{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "sts",
"Effect": "Allow",
"Action": [
"sts:GetCallerIdentity"
],
"Resource": "*"
},
{
"Sid": "route53",
"Effect": "Allow",
"Action": [
"route53:DeleteHostedZone",
"route53:GetChange",
"route53:ListResourceRecordSets",
"route53:ChangeResourceRecordSets",
"route53:GetHostedZone",
"route53:ListHostedZones",
"route53:CreateHostedZone",
"route53:ChangeTagsForResource",
"route53:ListTagsForResource"
],
"Resource": "*"
},
{
"Sid": "cert",
"Effect": "Allow",
"Action": [
"acm:DeleteCertificate",
"acm:DescribeCertificate",
"acm:RequestCertificate",
"acm:AddTagsToCertificate",
"acm:ListTagsForCertificate",
"acm:RemoveTagsFromCertificate"
],
"Resource": "arn:aws:acm:*:123456789012:certificate/*"
},
{
"Sid": "elb",
"Effect": "Allow",
"Action": [
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:CreateLoadBalancerListeners",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:DeleteLoadBalancerListeners",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:RemoveTags"
],
"Resource": "*"
},
{
"Sid": "eks",
"Effect": "Allow",
"Action": [
"eks:DescribeCluster",
"eks:DeleteCluster",
"eks:DescribeNodegroup",
"eks:DescribeAddon",
"eks:DeleteNodegroup",
"eks:DeleteAddon",
"eks:CreateAddon",
"eks:CreateNodegroup",
"eks:CreateCluster",
"eks:TagResource",
"eks:UntagResource",
"eks:ListTagsForResource",
"eks:CreateAccessEntry",
"eks:DeleteAccessEntry",
"eks:DescribeAddonVersions",
"eks:DescribeAccessEntry",
"eks:AssociateAccessPolicy",
"eks:DisassociateAccessPolicy",
"eks:ListAssociatedAccessPolicies",
"eks:ListNodegroups"
],
"Resource": [
"arn:aws:eks:*:123456789012:nodegroup/atlas-*",
"arn:aws:eks:*:123456789012:cluster/atlas-*-cluster",
"arn:aws:eks:*:123456789012:addon/*",
"arn:aws:eks:*:123456789012:access-entry/atlas-*-cluster",
"arn:aws:eks:*:123456789012:access-entry/atlas-*-cluster/*"
]
},
{
"Sid": "eksGlobal",
"Effect": "Allow",
"Action": [
"eks:DescribeAddonVersions"
],
"Resource": "*"
},
{
"Sid": "DynamoDB",
"Effect": "Allow",
"Action": [
"dynamodb:DeleteTable",
"dynamodb:DescribeTimeToLive",
"dynamodb:DescribeTable",
"dynamodb:DescribeContinuousBackups",
"dynamodb:CreateTable",
"dynamodb:TagResource",
"dynamodb:UntagResource",
"dynamodb:ListTagsOfResource",
"dynamodb:PutItem",
"dynamodb:GetItem",
"dynamodb:DeleteItem",
"dynamodb:UpdateItem"
],
"Resource": [
"arn:aws:dynamodb:*:123456789012:table/atl_dc_*_tf_lock"
]
},
{
"Sid": "DynamoDBlistTables",
"Effect": "Allow",
"Action": [
"dynamodb:ListTables"
],
"Resource": [
"arn:aws:dynamodb:*:123456789012:table/*"
]
},
{
"Sid": "s3list",
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": "*"
},
{
"Sid": "s3bucket",
"Effect": "Allow",
"Action": [
"s3:DeleteBucket",
"s3:GetReplicationConfiguration",
"s3:GetLifecycleConfiguration",
"s3:GetEncryptionConfiguration",
"s3:GetBucketWebsite",
"s3:GetBucketVersioning",
"s3:GetBucketRequestPayment",
"s3:GetBucketObjectLockConfiguration",
"s3:GetBucketLogging",
"s3:GetBucketCORS",
"s3:GetBucketAcl",
"s3:PutBucketAcl",
"s3:GetAccelerateConfiguration",
"s3:PutLifecycleConfiguration",
"s3:PutEncryptionConfiguration",
"s3:PutBucketVersioning",
"s3:GetBucketPolicy",
"s3:CreateBucket",
"s3:GetBucketTagging",
"s3:PutBucketTagging",
"s3:PutBucketLogging",
"s3:GetBucketOwnershipControls",
"s3:PutBucketOwnershipControls",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Resource": [
"arn:aws:s3:::atl-dc-*",
"arn:aws:s3:::*-confluence-storage"
]
},
{
"Sid": "s3object",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject",
"s3:GetObjectTagging",
"s3:PutObjectTagging",
"s3:DeleteObjectTagging",
"s3:PutObjectVersionTagging",
"s3:DeleteObjectVersion",
"s3:GetObjectVersionAttributes",
"s3:GetObjectVersion"
],
"Resource": [
"arn:aws:s3:::atl-dc-*/*",
"arn:aws:s3:::*-confluence-storage/*"
]
},
{
"Sid": "AllowGetServiceQuota",
"Effect": "Allow",
"Action": "servicequotas:GetServiceQuota",
"Resource": "*"
}
]
}