{ "Version": "2012-10-17", "Statement": [ { "Sid": "ec2", "Effect": "Allow", "Action": [ "ec2:DescribeVpcs", "ec2:DeleteVpc", "ec2:DeleteSecurityGroup", "ec2:RevokeSecurityGroupEgress", "ec2:DeleteSubnet", "ec2:DeleteLaunchTemplate", "ec2:DescribeSecurityGroupRules", "ec2:DescribeNatGateways", "ec2:DescribeLaunchTemplates", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeSubnets", "ec2:DescribeInternetGateways", "ec2:DescribeAddresses", "ec2:DescribeVpcAttribute", "ec2:DescribeRouteTables", "ec2:DescribeNetworkAcls", "ec2:DescribeVpcClassicLinkDnsSupport", "ec2:DescribeVpcClassicLink", "ec2:DescribeAvailabilityZones", "ec2:ReleaseAddress", "ec2:DisassociateAddress", "ec2:DeleteInternetGateway", "ec2:DetachInternetGateway", "ec2:DisassociateRouteTable", "ec2:DeleteRouteTable", "ec2:DeleteNatGateway", "ec2:DeleteRoute", "ec2:RunInstances", "ec2:CreateRoute", "ec2:CreateNatGateway", "ec2:AssociateRouteTable", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateSecurityGroup", "ec2:ModifySubnetAttribute", "ec2:CreateSubnet", "ec2:CreateRouteTable", "ec2:CreateInternetGateway", "ec2:AttachInternetGateway", "ec2:ModifyVpcAttribute", "ec2:CreateVpc", "ec2:CreateLaunchTemplate", "ec2:AllocateAddress", "ec2:DeleteTags", "ec2:DescribeTags", "ec2:CreateTags", "ec2:CreateVolume", "ec2:DescribeVolumes", "ec2:DeleteVolume", "ec2:DescribeSnapshots", "ec2:DescribeSecurityGroups", "ec2:DescribeNetworkInterfaces", "ec2:RevokeSecurityGroupIngress", "ec2:DescribeAddressesAttribute", "ec2:CreateNetworkAclEntry", "ec2:DeleteNetworkAclEntry", "ec2:DeleteNetworkInterface" ], "Resource": "*" }, { "Sid": "rds", "Effect": "Allow", "Action": [ "rds:CreateDBSubnetGroup", "rds:DescribeDBSubnetGroups", "rds:DeleteDBSubnetGroup", "rds:CreateDBInstance", "rds:DescribeDBInstances", "rds:DeleteDBInstance", "rds:DescribeDBSnapshots", "rds:RestoreDBInstanceFromDBSnapshot", "rds:ListTagsForResource", "rds:AddTagsToResource", "rds:RemoveTagsFromResource", "rds:ModifyDBInstance" ], "Resource": "*" }, { "Sid": "autoscaling", "Effect": "Allow", "Action": [ "autoscaling:CreateOrUpdateTags", "autoscaling:DeleteTags", "autoscaling:DescribeTags", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DeleteAutoScalingGroup" ], "Resource": "*" }, { "Sid": "iamlist", "Effect": "Allow", "Action": [ "iam:ListPolicies", "iam:ListRoles" ], "Resource": "*" }, { "Sid": "iam", "Effect": "Allow", "Action": [ "iam:ListRolePolicies", "iam:ListAttachedRolePolicies", "iam:DeleteRole", "iam:ListInstanceProfilesForRole", "iam:DetachRolePolicy", "iam:GetRole", "iam:GetPolicy", "iam:GetOpenIDConnectProvider", "iam:DeletePolicy", "iam:ListPolicyVersions", "iam:DeleteOpenIDConnectProvider", "iam:GetPolicyVersion", "iam:AttachRolePolicy", "iam:CreateRole", "iam:CreatePolicy", "iam:CreateOpenIDConnectProvider", "iam:PassRole", "iam:TagRole", "iam:TagPolicy", "iam:TagOpenIDConnectProvider", "iam:UntagRole", "iam:UntagPolicy", "iam:UntagOpenIDConnectProvider" ], "Resource": [ "arn:aws:iam::123456789012:role/*-autoscaler", "arn:aws:iam::123456789012:role/*-s3-storage-role", "arn:aws:iam::123456789012:role/atlas-*", "arn:aws:iam::123456789012:role/*-external-dns", "arn:aws:iam::123456789012:policy/cluster-autoscaler*", "arn:aws:iam::123456789012:policy/*-s3-confluence-storage-policy", "arn:aws:iam::123456789012:policy/*_ExternalDNS", "arn:aws:iam::123456789012:oidc-provider/*", "arn:aws:iam::123456789012:role/aws-service-role/eks-nodegroup.amazonaws.com/AWSServiceRoleForAmazonEKSNodegroup", "arn:aws:iam::123456789012:policy/policy*" ] } ] }