{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": ["apigateway:GET"], "Resource": "*" }, { "Effect": "Allow", "Action": [ "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScaling*", "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "autoscaling:DescribeAutoScaling*", "autoscaling:DescribeInstanceRefreshes", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribePolicies", "autoscaling:DescribeScalingActivities", "autoscaling:CreateAutoScalingGroup", "autoscaling:CreateLaunchConfiguration", "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteLaunchConfiguration", "autoscaling:PutScalingPolicy", "autoscaling:StartInstanceRefresh", "autoscaling:TerminateInstanceInAutoScalingGroup", "autoscaling:UpdateAutoScalingGroup", "autoscaling:DescribeTags" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "cloudwatch:ListMetrics", "cloudtrail:LookupEvents" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "codedeploy:GetApplicationRevision", "codedeploy:GetDeployment*", "codedeploy:CreateDeployment", "codedeploy:RegisterApplicationRevision" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "dynamodb:DescribeGlobalTable*", "dynamodb:DescribeTable*", "dynamodb:ListGlobalTables", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "dynamodb:UpdateTable*", "dynamodb:UpdateGlobalTable*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "dynamodb:BatchGetItem", "dynamodb:GetItem", "dynamodb:Query", "dynamodb:Scan" ], "Resource": [ "arn:aws:dynamodb:*:*:table/SedaiResourceConcurrencyStats", "arn:aws:dynamodb:*:*:table/SedaiTelemetryLogs" ] }, { "Effect": "Allow", "Action": [ "ecs:DescribeC*", "ecs:DescribeServices", "ecs:DescribeTask*", "ecs:ListC*", "ecs:ListServices", "ecs:ListTagsForResource", "ecs:ListTask*", "ecs:CreateCapacityProvider", "ecs:DeleteCapacityProvider", "ecs:DeregisterTaskDefinition", "ecs:PutClusterCapacityProviders", "ecs:RegisterTaskDefinition", "ecs:RunTask", "ecs:StartTask", "ecs:StopTask", "ecs:TagResource", "ecs:UntagResource", "ecs:UpdateCapacityProvider", "ecs:UpdateCluster", "ecs:UpdateContainerInstancesState", "ecs:UpdateService" ], "Resource": ["*"] }, { "Effect": "Allow", "Action": [ "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeInstanceStatus", "ec2:DescribeInstanceType*", "ec2:DescribeInstances", "ec2:DescribeLaunchTemplate*", "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVolumes*", "ec2:DescribeVpcs", "ec2:CreateLaunchTemplate*", "ec2:DeleteLaunchTemplate*", "ec2:DeleteVolume", "ec2:ModifyInstanceAttribute", "ec2:ModifyVolume", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances" ], "Resource": "*" }, { "Effect": "Allow", "Action": ["elasticloadbalancing:AddTags"], "Resource": "*", "Condition": { "StringEquals": { "elasticloadbalancing:CreateAction": [ "CreateTargetGroup", "CreateRule", "CreateListener", "CreateLoadBalancer" ] } } }, { "Effect": "Allow", "Action": [ "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTarget*", "elasticloadbalancing:CreateTargetGroup", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:RegisterTargets" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringLike": { "iam:AWSServiceName": [ "autoscaling.amazonaws.com", "ecs.amazonaws.com", "ecs.application-autoscaling.amazonaws.com", "spot.amazonaws.com", "spotfleet.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": ["iam:ListInstanceProfiles"], "Resource": "*" }, { "Action": "iam:PassRole", "Effect": "Allow", "Resource": "*", "Condition": { "StringLike": { "iam:PassedToService": [ "ec2.amazonaws.com", "ecs.amazonaws.com", "ecs-tasks.amazonaws.com", "application-autoscaling.amazonaws.com", "elasticloadbalancing.amazonaws.com", "autoscaling.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "lambda:GetAccountSettings", "lambda:GetAlias", "lambda:GetFunction*", "lambda:GetLayerVersion", "lambda:GetPolicy", "lambda:GetProvisionedConcurrencyConfig", "lambda:ListAliases", "lambda:ListFunctions", "lambda:ListProvisionedConcurrencyConfigs", "lambda:ListTags", "lambda:ListVersionsByFunction", "lambda:CreateAlias", "lambda:DeleteAlias", "lambda:DeleteProvisionedConcurrencyConfig", "lambda:PublishVersion", "lambda:PutFunctionConcurrency", "lambda:PutProvisionedConcurrencyConfig", "lambda:UpdateAlias", "lambda:UpdateFunctionConfiguration" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "logs:DescribeLogGroups", "logs:FilterLogEvents", "logs:GetLogEvents", "logs:GetQueryResults", "logs:StartQuery", "logs:StopQuery", "logs:TestMetricFilter" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "rds:DescribeDBClusters", "rds:DescribeDBInstances", "rds:DescribeEvents", "rds:ModifyDBCluster", "rds:ModifyDBInstance" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:GetBucketTagging", "s3:GetIntelligentTieringConfiguration", "s3:GetLifecycleConfiguration", "s3:GetMetricsConfiguration", "s3:ListAllMyBuckets", "s3:PutIntelligentTieringConfiguration", "s3:PutLifecycleConfiguration", "s3:PutMetricsConfiguration" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:DescribeKey" ], "Resource": "*" }, { "Effect": "Allow", "Action": ["tag:GetResources"], "Resource": "*" } ] }