{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "codepipeline:CreatePipeline", "s3:CreateBucket", "iam:CreateRole", "s3:ListBucket", "iam:AttachRolePolicy", "iam:PutRolePolicy", "dynamodb:DeleteTable", "codepipeline:DeletePipeline", "s3:GetBucketPolicy", "iam:PassRole", "iam:DetachRolePolicy", "dynamodb:DescribeTable", "iam:DeleteRolePolicy", "codepipeline:GetPipeline", "s3:PutBucketAcl", "cloudformation:UpdateStack", "events:RemoveTargets", "lambda:DeleteFunction", "iam:ListRolePolicies", "s3:DeleteBucket", "s3:PutBucketVersioning", "cloudformation:ListStackResources", "iam:GetRole", "events:DescribeRule", "apigateway:*", "iam:UpdateRoleDescription", "iam:DeleteRole", "s3:DeleteBucketPolicy", "codebuild:CreateProject", "cloudformation:DescribeStacks", "dynamodb:CreateTable", "events:PutTargets", "events:DeleteRule", "lambda:UpdateFunctionCode", "codecommit:*", "lambda:AddPermission", "s3:PutBucketLogging", "cloudformation:CreateStack", "cloudformation:DeleteStack", "s3:PutBucketPolicy", "codebuild:DeleteProject", "codepipeline:GetPipelineState", "s3:GetBucketLocation", "iam:GetRolePolicy", "lambda:RemovePermission", "dynamodb:UpdateTable", "lambda:GetFunction", "s3:GetEncryptionConfiguration", "s3:PutEncryptionConfiguration" ], "Resource": [ "arn:aws:s3:::awsopswheelsourcebucket-*", "arn:aws:s3:::awsopswheel-*", "arn:aws:dynamodb:*:*:table/AWSOpsWheel-*", "arn:aws:iam::*:role/AWSOpsWheel-*", "arn:aws:iam::*:role/service-role/AWSOpsWheel-*", "arn:aws:codecommit:*:*:AWSOpsWheel*", "arn:aws:codebuild:*:*:project/AWSOpsWheel*", "arn:aws:events:*:*:rule/AWSOpsWheel-*", "arn:aws:cloudformation:*:*:stack/AWSOpsWheelSourceBucket/*", "arn:aws:cloudformation:*:*:stack/AWSOpsWheel/*", "arn:aws:cloudformation:*:*:stack/AWSOpsWheel-*/*", "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/restapis/*", "arn:aws:codepipeline:*:*:AWSOpsWheel*", "arn:aws:lambda:*:*:function:AWSOpsWheel-*" ] }, { "Effect": "Allow", "Action": [ "lambda:CreateFunction", "cloudformation:ListStacks", "cognito-identity:*", "dynamodb:UntagResource", "dynamodb:ListTables", "events:PutRule", "lambda:UpdateFunctionConfiguration", "iam:ListRoles", "codecommit:CreateRepository", "codecommit:ListRepositories", "cognito-sync:*", "dynamodb:TagResource", "iam:ListOpenIDConnectProviders", "cognito-idp:*", "codebuild:ListProjects", "sns:ListPlatformApplications" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "codebuild:BatchGetProjects", "s3:PutObject", "s3:GetObject", "s3:DeleteObjectVersion", "s3:DeleteObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:codebuild:*:*:project/AWSOpsWheel*", "arn:aws:s3:::awsopswheelsourcebucket-*/*", "arn:aws:s3:::awsopswheel-*/*" ] }, { "Effect": "Allow", "Action": "iam:ListRoles", "Resource": [ "arn:aws:iam::*:role/AWSOpsWheel-*", "arn:aws:iam::*:role/service-role/AWSOpsWheel-*" ] } ] }