AWSTemplateFormatVersion: "2010-09-09" Description: "MAP Tagger Solution - Cross Account Role - (uksb-kzxy2tzxlf)" Parameters: RoleARN: Type: String Description: IAM ARN Role for Central Account Resources: IAMPolicyTaggerSolutionS1: Type: AWS::IAM::ManagedPolicy Properties: ManagedPolicyName: !Join [ "-", ["policy-tagger-process-solution-s1", !Select [4, !Split ['-', !Select [2, !Split ['/', !Ref AWS::StackId]]]]]] PolicyDocument: !Sub | { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "apigateway:GET", "apigateway:PATCH", "apigateway:PUT", "apigateway:DELETE", "apigateway:POST", "backup:ListBackupVaults", "backup:ListBackupPlans", "backup:ListTags", "backup:TagResource", "dynamodb:ListTables", "dynamodb:Describe*", "dynamodb:TagResource", "dynamodb:ListTagsOfResource", "dax:DescribeClusters", "dynamodb:ListBackups", "ec2:Describe*", "ec2:CreateTags", "ec2:DeleteTags", "ec2:DescribeVolumes", "ec2:DescribeSnapshots", "ec2:DescribeTransitGateways", "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTags", "ec2:CreateTags", "ecr:DescribeRepositories", "ecr:ListTagsForResource", "ecr:TagResource", "ecs:ListClusters", "ecs:DescribeClusters", "ecs:ListTagsForResource", "ecs:TagResource", "eks:ListClusters", "eks:ListTagsForResource", "eks:TagResource", "elasticfilesystem:Describe*", "elasticfilesystem:CreateTags", "elasticfilesystem:ListTagsForResource", "elasticloadbalancing:AddTags", "elasticloadbalancing:Describe*", "elasticmapreduce:DescribeCluster", "elasticmapreduce:ListClusters", "elasticmapreduce:AddTags", "fsx:TagResource", "fsx:DescribeFileSystems", "fsx:ListTagsForResource", "fsx:DescribeBackups", "lambda:List*", "lambda:Get*", "lambda:TagResource", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "redshift:CreateTags", "redshift:Describe*", "rds:ListTagsForResource", "rds:Describe*", "rds:DescribeDBInstances", "rds:AddTagsToResource", "s3:Get*", "s3:List*", "s3:PutBucketTagging", "tag:Get*", "tag:TagResources", "transfer:ListServers", "transfer:ListTagsForResource", "transfer:TagResource", "workspaces:DescribeWorkspaces", "workspaces:CreateTags", "rds:RemoveTagsFromResource", "elasticloadbalancing:RemoveTags", "elasticfilesystem:DeleteTags", "fsx:UntagResource", "dynamodb:UntagResource", "lambda:UntagResource", "backup:UntagResource", "ecr:UntagResource", "eks:UntagResource", "eks:DescribeCluster", "ecs:UntagResource", "elasticmapreduce:RemoveTags", "transfer:DescribeServer", "transfer:UntagResource", "elasticache:DescribeCacheSubnetGroups", "elasticache:DescribeSnapshots", "elasticache:DescribeCacheClusters", "elasticache:DescribeReplicationGroups", "elasticache:DescribeCacheParameterGroups", "timestream:DescribeEndpoints", "timestream:ListDatabases", "timestream:ListTables", "memorydb:DescribeClusters", "memorydb:DescribeSnapshots", "apigateway:PATCH", "elasticfilesystem:TagResource", "elasticfilesystem:UnTagResource", "elasticache:AddTagsToResource", "elasticache:RemoveTagsFromResource", "memorydb:TagResource", "memorydb:UnTagResource", "timestream:TagResource", "timestream:UnTagResource", "timestream:ListTagsForResource", "workspaces:DeleteTags" ], "Resource": "*" } ] } IAMPolicyTaggerSolutionS2: Type: AWS::IAM::ManagedPolicy Properties: ManagedPolicyName: !Join [ "-", ["policy-tagger-process-solution-s2", !Select [4, !Split ['-', !Select [2, !Split ['/', !Ref AWS::StackId]]]]]] PolicyDocument: !Sub | { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "athena:ListDataCatalogs", "athena:ListCapacityReservations", "athena:ListTagsForResource", "athena:TagResource", "athena:UntagResource", "cognito-identity:ListIdentityPools", "cognito-identity:DescribeIdentityPool", "cognito-identity:ListTagsForResource", "cognito-identity:TagResource", "cognito-identity:UntagResource", "cognito-idp:ListUserPools", "cognito-idp:DescribeUserPool", "cognito-idp:DescribeUserPoolDomain", "cognito-idp:ListTagsForResource", "cognito-idp:TagResource", "cognito-idp:UntagResource", "ds:DescribeDirectories", "ds:ListTagsForResource", "ds:AddTagsToResource", "ds:RemoveTagsFromResource", "ec2:CreateTags", "ec2:DeleteTags", "ec2:DescribeTags", "glacier:ListVaults", "glacier:DescribeVault", "glacier:ListTagsForVault", "glacier:AddTagsToVault", "glacier:RemoveTagsFromVault", "glue:GetConnections", "glue:GetConnection", "glue:GetDatabases", "glue:GetDatabase", "glue:GetCrawlers", "glue:GetCrawler", "glue:ListSessions", "glue:GetSession", "glue:GetDevEndpoints", "glue:GetDevEndpoint", "glue:GetJobs", "glue:GetJob", "glue:GetTriggers", "glue:GetTrigger", "glue:ListWorkflows", "glue:GetWorkflow", "glue:ListBlueprints", "glue:GetBlueprint", "glue:GetMLTransforms", "glue:GetMLTransform", "glue:ListDataQualityRulesets", "glue:GetDataQualityRuleset", "glue:ListRegistries", "glue:GetRegistry", "glue:ListSchemas", "glue:GetSchema", "glue:GetTags", "glue:TagResource", "glue:UntagResource", "kms:ListKeys", "kms:ListAliases", "kms:DescribeKey", "kms:ListResourceTags", "kms:TagResource", "kms:UntagResource", "medical-imaging:ListDatastores", "medical-imaging:GetDatastore", "medical-imaging:ListTagsForResource", "medical-imaging:TagResource", "medical-imaging:UntagResource", "redshift:DescribeClusters", "redshift:DescribeClusterSnapshots", "redshift:DescribeClusterSubnetGroups", "redshift:DescribeClusterParameterGroups", "redshift:DescribeScheduledActions", "redshift:DescribeTags", "redshift:CreateTags", "redshift:DeleteTags", "redshift-serverless:ListWorkgroups", "redshift-serverless:GetWorkgroup", "redshift-serverless:ListNamespaces", "redshift-serverless:GetNamespace", "redshift-serverless:ListSnapshots", "redshift-serverless:GetSnapshot", "redshift-serverless:ListRecoveryPoints", "redshift-serverless:GetRecoveryPoint", "redshift-serverless:ListTagsForResource", "redshift-serverless:TagResource", "redshift-serverless:UntagResource", "route53:ListHostedZones", "route53:ListHealthChecks", "route53:ListTagsForResource", "route53:ChangeTagsForResource", "route53resolver:ListResolverEndpoints", "route53resolver:ListResolverRules", "route53resolver:ListResolverQueryLogConfigs", "route53resolver:ListFirewallDomainLists", "route53resolver:ListFirewallRuleGroups", "route53resolver:ListFirewallRuleGroupAssociations", "route53resolver:ListTagsForResource", "route53resolver:TagResource", "route53resolver:UntagResource", "route53-recovery-control-config:ListClusters", "route53-recovery-control-config:ListControlPanels", "route53-recovery-control-config:ListRoutingControls", "route53-recovery-control-config:ListSafetyRules", "route53-recovery-control-config:ListTagsForResource", "route53-recovery-control-config:TagResource", "route53-recovery-control-config:UntagResource", "route53-recovery-readiness:ListCells", "route53-recovery-readiness:ListReadinessChecks", "route53-recovery-readiness:ListRecoveryGroups", "route53-recovery-readiness:ListResourceSets", "route53-recovery-readiness:ListTagsForResource", "route53-recovery-readiness:TagResource", "route53-recovery-readiness:UntagResource", "route53domains:ListDomains", "route53domains:ListTagsForDomain", "route53domains:UpdateTagsForDomain", "route53profiles:ListProfiles", "route53profiles:ListProfileAssociations", "route53profiles:ListTagsForResource", "route53profiles:TagResource", "route53profiles:UntagResource", "secretsmanager:ListSecrets", "secretsmanager:DescribeSecret", "secretsmanager:TagResource", "secretsmanager:UntagResource", "securityhub:DescribeHub", "securityhub:GetInsights", "securityhub:GetEnabledStandards", "securityhub:ListTagsForResource", "securityhub:TagResource", "securityhub:UntagResource", "sns:ListTopics", "sns:GetTopicAttributes", "sns:ListTagsForResource", "sns:TagResource", "sns:UntagResource", "sqs:ListQueues", "sqs:GetQueueAttributes", "sqs:ListQueueTags", "sqs:TagQueue", "sqs:UntagQueue", "ssm:DescribeParameters", "ssm:ListDocuments", "ssm:DescribeMaintenanceWindows", "ssm:DescribePatchBaselines", "ssm:ListTagsForResource", "ssm:AddTagsToResource", "ssm:RemoveTagsFromResource", "ssm-contacts:ListContacts", "ssm-contacts:GetContact", "ssm-contacts:ListTagsForResource", "ssm-contacts:TagResource", "ssm-contacts:UntagResource", "ssm-incidents:ListResponsePlans", "ssm-incidents:GetResponsePlan", "ssm-incidents:ListIncidents", "ssm-incidents:GetIncidentRecord", "ssm-incidents:ListReplicationSets", "ssm-incidents:GetReplicationSet", "ssm-incidents:ListTagsForResource", "ssm-incidents:TagResource", "ssm-incidents:UntagResource", "states:ListStateMachines", "states:DescribeStateMachine", "states:ListActivities", "states:DescribeActivity", "states:ListTagsForResource", "states:TagResource", "states:UntagResource" ], "Resource": "*" } ] } IAMPolicyTaggerSolutionS3: Type: AWS::IAM::ManagedPolicy Properties: ManagedPolicyName: !Join [ "-", ["policy-tagger-process-solution-s3", !Select [4, !Split ['-', !Select [2, !Split ['/', !Ref AWS::StackId]]]]]] PolicyDocument: !Sub | { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "apprunner:ListAutoScalingConfigurations", "apprunner:ListConnections", "apprunner:ListObservabilityConfigurations", "apprunner:ListServices", "apprunner:ListTagsForResource", "apprunner:ListVpcConnectors", "apprunner:ListVpcIngressConnections", "apprunner:TagResource", "apprunner:UntagResource", "bedrock:ListCustomModelDeployments", "bedrock:ListCustomModels", "bedrock:ListEvaluationJobs", "bedrock:ListGuardrails", "bedrock:ListImportedModels", "bedrock:ListInferenceProfiles", "bedrock:ListMarketplaceModelEndpoints", "bedrock:ListModelCopyJobs", "bedrock:ListModelCustomizationJobs", "bedrock:ListModelImportJobs", "bedrock:ListModelInvocationJobs", "bedrock:ListPromptRouters", "bedrock:ListProvisionedModelThroughputs", "bedrock:ListTagsForResource", "bedrock:TagResource", "bedrock:UntagResource", "bedrock:ListAgentActionGroups", "bedrock:ListAgentAliases", "bedrock:ListAgentCollaborators", "bedrock:ListAgentVersions", "bedrock:ListAgents", "bedrock:ListDataSources", "bedrock:ListFlowAliases", "bedrock:ListFlowVersions", "bedrock:ListFlows", "bedrock:ListIngestionJobs", "bedrock:ListKnowledgeBaseDocuments", "bedrock:ListKnowledgeBases", "bedrock:ListPrompts", "bedrock:ListTagsForResource", "bedrock:TagResource", "bedrock:UntagResource", "bedrock:ListBlueprints", "bedrock:ListDataAutomationProjects", "bedrock:ListTagsForResource", "bedrock:TagResource", "bedrock:UntagResource", "cloudfront:ListCachePolicies", "cloudfront:ListContinuousDeploymentPolicies", "cloudfront:ListDistributions", "cloudfront:ListFieldLevelEncryptionConfigs", "cloudfront:ListFieldLevelEncryptionProfiles", "cloudfront:ListFunctions", "cloudfront:ListKeyGroups", "cloudfront:ListOriginAccessControls", "cloudfront:ListOriginRequestPolicies", "cloudfront:ListRealtimeLogConfigs", "cloudfront:ListResponseHeadersPolicies", "cloudfront:ListStreamingDistributions", "cloudfront:ListTagsForResource", "cloudfront:TagResource", "cloudfront:UntagResource", "cloudhsm:AddTagsToResource", "cloudhsm:ListHapgs", "cloudhsm:ListHsms", "cloudhsm:ListLunaClients", "cloudhsm:ListTagsForResource", "cloudhsm:RemoveTagsFromResource", "cloudhsmv2:DescribeBackups", "cloudhsmv2:DescribeClusters", "cloudhsmv2:ListTags", "cloudhsmv2:TagResource", "cloudhsmv2:UntagResource", "comprehend:ListDocumentClassificationJobs", "comprehend:ListDocumentClassifiers", "comprehend:ListDominantLanguageDetectionJobs", "comprehend:ListEndpoints", "comprehend:ListEntitiesDetectionJobs", "comprehend:ListEntityRecognizers", "comprehend:ListEventsDetectionJobs", "comprehend:ListFlywheels", "comprehend:ListKeyPhrasesDetectionJobs", "comprehend:ListPiiEntitiesDetectionJobs", "comprehend:ListSentimentDetectionJobs", "comprehend:ListTagsForResource", "comprehend:ListTargetedSentimentDetectionJobs", "comprehend:ListTopicsDetectionJobs", "comprehend:TagResource", "comprehend:UntagResource" ], "Resource": "*" } ] } IAMPolicyTaggerSolutionS4: Type: AWS::IAM::ManagedPolicy Properties: ManagedPolicyName: !Join [ "-", ["policy-tagger-process-solution-s4", !Select [4, !Split ['-', !Select [2, !Split ['/', !Ref AWS::StackId]]]]]] PolicyDocument: !Sub | { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "connect:ListContactFlowModules", "connect:ListContactFlows", "connect:ListDefaultVocabularies", "connect:ListEvaluationForms", "connect:ListHoursOfOperations", "connect:ListInstances", "connect:ListIntegrationAssociations", "connect:ListPhoneNumbersV2", "connect:ListPrompts", "connect:ListQueues", "connect:ListQuickConnects", "connect:ListRoutingProfiles", "connect:ListSecurityProfiles", "connect:ListTagsForResource", "connect:ListTaskTemplates", "connect:ListTrafficDistributionGroups", "connect:ListUseCases", "connect:ListUserHierarchyGroups", "connect:ListUsers", "connect:TagResource", "connect:UntagResource", "connect-campaigns:ListCampaigns", "connect-campaigns:ListTagsForResource", "connect-campaigns:TagResource", "connect-campaigns:UntagResource", "connect-cases:ListCaseRules", "connect-cases:ListDomains", "connect-cases:ListFields", "connect-cases:ListLayouts", "connect-cases:ListTagsForResource", "connect-cases:ListTemplates", "connect-cases:SearchCases", "connect-cases:TagResource", "connect-cases:UntagResource", "databrew:ListDatasets", "databrew:ListJobs", "databrew:ListProjects", "databrew:ListRecipes", "databrew:ListRulesets", "databrew:ListSchedules", "databrew:ListTagsForResource", "databrew:TagResource", "databrew:UntagResource", "datasync:ListAgents", "datasync:ListLocations", "datasync:ListTagsForResource", "datasync:ListTaskExecutions", "datasync:ListTasks", "datasync:TagResource", "datasync:UntagResource", "datazone:ListAssetTypes", "datazone:ListDataSources", "datazone:ListDomains", "datazone:ListEnvironmentProfiles", "datazone:ListEnvironments", "datazone:ListFormTypes", "datazone:ListGlossaries", "datazone:ListGlossaryTerms", "datazone:ListProjects", "datazone:ListTagsForResource", "datazone:TagResource", "datazone:UntagResource", "directconnect:DescribeConnections", "directconnect:DescribeDirectConnectGatewayAssociationProposals", "directconnect:DescribeDirectConnectGatewayAssociations", "directconnect:DescribeDirectConnectGateways", "directconnect:DescribeInterconnects", "directconnect:DescribeLags", "directconnect:DescribeTags", "directconnect:DescribeVirtualInterfaces", "directconnect:TagResource", "directconnect:UntagResource", "drs:DescribeLaunchConfigurationTemplates", "drs:DescribeReplicationConfigurationTemplates", "drs:DescribeSourceServers", "drs:ListTagsForResource", "drs:TagResource", "drs:UntagResource" ], "Resource": "*" } ] } IAMPolicyTaggerSolutionS5: Type: AWS::IAM::ManagedPolicy Properties: ManagedPolicyName: !Join [ "-", ["policy-tagger-process-solution-s5", !Select [4, !Split ['-', !Select [2, !Split ['/', !Ref AWS::StackId]]]]]] PolicyDocument: !Sub | { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:CreateTags", "ec2:DeleteTags", "ec2:DescribeAddresses", "ec2:DescribeCapacityReservations", "ec2:DescribeCarrierGateways", "ec2:DescribeClientVpnEndpoints", "ec2:DescribeCustomerGateways", "ec2:DescribeDhcpOptions", "ec2:DescribeFleets", "ec2:DescribeFlowLogs", "ec2:DescribeHosts", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeKeyPairs", "ec2:DescribeLaunchTemplates", "ec2:DescribeLocalGatewayRouteTables", "ec2:DescribeLocalGatewayVirtualInterfaces", "ec2:DescribeLocalGateways", "ec2:DescribeManagedPrefixLists", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaces", "ec2:DescribePlacementGroups", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSpotFleetRequests", "ec2:DescribeSubnets", "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayRouteTables", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribeTransitGateways", "ec2:DescribeVolumes", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "elasticbeanstalk:DescribeApplicationVersions", "elasticbeanstalk:DescribeApplications", "elasticbeanstalk:DescribeConfigurationSettings", "elasticbeanstalk:DescribeEnvironments", "elasticbeanstalk:ListPlatformVersions", "elasticbeanstalk:ListTagsForResource", "elasticbeanstalk:UpdateTagsForResource", "kafka:ListClustersV2", "kafka:ListConfigurations", "kafka:ListReplicators", "kafka:ListTagsForResource", "kafka:ListVpcConnections", "kafka:TagResource", "kafka:UntagResource", "kafkaconnect:ListConnectors", "kafkaconnect:ListCustomPlugins", "kafkaconnect:ListTagsForResource", "kafkaconnect:ListWorkerConfigurations", "kafkaconnect:TagResource", "kafkaconnect:UntagResource", "kendra:ListAccessControlConfigurations", "kendra:ListDataSources", "kendra:ListExperiences", "kendra:ListFaqs", "kendra:ListFeaturedResultsSets", "kendra:ListIndices", "kendra:ListQuerySuggestionsBlockLists", "kendra:ListTagsForResource", "kendra:ListThesauri", "kendra:TagResource", "kendra:UntagResource", "kendra-ranking:ListRescoreExecutionPlans", "kendra-ranking:ListTagsForResource", "kendra-ranking:TagResource", "kendra-ranking:UntagResource", "mgn:DescribeSourceServers", "mgn:ListApplications", "mgn:ListConnectors", "mgn:ListTagsForResource", "mgn:ListWaves", "mgn:TagResource", "mgn:UntagResource", "neptune:AddTagsToResource", "neptune:DescribeDbClusterEndpoints", "neptune:DescribeDbClusterParameterGroups", "neptune:DescribeDbClusterSnapshots", "neptune:DescribeDbClusters", "neptune:DescribeDbInstances", "neptune:DescribeDbParameterGroups", "neptune:DescribeDbSubnetGroups", "neptune:DescribeEventSubscriptions", "neptune:DescribeGlobalClusters", "neptune:ListTagsForResource", "neptune:RemoveTagsFromResource", "neptune-graph:ListExportTasks", "neptune-graph:ListGraphSnapshots", "neptune-graph:ListGraphs", "neptune-graph:ListImportTasks", "neptune-graph:ListPrivateGraphEndpoints", "neptune-graph:ListQueries", "neptune-graph:ListTagsForResource", "neptune-graph:TagResource", "neptune-graph:UntagResource" ], "Resource": "*" } ] } IAMPolicyTaggerSolutionS6: Type: AWS::IAM::ManagedPolicy Properties: ManagedPolicyName: !Join [ "-", ["policy-tagger-process-solution-s6", !Select [4, !Split ['-', !Select [2, !Split ['/', !Ref AWS::StackId]]]]]] PolicyDocument: !Sub | { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "network-firewall:ListFirewallPolicies", "network-firewall:ListFirewalls", "network-firewall:ListRuleGroups", "network-firewall:ListTagsForResource", "network-firewall:ListTlsInspectionConfigurations", "network-firewall:TagResource", "network-firewall:UntagResource", "rekognition:DescribeCollection", "rekognition:DescribeProjects", "rekognition:ListCollections", "rekognition:ListStreamProcessors", "rekognition:ListTagsForResource", "rekognition:TagResource", "rekognition:UntagResource", "s3control:DeleteAccessPointTagging", "s3control:DeleteJobTagging", "s3control:DeleteStorageLensConfigurationTagging", "s3control:GetJobTagging", "s3control:GetStorageLensConfigurationTagging", "s3control:ListAccessGrants", "s3control:ListAccessGrantsInstances", "s3control:ListAccessGrantsLocations", "s3control:ListAccessPoints", "s3control:ListJobs", "s3control:ListMultiRegionAccessPoints", "s3control:ListStorageLensConfigurations", "s3control:ListStorageLensGroups", "s3control:PutAccessPointTagging", "s3control:PutJobTagging", "s3control:PutStorageLensConfigurationTagging", "sagemaker:AddTags", "sagemaker:DeleteTags", "sagemaker:ListAlgorithms", "sagemaker:ListApps", "sagemaker:ListAutoMlJobs", "sagemaker:ListClusters", "sagemaker:ListCodeRepositories", "sagemaker:ListDomains", "sagemaker:ListEndpointConfigs", "sagemaker:ListEndpoints", "sagemaker:ListExperiments", "sagemaker:ListFeatureGroups", "sagemaker:ListHyperParameterTuningJobs", "sagemaker:ListModelPackages", "sagemaker:ListModels", "sagemaker:ListNotebookInstances", "sagemaker:ListPipelines", "sagemaker:ListProcessingJobs", "sagemaker:ListProjects", "sagemaker:ListSpaces", "sagemaker:ListTags", "sagemaker:ListTrainingJobs", "sagemaker:ListTransformJobs", "sagemaker:ListTrialComponents", "sagemaker:ListTrials", "sagemaker:ListUserProfiles", "sagemaker-geospatial:ListEarthObservationJobs", "sagemaker-geospatial:ListRasterDataCollections", "sagemaker-geospatial:ListTagsForResource", "sagemaker-geospatial:ListVectorEnrichmentJobs", "sagemaker-geospatial:TagResource", "sagemaker-geospatial:UntagResource", "storagegateway:AddTagsToResource", "storagegateway:DescribeFileSystemAssociations", "storagegateway:DescribeTapes", "storagegateway:ListFileShares", "storagegateway:ListGateways", "storagegateway:ListTagsForResource", "storagegateway:ListTapePools", "storagegateway:ListVolumes", "storagegateway:RemoveTagsFromResource", "textract:GetAdapter", "textract:ListAdapterVersions", "textract:ListAdapters", "textract:ListTagsForResource", "textract:TagResource", "textract:UntagResource", "waf:ListByteMatchSets", "waf:ListGeoMatchSets", "waf:ListIpSets", "waf:ListRateBasedRules", "waf:ListRegexMatchSets", "waf:ListRegexPatternSets", "waf:ListRuleGroups", "waf:ListRules", "waf:ListSizeConstraintSets", "waf:ListSqlInjectionMatchSets", "waf:ListTagsForResource", "waf:ListWebAcls", "waf:ListXssMatchSets", "waf:TagResource", "waf:UntagResource", "waf-regional:ListByteMatchSets", "waf-regional:ListGeoMatchSets", "waf-regional:ListIpSets", "waf-regional:ListRateBasedRules", "waf-regional:ListRegexMatchSets", "waf-regional:ListRegexPatternSets", "waf-regional:ListRuleGroups", "waf-regional:ListRules", "waf-regional:ListSizeConstraintSets", "waf-regional:ListSqlInjectionMatchSets", "waf-regional:ListTagsForResource", "waf-regional:ListWebAcls", "waf-regional:ListXssMatchSets", "waf-regional:TagResource", "waf-regional:UntagResource", "wafv2:ListIpSets", "wafv2:ListManagedRuleSets", "wafv2:ListRegexPatternSets", "wafv2:ListRuleGroups", "wafv2:ListTagsForResource", "wafv2:ListWebAcls", "wafv2:TagResource", "wafv2:UntagResource", "wisdom:ListAssistantAssociations", "wisdom:ListAssistants", "wisdom:ListContents", "wisdom:ListImportJobs", "wisdom:ListKnowledgeBases", "wisdom:ListQuickResponses", "wisdom:ListTagsForResource", "wisdom:SearchSessions", "wisdom:TagResource", "wisdom:UntagResource" ], "Resource": "*" } ] } IAMRole: Type: "AWS::IAM::Role" Properties: Path: "/" RoleName: "IAMChildRoleTaggerSolution" AssumeRolePolicyDocument: !Sub | { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "${RoleARN}" }, "Action": "sts:AssumeRole" } ] } MaxSessionDuration: 3600 ManagedPolicyArns: - !Ref IAMPolicyTaggerSolutionS1 - !Ref IAMPolicyTaggerSolutionS2 - !Ref IAMPolicyTaggerSolutionS3 - !Ref IAMPolicyTaggerSolutionS4 - !Ref IAMPolicyTaggerSolutionS5 - !Ref IAMPolicyTaggerSolutionS6