{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ec2",
"Effect": "Allow",
"Action": [
"ec2:DescribeVpcs",
"ec2:DeleteVpc",
"ec2:DeleteSecurityGroup",
"ec2:RevokeSecurityGroupEgress",
"ec2:DeleteSubnet",
"ec2:DeleteLaunchTemplate",
"ec2:DescribeSecurityGroupRules",
"ec2:DescribeNatGateways",
"ec2:DescribeLaunchTemplates",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribeSubnets",
"ec2:DescribeInternetGateways",
"ec2:DescribeAddresses",
"ec2:DescribeVpcAttribute",
"ec2:DescribeRouteTables",
"ec2:DescribeNetworkAcls",
"ec2:DescribeVpcClassicLinkDnsSupport",
"ec2:DescribeVpcClassicLink",
"ec2:DescribeAvailabilityZones",
"ec2:ReleaseAddress",
"ec2:DisassociateAddress",
"ec2:DeleteInternetGateway",
"ec2:DetachInternetGateway",
"ec2:DisassociateRouteTable",
"ec2:DeleteRouteTable",
"ec2:DeleteNatGateway",
"ec2:DeleteRoute",
"ec2:RunInstances",
"ec2:CreateRoute",
"ec2:CreateNatGateway",
"ec2:AssociateRouteTable",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:ModifySubnetAttribute",
"ec2:CreateSubnet",
"ec2:CreateRouteTable",
"ec2:CreateInternetGateway",
"ec2:AttachInternetGateway",
"ec2:ModifyVpcAttribute",
"ec2:CreateVpc",
"ec2:CreateLaunchTemplate",
"ec2:AllocateAddress",
"ec2:DeleteTags",
"ec2:DescribeTags",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DescribeVolumes",
"ec2:DeleteVolume",
"ec2:DescribeSnapshots",
"ec2:DescribeSecurityGroups",
"ec2:DescribeNetworkInterfaces",
"ec2:RevokeSecurityGroupIngress",
"ec2:DescribeAddressesAttribute",
"ec2:CreateNetworkAclEntry",
"ec2:DeleteNetworkAclEntry",
"ec2:DeleteNetworkInterface"
],
"Resource": "*"
},
{
"Sid": "rds",
"Effect": "Allow",
"Action": [
"rds:CreateDBSubnetGroup",
"rds:DescribeDBSubnetGroups",
"rds:DeleteDBSubnetGroup",
"rds:CreateDBInstance",
"rds:DescribeDBInstances",
"rds:DeleteDBInstance",
"rds:DescribeDBSnapshots",
"rds:RestoreDBInstanceFromDBSnapshot",
"rds:ListTagsForResource",
"rds:AddTagsToResource",
"rds:RemoveTagsFromResource",
"rds:ModifyDBInstance"
],
"Resource": "*"
},
{
"Sid": "autoscaling",
"Effect": "Allow",
"Action": [
"autoscaling:CreateOrUpdateTags",
"autoscaling:DeleteTags",
"autoscaling:DescribeTags",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DeleteAutoScalingGroup"
],
"Resource": "*"
},
{
"Sid": "iamlist",
"Effect": "Allow",
"Action": [
"iam:ListPolicies",
"iam:ListRoles"
],
"Resource": "*"
},
{
"Sid": "iam",
"Effect": "Allow",
"Action": [
"iam:ListRolePolicies",
"iam:ListAttachedRolePolicies",
"iam:DeleteRole",
"iam:ListInstanceProfilesForRole",
"iam:DetachRolePolicy",
"iam:GetRole",
"iam:GetPolicy",
"iam:GetOpenIDConnectProvider",
"iam:DeletePolicy",
"iam:ListPolicyVersions",
"iam:DeleteOpenIDConnectProvider",
"iam:GetPolicyVersion",
"iam:AttachRolePolicy",
"iam:CreateRole",
"iam:CreatePolicy",
"iam:CreateOpenIDConnectProvider",
"iam:PassRole",
"iam:TagRole",
"iam:TagPolicy",
"iam:TagOpenIDConnectProvider",
"iam:UntagRole",
"iam:UntagPolicy",
"iam:UntagOpenIDConnectProvider"
],
"Resource": [
"arn:aws:iam::123456789012:role/*-autoscaler",
"arn:aws:iam::123456789012:role/*-s3-storage-role",
"arn:aws:iam::123456789012:role/atlas-*",
"arn:aws:iam::123456789012:role/*-external-dns",
"arn:aws:iam::123456789012:policy/atlas-*",
"arn:aws:iam::123456789012:policy/cluster-autoscaler*",
"arn:aws:iam::123456789012:policy/*-s3-confluence-storage-policy",
"arn:aws:iam::123456789012:policy/*_ExternalDNS",
"arn:aws:iam::123456789012:oidc-provider/*",
"arn:aws:iam::123456789012:role/aws-service-role/eks-nodegroup.amazonaws.com/AWSServiceRoleForAmazonEKSNodegroup",
"arn:aws:iam::123456789012:policy/policy*"
]
}
]
}