{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "codepipeline:*", "s3:CreateBucket", "iam:CreateRole", "s3:ListBucket", "iam:AttachRolePolicy", "iam:PutRolePolicy", "dynamodb:DeleteTable", "dynamodb:PutItem", "dynamodb:GetItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:BatchWriteItem", "s3:GetBucketPolicy", "iam:PassRole", "iam:DetachRolePolicy", "dynamodb:DescribeTable", "iam:DeleteRolePolicy", "s3:PutBucketAcl", "cloudformation:*", "cloudcontrol:*", "events:RemoveTargets", "lambda:DeleteFunction", "iam:ListRolePolicies", "s3:DeleteBucket", "s3:PutBucketVersioning", "iam:GetRole", "events:DescribeRule", "apigateway:*", "iam:UpdateRoleDescription", "iam:DeleteRole", "s3:DeleteBucketPolicy", "codebuild:CreateProject", "dynamodb:CreateTable", "events:PutTargets", "events:DeleteRule", "lambda:UpdateFunctionCode", "codecommit:*", "lambda:AddPermission", "s3:PutBucketLogging", "s3:PutBucketPolicy", "codebuild:DeleteProject", "codepipeline:GetPipelineState", "s3:GetBucketLocation", "iam:GetRolePolicy", "lambda:RemovePermission", "dynamodb:UpdateTable", "lambda:GetFunction", "s3:GetEncryptionConfiguration", "s3:PutEncryptionConfiguration", "s3:PutBucketPublicAccessBlock", "s3:GetBucketPublicAccessBlock", "s3:GetBucketVersioning", "s3:ListBucketVersions", "s3:PutLifecycleConfiguration", "s3:GetLifecycleConfiguration", "lambda:PublishLayerVersion", "lambda:DeleteLayerVersion", "lambda:GetLayerVersion", "lambda:ListLayerVersions", "lambda:InvokeFunction" ], "Resource": [ "arn:aws:s3:::awsopswheelsourcebucket-*", "arn:aws:s3:::awsopswheel-*", "arn:aws:s3:::ops-wheel-v2-*", "arn:aws:s3:::aws-ops-wheel-v2-frontend-*", "arn:aws:s3:::aws-ops-wheel-v2-unified-*", "arn:aws:dynamodb:*:*:table/AWSOpsWheel-*", "arn:aws:dynamodb:*:*:table/OpsWheelV2-*", "arn:aws:dynamodb:*:*:table/ops-wheel-v2-*", "arn:aws:iam::*:role/AWSOpsWheel-*", "arn:aws:iam::*:role/OpsWheelV2-*", "arn:aws:iam::*:role/aws-ops-wheel-v2-*", "arn:aws:iam::*:role/create-frontend-config-*", "arn:aws:iam::*:role/service-role/AWSOpsWheel-*", "arn:aws:iam::*:role/service-role/OpsWheelV2-*", "arn:aws:iam::*:role/service-role/create-frontend-config-*", "arn:aws:iam::*:role/cloudformation-lambda-execution-role-*", "arn:aws:iam::*:role/lambda-execution-role-*", "arn:aws:iam::*:role/api-gateway-execution-role-*", "arn:aws:codecommit:*:*:AWSOpsWheel*", "arn:aws:codecommit:*:*:aws-ops-wheel-v2*", "arn:aws:codebuild:*:*:project/AWSOpsWheel*", "arn:aws:codebuild:*:*:project/aws-ops-wheel-v2*", "arn:aws:events:*:*:rule/AWSOpsWheel-*", "arn:aws:events:*:*:rule/OpsWheelV2-*", "arn:aws:cloudformation:*:*:stack/AWSOpsWheelSourceBucket*/*", "arn:aws:cloudformation:*:*:stack/AWSOpsWheel/*", "arn:aws:cloudformation:*:*:stack/AWSOpsWheel-*/*", "arn:aws:cloudformation:*:*:stack/aws-ops-wheel-v2*/*", "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/restapis/*", "arn:aws:codepipeline:*:*:AWSOpsWheel*", "arn:aws:codepipeline:*:*:aws-ops-wheel-v2*", "arn:aws:lambda:*:*:function:AWSOpsWheel-*", "arn:aws:lambda:*:*:function:ops-wheel-v2-*", "arn:aws:lambda:*:*:function:create-frontend-config-*", "arn:aws:lambda:*:*:layer:ops-wheel-v2-*" ] }, { "Effect": "Allow", "Action": [ "lambda:CreateFunction", "lambda:InvokeFunction", "cloudformation:*", "cognito-identity:*", "dynamodb:UntagResource", "dynamodb:ListTables", "dynamodb:UpdateContinuousBackups", "dynamodb:DescribeContinuousBackups", "events:PutRule", "lambda:UpdateFunctionConfiguration", "lambda:ListFunctions", "lambda:ListLayers", "lambda:TagResource", "lambda:UntagResource", "lambda:ListTags", "iam:ListRoles", "iam:TagRole", "iam:UntagRole", "iam:ListRoleTags", "codecommit:CreateRepository", "codecommit:ListRepositories", "cognito-sync:*", "dynamodb:TagResource", "iam:ListOpenIDConnectProviders", "cognito-idp:*", "codebuild:ListProjects", "sns:ListPlatformApplications", "s3:*", "cloudfront:CreateDistribution", "cloudfront:UpdateDistribution", "cloudfront:DeleteDistribution", "cloudfront:GetDistribution", "cloudfront:GetDistributionConfig", "cloudfront:ListDistributions", "cloudfront:TagResource", "cloudfront:UntagResource", "cloudfront:ListTagsForResource", "cloudfront:CreateOriginAccessControl", "cloudfront:DeleteOriginAccessControl", "cloudfront:GetOriginAccessControl", "cloudfront:UpdateOriginAccessControl", "cloudfront:ListOriginAccessControls", "cloudfront:CreateInvalidation", "apigateway:PUT", "apigateway:GET", "apigateway:POST", "apigateway:DELETE", "apigateway:PATCH", "cloudwatch:PutDashboard", "cloudwatch:DeleteDashboards", "cloudwatch:GetDashboard", "cloudwatch:ListDashboards", "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "cloudwatch:PutMetricData", "logs:DescribeLogGroups", "ses:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:DeleteLogGroup", "logs:DeleteLogStream", "logs:FilterLogEvents", "logs:GetLogEvents" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/lambda/AWSOpsWheel-*", "arn:aws:logs:*:*:log-group:/aws/lambda/AWSOpsWheel-*:*", "arn:aws:logs:*:*:log-group:/aws/lambda/ops-wheel-v2-*", "arn:aws:logs:*:*:log-group:/aws/lambda/ops-wheel-v2-*:*", "arn:aws:logs:*:*:log-group:/aws/lambda/create-frontend-config-*", "arn:aws:logs:*:*:log-group:/aws/lambda/create-frontend-config-*:*", "arn:aws:logs:*:*:log-group:/aws/apigateway/AWSOpsWheel-*", "arn:aws:logs:*:*:log-group:/aws/apigateway/aws-ops-wheel-v2-*" ] }, { "Effect": "Allow", "Action": "iam:ListRoles", "Resource": [ "arn:aws:iam::*:role/AWSOpsWheel-*", "arn:aws:iam::*:role/OpsWheelV2-*", "arn:aws:iam::*:role/aws-ops-wheel-v2-*", "arn:aws:iam::*:role/create-frontend-config-*", "arn:aws:iam::*:role/service-role/AWSOpsWheel-*", "arn:aws:iam::*:role/service-role/OpsWheelV2-*", "arn:aws:iam::*:role/service-role/aws-ops-wheel-v2-*", "arn:aws:iam::*:role/cloudformation-service-role-*", "arn:aws:iam::*:role/cognito-identity-pool-*", "arn:aws:iam::*:role/apigateway-cloudwatch-*", "arn:aws:iam::*:role/dynamodb-autoscaling-*" ] } ] }