{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": [
"arn:aws:iam::*:role/dms-vpc-role",
"arn:aws:iam::*:role/DataClassificationPipelineGlueJobRole",
"arn:aws:iam::*:role/DataClassificationPipelineStartGlueWorkflowLambdaRole",
"arn:aws:iam::*:role/DataClassificationPipelineCreateGlueScriptLambdaRole",
"arn:aws:iam::*:role/DataClassificationPipelineKinesisRole",
"arn:aws:iam::*:role/DataClassificationPipelineCloudWatchRole",
"arn:aws:iam::*:role/DataClassificationPipelineRDSLoaderRole"
]
},
{
"Effect": "Allow",
"Action": "iam:CreateServiceLinkedRole",
"Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS"
},
{
"Effect": "Allow",
"Action": "ssm:GetParameters",
"Resource": "arn:aws:ssm:*:*:parameter/*"
},
{
"Effect": "Allow",
"Resource": "*",
"Action": [
"cloudformation:*Stack*",
"cloudformation:*ChangeSet*",
"cloudformation:*Template*",
"cloudformation:CreateUploadBucket",
"dms:*Endpoint*",
"dms:*ReplicationInstance*",
"dms:*ReplicationSubnetGroup*",
"dms:*ReplicationTask*",
"dms:*Certificate*",
"dms:*TableStatistics*",
"dynamodb:*Table*",
"dynamodb:*Limits*",
"ec2:DescribeImages",
"ec2:DescribeAvailabilityZones",
"ec2:*Address*",
"ec2:*Instance*",
"ec2:*InternetGateway*",
"ec2:*Route*",
"ec2:*SecurityGroup*",
"ec2:*Subnet*",
"ec2:*Tags*",
"ec2:*Volume*",
"ec2:*Vpc*",
"ec2:*AccountAttributes*",
"events:ListEventBuses",
"events:DescribeEventBus",
"events:*Rule*",
"events:*Targets*",
"firehose:*DeliveryStream*",
"glue:*Crawler*",
"glue:*Database*",
"glue:*Job*",
"glue:*Trigger*",
"glue:*Table*",
"glue:*Workflow*",
"glue:GetCatalogImportStatus",
"glue:GetTags",
"iam:CreateRole",
"iam:DeleteRole",
"iam:GetRole",
"iam:ListRoles",
"iam:*Policy",
"iam:*Policies",
"iam:*InstanceProfile",
"iam:DeleteServiceLinkedRole",
"iam:GetServiceLinkedRoleDeletionStatus",
"kms:*Alias*",
"kms:*Grant*",
"kms:*Key*",
"kms:Decrypt*",
"kms:Encrypt*",
"kms:*ResourceTags*",
"kms:ReEncryptFrom*",
"kms:ReEncryptTo*",
"kms:TagResource*",
"kms:UntagResource*",
"lambda:*Permission*",
"lambda:*Function*",
"lambda:*Tags*",
"lambda:GetAccountSettings",
"rds:*DBInstance*",
"rds:*DBSubnetGroup*",
"rds:*DBSecurityGroup*",
"rds:*DBParameterGroup",
"rds:DescribeEngineDefaultParameters",
"logs:Describe*",
"logs:Get*",
"logs:List*",
"logs:StartQuery",
"logs:StopQuery",
"logs:TestMetricFilter",
"logs:FilterLogEvents",
"s3:*Bucket*",
"s3:*Object*",
"s3:*EncryptionConfiguration*",
"tag:*",
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret",
"secretsmanager:ListSecrets",
"secretsmanager:CreateSecret",
"secretsmanager:DeleteSecret",
"secretsmanager:GetRandomPassword",
"ssm:StartSession",
"macie2:GetMacieSession",
"macie2:GetFindings",
"macie2:GetClassificationExportConfiguration",
"macie2:Get*Statistics",
"macie2:ListFindings",
"macie2:ListFindingsFilters",
"macie2:ListClassificationJobs",
"macie2:ListCustomDataIdentifiers",
"macie2:ListMembers",
"macie2:DescribeBuckets",
"macie2:DescribeClassificationJob",
"macie2:CreateClassificationJob",
"macie2:UpdateClassificationJob",
"macie2:EnableMacie",
"macie2:DisableMacie",
"athena:Get*",
"athena:List*",
"athena:Tag*",
"athena:BatchGetNamedQuery",
"athena:BatchGetQueryExecution",
"athena:CreateDataCatalog",
"athena:UpdateDataCatalog",
"athena:CreatePreparedStatement",
"athena:StartQueryExecution",
"athena:CreateNamedQuery",
"athena:UpdatePreparedStatement",
"athena:StopQueryExecution",
"athena:DeleteDataCatalog",
"athena:DeleteNamedQuery",
"athena:DeletePreparedStatement"
]
}
]
}