{ "Version": "2012-10-17", "Statement": [ { "Sid": "sts", "Effect": "Allow", "Action": [ "sts:GetCallerIdentity" ], "Resource": "*" }, { "Sid": "route53", "Effect": "Allow", "Action": [ "route53:DeleteHostedZone", "route53:GetChange", "route53:ListResourceRecordSets", "route53:ChangeResourceRecordSets", "route53:GetHostedZone", "route53:ListHostedZones", "route53:CreateHostedZone", "route53:ChangeTagsForResource", "route53:ListTagsForResource" ], "Resource": "*" }, { "Sid": "cert", "Effect": "Allow", "Action": [ "acm:DeleteCertificate", "acm:DescribeCertificate", "acm:RequestCertificate", "acm:AddTagsToCertificate", "acm:ListTagsForCertificate", "acm:RemoveTagsFromCertificate" ], "Resource": "arn:aws:acm:*:123456789012:certificate/*" }, { "Sid": "elb", "Effect": "Allow", "Action": [ "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:CreateLoadBalancerListeners", "elasticloadbalancing:DeleteLoadBalancer", "elasticloadbalancing:DeleteLoadBalancerListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:AddTags", "elasticloadbalancing:RemoveTags" ], "Resource": "*" }, { "Sid": "eks", "Effect": "Allow", "Action": [ "eks:DescribeCluster", "eks:DeleteCluster", "eks:DescribeNodegroup", "eks:DescribeAddon", "eks:DeleteNodegroup", "eks:DeleteAddon", "eks:CreateAddon", "eks:CreateNodegroup", "eks:CreateCluster", "eks:TagResource", "eks:UntagResource", "eks:ListTagsForResource", "eks:CreateAccessEntry", "eks:DeleteAccessEntry", "eks:DescribeAddonVersions", "eks:DescribeAccessEntry", "eks:AssociateAccessPolicy", "eks:DisassociateAccessPolicy", "eks:ListAssociatedAccessPolicies", "eks:ListNodegroups" ], "Resource": [ "arn:aws:eks:*:123456789012:nodegroup/atlas-*", "arn:aws:eks:*:123456789012:cluster/atlas-*-cluster", "arn:aws:eks:*:123456789012:addon/*", "arn:aws:eks:*:123456789012:access-entry/atlas-*-cluster", "arn:aws:eks:*:123456789012:access-entry/atlas-*-cluster/*" ] }, { "Sid": "eksGlobal", "Effect": "Allow", "Action": [ "eks:DescribeAddonVersions" ], "Resource": "*" }, { "Sid": "DynamoDB", "Effect": "Allow", "Action": [ "dynamodb:DeleteTable", "dynamodb:DescribeTimeToLive", "dynamodb:DescribeTable", "dynamodb:DescribeContinuousBackups", "dynamodb:CreateTable", "dynamodb:TagResource", "dynamodb:UntagResource", "dynamodb:ListTagsOfResource", "dynamodb:PutItem", "dynamodb:GetItem", "dynamodb:DeleteItem", "dynamodb:UpdateItem" ], "Resource": [ "arn:aws:dynamodb:*:123456789012:table/atl_dc_*_tf_lock" ] }, { "Sid": "DynamoDBlistTables", "Effect": "Allow", "Action": [ "dynamodb:ListTables" ], "Resource": [ "arn:aws:dynamodb:*:123456789012:table/*" ] }, { "Sid": "s3list", "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets" ], "Resource": "*" }, { "Sid": "s3bucket", "Effect": "Allow", "Action": [ "s3:DeleteBucket", "s3:GetReplicationConfiguration", "s3:GetLifecycleConfiguration", "s3:GetEncryptionConfiguration", "s3:GetBucketWebsite", "s3:GetBucketVersioning", "s3:GetBucketRequestPayment", "s3:GetBucketObjectLockConfiguration", "s3:GetBucketLogging", "s3:GetBucketCORS", "s3:GetBucketAcl", "s3:PutBucketAcl", "s3:GetAccelerateConfiguration", "s3:PutLifecycleConfiguration", "s3:PutEncryptionConfiguration", "s3:PutBucketVersioning", "s3:GetBucketPolicy", "s3:CreateBucket", "s3:GetBucketTagging", "s3:PutBucketTagging", "s3:PutBucketLogging", "s3:GetBucketOwnershipControls", "s3:PutBucketOwnershipControls", "s3:ListBucket", "s3:ListBucketVersions" ], "Resource": [ "arn:aws:s3:::atl-dc-*", "arn:aws:s3:::*-confluence-storage" ] }, { "Sid": "s3object", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:GetObjectTagging", "s3:PutObjectTagging", "s3:DeleteObjectTagging", "s3:PutObjectVersionTagging", "s3:DeleteObjectVersion", "s3:GetObjectVersionAttributes", "s3:GetObjectVersion" ], "Resource": [ "arn:aws:s3:::atl-dc-*/*", "arn:aws:s3:::*-confluence-storage/*" ] }, { "Sid": "AllowGetServiceQuota", "Effect": "Allow", "Action": "servicequotas:GetServiceQuota", "Resource": "*" } ] }