listNodegroups",
"eks:listUpdates",
"elasticache:describeCacheClusters",
"elasticache:describeCacheEngineVersions",
"elasticache:describeCacheParameterGroups",
"elasticache:describeCacheParameters",
"elasticache:describeCacheSecurityGroups",
"elasticache:describeCacheSubnetGroups",
"elasticache:describeEngineDefaultParameters",
"elasticache:describeEvents",
"elasticache:describeReplicationGroups",
"elasticache:describeReservedCacheNodes",
"elasticache:describeReservedCacheNodesOfferings",
"elasticache:describeSnapshots",
"elasticache:listAllowedNodeTypeModifications",
"elasticache:listTagsForResource",
"elasticbeanstalk:checkDNSAvailability",
"elasticbeanstalk:describeApplicationVersions",
"elasticbeanstalk:describeApplications",
"elasticbeanstalk:describeConfigurationOptions",
"elasticbeanstalk:describeConfigurationSettings",
"elasticbeanstalk:describeEnvironmentHealth",
"elasticbeanstalk:describeEnvironmentManagedActionHistory",
"elasticbeanstalk:describeEnvironmentManagedActions",
"elasticbeanstalk:describeEnvironmentResources",
"elasticbeanstalk:describeEnvironments",
"elasticbeanstalk:describeEvents",
"elasticbeanstalk:describeInstancesHealth",
"elasticbeanstalk:describePlatformVersion",
"elasticbeanstalk:listAvailableSolutionStacks",
"elasticbeanstalk:listPlatformVersions",
"elasticbeanstalk:validateConfigurationSettings",
"elasticfilesystem:describeAccessPoints",
"elasticfilesystem:describeFileSystemPolicy",
"elasticfilesystem:describeFileSystems",
"elasticfilesystem:describeLifecycleConfiguration",
"elasticfilesystem:describeMountTargetSecurityGroups",
"elasticfilesystem:describeMountTargets",
"elasticfilesystem:describeTags",
"elasticfilesystem:listTagsForResource",
"elasticloadbalancing:describeInstanceHealth",
"elasticloadbalancing:describeListenerCertificates",
"elasticloadbalancing:describeListeners",
"elasticloadbalancing:describeLoadBalancerAttributes",
"elasticloadbalancing:describeLoadBalancerPolicies",
"elasticloadbalancing:describeLoadBalancerPolicyTypes",
"elasticloadbalancing:describeLoadBalancers",
"elasticloadbalancing:describeRules",
"elasticloadbalancing:describeSSLPolicies",
"elasticloadbalancing:describeTags",
"elasticloadbalancing:describeTargetGroupAttributes",
"elasticloadbalancing:describeTargetGroups",
"elasticloadbalancing:describeTargetHealth",
"elasticmapreduce:describeCluster",
"elasticmapreduce:describeSecurityConfiguration",
"elasticmapreduce:describeStep",
"elasticmapreduce:listBootstrapActions",
"elasticmapreduce:listClusters",
"elasticmapreduce:listInstanceGroups",
"elasticmapreduce:listInstances",
"elasticmapreduce:listSecurityConfigurations",
"elasticmapreduce:listSteps",
"elastictranscoder:listJobsByPipeline",
"elastictranscoder:listJobsByStatus",
"elastictranscoder:listPipelines",
"elastictranscoder:listPresets",
"elastictranscoder:readPipeline",
"elastictranscoder:readPreset",
"es:describeElasticsearchDomain",
"es:describeElasticsearchDomainConfig",
"es:describeElasticsearchDomains",
"es:listDomainNames",
"es:listTags",
"events:describeEventBus",
"events:describeEventSource",
"events:describePartnerEventSource",
"events:describeRule",
"events:listEventBuses",
"events:listEventSources",
"events:listPartnerEventSourceAccounts",
"events:listPartnerEventSources",
"events:listRuleNamesByTarget",
"events:listRules",
"events:listTargetsByRule",
"events:testEventPattern",
"firehose:describeDeliveryStream",
"firehose:listDeliveryStreams",
"fms:getAdminAccount",
"fms:getComplianceDetail",
"fms:getNotificationChannel",
"fms:getPolicy",
"fms:getProtectionStatus",
"fms:listComplianceStatus",
"fms:listMemberAccounts",
"fms:listPolicies",
"forecast:describeDataset",
"forecast:describeDatasetGroup",
"forecast:describeDatasetImportJob",
"forecast:describeForecast",
"forecast:describeForecastExportJob",
"forecast:describePredictor",
"forecast:getAccuracyMetrics",
"forecast:listDatasetGroups",
"forecast:listDatasetImportJobs",
"forecast:listDatasets",
"forecast:listForecastExportJobs",
"forecast:listForecasts",
"forecast:listPredictors",
"fsx:describeBackups",
"fsx:describeDataRepositoryTasks",
"fsx:describeFileSystems",
"fsx:listTagsForResource",
"glacier:describeJob",
"glacier:describeVault",
"glacier:getDataRetrievalPolicy",
"glacier:getVaultAccessPolicy",
"glacier:getVaultLock",
"glacier:getVaultNotifications",
"glacier:listJobs",
"glacier:listTagsForVault",
"glacier:listVaults",
"globalaccelerator:describeAccelerator",
"globalaccelerator:describeAcceleratorAttributes",
"globalaccelerator:describeEndpointGroup",
"globalaccelerator:describeListener",
"globalaccelerator:listAccelerators",
"globalaccelerator:listEndpointGroups",
"globalaccelerator:listListeners",
"glue:batchGetPartition",
"glue:checkSchemaVersionValidity",
"glue:getCatalogImportStatus",
"glue:getClassifier",
"glue:getClassifiers",
"glue:getCrawler",
"glue:getCrawlerMetrics",
"glue:getCrawlers",
"glue:getDatabase",
"glue:getDatabases",
"glue:getDataflowGraph",
"glue:getDevEndpoint",
"glue:getDevEndpoints",
"glue:getJob",
"glue:getJobRun",
"glue:getJobRuns",
"glue:getJobs",
"glue:getMapping",
"glue:getPartition",
"glue:getPartitions",
"glue:getRegistry",
"glue:getSchema",
"glue:getSchemaByDefinition",
"glue:getSchemaVersion",
"glue:getSchemaVersionsDiff",
"glue:getTable",
"glue:getTableVersions",
"glue:getTables",
"glue:getTrigger",
"glue:getTriggers",
"glue:getUserDefinedFunction",
"glue:getUserDefinedFunctions",
"glue:listRegistries",
"glue:listSchemas",
"glue:listSchemaVersions",
"glue:querySchemaVersionMetadata",
"greengrass:getConnectivityInfo",
"greengrass:getCoreDefinition",
"greengrass:getCoreDefinitionVersion",
"greengrass:getDeploymentStatus",
"greengrass:getDeviceDefinition",
"greengrass:getDeviceDefinitionVersion",
"greengrass:getFunctionDefinition",
"greengrass:getFunctionDefinitionVersion",
"greengrass:getGroup",
"greengrass:getGroupCertificateAuthority",
"greengrass:getGroupVersion",
"greengrass:getLoggerDefinition",
"greengrass:getLoggerDefinitionVersion",
"greengrass:getResourceDefinitionVersion",
"greengrass:getServiceRoleForAccount",
"greengrass:getSubscriptionDefinition",
"greengrass:getSubscriptionDefinitionVersion",
"greengrass:listCoreDefinitionVersions",
"greengrass:listCoreDefinitions",
"greengrass:listDeployments",
"greengrass:listDeviceDefinitionVersions",
"greengrass:listDeviceDefinitions",
"greengrass:listFunctionDefinitionVersions",
"greengrass:listFunctionDefinitions",
"greengrass:listGroupVersions",
"greengrass:listGroups",
"greengrass:listLoggerDefinitionVersions",
"greengrass:listLoggerDefinitions",
"greengrass:listResourceDefinitionVersions",
"greengrass:listResourceDefinitions",
"greengrass:listSubscriptionDefinitionVersions",
"greengrass:listSubscriptionDefinitions",
"guardduty:getDetector",
"guardduty:getFindings",
"guardduty:getFindingsStatistics",
"guardduty:getIPSet",
"guardduty:getInvitationsCount",
"guardduty:getMasterAccount",
"guardduty:getMembers",
"guardduty:getThreatIntelSet",
"guardduty:listDetectors",
"guardduty:listFindings",
"guardduty:listIPSets",
"guardduty:listInvitations",
"guardduty:listMembers",
"guardduty:listThreatIntelSets",
"health:describeAffectedAccountsForOrganization",
"health:describeAffectedEntities",
"health:describeAffectedEntitiesForOrganization",
"health:describeEntityAggregates",
"health:describeEventAggregates",
"health:describeEventDetails",
"health:describeEventTypes",
"health:describeEventDetailsForOrganization",
"health:describeEvents",
"health:describeEventsForOrganization",
"health:describeHealthServiceStatusForOrganization",
"iam:getAccessKeyLastUsed",
"iam:getAccountAuthorizationDetails",
"iam:getAccountPasswordPolicy",
"iam:getAccountSummary",
"iam:getContextKeysForCustomPolicy",
"iam:getContextKeysForPrincipalPolicy",
"iam:getCredentialReport",
"iam:getGroup",
"iam:getGroupPolicy",
"iam:getInstanceProfile",
"iam:getLoginProfile",
"iam:getOpenIDConnectProvider",
"iam:getPolicy",
"iam:getPolicyVersion",
"iam:getRole",
"iam:getRolePolicy",
"iam:getSAMLProvider",
"iam:getSSHPublicKey",
"iam:getServerCertificate",
"iam:getUser",
"iam:getUserPolicy",
"iam:listAccessKeys",
"iam:listAccountAliases",
"iam:listAttachedGroupPolicies",
"iam:listAttachedRolePolicies",
"iam:listAttachedUserPolicies",
"iam:listEntitiesForPolicy",
"iam:listGroupPolicies",
"iam:listGroups",
"iam:listGroupsForUser",
"iam:listInstanceProfiles",
"iam:listInstanceProfilesForRole",
"iam:listMFADevices",
"iam:listOpenIDConnectProviders",
"iam:listPolicies",
"iam:listPolicyVersions",
"iam:listRolePolicies",
"iam:listRoles",
"iam:listSAMLProviders",
"iam:listSSHPublicKeys",
"iam:listServerCertificates",
"iam:listSigningCertificates",
"iam:listUserPolicies",
"iam:listUsers",
"iam:listVirtualMFADevices",
"iam:simulateCustomPolicy",
"iam:simulatePrincipalPolicy",
"imagebuilder:getComponent",
"imagebuilder:getComponentPolicy",
"imagebuilder:getContainerRecipe",
"imagebuilder:getDistributionConfiguration",
"imagebuilder:getImage",
"imagebuilder:getImagePipeline",
"imagebuilder:getImagePolicy",
"imagebuilder:getImageRecipe",
"imagebuilder:getImageRecipePolicy",
"imagebuilder:getInfrastructureConfiguration",
"imagebuilder:listComponentBuildVersions",
"imagebuilder:listComponents",
"imagebuilder:listContainerRecipes",
"imagebuilder:listDistributionConfigurations",
"imagebuilder:listImageBuildVersions",
"imagebuilder:listImagePipelineImages",
"imagebuilder:listImagePipelines",
"imagebuilder:listImageRecipes",
"imagebuilder:listImages",
"imagebuilder:listInfrastructureConfigurations",
"imagebuilder:listTagsForResource",
"importexport:getStatus",
"importexport:listJobs",
"inspector:describeAssessmentRuns",
"inspector:describeAssessmentTargets",
"inspector:describeAssessmentTemplates",
"inspector:describeCrossAccountAccessRole",
"inspector:describeResourceGroups",
"inspector:describeRulesPackages",
"inspector:getTelemetryMetadata",
"inspector:listAssessmentRunAgents",
"inspector:listAssessmentRuns",
"inspector:listAssessmentTargets",
"inspector:listAssessmentTemplates",
"inspector:listEventSubscriptions",
"inspector:listRulesPackages",
"inspector:listTagsForResource",
"iot:describeAuthorizer",
"iot:describeCACertificate",
"iot:describeCertificate",
"iot:describeDefaultAuthorizer",
"iot:describeEndpoint",
"iot:describeIndex",
"iot:describeJobExecution",
"iot:describeThing",
"iot:describeThingGroup",
"iot:describeTunnel",
"iot:getEffectivePolicies",
"iot:getIndexingConfiguration",
"iot:getLoggingOptions",
"iot:getPolicy",
"iot:getPolicyVersion",
"iot:getTopicRule",
"iot:getV2LoggingOptions",
"iot:listAttachedPolicies",
"iot:listAuthorizers",
"iot:listCACertificates",
"iot:listCertificates",
"iot:listCertificatesByCA",
"iot:listJobExecutionsForJob",
"iot:listJobExecutionsForThing",
"iot:listJobs",
"iot:listOutgoingCertificates",
"iot:listPolicies",
"iot:listPolicyPrincipals",
"iot:listPolicyVersions",
"iot:listPrincipalPolicies",
"iot:listPrincipalThings",
"iot:listRoleAliases",
"iot:listTargetsForPolicy",
"iot:listThingGroups",
"iot:listThingGroupsForThing",
"iot:listThingPrincipals",
"iot:listThingRegistrationTasks",
"iot:listThingTypes",
"iot:listThings",
"iot:listTopicRules",
"iot:listTunnels",
"iot:listV2LoggingLevels",
"iotevents:describeDetector",
"iotevents:describeDetectorModel",
"iotevents:describeInput",
"iotevents:describeLoggingOptions",
"iotevents:listDetectorModelVersions",
"iotevents:listDetectorModels",
"iotevents:listDetectors",
"iotevents:listInputs",
"iotsitewise:describeAccessPolicy",
"iotsitewise:describeAsset",
"iotsitewise:describeAssetModel",
"iotsitewise:describeAssetProperty",
"iotsitewise:describeDashboard",
"iotsitewise:describeGateway",
"iotsitewise:describeGatewayCapabilityConfiguration",
"iotsitewise:describeLoggingOptions",
"iotsitewise:describePortal",
"iotsitewise:describeProject",
"iotsitewise:listAccessPolicies",
"iotsitewise:listAssetModels",
"iotsitewise:listAssets",
"iotsitewise:listAssociatedAssets",
"iotsitewise:listDashboards",
"iotsitewise:listGateways",
"iotsitewise:listPortals",
"iotsitewise:listProjectAssets",
"iotsitewise:listProjects",
"kafka:describeCluster",
"kafka:getBootstrapBrokers",
"kafka:listClusters",
"kafka:listNodes",
"kendra:describeDataSource",
"kendra:describeFaq",
"kendra:describeIndex",
"kendra:listDataSources",
"kendra:listFaqs",
"kendra:listIndices",
"kinesis:describeStream",
"kinesis:listStreams",
"kinesis:listTagsForStream",
"kinesisanalytics:describeApplication",
"kinesisanalytics:describeApplicationSnapshot",
"kinesisanalytics:listApplications",
"kinesisanalytics:listApplicationSnapshots",
"kms:describeKey",
"kms:getKeyPolicy",
"kms:getKeyRotationStatus",
"kms:listAliases",
"kms:listGrants",
"kms:listKeyPolicies",
"kms:listKeys",
"kms:listResourceTags",
"kms:listRetirableGrants",
"lambda:getAccountSettings",
"lambda:getAlias",
"lambda:getEventSourceMapping",
"lambda:getFunction",
"lambda:getFunctionConcurrency",
"lambda:getFunctionConfiguration",
"lambda:getFunctionEventInvokeConfig",
"lambda:getLayerVersion",
"lambda:getLayerVersionPolicy",
"lambda:getPolicy",
"lambda:getProvisionedConcurrencyConfig",
"lambda:listAliases",
"lambda:listEventSourceMappings",
"lambda:listFunctionEventInvokeConfigs",
"lambda:listFunctions",
"lambda:listLayerVersions",
"lambda:listLayers",
"lambda:listProvisionedConcurrencyConfigs",
"lambda:listVersionsByFunction",
"launchwizard:describeProvisionedApp",
"launchwizard:describeProvisioningEvents",
"launchwizard:listProvisionedApps",
"lex:getBot",
"lex:getBotAlias",
"lex:getBotAliases",
"lex:getBotChannelAssociation",
"lex:getBotChannelAssociations",
"lex:getBotVersions",
"lex:getBots",
"lex:getBuiltinIntent",
"lex:getBuiltinIntents",
"lex:getBuiltinSlotTypes",
"lex:getIntent",
"lex:getIntentVersions",
"lex:getIntents",
"lex:getSlotType",
"lex:getSlotTypeVersions",
"lex:getSlotTypes",
"license-manager:getLicenseConfiguration",
"license-manager:getServiceSettings",
"license-manager:listAssociationsForLicenseConfiguration",
"license-manager:listFailuresForLicenseConfigurationOperations",
"license-manager:listLicenseConfigurations",
"license-manager:listLicenseSpecificationsForResource",
"license-manager:listResourceInventory",
"license-manager:listUsageForLicenseConfiguration",
"lightsail:getActiveNames",
"lightsail:getBlueprints",
"lightsail:getBundles",
"lightsail:getDisk",
"lightsail:getDisks",
"lightsail:getDiskSnapshot",
"lightsail:getDiskSnapshots",
"lightsail:getDomain",
"lightsail:getDomains",
"lightsail:getExportSnapshotRecords",
"lightsail:getInstance",
"lightsail:getInstanceMetricData",
"lightsail:getInstancePortStates",
"lightsail:getInstanceSnapshot",
"lightsail:getInstanceSnapshots",
"lightsail:getInstanceState",
"lightsail:getInstances",
"lightsail:getKeyPair",
"lightsail:getKeyPairs",
"lightsail:getLoadBalancer",
"lightsail:getLoadBalancers",
"lightsail:getLoadBalancerTlsCertificates",
"lightsail:getOperation",
"lightsail:getOperations",
"lightsail:getOperationsForResource",
"lightsail:getRegions",
"lightsail:getRelationalDatabase",
"lightsail:getRelationalDatabases",
"lightsail:getRelationalDatabaseSnapshot",
"lightsail:getRelationalDatabaseSnapshots",
"lightsail:getStaticIp",
"lightsail:getStaticIps",
"logs:describeDestinations",
"logs:describeExportTasks",
"logs:describeLogGroups",
"logs:describeLogStreams",
"logs:describeMetricFilters",
"logs:describeQueries",
"logs:describeSubscriptionFilters",
"logs:testMetricFilter",
"machinelearning:describeBatchPredictions",
"machinelearning:describeDataSources",
"machinelearning:describeEvaluations",
"machinelearning:describeMLModels",
"machinelearning:getBatchPrediction",
"machinelearning:getDataSource",
"machinelearning:getEvaluation",
"machinelearning:getMLModel",
"managedblockchain:getMember",
"managedblockchain:getNetwork",
"managedblockchain:getNode",
"managedblockchain:listMembers",
"managedblockchain:listNetworks",
"managedblockchain:listNodes",
"mediaconnect:describeFlow",
"mediaconnect:listEntitlements",
"mediaconnect:listFlows",
"mediaconvert:describeEndpoints",
"mediaconvert:getJob",
"mediaconvert:getJobTemplate",
"mediaconvert:getPreset",
"mediaconvert:getQueue",
"mediaconvert:listJobTemplates",
"mediaconvert:listJobs",
"medialive:describeChannel",
"medialive:describeInput",
"medialive:describeInputDevice",
"medialive:describeInputSecurityGroup",
"medialive:describeMultiplex",
"medialive:describeOffering",
"medialive:describeReservation",
"medialive:describeSchedule",
"medialive:listChannels",
"medialive:listInputDevices",
"medialive:listInputSecurityGroups",
"medialive:listInputs",
"medialive:listMultiplexes",
"medialive:listOfferings",
"medialive:listReservations",
"mediapackage:describeChannel",
"mediapackage:describeOriginEndpoint",
"mediapackage:listChannels",
"mediapackage:listOriginEndpoints",
"mediastore:describeContainer",
"mediastore:describeObject",
"mediastore:getContainerPolicy",
"mediastore:getCorsPolicy",
"mediastore:listContainers",
"mediastore:listItems",
"mediatailor:getPlaybackConfiguration",
"mediatailor:listPlaybackConfigurations",
"mobiletargeting:getAdmChannel",
"mobiletargeting:getApnsChannel",
"mobiletargeting:getApnsSandboxChannel",
"mobiletargeting:getApnsVoipChannel",
"mobiletargeting:getApnsVoipSandboxChannel",
"mobiletargeting:getApp",
"mobiletargeting:getApplicationSettings",
"mobiletargeting:getApps",
"mobiletargeting:getBaiduChannel",
"mobiletargeting:getCampaign",
"mobiletargeting:getCampaignActivities",
"mobiletargeting:getCampaignVersion",
"mobiletargeting:getCampaignVersions",
"mobiletargeting:getCampaigns",
"mobiletargeting:getEmailChannel",
"mobiletargeting:getEndpoint",
"mobiletargeting:getEventStream",
"mobiletargeting:getExportJob",
"mobiletargeting:getExportJobs",
"mobiletargeting:getGcmChannel",
"mobiletargeting:getImportJob",
"mobiletargeting:getImportJobs",
"mobiletargeting:getSegment",
"mobiletargeting:getSegmentImportJobs",
"mobiletargeting:getSegmentVersion",
"mobiletargeting:getSegmentVersions",
"mobiletargeting:getSegments",
"mobiletargeting:getSmsChannel",
"mq:describeBroker",
"mq:describeConfiguration",
"mq:describeConfigurationRevision",
"mq:describeUser",
"mq:listBrokers",
"mq:listConfigurationRevisions",
"mq:listConfigurations",
"mq:listUsers",
"network-firewall:describeFirewall",
"network-firewall:describeFirewallPolicy",
"network-firewall:describeLoggingConfiguration",
"network-firewall:describeRuleGroup",
"network-firewall:listFirewallPolicies",
"network-firewall:listFirewalls",
"network-firewall:listRuleGroups",
"networkmanager:describeGlobalNetworks",
"networkmanager:getCustomerGatewayAssociations",
"networkmanager:getDevices",
"networkmanager:getLinkAssociations",
"networkmanager:getLinks",
"networkmanager:getSites",
"networkmanager:getTransitGatewayRegistrations",
"opsworks-cm:describeAccountAttributes",
"opsworks-cm:describeBackups",
"opsworks-cm:describeEvents",
"opsworks-cm:describeNodeAssociationStatus",
"opsworks-cm:describeServers",
"opsworks:describeAgentVersions",
"opsworks:describeApps",
"opsworks:describeCommands",
"opsworks:describeDeployments",
"opsworks:describeEcsClusters",
"opsworks:describeElasticIps",
"opsworks:describeElasticLoadBalancers",
"opsworks:describeInstances",
"opsworks:describeLayers",
"opsworks:describeLoadBasedAutoScaling",
"opsworks:describeMyUserProfile",
"opsworks:describePermissions",
"opsworks:describeRaidArrays",
"opsworks:describeRdsDbInstances",
"opsworks:describeServiceErrors",
"opsworks:describeStackProvisioningParameters",
"opsworks:describeStackSummary",
"opsworks:describeStacks",
"opsworks:describeTimeBasedAutoScaling",
"opsworks:describeUserProfiles",
"opsworks:describeVolumes",
"opsworks:getHostnameSuggestion",
"outposts:getOutpost",
"outposts:getOutpostInstanceTypes",
"outposts:listOutposts",
"outposts:listSites",
"personalize:describeAlgorithm",
"personalize:describeCampaign",
"personalize:describeDataset",
"personalize:describeDatasetGroup",
"personalize:describeDatasetImportJob",
"personalize:describeEventTracker",
"personalize:describeFeatureTransformation",
"personalize:describeRecipe",
"personalize:describeSchema",
"personalize:describeSolution",
"personalize:describeSolutionVersion",
"personalize:listCampaigns",
"personalize:listDatasetGroups",
"personalize:listDatasetImportJobs",
"personalize:listDatasets",
"personalize:listEventTrackers",
"personalize:listRecipes",
"personalize:listSchemas",
"personalize:listSolutionVersions",
"personalize:listSolutions",
"polly:describeVoices",
"polly:getLexicon",
"polly:listLexicons",
"pricing:describeServices",
"pricing:getAttributeValues",
"pricing:getProducts",
"quicksight:describeDashboard",
"quicksight:describeDashboardPermissions",
"quicksight:describeGroup",
"quicksight:describeIAMPolicyAssignment",
"quicksight:describeTemplate",
"quicksight:describeTemplateAlias",
"quicksight:describeTemplatePermissions",
"quicksight:describeUser",
"quicksight:listDashboards",
"quicksight:listGroupMemberships",
"quicksight:listGroups",
"quicksight:listIAMPolicyAssignments",
"quicksight:listIAMPolicyAssignmentsForUser",
"quicksight:listTemplateAliases",
"quicksight:listTemplateVersions",
"quicksight:listTemplates",
"quicksight:listUserGroups",
"quicksight:listUsers",
"rds:describeAccountAttributes",
"rds:describeCertificates",
"rds:describeDBClusterParameterGroups",
"rds:describeDBClusterParameters",
"rds:describeDBClusterSnapshots",
"rds:describeDBClusters",
"rds:describeDBEngineVersions",
"rds:describeDBInstances",
"rds:describeDBParameterGroups",
"rds:describeDBParameters",
"rds:describeDBSecurityGroups",
"rds:describeDBSnapshotAttributes",
"rds:describeDBSnapshots",
"rds:describeDBSubnetGroups",
"rds:describeEngineDefaultClusterParameters",
"rds:describeEngineDefaultParameters",
"rds:describeEventCategories",
"rds:describeEventSubscriptions",
"rds:describeEvents",
"rds:describeExportTasks",
"rds:describeOptionGroupOptions",
"rds:describeOptionGroups",
"rds:describeOrderableDBInstanceOptions",
"rds:describePendingMaintenanceActions",
"rds:describeReservedDBInstances",
"rds:describeReservedDBInstancesOfferings",
"rds:listTagsForResource",
"redshift:describeClusterParameterGroups",
"redshift:describeClusterParameters",
"redshift:describeClusterSecurityGroups",
"redshift:describeClusterSnapshots",
"redshift:describeClusterSubnetGroups",
"redshift:describeClusterVersions",
"redshift:describeClusters",
"redshift:describeDefaultClusterParameters",
"redshift:describeEventCategories",
"redshift:describeEventSubscriptions",
"redshift:describeEvents",
"redshift:describeHsmClientCertificates",
"redshift:describeHsmConfigurations",
"redshift:describeLoggingStatus",
"redshift:describeOrderableClusterOptions",
"redshift:describeReservedNodeOfferings",
"redshift:describeReservedNodes",
"redshift:describeResize",
"redshift:describeSnapshotCopyGrants",
"redshift:describeStorage",
"redshift:describeTableRestoreStatus",
"redshift:describeTags",
"rekognition:listCollections",
"rekognition:listFaces",
"resource-groups:getGroup",
"resource-groups:getGroupQuery",
"resource-groups:getTags",
"resource-groups:listGroupResources",
"resource-groups:listGroups",
"resource-groups:searchResources",
"robomaker:batchDescribeSimulationJob",
"robomaker:describeDeploymentJob",
"robomaker:describeFleet",
"robomaker:describeRobot",
"robomaker:describeRobotApplication",
"robomaker:describeSimulationApplication",
"robomaker:describeSimulationJob",
"robomaker:listDeploymentJobs",
"robomaker:listFleets",
"robomaker:listRobotApplications",
"robomaker:listRobots",
"robomaker:listSimulationApplications",
"robomaker:listSimulationJobs",
"route53:getChange",
"route53:getCheckerIpRanges",
"route53:getGeoLocation",
"route53:getHealthCheck",
"route53:getHealthCheckCount",
"route53:getHealthCheckLastFailureReason",
"route53:getHealthCheckStatus",
"route53:getHostedZone",
"route53:getHostedZoneCount",
"route53:getReusableDelegationSet",
"route53:getTrafficPolicy",
"route53:getTrafficPolicyInstance",
"route53:getTrafficPolicyInstanceCount",
"route53:listGeoLocations",
"route53:listHealthChecks",
"route53:listHostedZones",
"route53:listHostedZonesByName",
"route53:listResourceRecordSets",
"route53:listReusableDelegationSets",
"route53:listTagsForResource",
"route53:listTagsForResources",
"route53:listTrafficPolicies",
"route53:listTrafficPolicyInstances",
"route53:listTrafficPolicyInstancesByHostedZone",
"route53:listTrafficPolicyInstancesByPolicy",
"route53:listTrafficPolicyVersions",
"route53domains:checkDomainAvailability",
"route53domains:getContactReachabilityStatus",
"route53domains:getDomainDetail",
"route53domains:getOperationDetail",
"route53domains:listDomains",
"route53domains:listOperations",
"route53domains:listTagsForDomain",
"route53domains:viewBilling",
"route53resolver:getResolverDnssecConfig",
"route53resolver:getResolverRulePolicy",
"route53resolver:listResolverDnssecConfigs",
"route53resolver:listResolverEndpointIpAddresses",
"route53resolver:listResolverEndpoints",
"route53resolver:listResolverRuleAssociations",
"route53resolver:listResolverRules",
"route53resolver:listTagsForResource",
"s3:getAccelerateConfiguration",
"s3:getAnalyticsConfiguration",
"s3:getBucketAcl",
"s3:getBucketCORS",
"s3:getBucketLocation",
"s3:getBucketLogging",
"s3:getBucketNotification",
"s3:getBucketPolicy",
"s3:getBucketRequestPayment",
"s3:getBucketTagging",
"s3:getBucketVersioning",
"s3:getBucketWebsite",
"s3:getEncryptionConfiguration",
"s3:getInventoryConfiguration",
"s3:getLifecycleConfiguration",
"s3:getMetricsConfiguration",
"s3:getReplicationConfiguration",
"s3:listAllMyBuckets",
"s3:listBucket",
"s3:listBucketMultipartUploads",
"sagemaker:describeAction",
"sagemaker:describeAlgorithm",
"sagemaker:describeApp",
"sagemaker:describeArtifact",
"sagemaker:describeAutoMLJob",
"sagemaker:describeCompilationJob",
"sagemaker:describeContext",
"sagemaker:describeDataQualityJobDefinition",
"sagemaker:describeDevice",
"sagemaker:describeDeviceFleet",
"sagemaker:describeDomain",
"sagemaker:describeEdgePackagingJob",
"sagemaker:describeEndpoint",
"sagemaker:describeEndpointConfig",
"sagemaker:describeExperiment",
"sagemaker:describeFeatureGroup",
"sagemaker:describeHumanTaskUi",
"sagemaker:describeHyperParameterTuningJob",
"sagemaker:describeImage",
"sagemaker:describeImageVersion",
"sagemaker:describeLabelingJob",
"sagemaker:describeModel",
"sagemaker:describeModelBiasJobDefinition",
"sagemaker:describeModelExplainabilityJobDefinition",
"sagemaker:describeModelPackage",
"sagemaker:describeModelPackageGroup",
"sagemaker:describeModelQualityJobDefinition",
"sagemaker:describeMonitoringSchedule",
"sagemaker:describeNotebookInstance",
"sagemaker:describeNotebookInstanceLifecycleConfig",
"sagemaker:describePipeline",
"sagemaker:describePipelineDefinitionForExecution",
"sagemaker:describePipelineExecution",
"sagemaker:describeProcessingJob",
"sagemaker:describeProject",
"sagemaker:describeSubscribedWorkteam",
"sagemaker:describeTrainingJob",
"sagemaker:describeTransformJob",
"sagemaker:describeTrial",
"sagemaker:describeTrialComponent",
"sagemaker:describeUserProfile",
"sagemaker:describeWorkteam",
"sagemaker:listActions",
"sagemaker:listAlgorithms",
"sagemaker:listApps",
"sagemaker:listArtifacts",
"sagemaker:listAssociations",
"sagemaker:listAutoMLJobs",
"sagemaker:listCandidatesForAutoMLJob",
"sagemaker:listCodeRepositories",
"sagemaker:listCompilationJobs",
"sagemaker:listContexts",
"sagemaker:listDataQualityJobDefinitions",
"sagemaker:listDeviceFleets",
"sagemaker:listDevices",
"sagemaker:listDomains",
"sagemaker:listEdgePackagingJobs",
"sagemaker:listEndpointConfigs",
"sagemaker:listEndpoints",
"sagemaker:listExperiments",
"sagemaker:listFeatureGroups",
"sagemaker:listFlowDefinitions",
"sagemaker:listHumanTaskUis",
"sagemaker:listHyperParameterTuningJobs",
"sagemaker:listImages",
"sagemaker:listImageVersions",
"sagemaker:listLabelingJobs",
"sagemaker:listLabelingJobsForWorkteam",
"sagemaker:listModelBiasJobDefinitions",
"sagemaker:listModelExplainabilityJobDefinitions",
"sagemaker:listModelPackageGroups",
"sagemaker:listModelPackages",
"sagemaker:listModelQualityJobDefinitions",
"sagemaker:listModels",
"sagemaker:listMonitoringExecutions",
"sagemaker:listMonitoringSchedules",
"sagemaker:listNotebookInstanceLifecycleConfigs",
"sagemaker:listNotebookInstances",
"sagemaker:listPipelineExecutions",
"sagemaker:listPipelineExecutionSteps",
"sagemaker:listPipelineParametersForExecution",
"sagemaker:listPipelines",
"sagemaker:listProcessingJobs",
"sagemaker:listProjects",
"sagemaker:listSubscribedWorkteams",
"sagemaker:listTags",
"sagemaker:listTrainingJobs",
"sagemaker:listTrainingJobsForHyperParameterTuningJob",
"sagemaker:listTransformJobs",
"sagemaker:listTrialComponents",
"sagemaker:listTrials",
"sagemaker:listUserProfiles",
"sagemaker:listWorkteams",
"sdb:domainMetadata",
"sdb:listDomains",
"secretsmanager:describeSecret",
"secretsmanager:getResourcePolicy",
"secretsmanager:listSecretVersionIds",
"secretsmanager:listSecrets",
"securityhub:getEnabledStandards",
"securityhub:getFindings",
"securityhub:getInsightResults",
"securityhub:getInsights",
"securityhub:getMasterAccount",
"securityhub:getMembers",
"securityhub:listEnabledProductsForImport",
"securityhub:listInvitations",
"securityhub:listMembers",
"servicecatalog:describeConstraint",
"servicecatalog:describePortfolio",
"servicecatalog:describeProduct",
"servicecatalog:describeProductAsAdmin",
"servicecatalog:describeProductView",
"servicecatalog:describeProvisioningArtifact",
"servicecatalog:describeProvisioningParameters",
"servicecatalog:describeRecord",
"servicecatalog:listAcceptedPortfolioShares",
"servicecatalog:listConstraintsForPortfolio",
"servicecatalog:listLaunchPaths",
"servicecatalog:listPortfolioAccess",
"servicecatalog:listPortfolios",
"servicecatalog:listPortfoliosForProduct",
"servicecatalog:listPrincipalsForPortfolio",
"servicecatalog:listProvisioningArtifacts",
"servicecatalog:listRecordHistory",
"servicecatalog:scanProvisionedProducts",
"servicecatalog:searchProducts",
"servicequotas:getAWSDefaultServiceQuota",
"servicequotas:getAssociationForServiceQuotaTemplate",
"servicequotas:getRequestedServiceQuotaChange",
"servicequotas:getServiceQuota",
"servicequotas:getServiceQuotaIncreaseRequestFromTemplate",
"servicequotas:listAWSDefaultServiceQuotas",
"servicequotas:listRequestedServiceQuotaChangeHistory",
"servicequotas:listRequestedServiceQuotaChangeHistoryByQuota",
"servicequotas:listServiceQuotaIncreaseRequestsInTemplate",
"servicequotas:listServiceQuotas",
"servicequotas:listServices",
"ses:describeActiveReceiptRuleSet",
"ses:describeReceiptRule",
"ses:describeReceiptRuleSet",
"ses:getAccount",
"ses:getBlacklistReports",
"ses:getConfigurationSet",
"ses:getConfigurationSetEventDestinations",
"ses:getDedicatedIp",
"ses:getDedicatedIps",
"ses:getDeliverabilityDashboardOptions",
"ses:getDeliverabilityTestReport",
"ses:getDomainDeliverabilityCampaign",
"ses:getDomainStatisticsReport",
"ses:getEmailIdentity",
"ses:getIdentityDkimAttributes",
"ses:getIdentityMailFromDomainAttributes",
"ses:getIdentityNotificationAttributes",
"ses:getIdentityPolicies",
"ses:getIdentityVerificationAttributes",
"ses:getSendQuota",
"ses:getSendStatistics",
"ses:listConfigurationSets",
"ses:listDedicatedIpPools",
"ses:listDeliverabilityTestReports",
"ses:listDomainDeliverabilityCampaigns",
"ses:listEmailIdentities",
"ses:listIdentities",
"ses:listIdentityPolicies",
"ses:listReceiptFilters",
"ses:listReceiptRuleSets",
"ses:listTagsForResource",
"ses:listVerifiedEmailAddresses",
"shield:describeAttack",
"shield:describeProtection",
"shield:describeSubscription",
"shield:listAttacks",
"shield:listProtections",
"sms-voice:getConfigurationSetEventDestinations",
"sms:getConnectors",
"sms:getReplicationJobs",
"sms:getReplicationRuns",
"sms:getServers",
"snowball:describeAddress",
"snowball:describeAddresses",
"snowball:describeJob",
"snowball:getSnowballUsage",
"snowball:listJobs",
"sns:checkIfPhoneNumberIsOptedOut",
"sns:getEndpointAttributes",
"sns:getPlatformApplicationAttributes",
"sns:getSMSAttributes",
"sns:getSubscriptionAttributes",
"sns:getTopicAttributes",
"sns:listEndpointsByPlatformApplication",
"sns:listPhoneNumbersOptedOut",
"sns:listPlatformApplications",
"sns:listSubscriptions",
"sns:listSubscriptionsByTopic",
"sns:listTopics",
"sqs:getQueueAttributes",
"sqs:getQueueUrl",
"sqs:listDeadLetterSourceQueues",
"sqs:listQueues",
"ssm:describeActivations",
"ssm:describeAssociation",
"ssm:describeAssociationExecutionTargets",
"ssm:describeAssociationExecutions",
"ssm:describeAutomationExecutions",
"ssm:describeAutomationStepExecutions",
"ssm:describeAvailablePatches",
"ssm:describeDocument",
"ssm:describeDocumentPermission",
"ssm:describeEffectiveInstanceAssociations",
"ssm:describeEffectivePatchesForPatchBaseline",
"ssm:describeInstanceAssociationsStatus",
"ssm:describeInstanceInformation",
"ssm:describeInstancePatchStates",
"ssm:describeInstancePatchStatesForPatchGroup",
"ssm:describeInstancePatches",
"ssm:describeInventoryDeletions",
"ssm:describeMaintenanceWindowExecutionTaskInvocations",
"ssm:describeMaintenanceWindowExecutionTasks",
"ssm:describeMaintenanceWindowExecutions",
"ssm:describeMaintenanceWindowSchedule",
"ssm:describeMaintenanceWindowTargets",
"ssm:describeMaintenanceWindowTasks",
"ssm:describeMaintenanceWindows",
"ssm:describeMaintenanceWindowsForTarget",
"ssm:describeParameters",
"ssm:describePatchBaselines",
"ssm:describePatchGroupState",
"ssm:describePatchGroups",
"ssm:describePatchProperties",
"ssm:describeSessions",
"ssm:getAutomationExecution",
"ssm:getCommandInvocation",
"ssm:getConnectionStatus",
"ssm:getDefaultPatchBaseline",
"ssm:getDeployablePatchSnapshotForInstance",
"ssm:getInventorySchema",
"ssm:getMaintenanceWindow",
"ssm:getMaintenanceWindowExecution",
"ssm:getMaintenanceWindowExecutionTask",
"ssm:getMaintenanceWindowExecutionTaskInvocation",
"ssm:getMaintenanceWindowTask",
"ssm:getPatchBaseline",
"ssm:getPatchBaselineForPatchGroup",
"ssm:getServiceSetting",
"ssm:labelParameterVersion",
"ssm:listAssociationVersions",
"ssm:listAssociations",
"ssm:listCommandInvocations",
"ssm:listCommands",
"ssm:listComplianceItems",
"ssm:listComplianceSummaries",
"ssm:listDocumentVersions",
"ssm:listDocuments",
"ssm:listResourceComplianceSummaries",
"ssm:listResourceDataSync",
"ssm:listTagsForResource",
"states:describeActivity",
"states:describeExecution",
"states:describeStateMachine",
"states:describeStateMachineForExecution",
"states:getExecutionHistory",
"states:listActivities",
"states:listExecutions",
"states:listStateMachines",
"storagegateway:describeBandwidthRateLimit",
"storagegateway:describeCache",
"storagegateway:describeCachediSCSIVolumes",
"storagegateway:describeGatewayInformation",
"storagegateway:describeMaintenanceStartTime",
"storagegateway:describeNFSFileShares",
"storagegateway:describeSMBFileShares",
"storagegateway:describeSMBSettings",
"storagegateway:describeSnapshotSchedule",
"storagegateway:describeStorediSCSIVolumes",
"storagegateway:describeTapeArchives",
"storagegateway:describeTapeRecoveryPoints",
"storagegateway:describeTapes",
"storagegateway:describeUploadBuffer",
"storagegateway:describeVTLDevices",
"storagegateway:describeWorkingStorage",
"storagegateway:listFileShares",
"storagegateway:listGateways",
"storagegateway:listLocalDisks",
"storagegateway:listTagsForResource",
"storagegateway:listTapes",
"storagegateway:listVolumeInitiators",
"storagegateway:listVolumeRecoveryPoints",
"storagegateway:listVolumes",
"swf:countClosedWorkflowExecutions",
"swf:countOpenWorkflowExecutions",
"swf:countPendingActivityTasks",
"swf:countPendingDecisionTasks",
"swf:describeActivityType",
"swf:describeDomain",
"swf:describeWorkflowExecution",
"swf:describeWorkflowType",
"swf:getWorkflowExecutionHistory",
"swf:listActivityTypes",
"swf:listClosedWorkflowExecutions",
"swf:listDomains",
"swf:listOpenWorkflowExecutions",
"swf:listWorkflowTypes",
"transfer:describeServer",
"transfer:describeUser",
"transfer:listServers",
"transfer:listTagsForResource",
"transfer:listUsers",
"waf-regional:getByteMatchSet",
"waf-regional:getChangeTokenStatus",
"waf-regional:getIPSet",
"waf-regional:getRule",
"waf-regional:getSqlInjectionMatchSet",
"waf-regional:getWebACL",
"waf-regional:getWebACLForResource",
"waf-regional:listByteMatchSets",
"waf-regional:listIPSets",
"waf-regional:listResourcesForWebACL",
"waf-regional:listRules",
"waf-regional:listSqlInjectionMatchSets",
"waf-regional:listWebACLs",
"waf:getByteMatchSet",
"waf:getChangeTokenStatus",
"waf:getIPSet",
"waf:getRule",
"waf:getSampledRequests",
"waf:getSizeConstraintSet",
"waf:getSqlInjectionMatchSet",
"waf:getWebACL",
"waf:getXssMatchSet",
"waf:listByteMatchSets",
"waf:listIPSets",
"waf:listRules",
"waf:listSizeConstraintSets",
"waf:listSqlInjectionMatchSets",
"waf:listWebACLs",
"waf:listXssMatchSets",
"wafv2:checkCapacity",
"wafv2:describeManagedRuleGroup",
"wafv2:getIPSet",
"wafv2:getLoggingConfiguration",
"wafv2:getPermissionPolicy",
"wafv2:getRateBasedStatementManagedKeys",
"wafv2:getRegexPatternSet",
"wafv2:getRuleGroup",
"wafv2:getSampledRequests",
"wafv2:getWebACL",
"wafv2:getWebACLForResource",
"wafv2:listAvailableManagedRuleGroups",
"wafv2:listIPSets",
"wafv2:listLoggingConfigurations",
"wafv2:listRegexPatternSets",
"wafv2:listResourcesForWebACL",
"wafv2:listRuleGroups",
"wafv2:listTagsForResource",
"wafv2:listWebACLs",
"workdocs:checkAlias",
"workdocs:describeAvailableDirectories",
"workdocs:describeInstances",
"worklink:describeAuditStreamConfiguration",
"worklink:describeCompanyNetworkConfiguration",
"worklink:describeDevice",
"worklink:describeDevicePolicyConfiguration",
"worklink:describeDomain",
"worklink:describeFleetMetadata",
"worklink:describeIdentityProviderConfiguration",
"worklink:describeWebsiteCertificateAuthority",
"worklink:listDevices",
"worklink:listDomains",
"worklink:listFleets",
"worklink:listWebsiteAuthorizationProviders",
"worklink:listWebsiteCertificateAuthorities",
"workmail:describeGroup",
"workmail:describeOrganization",
"workmail:describeResource",
"workmail:describeUser",
"workmail:listAliases",
"workmail:listGroupMembers",
"workmail:listGroups",
"workmail:listMailboxPermissions",
"workmail:listOrganizations",
"workmail:listResourceDelegates",
"workmail:listResources",
"workmail:listUsers",
"workspaces:describeAccount",
"workspaces:describeAccountModifications",
"workspaces:describeIpGroups",
"workspaces:describeTags",
"workspaces:describeWorkspaceBundles",
"workspaces:describeWorkspaceDirectories",
"workspaces:describeWorkspaceImages",
"workspaces:describeWorkspaces",
"workspaces:describeWorkspacesConnectionStatus"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ7W6266ELXF5MISDS",
"PolicyName": "AWSSupportServiceRolePolicy",
"UpdateDate": "2021-03-23T17:45:15+00:00",
"VersionId": "v15"
},
"AWSSystemsManagerAccountDiscoveryServicePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerAccountDiscoveryServicePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-10-24T17:21:05+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
"organizations:ListAccounts",
"organizations:ListAWSServiceAccessForOrganization",
"organizations:ListChildren",
"organizations:ListParents",
"organizations:ListDelegatedServicesForAccount",
"organizations:ListDelegatedAdministrators"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4BPDSHIWK5",
"PolicyName": "AWSSystemsManagerAccountDiscoveryServicePolicy",
"UpdateDate": "2020-05-27T18:04:51+00:00",
"VersionId": "v2"
},
"AWSSystemsManagerChangeManagementServicePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerChangeManagementServicePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-12-07T22:21:57+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ssm:CreateAssociation",
"ssm:DeleteAssociation",
"ssm:CreateOpsItem",
"ssm:GetOpsItem",
"ssm:UpdateOpsItem",
"ssm:StartAutomationExecution",
"ssm:StopAutomationExecution",
"ssm:GetAutomationExecution",
"ssm:GetCalendarState",
"ssm:GetDocument"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"cloudwatch:DescribeAlarms"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"sso:ListDirectoryAssociations"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"sso-directory:DescribeUsers",
"sso-directory:IsMemberInGroup"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:GetGroup",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"ssm.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MZTL6DXTC",
"PolicyName": "AWSSystemsManagerChangeManagementServicePolicy",
"UpdateDate": "2020-12-07T22:21:57+00:00",
"VersionId": "v1"
},
"AWSSystemsManagerOpsDataSyncServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerOpsDataSyncServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2021-04-26T20:42:39+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ssm:GetOpsItem",
"ssm:UpdateOpsItem"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/ExplorerSecurityHubOpsItem": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ssm:CreateOpsItem"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ssm:AddTagsToResource"
],
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:opsitem/*"
},
{
"Action": [
"ssm:UpdateServiceSetting",
"ssm:GetServiceSetting"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ssm:*:*:servicesetting/ssm/opsitem/*",
"arn:aws:ssm:*:*:servicesetting/ssm/opsdata/*"
]
},
{
"Action": [
"securityhub:GetFindings",
"securityhub:BatchUpdateFindings"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "securityhub:BatchUpdateFindings",
"Condition": {
"Null": {
"securityhub:ASFFSyntaxPath/Confidence": false,
"securityhub:ASFFSyntaxPath/Criticality": false,
"securityhub:ASFFSyntaxPath/Note": false,
"securityhub:ASFFSyntaxPath/RelatedFindings": false,
"securityhub:ASFFSyntaxPath/Types": false,
"securityhub:ASFFSyntaxPath/UserDefinedFields": false,
"securityhub:ASFFSyntaxPath/VerificationState": false
},
"StringEquals": {
"securityhub:ASFFSyntaxPath/Workflow.Status": "SUPPRESSED"
}
},
"Effect": "Deny",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4FUXS4O2QJ",
"PolicyName": "AWSSystemsManagerOpsDataSyncServiceRolePolicy",
"UpdateDate": "2021-04-26T20:42:39+00:00",
"VersionId": "v1"
},
"AWSThinkboxAWSPortalAdminPolicy": {
"Arn": "arn:aws:iam::aws:policy/AWSThinkboxAWSPortalAdminPolicy",
"AttachmentCount": 0,
"CreateDate": "2020-05-27T19:41:02+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"ec2:AttachInternetGateway",
"ec2:AssociateAddress",
"ec2:AssociateRouteTable",
"ec2:AllocateAddress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateFleet",
"ec2:CreateLaunchTemplate",
"ec2:CreateInternetGateway",
"ec2:CreateNatGateway",
"ec2:CreatePlacementGroup",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateVpc",
"ec2:CreateVpcEndpoint",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeAddresses",
"ec2:DescribeFleets",
"ec2:DescribeFleetHistory",
"ec2:DescribeFleetInstances",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeInternetGateways",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeRouteTables",
"ec2:DescribeNatGateways",
"ec2:DescribeTags",
"ec2:DescribeKeyPairs",
"ec2:DescribePlacementGroups",
"ec2:DescribeInstanceTypeOfferings",
"ec2:DescribeRegions",
"ec2:DescribeSpotFleetRequestHistory",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSpotFleetInstances",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeSpotPriceHistory",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeVpcEndpoints",
"ec2:GetConsoleOutput",
"ec2:ImportKeyPair",
"ec2:ReleaseAddress",
"ec2:RequestSpotFleet",
"ec2:CancelSpotFleetRequests",
"ec2:DisassociateAddress",
"ec2:DeleteFleets",
"ec2:DeleteLaunchTemplate",
"ec2:DeleteVpc",
"ec2:DeletePlacementGroup",
"ec2:DeleteVpcEndpoints",
"ec2:DeleteInternetGateway",
"ec2:DeleteSecurityGroup",
"ec2:RevokeSecurityGroupIngress",
"ec2:DeleteRoute",
"ec2:DeleteRouteTable",
"ec2:DisassociateRouteTable",
"ec2:DeleteSubnet",
"ec2:DeleteNatGateway",
"ec2:DetachInternetGateway",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyFleet",
"ec2:ModifySpotFleetRequest",
"ec2:ModifyVpcAttribute"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:RunInstances",
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:key-pair/*",
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*:*:launch-template/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:placement-group/*",
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*::image/*"
]
},
{
"Action": "ec2:RunInstances",
"Condition": {
"StringLike": {
"ec2:InstanceProfile": "arn:aws:iam::*:instance-profile/AWSPortal*"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": "ec2:TerminateInstances",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/aws:cloudformation:logical-id": "ReverseForwarder"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:TerminateInstances",
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:ec2spot:fleet-request-id": "*"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:TerminateInstances",
"Condition": {
"StringLike": {
"ec2:PlacementGroup": "*DeadlinePlacementGroup*"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateTags"
],
"Condition": {
"StringLike": {
"ec2:PlacementGroup": "*DeadlinePlacementGroup*"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": [
"ec2:CreateTags"
],
"Condition": {
"StringLike": {
"ec2:CreateAction": "RunInstances"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:internet-gateway/*",
"arn:aws:ec2:*:*:route-table/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:vpc/*",
"arn:aws:ec2:*:*:natgateway/*"
]
},
{
"Action": [
"iam:GetUser"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:GetInstanceProfile"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:instance-profile/AWSPortal*"
]
},
{
"Action": [
"iam:GetPolicy",
"iam:ListEntitiesForPolicy",
"iam:ListPolicyVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:policy/AWSPortal*"
]
},
{
"Action": [
"iam:GetRole",
"iam:GetRolePolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/AWSPortal*",
"arn:aws:iam::*:role/DeadlineSpot*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2fleet.amazonaws.com",
"spot.amazonaws.com",
"spotfleet.amazonaws.com",
"cloudformation.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/AWSPortal*",
"arn:aws:iam::*:role/DeadlineSpot*"
]
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"ec2fleet.amazonaws.com",
"spot.amazonaws.com",
"spotfleet.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/*"
},
{
"Action": [
"s3:CreateBucket",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketVersioning",
"s3:PutBucketAcl",
"s3:PutBucketCORS",
"s3:PutBucketVersioning",
"s3:GetBucketAcl",
"s3:GetObject",
"s3:PutBucketLogging",
"s3:PutBucketTagging",
"s3:PutObject",
"s3:ListBucket",
"s3:ListBucketVersions",
"s3:PutEncryptionConfiguration",
"s3:PutLifecycleConfiguration",
"s3:DeleteBucket",
"s3:DeleteObject",
"s3:DeleteBucketPolicy",
"s3:DeleteObjectVersion"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3::*:awsportal*",
"arn:aws:s3::*:stack*",
"arn:aws:s3::*:aws-portal-cache*",
"arn:aws:s3::*:logs-for-aws-portal-cache*",
"arn:aws:s3::*:logs-for-stack*"
]
},
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"dynamodb:Scan"
],
"Effect": "Allow",
"Resource": "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*"
},
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResources",
"cloudformation:DeleteStack",
"cloudformation:DeleteChangeSet",
"cloudformation:ListStackResources",
"cloudformation:CreateChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:ExecuteChangeSet",
"cloudformation:UpdateTerminationProtection"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/stack*/*",
"arn:aws:cloudformation:*:*:stack/Deadline*/*"
]
},
{
"Action": [
"cloudformation:EstimateTemplateCost",
"cloudformation:DescribeStacks"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:DescribeLogStreams",
"logs:GetLogEvents",
"logs:PutRetentionPolicy",
"logs:DeleteRetentionPolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/thinkbox*"
},
{
"Action": [
"logs:DescribeLogGroups",
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:Encrypt",
"kms:GenerateDataKey"
],
"Condition": {
"StringLike": {
"kms:ViaService": [
"s3.*.amazonaws.com",
"secretsmanager.*.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"secretsmanager:CreateSecret"
],
"Condition": {
"StringLike": {
"secretsmanager:Name": [
"rcs-tls-pw*"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"secretsmanager:DeleteSecret",
"secretsmanager:UpdateSecret",
"secretsmanager:DescribeSecret",
"secretsmanager:TagResource"
],
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:*:*:secret:rcs-tls-pw*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4BVM3T5TP2",
"PolicyName": "AWSThinkboxAWSPortalAdminPolicy",
"UpdateDate": "2020-08-20T17:16:03+00:00",
"VersionId": "v4"
},
"AWSThinkboxAWSPortalGatewayPolicy": {
"Arn": "arn:aws:iam::aws:policy/AWSThinkboxAWSPortalGatewayPolicy",
"AttachmentCount": 0,
"CreateDate": "2020-05-27T19:05:00+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"logs:PutLogEvents",
"logs:DescribeLogStreams",
"logs:DescribeLogGroups",
"logs:CreateLogStream"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/thinkbox*"
]
},
{
"Action": [
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-portal-cache*"
]
},
{
"Action": "dynamodb:Scan",
"Effect": "Allow",
"Resource": [
"arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*"
]
},
{
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::stack*"
]
},
{
"Action": [
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::stack*/gateway_certs/*"
]
},
{
"Action": [
"secretsmanager:GetSecretValue"
],
"Effect": "Allow",
"Resource": [
"arn:aws:secretsmanager:*:*:secret:rcs-tls-pw-stack*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4FP27FM4BH",
"PolicyName": "AWSThinkboxAWSPortalGatewayPolicy",
"UpdateDate": "2020-06-30T16:02:07+00:00",
"VersionId": "v2"
},
"AWSThinkboxAWSPortalWorkerPolicy": {
"Arn": "arn:aws:iam::aws:policy/AWSThinkboxAWSPortalWorkerPolicy",
"AttachmentCount": 0,
"CreateDate": "2020-05-27T19:15:05+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:TerminateInstances"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/DeadlineRole": "DeadlineRenderNode"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-portal-cache*"
]
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::stack*/gateway_certs/*"
]
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams",
"logs:DescribeLogGroups"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/thinkbox*"
]
},
{
"Action": [
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"sqs:SendMessage",
"sqs:GetQueueUrl"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sqs:*:*:DeadlineAWS*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4PI3G53MMS",
"PolicyName": "AWSThinkboxAWSPortalWorkerPolicy",
"UpdateDate": "2020-12-07T23:27:47+00:00",
"VersionId": "v4"
},
"AWSThinkboxAssetServerPolicy": {
"Arn": "arn:aws:iam::aws:policy/AWSThinkboxAssetServerPolicy",
"AttachmentCount": 0,
"CreateDate": "2020-05-27T19:18:53+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:GetLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/thinkbox*"
]
},
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-portal-cache*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4KDWZE3HCT",
"PolicyName": "AWSThinkboxAssetServerPolicy",
"UpdateDate": "2020-05-27T19:18:53+00:00",
"VersionId": "v1"
},
"AWSThinkboxDeadlineResourceTrackerAccessPolicy": {
"Arn": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineResourceTrackerAccessPolicy",
"AttachmentCount": 0,
"CreateDate": "2020-05-27T19:25:05+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"dynamodb:ListStreams"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"dynamodb:BatchWriteItem",
"dynamodb:DeleteItem",
"dynamodb:DescribeStream",
"dynamodb:DescribeTable",
"dynamodb:GetItem",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:PutItem",
"dynamodb:Scan",
"dynamodb:UpdateItem",
"dynamodb:UpdateTable"
],
"Effect": "Allow",
"Resource": [
"arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeHealth*",
"arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeInfo*",
"arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*"
]
},
{
"Action": [
"ec2:CancelSpotFleetRequests",
"ec2:DeleteFleets",
"ec2:DescribeFleetInstances",
"ec2:DescribeFleets",
"ec2:DescribeInstances",
"ec2:DescribeSpotFleetInstances",
"ec2:DescribeSpotFleetRequests"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:RebootInstances",
"ec2:TerminateInstances"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/DeadlineTrackedAWSResource": "*"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": [
"events:PutEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:events:*:*:event-bus/default"
]
},
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:DeadlineResourceTracker*"
]
},
{
"Action": [
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/lambda/DeadlineResourceTracker*"
]
},
{
"Action": [
"sqs:DeleteMessage",
"sqs:GetQueueAttributes",
"sqs:ReceiveMessage"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sqs:*:*:DeadlineAWSComputeNodeStateMessageQueue*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4OUKJ73IOS",
"PolicyName": "AWSThinkboxDeadlineResourceTrackerAccessPolicy",
"UpdateDate": "2020-05-27T19:25:05+00:00",
"VersionId": "v1"
},
"AWSThinkboxDeadlineResourceTrackerAdminPolicy": {
"Arn": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineResourceTrackerAdminPolicy",
"AttachmentCount": 0,
"CreateDate": "2020-05-27T19:29:09+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"application-autoscaling:DeleteScalingPolicy",
"application-autoscaling:DeregisterScalableTarget",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:RegisterScalableTarget"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"cloudformation:ListStacks"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:UpdateStack",
"cloudformation:DescribeStacks",
"cloudformation:UpdateTerminationProtection"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/DeadlineResourceTracker*"
]
},
{
"Action": [
"dynamodb:CreateTable",
"dynamodb:DeleteTable",
"dynamodb:DescribeTable",
"dynamodb:ListTagsOfResource",
"dynamodb:TagResource",
"dynamodb:UntagResource"
],
"Effect": "Allow",
"Resource": [
"arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeHealth*",
"arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeInfo*",
"arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*"
]
},
{
"Action": [
"dynamodb:BatchWriteItem",
"dynamodb:Scan"
],
"Effect": "Allow",
"Resource": [
"arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*"
]
},
{
"Action": [
"events:DeleteRule",
"events:DescribeRule",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets"
],
"Effect": "Allow",
"Resource": [
"arn:aws:events:*:*:rule/DeadlineResourceTracker*"
]
},
{
"Action": [
"iam:GetRole",
"iam:ListAttachedRolePolicies"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/DeadlineResourceTracker*"
]
},
{
"Action": [
"iam:GetUser"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"dynamodb.application-autoscaling.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"lambda.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/DeadlineResourceTrackerAccess*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"application-autoscaling.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/dynamodb.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_DynamoDBTable"
]
},
{
"Action": [
"lambda:GetEventSourceMapping"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"lambda:CreateEventSourceMapping",
"lambda:DeleteEventSourceMapping"
],
"Condition": {
"StringLike": {
"lambda:FunctionArn": [
"arn:aws:lambda:*:*:function:DeadlineResourceTracker*"
]
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"lambda:AddPermission",
"lambda:RemovePermission"
],
"Condition": {
"StringLike": {
"lambda:Principal": "events.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:DeadlineResourceTracker*"
]
},
{
"Action": [
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:GetFunction",
"lambda:GetFunctionConfiguration"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:DeadlineResourceTracker*"
]
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*/deadline_aws_resource_tracker-*.zip",
"arn:aws:s3:::*/DeadlineAWSResourceTrackerTemplate-*.yaml"
]
},
{
"Action": [
"sqs:CreateQueue",
"sqs:DeleteQueue",
"sqs:GetQueueAttributes",
"sqs:ListQueueTags",
"sqs:TagQueue",
"sqs:UntagQueue"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sqs:*:*:DeadlineAWSComputeNodeState*",
"arn:aws:sqs:*:*:DeadlineResourceTracker*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4FKWWNUOP2",
"PolicyName": "AWSThinkboxDeadlineResourceTrackerAdminPolicy",
"UpdateDate": "2020-10-06T19:06:57+00:00",
"VersionId": "v2"
},
"AWSThinkboxDeadlineSpotEventPluginAdminPolicy": {
"Arn": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineSpotEventPluginAdminPolicy",
"AttachmentCount": 0,
"CreateDate": "2020-05-27T19:38:34+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:CancelSpotFleetRequests",
"ec2:DescribeSpotFleetInstances",
"ec2:DescribeSpotFleetRequests",
"ec2:ModifySpotFleetRequest",
"ec2:RequestSpotFleet"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:CreateTags"
],
"Condition": {
"StringEquals": {
"ec2:CreateAction": "RunInstances"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": [
"ec2:RunInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:TerminateInstances"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:ec2spot:fleet-request-id": "*"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"spot.amazonaws.com",
"spotfleet.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/*"
]
},
{
"Action": [
"iam:GetInstanceProfile"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:instance-profile/*"
]
},
{
"Action": [
"iam:GetRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-ec2-spot-fleet-tagging-role",
"arn:aws:iam::*:role/DeadlineSpot*"
]
},
{
"Action": [
"iam:GetUser"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": "ec2.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-ec2-spot-fleet-tagging-role",
"arn:aws:iam::*:role/DeadlineSpot*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MNSGMZZZZ",
"PolicyName": "AWSThinkboxDeadlineSpotEventPluginAdminPolicy",
"UpdateDate": "2020-05-27T19:38:34+00:00",
"VersionId": "v1"
},
"AWSThinkboxDeadlineSpotEventPluginWorkerPolicy": {
"Arn": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineSpotEventPluginWorkerPolicy",
"AttachmentCount": 0,
"CreateDate": "2020-05-27T19:35:00+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeTags"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:TerminateInstances"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/DeadlineTrackedAWSResource": "SpotEventPlugin"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": [
"ec2:TerminateInstances"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/DeadlineResourceTracker": "SpotEventPlugin"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": [
"sqs:GetQueueUrl",
"sqs:SendMessage"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sqs:*:*:DeadlineAWSComputeNodeState*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4JS2KSV4B2",
"PolicyName": "AWSThinkboxDeadlineSpotEventPluginWorkerPolicy",
"UpdateDate": "2020-12-07T23:31:31+00:00",
"VersionId": "v2"
},
"AWSTransferConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSTransferConsoleFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-12-14T19:33:25+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "transfer.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"acm:ListCertificates",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeVpcEndpoints",
"health:DescribeEventAggregates",
"iam:GetPolicyVersion",
"iam:ListPolicies",
"iam:ListRoles",
"route53:ListHostedZones",
"s3:ListAllMyBuckets",
"transfer:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4KYSTLCO3J",
"PolicyName": "AWSTransferConsoleFullAccess",
"UpdateDate": "2020-12-14T19:33:25+00:00",
"VersionId": "v1"
},
"AWSTransferFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSTransferFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-12-14T19:37:23+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "transfer:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "transfer.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeVpcEndpoints",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeAddresses"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4KGELFKPYK",
"PolicyName": "AWSTransferFullAccess",
"UpdateDate": "2020-12-14T19:37:23+00:00",
"VersionId": "v1"
},
"AWSTransferLoggingAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess",
"AttachmentCount": 0,
"CreateDate": "2019-01-14T15:32:50+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:CreateLogGroup",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAISIP5WGJX7VKXRQZO",
"PolicyName": "AWSTransferLoggingAccess",
"UpdateDate": "2019-01-14T15:32:50+00:00",
"VersionId": "v1"
},
"AWSTransferReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSTransferReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-08-27T17:54:51+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"transfer:DescribeUser",
"transfer:DescribeServer",
"transfer:ListUsers",
"transfer:ListServers",
"transfer:TestIdentityProvider",
"transfer:ListTagsForResource"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4ITRAALBSI",
"PolicyName": "AWSTransferReadOnlyAccess",
"UpdateDate": "2020-08-27T17:54:51+00:00",
"VersionId": "v1"
},
"AWSTrustedAdvisorReportingServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorReportingServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-11-19T17:41:13+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"organizations:DescribeOrganization",
"organizations:ListAWSServiceAccessForOrganization",
"organizations:ListAccounts",
"organizations:ListAccountsForParent",
"organizations:ListOrganizationalUnitsForParent",
"organizations:ListChildren",
"organizations:ListParents",
"organizations:DescribeOrganizationalUnit",
"organizations:DescribeAccount"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4NCBYW5OGK",
"PolicyName": "AWSTrustedAdvisorReportingServiceRolePolicy",
"UpdateDate": "2020-09-11T21:36:48+00:00",
"VersionId": "v2"
},
"AWSTrustedAdvisorServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy",
"AttachmentCount": 1,
"CreateDate": "2018-02-22T21:24:25+00:00",
"DefaultVersionId": "v8",
"Document": {
"Statement": [
{
"Action": [
"autoscaling:DescribeAccountLimits",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLaunchConfigurations",
"cloudformation:DescribeAccountLimits",
"cloudformation:DescribeStacks",
"cloudformation:ListStacks",
"cloudfront:ListDistributions",
"cloudtrail:DescribeTrails",
"cloudtrail:GetTrailStatus",
"dynamodb:DescribeLimits",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"ec2:DescribeAddresses",
"ec2:DescribeReservedInstances",
"ec2:DescribeInstances",
"ec2:DescribeVpcs",
"ec2:DescribeInternetGateways",
"ec2:DescribeImages",
"ec2:DescribeVolumes",
"ec2:DescribeSecurityGroups",
"ec2:DescribeReservedInstancesOfferings",
"ec2:DescribeSnapshots",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways",
"ec2:DescribeLaunchTemplateVersions",
"elasticloadbalancing:DescribeAccountLimits",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeLoadBalancerPolicyTypes",
"elasticloadbalancing:DescribeLoadBalancers",
"iam:GenerateCredentialReport",
"iam:GetAccountPasswordPolicy",
"iam:GetAccountSummary",
"iam:GetCredentialReport",
"iam:GetServerCertificate",
"iam:ListServerCertificates",
"kinesis:DescribeLimits",
"rds:DescribeAccountAttributes",
"rds:DescribeDBClusters",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeDBParameterGroups",
"rds:DescribeDBParameters",
"rds:DescribeDBSecurityGroups",
"rds:DescribeDBSnapshots",
"rds:DescribeDBSubnetGroups",
"rds:DescribeEngineDefaultParameters",
"rds:DescribeEvents",
"rds:DescribeOptionGroupOptions",
"rds:DescribeOptionGroups",
"rds:DescribeOrderableDBInstanceOptions",
"rds:DescribeReservedDBInstances",
"rds:DescribeReservedDBInstancesOfferings",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"redshift:DescribeReservedNodeOfferings",
"redshift:DescribeReservedNodes",
"route53:GetAccountLimit",
"route53:GetHealthCheck",
"route53:GetHostedZone",
"route53:ListHealthChecks",
"route53:ListHostedZones",
"route53:ListHostedZonesByName",
"route53:ListResourceRecordSets",
"s3:GetBucketAcl",
"s3:GetBucketPolicy",
"s3:GetBucketPolicyStatus",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketVersioning",
"s3:GetBucketPublicAccessBlock",
"s3:ListBucket",
"s3:ListAllMyBuckets",
"ses:GetSendQuota",
"sqs:ListQueues",
"cloudwatch:GetMetricStatistics",
"ce:GetReservationPurchaseRecommendation",
"ce:GetSavingsPlansPurchaseRecommendation"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJH4QJ2WMHBOB47BUE",
"PolicyName": "AWSTrustedAdvisorServiceRolePolicy",
"UpdateDate": "2020-04-08T16:15:31+00:00",
"VersionId": "v8"
},
"AWSVPCS2SVpnServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSVPCS2SVpnServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-08-06T14:13:58+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"acm:ExportCertificate",
"acm:DescribeCertificate",
"acm:ListCertificates",
"acm-pca:DescribeCertificateAuthority"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "0"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4ENV7ZVNT6",
"PolicyName": "AWSVPCS2SVpnServiceRolePolicy",
"UpdateDate": "2019-08-06T14:13:58+00:00",
"VersionId": "v1"
},
"AWSVPCTransitGatewayServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSVPCTransitGatewayServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-11-26T16:21:17+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DeleteNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:AssignIpv6Addresses",
"ec2:UnAssignIpv6Addresses"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "0"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJS2PBJSYV2EZW3MIQ",
"PolicyName": "AWSVPCTransitGatewayServiceRolePolicy",
"UpdateDate": "2021-04-15T16:31:44+00:00",
"VersionId": "v2"
},
"AWSWAFConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSWAFConsoleFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-04-06T18:38:38+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"apigateway:GET",
"apigateway:SetWebACL",
"cloudfront:ListDistributions",
"cloudfront:ListDistributionsByWebACLId",
"cloudfront:UpdateDistribution",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"ec2:DescribeRegions",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:SetWebACL",
"appsync:ListGraphqlApis",
"appsync:SetWebACL",
"waf-regional:*",
"waf:*",
"wafv2:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4AZOTQ7KAT",
"PolicyName": "AWSWAFConsoleFullAccess",
"UpdateDate": "2020-10-01T20:13:57+00:00",
"VersionId": "v2"
},
"AWSWAFConsoleReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSWAFConsoleReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-04-06T18:43:24+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"apigateway:GET",
"cloudfront:ListDistributions",
"cloudfront:ListDistributionsByWebACLId",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"ec2:DescribeRegions",
"elasticloadbalancing:DescribeLoadBalancers",
"appsync:ListGraphqlApis",
"waf-regional:Get*",
"waf-regional:List*",
"waf:Get*",
"waf:List*",
"wafv2:Describe*",
"wafv2:Get*",
"wafv2:List*",
"wafv2:CheckCapacity"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4NCJLTIT64",
"PolicyName": "AWSWAFConsoleReadOnlyAccess",
"UpdateDate": "2020-10-01T20:13:54+00:00",
"VersionId": "v3"
},
"AWSWAFFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSWAFFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-10-06T20:44:00+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"waf:*",
"waf-regional:*",
"wafv2:*",
"elasticloadbalancing:SetWebACL",
"apigateway:SetWebACL",
"appsync:SetWebACL"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJMIKIAFXZEGOLRH7C",
"PolicyName": "AWSWAFFullAccess",
"UpdateDate": "2020-10-01T20:13:54+00:00",
"VersionId": "v5"
},
"AWSWAFReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSWAFReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-10-06T20:43:45+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"waf:Get*",
"waf:List*",
"waf-regional:Get*",
"waf-regional:List*",
"wafv2:Get*",
"wafv2:List*",
"wafv2:Describe*",
"wafv2:CheckCapacity"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAINZVDMX2SBF7EU2OC",
"PolicyName": "AWSWAFReadOnlyAccess",
"UpdateDate": "2020-06-22T22:38:54+00:00",
"VersionId": "v4"
},
"AWSXRayDaemonWriteAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess",
"AttachmentCount": 0,
"CreateDate": "2018-08-28T23:00:33+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"xray:PutTraceSegments",
"xray:PutTelemetryRecords",
"xray:GetSamplingRules",
"xray:GetSamplingTargets",
"xray:GetSamplingStatisticSummaries"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIOE47HSUE5AVBNEDM",
"PolicyName": "AWSXRayDaemonWriteAccess",
"UpdateDate": "2018-08-28T23:00:33+00:00",
"VersionId": "v1"
},
"AWSXrayFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSXrayFullAccess",
"AttachmentCount": 0,
"CreateDate": "2016-12-01T18:30:55+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"xray:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJQBYG45NSJMVQDB2K",
"PolicyName": "AWSXrayFullAccess",
"UpdateDate": "2016-12-01T18:30:55+00:00",
"VersionId": "v1"
},
"AWSXrayReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSXrayReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2016-12-01T18:27:02+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"xray:GetSamplingRules",
"xray:GetSamplingTargets",
"xray:GetSamplingStatisticSummaries",
"xray:BatchGetTraces",
"xray:GetServiceGraph",
"xray:GetTraceGraph",
"xray:GetTraceSummaries",
"xray:GetGroups",
"xray:GetGroup",
"xray:ListTagsForResource",
"xray:GetTimeSeriesServiceStatistics",
"xray:GetInsightSummaries",
"xray:GetInsight",
"xray:GetInsightEvents",
"xray:GetInsightImpactGraph"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIH4OFXWPS6ZX6OPGQ",
"PolicyName": "AWSXrayReadOnlyAccess",
"UpdateDate": "2020-09-03T22:19:40+00:00",
"VersionId": "v5"
},
"AWSXrayWriteOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2016-12-01T18:19:53+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"xray:PutTraceSegments",
"xray:PutTelemetryRecords",
"xray:GetSamplingRules",
"xray:GetSamplingTargets",
"xray:GetSamplingStatisticSummaries"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIAACM4LMYSRGBCTM6",
"PolicyName": "AWSXrayWriteOnlyAccess",
"UpdateDate": "2018-08-28T23:03:04+00:00",
"VersionId": "v2"
},
"AWS_ConfigRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AWS_ConfigRole",
"AttachmentCount": 0,
"CreateDate": "2020-09-15T20:30:30+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"access-analyzer:GetAnalyzer",
"access-analyzer:ListAnalyzers",
"access-analyzer:ListArchiveRules",
"access-analyzer:ListTagsForResource",
"acm:DescribeCertificate",
"acm:ListCertificates",
"acm:ListTagsForCertificate",
"apigateway:GET",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingPolicies",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeLifecycleHooks",
"autoscaling:DescribePolicies",
"autoscaling:DescribeScheduledActions",
"autoscaling:DescribeTags",
"backup:DescribeBackupVault",
"backup:DescribeRecoveryPoint",
"backup:GetBackupPlan",
"backup:GetBackupSelection",
"backup:GetBackupVaultAccessPolicy",
"backup:GetBackupVaultNotifications",
"backup:ListBackupPlans",
"backup:ListBackupSelections",
"backup:ListBackupVaults",
"backup:ListRecoveryPointsByBackupVault",
"backup:ListTags",
"cloudformation:DescribeType",
"cloudformation:ListTypes",
"cloudfront:ListDistributions",
"cloudfront:ListTagsForResource",
"cloudtrail:DescribeTrails",
"cloudtrail:GetEventSelectors",
"cloudtrail:GetTrailStatus",
"cloudtrail:ListTags",
"cloudwatch:DescribeAlarms",
"codepipeline:GetPipeline",
"codepipeline:GetPipelineState",
"codepipeline:ListPipelines",
"config:BatchGet*",
"config:Describe*",
"config:Get*",
"config:List*",
"config:Put*",
"config:Select*",
"dax:DescribeClusters",
"dms:DescribeReplicationInstances",
"dms:DescribeReplicationSubnetGroups",
"dms:ListTagsForResource",
"dynamodb:DescribeContinuousBackups",
"dynamodb:DescribeLimits",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:Describe*",
"ec2:GetEbsEncryptionByDefault",
"ecr:DescribeRepositories",
"ecr:GetLifecyclePolicy",
"ecr:GetRepositoryPolicy",
"ecr:ListTagsForResource",
"ecs:DescribeClusters",
"ecs:DescribeServices",
"ecs:DescribeTaskDefinition",
"ecs:DescribeTaskSets",
"ecs:ListClusters",
"ecs:ListServices",
"ecs:ListTagsForResource",
"ecs:ListTaskDefinitions",
"eks:DescribeCluster",
"eks:DescribeNodegroup",
"eks:ListClusters",
"eks:ListNodegroups",
"elasticache:DescribeCacheClusters",
"elasticache:DescribeCacheParameterGroups",
"elasticache:DescribeCacheSubnetGroups",
"elasticache:DescribeReplicationGroups",
"elasticache:ListTagsForResource",
"elasticfilesystem:DescribeAccessPoints",
"elasticfilesystem:DescribeBackupPolicy",
"elasticfilesystem:DescribeFileSystemPolicy",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:DescribeLifecycleConfiguration",
"elasticfilesystem:DescribeMountTargets",
"elasticfilesystem:DescribeMountTargetSecurityGroups",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticmapreduce:DescribeCluster",
"elasticmapreduce:DescribeSecurityConfiguration",
"elasticmapreduce:DescribeStep",
"elasticmapreduce:GetBlockPublicAccessConfiguration",
"elasticmapreduce:GetManagedScalingPolicy",
"elasticmapreduce:ListClusters",
"elasticmapreduce:ListInstanceFleets",
"elasticmapreduce:ListInstanceGroups",
"elasticmapreduce:ListInstances",
"elasticmapreduce:ListSecurityConfigurations",
"elasticmapreduce:ListSteps",
"es:DescribeElasticsearchDomain",
"es:DescribeElasticsearchDomains",
"es:ListDomainNames",
"es:ListTags",
"guardduty:GetDetector",
"guardduty:GetFindings",
"guardduty:GetMasterAccount",
"guardduty:ListDetectors",
"guardduty:ListFindings",
"iam:GenerateCredentialReport",
"iam:GetAccountAuthorizationDetails",
"iam:GetAccountPasswordPolicy",
"iam:GetAccountSummary",
"iam:GetCredentialReport",
"iam:GetGroup",
"iam:GetGroupPolicy",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:GetUser",
"iam:GetUserPolicy",
"iam:ListAttachedGroupPolicies",
"iam:ListAttachedRolePolicies",
"iam:ListAttachedUserPolicies",
"iam:ListEntitiesForPolicy",
"iam:ListGroupPolicies",
"iam:ListGroupsForUser",
"iam:ListInstanceProfilesForRole",
"iam:ListPolicyVersions",
"iam:ListRolePolicies",
"iam:ListUserPolicies",
"iam:ListVirtualMFADevices",
"kinesis:DescribeStreamConsumer",
"kinesis:DescribeStreamSummary",
"kinesis:ListStreamConsumers",
"kinesis:ListStreams",
"kinesis:ListTagsForStream",
"kms:DescribeKey",
"kms:GetKeyPolicy",
"kms:GetKeyRotationStatus",
"kms:ListKeys",
"kms:ListResourceTags",
"lambda:GetAlias",
"lambda:GetFunction",
"lambda:GetFunctionCodeSigningConfig",
"lambda:GetPolicy",
"lambda:ListAliases",
"lambda:ListFunctions",
"lambda:ListVersionsByFunction",
"logs:DescribeLogGroups",
"network-firewall:DescribeLoggingConfiguration",
"network-firewall:ListFirewalls",
"organizations:DescribeOrganization",
"rds:DescribeDBClusters",
"rds:DescribeDBClusterSnapshotAttributes",
"rds:DescribeDBClusterSnapshots",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeDBSecurityGroups",
"rds:DescribeDBSnapshotAttributes",
"rds:DescribeDBSnapshots",
"rds:DescribeDBSubnetGroups",
"rds:DescribeEventSubscriptions",
"rds:ListTagsForResource",
"redshift:DescribeClusterParameterGroups",
"redshift:DescribeClusterParameters",
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"redshift:DescribeClusterSnapshots",
"redshift:DescribeClusterSubnetGroups",
"redshift:DescribeEventSubscriptions",
"redshift:DescribeLoggingStatus",
"route53:GetHealthCheck",
"route53:GetHostedZone",
"route53:ListHealthChecks",
"route53:ListHostedZones",
"route53:ListHostedZonesByName",
"route53:ListQueryLoggingConfigs",
"route53:ListResourceRecordSets",
"route53:ListTagsForResource",
"s3:GetAccelerateConfiguration",
"s3:GetAccessPoint",
"s3:GetAccessPointPolicy",
"s3:GetAccessPointPolicyStatus",
"s3:GetAccountPublicAccessBlock",
"s3:GetBucketAcl",
"s3:GetBucketCORS",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketObjectLockConfiguration",
"s3:GetBucketPolicy",
"s3:GetBucketPublicAccessBlock",
"s3:GetBucketRequestPayment",
"s3:GetBucketTagging",
"s3:GetBucketVersioning",
"s3:GetBucketWebsite",
"s3:GetEncryptionConfiguration",
"s3:GetLifecycleConfiguration",
"s3:GetReplicationConfiguration",
"s3:ListAccessPoints",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"sagemaker:DescribeCodeRepository",
"sagemaker:DescribeEndpointConfig",
"sagemaker:DescribeNotebookInstance",
"sagemaker:ListCodeRepositories",
"sagemaker:ListEndpointConfigs",
"sagemaker:ListNotebookInstances",
"sagemaker:ListTags",
"secretsmanager:ListSecrets",
"secretsmanager:ListSecretVersionIds",
"securityhub:DescribeHub",
"shield:DescribeDRTAccess",
"shield:DescribeProtection",
"shield:DescribeSubscription",
"sns:GetTopicAttributes",
"sns:ListSubscriptions",
"sns:ListTagsForResource",
"sns:ListTopics",
"sqs:GetQueueAttributes",
"sqs:ListQueues",
"sqs:ListQueueTags",
"ssm:DescribeAutomationExecutions",
"ssm:DescribeDocument",
"ssm:DescribeDocumentPermission",
"ssm:GetAutomationExecution",
"ssm:GetDocument",
"ssm:ListDocuments",
"storagegateway:ListGateways",
"storagegateway:ListVolumes",
"support:DescribeCases",
"tag:GetResources",
"waf-regional:GetLoggingConfiguration",
"waf-regional:GetWebACL",
"waf-regional:GetWebACLForResource",
"waf:GetLoggingConfiguration",
"waf:GetWebACL",
"wafv2:GetLoggingConfiguration"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4PP7QZ4FBG",
"PolicyName": "AWS_ConfigRole",
"UpdateDate": "2021-06-07T23:02:26+00:00",
"VersionId": "v6"
},
"AccessAnalyzerServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AccessAnalyzerServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-12-02T17:13:10+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeAddresses",
"ec2:DescribeByoipCidrs",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcs",
"iam:GetRole",
"iam:ListRoles",
"kms:DescribeKey",
"kms:GetKeyPolicy",
"kms:ListGrants",
"kms:ListKeyPolicies",
"kms:ListKeys",
"lambda:GetLayerVersionPolicy",
"lambda:GetPolicy",
"lambda:ListAliases",
"lambda:ListFunctions",
"lambda:ListLayers",
"lambda:ListLayerVersions",
"lambda:ListVersionsByFunction",
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
"organizations:DescribeOrganizationalUnit",
"organizations:ListAccounts",
"organizations:ListAccountsForParent",
"organizations:ListAWSServiceAccessForOrganization",
"organizations:ListChildren",
"organizations:ListDelegatedAdministrators",
"organizations:ListOrganizationalUnitsForParent",
"organizations:ListParents",
"organizations:ListRoots",
"s3:GetAccessPoint",
"s3:GetAccessPointPolicy",
"s3:GetAccessPointPolicyStatus",
"s3:GetAccountPublicAccessBlock",
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"s3:GetBucketPolicyStatus",
"s3:GetBucketPolicy",
"s3:GetBucketPublicAccessBlock",
"s3:ListAccessPoints",
"s3:ListAllMyBuckets",
"sns:GetTopicAttributes",
"sns:ListTopics",
"secretsmanager:DescribeSecret",
"secretsmanager:GetResourcePolicy",
"secretsmanager:ListSecrets",
"sqs:GetQueueAttributes",
"sqs:ListQueues"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4CAIXDDRI2",
"PolicyName": "AccessAnalyzerServiceRolePolicy",
"UpdateDate": "2020-11-24T20:58:37+00:00",
"VersionId": "v5"
},
"AdministratorAccess": {
"Arn": "arn:aws:iam::aws:policy/AdministratorAccess",
"AttachmentCount": 8,
"CreateDate": "2015-02-06T18:39:46+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIWMBCKSKIEE64ZLYK",
"PolicyName": "AdministratorAccess",
"UpdateDate": "2015-02-06T18:39:46+00:00",
"VersionId": "v1"
},
"AdministratorAccess-AWSElasticBeanstalk": {
"Arn": "arn:aws:iam::aws:policy/AdministratorAccess-AWSElasticBeanstalk",
"AttachmentCount": 0,
"CreateDate": "2021-01-22T19:36:54+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"acm:Describe*",
"acm:List*",
"autoscaling:Describe*",
"cloudformation:Describe*",
"cloudformation:Estimate*",
"cloudformation:Get*",
"cloudformation:List*",
"cloudformation:Validate*",
"cloudtrail:LookupEvents",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codecommit:Get*",
"codecommit:UploadArchive",
"ec2:AllocateAddress",
"ec2:AssociateAddress",
"ec2:AuthorizeSecurityGroup*",
"ec2:CreateLaunchTemplate*",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DeleteLaunchTemplate*",
"ec2:DeleteSecurityGroup",
"ec2:DeleteTags",
"ec2:Describe*",
"ec2:DisassociateAddress",
"ec2:ReleaseAddress",
"ec2:RevokeSecurityGroup*",
"ecs:CreateCluster",
"ecs:DeRegisterTaskDefinition",
"ecs:Describe*",
"ecs:List*",
"ecs:RegisterTaskDefinition",
"elasticbeanstalk:*",
"elasticloadbalancing:Describe*",
"iam:GetRole",
"iam:ListAttachedRolePolicies",
"iam:ListInstanceProfiles",
"iam:ListRolePolicies",
"iam:ListRoles",
"iam:ListServerCertificates",
"logs:Describe*",
"rds:Describe*",
"s3:ListAllMyBuckets",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"sqs:ListQueues"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*",
"arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*",
"arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*",
"arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*"
]
},
{
"Action": [
"cloudformation:CancelUpdateStack",
"cloudformation:ContinueUpdateRollback",
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:GetTemplate",
"cloudformation:ListStackResources",
"cloudformation:SignalResource",
"cloudformation:TagResource",
"cloudformation:UntagResource",
"cloudformation:UpdateStack"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/awseb-*",
"arn:aws:cloudformation:*:*:stack/eb-*"
]
},
{
"Action": [
"cloudwatch:DeleteAlarms",
"cloudwatch:PutMetricAlarm"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudwatch:*:*:alarm:awseb-*",
"arn:aws:cloudwatch:*:*:alarm:eb-*"
]
},
{
"Action": [
"codebuild:BatchGetBuilds",
"codebuild:CreateProject",
"codebuild:DeleteProject",
"codebuild:StartBuild"
],
"Effect": "Allow",
"Resource": "arn:aws:codebuild:*:*:project/Elastic-Beanstalk-*"
},
{
"Action": [
"dynamodb:CreateTable",
"dynamodb:DeleteTable",
"dynamodb:DescribeTable",
"dynamodb:TagResource"
],
"Effect": "Allow",
"Resource": [
"arn:aws:dynamodb:*:*:table/awseb-e-*",
"arn:aws:dynamodb:*:*:table/eb-*"
]
},
{
"Action": [
"ec2:RebootInstances",
"ec2:TerminateInstances"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:cloudformation:stack-id": [
"arn:aws:cloudformation:*:*:stack/awseb-e-*",
"arn:aws:cloudformation:*:*:stack/eb-*"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": "ec2:RunInstances",
"Condition": {
"ArnLike": {
"ec2:LaunchTemplate": "arn:aws:ec2:*:*:launch-template/*"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ecs:DeleteCluster"
],
"Effect": "Allow",
"Resource": "arn:aws:ecs:*:*:cluster/awseb-*"
},
{
"Action": [
"elasticloadbalancing:*Rule",
"elasticloadbalancing:*Tags",
"elasticloadbalancing:SetRulePriorities",
"elasticloadbalancing:SetSecurityGroups"
],
"Effect": "Allow",
"Resource": [
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*",
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*/*"
]
},
{
"Action": [
"elasticloadbalancing:*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*",
"arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*",
"arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-*",
"arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*",
"arn:aws:elasticloadbalancing:*:*:loadbalancer/*/awseb-*/*",
"arn:aws:elasticloadbalancing:*:*:loadbalancer/*/eb-*/*",
"arn:aws:elasticloadbalancing:*:*:listener/awseb-*",
"arn:aws:elasticloadbalancing:*:*:listener/eb-*",
"arn:aws:elasticloadbalancing:*:*:listener/*/awseb-*/*/*",
"arn:aws:elasticloadbalancing:*:*:listener/*/eb-*/*/*",
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/awseb-*/*/*/*",
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/eb-*/*/*/*"
]
},
{
"Action": [
"iam:AddRoleToInstanceProfile",
"iam:CreateInstanceProfile",
"iam:CreateRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-elasticbeanstalk*",
"arn:aws:iam::*:instance-profile/aws-elasticbeanstalk*"
]
},
{
"Action": [
"iam:AttachRolePolicy"
],
"Condition": {
"StringLike": {
"iam:PolicyArn": [
"arn:aws:iam::aws:policy/AWSElasticBeanstalk*",
"arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalk*"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-elasticbeanstalk*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"elasticbeanstalk.amazonaws.com",
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn",
"autoscaling.amazonaws.com",
"elasticloadbalancing.amazonaws.com",
"ecs.amazonaws.com",
"cloudformation.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/*"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringLike": {
"iam:AWSServiceName": [
"autoscaling.amazonaws.com",
"elasticbeanstalk.amazonaws.com",
"elasticloadbalancing.amazonaws.com",
"managedupdates.elasticbeanstalk.amazonaws.com",
"maintenance.elasticbeanstalk.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling*",
"arn:aws:iam::*:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*",
"arn:aws:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing*",
"arn:aws:iam::*:role/aws-service-role/managedupdates.elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*",
"arn:aws:iam::*:role/aws-service-role/maintenance.elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*"
]
},
{
"Action": [
"logs:CreateLogGroup",
"logs:DeleteLogGroup",
"logs:PutRetentionPolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*"
},
{
"Action": [
"rds:*DBSubnetGroup",
"rds:AuthorizeDBSecurityGroupIngress",
"rds:CreateDBInstance",
"rds:CreateDBSecurityGroup",
"rds:DeleteDBInstance",
"rds:DeleteDBSecurityGroup",
"rds:ModifyDBInstance",
"rds:RestoreDBInstanceFromDBSnapshot"
],
"Effect": "Allow",
"Resource": [
"arn:aws:rds:*:*:db:*",
"arn:aws:rds:*:*:secgrp:awseb-e-*",
"arn:aws:rds:*:*:secgrp:eb-*",
"arn:aws:rds:*:*:snapshot:*",
"arn:aws:rds:*:*:subgrp:awseb-e-*",
"arn:aws:rds:*:*:subgrp:eb-*"
]
},
{
"Action": [
"s3:Delete*",
"s3:Get*",
"s3:Put*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::elasticbeanstalk-*/*"
},
{
"Action": [
"s3:CreateBucket",
"s3:GetBucket*",
"s3:ListBucket",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::elasticbeanstalk-*"
},
{
"Action": [
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:GetTopicAttributes",
"sns:Publish",
"sns:SetTopicAttributes",
"sns:Subscribe",
"sns:Unsubscribe"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:ElasticBeanstalkNotifications-*"
},
{
"Action": [
"sqs:*QueueAttributes",
"sqs:CreateQueue",
"sqs:DeleteQueue",
"sqs:SendMessage",
"sqs:TagQueue"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sqs:*:*:awseb-e-*",
"arn:aws:sqs:*:*:eb-*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4AX52KWGWY",
"PolicyName": "AdministratorAccess-AWSElasticBeanstalk",
"UpdateDate": "2021-03-09T22:36:27+00:00",
"VersionId": "v2"
},
"AdministratorAccess-Amplify": {
"Arn": "arn:aws:iam::aws:policy/AdministratorAccess-Amplify",
"AttachmentCount": 0,
"CreateDate": "2020-12-01T19:03:08+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"cloudformation:CreateChangeSet",
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeChangeSet",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:DescribeStacks",
"cloudformation:ExecuteChangeSet",
"cloudformation:GetTemplate",
"cloudformation:UpdateStack"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/amplify-*"
],
"Sid": "CLICloudformationPolicy"
},
{
"Action": [
"iam:CreateRole",
"iam:ListRoleTags",
"iam:TagRole",
"iam:AttachRolePolicy",
"iam:CreatePolicy",
"iam:DeletePolicy",
"iam:DeleteRole",
"iam:DeleteRolePolicy",
"iam:DetachRolePolicy",
"iam:PutRolePolicy",
"iam:UpdateRole",
"iam:GetRole",
"iam:GetPolicy",
"iam:GetRolePolicy",
"iam:PassRole",
"iam:ListPolicyVersions",
"appsync:CreateApiKey",
"appsync:CreateDataSource",
"appsync:CreateFunction",
"appsync:CreateResolver",
"appsync:CreateType",
"appsync:DeleteApiKey",
"appsync:DeleteDataSource",
"appsync:DeleteFunction",
"appsync:DeleteResolver",
"appsync:DeleteType",
"appsync:GetDataSource",
"appsync:GetFunction",
"appsync:GetIntrospectionSchema",
"appsync:GetResolver",
"appsync:GetSchemaCreationStatus",
"appsync:GetType",
"appsync:GraphQL",
"appsync:ListApiKeys",
"appsync:ListDataSources",
"appsync:ListFunctions",
"appsync:ListGraphqlApis",
"appsync:ListResolvers",
"appsync:ListResolversByFunction",
"appsync:ListTypes",
"appsync:StartSchemaCreation",
"appsync:UpdateApiKey",
"appsync:UpdateDataSource",
"appsync:UpdateFunction",
"appsync:UpdateResolver",
"appsync:UpdateType",
"appsync:TagResource",
"appsync:CreateGraphqlApi",
"appsync:DeleteGraphqlApi",
"appsync:GetGraphqlApi",
"appsync:ListTagsForResource",
"appsync:UpdateGraphqlApi",
"apigateway:DELETE",
"apigateway:GET",
"apigateway:PATCH",
"apigateway:POST",
"apigateway:PUT",
"cognito-idp:CreateUserPool",
"cognito-identity:CreateIdentityPool",
"cognito-identity:DeleteIdentityPool",
"cognito-identity:DescribeIdentity",
"cognito-identity:DescribeIdentityPool",
"cognito-identity:SetIdentityPoolRoles",
"cognito-identity:GetIdentityPoolRoles",
"cognito-identity:UpdateIdentityPool",
"cognito-idp:CreateUserPoolClient",
"cognito-idp:DeleteGroup",
"cognito-idp:DeleteUserPool",
"cognito-idp:DeleteUserPoolClient",
"cognito-idp:DescribeUserPool",
"cognito-idp:DescribeUserPoolClient",
"cognito-idp:ListTagsForResource",
"cognito-idp:ListUserPoolClients",
"cognito-idp:UpdateUserPoolClient",
"cognito-idp:CreateGroup",
"cognito-idp:DeleteGroup",
"cognito-identity:TagResource",
"cognito-idp:TagResource",
"cognito-idp:UpdateUserPool",
"lambda:AddPermission",
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:GetFunction",
"lambda:GetFunctionConfiguration",
"lambda:InvokeAsync",
"lambda:InvokeFunction",
"lambda:RemovePermission",
"lambda:UpdateFunctionCode",
"lambda:UpdateFunctionConfiguration",
"lambda:ListTags",
"lambda:TagResource",
"lambda:UntagResource",
"lambda:DeleteFunction",
"lambda:AddLayerVersionPermission",
"lambda:CreateEventSourceMapping",
"lambda:DeleteEventSourceMapping",
"lambda:DeleteLayerVersion",
"lambda:GetEventSourceMapping",
"lambda:GetLayerVersion",
"lambda:ListEventSourceMappings",
"lambda:ListLayerVersions",
"lambda:PublishLayerVersion",
"lambda:RemoveLayerVersionPermission",
"dynamodb:CreateTable",
"dynamodb:DeleteItem",
"dynamodb:DeleteTable",
"dynamodb:DescribeContinuousBackups",
"dynamodb:DescribeTable",
"dynamodb:DescribeTimeToLive",
"dynamodb:ListStreams",
"dynamodb:PutItem",
"dynamodb:TagResource",
"dynamodb:ListTagsOfResource",
"dynamodb:UpdateContinuousBackups",
"dynamodb:UpdateItem",
"dynamodb:UpdateTable",
"dynamodb:UpdateTimeToLive",
"s3:CreateBucket",
"s3:ListBucket",
"s3:PutBucketAcl",
"s3:PutBucketCORS",
"s3:PutBucketNotification",
"s3:PutBucketPolicy",
"s3:PutBucketWebsite",
"s3:PutObjectAcl",
"cloudfront:CreateCloudFrontOriginAccessIdentity",
"cloudfront:CreateDistribution",
"cloudfront:DeleteCloudFrontOriginAccessIdentity",
"cloudfront:DeleteDistribution",
"cloudfront:GetCloudFrontOriginAccessIdentity",
"cloudfront:GetCloudFrontOriginAccessIdentityConfig",
"cloudfront:GetDistribution",
"cloudfront:GetDistributionConfig",
"cloudfront:TagResource",
"cloudfront:UntagResource",
"cloudfront:UpdateCloudFrontOriginAccessIdentity",
"cloudfront:UpdateDistribution",
"events:DeleteRule",
"events:DescribeRule",
"events:ListRuleNamesByTarget",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"mobiletargeting:GetApp",
"kinesis:AddTagsToStream",
"kinesis:CreateStream",
"kinesis:DeleteStream",
"kinesis:DescribeStream",
"kinesis:PutRecords"
],
"Condition": {
"ForAnyValue:StringEquals": {
"aws:CalledVia": [
"cloudformation.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CLIManageviaCFNPolicy"
},
{
"Action": [
"appsync:GetIntrospectionSchema",
"appsync:GraphQL",
"appsync:UpdateApiKey",
"appsync:ListApiKeys",
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketVersions",
"s3:DeleteBucket",
"s3:DeleteBucketPolicy",
"s3:DeleteBucketWebsite",
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:ListAllMyBuckets",
"sts:AssumeRole",
"iam:PutRolePolicy",
"iam:CreatePolicy",
"iam:AttachRolePolicy",
"mobiletargeting:*",
"amplify:CreateApp",
"amplify:CreateBackendEnvironment",
"amplify:GetApp",
"amplify:GetBackendEnvironment",
"amplify:ListApps",
"amplify:ListBackendEnvironments",
"amplify:CreateBranch",
"amplify:GetBranch",
"amplify:UpdateApp",
"amplify:ListBranches",
"amplify:ListDomainAssociations",
"amplify:DeleteBranch",
"amplify:DeleteApp",
"amplify:DeleteBackendEnvironment",
"amplifybackend:*",
"cognito-idp:AdminAddUserToGroup",
"cognito-idp:AdminCreateUser",
"cognito-idp:CreateGroup",
"cognito-idp:DeleteGroup",
"cognito-idp:DeleteUser",
"cognito-idp:ListUsers",
"cognito-idp:AdminGetUser",
"cognito-idp:ListUsersInGroup",
"cognito-idp:AdminDisableUser",
"cognito-idp:AdminRemoveUserFromGroup",
"cognito-idp:AdminResetUserPassword",
"cognito-idp:AdminListGroupsForUser",
"cognito-idp:ListGroups",
"cognito-idp:AdminDeleteUser",
"cognito-idp:AdminListUserAuthEvents",
"cognito-idp:AdminDeleteUser",
"cognito-idp:AdminConfirmSignUp",
"cognito-idp:AdminEnableUser",
"cognito-idp:AdminUpdateUserAttributes",
"cognito-idp:DescribeIdentityProvider"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CLISDKCalls"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4AML23RALR",
"PolicyName": "AdministratorAccess-Amplify",
"UpdateDate": "2021-01-13T22:36:27+00:00",
"VersionId": "v2"
},
"AlexaForBusinessDeviceSetup": {
"Arn": "arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup",
"AttachmentCount": 0,
"CreateDate": "2017-11-30T16:47:16+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"a4b:RegisterDevice",
"a4b:CompleteRegistration",
"a4b:SearchDevices",
"a4b:SearchNetworkProfiles",
"a4b:GetNetworkProfile",
"a4b:PutDeviceSetupEvents"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"secretsmanager:GetSecretValue"
],
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:*:*:secret:A4BNetworkProfile*",
"Sid": "A4bDeviceSetupAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIUEFZFUTDTY4HGFU2",
"PolicyName": "AlexaForBusinessDeviceSetup",
"UpdateDate": "2019-05-20T21:05:39+00:00",
"VersionId": "v2"
},
"AlexaForBusinessFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AlexaForBusinessFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-11-30T16:47:09+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"a4b:*",
"kms:DescribeKey"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringLike": {
"iam:AWSServiceName": [
"*a4b.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/*a4b.amazonaws.com/AWSServiceRoleForAlexaForBusiness*"
},
{
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:DeleteSecret",
"secretsmanager:UpdateSecret"
],
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:*:*:secret:A4B*"
},
{
"Action": "secretsmanager:CreateSecret",
"Condition": {
"StringLike": {
"secretsmanager:Name": "A4B*"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAILUT3JGG7WRIMVNH2",
"PolicyName": "AlexaForBusinessFullAccess",
"UpdateDate": "2020-07-01T21:01:55+00:00",
"VersionId": "v5"
},
"AlexaForBusinessGatewayExecution": {
"Arn": "arn:aws:iam::aws:policy/AlexaForBusinessGatewayExecution",
"AttachmentCount": 0,
"CreateDate": "2017-11-30T16:47:19+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"a4b:Send*",
"a4b:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:a4b:*:*:gateway/*"
},
{
"Action": [
"sqs:ReceiveMessage",
"sqs:DeleteMessage"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sqs:*:*:dd-*",
"arn:aws:sqs:*:*:sd-*"
]
},
{
"Action": [
"a4b:List*",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogGroups",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI3LZ7YP7KHLG4DT2Q",
"PolicyName": "AlexaForBusinessGatewayExecution",
"UpdateDate": "2017-11-30T16:47:19+00:00",
"VersionId": "v1"
},
"AlexaForBusinessLifesizeDelegatedAccessPolicy": {
"Arn": "arn:aws:iam::aws:policy/AlexaForBusinessLifesizeDelegatedAccessPolicy",
"AttachmentCount": 0,
"CreateDate": "2020-06-04T19:46:56+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"a4b:DisassociateDeviceFromRoom",
"a4b:DeleteDevice",
"a4b:UpdateDevice",
"a4b:GetDevice"
],
"Effect": "Allow",
"Resource": [
"arn:aws:a4b:us-east-1:*:device/*/*:A2IWO7UEGWV4TL"
]
},
{
"Action": [
"a4b:RegisterAVSDevice"
],
"Condition": {
"StringEquals": {
"a4b:amazonId": [
"A2IWO7UEGWV4TL"
]
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"a4b:SearchDevices"
],
"Condition": {
"ForAllValues:StringLike": {
"a4b:filters_deviceType": [
"*A2IWO7UEGWV4TL"
]
},
"Null": {
"a4b:filters_deviceType": "false"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"a4b:AssociateDeviceWithRoom"
],
"Effect": "Allow",
"Resource": [
"arn:aws:a4b:us-east-1:*:device/*/*:A2IWO7UEGWV4TL",
"arn:aws:a4b:us-east-1:*:room/*"
]
},
{
"Action": [
"a4b:GetRoom",
"a4b:GetAddressBook",
"a4b:SearchRooms",
"a4b:CreateContact",
"a4b:CreateRoom",
"a4b:UpdateContact",
"a4b:ListConferenceProviders",
"a4b:DeleteRoom",
"a4b:CreateAddressBook",
"a4b:DisassociateContactFromAddressBook",
"a4b:CreateConferenceProvider",
"a4b:PutConferencePreference",
"a4b:DeleteAddressBook",
"a4b:AssociateContactWithAddressBook",
"a4b:DeleteContact",
"a4b:SearchProfiles",
"a4b:UpdateProfile",
"a4b:GetContact"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:DescribeKey"
],
"Effect": "Allow",
"Resource": "arn:aws:kms:*:*:key/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4HXQBRRIQV",
"PolicyName": "AlexaForBusinessLifesizeDelegatedAccessPolicy",
"UpdateDate": "2020-06-12T20:31:59+00:00",
"VersionId": "v2"
},
"AlexaForBusinessNetworkProfileServicePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AlexaForBusinessNetworkProfileServicePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-03-13T00:53:40+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"acm-pca:GetCertificate",
"acm-pca:IssueCertificate",
"acm-pca:RevokeCertificate"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/a4b": "enabled"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "A4bPcaTagAccess"
},
{
"Action": [
"secretsmanager:GetSecretValue"
],
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:*:*:secret:A4BNetworkProfile*",
"Sid": "A4bNetworkProfileAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI7GYBNGIZU2EDSMGQ",
"PolicyName": "AlexaForBusinessNetworkProfileServicePolicy",
"UpdateDate": "2019-04-05T21:57:56+00:00",
"VersionId": "v2"
},
"AlexaForBusinessPolyDelegatedAccessPolicy": {
"Arn": "arn:aws:iam::aws:policy/AlexaForBusinessPolyDelegatedAccessPolicy",
"AttachmentCount": 0,
"CreateDate": "2019-10-16T19:48:45+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"a4b:DisassociateDeviceFromRoom",
"a4b:DeleteDevice",
"a4b:UpdateDevice",
"a4b:GetDevice"
],
"Effect": "Allow",
"Resource": [
"arn:aws:a4b:us-east-1:*:device/*/*:A238TWV36W3S92",
"arn:aws:a4b:us-east-1:*:device/*/*:A1FUZ1SC53VJXD"
]
},
{
"Action": [
"a4b:RegisterAVSDevice"
],
"Condition": {
"StringEquals": {
"a4b:amazonId": [
"A238TWV36W3S92",
"A1FUZ1SC53VJXD"
]
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"a4b:SearchDevices"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"a4b:AssociateDeviceWithRoom"
],
"Effect": "Allow",
"Resource": [
"arn:aws:a4b:us-east-1:*:device/*/*:A238TWV36W3S92",
"arn:aws:a4b:us-east-1:*:device/*/*:A1FUZ1SC53VJXD",
"arn:aws:a4b:us-east-1:*:room/*"
]
},
{
"Action": [
"a4b:GetRoom",
"a4b:SearchRooms",
"a4b:CreateRoom",
"a4b:GetProfile",
"a4b:SearchSkillGroups",
"a4b:DisassociateSkillGroupFromRoom",
"a4b:AssociateSkillGroupWithRoom",
"a4b:GetSkillGroup",
"a4b:SearchProfiles",
"a4b:GetAddressBook",
"a4b:UpdateRoom"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4FIHC2UP5Z",
"PolicyName": "AlexaForBusinessPolyDelegatedAccessPolicy",
"UpdateDate": "2019-10-16T19:48:45+00:00",
"VersionId": "v1"
},
"AlexaForBusinessReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AlexaForBusinessReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2017-11-30T16:47:12+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"a4b:Get*",
"a4b:List*",
"a4b:Search*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI6BKSTB4XMLPBFFJ2",
"PolicyName": "AlexaForBusinessReadOnlyAccess",
"UpdateDate": "2019-11-20T00:25:33+00:00",
"VersionId": "v3"
},
"AmazonAPIGatewayAdministrator": {
"Arn": "arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator",
"AttachmentCount": 0,
"CreateDate": "2015-07-09T17:34:45+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"apigateway:*"
],
"Effect": "Allow",
"Resource": "arn:aws:apigateway:*::/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ4PT6VY5NLKTNUYSI",
"PolicyName": "AmazonAPIGatewayAdministrator",
"UpdateDate": "2015-07-09T17:34:45+00:00",
"VersionId": "v1"
},
"AmazonAPIGatewayInvokeFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-07-09T17:36:12+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"execute-api:Invoke",
"execute-api:ManageConnections"
],
"Effect": "Allow",
"Resource": "arn:aws:execute-api:*:*:*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIIWAX2NOOQJ4AIEQ6",
"PolicyName": "AmazonAPIGatewayInvokeFullAccess",
"UpdateDate": "2018-12-18T18:25:10+00:00",
"VersionId": "v2"
},
"AmazonAPIGatewayPushToCloudWatchLogs": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs",
"AttachmentCount": 0,
"CreateDate": "2015-11-11T23:41:46+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:PutLogEvents",
"logs:GetLogEvents",
"logs:FilterLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIK4GFO7HLKYN64ASK",
"PolicyName": "AmazonAPIGatewayPushToCloudWatchLogs",
"UpdateDate": "2015-11-11T23:41:46+00:00",
"VersionId": "v1"
},
"AmazonAppFlowFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonAppFlowFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-06-02T23:30:14+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": "appflow:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:ListRoles",
"Effect": "Allow",
"Resource": "*",
"Sid": "ListRolesForRedshift"
},
{
"Action": [
"kms:ListKeys",
"kms:DescribeKey",
"kms:ListAliases"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "KMSListAccess"
},
{
"Action": [
"kms:CreateGrant"
],
"Condition": {
"Bool": {
"kms:GrantIsForAWSResource": "true"
},
"StringLike": {
"kms:ViaService": "appflow.*.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "KMSGrantAccess"
},
{
"Action": [
"kms:ListGrants"
],
"Condition": {
"StringLike": {
"kms:ViaService": "appflow.*.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "KMSListGrantAccess"
},
{
"Action": [
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetBucketPolicy"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "S3ReadAccess"
},
{
"Action": [
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::appflow-*",
"Sid": "S3PutBucketPolicyAccess"
},
{
"Action": "secretsmanager:CreateSecret",
"Condition": {
"ForAnyValue:StringEquals": {
"aws:CalledVia": [
"appflow.amazonaws.com"
]
},
"StringLike": {
"secretsmanager:Name": "appflow!*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "SecretsManagerCreateSecretAccess"
},
{
"Action": [
"secretsmanager:PutResourcePolicy"
],
"Condition": {
"ForAnyValue:StringEquals": {
"aws:CalledVia": [
"appflow.amazonaws.com"
]
},
"StringEqualsIgnoreCase": {
"secretsmanager:ResourceTag/aws:secretsmanager:owningService": "appflow"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "SecretsManagerPutResourcePolicyAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4PGBU2ALC4",
"PolicyName": "AmazonAppFlowFullAccess",
"UpdateDate": "2020-12-07T22:49:15+00:00",
"VersionId": "v2"
},
"AmazonAppFlowReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonAppFlowReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-06-02T23:26:51+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"appflow:DescribeConnectors",
"appflow:DescribeConnectorProfiles",
"appflow:DescribeFlows",
"appflow:DescribeFlowExecution",
"appflow:DescribeConnectorFields",
"appflow:ListConnectorFields",
"appflow:ListTagsForResource"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4CCGEQPIQI",
"PolicyName": "AmazonAppFlowReadOnlyAccess",
"UpdateDate": "2020-06-02T23:26:51+00:00",
"VersionId": "v1"
},
"AmazonAppStreamFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonAppStreamFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:09+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"appstream:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"application-autoscaling:DeleteScalingPolicy",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:RegisterScalableTarget",
"application-autoscaling:DescribeScheduledActions",
"application-autoscaling:PutScheduledAction",
"application-autoscaling:DeleteScheduledAction"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricStatistics",
"cloudwatch:PutMetricAlarm"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeVpcEndpoints"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:ListRoles",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": "application-autoscaling.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/service-role/ApplicationAutoScalingForAmazonAppStreamAccess"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "appstream.application-autoscaling.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/appstream.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_AppStreamFleet"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJLZZXU2YQVGL4QDNC",
"PolicyName": "AmazonAppStreamFullAccess",
"UpdateDate": "2020-08-28T17:24:35+00:00",
"VersionId": "v6"
},
"AmazonAppStreamReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonAppStreamReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:10+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"appstream:Get*",
"appstream:List*",
"appstream:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJXIFDGB4VBX23DX7K",
"PolicyName": "AmazonAppStreamReadOnlyAccess",
"UpdateDate": "2016-12-07T21:00:06+00:00",
"VersionId": "v2"
},
"AmazonAppStreamServiceAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonAppStreamServiceAccess",
"AttachmentCount": 0,
"CreateDate": "2016-11-19T04:17:37+00:00",
"DefaultVersionId": "v8",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeAvailabilityZones",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface",
"ec2:DescribeSubnets",
"ec2:AssociateAddress",
"ec2:DisassociateAddress",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcEndpoints",
"s3:ListAllMyBuckets",
"ds:DescribeDirectories"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:CreateBucket",
"s3:ListBucket",
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:GetObjectVersion",
"s3:DeleteObjectVersion",
"s3:GetBucketPolicy",
"s3:PutBucketPolicy",
"s3:PutEncryptionConfiguration"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::appstream2-36fb080bb8-*",
"arn:aws:s3:::appstream-app-settings-*",
"arn:aws:s3:::appstream-logs-*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAISBRZ7LMMCBYEF3SE",
"PolicyName": "AmazonAppStreamServiceAccess",
"UpdateDate": "2020-06-26T16:33:54+00:00",
"VersionId": "v8"
},
"AmazonAthenaFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonAthenaFullAccess",
"AttachmentCount": 0,
"CreateDate": "2016-11-30T16:46:01+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"athena:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"glue:CreateDatabase",
"glue:DeleteDatabase",
"glue:GetDatabase",
"glue:GetDatabases",
"glue:UpdateDatabase",
"glue:CreateTable",
"glue:DeleteTable",
"glue:BatchDeleteTable",
"glue:UpdateTable",
"glue:GetTable",
"glue:GetTables",
"glue:BatchCreatePartition",
"glue:CreatePartition",
"glue:DeletePartition",
"glue:BatchDeletePartition",
"glue:UpdatePartition",
"glue:GetPartition",
"glue:GetPartitions",
"glue:BatchGetPartition"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload",
"s3:CreateBucket",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::aws-athena-query-results-*"
]
},
{
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::athena-examples*"
]
},
{
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"sns:ListTopics",
"sns:GetTopicAttributes"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"lakeformation:GetDataAccess"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIPJMLMD4C7RYZ6XCK",
"PolicyName": "AmazonAthenaFullAccess",
"UpdateDate": "2019-08-08T17:52:27+00:00",
"VersionId": "v6"
},
"AmazonAugmentedAIFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonAugmentedAIFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-12-03T16:21:56+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"sagemaker:*HumanLoop",
"sagemaker:*HumanLoops",
"sagemaker:*FlowDefinition",
"sagemaker:*FlowDefinitions",
"sagemaker:*HumanTaskUi",
"sagemaker:*HumanTaskUis"
],
"Condition": {
"StringEqualsIfExists": {
"sagemaker:WorkteamType": [
"private-crowd",
"vendor-crowd"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"sagemaker.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4HJOEBWQWI",
"PolicyName": "AmazonAugmentedAIFullAccess",
"UpdateDate": "2019-12-03T16:21:56+00:00",
"VersionId": "v1"
},
"AmazonAugmentedAIHumanLoopFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonAugmentedAIHumanLoopFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-12-03T16:20:47+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"sagemaker:*HumanLoop",
"sagemaker:*HumanLoops"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4DLDNVPZG4",
"PolicyName": "AmazonAugmentedAIHumanLoopFullAccess",
"UpdateDate": "2019-12-03T16:20:47+00:00",
"VersionId": "v1"
},
"AmazonAugmentedAIIntegratedAPIAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonAugmentedAIIntegratedAPIAccess",
"AttachmentCount": 0,
"CreateDate": "2020-04-22T20:47:32+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"sagemaker:*HumanLoop",
"sagemaker:*HumanLoops",
"sagemaker:*FlowDefinition",
"sagemaker:*FlowDefinitions",
"sagemaker:*HumanTaskUi",
"sagemaker:*HumanTaskUis"
],
"Condition": {
"StringEqualsIfExists": {
"sagemaker:WorkteamType": [
"private-crowd",
"vendor-crowd"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"textract:AnalyzeDocument"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"rekognition:DetectModerationLabels"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"sagemaker.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4A7KC4RFTV",
"PolicyName": "AmazonAugmentedAIIntegratedAPIAccess",
"UpdateDate": "2020-04-22T20:47:32+00:00",
"VersionId": "v1"
},
"AmazonBraketFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonBraketFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-08-06T20:12:37+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::amazon-braket-*"
},
{
"Action": [
"logs:Describe*",
"logs:Get*",
"logs:List*",
"logs:StartQuery",
"logs:StopQuery",
"logs:TestMetricFilter",
"logs:FilterLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/braket:*"
},
{
"Action": [
"iam:ListRoles",
"iam:ListRolePolicies",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:ListAttachedRolePolicies"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sagemaker:ListNotebookInstances"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sagemaker:CreatePresignedNotebookInstanceUrl",
"sagemaker:CreateNotebookInstance",
"sagemaker:DeleteNotebookInstance",
"sagemaker:DescribeNotebookInstance",
"sagemaker:StartNotebookInstance",
"sagemaker:StopNotebookInstance",
"sagemaker:UpdateNotebookInstance",
"sagemaker:ListTags",
"sagemaker:AddTags",
"sagemaker:DeleteTags"
],
"Effect": "Allow",
"Resource": "arn:aws:sagemaker:*:*:notebook-instance/amazon-braket-*"
},
{
"Action": [
"sagemaker:DescribeNotebookInstanceLifecycleConfig",
"sagemaker:CreateNotebookInstanceLifecycleConfig",
"sagemaker:DeleteNotebookInstanceLifecycleConfig",
"sagemaker:ListNotebookInstanceLifecycleConfigs",
"sagemaker:UpdateNotebookInstanceLifecycleConfig"
],
"Effect": "Allow",
"Resource": "arn:aws:sagemaker:*:*:notebook-instance-lifecycle-config/amazon-braket-*"
},
{
"Action": "braket:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "braket.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/braket.amazonaws.com/AWSServiceRoleForAmazonBraket*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"sagemaker.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/service-role/AmazonBraketServiceSageMakerNotebookRole*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4HUAKO7NZO",
"PolicyName": "AmazonBraketFullAccess",
"UpdateDate": "2021-02-18T07:48:38+00:00",
"VersionId": "v2"
},
"AmazonBraketServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonBraketServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-08-04T17:12:23+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::amazon-braket-*"
},
{
"Action": [
"logs:PutLogEvents",
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:CreateLogGroup",
"logs:DescribeLogGroups"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/braket:*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4NIYU42I3S",
"PolicyName": "AmazonBraketServiceRolePolicy",
"UpdateDate": "2020-08-06T20:10:42+00:00",
"VersionId": "v2"
},
"AmazonChimeFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonChimeFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-11-01T22:15:43+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"chime:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:ListBucket",
"s3:ListAllMyBuckets",
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketVersioning",
"s3:GetBucketWebsite"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogDelivery",
"logs:DeleteLogDelivery",
"logs:GetLogDelivery",
"logs:ListLogDeliveries",
"logs:DescribeResourcePolicies",
"logs:PutResourcePolicy",
"logs:CreateLogGroup",
"logs:DescribeLogGroups"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sns:CreateTopic",
"sns:GetTopicAttributes"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sns:*:*:ChimeVoiceConnector-Streaming*"
]
},
{
"Action": [
"sqs:GetQueueAttributes",
"sqs:CreateQueue"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sqs:*:*:ChimeVoiceConnector-Streaming*"
]
},
{
"Action": [
"kinesis:ListStreams"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kinesis:DescribeStream"
],
"Effect": "Allow",
"Resource": [
"arn:aws:kinesis:*:*:stream/chime-chat-*",
"arn:aws:kinesis:*:*:stream/chime-messaging-*"
]
},
{
"Action": [
"s3:GetEncryptionConfiguration",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::chime-chat-*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIUJFSAKUERNORYRWO",
"PolicyName": "AmazonChimeFullAccess",
"UpdateDate": "2020-12-14T21:00:52+00:00",
"VersionId": "v3"
},
"AmazonChimeReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AmazonChimeReadOnly",
"AttachmentCount": 0,
"CreateDate": "2017-11-01T22:04:17+00:00",
"DefaultVersionId": "v10",
"Document": {
"Statement": [
{
"Action": [
"chime:List*",
"chime:Get*",
"chime:Describe*",
"chime:SearchAvailablePhoneNumbers"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJLBFZZFABRXVWRTCI",
"PolicyName": "AmazonChimeReadOnly",
"UpdateDate": "2020-12-14T20:53:57+00:00",
"VersionId": "v10"
},
"AmazonChimeSDK": {
"Arn": "arn:aws:iam::aws:policy/AmazonChimeSDK",
"AttachmentCount": 0,
"CreateDate": "2020-02-04T21:53:37+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"chime:CreateMeeting",
"chime:CreateMeetingWithAttendees",
"chime:DeleteMeeting",
"chime:GetMeeting",
"chime:ListMeetings",
"chime:CreateAttendee",
"chime:BatchCreateAttendee",
"chime:DeleteAttendee",
"chime:GetAttendee",
"chime:ListAttendees",
"chime:ListAttendeeTags",
"chime:ListMeetingTags",
"chime:ListTagsForResource",
"chime:TagAttendee",
"chime:TagMeeting",
"chime:TagResource",
"chime:UntagAttendee",
"chime:UntagMeeting",
"chime:UntagResource"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4ACM6EA4B7",
"PolicyName": "AmazonChimeSDK",
"UpdateDate": "2020-09-18T21:07:30+00:00",
"VersionId": "v3"
},
"AmazonChimeServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-09-30T22:25:06+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringLike": {
"iam:AWSServiceName": "chime.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/chime.amazonaws.com/AWSServiceRoleForAmazonChime"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4NA5XMV3PI",
"PolicyName": "AmazonChimeServiceRolePolicy",
"UpdateDate": "2019-09-30T22:25:06+00:00",
"VersionId": "v1"
},
"AmazonChimeUserManagement": {
"Arn": "arn:aws:iam::aws:policy/AmazonChimeUserManagement",
"AttachmentCount": 0,
"CreateDate": "2017-11-01T22:17:26+00:00",
"DefaultVersionId": "v8",
"Document": {
"Statement": [
{
"Action": [
"chime:ListAccounts",
"chime:GetAccount",
"chime:GetAccountSettings",
"chime:UpdateAccountSettings",
"chime:ListUsers",
"chime:GetUser",
"chime:GetUserByEmail",
"chime:InviteUsers",
"chime:InviteUsersFromProvider",
"chime:SuspendUsers",
"chime:ActivateUsers",
"chime:UpdateUserLicenses",
"chime:ResetPersonalPIN",
"chime:LogoutUser",
"chime:ListDomains",
"chime:GetDomain",
"chime:ListDirectories",
"chime:ListGroups",
"chime:SubmitSupportRequest",
"chime:ListDelegates",
"chime:ListAccountUsageReportData",
"chime:GetMeetingDetail",
"chime:ListMeetingEvents",
"chime:ListMeetingsReportData",
"chime:GetUserActivityReportData",
"chime:UpdateUser",
"chime:BatchUpdateUser",
"chime:BatchSuspendUser",
"chime:BatchUnsuspendUser",
"chime:AssociatePhoneNumberWithUser",
"chime:DisassociatePhoneNumberFromUser",
"chime:GetPhoneNumber",
"chime:ListPhoneNumbers",
"chime:GetUserSettings",
"chime:UpdateUserSettings",
"chime:CreateUser",
"chime:AssociateSigninDelegateGroupsWithAccount",
"chime:DisassociateSigninDelegateGroupsFromAccount"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJGLHVUHNMQPSDGSOO",
"PolicyName": "AmazonChimeUserManagement",
"UpdateDate": "2020-02-18T19:26:10+00:00",
"VersionId": "v8"
},
"AmazonChimeVoiceConnectorServiceLinkedRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeVoiceConnectorServiceLinkedRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-09-30T22:16:42+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"chime:GetVoiceConnector*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4GP44ZBY4P",
"PolicyName": "AmazonChimeVoiceConnectorServiceLinkedRolePolicy",
"UpdateDate": "2019-09-30T22:16:42+00:00",
"VersionId": "v1"
},
"AmazonCloudDirectoryFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonCloudDirectoryFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-02-25T00:41:39+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"clouddirectory:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJG3XQK77ATFLCF2CK",
"PolicyName": "AmazonCloudDirectoryFullAccess",
"UpdateDate": "2017-02-25T00:41:39+00:00",
"VersionId": "v1"
},
"AmazonCloudDirectoryReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonCloudDirectoryReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2017-02-28T23:42:06+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"clouddirectory:List*",
"clouddirectory:Get*",
"clouddirectory:LookupPolicy",
"clouddirectory:BatchRead"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAICMSZQGR3O62KMD6M",
"PolicyName": "AmazonCloudDirectoryReadOnlyAccess",
"UpdateDate": "2017-02-28T23:42:06+00:00",
"VersionId": "v1"
},
"AmazonCodeGuruProfilerAgentAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruProfilerAgentAccess",
"AttachmentCount": 0,
"CreateDate": "2021-02-05T22:11:56+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"codeguru-profiler:ConfigureAgent",
"codeguru-profiler:CreateProfilingGroup",
"codeguru-profiler:PostAgentProfile"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4NJEGTVMFC",
"PolicyName": "AmazonCodeGuruProfilerAgentAccess",
"UpdateDate": "2021-04-02T23:21:37+00:00",
"VersionId": "v2"
},
"AmazonCodeGuruProfilerFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruProfilerFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-12-03T10:13:27+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"codeguru-profiler:*",
"iam:ListRoles",
"iam:ListUsers",
"sns:ListTopics",
"codeguru:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "codeguru-profiler.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/*AWSServiceRoleForCodeGuruProfiler*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4FVCBNS424",
"PolicyName": "AmazonCodeGuruProfilerFullAccess",
"UpdateDate": "2020-07-15T03:23:08+00:00",
"VersionId": "v4"
},
"AmazonCodeGuruProfilerReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruProfilerReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-12-03T10:30:15+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"codeguru:Get*",
"codeguru-profiler:BatchGet*",
"codeguru-profiler:Describe*",
"codeguru-profiler:Get*",
"codeguru-profiler:List*",
"iam:ListRoles",
"iam:ListUsers"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4LUSUINUHE",
"PolicyName": "AmazonCodeGuruProfilerReadOnlyAccess",
"UpdateDate": "2020-06-27T23:52:52+00:00",
"VersionId": "v3"
},
"AmazonCodeGuruReviewerFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruReviewerFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-12-03T08:33:47+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"codeguru-reviewer:*",
"codeguru:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AmazonCodeGuruReviewerFullAccess"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "codeguru-reviewer.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer",
"Sid": "AmazonCodeGuruReviewerSLRCreation"
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer",
"Sid": "AmazonCodeGuruReviewerSLRDeletion"
},
{
"Action": [
"codecommit:ListRepositories"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeCommitAccess"
},
{
"Action": [
"codecommit:TagResource",
"codecommit:UntagResource"
],
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": "codeguru-reviewer"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeCommitTagManagement"
},
{
"Action": [
"codestar-connections:TagResource",
"codestar-connections:UntagResource",
"codestar-connections:ListTagsForResource"
],
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": "codeguru-reviewer"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeConnectTagManagement"
},
{
"Action": [
"codestar-connections:UseConnection",
"codestar-connections:ListConnections",
"codestar-connections:PassConnection"
],
"Condition": {
"ForAllValues:StringEquals": {
"codestar-connections:ProviderAction": [
"ListRepositories",
"ListOwners"
]
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CodeConnectManagedRules"
},
{
"Action": [
"events:PutRule",
"events:PutTargets",
"events:DeleteRule",
"events:RemoveTargets"
],
"Condition": {
"StringEquals": {
"events:ManagedBy": "codeguru-reviewer.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudWatchEventsManagedRules"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4ENLFBTHWM",
"PolicyName": "AmazonCodeGuruReviewerFullAccess",
"UpdateDate": "2020-08-29T04:16:08+00:00",
"VersionId": "v3"
},
"AmazonCodeGuruReviewerReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruReviewerReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-12-03T08:48:24+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"codeguru:Get*",
"codeguru-reviewer:List*",
"codeguru-reviewer:Describe*",
"codeguru-reviewer:Get*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AmazonCodeGuruReviewerReadOnlyAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4FOJ4PYG77",
"PolicyName": "AmazonCodeGuruReviewerReadOnlyAccess",
"UpdateDate": "2020-08-29T04:15:32+00:00",
"VersionId": "v2"
},
"AmazonCodeGuruReviewerServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonCodeGuruReviewerServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-12-03T05:31:12+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"codecommit:GetRepository",
"codecommit:GetBranch",
"codecommit:DescribePullRequestEvents",
"codecommit:GetCommentsForPullRequest",
"codecommit:GetDifferences",
"codecommit:GetPullRequest",
"codecommit:ListPullRequests",
"codecommit:PostCommentForPullRequest",
"codecommit:GitPull",
"codecommit:UntagResource"
],
"Condition": {
"StringLike": {
"aws:ResourceTag/codeguru-reviewer": "enabled"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "AccessCodeGuruReviewerEnabledRepositories"
},
{
"Action": [
"codestar-connections:UseConnection"
],
"Condition": {
"ForAllValues:StringEquals": {
"codestar-connections:ProviderAction": [
"ListBranches",
"GetBranch",
"ListRepositories",
"ListOwners",
"ListPullRequests",
"GetPullRequest",
"ListPullRequestComments",
"ListPullRequestCommits",
"ListCommitFiles",
"ListBranchCommits",
"CreatePullRequestDiffComment",
"GitPull"
]
},
"Null": {
"aws:ResourceTag/codeguru-reviewer": "false"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "AccessCodeGuruReviewerEnabledConnections"
},
{
"Action": [
"events:DeleteRule",
"events:RemoveTargets"
],
"Condition": {
"StringEquals": {
"events:ManagedBy": "codeguru-reviewer.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudWatchEventsResourceCleanup"
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::codeguru-reviewer-*",
"arn:aws:s3:::codeguru-reviewer-*/*"
],
"Sid": "AllowGuruS3GetObject"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4NJY3GAUD2",
"PolicyName": "AmazonCodeGuruReviewerServiceRolePolicy",
"UpdateDate": "2020-11-27T15:09:46+00:00",
"VersionId": "v4"
},
"AmazonCognitoDeveloperAuthenticatedIdentities": {
"Arn": "arn:aws:iam::aws:policy/AmazonCognitoDeveloperAuthenticatedIdentities",
"AttachmentCount": 0,
"CreateDate": "2015-03-24T17:22:23+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cognito-identity:GetOpenIdTokenForDeveloperIdentity",
"cognito-identity:LookupDeveloperIdentity",
"cognito-identity:MergeDeveloperIdentities",
"cognito-identity:UnlinkDeveloperIdentity"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIQOKZ5BGKLCMTXH4W",
"PolicyName": "AmazonCognitoDeveloperAuthenticatedIdentities",
"UpdateDate": "2015-03-24T17:22:23+00:00",
"VersionId": "v1"
},
"AmazonCognitoIdpEmailServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonCognitoIdpEmailServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-03-21T21:32:25+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ses:SendEmail",
"ses:SendRawEmail"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ses:List*"
],
"Effect": "Deny",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIX7PW362PLAQFKBHM",
"PolicyName": "AmazonCognitoIdpEmailServiceRolePolicy",
"UpdateDate": "2019-03-21T21:32:25+00:00",
"VersionId": "v1"
},
"AmazonCognitoIdpServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonCognitoIdpServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-06-26T22:30:20+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cognito-idp:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4LEUDXVZDR",
"PolicyName": "AmazonCognitoIdpServiceRolePolicy",
"UpdateDate": "2020-06-26T22:30:20+00:00",
"VersionId": "v1"
},
"AmazonCognitoPowerUser": {
"Arn": "arn:aws:iam::aws:policy/AmazonCognitoPowerUser",
"AttachmentCount": 0,
"CreateDate": "2015-03-24T17:14:56+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"cognito-identity:*",
"cognito-idp:*",
"cognito-sync:*",
"iam:ListRoles",
"iam:ListOpenIdConnectProviders",
"iam:GetRole",
"iam:ListSAMLProviders",
"iam:GetSAMLProvider",
"kinesis:ListStreams",
"lambda:GetPolicy",
"lambda:ListFunctions",
"sns:GetSMSSandboxAccountStatus",
"sns:ListPlatformApplications",
"ses:ListIdentities",
"ses:GetIdentityVerificationAttributes",
"mobiletargeting:GetApps",
"acm:ListCertificates"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"cognito-idp.amazonaws.com",
"email.cognito-idp.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdp*",
"arn:aws:iam::*:role/aws-service-role/email.cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdpEmail*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJKW5H2HNCPGCYGR6Y",
"PolicyName": "AmazonCognitoPowerUser",
"UpdateDate": "2021-06-01T17:33:32+00:00",
"VersionId": "v6"
},
"AmazonCognitoReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AmazonCognitoReadOnly",
"AttachmentCount": 0,
"CreateDate": "2015-03-24T17:06:46+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"cognito-identity:Describe*",
"cognito-identity:Get*",
"cognito-identity:List*",
"cognito-idp:Describe*",
"cognito-idp:AdminGet*",
"cognito-idp:AdminList*",
"cognito-idp:List*",
"cognito-idp:Get*",
"cognito-sync:Describe*",
"cognito-sync:Get*",
"cognito-sync:List*",
"iam:ListOpenIdConnectProviders",
"iam:ListRoles",
"sns:ListPlatformApplications"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJBFTRZD2GQGJHSVQK",
"PolicyName": "AmazonCognitoReadOnly",
"UpdateDate": "2019-08-01T19:21:04+00:00",
"VersionId": "v4"
},
"AmazonConnectReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonConnectReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-10-17T21:00:44+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"connect:Get*",
"connect:Describe*",
"connect:List*",
"ds:DescribeDirectories"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "connect:GetFederationTokens",
"Effect": "Deny",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIVZMH7VU6YYKRY6ZU",
"PolicyName": "AmazonConnectReadOnlyAccess",
"UpdateDate": "2019-11-06T22:10:18+00:00",
"VersionId": "v3"
},
"AmazonConnectServiceLinkedRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonConnectServiceLinkedRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-09-07T00:21:43+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"connect:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:DeleteRole"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect_*"
},
{
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::amazon-connect-*/*"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetBucketAcl"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::amazon-connect-*"
]
},
{
"Action": [
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/connect/*:*"
]
},
{
"Action": [
"lex:ListBots",
"lex:ListBotAliases"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ6R6FMTSRUJSKI72Y",
"PolicyName": "AmazonConnectServiceLinkedRolePolicy",
"UpdateDate": "2021-04-14T00:13:10+00:00",
"VersionId": "v4"
},
"AmazonConnect_FullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonConnect_FullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-11-20T19:54:21+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"connect:*",
"ds:CreateAlias",
"ds:AuthorizeApplication",
"ds:CreateIdentityPoolDirectory",
"ds:DeleteDirectory",
"ds:DescribeDirectories",
"ds:UnauthorizeApplication",
"firehose:DescribeDeliveryStream",
"firehose:ListDeliveryStreams",
"kinesis:DescribeStream",
"kinesis:ListStreams",
"kms:DescribeKey",
"kms:ListAliases",
"lex:GetBots",
"logs:CreateLogGroup",
"s3:GetBucketLocation",
"s3:ListAllMyBuckets",
"lambda:ListFunctions",
"ds:CheckAlias"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:CreateBucket",
"s3:GetBucketAcl"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::amazon-connect-*"
},
{
"Action": [
"servicequotas:GetServiceQuota"
],
"Effect": "Allow",
"Resource": "arn:aws:servicequotas:*:*:connect/*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "connect.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:DeleteServiceLinkedRole",
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4JXAE7KLRO",
"PolicyName": "AmazonConnect_FullAccess",
"UpdateDate": "2020-11-20T19:54:21+00:00",
"VersionId": "v1"
},
"AmazonDMSCloudWatchLogsRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole",
"AttachmentCount": 0,
"CreateDate": "2016-01-07T23:44:53+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"logs:DescribeLogGroups"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "AllowDescribeOnAllLogGroups"
},
{
"Action": [
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:dms-tasks-*"
],
"Sid": "AllowDescribeOfAllLogStreamsOnDmsTasksLogGroup"
},
{
"Action": [
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:dms-tasks-*"
],
"Sid": "AllowCreationOfDmsTasksLogGroups"
},
{
"Action": [
"logs:CreateLogStream"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:dms-tasks-*:log-stream:dms-task-*"
],
"Sid": "AllowCreationOfDmsTaskLogStream"
},
{
"Action": [
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:dms-tasks-*:log-stream:dms-task-*"
],
"Sid": "AllowUploadOfLogEventsToDmsTaskLogStream"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJBG7UXZZXUJD3TDJE",
"PolicyName": "AmazonDMSCloudWatchLogsRole",
"UpdateDate": "2016-01-07T23:44:53+00:00",
"VersionId": "v1"
},
"AmazonDMSRedshiftS3Role": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role",
"AttachmentCount": 0,
"CreateDate": "2016-04-20T17:05:56+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"s3:CreateBucket",
"s3:ListBucket",
"s3:DeleteBucket",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:GetObjectVersion",
"s3:GetBucketPolicy",
"s3:PutBucketPolicy",
"s3:GetBucketAcl",
"s3:PutBucketVersioning",
"s3:GetBucketVersioning",
"s3:PutLifecycleConfiguration",
"s3:GetLifecycleConfiguration",
"s3:DeleteBucketPolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::dms-*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI3CCUQ4U5WNC5F6B6",
"PolicyName": "AmazonDMSRedshiftS3Role",
"UpdateDate": "2019-07-08T18:19:14+00:00",
"VersionId": "v3"
},
"AmazonDMSVPCManagementRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole",
"AttachmentCount": 0,
"CreateDate": "2015-11-18T16:33:19+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DeleteNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJHKIGMBQI4AEFFSYO",
"PolicyName": "AmazonDMSVPCManagementRole",
"UpdateDate": "2016-05-23T16:29:57+00:00",
"VersionId": "v3"
},
"AmazonDRSVPCManagement": {
"Arn": "arn:aws:iam::aws:policy/AmazonDRSVPCManagement",
"AttachmentCount": 0,
"CreateDate": "2015-09-02T00:09:20+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:RevokeSecurityGroupIngress"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJPXIBTTZMBEFEX6UA",
"PolicyName": "AmazonDRSVPCManagement",
"UpdateDate": "2015-09-02T00:09:20+00:00",
"VersionId": "v1"
},
"AmazonDetectiveFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonDetectiveFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-04-30T17:57:15+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"detective:*",
"organizations:DescribeOrganization",
"organizations:ListAccounts"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"guardduty:ArchiveFindings"
],
"Effect": "Allow",
"Resource": "arn:aws:guardduty:*:*:detector/*"
},
{
"Action": [
"guardduty:ListDetectors"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4IRLX3QVOO",
"PolicyName": "AmazonDetectiveFullAccess",
"UpdateDate": "2020-10-21T22:07:28+00:00",
"VersionId": "v2"
},
"AmazonDevOpsGuruFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonDevOpsGuruFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-12-01T16:38:12+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"devops-guru:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "DevOpsGuruFullAccess"
},
{
"Action": [
"cloudformation:DescribeStacks",
"cloudformation:ListStacks"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudFormationListStacksAccess"
},
{
"Action": [
"cloudwatch:GetMetricData"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudWatchGetMetricDataAccess"
},
{
"Action": [
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "SnsListTopicsAccess"
},
{
"Action": [
"sns:CreateTopic",
"sns:GetTopicAttributes",
"sns:SetTopicAttributes",
"sns:Publish"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:DevOps-Guru-*",
"Sid": "SnsTopicOperations"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "devops-guru.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru",
"Sid": "DevOpsGuruSlrCreation"
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru",
"Sid": "DevOpsGuruSlrDeletion"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4BQEAUGTMM",
"PolicyName": "AmazonDevOpsGuruFullAccess",
"UpdateDate": "2020-12-01T16:38:12+00:00",
"VersionId": "v1"
},
"AmazonDevOpsGuruReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonDevOpsGuruReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-12-01T16:34:40+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"devops-guru:DescribeAccountHealth",
"devops-guru:DescribeAccountOverview",
"devops-guru:DescribeAnomaly",
"devops-guru:DescribeInsight",
"devops-guru:DescribeResourceCollectionHealth",
"devops-guru:DescribeServiceIntegration",
"devops-guru:GetCostEstimation",
"devops-guru:GetResourceCollection",
"devops-guru:ListAnomaliesForInsight",
"devops-guru:ListEvents",
"devops-guru:ListInsights",
"devops-guru:ListNotificationChannels",
"devops-guru:ListRecommendations",
"devops-guru:SearchInsights",
"devops-guru:StartCostEstimation"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "DevOpsGuruReadOnlyAccess"
},
{
"Action": [
"cloudformation:DescribeStacks",
"cloudformation:ListStacks"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudFormationListStacksAccess"
},
{
"Action": [
"cloudwatch:GetMetricData"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudWatchGetMetricDataAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4JK4QO3QK6",
"PolicyName": "AmazonDevOpsGuruReadOnlyAccess",
"UpdateDate": "2021-04-23T18:44:36+00:00",
"VersionId": "v2"
},
"AmazonDevOpsGuruServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonDevOpsGuruServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-12-01T10:24:42+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"autoscaling:DescribeAutoScalingGroups",
"cloudtrail:LookupEvents",
"cloudwatch:GetMetricData",
"cloudwatch:ListMetrics",
"cloudwatch:DescribeAnomalyDetectors",
"cloudwatch:DescribeAlarms",
"cloudwatch:ListDashboards",
"cloudwatch:GetDashboard",
"cloudformation:GetTemplate",
"cloudformation:ListStacks",
"cloudformation:ListStackResources",
"cloudformation:DescribeStacks",
"cloudformation:ListImports",
"codedeploy:BatchGetDeployments",
"codedeploy:GetDeploymentGroup",
"codedeploy:ListDeployments",
"config:DescribeConfigurationRecorderStatus",
"config:GetResourceConfigHistory",
"events:ListRuleNamesByTarget",
"xray:GetServiceGraph"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"events:PutTargets",
"events:PutRule"
],
"Effect": "Allow",
"Resource": "arn:aws:events:*:*:rule/DevOps-Guru-managed-*",
"Sid": "AllowPutTargetsOnASpecificRule"
},
{
"Action": [
"ssm:CreateOpsItem"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowCreateOpsItem"
},
{
"Action": [
"ssm:AddTagsToResource"
],
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:opsitem/*",
"Sid": "AllowAddTagsToOpsItem"
},
{
"Action": [
"ssm:GetOpsItem",
"ssm:UpdateOpsItem"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/DevOps-GuruInsightSsmOpsItemRelated": "true"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowAccessOpsItem"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4LOGPH224B",
"PolicyName": "AmazonDevOpsGuruServiceRolePolicy",
"UpdateDate": "2021-04-21T23:51:53+00:00",
"VersionId": "v2"
},
"AmazonDocDBConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonDocDBConsoleFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-01-09T20:37:28+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"rds:AddRoleToDBCluster",
"rds:AddSourceIdentifierToSubscription",
"rds:AddTagsToResource",
"rds:ApplyPendingMaintenanceAction",
"rds:CopyDBClusterParameterGroup",
"rds:CopyDBClusterSnapshot",
"rds:CopyDBParameterGroup",
"rds:CreateDBCluster",
"rds:CreateDBClusterParameterGroup",
"rds:CreateDBClusterSnapshot",
"rds:CreateDBInstance",
"rds:CreateDBParameterGroup",
"rds:CreateDBSubnetGroup",
"rds:CreateEventSubscription",
"rds:DeleteDBCluster",
"rds:DeleteDBClusterParameterGroup",
"rds:DeleteDBClusterSnapshot",
"rds:DeleteDBInstance",
"rds:DeleteDBParameterGroup",
"rds:DeleteDBSubnetGroup",
"rds:DeleteEventSubscription",
"rds:DescribeAccountAttributes",
"rds:DescribeCertificates",
"rds:DescribeDBClusterParameterGroups",
"rds:DescribeDBClusterParameters",
"rds:DescribeDBClusterSnapshotAttributes",
"rds:DescribeDBClusterSnapshots",
"rds:DescribeDBClusters",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeDBLogFiles",
"rds:DescribeDBParameterGroups",
"rds:DescribeDBParameters",
"rds:DescribeDBSecurityGroups",
"rds:DescribeDBSubnetGroups",
"rds:DescribeEngineDefaultClusterParameters",
"rds:DescribeEngineDefaultParameters",
"rds:DescribeEventCategories",
"rds:DescribeEventSubscriptions",
"rds:DescribeEvents",
"rds:DescribeOptionGroups",
"rds:DescribeOrderableDBInstanceOptions",
"rds:DescribePendingMaintenanceActions",
"rds:DescribeValidDBInstanceModifications",
"rds:DownloadDBLogFilePortion",
"rds:FailoverDBCluster",
"rds:ListTagsForResource",
"rds:ModifyDBCluster",
"rds:ModifyDBClusterParameterGroup",
"rds:ModifyDBClusterSnapshotAttribute",
"rds:ModifyDBInstance",
"rds:ModifyDBParameterGroup",
"rds:ModifyDBSubnetGroup",
"rds:ModifyEventSubscription",
"rds:PromoteReadReplicaDBCluster",
"rds:RebootDBInstance",
"rds:RemoveRoleFromDBCluster",
"rds:RemoveSourceIdentifierFromSubscription",
"rds:RemoveTagsFromResource",
"rds:ResetDBClusterParameterGroup",
"rds:ResetDBParameterGroup",
"rds:RestoreDBClusterFromSnapshot",
"rds:RestoreDBClusterToPointInTime"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:GetRole",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"ec2:AllocateAddress",
"ec2:AssignIpv6Addresses",
"ec2:AssignPrivateIpAddresses",
"ec2:AssociateAddress",
"ec2:AssociateRouteTable",
"ec2:AssociateSubnetCidrBlock",
"ec2:AssociateVpcCidrBlock",
"ec2:AttachInternetGateway",
"ec2:AttachNetworkInterface",
"ec2:CreateCustomerGateway",
"ec2:CreateDefaultSubnet",
"ec2:CreateDefaultVpc",
"ec2:CreateInternetGateway",
"ec2:CreateNatGateway",
"ec2:CreateNetworkInterface",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateVpc",
"ec2:CreateVpcEndpoint",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeCustomerGateways",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribePrefixLists",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroupReferences",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcs",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ModifySubnetAttribute",
"ec2:ModifyVpcAttribute",
"ec2:ModifyVpcEndpoint",
"kms:DescribeKey",
"kms:ListAliases",
"kms:ListKeyPolicies",
"kms:ListKeys",
"kms:ListRetirableGrants",
"logs:DescribeLogStreams",
"logs:GetLogEvents",
"sns:ListSubscriptions",
"sns:ListTopics",
"sns:Publish"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "rds.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJHV6VMSNDDHJ3ESNI",
"PolicyName": "AmazonDocDBConsoleFullAccess",
"UpdateDate": "2021-04-05T22:42:40+00:00",
"VersionId": "v3"
},
"AmazonDocDBFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonDocDBFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-01-09T20:21:44+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"rds:AddRoleToDBCluster",
"rds:AddSourceIdentifierToSubscription",
"rds:AddTagsToResource",
"rds:ApplyPendingMaintenanceAction",
"rds:CopyDBClusterParameterGroup",
"rds:CopyDBClusterSnapshot",
"rds:CopyDBParameterGroup",
"rds:CreateDBCluster",
"rds:CreateDBClusterParameterGroup",
"rds:CreateDBClusterSnapshot",
"rds:CreateDBInstance",
"rds:CreateDBParameterGroup",
"rds:CreateDBSubnetGroup",
"rds:CreateEventSubscription",
"rds:DeleteDBCluster",
"rds:DeleteDBClusterParameterGroup",
"rds:DeleteDBClusterSnapshot",
"rds:DeleteDBInstance",
"rds:DeleteDBParameterGroup",
"rds:DeleteDBSubnetGroup",
"rds:DeleteEventSubscription",
"rds:DescribeAccountAttributes",
"rds:DescribeCertificates",
"rds:DescribeDBClusterParameterGroups",
"rds:DescribeDBClusterParameters",
"rds:DescribeDBClusterSnapshotAttributes",
"rds:DescribeDBClusterSnapshots",
"rds:DescribeDBClusters",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeDBLogFiles",
"rds:DescribeDBParameterGroups",
"rds:DescribeDBParameters",
"rds:DescribeDBSecurityGroups",
"rds:DescribeDBSubnetGroups",
"rds:DescribeEngineDefaultClusterParameters",
"rds:DescribeEngineDefaultParameters",
"rds:DescribeEventCategories",
"rds:DescribeEventSubscriptions",
"rds:DescribeEvents",
"rds:DescribeOptionGroups",
"rds:DescribeOrderableDBInstanceOptions",
"rds:DescribePendingMaintenanceActions",
"rds:DescribeValidDBInstanceModifications",
"rds:DownloadDBLogFilePortion",
"rds:FailoverDBCluster",
"rds:ListTagsForResource",
"rds:ModifyDBCluster",
"rds:ModifyDBClusterParameterGroup",
"rds:ModifyDBClusterSnapshotAttribute",
"rds:ModifyDBInstance",
"rds:ModifyDBParameterGroup",
"rds:ModifyDBSubnetGroup",
"rds:ModifyEventSubscription",
"rds:PromoteReadReplicaDBCluster",
"rds:RebootDBInstance",
"rds:RemoveRoleFromDBCluster",
"rds:RemoveSourceIdentifierFromSubscription",
"rds:RemoveTagsFromResource",
"rds:ResetDBClusterParameterGroup",
"rds:ResetDBParameterGroup",
"rds:RestoreDBClusterFromSnapshot",
"rds:RestoreDBClusterToPointInTime"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
"kms:ListAliases",
"kms:ListKeyPolicies",
"kms:ListKeys",
"kms:ListRetirableGrants",
"logs:DescribeLogStreams",
"logs:GetLogEvents",
"sns:ListSubscriptions",
"sns:ListTopics",
"sns:Publish"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "rds.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIQKACUF6JJHALEG5K",
"PolicyName": "AmazonDocDBFullAccess",
"UpdateDate": "2019-01-09T20:21:44+00:00",
"VersionId": "v1"
},
"AmazonDocDBReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonDocDBReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-01-09T20:30:28+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"rds:DescribeAccountAttributes",
"rds:DescribeCertificates",
"rds:DescribeDBClusterParameterGroups",
"rds:DescribeDBClusterParameters",
"rds:DescribeDBClusterSnapshotAttributes",
"rds:DescribeDBClusterSnapshots",
"rds:DescribeDBClusters",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeDBLogFiles",
"rds:DescribeDBParameterGroups",
"rds:DescribeDBParameters",
"rds:DescribeDBSubnetGroups",
"rds:DescribeEventCategories",
"rds:DescribeEventSubscriptions",
"rds:DescribeEvents",
"rds:DescribeOrderableDBInstanceOptions",
"rds:DescribePendingMaintenanceActions",
"rds:DownloadDBLogFilePortion",
"rds:ListTagsForResource"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:ListKeys",
"kms:ListRetirableGrants",
"kms:ListAliases",
"kms:ListKeyPolicies"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:DescribeLogStreams",
"logs:GetLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*",
"arn:aws:logs:*:*:log-group:/aws/docdb/*:log-stream:*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI477RMVACLTLWY5RQ",
"PolicyName": "AmazonDocDBReadOnlyAccess",
"UpdateDate": "2019-01-09T20:30:28+00:00",
"VersionId": "v1"
},
"AmazonDynamoDBFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess",
"AttachmentCount": 2,
"CreateDate": "2015-02-06T18:40:11+00:00",
"DefaultVersionId": "v15",
"Document": {
"Statement": [
{
"Action": [
"dynamodb:*",
"dax:*",
"application-autoscaling:DeleteScalingPolicy",
"application-autoscaling:DeregisterScalableTarget",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:RegisterScalableTarget",
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarmHistory",
"cloudwatch:DescribeAlarms",
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"cloudwatch:PutMetricAlarm",
"cloudwatch:GetMetricData",
"datapipeline:ActivatePipeline",
"datapipeline:CreatePipeline",
"datapipeline:DeletePipeline",
"datapipeline:DescribeObjects",
"datapipeline:DescribePipelines",
"datapipeline:GetPipelineDefinition",
"datapipeline:ListPipelines",
"datapipeline:PutPipelineDefinition",
"datapipeline:QueryObjects",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"iam:GetRole",
"iam:ListRoles",
"kms:DescribeKey",
"kms:ListAliases",
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:ListSubscriptions",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"sns:Subscribe",
"sns:Unsubscribe",
"sns:SetTopicAttributes",
"lambda:CreateFunction",
"lambda:ListFunctions",
"lambda:ListEventSourceMappings",
"lambda:CreateEventSourceMapping",
"lambda:DeleteEventSourceMapping",
"lambda:GetFunctionConfiguration",
"lambda:DeleteFunction",
"resource-groups:ListGroups",
"resource-groups:ListGroupResources",
"resource-groups:GetGroup",
"resource-groups:GetGroupQuery",
"resource-groups:DeleteGroup",
"resource-groups:CreateGroup",
"tag:GetResources",
"kinesis:ListStreams",
"kinesis:DescribeStream",
"kinesis:DescribeStreamSummary"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "cloudwatch:GetInsightRuleReport",
"Effect": "Allow",
"Resource": "arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"application-autoscaling.amazonaws.com",
"application-autoscaling.amazonaws.com.cn",
"dax.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"replication.dynamodb.amazonaws.com",
"dax.amazonaws.com",
"dynamodb.application-autoscaling.amazonaws.com",
"contributorinsights.dynamodb.amazonaws.com",
"kinesisreplication.dynamodb.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAINUGF2JSOSUY76KYA",
"PolicyName": "AmazonDynamoDBFullAccess",
"UpdateDate": "2021-01-29T17:38:30+00:00",
"VersionId": "v15"
},
"AmazonDynamoDBFullAccesswithDataPipeline": {
"Arn": "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccesswithDataPipeline",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:14+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarmHistory",
"cloudwatch:DescribeAlarms",
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"cloudwatch:PutMetricAlarm",
"dynamodb:*",
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:ListSubscriptions",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"sns:Subscribe",
"sns:Unsubscribe",
"sns:SetTopicAttributes"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "DDBConsole"
},
{
"Action": [
"lambda:*",
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "DDBConsoleTriggers"
},
{
"Action": [
"datapipeline:*",
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "DDBConsoleImportExport"
},
{
"Action": [
"iam:GetRolePolicy",
"iam:PassRole"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "IAMEDPRoles"
},
{
"Action": [
"ec2:CreateTags",
"ec2:DescribeInstances",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances",
"elasticmapreduce:*",
"datapipeline:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "EMR"
},
{
"Action": [
"s3:DeleteObject",
"s3:Get*",
"s3:List*",
"s3:Put*"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "S3"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ3ORT7KDISSXGHJXA",
"PolicyName": "AmazonDynamoDBFullAccesswithDataPipeline",
"UpdateDate": "2015-11-12T02:17:42+00:00",
"VersionId": "v2"
},
"AmazonDynamoDBReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:12+00:00",
"DefaultVersionId": "v13",
"Document": {
"Statement": [
{
"Action": [
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"cloudwatch:DescribeAlarmHistory",
"cloudwatch:DescribeAlarms",
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricData",
"datapipeline:DescribeObjects",
"datapipeline:DescribePipelines",
"datapipeline:GetPipelineDefinition",
"datapipeline:ListPipelines",
"datapipeline:QueryObjects",
"dynamodb:BatchGetItem",
"dynamodb:Describe*",
"dynamodb:List*",
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:PartiQLSelect",
"dax:Describe*",
"dax:List*",
"dax:GetItem",
"dax:BatchGetItem",
"dax:Query",
"dax:Scan",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"iam:GetRole",
"iam:ListRoles",
"kms:DescribeKey",
"kms:ListAliases",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"lambda:ListFunctions",
"lambda:ListEventSourceMappings",
"lambda:GetFunctionConfiguration",
"resource-groups:ListGroups",
"resource-groups:ListGroupResources",
"resource-groups:GetGroup",
"resource-groups:GetGroupQuery",
"tag:GetResources",
"kinesis:ListStreams",
"kinesis:DescribeStream",
"kinesis:DescribeStreamSummary"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "cloudwatch:GetInsightRuleReport",
"Effect": "Allow",
"Resource": "arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIY2XFNA232XJ6J7X2",
"PolicyName": "AmazonDynamoDBReadOnlyAccess",
"UpdateDate": "2021-01-27T01:01:47+00:00",
"VersionId": "v13"
},
"AmazonEC2ContainerRegistryFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-12-21T17:06:48+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"ecr:*",
"cloudtrail:LookupEvents"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"replication.ecr.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIESRL7KD7IIVF6V4W",
"PolicyName": "AmazonEC2ContainerRegistryFullAccess",
"UpdateDate": "2020-12-05T00:04:19+00:00",
"VersionId": "v3"
},
"AmazonEC2ContainerRegistryPowerUser": {
"Arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser",
"AttachmentCount": 0,
"CreateDate": "2015-12-21T17:05:33+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:DescribeImages",
"ecr:BatchGetImage",
"ecr:GetLifecyclePolicy",
"ecr:GetLifecyclePolicyPreview",
"ecr:ListTagsForResource",
"ecr:DescribeImageScanFindings",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:PutImage"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJDNE5PIHROIBGGDDW",
"PolicyName": "AmazonEC2ContainerRegistryPowerUser",
"UpdateDate": "2019-12-10T20:48:08+00:00",
"VersionId": "v3"
},
"AmazonEC2ContainerRegistryReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
"AttachmentCount": 0,
"CreateDate": "2015-12-21T17:04:15+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:DescribeImages",
"ecr:BatchGetImage",
"ecr:GetLifecyclePolicy",
"ecr:GetLifecyclePolicyPreview",
"ecr:ListTagsForResource",
"ecr:DescribeImageScanFindings"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIFYZPA37OOHVIH7KQ",
"PolicyName": "AmazonEC2ContainerRegistryReadOnly",
"UpdateDate": "2019-12-10T20:56:32+00:00",
"VersionId": "v3"
},
"AmazonEC2ContainerServiceAutoscaleRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceAutoscaleRole",
"AttachmentCount": 0,
"CreateDate": "2016-05-12T23:25:44+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"ecs:DescribeServices",
"ecs:UpdateService"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"cloudwatch:DescribeAlarms",
"cloudwatch:PutMetricAlarm"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIUAP3EGGGXXCPDQKK",
"PolicyName": "AmazonEC2ContainerServiceAutoscaleRole",
"UpdateDate": "2018-02-05T19:15:15+00:00",
"VersionId": "v2"
},
"AmazonEC2ContainerServiceEventsRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceEventsRole",
"AttachmentCount": 0,
"CreateDate": "2017-05-30T16:51:35+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"ecs:RunTask"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": "ecs-tasks.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAITKFNIUAG27VSYNZ4",
"PolicyName": "AmazonEC2ContainerServiceEventsRole",
"UpdateDate": "2018-05-22T19:13:11+00:00",
"VersionId": "v2"
},
"AmazonEC2ContainerServiceRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole",
"AttachmentCount": 0,
"CreateDate": "2015-04-09T16:14:19+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:Describe*",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:Describe*",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:RegisterTargets"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJO53W2XHNACG7V77Q",
"PolicyName": "AmazonEC2ContainerServiceRole",
"UpdateDate": "2016-08-11T13:08:01+00:00",
"VersionId": "v2"
},
"AmazonEC2ContainerServiceforEC2Role": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role",
"AttachmentCount": 1,
"CreateDate": "2015-03-19T18:45:18+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeTags",
"ecs:CreateCluster",
"ecs:DeregisterContainerInstance",
"ecs:DiscoverPollEndpoint",
"ecs:Poll",
"ecs:RegisterContainerInstance",
"ecs:StartTelemetrySession",
"ecs:UpdateContainerInstancesState",
"ecs:Submit*",
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJLYJCVHC7TQHCSQDS",
"PolicyName": "AmazonEC2ContainerServiceforEC2Role",
"UpdateDate": "2019-06-13T19:11:37+00:00",
"VersionId": "v6"
},
"AmazonEC2FullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonEC2FullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:15+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": "ec2:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "elasticloadbalancing:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "cloudwatch:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "autoscaling:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"autoscaling.amazonaws.com",
"ec2scheduled.amazonaws.com",
"elasticloadbalancing.amazonaws.com",
"spot.amazonaws.com",
"spotfleet.amazonaws.com",
"transitgateway.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI3VAJF5ZCRZ7MCQE6",
"PolicyName": "AmazonEC2FullAccess",
"UpdateDate": "2018-11-27T02:16:56+00:00",
"VersionId": "v5"
},
"AmazonEC2ReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:17+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "ec2:Describe*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "elasticloadbalancing:Describe*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
"cloudwatch:Describe*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "autoscaling:Describe*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIGDT4SV4GSETWTBZK",
"PolicyName": "AmazonEC2ReadOnlyAccess",
"UpdateDate": "2015-02-06T18:40:17+00:00",
"VersionId": "v1"
},
"AmazonEC2RolePolicyForLaunchWizard": {
"Arn": "arn:aws:iam::aws:policy/AmazonEC2RolePolicyForLaunchWizard",
"AttachmentCount": 0,
"CreateDate": "2019-11-13T08:05:53+00:00",
"DefaultVersionId": "v8",
"Document": {
"Statement": [
{
"Action": [
"ec2:AttachVolume",
"ec2:RebootInstances",
"ec2:StartInstances",
"ec2:StopInstances"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/LaunchWizardResourceGroupID": "*"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": [
"ec2:ReplaceRoute"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/LaunchWizardApplicationType": "*"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:route-table/*"
},
{
"Action": [
"ec2:DescribeAddresses",
"ec2:AssociateAddress",
"ec2:DescribeInstances",
"ec2:DescribeImages",
"ec2:DescribeRegions",
"ec2:DescribeVolumes",
"ec2:DescribeRouteTables",
"ec2:ModifyInstanceAttribute",
"cloudwatch:GetMetricStatistics",
"cloudwatch:PutMetricData",
"ssm:GetCommandInvocation"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateTags",
"ec2:CreateVolume"
],
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"LaunchWizardResourceGroupID",
"LaunchWizardApplicationType"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:PutObjectTagging",
"s3:GetBucketLocation",
"logs:PutLogEvents",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:*",
"arn:aws:s3:::launchwizard*",
"arn:aws:s3:::aws-sap-data-provider/config.properties"
]
},
{
"Action": "logs:Create*",
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:*"
},
{
"Action": [
"ec2:Describe*",
"cloudformation:DescribeStackResources",
"cloudformation:SignalResource",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStacks"
],
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": "LaunchWizardResourceGroupID"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"dynamodb:BatchGetItem",
"dynamodb:PutItem",
"sqs:ReceiveMessage",
"sqs:SendMessage",
"dynamodb:Scan",
"s3:ListBucket",
"dynamodb:Query",
"dynamodb:UpdateItem",
"dynamodb:DeleteTable",
"dynamodb:CreateTable",
"s3:GetObject",
"dynamodb:DescribeTable",
"s3:GetBucketLocation",
"dynamodb:UpdateTable"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::launchwizard*",
"arn:aws:dynamodb:*:*:table/LaunchWizard*",
"arn:aws:sqs:*:*:LaunchWizard*"
]
},
{
"Action": "ssm:SendCommand",
"Condition": {
"StringLike": {
"ssm:resourceTag/LaunchWizardApplicationType": "*"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": [
"ssm:SendCommand",
"ssm:GetDocument"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ssm:*:*:document/AWSSAP-InstallBackint"
]
},
{
"Action": [
"fsx:DescribeFileSystems",
"fsx:ListTagsForResource"
],
"Condition": {
"ForAllValues:StringLike": {
"aws:TagKeys": "LaunchWizard*"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4CBGI56NFS",
"PolicyName": "AmazonEC2RolePolicyForLaunchWizard",
"UpdateDate": "2021-05-24T23:05:02+00:00",
"VersionId": "v8"
},
"AmazonEC2RoleforAWSCodeDeploy": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy",
"AttachmentCount": 0,
"CreateDate": "2015-05-19T18:10:14+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIAZKXZ27TAJ4PVWGK",
"PolicyName": "AmazonEC2RoleforAWSCodeDeploy",
"UpdateDate": "2017-03-20T17:14:10+00:00",
"VersionId": "v2"
},
"AmazonEC2RoleforAWSCodeDeployLimited": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeployLimited",
"AttachmentCount": 0,
"CreateDate": "2020-08-24T17:55:18+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*/CodeDeploy/*"
},
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:ListBucket"
],
"Condition": {
"StringEquals": {
"s3:ExistingObjectTag/UseWithCodeDeploy": "true"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4NN2A7WC6C",
"PolicyName": "AmazonEC2RoleforAWSCodeDeployLimited",
"UpdateDate": "2020-08-24T17:55:18+00:00",
"VersionId": "v1"
},
"AmazonEC2RoleforDataPipelineRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforDataPipelineRole",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:25+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:*",
"datapipeline:*",
"dynamodb:*",
"ec2:Describe*",
"elasticmapreduce:AddJobFlowSteps",
"elasticmapreduce:Describe*",
"elasticmapreduce:ListInstance*",
"elasticmapreduce:ModifyInstanceGroups",
"rds:Describe*",
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"s3:*",
"sdb:*",
"sns:*",
"sqs:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ3Z5I2WAJE5DN2J36",
"PolicyName": "AmazonEC2RoleforDataPipelineRole",
"UpdateDate": "2016-02-22T17:24:05+00:00",
"VersionId": "v3"
},
"AmazonEC2RoleforSSM": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM",
"AttachmentCount": 0,
"CreateDate": "2015-05-29T17:48:35+00:00",
"DefaultVersionId": "v8",
"Document": {
"Statement": [
{
"Action": [
"ssm:DescribeAssociation",
"ssm:GetDeployablePatchSnapshotForInstance",
"ssm:GetDocument",
"ssm:DescribeDocument",
"ssm:GetManifest",
"ssm:GetParameters",
"ssm:ListAssociations",
"ssm:ListInstanceAssociations",
"ssm:PutInventory",
"ssm:PutComplianceItems",
"ssm:PutConfigurePackageResult",
"ssm:UpdateAssociationStatus",
"ssm:UpdateInstanceAssociationStatus",
"ssm:UpdateInstanceInformation"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2messages:AcknowledgeMessage",
"ec2messages:DeleteMessage",
"ec2messages:FailMessage",
"ec2messages:GetEndpoint",
"ec2messages:GetMessages",
"ec2messages:SendReply"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:PutMetricData"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeInstanceStatus"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ds:CreateComputer",
"ds:DescribeDirectories"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:PutObject",
"s3:GetObject",
"s3:GetEncryptionConfiguration",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts",
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI6TL3SMY22S4KMMX6",
"PolicyName": "AmazonEC2RoleforSSM",
"UpdateDate": "2019-01-24T19:20:51+00:00",
"VersionId": "v8"
},
"AmazonEC2SpotFleetAutoscaleRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetAutoscaleRole",
"AttachmentCount": 0,
"CreateDate": "2016-08-19T18:27:22+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeSpotFleetRequests",
"ec2:ModifySpotFleetRequest"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"cloudwatch:DescribeAlarms",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "ec2.application-autoscaling.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/ec2.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_EC2SpotFleetRequest"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIMFFRMIOBGDP2TAVE",
"PolicyName": "AmazonEC2SpotFleetAutoscaleRole",
"UpdateDate": "2019-02-18T19:17:03+00:00",
"VersionId": "v3"
},
"AmazonEC2SpotFleetTaggingRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole",
"AttachmentCount": 0,
"CreateDate": "2017-06-29T18:19:29+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeImages",
"ec2:DescribeSubnets",
"ec2:RequestSpotInstances",
"ec2:TerminateInstances",
"ec2:DescribeInstanceStatus",
"ec2:CreateTags",
"ec2:RunInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"elasticloadbalancing:RegisterInstancesWithLoadBalancer"
],
"Effect": "Allow",
"Resource": [
"arn:aws:elasticloadbalancing:*:*:loadbalancer/*"
]
},
{
"Action": [
"elasticloadbalancing:RegisterTargets"
],
"Effect": "Allow",
"Resource": [
"arn:aws:elasticloadbalancing:*:*:*/*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ5U6UMLCEYLX5OLC4",
"PolicyName": "AmazonEC2SpotFleetTaggingRole",
"UpdateDate": "2020-04-23T19:30:49+00:00",
"VersionId": "v5"
},
"AmazonECSServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonECSServiceRolePolicy",
"AttachmentCount": 1,
"CreateDate": "2017-10-14T01:18:58+00:00",
"DefaultVersionId": "v8",
"Document": {
"Statement": [
{
"Action": [
"ec2:AttachNetworkInterface",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:Describe*",
"ec2:DetachNetworkInterface",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:Describe*",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:RegisterTargets",
"route53:ChangeResourceRecordSets",
"route53:CreateHealthCheck",
"route53:DeleteHealthCheck",
"route53:Get*",
"route53:List*",
"route53:UpdateHealthCheck",
"servicediscovery:DeregisterInstance",
"servicediscovery:Get*",
"servicediscovery:List*",
"servicediscovery:RegisterInstance",
"servicediscovery:UpdateInstanceCustomHealthStatus"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ECSTaskManagement"
},
{
"Action": [
"autoscaling:Describe*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AutoScaling"
},
{
"Action": [
"autoscaling:DeletePolicy",
"autoscaling:PutScalingPolicy",
"autoscaling:SetInstanceProtection",
"autoscaling:UpdateAutoScalingGroup"
],
"Condition": {
"Null": {
"autoscaling:ResourceTag/AmazonECSManaged": "false"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "AutoScalingManagement"
},
{
"Action": [
"autoscaling-plans:CreateScalingPlan",
"autoscaling-plans:DeleteScalingPlan",
"autoscaling-plans:DescribeScalingPlans"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AutoScalingPlanManagement"
},
{
"Action": [
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarms",
"cloudwatch:PutMetricAlarm"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudwatch:*:*:alarm:*",
"Sid": "CWAlarmManagement"
},
{
"Action": [
"ec2:CreateTags"
],
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:network-interface/*",
"Sid": "ECSTagging"
},
{
"Action": [
"logs:CreateLogGroup",
"logs:DescribeLogGroups",
"logs:PutRetentionPolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/ecs/*",
"Sid": "CWLogGroupManagement"
},
{
"Action": [
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/ecs/*:log-stream:*",
"Sid": "CWLogStreamManagement"
},
{
"Action": [
"ssm:DescribeSessions"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ExecuteCommandSessionManagement"
},
{
"Action": [
"ssm:StartSession"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ecs:*:*:task/*",
"arn:aws:ssm:*:*:document/AmazonECS-ExecuteInteractiveCommand"
],
"Sid": "ExecuteCommand"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIVUWKCAI7URU4WUEI",
"PolicyName": "AmazonECSServiceRolePolicy",
"UpdateDate": "2021-01-13T20:04:13+00:00",
"VersionId": "v8"
},
"AmazonECSTaskExecutionRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
"AttachmentCount": 1,
"CreateDate": "2017-11-16T18:48:22+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJG4T4G4PV56DE72PY",
"PolicyName": "AmazonECSTaskExecutionRolePolicy",
"UpdateDate": "2017-11-16T18:48:22+00:00",
"VersionId": "v1"
},
"AmazonECS_FullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonECS_FullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-11-07T21:36:54+00:00",
"DefaultVersionId": "v19",
"Document": {
"Statement": [
{
"Action": [
"application-autoscaling:DeleteScalingPolicy",
"application-autoscaling:DeregisterScalableTarget",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:RegisterScalableTarget",
"appmesh:DescribeVirtualGateway",
"appmesh:DescribeVirtualNode",
"appmesh:ListMeshes",
"appmesh:ListVirtualGateways",
"appmesh:ListVirtualNodes",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:CreateLaunchConfiguration",
"autoscaling:DeleteAutoScalingGroup",
"autoscaling:DeleteLaunchConfiguration",
"autoscaling:Describe*",
"autoscaling:UpdateAutoScalingGroup",
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStack*",
"cloudformation:UpdateStack",
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricStatistics",
"cloudwatch:PutMetricAlarm",
"codedeploy:BatchGetApplicationRevisions",
"codedeploy:BatchGetApplications",
"codedeploy:BatchGetDeploymentGroups",
"codedeploy:BatchGetDeployments",
"codedeploy:ContinueDeployment",
"codedeploy:CreateApplication",
"codedeploy:CreateDeployment",
"codedeploy:CreateDeploymentGroup",
"codedeploy:GetApplication",
"codedeploy:GetApplicationRevision",
"codedeploy:GetDeployment",
"codedeploy:GetDeploymentConfig",
"codedeploy:GetDeploymentGroup",
"codedeploy:GetDeploymentTarget",
"codedeploy:ListApplicationRevisions",
"codedeploy:ListApplications",
"codedeploy:ListDeploymentConfigs",
"codedeploy:ListDeploymentGroups",
"codedeploy:ListDeployments",
"codedeploy:ListDeploymentTargets",
"codedeploy:RegisterApplicationRevision",
"codedeploy:StopDeployment",
"ec2:AssociateRouteTable",
"ec2:AttachInternetGateway",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CancelSpotFleetRequests",
"ec2:CreateInternetGateway",
"ec2:CreateLaunchTemplate",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateVpc",
"ec2:DeleteLaunchTemplate",
"ec2:DeleteSubnet",
"ec2:DeleteVpc",
"ec2:Describe*",
"ec2:DetachInternetGateway",
"ec2:DisassociateRouteTable",
"ec2:ModifySubnetAttribute",
"ec2:ModifyVpcAttribute",
"ec2:RequestSpotFleet",
"ec2:RunInstances",
"ecs:*",
"elasticfilesystem:DescribeAccessPoints",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:CreateRule",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:DeleteListener",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:DeleteRule",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTargetGroups",
"events:DeleteRule",
"events:DescribeRule",
"events:ListRuleNamesByTarget",
"events:ListTargetsByRule",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"fsx:DescribeFileSystems",
"iam:ListAttachedRolePolicies",
"iam:ListInstanceProfiles",
"iam:ListRoles",
"lambda:ListFunctions",
"logs:CreateLogGroup",
"logs:DescribeLogGroups",
"logs:FilterLogEvents",
"route53:CreateHostedZone",
"route53:DeleteHostedZone",
"route53:GetHealthCheck",
"route53:GetHostedZone",
"route53:ListHostedZonesByName",
"servicediscovery:CreatePrivateDnsNamespace",
"servicediscovery:CreateService",
"servicediscovery:DeleteService",
"servicediscovery:GetNamespace",
"servicediscovery:GetOperation",
"servicediscovery:GetService",
"servicediscovery:ListNamespaces",
"servicediscovery:ListServices",
"servicediscovery:UpdateService",
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ssm:GetParameter",
"ssm:GetParameters",
"ssm:GetParametersByPath"
],
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:parameter/aws/service/ecs*"
},
{
"Action": [
"ec2:DeleteInternetGateway",
"ec2:DeleteRoute",
"ec2:DeleteRouteTable",
"ec2:DeleteSecurityGroup"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:cloudformation:stack-name": "EC2ContainerService-*"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": "ecs-tasks.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/ecsInstanceRole*"
]
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": [
"application-autoscaling.amazonaws.com",
"application-autoscaling.amazonaws.com.cn"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/ecsAutoscaleRole*"
]
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": [
"autoscaling.amazonaws.com",
"ecs.amazonaws.com",
"ecs.application-autoscaling.amazonaws.com",
"spot.amazonaws.com",
"spotfleet.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ7S7AN6YQPTJC7IFS",
"PolicyName": "AmazonECS_FullAccess",
"UpdateDate": "2020-10-12T21:02:23+00:00",
"VersionId": "v19"
},
"AmazonEKSClusterPolicy": {
"Arn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
"AttachmentCount": 0,
"CreateDate": "2018-05-27T21:06:14+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:UpdateAutoScalingGroup",
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateRoute",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DeleteRoute",
"ec2:DeleteSecurityGroup",
"ec2:DeleteVolume",
"ec2:DescribeInstances",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeVpcs",
"ec2:DescribeDhcpOptions",
"ec2:DescribeNetworkInterfaces",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume",
"ec2:RevokeSecurityGroupIngress",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
"elasticloadbalancing:AttachLoadBalancerToSubnets",
"elasticloadbalancing:ConfigureHealthCheck",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:CreateLoadBalancerListeners",
"elasticloadbalancing:CreateLoadBalancerPolicy",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:DeleteListener",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:DeleteLoadBalancerListeners",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroupAttributes",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:DetachLoadBalancerFromSubnets",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:ModifyLoadBalancerAttributes",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:ModifyTargetGroupAttributes",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer",
"elasticloadbalancing:SetLoadBalancerPoliciesOfListener",
"kms:DescribeKey"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIBTLDQMIC6UOIGFWA",
"PolicyName": "AmazonEKSClusterPolicy",
"UpdateDate": "2020-02-21T20:10:11+00:00",
"VersionId": "v4"
},
"AmazonEKSFargatePodExecutionRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-11-22T04:34:29+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:BatchGetImage"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4FJRXZH7YQ",
"PolicyName": "AmazonEKSFargatePodExecutionRolePolicy",
"UpdateDate": "2019-11-22T04:34:29+00:00",
"VersionId": "v1"
},
"AmazonEKSForFargateServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSForFargateServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-11-22T04:36:25+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeDhcpOptions",
"ec2:DescribeRouteTables"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4JAUTVFICB",
"PolicyName": "AmazonEKSForFargateServiceRolePolicy",
"UpdateDate": "2019-11-22T04:36:25+00:00",
"VersionId": "v1"
},
"AmazonEKSServicePolicy": {
"Arn": "arn:aws:iam::aws:policy/AmazonEKSServicePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-05-27T21:08:21+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DescribeInstances",
"ec2:DescribeNetworkInterfaces",
"ec2:DetachNetworkInterface",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:ModifyNetworkInterfaceAttribute",
"iam:ListAttachedRolePolicies",
"eks:UpdateClusterVersion"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:vpc/*",
"arn:aws:ec2:*:*:subnet/*"
]
},
{
"Action": "route53:AssociateVPCWithHostedZone",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "logs:CreateLogGroup",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogStream",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*:*"
},
{
"Action": "logs:PutLogEvents",
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*:*:*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "eks.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJFCNXU6HPGCIVXYDI",
"PolicyName": "AmazonEKSServicePolicy",
"UpdateDate": "2020-05-27T19:27:03+00:00",
"VersionId": "v6"
},
"AmazonEKSServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-02-21T20:10:47+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DetachNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DescribeInstances",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:CreateNetworkInterfacePermission",
"iam:ListAttachedRolePolicies",
"ec2:CreateSecurityGroup"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DeleteSecurityGroup",
"ec2:RevokeSecurityGroupIngress",
"ec2:AuthorizeSecurityGroupIngress"
],
"Condition": {
"ForAnyValue:StringLike": {
"ec2:ResourceTag/Name": "eks-cluster-sg*"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:security-group/*"
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Condition": {
"ForAnyValue:StringLike": {
"aws:TagKeys": [
"kubernetes.io/cluster/*"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:vpc/*",
"arn:aws:ec2:*:*:subnet/*"
]
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Condition": {
"ForAnyValue:StringLike": {
"aws:RequestTag/Name": "eks-cluster-sg*",
"aws:TagKeys": [
"kubernetes.io/cluster/*"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:security-group/*"
]
},
{
"Action": "route53:AssociateVPCWithHostedZone",
"Effect": "Allow",
"Resource": "arn:aws:route53:::hostedzone/*"
},
{
"Action": "logs:CreateLogGroup",
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*"
},
{
"Action": [
"logs:CreateLogStream",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*:*"
},
{
"Action": "logs:PutLogEvents",
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*:*:*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4KZBLSP26Y",
"PolicyName": "AmazonEKSServiceRolePolicy",
"UpdateDate": "2020-05-27T19:30:19+00:00",
"VersionId": "v2"
},
"AmazonEKSVPCResourceController": {
"Arn": "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController",
"AttachmentCount": 0,
"CreateDate": "2020-08-12T00:55:34+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "ec2:CreateNetworkInterfacePermission",
"Condition": {
"ForAnyValue:StringEquals": {
"ec2:ResourceTag/eks:eni:owner": "eks-vpc-resource-controller"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DetachNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DeleteNetworkInterface",
"ec2:AttachNetworkInterface",
"ec2:UnassignPrivateIpAddresses",
"ec2:AssignPrivateIpAddresses"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4PBOFT2NNA",
"PolicyName": "AmazonEKSVPCResourceController",
"UpdateDate": "2020-08-12T00:55:34+00:00",
"VersionId": "v1"
},
"AmazonEKSWorkerNodePolicy": {
"Arn": "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-05-27T21:09:01+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeVpcs",
"eks:DescribeCluster"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIBVMOY52IPQ6HD3PO",
"PolicyName": "AmazonEKSWorkerNodePolicy",
"UpdateDate": "2018-05-27T21:09:01+00:00",
"VersionId": "v1"
},
"AmazonEKS_CNI_Policy": {
"Arn": "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
"AttachmentCount": 0,
"CreateDate": "2018-05-27T21:07:42+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"ec2:AssignPrivateIpAddresses",
"ec2:AttachNetworkInterface",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeInstanceTypes",
"ec2:DetachNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:UnassignPrivateIpAddresses"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateTags"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:network-interface/*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJWLAS474LDBXNNTM4",
"PolicyName": "AmazonEKS_CNI_Policy",
"UpdateDate": "2020-04-20T20:52:01+00:00",
"VersionId": "v4"
},
"AmazonEMRCleanupPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEMRCleanupPolicy",
"AttachmentCount": 1,
"CreateDate": "2017-09-26T23:54:19+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeSpotInstanceRequests",
"ec2:DeleteLaunchTemplate",
"ec2:ModifyInstanceAttribute",
"ec2:TerminateInstances",
"ec2:CancelSpotInstanceRequests",
"ec2:DeleteNetworkInterface",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeVolumeStatus",
"ec2:DescribeVolumes",
"ec2:DetachVolume",
"ec2:DeleteVolume",
"ec2:DescribePlacementGroups",
"ec2:DeletePlacementGroup"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI4YEZURRMKACW56EA",
"PolicyName": "AmazonEMRCleanupPolicy",
"UpdateDate": "2020-09-29T21:11:54+00:00",
"VersionId": "v3"
},
"AmazonEMRContainersServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEMRContainersServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-12-09T00:38:19+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"eks:DescribeCluster",
"ec2:DescribeRouteTables",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeLoadBalancers"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4P24YZ52G4",
"PolicyName": "AmazonEMRContainersServiceRolePolicy",
"UpdateDate": "2020-12-09T00:38:19+00:00",
"VersionId": "v1"
},
"AmazonEMRFullAccessPolicy_v2": {
"Arn": "arn:aws:iam::aws:policy/AmazonEMRFullAccessPolicy_v2",
"AttachmentCount": 0,
"CreateDate": "2021-03-12T01:50:29+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"elasticmapreduce:RunJobFlow"
],
"Condition": {
"StringEquals": {
"aws:RequestTag/for-use-with-amazon-emr-managed-policies": "true"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "RunJobFlowExplicitlyWithEMRManagedTag"
},
{
"Action": [
"elasticmapreduce:AddInstanceFleet",
"elasticmapreduce:AddInstanceGroups",
"elasticmapreduce:AddJobFlowSteps",
"elasticmapreduce:AddTags",
"elasticmapreduce:CancelSteps",
"elasticmapreduce:CreateEditor",
"elasticmapreduce:CreateSecurityConfiguration",
"elasticmapreduce:DeleteEditor",
"elasticmapreduce:DeleteSecurityConfiguration",
"elasticmapreduce:DescribeCluster",
"elasticmapreduce:DescribeEditor",
"elasticmapreduce:DescribeJobFlows",
"elasticmapreduce:DescribeSecurityConfiguration",
"elasticmapreduce:DescribeStep",
"elasticmapreduce:GetBlockPublicAccessConfiguration",
"elasticmapreduce:GetManagedScalingPolicy",
"elasticmapreduce:ListBootstrapActions",
"elasticmapreduce:ListClusters",
"elasticmapreduce:ListEditors",
"elasticmapreduce:ListInstanceFleets",
"elasticmapreduce:ListInstanceGroups",
"elasticmapreduce:ListInstances",
"elasticmapreduce:ListSecurityConfigurations",
"elasticmapreduce:ListSteps",
"elasticmapreduce:ModifyCluster",
"elasticmapreduce:ModifyInstanceFleet",
"elasticmapreduce:ModifyInstanceGroups",
"elasticmapreduce:OpenEditorInConsole",
"elasticmapreduce:PutAutoScalingPolicy",
"elasticmapreduce:PutBlockPublicAccessConfiguration",
"elasticmapreduce:PutManagedScalingPolicy",
"elasticmapreduce:RemoveAutoScalingPolicy",
"elasticmapreduce:RemoveManagedScalingPolicy",
"elasticmapreduce:RemoveTags",
"elasticmapreduce:SetTerminationProtection",
"elasticmapreduce:StartEditor",
"elasticmapreduce:StopEditor",
"elasticmapreduce:TerminateJobFlows",
"elasticmapreduce:ViewEventsFromAllClustersInConsole"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ElasticMapReduceActions"
},
{
"Action": [
"cloudwatch:GetMetricStatistics"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ViewMetricsInEMRConsole"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": "elasticmapreduce.amazonaws.com*"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/EMR_DefaultRole",
"Sid": "PassRoleForElasticMapReduce"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": "ec2.amazonaws.com*"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/EMR_EC2_DefaultRole",
"Sid": "PassRoleForEC2"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": "application-autoscaling.amazonaws.com*"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/EMR_AutoScaling_DefaultRole",
"Sid": "PassRoleForAutoScaling"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"elasticmapreduce.amazonaws.com",
"elasticmapreduce.amazonaws.com.cn"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/elasticmapreduce.amazonaws.com*/AWSServiceRoleForEMRCleanup*",
"Sid": "ElasticMapReduceServiceLinkedRole"
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeImages",
"ec2:DescribeKeyPairs",
"ec2:DescribeNatGateways",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeVpcEndpoints",
"s3:ListAllMyBuckets",
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ConsoleUIActions"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4BK4MMWW4W",
"PolicyName": "AmazonEMRFullAccessPolicy_v2",
"UpdateDate": "2021-03-23T16:57:10+00:00",
"VersionId": "v2"
},
"AmazonEMRReadOnlyAccessPolicy_v2": {
"Arn": "arn:aws:iam::aws:policy/AmazonEMRReadOnlyAccessPolicy_v2",
"AttachmentCount": 0,
"CreateDate": "2021-03-12T01:39:16+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"elasticmapreduce:DescribeCluster",
"elasticmapreduce:DescribeEditor",
"elasticmapreduce:DescribeJobFlows",
"elasticmapreduce:DescribeSecurityConfiguration",
"elasticmapreduce:DescribeStep",
"elasticmapreduce:GetBlockPublicAccessConfiguration",
"elasticmapreduce:GetManagedScalingPolicy",
"elasticmapreduce:ListBootstrapActions",
"elasticmapreduce:ListClusters",
"elasticmapreduce:ListEditors",
"elasticmapreduce:ListInstanceFleets",
"elasticmapreduce:ListInstanceGroups",
"elasticmapreduce:ListInstances",
"elasticmapreduce:ListSecurityConfigurations",
"elasticmapreduce:ListSteps",
"elasticmapreduce:ViewEventsFromAllClustersInConsole"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ElasticMapReduceActions"
},
{
"Action": [
"cloudwatch:GetMetricStatistics"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ViewMetricsInEMRConsole"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4GDFTJ74PD",
"PolicyName": "AmazonEMRReadOnlyAccessPolicy_v2",
"UpdateDate": "2021-03-12T01:39:16+00:00",
"VersionId": "v1"
},
"AmazonEMRServicePolicy_v2": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonEMRServicePolicy_v2",
"AttachmentCount": 0,
"CreateDate": "2021-03-12T01:11:08+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:RunInstances",
"ec2:CreateFleet",
"ec2:CreateLaunchTemplate",
"ec2:CreateLaunchTemplateVersion"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/for-use-with-amazon-emr-managed-policies": "true"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:security-group/*"
],
"Sid": "CreateInTaggedNetwork"
},
{
"Action": [
"ec2:CreateFleet",
"ec2:RunInstances",
"ec2:CreateLaunchTemplateVersion"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/for-use-with-amazon-emr-managed-policies": "true"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:launch-template/*",
"Sid": "CreateWithEMRTaggedLaunchTemplate"
},
{
"Action": "ec2:CreateLaunchTemplate",
"Condition": {
"StringEquals": {
"aws:RequestTag/for-use-with-amazon-emr-managed-policies": "true"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:launch-template/*",
"Sid": "CreateEMRTaggedLaunchTemplate"
},
{
"Action": [
"ec2:RunInstances",
"ec2:CreateFleet"
],
"Condition": {
"StringEquals": {
"aws:RequestTag/for-use-with-amazon-emr-managed-policies": "true"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:volume/*"
],
"Sid": "CreateEMRTaggedInstancesAndVolumes"
},
{
"Action": [
"ec2:RunInstances",
"ec2:CreateFleet",
"ec2:CreateLaunchTemplate",
"ec2:CreateLaunchTemplateVersion"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*::image/ami-*",
"arn:aws:ec2:*:*:key-pair/*",
"arn:aws:ec2:*:*:capacity-reservation/*",
"arn:aws:ec2:*:*:placement-group/EMR_*",
"arn:aws:ec2:*:*:fleet/*",
"arn:aws:ec2:*:*:dedicated-host/*",
"arn:aws:resource-groups:*:*:group/*"
],
"Sid": "ResourcesToLaunchEC2"
},
{
"Action": [
"ec2:CreateLaunchTemplateVersion",
"ec2:DeleteLaunchTemplate",
"ec2:DeleteNetworkInterface",
"ec2:ModifyInstanceAttribute",
"ec2:TerminateInstances"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/for-use-with-amazon-emr-managed-policies": "true"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "ManageEMRTaggedResources"
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/for-use-with-amazon-emr-managed-policies": "true"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:launch-template/*"
],
"Sid": "ManageTagsOnEMRTaggedResources"
},
{
"Action": [
"ec2:CreateNetworkInterface"
],
"Condition": {
"StringEquals": {
"aws:RequestTag/for-use-with-amazon-emr-managed-policies": "true"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:network-interface/*"
],
"Sid": "CreateNetworkInterfaceNeededForPrivateSubnet"
},
{
"Action": [
"ec2:CreateTags"
],
"Condition": {
"StringEquals": {
"ec2:CreateAction": [
"RunInstances",
"CreateFleet",
"CreateLaunchTemplate",
"CreateNetworkInterface"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:launch-template/*"
],
"Sid": "TagOnCreateTaggedEMRResources"
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:placement-group/EMR_*"
],
"Sid": "TagPlacementGroups"
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeCapacityReservations",
"ec2:DescribeDhcpOptions",
"ec2:DescribeInstances",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribePlacementGroups",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes",
"ec2:DescribeVolumeStatus",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcs"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ListActionsForEC2Resources"
},
{
"Action": [
"ec2:CreateSecurityGroup"
],
"Condition": {
"StringEquals": {
"aws:RequestTag/for-use-with-amazon-emr-managed-policies": "true"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:security-group/*"
],
"Sid": "CreateDefaultSecurityGroupWithEMRTags"
},
{
"Action": [
"ec2:CreateSecurityGroup"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/for-use-with-amazon-emr-managed-policies": "true"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:vpc/*"
],
"Sid": "CreateDefaultSecurityGroupInVPCWithEMRTags"
},
{
"Action": [
"ec2:CreateTags"
],
"Condition": {
"StringEquals": {
"aws:RequestTag/for-use-with-amazon-emr-managed-policies": "true",
"ec2:CreateAction": "CreateSecurityGroup"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:security-group/*",
"Sid": "TagOnCreateDefaultSecurityGroupWithEMRTags"
},
{
"Action": [
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/for-use-with-amazon-emr-managed-policies": "true"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "ManageSecurityGroups"
},
{
"Action": [
"ec2:CreatePlacementGroup"
],
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:placement-group/EMR_*",
"Sid": "CreateEMRPlacementGroups"
},
{
"Action": [
"ec2:DeletePlacementGroup"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "DeletePlacementGroups"
},
{
"Action": [
"application-autoscaling:DeleteScalingPolicy",
"application-autoscaling:DeregisterScalableTarget",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:RegisterScalableTarget"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AutoScaling"
},
{
"Action": [
"resource-groups:ListGroupResources"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ResourceGroupsForCapacityReservations"
},
{
"Action": [
"cloudwatch:PutMetricAlarm",
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarms"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudwatch:*:*:alarm:*_EMR_Auto_Scaling",
"Sid": "AutoScalingCloudWatch"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": "application-autoscaling.amazonaws.com*"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/EMR_AutoScaling_DefaultRole",
"Sid": "PassRoleForAutoScaling"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": "ec2.amazonaws.com*"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/EMR_EC2_DefaultRole",
"Sid": "PassRoleForEC2"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4M2DU3H3GW",
"PolicyName": "AmazonEMRServicePolicy_v2",
"UpdateDate": "2021-03-12T01:11:08+00:00",
"VersionId": "v1"
},
"AmazonESCognitoAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonESCognitoAccess",
"AttachmentCount": 0,
"CreateDate": "2018-02-28T22:29:18+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cognito-idp:DescribeUserPool",
"cognito-idp:CreateUserPoolClient",
"cognito-idp:DeleteUserPoolClient",
"cognito-idp:DescribeUserPoolClient",
"cognito-idp:AdminInitiateAuth",
"cognito-idp:AdminUserGlobalSignOut",
"cognito-idp:ListUserPoolClients",
"cognito-identity:DescribeIdentityPool",
"cognito-identity:UpdateIdentityPool",
"cognito-identity:SetIdentityPoolRoles",
"cognito-identity:GetIdentityPoolRoles"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": "cognito-identity.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJL2FUMODIGNDPTZHO",
"PolicyName": "AmazonESCognitoAccess",
"UpdateDate": "2018-02-28T22:29:18+00:00",
"VersionId": "v1"
},
"AmazonESFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonESFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-10-01T19:14:00+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"es:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJM6ZTCU24QL5PZCGC",
"PolicyName": "AmazonESFullAccess",
"UpdateDate": "2015-10-01T19:14:00+00:00",
"VersionId": "v1"
},
"AmazonESReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonESReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-10-01T19:18:24+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"es:Describe*",
"es:List*",
"es:Get*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJUDMRLOQ7FPAR46FQ",
"PolicyName": "AmazonESReadOnlyAccess",
"UpdateDate": "2018-10-03T03:32:56+00:00",
"VersionId": "v2"
},
"AmazonElastiCacheFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonElastiCacheFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:20+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": "elasticache:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "elasticache.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/elasticache.amazonaws.com/AWSServiceRoleForElastiCache"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIA2V44CPHAUAAECKG",
"PolicyName": "AmazonElastiCacheFullAccess",
"UpdateDate": "2017-12-07T17:48:26+00:00",
"VersionId": "v2"
},
"AmazonElastiCacheReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:21+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"elasticache:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIPDACSNQHSENWAKM2",
"PolicyName": "AmazonElastiCacheReadOnlyAccess",
"UpdateDate": "2015-02-06T18:40:21+00:00",
"VersionId": "v1"
},
"AmazonElasticContainerRegistryPublicFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-12-01T17:25:52+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ecr-public:*",
"sts:GetServiceBearerToken"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4F2SFMTI3G",
"PolicyName": "AmazonElasticContainerRegistryPublicFullAccess",
"UpdateDate": "2020-12-01T17:25:52+00:00",
"VersionId": "v1"
},
"AmazonElasticContainerRegistryPublicPowerUser": {
"Arn": "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicPowerUser",
"AttachmentCount": 0,
"CreateDate": "2020-12-01T16:16:54+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ecr-public:GetAuthorizationToken",
"sts:GetServiceBearerToken",
"ecr-public:BatchCheckLayerAvailability",
"ecr-public:GetRepositoryPolicy",
"ecr-public:DescribeRepositories",
"ecr-public:DescribeRegistries",
"ecr-public:DescribeImages",
"ecr-public:DescribeImageTags",
"ecr-public:GetRepositoryCatalogData",
"ecr-public:GetRegistryCatalogData",
"ecr-public:InitiateLayerUpload",
"ecr-public:UploadLayerPart",
"ecr-public:CompleteLayerUpload",
"ecr-public:PutImage"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4P6F7N3OP7",
"PolicyName": "AmazonElasticContainerRegistryPublicPowerUser",
"UpdateDate": "2020-12-01T16:16:54+00:00",
"VersionId": "v1"
},
"AmazonElasticContainerRegistryPublicReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicReadOnly",
"AttachmentCount": 0,
"CreateDate": "2020-12-01T17:27:04+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ecr-public:GetAuthorizationToken",
"sts:GetServiceBearerToken",
"ecr-public:BatchCheckLayerAvailability",
"ecr-public:GetRepositoryPolicy",
"ecr-public:DescribeRepositories",
"ecr-public:DescribeRegistries",
"ecr-public:DescribeImages",
"ecr-public:DescribeImageTags",
"ecr-public:GetRepositoryCatalogData",
"ecr-public:GetRegistryCatalogData"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4AD7UYLF25",
"PolicyName": "AmazonElasticContainerRegistryPublicReadOnly",
"UpdateDate": "2020-12-01T17:27:04+00:00",
"VersionId": "v1"
},
"AmazonElasticFileSystemClientFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-01-13T16:27:00+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"elasticfilesystem:ClientMount",
"elasticfilesystem:ClientRootAccess",
"elasticfilesystem:ClientWrite",
"elasticfilesystem:DescribeMountTargets"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4KAMR2MLDF",
"PolicyName": "AmazonElasticFileSystemClientFullAccess",
"UpdateDate": "2020-01-13T16:27:00+00:00",
"VersionId": "v1"
},
"AmazonElasticFileSystemClientReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-01-13T16:24:36+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"elasticfilesystem:ClientMount",
"elasticfilesystem:DescribeMountTargets"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4LBXR6UPYS",
"PolicyName": "AmazonElasticFileSystemClientReadOnlyAccess",
"UpdateDate": "2020-01-13T16:24:36+00:00",
"VersionId": "v1"
},
"AmazonElasticFileSystemClientReadWriteAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientReadWriteAccess",
"AttachmentCount": 0,
"CreateDate": "2020-01-13T16:21:55+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"elasticfilesystem:ClientMount",
"elasticfilesystem:ClientWrite",
"elasticfilesystem:DescribeMountTargets"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4H74P6RBOF",
"PolicyName": "AmazonElasticFileSystemClientReadWriteAccess",
"UpdateDate": "2020-01-13T16:21:55+00:00",
"VersionId": "v1"
},
"AmazonElasticFileSystemFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-05-27T16:22:28+00:00",
"DefaultVersionId": "v7",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:GetMetricData",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
"ec2:ModifyNetworkInterfaceAttribute",
"elasticfilesystem:CreateFileSystem",
"elasticfilesystem:CreateMountTarget",
"elasticfilesystem:CreateTags",
"elasticfilesystem:CreateAccessPoint",
"elasticfilesystem:DeleteFileSystem",
"elasticfilesystem:DeleteMountTarget",
"elasticfilesystem:DeleteTags",
"elasticfilesystem:DeleteAccessPoint",
"elasticfilesystem:DeleteFileSystemPolicy",
"elasticfilesystem:DescribeAccountPreferences",
"elasticfilesystem:DescribeBackupPolicy",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:DescribeFileSystemPolicy",
"elasticfilesystem:DescribeLifecycleConfiguration",
"elasticfilesystem:DescribeMountTargets",
"elasticfilesystem:DescribeMountTargetSecurityGroups",
"elasticfilesystem:DescribeTags",
"elasticfilesystem:DescribeAccessPoints",
"elasticfilesystem:ModifyMountTargetSecurityGroups",
"elasticfilesystem:PutAccountPreferences",
"elasticfilesystem:PutBackupPolicy",
"elasticfilesystem:PutLifecycleConfiguration",
"elasticfilesystem:PutFileSystemPolicy",
"elasticfilesystem:UpdateFileSystem",
"elasticfilesystem:TagResource",
"elasticfilesystem:UntagResource",
"elasticfilesystem:ListTagsForResource",
"elasticfilesystem:Backup",
"elasticfilesystem:Restore",
"kms:DescribeKey",
"kms:ListAliases"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": [
"elasticfilesystem.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJKXTMNVQGIDNCKPBC",
"PolicyName": "AmazonElasticFileSystemFullAccess",
"UpdateDate": "2021-05-10T14:25:43+00:00",
"VersionId": "v7"
},
"AmazonElasticFileSystemReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-05-27T16:25:25+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:GetMetricData",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
"elasticfilesystem:DescribeAccountPreferences",
"elasticfilesystem:DescribeBackupPolicy",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:DescribeFileSystemPolicy",
"elasticfilesystem:DescribeLifecycleConfiguration",
"elasticfilesystem:DescribeMountTargets",
"elasticfilesystem:DescribeMountTargetSecurityGroups",
"elasticfilesystem:DescribeTags",
"elasticfilesystem:DescribeAccessPoints",
"elasticfilesystem:ListTagsForResource",
"kms:ListAliases"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIPN5S4NE5JJOKVC4Y",
"PolicyName": "AmazonElasticFileSystemReadOnlyAccess",
"UpdateDate": "2021-05-10T14:20:55+00:00",
"VersionId": "v6"
},
"AmazonElasticFileSystemServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonElasticFileSystemServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-11-05T16:52:41+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"backup-storage:MountCapsule",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:ModifyNetworkInterfaceAttribute",
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:DescribeKey"
],
"Effect": "Allow",
"Resource": "arn:aws:kms:*:*:key/*"
},
{
"Action": [
"backup:CreateBackupVault",
"backup:PutBackupVaultAccessPolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:backup:*:*:backup-vault:aws/efs/automatic-backup-vault"
]
},
{
"Action": [
"backup:CreateBackupPlan",
"backup:CreateBackupSelection"
],
"Effect": "Allow",
"Resource": [
"arn:aws:backup:*:*:backup-plan:*"
]
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringLike": {
"iam:AWSServiceName": [
"backup.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": "backup.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/backup.amazonaws.com/AWSServiceRoleForBackup"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4FXCJYWBN7",
"PolicyName": "AmazonElasticFileSystemServiceRolePolicy",
"UpdateDate": "2020-07-16T19:27:41+00:00",
"VersionId": "v3"
},
"AmazonElasticFileSystemsUtils": {
"Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemsUtils",
"AttachmentCount": 0,
"CreateDate": "2020-09-29T15:16:47+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ssm:DescribeAssociation",
"ssm:GetDeployablePatchSnapshotForInstance",
"ssm:GetDocument",
"ssm:DescribeDocument",
"ssm:GetManifest",
"ssm:GetParameter",
"ssm:GetParameters",
"ssm:ListAssociations",
"ssm:ListInstanceAssociations",
"ssm:PutInventory",
"ssm:PutComplianceItems",
"ssm:PutConfigurePackageResult",
"ssm:UpdateAssociationStatus",
"ssm:UpdateInstanceAssociationStatus",
"ssm:UpdateInstanceInformation"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2messages:AcknowledgeMessage",
"ec2messages:DeleteMessage",
"ec2messages:FailMessage",
"ec2messages:GetEndpoint",
"ec2messages:GetMessages",
"ec2messages:SendReply"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"elasticfilesystem:DescribeMountTargets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeAvailabilityZones"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:PutLogEvents",
"logs:DescribeLogStreams",
"logs:DescribeLogGroups",
"logs:CreateLogStream",
"logs:CreateLogGroup",
"logs:PutRetentionPolicy"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4KVOAQRKXW",
"PolicyName": "AmazonElasticFileSystemsUtils",
"UpdateDate": "2020-09-29T15:16:47+00:00",
"VersionId": "v1"
},
"AmazonElasticMapReduceEditorsRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceEditorsRole",
"AttachmentCount": 0,
"CreateDate": "2018-11-16T21:55:25+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:DescribeSecurityGroups",
"ec2:RevokeSecurityGroupEgress",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DescribeNetworkInterfaces",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DescribeTags",
"ec2:DescribeInstances",
"ec2:DescribeSubnets",
"elasticmapreduce:ListInstances",
"elasticmapreduce:DescribeCluster"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"aws:elasticmapreduce:editor-id",
"aws:elasticmapreduce:job-flow-id"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:network-interface/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIBI5CIE6OHUIGLYVG",
"PolicyName": "AmazonElasticMapReduceEditorsRole",
"UpdateDate": "2018-11-16T21:55:25+00:00",
"VersionId": "v1"
},
"AmazonElasticMapReduceFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonElasticMapReduceFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:22+00:00",
"DefaultVersionId": "v7",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:*",
"cloudformation:CreateStack",
"cloudformation:DescribeStackEvents",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:CancelSpotInstanceRequests",
"ec2:CreateRoute",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DeleteRoute",
"ec2:DeleteTags",
"ec2:DeleteSecurityGroup",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeSpotPriceHistory",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
"ec2:DescribeRouteTables",
"ec2:DescribeNetworkAcls",
"ec2:CreateVpcEndpoint",
"ec2:ModifyImageAttribute",
"ec2:ModifyInstanceAttribute",
"ec2:RequestSpotInstances",
"ec2:RevokeSecurityGroupEgress",
"ec2:RunInstances",
"ec2:TerminateInstances",
"elasticmapreduce:*",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:ListRoles",
"iam:PassRole",
"kms:List*",
"s3:*",
"sdb:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": [
"elasticmapreduce.amazonaws.com",
"elasticmapreduce.amazonaws.com.cn"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIZP5JFP3AMSGINBB2",
"PolicyName": "AmazonElasticMapReduceFullAccess",
"UpdateDate": "2019-10-11T15:19:30+00:00",
"VersionId": "v7"
},
"AmazonElasticMapReducePlacementGroupPolicy": {
"Arn": "arn:aws:iam::aws:policy/AmazonElasticMapReducePlacementGroupPolicy",
"AttachmentCount": 0,
"CreateDate": "2020-09-29T00:37:08+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:DeletePlacementGroup",
"ec2:DescribePlacementGroups"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreatePlacementGroup"
],
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:placement-group/EMR_*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4LC2KU77YD",
"PolicyName": "AmazonElasticMapReducePlacementGroupPolicy",
"UpdateDate": "2020-09-29T00:37:08+00:00",
"VersionId": "v1"
},
"AmazonElasticMapReduceReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonElasticMapReduceReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:23+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"elasticmapreduce:Describe*",
"elasticmapreduce:List*",
"elasticmapreduce:GetBlockPublicAccessConfiguration",
"elasticmapreduce:ViewEventsFromAllClustersInConsole",
"s3:GetObject",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"sdb:Select",
"cloudwatch:GetMetricStatistics"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIHP6NH2S6GYFCOINC",
"PolicyName": "AmazonElasticMapReduceReadOnlyAccess",
"UpdateDate": "2020-07-29T23:14:09+00:00",
"VersionId": "v3"
},
"AmazonElasticMapReduceRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole",
"AttachmentCount": 1,
"CreateDate": "2015-02-06T18:41:20+00:00",
"DefaultVersionId": "v10",
"Document": {
"Statement": [
{
"Action": [
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CancelSpotInstanceRequests",
"ec2:CreateFleet",
"ec2:CreateLaunchTemplate",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DeleteLaunchTemplate",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
"ec2:DeleteTags",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeAccountAttributes",
"ec2:DescribeDhcpOptions",
"ec2:DescribeImages",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribePrefixLists",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeSpotPriceHistory",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcEndpointServices",
"ec2:DescribeVpcs",
"ec2:DetachNetworkInterface",
"ec2:ModifyImageAttribute",
"ec2:ModifyInstanceAttribute",
"ec2:RequestSpotInstances",
"ec2:RevokeSecurityGroupEgress",
"ec2:RunInstances",
"ec2:TerminateInstances",
"ec2:DeleteVolume",
"ec2:DescribeVolumeStatus",
"ec2:DescribeVolumes",
"ec2:DetachVolume",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:ListInstanceProfiles",
"iam:ListRolePolicies",
"iam:PassRole",
"s3:CreateBucket",
"s3:Get*",
"s3:List*",
"sdb:BatchPutAttributes",
"sdb:Select",
"sqs:CreateQueue",
"sqs:Delete*",
"sqs:GetQueue*",
"sqs:PurgeQueue",
"sqs:ReceiveMessage",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:DeleteAlarms",
"application-autoscaling:RegisterScalableTarget",
"application-autoscaling:DeregisterScalableTarget",
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:DeleteScalingPolicy",
"application-autoscaling:Describe*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "spot.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIDI2BQT2LKXZG36TW",
"PolicyName": "AmazonElasticMapReduceRole",
"UpdateDate": "2020-06-24T22:24:20+00:00",
"VersionId": "v10"
},
"AmazonElasticMapReduceforAutoScalingRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforAutoScalingRole",
"AttachmentCount": 1,
"CreateDate": "2016-11-18T01:09:10+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:DescribeAlarms",
"elasticmapreduce:ListInstanceGroups",
"elasticmapreduce:ModifyInstanceGroups"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJSVXG6QHPE6VHDZ4Q",
"PolicyName": "AmazonElasticMapReduceforAutoScalingRole",
"UpdateDate": "2016-11-18T01:09:10+00:00",
"VersionId": "v1"
},
"AmazonElasticMapReduceforEC2Role": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role",
"AttachmentCount": 1,
"CreateDate": "2015-02-06T18:41:21+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:*",
"dynamodb:*",
"ec2:Describe*",
"elasticmapreduce:Describe*",
"elasticmapreduce:ListBootstrapActions",
"elasticmapreduce:ListClusters",
"elasticmapreduce:ListInstanceGroups",
"elasticmapreduce:ListInstances",
"elasticmapreduce:ListSteps",
"kinesis:CreateStream",
"kinesis:DeleteStream",
"kinesis:DescribeStream",
"kinesis:GetRecords",
"kinesis:GetShardIterator",
"kinesis:MergeShards",
"kinesis:PutRecord",
"kinesis:SplitShard",
"rds:Describe*",
"s3:*",
"sdb:*",
"sns:*",
"sqs:*",
"glue:CreateDatabase",
"glue:UpdateDatabase",
"glue:DeleteDatabase",
"glue:GetDatabase",
"glue:GetDatabases",
"glue:CreateTable",
"glue:UpdateTable",
"glue:DeleteTable",
"glue:GetTable",
"glue:GetTables",
"glue:GetTableVersions",
"glue:CreatePartition",
"glue:BatchCreatePartition",
"glue:UpdatePartition",
"glue:DeletePartition",
"glue:BatchDeletePartition",
"glue:GetPartition",
"glue:GetPartitions",
"glue:BatchGetPartition",
"glue:CreateUserDefinedFunction",
"glue:UpdateUserDefinedFunction",
"glue:DeleteUserDefinedFunction",
"glue:GetUserDefinedFunction",
"glue:GetUserDefinedFunctions"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIGALS5RCDLZLB3PGS",
"PolicyName": "AmazonElasticMapReduceforEC2Role",
"UpdateDate": "2017-08-11T23:57:30+00:00",
"VersionId": "v3"
},
"AmazonElasticTranscoderRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticTranscoderRole",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:26+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"s3:ListBucket",
"s3:Get*",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:*MultipartUpload*"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "1"
},
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "2"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJNW3WMKVXFJ2KPIQ2",
"PolicyName": "AmazonElasticTranscoderRole",
"UpdateDate": "2019-06-13T22:48:22+00:00",
"VersionId": "v2"
},
"AmazonElasticTranscoder_FullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonElasticTranscoder_FullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-04-27T18:59:35+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"elastictranscoder:*",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"iam:ListRoles",
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"elastictranscoder.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAICFT6XVF3RSR4E7JG",
"PolicyName": "AmazonElasticTranscoder_FullAccess",
"UpdateDate": "2019-06-10T22:51:51+00:00",
"VersionId": "v2"
},
"AmazonElasticTranscoder_JobsSubmitter": {
"Arn": "arn:aws:iam::aws:policy/AmazonElasticTranscoder_JobsSubmitter",
"AttachmentCount": 0,
"CreateDate": "2018-06-07T21:12:16+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"elastictranscoder:Read*",
"elastictranscoder:List*",
"elastictranscoder:*Job",
"elastictranscoder:*Preset",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"iam:ListRoles",
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ7AUMMRQOVZRI734S",
"PolicyName": "AmazonElasticTranscoder_JobsSubmitter",
"UpdateDate": "2019-06-10T22:49:34+00:00",
"VersionId": "v2"
},
"AmazonElasticTranscoder_ReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonElasticTranscoder_ReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-06-07T21:09:56+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"elastictranscoder:Read*",
"elastictranscoder:List*",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"iam:ListRoles",
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI3R3CR6KVEWD4DPFY",
"PolicyName": "AmazonElasticTranscoder_ReadOnlyAccess",
"UpdateDate": "2019-06-10T22:48:32+00:00",
"VersionId": "v2"
},
"AmazonElasticsearchServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonElasticsearchServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-07-07T00:15:31+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"elasticloadbalancing:AddListenerCertificates",
"elasticloadbalancing:RemoveListenerCertificates"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "Stmt1480452973134"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJFEWZPHXKLCVHEUIC",
"PolicyName": "AmazonElasticsearchServiceRolePolicy",
"UpdateDate": "2020-08-31T10:30:23+00:00",
"VersionId": "v3"
},
"AmazonEventBridgeApiDestinationsServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEventBridgeApiDestinationsServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2021-02-11T20:52:05+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"secretsmanager:CreateSecret",
"secretsmanager:UpdateSecret",
"secretsmanager:DescribeSecret",
"secretsmanager:DeleteSecret",
"secretsmanager:GetSecretValue",
"secretsmanager:PutSecretValue"
],
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:*:*:secret:events!connection/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4GHQV22EVJ",
"PolicyName": "AmazonEventBridgeApiDestinationsServiceRolePolicy",
"UpdateDate": "2021-02-11T20:52:05+00:00",
"VersionId": "v1"
},
"AmazonEventBridgeFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-07-11T14:08:55+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": "events:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "apidestinations.events.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/AmazonEventBridgeApiDestinationsServiceRolePolicy"
},
{
"Action": [
"secretsmanager:CreateSecret",
"secretsmanager:UpdateSecret",
"secretsmanager:DeleteSecret",
"secretsmanager:GetSecretValue",
"secretsmanager:PutSecretValue"
],
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:*:*:secret:events!*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": "events.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4BUM4GCASI",
"PolicyName": "AmazonEventBridgeFullAccess",
"UpdateDate": "2021-03-04T18:56:38+00:00",
"VersionId": "v2"
},
"AmazonEventBridgeReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonEventBridgeReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-07-11T13:59:07+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"events:DescribeRule",
"events:DescribeEventBus",
"events:DescribeEventSource",
"events:ListEventBuses",
"events:ListEventSources",
"events:ListRuleNamesByTarget",
"events:ListRules",
"events:ListTargetsByRule",
"events:TestEventPattern",
"events:DescribeArchive",
"events:ListArchives",
"events:DescribeReplay",
"events:ListReplays",
"events:DescribeConnection",
"events:ListConnections",
"events:DescribeApiDestination",
"events:ListApiDestinations"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4BDMP3LZME",
"PolicyName": "AmazonEventBridgeReadOnlyAccess",
"UpdateDate": "2021-03-04T19:08:31+00:00",
"VersionId": "v3"
},
"AmazonEventBridgeSchemasFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonEventBridgeSchemasFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-11-28T23:12:53+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"schemas:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AmazonEventBridgeSchemasFullAccess"
},
{
"Action": [
"events:PutRule",
"events:PutTargets",
"events:EnableRule",
"events:DisableRule",
"events:DeleteRule",
"events:RemoveTargets",
"events:ListTargetsByRule"
],
"Effect": "Allow",
"Resource": "arn:aws:events:*:*:rule/*Schemas*",
"Sid": "AmazonEventBridgeManageRule"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/schemas.amazonaws.com/AWSServiceRoleForSchemas",
"Sid": "IAMCreateServiceLinkedRoleForAmazonEventBridgeSchemas"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4JF3KP3V5J",
"PolicyName": "AmazonEventBridgeSchemasFullAccess",
"UpdateDate": "2019-11-28T23:12:53+00:00",
"VersionId": "v1"
},
"AmazonEventBridgeSchemasReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonEventBridgeSchemasReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-11-28T23:05:57+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"schemas:ListDiscoverers",
"schemas:DescribeDiscoverer",
"schemas:ListRegistries",
"schemas:DescribeRegistry",
"schemas:SearchSchemas",
"schemas:ListSchemas",
"schemas:ListSchemaVersions",
"schemas:DescribeSchema",
"schemas:GetDiscoveredSchema",
"schemas:DescribeCodeBinding",
"schemas:GetCodeBindingSource",
"schemas:ListTagsForResource",
"schemas:GetResourcePolicy"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AmazonEventBridgeSchemasReadOnlyAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4JK7CLVFIU",
"PolicyName": "AmazonEventBridgeSchemasReadOnlyAccess",
"UpdateDate": "2020-05-01T00:50:53+00:00",
"VersionId": "v2"
},
"AmazonEventBridgeSchemasServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEventBridgeSchemasServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-11-27T01:10:40+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"events:PutRule",
"events:PutTargets",
"events:EnableRule",
"events:DisableRule",
"events:DeleteRule",
"events:RemoveTargets",
"events:ListTargetsByRule"
],
"Effect": "Allow",
"Resource": [
"arn:aws:events:*:*:rule/*Schemas-*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4GZI6BHNDI",
"PolicyName": "AmazonEventBridgeSchemasServiceRolePolicy",
"UpdateDate": "2019-11-27T01:10:40+00:00",
"VersionId": "v1"
},
"AmazonFISServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonFISServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-12-21T21:18:19+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"events:PutRule",
"events:DeleteRule",
"events:DescribeRule",
"events:PutTargets",
"events:RemoveTargets"
],
"Condition": {
"StringEquals": {
"events:ManagedBy": "fis.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "EventBridge"
},
{
"Action": [
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "Tagging"
},
{
"Action": [
"cloudwatch:DescribeAlarms"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudWatch"
},
{
"Action": [
"ec2:DescribeInstances",
"iam:GetUser",
"iam:GetRole",
"iam:ListUsers",
"iam:ListRoles",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"ecs:DescribeClusters",
"eks:DescribeNodegroup"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "DescribeUserResources"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4JLZR2TQJD",
"PolicyName": "AmazonFISServiceRolePolicy",
"UpdateDate": "2021-01-18T15:40:47+00:00",
"VersionId": "v2"
},
"AmazonFSxConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonFSxConsoleFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-28T16:36:05+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:DescribeAlarms",
"ds:DescribeDirectories",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"firehose:ListDeliveryStreams",
"fsx:*",
"kms:ListAliases",
"logs:DescribeLogGroups",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"fsx.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"s3.data-source.lustre.fsx.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAITDDJ23Y5UZ2WCZRQ",
"PolicyName": "AmazonFSxConsoleFullAccess",
"UpdateDate": "2021-06-08T12:14:00+00:00",
"VersionId": "v4"
},
"AmazonFSxConsoleReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonFSxConsoleReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-28T16:35:24+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:DescribeAlarms",
"ds:DescribeDirectories",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"firehose:ListDeliveryStreams",
"fsx:Describe*",
"fsx:ListTagsForResource",
"kms:DescribeKey",
"logs:DescribeLogGroups"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJQUISIZNHGLA6YQFM",
"PolicyName": "AmazonFSxConsoleReadOnlyAccess",
"UpdateDate": "2021-06-08T12:21:09+00:00",
"VersionId": "v3"
},
"AmazonFSxFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonFSxFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-28T16:34:43+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"ds:DescribeDirectories",
"fsx:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"fsx.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"s3.data-source.lustre.fsx.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/fsx/*:log-group:*"
]
},
{
"Action": [
"firehose:PutRecord"
],
"Effect": "Allow",
"Resource": [
"arn:aws:firehose:*:*:deliverystream/aws-fsx-*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIEUV6Z2X4VNZRVB5I",
"PolicyName": "AmazonFSxFullAccess",
"UpdateDate": "2021-06-08T12:05:31+00:00",
"VersionId": "v2"
},
"AmazonFSxReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonFSxReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-28T16:33:32+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"fsx:Describe*",
"fsx:ListTagsForResource"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ4ICPKXR6KK32HT52",
"PolicyName": "AmazonFSxReadOnlyAccess",
"UpdateDate": "2018-11-28T16:33:32+00:00",
"VersionId": "v1"
},
"AmazonFSxServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonFSxServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-11-28T10:38:37+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:PutMetricData",
"ds:AuthorizeApplication",
"ds:GetAuthorizedApplicationDetails",
"ds:UnauthorizeApplication",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DescribeAddresses",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DisassociateAddress",
"route53:AssociateVPCWithHostedZone"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/fsx/*"
},
{
"Action": [
"firehose:DescribeDeliveryStream",
"firehose:PutRecord",
"firehose:PutRecordBatch"
],
"Effect": "Allow",
"Resource": "arn:aws:firehose:*:*:deliverystream/aws-fsx-*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIVQ24YKVRBV5IYQ5G",
"PolicyName": "AmazonFSxServiceRolePolicy",
"UpdateDate": "2021-06-07T21:03:26+00:00",
"VersionId": "v4"
},
"AmazonForecastFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonForecastFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-01-18T01:52:29+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"forecast:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "forecast.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIAKOTFNTUECQVU7C4",
"PolicyName": "AmazonForecastFullAccess",
"UpdateDate": "2019-01-18T01:52:29+00:00",
"VersionId": "v1"
},
"AmazonFraudDetectorFullAccessPolicy": {
"Arn": "arn:aws:iam::aws:policy/AmazonFraudDetectorFullAccessPolicy",
"AttachmentCount": 0,
"CreateDate": "2019-12-03T22:46:26+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"frauddetector:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sagemaker:ListEndpoints",
"sagemaker:DescribeEndpoint"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "frauddetector.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4AAPDEABT6",
"PolicyName": "AmazonFraudDetectorFullAccessPolicy",
"UpdateDate": "2019-12-03T22:46:26+00:00",
"VersionId": "v1"
},
"AmazonFreeRTOSFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonFreeRTOSFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-11-29T15:32:51+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"freertos:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJAN6PSDCOH6HXG2SE",
"PolicyName": "AmazonFreeRTOSFullAccess",
"UpdateDate": "2017-11-29T15:32:51+00:00",
"VersionId": "v1"
},
"AmazonFreeRTOSOTAUpdate": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonFreeRTOSOTAUpdate",
"AttachmentCount": 0,
"CreateDate": "2018-08-27T22:43:07+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"s3:GetObjectVersion",
"s3:PutObject",
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::afr-ota*"
},
{
"Action": [
"signer:StartSigningJob",
"signer:DescribeSigningJob",
"signer:GetSigningProfile",
"signer:PutSigningProfile"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:ListBucketVersions",
"s3:ListBucket",
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iot:DeleteJob",
"iot:DescribeJob"
],
"Effect": "Allow",
"Resource": "arn:aws:iot:*:*:job/AFR_OTA*"
},
{
"Action": [
"iot:DeleteStream"
],
"Effect": "Allow",
"Resource": "arn:aws:iot:*:*:stream/AFR_OTA*"
},
{
"Action": [
"iot:CreateStream",
"iot:CreateJob"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAINC2TXHAYDOK3SWMU",
"PolicyName": "AmazonFreeRTOSOTAUpdate",
"UpdateDate": "2020-12-18T17:47:30+00:00",
"VersionId": "v3"
},
"AmazonGlacierFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonGlacierFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:28+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "glacier:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJQSTZJWB2AXXAKHVQ",
"PolicyName": "AmazonGlacierFullAccess",
"UpdateDate": "2015-02-06T18:40:28+00:00",
"VersionId": "v1"
},
"AmazonGlacierReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonGlacierReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:27+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"glacier:DescribeJob",
"glacier:DescribeVault",
"glacier:GetDataRetrievalPolicy",
"glacier:GetJobOutput",
"glacier:GetVaultAccessPolicy",
"glacier:GetVaultLock",
"glacier:GetVaultNotifications",
"glacier:ListJobs",
"glacier:ListMultipartUploads",
"glacier:ListParts",
"glacier:ListTagsForVault",
"glacier:ListVaults"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI2D5NJKMU274MET4E",
"PolicyName": "AmazonGlacierReadOnlyAccess",
"UpdateDate": "2016-05-05T18:46:10+00:00",
"VersionId": "v2"
},
"AmazonGuardDutyFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonGuardDutyFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-11-28T22:31:30+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": "guardduty:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "guardduty.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"organizations:EnableAWSServiceAccess",
"organizations:RegisterDelegatedAdministrator",
"organizations:ListDelegatedAdministrators",
"organizations:ListAWSServiceAccessForOrganization",
"organizations:DescribeOrganizationalUnit",
"organizations:DescribeAccount",
"organizations:DescribeOrganization"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIKUTKSN4KC63VDQUM",
"PolicyName": "AmazonGuardDutyFullAccess",
"UpdateDate": "2021-02-16T23:39:53+00:00",
"VersionId": "v2"
},
"AmazonGuardDutyReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonGuardDutyReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2017-11-28T22:29:40+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"guardduty:Describe*",
"guardduty:Get*",
"guardduty:List*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"organizations:ListDelegatedAdministrators",
"organizations:ListAWSServiceAccessForOrganization",
"organizations:DescribeOrganizationalUnit",
"organizations:DescribeAccount",
"organizations:DescribeOrganization"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIVMCEDV336RWUSNHG",
"PolicyName": "AmazonGuardDutyReadOnlyAccess",
"UpdateDate": "2021-02-16T23:37:57+00:00",
"VersionId": "v3"
},
"AmazonGuardDutyServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonGuardDutyServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-11-28T20:12:59+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeImages",
"organizations:ListAccounts",
"organizations:DescribeAccount",
"s3:GetBucketPublicAccessBlock",
"s3:GetEncryptionConfiguration",
"s3:GetBucketTagging",
"s3:GetAccountPublicAccessBlock",
"s3:ListAllMyBuckets",
"s3:GetBucketAcl",
"s3:GetBucketPolicy",
"s3:GetBucketPolicyStatus"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIHZREZOWNSSA6FWQO",
"PolicyName": "AmazonGuardDutyServiceRolePolicy",
"UpdateDate": "2020-05-14T20:25:50+00:00",
"VersionId": "v3"
},
"AmazonHealthLakeFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonHealthLakeFullAccess",
"AttachmentCount": 0,
"CreateDate": "2021-02-17T01:07:05+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"healthlake:*",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:GetBucketLocation",
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "healthlake.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4OMJS7NARX",
"PolicyName": "AmazonHealthLakeFullAccess",
"UpdateDate": "2021-02-17T01:07:05+00:00",
"VersionId": "v1"
},
"AmazonHealthLakeReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonHealthLakeReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2021-02-17T02:43:31+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"healthlake:ListFHIRDatastores",
"healthlake:DescribeFHIRDatastore",
"healthlake:DescribeFHIRImportJob",
"healthlake:DescribeFHIRExportJob",
"healthlake:GetCapabilities",
"healthlake:ReadResource",
"healthlake:SearchWithGet",
"healthlake:SearchWithPost"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MIFB6JFLV",
"PolicyName": "AmazonHealthLakeReadOnlyAccess",
"UpdateDate": "2021-02-17T02:43:31+00:00",
"VersionId": "v1"
},
"AmazonHoneycodeFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-06-24T20:28:11+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"honeycode:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4ECUH6WAX6",
"PolicyName": "AmazonHoneycodeFullAccess",
"UpdateDate": "2020-06-24T20:28:11+00:00",
"VersionId": "v1"
},
"AmazonHoneycodeReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-06-24T20:28:16+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"honeycode:List*",
"honeycode:Get*",
"honeycode:Describe*",
"honeycode:Query*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4CRFGMHZ3B",
"PolicyName": "AmazonHoneycodeReadOnlyAccess",
"UpdateDate": "2020-12-01T17:27:53+00:00",
"VersionId": "v2"
},
"AmazonHoneycodeServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonHoneycodeServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-11-18T18:03:08+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"sso:GetManagedApplicationInstance"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4COQCKOKUQ",
"PolicyName": "AmazonHoneycodeServiceRolePolicy",
"UpdateDate": "2020-11-18T18:03:08+00:00",
"VersionId": "v1"
},
"AmazonHoneycodeTeamAssociationFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeTeamAssociationFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-06-24T20:28:27+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"honeycode:ListTeamAssociations",
"honeycode:ApproveTeamAssociation",
"honeycode:RejectTeamAssociation"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4JH4KLR35J",
"PolicyName": "AmazonHoneycodeTeamAssociationFullAccess",
"UpdateDate": "2020-06-24T20:28:27+00:00",
"VersionId": "v1"
},
"AmazonHoneycodeTeamAssociationReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeTeamAssociationReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-06-24T20:27:46+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"honeycode:ListTeamAssociations"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4KRI4FOLPG",
"PolicyName": "AmazonHoneycodeTeamAssociationReadOnlyAccess",
"UpdateDate": "2020-06-24T20:27:46+00:00",
"VersionId": "v1"
},
"AmazonHoneycodeWorkbookFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeWorkbookFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-06-24T20:28:46+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"honeycode:GetScreenData",
"honeycode:InvokeScreenAutomation",
"honeycode:BatchCreateTableRows",
"honeycode:BatchDeleteTableRows",
"honeycode:BatchUpdateTableRows",
"honeycode:BatchUpsertTableRows",
"honeycode:DescribeTableDataImportJob",
"honeycode:ListTableColumns",
"honeycode:ListTableRows",
"honeycode:ListTables",
"honeycode:QueryTableRows",
"honeycode:StartTableDataImportJob"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4OQLA2WKSW",
"PolicyName": "AmazonHoneycodeWorkbookFullAccess",
"UpdateDate": "2020-12-01T17:30:06+00:00",
"VersionId": "v2"
},
"AmazonHoneycodeWorkbookReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeWorkbookReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-06-24T20:28:07+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"honeycode:GetScreenData",
"honeycode:DescribeTableDataImportJob",
"honeycode:ListTableColumns",
"honeycode:ListTableRows",
"honeycode:ListTables",
"honeycode:QueryTableRows"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4GUHKYOSNH",
"PolicyName": "AmazonHoneycodeWorkbookReadOnlyAccess",
"UpdateDate": "2020-12-01T17:32:49+00:00",
"VersionId": "v2"
},
"AmazonInspectorFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonInspectorFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-10-07T17:08:04+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"inspector:*",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"sns:ListTopics",
"events:DescribeRule",
"events:ListRuleNamesByTarget"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"inspector.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "inspector.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/inspector.amazonaws.com/AWSServiceRoleForAmazonInspector"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI7Y6NTA27NWNA5U5E",
"PolicyName": "AmazonInspectorFullAccess",
"UpdateDate": "2017-12-21T14:53:31+00:00",
"VersionId": "v5"
},
"AmazonInspectorReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonInspectorReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-10-07T17:08:01+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"inspector:Describe*",
"inspector:Get*",
"inspector:List*",
"inspector:Preview*",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"sns:ListTopics",
"events:DescribeRule",
"events:ListRuleNamesByTarget"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJXQNTHTEJ2JFRN2SE",
"PolicyName": "AmazonInspectorReadOnlyAccess",
"UpdateDate": "2019-10-01T15:17:54+00:00",
"VersionId": "v4"
},
"AmazonInspectorServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonInspectorServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-11-21T15:48:27+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"directconnect:DescribeConnections",
"directconnect:DescribeDirectConnectGateways",
"directconnect:DescribeDirectConnectGatewayAssociations",
"directconnect:DescribeDirectConnectGatewayAttachments",
"directconnect:DescribeVirtualGateways",
"directconnect:DescribeVirtualInterfaces",
"directconnect:DescribeTags",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeCustomerGateways",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeInternetGateways",
"ec2:DescribeNatGateways",
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribePrefixLists",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeVpcs",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways",
"ec2:DescribeManagedPrefixLists",
"ec2:GetManagedPrefixListEntries",
"ec2:DescribeVpcEndpointServiceConfigurations",
"ec2:DescribeTransitGateways",
"ec2:DescribeTransitGatewayAttachments",
"ec2:DescribeTransitGatewayVpcAttachments",
"ec2:DescribeTransitGatewayRouteTables",
"ec2:SearchTransitGatewayRoutes",
"ec2:DescribeTransitGatewayPeeringAttachments",
"ec2:GetTransitGatewayRouteTablePropagations",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJKBMSBWLU2TGXHHUQ",
"PolicyName": "AmazonInspectorServiceRolePolicy",
"UpdateDate": "2020-09-11T17:12:02+00:00",
"VersionId": "v5"
},
"AmazonKendraFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonKendraFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-12-03T16:15:37+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "kendra.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:ListKeys",
"kms:ListAliases",
"kms:DescribeKey"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"secretsmanager:ListSecrets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:GetMetricData"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"secretsmanager:CreateSecret",
"secretsmanager:DescribeSecret"
],
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:*:*:secret:AmazonKendra-*"
},
{
"Action": "kendra:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4BK2ALV3AM",
"PolicyName": "AmazonKendraFullAccess",
"UpdateDate": "2019-12-03T16:15:37+00:00",
"VersionId": "v1"
},
"AmazonKendraReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonKendraReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-12-03T16:13:45+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"kendra:Describe*",
"kendra:List*",
"kendra:Query",
"kendra:GetQuerySuggestions"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4POKTT2LDN",
"PolicyName": "AmazonKendraReadOnlyAccess",
"UpdateDate": "2021-05-27T17:01:20+00:00",
"VersionId": "v2"
},
"AmazonKeyspacesFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonKeyspacesFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-04-23T17:06:37+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"cassandra:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"application-autoscaling:DeleteScalingPolicy",
"application-autoscaling:DeleteScheduledAction",
"application-autoscaling:DeregisterScalableTarget",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:DescribeScheduledActions",
"application-autoscaling:PutScheduledAction",
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:RegisterScalableTarget",
"kms:DescribeKey",
"kms:ListAliases"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarms",
"cloudwatch:PutMetricAlarm"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "cassandra.application-autoscaling.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/cassandra.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_CassandraTable"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4HMS72N6JG",
"PolicyName": "AmazonKeyspacesFullAccess",
"UpdateDate": "2021-06-01T19:31:39+00:00",
"VersionId": "v2"
},
"AmazonKeyspacesReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonKeyspacesReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-04-23T17:07:14+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"cassandra:Select"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:DescribeScheduledActions",
"cloudwatch:DescribeAlarms",
"kms:DescribeKey",
"kms:ListAliases"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4LHLFMFIPN",
"PolicyName": "AmazonKeyspacesReadOnlyAccess",
"UpdateDate": "2021-06-01T19:32:47+00:00",
"VersionId": "v2"
},
"AmazonKinesisAnalyticsFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsFullAccess",
"AttachmentCount": 0,
"CreateDate": "2016-09-21T19:01:14+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "kinesisanalytics:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kinesis:CreateStream",
"kinesis:DeleteStream",
"kinesis:DescribeStream",
"kinesis:ListStreams",
"kinesis:PutRecord",
"kinesis:PutRecords"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"firehose:DescribeDeliveryStream",
"firehose:ListDeliveryStreams"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "logs:GetLogEvents",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:ListPolicyVersions",
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/service-role/kinesis-analytics*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJQOSKHTXP43R7P5AC",
"PolicyName": "AmazonKinesisAnalyticsFullAccess",
"UpdateDate": "2016-09-21T19:01:14+00:00",
"VersionId": "v1"
},
"AmazonKinesisAnalyticsReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsReadOnly",
"AttachmentCount": 0,
"CreateDate": "2016-09-21T18:16:43+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"kinesisanalytics:Describe*",
"kinesisanalytics:Get*",
"kinesisanalytics:List*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kinesis:DescribeStream",
"kinesis:ListStreams"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"firehose:DescribeDeliveryStream",
"firehose:ListDeliveryStreams"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "logs:GetLogEvents",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:ListPolicyVersions",
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIJIEXZAFUK43U7ARK",
"PolicyName": "AmazonKinesisAnalyticsReadOnly",
"UpdateDate": "2016-09-21T18:16:43+00:00",
"VersionId": "v1"
},
"AmazonKinesisFirehoseFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonKinesisFirehoseFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-10-07T18:45:26+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"firehose:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJMZQMTZ7FRBFHHAHI",
"PolicyName": "AmazonKinesisFirehoseFullAccess",
"UpdateDate": "2015-10-07T18:45:26+00:00",
"VersionId": "v1"
},
"AmazonKinesisFirehoseReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonKinesisFirehoseReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-10-07T18:43:39+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"firehose:Describe*",
"firehose:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ36NT645INW4K24W6",
"PolicyName": "AmazonKinesisFirehoseReadOnlyAccess",
"UpdateDate": "2015-10-07T18:43:39+00:00",
"VersionId": "v1"
},
"AmazonKinesisFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonKinesisFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:29+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "kinesis:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIVF32HAMOXCUYRAYE",
"PolicyName": "AmazonKinesisFullAccess",
"UpdateDate": "2015-02-06T18:40:29+00:00",
"VersionId": "v1"
},
"AmazonKinesisReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonKinesisReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:30+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"kinesis:Get*",
"kinesis:List*",
"kinesis:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIOCMTDT5RLKZ2CAJO",
"PolicyName": "AmazonKinesisReadOnlyAccess",
"UpdateDate": "2015-02-06T18:40:30+00:00",
"VersionId": "v1"
},
"AmazonKinesisVideoStreamsFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonKinesisVideoStreamsFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-12-01T23:27:18+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "kinesisvideo:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIZAN5AK7E7UVYIAZY",
"PolicyName": "AmazonKinesisVideoStreamsFullAccess",
"UpdateDate": "2017-12-01T23:27:18+00:00",
"VersionId": "v1"
},
"AmazonKinesisVideoStreamsReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonKinesisVideoStreamsReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2017-12-01T23:14:32+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"kinesisvideo:Describe*",
"kinesisvideo:Get*",
"kinesisvideo:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJDS2DKUCYTEA7M6UA",
"PolicyName": "AmazonKinesisVideoStreamsReadOnlyAccess",
"UpdateDate": "2017-12-01T23:14:32+00:00",
"VersionId": "v1"
},
"AmazonLambdaRolePolicyForLaunchWizardSAP": {
"Arn": "arn:aws:iam::aws:policy/AmazonLambdaRolePolicyForLaunchWizardSAP",
"AttachmentCount": 0,
"CreateDate": "2020-03-30T20:25:12+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateRoute",
"ec2:DeleteRoute"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/LaunchWizardApplicationType": "*"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:route-table/*"
},
{
"Action": [
"ec2:CreateTags"
],
"Condition": {
"ForAllValues:StringLike": {
"aws:TagKeys": "LaunchWizard*"
},
"StringLike": {
"ec2:ResourceTag/LaunchWizardApplicationType": "*"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ssm:GetParameter"
],
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:parameter/LaunchWizard*"
},
{
"Action": [
"ssm:GetDocument",
"ssm:sendCommand"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ssm:*:*:document/AWS-RunShellScript"
]
},
{
"Action": [
"ssm:SendCommand"
],
"Condition": {
"StringLike": {
"ssm:resourceTag/LaunchWizardApplicationType": "*"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*"
]
},
{
"Action": [
"ssm:ListCommands",
"ec2:DescribeVpcs",
"ec2:DescribeRouteTables",
"ec2:DescribeInstances",
"ec2:DescribeTags",
"ec2:DescribeInstanceAttribute",
"ec2:ModifyInstanceAttribute"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:ListBucket",
"s3:ListBucketVersions",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetObjectVersionAcl",
"s3:PutObject",
"s3:PutObjectTagging",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:DeleteBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::launchwizard*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4NMJOHL3TN",
"PolicyName": "AmazonLambdaRolePolicyForLaunchWizardSAP",
"UpdateDate": "2020-12-04T16:00:56+00:00",
"VersionId": "v5"
},
"AmazonLaunchWizard_Fullaccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonLaunchWizard_Fullaccess",
"AttachmentCount": 0,
"CreateDate": "2020-08-06T17:47:30+00:00",
"DefaultVersionId": "v10",
"Document": {
"Statement": [
{
"Action": "applicationinsights:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "resource-groups:List*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"route53:ChangeResourceRecordSets",
"route53:GetChange",
"route53:ListResourceRecordSets",
"route53:ListHostedZones",
"route53:ListHostedZonesByName"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:ListKeys",
"kms:ListAliases"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:List*",
"cloudwatch:Get*",
"cloudwatch:Describe*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateInternetGateway",
"ec2:CreateNatGateway",
"ec2:CreateVpc",
"ec2:CreateKeyPair",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSubnet"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AllocateAddress",
"ec2:AllocateHosts",
"ec2:AssignPrivateIpAddresses",
"ec2:AssociateAddress",
"ec2:CreateDhcpOptions",
"ec2:CreateEgressOnlyInternetGateway",
"ec2:CreateNetworkInterface",
"ec2:CreateVolume",
"ec2:CreateVpcEndpoint",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:ModifyInstanceAttribute",
"ec2:ModifySubnetAttribute",
"ec2:ModifyVolumeAttribute",
"ec2:ModifyVpcAttribute",
"ec2:AssociateDhcpOptions",
"ec2:AssociateSubnetCidrBlock",
"ec2:AttachInternetGateway",
"ec2:AttachNetworkInterface",
"ec2:AttachVolume",
"ec2:DeleteDhcpOptions",
"ec2:DeleteInternetGateway",
"ec2:DeleteKeyPair",
"ec2:DeleteNatGateway",
"ec2:DeleteSecurityGroup",
"ec2:DeleteVolume",
"ec2:DeleteVpc",
"ec2:DetachInternetGateway",
"ec2:DetachVolume",
"ec2:DeleteSnapshot",
"ec2:AssociateRouteTable",
"ec2:AssociateVpcCidrBlock",
"ec2:DeleteNetworkAcl",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DeleteRoute",
"ec2:DeleteRouteTable",
"ec2:DeleteSubnet",
"ec2:DetachNetworkInterface",
"ec2:DisassociateAddress",
"ec2:DisassociateVpcCidrBlock",
"ec2:GetLaunchTemplateData",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ModifyVolume",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:GetConsoleOutput",
"ec2:GetPasswordData",
"ec2:ReleaseAddress",
"ec2:ReplaceRoute",
"ec2:ReplaceRouteTableAssociation",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"ec2:DisassociateIamInstanceProfile",
"ec2:DisassociateRouteTable",
"ec2:DisassociateSubnetCidrBlock",
"ec2:ModifyInstancePlacement",
"ec2:DeletePlacementGroup",
"ec2:CreatePlacementGroup",
"elasticfilesystem:DeleteFileSystem",
"elasticfilesystem:DeleteMountTarget",
"ds:AddIpRoutes",
"ds:CreateComputer",
"ds:CreateMicrosoftAD",
"ds:DeleteDirectory"
],
"Condition": {
"ForAnyValue:StringEquals": {
"aws:CalledVia": "launchwizard.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudformation:DescribeStack*",
"cloudformation:Get*",
"cloudformation:ListStacks",
"cloudformation:SignalResource",
"cloudformation:DeleteStack"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/LaunchWizard*/*",
"arn:aws:cloudformation:*:*:stack/ApplicationInsights*/*"
]
},
{
"Action": [
"ec2:StopInstances",
"ec2:TerminateInstances"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/LaunchWizard-*/*"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:CreateInstanceProfile",
"iam:DeleteInstanceProfile",
"iam:RemoveRoleFromInstanceProfile",
"iam:AddRoleToInstanceProfile"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard*",
"arn:aws:iam::*:instance-profile/LaunchWizard*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEqualsIfExists": {
"iam:PassedToService": [
"lambda.amazonaws.com",
"ec2.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard*",
"arn:aws:iam::*:role/service-role/AmazonLambdaRoleForLaunchWizard*",
"arn:aws:iam::*:instance-profile/LaunchWizard*"
]
},
{
"Action": [
"autoscaling:AttachInstances",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:CreateLaunchConfiguration",
"autoscaling:DeleteAutoScalingGroup",
"autoscaling:DeleteLaunchConfiguration",
"autoscaling:UpdateAutoScalingGroup",
"logs:CreateLogStream",
"logs:DeleteLogGroup",
"logs:DeleteLogStream",
"logs:DescribeLog*",
"logs:PutLogEvents",
"resource-groups:CreateGroup",
"resource-groups:DeleteGroup",
"sns:ListSubscriptionsByTopic",
"sns:Publish",
"ssm:DeleteDocument",
"ssm:DeleteParameter*",
"ssm:DescribeDocument*",
"ssm:GetDocument",
"ssm:PutParameter"
],
"Effect": "Allow",
"Resource": [
"arn:aws:resource-groups:*:*:group/LaunchWizard*",
"arn:aws:sns:*:*:*",
"arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/LaunchWizard*",
"arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/LaunchWizard*",
"arn:aws:ssm:*:*:parameter/LaunchWizard*",
"arn:aws:ssm:*:*:document/LaunchWizard*",
"arn:aws:logs:*:*:log-group:*:*:*",
"arn:aws:logs:*:*:log-group:LaunchWizard*"
]
},
{
"Action": "ssm:SendCommand",
"Condition": {
"ForAllValues:StringLike": {
"aws:TagKeys": "LaunchWizard*"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:DeleteLogStream",
"logs:GetLogEvents",
"logs:PutLogEvents",
"ssm:AddTagsToResource",
"ssm:DescribeDocument",
"ssm:GetDocument",
"ssm:ListTagsForResource",
"ssm:RemoveTagsFromResource"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:*:*:*",
"arn:aws:logs:*:*:log-group:LaunchWizard*",
"arn:aws:ssm:*:*:parameter/LaunchWizard*",
"arn:aws:ssm:*:*:document/LaunchWizard*"
]
},
{
"Action": [
"autoscaling:Describe*",
"cloudformation:DescribeAccountLimits",
"cloudformation:DescribeStackDriftDetectionStatus",
"cloudformation:List*",
"ds:Describe*",
"ds:ListAuthorizedApplications",
"ec2:Describe*",
"ec2:Get*",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:GetUser",
"iam:GetPolicyVersion",
"iam:GetPolicy",
"iam:List*",
"logs:CreateLogGroup",
"logs:GetLogDelivery",
"logs:GetLogRecord",
"logs:ListLogDeliveries",
"resource-groups:Get*",
"resource-groups:List*",
"servicequotas:GetServiceQuota",
"servicequotas:ListServiceQuotas",
"sns:ListSubscriptions",
"sns:ListTopics",
"ssm:CreateDocument",
"ssm:DescribeAutomation*",
"ssm:DescribeInstanceInformation",
"ssm:DescribeParameters",
"ssm:GetAutomationExecution",
"ssm:GetCommandInvocation",
"ssm:GetParameter*",
"ssm:GetConnectionStatus",
"ssm:ListCommand*",
"ssm:ListDocument*",
"ssm:ListInstanceAssociations",
"ssm:SendAutomationSignal",
"ssm:StartAutomationExecution",
"ssm:StopAutomationExecution",
"tag:Get*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "logs:GetLog*",
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:*:*:*",
"arn:aws:logs:*:*:log-group:LaunchWizard*"
]
},
{
"Action": [
"cloudformation:List*",
"cloudformation:Describe*"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudformation:*:*:stack/LaunchWizard*/"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"autoscaling.amazonaws.com",
"application-insights.amazonaws.com",
"events.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "launchwizard:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sqs:TagQueue",
"sqs:GetQueueUrl",
"sqs:AddPermission",
"sqs:ListQueues",
"sqs:DeleteQueue",
"sqs:GetQueueAttributes",
"sqs:ListQueueTags",
"sqs:CreateQueue",
"sqs:SetQueueAttributes"
],
"Effect": "Allow",
"Resource": "arn:aws:sqs:*:*:LaunchWizard*"
},
{
"Action": [
"cloudwatch:PutMetricAlarm",
"iam:GetInstanceProfile",
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarms"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudwatch:*:*:alarm:LaunchWizard*",
"arn:aws:iam::*:instance-profile/LaunchWizard*"
]
},
{
"Action": [
"cloudformation:CreateStack",
"route53:ListHostedZones",
"ec2:CreateSecurityGroup",
"ec2:AuthorizeSecurityGroupIngress",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:CreateFileSystem",
"elasticfilesystem:CreateMountTarget",
"elasticfilesystem:DescribeMountTargets",
"elasticfilesystem:DescribeMountTargetSecurityGroups"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::launchwizard*",
"arn:aws:s3:::launchwizard*/*",
"arn:aws:s3:::aws-sap-data-provider/config.properties"
]
},
{
"Action": "cloudformation:TagResource",
"Condition": {
"ForAllValues:StringLike": {
"aws:TagKeys": "LaunchWizard*"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:CreateBucket",
"s3:PutBucketVersioning",
"s3:DeleteBucket",
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:GetFunction",
"lambda:GetFunctionConfiguration",
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:LaunchWizard*",
"arn:aws:s3:::launchwizard*"
]
},
{
"Action": [
"dynamodb:CreateTable",
"dynamodb:DescribeTable",
"dynamodb:DeleteTable"
],
"Effect": "Allow",
"Resource": "arn:aws:dynamodb:*:*:table/LaunchWizard*"
},
{
"Action": [
"secretsmanager:CreateSecret",
"secretsmanager:DeleteSecret",
"secretsmanager:TagResource",
"secretsmanager:UntagResource",
"secretsmanager:PutResourcePolicy",
"secretsmanager:DeleteResourcePolicy",
"secretsmanager:ListSecretVersionIds",
"secretsmanager:GetSecretValue"
],
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:*:*:secret:LaunchWizard*"
},
{
"Action": [
"secretsmanager:GetRandomPassword",
"secretsmanager:ListSecrets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ssm:CreateOpsMetadata"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ssm:DeleteOpsMetadata",
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:opsmetadata/aws/ssm/LaunchWizard*"
},
{
"Action": [
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:Subscribe",
"sns:Unsubscribe"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:LaunchWizard*"
},
{
"Action": [
"fsx:UntagResource",
"fsx:TagResource",
"fsx:DeleteFileSystem",
"fsx:ListTagsForResource"
],
"Condition": {
"StringLike": {
"aws:ResourceTag/Name": "LaunchWizard*"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"fsx:CreateFileSystem"
],
"Condition": {
"StringLike": {
"aws:RequestTag/Name": [
"LaunchWizard*"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"fsx:DescribeFileSystems"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4ABPQ7BLC2",
"PolicyName": "AmazonLaunchWizard_Fullaccess",
"UpdateDate": "2021-05-24T23:04:20+00:00",
"VersionId": "v10"
},
"AmazonLexChannelsAccess": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonLexChannelsAccess",
"AttachmentCount": 0,
"CreateDate": "2021-01-13T20:12:46+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"lex:ListBots"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4HVR6S6UVL",
"PolicyName": "AmazonLexChannelsAccess",
"UpdateDate": "2021-01-13T20:12:46+00:00",
"VersionId": "v1"
},
"AmazonLexFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonLexFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-04-11T23:20:36+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:DescribeAlarms",
"cloudwatch:DescribeAlarmsForMetric",
"kms:DescribeKey",
"kms:ListAliases",
"lambda:GetPolicy",
"lambda:ListFunctions",
"lex:*",
"polly:DescribeVoices",
"polly:SynthesizeSpeech"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "kendra:ListIndices",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"lambda:AddPermission",
"lambda:RemovePermission"
],
"Condition": {
"StringLike": {
"lambda:Principal": "lex.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:lambda:*:*:function:AmazonLex*"
},
{
"Action": [
"iam:GetRole",
"iam:DeleteRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots",
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels"
]
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringLike": {
"iam:AWSServiceName": "lex.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots"
]
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots"
]
},
{
"Action": [
"iam:DetachRolePolicy"
],
"Condition": {
"StringLike": {
"iam:PolicyArn": "arn:aws:iam::aws:policy/aws-service-role/AmazonLexBotPolicy"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots"
]
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringLike": {
"iam:AWSServiceName": "channels.lex.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels"
]
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": [
"lex.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots"
]
},
{
"Action": [
"iam:DetachRolePolicy"
],
"Condition": {
"StringLike": {
"iam:PolicyArn": "arn:aws:iam::aws:policy/aws-service-role/LexChannelPolicy"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJVLXDHKVC23HRTKSI",
"PolicyName": "AmazonLexFullAccess",
"UpdateDate": "2020-05-29T15:21:00+00:00",
"VersionId": "v6"
},
"AmazonLexReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AmazonLexReadOnly",
"AttachmentCount": 0,
"CreateDate": "2017-04-11T23:13:33+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"lex:GetBot",
"lex:GetBotAlias",
"lex:GetBotAliases",
"lex:GetBots",
"lex:GetBotChannelAssociation",
"lex:GetBotChannelAssociations",
"lex:GetBotVersions",
"lex:GetBuiltinIntent",
"lex:GetBuiltinIntents",
"lex:GetBuiltinSlotTypes",
"lex:GetIntent",
"lex:GetIntents",
"lex:GetIntentVersions",
"lex:GetSlotType",
"lex:GetSlotTypes",
"lex:GetSlotTypeVersions",
"lex:GetUtterancesView"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJGBI5LSMAJNDGBNAM",
"PolicyName": "AmazonLexReadOnly",
"UpdateDate": "2017-04-11T23:13:33+00:00",
"VersionId": "v1"
},
"AmazonLexRunBotsOnly": {
"Arn": "arn:aws:iam::aws:policy/AmazonLexRunBotsOnly",
"AttachmentCount": 0,
"CreateDate": "2017-04-11T23:06:24+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"lex:PostContent",
"lex:PostText",
"lex:PutSession",
"lex:GetSession",
"lex:DeleteSession"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJVZGB5CM3N6YWJHBE",
"PolicyName": "AmazonLexRunBotsOnly",
"UpdateDate": "2020-05-12T19:26:15+00:00",
"VersionId": "v2"
},
"AmazonLexV2BotPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonLexV2BotPolicy",
"AttachmentCount": 0,
"CreateDate": "2021-01-13T20:10:29+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"polly:SynthesizeSpeech"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4DXFCYFGBA",
"PolicyName": "AmazonLexV2BotPolicy",
"UpdateDate": "2021-01-13T20:10:29+00:00",
"VersionId": "v1"
},
"AmazonLookoutEquipmentFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonLookoutEquipmentFullAccess",
"AttachmentCount": 0,
"CreateDate": "2021-04-08T15:52:08+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"lookoutequipment:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"lookoutequipment.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:DescribeKey",
"kms:RetireGrant",
"kms:CreateGrant"
],
"Condition": {
"StringLike": {
"kms:ViaService": "lookoutequipment.*.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:DescribeKey"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4KPPCPGNJA",
"PolicyName": "AmazonLookoutEquipmentFullAccess",
"UpdateDate": "2021-05-05T16:46:56+00:00",
"VersionId": "v2"
},
"AmazonLookoutEquipmentReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonLookoutEquipmentReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2021-05-05T16:47:55+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"lookoutequipment:DescribeDataset",
"lookoutequipment:DescribeDataIngestionJob",
"lookoutequipment:DescribeModel",
"lookoutequipment:DescribeInferenceScheduler",
"lookoutequipment:ListDatasets",
"lookoutequipment:ListDataIngestionJobs",
"lookoutequipment:ListModels",
"lookoutequipment:ListInferenceSchedulers",
"lookoutequipment:ListInferenceExecutions",
"lookoutequipment:ListTagsForResource"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4DNIMPJYBT",
"PolicyName": "AmazonLookoutEquipmentReadOnlyAccess",
"UpdateDate": "2021-05-05T16:47:55+00:00",
"VersionId": "v1"
},
"AmazonLookoutMetricsFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonLookoutMetricsFullAccess",
"AttachmentCount": 0,
"CreateDate": "2021-05-07T00:43:38+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"lookoutmetrics:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "lookoutmetrics.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/*LookoutMetrics*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4CYQN5ZMMA",
"PolicyName": "AmazonLookoutMetricsFullAccess",
"UpdateDate": "2021-05-07T00:43:38+00:00",
"VersionId": "v1"
},
"AmazonLookoutMetricsReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonLookoutMetricsReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2021-05-07T00:43:34+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"lookoutmetrics:DescribeMetricSet",
"lookoutmetrics:ListMetricSets",
"lookoutmetrics:DescribeAnomalyDetector",
"lookoutmetrics:ListAnomalyDetectors",
"lookoutmetrics:DescribeAnomalyDetectionExecutions",
"lookoutmetrics:DescribeAlert",
"lookoutmetrics:ListAlerts",
"lookoutmetrics:ListTagsForResource",
"lookoutmetrics:ListAnomalyGroupSummaries",
"lookoutmetrics:ListAnomalyGroupTimeSeries",
"lookoutmetrics:GetAnomalyGroup",
"lookoutmetrics:GetDataQualityMetrics",
"lookoutmetrics:GetSampleData",
"lookoutmetrics:GetFeedback"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MP33SLV3F",
"PolicyName": "AmazonLookoutMetricsReadOnlyAccess",
"UpdateDate": "2021-05-07T00:43:34+00:00",
"VersionId": "v1"
},
"AmazonLookoutVisionConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonLookoutVisionConsoleFullAccess",
"AttachmentCount": 0,
"CreateDate": "2021-05-11T19:37:17+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"lookoutvision:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "LookoutVisionFullAccess"
},
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "LookoutVisionConsoleS3BucketSearchAccess"
},
{
"Action": [
"s3:CreateBucket",
"s3:PutBucketVersioning",
"s3:PutLifecycleConfiguration",
"s3:PutEncryptionConfiguration",
"s3:PutBucketPublicAccessBlock"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::lookoutvision-*",
"Sid": "LookoutVisionConsoleS3BucketFirstUseSetupAccess"
},
{
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetBucketVersioning"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::lookoutvision-*",
"Sid": "LookoutVisionConsoleS3BucketAccess"
},
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:PutObject",
"s3:AbortMultipartUpload",
"s3:ListMultipartUploadParts"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::lookoutvision-*/*",
"Sid": "LookoutVisionConsoleS3ObjectAccess"
},
{
"Action": [
"groundtruthlabeling:RunGenerateManifestByCrawlingJob",
"groundtruthlabeling:AssociatePatchToManifestJob",
"groundtruthlabeling:DescribeConsoleJob"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "LookoutVisionConsoleDatasetLabelingToolsAccess"
},
{
"Action": [
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "LookoutVisionConsoleDashboardAccess"
},
{
"Action": [
"tag:GetTagKeys",
"tag:GetTagValues"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "LookoutVisionConsoleTagSelectorAccess"
},
{
"Action": [
"kms:ListAliases"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "LookoutVisionConsoleKmsKeySelectorAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4NJJ7RFZ5A",
"PolicyName": "AmazonLookoutVisionConsoleFullAccess",
"UpdateDate": "2021-05-11T19:37:17+00:00",
"VersionId": "v1"
},
"AmazonLookoutVisionConsoleReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonLookoutVisionConsoleReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2021-05-11T19:32:02+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"lookoutvision:DescribeDataset",
"lookoutvision:DescribeModel",
"lookoutvision:DescribeProject",
"lookoutvision:DescribeTrialDetection",
"lookoutvision:ListDatasetEntries",
"lookoutvision:ListModels",
"lookoutvision:ListProjects",
"lookoutvision:ListTagsForResource",
"lookoutvision:ListTrialDetections"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "LookoutVisionReadOnlyAccess"
},
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "LookoutVisionConsoleS3BucketSearchAccess"
},
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::lookoutvision-*/*",
"Sid": "LookoutVisionConsoleS3ObjectReadAccess"
},
{
"Action": [
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "LookoutVisionConsoleDashboardAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4CE2DP5IDX",
"PolicyName": "AmazonLookoutVisionConsoleReadOnlyAccess",
"UpdateDate": "2021-05-11T19:32:02+00:00",
"VersionId": "v1"
},
"AmazonLookoutVisionFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonLookoutVisionFullAccess",
"AttachmentCount": 0,
"CreateDate": "2021-05-11T19:24:54+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"lookoutvision:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "LookoutVisionFullAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4CMORWIX77",
"PolicyName": "AmazonLookoutVisionFullAccess",
"UpdateDate": "2021-05-11T19:24:54+00:00",
"VersionId": "v1"
},
"AmazonLookoutVisionReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonLookoutVisionReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2021-05-11T19:11:07+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"lookoutvision:DescribeDataset",
"lookoutvision:DescribeModel",
"lookoutvision:DescribeProject",
"lookoutvision:ListDatasetEntries",
"lookoutvision:ListModels",
"lookoutvision:ListProjects",
"lookoutvision:ListTagsForResource"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "LookoutVisionReadOnlyAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4OJEEMR6Q3",
"PolicyName": "AmazonLookoutVisionReadOnlyAccess",
"UpdateDate": "2021-05-11T19:11:07+00:00",
"VersionId": "v1"
},
"AmazonMCSFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMCSFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-12-03T13:45:25+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"application-autoscaling:DeleteScalingPolicy",
"application-autoscaling:DeregisterScalableTarget",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:RegisterScalableTarget",
"application-autoscaling:PutScheduledAction",
"application-autoscaling:DeleteScheduledAction",
"application-autoscaling:DescribeScheduledActions"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cassandra:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarms",
"cloudwatch:PutMetricAlarm"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "cassandra.application-autoscaling.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/cassandra.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_CassandraTable"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4K6JRQY7NV",
"PolicyName": "AmazonMCSFullAccess",
"UpdateDate": "2020-04-17T19:19:29+00:00",
"VersionId": "v2"
},
"AmazonMCSReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMCSReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-12-03T13:46:21+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"cassandra:Select"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:DescribeScheduledActions",
"cloudwatch:DescribeAlarms"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4F6NKMXCNS",
"PolicyName": "AmazonMCSReadOnlyAccess",
"UpdateDate": "2020-04-17T19:21:34+00:00",
"VersionId": "v2"
},
"AmazonMQApiFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMQApiFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-12-18T20:31:31+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"mq:*",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DetachNetworkInterface",
"ec2:DescribeInternetGateways",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeNetworkInterfacePermissions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/amazonmq/*"
]
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "mq.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI4CMO533EBV3L2GW4",
"PolicyName": "AmazonMQApiFullAccess",
"UpdateDate": "2020-11-04T16:45:35+00:00",
"VersionId": "v2"
},
"AmazonMQApiReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMQApiReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-12-18T20:31:13+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"mq:Describe*",
"mq:List*",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIKI5JRHKAFHXQJKMO",
"PolicyName": "AmazonMQApiReadOnlyAccess",
"UpdateDate": "2018-12-18T20:31:13+00:00",
"VersionId": "v1"
},
"AmazonMQFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMQFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-11-28T15:28:29+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"mq:*",
"cloudformation:CreateStack",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DetachNetworkInterface",
"ec2:DescribeInternetGateways",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeNetworkInterfacePermissions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:CreateSecurityGroup",
"ec2:AuthorizeSecurityGroupIngress"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/amazonmq/*"
]
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "mq.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJLKBROJNQYDDXOOGG",
"PolicyName": "AmazonMQFullAccess",
"UpdateDate": "2020-11-04T16:34:09+00:00",
"VersionId": "v5"
},
"AmazonMQReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMQReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2017-11-28T15:30:32+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"mq:Describe*",
"mq:List*",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJFH3NKGULDUU66D5C",
"PolicyName": "AmazonMQReadOnlyAccess",
"UpdateDate": "2017-11-28T19:02:03+00:00",
"VersionId": "v2"
},
"AmazonMQServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonMQServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-11-04T16:07:17+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeVpcEndpoints"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateVpcEndpoint"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:vpc/*",
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:security-group/*"
]
},
{
"Action": [
"ec2:CreateVpcEndpoint"
],
"Condition": {
"StringEquals": {
"aws:RequestTag/AMQManaged": "true"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:vpc-endpoint/*"
]
},
{
"Action": [
"ec2:CreateTags"
],
"Condition": {
"StringEquals": {
"ec2:CreateAction": "CreateVpcEndpoint"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:vpc-endpoint/*"
},
{
"Action": [
"ec2:DeleteVpcEndpoints"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/AMQManaged": "true"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:vpc-endpoint/*"
},
{
"Action": [
"logs:PutLogEvents",
"logs:DescribeLogStreams",
"logs:DescribeLogGroups",
"logs:CreateLogStream",
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/amazonmq/*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4LFY3JJDI6",
"PolicyName": "AmazonMQServiceRolePolicy",
"UpdateDate": "2020-11-04T16:07:17+00:00",
"VersionId": "v1"
},
"AmazonMSKFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMSKFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-01-14T22:07:52+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"kafka:*",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeSecurityGroups",
"kms:DescribeKey",
"kms:CreateGrant",
"logs:CreateLogDelivery",
"logs:GetLogDelivery",
"logs:UpdateLogDelivery",
"logs:DeleteLogDelivery",
"logs:ListLogDeliveries",
"S3:GetBucketPolicy",
"logs:PutResourcePolicy",
"logs:DescribeResourcePolicies",
"logs:DescribeLogGroups",
"firehose:TagDeliveryStream"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "kafka.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/kafka.amazonaws.com/AWSServiceRoleForKafka*"
},
{
"Action": [
"iam:AttachRolePolicy",
"iam:PutRolePolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/kafka.amazonaws.com/AWSServiceRoleForKafka*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "delivery.logs.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/delivery.logs.amazonaws.com/AWSServiceRoleForLogDelivery*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJERQQQTWI5OMENTQE",
"PolicyName": "AmazonMSKFullAccess",
"UpdateDate": "2020-03-14T00:45:51+00:00",
"VersionId": "v3"
},
"AmazonMSKReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMSKReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-01-14T22:28:45+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"kafka:Describe*",
"kafka:List*",
"kafka:Get*",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"kms:DescribeKey"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJGMUI3DP2EVP3VGYO",
"PolicyName": "AmazonMSKReadOnlyAccess",
"UpdateDate": "2019-01-14T22:28:45+00:00",
"VersionId": "v1"
},
"AmazonMWAAServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonMWAAServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-11-24T14:13:41+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogStream",
"logs:CreateLogGroup",
"logs:DescribeLogGroups"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:airflow-*:*"
},
{
"Action": [
"ec2:AttachNetworkInterface",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DescribeDhcpOptions",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcs",
"ec2:DetachNetworkInterface"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateVpcEndpoint",
"Condition": {
"ForAnyValue:StringEquals": {
"aws:TagKeys": "AmazonMWAAManaged"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:vpc-endpoint/*"
},
{
"Action": [
"ec2:ModifyVpcEndpoint",
"ec2:DeleteVpcEndpoints"
],
"Condition": {
"Null": {
"aws:ResourceTag/AmazonMWAAManaged": false
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:vpc-endpoint/*"
},
{
"Action": [
"ec2:CreateVpcEndpoint",
"ec2:ModifyVpcEndpoint"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:vpc/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:subnet/*"
]
},
{
"Action": "ec2:CreateTags",
"Condition": {
"ForAnyValue:StringEquals": {
"aws:TagKeys": "AmazonMWAAManaged"
},
"StringEquals": {
"ec2:CreateAction": "CreateVpcEndpoint"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:vpc-endpoint/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4JU5RBMG7W",
"PolicyName": "AmazonMWAAServiceRolePolicy",
"UpdateDate": "2020-11-24T14:13:41+00:00",
"VersionId": "v1"
},
"AmazonMachineLearningBatchPredictionsAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningBatchPredictionsAccess",
"AttachmentCount": 0,
"CreateDate": "2015-04-09T17:12:19+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"machinelearning:CreateBatchPrediction",
"machinelearning:DeleteBatchPrediction",
"machinelearning:DescribeBatchPredictions",
"machinelearning:GetBatchPrediction",
"machinelearning:UpdateBatchPrediction"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAILOI4HTQSFTF3GQSC",
"PolicyName": "AmazonMachineLearningBatchPredictionsAccess",
"UpdateDate": "2015-04-09T17:12:19+00:00",
"VersionId": "v1"
},
"AmazonMachineLearningCreateOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningCreateOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-04-09T17:18:09+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"machinelearning:Add*",
"machinelearning:Create*",
"machinelearning:Delete*",
"machinelearning:Describe*",
"machinelearning:Get*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJDRUNIC2RYAMAT3CK",
"PolicyName": "AmazonMachineLearningCreateOnlyAccess",
"UpdateDate": "2016-06-29T20:55:03+00:00",
"VersionId": "v2"
},
"AmazonMachineLearningFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-04-09T17:25:41+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"machinelearning:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIWKW6AGSGYOQ5ERHC",
"PolicyName": "AmazonMachineLearningFullAccess",
"UpdateDate": "2015-04-09T17:25:41+00:00",
"VersionId": "v1"
},
"AmazonMachineLearningManageRealTimeEndpointOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningManageRealTimeEndpointOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-04-09T17:32:41+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"machinelearning:CreateRealtimeEndpoint",
"machinelearning:DeleteRealtimeEndpoint"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJJL3PC3VCSVZP6OCI",
"PolicyName": "AmazonMachineLearningManageRealTimeEndpointOnlyAccess",
"UpdateDate": "2015-04-09T17:32:41+00:00",
"VersionId": "v1"
},
"AmazonMachineLearningReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-04-09T17:40:02+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"machinelearning:Describe*",
"machinelearning:Get*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIW5VYBCGEX56JCINC",
"PolicyName": "AmazonMachineLearningReadOnlyAccess",
"UpdateDate": "2015-04-09T17:40:02+00:00",
"VersionId": "v1"
},
"AmazonMachineLearningRealTimePredictionOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningRealTimePredictionOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-04-09T17:44:06+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"machinelearning:Predict"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIWMCNQPRWMWT36GVQ",
"PolicyName": "AmazonMachineLearningRealTimePredictionOnlyAccess",
"UpdateDate": "2015-04-09T17:44:06+00:00",
"VersionId": "v1"
},
"AmazonMachineLearningRoleforRedshiftDataSourceV3": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonMachineLearningRoleforRedshiftDataSourceV3",
"AttachmentCount": 0,
"CreateDate": "2020-06-24T18:00:09+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:RevokeSecurityGroupIngress",
"redshift:AuthorizeClusterSecurityGroupIngress",
"redshift:CreateClusterSecurityGroup",
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"redshift:ModifyCluster",
"redshift:RevokeClusterSecurityGroupIngress"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:PutBucketPolicy",
"s3:GetBucketLocation",
"s3:GetBucketPolicy",
"s3:GetObject",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::amazon-machine-learning*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4DIXIZO4E2",
"PolicyName": "AmazonMachineLearningRoleforRedshiftDataSourceV3",
"UpdateDate": "2020-06-24T18:00:09+00:00",
"VersionId": "v1"
},
"AmazonMacieFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMacieFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-08-14T14:54:30+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"macie:*",
"macie2:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "macie.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJJF2N5FR6S5TZN5OA",
"PolicyName": "AmazonMacieFullAccess",
"UpdateDate": "2020-05-13T19:05:16+00:00",
"VersionId": "v3"
},
"AmazonMacieHandshakeRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonMacieHandshakeRole",
"AttachmentCount": 0,
"CreateDate": "2018-06-28T15:46:10+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"ForAnyValue:StringEquals": {
"iam:AWSServiceName": "macie.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ7CVEIVL347MLOVKI",
"PolicyName": "AmazonMacieHandshakeRole",
"UpdateDate": "2018-06-28T15:46:10+00:00",
"VersionId": "v1"
},
"AmazonMacieServiceRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonMacieServiceRole",
"AttachmentCount": 0,
"CreateDate": "2017-08-14T14:53:26+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"s3:Get*",
"s3:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJVV7PON3FPBL2PSGC",
"PolicyName": "AmazonMacieServiceRole",
"UpdateDate": "2017-08-14T14:53:26+00:00",
"VersionId": "v1"
},
"AmazonMacieServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonMacieServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-06-19T22:17:38+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"cloudtrail:DescribeTrails",
"cloudtrail:GetEventSelectors",
"cloudtrail:GetTrailStatus",
"cloudtrail:ListTags",
"cloudtrail:LookupEvents",
"iam:ListAccountAliases",
"organizations:DescribeAccount",
"organizations:ListAccounts",
"s3:GetAccountPublicAccessBlock",
"s3:ListAllMyBuckets",
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketPolicy",
"s3:GetBucketPolicyStatus",
"s3:GetBucketPublicAccessBlock",
"s3:GetBucketTagging",
"s3:GetBucketVersioning",
"s3:GetBucketWebsite",
"s3:GetEncryptionConfiguration",
"s3:GetLifecycleConfiguration",
"s3:GetReplicationConfiguration",
"s3:ListBucket",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectTagging"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudtrail:CreateTrail",
"cloudtrail:StartLogging",
"cloudtrail:StopLogging",
"cloudtrail:UpdateTrail",
"cloudtrail:DeleteTrail",
"cloudtrail:PutEventSelectors"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudtrail:*:*:trail/AWSMacieTrail-DO-NOT-EDIT"
},
{
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:DeleteBucketPolicy",
"s3:DeleteBucketWebsite",
"s3:DeleteObject",
"s3:DeleteObjectTagging",
"s3:DeleteObjectVersion",
"s3:DeleteObjectVersionTagging",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::awsmacie-*",
"arn:aws:s3:::awsmacietrail-*",
"arn:aws:s3:::*-awsmacietrail-*"
]
},
{
"Action": [
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/macie/*"
]
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/macie/*:log-stream:*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJPLHONRH2HP2H6TNQ",
"PolicyName": "AmazonMacieServiceRolePolicy",
"UpdateDate": "2021-04-13T17:55:07+00:00",
"VersionId": "v5"
},
"AmazonMacieSetupRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonMacieSetupRole",
"AttachmentCount": 0,
"CreateDate": "2017-08-14T14:53:34+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"cloudtrail:DescribeTrails",
"cloudtrail:GetEventSelectors",
"cloudtrail:GetTrailStatus",
"cloudtrail:ListTags",
"cloudtrail:LookupEvents",
"iam:ListAccountAliases",
"s3:GetBucket*",
"s3:ListBucket",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudtrail:CreateTrail",
"cloudtrail:StartLogging",
"cloudtrail:StopLogging",
"cloudtrail:UpdateTrail",
"cloudtrail:DeleteTrail",
"cloudtrail:PutEventSelectors"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudtrail:*:*:trail/AWSMacieTrail-DO-NOT-EDIT"
},
{
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:DeleteBucketPolicy",
"s3:DeleteBucketWebsite",
"s3:DeleteObject",
"s3:DeleteObjectTagging",
"s3:DeleteObjectVersion",
"s3:DeleteObjectVersionTagging",
"s3:PutBucketPolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::awsmacie-*",
"arn:aws:s3:::awsmacietrail-*",
"arn:aws:s3:::*-awsmacietrail-*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ5DC6UBVKND7ADSKA",
"PolicyName": "AmazonMacieSetupRole",
"UpdateDate": "2019-09-27T18:41:21+00:00",
"VersionId": "v2"
},
"AmazonManagedBlockchainConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonManagedBlockchainConsoleFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-04-29T21:23:25+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"managedblockchain:*",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:CreateVpcEndpoint",
"kms:ListAliases",
"kms:DescribeKey"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4ONVQBFILL",
"PolicyName": "AmazonManagedBlockchainConsoleFullAccess",
"UpdateDate": "2019-04-29T21:23:25+00:00",
"VersionId": "v1"
},
"AmazonManagedBlockchainFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonManagedBlockchainFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-04-29T21:39:29+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"managedblockchain:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4CGBOJKRYD",
"PolicyName": "AmazonManagedBlockchainFullAccess",
"UpdateDate": "2019-04-29T21:39:29+00:00",
"VersionId": "v1"
},
"AmazonManagedBlockchainReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonManagedBlockchainReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-04-30T18:17:31+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"managedblockchain:Get*",
"managedblockchain:List*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4OIIAURVWV",
"PolicyName": "AmazonManagedBlockchainReadOnlyAccess",
"UpdateDate": "2019-04-30T18:17:31+00:00",
"VersionId": "v1"
},
"AmazonManagedBlockchainServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonManagedBlockchainServiceRolePolicy",
"AttachmentCount": 1,
"CreateDate": "2020-01-17T19:51:28+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/managedblockchain/*"
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/managedblockchain/*:log-stream:*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MMO7477QN",
"PolicyName": "AmazonManagedBlockchainServiceRolePolicy",
"UpdateDate": "2020-01-17T19:51:28+00:00",
"VersionId": "v1"
},
"AmazonMechanicalTurkFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMechanicalTurkFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-12-11T19:08:19+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"mechanicalturk:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJDGCL5BET73H5QIQC",
"PolicyName": "AmazonMechanicalTurkFullAccess",
"UpdateDate": "2015-12-11T19:08:19+00:00",
"VersionId": "v1"
},
"AmazonMechanicalTurkReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AmazonMechanicalTurkReadOnly",
"AttachmentCount": 0,
"CreateDate": "2015-12-11T19:08:28+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"mechanicalturk:Get*",
"mechanicalturk:List*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIO5IY3G3WXSX5PPRM",
"PolicyName": "AmazonMechanicalTurkReadOnly",
"UpdateDate": "2019-09-25T21:06:26+00:00",
"VersionId": "v3"
},
"AmazonMobileAnalyticsFinancialReportAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFinancialReportAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:35+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"mobileanalytics:GetReports",
"mobileanalytics:GetFinancialReports"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJKJHO2R27TXKCWBU4",
"PolicyName": "AmazonMobileAnalyticsFinancialReportAccess",
"UpdateDate": "2015-02-06T18:40:35+00:00",
"VersionId": "v1"
},
"AmazonMobileAnalyticsFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:34+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "mobileanalytics:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIJIKLU2IJ7WJ6DZFG",
"PolicyName": "AmazonMobileAnalyticsFullAccess",
"UpdateDate": "2015-02-06T18:40:34+00:00",
"VersionId": "v1"
},
"AmazonMobileAnalyticsNon-financialReportAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMobileAnalyticsNon-financialReportAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:36+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "mobileanalytics:GetReports",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIQLKQ4RXPUBBVVRDE",
"PolicyName": "AmazonMobileAnalyticsNon-financialReportAccess",
"UpdateDate": "2015-02-06T18:40:36+00:00",
"VersionId": "v1"
},
"AmazonMobileAnalyticsWriteOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMobileAnalyticsWriteOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:37+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "mobileanalytics:PutEvents",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ5TAWBBQC2FAL3G6G",
"PolicyName": "AmazonMobileAnalyticsWriteOnlyAccess",
"UpdateDate": "2015-02-06T18:40:37+00:00",
"VersionId": "v1"
},
"AmazonMonitronFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonMonitronFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-12-02T22:40:28+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "monitron.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"monitron:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:ListKeys",
"kms:DescribeKey",
"kms:ListAliases"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "kms:CreateGrant",
"Condition": {
"Bool": {
"kms:GrantIsForAWSResource": true
},
"StringLike": {
"kms:ViaService": [
"monitron.*.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
"ds:DescribeDirectories",
"ds:DescribeTrusts"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AWSSSOPermissions"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MHDVZEITQ",
"PolicyName": "AmazonMonitronFullAccess",
"UpdateDate": "2020-12-02T22:40:28+00:00",
"VersionId": "v1"
},
"AmazonNimbleStudio-LaunchProfileWorker": {
"Arn": "arn:aws:iam::aws:policy/AmazonNimbleStudio-LaunchProfileWorker",
"AttachmentCount": 0,
"CreateDate": "2021-04-28T04:47:02+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"fsx:DescribeFileSystems",
"ds:DescribeDirectories"
],
"Condition": {
"StringEquals": {
"aws:CalledViaLast": "nimble.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "GetLaunchProfileInitializationDependencies"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4G3GPJQ7LQ",
"PolicyName": "AmazonNimbleStudio-LaunchProfileWorker",
"UpdateDate": "2021-04-28T04:47:02+00:00",
"VersionId": "v1"
},
"AmazonNimbleStudio-StudioAdmin": {
"Arn": "arn:aws:iam::aws:policy/AmazonNimbleStudio-StudioAdmin",
"AttachmentCount": 0,
"CreateDate": "2021-04-28T04:47:36+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"nimble:CreateStreamingSession",
"nimble:GetStreamingSession",
"nimble:CreateStreamingSessionStream",
"nimble:GetStreamingSessionStream",
"nimble:DeleteStreamingSession",
"nimble:ListEulas",
"nimble:ListEulaAcceptances",
"nimble:GetEula",
"nimble:AcceptEulas",
"nimble:ListStudioMembers",
"nimble:GetStudioMember",
"nimble:ListStreamingSessions",
"nimble:GetStreamingImage",
"nimble:ListStreamingImages",
"nimble:GetLaunchProfileInitialization",
"nimble:GetLaunchProfileDetails",
"nimble:GetFeatureMap",
"nimble:PutStudioLogEvents",
"nimble:ListLaunchProfiles",
"nimble:GetLaunchProfile",
"nimble:GetLaunchProfileMember",
"nimble:ListLaunchProfileMembers",
"nimble:PutLaunchProfileMembers",
"nimble:UpdateLaunchProfileMember",
"nimble:DeleteLaunchProfileMember"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "StudioAdminFullAccess"
},
{
"Action": [
"sso-directory:DescribeUsers",
"sso-directory:SearchUsers"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ds:CreateComputer",
"ds:DescribeDirectories",
"ec2:DescribeSubnets",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DescribeSecurityGroups",
"fsx:DescribeFileSystems"
],
"Condition": {
"StringEquals": {
"aws:CalledViaLast": "nimble.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4PTQDL2ND4",
"PolicyName": "AmazonNimbleStudio-StudioAdmin",
"UpdateDate": "2021-04-28T04:47:36+00:00",
"VersionId": "v1"
},
"AmazonNimbleStudio-StudioUser": {
"Arn": "arn:aws:iam::aws:policy/AmazonNimbleStudio-StudioUser",
"AttachmentCount": 0,
"CreateDate": "2021-04-28T04:48:11+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ds:CreateComputer",
"ec2:DescribeSubnets",
"ec2:CreateNetworkInterfacePermission",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DeleteNetworkInterface",
"ec2:CreateNetworkInterface",
"ec2:DescribeSecurityGroups",
"fsx:DescribeFileSystems",
"ds:DescribeDirectories"
],
"Condition": {
"StringEquals": {
"aws:CalledViaLast": "nimble.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"sso-directory:DescribeUsers",
"sso-directory:SearchUsers"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"nimble:ListLaunchProfiles"
],
"Condition": {
"StringEquals": {
"nimble:requesterPrincipalId": "${nimble:principalId}"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"nimble:ListStudioMembers",
"nimble:GetStudioMember",
"nimble:ListEulas",
"nimble:ListEulaAcceptances",
"nimble:GetFeatureMap",
"nimble:PutStudioLogEvents"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"nimble:DeleteStreamingSession",
"nimble:GetStreamingSession",
"nimble:CreateStreamingSessionStream",
"nimble:GetStreamingSessionStream",
"nimble:ListStreamingSessions"
],
"Condition": {
"StringEquals": {
"nimble:createdBy": "${nimble:requesterPrincipalId}"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4CA37MTXJV",
"PolicyName": "AmazonNimbleStudio-StudioUser",
"UpdateDate": "2021-04-28T04:48:11+00:00",
"VersionId": "v1"
},
"AmazonPersonalizeFullAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonPersonalizeFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-12-04T22:24:33+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"personalize:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:PutMetricData",
"cloudwatch:ListMetrics"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*Personalize*",
"arn:aws:s3:::*personalize*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "personalize.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ45XBPPZNI3MMVAUK",
"PolicyName": "AmazonPersonalizeFullAccess",
"UpdateDate": "2019-05-30T23:46:59+00:00",
"VersionId": "v2"
},
"AmazonPollyFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonPollyFullAccess",
"AttachmentCount": 0,
"CreateDate": "2016-11-30T18:59:06+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"polly:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJUZOYQU6XQYPR7EWS",
"PolicyName": "AmazonPollyFullAccess",
"UpdateDate": "2016-11-30T18:59:06+00:00",
"VersionId": "v1"
},
"AmazonPollyReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonPollyReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2016-11-30T18:59:24+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"polly:DescribeVoices",
"polly:GetLexicon",
"polly:GetSpeechSynthesisTask",
"polly:ListLexicons",
"polly:ListSpeechSynthesisTasks",
"polly:SynthesizeSpeech"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ5FENL3CVPL2FPDLA",
"PolicyName": "AmazonPollyReadOnlyAccess",
"UpdateDate": "2018-07-17T16:41:07+00:00",
"VersionId": "v2"
},
"AmazonPrometheusConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonPrometheusConsoleFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-12-15T18:11:10+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"aps:CreateWorkspace",
"aps:DescribeWorkspace",
"aps:UpdateWorkspaceAlias",
"aps:DeleteWorkspace",
"aps:ListWorkspaces"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4P7IR2JZ6H",
"PolicyName": "AmazonPrometheusConsoleFullAccess",
"UpdateDate": "2020-12-15T18:11:10+00:00",
"VersionId": "v1"
},
"AmazonPrometheusFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonPrometheusFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-12-15T18:10:46+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"aps:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4POZK2DGLM",
"PolicyName": "AmazonPrometheusFullAccess",
"UpdateDate": "2020-12-15T18:10:46+00:00",
"VersionId": "v1"
},
"AmazonPrometheusQueryAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonPrometheusQueryAccess",
"AttachmentCount": 0,
"CreateDate": "2020-12-19T01:02:58+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"aps:GetLabels",
"aps:GetMetricMetadata",
"aps:GetSeries",
"aps:QueryMetrics"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4GQ2MT4E46",
"PolicyName": "AmazonPrometheusQueryAccess",
"UpdateDate": "2020-12-19T01:02:58+00:00",
"VersionId": "v1"
},
"AmazonPrometheusRemoteWriteAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonPrometheusRemoteWriteAccess",
"AttachmentCount": 0,
"CreateDate": "2020-12-19T01:04:32+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"aps:RemoteWrite"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4JHMXH2L3T",
"PolicyName": "AmazonPrometheusRemoteWriteAccess",
"UpdateDate": "2020-12-19T01:04:32+00:00",
"VersionId": "v1"
},
"AmazonQLDBConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonQLDBConsoleFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-09-05T18:24:20+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"qldb:CreateLedger",
"qldb:UpdateLedger",
"qldb:UpdateLedgerPermissionsMode",
"qldb:DeleteLedger",
"qldb:ListLedgers",
"qldb:DescribeLedger",
"qldb:ExportJournalToS3",
"qldb:ListJournalS3Exports",
"qldb:ListJournalS3ExportsForLedger",
"qldb:DescribeJournalS3Export",
"qldb:CancelJournalKinesisStream",
"qldb:DescribeJournalKinesisStream",
"qldb:ListJournalKinesisStreamsForLedger",
"qldb:StreamJournalToKinesis",
"qldb:GetBlock",
"qldb:GetDigest",
"qldb:GetRevision",
"qldb:TagResource",
"qldb:UntagResource",
"qldb:ListTagsForResource",
"qldb:SendCommand",
"qldb:ExecuteStatement",
"qldb:ShowCatalog",
"qldb:InsertSampleData",
"qldb:PartiQLCreateTable",
"qldb:PartiQLCreateIndex",
"qldb:PartiQLDropTable",
"qldb:PartiQLDropIndex",
"qldb:PartiQLUndropTable",
"qldb:PartiQLDelete",
"qldb:PartiQLInsert",
"qldb:PartiQLUpdate",
"qldb:PartiQLSelect",
"qldb:PartiQLHistoryFunction"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"dbqms:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kinesis:ListStreams",
"kinesis:DescribeStream"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4H2DEHAFRU",
"PolicyName": "AmazonQLDBConsoleFullAccess",
"UpdateDate": "2021-05-27T17:22:17+00:00",
"VersionId": "v3"
},
"AmazonQLDBFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonQLDBFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-09-05T18:23:32+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"qldb:CreateLedger",
"qldb:UpdateLedger",
"qldb:UpdateLedgerPermissionsMode",
"qldb:DeleteLedger",
"qldb:ListLedgers",
"qldb:DescribeLedger",
"qldb:ExportJournalToS3",
"qldb:ListJournalS3Exports",
"qldb:ListJournalS3ExportsForLedger",
"qldb:DescribeJournalS3Export",
"qldb:CancelJournalKinesisStream",
"qldb:DescribeJournalKinesisStream",
"qldb:ListJournalKinesisStreamsForLedger",
"qldb:StreamJournalToKinesis",
"qldb:GetDigest",
"qldb:GetRevision",
"qldb:GetBlock",
"qldb:TagResource",
"qldb:UntagResource",
"qldb:ListTagsForResource",
"qldb:SendCommand",
"qldb:PartiQLCreateTable",
"qldb:PartiQLCreateIndex",
"qldb:PartiQLDropTable",
"qldb:PartiQLDropIndex",
"qldb:PartiQLUndropTable",
"qldb:PartiQLDelete",
"qldb:PartiQLInsert",
"qldb:PartiQLUpdate",
"qldb:PartiQLSelect",
"qldb:PartiQLHistoryFunction"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4HHBBWGE2J",
"PolicyName": "AmazonQLDBFullAccess",
"UpdateDate": "2021-05-27T17:15:06+00:00",
"VersionId": "v3"
},
"AmazonQLDBReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AmazonQLDBReadOnly",
"AttachmentCount": 0,
"CreateDate": "2019-09-05T18:19:24+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"qldb:ListLedgers",
"qldb:DescribeLedger",
"qldb:ListJournalS3Exports",
"qldb:ListJournalS3ExportsForLedger",
"qldb:DescribeJournalS3Export",
"qldb:DescribeJournalKinesisStream",
"qldb:ListJournalKinesisStreamsForLedger",
"qldb:GetBlock",
"qldb:GetDigest",
"qldb:GetRevision",
"qldb:GetBlock",
"qldb:ListTagsForResource"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4IC74JOQJR",
"PolicyName": "AmazonQLDBReadOnly",
"UpdateDate": "2020-05-19T17:47:55+00:00",
"VersionId": "v2"
},
"AmazonRDSBetaServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSBetaServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-05-02T19:41:04+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"ec2:AllocateAddress",
"ec2:AssociateAddress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeCoipPools",
"ec2:DescribeInternetGateways",
"ec2:DescribeLocalGatewayRouteTables",
"ec2:DescribeLocalGatewayRouteTableVpcAssociations",
"ec2:DescribeLocalGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
"ec2:DisassociateAddress",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ModifyVpcEndpoint",
"ec2:ReleaseAddress",
"ec2:RevokeSecurityGroupIngress",
"ec2:CreateVpcEndpoint",
"ec2:DescribeVpcEndpoints",
"ec2:DeleteVpcEndpoints"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/rds/*"
]
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*"
]
},
{
"Action": [
"cloudwatch:PutMetricData"
],
"Condition": {
"StringEquals": {
"cloudwatch:namespace": "AWS/RDS"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ36CJAE6OYAR4YEK4",
"PolicyName": "AmazonRDSBetaServiceRolePolicy",
"UpdateDate": "2020-11-18T22:40:34+00:00",
"VersionId": "v5"
},
"AmazonRDSDataFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRDSDataFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-20T21:29:36+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:PutResourcePolicy",
"secretsmanager:PutSecretValue",
"secretsmanager:DeleteSecret",
"secretsmanager:DescribeSecret",
"secretsmanager:TagResource"
],
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:*:*:secret:rds-db-credentials/*",
"Sid": "SecretsManagerDbCredentialsAccess"
},
{
"Action": [
"dbqms:CreateFavoriteQuery",
"dbqms:DescribeFavoriteQueries",
"dbqms:UpdateFavoriteQuery",
"dbqms:DeleteFavoriteQueries",
"dbqms:GetQueryString",
"dbqms:CreateQueryHistory",
"dbqms:DescribeQueryHistory",
"dbqms:UpdateQueryHistory",
"dbqms:DeleteQueryHistory",
"rds-data:ExecuteSql",
"rds-data:ExecuteStatement",
"rds-data:BatchExecuteStatement",
"rds-data:BeginTransaction",
"rds-data:CommitTransaction",
"rds-data:RollbackTransaction",
"secretsmanager:CreateSecret",
"secretsmanager:ListSecrets",
"secretsmanager:GetRandomPassword",
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "RDSDataServiceAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ5HUMNZCSW4IC74T6",
"PolicyName": "AmazonRDSDataFullAccess",
"UpdateDate": "2019-11-20T21:58:46+00:00",
"VersionId": "v3"
},
"AmazonRDSDirectoryServiceAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess",
"AttachmentCount": 0,
"CreateDate": "2016-02-26T02:02:05+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"ds:DescribeDirectories",
"ds:AuthorizeApplication",
"ds:UnauthorizeApplication",
"ds:GetAuthorizedApplicationDetails"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIL4KBY57XWMYUHKUU",
"PolicyName": "AmazonRDSDirectoryServiceAccess",
"UpdateDate": "2019-05-15T16:51:50+00:00",
"VersionId": "v2"
},
"AmazonRDSEnhancedMonitoringRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole",
"AttachmentCount": 0,
"CreateDate": "2015-11-11T19:58:29+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:PutRetentionPolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:RDS*"
],
"Sid": "EnableCreationAndManagementOfRDSCloudwatchLogGroups"
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams",
"logs:GetLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:RDS*:log-stream:*"
],
"Sid": "EnableCreationAndManagementOfRDSCloudwatchLogStreams"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJV7BS425S4PTSSVGK",
"PolicyName": "AmazonRDSEnhancedMonitoringRole",
"UpdateDate": "2015-11-11T19:58:29+00:00",
"VersionId": "v1"
},
"AmazonRDSFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRDSFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:52+00:00",
"DefaultVersionId": "v8",
"Document": {
"Statement": [
{
"Action": [
"rds:*",
"application-autoscaling:DeleteScalingPolicy",
"application-autoscaling:DeregisterScalableTarget",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:RegisterScalableTarget",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricStatistics",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DeleteAlarms",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeCoipPools",
"ec2:DescribeInternetGateways",
"ec2:DescribeLocalGatewayRouteTables",
"ec2:DescribeLocalGatewayRouteTableVpcAssociations",
"ec2:DescribeLocalGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
"ec2:GetCoipPoolUsage",
"sns:ListSubscriptions",
"sns:ListTopics",
"sns:Publish",
"logs:DescribeLogStreams",
"logs:GetLogEvents",
"outposts:GetOutpostInstanceTypes"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "pi:*",
"Effect": "Allow",
"Resource": "arn:aws:pi:*:*:metrics/rds/*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": [
"rds.amazonaws.com",
"rds.application-autoscaling.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI3R4QMOG6Q5A4VWVG",
"PolicyName": "AmazonRDSFullAccess",
"UpdateDate": "2020-11-24T19:30:26+00:00",
"VersionId": "v8"
},
"AmazonRDSPreviewServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSPreviewServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-05-31T18:02:00+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"rds:CrossRegionCommunication"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AllocateAddress",
"ec2:AssociateAddress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeCoipPools",
"ec2:DescribeInternetGateways",
"ec2:DescribeLocalGatewayRouteTables",
"ec2:DescribeLocalGatewayRouteTableVpcAssociations",
"ec2:DescribeLocalGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
"ec2:DisassociateAddress",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ReleaseAddress",
"ec2:RevokeSecurityGroupIngress"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/rds/*"
]
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*"
]
},
{
"Action": [
"cloudwatch:PutMetricData"
],
"Condition": {
"StringEquals": {
"cloudwatch:namespace": "AWS/RDS"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIZHJJBU3675JOUEMQ",
"PolicyName": "AmazonRDSPreviewServiceRolePolicy",
"UpdateDate": "2020-11-19T19:54:51+00:00",
"VersionId": "v4"
},
"AmazonRDSReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRDSReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:53+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"rds:Describe*",
"rds:ListTagsForResource",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:GetMetricStatistics",
"logs:DescribeLogStreams",
"logs:GetLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJKTTTYV2IIHKLZ346",
"PolicyName": "AmazonRDSReadOnlyAccess",
"UpdateDate": "2017-08-28T21:36:32+00:00",
"VersionId": "v3"
},
"AmazonRDSServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-01-08T18:17:46+00:00",
"DefaultVersionId": "v9",
"Document": {
"Statement": [
{
"Action": [
"rds:CrossRegionCommunication"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AllocateAddress",
"ec2:AssociateAddress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeCoipPools",
"ec2:DescribeInternetGateways",
"ec2:DescribeLocalGatewayRouteTables",
"ec2:DescribeLocalGatewayRouteTableVpcAssociations",
"ec2:DescribeLocalGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
"ec2:DisassociateAddress",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ModifyVpcEndpoint",
"ec2:ReleaseAddress",
"ec2:RevokeSecurityGroupIngress",
"ec2:CreateVpcEndpoint",
"ec2:DescribeVpcEndpoints",
"ec2:DeleteVpcEndpoints",
"ec2:AssignPrivateIpAddresses",
"ec2:UnassignPrivateIpAddresses"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/rds/*",
"arn:aws:logs:*:*:log-group:/aws/docdb/*",
"arn:aws:logs:*:*:log-group:/aws/neptune/*"
]
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*",
"arn:aws:logs:*:*:log-group:/aws/docdb/*:log-stream:*",
"arn:aws:logs:*:*:log-group:/aws/neptune/*:log-stream:*"
]
},
{
"Action": [
"kinesis:CreateStream",
"kinesis:PutRecord",
"kinesis:PutRecords",
"kinesis:DescribeStream",
"kinesis:SplitShard",
"kinesis:MergeShards",
"kinesis:DeleteStream",
"kinesis:UpdateShardCount"
],
"Effect": "Allow",
"Resource": [
"arn:aws:kinesis:*:*:stream/aws-rds-das-*"
]
},
{
"Action": [
"cloudwatch:PutMetricData"
],
"Condition": {
"StringEquals": {
"cloudwatch:namespace": "AWS/RDS"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIPEU5ZOBJWKWHUIBA",
"PolicyName": "AmazonRDSServiceRolePolicy",
"UpdateDate": "2020-11-21T00:08:24+00:00",
"VersionId": "v9"
},
"AmazonRedshiftDataFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRedshiftDataFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-09-09T19:23:55+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"redshift-data:ExecuteStatement",
"redshift-data:CancelStatement",
"redshift-data:ListStatements",
"redshift-data:GetStatementResult",
"redshift-data:DescribeStatement",
"redshift-data:ListDatabases",
"redshift-data:ListSchemas",
"redshift-data:ListTables",
"redshift-data:DescribeTable"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "DataAPIPermissions"
},
{
"Action": [
"secretsmanager:GetSecretValue"
],
"Condition": {
"StringLike": {
"secretsmanager:ResourceTag/RedshiftDataFullAccess": "*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "SecretsManagerPermissions"
},
{
"Action": "redshift:GetClusterCredentials",
"Effect": "Allow",
"Resource": [
"arn:aws:redshift:*:*:dbname:*/*",
"arn:aws:redshift:*:*:dbuser:*/redshift_data_api_user"
],
"Sid": "GetCredentialsForAPIUser"
},
{
"Action": "redshift:CreateClusterUser",
"Effect": "Deny",
"Resource": [
"arn:aws:redshift:*:*:dbuser:*/redshift_data_api_user"
],
"Sid": "DenyCreateAPIUser"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "redshift-data.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/redshift-data.amazonaws.com/AWSServiceRoleForRedshift",
"Sid": "ServiceLinkedRole"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4PX5LA5SG6",
"PolicyName": "AmazonRedshiftDataFullAccess",
"UpdateDate": "2020-09-09T19:23:55+00:00",
"VersionId": "v1"
},
"AmazonRedshiftFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRedshiftFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:50+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"redshift:*",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeInternetGateways",
"sns:CreateTopic",
"sns:Get*",
"sns:List*",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"cloudwatch:PutMetricAlarm",
"cloudwatch:EnableAlarmActions",
"cloudwatch:DisableAlarmActions",
"tag:GetResources",
"tag:UntagResources",
"tag:GetTagValues",
"tag:GetTagKeys",
"tag:TagResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "redshift.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/redshift.amazonaws.com/AWSServiceRoleForRedshift"
},
{
"Action": [
"redshift-data:ExecuteStatement",
"redshift-data:CancelStatement",
"redshift-data:ListStatements",
"redshift-data:GetStatementResult",
"redshift-data:DescribeStatement",
"redshift-data:ListDatabases",
"redshift-data:ListSchemas",
"redshift-data:ListTables",
"redshift-data:DescribeTable"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "DataAPIPermissions"
},
{
"Action": [
"secretsmanager:ListSecrets"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "SecretsManagerListPermissions"
},
{
"Action": [
"secretsmanager:CreateSecret",
"secretsmanager:GetSecretValue",
"secretsmanager:TagResource"
],
"Condition": {
"StringLike": {
"secretsmanager:ResourceTag/RedshiftDataFullAccess": "*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "SecretsManagerCreateGetPermissions"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAISEKCHH4YDB46B5ZO",
"PolicyName": "AmazonRedshiftFullAccess",
"UpdateDate": "2020-09-09T19:51:19+00:00",
"VersionId": "v4"
},
"AmazonRedshiftQueryEditor": {
"Arn": "arn:aws:iam::aws:policy/AmazonRedshiftQueryEditor",
"AttachmentCount": 1,
"CreateDate": "2018-10-04T22:50:32+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"redshift:GetClusterCredentials",
"redshift:ListSchemas",
"redshift:ListTables",
"redshift:ListDatabases",
"redshift:ExecuteQuery",
"redshift:FetchResults",
"redshift:CancelQuery",
"redshift:DescribeClusters",
"redshift:DescribeQuery",
"redshift:DescribeTable",
"redshift:ViewQueriesFromConsole",
"redshift:DescribeSavedQueries",
"redshift:CreateSavedQuery",
"redshift:DeleteSavedQueries",
"redshift:ModifySavedQuery"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"redshift-data:ExecuteStatement",
"redshift-data:ListDatabases",
"redshift-data:ListSchemas",
"redshift-data:ListTables",
"redshift-data:DescribeTable"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "DataAPIPermissions"
},
{
"Action": [
"redshift-data:GetStatementResult",
"redshift-data:CancelStatement",
"redshift-data:DescribeStatement",
"redshift-data:ListStatements"
],
"Condition": {
"StringEquals": {
"redshift-data:statement-owner-iam-userid": "${aws:userid}"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "DataAPIIAMSessionPermissionsRestriction"
},
{
"Action": [
"secretsmanager:ListSecrets"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "SecretsManagerListPermissions"
},
{
"Action": [
"secretsmanager:CreateSecret",
"secretsmanager:GetSecretValue",
"secretsmanager:TagResource"
],
"Condition": {
"StringEquals": {
"secretsmanager:ResourceTag/RedshiftQueryOwner": "${aws:userid}"
}
},
"Effect": "Allow",
"Resource": "arn:aws:secretsmanager:*:*:secret:*",
"Sid": "SecretsManagerCreateGetPermissions"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAINVFHHP7CWVHTGBGM",
"PolicyName": "AmazonRedshiftQueryEditor",
"UpdateDate": "2021-02-16T19:33:45+00:00",
"VersionId": "v4"
},
"AmazonRedshiftReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRedshiftReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:51+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"redshift:Describe*",
"redshift:ViewQueriesInConsole",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeInternetGateways",
"sns:Get*",
"sns:List*",
"cloudwatch:Describe*",
"cloudwatch:List*",
"cloudwatch:Get*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIGD46KSON64QBSEZM",
"PolicyName": "AmazonRedshiftReadOnlyAccess",
"UpdateDate": "2015-02-06T18:40:51+00:00",
"VersionId": "v1"
},
"AmazonRedshiftServiceLinkedRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRedshiftServiceLinkedRolePolicy",
"AttachmentCount": 1,
"CreateDate": "2017-09-18T19:19:45+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeAddresses",
"ec2:AssociateAddress",
"ec2:DisassociateAddress",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:CreateVpcEndpoint",
"ec2:DeleteVpcEndpoints",
"ec2:DescribeVpcEndpoints",
"ec2:ModifyVpcEndpoint"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJPY2VXNRUYOY3SRZS",
"PolicyName": "AmazonRedshiftServiceLinkedRolePolicy",
"UpdateDate": "2020-09-15T20:44:31+00:00",
"VersionId": "v3"
},
"AmazonRekognitionCustomLabelsFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRekognitionCustomLabelsFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-01-08T19:18:34+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"s3:ListBucket",
"s3:ListAllMyBuckets",
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectTagging",
"s3:GetObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*custom-labels*"
},
{
"Action": [
"rekognition:CreateProject",
"rekognition:CreateProjectVersion",
"rekognition:StartProjectVersion",
"rekognition:StopProjectVersion",
"rekognition:DescribeProjects",
"rekognition:DescribeProjectVersions",
"rekognition:DetectCustomLabels",
"rekognition:DeleteProject",
"rekognition:DeleteProjectVersion"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4OJEQDEQQQ",
"PolicyName": "AmazonRekognitionCustomLabelsFullAccess",
"UpdateDate": "2020-04-17T17:26:10+00:00",
"VersionId": "v2"
},
"AmazonRekognitionFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRekognitionFullAccess",
"AttachmentCount": 0,
"CreateDate": "2016-11-30T14:40:44+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"rekognition:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIWDAOK6AIFDVX6TT6",
"PolicyName": "AmazonRekognitionFullAccess",
"UpdateDate": "2016-11-30T14:40:44+00:00",
"VersionId": "v1"
},
"AmazonRekognitionReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRekognitionReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2016-11-30T14:58:06+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"rekognition:CompareFaces",
"rekognition:DetectFaces",
"rekognition:DetectLabels",
"rekognition:ListCollections",
"rekognition:ListFaces",
"rekognition:SearchFaces",
"rekognition:SearchFacesByImage",
"rekognition:DetectText",
"rekognition:GetCelebrityInfo",
"rekognition:RecognizeCelebrities",
"rekognition:DetectModerationLabels",
"rekognition:GetLabelDetection",
"rekognition:GetFaceDetection",
"rekognition:GetContentModeration",
"rekognition:GetPersonTracking",
"rekognition:GetCelebrityRecognition",
"rekognition:GetFaceSearch",
"rekognition:GetTextDetection",
"rekognition:GetSegmentDetection",
"rekognition:DescribeStreamProcessor",
"rekognition:ListStreamProcessors",
"rekognition:DescribeProjects",
"rekognition:DescribeProjectVersions",
"rekognition:DetectCustomLabels",
"rekognition:DetectProtectiveEquipment"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAILWSUHXUY4ES43SA4",
"PolicyName": "AmazonRekognitionReadOnlyAccess",
"UpdateDate": "2020-10-15T22:07:44+00:00",
"VersionId": "v6"
},
"AmazonRekognitionServiceRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonRekognitionServiceRole",
"AttachmentCount": 0,
"CreateDate": "2017-11-29T16:52:13+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:AmazonRekognition*"
},
{
"Action": [
"kinesis:PutRecord",
"kinesis:PutRecords"
],
"Effect": "Allow",
"Resource": "arn:aws:kinesis:*:*:stream/AmazonRekognition*"
},
{
"Action": [
"kinesisvideo:GetDataEndpoint",
"kinesisvideo:GetMedia"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJI6Q3CUQAVBJ2CTE2",
"PolicyName": "AmazonRekognitionServiceRole",
"UpdateDate": "2017-11-29T16:52:13+00:00",
"VersionId": "v1"
},
"AmazonRoute53AutoNamingFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRoute53AutoNamingFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-01-18T18:40:41+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"route53:GetHostedZone",
"route53:ListHostedZonesByName",
"route53:CreateHostedZone",
"route53:DeleteHostedZone",
"route53:ChangeResourceRecordSets",
"route53:CreateHealthCheck",
"route53:GetHealthCheck",
"route53:DeleteHealthCheck",
"route53:UpdateHealthCheck",
"ec2:DescribeVpcs",
"ec2:DescribeRegions",
"servicediscovery:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJCNJBBLMJN2ZMV62Y",
"PolicyName": "AmazonRoute53AutoNamingFullAccess",
"UpdateDate": "2018-01-18T18:40:41+00:00",
"VersionId": "v1"
},
"AmazonRoute53AutoNamingReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRoute53AutoNamingReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-01-18T03:02:59+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"servicediscovery:Get*",
"servicediscovery:List*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJBPMV2EFBFFKJ6SI4",
"PolicyName": "AmazonRoute53AutoNamingReadOnlyAccess",
"UpdateDate": "2018-01-18T03:02:59+00:00",
"VersionId": "v1"
},
"AmazonRoute53AutoNamingRegistrantAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRoute53AutoNamingRegistrantAccess",
"AttachmentCount": 0,
"CreateDate": "2018-03-12T22:33:20+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"route53:GetHostedZone",
"route53:ListHostedZonesByName",
"route53:ChangeResourceRecordSets",
"route53:CreateHealthCheck",
"route53:GetHealthCheck",
"route53:DeleteHealthCheck",
"route53:UpdateHealthCheck",
"servicediscovery:Get*",
"servicediscovery:List*",
"servicediscovery:RegisterInstance",
"servicediscovery:DeregisterInstance"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJKXLG7EKP2O5SVZW6",
"PolicyName": "AmazonRoute53AutoNamingRegistrantAccess",
"UpdateDate": "2018-03-12T22:33:20+00:00",
"VersionId": "v1"
},
"AmazonRoute53DomainsFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRoute53DomainsFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:56+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"route53:CreateHostedZone",
"route53domains:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIPAFBMIYUILMOKL6G",
"PolicyName": "AmazonRoute53DomainsFullAccess",
"UpdateDate": "2015-02-06T18:40:56+00:00",
"VersionId": "v1"
},
"AmazonRoute53DomainsReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRoute53DomainsReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:57+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"route53domains:Get*",
"route53domains:List*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIDRINP6PPTRXYVQCI",
"PolicyName": "AmazonRoute53DomainsReadOnlyAccess",
"UpdateDate": "2015-02-06T18:40:57+00:00",
"VersionId": "v1"
},
"AmazonRoute53FullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRoute53FullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:54+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"route53:*",
"route53domains:*",
"cloudfront:ListDistributions",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticbeanstalk:DescribeEnvironments",
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetBucketWebsite",
"ec2:DescribeVpcs",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeRegions",
"sns:ListTopics",
"sns:ListSubscriptionsByTopic",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricStatistics"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "apigateway:GET",
"Effect": "Allow",
"Resource": "arn:aws:apigateway:*::/domainnames"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJWVDLG5RPST6PHQ3A",
"PolicyName": "AmazonRoute53FullAccess",
"UpdateDate": "2018-12-20T21:42:00+00:00",
"VersionId": "v4"
},
"AmazonRoute53ReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRoute53ReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:55+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"route53:Get*",
"route53:List*",
"route53:TestDNSAnswer"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAITOYK2ZAOQFXV2JNC",
"PolicyName": "AmazonRoute53ReadOnlyAccess",
"UpdateDate": "2016-11-15T21:15:16+00:00",
"VersionId": "v2"
},
"AmazonRoute53ResolverFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRoute53ResolverFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-05-30T18:10:50+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"route53resolver:*",
"ec2:DescribeSubnets",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DescribeNetworkInterfaces",
"ec2:CreateNetworkInterfacePermission",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcs",
"ec2:DescribeAvailabilityZones"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MZN2MQCY3",
"PolicyName": "AmazonRoute53ResolverFullAccess",
"UpdateDate": "2020-07-17T19:03:27+00:00",
"VersionId": "v2"
},
"AmazonRoute53ResolverReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonRoute53ResolverReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-05-30T18:11:31+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"route53resolver:Get*",
"route53resolver:List*",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4CARVKYCWY",
"PolicyName": "AmazonRoute53ResolverReadOnlyAccess",
"UpdateDate": "2019-09-27T16:37:48+00:00",
"VersionId": "v2"
},
"AmazonS3FullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonS3FullAccess",
"AttachmentCount": 3,
"CreateDate": "2015-02-06T18:40:58+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "s3:*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIFIR6V6BVTRAHWINE",
"PolicyName": "AmazonS3FullAccess",
"UpdateDate": "2015-02-06T18:40:58+00:00",
"VersionId": "v1"
},
"AmazonS3OutpostsFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonS3OutpostsFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-10-02T17:26:30+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "s3-outposts:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"datasync:ListTasks",
"datasync:ListLocations",
"datasync:DescribeTask",
"datasync:DescribeLocation*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeNetworkInterfaces"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"outposts:ListOutposts",
"outposts:GetOutpost"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4BKMLUXKOR",
"PolicyName": "AmazonS3OutpostsFullAccess",
"UpdateDate": "2020-10-02T17:26:30+00:00",
"VersionId": "v1"
},
"AmazonS3OutpostsReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonS3OutpostsReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-10-02T18:55:58+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"s3-outposts:Get*",
"s3-outposts:List*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"datasync:ListTasks",
"datasync:ListLocations",
"datasync:DescribeTask",
"datasync:DescribeLocation*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeNetworkInterfaces"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"outposts:ListOutposts",
"outposts:GetOutpost"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4PJ2AX4CUB",
"PolicyName": "AmazonS3OutpostsReadOnlyAccess",
"UpdateDate": "2020-10-02T18:55:58+00:00",
"VersionId": "v1"
},
"AmazonS3ReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess",
"AttachmentCount": 2,
"CreateDate": "2015-02-06T18:40:59+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"s3:Get*",
"s3:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIZTJ4DXE7G6AGAE6M",
"PolicyName": "AmazonS3ReadOnlyAccess",
"UpdateDate": "2015-02-06T18:40:59+00:00",
"VersionId": "v1"
},
"AmazonSESFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonSESFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:02+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ses:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ2P4NXCHAT7NDPNR4",
"PolicyName": "AmazonSESFullAccess",
"UpdateDate": "2015-02-06T18:41:02+00:00",
"VersionId": "v1"
},
"AmazonSESReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonSESReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:03+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ses:Get*",
"ses:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAINV2XPFRMWJJNSCGI",
"PolicyName": "AmazonSESReadOnlyAccess",
"UpdateDate": "2015-02-06T18:41:03+00:00",
"VersionId": "v1"
},
"AmazonSNSFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonSNSFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:05+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"sns:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJWEKLCXXUNT2SOLSG",
"PolicyName": "AmazonSNSFullAccess",
"UpdateDate": "2015-02-06T18:41:05+00:00",
"VersionId": "v1"
},
"AmazonSNSReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonSNSReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:06+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"sns:GetTopicAttributes",
"sns:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIZGQCQTFOFPMHSB6W",
"PolicyName": "AmazonSNSReadOnlyAccess",
"UpdateDate": "2015-02-06T18:41:06+00:00",
"VersionId": "v1"
},
"AmazonSNSRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonSNSRole",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:30+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:PutMetricFilter",
"logs:PutRetentionPolicy"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJK5GQB7CIK7KHY2GA",
"PolicyName": "AmazonSNSRole",
"UpdateDate": "2015-02-06T18:41:30+00:00",
"VersionId": "v1"
},
"AmazonSQSFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonSQSFullAccess",
"AttachmentCount": 1,
"CreateDate": "2015-02-06T18:41:07+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"sqs:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI65L554VRJ33ECQS6",
"PolicyName": "AmazonSQSFullAccess",
"UpdateDate": "2015-02-06T18:41:07+00:00",
"VersionId": "v1"
},
"AmazonSQSReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonSQSReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:08+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
"sqs:ListDeadLetterSourceQueues",
"sqs:ListQueues"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIUGSSQY362XGCM6KW",
"PolicyName": "AmazonSQSReadOnlyAccess",
"UpdateDate": "2018-08-20T23:35:49+00:00",
"VersionId": "v2"
},
"AmazonSSMAutomationApproverAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonSSMAutomationApproverAccess",
"AttachmentCount": 0,
"CreateDate": "2017-08-07T23:07:28+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ssm:DescribeAutomationExecutions",
"ssm:GetAutomationExecution",
"ssm:SendAutomationSignal"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIDSSXIRWBSLWWIORC",
"PolicyName": "AmazonSSMAutomationApproverAccess",
"UpdateDate": "2017-08-07T23:07:28+00:00",
"VersionId": "v1"
},
"AmazonSSMAutomationRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole",
"AttachmentCount": 0,
"CreateDate": "2016-12-05T22:09:55+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:Automation*"
]
},
{
"Action": [
"ec2:CreateImage",
"ec2:CopyImage",
"ec2:DeregisterImage",
"ec2:DescribeImages",
"ec2:DeleteSnapshot",
"ec2:StartInstances",
"ec2:RunInstances",
"ec2:StopInstances",
"ec2:TerminateInstances",
"ec2:DescribeInstanceStatus",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:DescribeTags",
"cloudformation:CreateStack",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStacks",
"cloudformation:UpdateStack",
"cloudformation:DeleteStack"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ssm:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sns:*:*:Automation*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJIBQCTBCXD2XRNB6W",
"PolicyName": "AmazonSSMAutomationRole",
"UpdateDate": "2017-07-24T23:29:12+00:00",
"VersionId": "v5"
},
"AmazonSSMDirectoryServiceAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonSSMDirectoryServiceAccess",
"AttachmentCount": 0,
"CreateDate": "2019-03-15T17:44:38+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ds:CreateComputer",
"ds:DescribeDirectories"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ7OJQH3CZU674ERII",
"PolicyName": "AmazonSSMDirectoryServiceAccess",
"UpdateDate": "2019-03-15T17:44:38+00:00",
"VersionId": "v1"
},
"AmazonSSMFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonSSMFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-05-29T17:39:47+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:PutMetricData",
"ds:CreateComputer",
"ds:DescribeDirectories",
"ec2:DescribeInstanceStatus",
"logs:*",
"ssm:*",
"ec2messages:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "ssm.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*"
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*"
},
{
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJA7V6HI4ISQFMDYAG",
"PolicyName": "AmazonSSMFullAccess",
"UpdateDate": "2019-11-20T20:08:56+00:00",
"VersionId": "v4"
},
"AmazonSSMMaintenanceWindowRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonSSMMaintenanceWindowRole",
"AttachmentCount": 0,
"CreateDate": "2016-12-01T15:57:54+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"ssm:GetAutomationExecution",
"ssm:GetParameters",
"ssm:ListCommands",
"ssm:SendCommand",
"ssm:StartAutomationExecution"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:SSM*",
"arn:aws:lambda:*:*:function:*:SSM*"
]
},
{
"Action": [
"states:DescribeExecution",
"states:StartExecution"
],
"Effect": "Allow",
"Resource": [
"arn:aws:states:*:*:stateMachine:SSM*",
"arn:aws:states:*:*:execution:SSM*"
]
},
{
"Action": [
"resource-groups:ListGroups",
"resource-groups:ListGroupResources"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"tag:GetResources"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJV3JNYSTZ47VOXYME",
"PolicyName": "AmazonSSMMaintenanceWindowRole",
"UpdateDate": "2019-07-27T00:16:05+00:00",
"VersionId": "v3"
},
"AmazonSSMManagedInstanceCore": {
"Arn": "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
"AttachmentCount": 0,
"CreateDate": "2019-03-15T17:22:12+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"ssm:DescribeAssociation",
"ssm:GetDeployablePatchSnapshotForInstance",
"ssm:GetDocument",
"ssm:DescribeDocument",
"ssm:GetManifest",
"ssm:GetParameter",
"ssm:GetParameters",
"ssm:ListAssociations",
"ssm:ListInstanceAssociations",
"ssm:PutInventory",
"ssm:PutComplianceItems",
"ssm:PutConfigurePackageResult",
"ssm:UpdateAssociationStatus",
"ssm:UpdateInstanceAssociationStatus",
"ssm:UpdateInstanceInformation"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2messages:AcknowledgeMessage",
"ec2messages:DeleteMessage",
"ec2messages:FailMessage",
"ec2messages:GetEndpoint",
"ec2messages:GetMessages",
"ec2messages:SendReply"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIXSHM2BNB2D3AXXRU",
"PolicyName": "AmazonSSMManagedInstanceCore",
"UpdateDate": "2019-05-23T16:54:21+00:00",
"VersionId": "v2"
},
"AmazonSSMPatchAssociation": {
"Arn": "arn:aws:iam::aws:policy/AmazonSSMPatchAssociation",
"AttachmentCount": 0,
"CreateDate": "2020-05-13T16:00:42+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "ssm:DescribeEffectivePatchesForPatchBaseline",
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:patchbaseline/*"
},
{
"Action": "ssm:GetPatchBaseline",
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:patchbaseline/*"
},
{
"Action": "tag:GetResources",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ssm:DescribePatchBaselines",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4EWLEL5ZX7",
"PolicyName": "AmazonSSMPatchAssociation",
"UpdateDate": "2020-05-13T16:00:42+00:00",
"VersionId": "v1"
},
"AmazonSSMReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess",
"AttachmentCount": 1,
"CreateDate": "2015-05-29T17:44:19+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ssm:Describe*",
"ssm:Get*",
"ssm:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJODSKQGGJTHRYZ5FC",
"PolicyName": "AmazonSSMReadOnlyAccess",
"UpdateDate": "2015-05-29T17:44:19+00:00",
"VersionId": "v1"
},
"AmazonSSMServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonSSMServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-11-13T19:20:08+00:00",
"DefaultVersionId": "v13",
"Document": {
"Statement": [
{
"Action": [
"ssm:CancelCommand",
"ssm:GetCommandInvocation",
"ssm:ListCommandInvocations",
"ssm:ListCommands",
"ssm:SendCommand",
"ssm:GetAutomationExecution",
"ssm:GetParameters",
"ssm:StartAutomationExecution",
"ssm:ListTagsForResource",
"ssm:GetCalendarState"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ssm:UpdateServiceSetting",
"ssm:GetServiceSetting"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ssm:*:*:servicesetting/ssm/opsitem/*",
"arn:aws:ssm:*:*:servicesetting/ssm/opsdata/*"
]
},
{
"Action": [
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:SSM*",
"arn:aws:lambda:*:*:function:*:SSM*"
]
},
{
"Action": [
"states:DescribeExecution",
"states:StartExecution"
],
"Effect": "Allow",
"Resource": [
"arn:aws:states:*:*:stateMachine:SSM*",
"arn:aws:states:*:*:execution:SSM*"
]
},
{
"Action": [
"resource-groups:ListGroups",
"resource-groups:ListGroupResources",
"resource-groups:GetGroupQuery"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"cloudformation:DescribeStacks",
"cloudformation:ListStackResources"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"tag:GetResources"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"config:SelectResourceConfig"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"compute-optimizer:GetEC2InstanceRecommendations",
"compute-optimizer:GetEnrollmentStatus"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"support:DescribeTrustedAdvisorChecks",
"support:DescribeTrustedAdvisorCheckSummaries",
"support:DescribeTrustedAdvisorCheckResult",
"support:DescribeCases"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"config:DescribeComplianceByConfigRule",
"config:DescribeComplianceByResource",
"config:DescribeRemediationConfigurations",
"config:DescribeConfigurationRecorders"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"ssm.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "organizations:DescribeOrganization",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "cloudformation:ListStackSets",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudformation:ListStackInstances",
"cloudformation:DescribeStackSetOperation",
"cloudformation:DeleteStackSet"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudformation:*:*:stackset/AWS-QuickSetup-SSM*:*"
},
{
"Action": "cloudformation:DeleteStackInstances",
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stackset/AWS-QuickSetup-SSM*:*",
"arn:aws:cloudformation:*:*:stackset-target/AWS-QuickSetup-SSM*:*",
"arn:aws:cloudformation:*:*:type/resource/*"
]
},
{
"Action": [
"events:PutRule",
"events:PutTargets"
],
"Condition": {
"StringEquals": {
"events:ManagedBy": "ssm.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"events:RemoveTargets",
"events:DeleteRule"
],
"Effect": "Allow",
"Resource": [
"arn:aws:events:*:*:rule/SSMExplorerManagedRule"
]
},
{
"Action": "events:DescribeRule",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "securityhub:DescribeHub",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIXJ26NUGBA3TCV7EC",
"PolicyName": "AmazonSSMServiceRolePolicy",
"UpdateDate": "2021-04-26T20:43:46+00:00",
"VersionId": "v13"
},
"AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-11-27T18:48:07+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"apigateway:GET",
"apigateway:POST",
"apigateway:PUT",
"apigateway:PATCH",
"apigateway:DELETE"
],
"Condition": {
"StringLike": {
"aws:ResourceTag/sagemaker:launch-source": "*"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"apigateway:POST"
],
"Condition": {
"ForAnyValue:StringLike": {
"aws:TagKeys": [
"sagemaker:launch-source"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"apigateway:PATCH"
],
"Effect": "Allow",
"Resource": [
"arn:aws:apigateway:*::/account"
]
},
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:UpdateStack",
"cloudformation:DeleteStack"
],
"Condition": {
"ArnLikeIfExists": {
"cloudformation:RoleArn": [
"arn:aws:sts::*:assumed-role/AmazonSageMakerServiceCatalog*"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:cloudformation:*:*:stack/SC-*"
},
{
"Action": [
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStacks"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudformation:*:*:stack/SC-*"
},
{
"Action": [
"cloudformation:GetTemplateSummary",
"cloudformation:ValidateTemplate"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"codebuild:CreateProject",
"codebuild:DeleteProject",
"codebuild:UpdateProject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:codebuild:*:*:project/sagemaker-*"
]
},
{
"Action": [
"codecommit:CreateCommit",
"codecommit:CreateRepository",
"codecommit:DeleteRepository",
"codecommit:GetRepository",
"codecommit:TagResource"
],
"Effect": "Allow",
"Resource": [
"arn:aws:codecommit:*:*:sagemaker-*"
]
},
{
"Action": [
"codecommit:ListRepositories"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"codepipeline:CreatePipeline",
"codepipeline:DeletePipeline",
"codepipeline:GetPipeline",
"codepipeline:GetPipelineState",
"codepipeline:StartPipelineExecution",
"codepipeline:TagResource",
"codepipeline:UpdatePipeline"
],
"Effect": "Allow",
"Resource": [
"arn:aws:codepipeline:*:*:sagemaker-*"
]
},
{
"Action": [
"cognito-idp:CreateUserPool"
],
"Condition": {
"ForAnyValue:StringLike": {
"aws:TagKeys": [
"sagemaker:launch-source"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cognito-idp:CreateGroup",
"cognito-idp:CreateUserPoolDomain",
"cognito-idp:CreateUserPoolClient",
"cognito-idp:DeleteGroup",
"cognito-idp:DeleteUserPool",
"cognito-idp:DeleteUserPoolClient",
"cognito-idp:DeleteUserPoolDomain",
"cognito-idp:DescribeUserPool",
"cognito-idp:DescribeUserPoolClient",
"cognito-idp:UpdateUserPool",
"cognito-idp:UpdateUserPoolClient"
],
"Condition": {
"StringLike": {
"aws:ResourceTag/sagemaker:launch-source": "*"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ecr:CreateRepository",
"ecr:DeleteRepository"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ecr:*:*:repository/sagemaker-*"
]
},
{
"Action": [
"events:DescribeRule",
"events:DeleteRule",
"events:DisableRule",
"events:EnableRule",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets"
],
"Effect": "Allow",
"Resource": [
"arn:aws:events:*:*:rule/sagemaker-*"
]
},
{
"Action": [
"firehose:CreateDeliveryStream",
"firehose:DeleteDeliveryStream",
"firehose:DescribeDeliveryStream",
"firehose:StartDeliveryStreamEncryption",
"firehose:StopDeliveryStreamEncryption",
"firehose:UpdateDestination"
],
"Effect": "Allow",
"Resource": "arn:aws:firehose:*:*:deliverystream/sagemaker-*"
},
{
"Action": [
"glue:CreateDatabase",
"glue:DeleteDatabase"
],
"Effect": "Allow",
"Resource": [
"arn:aws:glue:*:*:catalog",
"arn:aws:glue:*:*:database/sagemaker-*",
"arn:aws:glue:*:*:table/sagemaker-*",
"arn:aws:glue:*:*:userDefinedFunction/sagemaker-*"
]
},
{
"Action": [
"glue:CreateClassifier",
"glue:DeleteClassifier",
"glue:DeleteCrawler",
"glue:DeleteJob",
"glue:DeleteTrigger",
"glue:DeleteWorkflow",
"glue:StopCrawler"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"glue:CreateWorkflow"
],
"Effect": "Allow",
"Resource": [
"arn:aws:glue:*:*:workflow/sagemaker-*"
]
},
{
"Action": [
"glue:CreateJob"
],
"Effect": "Allow",
"Resource": [
"arn:aws:glue:*:*:job/sagemaker-*"
]
},
{
"Action": [
"glue:CreateCrawler",
"glue:GetCrawler"
],
"Effect": "Allow",
"Resource": [
"arn:aws:glue:*:*:crawler/sagemaker-*"
]
},
{
"Action": [
"glue:CreateTrigger",
"glue:GetTrigger"
],
"Effect": "Allow",
"Resource": [
"arn:aws:glue:*:*:trigger/sagemaker-*"
]
},
{
"Action": [
"iam:PassRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalog*"
]
},
{
"Action": [
"lambda:AddPermission",
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:GetFunction",
"lambda:GetFunctionConfiguration",
"lambda:InvokeFunction",
"lambda:RemovePermission"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:sagemaker-*"
]
},
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DeleteLogGroup",
"logs:DeleteLogStream",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:PutRetentionPolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/apigateway/AccessLogs/*",
"arn:aws:logs:*:*:log-group::log-stream:*"
]
},
{
"Action": "s3:GetObject",
"Condition": {
"StringEquals": {
"s3:ExistingObjectTag/servicecatalog:provisioning": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "s3:GetObject",
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::sagemaker-*"
]
},
{
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:DeleteBucketPolicy",
"s3:GetBucketPolicy",
"s3:PutBucketAcl",
"s3:PutBucketNotification",
"s3:PutBucketPolicy",
"s3:PutBucketPublicAccessBlock",
"s3:PutBucketLogging",
"s3:PutEncryptionConfiguration"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::sagemaker-*"
},
{
"Action": [
"sagemaker:CreateEndpoint",
"sagemaker:CreateEndpointConfig",
"sagemaker:CreateModel",
"sagemaker:CreateWorkteam",
"sagemaker:DeleteEndpoint",
"sagemaker:DeleteEndpointConfig",
"sagemaker:DeleteModel",
"sagemaker:DeleteWorkteam",
"sagemaker:DescribeModel",
"sagemaker:DescribeEndpointConfig",
"sagemaker:DescribeEndpoint",
"sagemaker:DescribeWorkteam"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sagemaker:*:*:*"
]
},
{
"Action": [
"states:CreateStateMachine",
"states:DeleteStateMachine",
"states:UpdateStateMachine"
],
"Effect": "Allow",
"Resource": [
"arn:aws:states:*:*:stateMachine:sagemaker-*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4NAOSKQH4V",
"PolicyName": "AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy",
"UpdateDate": "2020-11-27T18:48:07+00:00",
"VersionId": "v1"
},
"AmazonSageMakerCoreServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonSageMakerCoreServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-12-21T21:40:47+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateNetworkInterfacePermission"
],
"Condition": {
"StringEquals": {
"ec2:AuthorizedService": "sagemaker.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeDhcpOptions",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MMWQCSNKX",
"PolicyName": "AmazonSageMakerCoreServiceRolePolicy",
"UpdateDate": "2020-12-21T21:40:47+00:00",
"VersionId": "v1"
},
"AmazonSageMakerEdgeDeviceFleetPolicy": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerEdgeDeviceFleetPolicy",
"AttachmentCount": 0,
"CreateDate": "2020-12-08T16:17:22+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"s3:PutObject",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*sagemaker*"
],
"Sid": "DeviceS3Access"
},
{
"Action": [
"sagemaker:SendHeartbeat",
"sagemaker:GetDeviceRegistration"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "SageMakerEdgeApis"
},
{
"Action": [
"iot:CreateRoleAlias",
"iot:DescribeRoleAlias",
"iot:UpdateRoleAlias",
"iot:ListTagsForResource",
"iot:TagResource"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iot:*:*:rolealias/SageMakerEdge*"
],
"Sid": "CreateIoTRoleAlias"
},
{
"Action": [
"iam:GetRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/*SageMaker*",
"arn:aws:iam::*:role/*Sagemaker*",
"arn:aws:iam::*:role/*sagemaker*"
],
"Sid": "CreateIoTRoleAliasIamPermissionsGetRole"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEqualsIfExists": {
"iam:PassedToService": [
"iot.amazonaws.com",
"credentials.iot.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/*SageMaker*",
"arn:aws:iam::*:role/*Sagemaker*",
"arn:aws:iam::*:role/*sagemaker*"
],
"Sid": "CreateIoTRoleAliasIamPermissionsPassRole"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4CPENAJLBT",
"PolicyName": "AmazonSageMakerEdgeDeviceFleetPolicy",
"UpdateDate": "2020-12-08T16:17:22+00:00",
"VersionId": "v1"
},
"AmazonSageMakerFeatureStoreAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonSageMakerFeatureStoreAccess",
"AttachmentCount": 0,
"CreateDate": "2020-12-01T16:24:05+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"s3:PutObject",
"s3:GetBucketAcl",
"s3:PutObjectAcl"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*sagemaker*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4FO5MQNGJU",
"PolicyName": "AmazonSageMakerFeatureStoreAccess",
"UpdateDate": "2021-02-24T02:18:50+00:00",
"VersionId": "v2"
},
"AmazonSageMakerFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-11-29T13:07:59+00:00",
"DefaultVersionId": "v19",
"Document": {
"Statement": [
{
"Action": [
"sagemaker:*"
],
"Effect": "Allow",
"NotResource": [
"arn:aws:sagemaker:*:*:domain/*",
"arn:aws:sagemaker:*:*:user-profile/*",
"arn:aws:sagemaker:*:*:app/*",
"arn:aws:sagemaker:*:*:flow-definition/*"
]
},
{
"Action": [
"sagemaker:CreatePresignedDomainUrl",
"sagemaker:DescribeDomain",
"sagemaker:ListDomains",
"sagemaker:DescribeUserProfile",
"sagemaker:ListUserProfiles",
"sagemaker:*App",
"sagemaker:ListApps"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "sagemaker:*",
"Condition": {
"StringEqualsIfExists": {
"sagemaker:WorkteamType": [
"private-crowd",
"vendor-crowd"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:sagemaker:*:*:flow-definition/*"
]
},
{
"Action": [
"application-autoscaling:DeleteScalingPolicy",
"application-autoscaling:DeleteScheduledAction",
"application-autoscaling:DeregisterScalableTarget",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:DescribeScheduledActions",
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:PutScheduledAction",
"application-autoscaling:RegisterScalableTarget",
"aws-marketplace:ViewSubscriptions",
"cloudformation:GetTemplateSummary",
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"cloudwatch:PutMetricAlarm",
"cloudwatch:PutMetricData",
"codecommit:BatchGetRepositories",
"codecommit:CreateRepository",
"codecommit:GetRepository",
"codecommit:List*",
"cognito-idp:AdminAddUserToGroup",
"cognito-idp:AdminCreateUser",
"cognito-idp:AdminDeleteUser",
"cognito-idp:AdminDisableUser",
"cognito-idp:AdminEnableUser",
"cognito-idp:AdminRemoveUserFromGroup",
"cognito-idp:CreateGroup",
"cognito-idp:CreateUserPool",
"cognito-idp:CreateUserPoolClient",
"cognito-idp:CreateUserPoolDomain",
"cognito-idp:DescribeUserPool",
"cognito-idp:DescribeUserPoolClient",
"cognito-idp:List*",
"cognito-idp:UpdateUserPool",
"cognito-idp:UpdateUserPoolClient",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:CreateVpcEndpoint",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DescribeDhcpOptions",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcs",
"ecr:BatchCheckLayerAvailability",
"ecr:BatchGetImage",
"ecr:CreateRepository",
"ecr:Describe*",
"ecr:GetAuthorizationToken",
"ecr:GetDownloadUrlForLayer",
"ecr:StartImageScan",
"elastic-inference:Connect",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:DescribeMountTargets",
"fsx:DescribeFileSystems",
"glue:CreateJob",
"glue:DeleteJob",
"glue:GetJob*",
"glue:GetTable*",
"glue:GetWorkflowRun",
"glue:ResetJobBookmark",
"glue:StartJobRun",
"glue:StartWorkflowRun",
"glue:UpdateJob",
"groundtruthlabeling:*",
"iam:ListRoles",
"kms:DescribeKey",
"kms:ListAliases",
"lambda:ListFunctions",
"logs:CreateLogDelivery",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DeleteLogDelivery",
"logs:Describe*",
"logs:GetLogDelivery",
"logs:GetLogEvents",
"logs:ListLogDeliveries",
"logs:PutLogEvents",
"logs:PutResourcePolicy",
"logs:UpdateLogDelivery",
"robomaker:CreateSimulationApplication",
"robomaker:DescribeSimulationApplication",
"robomaker:DeleteSimulationApplication",
"robomaker:CreateSimulationJob",
"robomaker:DescribeSimulationJob",
"robomaker:CancelSimulationJob",
"secretsmanager:ListSecrets",
"servicecatalog:Describe*",
"servicecatalog:List*",
"servicecatalog:ScanProvisionedProducts",
"servicecatalog:SearchProducts",
"servicecatalog:SearchProvisionedProducts",
"sns:ListTopics",
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ecr:SetRepositoryPolicy",
"ecr:CompleteLayerUpload",
"ecr:BatchDeleteImage",
"ecr:UploadLayerPart",
"ecr:DeleteRepositoryPolicy",
"ecr:InitiateLayerUpload",
"ecr:DeleteRepository",
"ecr:PutImage"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ecr:*:*:repository/*sagemaker*"
]
},
{
"Action": [
"codecommit:GitPull",
"codecommit:GitPush"
],
"Effect": "Allow",
"Resource": [
"arn:aws:codecommit:*:*:*sagemaker*",
"arn:aws:codecommit:*:*:*SageMaker*",
"arn:aws:codecommit:*:*:*Sagemaker*"
]
},
{
"Action": [
"codebuild:BatchGetBuilds",
"codebuild:StartBuild"
],
"Effect": "Allow",
"Resource": [
"arn:aws:codebuild:*:*:project/sagemaker*",
"arn:aws:codebuild:*:*:build/*"
]
},
{
"Action": [
"states:DescribeExecution",
"states:GetExecutionHistory",
"states:StartExecution",
"states:StopExecution",
"states:UpdateStateMachine"
],
"Effect": "Allow",
"Resource": [
"arn:aws:states:*:*:statemachine:*sagemaker*",
"arn:aws:states:*:*:execution:*sagemaker*:*"
]
},
{
"Action": [
"secretsmanager:DescribeSecret",
"secretsmanager:GetSecretValue",
"secretsmanager:CreateSecret"
],
"Effect": "Allow",
"Resource": [
"arn:aws:secretsmanager:*:*:secret:AmazonSageMaker-*"
]
},
{
"Action": [
"secretsmanager:DescribeSecret",
"secretsmanager:GetSecretValue"
],
"Condition": {
"StringEquals": {
"secretsmanager:ResourceTag/SageMaker": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"servicecatalog:ProvisionProduct"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"servicecatalog:TerminateProvisionedProduct",
"servicecatalog:UpdateProvisionedProduct"
],
"Condition": {
"StringEquals": {
"servicecatalog:userLevel": "self"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:AbortMultipartUpload"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*sagemaker*",
"arn:aws:s3:::*aws-glue*"
]
},
{
"Action": [
"s3:GetObject"
],
"Condition": {
"StringEqualsIgnoreCase": {
"s3:ExistingObjectTag/SageMaker": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject"
],
"Condition": {
"StringEquals": {
"s3:ExistingObjectTag/servicecatalog:provisioning": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:CreateBucket",
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListAllMyBuckets",
"s3:GetBucketCors",
"s3:PutBucketCors"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetBucketAcl",
"s3:PutObjectAcl"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*sagemaker*"
]
},
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:*SageMaker*",
"arn:aws:lambda:*:*:function:*sagemaker*",
"arn:aws:lambda:*:*:function:*Sagemaker*",
"arn:aws:lambda:*:*:function:*LabelingFunction*"
]
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "sagemaker.application-autoscaling.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "robomaker.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sns:Subscribe",
"sns:CreateTopic"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sns:*:*:*SageMaker*",
"arn:aws:sns:*:*:*Sagemaker*",
"arn:aws:sns:*:*:*sagemaker*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"sagemaker.amazonaws.com",
"glue.amazonaws.com",
"robomaker.amazonaws.com",
"states.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/*"
},
{
"Action": [
"athena:ListDataCatalogs",
"athena:ListDatabases",
"athena:ListTableMetadata",
"athena:GetQueryExecution",
"athena:GetQueryResults",
"athena:StartQueryExecution",
"athena:StopQueryExecution"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"glue:CreateTable"
],
"Effect": "Allow",
"Resource": [
"arn:aws:glue:*:*:table/*/sagemaker_tmp_*",
"arn:aws:glue:*:*:table/sagemaker_featurestore/*",
"arn:aws:glue:*:*:catalog",
"arn:aws:glue:*:*:database/*"
]
},
{
"Action": [
"glue:DeleteTable"
],
"Effect": "Allow",
"Resource": [
"arn:aws:glue:*:*:table/*/sagemaker_tmp_*",
"arn:aws:glue:*:*:catalog",
"arn:aws:glue:*:*:database/*"
]
},
{
"Action": [
"glue:GetDatabases",
"glue:GetTable",
"glue:GetTables"
],
"Effect": "Allow",
"Resource": [
"arn:aws:glue:*:*:table/*",
"arn:aws:glue:*:*:catalog",
"arn:aws:glue:*:*:database/*"
]
},
{
"Action": [
"glue:CreateDatabase",
"glue:GetDatabase"
],
"Effect": "Allow",
"Resource": [
"arn:aws:glue:*:*:catalog",
"arn:aws:glue:*:*:database/sagemaker_featurestore",
"arn:aws:glue:*:*:database/sagemaker_processing",
"arn:aws:glue:*:*:database/default",
"arn:aws:glue:*:*:database/sagemaker_data_wrangler"
]
},
{
"Action": [
"redshift-data:ExecuteStatement",
"redshift-data:DescribeStatement",
"redshift-data:CancelStatement",
"redshift-data:GetStatementResult",
"redshift-data:ListSchemas",
"redshift-data:ListTables"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"redshift:GetClusterCredentials"
],
"Effect": "Allow",
"Resource": [
"arn:aws:redshift:*:*:dbuser:*/sagemaker_access*",
"arn:aws:redshift:*:*:dbname:*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJZ5IWYMXO5QDB4QOG",
"PolicyName": "AmazonSageMakerFullAccess",
"UpdateDate": "2021-02-24T01:19:55+00:00",
"VersionId": "v19"
},
"AmazonSageMakerGroundTruthExecution": {
"Arn": "arn:aws:iam::aws:policy/AmazonSageMakerGroundTruthExecution",
"AttachmentCount": 0,
"CreateDate": "2020-07-09T19:30:20+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:*GtRecipe*",
"arn:aws:lambda:*:*:function:*LabelingFunction*",
"arn:aws:lambda:*:*:function:*SageMaker*",
"arn:aws:lambda:*:*:function:*sagemaker*",
"arn:aws:lambda:*:*:function:*Sagemaker*"
],
"Sid": "CustomLabelingJobs"
},
{
"Action": [
"s3:AbortMultipartUpload",
"s3:GetObject",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*GroundTruth*",
"arn:aws:s3:::*Groundtruth*",
"arn:aws:s3:::*groundtruth*",
"arn:aws:s3:::*SageMaker*",
"arn:aws:s3:::*Sagemaker*",
"arn:aws:s3:::*sagemaker*"
]
},
{
"Action": [
"s3:GetObject"
],
"Condition": {
"StringEqualsIgnoreCase": {
"s3:ExistingObjectTag/SageMaker": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:PutMetricData",
"logs:CreateLogStream",
"logs:CreateLogGroup",
"logs:DescribeLogStreams",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudWatch"
},
{
"Action": [
"sqs:CreateQueue",
"sqs:DeleteMessage",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
"sqs:ReceiveMessage",
"sqs:SendMessage",
"sqs:SendMessageBatch",
"sqs:SetQueueAttributes"
],
"Effect": "Allow",
"Resource": "arn:aws:sqs:*:*:*GroundTruth*",
"Sid": "StreamingQueue"
},
{
"Action": "sns:Subscribe",
"Condition": {
"StringEquals": {
"sns:Protocol": "sqs"
},
"StringLike": {
"sns:Endpoint": "arn:aws:sqs:*:*:*GroundTruth*"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:sns:*:*:*GroundTruth*",
"arn:aws:sns:*:*:*Groundtruth*",
"arn:aws:sns:*:*:*groundTruth*",
"arn:aws:sns:*:*:*groundtruth*",
"arn:aws:sns:*:*:*SageMaker*",
"arn:aws:sns:*:*:*Sagemaker*",
"arn:aws:sns:*:*:*sageMaker*",
"arn:aws:sns:*:*:*sagemaker*"
],
"Sid": "StreamingTopicSubscribe"
},
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": [
"arn:aws:sns:*:*:*GroundTruth*",
"arn:aws:sns:*:*:*Groundtruth*",
"arn:aws:sns:*:*:*groundTruth*",
"arn:aws:sns:*:*:*groundtruth*",
"arn:aws:sns:*:*:*SageMaker*",
"arn:aws:sns:*:*:*Sagemaker*",
"arn:aws:sns:*:*:*sageMaker*",
"arn:aws:sns:*:*:*sagemaker*"
],
"Sid": "StreamingTopic"
},
{
"Action": [
"sns:Unsubscribe"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "StreamingTopicUnsubscribe"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4FYNFSJXO3",
"PolicyName": "AmazonSageMakerGroundTruthExecution",
"UpdateDate": "2020-07-09T19:30:20+00:00",
"VersionId": "v1"
},
"AmazonSageMakerMechanicalTurkAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonSageMakerMechanicalTurkAccess",
"AttachmentCount": 0,
"CreateDate": "2019-12-03T16:19:36+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"sagemaker:*FlowDefinition",
"sagemaker:*FlowDefinitions"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4AYDBKMMDV",
"PolicyName": "AmazonSageMakerMechanicalTurkAccess",
"UpdateDate": "2019-12-03T16:19:36+00:00",
"VersionId": "v1"
},
"AmazonSageMakerNotebooksServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonSageMakerNotebooksServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-10-18T20:27:37+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": "elasticfilesystem:CreateFileSystem",
"Condition": {
"StringLike": {
"aws:RequestTag/ManagedByAmazonSageMakerResource": "*"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"elasticfilesystem:CreateMountTarget",
"elasticfilesystem:DeleteFileSystem",
"elasticfilesystem:DeleteMountTarget"
],
"Condition": {
"StringLike": {
"aws:ResourceTag/ManagedByAmazonSageMakerResource": "*"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:DescribeMountTargets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:security-group/*"
]
},
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DeleteNetworkInterface",
"ec2:DescribeDhcpOptions",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:ModifyNetworkInterfaceAttribute"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DeleteSecurityGroup",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/ManagedByAmazonSageMakerResource": "*"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sso:CreateManagedApplicationInstance",
"sso:DeleteManagedApplicationInstance",
"sso:GetManagedApplicationInstance"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sagemaker:CreateUserProfile",
"sagemaker:DescribeUserProfile"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MYB7OEJED",
"PolicyName": "AmazonSageMakerNotebooksServiceRolePolicy",
"UpdateDate": "2020-08-28T22:39:39+00:00",
"VersionId": "v5"
},
"AmazonSageMakerReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AmazonSageMakerReadOnly",
"AttachmentCount": 0,
"CreateDate": "2017-11-29T13:07:09+00:00",
"DefaultVersionId": "v10",
"Document": {
"Statement": [
{
"Action": [
"sagemaker:Describe*",
"sagemaker:List*",
"sagemaker:BatchGetMetrics",
"sagemaker:GetDeviceRegistration",
"sagemaker:GetDeviceFleetReport",
"sagemaker:GetSearchSuggestions",
"sagemaker:GetRecord",
"sagemaker:Search",
"sagemaker:BatchGetRecord"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingActivities",
"application-autoscaling:DescribeScalingPolicies",
"application-autoscaling:DescribeScheduledActions",
"aws-marketplace:ViewSubscriptions",
"cloudwatch:DescribeAlarms",
"cognito-idp:DescribeUserPool",
"cognito-idp:DescribeUserPoolClient",
"cognito-idp:ListGroups",
"cognito-idp:ListIdentityProviders",
"cognito-idp:ListUserPoolClients",
"cognito-idp:ListUserPools",
"cognito-idp:ListUsers",
"cognito-idp:ListUsersInGroup",
"ecr:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJTZ2FTFCQ6CFLQA2O",
"PolicyName": "AmazonSageMakerReadOnly",
"UpdateDate": "2021-06-10T20:19:55+00:00",
"VersionId": "v10"
},
"AmazonSumerianFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonSumerianFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-04-24T20:14:16+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"sumerian:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJMGUENPB56MXVVGBE",
"PolicyName": "AmazonSumerianFullAccess",
"UpdateDate": "2018-04-24T20:14:16+00:00",
"VersionId": "v1"
},
"AmazonTextractFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonTextractFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-28T19:07:42+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"textract:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIQDD47A7H3GBVPWOQ",
"PolicyName": "AmazonTextractFullAccess",
"UpdateDate": "2018-11-28T19:07:42+00:00",
"VersionId": "v1"
},
"AmazonTextractServiceRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AmazonTextractServiceRole",
"AttachmentCount": 0,
"CreateDate": "2018-11-28T19:12:16+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:AmazonTextract*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJBDSAWESWLL34WASG",
"PolicyName": "AmazonTextractServiceRole",
"UpdateDate": "2018-11-28T19:12:16+00:00",
"VersionId": "v1"
},
"AmazonTimestreamConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonTimestreamConsoleFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-09-30T21:47:18+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"timestream:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:DescribeKey",
"kms:ListKeys",
"kms:ListAliases"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:CreateGrant"
],
"Condition": {
"Bool": {
"kms:GrantIsForAWSResource": true
},
"ForAnyValue:StringEquals": {
"kms:EncryptionContextKeys": "aws:timestream:database-name"
},
"StringLike": {
"kms:ViaService": "timestream.*.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"dbqms:CreateFavoriteQuery",
"dbqms:DescribeFavoriteQueries",
"dbqms:UpdateFavoriteQuery",
"dbqms:DeleteFavoriteQueries",
"dbqms:GetQueryString",
"dbqms:CreateQueryHistory",
"dbqms:DescribeQueryHistory",
"dbqms:UpdateQueryHistory",
"dbqms:DeleteQueryHistory"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4AZJLUKMAZ",
"PolicyName": "AmazonTimestreamConsoleFullAccess",
"UpdateDate": "2021-05-20T00:48:09+00:00",
"VersionId": "v2"
},
"AmazonTimestreamFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonTimestreamFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-09-30T21:47:14+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"timestream:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:DescribeKey"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:CreateGrant"
],
"Condition": {
"Bool": {
"kms:GrantIsForAWSResource": true
},
"ForAnyValue:StringEquals": {
"kms:EncryptionContextKeys": "aws:timestream:database-name"
},
"StringLike": {
"kms:ViaService": "timestream.*.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4CGYUJBH4V",
"PolicyName": "AmazonTimestreamFullAccess",
"UpdateDate": "2020-09-30T21:47:14+00:00",
"VersionId": "v1"
},
"AmazonTimestreamReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonTimestreamReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-09-30T21:47:08+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"timestream:CancelQuery",
"timestream:DescribeDatabase",
"timestream:DescribeEndpoints",
"timestream:DescribeTable",
"timestream:ListDatabases",
"timestream:ListMeasures",
"timestream:ListTables",
"timestream:ListTagsForResource",
"timestream:Select",
"timestream:SelectValues"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4I7VUQXAEJ",
"PolicyName": "AmazonTimestreamReadOnlyAccess",
"UpdateDate": "2020-09-30T21:47:08+00:00",
"VersionId": "v1"
},
"AmazonTranscribeFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonTranscribeFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-04-04T16:06:16+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"transcribe:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*transcribe*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAINAV45F5NT5RMFO7K",
"PolicyName": "AmazonTranscribeFullAccess",
"UpdateDate": "2018-04-04T16:06:16+00:00",
"VersionId": "v1"
},
"AmazonTranscribeReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonTranscribeReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-04-04T16:05:06+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"transcribe:Get*",
"transcribe:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJM6JONISXCAZKFCAO",
"PolicyName": "AmazonTranscribeReadOnlyAccess",
"UpdateDate": "2018-04-04T16:05:06+00:00",
"VersionId": "v1"
},
"AmazonVPCCrossAccountNetworkInterfaceOperations": {
"Arn": "arn:aws:iam::aws:policy/AmazonVPCCrossAccountNetworkInterfaceOperations",
"AttachmentCount": 0,
"CreateDate": "2017-07-18T20:47:16+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeRouteTables",
"ec2:CreateRoute",
"ec2:DeleteRoute",
"ec2:ReplaceRoute"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeNetworkInterfaces",
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DescribeNetworkInterfacePermissions",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeRegions",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:AssignPrivateIpAddresses",
"ec2:UnassignPrivateIpAddresses"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ53Y4ZY5OHP4CNRJC",
"PolicyName": "AmazonVPCCrossAccountNetworkInterfaceOperations",
"UpdateDate": "2020-06-16T14:16:49+00:00",
"VersionId": "v4"
},
"AmazonVPCFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonVPCFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:16+00:00",
"DefaultVersionId": "v7",
"Document": {
"Statement": [
{
"Action": [
"ec2:AcceptVpcPeeringConnection",
"ec2:AcceptVpcEndpointConnections",
"ec2:AllocateAddress",
"ec2:AssignIpv6Addresses",
"ec2:AssignPrivateIpAddresses",
"ec2:AssociateAddress",
"ec2:AssociateDhcpOptions",
"ec2:AssociateRouteTable",
"ec2:AssociateSubnetCidrBlock",
"ec2:AssociateVpcCidrBlock",
"ec2:AttachClassicLinkVpc",
"ec2:AttachInternetGateway",
"ec2:AttachNetworkInterface",
"ec2:AttachVpnGateway",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateCustomerGateway",
"ec2:CreateDefaultSubnet",
"ec2:CreateDefaultVpc",
"ec2:CreateDhcpOptions",
"ec2:CreateEgressOnlyInternetGateway",
"ec2:CreateFlowLogs",
"ec2:CreateInternetGateway",
"ec2:CreateNatGateway",
"ec2:CreateNetworkAcl",
"ec2:CreateNetworkAcl",
"ec2:CreateNetworkAclEntry",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateTags",
"ec2:CreateVpc",
"ec2:CreateVpcEndpoint",
"ec2:CreateVpcEndpointConnectionNotification",
"ec2:CreateVpcEndpointServiceConfiguration",
"ec2:CreateVpcPeeringConnection",
"ec2:CreateVpnConnection",
"ec2:CreateVpnConnectionRoute",
"ec2:CreateVpnGateway",
"ec2:DeleteCustomerGateway",
"ec2:DeleteDhcpOptions",
"ec2:DeleteEgressOnlyInternetGateway",
"ec2:DeleteFlowLogs",
"ec2:DeleteInternetGateway",
"ec2:DeleteNatGateway",
"ec2:DeleteNetworkAcl",
"ec2:DeleteNetworkAclEntry",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DeleteRoute",
"ec2:DeleteRouteTable",
"ec2:DeleteSecurityGroup",
"ec2:DeleteSubnet",
"ec2:DeleteTags",
"ec2:DeleteVpc",
"ec2:DeleteVpcEndpoints",
"ec2:DeleteVpcEndpointConnectionNotifications",
"ec2:DeleteVpcEndpointServiceConfigurations",
"ec2:DeleteVpcPeeringConnection",
"ec2:DeleteVpnConnection",
"ec2:DeleteVpnConnectionRoute",
"ec2:DeleteVpnGateway",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeCustomerGateways",
"ec2:DescribeDhcpOptions",
"ec2:DescribeEgressOnlyInternetGateways",
"ec2:DescribeFlowLogs",
"ec2:DescribeInstances",
"ec2:DescribeInternetGateways",
"ec2:DescribeKeyPairs",
"ec2:DescribeMovingAddresses",
"ec2:DescribeNatGateways",
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeNetworkInterfacePermissions",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribePrefixLists",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroupReferences",
"ec2:DescribeSecurityGroups",
"ec2:DescribeStaleSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcClassicLink",
"ec2:DescribeVpcClassicLinkDnsSupport",
"ec2:DescribeVpcEndpointConnectionNotifications",
"ec2:DescribeVpcEndpointConnections",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcEndpointServiceConfigurations",
"ec2:DescribeVpcEndpointServicePermissions",
"ec2:DescribeVpcEndpointServices",
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeVpcs",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways",
"ec2:DetachClassicLinkVpc",
"ec2:DetachInternetGateway",
"ec2:DetachNetworkInterface",
"ec2:DetachVpnGateway",
"ec2:DisableVgwRoutePropagation",
"ec2:DisableVpcClassicLink",
"ec2:DisableVpcClassicLinkDnsSupport",
"ec2:DisassociateAddress",
"ec2:DisassociateRouteTable",
"ec2:DisassociateSubnetCidrBlock",
"ec2:DisassociateVpcCidrBlock",
"ec2:EnableVgwRoutePropagation",
"ec2:EnableVpcClassicLink",
"ec2:EnableVpcClassicLinkDnsSupport",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ModifySubnetAttribute",
"ec2:ModifyVpcAttribute",
"ec2:ModifyVpcEndpoint",
"ec2:ModifyVpcEndpointConnectionNotification",
"ec2:ModifyVpcEndpointServiceConfiguration",
"ec2:ModifyVpcEndpointServicePermissions",
"ec2:ModifyVpcPeeringConnectionOptions",
"ec2:ModifyVpcTenancy",
"ec2:MoveAddressToVpc",
"ec2:RejectVpcEndpointConnections",
"ec2:RejectVpcPeeringConnection",
"ec2:ReleaseAddress",
"ec2:ReplaceNetworkAclAssociation",
"ec2:ReplaceNetworkAclEntry",
"ec2:ReplaceRoute",
"ec2:ReplaceRouteTableAssociation",
"ec2:ResetNetworkInterfaceAttribute",
"ec2:RestoreAddressToClassic",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"ec2:UnassignIpv6Addresses",
"ec2:UnassignPrivateIpAddresses",
"ec2:UpdateSecurityGroupRuleDescriptionsEgress",
"ec2:UpdateSecurityGroupRuleDescriptionsIngress"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJBWPGNOVKZD3JI2P2",
"PolicyName": "AmazonVPCFullAccess",
"UpdateDate": "2018-03-15T18:30:25+00:00",
"VersionId": "v7"
},
"AmazonVPCReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonVPCReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:17+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeCustomerGateways",
"ec2:DescribeDhcpOptions",
"ec2:DescribeEgressOnlyInternetGateways",
"ec2:DescribeFlowLogs",
"ec2:DescribeInternetGateways",
"ec2:DescribeMovingAddresses",
"ec2:DescribeNatGateways",
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeNetworkInterfacePermissions",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribePrefixLists",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroupReferences",
"ec2:DescribeSecurityGroups",
"ec2:DescribeStaleSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcClassicLink",
"ec2:DescribeVpcClassicLinkDnsSupport",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcEndpointConnectionNotifications",
"ec2:DescribeVpcEndpointConnections",
"ec2:DescribeVpcEndpointServiceConfigurations",
"ec2:DescribeVpcEndpointServicePermissions",
"ec2:DescribeVpcEndpointServices",
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeVpcs",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIICZJNOJN36GTG6CM",
"PolicyName": "AmazonVPCReadOnlyAccess",
"UpdateDate": "2018-03-07T18:34:42+00:00",
"VersionId": "v6"
},
"AmazonWorkDocsFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonWorkDocsFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-04-16T23:05:11+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"workdocs:*",
"ds:DescribeDirectories",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4GTERAZYCR",
"PolicyName": "AmazonWorkDocsFullAccess",
"UpdateDate": "2020-04-16T23:05:11+00:00",
"VersionId": "v1"
},
"AmazonWorkDocsReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonWorkDocsReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-01-08T23:49:59+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"workdocs:Describe*",
"ds:DescribeDirectories",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4EDG6WGO5A",
"PolicyName": "AmazonWorkDocsReadOnlyAccess",
"UpdateDate": "2020-01-08T23:49:59+00:00",
"VersionId": "v1"
},
"AmazonWorkLinkFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonWorkLinkFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-01-23T18:52:09+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"worklink:*"
],
"Effect": "Allow",
"Resource": "arn:aws:worklink:*:*:*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJM4ITL7TEVURHCQSY",
"PolicyName": "AmazonWorkLinkFullAccess",
"UpdateDate": "2019-09-23T18:37:42+00:00",
"VersionId": "v2"
},
"AmazonWorkLinkReadOnly": {
"Arn": "arn:aws:iam::aws:policy/AmazonWorkLinkReadOnly",
"AttachmentCount": 0,
"CreateDate": "2019-01-23T19:07:10+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"worklink:Describe*",
"worklink:List*",
"worklink:Search*"
],
"Effect": "Allow",
"Resource": "arn:aws:worklink:*:*:*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIANQMFGU4EUUZKFQ4",
"PolicyName": "AmazonWorkLinkReadOnly",
"UpdateDate": "2019-09-23T18:37:21+00:00",
"VersionId": "v3"
},
"AmazonWorkLinkServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonWorkLinkServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-03-18T18:00:16+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:CreateNetworkInterfacePermission",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DeleteNetworkInterface"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kinesis:PutRecord",
"kinesis:PutRecords"
],
"Effect": "Allow",
"Resource": "arn:aws:kinesis:*:*:stream/AmazonWorkLink-*"
},
{
"Action": [
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:AddListenerCertificates",
"elasticloadbalancing:RemoveListenerCertificates"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAINJJP6CO7ATFCV4CU",
"PolicyName": "AmazonWorkLinkServiceRolePolicy",
"UpdateDate": "2020-02-07T20:48:49+00:00",
"VersionId": "v2"
},
"AmazonWorkMailEventsServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonWorkMailEventsServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-04-16T16:52:43+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4JG5LNO3U7",
"PolicyName": "AmazonWorkMailEventsServiceRolePolicy",
"UpdateDate": "2019-04-16T16:52:43+00:00",
"VersionId": "v1"
},
"AmazonWorkMailFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonWorkMailFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:41+00:00",
"DefaultVersionId": "v10",
"Document": {
"Statement": [
{
"Action": [
"ds:AuthorizeApplication",
"ds:CheckAlias",
"ds:CreateAlias",
"ds:CreateDirectory",
"ds:CreateIdentityPoolDirectory",
"ds:DeleteDirectory",
"ds:DescribeDirectories",
"ds:GetDirectoryLimits",
"ds:ListAuthorizedApplications",
"ds:UnauthorizeApplication",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateTags",
"ec2:CreateVpc",
"ec2:DeleteSecurityGroup",
"ec2:DeleteSubnet",
"ec2:DeleteVpc",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeRouteTables",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"kms:DescribeKey",
"kms:ListAliases",
"lambda:ListFunctions",
"route53:ChangeResourceRecordSets",
"route53:ListHostedZones",
"route53:ListResourceRecordSets",
"route53:GetHostedZone",
"route53domains:CheckDomainAvailability",
"route53domains:ListDomains",
"ses:*",
"workmail:*",
"iam:ListRoles",
"logs:DescribeLogGroups",
"logs:CreateLogGroup",
"logs:PutRetentionPolicy",
"cloudwatch:GetMetricData"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "events.workmail.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/events.workmail.amazonaws.com/AWSServiceRoleForAmazonWorkMailEvents*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringLike": {
"iam:PassedToService": "events.workmail.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/*workmail*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJQVKNMT7SVATQ4AUY",
"PolicyName": "AmazonWorkMailFullAccess",
"UpdateDate": "2020-12-21T14:13:40+00:00",
"VersionId": "v10"
},
"AmazonWorkMailMessageFlowFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonWorkMailMessageFlowFullAccess",
"AttachmentCount": 0,
"CreateDate": "2021-02-11T11:08:35+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"workmailmessageflow:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4ORQUVJL66",
"PolicyName": "AmazonWorkMailMessageFlowFullAccess",
"UpdateDate": "2021-02-11T11:08:35+00:00",
"VersionId": "v1"
},
"AmazonWorkMailMessageFlowReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonWorkMailMessageFlowReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2021-01-28T12:40:08+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"workmailmessageflow:Get*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4M6UETQLYG",
"PolicyName": "AmazonWorkMailMessageFlowReadOnlyAccess",
"UpdateDate": "2021-01-28T12:40:08+00:00",
"VersionId": "v1"
},
"AmazonWorkMailReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonWorkMailReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:42+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"ses:Describe*",
"ses:Get*",
"workmail:Describe*",
"workmail:Get*",
"workmail:List*",
"workmail:Search*",
"lambda:ListFunctions",
"iam:ListRoles",
"logs:DescribeLogGroups",
"cloudwatch:GetMetricData"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJHF7J65E2QFKCWAJM",
"PolicyName": "AmazonWorkMailReadOnlyAccess",
"UpdateDate": "2019-07-25T08:24:50+00:00",
"VersionId": "v4"
},
"AmazonWorkSpacesAdmin": {
"Arn": "arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin",
"AttachmentCount": 0,
"CreateDate": "2015-09-22T22:21:15+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"workspaces:CreateWorkspaces",
"workspaces:DescribeWorkspaces",
"workspaces:RebootWorkspaces",
"workspaces:RebuildWorkspaces",
"workspaces:TerminateWorkspaces",
"workspaces:DescribeWorkspaceDirectories",
"workspaces:DescribeWorkspaceBundles",
"workspaces:ModifyWorkspaceProperties",
"workspaces:StopWorkspaces",
"workspaces:StartWorkspaces",
"workspaces:DescribeWorkspacesConnectionStatus",
"workspaces:CreateTags",
"workspaces:DeleteTags",
"workspaces:DescribeTags",
"kms:ListKeys",
"kms:ListAliases",
"kms:DescribeKey"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ26AU6ATUQCT5KVJU",
"PolicyName": "AmazonWorkSpacesAdmin",
"UpdateDate": "2016-08-18T23:08:42+00:00",
"VersionId": "v2"
},
"AmazonWorkSpacesApplicationManagerAdminAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonWorkSpacesApplicationManagerAdminAccess",
"AttachmentCount": 0,
"CreateDate": "2015-04-09T14:03:18+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "wam:AuthenticatePackager",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJPRL4KYETIH7XGTSS",
"PolicyName": "AmazonWorkSpacesApplicationManagerAdminAccess",
"UpdateDate": "2015-04-09T14:03:18+00:00",
"VersionId": "v1"
},
"AmazonWorkSpacesSelfServiceAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess",
"AttachmentCount": 0,
"CreateDate": "2019-06-27T19:22:52+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"workspaces:RebootWorkspaces",
"workspaces:RebuildWorkspaces",
"workspaces:ModifyWorkspaceProperties"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MLHUSTJAF",
"PolicyName": "AmazonWorkSpacesSelfServiceAccess",
"UpdateDate": "2019-06-27T19:22:52+00:00",
"VersionId": "v1"
},
"AmazonWorkSpacesServiceAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess",
"AttachmentCount": 0,
"CreateDate": "2019-06-27T19:19:09+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaces"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4KRXBM753F",
"PolicyName": "AmazonWorkSpacesServiceAccess",
"UpdateDate": "2020-03-18T23:32:10+00:00",
"VersionId": "v2"
},
"AmazonZocaloFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonZocaloFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:13+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"zocalo:*",
"ds:*",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateTags",
"ec2:CreateVpc",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJLCDXYRINDMUXEVL6",
"PolicyName": "AmazonZocaloFullAccess",
"UpdateDate": "2015-02-06T18:41:13+00:00",
"VersionId": "v1"
},
"AmazonZocaloReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AmazonZocaloReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:14+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"zocalo:Describe*",
"ds:DescribeDirectories",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAISRCSSJNS3QPKZJPM",
"PolicyName": "AmazonZocaloReadOnlyAccess",
"UpdateDate": "2015-02-06T18:41:14+00:00",
"VersionId": "v1"
},
"AppRunnerServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AppRunnerServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2021-05-14T19:15:04+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:PutRetentionPolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/apprunner/*"
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/apprunner/*:log-stream:*"
]
},
{
"Action": [
"events:PutRule",
"events:PutTargets",
"events:DeleteRule",
"events:RemoveTargets",
"events:DescribeRule",
"events:EnableRule",
"events:DisableRule"
],
"Effect": "Allow",
"Resource": "arn:aws:events:*:*:rule/AWSAppRunnerManagedRule*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4FKEGI2QN2",
"PolicyName": "AppRunnerServiceRolePolicy",
"UpdateDate": "2021-05-14T19:15:04+00:00",
"VersionId": "v1"
},
"ApplicationAutoScalingForAmazonAppStreamAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/ApplicationAutoScalingForAmazonAppStreamAccess",
"AttachmentCount": 0,
"CreateDate": "2017-02-06T21:39:56+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"appstream:UpdateFleet",
"appstream:DescribeFleets"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"cloudwatch:DescribeAlarms"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIEL3HJCCWFVHA6KPG",
"PolicyName": "ApplicationAutoScalingForAmazonAppStreamAccess",
"UpdateDate": "2017-02-06T21:39:56+00:00",
"VersionId": "v1"
},
"ApplicationDiscoveryServiceContinuousExportServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/ApplicationDiscoveryServiceContinuousExportServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-08-09T20:22:01+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"glue:CreateDatabase",
"glue:UpdateDatabase",
"glue:CreateTable",
"glue:UpdateTable",
"firehose:CreateDeliveryStream",
"firehose:DescribeDeliveryStream",
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"firehose:DeleteDeliveryStream",
"firehose:PutRecord",
"firehose:PutRecordBatch",
"firehose:UpdateDestination"
],
"Effect": "Allow",
"Resource": "arn:aws:firehose:*:*:deliverystream/aws-application-discovery-service*"
},
{
"Action": [
"s3:CreateBucket",
"s3:ListBucket",
"s3:PutBucketLogging",
"s3:PutEncryptionConfiguration"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::aws-application-discovery-service*"
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::aws-application-discovery-service*/*"
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutRetentionPolicy"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/application-discovery-service/firehose*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": "firehose.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/AWSApplicationDiscoveryServiceFirehose"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": "firehose.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/service-role/AWSApplicationDiscoveryServiceFirehose"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJMGMY3P6OEWOELRFE",
"PolicyName": "ApplicationDiscoveryServiceContinuousExportServiceRolePolicy",
"UpdateDate": "2018-08-13T22:31:21+00:00",
"VersionId": "v2"
},
"AutoScalingConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AutoScalingConsoleFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-01-12T19:43:16+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateKeyPair",
"ec2:CreateSecurityGroup",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeImages",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribePlacementGroups",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeVpcClassicLink",
"ec2:ImportKeyPair"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "elasticloadbalancing:Describe*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
"cloudwatch:PutMetricAlarm",
"cloudwatch:Describe*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "autoscaling:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sns:ListSubscriptions",
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:ListRoles",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "autoscaling.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIYEN6FJGYYWJFFCZW",
"PolicyName": "AutoScalingConsoleFullAccess",
"UpdateDate": "2018-02-06T23:15:36+00:00",
"VersionId": "v2"
},
"AutoScalingConsoleReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AutoScalingConsoleReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2017-01-12T19:48:53+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeVpcs",
"ec2:DescribeVpcClassicLink",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSubnets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "elasticloadbalancing:Describe*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
"cloudwatch:Describe*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "autoscaling:Describe*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sns:ListSubscriptions",
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI3A7GDXOYQV3VUQMK",
"PolicyName": "AutoScalingConsoleReadOnlyAccess",
"UpdateDate": "2017-01-12T19:48:53+00:00",
"VersionId": "v1"
},
"AutoScalingFullAccess": {
"Arn": "arn:aws:iam::aws:policy/AutoScalingFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-01-12T19:31:58+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": "autoscaling:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "cloudwatch:PutMetricAlarm",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeImages",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribePlacementGroups",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeSubnets",
"ec2:DescribeVpcClassicLink"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "autoscaling.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIAWRCSJDDXDXGPCFU",
"PolicyName": "AutoScalingFullAccess",
"UpdateDate": "2018-02-06T21:59:13+00:00",
"VersionId": "v2"
},
"AutoScalingNotificationAccessRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/AutoScalingNotificationAccessRole",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:22+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"sqs:SendMessage",
"sqs:GetQueueUrl",
"sns:Publish"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIO2VMUPGDC5PZVXVA",
"PolicyName": "AutoScalingNotificationAccessRole",
"UpdateDate": "2015-02-06T18:41:22+00:00",
"VersionId": "v1"
},
"AutoScalingReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/AutoScalingReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2017-01-12T19:39:35+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "autoscaling:Describe*",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIAFWUVLC2LPLSFTFG",
"PolicyName": "AutoScalingReadOnlyAccess",
"UpdateDate": "2017-01-12T19:39:35+00:00",
"VersionId": "v1"
},
"AutoScalingServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/AutoScalingServiceRolePolicy",
"AttachmentCount": 1,
"CreateDate": "2018-01-08T23:10:55+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"ec2:AttachClassicLinkVpc",
"ec2:CancelSpotInstanceRequests",
"ec2:CreateFleet",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:Describe*",
"ec2:DetachClassicLinkVpc",
"ec2:ModifyInstanceAttribute",
"ec2:RequestSpotInstances",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "EC2InstanceManagement"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringLike": {
"iam:PassedToService": "ec2.amazonaws.com*"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "EC2InstanceProfileManagement"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "spot.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "EC2SpotManagement"
},
{
"Action": [
"elasticloadbalancing:Register*",
"elasticloadbalancing:Deregister*",
"elasticloadbalancing:Describe*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ELBManagement"
},
{
"Action": [
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:PutMetricAlarm"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CWManagement"
},
{
"Action": [
"sns:Publish"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "SNSManagement"
},
{
"Action": [
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"events:DeleteRule",
"events:DescribeRule"
],
"Condition": {
"StringEquals": {
"events:ManagedBy": "autoscaling.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*",
"Sid": "EventBridgeRuleManagement"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIC5D2V7MRWBMHGD7G",
"PolicyName": "AutoScalingServiceRolePolicy",
"UpdateDate": "2021-03-29T22:33:25+00:00",
"VersionId": "v5"
},
"AwsGlueDataBrewFullAccessPolicy": {
"Arn": "arn:aws:iam::aws:policy/AwsGlueDataBrewFullAccessPolicy",
"AttachmentCount": 0,
"CreateDate": "2020-11-11T16:51:39+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"appflow:DescribeFlow",
"appflow:DescribeFlowExecutionRecords",
"appflow:ListFlows",
"databrew:*",
"glue:GetConnection",
"glue:GetConnections",
"glue:GetDatabases",
"glue:GetPartitions",
"glue:GetTable",
"glue:GetTables",
"glue:GetDataCatalogEncryptionSettings",
"dataexchange:ListDataSets",
"dataexchange:ListDataSetRevisions",
"dataexchange:ListRevisionAssets",
"dataexchange:CreateJob",
"dataexchange:StartJob",
"dataexchange:GetJob",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"kms:DescribeKey",
"kms:ListKeys",
"kms:ListAliases",
"redshift:DescribeClusters",
"redshift:DescribeClusterSubnetGroups",
"redshift-data:ListDatabases",
"redshift-data:ListSchemas",
"redshift-data:ListTables",
"s3:ListAllMyBuckets",
"s3:GetBucketCORS",
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"secretsmanager:ListSecrets",
"secretsmanager:DescribeSecret",
"sts:GetCallerIdentity",
"cloudtrail:LookupEvents",
"iam:ListRoles",
"iam:GetRole"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"glue:CreateConnection"
],
"Effect": "Allow",
"Resource": [
"arn:aws:glue:*:*:catalog",
"arn:aws:glue:*:*:connection/AwsGlueDataBrew-*"
]
},
{
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::databrew-public-datasets-*"
]
},
{
"Action": [
"kms:GenerateDataKey"
],
"Condition": {
"StringLike": {
"kms:ViaService": "s3.*.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"databrew.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4ACNRIK7M3",
"PolicyName": "AwsGlueDataBrewFullAccessPolicy",
"UpdateDate": "2021-04-28T15:54:32+00:00",
"VersionId": "v4"
},
"BatchServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/BatchServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2021-03-10T06:55:36+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeKeyPairs",
"ec2:DescribeImages",
"ec2:DescribeImageAttribute",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeSpotFleetInstances",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeSpotPriceHistory",
"ec2:DescribeVpcClassicLink",
"ec2:DescribeLaunchTemplateVersions",
"ec2:RequestSpotFleet",
"autoscaling:DescribeAccountLimits",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeAutoScalingInstances",
"ecs:DescribeClusters",
"ecs:DescribeContainerInstances",
"ecs:DescribeTaskDefinition",
"ecs:DescribeTasks",
"ecs:ListClusters",
"ecs:ListContainerInstances",
"ecs:ListTaskDefinitionFamilies",
"ecs:ListTaskDefinitions",
"ecs:ListTasks",
"ecs:DeregisterTaskDefinition",
"ecs:TagResource",
"ecs:ListAccountSettings",
"logs:DescribeLogGroups",
"iam:GetInstanceProfile",
"iam:GetRole"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/batch/job*"
},
{
"Action": [
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/batch/job*:log-stream:*"
},
{
"Action": [
"autoscaling:CreateOrUpdateTags"
],
"Condition": {
"Null": {
"aws:RequestTag/AWSBatchServiceTag": "false"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn",
"ecs-tasks.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"spot.amazonaws.com",
"spotfleet.amazonaws.com",
"autoscaling.amazonaws.com",
"ecs.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateLaunchTemplate"
],
"Condition": {
"Null": {
"aws:RequestTag/AWSBatchServiceTag": "false"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:TerminateInstances",
"ec2:CancelSpotFleetRequests",
"ec2:ModifySpotFleetRequest",
"ec2:DeleteLaunchTemplate"
],
"Condition": {
"Null": {
"aws:ResourceTag/AWSBatchServiceTag": "false"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:CreateLaunchConfiguration",
"autoscaling:DeleteLaunchConfiguration"
],
"Effect": "Allow",
"Resource": "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/AWSBatch*"
},
{
"Action": [
"autoscaling:CreateAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:SetDesiredCapacity",
"autoscaling:DeleteAutoScalingGroup",
"autoscaling:SuspendProcesses",
"autoscaling:PutNotificationConfiguration",
"autoscaling:TerminateInstanceInAutoScalingGroup"
],
"Effect": "Allow",
"Resource": "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/AWSBatch*"
},
{
"Action": [
"ecs:DeleteCluster",
"ecs:DeregisterContainerInstance",
"ecs:RunTask",
"ecs:StartTask",
"ecs:StopTask"
],
"Effect": "Allow",
"Resource": "arn:aws:ecs:*:*:cluster/AWSBatch*"
},
{
"Action": [
"ecs:RunTask",
"ecs:StartTask",
"ecs:StopTask"
],
"Effect": "Allow",
"Resource": "arn:aws:ecs:*:*:task-definition/*"
},
{
"Action": [
"ecs:StopTask"
],
"Effect": "Allow",
"Resource": "arn:aws:ecs:*:*:task/*/*"
},
{
"Action": [
"ecs:CreateCluster",
"ecs:RegisterTaskDefinition"
],
"Condition": {
"Null": {
"aws:RequestTag/AWSBatchServiceTag": "false"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:RunInstances",
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*::image/*",
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*:*:subnet/*",
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:security-group/*",
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:key-pair/*",
"arn:aws:ec2:*:*:launch-template/*",
"arn:aws:ec2:*:*:placement-group/*",
"arn:aws:ec2:*:*:capacity-reservation/*",
"arn:aws:ec2:*:*:elastic-gpu/*",
"arn:aws:elastic-inference:*:*:elastic-inference-accelerator/*"
]
},
{
"Action": "ec2:RunInstances",
"Condition": {
"Null": {
"aws:RequestTag/AWSBatchServiceTag": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": [
"ec2:CreateTags"
],
"Condition": {
"StringEquals": {
"ec2:CreateAction": [
"RunInstances",
"CreateLaunchTemplate",
"RequestSpotFleet"
]
}
},
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4COHHXEWBT",
"PolicyName": "BatchServiceRolePolicy",
"UpdateDate": "2021-03-25T22:50:04+00:00",
"VersionId": "v3"
},
"Billing": {
"Arn": "arn:aws:iam::aws:policy/job-function/Billing",
"AttachmentCount": 0,
"CreateDate": "2016-11-10T17:33:18+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"aws-portal:*Billing",
"aws-portal:*Usage",
"aws-portal:*PaymentMethods",
"budgets:ViewBudget",
"budgets:ModifyBudget",
"ce:UpdatePreferences",
"ce:CreateReport",
"ce:UpdateReport",
"ce:DeleteReport",
"ce:CreateNotificationSubscription",
"ce:UpdateNotificationSubscription",
"ce:DeleteNotificationSubscription",
"cur:DescribeReportDefinitions",
"cur:PutReportDefinition",
"cur:ModifyReportDefinition",
"cur:DeleteReportDefinition",
"purchase-orders:*PurchaseOrders"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/job-function/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIFTHXT6FFMIRT7ZEA",
"PolicyName": "Billing",
"UpdateDate": "2020-10-05T20:37:01+00:00",
"VersionId": "v5"
},
"CertificateManagerServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/CertificateManagerServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-06-25T17:56:49+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"acm-pca:IssueCertificate",
"acm-pca:GetCertificate"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4G2T4BX7CL",
"PolicyName": "CertificateManagerServiceRolePolicy",
"UpdateDate": "2020-06-25T17:56:49+00:00",
"VersionId": "v1"
},
"ClientVPNServiceConnectionsRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/ClientVPNServiceConnectionsRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-08-12T19:48:06+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"lambda:InvokeFunction"
],
"Effect": "Allow",
"Resource": "arn:aws:lambda:*:*:function:AWSClientVPN-*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4PG4VWZTEZ",
"PolicyName": "ClientVPNServiceConnectionsRolePolicy",
"UpdateDate": "2020-08-12T19:48:06+00:00",
"VersionId": "v1"
},
"ClientVPNServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/ClientVPNServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-12-10T21:20:25+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeInternetGateways",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DeleteNetworkInterface",
"ec2:DescribeAccountAttributes",
"ds:AuthorizeApplication",
"ds:DescribeDirectories",
"ds:GetDirectoryLimits",
"ds:UnauthorizeApplication",
"logs:DescribeLogStreams",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogGroups",
"acm:GetCertificate",
"acm:DescribeCertificate",
"iam:GetSAMLProvider",
"lambda:GetFunctionConfiguration"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI2SV25KUCYQYS5N74",
"PolicyName": "ClientVPNServiceRolePolicy",
"UpdateDate": "2020-08-12T19:39:34+00:00",
"VersionId": "v5"
},
"CloudFormationStackSetsOrgAdminServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudFormationStackSetsOrgAdminServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-12-10T00:20:05+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"organizations:List*",
"organizations:Describe*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "AllowsAWSOrganizationsReadAPIs"
},
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/stacksets-exec-*",
"Sid": "AllowAssumeRoleInMemberAccounts"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4JEQ3CDBDV",
"PolicyName": "CloudFormationStackSetsOrgAdminServiceRolePolicy",
"UpdateDate": "2019-12-10T00:20:05+00:00",
"VersionId": "v1"
},
"CloudFormationStackSetsOrgMemberServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudFormationStackSetsOrgMemberServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-12-09T23:52:37+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iam:CreateRole",
"iam:DeleteRole",
"iam:GetRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/stacksets-exec-*"
]
},
{
"Action": [
"iam:DetachRolePolicy",
"iam:AttachRolePolicy"
],
"Condition": {
"StringEquals": {
"iam:PolicyARN": "arn:aws:iam::aws:policy/AdministratorAccess"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/stacksets-exec-*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4LHV6H6QDU",
"PolicyName": "CloudFormationStackSetsOrgMemberServiceRolePolicy",
"UpdateDate": "2019-12-09T23:52:37+00:00",
"VersionId": "v1"
},
"CloudFrontFullAccess": {
"Arn": "arn:aws:iam::aws:policy/CloudFrontFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:39:50+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*"
},
{
"Action": [
"acm:ListCertificates",
"cloudfront:*",
"iam:ListServerCertificates",
"waf:ListWebACLs",
"waf:GetWebACL",
"wafv2:ListWebACLs",
"wafv2:GetWebACL",
"kinesis:ListStreams"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kinesis:DescribeStream"
],
"Effect": "Allow",
"Resource": "arn:aws:kinesis:*:*:*"
},
{
"Action": [
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIPRV52SH6HDCCFY6U",
"PolicyName": "CloudFrontFullAccess",
"UpdateDate": "2020-09-03T20:18:42+00:00",
"VersionId": "v6"
},
"CloudFrontReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/CloudFrontReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:39:55+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"acm:ListCertificates",
"cloudfront:Get*",
"cloudfront:List*",
"iam:ListServerCertificates",
"route53:List*",
"waf:ListWebACLs",
"waf:GetWebACL",
"wafv2:ListWebACLs",
"wafv2:GetWebACL"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJJZMNYOTZCNQP36LG",
"PolicyName": "CloudFrontReadOnlyAccess",
"UpdateDate": "2020-02-19T19:49:16+00:00",
"VersionId": "v4"
},
"CloudHSMServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudHSMServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-11-06T19:12:46+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJILYY7JP6JLMQG56I",
"PolicyName": "CloudHSMServiceRolePolicy",
"UpdateDate": "2017-11-06T19:12:46+00:00",
"VersionId": "v1"
},
"CloudSearchFullAccess": {
"Arn": "arn:aws:iam::aws:policy/CloudSearchFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:39:56+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cloudsearch:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIM6OOWKQ7L7VBOZOC",
"PolicyName": "CloudSearchFullAccess",
"UpdateDate": "2015-02-06T18:39:56+00:00",
"VersionId": "v1"
},
"CloudSearchReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/CloudSearchReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:39:57+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cloudsearch:Describe*",
"cloudsearch:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJWPLX7N7BCC3RZLHW",
"PolicyName": "CloudSearchReadOnlyAccess",
"UpdateDate": "2015-02-06T18:39:57+00:00",
"VersionId": "v1"
},
"CloudTrailServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudTrailServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-10-24T21:21:44+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cloudtrail:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudTrailFullAccess"
},
{
"Action": [
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
"organizations:ListAccounts",
"organizations:ListAWSServiceAccessForOrganization"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "AwsOrgsAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJXQJ45EGU6U7NQBW4",
"PolicyName": "CloudTrailServiceRolePolicy",
"UpdateDate": "2018-10-24T21:21:44+00:00",
"VersionId": "v1"
},
"CloudWatch-CrossAccountAccess": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudWatch-CrossAccountAccess",
"AttachmentCount": 0,
"CreateDate": "2019-07-23T09:59:27+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"sts:AssumeRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/CloudWatch-CrossAccountSharing*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4OV6AFDA5J",
"PolicyName": "CloudWatch-CrossAccountAccess",
"UpdateDate": "2019-07-23T09:59:27+00:00",
"VersionId": "v1"
},
"CloudWatchActionsEC2Access": {
"Arn": "arn:aws:iam::aws:policy/CloudWatchActionsEC2Access",
"AttachmentCount": 0,
"CreateDate": "2015-07-07T00:00:33+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:Describe*",
"ec2:Describe*",
"ec2:RebootInstances",
"ec2:StopInstances",
"ec2:TerminateInstances"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIOWD4E3FVSORSZTGU",
"PolicyName": "CloudWatchActionsEC2Access",
"UpdateDate": "2015-07-07T00:00:33+00:00",
"VersionId": "v1"
},
"CloudWatchAgentAdminPolicy": {
"Arn": "arn:aws:iam::aws:policy/CloudWatchAgentAdminPolicy",
"AttachmentCount": 0,
"CreateDate": "2018-03-07T00:52:31+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:PutMetricData",
"ec2:DescribeTags",
"logs:PutLogEvents",
"logs:DescribeLogStreams",
"logs:DescribeLogGroups",
"logs:CreateLogStream",
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ssm:GetParameter",
"ssm:PutParameter"
],
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAICMXPKT7EBAF6KR3O",
"PolicyName": "CloudWatchAgentAdminPolicy",
"UpdateDate": "2018-03-07T00:52:31+00:00",
"VersionId": "v1"
},
"CloudWatchAgentServerPolicy": {
"Arn": "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy",
"AttachmentCount": 0,
"CreateDate": "2018-03-07T01:06:44+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:PutMetricData",
"ec2:DescribeVolumes",
"ec2:DescribeTags",
"logs:PutLogEvents",
"logs:DescribeLogStreams",
"logs:DescribeLogGroups",
"logs:CreateLogStream",
"logs:CreateLogGroup"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ssm:GetParameter"
],
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIGOPKN7KRDAKTLG4I",
"PolicyName": "CloudWatchAgentServerPolicy",
"UpdateDate": "2019-10-17T23:08:51+00:00",
"VersionId": "v2"
},
"CloudWatchApplicationInsightsFullAccess": {
"Arn": "arn:aws:iam::aws:policy/CloudWatchApplicationInsightsFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-11-24T18:44:14+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "applicationinsights:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "application-insights.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/application-insights.amazonaws.com/AWSServiceRoleForApplicationInsights"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MSQN23AKX",
"PolicyName": "CloudWatchApplicationInsightsFullAccess",
"UpdateDate": "2020-11-24T18:44:14+00:00",
"VersionId": "v1"
},
"CloudWatchApplicationInsightsReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/CloudWatchApplicationInsightsReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-11-24T18:48:00+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"applicationinsights:Describe*",
"applicationinsights:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4AX4TJYLSI",
"PolicyName": "CloudWatchApplicationInsightsReadOnlyAccess",
"UpdateDate": "2020-11-24T18:48:00+00:00",
"VersionId": "v1"
},
"CloudWatchAutomaticDashboardsAccess": {
"Arn": "arn:aws:iam::aws:policy/CloudWatchAutomaticDashboardsAccess",
"AttachmentCount": 0,
"CreateDate": "2019-07-23T10:01:08+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"autoscaling:DescribeAutoScalingGroups",
"cloudfront:GetDistribution",
"cloudfront:ListDistributions",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ecs:DescribeClusters",
"ecs:DescribeContainerInstances",
"ecs:ListClusters",
"ecs:ListContainerInstances",
"ecs:ListServices",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeLoadBalancers",
"kinesis:DescribeStream",
"kinesis:ListStreams",
"lambda:GetFunction",
"lambda:ListFunctions",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"resource-groups:ListGroupResources",
"resource-groups:ListGroups",
"route53:GetHealthCheck",
"route53:ListHealthChecks",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"sns:ListTopics",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
"sqs:ListQueues",
"synthetics:DescribeCanariesLastRun",
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"apigateway:GET"
],
"Effect": "Allow",
"Resource": [
"arn:aws:apigateway:*::/restapis*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4JFCXGSE2Q",
"PolicyName": "CloudWatchAutomaticDashboardsAccess",
"UpdateDate": "2021-04-20T13:05:40+00:00",
"VersionId": "v4"
},
"CloudWatchEventsBuiltInTargetExecutionAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/CloudWatchEventsBuiltInTargetExecutionAccess",
"AttachmentCount": 0,
"CreateDate": "2016-01-14T18:35:49+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:Describe*",
"ec2:RebootInstances",
"ec2:StopInstances",
"ec2:TerminateInstances",
"ec2:CreateSnapshot"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudWatchEventsBuiltInTargetExecutionAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIC5AQ5DATYSNF4AUM",
"PolicyName": "CloudWatchEventsBuiltInTargetExecutionAccess",
"UpdateDate": "2016-01-14T18:35:49+00:00",
"VersionId": "v1"
},
"CloudWatchEventsFullAccess": {
"Arn": "arn:aws:iam::aws:policy/CloudWatchEventsFullAccess",
"AttachmentCount": 0,
"CreateDate": "2016-01-14T18:37:08+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "events:*",
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudWatchEventsFullAccess"
},
{
"Action": "iam:PassRole",
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/AWS_Events_Invoke_Targets",
"Sid": "IAMPassRoleForCloudWatchEvents"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJZLOYLNHESMYOJAFU",
"PolicyName": "CloudWatchEventsFullAccess",
"UpdateDate": "2016-01-14T18:37:08+00:00",
"VersionId": "v1"
},
"CloudWatchEventsInvocationAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/CloudWatchEventsInvocationAccess",
"AttachmentCount": 0,
"CreateDate": "2016-01-14T18:36:33+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"kinesis:PutRecord"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudWatchEventsInvocationAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJJXD6JKJLK2WDLZNO",
"PolicyName": "CloudWatchEventsInvocationAccess",
"UpdateDate": "2016-01-14T18:36:33+00:00",
"VersionId": "v1"
},
"CloudWatchEventsReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/CloudWatchEventsReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2016-01-14T18:27:18+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"events:DescribeRule",
"events:ListRuleNamesByTarget",
"events:ListRules",
"events:ListTargetsByRule",
"events:TestEventPattern",
"events:DescribeEventBus"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudWatchEventsReadOnlyAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIILJPXXA6F7GYLYBS",
"PolicyName": "CloudWatchEventsReadOnlyAccess",
"UpdateDate": "2017-08-10T17:25:34+00:00",
"VersionId": "v2"
},
"CloudWatchEventsServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudWatchEventsServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-11-17T00:42:04+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:DescribeAlarms",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstances",
"ec2:DescribeSnapshots",
"ec2:DescribeVolumeStatus",
"ec2:DescribeVolumes",
"ec2:RebootInstances",
"ec2:StopInstances",
"ec2:TerminateInstances",
"ec2:CreateSnapshot"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJNVASSNSIDZIP4X7I",
"PolicyName": "CloudWatchEventsServiceRolePolicy",
"UpdateDate": "2017-11-17T00:42:04+00:00",
"VersionId": "v1"
},
"CloudWatchFullAccess": {
"Arn": "arn:aws:iam::aws:policy/CloudWatchFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:00+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"autoscaling:Describe*",
"cloudwatch:*",
"logs:*",
"sns:*",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:GetRole"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "events.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIKEABORKUXN6DEAZU",
"PolicyName": "CloudWatchFullAccess",
"UpdateDate": "2018-08-09T19:10:43+00:00",
"VersionId": "v3"
},
"CloudWatchLambdaInsightsExecutionRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-10-07T19:27:06+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "logs:CreateLogGroup",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/lambda-insights:*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4EDWWYYDS6",
"PolicyName": "CloudWatchLambdaInsightsExecutionRolePolicy",
"UpdateDate": "2020-10-07T19:27:06+00:00",
"VersionId": "v1"
},
"CloudWatchLogsFullAccess": {
"Arn": "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:02+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"logs:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ3ZGNWK2R5HW5BQFO",
"PolicyName": "CloudWatchLogsFullAccess",
"UpdateDate": "2015-02-06T18:40:02+00:00",
"VersionId": "v1"
},
"CloudWatchLogsReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:03+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"logs:Describe*",
"logs:Get*",
"logs:List*",
"logs:StartQuery",
"logs:StopQuery",
"logs:TestMetricFilter",
"logs:FilterLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ2YIYDYSNNEHK3VKW",
"PolicyName": "CloudWatchLogsReadOnlyAccess",
"UpdateDate": "2019-01-14T19:32:45+00:00",
"VersionId": "v4"
},
"CloudWatchReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:01+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"autoscaling:Describe*",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"logs:Get*",
"logs:List*",
"logs:StartQuery",
"logs:StopQuery",
"logs:Describe*",
"logs:TestMetricFilter",
"logs:FilterLogEvents",
"sns:Get*",
"sns:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJN23PDQP7SZQAE3QE",
"PolicyName": "CloudWatchReadOnlyAccess",
"UpdateDate": "2020-07-17T17:49:09+00:00",
"VersionId": "v4"
},
"CloudWatchSyntheticsFullAccess": {
"Arn": "arn:aws:iam::aws:policy/CloudWatchSyntheticsFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-11-25T17:39:46+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"synthetics:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:CreateBucket",
"s3:PutEncryptionConfiguration"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::cw-syn-results-*"
]
},
{
"Action": [
"iam:ListRoles",
"s3:ListAllMyBuckets",
"s3:GetBucketLocation",
"xray:GetTraceSummaries",
"xray:BatchGetTraces",
"apigateway:GET"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::cw-syn-*"
},
{
"Action": [
"s3:GetObjectVersion"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::aws-synthetics-library-*"
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"lambda.amazonaws.com",
"synthetics.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/service-role/CloudWatchSyntheticsRole*"
]
},
{
"Action": [
"iam:GetRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/service-role/CloudWatchSyntheticsRole*"
]
},
{
"Action": [
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:PutMetricAlarm",
"cloudwatch:DeleteAlarms"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudwatch:*:*:alarm:Synthetics-*"
]
},
{
"Action": [
"cloudwatch:DescribeAlarms"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudwatch:*:*:alarm:*"
]
},
{
"Action": [
"lambda:CreateFunction",
"lambda:AddPermission",
"lambda:PublishVersion",
"lambda:UpdateFunctionConfiguration",
"lambda:GetFunctionConfiguration"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:function:cwsyn-*"
]
},
{
"Action": [
"lambda:GetLayerVersion",
"lambda:PublishLayerVersion"
],
"Effect": "Allow",
"Resource": [
"arn:aws:lambda:*:*:layer:cwsyn-*",
"arn:aws:lambda:*:*:layer:Synthetics:*"
]
},
{
"Action": [
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"sns:CreateTopic",
"sns:Subscribe",
"sns:ListSubscriptionsByTopic"
],
"Effect": "Allow",
"Resource": [
"arn:*:sns:*:*:Synthetics-*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MAGQWEZP4",
"PolicyName": "CloudWatchSyntheticsFullAccess",
"UpdateDate": "2021-03-25T18:40:18+00:00",
"VersionId": "v6"
},
"CloudWatchSyntheticsReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/CloudWatchSyntheticsReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-11-25T17:45:40+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"synthetics:Describe*",
"synthetics:Get*",
"synthetics:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4C7XDT2FFB",
"PolicyName": "CloudWatchSyntheticsReadOnlyAccess",
"UpdateDate": "2020-03-06T19:26:01+00:00",
"VersionId": "v2"
},
"CloudwatchApplicationInsightsServiceLinkedRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudwatchApplicationInsightsServiceLinkedRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-12-01T16:22:12+00:00",
"DefaultVersionId": "v14",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:DescribeAlarmHistory",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:ListMetrics",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DeleteAlarms",
"cloudwatch:PutAnomalyDetector",
"cloudwatch:DeleteAnomalyDetector",
"cloudwatch:DescribeAnomalyDetectors"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"logs:FilterLogEvents",
"logs:GetLogEvents",
"logs:DescribeLogStreams",
"logs:DescribeLogGroups"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"events:DescribeRule"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"cloudFormation:CreateStack",
"cloudFormation:UpdateStack",
"cloudFormation:DeleteStack",
"cloudFormation:DescribeStackResources"
],
"Effect": "Allow",
"Resource": [
"arn:aws:cloudformation:*:*:stack/ApplicationInsights-*"
]
},
{
"Action": [
"cloudFormation:DescribeStacks",
"cloudFormation:ListStackResources"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"tag:GetResources"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"resource-groups:ListGroupResources",
"resource-groups:GetGroupQuery",
"resource-groups:GetGroup"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"autoscaling:DescribeAutoScalingGroups"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ssm:PutParameter",
"ssm:DeleteParameter",
"ssm:AddTagsToResource",
"ssm:RemoveTagsFromResource",
"ssm:GetParameters"
],
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-ApplicationInsights-*"
},
{
"Action": [
"ssm:CreateAssociation",
"ssm:UpdateAssociation",
"ssm:DeleteAssociation",
"ssm:DescribeAssociation"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ssm:*:*:association/*",
"arn:aws:ssm:*:*:managed-instance/*",
"arn:aws:ssm:*:*:document/AWSEC2-ApplicationInsightsCloudwatchAgentInstallAndConfigure",
"arn:aws:ssm:*:*:document/AWS-ConfigureAWSPackage",
"arn:aws:ssm:*:*:document/AmazonCloudWatch-ManageAgent"
]
},
{
"Action": [
"ssm:GetOpsItem",
"ssm:CreateOpsItem",
"ssm:DescribeOpsItems",
"ssm:UpdateOpsItem",
"ssm:DescribeInstanceInformation"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ssm:AddTagsToResource"
],
"Effect": "Allow",
"Resource": "arn:aws:ssm:*:*:opsitem/*"
},
{
"Action": [
"ssm:ListCommandInvocations"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "ssm:SendCommand",
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ssm:*:*:document/AWSEC2-CheckPerformanceCounterSets",
"arn:aws:ssm:*:*:document/AWS-ConfigureAWSPackage",
"arn:aws:ssm:*:*:document/AWSEC2-DetectWorkload"
]
},
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"ec2:DescribeVolumeStatus"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"rds:DescribeDBInstances",
"rds:DescribeDBClusters"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"lambda:GetFunctionConfiguration",
"lambda:ListEventSourceMappings"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"events:DeleteRule"
],
"Effect": "Allow",
"Resource": [
"arn:aws:events:*:*:rule/AmazonCloudWatch-ApplicationInsights-*"
]
},
{
"Action": [
"xray:GetServiceGraph",
"xray:GetTraceSummaries",
"xray:GetTimeSeriesServiceStatistics",
"xray:GetTraceGraph"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"dynamodb:DescribeTable",
"dynamodb:DescribeContributorInsights",
"dynamodb:DescribeTimeToLive"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"application-autoscaling:DescribeScalableTargets"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:GetMetricsConfiguration",
"s3:GetReplicationConfiguration"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"states:DescribeExecution",
"states:DescribeStateMachine",
"states:GetExecutionHistory"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"apigateway:GET"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ecs:DescribeClusters",
"ecs:DescribeContainerInstances",
"ecs:DescribeServices",
"ecs:DescribeTaskDefinition",
"ecs:DescribeTasks",
"ecs:DescribeTaskSets",
"ecs:ListClusters",
"ecs:ListContainerInstances",
"ecs:ListServices",
"ecs:ListTasks"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"eks:DescribeCluster",
"eks:DescribeFargateProfile",
"eks:DescribeNodegroup",
"eks:ListClusters",
"eks:ListFargateProfiles",
"eks:ListNodegroups"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJH3SHQERZRQMQOQ44",
"PolicyName": "CloudwatchApplicationInsightsServiceLinkedRolePolicy",
"UpdateDate": "2021-05-11T22:38:14+00:00",
"VersionId": "v14"
},
"ComprehendDataAccessRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/service-role/ComprehendDataAccessRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-03-06T22:28:15+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": {
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*Comprehend*",
"arn:aws:s3:::*comprehend*"
]
},
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJHSDRRKS2Z3MYUPQY",
"PolicyName": "ComprehendDataAccessRolePolicy",
"UpdateDate": "2019-03-06T22:28:15+00:00",
"VersionId": "v1"
},
"ComprehendFullAccess": {
"Arn": "arn:aws:iam::aws:policy/ComprehendFullAccess",
"AttachmentCount": 0,
"CreateDate": "2017-11-29T18:08:43+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"comprehend:*",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:GetBucketLocation",
"iam:ListRoles",
"iam:GetRole"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAITBM2PMWNG2P7RZEQ",
"PolicyName": "ComprehendFullAccess",
"UpdateDate": "2017-12-05T01:36:24+00:00",
"VersionId": "v2"
},
"ComprehendMedicalFullAccess": {
"Arn": "arn:aws:iam::aws:policy/ComprehendMedicalFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-27T17:55:52+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"comprehendmedical:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJR5SUEX6PPJ3K4RAO",
"PolicyName": "ComprehendMedicalFullAccess",
"UpdateDate": "2018-11-27T17:55:52+00:00",
"VersionId": "v1"
},
"ComprehendReadOnly": {
"Arn": "arn:aws:iam::aws:policy/ComprehendReadOnly",
"AttachmentCount": 0,
"CreateDate": "2017-11-29T18:10:19+00:00",
"DefaultVersionId": "v8",
"Document": {
"Statement": [
{
"Action": [
"comprehend:DetectDominantLanguage",
"comprehend:BatchDetectDominantLanguage",
"comprehend:DetectEntities",
"comprehend:BatchDetectEntities",
"comprehend:DetectKeyPhrases",
"comprehend:BatchDetectKeyPhrases",
"comprehend:DetectPiiEntities",
"comprehend:ContainsPiiEntities",
"comprehend:DetectSentiment",
"comprehend:BatchDetectSentiment",
"comprehend:DetectSyntax",
"comprehend:BatchDetectSyntax",
"comprehend:ClassifyDocument",
"comprehend:DescribeTopicsDetectionJob",
"comprehend:ListTopicsDetectionJobs",
"comprehend:DescribeDominantLanguageDetectionJob",
"comprehend:ListDominantLanguageDetectionJobs",
"comprehend:DescribeEntitiesDetectionJob",
"comprehend:ListEntitiesDetectionJobs",
"comprehend:DescribeKeyPhrasesDetectionJob",
"comprehend:ListKeyPhrasesDetectionJobs",
"comprehend:DescribePiiEntitiesDetectionJob",
"comprehend:ListPiiEntitiesDetectionJobs",
"comprehend:DescribeSentimentDetectionJob",
"comprehend:ListSentimentDetectionJobs",
"comprehend:DescribeDocumentClassifier",
"comprehend:ListDocumentClassifiers",
"comprehend:DescribeDocumentClassificationJob",
"comprehend:ListDocumentClassificationJobs",
"comprehend:DescribeEntityRecognizer",
"comprehend:ListEntityRecognizers",
"comprehend:ListTagsForResource",
"comprehend:DescribeEndpoint",
"comprehend:ListEndpoints"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJIUV5K2YCHQBBAH7G",
"PolicyName": "ComprehendReadOnly",
"UpdateDate": "2021-03-26T21:19:49+00:00",
"VersionId": "v8"
},
"ComputeOptimizerReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/ComputeOptimizerReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-03-07T00:11:02+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"compute-optimizer:DescribeRecommendationExportJobs",
"compute-optimizer:GetEnrollmentStatus",
"compute-optimizer:GetRecommendationSummaries",
"compute-optimizer:GetEC2InstanceRecommendations",
"compute-optimizer:GetEC2RecommendationProjectedMetrics",
"compute-optimizer:GetAutoScalingGroupRecommendations",
"compute-optimizer:GetEBSVolumeRecommendations",
"compute-optimizer:GetLambdaFunctionRecommendations",
"ec2:DescribeInstances",
"ec2:DescribeVolumes",
"autoscaling:DescribeAutoScalingGroups",
"lambda:ListFunctions",
"lambda:ListProvisionedConcurrencyConfigs",
"cloudwatch:GetMetricData",
"organizations:ListAccounts",
"organizations:DescribeOrganization",
"organizations:DescribeAccount"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4FI27MEARJ",
"PolicyName": "ComputeOptimizerReadOnlyAccess",
"UpdateDate": "2020-12-23T18:00:54+00:00",
"VersionId": "v3"
},
"ComputeOptimizerServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/ComputeOptimizerServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-12-03T08:45:19+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"compute-optimizer:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ComputeOptimizerFullAccess"
},
{
"Action": [
"organizations:DescribeOrganization",
"organizations:ListAccounts",
"organizations:ListAWSServiceAccessForOrganization"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "AwsOrgsAccess"
},
{
"Action": [
"cloudwatch:GetMetricData"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "CloudWatchAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4HPOQZNRNJ",
"PolicyName": "ComputeOptimizerServiceRolePolicy",
"UpdateDate": "2019-12-03T08:45:19+00:00",
"VersionId": "v1"
},
"ConfigConformsServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/ConfigConformsServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-07-25T21:38:05+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"config:PutConfigRule",
"config:DeleteConfigRule",
"config:DescribeConfigRules"
],
"Effect": "Allow",
"Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/config-conforms.amazonaws.com*"
},
{
"Action": [
"config:DescribeRemediationConfigurations",
"config:DeleteRemediationConfiguration",
"config:PutRemediationConfigurations"
],
"Effect": "Allow",
"Resource": "arn:aws:config:*:*:remediation-configuration/aws-service-remediation-configuration/config-conforms.amazonaws.com*"
},
{
"Action": [
"iam:GetRole"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/*"
},
{
"Action": [
"iam:GetRole"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/remediation.config.amazonaws.com/AWSServiceRoleForConfigRemediation"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "remediation.config.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/remediation.config.amazonaws.com/AWSServiceRoleForConfigRemediation"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "ssm.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ssm:DescribeDocument",
"ssm:GetDocument"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:GetBucketAcl"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::awsconfigconforms*"
},
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:DescribeStacks",
"cloudformation:GetStackPolicy",
"cloudformation:SetStackPolicy",
"cloudformation:UpdateStack",
"cloudformation:UpdateTerminationProtection",
"cloudformation:ValidateTemplate",
"cloudformation:ListStackResources"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudformation:*:*:stack/awsconfigconforms-*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4BCH3IIJPN",
"PolicyName": "ConfigConformsServiceRolePolicy",
"UpdateDate": "2019-11-13T18:29:21+00:00",
"VersionId": "v4"
},
"DAXServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/DAXServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-03-05T17:51:25+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:RevokeSecurityGroupIngress"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJQWMGC67G4DWMREGM",
"PolicyName": "DAXServiceRolePolicy",
"UpdateDate": "2018-03-05T17:51:25+00:00",
"VersionId": "v1"
},
"DataScientist": {
"Arn": "arn:aws:iam::aws:policy/job-function/DataScientist",
"AttachmentCount": 0,
"CreateDate": "2016-11-10T17:28:48+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"autoscaling:*",
"cloudwatch:*",
"cloudformation:CreateStack",
"cloudformation:DescribeStackEvents",
"datapipeline:Describe*",
"datapipeline:ListPipelines",
"datapipeline:GetPipelineDefinition",
"datapipeline:QueryObjects",
"dynamodb:*",
"ec2:CancelSpotInstanceRequests",
"ec2:CancelSpotFleetRequests",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:Describe*",
"ec2:ModifyImageAttribute",
"ec2:ModifyInstanceAttribute",
"ec2:ModifySpotFleetRequest",
"ec2:RequestSpotInstances",
"ec2:RequestSpotFleet",
"elasticfilesystem:*",
"elasticmapreduce:*",
"es:*",
"firehose:*",
"fsx:DescribeFileSystems",
"iam:GetInstanceProfile",
"iam:GetRole",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:ListRoles",
"kinesis:*",
"kms:List*",
"lambda:Create*",
"lambda:Delete*",
"lambda:Get*",
"lambda:InvokeFunction",
"lambda:PublishVersion",
"lambda:Update*",
"lambda:List*",
"machinelearning:*",
"sdb:*",
"rds:*",
"sns:ListSubscriptions",
"sns:ListTopics",
"logs:DescribeLogStreams",
"logs:GetLogEvents",
"redshift:*",
"s3:CreateBucket",
"sns:CreateTopic",
"sns:Get*",
"sns:List*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:Abort*",
"s3:DeleteObject",
"s3:Get*",
"s3:List*",
"s3:PutAccelerateConfiguration",
"s3:PutBucketCors",
"s3:PutBucketLogging",
"s3:PutBucketNotification",
"s3:PutBucketTagging",
"s3:PutObject",
"s3:Replicate*",
"s3:RestoreObject"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:RunInstances",
"ec2:TerminateInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:PassRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/DataPipelineDefaultRole",
"arn:aws:iam::*:role/DataPipelineDefaultResourceRole",
"arn:aws:iam::*:role/EMR_EC2_DefaultRole",
"arn:aws:iam::*:role/EMR_DefaultRole",
"arn:aws:iam::*:role/kinesis-*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": "sagemaker.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sagemaker:*"
],
"Effect": "Allow",
"NotResource": [
"arn:aws:sagemaker:*:*:domain/*",
"arn:aws:sagemaker:*:*:user-profile/*",
"arn:aws:sagemaker:*:*:app/*",
"arn:aws:sagemaker:*:*:flow-definition/*"
]
},
{
"Action": [
"sagemaker:CreatePresignedDomainUrl",
"sagemaker:DescribeDomain",
"sagemaker:ListDomains",
"sagemaker:DescribeUserProfile",
"sagemaker:ListUserProfiles",
"sagemaker:*App",
"sagemaker:ListApps"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sagemaker:*FlowDefinition",
"sagemaker:*FlowDefinitions"
],
"Condition": {
"StringEqualsIfExists": {
"sagemaker:WorkteamType": [
"private-crowd",
"vendor-crowd"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/job-function/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ5YHI2BQW7EQFYDXS",
"PolicyName": "DataScientist",
"UpdateDate": "2019-12-03T16:48:34+00:00",
"VersionId": "v5"
},
"DatabaseAdministrator": {
"Arn": "arn:aws:iam::aws:policy/job-function/DatabaseAdministrator",
"AttachmentCount": 0,
"CreateDate": "2016-11-10T17:25:43+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:DeleteAlarms",
"cloudwatch:Describe*",
"cloudwatch:DisableAlarmActions",
"cloudwatch:EnableAlarmActions",
"cloudwatch:Get*",
"cloudwatch:List*",
"cloudwatch:PutMetricAlarm",
"datapipeline:ActivatePipeline",
"datapipeline:CreatePipeline",
"datapipeline:DeletePipeline",
"datapipeline:DescribeObjects",
"datapipeline:DescribePipelines",
"datapipeline:GetPipelineDefinition",
"datapipeline:ListPipelines",
"datapipeline:PutPipelineDefinition",
"datapipeline:QueryObjects",
"dynamodb:*",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"elasticache:*",
"iam:ListRoles",
"iam:GetRole",
"kms:ListKeys",
"lambda:CreateEventSourceMapping",
"lambda:CreateFunction",
"lambda:DeleteEventSourceMapping",
"lambda:DeleteFunction",
"lambda:GetFunctionConfiguration",
"lambda:ListEventSourceMappings",
"lambda:ListFunctions",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:FilterLogEvents",
"logs:GetLogEvents",
"logs:Create*",
"logs:PutLogEvents",
"logs:PutMetricFilter",
"rds:*",
"redshift:*",
"s3:CreateBucket",
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:Get*",
"sns:List*",
"sns:SetTopicAttributes",
"sns:Subscribe",
"sns:Unsubscribe"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject*",
"s3:Get*",
"s3:List*",
"s3:PutAccelerateConfiguration",
"s3:PutBucketTagging",
"s3:PutBucketVersioning",
"s3:PutBucketWebsite",
"s3:PutLifecycleConfiguration",
"s3:PutReplicationConfiguration",
"s3:PutObject*",
"s3:Replicate*",
"s3:RestoreObject"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:PassRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/rds-monitoring-role",
"arn:aws:iam::*:role/rdbms-lambda-access",
"arn:aws:iam::*:role/lambda_exec_role",
"arn:aws:iam::*:role/lambda-dynamodb-*",
"arn:aws:iam::*:role/lambda-vpc-execution-role",
"arn:aws:iam::*:role/DataPipelineDefaultRole",
"arn:aws:iam::*:role/DataPipelineDefaultResourceRole"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/job-function/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIGBMAW4VUQKOQNVT6",
"PolicyName": "DatabaseAdministrator",
"UpdateDate": "2019-01-08T00:48:02+00:00",
"VersionId": "v2"
},
"DynamoDBCloudWatchContributorInsightsServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/DynamoDBCloudWatchContributorInsightsServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-11-15T21:13:58+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"cloudwatch:DeleteInsightRules",
"cloudwatch:PutInsightRule"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*"
},
{
"Action": [
"cloudwatch:DescribeInsightRules"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4G4VWJTRGV",
"PolicyName": "DynamoDBCloudWatchContributorInsightsServiceRolePolicy",
"UpdateDate": "2019-11-15T21:13:58+00:00",
"VersionId": "v1"
},
"DynamoDBKinesisReplicationServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/DynamoDBKinesisReplicationServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-11-12T00:43:25+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "kms:GenerateDataKey",
"Condition": {
"StringLike": {
"kms:ViaService": "kinesis.*.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kinesis:PutRecord",
"kinesis:PutRecords",
"kinesis:DescribeStream"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4A745YPIYL",
"PolicyName": "DynamoDBKinesisReplicationServiceRolePolicy",
"UpdateDate": "2020-11-12T00:43:25+00:00",
"VersionId": "v1"
},
"DynamoDBReplicationServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/DynamoDBReplicationServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-11-09T23:55:34+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:DescribeTable",
"dynamodb:UpdateTable",
"dynamodb:Scan",
"dynamodb:DescribeStream",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:DescribeTimeToLive",
"dynamodb:UpdateTimeToLive",
"dynamodb:DescribeLimits",
"application-autoscaling:RegisterScalableTarget",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:PutScalingPolicy",
"application-autoscaling:DescribeScalingPolicies"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"dynamodb.application-autoscaling.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJCUNRXL4BWASNJED2",
"PolicyName": "DynamoDBReplicationServiceRolePolicy",
"UpdateDate": "2020-09-09T18:43:04+00:00",
"VersionId": "v6"
},
"EC2FleetTimeShiftableServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/EC2FleetTimeShiftableServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-12-23T19:47:15+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeImages",
"ec2:DescribeSubnets",
"ec2:DescribeInstances",
"ec2:RunInstances",
"ec2:CreateFleet"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:PassRole"
],
"Condition": {
"StringEquals": {
"iam:PassedToService": [
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:CreateTags"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:spot-instances-request/*"
]
},
{
"Action": [
"ec2:TerminateInstances"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:ec2:fleet-id": "*"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4IU3TFNWBH",
"PolicyName": "EC2FleetTimeShiftableServiceRolePolicy",
"UpdateDate": "2019-12-23T19:47:15+00:00",
"VersionId": "v1"
},
"EC2InstanceConnect": {
"Arn": "arn:aws:iam::aws:policy/EC2InstanceConnect",
"AttachmentCount": 0,
"CreateDate": "2019-06-27T18:53:34+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
"ec2-instance-connect:SendSSHPublicKey"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "EC2InstanceConnect"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4PBRCMEYY5",
"PolicyName": "EC2InstanceConnect",
"UpdateDate": "2019-06-27T18:53:34+00:00",
"VersionId": "v1"
},
"EC2InstanceProfileForImageBuilder": {
"Arn": "arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder",
"AttachmentCount": 0,
"CreateDate": "2019-12-01T19:08:23+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"imagebuilder:GetComponent"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:Decrypt"
],
"Condition": {
"ForAnyValue:StringEquals": {
"aws:CalledVia": [
"imagebuilder.amazonaws.com"
],
"kms:EncryptionContextKeys": "aws:imagebuilder:arn"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::ec2imagebuilder*"
},
{
"Action": [
"logs:CreateLogStream",
"logs:CreateLogGroup",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/imagebuilder/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4EJC2UPLYL",
"PolicyName": "EC2InstanceProfileForImageBuilder",
"UpdateDate": "2020-08-27T16:40:50+00:00",
"VersionId": "v3"
},
"EC2InstanceProfileForImageBuilderECRContainerBuilds": {
"Arn": "arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilderECRContainerBuilds",
"AttachmentCount": 0,
"CreateDate": "2020-12-11T19:48:15+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"imagebuilder:GetComponent",
"imagebuilder:GetContainerRecipe",
"ecr:GetAuthorizationToken",
"ecr:BatchGetImage",
"ecr:InitiateLayerUpload",
"ecr:UploadLayerPart",
"ecr:CompleteLayerUpload",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:PutImage"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:Decrypt"
],
"Condition": {
"ForAnyValue:StringEquals": {
"aws:CalledVia": [
"imagebuilder.amazonaws.com"
],
"kms:EncryptionContextKeys": "aws:imagebuilder:arn"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::ec2imagebuilder*"
},
{
"Action": [
"logs:CreateLogStream",
"logs:CreateLogGroup",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/imagebuilder/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4C32QNC6KD",
"PolicyName": "EC2InstanceProfileForImageBuilderECRContainerBuilds",
"UpdateDate": "2020-12-11T19:48:15+00:00",
"VersionId": "v1"
},
"ECRReplicationServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/ECRReplicationServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-12-04T22:11:28+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ecr:CreateRepository",
"ecr:ReplicateImage"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4NS3XDKIDR",
"PolicyName": "ECRReplicationServiceRolePolicy",
"UpdateDate": "2020-12-04T22:11:28+00:00",
"VersionId": "v1"
},
"Ec2ImageBuilderCrossAccountDistributionAccess": {
"Arn": "arn:aws:iam::aws:policy/Ec2ImageBuilderCrossAccountDistributionAccess",
"AttachmentCount": 0,
"CreateDate": "2020-09-30T19:22:54+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "ec2:CreateTags",
"Effect": "Allow",
"Resource": "arn:aws:ec2:*::image/*"
},
{
"Action": [
"ec2:DescribeImages",
"ec2:CopyImage",
"ec2:ModifyImageAttribute"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4PHZOLIXKT",
"PolicyName": "Ec2ImageBuilderCrossAccountDistributionAccess",
"UpdateDate": "2020-09-30T19:22:54+00:00",
"VersionId": "v1"
},
"ElastiCacheServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2017-12-07T17:50:04+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:RevokeSecurityGroupIngress",
"cloudwatch:PutMetricData",
"outposts:GetOutpost",
"outposts:GetOutpostInstanceTypes",
"outposts:ListOutposts",
"outposts:ListSites"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIML5LIBUZBVCSF7PI",
"PolicyName": "ElastiCacheServiceRolePolicy",
"UpdateDate": "2020-02-06T21:27:13+00:00",
"VersionId": "v3"
},
"ElasticLoadBalancingFullAccess": {
"Arn": "arn:aws:iam::aws:policy/ElasticLoadBalancingFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-09-20T20:42:07+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": "elasticloadbalancing:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeVpcClassicLink",
"ec2:DescribeInstances",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeRouteTables",
"ec2:DescribeCoipPools",
"ec2:GetCoipPoolUsage",
"cognito-idp:DescribeUserPoolClient"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "elasticloadbalancing.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIDPMLA3IUIOQCISJ4",
"PolicyName": "ElasticLoadBalancingFullAccess",
"UpdateDate": "2020-12-04T20:01:39+00:00",
"VersionId": "v5"
},
"ElasticLoadBalancingReadOnly": {
"Arn": "arn:aws:iam::aws:policy/ElasticLoadBalancingReadOnly",
"AttachmentCount": 0,
"CreateDate": "2018-09-20T20:17:09+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "elasticloadbalancing:Describe*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeSecurityGroups"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJMO7B7SNFLQ6HH736",
"PolicyName": "ElasticLoadBalancingReadOnly",
"UpdateDate": "2018-09-20T20:17:09+00:00",
"VersionId": "v1"
},
"ElementalActivationsDownloadSoftwareAccess": {
"Arn": "arn:aws:iam::aws:policy/ElementalActivationsDownloadSoftwareAccess",
"AttachmentCount": 0,
"CreateDate": "2020-09-08T17:26:09+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"elemental-activations:Get*",
"elemental-activations:Download*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4IQVGBB6WY",
"PolicyName": "ElementalActivationsDownloadSoftwareAccess",
"UpdateDate": "2020-09-08T17:26:09+00:00",
"VersionId": "v1"
},
"ElementalActivationsFullAccess": {
"Arn": "arn:aws:iam::aws:policy/ElementalActivationsFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-06-04T21:00:13+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"elemental-activations:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4IYX6A6CKJ",
"PolicyName": "ElementalActivationsFullAccess",
"UpdateDate": "2020-06-04T21:00:13+00:00",
"VersionId": "v1"
},
"ElementalActivationsGenerateLicenses": {
"Arn": "arn:aws:iam::aws:policy/ElementalActivationsGenerateLicenses",
"AttachmentCount": 0,
"CreateDate": "2020-08-28T18:28:58+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"elemental-activations:Get*",
"elemental-activations:GenerateLicenses",
"elemental-activations:StartFileUpload",
"elemental-activations:CompleteFileUpload"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4LVMPXPYYJ",
"PolicyName": "ElementalActivationsGenerateLicenses",
"UpdateDate": "2020-08-28T18:28:58+00:00",
"VersionId": "v1"
},
"ElementalActivationsReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/ElementalActivationsReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-08-28T16:51:01+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"elemental-activations:Get*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4JBRIPMTYG",
"PolicyName": "ElementalActivationsReadOnlyAccess",
"UpdateDate": "2020-08-28T16:51:01+00:00",
"VersionId": "v1"
},
"ElementalAppliancesSoftwareFullAccess": {
"Arn": "arn:aws:iam::aws:policy/ElementalAppliancesSoftwareFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-07-31T16:28:53+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"elemental-appliances-software:*",
"elemental-activations:CompleteAccountRegistration"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4DHARJPIR5",
"PolicyName": "ElementalAppliancesSoftwareFullAccess",
"UpdateDate": "2021-02-05T21:01:25+00:00",
"VersionId": "v4"
},
"ElementalAppliancesSoftwareReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/ElementalAppliancesSoftwareReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2020-04-01T22:31:09+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"elemental-appliances-software:List*",
"elemental-appliances-software:Get*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4CLKYU5WOM",
"PolicyName": "ElementalAppliancesSoftwareReadOnlyAccess",
"UpdateDate": "2020-04-01T22:31:09+00:00",
"VersionId": "v1"
},
"ElementalSupportCenterFullAccess": {
"Arn": "arn:aws:iam::aws:policy/ElementalSupportCenterFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-11-25T18:08:30+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"elemental-support-cases:*",
"elemental-support-content:*",
"elemental-activations:CompleteAccountRegistration"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4ECPR57WVQ",
"PolicyName": "ElementalSupportCenterFullAccess",
"UpdateDate": "2021-02-05T21:02:54+00:00",
"VersionId": "v2"
},
"FMSServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/FMSServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-03-28T23:01:12+00:00",
"DefaultVersionId": "v18",
"Document": {
"Statement": [
{
"Action": [
"waf:UpdateWebACL",
"waf:DeleteWebACL",
"waf:GetWebACL",
"waf:GetRuleGroup",
"waf:ListSubscribedRuleGroups",
"waf-regional:UpdateWebACL",
"waf-regional:DeleteWebACL",
"waf-regional:GetWebACL",
"waf-regional:GetRuleGroup",
"waf-regional:ListSubscribedRuleGroups",
"waf-regional:ListResourcesForWebACL",
"waf-regional:AssociateWebACL",
"waf-regional:DisassociateWebACL",
"elasticloadbalancing:SetWebACL",
"apigateway:SetWebACL",
"elasticloadbalancing:SetSecurityGroups"
],
"Effect": "Allow",
"Resource": [
"arn:aws:waf:*:*:webacl/*",
"arn:aws:waf-regional:*:*:webacl/*",
"arn:aws:waf:*:*:rulegroup/*",
"arn:aws:waf-regional:*:*:rulegroup/*",
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*",
"arn:aws:apigateway:*::/restapis/*/stages/*"
]
},
{
"Action": [
"wafv2:PutLoggingConfiguration",
"wafv2:GetLoggingConfiguration",
"wafv2:ListLoggingConfigurations",
"wafv2:DeleteLoggingConfiguration"
],
"Effect": "Allow",
"Resource": [
"arn:aws:wafv2:*:*:regional/webacl/*",
"arn:aws:wafv2:*:*:global/webacl/*"
]
},
{
"Action": [
"waf:CreateWebACL",
"waf-regional:CreateWebACL",
"waf:GetChangeToken",
"waf-regional:GetChangeToken"
],
"Effect": "Allow",
"Resource": [
"arn:aws:waf:*",
"arn:aws:waf-regional:*"
]
},
{
"Action": [
"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"waf:PutPermissionPolicy",
"waf:GetPermissionPolicy",
"waf:DeletePermissionPolicy",
"waf-regional:PutPermissionPolicy",
"waf-regional:GetPermissionPolicy",
"waf-regional:DeletePermissionPolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:waf:*:*:webacl/*",
"arn:aws:waf:*:*:rulegroup/*",
"arn:aws:waf-regional:*:*:webacl/*",
"arn:aws:waf-regional:*:*:rulegroup/*"
]
},
{
"Action": [
"cloudfront:GetDistribution",
"cloudfront:UpdateDistribution",
"cloudfront:ListDistributionsByWebACLId",
"cloudfront:ListDistributions"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"config:DeleteConfigRule",
"config:DescribeComplianceByConfigRule",
"config:DescribeConfigRuleEvaluationStatus",
"config:DescribeConfigRules",
"config:GetComplianceDetailsByConfigRule",
"config:PutConfigRule",
"config:StartConfigRulesEvaluation"
],
"Effect": "Allow",
"Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/fms.amazonaws.com/*"
},
{
"Action": [
"config:DescribeConfigurationRecorders",
"config:DescribeConfigurationRecorderStatus",
"config:PutConfigurationRecorder",
"config:StartConfigurationRecorder",
"config:PutDeliveryChannel",
"config:DescribeDeliveryChannels",
"config:DescribeDeliveryChannelStatus",
"config:GetComplianceSummaryByConfigRule",
"config:GetDiscoveredResourceCounts",
"config:PutEvaluations",
"config:SelectResourceConfig"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS"
]
},
{
"Action": [
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
"organizations:ListAccounts",
"organizations:DescribeOrganizationalUnit",
"organizations:ListChildren",
"organizations:ListRoots",
"organizations:ListParents",
"organizations:ListOrganizationalUnitsForParent",
"organizations:ListAWSServiceAccessForOrganization"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"shield:CreateProtection",
"shield:DeleteProtection",
"shield:DescribeProtection",
"shield:ListProtections",
"shield:ListAttacks",
"shield:CreateSubscription",
"shield:DescribeSubscription",
"shield:GetSubscriptionState",
"shield:DescribeDRTAccess",
"shield:DescribeEmergencyContactSettings",
"shield:UpdateEmergencyContactSettings",
"elasticloadbalancing:DescribeLoadBalancers",
"ec2:DescribeAddresses"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:DeleteSecurityGroup",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"ec2:UpdateSecurityGroupRuleDescriptionsEgress",
"ec2:UpdateSecurityGroupRuleDescriptionsIngress",
"ec2:DescribeNetworkInterfaceAttribute"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:network-interface/*",
"arn:aws:ec2:*:*:security-group/*"
]
},
{
"Action": [
"ec2:CreateTags"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:security-group/*"
]
},
{
"Action": [
"ec2:CreateSecurityGroup",
"ec2:DescribeSecurityGroupReferences",
"ec2:DescribeSecurityGroups",
"ec2:DescribeStaleSecurityGroups",
"ec2:DescribeNetworkInterfaces",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DescribeVpcs",
"ec2:DescribeVpcPeeringConnections"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"wafv2:TagResource",
"wafv2:ListResourcesForWebACL",
"wafv2:AssociateWebACL",
"wafv2:ListTagsForResource",
"wafv2:UntagResource",
"wafv2:GetWebACL",
"wafv2:DisassociateFirewallManager",
"wafv2:DeleteWebACL",
"wafv2:DisassociateWebACL"
],
"Effect": "Allow",
"Resource": [
"arn:aws:wafv2:*:*:global/webacl/*",
"arn:aws:wafv2:*:*:regional/webacl/*"
]
},
{
"Action": [
"wafv2:UpdateWebACL",
"wafv2:CreateWebACL",
"wafv2:DeleteFirewallManagerRuleGroups",
"wafv2:PutFirewallManagerRuleGroups"
],
"Effect": "Allow",
"Resource": [
"arn:aws:wafv2:*:*:global/webacl/*",
"arn:aws:wafv2:*:*:regional/webacl/*",
"arn:aws:wafv2:*:*:global/rulegroup/*",
"arn:aws:wafv2:*:*:regional/rulegroup/*",
"arn:aws:wafv2:*:*:global/managedruleset/*",
"arn:aws:wafv2:*:*:regional/managedruleset/*",
"arn:aws:wafv2:*:*:global/ipset/*",
"arn:aws:wafv2:*:*:regional/ipset/*",
"arn:aws:wafv2:*:*:global/regexpatternset/*",
"arn:aws:wafv2:*:*:regional/regexpatternset/*"
]
},
{
"Action": [
"wafv2:PutPermissionPolicy",
"wafv2:GetPermissionPolicy",
"wafv2:DeletePermissionPolicy"
],
"Effect": "Allow",
"Resource": [
"arn:aws:wafv2:*:*:global/rulegroup/*",
"arn:aws:wafv2:*:*:regional/rulegroup/*"
]
},
{
"Action": [
"cloudfront:ListTagsForResource"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"wafv2:GetWebACLForResource"
],
"Effect": "Allow",
"Resource": [
"arn:aws:wafv2:*:*:regional/webacl/*"
]
},
{
"Action": "ec2:CreateTags",
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"Name",
"FMManaged"
]
},
"StringEquals": {
"ec2:CreateAction": "CreateRouteTable"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:route-table/*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"Name",
"FMManaged"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:subnet/*"
]
},
{
"Action": "ec2:DeleteRouteTable",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/FMManaged": "true"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:route-table/*"
},
{
"Action": [
"ec2:AssociateRouteTable",
"ec2:CreateSubnet",
"ec2:CreateRouteTable",
"ec2:DeleteSubnet",
"ec2:DisassociateRouteTable",
"ec2:ReplaceRouteTableAssociation"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeInternetGateways",
"ec2:DescribeRouteTables",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVpcEndpoints"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ram:TagResource"
],
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"Name",
"FMManaged"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ram:*:*:resource-share/*"
]
},
{
"Action": [
"ram:AssociateResourceShare",
"ram:UpdateResourceShare",
"ram:DeleteResourceShare"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/FMManaged": "true"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ram:*:*:resource-share/*"
},
{
"Action": "ram:CreateResourceShare",
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"Name",
"FMManaged"
]
},
"StringEquals": {
"aws:RequestTag/FMManaged": [
"true"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ram:GetResourceShareAssociations",
"ram:GetResourceShares"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ram"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": [
"network-firewall.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:GetRole",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"network-firewall:TagResource"
],
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": [
"Name",
"FMManaged"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"network-firewall:AssociateSubnets",
"network-firewall:CreateFirewall",
"network-firewall:CreateFirewallPolicy",
"network-firewall:DisassociateSubnets",
"network-firewall:UpdateFirewallDeleteProtection",
"network-firewall:UpdateFirewallPolicy",
"network-firewall:UpdateFirewallPolicyChangeProtection",
"network-firewall:UpdateSubnetChangeProtection",
"network-firewall:AssociateFirewallPolicy",
"network-firewall:DescribeFirewall",
"network-firewall:DescribeFirewallPolicy",
"network-firewall:DescribeRuleGroup",
"network-firewall:ListFirewallPolicies",
"network-firewall:ListFirewalls",
"network-firewall:ListRuleGroups",
"network-firewall:PutResourcePolicy",
"network-firewall:DescribeResourcePolicy",
"network-firewall:DeleteResourcePolicy"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"network-firewall:DeleteFirewallPolicy",
"network-firewall:DeleteFirewall"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/FMManaged": "true"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:ListLogDeliveries"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"route53resolver:ListFirewallRuleGroupAssociations",
"route53resolver:ListTagsForResource",
"route53resolver:ListFirewallRuleGroups",
"route53resolver:GetFirewallRuleGroupAssociation",
"route53resolver:GetFirewallRuleGroup",
"route53resolver:GetFirewallRuleGroupPolicy",
"route53resolver:PutFirewallRuleGroupPolicy"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"route53resolver:UpdateFirewallRuleGroupAssociation",
"route53resolver:DisassociateFirewallRuleGroup"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/FMManaged": "true"
}
},
"Effect": "Allow",
"Resource": "arn:aws:route53resolver:*:*:firewall-rule-group-association/*"
},
{
"Action": [
"route53resolver:AssociateFirewallRuleGroup",
"route53resolver:TagResource"
],
"Condition": {
"StringEquals": {
"aws:RequestTag/FMManaged": "true"
}
},
"Effect": "Allow",
"Resource": "arn:aws:route53resolver:*:*:firewall-rule-group-association/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI62NTGYJB446ACUEA",
"PolicyName": "FMSServiceRolePolicy",
"UpdateDate": "2021-03-31T21:02:38+00:00",
"VersionId": "v18"
},
"FSxDeleteServiceLinkedRoleAccess": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/FSxDeleteServiceLinkedRoleAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-28T10:40:24+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus",
"iam:GetRole"
],
"Effect": "Allow",
"Resource": "arn:*:iam::*:role/aws-service-role/s3.data-source.lustre.fsx.amazonaws.com/AWSServiceRoleForFSxS3Access_*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ6IRP2YV2YPKWPPNQ",
"PolicyName": "FSxDeleteServiceLinkedRoleAccess",
"UpdateDate": "2018-11-28T10:40:24+00:00",
"VersionId": "v1"
},
"GameLiftGameServerGroupPolicy": {
"Arn": "arn:aws:iam::aws:policy/GameLiftGameServerGroupPolicy",
"AttachmentCount": 0,
"CreateDate": "2020-04-03T23:12:19+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": "ec2:TerminateInstances",
"Condition": {
"StringEquals": {
"ec2:ResourceTag/GameLift": "GameServerGroups"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:CompleteLifecycleAction",
"autoscaling:ResumeProcesses",
"autoscaling:EnterStandby",
"autoscaling:SetInstanceProtection",
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:SuspendProcesses",
"autoscaling:DetachInstances"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/GameLift": "GameServerGroups"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeImages",
"ec2:DescribeInstances",
"autoscaling:DescribeAutoScalingGroups",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribeSubnets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "sns:Publish",
"Effect": "Allow",
"Resource": [
"arn:*:sns:*:*:ActivatingLifecycleHookTopic-*",
"arn:*:sns:*:*:TerminatingLifecycleHookTopic-*"
]
},
{
"Action": [
"cloudwatch:PutMetricData"
],
"Condition": {
"StringEquals": {
"cloudwatch:namespace": "AWS/GameLift"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4JTX4JYBF6",
"PolicyName": "GameLiftGameServerGroupPolicy",
"UpdateDate": "2020-05-13T17:27:43+00:00",
"VersionId": "v3"
},
"GlobalAcceleratorFullAccess": {
"Arn": "arn:aws:iam::aws:policy/GlobalAcceleratorFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-27T02:44:44+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"globalaccelerator:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "elasticloadbalancing:DescribeLoadBalancers",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeAddresses",
"ec2:DescribeInstances",
"ec2:DescribeInternetGateways",
"ec2:DescribeRegions",
"ec2:DescribeSubnets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "globalaccelerator.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/globalaccelerator.amazonaws.com/AWSServiceRoleForGlobalAccelerator*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ3NSRQKPB42BCNRT6",
"PolicyName": "GlobalAcceleratorFullAccess",
"UpdateDate": "2020-12-04T19:17:26+00:00",
"VersionId": "v6"
},
"GlobalAcceleratorReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/GlobalAcceleratorReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-27T02:41:00+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"globalaccelerator:Describe*",
"globalaccelerator:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJYXHGCVENJKQZRNGU",
"PolicyName": "GlobalAcceleratorReadOnlyAccess",
"UpdateDate": "2018-11-27T02:41:00+00:00",
"VersionId": "v1"
},
"GreengrassOTAUpdateArtifactAccess": {
"Arn": "arn:aws:iam::aws:policy/service-role/GreengrassOTAUpdateArtifactAccess",
"AttachmentCount": 0,
"CreateDate": "2017-11-29T18:11:47+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*-greengrass-updates/*"
],
"Sid": "AllowsIotToAccessGreengrassOTAUpdateArtifacts"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIFGE66SKIK3GW5UC2",
"PolicyName": "GreengrassOTAUpdateArtifactAccess",
"UpdateDate": "2018-12-18T00:59:43+00:00",
"VersionId": "v2"
},
"Health_OrganizationsServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/Health_OrganizationsServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-12-16T13:28:21+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": "organizations:ListAccounts",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "organizations:ListAWSServiceAccessForOrganization",
"Effect": "Allow",
"Resource": "*",
"Sid": "ListAWSServiceAccessForOrganization0"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4EZKGOJYHQ",
"PolicyName": "Health_OrganizationsServiceRolePolicy",
"UpdateDate": "2020-06-08T12:48:44+00:00",
"VersionId": "v2"
},
"IAMAccessAdvisorReadOnly": {
"Arn": "arn:aws:iam::aws:policy/IAMAccessAdvisorReadOnly",
"AttachmentCount": 0,
"CreateDate": "2019-06-21T19:33:45+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iam:ListRoles",
"iam:ListUsers",
"iam:ListGroups",
"iam:ListPolicies",
"iam:ListPoliciesGrantingServiceAccess",
"iam:GenerateServiceLastAccessedDetails",
"iam:GenerateOrganizationsAccessReport",
"iam:GenerateCredentialReport",
"iam:GetRole",
"iam:GetPolicy",
"iam:GetServiceLastAccessedDetails",
"iam:GetServiceLastAccessedDetailsWithEntities",
"iam:GetOrganizationsAccessReport",
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
"organizations:DescribeOrganizationalUnit",
"organizations:DescribePolicy",
"organizations:ListChildren",
"organizations:ListParents",
"organizations:ListPoliciesForTarget",
"organizations:ListRoots",
"organizations:ListPolicies",
"organizations:ListTargetsForPolicy"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4FNDX5PG6Z",
"PolicyName": "IAMAccessAdvisorReadOnly",
"UpdateDate": "2019-06-21T19:33:45+00:00",
"VersionId": "v1"
},
"IAMAccessAnalyzerFullAccess": {
"Arn": "arn:aws:iam::aws:policy/IAMAccessAnalyzerFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-12-02T17:12:40+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"access-analyzer:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "access-analyzer.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
"organizations:DescribeOrganizationalUnit",
"organizations:ListAccounts",
"organizations:ListAccountsForParent",
"organizations:ListAWSServiceAccessForOrganization",
"organizations:ListChildren",
"organizations:ListDelegatedAdministrators",
"organizations:ListOrganizationalUnitsForParent",
"organizations:ListParents",
"organizations:ListRoots"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4MAZGHIYZN",
"PolicyName": "IAMAccessAnalyzerFullAccess",
"UpdateDate": "2019-12-02T17:12:40+00:00",
"VersionId": "v1"
},
"IAMAccessAnalyzerReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/IAMAccessAnalyzerReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-12-02T17:12:53+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"access-analyzer:Get*",
"access-analyzer:List*",
"access-analyzer:ValidatePolicy"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4GY4R3GAPM",
"PolicyName": "IAMAccessAnalyzerReadOnlyAccess",
"UpdateDate": "2021-03-16T20:37:30+00:00",
"VersionId": "v2"
},
"IAMFullAccess": {
"Arn": "arn:aws:iam::aws:policy/IAMFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:38+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"iam:*",
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
"organizations:DescribeOrganizationalUnit",
"organizations:DescribePolicy",
"organizations:ListChildren",
"organizations:ListParents",
"organizations:ListPoliciesForTarget",
"organizations:ListRoots",
"organizations:ListPolicies",
"organizations:ListTargetsForPolicy"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI7XKCFMBPM3QQRRVQ",
"PolicyName": "IAMFullAccess",
"UpdateDate": "2019-06-21T19:40:00+00:00",
"VersionId": "v2"
},
"IAMReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/IAMReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:40:39+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"iam:GenerateCredentialReport",
"iam:GenerateServiceLastAccessedDetails",
"iam:Get*",
"iam:List*",
"iam:SimulateCustomPolicy",
"iam:SimulatePrincipalPolicy"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJKSO7NDY4T57MWDSQ",
"PolicyName": "IAMReadOnlyAccess",
"UpdateDate": "2018-01-25T19:11:27+00:00",
"VersionId": "v4"
},
"IAMSelfManageServiceSpecificCredentials": {
"Arn": "arn:aws:iam::aws:policy/IAMSelfManageServiceSpecificCredentials",
"AttachmentCount": 0,
"CreateDate": "2016-12-22T17:25:18+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iam:CreateServiceSpecificCredential",
"iam:ListServiceSpecificCredentials",
"iam:UpdateServiceSpecificCredential",
"iam:DeleteServiceSpecificCredential",
"iam:ResetServiceSpecificCredential"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI4VT74EMXK2PMQJM2",
"PolicyName": "IAMSelfManageServiceSpecificCredentials",
"UpdateDate": "2016-12-22T17:25:18+00:00",
"VersionId": "v1"
},
"IAMUserChangePassword": {
"Arn": "arn:aws:iam::aws:policy/IAMUserChangePassword",
"AttachmentCount": 0,
"CreateDate": "2016-11-15T00:25:16+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"iam:ChangePassword"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:user/${aws:username}"
]
},
{
"Action": [
"iam:GetAccountPasswordPolicy"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ4L4MM2A7QIEB56MS",
"PolicyName": "IAMUserChangePassword",
"UpdateDate": "2016-11-15T23:18:55+00:00",
"VersionId": "v2"
},
"IAMUserSSHKeys": {
"Arn": "arn:aws:iam::aws:policy/IAMUserSSHKeys",
"AttachmentCount": 0,
"CreateDate": "2015-07-09T17:08:54+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iam:DeleteSSHPublicKey",
"iam:GetSSHPublicKey",
"iam:ListSSHPublicKeys",
"iam:UpdateSSHPublicKey",
"iam:UploadSSHPublicKey"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJTSHUA4UXGXU7ANUA",
"PolicyName": "IAMUserSSHKeys",
"UpdateDate": "2015-07-09T17:08:54+00:00",
"VersionId": "v1"
},
"IVSRecordToS3": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/IVSRecordToS3",
"AttachmentCount": 0,
"CreateDate": "2020-12-05T00:10:43+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::AWSIVS_*/ivs/*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4M65NGVKOJ",
"PolicyName": "IVSRecordToS3",
"UpdateDate": "2020-12-05T00:10:43+00:00",
"VersionId": "v1"
},
"KafkaServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/KafkaServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-11-15T23:31:48+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:CreateNetworkInterfacePermission",
"ec2:AttachNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DetachNetworkInterface",
"acm-pca:GetCertificateAuthorityCertificate",
"secretsmanager:ListSecrets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"secretsmanager:GetResourcePolicy",
"secretsmanager:PutResourcePolicy",
"secretsmanager:DeleteResourcePolicy",
"secretsmanager:DescribeSecret"
],
"Condition": {
"ArnLike": {
"secretsmanager:SecretId": "arn:*:secretsmanager:*:*:secret:AmazonMSK_*"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJUXPRZ76MAP2EVQJU",
"PolicyName": "KafkaServiceRolePolicy",
"UpdateDate": "2020-08-26T20:40:53+00:00",
"VersionId": "v3"
},
"LakeFormationDataAccessServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/LakeFormationDataAccessServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-06-20T20:46:19+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4N342E3KHW",
"PolicyName": "LakeFormationDataAccessServiceRolePolicy",
"UpdateDate": "2019-06-20T20:46:19+00:00",
"VersionId": "v1"
},
"LexBotPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/LexBotPolicy",
"AttachmentCount": 0,
"CreateDate": "2017-02-17T22:18:13+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"polly:SynthesizeSpeech"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"comprehend:DetectSentiment"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJJ3NZRBBQKSESXXJC",
"PolicyName": "LexBotPolicy",
"UpdateDate": "2019-11-13T22:29:16+00:00",
"VersionId": "v2"
},
"LexChannelPolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/LexChannelPolicy",
"AttachmentCount": 0,
"CreateDate": "2017-02-17T23:23:24+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"lex:PostText"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJKYEISPO63JTBJWPY",
"PolicyName": "LexChannelPolicy",
"UpdateDate": "2017-02-17T23:23:24+00:00",
"VersionId": "v1"
},
"LightsailExportAccess": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/LightsailExportAccess",
"AttachmentCount": 0,
"CreateDate": "2018-09-28T16:35:54+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/lightsail.amazonaws.com/AWSServiceRoleForLightsail*"
},
{
"Action": [
"ec2:CopySnapshot",
"ec2:DescribeSnapshots",
"ec2:CopyImage",
"ec2:DescribeImages"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ4LZGPQLZWMVR4WMQ",
"PolicyName": "LightsailExportAccess",
"UpdateDate": "2018-09-28T16:35:54+00:00",
"VersionId": "v1"
},
"MediaPackageServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/MediaPackageServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-09-18T17:45:47+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "logs:PutLogEvents",
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/MediaPackage/*:log-stream:*"
},
{
"Action": [
"logs:CreateLogStream",
"logs:CreateLogGroup",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams"
],
"Effect": "Allow",
"Resource": "arn:aws:logs:*:*:log-group:/aws/MediaPackage/*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4GXH4HDK6N",
"PolicyName": "MediaPackageServiceRolePolicy",
"UpdateDate": "2020-09-18T17:45:47+00:00",
"VersionId": "v1"
},
"MigrationHubDMSAccessServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/MigrationHubDMSAccessServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-06-12T17:50:39+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": "mgh:CreateProgressUpdateStream",
"Effect": "Allow",
"Resource": "arn:aws:mgh:*:*:progressUpdateStream/DMS"
},
{
"Action": [
"mgh:DescribeMigrationTask",
"mgh:AssociateDiscoveredResource",
"mgh:ListDiscoveredResources",
"mgh:ImportMigrationTask",
"mgh:ListCreatedArtifacts",
"mgh:DisassociateDiscoveredResource",
"mgh:AssociateCreatedArtifact",
"mgh:NotifyMigrationTaskState",
"mgh:DisassociateCreatedArtifact",
"mgh:PutResourceAttributes"
],
"Effect": "Allow",
"Resource": "arn:aws:mgh:*:*:progressUpdateStream/DMS/migrationTask/*"
},
{
"Action": [
"mgh:ListMigrationTasks",
"mgh:NotifyApplicationState",
"mgh:DescribeApplicationState",
"mgh:GetHomeRegion"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4IV7DIZ555",
"PolicyName": "MigrationHubDMSAccessServiceRolePolicy",
"UpdateDate": "2019-10-07T17:57:44+00:00",
"VersionId": "v2"
},
"MigrationHubSMSAccessServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/MigrationHubSMSAccessServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-06-12T18:30:28+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": "mgh:CreateProgressUpdateStream",
"Effect": "Allow",
"Resource": "arn:aws:mgh:*:*:progressUpdateStream/SMS"
},
{
"Action": [
"mgh:DescribeMigrationTask",
"mgh:AssociateDiscoveredResource",
"mgh:ListDiscoveredResources",
"mgh:ImportMigrationTask",
"mgh:ListCreatedArtifacts",
"mgh:DisassociateDiscoveredResource",
"mgh:AssociateCreatedArtifact",
"mgh:NotifyMigrationTaskState",
"mgh:DisassociateCreatedArtifact",
"mgh:PutResourceAttributes"
],
"Effect": "Allow",
"Resource": "arn:aws:mgh:*:*:progressUpdateStream/SMS/migrationTask/*"
},
{
"Action": [
"mgh:ListMigrationTasks",
"mgh:NotifyApplicationState",
"mgh:DescribeApplicationState",
"mgh:GetHomeRegion"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4JCW2B2IGB",
"PolicyName": "MigrationHubSMSAccessServiceRolePolicy",
"UpdateDate": "2019-10-07T18:02:22+00:00",
"VersionId": "v2"
},
"MigrationHubServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/MigrationHubServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-06-12T17:22:16+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"discovery:ListConfigurations",
"discovery:DescribeConfigurations"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "ec2:CreateTags",
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": "aws:migrationhub:source-id"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:ec2:*:*:instance/*",
"arn:aws:ec2:*:*:image/*",
"arn:aws:ec2:*:*:volume/*"
]
},
{
"Action": "dms:AddTagsToResource",
"Condition": {
"ForAllValues:StringEquals": {
"aws:TagKeys": "aws:migrationhub:source-id"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:dms:*:*:endpoint:*"
]
},
{
"Action": [
"ec2:DescribeInstanceAttribute"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4NWLJ3LLW3",
"PolicyName": "MigrationHubServiceRolePolicy",
"UpdateDate": "2020-08-06T18:08:46+00:00",
"VersionId": "v3"
},
"NeptuneConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/NeptuneConsoleFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-06-19T21:35:19+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"rds:CreateDBCluster",
"rds:CreateDBInstance"
],
"Condition": {
"StringEquals": {
"rds:DatabaseEngine": [
"graphdb",
"neptune"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:rds:*:*:*"
]
},
{
"Action": [
"rds:AddRoleToDBCluster",
"rds:AddSourceIdentifierToSubscription",
"rds:AddTagsToResource",
"rds:ApplyPendingMaintenanceAction",
"rds:CopyDBClusterParameterGroup",
"rds:CopyDBClusterSnapshot",
"rds:CopyDBParameterGroup",
"rds:CreateDBClusterParameterGroup",
"rds:CreateDBClusterSnapshot",
"rds:CreateDBParameterGroup",
"rds:CreateDBSubnetGroup",
"rds:CreateEventSubscription",
"rds:DeleteDBCluster",
"rds:DeleteDBClusterParameterGroup",
"rds:DeleteDBClusterSnapshot",
"rds:DeleteDBInstance",
"rds:DeleteDBParameterGroup",
"rds:DeleteDBSubnetGroup",
"rds:DeleteEventSubscription",
"rds:DescribeAccountAttributes",
"rds:DescribeCertificates",
"rds:DescribeDBClusterParameterGroups",
"rds:DescribeDBClusterParameters",
"rds:DescribeDBClusterSnapshotAttributes",
"rds:DescribeDBClusterSnapshots",
"rds:DescribeDBClusters",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeDBLogFiles",
"rds:DescribeDBParameterGroups",
"rds:DescribeDBParameters",
"rds:DescribeDBSecurityGroups",
"rds:DescribeDBSubnetGroups",
"rds:DescribeEngineDefaultClusterParameters",
"rds:DescribeEngineDefaultParameters",
"rds:DescribeEventCategories",
"rds:DescribeEventSubscriptions",
"rds:DescribeEvents",
"rds:DescribeOptionGroups",
"rds:DescribeOrderableDBInstanceOptions",
"rds:DescribePendingMaintenanceActions",
"rds:DescribeValidDBInstanceModifications",
"rds:DownloadDBLogFilePortion",
"rds:FailoverDBCluster",
"rds:ListTagsForResource",
"rds:ModifyDBCluster",
"rds:ModifyDBClusterParameterGroup",
"rds:ModifyDBClusterSnapshotAttribute",
"rds:ModifyDBInstance",
"rds:ModifyDBParameterGroup",
"rds:ModifyDBSubnetGroup",
"rds:ModifyEventSubscription",
"rds:PromoteReadReplicaDBCluster",
"rds:RebootDBInstance",
"rds:RemoveRoleFromDBCluster",
"rds:RemoveSourceIdentifierFromSubscription",
"rds:RemoveTagsFromResource",
"rds:ResetDBClusterParameterGroup",
"rds:ResetDBParameterGroup",
"rds:RestoreDBClusterFromSnapshot",
"rds:RestoreDBClusterToPointInTime"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"ec2:AllocateAddress",
"ec2:AssignIpv6Addresses",
"ec2:AssignPrivateIpAddresses",
"ec2:AssociateAddress",
"ec2:AssociateRouteTable",
"ec2:AssociateSubnetCidrBlock",
"ec2:AssociateVpcCidrBlock",
"ec2:AttachInternetGateway",
"ec2:AttachNetworkInterface",
"ec2:CreateCustomerGateway",
"ec2:CreateDefaultSubnet",
"ec2:CreateDefaultVpc",
"ec2:CreateInternetGateway",
"ec2:CreateNatGateway",
"ec2:CreateNetworkInterface",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateVpc",
"ec2:CreateVpcEndpoint",
"ec2:CreateVpcEndpoint",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeCustomerGateways",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribePrefixLists",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroupReferences",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcs",
"ec2:DescribeVpcs",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ModifySubnetAttribute",
"ec2:ModifyVpcAttribute",
"ec2:ModifyVpcEndpoint",
"iam:ListRoles",
"kms:ListAliases",
"kms:ListKeyPolicies",
"kms:ListKeys",
"kms:ListRetirableGrants",
"logs:DescribeLogStreams",
"logs:GetLogEvents",
"sns:ListSubscriptions",
"sns:ListTopics",
"sns:Publish"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:passedToService": "rds.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "rds.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJWTD4ELX2KRNICUVQ",
"PolicyName": "NeptuneConsoleFullAccess",
"UpdateDate": "2020-09-02T17:25:07+00:00",
"VersionId": "v4"
},
"NeptuneFullAccess": {
"Arn": "arn:aws:iam::aws:policy/NeptuneFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-05-30T19:17:31+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"rds:CreateDBCluster",
"rds:CreateDBInstance"
],
"Condition": {
"StringEquals": {
"rds:DatabaseEngine": [
"graphdb",
"neptune"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:rds:*:*:*"
]
},
{
"Action": [
"rds:AddRoleToDBCluster",
"rds:AddSourceIdentifierToSubscription",
"rds:AddTagsToResource",
"rds:ApplyPendingMaintenanceAction",
"rds:CopyDBClusterParameterGroup",
"rds:CopyDBClusterSnapshot",
"rds:CopyDBParameterGroup",
"rds:CreateDBClusterParameterGroup",
"rds:CreateDBClusterSnapshot",
"rds:CreateDBParameterGroup",
"rds:CreateDBSubnetGroup",
"rds:CreateEventSubscription",
"rds:DeleteDBCluster",
"rds:DeleteDBClusterParameterGroup",
"rds:DeleteDBClusterSnapshot",
"rds:DeleteDBInstance",
"rds:DeleteDBParameterGroup",
"rds:DeleteDBSubnetGroup",
"rds:DeleteEventSubscription",
"rds:DescribeAccountAttributes",
"rds:DescribeCertificates",
"rds:DescribeDBClusterParameterGroups",
"rds:DescribeDBClusterParameters",
"rds:DescribeDBClusterSnapshotAttributes",
"rds:DescribeDBClusterSnapshots",
"rds:DescribeDBClusters",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeDBLogFiles",
"rds:DescribeDBParameterGroups",
"rds:DescribeDBParameters",
"rds:DescribeDBSecurityGroups",
"rds:DescribeDBSubnetGroups",
"rds:DescribeEngineDefaultClusterParameters",
"rds:DescribeEngineDefaultParameters",
"rds:DescribeEventCategories",
"rds:DescribeEventSubscriptions",
"rds:DescribeEvents",
"rds:DescribeOptionGroups",
"rds:DescribeOrderableDBInstanceOptions",
"rds:DescribePendingMaintenanceActions",
"rds:DescribeValidDBInstanceModifications",
"rds:DownloadDBLogFilePortion",
"rds:FailoverDBCluster",
"rds:ListTagsForResource",
"rds:ModifyDBCluster",
"rds:ModifyDBClusterParameterGroup",
"rds:ModifyDBClusterSnapshotAttribute",
"rds:ModifyDBInstance",
"rds:ModifyDBParameterGroup",
"rds:ModifyDBSubnetGroup",
"rds:ModifyEventSubscription",
"rds:PromoteReadReplicaDBCluster",
"rds:RebootDBInstance",
"rds:RemoveRoleFromDBCluster",
"rds:RemoveSourceIdentifierFromSubscription",
"rds:RemoveTagsFromResource",
"rds:ResetDBClusterParameterGroup",
"rds:ResetDBParameterGroup",
"rds:RestoreDBClusterFromSnapshot",
"rds:RestoreDBClusterToPointInTime"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
"kms:ListAliases",
"kms:ListKeyPolicies",
"kms:ListKeys",
"kms:ListRetirableGrants",
"logs:DescribeLogStreams",
"logs:GetLogEvents",
"sns:ListSubscriptions",
"sns:ListTopics",
"sns:Publish"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:passedToService": "rds.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "rds.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIXSDEYRCNJRC6ITFK",
"PolicyName": "NeptuneFullAccess",
"UpdateDate": "2020-09-02T17:24:56+00:00",
"VersionId": "v5"
},
"NeptuneReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/NeptuneReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-05-30T19:16:37+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"rds:DescribeAccountAttributes",
"rds:DescribeCertificates",
"rds:DescribeDBClusterParameterGroups",
"rds:DescribeDBClusterParameters",
"rds:DescribeDBClusterSnapshotAttributes",
"rds:DescribeDBClusterSnapshots",
"rds:DescribeDBClusters",
"rds:DescribeDBEngineVersions",
"rds:DescribeDBInstances",
"rds:DescribeDBLogFiles",
"rds:DescribeDBParameterGroups",
"rds:DescribeDBParameters",
"rds:DescribeDBSubnetGroups",
"rds:DescribeEventCategories",
"rds:DescribeEventSubscriptions",
"rds:DescribeEvents",
"rds:DescribeOrderableDBInstanceOptions",
"rds:DescribePendingMaintenanceActions",
"rds:DownloadDBLogFilePortion",
"rds:ListTagsForResource"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kms:ListKeys",
"kms:ListRetirableGrants",
"kms:ListAliases",
"kms:ListKeyPolicies"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"logs:DescribeLogStreams",
"logs:GetLogEvents"
],
"Effect": "Allow",
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*",
"arn:aws:logs:*:*:log-group:/aws/neptune/*:log-stream:*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJS5OQ5RXULC66WTGQ",
"PolicyName": "NeptuneReadOnlyAccess",
"UpdateDate": "2018-05-30T19:16:37+00:00",
"VersionId": "v1"
},
"NetworkAdministrator": {
"Arn": "arn:aws:iam::aws:policy/job-function/NetworkAdministrator",
"AttachmentCount": 0,
"CreateDate": "2016-11-10T17:31:35+00:00",
"DefaultVersionId": "v8",
"Document": {
"Statement": [
{
"Action": [
"autoscaling:Describe*",
"ec2:AcceptVpcEndpointConnections",
"ec2:AllocateAddress",
"ec2:AssignIpv6Addresses",
"ec2:AssignPrivateIpAddresses",
"ec2:AssociateAddress",
"ec2:AssociateDhcpOptions",
"ec2:AssociateRouteTable",
"ec2:AssociateSubnetCidrBlock",
"ec2:AssociateVpcCidrBlock",
"ec2:AttachInternetGateway",
"ec2:AttachNetworkInterface",
"ec2:AttachVpnGateway",
"ec2:CreateCarrierGateway",
"ec2:DeleteCarrierGateway",
"ec2:DescribeCarrierGateways",
"ec2:CreateCustomerGateway",
"ec2:CreateDefaultSubnet",
"ec2:CreateDefaultVpc",
"ec2:CreateDhcpOptions",
"ec2:CreateEgressOnlyInternetGateway",
"ec2:CreateFlowLogs",
"ec2:CreateInternetGateway",
"ec2:CreateNatGateway",
"ec2:CreateNetworkAcl",
"ec2:CreateNetworkAclEntry",
"ec2:CreateNetworkInterface",
"ec2:CreateNetworkInterfacePermission",
"ec2:CreatePlacementGroup",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateTags",
"ec2:CreateVpc",
"ec2:CreateVpcEndpoint",
"ec2:CreateVpcEndpointConnectionNotification",
"ec2:CreateVpcEndpointServiceConfiguration",
"ec2:CreateVpnConnection",
"ec2:CreateVpnConnectionRoute",
"ec2:CreateVpnGateway",
"ec2:DeleteEgressOnlyInternetGateway",
"ec2:DeleteFlowLogs",
"ec2:DeleteNatGateway",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DeletePlacementGroup",
"ec2:DeleteSubnet",
"ec2:DeleteTags",
"ec2:DeleteVpc",
"ec2:DeleteVpcEndpointConnectionNotifications",
"ec2:DeleteVpcEndpoints",
"ec2:DeleteVpcEndpointServiceConfigurations",
"ec2:DeleteVpnConnection",
"ec2:DeleteVpnConnectionRoute",
"ec2:DeleteVpnGateway",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeCustomerGateways",
"ec2:DescribeDhcpOptions",
"ec2:DescribeEgressOnlyInternetGateways",
"ec2:DescribeFlowLogs",
"ec2:DescribeInstances",
"ec2:DescribeInternetGateways",
"ec2:DescribeKeyPairs",
"ec2:DescribeMovingAddresses",
"ec2:DescribeNatGateways",
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeNetworkInterfacePermissions",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribePlacementGroups",
"ec2:DescribePrefixLists",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroupReferences",
"ec2:DescribeSecurityGroups",
"ec2:DescribeStaleSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcClassicLink",
"ec2:DescribeVpcClassicLinkDnsSupport",
"ec2:DescribeVpcEndpointConnectionNotifications",
"ec2:DescribeVpcEndpointConnections",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcEndpointServiceConfigurations",
"ec2:DescribeVpcEndpointServicePermissions",
"ec2:DescribeVpcEndpointServices",
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeVpcs",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways",
"ec2:DetachInternetGateway",
"ec2:DetachNetworkInterface",
"ec2:DetachVpnGateway",
"ec2:DisableVgwRoutePropagation",
"ec2:DisableVpcClassicLinkDnsSupport",
"ec2:DisassociateAddress",
"ec2:DisassociateRouteTable",
"ec2:DisassociateSubnetCidrBlock",
"ec2:DisassociateVpcCidrBlock",
"ec2:EnableVgwRoutePropagation",
"ec2:EnableVpcClassicLinkDnsSupport",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ModifySubnetAttribute",
"ec2:ModifyVpcAttribute",
"ec2:ModifyVpcEndpoint",
"ec2:ModifyVpcEndpointConnectionNotification",
"ec2:ModifyVpcEndpointServiceConfiguration",
"ec2:ModifyVpcEndpointServicePermissions",
"ec2:ModifyVpcPeeringConnectionOptions",
"ec2:ModifyVpcTenancy",
"ec2:MoveAddressToVpc",
"ec2:RejectVpcEndpointConnections",
"ec2:ReleaseAddress",
"ec2:ReplaceNetworkAclAssociation",
"ec2:ReplaceNetworkAclEntry",
"ec2:ReplaceRoute",
"ec2:ReplaceRouteTableAssociation",
"ec2:ResetNetworkInterfaceAttribute",
"ec2:RestoreAddressToClassic",
"ec2:UnassignIpv6Addresses",
"ec2:UnassignPrivateIpAddresses",
"ec2:UpdateSecurityGroupRuleDescriptionsEgress",
"ec2:UpdateSecurityGroupRuleDescriptionsIngress",
"directconnect:*",
"route53:*",
"route53domains:*",
"cloudfront:ListDistributions",
"elasticloadbalancing:*",
"elasticbeanstalk:Describe*",
"elasticbeanstalk:List*",
"elasticbeanstalk:RetrieveEnvironmentInfo",
"elasticbeanstalk:RequestEnvironmentInfo",
"sns:ListTopics",
"sns:ListSubscriptionsByTopic",
"sns:CreateTopic",
"cloudwatch:DescribeAlarms",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DeleteAlarms",
"cloudwatch:GetMetricStatistics",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:GetLogEvents"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AcceptVpcPeeringConnection",
"ec2:AttachClassicLinkVpc",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateVpcPeeringConnection",
"ec2:DeleteCustomerGateway",
"ec2:DeleteDhcpOptions",
"ec2:DeleteInternetGateway",
"ec2:DeleteNetworkAcl",
"ec2:DeleteNetworkAclEntry",
"ec2:DeleteRoute",
"ec2:DeleteRouteTable",
"ec2:DeleteSecurityGroup",
"ec2:DeleteVolume",
"ec2:DeleteVpcPeeringConnection",
"ec2:DetachClassicLinkVpc",
"ec2:DisableVpcClassicLink",
"ec2:EnableVpcClassicLink",
"ec2:GetConsoleScreenshot",
"ec2:RejectVpcPeeringConnection",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetBucketWebsite"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:GetRole",
"iam:ListRoles",
"iam:PassRole"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/flow-logs-*"
},
{
"Action": [
"networkmanager:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AcceptTransitGatewayVpcAttachment",
"ec2:AssociateTransitGatewayRouteTable",
"ec2:CreateTransitGateway",
"ec2:CreateTransitGatewayRoute",
"ec2:CreateTransitGatewayRouteTable",
"ec2:CreateTransitGatewayVpcAttachment",
"ec2:DeleteTransitGateway",
"ec2:DeleteTransitGatewayRoute",
"ec2:DeleteTransitGatewayRouteTable",
"ec2:DeleteTransitGatewayVpcAttachment",
"ec2:DescribeTransitGatewayAttachments",
"ec2:DescribeTransitGatewayRouteTables",
"ec2:DescribeTransitGatewayVpcAttachments",
"ec2:DescribeTransitGateways",
"ec2:DisableTransitGatewayRouteTablePropagation",
"ec2:DisassociateTransitGatewayRouteTable",
"ec2:EnableTransitGatewayRouteTablePropagation",
"ec2:ExportTransitGatewayRoutes",
"ec2:GetTransitGatewayAttachmentPropagations",
"ec2:GetTransitGatewayRouteTableAssociations",
"ec2:GetTransitGatewayRouteTablePropagations",
"ec2:ModifyTransitGatewayVpcAttachment",
"ec2:RejectTransitGatewayVpcAttachment",
"ec2:ReplaceTransitGatewayRoute",
"ec2:SearchTransitGatewayRoutes"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringLike": {
"iam:AWSServiceName": [
"transitgateway.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/job-function/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJPNMADZFJCVPJVZA2",
"PolicyName": "NetworkAdministrator",
"UpdateDate": "2020-09-24T23:55:10+00:00",
"VersionId": "v8"
},
"PowerUserAccess": {
"Arn": "arn:aws:iam::aws:policy/PowerUserAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:39:47+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Effect": "Allow",
"NotAction": [
"iam:*",
"organizations:*",
"account:*"
],
"Resource": "*"
},
{
"Action": [
"iam:CreateServiceLinkedRole",
"iam:DeleteServiceLinkedRole",
"iam:ListRoles",
"organizations:DescribeOrganization",
"account:ListRegions"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJYRXTHIB4FOVS3ZXS",
"PolicyName": "PowerUserAccess",
"UpdateDate": "2019-03-20T22:19:03+00:00",
"VersionId": "v4"
},
"QuickSightAccessForS3StorageManagementAnalyticsReadOnly": {
"Arn": "arn:aws:iam::aws:policy/service-role/QuickSightAccessForS3StorageManagementAnalyticsReadOnly",
"AttachmentCount": 0,
"CreateDate": "2017-06-12T18:18:38+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::s3-analytics-export-shared-*"
]
},
{
"Action": [
"s3:GetAnalyticsConfiguration",
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIFWG3L3WDMR4I7ZJW",
"PolicyName": "QuickSightAccessForS3StorageManagementAnalyticsReadOnly",
"UpdateDate": "2019-10-08T23:53:11+00:00",
"VersionId": "v4"
},
"RDSCloudHsmAuthorizationRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/RDSCloudHsmAuthorizationRole",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:29+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"cloudhsm:CreateLunaClient",
"cloudhsm:DeleteLunaClient",
"cloudhsm:DescribeHapg",
"cloudhsm:DescribeLunaClient",
"cloudhsm:GetConfig",
"cloudhsm:ModifyHapg",
"cloudhsm:ModifyLunaClient"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIWKFXRLQG2ROKKXLE",
"PolicyName": "RDSCloudHsmAuthorizationRole",
"UpdateDate": "2019-09-26T22:14:29+00:00",
"VersionId": "v2"
},
"ReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/ReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:39:48+00:00",
"DefaultVersionId": "v78",
"Document": {
"Statement": [
{
"Action": [
"a4b:Get*",
"a4b:List*",
"a4b:Search*",
"access-analyzer:GetAccessPreview",
"access-analyzer:GetAnalyzedResource",
"access-analyzer:GetAnalyzer",
"access-analyzer:GetArchiveRule",
"access-analyzer:GetFinding",
"access-analyzer:GetGeneratedPolicy",
"access-analyzer:ListAccessPreviewFindings",
"access-analyzer:ListAccessPreviews",
"access-analyzer:ListAnalyzedResources",
"access-analyzer:ListAnalyzers",
"access-analyzer:ListArchiveRules",
"access-analyzer:ListFindings",
"access-analyzer:ListPolicyGenerations",
"access-analyzer:ListTagsForResource",
"access-analyzer:ValidatePolicy",
"acm-pca:Describe*",
"acm-pca:Get*",
"acm-pca:List*",
"acm:Describe*",
"acm:Get*",
"acm:List*",
"amplify:GetApp",
"amplify:GetBranch",
"amplify:GetDomainAssociation",
"amplify:GetJob",
"amplify:ListApps",
"amplify:ListBranches",
"amplify:ListDomainAssociations",
"amplify:ListJobs",
"apigateway:GET",
"application-autoscaling:Describe*",
"applicationinsights:Describe*",
"applicationinsights:List*",
"appmesh:Describe*",
"appmesh:List*",
"appstream:Describe*",
"appstream:List*",
"appsync:Get*",
"appsync:List*",
"athena:Batch*",
"athena:Get*",
"athena:List*",
"auditmanager:GetAccountStatus",
"auditmanager:GetAssessment",
"auditmanager:GetAssessmentFramework",
"auditmanager:GetAssessmentReportUrl",
"auditmanager:GetChangeLogs",
"auditmanager:GetControl",
"auditmanager:GetDelegations",
"auditmanager:GetEvidence",
"auditmanager:GetEvidenceByEvidenceFolder",
"auditmanager:GetEvidenceFolder",
"auditmanager:GetEvidenceFoldersByAssessment",
"auditmanager:GetEvidenceFoldersByAssessmentControl",
"auditmanager:GetOrganizationAdminAccount",
"auditmanager:GetServicesInScope",
"auditmanager:GetSettings",
"auditmanager:ListAssessmentFrameworks",
"auditmanager:ListAssessmentReports",
"auditmanager:ListAssessments",
"auditmanager:ListControls",
"auditmanager:ListKeywordsForDataSource",
"auditmanager:ListNotifications",
"auditmanager:ListTagsForResource",
"auditmanager:ValidateAssessmentReportIntegrity",
"autoscaling-plans:Describe*",
"autoscaling-plans:GetScalingPlanResourceForecastData",
"autoscaling:Describe*",
"aws-portal:View*",
"backup:Describe*",
"backup:Get*",
"backup:List*",
"batch:Describe*",
"batch:List*",
"braket:GetDevice",
"braket:GetQuantumTask",
"braket:SearchDevices",
"braket:SearchQuantumTasks",
"budgets:Describe*",
"budgets:View*",
"cassandra:Select",
"chatbot:Describe*",
"chatbot:Get*",
"chime:Get*",
"chime:List*",
"chime:Retrieve*",
"chime:Search*",
"chime:Validate*",
"cloud9:Describe*",
"cloud9:List*",
"clouddirectory:BatchRead",
"clouddirectory:Get*",
"clouddirectory:List*",
"clouddirectory:LookupPolicy",
"cloudformation:Describe*",
"cloudformation:Detect*",
"cloudformation:Estimate*",
"cloudformation:Get*",
"cloudformation:List*",
"cloudfront:Get*",
"cloudfront:List*",
"cloudhsm:Describe*",
"cloudhsm:Get*",
"cloudhsm:List*",
"cloudsearch:Describe*",
"cloudsearch:List*",
"cloudtrail:Describe*",
"cloudtrail:Get*",
"cloudtrail:List*",
"cloudtrail:LookupEvents",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"codeartifact:DescribeDomain",
"codeartifact:DescribePackageVersion",
"codeartifact:DescribeRepository",
"codeartifact:GetAuthorizationToken",
"codeartifact:GetDomainPermissionsPolicy",
"codeartifact:GetPackageVersionAsset",
"codeartifact:GetPackageVersionReadme",
"codeartifact:GetRepositoryEndpoint",
"codeartifact:GetRepositoryPermissionsPolicy",
"codeartifact:ListDomains",
"codeartifact:ListPackageVersionAssets",
"codeartifact:ListPackageVersionDependencies",
"codeartifact:ListPackageVersions",
"codeartifact:ListPackages",
"codeartifact:ListRepositories",
"codeartifact:ListRepositoriesInDomain",
"codeartifact:ListTagsForResource",
"codeartifact:ReadFromRepository",
"codebuild:BatchGet*",
"codebuild:DescribeCodeCoverages",
"codebuild:DescribeTestCases",
"codebuild:List*",
"codecommit:BatchGet*",
"codecommit:Describe*",
"codecommit:Get*",
"codecommit:GitPull",
"codecommit:List*",
"codedeploy:BatchGet*",
"codedeploy:Get*",
"codedeploy:List*",
"codeguru-profiler:Describe*",
"codeguru-profiler:Get*",
"codeguru-profiler:List*",
"codeguru-reviewer:Describe*",
"codeguru-reviewer:Get*",
"codeguru-reviewer:List*",
"codepipeline:Get*",
"codepipeline:List*",
"codestar-notifications:ListTargets",
"codestar-notifications:describeNotificationRule",
"codestar-notifications:listEventTypes",
"codestar-notifications:listNotificationRules",
"codestar-notifications:listTagsForResource",
"codestar:Describe*",
"codestar:Get*",
"codestar:List*",
"codestar:Verify*",
"cognito-identity:Describe*",
"cognito-identity:GetCredentialsForIdentity",
"cognito-identity:GetIdentityPoolRoles",
"cognito-identity:GetOpenIdToken",
"cognito-identity:GetOpenIdTokenForDeveloperIdentity",
"cognito-identity:List*",
"cognito-identity:Lookup*",
"cognito-idp:AdminGet*",
"cognito-idp:AdminList*",
"cognito-idp:Describe*",
"cognito-idp:Get*",
"cognito-idp:List*",
"cognito-sync:Describe*",
"cognito-sync:Get*",
"cognito-sync:List*",
"cognito-sync:QueryRecords",
"compute-optimizer:DescribeRecommendationExportJobs",
"compute-optimizer:GetAutoScalingGroupRecommendations",
"compute-optimizer:GetEBSVolumeRecommendations",
"compute-optimizer:GetEC2InstanceRecommendations",
"compute-optimizer:GetEC2RecommendationProjectedMetrics",
"compute-optimizer:GetEnrollmentStatus",
"compute-optimizer:GetLambdaFunctionRecommendations",
"compute-optimizer:GetRecommendationSummaries",
"config:BatchGetAggregateResourceConfig",
"config:BatchGetResourceConfig",
"config:Deliver*",
"config:Describe*",
"config:Get*",
"config:List*",
"config:SelectAggregateResourceConfig",
"config:SelectResourceConfig",
"connect:Describe*",
"connect:GetFederationToken",
"connect:List*",
"dataexchange:Get*",
"dataexchange:List*",
"datapipeline:Describe*",
"datapipeline:EvaluateExpression",
"datapipeline:Get*",
"datapipeline:List*",
"datapipeline:QueryObjects",
"datapipeline:Validate*",
"datasync:Describe*",
"datasync:List*",
"dax:BatchGetItem",
"dax:Describe*",
"dax:GetItem",
"dax:ListTags",
"dax:Query",
"dax:Scan",
"deepcomposer:GetComposition",
"deepcomposer:GetModel",
"deepcomposer:GetSampleModel",
"deepcomposer:ListCompositions",
"deepcomposer:ListModels",
"deepcomposer:ListSampleModels",
"deepcomposer:ListTrainingTopics",
"detective:Get*",
"detective:List*",
"devicefarm:Get*",
"devicefarm:List*",
"devops-guru:DescribeAccountHealth",
"devops-guru:DescribeAccountOverview",
"devops-guru:DescribeAnomaly",
"devops-guru:DescribeInsight",
"devops-guru:DescribeResourceCollectionHealth",
"devops-guru:DescribeServiceIntegration",
"devops-guru:GetResourceCollection",
"devops-guru:ListAnomaliesForInsight",
"devops-guru:ListEvents",
"devops-guru:ListInsights",
"devops-guru:ListNotificationChannels",
"devops-guru:ListRecommendations",
"devops-guru:SearchInsights",
"directconnect:Describe*",
"discovery:Describe*",
"discovery:Get*",
"discovery:List*",
"dlm:Get*",
"dms:Describe*",
"dms:List*",
"dms:Test*",
"ds:Check*",
"ds:Describe*",
"ds:Get*",
"ds:List*",
"ds:Verify*",
"dynamodb:BatchGet*",
"dynamodb:Describe*",
"dynamodb:Get*",
"dynamodb:List*",
"dynamodb:Query",
"dynamodb:Scan",
"ec2:Describe*",
"ec2:Get*",
"ec2:SearchTransitGatewayRoutes",
"ec2messages:Get*",
"ecr-public:BatchCheckLayerAvailability",
"ecr-public:DescribeImageTags",
"ecr-public:DescribeImages",
"ecr-public:DescribeRegistries",
"ecr-public:DescribeRepositories",
"ecr-public:GetAuthorizationToken",
"ecr-public:GetRegistryCatalogData",
"ecr-public:GetRepositoryCatalogData",
"ecr-public:GetRepositoryPolicy",
"ecr-public:ListTagsForResource",
"ecr:BatchCheck*",
"ecr:BatchGet*",
"ecr:Describe*",
"ecr:Get*",
"ecr:List*",
"ecs:Describe*",
"ecs:List*",
"eks:Describe*",
"eks:List*",
"elasticache:Describe*",
"elasticache:List*",
"elasticbeanstalk:Check*",
"elasticbeanstalk:Describe*",
"elasticbeanstalk:List*",
"elasticbeanstalk:Request*",
"elasticbeanstalk:Retrieve*",
"elasticbeanstalk:Validate*",
"elasticfilesystem:Describe*",
"elasticloadbalancing:Describe*",
"elasticmapreduce:Describe*",
"elasticmapreduce:GetBlockPublicAccessConfiguration",
"elasticmapreduce:List*",
"elasticmapreduce:View*",
"elastictranscoder:List*",
"elastictranscoder:Read*",
"elemental-appliances-software:Get*",
"elemental-appliances-software:List*",
"es:Describe*",
"es:ESHttpGet",
"es:ESHttpHead",
"es:Get*",
"es:List*",
"events:Describe*",
"events:List*",
"events:Test*",
"firehose:Describe*",
"firehose:List*",
"fis:GetAction",
"fis:GetExperiment",
"fis:GetExperimentTemplate",
"fis:ListActions",
"fis:ListExperimentTemplates",
"fis:ListExperiments",
"fis:ListTagsForResource",
"fms:GetAdminAccount",
"fms:GetAppsList",
"fms:GetComplianceDetail",
"fms:GetNotificationChannel",
"fms:GetPolicy",
"fms:GetProtectionStatus",
"fms:GetProtocolsList",
"fms:GetViolationDetails",
"fms:ListAppsLists",
"fms:ListComplianceStatus",
"fms:ListMemberAccounts",
"fms:ListPolicies",
"fms:ListProtocolsLists",
"fms:ListTagsForResource",
"forecast:DescribeDataset",
"forecast:DescribeDatasetGroup",
"forecast:DescribeDatasetImportJob",
"forecast:DescribeForecast",
"forecast:DescribeForecastExportJob",
"forecast:DescribePredictor",
"forecast:DescribePredictorBacktestExportJob",
"forecast:GetAccuracyMetrics",
"forecast:ListDatasetGroups",
"forecast:ListDatasetImportJobs",
"forecast:ListDatasets",
"forecast:ListForecastExportJobs",
"forecast:ListForecasts",
"forecast:ListPredictorBacktestExportJobs",
"forecast:ListPredictors",
"forecast:QueryForecast",
"freertos:Describe*",
"freertos:List*",
"fsx:Describe*",
"fsx:List*",
"gamelift:Describe*",
"gamelift:Get*",
"gamelift:List*",
"gamelift:ResolveAlias",
"gamelift:Search*",
"glacier:Describe*",
"glacier:Get*",
"glacier:List*",
"globalaccelerator:Describe*",
"globalaccelerator:List*",
"glue:BatchGetDevEndpoints",
"glue:BatchGetJobs",
"glue:BatchGetPartition",
"glue:BatchGetTriggers",
"glue:BatchGetWorkflows",
"glue:CheckSchemaVersionValidity",
"glue:GetCatalogImportStatus",
"glue:GetClassifier",
"glue:GetClassifiers",
"glue:GetCrawler",
"glue:GetCrawlerMetrics",
"glue:GetCrawlers",
"glue:GetDataCatalogEncryptionSettings",
"glue:GetDatabase",
"glue:GetDatabases",
"glue:GetDataflowGraph",
"glue:GetDevEndpoint",
"glue:GetDevEndpoints",
"glue:GetJob",
"glue:GetJobBookmark",
"glue:GetJobRun",
"glue:GetJobRuns",
"glue:GetJobs",
"glue:GetMLTaskRun",
"glue:GetMLTaskRuns",
"glue:GetMLTransform",
"glue:GetMLTransforms",
"glue:GetMapping",
"glue:GetPartition",
"glue:GetPartitions",
"glue:GetPlan",
"glue:GetRegistry",
"glue:GetResourcePolicy",
"glue:GetSchema",
"glue:GetSchemaByDefinition",
"glue:GetSchemaVersion",
"glue:GetSchemaVersionsDiff",
"glue:GetSecurityConfiguration",
"glue:GetSecurityConfigurations",
"glue:GetTable",
"glue:GetTableVersion",
"glue:GetTableVersions",
"glue:GetTables",
"glue:GetTags",
"glue:GetTrigger",
"glue:GetTriggers",
"glue:GetUserDefinedFunction",
"glue:GetUserDefinedFunctions",
"glue:GetWorkflow",
"glue:GetWorkflowRun",
"glue:GetWorkflowRunProperties",
"glue:GetWorkflowRuns",
"glue:ListCrawlers",
"glue:ListDevEndpoints",
"glue:ListJobs",
"glue:ListMLTransforms",
"glue:ListRegistries",
"glue:ListSchemaVersions",
"glue:ListSchemas",
"glue:ListTriggers",
"glue:ListWorkflows",
"glue:QuerySchemaVersionMetadata",
"greengrass:DescribeComponent",
"greengrass:Get*",
"greengrass:List*",
"groundstation:DescribeContact",
"groundstation:GetConfig",
"groundstation:GetDataflowEndpointGroup",
"groundstation:GetMinuteUsage",
"groundstation:GetMissionProfile",
"groundstation:GetSatellite",
"groundstation:ListConfigs",
"groundstation:ListContacts",
"groundstation:ListDataflowEndpointGroups",
"groundstation:ListGroundStations",
"groundstation:ListMissionProfiles",
"groundstation:ListSatellites",
"groundstation:ListTagsForResource",
"guardduty:DescribeOrganizationConfiguration",
"guardduty:DescribePublishingDestination",
"guardduty:Get*",
"guardduty:List*",
"health:Describe*",
"iam:Generate*",
"iam:Get*",
"iam:List*",
"iam:Simulate*",
"imagebuilder:Get*",
"imagebuilder:List*",
"importexport:Get*",
"importexport:List*",
"inspector:Describe*",
"inspector:Get*",
"inspector:List*",
"inspector:Preview*",
"iot:Describe*",
"iot:Get*",
"iot:List*",
"iotanalytics:Describe*",
"iotanalytics:Get*",
"iotanalytics:List*",
"iotanalytics:SampleChannelData",
"iotevents:DescribeAlarm",
"iotevents:DescribeAlarmModel",
"iotevents:DescribeDetector",
"iotevents:DescribeDetectorModel",
"iotevents:DescribeInput",
"iotevents:DescribeLoggingOptions",
"iotevents:ListAlarmModelVersions",
"iotevents:ListAlarmModels",
"iotevents:ListAlarms",
"iotevents:ListDetectorModelVersions",
"iotevents:ListDetectorModels",
"iotevents:ListDetectors",
"iotevents:ListInputs",
"iotevents:ListTagsForResource",
"iotfleethub:DescribeApplication",
"iotfleethub:ListApplications",
"iotsitewise:Describe*",
"iotsitewise:Get*",
"iotsitewise:List*",
"iotwireless:GetDestination",
"iotwireless:GetDeviceProfile",
"iotwireless:GetPartnerAccount",
"iotwireless:GetServiceEndpoint",
"iotwireless:GetServiceProfile",
"iotwireless:GetWirelessDevice",
"iotwireless:GetWirelessDeviceStatistics",
"iotwireless:GetWirelessGateway",
"iotwireless:GetWirelessGatewayCertificate",
"iotwireless:GetWirelessGatewayFirmwareInformation",
"iotwireless:GetWirelessGatewayStatistics",
"iotwireless:GetWirelessGatewayTask",
"iotwireless:GetWirelessGatewayTaskDefinition",
"iotwireless:ListDestinations",
"iotwireless:ListDeviceProfiles",
"iotwireless:ListPartnerAccounts",
"iotwireless:ListServiceProfiles",
"iotwireless:ListTagsForResource",
"iotwireless:ListWirelessDevices",
"iotwireless:ListWirelessGatewayTaskDefinitions",
"iotwireless:ListWirelessGateways",
"ivs:BatchGetChannel",
"ivs:GetChannel",
"ivs:GetPlaybackKeyPair",
"ivs:GetRecordingConfiguration",
"ivs:ListChannels",
"ivs:ListPlaybackKeyPairs",
"ivs:ListRecordingConfigurations",
"ivs:ListStreams",
"ivs:ListTagsForResource",
"kafka:Describe*",
"kafka:Get*",
"kafka:List*",
"kendra:DescribeDataSource",
"kendra:DescribeFaq",
"kendra:DescribeIndex",
"kendra:DescribeThesaurus",
"kendra:ListDataSourceSyncJobs",
"kendra:ListDataSources",
"kendra:ListFaqs",
"kendra:ListIndices",
"kendra:ListTagsForResource",
"kendra:ListThesauri",
"kendra:Query",
"kinesis:Describe*",
"kinesis:Get*",
"kinesis:List*",
"kinesisanalytics:Describe*",
"kinesisanalytics:Discover*",
"kinesisanalytics:Get*",
"kinesisanalytics:List*",
"kinesisvideo:Describe*",
"kinesisvideo:Get*",
"kinesisvideo:List*",
"kms:Describe*",
"kms:Get*",
"kms:List*",
"lambda:Get*",
"lambda:List*",
"lex:Get*",
"license-manager:Get*",
"license-manager:List*",
"lightsail:GetActiveNames",
"lightsail:GetAlarms",
"lightsail:GetAutoSnapshots",
"lightsail:GetBlueprints",
"lightsail:GetBundles",
"lightsail:GetCertificates",
"lightsail:GetCloudFormationStackRecords",
"lightsail:GetContainerAPIMetadata",
"lightsail:GetContainerImages",
"lightsail:GetContainerServiceDeployments",
"lightsail:GetContainerServiceMetricData",
"lightsail:GetContainerServicePowers",
"lightsail:GetContainerServices",
"lightsail:GetDisk",
"lightsail:GetDiskSnapshot",
"lightsail:GetDiskSnapshots",
"lightsail:GetDisks",
"lightsail:GetDistributionBundles",
"lightsail:GetDistributionLatestCacheReset",
"lightsail:GetDistributionMetricData",
"lightsail:GetDistributions",
"lightsail:GetDomain",
"lightsail:GetDomains",
"lightsail:GetExportSnapshotRecords",
"lightsail:GetInstance",
"lightsail:GetInstanceMetricData",
"lightsail:GetInstancePortStates",
"lightsail:GetInstanceSnapshot",
"lightsail:GetInstanceSnapshots",
"lightsail:GetInstanceState",
"lightsail:GetInstances",
"lightsail:GetKeyPair",
"lightsail:GetKeyPairs",
"lightsail:GetLoadBalancer",
"lightsail:GetLoadBalancerMetricData",
"lightsail:GetLoadBalancerTlsCertificates",
"lightsail:GetLoadBalancers",
"lightsail:GetOperation",
"lightsail:GetOperations",
"lightsail:GetOperationsForResource",
"lightsail:GetRegions",
"lightsail:GetRelationalDatabase",
"lightsail:GetRelationalDatabaseBlueprints",
"lightsail:GetRelationalDatabaseBundles",
"lightsail:GetRelationalDatabaseEvents",
"lightsail:GetRelationalDatabaseLogEvents",
"lightsail:GetRelationalDatabaseLogStreams",
"lightsail:GetRelationalDatabaseMetricData",
"lightsail:GetRelationalDatabaseParameters",
"lightsail:GetRelationalDatabaseSnapshot",
"lightsail:GetRelationalDatabaseSnapshots",
"lightsail:GetRelationalDatabases",
"lightsail:GetStaticIp",
"lightsail:GetStaticIps",
"lightsail:Is*",
"logs:Describe*",
"logs:FilterLogEvents",
"logs:Get*",
"logs:ListTagsLogGroup",
"logs:StartQuery",
"logs:StopQuery",
"logs:TestMetricFilter",
"lookoutvision:DescribeDataset",
"lookoutvision:DescribeModel",
"lookoutvision:DescribeProject",
"lookoutvision:ListDatasetEntries",
"lookoutvision:ListModels",
"lookoutvision:ListProjects",
"lookoutvision:ListTagsForResource",
"machinelearning:Describe*",
"machinelearning:Get*",
"mediaconvert:DescribeEndpoints",
"mediaconvert:Get*",
"mediaconvert:List*",
"mediapackage:Describe*",
"mediapackage:List*",
"mediastore:DescribeContainer",
"mediastore:DescribeObject",
"mediastore:GetContainerPolicy",
"mediastore:GetCorsPolicy",
"mediastore:GetLifecyclePolicy",
"mediastore:GetMetricPolicy",
"mediastore:GetObject",
"mediastore:ListContainers",
"mediastore:ListItems",
"mediastore:ListTagsForResource",
"mgh:Describe*",
"mgh:GetHomeRegion",
"mgh:List*",
"mgn:DescribeJobLogItems",
"mgn:DescribeJobs",
"mgn:DescribeReplicationConfigurationTemplates",
"mgn:DescribeSourceServers",
"mgn:GetLaunchConfiguration",
"mgn:GetReplicationConfiguration",
"mobileanalytics:Get*",
"mobilehub:Describe*",
"mobilehub:Export*",
"mobilehub:Generate*",
"mobilehub:Get*",
"mobilehub:List*",
"mobilehub:Validate*",
"mobilehub:Verify*",
"mobiletargeting:Get*",
"mobiletargeting:List*",
"mq:Describe*",
"mq:List*",
"network-firewall:DescribeFirewall",
"network-firewall:DescribeFirewallPolicy",
"network-firewall:DescribeLoggingConfiguration",
"network-firewall:DescribeResourcePolicy",
"network-firewall:DescribeRuleGroup",
"network-firewall:ListFirewallPolicies",
"network-firewall:ListFirewalls",
"network-firewall:ListRuleGroups",
"network-firewall:ListTagsForResource",
"networkmanager:DescribeGlobalNetworks",
"networkmanager:GetConnections",
"networkmanager:GetCustomerGatewayAssociations",
"networkmanager:GetDevices",
"networkmanager:GetLinkAssociations",
"networkmanager:GetLinks",
"networkmanager:GetSites",
"networkmanager:GetTransitGatewayConnectPeerAssociations",
"networkmanager:GetTransitGatewayRegistrations",
"opsworks-cm:Describe*",
"opsworks-cm:List*",
"opsworks:Describe*",
"opsworks:Get*",
"organizations:Describe*",
"organizations:List*",
"outposts:Get*",
"outposts:List*",
"personalize:Describe*",
"personalize:Get*",
"personalize:List*",
"pi:DescribeDimensionKeys",
"pi:GetResourceMetrics",
"polly:Describe*",
"polly:Get*",
"polly:List*",
"polly:SynthesizeSpeech",
"qldb:DescribeJournalS3Export",
"qldb:DescribeLedger",
"qldb:GetBlock",
"qldb:GetDigest",
"qldb:GetRevision",
"qldb:ListJournalS3Exports",
"qldb:ListJournalS3ExportsForLedger",
"qldb:ListLedgers",
"qldb:ListTagsForResource",
"ram:Get*",
"ram:List*",
"rds:Describe*",
"rds:Download*",
"rds:List*",
"redshift:Describe*",
"redshift:GetReservedNodeExchangeOfferings",
"redshift:View*",
"rekognition:CompareFaces",
"rekognition:Detect*",
"rekognition:List*",
"rekognition:Search*",
"resource-groups:Get*",
"resource-groups:List*",
"resource-groups:Search*",
"robomaker:BatchDescribe*",
"robomaker:Describe*",
"robomaker:Get*",
"robomaker:List*",
"route53:Get*",
"route53:List*",
"route53:Test*",
"route53domains:Check*",
"route53domains:Get*",
"route53domains:List*",
"route53domains:View*",
"route53resolver:Get*",
"route53resolver:List*",
"s3:DescribeJob",
"s3:Get*",
"s3:List*",
"sagemaker:Describe*",
"sagemaker:GetSearchSuggestions",
"sagemaker:List*",
"sagemaker:Search",
"savingsplans:DescribeSavingsPlanRates",
"savingsplans:DescribeSavingsPlans",
"savingsplans:DescribeSavingsPlansOfferingRates",
"savingsplans:DescribeSavingsPlansOfferings",
"savingsplans:ListTagsForResource",
"schemas:Describe*",
"schemas:Get*",
"schemas:List*",
"schemas:Search*",
"sdb:Get*",
"sdb:List*",
"sdb:Select*",
"secretsmanager:Describe*",
"secretsmanager:GetResourcePolicy",
"secretsmanager:List*",
"securityhub:Describe*",
"securityhub:Get*",
"securityhub:List*",
"serverlessrepo:Get*",
"serverlessrepo:List*",
"serverlessrepo:SearchApplications",
"servicecatalog:Describe*",
"servicecatalog:GetApplication",
"servicecatalog:GetAttributeGroup",
"servicecatalog:List*",
"servicecatalog:Scan*",
"servicecatalog:Search*",
"servicediscovery:Get*",
"servicediscovery:List*",
"servicequotas:GetAWSDefaultServiceQuota",
"servicequotas:GetAssociationForServiceQuotaTemplate",
"servicequotas:GetRequestedServiceQuotaChange",
"servicequotas:GetServiceQuota",
"servicequotas:GetServiceQuotaIncreaseRequestFromTemplate",
"servicequotas:ListAWSDefaultServiceQuotas",
"servicequotas:ListRequestedServiceQuotaChangeHistory",
"servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota",
"servicequotas:ListServiceQuotaIncreaseRequestsInTemplate",
"servicequotas:ListServiceQuotas",
"servicequotas:ListServices",
"ses:Describe*",
"ses:Get*",
"ses:List*",
"shield:Describe*",
"shield:Get*",
"shield:List*",
"signer:DescribeSigningJob",
"signer:GetSigningPlatform",
"signer:GetSigningProfile",
"signer:ListProfilePermissions",
"signer:ListSigningJobs",
"signer:ListSigningPlatforms",
"signer:ListSigningProfiles",
"signer:ListTagsForResource",
"snowball:Describe*",
"snowball:Get*",
"snowball:List*",
"sns:Check*",
"sns:Get*",
"sns:List*",
"sqs:Get*",
"sqs:List*",
"sqs:Receive*",
"ssm-contacts:DescribeEngagement",
"ssm-contacts:DescribePage",
"ssm-contacts:GetContact",
"ssm-contacts:GetContactChannel",
"ssm-contacts:ListContactChannels",
"ssm-contacts:ListContacts",
"ssm-contacts:ListEngagements",
"ssm-contacts:ListPageReceipts",
"ssm-contacts:ListPagesByContact",
"ssm-contacts:ListPagesByEngagement",
"ssm-incidents:GetIncidentRecord",
"ssm-incidents:GetReplicationSet",
"ssm-incidents:GetResourcePolicies",
"ssm-incidents:GetResponsePlan",
"ssm-incidents:GetTimelineEvent",
"ssm-incidents:ListIncidentRecords",
"ssm-incidents:ListRelatedItems",
"ssm-incidents:ListReplicationSets",
"ssm-incidents:ListResponsePlans",
"ssm-incidents:ListTagsForResource",
"ssm-incidents:ListTimelineEvents",
"ssm:Describe*",
"ssm:Get*",
"ssm:List*",
"sso-directory:Describe*",
"sso-directory:List*",
"sso-directory:Search*",
"sso:Describe*",
"sso:Get*",
"sso:List*",
"sso:Search*",
"states:Describe*",
"states:GetExecutionHistory",
"states:List*",
"storagegateway:Describe*",
"storagegateway:List*",
"sts:GetAccessKeyInfo",
"sts:GetCallerIdentity",
"sts:GetSessionToken",
"swf:Count*",
"swf:Describe*",
"swf:Get*",
"swf:List*",
"synthetics:Describe*",
"synthetics:Get*",
"synthetics:List*",
"tag:Get*",
"transcribe:Get*",
"transcribe:List*",
"transfer:Describe*",
"transfer:List*",
"transfer:TestIdentityProvider",
"trustedadvisor:Describe*",
"waf-regional:Get*",
"waf-regional:List*",
"waf:Get*",
"waf:List*",
"wafv2:CheckCapacity",
"wafv2:Describe*",
"wafv2:Get*",
"wafv2:List*",
"workdocs:CheckAlias",
"workdocs:Describe*",
"workdocs:Get*",
"worklink:Describe*",
"worklink:List*",
"workmail:Describe*",
"workmail:Get*",
"workmail:List*",
"workmail:Search*",
"workspaces:Describe*",
"xray:BatchGet*",
"xray:Get*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAILL3HVNFSB6DCOWYQ",
"PolicyName": "ReadOnlyAccess",
"UpdateDate": "2021-05-25T23:10:47+00:00",
"VersionId": "v78"
},
"ResourceGroupsandTagEditorFullAccess": {
"Arn": "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:39:53+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"tag:getResources",
"tag:getTagKeys",
"tag:getTagValues",
"tag:TagResources",
"tag:UntagResources",
"resource-groups:*",
"cloudformation:DescribeStacks",
"cloudformation:ListStackResources"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJNOS54ZFXN4T2Y34A",
"PolicyName": "ResourceGroupsandTagEditorFullAccess",
"UpdateDate": "2019-10-02T23:57:57+00:00",
"VersionId": "v5"
},
"ResourceGroupsandTagEditorReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:39:54+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"tag:getResources",
"tag:getTagKeys",
"tag:getTagValues",
"resource-groups:Get*",
"resource-groups:List*",
"resource-groups:Search*",
"cloudformation:DescribeStacks",
"cloudformation:ListStackResources"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJHXQTPI5I5JKAIU74",
"PolicyName": "ResourceGroupsandTagEditorReadOnlyAccess",
"UpdateDate": "2019-03-07T19:43:17+00:00",
"VersionId": "v2"
},
"Route53ResolverServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/Route53ResolverServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-08-12T17:47:24+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"logs:CreateLogDelivery",
"logs:GetLogDelivery",
"logs:UpdateLogDelivery",
"logs:DeleteLogDelivery",
"logs:ListLogDeliveries",
"logs:DescribeResourcePolicies",
"logs:DescribeLogGroups",
"s3:GetBucketPolicy"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4AEMJZANMJ",
"PolicyName": "Route53ResolverServiceRolePolicy",
"UpdateDate": "2020-08-12T17:47:24+00:00",
"VersionId": "v1"
},
"S3StorageLensServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/S3StorageLensServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2020-11-18T18:15:40+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"organizations:DescribeOrganization",
"organizations:ListAccounts",
"organizations:ListAWSServiceAccessForOrganization",
"organizations:ListDelegatedAdministrators"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "AwsOrgsAccess"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4IHOVJESMS",
"PolicyName": "S3StorageLensServiceRolePolicy",
"UpdateDate": "2020-11-18T18:15:40+00:00",
"VersionId": "v1"
},
"SecretsManagerReadWrite": {
"Arn": "arn:aws:iam::aws:policy/SecretsManagerReadWrite",
"AttachmentCount": 0,
"CreateDate": "2018-04-04T18:05:29+00:00",
"DefaultVersionId": "v3",
"Document": {
"Statement": [
{
"Action": [
"secretsmanager:*",
"cloudformation:CreateChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStacks",
"cloudformation:ExecuteChangeSet",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"kms:DescribeKey",
"kms:ListAliases",
"kms:ListKeys",
"lambda:ListFunctions",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"redshift:DescribeClusters",
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"lambda:AddPermission",
"lambda:CreateFunction",
"lambda:GetFunction",
"lambda:InvokeFunction",
"lambda:UpdateFunctionConfiguration"
],
"Effect": "Allow",
"Resource": "arn:aws:lambda:*:*:function:SecretsManager*"
},
{
"Action": [
"serverlessrepo:CreateCloudFormationChangeSet",
"serverlessrepo:GetApplication"
],
"Effect": "Allow",
"Resource": "arn:aws:serverlessrepo:*:*:applications/SecretsManager*"
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::awsserverlessrepo-changesets*",
"arn:aws:s3:::secrets-manager-rotation-apps-*/*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI3VG7CI5BIQZQ6G2E",
"PolicyName": "SecretsManagerReadWrite",
"UpdateDate": "2020-06-24T18:01:22+00:00",
"VersionId": "v3"
},
"SecurityAudit": {
"Arn": "arn:aws:iam::aws:policy/SecurityAudit",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:01+00:00",
"DefaultVersionId": "v35",
"Document": {
"Statement": [
{
"Action": [
"access-analyzer:GetAnalyzedResource",
"access-analyzer:GetAnalyzer",
"access-analyzer:GetArchiveRule",
"access-analyzer:GetFinding",
"access-analyzer:ListAnalyzedResources",
"access-analyzer:ListAnalyzers",
"access-analyzer:ListArchiveRules",
"access-analyzer:ListFindings",
"access-analyzer:ListTagsForResource",
"acm-pca:ListPermissions",
"acm:Describe*",
"acm:List*",
"application-autoscaling:Describe*",
"appmesh:Describe*",
"appmesh:List*",
"appsync:List*",
"athena:GetWorkGroup",
"athena:List*",
"autoscaling-plans:DescribeScalingPlans",
"autoscaling:Describe*",
"batch:DescribeComputeEnvironments",
"batch:DescribeJobDefinitions",
"chime:List*",
"cloud9:Describe*",
"cloud9:ListEnvironments",
"clouddirectory:ListDirectories",
"cloudformation:DescribeStack*",
"cloudformation:GetStackPolicy",
"cloudformation:GetTemplate",
"cloudformation:ListStack*",
"cloudfront:Get*",
"cloudfront:List*",
"cloudhsm:ListHapgs",
"cloudhsm:ListHsms",
"cloudhsm:ListLunaClients",
"cloudsearch:DescribeDomainEndpointOptions",
"cloudsearch:DescribeDomains",
"cloudsearch:DescribeServiceAccessPolicies",
"cloudtrail:DescribeTrails",
"cloudtrail:GetEventSelectors",
"cloudtrail:GetTrailStatus",
"cloudtrail:ListTags",
"cloudtrail:LookupEvents",
"cloudwatch:Describe*",
"cloudwatch:ListTagsForResource",
"codebuild:ListProjects",
"codecommit:BatchGetRepositories",
"codecommit:GetBranch",
"codecommit:GetObjectIdentifier",
"codecommit:GetRepository",
"codecommit:GetRepositoryTriggers",
"codecommit:List*",
"codedeploy:Batch*",
"codedeploy:Get*",
"codedeploy:List*",
"codepipeline:GetJobDetails",
"codepipeline:GetPipeline",
"codepipeline:GetPipelineExecution",
"codepipeline:GetPipelineState",
"codepipeline:ListPipelines",
"codestar:Describe*",
"codestar:List*",
"cognito-identity:ListIdentityPools",
"cognito-idp:DescribeIdentityProvider",
"cognito-idp:DescribeResourceServer",
"cognito-idp:DescribeRiskConfiguration",
"cognito-idp:DescribeUserImportJob",
"cognito-idp:DescribeUserPool",
"cognito-idp:DescribeUserPoolClient",
"cognito-idp:DescribeUserPoolDomain",
"cognito-idp:ListDevices",
"cognito-idp:ListGroups",
"cognito-idp:ListIdentityProviders",
"cognito-idp:ListResourceServers",
"cognito-idp:ListTagsForResource",
"cognito-idp:ListUserImportJobs",
"cognito-idp:ListUserPoolClients",
"cognito-idp:ListUserPools",
"cognito-idp:ListUsers",
"cognito-idp:ListUsersInGroup",
"cognito-sync:Describe*",
"cognito-sync:List*",
"comprehend:Describe*",
"comprehend:List*",
"config:BatchGetAggregateResourceConfig",
"config:BatchGetResourceConfig",
"config:Deliver*",
"config:Describe*",
"config:Get*",
"config:List*",
"datapipeline:DescribeObjects",
"datapipeline:DescribePipelines",
"datapipeline:EvaluateExpression",
"datapipeline:GetPipelineDefinition",
"datapipeline:ListPipelines",
"datapipeline:QueryObjects",
"datapipeline:ValidatePipelineDefinition",
"datasync:Describe*",
"datasync:List*",
"dax:Describe*",
"dax:ListTags",
"detective:GetGraphIngestState",
"detective:ListGraphs",
"detective:ListMembers",
"directconnect:Describe*",
"dms:Describe*",
"dms:ListTagsForResource",
"ds:DescribeDirectories",
"dynamodb:DescribeContinuousBackups",
"dynamodb:DescribeGlobalTable",
"dynamodb:DescribeTable",
"dynamodb:DescribeTimeToLive",
"dynamodb:ListBackups",
"dynamodb:ListGlobalTables",
"dynamodb:ListStreams",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:Describe*",
"ec2:DescribeTransitGatewayAttachments",
"ec2:DescribeTransitGatewayMulticastDomains",
"ec2:DescribeTransitGatewayPeeringAttachments",
"ec2:DescribeTransitGatewayRouteTables",
"ec2:DescribeTransitGatewayVpcAttachments",
"ec2:DescribeTransitGateways",
"ec2:GetManagedPrefixListAssociations",
"ec2:GetManagedPrefixListEntries",
"ec2:GetTransitGatewayAttachmentPropagations",
"ec2:GetTransitGatewayMulticastDomainAssociations",
"ec2:GetTransitGatewayPrefixListReferences",
"ec2:GetTransitGatewayRouteTableAssociations",
"ec2:GetTransitGatewayRouteTablePropagations",
"ecr-public:DescribeImageTags",
"ecr-public:DescribeImages",
"ecr-public:DescribeRegistries",
"ecr-public:DescribeRepositories",
"ecr-public:GetRegistryCatalogData",
"ecr-public:GetRepositoryCatalogData",
"ecr-public:GetRepositoryPolicy",
"ecr:DescribeImageScanFindings",
"ecr:DescribeImages",
"ecr:DescribeRepositories",
"ecr:GetLifecyclePolicy",
"ecr:GetRepositoryPolicy",
"ecr:ListImages",
"ecr:ListTagsForResource",
"ecs:Describe*",
"ecs:List*",
"eks:DescribeCluster",
"eks:DescribeNodeGroup",
"eks:ListClusters",
"eks:ListNodeGroups",
"elasticache:Describe*",
"elasticache:ListTagsForResource",
"elasticbeanstalk:Describe*",
"elasticbeanstalk:DescribeApplications",
"elasticbeanstalk:ListTagsForResource",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:DescribeMountTargetSecurityGroups",
"elasticfilesystem:DescribeMountTargets",
"elasticloadbalancing:Describe*",
"elasticmapreduce:Describe*",
"elasticmapreduce:GetBlockPublicAccessConfiguration",
"elasticmapreduce:ListClusters",
"elasticmapreduce:ListInstances",
"elasticmapreduce:ListSecurityConfigurations",
"es:Describe*",
"es:ListDomainNames",
"es:ListElasticsearchInstanceTypeDetails",
"es:ListElasticsearchVersions",
"es:ListTags",
"events:Describe*",
"events:List*",
"events:TestEventPattern",
"firehose:Describe*",
"firehose:List*",
"fms:ListComplianceStatus",
"fms:ListPolicies",
"fsx:Describe*",
"fsx:List*",
"gamelift:ListBuilds",
"gamelift:ListFleets",
"glacier:DescribeVault",
"glacier:GetVaultAccessPolicy",
"glacier:ListVaults",
"globalaccelerator:Describe*",
"globalaccelerator:List*",
"glue:GetCrawlers",
"glue:GetDataCatalogEncryptionSettings",
"glue:GetDatabases",
"glue:GetDevEndpoints",
"glue:GetJobs",
"greengrass:List*",
"guardduty:DescribePublishingDestination",
"guardduty:Get*",
"guardduty:List*",
"iam:GenerateCredentialReport",
"iam:GenerateServiceLastAccessedDetails",
"iam:Get*",
"iam:List*",
"iam:SimulateCustomPolicy",
"iam:SimulatePrincipalPolicy",
"inspector:Describe*",
"inspector:Get*",
"inspector:List*",
"inspector:Preview*",
"iot:Describe*",
"iot:GetPolicy",
"iot:GetPolicyVersion",
"iot:List*",
"kinesis:DescribeLimits",
"kinesis:DescribeStream",
"kinesis:DescribeStreamConsumer",
"kinesis:DescribeStreamSummary",
"kinesis:ListStreamConsumers",
"kinesis:ListStreams",
"kinesis:ListTagsForStream",
"kinesisanalytics:ListApplications",
"kms:Describe*",
"kms:Get*",
"kms:List*",
"lambda:GetAccountSettings",
"lambda:GetFunctionConfiguration",
"lambda:GetFunctionEventInvokeConfig",
"lambda:GetLayerVersionPolicy",
"lambda:GetPolicy",
"lambda:List*",
"license-manager:List*",
"lightsail:GetInstances",
"lightsail:GetLoadBalancers",
"logs:Describe*",
"logs:ListTagsLogGroup",
"machinelearning:DescribeMLModels",
"mediaconnect:Describe*",
"mediaconnect:List*",
"mediastore:GetContainerPolicy",
"mediastore:ListContainers",
"mq:DescribeBroker",
"mq:DescribeBrokerEngineTypes",
"mq:DescribeBrokerInstanceOptions",
"mq:DescribeConfiguration",
"mq:DescribeConfigurationRevision",
"mq:DescribeUser",
"mq:ListBrokers",
"mq:ListConfigurationRevisions",
"mq:ListConfigurations",
"mq:ListTags",
"mq:ListUsers",
"network-firewall:ListFirewalls",
"opsworks-cm:DescribeServers",
"opsworks:DescribeStacks",
"organizations:Describe*",
"organizations:List*",
"quicksight:Describe*",
"quicksight:List*",
"ram:List*",
"rds:Describe*",
"rds:DownloadDBLogFilePortion",
"rds:ListTagsForResource",
"redshift:Describe*",
"rekognition:Describe*",
"rekognition:List*",
"robomaker:Describe*",
"robomaker:List*",
"route53:Get*",
"route53:List*",
"route53domains:GetDomainDetail",
"route53domains:GetOperationDetail",
"route53domains:ListDomains",
"route53domains:ListOperations",
"route53domains:ListTagsForDomain",
"route53resolver:Get*",
"route53resolver:List*",
"s3:GetAccelerateConfiguration",
"s3:GetAccessPoint",
"s3:GetAccessPointPolicy",
"s3:GetAccessPointPolicyStatus",
"s3:GetAccountPublicAccessBlock",
"s3:GetAnalyticsConfiguration",
"s3:GetBucket*",
"s3:GetEncryptionConfiguration",
"s3:GetInventoryConfiguration",
"s3:GetLifecycleConfiguration",
"s3:GetMetricsConfiguration",
"s3:GetObjectAcl",
"s3:GetObjectVersionAcl",
"s3:GetReplicationConfiguration",
"s3:ListAccessPoints",
"s3:ListAllMyBuckets",
"sagemaker:Describe*",
"sagemaker:List*",
"schemas:DescribeCodeBinding",
"schemas:DescribeDiscoverer",
"schemas:DescribeRegistry",
"schemas:DescribeSchema",
"schemas:ListDiscoverers",
"schemas:ListRegistries",
"schemas:ListSchemaVersions",
"schemas:ListSchemas",
"schemas:ListTagsForResource",
"sdb:DomainMetadata",
"sdb:ListDomains",
"secretsmanager:DescribeSecret",
"secretsmanager:GetResourcePolicy",
"secretsmanager:ListSecretVersionIds",
"secretsmanager:ListSecrets",
"securityhub:Describe*",
"securityhub:Get*",
"securityhub:List*",
"serverlessrepo:GetApplicationPolicy",
"serverlessrepo:List*",
"servicequotas:GetAWSDefaultServiceQuota",
"servicequotas:GetAssociationForServiceQuotaTemplate",
"servicequotas:GetRequestedServiceQuotaChange",
"servicequotas:GetServiceQuota",
"servicequotas:GetServiceQuotaIncreaseRequestFromTemplate",
"servicequotas:ListAWSDefaultServiceQuotas",
"servicequotas:ListRequestedServiceQuotaChangeHistory",
"servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota",
"servicequotas:ListServiceQuotaIncreaseRequestsInTemplate",
"servicequotas:ListServiceQuotas",
"servicequotas:ListServices",
"servicequotas:ListTagsForResource",
"ses:GetIdentityDkimAttributes",
"ses:GetIdentityPolicies",
"ses:GetIdentityVerificationAttributes",
"ses:ListIdentities",
"ses:ListIdentityPolicies",
"ses:ListVerifiedEmailAddresses",
"shield:Describe*",
"shield:List*",
"snowball:ListClusters",
"snowball:ListJobs",
"sns:GetTopicAttributes",
"sns:ListSubscriptions",
"sns:ListSubscriptionsByTopic",
"sns:ListTagsForResource",
"sns:ListTopics",
"sqs:GetQueueAttributes",
"sqs:ListDeadLetterSourceQueues",
"sqs:ListQueueTags",
"sqs:ListQueues",
"ssm:Describe*",
"ssm:GetAutomationExecution",
"ssm:ListAssociationVersions",
"ssm:ListAssociations",
"ssm:ListCommands",
"ssm:ListComplianceItems",
"ssm:ListComplianceSummaries",
"ssm:ListDocumentMetadataHistory",
"ssm:ListDocumentVersions",
"ssm:ListDocuments",
"ssm:ListInventoryEntries",
"ssm:ListOpsMetadata",
"ssm:ListResourceComplianceSummaries",
"ssm:ListResourceDataSync",
"ssm:ListTagsForResource",
"sso:DescribePermissionsPolicies",
"sso:List*",
"states:ListStateMachines",
"storagegateway:DescribeBandwidthRateLimit",
"storagegateway:DescribeCache",
"storagegateway:DescribeCachediSCSIVolumes",
"storagegateway:DescribeGatewayInformation",
"storagegateway:DescribeMaintenanceStartTime",
"storagegateway:DescribeNFSFileShares",
"storagegateway:DescribeSnapshotSchedule",
"storagegateway:DescribeStorediSCSIVolumes",
"storagegateway:DescribeTapeArchives",
"storagegateway:DescribeTapeRecoveryPoints",
"storagegateway:DescribeTapes",
"storagegateway:DescribeUploadBuffer",
"storagegateway:DescribeVTLDevices",
"storagegateway:DescribeWorkingStorage",
"storagegateway:List*",
"support:DescribeTrustedAdvisorCheckRefreshStatuses",
"support:DescribeTrustedAdvisorCheckResult",
"support:DescribeTrustedAdvisorCheckSummaries",
"support:DescribeTrustedAdvisorChecks",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:Describe*",
"transfer:List*",
"translate:List*",
"trustedadvisor:Describe*",
"waf-regional:GetWebACL",
"waf-regional:ListResourcesForWebACL",
"waf-regional:ListTagsForResource",
"waf-regional:ListWebACLs",
"waf:GetWebACL",
"waf:ListTagsForResource",
"waf:ListWebACLs",
"wafv2:GetWebACL",
"wafv2:ListAvailableManagedRuleGroups",
"wafv2:ListIPSets",
"wafv2:ListLoggingConfigurations",
"wafv2:ListRegexPatternSets",
"wafv2:ListResourcesForWebACL",
"wafv2:ListRuleGroups",
"wafv2:ListTagsForResource",
"wafv2:ListWebACLs",
"workdocs:DescribeResourcePermissions",
"workspaces:Describe*",
"xray:GetEncryptionConfig",
"xray:GetGroup",
"xray:GetGroups",
"xray:GetSamplingRules",
"xray:GetSamplingTargets",
"xray:ListTagsForResource"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"apigateway:GET"
],
"Effect": "Allow",
"Resource": [
"arn:aws:apigateway:*::/apis",
"arn:aws:apigateway:*::/apis/*/routes",
"arn:aws:apigateway:*::/apis/*/stages",
"arn:aws:apigateway:*::/apis/*/stages/*",
"arn:aws:apigateway:*::/clientcertificates/*",
"arn:aws:apigateway:*::/restapis",
"arn:aws:apigateway:*::/restapis/*/authorizers",
"arn:aws:apigateway:*::/restapis/*/authorizers/*",
"arn:aws:apigateway:*::/restapis/*/documentation/versions",
"arn:aws:apigateway:*::/restapis/*/resources",
"arn:aws:apigateway:*::/restapis/*/resources/*",
"arn:aws:apigateway:*::/restapis/*/resources/*/methods/*",
"arn:aws:apigateway:*::/restapis/*/stages",
"arn:aws:apigateway:*::/restapis/*/stages/*",
"arn:aws:apigateway:*::/tags/*",
"arn:aws:apigateway:*::/vpclinks"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIX2T3QCXHR2OGGCTO",
"PolicyName": "SecurityAudit",
"UpdateDate": "2021-04-14T20:28:28+00:00",
"VersionId": "v35"
},
"ServerMigrationConnector": {
"Arn": "arn:aws:iam::aws:policy/ServerMigrationConnector",
"AttachmentCount": 0,
"CreateDate": "2016-10-24T21:45:56+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "iam:GetUser",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"sms:SendMessage",
"sms:GetMessages"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutLifecycleConfiguration",
"s3:AbortMultipartUpload",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::sms-b-*",
"arn:aws:s3:::import-to-ec2-*",
"arn:aws:s3:::server-migration-service-upgrade",
"arn:aws:s3:::server-migration-service-upgrade/*",
"arn:aws:s3:::connector-platform-upgrade-info/*",
"arn:aws:s3:::connector-platform-upgrade-info",
"arn:aws:s3:::connector-platform-upgrade-bundles/*",
"arn:aws:s3:::connector-platform-upgrade-bundles",
"arn:aws:s3:::connector-platform-release-notes/*",
"arn:aws:s3:::connector-platform-release-notes"
]
},
{
"Action": "awsconnector:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"SNS:Publish"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:*:*:metrics-sns-topic-for-*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJKZRWXIPK5HSG3QDQ",
"PolicyName": "ServerMigrationConnector",
"UpdateDate": "2016-10-24T21:45:56+00:00",
"VersionId": "v1"
},
"ServerMigrationServiceConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/ServerMigrationServiceConsoleFullAccess",
"AttachmentCount": 0,
"CreateDate": "2020-05-09T17:18:57+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"sms:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudformation:ListStacks",
"cloudformation:DescribeStacks",
"cloudformation:DescribeStackResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "s3:ListAllMyBuckets",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "s3:GetObject",
"Effect": "Allow",
"Resource": "arn:aws:s3:::sms-app-*/*"
},
{
"Action": [
"ec2:DescribeKeyPairs",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "sms.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:GetInstanceProfile",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4IIEMRGEYB",
"PolicyName": "ServerMigrationServiceConsoleFullAccess",
"UpdateDate": "2020-07-20T22:00:37+00:00",
"VersionId": "v2"
},
"ServerMigrationServiceLaunchRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/ServerMigrationServiceLaunchRole",
"AttachmentCount": 0,
"CreateDate": "2018-11-26T19:53:06+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"ec2:ModifyInstanceAttribute",
"ec2:StopInstances",
"ec2:StartInstances",
"ec2:TerminateInstances"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": [
"ec2:DisassociateIamInstanceProfile",
"ec2:AssociateIamInstanceProfile",
"ec2:ReplaceIamInstanceProfileAssociation"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "ec2.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:RunInstances",
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"applicationinsights:Describe*",
"applicationinsights:List*",
"cloudformation:ListStackResources",
"cloudformation:DescribeStacks"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"applicationinsights:CreateApplication",
"applicationinsights:CreateComponent",
"applicationinsights:UpdateApplication",
"applicationinsights:DeleteApplication",
"applicationinsights:UpdateComponentConfiguration",
"applicationinsights:DeleteComponent"
],
"Effect": "Allow",
"Resource": "arn:aws:applicationinsights:*:*:application/resource-group/sms-app-*"
},
{
"Action": [
"resource-groups:CreateGroup",
"resource-groups:GetGroup",
"resource-groups:UpdateGroup",
"resource-groups:DeleteGroup"
],
"Condition": {
"StringLike": {
"aws:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
}
},
"Effect": "Allow",
"Resource": "arn:aws:resource-groups:*:*:group/sms-app-*"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "application-insights.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/aws-service-role/application-insights.amazonaws.com/AWSServiceRoleForApplicationInsights"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIIIAAMVUCBR2OLXZO",
"PolicyName": "ServerMigrationServiceLaunchRole",
"UpdateDate": "2020-10-15T17:29:00+00:00",
"VersionId": "v4"
},
"ServerMigrationServiceRoleForInstanceValidation": {
"Arn": "arn:aws:iam::aws:policy/service-role/ServerMigrationServiceRoleForInstanceValidation",
"AttachmentCount": 0,
"CreateDate": "2020-07-20T22:25:07+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": "s3:GetObject",
"Effect": "Allow",
"Resource": "arn:aws:s3:::sms-app-*/*"
},
{
"Action": "sms:NotifyAppValidationOutput",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4LJMOLEWUV",
"PolicyName": "ServerMigrationServiceRoleForInstanceValidation",
"UpdateDate": "2020-07-20T22:25:07+00:00",
"VersionId": "v1"
},
"ServerMigration_ServiceRole": {
"Arn": "arn:aws:iam::aws:policy/service-role/ServerMigration_ServiceRole",
"AttachmentCount": 0,
"CreateDate": "2020-08-11T20:41:44+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"cloudformation:CreateChangeSet",
"cloudformation:CreateStack"
],
"Condition": {
"ForAllValues:StringEquals": {
"cloudformation:ResourceTypes": [
"AWS::EC2::Instance",
"AWS::ApplicationInsights::Application",
"AWS::ResourceGroups::Group"
]
},
"Null": {
"cloudformation:ResourceTypes": "false"
}
},
"Effect": "Allow",
"Resource": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
},
{
"Action": [
"cloudformation:DeleteStack",
"cloudformation:ExecuteChangeSet",
"cloudformation:DeleteChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:DescribeStacks",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:GetTemplate"
],
"Effect": "Allow",
"Resource": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
},
{
"Action": [
"cloudformation:ValidateTemplate",
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:DeleteObject",
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutLifecycleConfiguration"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::sms-app-*"
},
{
"Action": [
"sms:CreateReplicationJob",
"sms:DeleteReplicationJob",
"sms:GetReplicationJobs",
"sms:GetReplicationRuns",
"sms:GetServers",
"sms:ImportServerCatalog",
"sms:StartOnDemandReplicationRun",
"sms:UpdateReplicationJob"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ssm:SendCommand",
"Effect": "Allow",
"Resource": [
"arn:aws:ssm:*::document/AWS-RunRemoteScript",
"arn:aws:s3:::sms-app-*"
]
},
{
"Action": "ssm:SendCommand",
"Condition": {
"StringEquals": {
"ssm:resourceTag/UseForSMSApplicationValidation": [
"true"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": [
"ssm:CancelCommand",
"ssm:GetCommandInvocation"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateTags",
"Condition": {
"StringEquals": {
"ec2:CreateAction": "CopySnapshot"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:snapshot/*"
},
{
"Action": "ec2:CopySnapshot",
"Condition": {
"StringLike": {
"aws:RequestTag/SMSJobId": [
"sms-*"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:snapshot/*"
},
{
"Action": [
"ec2:ModifySnapshotAttribute",
"ec2:DeleteSnapshot"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/SMSJobId": [
"sms-*"
]
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:snapshot/*"
},
{
"Action": [
"ec2:CopyImage",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeSnapshots",
"ec2:DescribeSnapshotAttribute",
"ec2:DeregisterImage",
"ec2:ImportImage",
"ec2:DescribeImportImageTasks",
"ec2:GetEbsEncryptionByDefault"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:GetRole",
"iam:GetInstanceProfile"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:DisassociateIamInstanceProfile",
"ec2:AssociateIamInstanceProfile",
"ec2:ReplaceIamInstanceProfileAssociation"
],
"Condition": {
"StringLike": {
"ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
}
},
"Effect": "Allow",
"Resource": "arn:aws:ec2:*:*:instance/*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEquals": {
"iam:PassedToService": "ec2.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:PassRole",
"Condition": {
"StringEqualsIfExists": {
"iam:PassedToService": "cloudformation.amazonaws.com"
},
"StringLike": {
"iam:AssociatedResourceArn": "arn:aws:cloudformation:*:*:stack/sms-app-*/*"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4NKLZNDFDI",
"PolicyName": "ServerMigration_ServiceRole",
"UpdateDate": "2020-10-15T17:26:32+00:00",
"VersionId": "v2"
},
"ServiceQuotasFullAccess": {
"Arn": "arn:aws:iam::aws:policy/ServiceQuotasFullAccess",
"AttachmentCount": 0,
"CreateDate": "2019-06-24T15:44:35+00:00",
"DefaultVersionId": "v4",
"Document": {
"Statement": [
{
"Action": [
"autoscaling:DescribeAccountLimits",
"cloudformation:DescribeAccountLimits",
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:PutMetricAlarm",
"dynamodb:DescribeLimits",
"elasticloadbalancing:DescribeAccountLimits",
"iam:GetAccountSummary",
"kinesis:DescribeLimits",
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
"organizations:ListAWSServiceAccessForOrganization",
"rds:DescribeAccountAttributes",
"route53:GetAccountLimit",
"tag:GetTagKeys",
"tag:GetTagValues",
"servicequotas:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:DeleteAlarms"
],
"Condition": {
"Null": {
"aws:ResourceTag/ServiceQuotaMonitor": "false"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"organizations:EnableAWSServiceAccess"
],
"Condition": {
"StringLike": {
"organizations:ServicePrincipal": [
"servicequotas.amazonaws.com"
]
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"iam:CreateServiceLinkedRole"
],
"Condition": {
"StringEquals": {
"iam:AWSServiceName": "servicequotas.amazonaws.com"
}
},
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4CGHQWENW3",
"PolicyName": "ServiceQuotasFullAccess",
"UpdateDate": "2021-02-04T21:29:43+00:00",
"VersionId": "v4"
},
"ServiceQuotasReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/ServiceQuotasReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2019-06-24T15:31:06+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"autoscaling:DescribeAccountLimits",
"cloudformation:DescribeAccountLimits",
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"dynamodb:DescribeLimits",
"elasticloadbalancing:DescribeAccountLimits",
"iam:GetAccountSummary",
"kinesis:DescribeLimits",
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
"organizations:ListAWSServiceAccessForOrganization",
"rds:DescribeAccountAttributes",
"route53:GetAccountLimit",
"tag:GetTagKeys",
"tag:GetTagValues",
"servicequotas:GetAssociationForServiceQuotaTemplate",
"servicequotas:GetAWSDefaultServiceQuota",
"servicequotas:GetRequestedServiceQuotaChange",
"servicequotas:GetServiceQuota",
"servicequotas:GetServiceQuotaIncreaseRequestFromTemplate",
"servicequotas:ListAWSDefaultServiceQuotas",
"servicequotas:ListRequestedServiceQuotaChangeHistory",
"servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota",
"servicequotas:ListServices",
"servicequotas:ListServiceQuotas",
"servicequotas:ListServiceQuotaIncreaseRequestsInTemplate",
"servicequotas:ListTagsForResource"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4ITU2HGGUJ",
"PolicyName": "ServiceQuotasReadOnlyAccess",
"UpdateDate": "2020-12-21T18:11:57+00:00",
"VersionId": "v2"
},
"ServiceQuotasServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/ServiceQuotasServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-05-22T20:44:17+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"support:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4FCG7EVJIR",
"PolicyName": "ServiceQuotasServiceRolePolicy",
"UpdateDate": "2019-06-24T14:52:56+00:00",
"VersionId": "v2"
},
"SimpleWorkflowFullAccess": {
"Arn": "arn:aws:iam::aws:policy/SimpleWorkflowFullAccess",
"AttachmentCount": 0,
"CreateDate": "2015-02-06T18:41:04+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"swf:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIFE3AV6VE7EANYBVM",
"PolicyName": "SimpleWorkflowFullAccess",
"UpdateDate": "2015-02-06T18:41:04+00:00",
"VersionId": "v1"
},
"SupportUser": {
"Arn": "arn:aws:iam::aws:policy/job-function/SupportUser",
"AttachmentCount": 0,
"CreateDate": "2016-11-10T17:21:53+00:00",
"DefaultVersionId": "v5",
"Document": {
"Statement": [
{
"Action": [
"support:*",
"acm:DescribeCertificate",
"acm:GetCertificate",
"acm:List*",
"acm-pca:DescribeCertificateAuthority",
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"autoscaling:Describe*",
"aws-marketplace:ViewSubscriptions",
"cloudformation:Describe*",
"cloudformation:Get*",
"cloudformation:List*",
"cloudformation:EstimateTemplateCost",
"cloudfront:Get*",
"cloudfront:List*",
"cloudsearch:Describe*",
"cloudsearch:List*",
"cloudtrail:DescribeTrails",
"cloudtrail:GetTrailStatus",
"cloudtrail:LookupEvents",
"cloudtrail:ListTags",
"cloudtrail:ListPublicKeys",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"codecommit:BatchGetRepositories",
"codecommit:Get*",
"codecommit:List*",
"codedeploy:Batch*",
"codedeploy:Get*",
"codedeploy:List*",
"codepipeline:AcknowledgeJob",
"codepipeline:AcknowledgeThirdPartyJob",
"codepipeline:ListActionTypes",
"codepipeline:ListPipelines",
"codepipeline:PollForJobs",
"codepipeline:PollForThirdPartyJobs",
"codepipeline:GetPipelineState",
"codepipeline:GetPipeline",
"cognito-identity:List*",
"cognito-identity:LookupDeveloperIdentity",
"cognito-identity:Describe*",
"cognito-idp:Describe*",
"cognito-idp:List*",
"cognito-sync:Describe*",
"cognito-sync:GetBulkPublishDetails",
"cognito-sync:GetCognitoEvents",
"cognito-sync:GetIdentityPoolConfiguration",
"cognito-sync:List*",
"config:DescribeConfigurationRecorders",
"config:DescribeConfigurationRecorderStatus",
"config:DescribeConfigRuleEvaluationStatus",
"config:DescribeConfigRules",
"config:DescribeDeliveryChannels",
"config:DescribeDeliveryChannelStatus",
"config:GetResourceConfigHistory",
"config:ListDiscoveredResources",
"datapipeline:DescribeObjects",
"datapipeline:DescribePipelines",
"datapipeline:GetPipelineDefinition",
"datapipeline:ListPipelines",
"datapipeline:QueryObjects",
"datapipeline:ReportTaskProgress",
"datapipeline:ReportTaskRunnerHeartbeat",
"devicefarm:List*",
"devicefarm:Get*",
"directconnect:Describe*",
"discovery:Describe*",
"discovery:ListConfigurations",
"dms:Describe*",
"dms:List*",
"ds:DescribeDirectories",
"ds:DescribeSnapshots",
"ds:GetDirectoryLimits",
"ds:GetSnapshotLimits",
"ds:ListAuthorizedApplications",
"dynamodb:DescribeLimits",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"ec2:Describe*",
"ec2:DescribeHosts",
"ec2:describeIdentityIdFormat",
"ec2:DescribeIdFormat",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeNatGateways",
"ec2:DescribeReservedInstancesModifications",
"ec2:DescribeTags",
"ecr:GetRepositoryPolicy",
"ecr:BatchCheckLayerAvailability",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecs:Describe*",
"ecs:List*",
"elasticache:Describe*",
"elasticache:List*",
"elasticbeanstalk:Check*",
"elasticbeanstalk:Describe*",
"elasticbeanstalk:List*",
"elasticbeanstalk:RequestEnvironmentInfo",
"elasticbeanstalk:RetrieveEnvironmentInfo",
"elasticbeanstalk:ValidateConfigurationSettings",
"elasticfilesystem:Describe*",
"elasticloadbalancing:Describe*",
"elasticmapreduce:Describe*",
"elasticmapreduce:List*",
"elastictranscoder:List*",
"elastictranscoder:ReadJob",
"elasticfilesystem:DescribeFileSystems",
"es:Describe*",
"es:List*",
"es:ESHttpGet",
"es:ESHttpHead",
"events:DescribeRule",
"events:List*",
"events:TestEventPattern",
"firehose:Describe*",
"firehose:List*",
"gamelift:List*",
"gamelift:Describe*",
"glacier:ListVaults",
"glacier:DescribeVault",
"glacier:DescribeJob",
"glacier:Get*",
"glacier:List*",
"iam:GenerateCredentialReport",
"iam:GenerateServiceLastAccessedDetails",
"iam:Get*",
"iam:List*",
"importexport:GetStatus",
"importexport:ListJobs",
"inspector:Describe*",
"inspector:List*",
"iot:Describe*",
"iot:Get*",
"iot:List*",
"kinesisanalytics:DescribeApplication",
"kinesisanalytics:DiscoverInputSchema",
"kinesisanalytics:GetApplicationState",
"kinesisanalytics:ListApplications",
"kinesis:Describe*",
"kinesis:Get*",
"kinesis:List*",
"kms:Describe*",
"kms:Get*",
"kms:List*",
"lambda:List*",
"lambda:Get*",
"logs:Describe*",
"logs:TestMetricFilter",
"machinelearning:Describe*",
"machinelearning:Get*",
"mobilehub:GetProject",
"mobilehub:List*",
"mobilehub:ValidateProject",
"mobilehub:VerifyServiceRole",
"opsworks:Describe*",
"rds:Describe*",
"rds:ListTagsForResource",
"redshift:Describe*",
"route53:Get*",
"route53:List*",
"route53domains:CheckDomainAvailability",
"route53domains:GetDomainDetail",
"route53domains:GetOperationDetail",
"route53domains:List*",
"s3:List*",
"sdb:GetAttributes",
"sdb:List*",
"sdb:Select*",
"servicecatalog:SearchProducts",
"servicecatalog:DescribeProduct",
"servicecatalog:DescribeProductView",
"servicecatalog:ListLaunchPaths",
"servicecatalog:DescribeProvisioningParameters",
"servicecatalog:ListRecordHistory",
"servicecatalog:DescribeRecord",
"servicecatalog:ScanProvisionedProducts",
"ses:Get*",
"ses:List*",
"sns:Get*",
"sns:List*",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
"sqs:ListQueues",
"sqs:ReceiveMessage",
"ssm:List*",
"ssm:Describe*",
"storagegateway:Describe*",
"storagegateway:List*",
"swf:Count*",
"swf:Describe*",
"swf:Get*",
"swf:List*",
"waf:Get*",
"waf:List*",
"workspaces:Describe*",
"workdocs:Describe*",
"workmail:Describe*",
"workmail:Get*",
"workspaces:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/job-function/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAI3V4GSSN5SJY3P2RO",
"PolicyName": "SupportUser",
"UpdateDate": "2021-06-11T19:46:10+00:00",
"VersionId": "v5"
},
"SystemAdministrator": {
"Arn": "arn:aws:iam::aws:policy/job-function/SystemAdministrator",
"AttachmentCount": 0,
"CreateDate": "2016-11-10T17:23:56+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"acm:Describe*",
"acm:Get*",
"acm:List*",
"acm:Request*",
"acm:Resend*",
"autoscaling:*",
"cloudtrail:DescribeTrails",
"cloudtrail:GetTrailStatus",
"cloudtrail:ListPublicKeys",
"cloudtrail:ListTags",
"cloudtrail:LookupEvents",
"cloudtrail:StartLogging",
"cloudtrail:StopLogging",
"cloudwatch:*",
"codecommit:BatchGetRepositories",
"codecommit:CreateBranch",
"codecommit:CreateRepository",
"codecommit:Get*",
"codecommit:GitPull",
"codecommit:GitPush",
"codecommit:List*",
"codecommit:Put*",
"codecommit:Test*",
"codecommit:Update*",
"codedeploy:*",
"codepipeline:*",
"config:*",
"ds:*",
"ec2:Allocate*",
"ec2:AssignPrivateIpAddresses*",
"ec2:Associate*",
"ec2:Allocate*",
"ec2:AttachInternetGateway",
"ec2:AttachNetworkInterface",
"ec2:AttachVpnGateway",
"ec2:Bundle*",
"ec2:Cancel*",
"ec2:Copy*",
"ec2:CreateCustomerGateway",
"ec2:CreateDhcpOptions",
"ec2:CreateFlowLogs",
"ec2:CreateImage",
"ec2:CreateInstanceExportTask",
"ec2:CreateInternetGateway",
"ec2:CreateKeyPair",
"ec2:CreateLaunchTemplate",
"ec2:CreateLaunchTemplateVersion",
"ec2:CreateNatGateway",
"ec2:CreateNetworkInterface",
"ec2:CreatePlacementGroup",
"ec2:CreateReservedInstancesListing",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSecurityGroup",
"ec2:CreateSnapshot",
"ec2:CreateSpotDatafeedSubscription",
"ec2:CreateSubnet",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:CreateVpc",
"ec2:CreateVpcEndpoint",
"ec2:CreateVpnConnection",
"ec2:CreateVpnConnectionRoute",
"ec2:CreateVpnGateway",
"ec2:DeleteFlowLogs",
"ec2:DeleteKeyPair",
"ec2:DeleteLaunchTemplate",
"ec2:DeleteLaunchTemplateVersions",
"ec2:DeleteNatGateway",
"ec2:DeleteNetworkInterface",
"ec2:DeletePlacementGroup",
"ec2:DeleteSnapshot",
"ec2:DeleteSpotDatafeedSubscription",
"ec2:DeleteSubnet",
"ec2:DeleteTags",
"ec2:DeleteVpc",
"ec2:DeleteVpcEndpoints",
"ec2:DeleteVpnConnection",
"ec2:DeleteVpnConnectionRoute",
"ec2:DeleteVpnGateway",
"ec2:DeregisterImage",
"ec2:Describe*",
"ec2:DetachInternetGateway",
"ec2:DetachNetworkInterface",
"ec2:DetachVpnGateway",
"ec2:DisableVgwRoutePropagation",
"ec2:DisableVpcClassicLinkDnsSupport",
"ec2:DisassociateAddress",
"ec2:DisassociateRouteTable",
"ec2:EnableVgwRoutePropagation",
"ec2:EnableVolumeIO",
"ec2:EnableVpcClassicLinkDnsSupport",
"ec2:GetConsoleOutput",
"ec2:GetHostReservationPurchasePreview",
"ec2:GetLaunchTemplateData",
"ec2:GetPasswordData",
"ec2:Import*",
"ec2:Modify*",
"ec2:MonitorInstances",
"ec2:MoveAddressToVpc",
"ec2:Purchase*",
"ec2:RegisterImage",
"ec2:Release*",
"ec2:Replace*",
"ec2:ReportInstanceStatus",
"ec2:Request*",
"ec2:Reset*",
"ec2:RestoreAddressToClassic",
"ec2:RunScheduledInstances",
"ec2:UnassignPrivateIpAddresses",
"ec2:UnmonitorInstances",
"ec2:UpdateSecurityGroupRuleDescriptionsEgress",
"ec2:UpdateSecurityGroupRuleDescriptionsIngress",
"elasticloadbalancing:*",
"events:*",
"iam:GetAccount*",
"iam:GetContextKeys*",
"iam:GetCredentialReport",
"iam:ListAccountAliases",
"iam:ListGroups",
"iam:ListOpenIDConnectProviders",
"iam:ListPolicies",
"iam:ListPoliciesGrantingServiceAccess",
"iam:ListRoles",
"iam:ListSAMLProviders",
"iam:ListServerCertificates",
"iam:Simulate*",
"iam:UpdateServerCertificate",
"iam:UpdateSigningCertificate",
"kinesis:ListStreams",
"kinesis:PutRecord",
"kms:CreateAlias",
"kms:CreateKey",
"kms:DeleteAlias",
"kms:Describe*",
"kms:GenerateRandom",
"kms:Get*",
"kms:List*",
"kms:Encrypt",
"kms:ReEncrypt*",
"lambda:Create*",
"lambda:Delete*",
"lambda:Get*",
"lambda:InvokeFunction",
"lambda:List*",
"lambda:PublishVersion",
"lambda:Update*",
"logs:*",
"rds:Describe*",
"rds:ListTagsForResource",
"route53:*",
"route53domains:*",
"ses:*",
"sns:*",
"sqs:*",
"trustedadvisor:*"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:AcceptVpcPeeringConnection",
"ec2:AttachClassicLinkVpc",
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateVpcPeeringConnection",
"ec2:DeleteCustomerGateway",
"ec2:DeleteDhcpOptions",
"ec2:DeleteInternetGateway",
"ec2:DeleteNetworkAcl*",
"ec2:DeleteRoute",
"ec2:DeleteRouteTable",
"ec2:DeleteSecurityGroup",
"ec2:DeleteVolume",
"ec2:DeleteVpcPeeringConnection",
"ec2:DetachClassicLinkVpc",
"ec2:DetachVolume",
"ec2:DisableVpcClassicLink",
"ec2:EnableVpcClassicLink",
"ec2:GetConsoleScreenshot",
"ec2:RebootInstances",
"ec2:RejectVpcPeeringConnection",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "s3:*",
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:GetAccessKeyLastUsed",
"iam:GetGroup*",
"iam:GetInstanceProfile",
"iam:GetLoginProfile",
"iam:GetOpenIDConnectProvider",
"iam:GetPolicy*",
"iam:GetRole*",
"iam:GetSAMLProvider",
"iam:GetSSHPublicKey",
"iam:GetServerCertificate",
"iam:GetServiceLastAccessed*",
"iam:GetUser*",
"iam:ListAccessKeys",
"iam:ListAttached*",
"iam:ListEntitiesForPolicy",
"iam:ListGroupPolicies",
"iam:ListGroupsForUser",
"iam:ListInstanceProfiles*",
"iam:ListMFADevices",
"iam:ListPolicyVersions",
"iam:ListRolePolicies",
"iam:ListSSHPublicKeys",
"iam:ListSigningCertificates",
"iam:ListUserPolicies",
"iam:Upload*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:GetRole",
"iam:ListRoles",
"iam:PassRole"
],
"Effect": "Allow",
"Resource": [
"arn:aws:iam::*:role/rds-monitoring-role",
"arn:aws:iam::*:role/ec2-sysadmin-*",
"arn:aws:iam::*:role/ecr-sysadmin-*",
"arn:aws:iam::*:role/lambda-sysadmin-*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/job-function/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAITJPEZXCYCBXANDSW",
"PolicyName": "SystemAdministrator",
"UpdateDate": "2020-08-24T20:05:29+00:00",
"VersionId": "v6"
},
"TranslateFullAccess": {
"Arn": "arn:aws:iam::aws:policy/TranslateFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-27T23:36:20+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"translate:*",
"comprehend:DetectDominantLanguage",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:GetBucketLocation",
"iam:ListRoles",
"iam:GetRole"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIAPOAEI2VFQYUK5RY",
"PolicyName": "TranslateFullAccess",
"UpdateDate": "2020-01-08T21:22:27+00:00",
"VersionId": "v2"
},
"TranslateReadOnly": {
"Arn": "arn:aws:iam::aws:policy/TranslateReadOnly",
"AttachmentCount": 0,
"CreateDate": "2017-11-29T18:22:00+00:00",
"DefaultVersionId": "v6",
"Document": {
"Statement": [
{
"Action": [
"translate:TranslateText",
"translate:GetTerminology",
"translate:ListTerminologies",
"translate:ListTextTranslationJobs",
"translate:DescribeTextTranslationJob",
"translate:GetParallelData",
"translate:ListParallelData",
"comprehend:DetectDominantLanguage",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJYAMZMTQNWUDJKY2E",
"PolicyName": "TranslateReadOnly",
"UpdateDate": "2020-11-23T17:31:06+00:00",
"VersionId": "v6"
},
"VMImportExportRoleForAWSConnector": {
"Arn": "arn:aws:iam::aws:policy/service-role/VMImportExportRoleForAWSConnector",
"AttachmentCount": 0,
"CreateDate": "2015-09-03T20:48:59+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::import-to-ec2-*"
]
},
{
"Action": [
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJFLQOOJ6F5XNX4LAW",
"PolicyName": "VMImportExportRoleForAWSConnector",
"UpdateDate": "2015-09-03T20:48:59+00:00",
"VersionId": "v1"
},
"ViewOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2016-11-10T17:20:15+00:00",
"DefaultVersionId": "v11",
"Document": {
"Statement": [
{
"Action": [
"acm:ListCertificates",
"athena:List*",
"aws-marketplace:ViewSubscriptions",
"autoscaling:Describe*",
"batch:ListJobs",
"clouddirectory:ListAppliedSchemaArns",
"clouddirectory:ListDevelopmentSchemaArns",
"clouddirectory:ListDirectories",
"clouddirectory:ListPublishedSchemaArns",
"cloudformation:List*",
"cloudformation:DescribeStacks",
"cloudfront:List*",
"cloudhsm:ListAvailableZones",
"cloudhsm:ListLunaClients",
"cloudhsm:ListHapgs",
"cloudhsm:ListHsms",
"cloudsearch:List*",
"cloudsearch:DescribeDomains",
"cloudtrail:DescribeTrails",
"cloudtrail:LookupEvents",
"cloudwatch:List*",
"cloudwatch:Get*",
"codebuild:ListBuilds*",
"codebuild:ListProjects",
"codecommit:List*",
"codedeploy:List*",
"codedeploy:Get*",
"codepipeline:ListPipelines",
"codestar:List*",
"cognito-idp:List*",
"cognito-identity:ListIdentities",
"cognito-identity:ListIdentityPools",
"cognito-sync:ListDatasets",
"connect:List*",
"config:List*",
"config:Describe*",
"datapipeline:ListPipelines",
"datapipeline:DescribePipelines",
"datapipeline:GetAccountLimits",
"dax:DescribeClusters",
"dax:DescribeDefaultParameters",
"dax:DescribeEvents",
"dax:DescribeParameterGroups",
"dax:DescribeParameters",
"dax:DescribeSubnetGroups",
"dax:ListTags",
"devicefarm:List*",
"directconnect:Describe*",
"discovery:List*",
"dms:List*",
"ds:DescribeDirectories",
"dynamodb:DescribeBackup",
"dynamodb:DescribeContinuousBackups",
"dynamodb:DescribeGlobalTable",
"dynamodb:DescribeGlobalTableSettings",
"dynamodb:DescribeLimits",
"dynamodb:DescribeReservedCapacity",
"dynamodb:DescribeReservedCapacityOfferings",
"dynamodb:DescribeStream",
"dynamodb:DescribeTable",
"dynamodb:DescribeTimeToLive",
"dynamodb:ListBackups",
"dynamodb:ListGlobalTables",
"dynamodb:ListStreams",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeBundleTasks",
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeConversionTasks",
"ec2:DescribeCustomerGateways",
"ec2:DescribeDhcpOptions",
"ec2:DescribeExportTasks",
"ec2:DescribeFlowLogs",
"ec2:DescribeHost*",
"ec2:DescribeIdentityIdFormat",
"ec2:DescribeIdFormat",
"ec2:DescribeImage*",
"ec2:DescribeImport*",
"ec2:DescribeInstance*",
"ec2:DescribeInternetGateways",
"ec2:DescribeKeyPairs",
"ec2:DescribeMovingAddresses",
"ec2:DescribeNatGateways",
"ec2:DescribeNetwork*",
"ec2:DescribePlacementGroups",
"ec2:DescribePrefixLists",
"ec2:DescribeRegions",
"ec2:DescribeReserved*",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshot*",
"ec2:DescribeSpot*",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVolume*",
"ec2:DescribeVpc*",
"ec2:DescribeVpnGateways",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecs:List*",
"ecs:Describe*",
"elasticache:Describe*",
"elasticbeanstalk:DescribeApplicationVersions",
"elasticbeanstalk:DescribeApplications",
"elasticbeanstalk:DescribeEnvironments",
"elasticbeanstalk:ListAvailableSolutionStacks",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:List*",
"elastictranscoder:List*",
"es:DescribeElasticsearchDomain",
"es:DescribeElasticsearchDomains",
"es:ListDomainNames",
"events:ListRuleNamesByTarget",
"events:ListRules",
"events:ListTargetsByRule",
"firehose:List*",
"firehose:DescribeDeliveryStream",
"fsx:DescribeFileSystems",
"gamelift:List*",
"glacier:List*",
"greengrass:List*",
"iam:List*",
"iam:GetAccountSummary",
"iam:GetLoginProfile",
"importexport:ListJobs",
"inspector:List*",
"iot:List*",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kms:ListKeys",
"lambda:List*",
"lex:GetBotAliases",
"lex:GetBotChannelAssociations",
"lex:GetBots",
"lex:GetBotVersions",
"lex:GetIntents",
"lex:GetIntentVersions",
"lex:GetSlotTypes",
"lex:GetSlotTypeVersions",
"lex:GetUtterancesView",
"lightsail:GetBlueprints",
"lightsail:GetBundles",
"lightsail:GetInstances",
"lightsail:GetInstanceSnapshots",
"lightsail:GetKeyPair",
"lightsail:GetRegions",
"lightsail:GetStaticIps",
"lightsail:IsVpcPeered",
"logs:Describe*",
"machinelearning:Describe*",
"mobilehub:ListAvailableFeatures",
"mobilehub:ListAvailableRegions",
"mobilehub:ListProjects",
"opsworks:Describe*",
"opsworks-cm:Describe*",
"organizations:List*",
"outposts:GetOutpost",
"outposts:GetOutpostInstanceTypes",
"outposts:ListOutposts",
"outposts:ListSites",
"outposts:ListTagsForResource",
"mobiletargeting:GetApplicationSettings",
"mobiletargeting:GetCampaigns",
"mobiletargeting:GetImportJobs",
"mobiletargeting:GetSegments",
"polly:Describe*",
"polly:List*",
"rds:Describe*",
"redshift:DescribeClusters",
"redshift:DescribeEvents",
"redshift:ViewQueriesInConsole",
"route53:List*",
"route53:Get*",
"route53domains:List*",
"route53resolver:Get*",
"route53resolver:List*",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"sagemaker:Describe*",
"sagemaker:List*",
"sdb:List*",
"servicecatalog:List*",
"ses:List*",
"shield:List*",
"states:ListActivities",
"states:ListStateMachines",
"sns:List*",
"sqs:ListQueues",
"ssm:ListAssociations",
"ssm:ListDocuments",
"storagegateway:ListGateways",
"storagegateway:ListLocalDisks",
"storagegateway:ListVolumeRecoveryPoints",
"storagegateway:ListVolumes",
"swf:List*",
"trustedadvisor:Describe*",
"waf:List*",
"waf-regional:List*",
"wafv2:List*",
"workdocs:DescribeAvailableDirectories",
"workdocs:DescribeInstances",
"workmail:Describe*",
"workspaces:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/job-function/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAID22R6XPJATWOFDK6",
"PolicyName": "ViewOnlyAccess",
"UpdateDate": "2021-06-11T19:27:03+00:00",
"VersionId": "v11"
},
"WAFLoggingServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/WAFLoggingServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-08-24T21:05:47+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"firehose:PutRecord",
"firehose:PutRecordBatch"
],
"Effect": "Allow",
"Resource": [
"arn:aws:firehose:*:*:deliverystream/aws-waf-logs-*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJZ7N545GUNUHNTYOM",
"PolicyName": "WAFLoggingServiceRolePolicy",
"UpdateDate": "2018-08-24T21:05:47+00:00",
"VersionId": "v1"
},
"WAFRegionalLoggingServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/WAFRegionalLoggingServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2018-08-24T18:40:55+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"firehose:PutRecord",
"firehose:PutRecordBatch"
],
"Effect": "Allow",
"Resource": [
"arn:aws:firehose:*:*:deliverystream/aws-waf-logs-*"
]
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJE43HAZMEH4CI6SU2",
"PolicyName": "WAFRegionalLoggingServiceRolePolicy",
"UpdateDate": "2018-08-24T18:40:55+00:00",
"VersionId": "v1"
},
"WAFV2LoggingServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/aws-service-role/WAFV2LoggingServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-11-07T00:40:56+00:00",
"DefaultVersionId": "v2",
"Document": {
"Statement": [
{
"Action": [
"firehose:PutRecord",
"firehose:PutRecordBatch"
],
"Effect": "Allow",
"Resource": [
"arn:aws:firehose:*:*:deliverystream/aws-waf-logs-*"
]
},
{
"Action": "organizations:DescribeOrganization",
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/aws-service-role/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAZKAPJZG4AHQ3ASNCX",
"PolicyName": "WAFV2LoggingServiceRolePolicy",
"UpdateDate": "2020-07-23T17:04:25+00:00",
"VersionId": "v2"
},
"WellArchitectedConsoleFullAccess": {
"Arn": "arn:aws:iam::aws:policy/WellArchitectedConsoleFullAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-29T18:19:23+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"wellarchitected:*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIH6HSBHM3VSYC5SKA",
"PolicyName": "WellArchitectedConsoleFullAccess",
"UpdateDate": "2018-11-29T18:19:23+00:00",
"VersionId": "v1"
},
"WellArchitectedConsoleReadOnlyAccess": {
"Arn": "arn:aws:iam::aws:policy/WellArchitectedConsoleReadOnlyAccess",
"AttachmentCount": 0,
"CreateDate": "2018-11-29T18:21:08+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"wellarchitected:Get*",
"wellarchitected:List*"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAIUTK35NDTYF6T2GFY",
"PolicyName": "WellArchitectedConsoleReadOnlyAccess",
"UpdateDate": "2018-11-29T18:21:08+00:00",
"VersionId": "v1"
},
"WorkLinkServiceRolePolicy": {
"Arn": "arn:aws:iam::aws:policy/WorkLinkServiceRolePolicy",
"AttachmentCount": 0,
"CreateDate": "2019-01-23T19:03:45+00:00",
"DefaultVersionId": "v1",
"Document": {
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:CreateNetworkInterfacePermission",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DeleteNetworkInterface"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"kinesis:PutRecord",
"kinesis:PutRecords"
],
"Effect": "Allow",
"Resource": "arn:aws:kinesis:*:*:stream/AmazonWorkLink-*"
}
],
"Version": "2012-10-17"
},
"IsAttachable": true,
"IsDefaultVersion": true,
"Path": "/",
"PermissionsBoundaryUsageCount": 0,
"PolicyId": "ANPAJ6JTE3DI5JOULLNLS",
"PolicyName": "WorkLinkServiceRolePolicy",
"UpdateDate": "2019-01-23T19:03:45+00:00",
"VersionId": "v1"
}
}"""
Reference in New Issue View Git Blame Copy Permalink