{ "APIGatewayServiceRolePolicy": { "PolicyName": "APIGatewayServiceRolePolicy", "PolicyId": "ANPAJQQDZNLDBF2ULTWK6", "Arn": "arn:aws:iam::aws:policy/aws-service-role/APIGatewayServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v9", "AttachmentCount": 1, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-10-20T17:23:10+00:00", "UpdateDate": "2021-07-12T22:24:40+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "elasticloadbalancing:AddListenerCertificates", "elasticloadbalancing:RemoveListenerCertificates", "elasticloadbalancing:ModifyListener", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", "xray:PutTraceSegments", "xray:PutTelemetryRecords", "xray:GetSamplingTargets", "xray:GetSamplingRules", "logs:CreateLogDelivery", "logs:GetLogDelivery", "logs:UpdateLogDelivery", "logs:DeleteLogDelivery", "logs:ListLogDeliveries", "servicediscovery:DiscoverInstances" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "firehose:DescribeDeliveryStream", "firehose:PutRecord", "firehose:PutRecordBatch" ], "Resource": "arn:aws:firehose:*:*:deliverystream/amazon-apigateway-*" }, { "Effect": "Allow", "Action": [ "acm:DescribeCertificate", "acm:GetCertificate" ], "Resource": "arn:aws:acm:*:*:certificate/*" }, { "Effect": "Allow", "Action": "ec2:CreateNetworkInterfacePermission", "Resource": "arn:aws:ec2:*:*:network-interface/*" }, { "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": "arn:aws:ec2:*:*:network-interface/*", "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": [ "Owner", "VpcLinkId" ] } } }, { "Effect": "Allow", "Action": [ "ec2:ModifyNetworkInterfaceAttribute", "ec2:DeleteNetworkInterface", "ec2:AssignPrivateIpAddresses", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DescribeNetworkInterfaces", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeVpcs", "ec2:DescribeNetworkInterfacePermissions", "ec2:UnassignPrivateIpAddresses", "ec2:DescribeSubnets", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups" ], "Resource": "*" }, { "Effect": "Allow", "Action": "servicediscovery:GetNamespace", "Resource": "arn:aws:servicediscovery:*:*:namespace/*" }, { "Effect": "Allow", "Action": "servicediscovery:GetService", "Resource": "arn:aws:servicediscovery:*:*:service/*" } ] }, "VersionId": "v9" }, "AWSAccountActivityAccess": { "PolicyName": "AWSAccountActivityAccess", "PolicyId": "ANPAJQRYCWMFX5J3E333K", "Arn": "arn:aws:iam::aws:policy/AWSAccountActivityAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:18+00:00", "UpdateDate": "2015-02-06T18:41:18+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-portal:ViewBilling" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSAccountUsageReportAccess": { "PolicyName": "AWSAccountUsageReportAccess", "PolicyId": "ANPAJLIB4VSBVO47ZSBB6", "Arn": "arn:aws:iam::aws:policy/AWSAccountUsageReportAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:19+00:00", "UpdateDate": "2015-02-06T18:41:19+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-portal:ViewUsage" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSAgentlessDiscoveryService": { "PolicyName": "AWSAgentlessDiscoveryService", "PolicyId": "ANPAIA3DIL7BYQ35ISM4K", "Arn": "arn:aws:iam::aws:policy/AWSAgentlessDiscoveryService", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-08-02T01:35:11+00:00", "UpdateDate": "2020-02-24T23:08:23+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "awsconnector:RegisterConnector", "awsconnector:GetConnectorHealth" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:GetUser", "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::connector-platform-upgrade-info/*", "arn:aws:s3:::connector-platform-upgrade-info", "arn:aws:s3:::connector-platform-upgrade-bundles/*", "arn:aws:s3:::connector-platform-upgrade-bundles", "arn:aws:s3:::connector-platform-release-notes/*", "arn:aws:s3:::connector-platform-release-notes", "arn:aws:s3:::prod.agentless.discovery.connector.upgrade/*", "arn:aws:s3:::prod.agentless.discovery.connector.upgrade" ] }, { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::import-to-ec2-connector-debug-logs/*" ] }, { "Effect": "Allow", "Action": [ "SNS:Publish" ], "Resource": "arn:aws:sns:*:*:metrics-sns-topic-for-*" }, { "Sid": "Discovery", "Effect": "Allow", "Action": [ "Discovery:*" ], "Resource": "*" }, { "Sid": "arsenal", "Effect": "Allow", "Action": [ "arsenal:RegisterOnPremisesAgent" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "mgh:GetHomeRegion" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSAppMeshEnvoyAccess": { "PolicyName": "AWSAppMeshEnvoyAccess", "PolicyId": "ANPAZKAPJZG4PMG6ZGSZZ", "Arn": "arn:aws:iam::aws:policy/AWSAppMeshEnvoyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-07-03T21:29:37+00:00", "UpdateDate": "2019-07-03T21:29:37+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "appmesh:StreamAggregatedResources" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSAppMeshFullAccess": { "PolicyName": "AWSAppMeshFullAccess", "PolicyId": "ANPAZKAPJZG4ILVZ5BWFU", "Arn": "arn:aws:iam::aws:policy/AWSAppMeshFullAccess", "Path": "/", "DefaultVersionId": "v6", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-04-16T17:50:40+00:00", "UpdateDate": "2021-01-07T19:54:08+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "appmesh:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/appmesh.amazonaws.com/AWSServiceRoleForAppMesh", "Condition": { "StringLike": { "iam:AWSServiceName": [ "appmesh.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStack*", "cloudformation:UpdateStack" ], "Resource": "arn:aws:cloudformation:*:*:stack/AWSAppMesh-GettingStarted-*" }, { "Effect": "Allow", "Action": [ "acm:ListCertificates", "acm:DescribeCertificate", "acm-pca:DescribeCertificateAuthority", "acm-pca:ListCertificateAuthorities" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "servicediscovery:ListNamespaces", "servicediscovery:ListServices", "servicediscovery:ListInstances" ], "Resource": "*" } ] }, "VersionId": "v6" }, "AWSAppMeshPreviewEnvoyAccess": { "PolicyName": "AWSAppMeshPreviewEnvoyAccess", "PolicyId": "ANPAZKAPJZG4NKURE3R2M", "Arn": "arn:aws:iam::aws:policy/AWSAppMeshPreviewEnvoyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-08-05T23:32:39+00:00", "UpdateDate": "2019-08-05T23:32:39+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "appmesh-preview:StreamAggregatedResources" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSAppMeshPreviewServiceRolePolicy": { "PolicyName": "AWSAppMeshPreviewServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4FAQWKJYPJ", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAppMeshPreviewServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-06-19T19:07:00+00:00", "UpdateDate": "2019-08-21T21:06:29+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "CloudMapServiceDiscovery", "Effect": "Allow", "Action": [ "servicediscovery:DiscoverInstances" ], "Resource": "*" }, { "Sid": "ACMCertificateVerification", "Effect": "Allow", "Action": [ "acm:DescribeCertificate" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AWSAppMeshReadOnly": { "PolicyName": "AWSAppMeshReadOnly", "PolicyId": "ANPAZKAPJZG4HOPFCIWXP", "Arn": "arn:aws:iam::aws:policy/AWSAppMeshReadOnly", "Path": "/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-04-16T17:51:11+00:00", "UpdateDate": "2021-01-07T19:53:16+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "appmesh:Describe*", "appmesh:List*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudformation:DescribeStack*" ], "Resource": "arn:aws:cloudformation:*:*:stack/AWSAppMesh-GettingStarted-*" }, { "Effect": "Allow", "Action": [ "acm:ListCertificates", "acm:DescribeCertificate", "acm-pca:DescribeCertificateAuthority", "acm-pca:ListCertificateAuthorities" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "servicediscovery:ListNamespaces", "servicediscovery:ListServices", "servicediscovery:ListInstances" ], "Resource": "*" } ] }, "VersionId": "v5" }, "AWSAppMeshServiceRolePolicy": { "PolicyName": "AWSAppMeshServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4B5IHMMEND", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAppMeshServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-06-03T18:30:51+00:00", "UpdateDate": "2019-09-10T22:44:43+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "CloudMapServiceDiscovery", "Effect": "Allow", "Action": [ "servicediscovery:DiscoverInstances" ], "Resource": "*" }, { "Sid": "ACMCertificateVerification", "Effect": "Allow", "Action": [ "acm:DescribeCertificate" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSAppRunnerServicePolicyForECRAccess": { "PolicyName": "AWSAppRunnerServicePolicyForECRAccess", "PolicyId": "ANPAZKAPJZG4LYM3IT6IY", "Arn": "arn:aws:iam::aws:policy/service-role/AWSAppRunnerServicePolicyForECRAccess", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-05-14T19:17:21+00:00", "UpdateDate": "2021-05-14T19:17:21+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "ecr:DescribeImages", "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSAppSyncAdministrator": { "PolicyName": "AWSAppSyncAdministrator", "PolicyId": "ANPAJBYY36AJPXTTWIXCY", "Arn": "arn:aws:iam::aws:policy/AWSAppSyncAdministrator", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-03-20T21:20:28+00:00", "UpdateDate": "2019-11-04T19:23:49+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "appsync:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": [ "appsync.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "appsync.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Resource": "arn:aws:iam::*:role/aws-service-role/appsync.amazonaws.com/AWSServiceRoleForAppSync*" } ] }, "VersionId": "v2" }, "AWSAppSyncInvokeFullAccess": { "PolicyName": "AWSAppSyncInvokeFullAccess", "PolicyId": "ANPAILMPWRRZN27MPE3VM", "Arn": "arn:aws:iam::aws:policy/AWSAppSyncInvokeFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-03-20T21:21:20+00:00", "UpdateDate": "2018-03-20T21:21:20+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "appsync:GraphQL", "appsync:GetGraphqlApi", "appsync:ListGraphqlApis", "appsync:ListApiKeys" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSAppSyncPushToCloudWatchLogs": { "PolicyName": "AWSAppSyncPushToCloudWatchLogs", "PolicyId": "ANPAIWN7WNO34HLMJPUQS", "Arn": "arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-04-09T19:38:55+00:00", "UpdateDate": "2018-04-09T19:38:55+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSAppSyncSchemaAuthor": { "PolicyName": "AWSAppSyncSchemaAuthor", "PolicyId": "ANPAIUCF5WVTOFQXFKY5E", "Arn": "arn:aws:iam::aws:policy/AWSAppSyncSchemaAuthor", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-03-20T21:21:06+00:00", "UpdateDate": "2018-03-20T21:21:06+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "appsync:GraphQL", "appsync:CreateResolver", "appsync:CreateType", "appsync:DeleteResolver", "appsync:DeleteType", "appsync:GetResolver", "appsync:GetType", "appsync:GetDataSource", "appsync:GetSchemaCreationStatus", "appsync:GetIntrospectionSchema", "appsync:GetGraphqlApi", "appsync:ListTypes", "appsync:ListApiKeys", "appsync:ListResolvers", "appsync:ListDataSources", "appsync:ListGraphqlApis", "appsync:StartSchemaCreation", "appsync:UpdateResolver", "appsync:UpdateType" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSAppSyncServiceRolePolicy": { "PolicyName": "AWSAppSyncServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4IKBIQXBOO", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAppSyncServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-01-21T19:56:53+00:00", "UpdateDate": "2020-01-21T19:56:53+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", "xray:GetSamplingTargets", "xray:GetSamplingRules", "xray:GetSamplingStatisticSummaries" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSApplicationAutoScalingCustomResourcePolicy": { "PolicyName": "AWSApplicationAutoScalingCustomResourcePolicy", "PolicyId": "ANPAJYTKXPX6DO32Z4XXA", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoScalingCustomResourcePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-06-04T23:22:44+00:00", "UpdateDate": "2018-06-04T23:22:44+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "execute-api:Invoke", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSApplicationAutoscalingAppStreamFleetPolicy": { "PolicyName": "AWSApplicationAutoscalingAppStreamFleetPolicy", "PolicyId": "ANPAIRI724OWKP56ZG62M", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingAppStreamFleetPolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-10-20T19:04:06+00:00", "UpdateDate": "2017-10-20T19:04:06+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "appstream:UpdateFleet", "appstream:DescribeFleets", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSApplicationAutoscalingCassandraTablePolicy": { "PolicyName": "AWSApplicationAutoscalingCassandraTablePolicy", "PolicyId": "ANPAZKAPJZG4BOOOZAOTV", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingCassandraTablePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-03-18T22:49:23+00:00", "UpdateDate": "2020-03-18T22:49:23+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "cassandra:Select", "Resource": [ "arn:*:cassandra:*:*:/keyspace/system/table/*", "arn:*:cassandra:*:*:/keyspace/system_schema/table/*", "arn:*:cassandra:*:*:/keyspace/system_schema_mcs/table/*" ] }, { "Effect": "Allow", "Action": [ "cassandra:Alter", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSApplicationAutoscalingComprehendEndpointPolicy": { "PolicyName": "AWSApplicationAutoscalingComprehendEndpointPolicy", "PolicyId": "ANPAZKAPJZG4HD4ODS6K6", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingComprehendEndpointPolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-14T18:39:07+00:00", "UpdateDate": "2019-11-14T18:39:07+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "comprehend:UpdateEndpoint", "comprehend:DescribeEndpoint", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSApplicationAutoscalingDynamoDBTablePolicy": { "PolicyName": "AWSApplicationAutoscalingDynamoDBTablePolicy", "PolicyId": "ANPAJOVQMDI3JFCBW4LFO", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingDynamoDBTablePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-10-20T21:34:57+00:00", "UpdateDate": "2017-10-20T21:34:57+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:DescribeTable", "dynamodb:UpdateTable", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSApplicationAutoscalingEC2SpotFleetRequestPolicy": { "PolicyName": "AWSApplicationAutoscalingEC2SpotFleetRequestPolicy", "PolicyId": "ANPAJNRH3VE3WW4Q4RDTU", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingEC2SpotFleetRequestPolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-10-25T18:23:27+00:00", "UpdateDate": "2017-10-25T18:23:27+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeSpotFleetRequests", "ec2:ModifySpotFleetRequest", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSApplicationAutoscalingECSServicePolicy": { "PolicyName": "AWSApplicationAutoscalingECSServicePolicy", "PolicyId": "ANPAJFXLLV7AKH5PSFOYG", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingECSServicePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-10-25T23:53:08+00:00", "UpdateDate": "2017-10-25T23:53:08+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecs:DescribeServices", "ecs:UpdateService", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSApplicationAutoscalingEMRInstanceGroupPolicy": { "PolicyName": "AWSApplicationAutoscalingEMRInstanceGroupPolicy", "PolicyId": "ANPAIQ6M5Z7LQY2YSG2JS", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingEMRInstanceGroupPolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-10-26T00:57:39+00:00", "UpdateDate": "2017-10-26T00:57:39+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ModifyInstanceGroups", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSApplicationAutoscalingKafkaClusterPolicy": { "PolicyName": "AWSApplicationAutoscalingKafkaClusterPolicy", "PolicyId": "ANPAZKAPJZG4FTCIZBJA2", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingKafkaClusterPolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-08-24T18:36:01+00:00", "UpdateDate": "2020-08-24T18:36:01+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kafka:DescribeCluster", "kafka:DescribeClusterOperation", "kafka:UpdateBrokerStorage", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSApplicationAutoscalingLambdaConcurrencyPolicy": { "PolicyName": "AWSApplicationAutoscalingLambdaConcurrencyPolicy", "PolicyId": "ANPAZKAPJZG4KIR2KPJCU", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingLambdaConcurrencyPolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-10-21T20:04:17+00:00", "UpdateDate": "2019-10-21T20:04:17+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lambda:PutProvisionedConcurrencyConfig", "lambda:GetProvisionedConcurrencyConfig", "lambda:DeleteProvisionedConcurrencyConfig", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSApplicationAutoscalingRDSClusterPolicy": { "PolicyName": "AWSApplicationAutoscalingRDSClusterPolicy", "PolicyId": "ANPAJ7XS52I27Q2JVKALU", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingRDSClusterPolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-10-17T17:46:56+00:00", "UpdateDate": "2018-08-07T19:14:24+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "rds:AddTagsToResource", "rds:CreateDBInstance", "rds:DeleteDBInstance", "rds:DescribeDBClusters", "rds:DescribeDBInstances", "rds:ModifyDBCluster", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringLike": { "iam:PassedToService": "rds.amazonaws.com" } } } ] }, "VersionId": "v3" }, "AWSApplicationAutoscalingSageMakerEndpointPolicy": { "PolicyName": "AWSApplicationAutoscalingSageMakerEndpointPolicy", "PolicyId": "ANPAI5DBEBNRZQ4SXYTAW", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationAutoscalingSageMakerEndpointPolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-02-06T19:58:21+00:00", "UpdateDate": "2018-02-06T19:58:21+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:UpdateEndpointWeightsAndCapacities", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSApplicationDiscoveryAgentAccess": { "PolicyName": "AWSApplicationDiscoveryAgentAccess", "PolicyId": "ANPAICZIOVAGC6JPF3WHC", "Arn": "arn:aws:iam::aws:policy/AWSApplicationDiscoveryAgentAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-05-11T21:38:47+00:00", "UpdateDate": "2020-02-24T22:26:45+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "arsenal:RegisterOnPremisesAgent" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "mgh:GetHomeRegion" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSApplicationDiscoveryServiceFullAccess": { "PolicyName": "AWSApplicationDiscoveryServiceFullAccess", "PolicyId": "ANPAJBNJEA6ZXM2SBOPDU", "Arn": "arn:aws:iam::aws:policy/AWSApplicationDiscoveryServiceFullAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-05-11T21:30:50+00:00", "UpdateDate": "2019-06-19T21:21:26+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "mgh:*", "discovery:*" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "iam:GetRole" ], "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*", "Condition": { "StringEquals": { "iam:AWSServiceName": "continuousexport.discovery.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "migrationhub.amazonaws.com", "dmsintegration.migrationhub.amazonaws.com", "smsintegration.migrationhub.amazonaws.com" ] } } } ] }, "VersionId": "v4" }, "AWSApplicationMigrationAgentPolicy": { "PolicyName": "AWSApplicationMigrationAgentPolicy", "PolicyId": "ANPAZKAPJZG4D2GD5QYXR", "Arn": "arn:aws:iam::aws:policy/AWSApplicationMigrationAgentPolicy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-04-07T07:00:21+00:00", "UpdateDate": "2021-04-07T07:00:21+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "mgn:SendAgentMetricsForMgn", "mgn:SendAgentLogsForMgn", "mgn:SendClientLogsForMgn" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "mgn:RegisterAgentForMgn", "mgn:UpdateAgentSourcePropertiesForMgn", "mgn:UpdateAgentReplicationInfoForMgn", "mgn:UpdateAgentConversionInfoForMgn", "mgn:GetAgentInstallationAssetsForMgn", "mgn:GetAgentCommandForMgn", "mgn:GetAgentConfirmedResumeInfoForMgn", "mgn:GetAgentRuntimeConfigurationForMgn", "mgn:UpdateAgentBacklogForMgn", "mgn:GetAgentReplicationInfoForMgn" ], "Resource": "*" }, { "Effect": "Allow", "Action": "mgn:TagResource", "Resource": "arn:aws:mgn:*:*:source-server/*" } ] }, "VersionId": "v1" }, "AWSApplicationMigrationConversionServerPolicy": { "PolicyName": "AWSApplicationMigrationConversionServerPolicy", "PolicyId": "ANPAZKAPJZG4OPUSQRTYL", "Arn": "arn:aws:iam::aws:policy/service-role/AWSApplicationMigrationConversionServerPolicy", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-04-07T06:48:58+00:00", "UpdateDate": "2021-04-07T06:48:58+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "mgn:SendClientMetricsForMgn", "mgn:SendClientLogsForMgn", "mgn:GetChannelCommandsForMgn", "mgn:SendChannelCommandResultForMgn" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSApplicationMigrationEC2Access": { "PolicyName": "AWSApplicationMigrationEC2Access", "PolicyId": "ANPAZKAPJZG4OBKWG2D2O", "Arn": "arn:aws:iam::aws:policy/AWSApplicationMigrationEC2Access", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-04-07T07:05:22+00:00", "UpdateDate": "2021-04-07T07:05:22+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:PassRole", "Resource": [ "arn:aws:iam::*:role/service-role/AWSApplicationMigrationConversionServerRole" ], "Condition": { "StringEquals": { "iam:PassedToService": "ec2.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "ec2:DeleteSnapshot" ], "Resource": "arn:aws:ec2:*:*:snapshot/*", "Condition": { "Null": { "aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateLaunchTemplateVersion", "ec2:ModifyLaunchTemplate", "ec2:DeleteLaunchTemplateVersions" ], "Resource": "arn:aws:ec2:*:*:launch-template/*", "Condition": { "Null": { "aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:DeleteVolume" ], "Resource": "arn:aws:ec2:*:*:volume/*", "Condition": { "Null": { "aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:ModifyInstanceAttribute", "ec2:GetConsoleOutput", "ec2:GetConsoleScreenshot" ], "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "Null": { "aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:RevokeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress" ], "Resource": "arn:aws:ec2:*:*:security-group/*", "Condition": { "Null": { "aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateVolume" ], "Resource": "arn:aws:ec2:*:*:volume/*", "Condition": { "Null": { "aws:RequestTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": "ec2:CreateSecurityGroup", "Resource": "arn:aws:ec2:*:*:vpc/*" }, { "Effect": "Allow", "Action": [ "ec2:CreateSecurityGroup" ], "Resource": "arn:aws:ec2:*:*:security-group/*", "Condition": { "Null": { "aws:RequestTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateSnapshot" ], "Resource": "arn:aws:ec2:*:*:volume/*", "Condition": { "Null": { "ec2:ResourceTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateSnapshot" ], "Resource": "arn:aws:ec2:*:*:snapshot/*", "Condition": { "Null": { "aws:RequestTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:DetachVolume", "ec2:AttachVolume" ], "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "Null": { "ec2:ResourceTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:AttachVolume" ], "Resource": "arn:aws:ec2:*:*:volume/*", "Condition": { "Null": { "ec2:ResourceTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:DetachVolume" ], "Resource": "arn:aws:ec2:*:*:volume/*" }, { "Effect": "Allow", "Action": [ "ec2:RunInstances" ], "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "Null": { "aws:RequestTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:RunInstances" ], "Resource": [ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:launch-template/*" ] }, { "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": [ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:snapshot/*", "arn:aws:ec2:*:*:instance/*" ], "Condition": { "StringEquals": { "ec2:CreateAction": [ "CreateSecurityGroup", "CreateVolume", "CreateSnapshot", "RunInstances" ] } } } ] }, "VersionId": "v1" }, "AWSApplicationMigrationFullAccess": { "PolicyName": "AWSApplicationMigrationFullAccess", "PolicyId": "ANPAZKAPJZG4HPQNMM2HL", "Arn": "arn:aws:iam::aws:policy/AWSApplicationMigrationFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-04-07T06:56:05+00:00", "UpdateDate": "2021-04-07T06:56:05+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "mgn:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:ListAliases", "kms:DescribeKey" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeLaunchTemplates", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:GetEbsEncryptionByDefault", "ec2:GetEbsDefaultKmsKeyId" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSApplicationMigrationMGHAccess": { "PolicyName": "AWSApplicationMigrationMGHAccess", "PolicyId": "ANPAZKAPJZG4KOE4CJMGD", "Arn": "arn:aws:iam::aws:policy/service-role/AWSApplicationMigrationMGHAccess", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-04-07T07:10:01+00:00", "UpdateDate": "2021-04-07T07:10:01+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "mgh:AssociateCreatedArtifact", "mgh:CreateProgressUpdateStream", "mgh:DisassociateCreatedArtifact", "mgh:GetHomeRegion", "mgh:ImportMigrationTask", "mgh:NotifyMigrationTaskState", "mgh:PutResourceAttributes" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSApplicationMigrationReadOnlyAccess": { "PolicyName": "AWSApplicationMigrationReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4M2IUSVNLL", "Arn": "arn:aws:iam::aws:policy/AWSApplicationMigrationReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-04-07T07:15:26+00:00", "UpdateDate": "2021-04-07T07:15:26+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "mgn:DescribeJobLogItems", "mgn:DescribeJobs", "mgn:DescribeSourceServers", "mgn:DescribeReplicationConfigurationTemplates", "mgn:GetLaunchConfiguration", "mgn:GetReplicationConfiguration" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSApplicationMigrationReplicationServerPolicy": { "PolicyName": "AWSApplicationMigrationReplicationServerPolicy", "PolicyId": "ANPAZKAPJZG4PXFWAA3SE", "Arn": "arn:aws:iam::aws:policy/service-role/AWSApplicationMigrationReplicationServerPolicy", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-04-07T07:21:57+00:00", "UpdateDate": "2021-04-07T07:21:57+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "mgn:SendClientMetricsForMgn", "mgn:SendClientLogsForMgn", "mgn:GetChannelCommandsForMgn", "mgn:SendChannelCommandResultForMgn", "mgn:GetAgentSnapshotCreditsForMgn", "mgn:DescribeReplicationServerAssociationsForMgn", "mgn:DescribeSnapshotRequestsForMgn", "mgn:BatchDeleteSnapshotRequestForMgn", "mgn:NotifyAgentAuthenticationForMgn", "mgn:BatchCreateVolumeSnapshotGroupForMgn", "mgn:UpdateAgentReplicationProcessStateForMgn", "mgn:NotifyAgentReplicationProgressForMgn", "mgn:NotifyAgentConnectedForMgn", "mgn:NotifyAgentDisconnectedForMgn" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:DescribeSnapshots" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CreateSnapshot" ], "Resource": "arn:aws:ec2:*:*:volume/*", "Condition": { "Null": { "aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateSnapshot" ], "Resource": "arn:aws:ec2:*:*:snapshot/*", "Condition": { "Null": { "aws:RequestTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": "*", "Condition": { "StringEquals": { "ec2:CreateAction": "CreateSnapshot" } } } ] }, "VersionId": "v1" }, "AWSApplicationMigrationServiceRolePolicy": { "PolicyName": "AWSApplicationMigrationServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4LGJRHTEPG", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSApplicationMigrationServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-04-07T06:43:20+00:00", "UpdateDate": "2021-04-07T06:43:20+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "mgn:ListTagsForResource", "Resource": "*" }, { "Effect": "Allow", "Action": "kms:ListRetirableGrants", "Resource": "*" }, { "Effect": "Allow", "Action": [ "mgh:AssociateCreatedArtifact", "mgh:CreateProgressUpdateStream", "mgh:DisassociateCreatedArtifact", "mgh:GetHomeRegion", "mgh:ImportMigrationTask", "mgh:NotifyMigrationTaskState", "mgh:PutResourceAttributes" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeLaunchTemplates", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:GetEbsDefaultKmsKeyId", "ec2:GetEbsEncryptionByDefault" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:RegisterImage", "ec2:DeregisterImage" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DeleteSnapshot" ], "Resource": "arn:aws:ec2:*:*:snapshot/*", "Condition": { "Null": { "aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateLaunchTemplateVersion", "ec2:ModifyLaunchTemplate", "ec2:DeleteLaunchTemplate", "ec2:DeleteLaunchTemplateVersions" ], "Resource": "arn:aws:ec2:*:*:launch-template/*", "Condition": { "Null": { "aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:DeleteVolume" ], "Resource": "arn:aws:ec2:*:*:volume/*", "Condition": { "Null": { "aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:ModifyInstanceAttribute", "ec2:GetConsoleOutput", "ec2:GetConsoleScreenshot" ], "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "Null": { "aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:RevokeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress" ], "Resource": "arn:aws:ec2:*:*:security-group/*", "Condition": { "Null": { "aws:ResourceTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateVolume" ], "Resource": "arn:aws:ec2:*:*:volume/*", "Condition": { "Null": { "aws:RequestTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateSecurityGroup" ], "Resource": "arn:aws:ec2:*:*:security-group/*", "Condition": { "Null": { "aws:RequestTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateSecurityGroup" ], "Resource": "arn:aws:ec2:*:*:vpc/*" }, { "Effect": "Allow", "Action": [ "ec2:CreateLaunchTemplate" ], "Resource": "arn:aws:ec2:*:*:launch-template/*", "Condition": { "Null": { "aws:RequestTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateSnapshot" ], "Resource": "arn:aws:ec2:*:*:volume/*", "Condition": { "Null": { "ec2:ResourceTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateSnapshot" ], "Resource": "arn:aws:ec2:*:*:snapshot/*", "Condition": { "Null": { "aws:RequestTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:DetachVolume", "ec2:AttachVolume" ], "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "Null": { "ec2:ResourceTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:AttachVolume" ], "Resource": "arn:aws:ec2:*:*:volume/*", "Condition": { "Null": { "ec2:ResourceTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:DetachVolume" ], "Resource": "arn:aws:ec2:*:*:volume/*" }, { "Effect": "Allow", "Action": [ "ec2:RunInstances" ], "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "Null": { "aws:RequestTag/AWSApplicationMigrationServiceManaged": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:RunInstances" ], "Resource": [ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:launch-template/*" ] }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": [ "arn:aws:iam::*:role/service-role/AWSApplicationMigrationReplicationServerRole", "arn:aws:iam::*:role/service-role/AWSApplicationMigrationConversionServerRole" ], "Condition": { "StringEquals": { "iam:PassedToService": "ec2.amazonaws.com" } } }, { "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": [ "arn:aws:ec2:*:*:launch-template/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:snapshot/*", "arn:aws:ec2:*:*:instance/*" ], "Condition": { "StringEquals": { "ec2:CreateAction": [ "CreateLaunchTemplate", "CreateSecurityGroup", "CreateVolume", "CreateSnapshot", "RunInstances" ] } } } ] }, "VersionId": "v1" }, "AWSArtifactAccountSync": { "PolicyName": "AWSArtifactAccountSync", "PolicyId": "ANPAJMVPXRWZJZWDTYDNC", "Arn": "arn:aws:iam::aws:policy/service-role/AWSArtifactAccountSync", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-04-10T23:04:33+00:00", "UpdateDate": "2018-04-10T23:04:33+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "organizations:ListAccounts", "organizations:DescribeOrganization" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSAuditManagerAdministratorAccess": { "PolicyName": "AWSAuditManagerAdministratorAccess", "PolicyId": "ANPAZKAPJZG4EBAFCQQJX", "Arn": "arn:aws:iam::aws:policy/AWSAuditManagerAdministratorAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-11T20:02:42+00:00", "UpdateDate": "2020-12-11T20:02:42+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AuditManagerAccess", "Effect": "Allow", "Action": [ "auditmanager:*" ], "Resource": "*" }, { "Sid": "OrganizationsAccess", "Effect": "Allow", "Action": [ "organizations:ListAccountsForParent", "organizations:ListAccounts", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribeAccount", "organizations:ListParents", "organizations:ListChildren" ], "Resource": "*" }, { "Sid": "AllowOnlyAuditManagerIntegration", "Effect": "Allow", "Action": [ "organizations:RegisterDelegatedAdministrator", "organizations:DeregisterDelegatedAdministrator", "organizations:EnableAWSServiceAccess" ], "Resource": "*", "Condition": { "StringLikeIfExists": { "organizations:ServicePrincipal": [ "auditmanager.amazonaws.com" ] } } }, { "Sid": "IAMAccess", "Effect": "Allow", "Action": [ "iam:GetUser", "iam:ListUsers", "iam:ListRoles" ], "Resource": "*" }, { "Sid": "IAMAccessCreateSLR", "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/auditmanager.amazonaws.com/AWSServiceRoleForAuditManager*", "Condition": { "StringLike": { "iam:AWSServiceName": "auditmanager.amazonaws.com" } } }, { "Sid": "IAMAccessManageSLR", "Effect": "Allow", "Action": [ "iam:DeleteServiceLinkedRole", "iam:UpdateRoleDescription", "iam:GetServiceLinkedRoleDeletionStatus" ], "Resource": "arn:aws:iam::*:role/aws-service-role/auditmanager.amazonaws.com/AWSServiceRoleForAuditManager*" }, { "Sid": "S3Access", "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets" ], "Resource": "*" }, { "Sid": "KmsAccess", "Effect": "Allow", "Action": [ "kms:DescribeKey", "kms:ListKeys", "kms:ListAliases" ], "Resource": "*" }, { "Sid": "KmsCreateGrantAccess", "Effect": "Allow", "Action": [ "kms:CreateGrant" ], "Resource": "*", "Condition": { "Bool": { "kms:GrantIsForAWSResource": "true" }, "StringLike": { "kms:ViaService": "auditmanager.*.amazonaws.com" } } }, { "Sid": "SNSAccess", "Effect": "Allow", "Action": [ "sns:ListTopics" ], "Resource": "*" }, { "Sid": "CreateEventsAccess", "Effect": "Allow", "Action": [ "events:PutRule" ], "Resource": "*", "Condition": { "StringEquals": { "events:source": "aws.securityhub", "events:detail-type": "Security Hub Findings - Imported" } } }, { "Sid": "EventsAccess", "Effect": "Allow", "Action": [ "events:DeleteRule", "events:DescribeRule", "events:EnableRule", "events:DisableRule", "events:ListTargetsByRule", "events:PutTargets", "events:RemoveTargets" ], "Resource": "arn:aws:events:*:*:rule/AuditManagerSecurityHubFindingsReceiver" }, { "Sid": "TagAccess", "Effect": "Allow", "Action": [ "tag:GetResources" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSAuditManagerServiceRolePolicy": { "PolicyName": "AWSAuditManagerServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4C5N52UWST", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAuditManagerServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-08T15:12:12+00:00", "UpdateDate": "2020-12-08T15:12:12+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "license-manager:ListLicenseConfigurations", "license-manager:ListAssociationsForLicenseConfiguration", "license-manager:ListUsageForLicenseConfiguration" ], "Resource": "*", "Sid": "LicenseManagerAccess" }, { "Effect": "Allow", "Action": [ "iam:GenerateCredentialReport", "iam:GetAccountSummary", "iam:ListPolicies", "iam:GetAccountPasswordPolicy", "iam:ListUsers", "iam:ListUserPolicies", "iam:ListRoles", "iam:ListRolePolicies", "iam:ListGroups", "iam:ListGroupPolicies", "iam:ListEntitiesForPolicy" ], "Resource": "*", "Sid": "IAMAccess" }, { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:DescribeFlowLogs", "ec2:DescribeVpcs", "ec2:DescribeSecurityGroups", "ec2:DescribeNetworkAcls", "ec2:DescribeRouteTables", "ec2:DescribeSnapshots", "ec2:DescribeVpcEndpoints" ], "Resource": "*", "Sid": "EC2Access" }, { "Effect": "Allow", "Action": [ "cloudtrail:DescribeTrails" ], "Resource": "*", "Sid": "CloudtrailAccess" }, { "Effect": "Allow", "Action": [ "config:DescribeDeliveryChannels", "config:ListDiscoveredResources", "config:DescribeConfigRules" ], "Resource": "*", "Sid": "ConfigAccess" }, { "Effect": "Allow", "Action": [ "securityhub:DescribeStandards" ], "Resource": "*", "Sid": "SecurityHubAccess" }, { "Effect": "Allow", "Action": [ "kms:ListKeys", "kms:DescribeKey", "kms:ListGrants" ], "Resource": "*", "Sid": "KMSAccess" }, { "Effect": "Allow", "Action": [ "cloudwatch:DescribeAlarms" ], "Resource": "*", "Sid": "CloudwatchAccess" }, { "Effect": "Allow", "Action": [ "s3:GetLifecycleConfiguration" ], "Resource": "*", "Sid": "S3Access" }, { "Effect": "Allow", "Action": [ "events:DescribeRule" ], "Resource": "*", "Sid": "EventBridgeAccess" }, { "Effect": "Allow", "Action": [ "waf:ListActivatedRulesInRuleGroup" ], "Resource": "*", "Sid": "WAFAccess" }, { "Effect": "Allow", "Action": [ "guardduty:ListDetectors" ], "Resource": "*", "Sid": "GuardDutyAccess" }, { "Effect": "Allow", "Action": [ "route53:GetQueryLoggingConfig" ], "Resource": "*", "Sid": "Route53Access" }, { "Effect": "Allow", "Action": [ "organizations:DescribePolicy" ], "Resource": "*", "Sid": "OrganizationsAccess" }, { "Effect": "Allow", "Action": [ "cognito-idp:DescribeUserPool" ], "Resource": "*", "Sid": "CognitoAccess" }, { "Effect": "Allow", "Action": [ "elasticfilesystem:DescribeFileSystems" ], "Resource": "*", "Sid": "EFSAccess" }, { "Sid": "CreateEventsAccess", "Effect": "Allow", "Action": [ "events:PutRule" ], "Resource": "*", "Condition": { "StringEquals": { "events:source": "aws.securityhub", "events:detail-type": "Security Hub Findings - Imported" } } }, { "Sid": "EventsAccess", "Effect": "Allow", "Action": [ "events:DeleteRule", "events:DescribeRule", "events:EnableRule", "events:DisableRule", "events:ListTargetsByRule", "events:PutTargets", "events:RemoveTargets" ], "Resource": "arn:aws:events:*:*:rule/AuditManagerSecurityHubFindingsReceiver" } ] }, "VersionId": "v1" }, "AWSAutoScalingPlansEC2AutoScalingPolicy": { "PolicyName": "AWSAutoScalingPlansEC2AutoScalingPolicy", "PolicyId": "ANPAIXWLPZPD4RYBM3JSU", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSAutoScalingPlansEC2AutoScalingPolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-08-23T22:46:59+00:00", "UpdateDate": "2018-08-23T22:46:59+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeScheduledActions", "autoscaling:BatchPutScheduledUpdateGroupAction", "autoscaling:BatchDeleteScheduledAction" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSBackupFullAccess": { "PolicyName": "AWSBackupFullAccess", "PolicyId": "ANPAZKAPJZG4LL52EIPJX", "Arn": "arn:aws:iam::aws:policy/AWSBackupFullAccess", "Path": "/", "DefaultVersionId": "v8", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-18T22:21:52+00:00", "UpdateDate": "2021-07-05T23:28:54+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "backup:*", "Resource": "*" }, { "Effect": "Allow", "Action": "backup-storage:*", "Resource": "*" }, { "Action": [ "rds:DescribeDBSnapshots", "rds:ListTagsForResource", "rds:DescribeDBInstances", "rds:describeDBEngineVersions", "rds:describeOptionGroups", "rds:describeOrderableDBInstanceOptions", "rds:describeDBSubnetGroups", "rds:describeDBClusterSnapshots", "rds:describeDBClusters", "rds:describeDBParameterGroups", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBInstanceAutomatedBackups" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "rds:DeleteDBSnapshot", "rds:DeleteDBClusterSnapshot" ], "Effect": "Allow", "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "backup.amazonaws.com" ] } } }, { "Action": [ "dynamodb:ListBackups", "dynamodb:ListTables" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "dynamodb:DeleteBackup" ], "Effect": "Allow", "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "backup.amazonaws.com" ] } } }, { "Action": [ "elasticfilesystem:DescribeFilesystems" ], "Resource": "arn:aws:elasticfilesystem:*:*:file-system/*", "Effect": "Allow" }, { "Action": [ "ec2:DescribeSnapshots", "ec2:DescribeVolumes", "ec2:describeAvailabilityZones", "ec2:DescribeVpcs", "ec2:DescribeAccountAttributes", "ec2:DescribeSecurityGroups", "ec2:DescribeImages", "ec2:DescribeSubnets", "ec2:DescribePlacementGroups", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "ec2:DeleteSnapshot", "ec2:DeregisterImage" ], "Effect": "Allow", "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "backup.amazonaws.com" ] } } }, { "Action": [ "tag:GetTagKeys", "tag:GetTagValues", "tag:GetResources" ], "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": [ "storagegateway:DescribeCachediSCSIVolumes", "storagegateway:DescribeStorediSCSIVolumes" ], "Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*" }, { "Effect": "Allow", "Action": [ "storagegateway:ListGateways" ], "Resource": "arn:aws:storagegateway:*:*:*" }, { "Effect": "Allow", "Action": [ "storagegateway:DescribeGatewayInformation", "storagegateway:ListVolumes", "storagegateway:ListLocalDisks" ], "Resource": "arn:aws:storagegateway:*:*:gateway/*" }, { "Action": [ "iam:ListRoles", "iam:GetRole" ], "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": [ "arn:aws:iam::*:role/*AwsBackup*", "arn:aws:iam::*:role/*AWSBackup*" ], "Condition": { "StringLike": { "iam:PassedToService": "backup.amazonaws.com" } } }, { "Effect": "Allow", "Action": "organizations:DescribeOrganization", "Resource": "*" }, { "Action": [ "kms:ListKeys", "kms:DescribeKey", "kms:GenerateDataKey", "kms:ListAliases" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "kms:CreateGrant" ], "Effect": "Allow", "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "kms:EncryptionContextKeys": "aws:backup:backup-vault" }, "Bool": { "kms:GrantIsForAWSResource": true }, "StringLike": { "kms:ViaService": "backup.*.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "ssm:CancelCommand", "ssm:GetCommandInvocation" ], "Resource": "*" }, { "Effect": "Allow", "Action": "ssm:SendCommand", "Resource": [ "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot", "arn:aws:ec2:*:*:instance/*" ] }, { "Action": "fsx:DescribeFileSystems", "Effect": "Allow", "Resource": "*" }, { "Action": "fsx:DescribeBackups", "Effect": "Allow", "Resource": "*" }, { "Action": "fsx:DeleteBackup", "Effect": "Allow", "Resource": "arn:aws:fsx:*:*:backup/*", "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "backup.amazonaws.com" ] } } }, { "Action": "ds:DescribeDirectories", "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "backup.amazonaws.com" } } } ] }, "VersionId": "v8" }, "AWSBackupOperatorAccess": { "PolicyName": "AWSBackupOperatorAccess", "PolicyId": "ANPAZKAPJZG4KHXVYMY4O", "Arn": "arn:aws:iam::aws:policy/AWSBackupOperatorAccess", "Path": "/", "DefaultVersionId": "v7", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-18T22:23:17+00:00", "UpdateDate": "2021-03-10T18:31:50+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "backup:Get*", "backup:List*", "backup:Describe*", "backup:CreateBackupSelection", "backup:DeleteBackupSelection", "backup:GetRecoveryPointRestoreMetadata", "backup:StartBackupJob", "backup:StartRestoreJob", "backup:StartCopyJob" ], "Resource": "*" }, { "Action": [ "rds:DescribeDBSnapshots", "rds:ListTagsForResource", "rds:DescribeDBInstances", "rds:describeDBSnapshots", "rds:describeDBEngineVersions", "rds:describeOptionGroups", "rds:describeOrderableDBInstanceOptions", "rds:describeDBSubnetGroups", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBParameterGroups", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBInstanceAutomatedBackups" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "dynamodb:ListBackups", "dynamodb:ListTables" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "elasticfilesystem:DescribeFilesystems" ], "Resource": "arn:aws:elasticfilesystem:*:*:file-system/*", "Effect": "Allow" }, { "Action": [ "ec2:DescribeSnapshots", "ec2:DescribeVolumes", "ec2:describeAvailabilityZones", "ec2:DescribeVpcs", "ec2:DescribeAccountAttributes", "ec2:DescribeSecurityGroups", "ec2:DescribeImages", "ec2:DescribeSubnets", "ec2:DescribePlacementGroups", "ec2:DescribeInstances", "ec2:DescribeInstanceTypes" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "tag:GetTagKeys", "tag:GetTagValues", "tag:GetResources" ], "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": [ "storagegateway:DescribeCachediSCSIVolumes", "storagegateway:DescribeStorediSCSIVolumes" ], "Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*" }, { "Effect": "Allow", "Action": [ "storagegateway:ListGateways" ], "Resource": "arn:aws:storagegateway:*:*:*" }, { "Effect": "Allow", "Action": [ "storagegateway:DescribeGatewayInformation", "storagegateway:ListVolumes", "storagegateway:ListLocalDisks" ], "Resource": "arn:aws:storagegateway:*:*:gateway/*" }, { "Action": [ "iam:ListRoles", "iam:GetRole" ], "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": [ "arn:aws:iam::*:role/*AwsBackup*", "arn:aws:iam::*:role/*AWSBackup*" ], "Condition": { "StringLike": { "iam:PassedToService": "backup.amazonaws.com" } } }, { "Effect": "Allow", "Action": "organizations:DescribeOrganization", "Resource": "*" }, { "Effect": "Allow", "Action": [ "ssm:CancelCommand", "ssm:GetCommandInvocation" ], "Resource": "*" }, { "Effect": "Allow", "Action": "ssm:SendCommand", "Resource": [ "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot", "arn:aws:ec2:*:*:instance/*" ] }, { "Action": "fsx:DescribeBackups", "Effect": "Allow", "Resource": "arn:aws:fsx:*:*:backup/*" }, { "Action": "fsx:DescribeFileSystems", "Effect": "Allow", "Resource": "arn:aws:fsx:*:*:file-system/*" }, { "Action": "ds:DescribeDirectories", "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v7" }, "AWSBackupOrganizationAdminAccess": { "PolicyName": "AWSBackupOrganizationAdminAccess", "PolicyId": "ANPAZKAPJZG4E5BC3XLFS", "Arn": "arn:aws:iam::aws:policy/AWSBackupOrganizationAdminAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-24T16:23:14+00:00", "UpdateDate": "2020-11-24T22:09:43+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "organizations:DisableAWSServiceAccess", "organizations:EnableAWSServiceAccess" ], "Resource": "*", "Condition": { "StringEquals": { "organizations:ServicePrincipal": [ "backup.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "organizations:AttachPolicy", "organizations:ListPoliciesForTarget", "organizations:ListTargetsForPolicy", "organizations:DetachPolicy", "organizations:DisablePolicyType", "organizations:DescribePolicy", "organizations:DescribeEffectivePolicy", "organizations:ListPolicies", "organizations:EnablePolicyType", "organizations:CreatePolicy", "organizations:UpdatePolicy", "organizations:DeletePolicy" ], "Resource": "*", "Condition": { "StringLikeIfExists": { "organizations:PolicyType": [ "BACKUP_POLICY" ] } } }, { "Effect": "Allow", "Action": [ "organizations:ListRoots", "organizations:ListParents", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListAccountsForParent", "organizations:ListAccounts", "organizations:DescribeOrganization", "organizations:ListOrganizationalUnitsForParent", "organizations:ListChildren", "organizations:DescribeAccount", "organizations:DescribeOrganizationalUnit" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSBackupServiceLinkedRolePolicyForBackup": { "PolicyName": "AWSBackupServiceLinkedRolePolicyForBackup", "PolicyId": "ANPAZKAPJZG4ONJBD4ZY2", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackup", "Path": "/aws-service-role/", "DefaultVersionId": "v4", "AttachmentCount": 1, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-02T23:08:40+00:00", "UpdateDate": "2021-07-05T23:27:46+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticfilesystem:Backup", "elasticfilesystem:DescribeTags" ], "Resource": "arn:aws:elasticfilesystem:*:*:file-system/*", "Effect": "Allow", "Condition": { "StringLike": { "aws:ResourceTag/aws:elasticfilesystem:default-backup": "enabled" } } }, { "Action": [ "tag:GetResources" ], "Resource": "*", "Effect": "Allow" }, { "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": "arn:aws:ec2:*::snapshot/*", "Condition": { "StringEquals": { "ec2:CreateAction": "CopySnapshot" } } }, { "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": [ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*::snapshot/*" ], "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": [ "AWSBackupManagedResource" ] } } }, { "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": [ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*::snapshot/*" ], "Condition": { "Null": { "ec2:ResourceTag/AWSBackupManagedResource": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:DescribeSnapshots", "ec2:DescribeImages", "rds:DescribeDBSnapshots", "rds:DescribeDBClusterSnapshots" ], "Resource": "*" }, { "Effect": "Allow", "Action": "ec2:CopySnapshot", "Resource": "arn:aws:ec2:*::snapshot/*" }, { "Effect": "Allow", "Action": "ec2:CopyImage", "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DeregisterImage", "ec2:DeleteSnapshot" ], "Resource": "*", "Condition": { "Null": { "ec2:ResourceTag/AWSBackupManagedResource": "false" } } }, { "Effect": "Allow", "Action": [ "rds:AddTagsToResource", "rds:CopyDBSnapshot", "rds:DeleteDBSnapshot" ], "Resource": "arn:aws:rds:*:*:snapshot:awsbackup:*" }, { "Effect": "Allow", "Action": [ "rds:AddTagsToResource", "rds:CopyDBClusterSnapshot", "rds:DeleteDBClusterSnapshot" ], "Resource": "arn:aws:rds:*:*:cluster-snapshot:awsbackup:*" }, { "Effect": "Allow", "Action": "kms:DescribeKey", "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:ListGrants", "kms:ReEncryptFrom", "kms:GenerateDataKeyWithoutPlaintext" ], "Resource": "*", "Condition": { "StringLike": { "kms:ViaService": [ "ec2.*.amazonaws.com", "rds.*.amazonaws.com", "fsx.*.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": "kms:CreateGrant", "Resource": "*", "Condition": { "Bool": { "kms:GrantIsForAWSResource": "true" }, "StringLike": { "kms:ViaService": [ "ec2.*.amazonaws.com", "rds.*.amazonaws.com", "fsx.*.amazonaws.com" ] } } }, { "Action": [ "fsx:CopyBackup", "fsx:TagResource", "fsx:DescribeBackups", "fsx:DeleteBackup" ], "Resource": "arn:aws:fsx:*:*:backup/*", "Effect": "Allow" }, { "Effect": "Allow", "Action": "dynamodb:DeleteBackup", "Resource": "arn:aws:dynamodb:*:*:table/*/backup/*" } ] }, "VersionId": "v4" }, "AWSBackupServiceLinkedRolePolicyForBackupTest": { "PolicyName": "AWSBackupServiceLinkedRolePolicyForBackupTest", "PolicyId": "ANPAZKAPJZG4KMHRZD5LV", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSBackupServiceLinkedRolePolicyForBackupTest", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-05-12T17:37:29+00:00", "UpdateDate": "2020-05-12T17:37:29+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticfilesystem:Backup", "elasticfilesystem:DescribeTags" ], "Resource": "arn:aws:elasticfilesystem:*:*:file-system/*", "Effect": "Allow", "Condition": { "StringLike": { "aws:ResourceTag/aws:elasticfilesystem:default-backup": "enabled" } } }, { "Action": [ "tag:GetResources" ], "Resource": "*", "Effect": "Allow" } ] }, "VersionId": "v1" }, "AWSBackupServiceRolePolicyForBackup": { "PolicyName": "AWSBackupServiceRolePolicyForBackup", "PolicyId": "ANPAIOOYZSLZZXWFJJ5N2", "Arn": "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup", "Path": "/service-role/", "DefaultVersionId": "v10", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-01-10T21:01:28+00:00", "UpdateDate": "2021-04-12T18:07:46+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "dynamodb:DescribeTable", "dynamodb:CreateBackup" ], "Resource": "arn:aws:dynamodb:*:*:table/*", "Effect": "Allow" }, { "Action": [ "dynamodb:DescribeBackup", "dynamodb:DeleteBackup" ], "Resource": "arn:aws:dynamodb:*:*:table/*/backup/*", "Effect": "Allow" }, { "Effect": "Allow", "Action": [ "rds:AddTagsToResource", "rds:ListTagsForResource", "rds:DescribeDBSnapshots", "rds:CreateDBSnapshot", "rds:CopyDBSnapshot", "rds:DescribeDBInstances", "rds:CreateDBClusterSnapshot", "rds:DescribeDBClusters", "rds:DescribeDBClusterSnapshots", "rds:CopyDBClusterSnapshot" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "rds:ModifyDBInstance" ], "Resource": [ "arn:aws:rds:*:*:db:*" ] }, { "Effect": "Allow", "Action": [ "rds:DeleteDBSnapshot", "rds:ModifyDBSnapshotAttribute" ], "Resource": [ "arn:aws:rds:*:*:snapshot:awsbackup:*" ] }, { "Effect": "Allow", "Action": [ "rds:DeleteDBClusterSnapshot", "rds:ModifyDBClusterSnapshotAttribute" ], "Resource": [ "arn:aws:rds:*:*:cluster-snapshot:awsbackup:*" ] }, { "Effect": "Allow", "Action": [ "storagegateway:CreateSnapshot", "storagegateway:ListTagsForResource" ], "Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*" }, { "Effect": "Allow", "Action": [ "ec2:CopySnapshot" ], "Resource": "arn:aws:ec2:*::snapshot/*" }, { "Effect": "Allow", "Action": [ "ec2:CopyImage" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CreateTags", "ec2:DeleteSnapshot" ], "Resource": "arn:aws:ec2:*::snapshot/*" }, { "Effect": "Allow", "Action": [ "ec2:CreateImage", "ec2:DeregisterImage" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": "arn:aws:ec2:*:*:image/*" }, { "Effect": "Allow", "Action": [ "ec2:DescribeSnapshots", "ec2:DescribeTags", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceCreditSpecifications", "ec2:DescribeNetworkInterfaces", "ec2:DescribeElasticGpus", "ec2:DescribeSpotInstanceRequests" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:ModifySnapshotAttribute", "ec2:ModifyImageAttribute" ], "Resource": "*", "Condition": { "Null": { "aws:ResourceTag/aws:backup:source-resource": "false" } } }, { "Effect": "Allow", "Action": [ "backup:DescribeBackupVault", "backup:CopyIntoBackupVault" ], "Resource": "arn:aws:backup:*:*:backup-vault:*" }, { "Effect": "Allow", "Action": [ "backup:CopyFromBackupVault" ], "Resource": "*" }, { "Action": [ "elasticfilesystem:Backup", "elasticfilesystem:DescribeTags" ], "Resource": "arn:aws:elasticfilesystem:*:*:file-system/*", "Effect": "Allow" }, { "Effect": "Allow", "Action": [ "ec2:CreateSnapshot", "ec2:DeleteSnapshot", "ec2:DescribeVolumes", "ec2:DescribeSnapshots" ], "Resource": [ "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*:*:volume/*" ] }, { "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringLike": { "kms:ViaService": [ "dynamodb.*.amazonaws.com" ] } } }, { "Action": "kms:DescribeKey", "Effect": "Allow", "Resource": "*" }, { "Action": "kms:CreateGrant", "Effect": "Allow", "Resource": "*", "Condition": { "Bool": { "kms:GrantIsForAWSResource": "true" } } }, { "Action": [ "kms:GenerateDataKeyWithoutPlaintext" ], "Effect": "Allow", "Resource": "arn:aws:kms:*:*:key/*", "Condition": { "StringLike": { "kms:ViaService": [ "ec2.*.amazonaws.com" ] } } }, { "Action": [ "tag:GetResources" ], "Resource": "*", "Effect": "Allow" }, { "Effect": "Allow", "Action": [ "ssm:CancelCommand", "ssm:GetCommandInvocation" ], "Resource": "*" }, { "Effect": "Allow", "Action": "ssm:SendCommand", "Resource": [ "arn:aws:ssm:*:*:document/AWSEC2-CreateVssSnapshot", "arn:aws:ec2:*:*:instance/*" ] }, { "Action": "fsx:DescribeBackups", "Effect": "Allow", "Resource": "arn:aws:fsx:*:*:backup/*" }, { "Action": "fsx:CreateBackup", "Effect": "Allow", "Resource": [ "arn:aws:fsx:*:*:file-system/*", "arn:aws:fsx:*:*:backup/*" ] }, { "Action": "fsx:DescribeFileSystems", "Effect": "Allow", "Resource": "arn:aws:fsx:*:*:file-system/*" }, { "Action": "fsx:ListTagsForResource", "Effect": "Allow", "Resource": "arn:aws:fsx:*:*:file-system/*" }, { "Action": "fsx:DeleteBackup", "Effect": "Allow", "Resource": "arn:aws:fsx:*:*:backup/*" }, { "Effect": "Allow", "Action": [ "fsx:ListTagsForResource", "fsx:ManageBackupPrincipalAssociations", "fsx:CopyBackup", "fsx:TagResource" ], "Resource": "arn:aws:fsx:*:*:backup/*" } ] }, "VersionId": "v10" }, "AWSBackupServiceRolePolicyForRestores": { "PolicyName": "AWSBackupServiceRolePolicyForRestores", "PolicyId": "ANPAJZCCL6F2WPVOUXZKI", "Arn": "arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForRestores", "Path": "/service-role/", "DefaultVersionId": "v9", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-01-12T00:23:54+00:00", "UpdateDate": "2021-05-25T00:02:53+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:Scan", "dynamodb:Query", "dynamodb:UpdateItem", "dynamodb:PutItem", "dynamodb:GetItem", "dynamodb:DeleteItem", "dynamodb:BatchWriteItem", "dynamodb:DescribeTable" ], "Resource": "arn:aws:dynamodb:*:*:table/*" }, { "Effect": "Allow", "Action": [ "dynamodb:RestoreTableFromBackup" ], "Resource": "arn:aws:dynamodb:*:*:table/*/backup/*" }, { "Effect": "Allow", "Action": [ "ec2:CreateVolume", "ec2:DeleteVolume" ], "Resource": [ "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*:*:volume/*" ] }, { "Effect": "Allow", "Action": [ "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeSnapshots", "ec2:DescribeVolumes" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "storagegateway:DeleteVolume", "storagegateway:DescribeCachediSCSIVolumes", "storagegateway:DescribeStorediSCSIVolumes" ], "Resource": "arn:aws:storagegateway:*:*:gateway/*/volume/*" }, { "Effect": "Allow", "Action": [ "storagegateway:DescribeGatewayInformation", "storagegateway:CreateStorediSCSIVolume", "storagegateway:CreateCachediSCSIVolume" ], "Resource": "arn:aws:storagegateway:*:*:gateway/*" }, { "Effect": "Allow", "Action": [ "storagegateway:ListVolumes" ], "Resource": "arn:aws:storagegateway:*:*:*" }, { "Effect": "Allow", "Action": [ "rds:DescribeDBInstances", "rds:DescribeDBSnapshots", "rds:ListTagsForResource", "rds:RestoreDBInstanceFromDBSnapshot", "rds:DeleteDBInstance", "rds:AddTagsToResource", "rds:DescribeDBClusters", "rds:RestoreDBClusterFromSnapshot", "rds:DeleteDBCluster", "rds:RestoreDBInstanceToPointInTime" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "elasticfilesystem:Restore", "elasticfilesystem:CreateFilesystem", "elasticfilesystem:DescribeFilesystems", "elasticfilesystem:DeleteFilesystem" ], "Resource": "arn:aws:elasticfilesystem:*:*:file-system/*" }, { "Effect": "Allow", "Action": "kms:DescribeKey", "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKey", "kms:ReEncryptTo", "kms:ReEncryptFrom" ], "Resource": "*", "Condition": { "StringLike": { "kms:ViaService": [ "dynamodb.*.amazonaws.com", "ec2.*.amazonaws.com", "elasticfilesystem.*.amazonaws.com", "rds.*.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": "kms:CreateGrant", "Resource": "*", "Condition": { "Bool": { "kms:GrantIsForAWSResource": "true" } } }, { "Effect": "Allow", "Action": [ "ec2:RunInstances" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:TerminateInstances" ], "Resource": "arn:aws:ec2:*:*:instance/*" }, { "Effect": "Allow", "Action": [ "fsx:CreateFileSystemFromBackup" ], "Resource": [ "arn:aws:fsx:*:*:file-system/*", "arn:aws:fsx:*:*:backup/*" ] }, { "Effect": "Allow", "Action": [ "fsx:DescribeFileSystems", "fsx:TagResource" ], "Resource": "arn:aws:fsx:*:*:file-system/*" }, { "Effect": "Allow", "Action": "fsx:DescribeBackups", "Resource": "arn:aws:fsx:*:*:backup/*" }, { "Effect": "Allow", "Action": [ "fsx:DeleteFileSystem", "fsx:UntagResource" ], "Resource": "arn:aws:fsx:*:*:file-system/*", "Condition": { "Null": { "aws:ResourceTag/aws:backup:source-resource": "false" } } }, { "Effect": "Allow", "Action": "ds:DescribeDirectories", "Resource": "*" } ] }, "VersionId": "v9" }, "AWSBatchFullAccess": { "PolicyName": "AWSBatchFullAccess", "PolicyId": "ANPAJ7K2KIWB3HZVK3CUO", "Arn": "arn:aws:iam::aws:policy/AWSBatchFullAccess", "Path": "/", "DefaultVersionId": "v6", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-12-06T19:35:42+00:00", "UpdateDate": "2021-03-10T07:02:45+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "batch:*", "cloudwatch:GetMetricStatistics", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeKeyPairs", "ec2:DescribeVpcs", "ec2:DescribeImages", "ec2:DescribeLaunchTemplates", "ec2:DescribeLaunchTemplateVersions", "ecs:DescribeClusters", "ecs:Describe*", "ecs:List*", "logs:Describe*", "logs:Get*", "logs:TestMetricFilter", "logs:FilterLogEvents", "iam:ListInstanceProfiles", "iam:ListRoles" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/AWSBatchServiceRole", "arn:aws:iam::*:role/service-role/AWSBatchServiceRole", "arn:aws:iam::*:role/ecsInstanceRole", "arn:aws:iam::*:instance-profile/ecsInstanceRole", "arn:aws:iam::*:role/iaws-ec2-spot-fleet-role", "arn:aws:iam::*:role/aws-ec2-spot-fleet-role", "arn:aws:iam::*:role/AWSBatchJobRole*" ] }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "arn:aws:iam::*:role/*Batch*", "Condition": { "StringEquals": { "iam:AWSServiceName": "batch.amazonaws.com" } } } ] }, "VersionId": "v6" }, "AWSBatchServiceEventTargetRole": { "PolicyName": "AWSBatchServiceEventTargetRole", "PolicyId": "ANPAICVHHZ6XHNMA6VE3Q", "Arn": "arn:aws:iam::aws:policy/service-role/AWSBatchServiceEventTargetRole", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-02-28T22:31:13+00:00", "UpdateDate": "2018-02-28T22:31:13+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "batch:SubmitJob" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSBatchServiceRole": { "PolicyName": "AWSBatchServiceRole", "PolicyId": "ANPAIUETIXPCKASQJURFE", "Arn": "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole", "Path": "/service-role/", "DefaultVersionId": "v11", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-12-06T19:36:24+00:00", "UpdateDate": "2020-11-23T18:19:27+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeAccountAttributes", "ec2:DescribeInstances", "ec2:DescribeInstanceAttribute", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeKeyPairs", "ec2:DescribeImages", "ec2:DescribeImageAttribute", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeSpotFleetInstances", "ec2:DescribeSpotFleetRequests", "ec2:DescribeSpotPriceHistory", "ec2:DescribeVpcClassicLink", "ec2:DescribeLaunchTemplateVersions", "ec2:CreateLaunchTemplate", "ec2:DeleteLaunchTemplate", "ec2:RequestSpotFleet", "ec2:CancelSpotFleetRequests", "ec2:ModifySpotFleetRequest", "ec2:TerminateInstances", "ec2:RunInstances", "autoscaling:DescribeAccountLimits", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeAutoScalingInstances", "autoscaling:CreateLaunchConfiguration", "autoscaling:CreateAutoScalingGroup", "autoscaling:UpdateAutoScalingGroup", "autoscaling:SetDesiredCapacity", "autoscaling:DeleteLaunchConfiguration", "autoscaling:DeleteAutoScalingGroup", "autoscaling:CreateOrUpdateTags", "autoscaling:SuspendProcesses", "autoscaling:PutNotificationConfiguration", "autoscaling:TerminateInstanceInAutoScalingGroup", "ecs:DescribeClusters", "ecs:DescribeContainerInstances", "ecs:DescribeTaskDefinition", "ecs:DescribeTasks", "ecs:ListAccountSettings", "ecs:ListClusters", "ecs:ListContainerInstances", "ecs:ListTaskDefinitionFamilies", "ecs:ListTaskDefinitions", "ecs:ListTasks", "ecs:CreateCluster", "ecs:DeleteCluster", "ecs:RegisterTaskDefinition", "ecs:DeregisterTaskDefinition", "ecs:RunTask", "ecs:StartTask", "ecs:StopTask", "ecs:UpdateContainerAgent", "ecs:DeregisterContainerInstance", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogGroups", "iam:GetInstanceProfile", "iam:GetRole" ], "Resource": "*" }, { "Effect": "Allow", "Action": "ecs:TagResource", "Resource": [ "arn:aws:ecs:*:*:task/*_Batch_*" ] }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": [ "*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "ec2.amazonaws.com", "ec2.amazonaws.com.cn", "ecs-tasks.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "spot.amazonaws.com", "spotfleet.amazonaws.com", "autoscaling.amazonaws.com", "ecs.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "ec2:CreateAction": "RunInstances" } } } ] }, "VersionId": "v11" }, "AWSBillingReadOnlyAccess": { "PolicyName": "AWSBillingReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4LJ3OSZ5SX", "Arn": "arn:aws:iam::aws:policy/AWSBillingReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-08-27T20:08:51+00:00", "UpdateDate": "2020-08-27T20:08:51+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-portal:ViewBilling" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSBudgetsActionsRolePolicyForResourceAdministrationWithSSM": { "PolicyName": "AWSBudgetsActionsRolePolicyForResourceAdministrationWithSSM", "PolicyId": "ANPAZKAPJZG4KIUIYBT2X", "Arn": "arn:aws:iam::aws:policy/AWSBudgetsActionsRolePolicyForResourceAdministrationWithSSM", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-10-15T17:20:48+00:00", "UpdateDate": "2020-10-15T17:20:48+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeInstanceStatus", "ec2:StartInstances", "ec2:StopInstances", "rds:DescribeDBInstances", "rds:StartDBInstance", "rds:StopDBInstance" ], "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "ssm.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "ssm:StartAutomationExecution" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSBudgetsActionsWithAWSResourceControlAccess": { "PolicyName": "AWSBudgetsActionsWithAWSResourceControlAccess", "PolicyId": "ANPAZKAPJZG4AHTKKGHHS", "Arn": "arn:aws:iam::aws:policy/AWSBudgetsActionsWithAWSResourceControlAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-10-15T17:19:12+00:00", "UpdateDate": "2020-10-15T17:19:12+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "budgets:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "aws-portal:ViewBilling" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "budgets.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "aws-portal:ModifyBilling", "ec2:DescribeInstances", "iam:ListGroups", "iam:ListPolicies", "iam:ListRoles", "iam:ListUsers", "organizations:ListAccounts", "organizations:ListOrganizationalUnitsForParent", "organizations:ListPolicies", "organizations:ListRoots", "rds:DescribeDBInstances", "sns:ListTopics" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSBudgetsReadOnlyAccess": { "PolicyName": "AWSBudgetsReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4EZCFS6BHW", "Arn": "arn:aws:iam::aws:policy/AWSBudgetsReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-10-15T17:18:28+00:00", "UpdateDate": "2020-10-15T17:18:28+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-portal:ViewBilling", "budgets:ViewBudget", "budgets:Describe*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSBugBustFullAccess": { "PolicyName": "AWSBugBustFullAccess", "PolicyId": "ANPAZKAPJZG4MQU5DXLFC", "Arn": "arn:aws:iam::aws:policy/AWSBugBustFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-06-24T07:03:26+00:00", "UpdateDate": "2021-07-22T20:04:29+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "CodeGuruReviewerPermission", "Effect": "Allow", "Action": [ "codeguru-reviewer:DescribeCodeReview", "codeguru-reviewer:ListRecommendations", "codeguru-reviewer:ListCodeReviews" ], "Resource": "*" }, { "Sid": "CodeGuruProfilerPermission", "Effect": "Allow", "Action": [ "codeguru-profiler:ListProfilingGroups", "codeguru-profiler:DescribeProfilingGroup" ], "Resource": "*" }, { "Sid": "AWSBugBustFullAccess", "Effect": "Allow", "Action": [ "bugbust:*" ], "Resource": "*" }, { "Sid": "AWSBugBustSLRCreation", "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/bugbust.amazonaws.com/AWSServiceRoleForBugBust", "Condition": { "StringLike": { "iam:AWSServiceName": "bugbust.amazonaws.com" } } } ] }, "VersionId": "v2" }, "AWSBugBustPlayerAccess": { "PolicyName": "AWSBugBustPlayerAccess", "PolicyId": "ANPAZKAPJZG4CPEJPLKKR", "Arn": "arn:aws:iam::aws:policy/AWSBugBustPlayerAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-06-24T07:15:00+00:00", "UpdateDate": "2021-06-24T07:15:00+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "CodeGuruReviewerPermission", "Effect": "Allow", "Action": [ "codeguru-reviewer:DescribeCodeReview", "codeguru-reviewer:ListRecommendations" ], "Resource": "*" }, { "Sid": "CodeGuruProfilerPermission", "Effect": "Allow", "Action": [ "codeguru-profiler:DescribeProfilingGroup" ], "Resource": "*" }, { "Sid": "AWSBugBustPlayerAccess", "Effect": "Allow", "Action": [ "bugbust:ListBugs", "bugbust:ListProfilingGroups", "bugbust:JoinEvent", "bugbust:GetEvent", "bugbust:ListEvents", "bugbust:GetJoinEventStatus", "bugbust:ListEventScores", "bugbust:ListEventParticipants", "bugbust:UpdateWorkItem", "bugbust:ListPullRequests" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSBugBustServiceRolePolicy": { "PolicyName": "AWSBugBustServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4LXHZTN64K", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSBugBustServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-06-24T06:59:05+00:00", "UpdateDate": "2021-06-24T06:59:05+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "codeguru-reviewer:ListRecommendations", "codeguru-reviewer:UntagResource", "codeguru-reviewer:DescribeCodeReview" ], "Resource": "*", "Condition": { "StringLike": { "aws:ResourceTag/bugbust": "enabled" } } } ] }, "VersionId": "v1" }, "AWSCertificateManagerFullAccess": { "PolicyName": "AWSCertificateManagerFullAccess", "PolicyId": "ANPAJYCHABBP6VQIVBCBQ", "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-01-21T17:02:36+00:00", "UpdateDate": "2020-08-17T22:18:28+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "acm:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager*", "Condition": { "StringEquals": { "iam:AWSServiceName": "acm.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus", "iam:GetRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/acm.amazonaws.com/AWSServiceRoleForCertificateManager*" } ] }, "VersionId": "v2" }, "AWSCertificateManagerPrivateCAAuditor": { "PolicyName": "AWSCertificateManagerPrivateCAAuditor", "PolicyId": "ANPAJW77VE4UEBJ4PEXEY", "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAAuditor", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-10-23T16:51:08+00:00", "UpdateDate": "2020-08-17T22:54:12+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "acm-pca:CreateCertificateAuthorityAuditReport", "acm-pca:DescribeCertificateAuthority", "acm-pca:DescribeCertificateAuthorityAuditReport", "acm-pca:GetCertificateAuthorityCsr", "acm-pca:GetCertificateAuthorityCertificate", "acm-pca:GetCertificate", "acm-pca:GetPolicy", "acm-pca:ListPermissions", "acm-pca:ListTags" ], "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*" }, { "Effect": "Allow", "Action": [ "acm-pca:ListCertificateAuthorities" ], "Resource": "*" } ] }, "VersionId": "v4" }, "AWSCertificateManagerPrivateCAFullAccess": { "PolicyName": "AWSCertificateManagerPrivateCAFullAccess", "PolicyId": "ANPAIRTQUC55CREAWFLBG", "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-10-23T16:54:50+00:00", "UpdateDate": "2018-10-23T16:54:50+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "acm-pca:*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSCertificateManagerPrivateCAPrivilegedUser": { "PolicyName": "AWSCertificateManagerPrivateCAPrivilegedUser", "PolicyId": "ANPAZKAPJZG4EQ6CWU5X5", "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAPrivilegedUser", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-06-20T17:43:13+00:00", "UpdateDate": "2019-06-20T17:43:13+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "acm-pca:IssueCertificate" ], "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*", "Condition": { "StringLike": { "acm-pca:TemplateArn": [ "arn:aws:acm-pca:::template/*CACertificate*/V*" ] } } }, { "Effect": "Deny", "Action": [ "acm-pca:IssueCertificate" ], "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*", "Condition": { "StringNotLike": { "acm-pca:TemplateArn": [ "arn:aws:acm-pca:::template/*CACertificate*/V*" ] } } }, { "Effect": "Allow", "Action": [ "acm-pca:RevokeCertificate", "acm-pca:GetCertificate", "acm-pca:ListPermissions" ], "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*" }, { "Effect": "Allow", "Action": [ "acm-pca:ListCertificateAuthorities" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSCertificateManagerPrivateCAReadOnly": { "PolicyName": "AWSCertificateManagerPrivateCAReadOnly", "PolicyId": "ANPAJQAQT3WIXOXY7TD4A", "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAReadOnly", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-10-23T16:57:04+00:00", "UpdateDate": "2020-08-17T22:54:22+00:00", "Document": { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": [ "acm-pca:DescribeCertificateAuthority", "acm-pca:DescribeCertificateAuthorityAuditReport", "acm-pca:ListCertificateAuthorities", "acm-pca:GetCertificateAuthorityCsr", "acm-pca:GetCertificateAuthorityCertificate", "acm-pca:GetCertificate", "acm-pca:GetPolicy", "acm-pca:ListPermissions", "acm-pca:ListTags" ], "Resource": "*" } }, "VersionId": "v3" }, "AWSCertificateManagerPrivateCAUser": { "PolicyName": "AWSCertificateManagerPrivateCAUser", "PolicyId": "ANPAJBXCSJJULLMRWSNII", "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerPrivateCAUser", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-10-23T16:53:33+00:00", "UpdateDate": "2019-06-20T17:42:37+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "acm-pca:IssueCertificate" ], "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*", "Condition": { "StringLike": { "acm-pca:TemplateArn": [ "arn:aws:acm-pca:::template/EndEntityCertificate/V*" ] } } }, { "Effect": "Deny", "Action": [ "acm-pca:IssueCertificate" ], "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*", "Condition": { "StringNotLike": { "acm-pca:TemplateArn": [ "arn:aws:acm-pca:::template/EndEntityCertificate/V*" ] } } }, { "Effect": "Allow", "Action": [ "acm-pca:RevokeCertificate", "acm-pca:GetCertificate", "acm-pca:ListPermissions" ], "Resource": "arn:aws:acm-pca:*:*:certificate-authority/*" }, { "Effect": "Allow", "Action": [ "acm-pca:ListCertificateAuthorities" ], "Resource": "*" } ] }, "VersionId": "v4" }, "AWSCertificateManagerReadOnly": { "PolicyName": "AWSCertificateManagerReadOnly", "PolicyId": "ANPAI4GSWX6S4MESJ3EWC", "Arn": "arn:aws:iam::aws:policy/AWSCertificateManagerReadOnly", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-01-21T17:07:33+00:00", "UpdateDate": "2021-03-15T16:25:21+00:00", "Document": { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": [ "acm:DescribeCertificate", "acm:ListCertificates", "acm:GetCertificate", "acm:ListTagsForCertificate", "acm:GetAccountConfiguration" ], "Resource": "*" } }, "VersionId": "v4" }, "AWSChatbotServiceLinkedRolePolicy": { "PolicyName": "AWSChatbotServiceLinkedRolePolicy", "PolicyId": "ANPAZKAPJZG4ID4WRYKST", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSChatbotServiceLinkedRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-18T16:39:50+00:00", "UpdateDate": "2019-11-18T16:39:50+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "sns:ListSubscriptionsByTopic", "sns:ListTopics", "sns:Unsubscribe", "sns:Subscribe", "sns:ListSubscriptions" ], "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": [ "logs:PutLogEvents", "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:CreateLogGroup", "logs:DescribeLogGroups" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/chatbot/*" } ] }, "VersionId": "v1" }, "AWSCloud9Administrator": { "PolicyName": "AWSCloud9Administrator", "PolicyId": "ANPAIQ4KWP455WDTCBGWK", "Arn": "arn:aws:iam::aws:policy/AWSCloud9Administrator", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-30T16:17:28+00:00", "UpdateDate": "2020-07-29T06:28:54+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloud9:*", "iam:GetUser", "iam:ListUsers", "ec2:DescribeVpcs", "ec2:DescribeSubnets" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "*", "Condition": { "StringLike": { "iam:AWSServiceName": "cloud9.amazonaws.com" } } }, { "Effect": "Allow", "Action": "ssm:StartSession", "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "StringLike": { "ssm:resourceTag/aws:cloud9:environment": "*" }, "StringEquals": { "aws:CalledViaFirst": "cloud9.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "ssm:StartSession" ], "Resource": [ "arn:aws:ssm:*:*:document/*" ] } ] }, "VersionId": "v2" }, "AWSCloud9EnvironmentMember": { "PolicyName": "AWSCloud9EnvironmentMember", "PolicyId": "ANPAI54ULAIPVT5HFTYGK", "Arn": "arn:aws:iam::aws:policy/AWSCloud9EnvironmentMember", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-30T16:18:28+00:00", "UpdateDate": "2020-07-29T06:29:08+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloud9:GetUserSettings", "cloud9:UpdateUserSettings", "iam:GetUser", "iam:ListUsers" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloud9:DescribeEnvironmentMemberships" ], "Resource": [ "*" ], "Condition": { "Null": { "cloud9:UserArn": "true", "cloud9:EnvironmentId": "true" } } }, { "Effect": "Allow", "Action": "ssm:StartSession", "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "StringLike": { "ssm:resourceTag/aws:cloud9:environment": "*" }, "StringEquals": { "aws:CalledViaFirst": "cloud9.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "ssm:StartSession" ], "Resource": [ "arn:aws:ssm:*:*:document/*" ] } ] }, "VersionId": "v2" }, "AWSCloud9SSMInstanceProfile": { "PolicyName": "AWSCloud9SSMInstanceProfile", "PolicyId": "ANPAZKAPJZG4IQOSNAKW6", "Arn": "arn:aws:iam::aws:policy/AWSCloud9SSMInstanceProfile", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-05-14T11:40:49+00:00", "UpdateDate": "2020-05-14T11:40:49+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel", "ssm:UpdateInstanceInformation" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSCloud9ServiceRolePolicy": { "PolicyName": "AWSCloud9ServiceRolePolicy", "PolicyId": "ANPAJFXGCBXQIZATFZ4YG", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSCloud9ServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v7", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-30T13:44:08+00:00", "UpdateDate": "2020-10-06T12:43:49+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:RunInstances", "ec2:CreateSecurityGroup", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeInstances", "ec2:DescribeInstanceStatus", "cloudformation:CreateStack", "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResources" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:TerminateInstances", "ec2:DeleteSecurityGroup", "ec2:AuthorizeSecurityGroupIngress" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudformation:DeleteStack" ], "Resource": "arn:aws:cloudformation:*:*:stack/aws-cloud9-*" }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:security-group/*" ], "Condition": { "StringLike": { "aws:RequestTag/Name": "aws-cloud9-*" } } }, { "Effect": "Allow", "Action": [ "ec2:StartInstances", "ec2:StopInstances" ], "Resource": "*", "Condition": { "StringLike": { "ec2:ResourceTag/aws:cloudformation:stack-name": "aws-cloud9-*" } } }, { "Effect": "Allow", "Action": [ "iam:ListInstanceProfiles", "iam:GetInstanceProfile" ], "Resource": [ "arn:aws:iam::*:instance-profile/cloud9/*" ] }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/service-role/AWSCloud9SSMAccessRole" ], "Condition": { "StringLike": { "iam:PassedToService": "ec2.amazonaws.com" } } } ] }, "VersionId": "v7" }, "AWSCloud9User": { "PolicyName": "AWSCloud9User", "PolicyId": "ANPAJPFGFWQF67QVARP6U", "Arn": "arn:aws:iam::aws:policy/AWSCloud9User", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-30T16:16:17+00:00", "UpdateDate": "2020-07-29T06:26:43+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloud9:ValidateEnvironmentName", "cloud9:UpdateUserSettings", "cloud9:GetUserSettings", "iam:GetUser", "iam:ListUsers", "ec2:DescribeVpcs", "ec2:DescribeSubnets" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloud9:CreateEnvironmentEC2", "cloud9:CreateEnvironmentSSH" ], "Resource": "*", "Condition": { "Null": { "cloud9:OwnerArn": "true" } } }, { "Effect": "Allow", "Action": [ "cloud9:GetUserPublicKey" ], "Resource": "*", "Condition": { "Null": { "cloud9:UserArn": "true" } } }, { "Effect": "Allow", "Action": [ "cloud9:DescribeEnvironmentMemberships" ], "Resource": [ "*" ], "Condition": { "Null": { "cloud9:UserArn": "true", "cloud9:EnvironmentId": "true" } } }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "*", "Condition": { "StringLike": { "iam:AWSServiceName": "cloud9.amazonaws.com" } } }, { "Effect": "Allow", "Action": "ssm:StartSession", "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "StringLike": { "ssm:resourceTag/aws:cloud9:environment": "*" }, "StringEquals": { "aws:CalledViaFirst": "cloud9.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "ssm:StartSession" ], "Resource": [ "arn:aws:ssm:*:*:document/*" ] } ] }, "VersionId": "v4" }, "AWSCloudFormationFullAccess": { "PolicyName": "AWSCloudFormationFullAccess", "PolicyId": "ANPAZKAPJZG4CRR3ZS723", "Arn": "arn:aws:iam::aws:policy/AWSCloudFormationFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-07-26T21:50:35+00:00", "UpdateDate": "2019-07-26T21:50:35+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudformation:*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSCloudFormationReadOnlyAccess": { "PolicyName": "AWSCloudFormationReadOnlyAccess", "PolicyId": "ANPAJWVBEE4I2POWLODLW", "Arn": "arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:39:49+00:00", "UpdateDate": "2019-11-13T17:40:07+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudformation:Describe*", "cloudformation:EstimateTemplateCost", "cloudformation:Get*", "cloudformation:List*", "cloudformation:ValidateTemplate", "cloudformation:Detect*" ], "Resource": "*" } ] }, "VersionId": "v4" }, "AWSCloudFrontLogger": { "PolicyName": "AWSCloudFrontLogger", "PolicyId": "ANPAIOI7RPKLCNINBTRP4", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSCloudFrontLogger", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 1, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-06-12T20:15:23+00:00", "UpdateDate": "2019-11-22T19:33:51+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/cloudfront/*" } ] }, "VersionId": "v2" }, "AWSCloudHSMFullAccess": { "PolicyName": "AWSCloudHSMFullAccess", "PolicyId": "ANPAIMBQYQZM7F63DA2UU", "Arn": "arn:aws:iam::aws:policy/AWSCloudHSMFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:39:51+00:00", "UpdateDate": "2015-02-06T18:39:51+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "cloudhsm:*", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSCloudHSMReadOnlyAccess": { "PolicyName": "AWSCloudHSMReadOnlyAccess", "PolicyId": "ANPAISVCBSY7YDBOT67KE", "Arn": "arn:aws:iam::aws:policy/AWSCloudHSMReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:39:52+00:00", "UpdateDate": "2015-02-06T18:39:52+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudhsm:Get*", "cloudhsm:List*", "cloudhsm:Describe*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSCloudHSMRole": { "PolicyName": "AWSCloudHSMRole", "PolicyId": "ANPAI7QIUU4GC66SF26WE", "Arn": "arn:aws:iam::aws:policy/service-role/AWSCloudHSMRole", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:23+00:00", "UpdateDate": "2015-02-06T18:41:23+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:CreateTags", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DetachNetworkInterface" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSCloudMapDiscoverInstanceAccess": { "PolicyName": "AWSCloudMapDiscoverInstanceAccess", "PolicyId": "ANPAIPRD7PYYQVYPDME4K", "Arn": "arn:aws:iam::aws:policy/AWSCloudMapDiscoverInstanceAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-29T00:02:42+00:00", "UpdateDate": "2018-11-29T00:02:42+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "servicediscovery:DiscoverInstances" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSCloudMapFullAccess": { "PolicyName": "AWSCloudMapFullAccess", "PolicyId": "ANPAIZPIMAQZJS3WUXUJM", "Arn": "arn:aws:iam::aws:policy/AWSCloudMapFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-28T23:57:31+00:00", "UpdateDate": "2020-07-29T19:15:35+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "route53:GetHostedZone", "route53:ListHostedZonesByName", "route53:CreateHostedZone", "route53:DeleteHostedZone", "route53:ChangeResourceRecordSets", "route53:CreateHealthCheck", "route53:GetHealthCheck", "route53:DeleteHealthCheck", "route53:UpdateHealthCheck", "ec2:DescribeVpcs", "ec2:DescribeRegions", "ec2:DescribeInstances", "servicediscovery:*" ], "Resource": [ "*" ] } ] }, "VersionId": "v2" }, "AWSCloudMapReadOnlyAccess": { "PolicyName": "AWSCloudMapReadOnlyAccess", "PolicyId": "ANPAIOHISHKLCJTVQQL5E", "Arn": "arn:aws:iam::aws:policy/AWSCloudMapReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-28T23:45:26+00:00", "UpdateDate": "2018-11-28T23:45:26+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "servicediscovery:Get*", "servicediscovery:List*", "servicediscovery:DiscoverInstances" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSCloudMapRegisterInstanceAccess": { "PolicyName": "AWSCloudMapRegisterInstanceAccess", "PolicyId": "ANPAI4P5Z5HXVWJ75WQBC", "Arn": "arn:aws:iam::aws:policy/AWSCloudMapRegisterInstanceAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-29T00:04:57+00:00", "UpdateDate": "2020-07-29T17:57:24+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "route53:GetHostedZone", "route53:ListHostedZonesByName", "route53:ChangeResourceRecordSets", "route53:CreateHealthCheck", "route53:GetHealthCheck", "route53:DeleteHealthCheck", "route53:UpdateHealthCheck", "servicediscovery:Get*", "servicediscovery:List*", "servicediscovery:RegisterInstance", "servicediscovery:DeregisterInstance", "servicediscovery:DiscoverInstances", "ec2:DescribeInstances" ], "Resource": [ "*" ] } ] }, "VersionId": "v2" }, "AWSCloudShellFullAccess": { "PolicyName": "AWSCloudShellFullAccess", "PolicyId": "ANPAZKAPJZG4HEDUXFSA3", "Arn": "arn:aws:iam::aws:policy/AWSCloudShellFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-15T18:07:44+00:00", "UpdateDate": "2020-12-15T18:07:44+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudshell:*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSCloudTrailReadOnlyAccess": { "PolicyName": "AWSCloudTrailReadOnlyAccess", "PolicyId": "ANPAJDU7KJADWBSEQ3E7S", "Arn": "arn:aws:iam::aws:policy/AWSCloudTrailReadOnlyAccess", "Path": "/", "DefaultVersionId": "v9", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:39:59+00:00", "UpdateDate": "2019-11-20T21:06:49+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetBucketLocation" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudtrail:GetTrail", "cloudtrail:GetTrailStatus", "cloudtrail:DescribeTrails", "cloudtrail:ListTrails", "cloudtrail:LookupEvents", "cloudtrail:ListTags", "cloudtrail:ListPublicKeys", "cloudtrail:GetEventSelectors", "cloudtrail:GetInsightSelectors", "s3:ListAllMyBuckets", "kms:ListAliases", "lambda:ListFunctions" ], "Resource": "*" } ] }, "VersionId": "v9" }, "AWSCloudTrail_FullAccess": { "PolicyName": "AWSCloudTrail_FullAccess", "PolicyId": "ANPAZKAPJZG4CA4SIJQAM", "Arn": "arn:aws:iam::aws:policy/AWSCloudTrail_FullAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-10-08T23:41:15+00:00", "UpdateDate": "2021-02-22T19:01:00+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sns:AddPermission", "sns:CreateTopic", "sns:SetTopicAttributes", "sns:GetTopicAttributes" ], "Resource": [ "arn:aws:sns:*:*:aws-cloudtrail-logs*" ] }, { "Effect": "Allow", "Action": [ "sns:ListTopics" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock" ], "Resource": [ "arn:aws:s3:::aws-cloudtrail-logs*" ] }, { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:GetBucketLocation", "s3:GetBucketPolicy" ], "Resource": "*" }, { "Effect": "Allow", "Action": "cloudtrail:*", "Resource": "*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogGroup" ], "Resource": [ "arn:aws:logs:*:*:log-group:aws-cloudtrail-logs*" ] }, { "Effect": "Allow", "Action": [ "iam:ListRoles", "iam:GetRolePolicy", "iam:GetUser" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "cloudtrail.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "kms:CreateKey", "kms:CreateAlias", "kms:ListKeys", "kms:ListAliases" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "lambda:ListFunctions" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "dynamodb:ListGlobalTables", "dynamodb:ListTables" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AWSCloudWatchAlarms_ActionSSMIncidentsServiceRolePolicy": { "PolicyName": "AWSCloudWatchAlarms_ActionSSMIncidentsServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4JS7SI2RZY", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSCloudWatchAlarms_ActionSSMIncidentsServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-04-27T13:30:52+00:00", "UpdateDate": "2021-04-27T13:30:52+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "StartIncidentPermissions", "Effect": "Allow", "Action": "ssm-incidents:StartIncident", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSCodeArtifactAdminAccess": { "PolicyName": "AWSCodeArtifactAdminAccess", "PolicyId": "ANPAZKAPJZG4MBONPJNI5", "Arn": "arn:aws:iam::aws:policy/AWSCodeArtifactAdminAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-16T23:53:23+00:00", "UpdateDate": "2020-06-16T23:53:23+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "codeartifact:*" ], "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": "sts:GetServiceBearerToken", "Resource": "*", "Condition": { "StringEquals": { "sts:AWSServiceName": "codeartifact.amazonaws.com" } } } ] }, "VersionId": "v1" }, "AWSCodeArtifactReadOnlyAccess": { "PolicyName": "AWSCodeArtifactReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4PVTKOJHFB", "Arn": "arn:aws:iam::aws:policy/AWSCodeArtifactReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-25T21:23:52+00:00", "UpdateDate": "2020-06-25T21:23:52+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "codeartifact:Describe*", "codeartifact:Get*", "codeartifact:List*", "codeartifact:ReadFromRepository" ], "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": "sts:GetServiceBearerToken", "Resource": "*", "Condition": { "StringEquals": { "sts:AWSServiceName": "codeartifact.amazonaws.com" } } } ] }, "VersionId": "v1" }, "AWSCodeBuildAdminAccess": { "PolicyName": "AWSCodeBuildAdminAccess", "PolicyId": "ANPAJQJGIOIE3CD2TQXDS", "Arn": "arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess", "Path": "/", "DefaultVersionId": "v12", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-12-01T19:04:44+00:00", "UpdateDate": "2020-09-14T16:03:39+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "codebuild:*", "codecommit:GetBranch", "codecommit:GetCommit", "codecommit:GetRepository", "codecommit:ListBranches", "codecommit:ListRepositories", "cloudwatch:GetMetricStatistics", "ec2:DescribeVpcs", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ecr:DescribeRepositories", "ecr:ListImages", "elasticfilesystem:DescribeFileSystems", "events:DeleteRule", "events:DescribeRule", "events:DisableRule", "events:EnableRule", "events:ListTargetsByRule", "events:ListRuleNamesByTarget", "events:PutRule", "events:PutTargets", "events:RemoveTargets", "logs:GetLogEvents", "s3:GetBucketLocation", "s3:ListAllMyBuckets" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "logs:DeleteLogGroup" ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/codebuild/*:log-stream:*" }, { "Effect": "Allow", "Action": [ "ssm:PutParameter" ], "Resource": "arn:aws:ssm:*:*:parameter/CodeBuild/*" }, { "Effect": "Allow", "Action": [ "ssm:StartSession" ], "Resource": "arn:aws:ecs:*:*:task/*/*" }, { "Sid": "CodeStarConnectionsReadWriteAccess", "Effect": "Allow", "Action": [ "codestar-connections:CreateConnection", "codestar-connections:DeleteConnection", "codestar-connections:UpdateConnectionInstallation", "codestar-connections:TagResource", "codestar-connections:UntagResource", "codestar-connections:ListConnections", "codestar-connections:ListInstallationTargets", "codestar-connections:ListTagsForResource", "codestar-connections:GetConnection", "codestar-connections:GetIndividualAccessToken", "codestar-connections:GetInstallationUrl", "codestar-connections:PassConnection", "codestar-connections:StartOAuthHandshake", "codestar-connections:UseConnection" ], "Resource": "arn:aws:codestar-connections:*:*:connection/*" }, { "Sid": "CodeStarNotificationsReadWriteAccess", "Effect": "Allow", "Action": [ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:DeleteNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Resource": "*", "Condition": { "StringLike": { "codestar-notifications:NotificationsForResource": "arn:aws:codebuild:*" } } }, { "Sid": "CodeStarNotificationsListAccess", "Effect": "Allow", "Action": [ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListEventTypes", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource" ], "Resource": "*" }, { "Sid": "CodeStarNotificationsSNSTopicCreateAccess", "Effect": "Allow", "Action": [ "sns:CreateTopic", "sns:SetTopicAttributes" ], "Resource": "arn:aws:sns:*:*:codestar-notifications*" }, { "Sid": "SNSTopicListAccess", "Effect": "Allow", "Action": [ "sns:ListTopics", "sns:GetTopicAttributes" ], "Resource": "*" }, { "Sid": "CodeStarNotificationsChatbotAccess", "Effect": "Allow", "Action": [ "chatbot:DescribeSlackChannelConfigurations" ], "Resource": "*" } ] }, "VersionId": "v12" }, "AWSCodeBuildDeveloperAccess": { "PolicyName": "AWSCodeBuildDeveloperAccess", "PolicyId": "ANPAIMKTMR34XSBQW45HS", "Arn": "arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess", "Path": "/", "DefaultVersionId": "v13", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-12-01T19:02:32+00:00", "UpdateDate": "2020-09-14T16:03:44+00:00", "Document": { "Statement": [ { "Action": [ "codebuild:StartBuild", "codebuild:StopBuild", "codebuild:StartBuildBatch", "codebuild:StopBuildBatch", "codebuild:RetryBuild", "codebuild:RetryBuildBatch", "codebuild:BatchGet*", "codebuild:GetResourcePolicy", "codebuild:DescribeTestCases", "codebuild:DescribeCodeCoverages", "codebuild:List*", "codecommit:GetBranch", "codecommit:GetCommit", "codecommit:GetRepository", "codecommit:ListBranches", "cloudwatch:GetMetricStatistics", "events:DescribeRule", "events:ListTargetsByRule", "events:ListRuleNamesByTarget", "logs:GetLogEvents", "s3:GetBucketLocation", "s3:ListAllMyBuckets" ], "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": [ "ssm:PutParameter" ], "Resource": "arn:aws:ssm:*:*:parameter/CodeBuild/*" }, { "Effect": "Allow", "Action": [ "ssm:StartSession" ], "Resource": "arn:aws:ecs:*:*:task/*/*" }, { "Sid": "CodeStarConnectionsUserAccess", "Effect": "Allow", "Action": [ "codestar-connections:ListConnections", "codestar-connections:GetConnection" ], "Resource": "arn:aws:codestar-connections:*:*:connection/*" }, { "Sid": "CodeStarNotificationsReadWriteAccess", "Effect": "Allow", "Action": [ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Resource": "*", "Condition": { "StringLike": { "codestar-notifications:NotificationsForResource": "arn:aws:codebuild:*" } } }, { "Sid": "CodeStarNotificationsListAccess", "Effect": "Allow", "Action": [ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListEventTypes", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource" ], "Resource": "*" }, { "Sid": "SNSTopicListAccess", "Effect": "Allow", "Action": [ "sns:ListTopics", "sns:GetTopicAttributes" ], "Resource": "*" }, { "Sid": "CodeStarNotificationsChatbotAccess", "Effect": "Allow", "Action": [ "chatbot:DescribeSlackChannelConfigurations" ], "Resource": "*" } ], "Version": "2012-10-17" }, "VersionId": "v13" }, "AWSCodeBuildReadOnlyAccess": { "PolicyName": "AWSCodeBuildReadOnlyAccess", "PolicyId": "ANPAJIZZWN6557F5HVP2K", "Arn": "arn:aws:iam::aws:policy/AWSCodeBuildReadOnlyAccess", "Path": "/", "DefaultVersionId": "v11", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-12-01T19:03:41+00:00", "UpdateDate": "2020-09-14T16:04:04+00:00", "Document": { "Statement": [ { "Action": [ "codebuild:BatchGet*", "codebuild:GetResourcePolicy", "codebuild:List*", "codebuild:DescribeTestCases", "codebuild:DescribeCodeCoverages", "codecommit:GetBranch", "codecommit:GetCommit", "codecommit:GetRepository", "cloudwatch:GetMetricStatistics", "events:DescribeRule", "events:ListTargetsByRule", "events:ListRuleNamesByTarget", "logs:GetLogEvents" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "CodeStarConnectionsUserAccess", "Effect": "Allow", "Action": [ "codestar-connections:ListConnections", "codestar-connections:GetConnection" ], "Resource": "arn:aws:codestar-connections:*:*:connection/*" }, { "Sid": "CodeStarNotificationsPowerUserAccess", "Effect": "Allow", "Action": [ "codestar-notifications:DescribeNotificationRule" ], "Resource": "*", "Condition": { "StringLike": { "codestar-notifications:NotificationsForResource": "arn:aws:codebuild:*" } } }, { "Sid": "CodeStarNotificationsListAccess", "Effect": "Allow", "Action": [ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListEventTypes", "codestar-notifications:ListTargets" ], "Resource": "*" } ], "Version": "2012-10-17" }, "VersionId": "v11" }, "AWSCodeCommitFullAccess": { "PolicyName": "AWSCodeCommitFullAccess", "PolicyId": "ANPAI4VCZ3XPIZLQ5NZV2", "Arn": "arn:aws:iam::aws:policy/AWSCodeCommitFullAccess", "Path": "/", "DefaultVersionId": "v9", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-07-09T17:02:19+00:00", "UpdateDate": "2020-07-30T23:17:35+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "codecommit:*" ], "Resource": "*" }, { "Sid": "CloudWatchEventsCodeCommitRulesAccess", "Effect": "Allow", "Action": [ "events:DeleteRule", "events:DescribeRule", "events:DisableRule", "events:EnableRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets", "events:ListTargetsByRule" ], "Resource": "arn:aws:events:*:*:rule/codecommit*" }, { "Sid": "SNSTopicAndSubscriptionAccess", "Effect": "Allow", "Action": [ "sns:CreateTopic", "sns:DeleteTopic", "sns:Subscribe", "sns:Unsubscribe", "sns:SetTopicAttributes" ], "Resource": "arn:aws:sns:*:*:codecommit*" }, { "Sid": "SNSTopicAndSubscriptionReadAccess", "Effect": "Allow", "Action": [ "sns:ListTopics", "sns:ListSubscriptionsByTopic", "sns:GetTopicAttributes" ], "Resource": "*" }, { "Sid": "LambdaReadOnlyListAccess", "Effect": "Allow", "Action": [ "lambda:ListFunctions" ], "Resource": "*" }, { "Sid": "IAMReadOnlyListAccess", "Effect": "Allow", "Action": [ "iam:ListUsers" ], "Resource": "*" }, { "Sid": "IAMReadOnlyConsoleAccess", "Effect": "Allow", "Action": [ "iam:ListAccessKeys", "iam:ListSSHPublicKeys", "iam:ListServiceSpecificCredentials" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "IAMUserSSHKeys", "Effect": "Allow", "Action": [ "iam:DeleteSSHPublicKey", "iam:GetSSHPublicKey", "iam:ListSSHPublicKeys", "iam:UpdateSSHPublicKey", "iam:UploadSSHPublicKey" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "IAMSelfManageServiceSpecificCredentials", "Effect": "Allow", "Action": [ "iam:CreateServiceSpecificCredential", "iam:UpdateServiceSpecificCredential", "iam:DeleteServiceSpecificCredential", "iam:ResetServiceSpecificCredential" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "CodeStarNotificationsReadWriteAccess", "Effect": "Allow", "Action": [ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:DeleteNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Resource": "*", "Condition": { "StringLike": { "codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*" } } }, { "Sid": "CodeStarNotificationsListAccess", "Effect": "Allow", "Action": [ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource", "codestar-notifications:ListEventTypes" ], "Resource": "*" }, { "Sid": "CodeStarNotificationsSNSTopicCreateAccess", "Effect": "Allow", "Action": [ "sns:CreateTopic", "sns:SetTopicAttributes" ], "Resource": "arn:aws:sns:*:*:codestar-notifications*" }, { "Sid": "AmazonCodeGuruReviewerFullAccess", "Effect": "Allow", "Action": [ "codeguru-reviewer:AssociateRepository", "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codeguru-reviewer:DisassociateRepository", "codeguru-reviewer:DescribeCodeReview", "codeguru-reviewer:ListCodeReviews" ], "Resource": "*" }, { "Sid": "AmazonCodeGuruReviewerSLRCreation", "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", "Condition": { "StringLike": { "iam:AWSServiceName": "codeguru-reviewer.amazonaws.com" } } }, { "Sid": "CloudWatchEventsManagedRules", "Effect": "Allow", "Action": [ "events:PutRule", "events:PutTargets", "events:DeleteRule", "events:RemoveTargets" ], "Resource": "*", "Condition": { "StringEquals": { "events:ManagedBy": "codeguru-reviewer.amazonaws.com" } } }, { "Sid": "CodeStarNotificationsChatbotAccess", "Effect": "Allow", "Action": [ "chatbot:DescribeSlackChannelConfigurations" ], "Resource": "*" }, { "Sid": "CodeStarConnectionsReadOnlyAccess", "Effect": "Allow", "Action": [ "codestar-connections:ListConnections", "codestar-connections:GetConnection" ], "Resource": "arn:aws:codestar-connections:*:*:connection/*" } ] }, "VersionId": "v9" }, "AWSCodeCommitPowerUser": { "PolicyName": "AWSCodeCommitPowerUser", "PolicyId": "ANPAI4UIINUVGB5SEC57G", "Arn": "arn:aws:iam::aws:policy/AWSCodeCommitPowerUser", "Path": "/", "DefaultVersionId": "v14", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-07-09T17:06:49+00:00", "UpdateDate": "2020-07-30T23:12:48+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "codecommit:AssociateApprovalRuleTemplateWithRepository", "codecommit:BatchAssociateApprovalRuleTemplateWithRepositories", "codecommit:BatchDisassociateApprovalRuleTemplateFromRepositories", "codecommit:BatchGet*", "codecommit:BatchDescribe*", "codecommit:Create*", "codecommit:DeleteBranch", "codecommit:DeleteFile", "codecommit:Describe*", "codecommit:DisassociateApprovalRuleTemplateFromRepository", "codecommit:EvaluatePullRequestApprovalRules", "codecommit:Get*", "codecommit:List*", "codecommit:Merge*", "codecommit:OverridePullRequestApprovalRules", "codecommit:Put*", "codecommit:Post*", "codecommit:TagResource", "codecommit:Test*", "codecommit:UntagResource", "codecommit:Update*", "codecommit:GitPull", "codecommit:GitPush" ], "Resource": "*" }, { "Sid": "CloudWatchEventsCodeCommitRulesAccess", "Effect": "Allow", "Action": [ "events:DeleteRule", "events:DescribeRule", "events:DisableRule", "events:EnableRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets", "events:ListTargetsByRule" ], "Resource": "arn:aws:events:*:*:rule/codecommit*" }, { "Sid": "SNSTopicAndSubscriptionAccess", "Effect": "Allow", "Action": [ "sns:Subscribe", "sns:Unsubscribe" ], "Resource": "arn:aws:sns:*:*:codecommit*" }, { "Sid": "SNSTopicAndSubscriptionReadAccess", "Effect": "Allow", "Action": [ "sns:ListTopics", "sns:ListSubscriptionsByTopic", "sns:GetTopicAttributes" ], "Resource": "*" }, { "Sid": "LambdaReadOnlyListAccess", "Effect": "Allow", "Action": [ "lambda:ListFunctions" ], "Resource": "*" }, { "Sid": "IAMReadOnlyListAccess", "Effect": "Allow", "Action": [ "iam:ListUsers" ], "Resource": "*" }, { "Sid": "IAMReadOnlyConsoleAccess", "Effect": "Allow", "Action": [ "iam:ListAccessKeys", "iam:ListSSHPublicKeys", "iam:ListServiceSpecificCredentials" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "IAMUserSSHKeys", "Effect": "Allow", "Action": [ "iam:DeleteSSHPublicKey", "iam:GetSSHPublicKey", "iam:ListSSHPublicKeys", "iam:UpdateSSHPublicKey", "iam:UploadSSHPublicKey" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "IAMSelfManageServiceSpecificCredentials", "Effect": "Allow", "Action": [ "iam:CreateServiceSpecificCredential", "iam:UpdateServiceSpecificCredential", "iam:DeleteServiceSpecificCredential", "iam:ResetServiceSpecificCredential" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "CodeStarNotificationsReadWriteAccess", "Effect": "Allow", "Action": [ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Resource": "*", "Condition": { "StringLike": { "codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*" } } }, { "Sid": "CodeStarNotificationsListAccess", "Effect": "Allow", "Action": [ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource", "codestar-notifications:ListEventTypes" ], "Resource": "*" }, { "Sid": "AmazonCodeGuruReviewerFullAccess", "Effect": "Allow", "Action": [ "codeguru-reviewer:AssociateRepository", "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codeguru-reviewer:DisassociateRepository", "codeguru-reviewer:DescribeCodeReview", "codeguru-reviewer:ListCodeReviews" ], "Resource": "*" }, { "Sid": "AmazonCodeGuruReviewerSLRCreation", "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", "Condition": { "StringLike": { "iam:AWSServiceName": "codeguru-reviewer.amazonaws.com" } } }, { "Sid": "CloudWatchEventsManagedRules", "Effect": "Allow", "Action": [ "events:PutRule", "events:PutTargets", "events:DeleteRule", "events:RemoveTargets" ], "Resource": "*", "Condition": { "StringEquals": { "events:ManagedBy": "codeguru-reviewer.amazonaws.com" } } }, { "Sid": "CodeStarNotificationsChatbotAccess", "Effect": "Allow", "Action": [ "chatbot:DescribeSlackChannelConfigurations" ], "Resource": "*" }, { "Sid": "CodeStarConnectionsReadOnlyAccess", "Effect": "Allow", "Action": [ "codestar-connections:ListConnections", "codestar-connections:GetConnection" ], "Resource": "arn:aws:codestar-connections:*:*:connection/*" } ] }, "VersionId": "v14" }, "AWSCodeCommitReadOnly": { "PolicyName": "AWSCodeCommitReadOnly", "PolicyId": "ANPAJACNSXR7Z2VLJW3D6", "Arn": "arn:aws:iam::aws:policy/AWSCodeCommitReadOnly", "Path": "/", "DefaultVersionId": "v10", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-07-09T17:05:06+00:00", "UpdateDate": "2020-07-30T23:08:05+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "codecommit:BatchGet*", "codecommit:BatchDescribe*", "codecommit:Describe*", "codecommit:EvaluatePullRequestApprovalRules", "codecommit:Get*", "codecommit:List*", "codecommit:GitPull" ], "Resource": "*" }, { "Sid": "CloudWatchEventsCodeCommitRulesReadOnlyAccess", "Effect": "Allow", "Action": [ "events:DescribeRule", "events:ListTargetsByRule" ], "Resource": "arn:aws:events:*:*:rule/codecommit*" }, { "Sid": "SNSSubscriptionAccess", "Effect": "Allow", "Action": [ "sns:ListTopics", "sns:ListSubscriptionsByTopic", "sns:GetTopicAttributes" ], "Resource": "*" }, { "Sid": "LambdaReadOnlyListAccess", "Effect": "Allow", "Action": [ "lambda:ListFunctions" ], "Resource": "*" }, { "Sid": "IAMReadOnlyListAccess", "Effect": "Allow", "Action": [ "iam:ListUsers" ], "Resource": "*" }, { "Sid": "IAMReadOnlyConsoleAccess", "Effect": "Allow", "Action": [ "iam:ListAccessKeys", "iam:ListSSHPublicKeys", "iam:ListServiceSpecificCredentials", "iam:ListAccessKeys", "iam:GetSSHPublicKey" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "CodeStarConnectionsReadOnlyAccess", "Effect": "Allow", "Action": [ "codestar-connections:ListConnections", "codestar-connections:GetConnection" ], "Resource": "arn:aws:codestar-connections:*:*:connection/*" }, { "Sid": "CodeStarNotificationsReadOnlyAccess", "Effect": "Allow", "Action": [ "codestar-notifications:DescribeNotificationRule" ], "Resource": "*", "Condition": { "StringLike": { "codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*" } } }, { "Sid": "CodeStarNotificationsListAccess", "Effect": "Allow", "Action": [ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListEventTypes", "codestar-notifications:ListTargets" ], "Resource": "*" }, { "Sid": "AmazonCodeGuruReviewerReadOnlyAccess", "Effect": "Allow", "Action": [ "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codeguru-reviewer:DescribeCodeReview", "codeguru-reviewer:ListCodeReviews" ], "Resource": "*" } ] }, "VersionId": "v10" }, "AWSCodeDeployDeployerAccess": { "PolicyName": "AWSCodeDeployDeployerAccess", "PolicyId": "ANPAJUWEPOMGLMVXJAPUI", "Arn": "arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-05-19T18:18:43+00:00", "UpdateDate": "2020-04-02T16:16:11+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "codedeploy:Batch*", "codedeploy:CreateDeployment", "codedeploy:Get*", "codedeploy:List*", "codedeploy:RegisterApplicationRevision" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "CodeStarNotificationsReadWriteAccess", "Effect": "Allow", "Action": [ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Resource": "*", "Condition": { "StringLike": { "codestar-notifications:NotificationsForResource": "arn:aws:codedeploy:*" } } }, { "Sid": "CodeStarNotificationsListAccess", "Effect": "Allow", "Action": [ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource", "codestar-notifications:ListEventTypes" ], "Resource": "*" }, { "Sid": "CodeStarNotificationsChatbotAccess", "Effect": "Allow", "Action": [ "chatbot:DescribeSlackChannelConfigurations" ], "Resource": "*" }, { "Sid": "SNSTopicListAccess", "Effect": "Allow", "Action": [ "sns:ListTopics" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AWSCodeDeployFullAccess": { "PolicyName": "AWSCodeDeployFullAccess", "PolicyId": "ANPAIONKN3TJZUKXCHXWC", "Arn": "arn:aws:iam::aws:policy/AWSCodeDeployFullAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-05-19T18:13:23+00:00", "UpdateDate": "2020-04-02T16:14:47+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": "codedeploy:*", "Effect": "Allow", "Resource": "*" }, { "Sid": "CodeStarNotificationsReadWriteAccess", "Effect": "Allow", "Action": [ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:DeleteNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Resource": "*", "Condition": { "StringLike": { "codestar-notifications:NotificationsForResource": "arn:aws:codedeploy:*" } } }, { "Sid": "CodeStarNotificationsListAccess", "Effect": "Allow", "Action": [ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource", "codestar-notifications:ListEventTypes" ], "Resource": "*" }, { "Sid": "CodeStarNotificationsSNSTopicCreateAccess", "Effect": "Allow", "Action": [ "sns:CreateTopic", "sns:SetTopicAttributes" ], "Resource": "arn:aws:sns:*:*:codestar-notifications*" }, { "Sid": "CodeStarNotificationsChatbotAccess", "Effect": "Allow", "Action": [ "chatbot:DescribeSlackChannelConfigurations" ], "Resource": "*" }, { "Sid": "SNSTopicListAccess", "Effect": "Allow", "Action": [ "sns:ListTopics" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AWSCodeDeployReadOnlyAccess": { "PolicyName": "AWSCodeDeployReadOnlyAccess", "PolicyId": "ANPAILZHHKCKB4NE7XOIQ", "Arn": "arn:aws:iam::aws:policy/AWSCodeDeployReadOnlyAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-05-19T18:21:32+00:00", "UpdateDate": "2020-04-02T16:20:09+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "codedeploy:Batch*", "codedeploy:Get*", "codedeploy:List*" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "CodeStarNotificationsPowerUserAccess", "Effect": "Allow", "Action": [ "codestar-notifications:DescribeNotificationRule" ], "Resource": "*", "Condition": { "StringLike": { "codestar-notifications:NotificationsForResource": "arn:aws:codedeploy:*" } } }, { "Sid": "CodeStarNotificationsListAccess", "Effect": "Allow", "Action": [ "codestar-notifications:ListNotificationRules", "codestar-notifications:ListEventTypes", "codestar-notifications:ListTargets" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AWSCodeDeployRole": { "PolicyName": "AWSCodeDeployRole", "PolicyId": "ANPAJ2NKMKD73QS5NBFLA", "Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole", "Path": "/service-role/", "DefaultVersionId": "v9", "AttachmentCount": 1, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-05-04T18:05:37+00:00", "UpdateDate": "2021-05-19T00:42:51+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "autoscaling:CompleteLifecycleAction", "autoscaling:DeleteLifecycleHook", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLifecycleHooks", "autoscaling:PutLifecycleHook", "autoscaling:RecordLifecycleActionHeartbeat", "autoscaling:CreateAutoScalingGroup", "autoscaling:UpdateAutoScalingGroup", "autoscaling:EnableMetricsCollection", "autoscaling:DescribePolicies", "autoscaling:DescribeScheduledActions", "autoscaling:DescribeNotificationConfigurations", "autoscaling:SuspendProcesses", "autoscaling:ResumeProcesses", "autoscaling:AttachLoadBalancers", "autoscaling:AttachLoadBalancerTargetGroups", "autoscaling:PutScalingPolicy", "autoscaling:PutScheduledUpdateGroupAction", "autoscaling:PutNotificationConfiguration", "autoscaling:PutWarmPool", "autoscaling:DescribeScalingActivities", "autoscaling:DeleteAutoScalingGroup", "ec2:DescribeInstances", "ec2:DescribeInstanceStatus", "ec2:TerminateInstances", "tag:GetResources", "sns:Publish", "cloudwatch:DescribeAlarms", "cloudwatch:PutMetricAlarm", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:DeregisterTargets" ], "Resource": "*" } ] }, "VersionId": "v9" }, "AWSCodeDeployRoleForCloudFormation": { "PolicyName": "AWSCodeDeployRoleForCloudFormation", "PolicyId": "ANPAZKAPJZG4CO24UTMFH", "Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForCloudFormation", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-05-19T17:12:52+00:00", "UpdateDate": "2020-05-19T17:12:52+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "lambda:InvokeFunction" ], "Resource": "arn:aws:lambda:*:*:function:CodeDeployHook_*", "Effect": "Allow" } ] }, "VersionId": "v1" }, "AWSCodeDeployRoleForECS": { "PolicyName": "AWSCodeDeployRoleForECS", "PolicyId": "ANPAIIL3KXEKRGEN2HFIO", "Arn": "arn:aws:iam::aws:policy/AWSCodeDeployRoleForECS", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-27T20:40:57+00:00", "UpdateDate": "2019-09-23T22:37:46+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ecs:DescribeServices", "ecs:CreateTaskSet", "ecs:UpdateServicePrimaryTaskSet", "ecs:DeleteTaskSet", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:ModifyListener", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:ModifyRule", "lambda:InvokeFunction", "cloudwatch:DescribeAlarms", "sns:Publish", "s3:GetObject", "s3:GetObjectVersion" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "iam:PassRole" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringLike": { "iam:PassedToService": [ "ecs-tasks.amazonaws.com" ] } } } ] }, "VersionId": "v3" }, "AWSCodeDeployRoleForECSLimited": { "PolicyName": "AWSCodeDeployRoleForECSLimited", "PolicyId": "ANPAJ6Z7L2IOXEFFOGD2M", "Arn": "arn:aws:iam::aws:policy/AWSCodeDeployRoleForECSLimited", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-27T20:42:42+00:00", "UpdateDate": "2019-09-23T22:10:29+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ecs:DescribeServices", "ecs:CreateTaskSet", "ecs:UpdateServicePrimaryTaskSet", "ecs:DeleteTaskSet", "cloudwatch:DescribeAlarms" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "sns:Publish" ], "Resource": "arn:aws:sns:*:*:CodeDeployTopic_*", "Effect": "Allow" }, { "Action": [ "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:ModifyListener", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:ModifyRule" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "lambda:InvokeFunction" ], "Resource": "arn:aws:lambda:*:*:function:CodeDeployHook_*", "Effect": "Allow" }, { "Action": [ "s3:GetObject", "s3:GetObjectVersion" ], "Resource": "*", "Condition": { "StringEquals": { "s3:ExistingObjectTag/UseWithCodeDeploy": "true" } }, "Effect": "Allow" }, { "Action": [ "iam:PassRole" ], "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/ecsTaskExecutionRole", "arn:aws:iam::*:role/ECSTaskExecution*" ], "Condition": { "StringLike": { "iam:PassedToService": [ "ecs-tasks.amazonaws.com" ] } } } ] }, "VersionId": "v3" }, "AWSCodeDeployRoleForLambda": { "PolicyName": "AWSCodeDeployRoleForLambda", "PolicyId": "ANPAJA3RQZIKNOSJ4ZQSA", "Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda", "Path": "/service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-28T14:05:44+00:00", "UpdateDate": "2019-12-03T19:53:10+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudwatch:DescribeAlarms", "lambda:UpdateAlias", "lambda:GetAlias", "lambda:GetProvisionedConcurrencyConfig", "sns:Publish" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "s3:GetObject", "s3:GetObjectVersion" ], "Resource": "arn:aws:s3:::*/CodeDeploy/*", "Effect": "Allow" }, { "Action": [ "s3:GetObject", "s3:GetObjectVersion" ], "Resource": "*", "Condition": { "StringEquals": { "s3:ExistingObjectTag/UseWithCodeDeploy": "true" } }, "Effect": "Allow" }, { "Action": [ "lambda:InvokeFunction" ], "Resource": "arn:aws:lambda:*:*:function:CodeDeployHook_*", "Effect": "Allow" } ] }, "VersionId": "v3" }, "AWSCodeDeployRoleForLambdaLimited": { "PolicyName": "AWSCodeDeployRoleForLambdaLimited", "PolicyId": "ANPAZKAPJZG4C55RUFGEB", "Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambdaLimited", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-08-17T17:14:14+00:00", "UpdateDate": "2020-08-17T17:14:14+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudwatch:DescribeAlarms", "lambda:UpdateAlias", "lambda:GetAlias", "lambda:GetProvisionedConcurrencyConfig" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "s3:GetObject", "s3:GetObjectVersion" ], "Resource": "arn:aws:s3:::*/CodeDeploy/*", "Effect": "Allow" }, { "Action": [ "s3:GetObject", "s3:GetObjectVersion" ], "Resource": "*", "Condition": { "StringEquals": { "s3:ExistingObjectTag/UseWithCodeDeploy": "true" } }, "Effect": "Allow" }, { "Action": [ "lambda:InvokeFunction" ], "Resource": "arn:aws:lambda:*:*:function:CodeDeployHook_*", "Effect": "Allow" } ] }, "VersionId": "v1" }, "AWSCodePipelineApproverAccess": { "PolicyName": "AWSCodePipelineApproverAccess", "PolicyId": "ANPAICXNWK42SQ6LMDXM2", "Arn": "arn:aws:iam::aws:policy/AWSCodePipelineApproverAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-07-28T18:59:17+00:00", "UpdateDate": "2017-08-02T17:24:58+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "codepipeline:GetPipeline", "codepipeline:GetPipelineState", "codepipeline:GetPipelineExecution", "codepipeline:ListPipelineExecutions", "codepipeline:ListPipelines", "codepipeline:PutApprovalResult" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v3" }, "AWSCodePipelineCustomActionAccess": { "PolicyName": "AWSCodePipelineCustomActionAccess", "PolicyId": "ANPAJFW5Z32BTVF76VCYC", "Arn": "arn:aws:iam::aws:policy/AWSCodePipelineCustomActionAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-07-09T17:02:54+00:00", "UpdateDate": "2015-07-09T17:02:54+00:00", "Document": { "Statement": [ { "Action": [ "codepipeline:AcknowledgeJob", "codepipeline:GetJobDetails", "codepipeline:PollForJobs", "codepipeline:PutJobFailureResult", "codepipeline:PutJobSuccessResult" ], "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" }, "VersionId": "v1" }, "AWSCodePipelineFullAccess": { "PolicyName": "AWSCodePipelineFullAccess", "PolicyId": "ANPAJP5LH77KSAT2KHQGG", "Arn": "arn:aws:iam::aws:policy/AWSCodePipelineFullAccess", "Path": "/", "DefaultVersionId": "v10", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-07-09T16:58:07+00:00", "UpdateDate": "2020-05-21T22:03:13+00:00", "Document": { "Statement": [ { "Action": [ "codepipeline:*", "cloudformation:DescribeStacks", "cloudformation:ListChangeSets", "cloudtrail:CreateTrail", "cloudtrail:DescribeTrails", "cloudtrail:GetEventSelectors", "cloudtrail:PutEventSelectors", "cloudtrail:StartLogging", "codebuild:BatchGetProjects", "codebuild:CreateProject", "codebuild:ListCuratedEnvironmentImages", "codebuild:ListProjects", "codecommit:GetBranch", "codecommit:GetRepositoryTriggers", "codecommit:ListBranches", "codecommit:ListRepositories", "codecommit:PutRepositoryTriggers", "codecommit:GetReferences", "codedeploy:GetApplication", "codedeploy:BatchGetApplications", "codedeploy:GetDeploymentGroup", "codedeploy:BatchGetDeploymentGroups", "codedeploy:ListApplications", "codedeploy:ListDeploymentGroups", "devicefarm:GetDevicePool", "devicefarm:GetProject", "devicefarm:ListDevicePools", "devicefarm:ListProjects", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ecr:DescribeRepositories", "ecr:ListImages", "ecs:ListClusters", "ecs:ListServices", "elasticbeanstalk:DescribeApplications", "elasticbeanstalk:DescribeEnvironments", "iam:ListRoles", "iam:GetRole", "lambda:GetFunctionConfiguration", "lambda:ListFunctions", "events:ListRules", "events:ListTargetsByRule", "events:DescribeRule", "opsworks:DescribeApps", "opsworks:DescribeLayers", "opsworks:DescribeStacks", "s3:GetBucketPolicy", "s3:GetBucketVersioning", "s3:GetObjectVersion", "s3:ListAllMyBuckets", "s3:ListBucket", "sns:ListTopics", "codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource", "codestar-notifications:ListEventTypes", "states:ListStateMachines" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "s3:GetObject", "s3:CreateBucket", "s3:PutBucketPolicy" ], "Effect": "Allow", "Resource": "arn:aws:s3::*:codepipeline-*" }, { "Action": [ "iam:PassRole" ], "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/service-role/cwe-role-*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "events.amazonaws.com" ] } } }, { "Action": [ "iam:PassRole" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": [ "codepipeline.amazonaws.com" ] } } }, { "Action": [ "events:PutRule", "events:PutTargets", "events:DeleteRule", "events:DisableRule", "events:RemoveTargets" ], "Effect": "Allow", "Resource": [ "arn:aws:events:*:*:rule/codepipeline-*" ] }, { "Sid": "CodeStarNotificationsReadWriteAccess", "Effect": "Allow", "Action": [ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:DeleteNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Resource": "*", "Condition": { "StringLike": { "codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*" } } }, { "Sid": "CodeStarNotificationsSNSTopicCreateAccess", "Effect": "Allow", "Action": [ "sns:CreateTopic", "sns:SetTopicAttributes" ], "Resource": "arn:aws:sns:*:*:codestar-notifications*" }, { "Sid": "CodeStarNotificationsChatbotAccess", "Effect": "Allow", "Action": [ "chatbot:DescribeSlackChannelConfigurations" ], "Resource": "*" } ], "Version": "2012-10-17" }, "VersionId": "v10" }, "AWSCodePipelineReadOnlyAccess": { "PolicyName": "AWSCodePipelineReadOnlyAccess", "PolicyId": "ANPAILFKZXIBOTNC5TO2Q", "Arn": "arn:aws:iam::aws:policy/AWSCodePipelineReadOnlyAccess", "Path": "/", "DefaultVersionId": "v9", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-07-09T16:43:57+00:00", "UpdateDate": "2020-03-26T16:07:17+00:00", "Document": { "Statement": [ { "Action": [ "codepipeline:GetPipeline", "codepipeline:GetPipelineState", "codepipeline:GetPipelineExecution", "codepipeline:ListPipelineExecutions", "codepipeline:ListActionExecutions", "codepipeline:ListActionTypes", "codepipeline:ListPipelines", "codepipeline:ListTagsForResource", "iam:ListRoles", "s3:GetBucketPolicy", "s3:GetObject", "s3:ListAllMyBuckets", "s3:ListBucket", "codecommit:ListBranches", "codecommit:ListRepositories", "codedeploy:GetApplication", "codedeploy:GetDeploymentGroup", "codedeploy:ListApplications", "codedeploy:ListDeploymentGroups", "elasticbeanstalk:DescribeApplications", "elasticbeanstalk:DescribeEnvironments", "lambda:GetFunctionConfiguration", "lambda:ListFunctions", "opsworks:DescribeApps", "opsworks:DescribeLayers", "opsworks:DescribeStacks", "codestar-notifications:ListNotificationRules", "codestar-notifications:ListEventTypes", "codestar-notifications:ListTargets" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "CodeStarNotificationsReadOnlyAccess", "Effect": "Allow", "Action": [ "codestar-notifications:DescribeNotificationRule" ], "Resource": "*", "Condition": { "StringLike": { "codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*" } } } ], "Version": "2012-10-17" }, "VersionId": "v9" }, "AWSCodePipeline_FullAccess": { "PolicyName": "AWSCodePipeline_FullAccess", "PolicyId": "ANPAZKAPJZG4A6ZKP3LKA", "Arn": "arn:aws:iam::aws:policy/AWSCodePipeline_FullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-08-03T22:38:28+00:00", "UpdateDate": "2020-08-03T22:38:28+00:00", "Document": { "Statement": [ { "Action": [ "codepipeline:*", "cloudformation:DescribeStacks", "cloudformation:ListChangeSets", "cloudtrail:DescribeTrails", "codebuild:BatchGetProjects", "codebuild:CreateProject", "codebuild:ListCuratedEnvironmentImages", "codebuild:ListProjects", "codecommit:ListBranches", "codecommit:GetReferences", "codecommit:ListRepositories", "codedeploy:BatchGetDeploymentGroups", "codedeploy:ListApplications", "codedeploy:ListDeploymentGroups", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ecr:DescribeRepositories", "ecr:ListImages", "ecs:ListClusters", "ecs:ListServices", "elasticbeanstalk:DescribeApplications", "elasticbeanstalk:DescribeEnvironments", "iam:ListRoles", "iam:GetRole", "lambda:ListFunctions", "events:ListRules", "events:ListTargetsByRule", "events:DescribeRule", "opsworks:DescribeApps", "opsworks:DescribeLayers", "opsworks:DescribeStacks", "s3:ListAllMyBuckets", "sns:ListTopics", "codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource", "codestar-notifications:ListEventTypes", "states:ListStateMachines" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "s3:GetObject", "s3:ListBucket", "s3:GetBucketPolicy", "s3:GetBucketVersioning", "s3:GetObjectVersion", "s3:CreateBucket", "s3:PutBucketPolicy" ], "Effect": "Allow", "Resource": "arn:aws:s3::*:codepipeline-*" }, { "Action": [ "cloudtrail:PutEventSelectors", "cloudtrail:CreateTrail", "cloudtrail:GetEventSelectors", "cloudtrail:StartLogging" ], "Effect": "Allow", "Resource": "arn:aws:cloudtrail:*:*:trail/codepipeline-source-trail" }, { "Action": [ "iam:PassRole" ], "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/service-role/cwe-role-*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "events.amazonaws.com" ] } } }, { "Action": [ "iam:PassRole" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": [ "codepipeline.amazonaws.com" ] } } }, { "Action": [ "events:PutRule", "events:PutTargets", "events:DeleteRule", "events:DisableRule", "events:RemoveTargets" ], "Effect": "Allow", "Resource": [ "arn:aws:events:*:*:rule/codepipeline-*" ] }, { "Sid": "CodeStarNotificationsReadWriteAccess", "Effect": "Allow", "Action": [ "codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:DeleteNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe" ], "Resource": "*", "Condition": { "StringLike": { "codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*" } } }, { "Sid": "CodeStarNotificationsSNSTopicCreateAccess", "Effect": "Allow", "Action": [ "sns:CreateTopic", "sns:SetTopicAttributes" ], "Resource": "arn:aws:sns:*:*:codestar-notifications*" }, { "Sid": "CodeStarNotificationsChatbotAccess", "Effect": "Allow", "Action": [ "chatbot:DescribeSlackChannelConfigurations" ], "Resource": "*" } ], "Version": "2012-10-17" }, "VersionId": "v1" }, "AWSCodePipeline_ReadOnlyAccess": { "PolicyName": "AWSCodePipeline_ReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4IGBTPGT6W", "Arn": "arn:aws:iam::aws:policy/AWSCodePipeline_ReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-08-03T22:25:17+00:00", "UpdateDate": "2020-08-03T22:25:17+00:00", "Document": { "Statement": [ { "Action": [ "codepipeline:GetPipeline", "codepipeline:GetPipelineState", "codepipeline:GetPipelineExecution", "codepipeline:ListPipelineExecutions", "codepipeline:ListActionExecutions", "codepipeline:ListActionTypes", "codepipeline:ListPipelines", "codepipeline:ListTagsForResource", "s3:ListAllMyBuckets", "codestar-notifications:ListNotificationRules", "codestar-notifications:ListEventTypes", "codestar-notifications:ListTargets" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "s3:GetObject", "s3:ListBucket", "s3:GetBucketPolicy" ], "Effect": "Allow", "Resource": "arn:aws:s3::*:codepipeline-*" }, { "Sid": "CodeStarNotificationsReadOnlyAccess", "Effect": "Allow", "Action": [ "codestar-notifications:DescribeNotificationRule" ], "Resource": "*", "Condition": { "StringLike": { "codestar-notifications:NotificationsForResource": "arn:aws:codepipeline:*" } } } ], "Version": "2012-10-17" }, "VersionId": "v1" }, "AWSCodeStarFullAccess": { "PolicyName": "AWSCodeStarFullAccess", "PolicyId": "ANPAIXI233TFUGLZOJBEC", "Arn": "arn:aws:iam::aws:policy/AWSCodeStarFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-04-19T16:23:19+00:00", "UpdateDate": "2018-01-10T21:54:06+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "CodeStarEC2", "Effect": "Allow", "Action": [ "codestar:*", "ec2:DescribeKeyPairs", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "cloud9:DescribeEnvironment*", "cloud9:ValidateEnvironmentName" ], "Resource": "*" }, { "Sid": "CodeStarCF", "Effect": "Allow", "Action": [ "cloudformation:DescribeStack*", "cloudformation:GetTemplateSummary" ], "Resource": [ "arn:aws:cloudformation:*:*:stack/awscodestar-*" ] } ] }, "VersionId": "v2" }, "AWSCodeStarNotificationsServiceRolePolicy": { "PolicyName": "AWSCodeStarNotificationsServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4BGRXOB2GH", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSCodeStarNotificationsServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-05T16:10:21+00:00", "UpdateDate": "2020-03-19T16:01:55+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "events:PutTargets", "events:PutRule", "events:DescribeRule" ], "Resource": "arn:aws:events:*:*:rule/awscodestarnotifications-*", "Effect": "Allow" }, { "Action": [ "sns:CreateTopic" ], "Resource": "arn:aws:sns:*:*:CodeStarNotifications-*", "Effect": "Allow" }, { "Action": [ "codecommit:GetCommentsForPullRequest", "codecommit:GetCommentsForComparedCommit", "chatbot:DescribeSlackChannelConfigurations", "chatbot:UpdateSlackChannelConfiguration", "codecommit:GetDifferences", "codepipeline:ListActionExecutions" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "codecommit:GetFile" ], "Resource": "*", "Condition": { "StringNotEquals": { "aws:ResourceTag/ExcludeFileContentFromNotifications": "true" } }, "Effect": "Allow" } ] }, "VersionId": "v4" }, "AWSCodeStarServiceRole": { "PolicyName": "AWSCodeStarServiceRole", "PolicyId": "ANPAIN6D4M2KD3NBOC4M4", "Arn": "arn:aws:iam::aws:policy/service-role/AWSCodeStarServiceRole", "Path": "/service-role/", "DefaultVersionId": "v10", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-04-19T15:20:50+00:00", "UpdateDate": "2021-02-15T22:25:37+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "ProjectEventRules", "Effect": "Allow", "Action": [ "events:PutTargets", "events:RemoveTargets", "events:PutRule", "events:DeleteRule", "events:DescribeRule" ], "Resource": [ "arn:aws:events:*:*:rule/awscodestar-*" ] }, { "Sid": "ProjectStack", "Effect": "Allow", "Action": [ "cloudformation:*Stack*", "cloudformation:CreateChangeSet", "cloudformation:ExecuteChangeSet", "cloudformation:DeleteChangeSet", "cloudformation:GetTemplate" ], "Resource": [ "arn:aws:cloudformation:*:*:stack/awscodestar-*", "arn:aws:cloudformation:*:*:stack/awseb-*", "arn:aws:cloudformation:*:*:stack/aws-cloud9-*", "arn:aws:cloudformation:*:aws:transform/CodeStar*" ] }, { "Sid": "ProjectStackTemplate", "Effect": "Allow", "Action": [ "cloudformation:GetTemplateSummary", "cloudformation:DescribeChangeSet" ], "Resource": "*" }, { "Sid": "ProjectQuickstarts", "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::awscodestar-*/*" ] }, { "Sid": "ProjectS3Buckets", "Effect": "Allow", "Action": [ "s3:*" ], "Resource": [ "arn:aws:s3:::aws-codestar-*", "arn:aws:s3:::aws-codestar-*/*", "arn:aws:s3:::elasticbeanstalk-*", "arn:aws:s3:::elasticbeanstalk-*/*" ] }, { "Sid": "ProjectServices", "Effect": "Allow", "Action": [ "codestar:*", "codecommit:*", "codepipeline:*", "codedeploy:*", "codebuild:*", "ec2:RunInstances", "autoscaling:*", "cloudwatch:Put*", "ec2:*", "elasticbeanstalk:*", "elasticloadbalancing:*", "iam:ListRoles", "logs:*", "sns:*", "cloud9:CreateEnvironmentEC2", "cloud9:DeleteEnvironment", "cloud9:DescribeEnvironment*", "cloud9:ListEnvironments" ], "Resource": "*" }, { "Sid": "ProjectWorkerRoles", "Effect": "Allow", "Action": [ "iam:AttachRolePolicy", "iam:CreateRole", "iam:DeleteRole", "iam:DeleteRolePolicy", "iam:DetachRolePolicy", "iam:GetRole", "iam:PassRole", "iam:GetRolePolicy", "iam:PutRolePolicy", "iam:SetDefaultPolicyVersion", "iam:CreatePolicy", "iam:DeletePolicy", "iam:AddRoleToInstanceProfile", "iam:CreateInstanceProfile", "iam:DeleteInstanceProfile", "iam:RemoveRoleFromInstanceProfile" ], "Resource": [ "arn:aws:iam::*:role/CodeStarWorker*", "arn:aws:iam::*:policy/CodeStarWorker*", "arn:aws:iam::*:instance-profile/awscodestar-*" ] }, { "Sid": "ProjectTeamMembers", "Effect": "Allow", "Action": [ "iam:AttachUserPolicy", "iam:DetachUserPolicy" ], "Resource": "*", "Condition": { "ArnEquals": { "iam:PolicyArn": [ "arn:aws:iam::*:policy/CodeStar_*" ] } } }, { "Sid": "ProjectRoles", "Effect": "Allow", "Action": [ "iam:CreatePolicy", "iam:DeletePolicy", "iam:CreatePolicyVersion", "iam:DeletePolicyVersion", "iam:ListEntitiesForPolicy", "iam:ListPolicyVersions", "iam:GetPolicy", "iam:GetPolicyVersion" ], "Resource": [ "arn:aws:iam::*:policy/CodeStar_*" ] }, { "Sid": "InspectServiceRole", "Effect": "Allow", "Action": [ "iam:ListAttachedRolePolicies" ], "Resource": [ "arn:aws:iam::*:role/aws-codestar-service-role", "arn:aws:iam::*:role/service-role/aws-codestar-service-role" ] }, { "Sid": "IAMLinkRole", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "cloud9.amazonaws.com" } } }, { "Sid": "DescribeConfigRuleForARN", "Effect": "Allow", "Action": [ "config:DescribeConfigRules" ], "Resource": [ "*" ] }, { "Sid": "ProjectCodeStarConnections", "Effect": "Allow", "Action": [ "codestar-connections:UseConnection", "codestar-connections:GetConnection" ], "Resource": "*" }, { "Sid": "ProjectCodeStarConnectionsPassConnections", "Effect": "Allow", "Action": "codestar-connections:PassConnection", "Resource": "*", "Condition": { "ForAnyValue:StringEqualsIfExists": { "codestar-connections:PassedToService": "codepipeline.amazonaws.com" } } } ] }, "VersionId": "v10" }, "AWSCompromisedKeyQuarantine": { "PolicyName": "AWSCompromisedKeyQuarantine", "PolicyId": "ANPAZKAPJZG4PLD3NKX4L", "Arn": "arn:aws:iam::aws:policy/AWSCompromisedKeyQuarantine", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-08-11T18:04:13+00:00", "UpdateDate": "2020-08-11T18:04:13+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": [ "iam:AttachGroupPolicy", "iam:AttachRolePolicy", "iam:AttachUserPolicy", "iam:ChangePassword", "iam:CreateAccessKey", "iam:CreateInstanceProfile", "iam:CreateLoginProfile", "iam:CreateRole", "iam:CreateUser", "iam:DetachUserPolicy", "iam:PutUserPermissionsBoundary", "iam:PutUserPolicy", "iam:UpdateAccessKey", "iam:UpdateAccountPasswordPolicy", "iam:UpdateUser", "ec2:RequestSpotInstances", "ec2:RunInstances", "ec2:StartInstances", "organizations:CreateAccount", "organizations:CreateOrganization", "organizations:InviteAccountToOrganization", "lambda:CreateFunction", "lightsail:Create*", "lightsail:Start*", "lightsail:Delete*", "lightsail:Update*", "lightsail:GetInstanceAccessDetails", "lightsail:DownloadDefaultKeyPair" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSCompromisedKeyQuarantineV2": { "PolicyName": "AWSCompromisedKeyQuarantineV2", "PolicyId": "ANPAZKAPJZG4PFYMROIMI", "Arn": "arn:aws:iam::aws:policy/AWSCompromisedKeyQuarantineV2", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-04-21T22:30:59+00:00", "UpdateDate": "2021-04-21T22:30:59+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": [ "ec2:RequestSpotInstances", "ec2:RunInstances", "ec2:StartInstances", "iam:AddUserToGroup", "iam:AttachGroupPolicy", "iam:AttachRolePolicy", "iam:AttachUserPolicy", "iam:ChangePassword", "iam:CreateAccessKey", "iam:CreateInstanceProfile", "iam:CreateLoginProfile", "iam:CreatePolicyVersion", "iam:CreateRole", "iam:CreateUser", "iam:DetachUserPolicy", "iam:PassRole", "iam:PutGroupPolicy", "iam:PutRolePolicy", "iam:PutUserPermissionsBoundary", "iam:PutUserPolicy", "iam:SetDefaultPolicyVersion", "iam:UpdateAccessKey", "iam:UpdateAccountPasswordPolicy", "iam:UpdateAssumeRolePolicy", "iam:UpdateLoginProfile", "iam:UpdateUser", "lambda:AddLayerVersionPermission", "lambda:AddPermission", "lambda:CreateFunction", "lambda:GetPolicy", "lambda:ListTags", "lambda:PutProvisionedConcurrencyConfig", "lambda:TagResource", "lambda:UntagResource", "lambda:UpdateFunctionCode", "lightsail:Create*", "lightsail:Delete*", "lightsail:DownloadDefaultKeyPair", "lightsail:GetInstanceAccessDetails", "lightsail:Start*", "lightsail:Update*", "organizations:CreateAccount", "organizations:CreateOrganization", "organizations:InviteAccountToOrganization", "s3:DeleteBucket", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:PutLifecycleConfiguration", "s3:PutBucketAcl", "s3:DeleteBucketOwnershipControls", "s3:DeleteBucketPolicy", "s3:ObjectOwnerOverrideToBucketOwner", "s3:PutAccountPublicAccessBlock", "s3:PutBucketPolicy", "s3:ListAllMyBuckets" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSConfigMultiAccountSetupPolicy": { "PolicyName": "AWSConfigMultiAccountSetupPolicy", "PolicyId": "ANPAZKAPJZG4L5NAGNGTD", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSConfigMultiAccountSetupPolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-06-17T18:03:16+00:00", "UpdateDate": "2020-05-21T22:59:26+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "config:PutConfigRule", "config:DeleteConfigRule" ], "Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/config-multiaccountsetup.amazonaws.com/*" }, { "Effect": "Allow", "Action": [ "config:DescribeConfigurationRecorders" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "organizations:ListAccounts", "organizations:DescribeOrganization", "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeAccount" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "config:PutConformancePack", "config:DeleteConformancePack", "config:DescribeConformancePackStatus" ], "Resource": "arn:aws:config:*:*:conformance-pack/aws-service-conformance-pack/config-multiaccountsetup.amazonaws.com/*" }, { "Effect": "Allow", "Action": [ "iam:GetRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms" }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/AWSServiceRoleForConfigConforms", "Condition": { "StringLike": { "iam:AWSServiceName": "config-conforms.amazonaws.com" } } }, { "Action": "iam:PassRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "iam:PassedToService": "ssm.amazonaws.com" } } } ] }, "VersionId": "v4" }, "AWSConfigRemediationServiceRolePolicy": { "PolicyName": "AWSConfigRemediationServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4BC7ZOM6NP", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSConfigRemediationServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-06-18T21:21:35+00:00", "UpdateDate": "2019-06-18T21:21:35+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ssm:GetDocument", "ssm:DescribeDocument", "ssm:StartAutomationExecution" ], "Resource": "*", "Effect": "Allow" }, { "Condition": { "StringEquals": { "iam:PassedToService": "ssm.amazonaws.com" } }, "Action": "iam:PassRole", "Resource": "*", "Effect": "Allow" } ] }, "VersionId": "v1" }, "AWSConfigRole": { "PolicyName": "AWSConfigRole", "PolicyId": "ANPAIQRXRDRGJUA33ELIO", "Arn": "arn:aws:iam::aws:policy/service-role/AWSConfigRole", "Path": "/service-role/", "DefaultVersionId": "v40", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-04-02T17:36:23+00:00", "UpdateDate": "2021-07-27T22:34:36+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "access-analyzer:GetAnalyzer", "access-analyzer:ListAnalyzers", "access-analyzer:ListArchiveRules", "access-analyzer:ListTagsForResource", "acm:DescribeCertificate", "acm:ListCertificates", "acm:ListTagsForCertificate", "apigateway:GET", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeLifecycleHooks", "autoscaling:DescribePolicies", "autoscaling:DescribeScheduledActions", "autoscaling:DescribeTags", "backup:DescribeBackupVault", "backup:DescribeRecoveryPoint", "backup:GetBackupPlan", "backup:GetBackupSelection", "backup:GetBackupVaultAccessPolicy", "backup:GetBackupVaultNotifications", "backup:ListBackupPlans", "backup:ListBackupSelections", "backup:ListBackupVaults", "backup:ListRecoveryPointsByBackupVault", "backup:ListTags", "cloudformation:DescribeType", "cloudformation:ListTypes", "cloudfront:ListDistributions", "cloudfront:ListTagsForResource", "cloudtrail:DescribeTrails", "cloudtrail:GetEventSelectors", "cloudtrail:GetTrailStatus", "cloudtrail:ListTags", "cloudwatch:DescribeAlarms", "codepipeline:GetPipeline", "codepipeline:GetPipelineState", "codepipeline:ListPipelines", "config:BatchGet*", "config:Describe*", "config:Get*", "config:List*", "config:Put*", "config:Select*", "dax:DescribeClusters", "dms:DescribeEventSubscriptions", "dms:DescribeReplicationInstances", "dms:DescribeReplicationSubnetGroups", "dms:ListTagsForResource", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeLimits", "dynamodb:DescribeTable", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "ec2:Describe*", "ec2:GetEbsEncryptionByDefault", "ecr-public:DescribeRepositories", "ecr-public:GetRepositoryCatalogData", "ecr-public:ListTagsForResource", "ecr:DescribeRepositories", "ecr:GetLifecyclePolicy", "ecr:GetRepositoryPolicy", "ecr:ListTagsForResource", "ecs:DescribeClusters", "ecs:DescribeServices", "ecs:DescribeTaskDefinition", "ecs:DescribeTaskSets", "ecs:ListClusters", "ecs:ListServices", "ecs:ListTagsForResource", "ecs:ListTaskDefinitions", "eks:DescribeCluster", "eks:DescribeNodegroup", "eks:ListClusters", "eks:ListNodegroups", "elasticache:DescribeCacheClusters", "elasticache:DescribeCacheParameterGroups", "elasticache:DescribeCacheSubnetGroups", "elasticache:DescribeReplicationGroups", "elasticache:ListTagsForResource", "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeBackupPolicy", "elasticfilesystem:DescribeFileSystemPolicy", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeLifecycleConfiguration", "elasticfilesystem:DescribeMountTargets", "elasticfilesystem:DescribeMountTargetSecurityGroups", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancerPolicies", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticmapreduce:DescribeCluster", "elasticmapreduce:DescribeSecurityConfiguration", "elasticmapreduce:DescribeStep", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:GetManagedScalingPolicy", "elasticmapreduce:ListClusters", "elasticmapreduce:ListInstanceFleets", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListInstances", "elasticmapreduce:ListSecurityConfigurations", "elasticmapreduce:ListSteps", "es:DescribeElasticsearchDomain", "es:DescribeElasticsearchDomains", "es:ListDomainNames", "es:ListTags", "firehose:DescribeDeliveryStream", "firehose:ListDeliveryStreams", "firehose:ListTagsForDeliveryStream", "fsx:DescribeFileSystems", "globalaccelerator:DescribeAccelerator", "globalaccelerator:DescribeEndpointGroup", "globalaccelerator:DescribeListener", "globalaccelerator:ListAccelerators", "globalaccelerator:ListEndpointGroups", "globalaccelerator:ListListeners", "globalaccelerator:ListTagsForResource", "guardduty:GetDetector", "guardduty:GetFindings", "guardduty:GetMasterAccount", "guardduty:ListDetectors", "guardduty:ListFindings", "iam:GenerateCredentialReport", "iam:GetAccountAuthorizationDetails", "iam:GetAccountPasswordPolicy", "iam:GetAccountSummary", "iam:GetCredentialReport", "iam:GetGroup", "iam:GetGroupPolicy", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole", "iam:GetRolePolicy", "iam:GetUser", "iam:GetUserPolicy", "iam:ListAttachedGroupPolicies", "iam:ListAttachedRolePolicies", "iam:ListAttachedUserPolicies", "iam:ListEntitiesForPolicy", "iam:ListGroupPolicies", "iam:ListGroupsForUser", "iam:ListInstanceProfilesForRole", "iam:ListPolicyVersions", "iam:ListRolePolicies", "iam:ListUserPolicies", "iam:ListVirtualMFADevices", "kafka:DescribeCluster", "kafka:ListClusters", "kinesis:DescribeStreamConsumer", "kinesis:DescribeStreamSummary", "kinesis:ListStreamConsumers", "kinesis:ListStreams", "kinesis:ListTagsForStream", "kms:DescribeKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:ListKeys", "kms:ListResourceTags", "lambda:GetAlias", "lambda:GetFunction", "lambda:GetFunctionCodeSigningConfig", "lambda:GetPolicy", "lambda:ListAliases", "lambda:ListFunctions", "lambda:ListVersionsByFunction", "logs:DescribeLogGroups", "logs:ListTagsLogGroup", "network-firewall:DescribeLoggingConfiguration", "network-firewall:ListFirewalls", "organizations:DescribeOrganization", "rds:DescribeDBParameterGroups", "rds:DescribeDBClusters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSnapshotAttributes", "rds:DescribeDBSnapshots", "rds:DescribeDBSubnetGroups", "rds:DescribeEventSubscriptions", "rds:ListTagsForResource", "redshift:DescribeClusterParameterGroups", "redshift:DescribeClusterParameters", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "redshift:DescribeClusterSnapshots", "redshift:DescribeClusterSubnetGroups", "redshift:DescribeEventSubscriptions", "redshift:DescribeLoggingStatus", "route53:GetHealthCheck", "route53:GetHostedZone", "route53:ListHealthChecks", "route53:ListHostedZones", "route53:ListHostedZonesByName", "route53:ListQueryLoggingConfigs", "route53:ListResourceRecordSets", "route53:ListTagsForResource", "route53resolver:GetResolverEndpoint", "route53resolver:GetResolverRule", "route53resolver:GetResolverRuleAssociation", "route53resolver:ListResolverEndpointIpAddresses", "route53resolver:ListResolverEndpoints", "route53resolver:ListResolverRuleAssociations", "route53resolver:ListResolverRules", "route53resolver:ListTagsForResource", "s3:GetAccelerateConfiguration", "s3:GetAccessPoint", "s3:GetAccessPointPolicy", "s3:GetAccessPointPolicyStatus", "s3:GetAccountPublicAccessBlock", "s3:GetBucketAcl", "s3:GetBucketCORS", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketNotification", "s3:GetBucketObjectLockConfiguration", "s3:GetBucketPolicy", "s3:GetBucketPublicAccessBlock", "s3:GetBucketRequestPayment", "s3:GetBucketTagging", "s3:GetBucketVersioning", "s3:GetBucketWebsite", "s3:GetEncryptionConfiguration", "s3:GetLifecycleConfiguration", "s3:GetObject", "s3:GetReplicationConfiguration", "s3:ListAccessPoints", "s3:ListAllMyBuckets", "s3:ListBucket", "sagemaker:DescribeCodeRepository", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeModel", "sagemaker:DescribeMonitoringSchedule", "sagemaker:DescribeNotebookInstance", "sagemaker:DescribeNotebookInstanceLifecycleConfig", "sagemaker:DescribeWorkteam", "sagemaker:ListCodeRepositories", "sagemaker:ListEndpointConfigs", "sagemaker:ListEndpoints", "sagemaker:ListModels", "sagemaker:ListMonitoringSchedules", "sagemaker:ListNotebookInstanceLifecycleConfigs", "sagemaker:ListNotebookInstances", "sagemaker:ListTags", "sagemaker:ListWorkteams", "secretsmanager:ListSecrets", "secretsmanager:ListSecretVersionIds", "securityhub:DescribeHub", "shield:DescribeDRTAccess", "shield:DescribeProtection", "shield:DescribeSubscription", "sns:GetSubscriptionAttributes", "sns:GetTopicAttributes", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTagsForResource", "sns:ListTopics", "sqs:GetQueueAttributes", "sqs:ListQueues", "sqs:ListQueueTags", "ssm:DescribeAutomationExecutions", "ssm:DescribeDocument", "ssm:DescribeDocumentPermission", "ssm:GetAutomationExecution", "ssm:GetDocument", "ssm:ListDocuments", "states:DescribeStateMachine", "states:ListStateMachines", "states:ListTagsForResource", "storagegateway:ListGateways", "storagegateway:ListTagsForResource", "storagegateway:ListVolumes", "support:DescribeCases", "tag:GetResources", "waf-regional:GetLoggingConfiguration", "waf-regional:GetWebACL", "waf-regional:GetWebACLForResource", "waf:GetLoggingConfiguration", "waf:GetWebACL", "wafv2:GetLoggingConfiguration" ], "Resource": "*" } ] }, "VersionId": "v40" }, "AWSConfigRoleForOrganizations": { "PolicyName": "AWSConfigRoleForOrganizations", "PolicyId": "ANPAIEHGYAUTHXSXZAW2E", "Arn": "arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations", "Path": "/service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-03-19T22:53:01+00:00", "UpdateDate": "2020-11-24T20:19:13+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "organizations:ListAccounts", "organizations:DescribeOrganization", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListDelegatedAdministrators" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSConfigRulesExecutionRole": { "PolicyName": "AWSConfigRulesExecutionRole", "PolicyId": "ANPAJUB3KIKTA4PU4OYAA", "Arn": "arn:aws:iam::aws:policy/service-role/AWSConfigRulesExecutionRole", "Path": "/service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-03-25T17:59:36+00:00", "UpdateDate": "2019-05-13T21:33:30+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": "arn:aws:s3:::*/AWSLogs/*/Config/*" }, { "Effect": "Allow", "Action": [ "config:Put*", "config:Get*", "config:List*", "config:Describe*", "config:BatchGet*", "config:Select*" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AWSConfigServiceRolePolicy": { "PolicyName": "AWSConfigServiceRolePolicy", "PolicyId": "ANPAJUCWFHNZER665LLQQ", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSConfigServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v26", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-05-30T23:31:46+00:00", "UpdateDate": "2021-07-27T22:31:53+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "access-analyzer:GetAnalyzer", "access-analyzer:ListAnalyzers", "access-analyzer:ListArchiveRules", "access-analyzer:ListTagsForResource", "acm:DescribeCertificate", "acm:ListCertificates", "acm:ListTagsForCertificate", "apigateway:GET", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeLifecycleHooks", "autoscaling:DescribePolicies", "autoscaling:DescribeScheduledActions", "autoscaling:DescribeTags", "backup:DescribeBackupVault", "backup:DescribeRecoveryPoint", "backup:GetBackupPlan", "backup:GetBackupSelection", "backup:GetBackupVaultAccessPolicy", "backup:GetBackupVaultNotifications", "backup:ListBackupPlans", "backup:ListBackupSelections", "backup:ListBackupVaults", "backup:ListRecoveryPointsByBackupVault", "backup:ListTags", "cloudformation:DescribeType", "cloudformation:ListTypes", "cloudfront:ListDistributions", "cloudfront:ListTagsForResource", "cloudtrail:DescribeTrails", "cloudtrail:GetEventSelectors", "cloudtrail:GetTrailStatus", "cloudtrail:ListTags", "cloudwatch:DescribeAlarms", "codepipeline:GetPipeline", "codepipeline:GetPipelineState", "codepipeline:ListPipelines", "config:BatchGet*", "config:Describe*", "config:Get*", "config:List*", "config:Put*", "config:Select*", "dax:DescribeClusters", "dms:DescribeEventSubscriptions", "dms:DescribeReplicationInstances", "dms:DescribeReplicationSubnetGroups", "dms:ListTagsForResource", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeLimits", "dynamodb:DescribeTable", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "ec2:Describe*", "ec2:GetEbsEncryptionByDefault", "ecr-public:DescribeRepositories", "ecr-public:GetRepositoryCatalogData", "ecr-public:ListTagsForResource", "ecr:DescribeRepositories", "ecr:GetLifecyclePolicy", "ecr:GetRepositoryPolicy", "ecr:ListTagsForResource", "ecs:DescribeClusters", "ecs:DescribeServices", "ecs:DescribeTaskDefinition", "ecs:DescribeTaskSets", "ecs:ListClusters", "ecs:ListServices", "ecs:ListTagsForResource", "ecs:ListTaskDefinitions", "eks:DescribeCluster", "eks:DescribeNodegroup", "eks:ListClusters", "eks:ListNodegroups", "elasticache:DescribeCacheClusters", "elasticache:DescribeCacheParameterGroups", "elasticache:DescribeCacheSubnetGroups", "elasticache:DescribeReplicationGroups", "elasticache:ListTagsForResource", "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeBackupPolicy", "elasticfilesystem:DescribeFileSystemPolicy", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeLifecycleConfiguration", "elasticfilesystem:DescribeMountTargets", "elasticfilesystem:DescribeMountTargetSecurityGroups", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancerPolicies", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticmapreduce:DescribeCluster", "elasticmapreduce:DescribeSecurityConfiguration", "elasticmapreduce:DescribeStep", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:GetManagedScalingPolicy", "elasticmapreduce:ListClusters", "elasticmapreduce:ListInstanceFleets", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListInstances", "elasticmapreduce:ListSecurityConfigurations", "elasticmapreduce:ListSteps", "es:DescribeElasticsearchDomain", "es:DescribeElasticsearchDomains", "es:ListDomainNames", "es:ListTags", "firehose:DescribeDeliveryStream", "firehose:ListDeliveryStreams", "firehose:ListTagsForDeliveryStream", "fsx:DescribeFileSystems", "globalaccelerator:DescribeAccelerator", "globalaccelerator:DescribeEndpointGroup", "globalaccelerator:DescribeListener", "globalaccelerator:ListAccelerators", "globalaccelerator:ListEndpointGroups", "globalaccelerator:ListListeners", "globalaccelerator:ListTagsForResource", "guardduty:GetDetector", "guardduty:GetFindings", "guardduty:GetMasterAccount", "guardduty:ListDetectors", "guardduty:ListFindings", "iam:GenerateCredentialReport", "iam:GetAccountAuthorizationDetails", "iam:GetAccountPasswordPolicy", "iam:GetAccountSummary", "iam:GetCredentialReport", "iam:GetGroup", "iam:GetGroupPolicy", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole", "iam:GetRolePolicy", "iam:GetUser", "iam:GetUserPolicy", "iam:ListAttachedGroupPolicies", "iam:ListAttachedRolePolicies", "iam:ListAttachedUserPolicies", "iam:ListEntitiesForPolicy", "iam:ListGroupPolicies", "iam:ListGroupsForUser", "iam:ListInstanceProfilesForRole", "iam:ListPolicyVersions", "iam:ListRolePolicies", "iam:ListUserPolicies", "iam:ListVirtualMFADevices", "kafka:DescribeCluster", "kafka:ListClusters", "kinesis:DescribeStreamConsumer", "kinesis:DescribeStreamSummary", "kinesis:ListStreamConsumers", "kinesis:ListStreams", "kinesis:ListTagsForStream", "kms:DescribeKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:ListKeys", "kms:ListResourceTags", "lambda:GetAlias", "lambda:GetFunction", "lambda:GetFunctionCodeSigningConfig", "lambda:GetPolicy", "lambda:ListAliases", "lambda:ListFunctions", "lambda:ListVersionsByFunction", "logs:DescribeLogGroups", "logs:ListTagsLogGroup", "network-firewall:DescribeLoggingConfiguration", "network-firewall:ListFirewalls", "organizations:DescribeOrganization", "rds:DescribeDBParameterGroups", "rds:DescribeDBClusters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSnapshotAttributes", "rds:DescribeDBSnapshots", "rds:DescribeDBSubnetGroups", "rds:DescribeEventSubscriptions", "rds:ListTagsForResource", "redshift:DescribeClusterParameterGroups", "redshift:DescribeClusterParameters", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "redshift:DescribeClusterSnapshots", "redshift:DescribeClusterSubnetGroups", "redshift:DescribeEventSubscriptions", "redshift:DescribeLoggingStatus", "route53:GetHealthCheck", "route53:GetHostedZone", "route53:ListHealthChecks", "route53:ListHostedZones", "route53:ListHostedZonesByName", "route53:ListQueryLoggingConfigs", "route53:ListResourceRecordSets", "route53:ListTagsForResource", "route53resolver:GetResolverEndpoint", "route53resolver:GetResolverRule", "route53resolver:GetResolverRuleAssociation", "route53resolver:ListResolverEndpointIpAddresses", "route53resolver:ListResolverEndpoints", "route53resolver:ListResolverRuleAssociations", "route53resolver:ListResolverRules", "route53resolver:ListTagsForResource", "s3:GetAccelerateConfiguration", "s3:GetAccessPoint", "s3:GetAccessPointPolicy", "s3:GetAccessPointPolicyStatus", "s3:GetAccountPublicAccessBlock", "s3:GetBucketAcl", "s3:GetBucketCORS", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketNotification", "s3:GetBucketObjectLockConfiguration", "s3:GetBucketPolicy", "s3:GetBucketPublicAccessBlock", "s3:GetBucketRequestPayment", "s3:GetBucketTagging", "s3:GetBucketVersioning", "s3:GetBucketWebsite", "s3:GetEncryptionConfiguration", "s3:GetLifecycleConfiguration", "s3:GetReplicationConfiguration", "s3:ListAccessPoints", "s3:ListAllMyBuckets", "s3:ListBucket", "sagemaker:DescribeCodeRepository", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeModel", "sagemaker:DescribeMonitoringSchedule", "sagemaker:DescribeNotebookInstance", "sagemaker:DescribeNotebookInstanceLifecycleConfig", "sagemaker:DescribeWorkteam", "sagemaker:ListCodeRepositories", "sagemaker:ListEndpointConfigs", "sagemaker:ListEndpoints", "sagemaker:ListModels", "sagemaker:ListMonitoringSchedules", "sagemaker:ListNotebookInstanceLifecycleConfigs", "sagemaker:ListNotebookInstances", "sagemaker:ListTags", "sagemaker:ListWorkteams", "secretsmanager:ListSecrets", "secretsmanager:ListSecretVersionIds", "securityhub:DescribeHub", "shield:DescribeDRTAccess", "shield:DescribeProtection", "shield:DescribeSubscription", "sns:GetSubscriptionAttributes", "sns:GetTopicAttributes", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTagsForResource", "sns:ListTopics", "sqs:GetQueueAttributes", "sqs:ListQueues", "sqs:ListQueueTags", "ssm:DescribeAutomationExecutions", "ssm:DescribeDocument", "ssm:DescribeDocumentPermission", "ssm:GetAutomationExecution", "ssm:GetDocument", "ssm:ListDocuments", "states:DescribeStateMachine", "states:ListStateMachines", "states:ListTagsForResource", "storagegateway:ListGateways", "storagegateway:ListTagsForResource", "storagegateway:ListVolumes", "support:DescribeCases", "tag:GetResources", "waf-regional:GetLoggingConfiguration", "waf-regional:GetWebACL", "waf-regional:GetWebACLForResource", "waf:GetLoggingConfiguration", "waf:GetWebACL", "wafv2:GetLoggingConfiguration" ], "Resource": "*" } ] }, "VersionId": "v26" }, "AWSConfigUserAccess": { "PolicyName": "AWSConfigUserAccess", "PolicyId": "ANPAIWTTSFJ7KKJE3MWGA", "Arn": "arn:aws:iam::aws:policy/AWSConfigUserAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-18T19:38:41+00:00", "UpdateDate": "2019-03-18T20:27:47+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "config:Get*", "config:Describe*", "config:Deliver*", "config:List*", "config:Select*", "tag:GetResources", "tag:GetTagKeys", "cloudtrail:DescribeTrails", "cloudtrail:GetTrailStatus", "cloudtrail:LookupEvents" ], "Resource": "*" } ] }, "VersionId": "v4" }, "AWSConnector": { "PolicyName": "AWSConnector", "PolicyId": "ANPAJ6YATONJHICG3DJ3U", "Arn": "arn:aws:iam::aws:policy/AWSConnector", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-11T17:14:31+00:00", "UpdateDate": "2015-09-28T19:50:38+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:GetUser", "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteObject", "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:PutObject", "s3:PutObjectAcl", "s3:AbortMultipartUpload", "s3:ListBucketMultipartUploads", "s3:ListMultipartUploadParts" ], "Resource": "arn:aws:s3:::import-to-ec2-*" }, { "Effect": "Allow", "Action": [ "ec2:CancelConversionTask", "ec2:CancelExportTask", "ec2:CreateImage", "ec2:CreateInstanceExportTask", "ec2:CreateTags", "ec2:CreateVolume", "ec2:DeleteTags", "ec2:DeleteVolume", "ec2:DescribeConversionTasks", "ec2:DescribeExportTasks", "ec2:DescribeImages", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", "ec2:DescribeInstances", "ec2:DescribeRegions", "ec2:DescribeTags", "ec2:DetachVolume", "ec2:ImportInstance", "ec2:ImportVolume", "ec2:ModifyInstanceAttribute", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:ImportImage", "ec2:DescribeImportImageTasks", "ec2:DeregisterImage", "ec2:DescribeSnapshots", "ec2:DeleteSnapshot", "ec2:CancelImportTask", "ec2:ImportSnapshot", "ec2:DescribeImportSnapshotTasks" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "SNS:Publish" ], "Resource": "arn:aws:sns:*:*:metrics-sns-topic-for-*" } ] }, "VersionId": "v3" }, "AWSControlTowerServiceRolePolicy": { "PolicyName": "AWSControlTowerServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4MW35THVLF", "Arn": "arn:aws:iam::aws:policy/service-role/AWSControlTowerServiceRolePolicy", "Path": "/service-role/", "DefaultVersionId": "v7", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-05-03T18:19:11+00:00", "UpdateDate": "2021-06-04T23:00:46+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudformation:CreateStack", "cloudformation:CreateStackInstances", "cloudformation:CreateStackSet", "cloudformation:DeleteStack", "cloudformation:DeleteStackInstances", "cloudformation:DeleteStackSet", "cloudformation:DescribeStackInstance", "cloudformation:DescribeStacks", "cloudformation:DescribeStackSet", "cloudformation:DescribeStackSetOperation", "cloudformation:ListStackInstances", "cloudformation:UpdateStack", "cloudformation:UpdateStackInstances", "cloudformation:UpdateStackSet" ], "Resource": [ "arn:aws:cloudformation:*:*:type/resource/AWS-IAM-Role" ] }, { "Effect": "Allow", "Action": [ "cloudformation:CreateStack", "cloudformation:CreateStackInstances", "cloudformation:CreateStackSet", "cloudformation:DeleteStack", "cloudformation:DeleteStackInstances", "cloudformation:DeleteStackSet", "cloudformation:DescribeStackInstance", "cloudformation:DescribeStacks", "cloudformation:DescribeStackSet", "cloudformation:DescribeStackSetOperation", "cloudformation:GetTemplate", "cloudformation:ListStackInstances", "cloudformation:UpdateStack", "cloudformation:UpdateStackInstances", "cloudformation:UpdateStackSet" ], "Resource": [ "arn:aws:cloudformation:*:*:stack/AWSControlTower*/*", "arn:aws:cloudformation:*:*:stack/StackSet-AWSControlTower*/*", "arn:aws:cloudformation:*:*:stackset/AWSControlTower*:*", "arn:aws:cloudformation:*:*:stackset-target/AWSControlTower*/*" ] }, { "Effect": "Allow", "Action": [ "cloudtrail:CreateTrail", "cloudtrail:DeleteTrail", "cloudtrail:GetTrailStatus", "cloudtrail:StartLogging", "cloudtrail:StopLogging", "cloudtrail:UpdateTrail", "cloudtrail:PutEventSelectors", "logs:CreateLogStream", "logs:PutLogEvents", "logs:PutRetentionPolicy" ], "Resource": [ "arn:aws:logs:*:*:log-group:aws-controltower/CloudTrailLogs:*", "arn:aws:cloudtrail:*:*:trail/aws-controltower*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::aws-controltower*/*" ] }, { "Effect": "Allow", "Action": [ "sts:AssumeRole" ], "Resource": [ "arn:aws:iam::*:role/AWSControlTowerExecution" ] }, { "Effect": "Allow", "Action": [ "cloudtrail:DescribeTrails", "ec2:DescribeAvailabilityZones", "iam:ListRoles", "logs:CreateLogGroup", "logs:DescribeLogGroups", "organizations:CreateAccount", "organizations:DescribeAccount", "organizations:DescribeCreateAccountStatus", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribePolicy", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListChildren", "organizations:ListOrganizationalUnitsForParent", "organizations:ListParents", "organizations:ListPoliciesForTarget", "organizations:ListTargetsForPolicy", "organizations:ListRoots", "organizations:MoveAccount", "servicecatalog:AssociatePrincipalWithPortfolio" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:GetRole", "iam:GetUser", "iam:ListAttachedRolePolicies", "iam:GetRolePolicy" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/service-role/AWSControlTowerStackSetRole", "arn:aws:iam::*:role/service-role/AWSControlTowerCloudTrailRole", "arn:aws:iam::*:role/service-role/AWSControlTowerConfigAggregatorRoleForOrganizations" ] }, { "Effect": "Allow", "Action": [ "config:DeleteConfigurationAggregator", "config:PutConfigurationAggregator", "config:TagResource" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/aws-control-tower": "managed-by-control-tower" } } }, { "Effect": "Allow", "Action": "organizations:EnableAWSServiceAccess", "Resource": "*", "Condition": { "StringLike": { "organizations:ServicePrincipal": "config.amazonaws.com" } } } ] }, "VersionId": "v7" }, "AWSDataExchangeFullAccess": { "PolicyName": "AWSDataExchangeFullAccess", "PolicyId": "ANPAZKAPJZG4MPDTDB3FH", "Arn": "arn:aws:iam::aws:policy/AWSDataExchangeFullAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-13T19:27:59+00:00", "UpdateDate": "2021-05-10T21:07:38+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dataexchange:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::*aws-data-exchange*", "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "dataexchange.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": "s3:GetObject", "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "s3:ExistingObjectTag/AWSDataExchange": "true" }, "ForAnyValue:StringEquals": { "aws:CalledVia": [ "dataexchange.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:PutObjectAcl" ], "Resource": "arn:aws:s3:::*aws-data-exchange*", "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "dataexchange.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "aws-marketplace:DescribeEntity", "aws-marketplace:ListEntities", "aws-marketplace:StartChangeSet", "aws-marketplace:ListChangeSets", "aws-marketplace:DescribeChangeSet", "aws-marketplace:CancelChangeSet", "aws-marketplace:GetAgreementApprovalRequest", "aws-marketplace:ListAgreementApprovalRequests", "aws-marketplace:AcceptAgreementApprovalRequest", "aws-marketplace:RejectAgreementApprovalRequest", "aws-marketplace:UpdateAgreementApprovalRequest", "aws-marketplace:SearchAgreements", "aws-marketplace:GetAgreementTerms" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "aws-marketplace:Subscribe", "aws-marketplace:Unsubscribe", "aws-marketplace:ViewSubscriptions", "aws-marketplace:GetAgreementRequest", "aws-marketplace:ListAgreementRequests", "aws-marketplace:CancelAgreementRequest" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:DescribeKey", "kms:ListAliases", "kms:ListKeys" ], "Resource": "*" } ] }, "VersionId": "v4" }, "AWSDataExchangeProviderFullAccess": { "PolicyName": "AWSDataExchangeProviderFullAccess", "PolicyId": "ANPAZKAPJZG4MQSUGZZPZ", "Arn": "arn:aws:iam::aws:policy/AWSDataExchangeProviderFullAccess", "Path": "/", "DefaultVersionId": "v7", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-13T19:27:55+00:00", "UpdateDate": "2021-05-25T19:26:14+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dataexchange:CreateDataSet", "dataexchange:CreateRevision", "dataexchange:CreateAsset", "dataexchange:Get*", "dataexchange:Update*", "dataexchange:List*", "dataexchange:Delete*", "dataexchange:TagResource", "dataexchange:UntagResource", "dataexchange:PublishDataSet", "tag:GetTagKeys", "tag:GetTagValues" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "dataexchange:CreateJob", "dataexchange:StartJob", "dataexchange:CancelJob" ], "Resource": "*", "Condition": { "StringEquals": { "dataexchange:JobType": [ "IMPORT_ASSETS_FROM_S3", "IMPORT_ASSET_FROM_SIGNED_URL", "EXPORT_ASSETS_TO_S3", "EXPORT_ASSET_TO_SIGNED_URL" ] } } }, { "Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::*aws-data-exchange*", "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "dataexchange.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": "s3:GetObject", "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "s3:ExistingObjectTag/AWSDataExchange": "true" }, "ForAnyValue:StringEquals": { "aws:CalledVia": [ "dataexchange.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:PutObjectAcl" ], "Resource": "arn:aws:s3:::*aws-data-exchange*", "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "dataexchange.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "aws-marketplace:DescribeEntity", "aws-marketplace:ListEntities", "aws-marketplace:DescribeChangeSet", "aws-marketplace:ListChangeSets", "aws-marketplace:StartChangeSet", "aws-marketplace:CancelChangeSet", "aws-marketplace:GetAgreementApprovalRequest", "aws-marketplace:ListAgreementApprovalRequests", "aws-marketplace:AcceptAgreementApprovalRequest", "aws-marketplace:RejectAgreementApprovalRequest", "aws-marketplace:UpdateAgreementApprovalRequest", "aws-marketplace:SearchAgreements", "aws-marketplace:GetAgreementTerms" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:DescribeKey", "kms:ListAliases", "kms:ListKeys" ], "Resource": "*" } ] }, "VersionId": "v7" }, "AWSDataExchangeReadOnly": { "PolicyName": "AWSDataExchangeReadOnly", "PolicyId": "ANPAZKAPJZG4DQNFEZURI", "Arn": "arn:aws:iam::aws:policy/AWSDataExchangeReadOnly", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-13T19:27:37+00:00", "UpdateDate": "2021-05-10T21:15:26+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dataexchange:Get*", "dataexchange:List*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "aws-marketplace:ViewSubscriptions", "aws-marketplace:GetAgreementRequest", "aws-marketplace:ListAgreementRequests", "aws-marketplace:GetAgreementApprovalRequest", "aws-marketplace:ListAgreementApprovalRequests", "aws-marketplace:DescribeEntity", "aws-marketplace:ListEntities", "aws-marketplace:DescribeChangeSet", "aws-marketplace:ListChangeSets", "aws-marketplace:SearchAgreements", "aws-marketplace:GetAgreementTerms" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSDataExchangeSubscriberFullAccess": { "PolicyName": "AWSDataExchangeSubscriberFullAccess", "PolicyId": "ANPAZKAPJZG4MAWRW4GF7", "Arn": "arn:aws:iam::aws:policy/AWSDataExchangeSubscriberFullAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-13T19:27:52+00:00", "UpdateDate": "2021-02-08T23:34:25+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dataexchange:Get*", "dataexchange:List*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "dataexchange:CreateJob", "dataexchange:StartJob", "dataexchange:CancelJob" ], "Resource": "*", "Condition": { "StringEquals": { "dataexchange:JobType": [ "EXPORT_ASSETS_TO_S3", "EXPORT_ASSET_TO_SIGNED_URL", "EXPORT_REVISIONS_TO_S3" ] } } }, { "Action": "s3:GetObject", "Effect": "Allow", "Resource": "arn:aws:s3:::*aws-data-exchange*", "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "dataexchange.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "aws-marketplace:Subscribe", "aws-marketplace:Unsubscribe", "aws-marketplace:ViewSubscriptions", "aws-marketplace:GetAgreementRequest", "aws-marketplace:ListAgreementRequests", "aws-marketplace:CancelAgreementRequest" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:DescribeKey", "kms:ListAliases", "kms:ListKeys" ], "Resource": "*" } ] }, "VersionId": "v4" }, "AWSDataLifecycleManagerServiceRole": { "PolicyName": "AWSDataLifecycleManagerServiceRole", "PolicyId": "ANPAIZRLOKFUFE7YXQOJS", "Arn": "arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerServiceRole", "Path": "/service-role/", "DefaultVersionId": "v6", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-07-06T19:34:16+00:00", "UpdateDate": "2020-12-11T18:15:06+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:CreateSnapshot", "ec2:CreateSnapshots", "ec2:DeleteSnapshot", "ec2:DescribeInstances", "ec2:DescribeVolumes", "ec2:DescribeSnapshots", "ec2:EnableFastSnapshotRestores", "ec2:DescribeFastSnapshotRestores", "ec2:DisableFastSnapshotRestores", "ec2:CopySnapshot", "ec2:ModifySnapshotAttribute", "ec2:DescribeSnapshotAttribute" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": "arn:aws:ec2:*::snapshot/*" }, { "Effect": "Allow", "Action": [ "events:PutRule", "events:DeleteRule", "events:DescribeRule", "events:EnableRule", "events:DisableRule", "events:ListTargetsByRule", "events:PutTargets", "events:RemoveTargets" ], "Resource": "arn:aws:events:*:*:rule/AwsDataLifecycleRule.managed-cwe.*" } ] }, "VersionId": "v6" }, "AWSDataLifecycleManagerServiceRoleForAMIManagement": { "PolicyName": "AWSDataLifecycleManagerServiceRoleForAMIManagement", "PolicyId": "ANPAZKAPJZG4MG6O7FWSP", "Arn": "arn:aws:iam::aws:policy/service-role/AWSDataLifecycleManagerServiceRoleForAMIManagement", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-10-21T19:39:41+00:00", "UpdateDate": "2020-10-21T19:39:41+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": [ "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*::image/*" ] }, { "Effect": "Allow", "Action": [ "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeImageAttribute", "ec2:DescribeVolumes", "ec2:DescribeSnapshots" ], "Resource": "*" }, { "Effect": "Allow", "Action": "ec2:DeleteSnapshot", "Resource": "arn:aws:ec2:*::snapshot/*" }, { "Effect": "Allow", "Action": [ "ec2:ResetImageAttribute", "ec2:DeregisterImage", "ec2:CreateImage", "ec2:CopyImage", "ec2:ModifyImageAttribute" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSDataPipelineRole": { "PolicyName": "AWSDataPipelineRole", "PolicyId": "ANPAIKCP6XS3ESGF4GLO2", "Arn": "arn:aws:iam::aws:policy/service-role/AWSDataPipelineRole", "Path": "/service-role/", "DefaultVersionId": "v6", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:24+00:00", "UpdateDate": "2017-12-22T23:43:28+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:*", "datapipeline:DescribeObjects", "datapipeline:EvaluateExpression", "dynamodb:BatchGetItem", "dynamodb:DescribeTable", "dynamodb:GetItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:UpdateTable", "ec2:AuthorizeSecurityGroupIngress", "ec2:CancelSpotInstanceRequests", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DeleteTags", "ec2:Describe*", "ec2:ModifyImageAttribute", "ec2:ModifyInstanceAttribute", "ec2:RequestSpotInstances", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:AuthorizeSecurityGroupEgress", "ec2:DeleteSecurityGroup", "ec2:RevokeSecurityGroupEgress", "ec2:DescribeNetworkInterfaces", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DetachNetworkInterface", "elasticmapreduce:*", "iam:GetInstanceProfile", "iam:GetRole", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies", "iam:ListRolePolicies", "iam:ListInstanceProfiles", "iam:PassRole", "rds:DescribeDBInstances", "rds:DescribeDBSecurityGroups", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "s3:CreateBucket", "s3:DeleteObject", "s3:Get*", "s3:List*", "s3:Put*", "sdb:BatchPutAttributes", "sdb:Select*", "sns:GetTopicAttributes", "sns:ListTopics", "sns:Publish", "sns:Subscribe", "sns:Unsubscribe", "sqs:CreateQueue", "sqs:Delete*", "sqs:GetQueue*", "sqs:PurgeQueue", "sqs:ReceiveMessage" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringLike": { "iam:AWSServiceName": [ "elasticmapreduce.amazonaws.com", "spot.amazonaws.com" ] } } } ] }, "VersionId": "v6" }, "AWSDataPipeline_FullAccess": { "PolicyName": "AWSDataPipeline_FullAccess", "PolicyId": "ANPAIXOFIG7RSBMRPHXJ4", "Arn": "arn:aws:iam::aws:policy/AWSDataPipeline_FullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-01-19T23:14:54+00:00", "UpdateDate": "2017-08-17T18:48:39+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:List*", "dynamodb:DescribeTable", "rds:DescribeDBInstances", "rds:DescribeDBSecurityGroups", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "sns:ListTopics", "sns:Subscribe", "iam:ListRoles", "iam:GetRolePolicy", "iam:GetInstanceProfile", "iam:ListInstanceProfiles", "datapipeline:*" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": "iam:PassRole", "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/DataPipelineDefaultResourceRole", "arn:aws:iam::*:role/DataPipelineDefaultRole" ] } ] }, "VersionId": "v2" }, "AWSDataPipeline_PowerUser": { "PolicyName": "AWSDataPipeline_PowerUser", "PolicyId": "ANPAIMXGLVY6DVR24VTYS", "Arn": "arn:aws:iam::aws:policy/AWSDataPipeline_PowerUser", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-01-19T23:16:46+00:00", "UpdateDate": "2017-08-17T18:49:42+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:List*", "dynamodb:DescribeTable", "rds:DescribeDBInstances", "rds:DescribeDBSecurityGroups", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "sns:ListTopics", "iam:ListRoles", "iam:GetRolePolicy", "iam:GetInstanceProfile", "iam:ListInstanceProfiles", "datapipeline:*" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": "iam:PassRole", "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/DataPipelineDefaultResourceRole", "arn:aws:iam::*:role/DataPipelineDefaultRole" ] } ] }, "VersionId": "v2" }, "AWSDataSyncFullAccess": { "PolicyName": "AWSDataSyncFullAccess", "PolicyId": "ANPAJGOHCDUQULZJKDGT4", "Arn": "arn:aws:iam::aws:policy/AWSDataSyncFullAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-01-18T19:40:36+00:00", "UpdateDate": "2020-06-30T17:58:58+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "datasync:*", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:ModifyNetworkInterfaceAttribute", "fsx:DescribeFileSystems", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargets", "iam:GetRole", "iam:ListRoles", "logs:CreateLogGroup", "logs:DescribeLogGroups", "logs:DescribeResourcePolicies", "s3:ListAllMyBuckets", "s3:ListBucket" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": [ "datasync.amazonaws.com" ] } } } ] }, "VersionId": "v3" }, "AWSDataSyncReadOnlyAccess": { "PolicyName": "AWSDataSyncReadOnlyAccess", "PolicyId": "ANPAJRYVEZEDR7ZEAGYLY", "Arn": "arn:aws:iam::aws:policy/AWSDataSyncReadOnlyAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-01-18T19:18:44+00:00", "UpdateDate": "2020-06-30T17:59:22+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "datasync:Describe*", "datasync:List*", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargets", "fsx:DescribeFileSystems", "iam:GetRole", "iam:ListRoles", "logs:DescribeLogGroups", "logs:DescribeResourcePolicies", "s3:ListAllMyBuckets", "s3:ListBucket" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AWSDeepLensLambdaFunctionAccessPolicy": { "PolicyName": "AWSDeepLensLambdaFunctionAccessPolicy", "PolicyId": "ANPAIKIEE4PRM54V4G3ZG", "Arn": "arn:aws:iam::aws:policy/AWSDeepLensLambdaFunctionAccessPolicy", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-29T15:47:18+00:00", "UpdateDate": "2019-06-11T23:11:55+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "DeepLensS3ObjectAccess", "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::deeplens*/*", "arn:aws:s3:::deeplens*" ] }, { "Sid": "DeepLensGreenGrassCloudWatchAccess", "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents", "logs:CreateLogGroup" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/greengrass/*" }, { "Sid": "DeepLensAccess", "Effect": "Allow", "Action": [ "deeplens:*" ], "Resource": [ "*" ] }, { "Sid": "DeepLensKinesisVideoAccess", "Effect": "Allow", "Action": [ "kinesisvideo:DescribeStream", "kinesisvideo:CreateStream", "kinesisvideo:GetDataEndpoint", "kinesisvideo:PutMedia" ], "Resource": [ "*" ] } ] }, "VersionId": "v4" }, "AWSDeepLensServiceRolePolicy": { "PolicyName": "AWSDeepLensServiceRolePolicy", "PolicyId": "ANPAJK2Z2S7FPJFCYGR72", "Arn": "arn:aws:iam::aws:policy/service-role/AWSDeepLensServiceRolePolicy", "Path": "/service-role/", "DefaultVersionId": "v6", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-29T15:46:36+00:00", "UpdateDate": "2019-09-25T19:25:06+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "DeepLensIoTThingAccess", "Effect": "Allow", "Action": [ "iot:CreateThing", "iot:DeleteThing", "iot:DeleteThingShadow", "iot:DescribeThing", "iot:GetThingShadow", "iot:UpdateThing", "iot:UpdateThingShadow" ], "Resource": [ "arn:aws:iot:*:*:thing/deeplens*" ] }, { "Sid": "DeepLensIoTCertificateAccess", "Effect": "Allow", "Action": [ "iot:AttachThingPrincipal", "iot:DetachThingPrincipal", "iot:UpdateCertificate", "iot:DeleteCertificate", "iot:DetachPrincipalPolicy" ], "Resource": [ "arn:aws:iot:*:*:thing/deeplens*", "arn:aws:iot:*:*:cert/*" ] }, { "Sid": "DeepLensIoTCreateCertificateAndPolicyAccess", "Effect": "Allow", "Action": [ "iot:CreateKeysAndCertificate", "iot:CreatePolicy", "iot:CreatePolicyVersion" ], "Resource": [ "*" ] }, { "Sid": "DeepLensIoTAttachCertificatePolicyAccess", "Effect": "Allow", "Action": [ "iot:AttachPrincipalPolicy" ], "Resource": [ "arn:aws:iot:*:*:policy/deeplens*", "arn:aws:iot:*:*:cert/*" ] }, { "Sid": "DeepLensIoTDataAccess", "Effect": "Allow", "Action": [ "iot:GetThingShadow", "iot:UpdateThingShadow" ], "Resource": [ "arn:aws:iot:*:*:thing/deeplens*" ] }, { "Sid": "DeepLensIoTEndpointAccess", "Effect": "Allow", "Action": [ "iot:DescribeEndpoint" ], "Resource": [ "*" ] }, { "Sid": "DeepLensAccess", "Effect": "Allow", "Action": [ "deeplens:*" ], "Resource": [ "*" ] }, { "Sid": "DeepLensS3ObjectAccess", "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::deeplens*" ] }, { "Sid": "DeepLensS3Buckets", "Effect": "Allow", "Action": [ "s3:DeleteBucket", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::deeplens*" ] }, { "Sid": "DeepLensCreateS3Buckets", "Effect": "Allow", "Action": [ "s3:CreateBucket" ], "Resource": [ "*" ] }, { "Sid": "DeepLensIAMPassRoleAccess", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "greengrass.amazonaws.com", "sagemaker.amazonaws.com" ] } } }, { "Sid": "DeepLensIAMLambdaPassRoleAccess", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/AWSDeepLens*", "arn:aws:iam::*:role/service-role/AWSDeepLens*" ], "Condition": { "StringEqualsIfExists": { "iam:PassedToService": "lambda.amazonaws.com" } } }, { "Sid": "DeepLensGreenGrassAccess", "Effect": "Allow", "Action": [ "greengrass:AssociateRoleToGroup", "greengrass:AssociateServiceRoleToAccount", "greengrass:CreateResourceDefinition", "greengrass:CreateResourceDefinitionVersion", "greengrass:CreateCoreDefinition", "greengrass:CreateCoreDefinitionVersion", "greengrass:CreateDeployment", "greengrass:CreateFunctionDefinition", "greengrass:CreateFunctionDefinitionVersion", "greengrass:CreateGroup", "greengrass:CreateGroupCertificateAuthority", "greengrass:CreateGroupVersion", "greengrass:CreateLoggerDefinition", "greengrass:CreateLoggerDefinitionVersion", "greengrass:CreateSubscriptionDefinition", "greengrass:CreateSubscriptionDefinitionVersion", "greengrass:DeleteCoreDefinition", "greengrass:DeleteFunctionDefinition", "greengrass:DeleteGroup", "greengrass:DeleteLoggerDefinition", "greengrass:DeleteSubscriptionDefinition", "greengrass:DisassociateRoleFromGroup", "greengrass:DisassociateServiceRoleFromAccount", "greengrass:GetAssociatedRole", "greengrass:GetConnectivityInfo", "greengrass:GetCoreDefinition", "greengrass:GetCoreDefinitionVersion", "greengrass:GetDeploymentStatus", "greengrass:GetDeviceDefinition", "greengrass:GetDeviceDefinitionVersion", "greengrass:GetFunctionDefinition", "greengrass:GetFunctionDefinitionVersion", "greengrass:GetGroup", "greengrass:GetGroupCertificateAuthority", "greengrass:GetGroupCertificateConfiguration", "greengrass:GetGroupVersion", "greengrass:GetLoggerDefinition", "greengrass:GetLoggerDefinitionVersion", "greengrass:GetResourceDefinition", "greengrass:GetServiceRoleForAccount", "greengrass:GetSubscriptionDefinition", "greengrass:GetSubscriptionDefinitionVersion", "greengrass:ListCoreDefinitionVersions", "greengrass:ListCoreDefinitions", "greengrass:ListDeployments", "greengrass:ListDeviceDefinitionVersions", "greengrass:ListDeviceDefinitions", "greengrass:ListFunctionDefinitionVersions", "greengrass:ListFunctionDefinitions", "greengrass:ListGroupCertificateAuthorities", "greengrass:ListGroupVersions", "greengrass:ListGroups", "greengrass:ListLoggerDefinitionVersions", "greengrass:ListLoggerDefinitions", "greengrass:ListSubscriptionDefinitionVersions", "greengrass:ListSubscriptionDefinitions", "greengrass:ResetDeployments", "greengrass:UpdateConnectivityInfo", "greengrass:UpdateCoreDefinition", "greengrass:UpdateDeviceDefinition", "greengrass:UpdateFunctionDefinition", "greengrass:UpdateGroup", "greengrass:UpdateGroupCertificateConfiguration", "greengrass:UpdateLoggerDefinition", "greengrass:UpdateSubscriptionDefinition", "greengrass:UpdateResourceDefinition" ], "Resource": [ "*" ] }, { "Sid": "DeepLensLambdaAdminFunctionAccess", "Effect": "Allow", "Action": [ "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:ListFunctions", "lambda:ListVersionsByFunction", "lambda:PublishVersion", "lambda:UpdateFunctionCode", "lambda:UpdateFunctionConfiguration" ], "Resource": [ "arn:aws:lambda:*:*:function:deeplens*" ] }, { "Sid": "DeepLensLambdaUsersFunctionAccess", "Effect": "Allow", "Action": [ "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:ListFunctions", "lambda:ListVersionsByFunction" ], "Resource": [ "arn:aws:lambda:*:*:function:*" ] }, { "Sid": "DeepLensSageMakerWriteAccess", "Effect": "Allow", "Action": [ "sagemaker:CreateTrainingJob", "sagemaker:DescribeTrainingJob", "sagemaker:StopTrainingJob" ], "Resource": [ "arn:aws:sagemaker:*:*:training-job/deeplens*" ] }, { "Sid": "DeepLensSageMakerReadAccess", "Effect": "Allow", "Action": [ "sagemaker:DescribeTrainingJob" ], "Resource": [ "arn:aws:sagemaker:*:*:training-job/*" ] }, { "Sid": "DeepLensKinesisVideoStreamAccess", "Effect": "Allow", "Action": [ "kinesisvideo:CreateStream", "kinesisvideo:DescribeStream", "kinesisvideo:DeleteStream" ], "Resource": [ "arn:aws:kinesisvideo:*:*:stream/deeplens*/*" ] }, { "Sid": "DeepLensKinesisVideoEndpointAccess", "Effect": "Allow", "Action": [ "kinesisvideo:GetDataEndpoint" ], "Resource": [ "*" ] } ] }, "VersionId": "v6" }, "AWSDeepRacerCloudFormationAccessPolicy": { "PolicyName": "AWSDeepRacerCloudFormationAccessPolicy", "PolicyId": "ANPAJYG7FM75UF5CW5ICS", "Arn": "arn:aws:iam::aws:policy/AWSDeepRacerCloudFormationAccessPolicy", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-02-28T21:59:49+00:00", "UpdateDate": "2019-06-14T17:02:04+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudformation:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:AllocateAddress", "ec2:AttachInternetGateway", "ec2:AssociateRouteTable", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateInternetGateway", "ec2:CreateNatGateway", "ec2:CreateNetworkAcl", "ec2:CreateNetworkAclEntry", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:DeleteInternetGateway", "ec2:DeleteNatGateway", "ec2:DeleteNetworkAcl", "ec2:DeleteNetworkAclEntry", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DeleteSecurityGroup", "ec2:DeleteSubnet", "ec2:DeleteTags", "ec2:DeleteVpc", "ec2:DeleteVpcEndpoints", "ec2:DescribeAddresses", "ec2:DescribeInternetGateways", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:DetachInternetGateway", "ec2:DisassociateRouteTable", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:ReleaseAddress", "ec2:ReplaceNetworkAclAssociation", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "arn:aws:iam::*:role/service-role/AWSDeepRacerLambdaAccessRole", "Condition": { "StringLikeIfExists": { "iam:PassedToService": "lambda.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "lambda:CreateFunction", "lambda:GetFunction", "lambda:DeleteFunction", "lambda:TagResource", "lambda:UpdateFunctionCode" ], "Resource": [ "arn:aws:lambda:*:*:function:*DeepRacer*", "arn:aws:lambda:*:*:function:*Deepracer*", "arn:aws:lambda:*:*:function:*deepracer*" ] }, { "Effect": "Allow", "Action": [ "s3:PutBucketPolicy", "s3:CreateBucket", "s3:ListBucket", "s3:GetBucketAcl", "s3:DeleteBucket" ], "Resource": [ "arn:aws:s3:::*DeepRacer*", "arn:aws:s3:::*Deepracer*", "arn:aws:s3:::*deepracer*" ] }, { "Effect": "Allow", "Action": [ "robomaker:CreateSimulationApplication", "robomaker:CreateSimulationApplicationVersion", "robomaker:DeleteSimulationApplication", "robomaker:DescribeSimulationApplication", "robomaker:ListSimulationApplications", "robomaker:TagResource", "robomaker:UpdateSimulationApplication" ], "Resource": [ "arn:aws:robomaker:*:*:/createSimulationApplication", "arn:aws:robomaker:*:*:simulation-application/deepracer*" ] } ] }, "VersionId": "v2" }, "AWSDeepRacerFullAccess": { "PolicyName": "AWSDeepRacerFullAccess", "PolicyId": "ANPAZKAPJZG4JFTOPTVBM", "Arn": "arn:aws:iam::aws:policy/AWSDeepRacerFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-10-05T22:03:10+00:00", "UpdateDate": "2020-10-05T22:03:10+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:GetBucketPolicy", "s3:PutBucketPolicy", "s3:ListBucket", "s3:GetBucketAcl", "s3:GetObject", "s3:GetObjectVersion", "s3:GetObjectAcl", "s3:GetBucketLocation" ], "Resource": [ "arn:aws:s3:::*DeepRacer*", "arn:aws:s3:::*Deepracer*", "arn:aws:s3:::*deepracer*", "arn:aws:s3:::dr-*", "arn:aws:s3:::*DeepRacer*/*", "arn:aws:s3:::*Deepracer*/*", "arn:aws:s3:::*deepracer*/*", "arn:aws:s3:::dr-*/*" ] } ] }, "VersionId": "v1" }, "AWSDeepRacerRoboMakerAccessPolicy": { "PolicyName": "AWSDeepRacerRoboMakerAccessPolicy", "PolicyId": "ANPAIUKGYRTDCUFOMRGAM", "Arn": "arn:aws:iam::aws:policy/AWSDeepRacerRoboMakerAccessPolicy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-02-28T21:59:58+00:00", "UpdateDate": "2019-02-28T21:59:58+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "robomaker:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/robomaker/SimulationJobs", "arn:aws:logs:*:*:log-group:/aws/robomaker/SimulationJobs:log-stream:*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::*DeepRacer*", "arn:aws:s3:::*Deepracer*", "arn:aws:s3:::*deepracer*", "arn:aws:s3:::dr-*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "s3:ExistingObjectTag/DeepRacer": "true" } } }, { "Effect": "Allow", "Action": [ "kinesisvideo:CreateStream", "kinesisvideo:DescribeStream", "kinesisvideo:GetDataEndpoint", "kinesisvideo:PutMedia", "kinesisvideo:TagStream" ], "Resource": [ "arn:aws:kinesisvideo:*:*:stream/dr-*" ] } ] }, "VersionId": "v1" }, "AWSDeepRacerServiceRolePolicy": { "PolicyName": "AWSDeepRacerServiceRolePolicy", "PolicyId": "ANPAJTUAQLIAVBJ7LZ32S", "Arn": "arn:aws:iam::aws:policy/service-role/AWSDeepRacerServiceRolePolicy", "Path": "/service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-02-28T21:58:09+00:00", "UpdateDate": "2019-06-12T20:55:34+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "deepracer:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "robomaker:*", "sagemaker:*", "s3:ListAllMyBuckets" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudformation:ListStackResources", "cloudformation:DescribeStacks", "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:DescribeStackEvents", "cloudformation:DetectStackDrift", "cloudformation:DescribeStackDriftDetectionStatus", "cloudformation:DescribeStackResourceDrifts" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Condition": { "StringEquals": { "iam:AWSServiceName": "robomaker.amazonaws.com" } }, "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/AWSDeepRacer*", "arn:aws:iam::*:role/service-role/AWSDeepRacer*" ] }, { "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:GetLogEvents", "logs:PutLogEvents" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:GetFunction", "lambda:InvokeFunction", "lambda:UpdateFunctionCode" ], "Resource": [ "arn:aws:lambda:*:*:function:*DeepRacer*", "arn:aws:lambda:*:*:function:*Deepracer*", "arn:aws:lambda:*:*:function:*deepracer*", "arn:aws:lambda:*:*:function:*dr-*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetBucketLocation", "s3:DeleteObject", "s3:ListBucket", "s3:PutObject", "s3:PutBucketPolicy", "s3:GetBucketAcl" ], "Resource": [ "arn:aws:s3:::*DeepRacer*", "arn:aws:s3:::*Deepracer*", "arn:aws:s3:::*deepracer*", "arn:aws:s3:::dr-*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "s3:ExistingObjectTag/DeepRacer": "true" } } }, { "Effect": "Allow", "Action": [ "kinesisvideo:CreateStream", "kinesisvideo:DeleteStream", "kinesisvideo:DescribeStream", "kinesisvideo:GetDataEndpoint", "kinesisvideo:GetHLSStreamingSessionURL", "kinesisvideo:GetMedia", "kinesisvideo:PutMedia", "kinesisvideo:TagStream" ], "Resource": [ "arn:aws:kinesisvideo:*:*:stream/dr-*" ] } ] }, "VersionId": "v3" }, "AWSDenyAll": { "PolicyName": "AWSDenyAll", "PolicyId": "ANPAZKAPJZG4P43IUQ5E5", "Arn": "arn:aws:iam::aws:policy/AWSDenyAll", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-05-01T22:36:14+00:00", "UpdateDate": "2019-05-01T22:36:14+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "*" ], "Effect": "Deny", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSDeviceFarmFullAccess": { "PolicyName": "AWSDeviceFarmFullAccess", "PolicyId": "ANPAJO7KEDP4VYJPNT5UW", "Arn": "arn:aws:iam::aws:policy/AWSDeviceFarmFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-07-13T16:37:38+00:00", "UpdateDate": "2015-07-13T16:37:38+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "devicefarm:*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSDeviceFarmTestGridServiceRolePolicy": { "PolicyName": "AWSDeviceFarmTestGridServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4KOLIVAOCV", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSDeviceFarmTestGridServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-05-26T22:01:35+00:00", "UpdateDate": "2021-05-26T22:01:35+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeNetworkInterfaces", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface" ], "Resource": [ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ] }, { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface" ], "Resource": [ "arn:aws:ec2:*:*:network-interface/*" ], "Condition": { "StringEquals": { "aws:RequestTag/AWSDeviceFarmManaged": "true" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": "arn:aws:ec2:*:*:network-interface/*", "Condition": { "StringEquals": { "ec2:CreateAction": "CreateNetworkInterface" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface" ], "Resource": "arn:aws:ec2:*:*:network-interface/*", "Condition": { "StringEquals": { "aws:ResourceTag/AWSDeviceFarmManaged": "true" } } }, { "Effect": "Allow", "Action": [ "ec2:ModifyNetworkInterfaceAttribute" ], "Resource": [ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:instance/*" ] }, { "Effect": "Allow", "Action": [ "ec2:ModifyNetworkInterfaceAttribute" ], "Resource": "arn:aws:ec2:*:*:network-interface/*", "Condition": { "StringEquals": { "aws:ResourceTag/AWSDeviceFarmManaged": "true" } } } ] }, "VersionId": "v1" }, "AWSDirectConnectFullAccess": { "PolicyName": "AWSDirectConnectFullAccess", "PolicyId": "ANPAJQF2QKZSK74KTIHOW", "Arn": "arn:aws:iam::aws:policy/AWSDirectConnectFullAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:07+00:00", "UpdateDate": "2019-04-30T15:29:29+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "directconnect:*", "ec2:DescribeVpnGateways", "ec2:DescribeTransitGateways" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AWSDirectConnectReadOnlyAccess": { "PolicyName": "AWSDirectConnectReadOnlyAccess", "PolicyId": "ANPAI23HZ27SI6FQMGNQ2", "Arn": "arn:aws:iam::aws:policy/AWSDirectConnectReadOnlyAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:08+00:00", "UpdateDate": "2020-05-18T18:48:22+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "directconnect:Describe*", "directconnect:List*", "ec2:DescribeVpnGateways", "ec2:DescribeTransitGateways" ], "Resource": "*" } ] }, "VersionId": "v4" }, "AWSDirectConnectServiceRolePolicy": { "PolicyName": "AWSDirectConnectServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4O7743JCTQ", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSDirectConnectServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-01-14T18:35:27+00:00", "UpdateDate": "2021-01-14T18:35:27+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "secretsmanager:DescribeSecret", "secretsmanager:ListSecretVersionIds", "secretsmanager:GetSecretValue" ], "Resource": [ "arn:aws:secretsmanager:*:*:secret:*directconnect*" ] } ] }, "VersionId": "v1" }, "AWSDirectoryServiceFullAccess": { "PolicyName": "AWSDirectoryServiceFullAccess", "PolicyId": "ANPAINAW5ANUWTH3R4ANI", "Arn": "arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess", "Path": "/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:11+00:00", "UpdateDate": "2020-11-24T23:24:10+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ds:*", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:DescribeSecurityGroups", "sns:GetTopicAttributes", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "iam:ListRoles", "organizations:ListAccountsForParent", "organizations:ListRoots", "organizations:ListAccounts", "organizations:DescribeOrganization", "organizations:DescribeAccount", "organizations:ListOrganizationalUnitsForParent", "organizations:ListAWSServiceAccessForOrganization" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "sns:CreateTopic", "sns:DeleteTopic", "sns:SetTopicAttributes", "sns:Subscribe", "sns:Unsubscribe" ], "Effect": "Allow", "Resource": "arn:aws:sns:*:*:DirectoryMonitoring*" }, { "Action": [ "organizations:EnableAWSServiceAccess", "organizations:DisableAWSServiceAccess" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "organizations:ServicePrincipal": "ds.amazonaws.com" } } }, { "Action": [ "ec2:CreateTags", "ec2:DeleteTags" ], "Effect": "Allow", "Resource": [ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*" ] } ] }, "VersionId": "v5" }, "AWSDirectoryServiceReadOnlyAccess": { "PolicyName": "AWSDirectoryServiceReadOnlyAccess", "PolicyId": "ANPAIHWYO6WSDNCG64M2W", "Arn": "arn:aws:iam::aws:policy/AWSDirectoryServiceReadOnlyAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:12+00:00", "UpdateDate": "2018-09-25T21:54:01+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ds:Check*", "ds:Describe*", "ds:Get*", "ds:List*", "ds:Verify*", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "sns:ListTopics", "sns:GetTopicAttributes", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAWSServiceAccessForOrganization" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v4" }, "AWSDiscoveryContinuousExportFirehosePolicy": { "PolicyName": "AWSDiscoveryContinuousExportFirehosePolicy", "PolicyId": "ANPAIX6FHUTEUNXYDFZ7C", "Arn": "arn:aws:iam::aws:policy/AWSDiscoveryContinuousExportFirehosePolicy", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-08-09T18:29:39+00:00", "UpdateDate": "2021-06-08T17:32:46+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "glue:GetTableVersions" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::aws-application-discovery-service-*" ] }, { "Effect": "Allow", "Action": [ "logs:PutLogEvents" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/application-discovery-service/firehose:log-stream:*" ] } ] }, "VersionId": "v2" }, "AWSEC2FleetServiceRolePolicy": { "PolicyName": "AWSEC2FleetServiceRolePolicy", "PolicyId": "ANPAJCL355O4TC27CPKVC", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2FleetServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-03-21T00:08:55+00:00", "UpdateDate": "2020-05-04T20:10:31+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeImages", "ec2:DescribeSubnets", "ec2:RequestSpotInstances", "ec2:DescribeInstanceStatus", "ec2:RunInstances" ], "Resource": [ "*" ] }, { "Sid": "EC2SpotManagement", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "spot.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "ec2.amazonaws.com", "ec2.amazonaws.com.cn" ] } } }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:spot-instances-request/*" ] }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": [ "arn:aws:ec2:*:*:volume/*" ], "Condition": { "StringEquals": { "ec2:CreateAction": "RunInstances" } } }, { "Effect": "Allow", "Action": [ "ec2:TerminateInstances" ], "Resource": "*", "Condition": { "StringLike": { "ec2:ResourceTag/aws:ec2:fleet-id": "*" } } } ] }, "VersionId": "v3" }, "AWSEC2SpotFleetServiceRolePolicy": { "PolicyName": "AWSEC2SpotFleetServiceRolePolicy", "PolicyId": "ANPAILWCVTZD57EMYWMBO", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotFleetServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-10-23T19:13:06+00:00", "UpdateDate": "2020-03-16T19:16:21+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeImages", "ec2:DescribeSubnets", "ec2:RequestSpotInstances", "ec2:DescribeInstanceStatus", "ec2:RunInstances" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "ec2.amazonaws.com", "ec2.amazonaws.com.cn" ] } } }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:spot-instances-request/*", "arn:aws:ec2:*:*:spot-fleet-request/*", "arn:aws:ec2:*:*:volume/*" ] }, { "Effect": "Allow", "Action": [ "ec2:TerminateInstances" ], "Resource": "*", "Condition": { "StringLike": { "ec2:ResourceTag/aws:ec2spot:fleet-request-id": "*" } } }, { "Effect": "Allow", "Action": [ "elasticloadbalancing:RegisterInstancesWithLoadBalancer" ], "Resource": [ "arn:aws:elasticloadbalancing:*:*:loadbalancer/*" ] }, { "Effect": "Allow", "Action": [ "elasticloadbalancing:RegisterTargets" ], "Resource": [ "arn:aws:elasticloadbalancing:*:*:*/*" ] } ] }, "VersionId": "v4" }, "AWSEC2SpotServiceRolePolicy": { "PolicyName": "AWSEC2SpotServiceRolePolicy", "PolicyId": "ANPAIZJJBQNXQYVKTEXGM", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEC2SpotServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-09-18T18:51:54+00:00", "UpdateDate": "2018-12-12T00:13:51+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:RunInstances" ], "Resource": [ "*" ] }, { "Effect": "Deny", "Action": [ "ec2:RunInstances" ], "Resource": [ "arn:aws:ec2:*:*:instance/*" ], "Condition": { "StringNotEquals": { "ec2:InstanceMarketType": "spot" } } }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "ec2.amazonaws.com", "ec2.amazonaws.com.cn" ] } } }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": "*", "Condition": { "StringEquals": { "ec2:CreateAction": "RunInstances" } } } ] }, "VersionId": "v4" }, "AWSElasticBeanstalkCustomPlatformforEC2Role": { "PolicyName": "AWSElasticBeanstalkCustomPlatformforEC2Role", "PolicyId": "ANPAJRVFXSS6LEIQGBKDY", "Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkCustomPlatformforEC2Role", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-02-21T22:50:30+00:00", "UpdateDate": "2017-02-21T22:50:30+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "EC2Access", "Action": [ "ec2:AttachVolume", "ec2:AuthorizeSecurityGroupIngress", "ec2:CopyImage", "ec2:CreateImage", "ec2:CreateKeypair", "ec2:CreateSecurityGroup", "ec2:CreateSnapshot", "ec2:CreateTags", "ec2:CreateVolume", "ec2:DeleteKeypair", "ec2:DeleteSecurityGroup", "ec2:DeleteSnapshot", "ec2:DeleteVolume", "ec2:DeregisterImage", "ec2:DescribeImageAttribute", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeRegions", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVolumes", "ec2:DetachVolume", "ec2:GetPasswordData", "ec2:ModifyImageAttribute", "ec2:ModifyInstanceAttribute", "ec2:ModifySnapshotAttribute", "ec2:RegisterImage", "ec2:RunInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "BucketAccess", "Action": [ "s3:Get*", "s3:List*", "s3:PutObject" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::elasticbeanstalk-*", "arn:aws:s3:::elasticbeanstalk-*/*" ] }, { "Sid": "CloudWatchLogsAccess", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/platform/*" } ] }, "VersionId": "v1" }, "AWSElasticBeanstalkEnhancedHealth": { "PolicyName": "AWSElasticBeanstalkEnhancedHealth", "PolicyId": "ANPAIH5EFJNMOGUUTKLFE", "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkEnhancedHealth", "Path": "/service-role/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-02-08T23:17:27+00:00", "UpdateDate": "2018-04-09T22:12:53+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetHealth", "ec2:DescribeInstances", "ec2:DescribeInstanceStatus", "ec2:GetConsoleOutput", "ec2:AssociateAddress", "ec2:DescribeAddresses", "ec2:DescribeSecurityGroups", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeScalingActivities", "autoscaling:DescribeNotificationConfigurations", "sns:Publish" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "logs:DescribeLogStreams", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*:log-stream:*" } ] }, "VersionId": "v4" }, "AWSElasticBeanstalkMaintenance": { "PolicyName": "AWSElasticBeanstalkMaintenance", "PolicyId": "ANPAJQPH22XGBH2VV2LSW", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkMaintenance", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-01-11T23:22:52+00:00", "UpdateDate": "2019-06-04T17:48:27+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowCloudformationChangeSetOperationsOnElasticBeanstalkStacks", "Effect": "Allow", "Action": [ "cloudformation:CreateChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:ExecuteChangeSet", "cloudformation:DeleteChangeSet", "cloudformation:ListChangeSets", "cloudformation:DescribeStacks" ], "Resource": [ "arn:aws:cloudformation:*:*:stack/awseb-*", "arn:aws:cloudformation:*:*:stack/eb-*" ] }, { "Sid": "AllowElasticBeanstalkStacksUpdateExecuteSuccessfully", "Effect": "Allow", "Action": "elasticloadbalancing:DescribeLoadBalancers", "Resource": "*" } ] }, "VersionId": "v2" }, "AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy": { "PolicyName": "AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy", "PolicyId": "ANPAZKAPJZG4AKB7QD2CZ", "Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-03-03T22:18:00+00:00", "UpdateDate": "2021-06-16T22:40:31+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "ElasticBeanstalkPermissions", "Effect": "Allow", "Action": [ "elasticbeanstalk:*" ], "Resource": "*" }, { "Sid": "AllowPassRoleToElasticBeanstalkAndDownstreamServices", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::*:role/*", "Condition": { "StringEquals": { "iam:PassedToService": [ "elasticbeanstalk.amazonaws.com", "ec2.amazonaws.com", "ec2.amazonaws.com.cn", "autoscaling.amazonaws.com", "elasticloadbalancing.amazonaws.com", "ecs.amazonaws.com", "cloudformation.amazonaws.com" ] } } }, { "Sid": "ReadOnlyPermissions", "Effect": "Allow", "Action": [ "autoscaling:DescribeAccountLimits", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeLoadBalancers", "autoscaling:DescribeNotificationConfigurations", "autoscaling:DescribeScalingActivities", "autoscaling:DescribeScheduledActions", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeImages", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeLaunchTemplates", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeSubnets", "ec2:DescribeVpcClassicLink", "ec2:DescribeVpcs", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "logs:DescribeLogGroups", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeOrderableDBInstanceOptions", "sns:ListSubscriptionsByTopic" ], "Resource": [ "*" ] }, { "Sid": "EC2BroadOperationPermissions", "Effect": "Allow", "Action": [ "ec2:AllocateAddress", "ec2:AssociateAddress", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateLaunchTemplate", "ec2:CreateLaunchTemplateVersion", "ec2:CreateSecurityGroup", "ec2:DeleteLaunchTemplate", "ec2:DeleteLaunchTemplateVersions", "ec2:DeleteSecurityGroup", "ec2:DisassociateAddress", "ec2:ReleaseAddress", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress" ], "Resource": "*" }, { "Sid": "EC2RunInstancesOperationPermissions", "Effect": "Allow", "Action": "ec2:RunInstances", "Resource": "*", "Condition": { "ArnLike": { "ec2:LaunchTemplate": "arn:aws:ec2:*:*:launch-template/*" } } }, { "Sid": "EC2TerminateInstancesOperationPermissions", "Effect": "Allow", "Action": [ "ec2:TerminateInstances" ], "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "StringLike": { "ec2:ResourceTag/aws:cloudformation:stack-id": [ "arn:aws:cloudformation:*:*:stack/awseb-e-*", "arn:aws:cloudformation:*:*:stack/eb-*" ] } } }, { "Sid": "ECSBroadOperationPermissions", "Effect": "Allow", "Action": [ "ecs:CreateCluster", "ecs:DescribeClusters", "ecs:RegisterTaskDefinition" ], "Resource": "*" }, { "Sid": "ECSDeleteClusterOperationPermissions", "Effect": "Allow", "Action": "ecs:DeleteCluster", "Resource": "arn:aws:ecs:*:*:cluster/awseb-*" }, { "Sid": "ASGOperationPermissions", "Effect": "Allow", "Action": [ "autoscaling:AttachInstances", "autoscaling:CreateAutoScalingGroup", "autoscaling:CreateLaunchConfiguration", "autoscaling:DeleteLaunchConfiguration", "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteScheduledAction", "autoscaling:DetachInstances", "autoscaling:DeletePolicy", "autoscaling:PutScalingPolicy", "autoscaling:PutScheduledUpdateGroupAction", "autoscaling:PutNotificationConfiguration", "autoscaling:ResumeProcesses", "autoscaling:SetDesiredCapacity", "autoscaling:SuspendProcesses", "autoscaling:TerminateInstanceInAutoScalingGroup", "autoscaling:UpdateAutoScalingGroup" ], "Resource": [ "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*", "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*", "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*" ] }, { "Sid": "CFNOperationPermissions", "Effect": "Allow", "Action": [ "cloudformation:*" ], "Resource": [ "arn:aws:cloudformation:*:*:stack/awseb-*", "arn:aws:cloudformation:*:*:stack/eb-*" ] }, { "Sid": "ELBOperationPermissions", "Effect": "Allow", "Action": [ "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", "elasticloadbalancing:ConfigureHealthCheck", "elasticloadbalancing:CreateLoadBalancer", "elasticloadbalancing:DeleteLoadBalancer", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:RegisterTargets" ], "Resource": [ "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", "arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/*/awseb-*/*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/*/eb-*/*" ] }, { "Sid": "CWLogsOperationPermissions", "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:DeleteLogGroup", "logs:PutRetentionPolicy" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*" }, { "Sid": "S3ObjectOperationPermissions", "Effect": "Allow", "Action": [ "s3:DeleteObject", "s3:GetObject", "s3:GetObjectAcl", "s3:GetObjectVersion", "s3:GetObjectVersionAcl", "s3:PutObject", "s3:PutObjectAcl", "s3:PutObjectVersionAcl" ], "Resource": "arn:aws:s3:::elasticbeanstalk-*/*" }, { "Sid": "S3BucketOperationPermissions", "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:GetBucketPolicy", "s3:ListBucket", "s3:PutBucketPolicy" ], "Resource": "arn:aws:s3:::elasticbeanstalk-*" }, { "Sid": "SNSOperationPermissions", "Effect": "Allow", "Action": [ "sns:CreateTopic", "sns:GetTopicAttributes", "sns:SetTopicAttributes", "sns:Subscribe" ], "Resource": "arn:aws:sns:*:*:ElasticBeanstalkNotifications-*" }, { "Sid": "SQSOperationPermissions", "Effect": "Allow", "Action": [ "sqs:GetQueueAttributes", "sqs:GetQueueUrl" ], "Resource": [ "arn:aws:sqs:*:*:awseb-e-*", "arn:aws:sqs:*:*:eb-*" ] }, { "Sid": "CWPutMetricAlarmOperationPermissions", "Effect": "Allow", "Action": [ "cloudwatch:PutMetricAlarm" ], "Resource": [ "arn:aws:cloudwatch:*:*:alarm:awseb-*", "arn:aws:cloudwatch:*:*:alarm:eb-*" ] } ] }, "VersionId": "v3" }, "AWSElasticBeanstalkManagedUpdatesServiceRolePolicy": { "PolicyName": "AWSElasticBeanstalkManagedUpdatesServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4HVFNJB4NR", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkManagedUpdatesServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-21T22:35:06+00:00", "UpdateDate": "2020-12-11T18:21:32+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowPassRoleToElasticBeanstalkAndDownstreamServices", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringLikeIfExists": { "iam:PassedToService": [ "elasticbeanstalk.amazonaws.com", "ec2.amazonaws.com", "autoscaling.amazonaws.com", "elasticloadbalancing.amazonaws.com", "ecs.amazonaws.com", "cloudformation.amazonaws.com" ] } } }, { "Sid": "SingleInstanceAPIs", "Effect": "Allow", "Action": [ "ec2:releaseAddress", "ec2:allocateAddress", "ec2:DisassociateAddress", "ec2:AssociateAddress" ], "Resource": "*" }, { "Sid": "ECS", "Effect": "Allow", "Action": [ "ecs:RegisterTaskDefinition", "ecs:DeRegisterTaskDefinition", "ecs:List*", "ecs:Describe*" ], "Resource": "*" }, { "Sid": "ElasticBeanstalkAPIs", "Effect": "Allow", "Action": [ "elasticbeanstalk:*" ], "Resource": "*" }, { "Sid": "ReadOnlyAPIs", "Effect": "Allow", "Action": [ "cloudformation:Describe*", "cloudformation:List*", "ec2:Describe*", "autoscaling:Describe*", "elasticloadbalancing:Describe*", "logs:DescribeLogGroups", "sns:GetTopicAttributes", "sns:ListSubscriptionsByTopic" ], "Resource": "*" }, { "Sid": "ASG", "Effect": "Allow", "Action": [ "autoscaling:AttachInstances", "autoscaling:CreateAutoScalingGroup", "autoscaling:CreateLaunchConfiguration", "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteLaunchConfiguration", "autoscaling:DeleteScheduledAction", "autoscaling:DetachInstances", "autoscaling:PutNotificationConfiguration", "autoscaling:PutScalingPolicy", "autoscaling:PutScheduledUpdateGroupAction", "autoscaling:ResumeProcesses", "autoscaling:SuspendProcesses", "autoscaling:TerminateInstanceInAutoScalingGroup", "autoscaling:UpdateAutoScalingGroup" ], "Resource": [ "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*", "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*", "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*" ] }, { "Sid": "CFN", "Effect": "Allow", "Action": [ "cloudformation:CreateStack", "cloudformation:CancelUpdateStack", "cloudformation:DeleteStack", "cloudformation:GetTemplate", "cloudformation:UpdateStack" ], "Resource": [ "arn:aws:cloudformation:*:*:stack/awseb-e-*", "arn:aws:cloudformation:*:*:stack/eb-*" ] }, { "Sid": "EC2", "Effect": "Allow", "Action": [ "ec2:TerminateInstances" ], "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "StringLike": { "ec2:ResourceTag/aws:cloudformation:stack-id": [ "arn:aws:cloudformation:*:*:stack/awseb-e-*", "arn:aws:cloudformation:*:*:stack/eb-*" ] } } }, { "Sid": "S3Obj", "Effect": "Allow", "Action": [ "s3:DeleteObject", "s3:GetObject", "s3:GetObjectAcl", "s3:GetObjectVersion", "s3:GetObjectVersionAcl", "s3:PutObject", "s3:PutObjectAcl", "s3:PutObjectVersionAcl" ], "Resource": "arn:aws:s3:::elasticbeanstalk-*/*" }, { "Sid": "S3Bucket", "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:GetBucketPolicy", "s3:ListBucket", "s3:PutBucketPolicy" ], "Resource": "arn:aws:s3:::elasticbeanstalk-*" }, { "Sid": "CWL", "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:DeleteLogGroup", "logs:PutRetentionPolicy" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*" }, { "Sid": "ELB", "Effect": "Allow", "Action": [ "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:DeRegisterTargets", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:RegisterInstancesWithLoadBalancer" ], "Resource": [ "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-e-*", "arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*" ] }, { "Sid": "SNS", "Effect": "Allow", "Action": [ "sns:CreateTopic" ], "Resource": "arn:aws:sns:*:*:ElasticBeanstalkNotifications-Environment-*" } ] }, "VersionId": "v5" }, "AWSElasticBeanstalkMulticontainerDocker": { "PolicyName": "AWSElasticBeanstalkMulticontainerDocker", "PolicyId": "ANPAJ45SBYG72SD6SHJEY", "Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-02-08T23:15:29+00:00", "UpdateDate": "2016-06-06T23:45:37+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "ECSAccess", "Effect": "Allow", "Action": [ "ecs:Poll", "ecs:StartTask", "ecs:StopTask", "ecs:DiscoverPollEndpoint", "ecs:StartTelemetrySession", "ecs:RegisterContainerInstance", "ecs:DeregisterContainerInstance", "ecs:DescribeContainerInstances", "ecs:Submit*", "ecs:DescribeTasks" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSElasticBeanstalkReadOnly": { "PolicyName": "AWSElasticBeanstalkReadOnly", "PolicyId": "ANPAZKAPJZG4BYFSOYIWH", "Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkReadOnly", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-01-22T19:02:37+00:00", "UpdateDate": "2021-01-22T19:02:37+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowAPIs", "Effect": "Allow", "Action": [ "acm:ListCertificates", "autoscaling:DescribeAccountLimits", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribePolicies", "autoscaling:DescribeLoadBalancers", "autoscaling:DescribeNotificationConfigurations", "autoscaling:DescribeScalingActivities", "autoscaling:DescribeScheduledActions", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks", "cloudformation:GetTemplate", "cloudformation:ListStackResources", "cloudformation:ListStacks", "cloudformation:ValidateTemplate", "cloudtrail:LookupEvents", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeImages", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstances", "ec2:DescribeInstanceStatus", "ec2:DescribeKeyPairs", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeLaunchTemplates", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeAvailabilityZones", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "elasticbeanstalk:Check*", "elasticbeanstalk:Describe*", "elasticbeanstalk:List*", "elasticbeanstalk:RequestEnvironmentInfo", "elasticbeanstalk:RetrieveEnvironmentInfo", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeSSLPolicies", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "iam:GetRole", "iam:ListAttachedRolePolicies", "iam:ListInstanceProfiles", "iam:ListRolePolicies", "iam:ListRoles", "iam:ListServerCertificates", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribeDBSnapshots", "s3:ListAllMyBuckets", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "sqs:ListQueues" ], "Resource": "*" }, { "Sid": "AllowS3", "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetObjectAcl", "s3:GetObjectVersion", "s3:GetObjectVersionAcl", "s3:GetBucketLocation", "s3:GetBucketPolicy", "s3:ListBucket" ], "Resource": "arn:aws:s3:::elasticbeanstalk-*" } ] }, "VersionId": "v1" }, "AWSElasticBeanstalkRoleCWL": { "PolicyName": "AWSElasticBeanstalkRoleCWL", "PolicyId": "ANPAZKAPJZG4G4S2QMTW3", "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleCWL", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-05T21:49:06+00:00", "UpdateDate": "2020-06-05T21:49:06+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowCWL", "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:DeleteLogGroup", "logs:PutRetentionPolicy" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*" } ] }, "VersionId": "v1" }, "AWSElasticBeanstalkRoleCore": { "PolicyName": "AWSElasticBeanstalkRoleCore", "PolicyId": "ANPAZKAPJZG4OXQ5DMW6K", "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleCore", "Path": "/service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-05T21:48:24+00:00", "UpdateDate": "2020-09-09T20:31:14+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "TerminateInstances", "Effect": "Allow", "Action": [ "ec2:TerminateInstances" ], "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "StringLike": { "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/awseb-e-*" } } }, { "Sid": "EC2", "Effect": "Allow", "Action": [ "ec2:ReleaseAddress", "ec2:AllocateAddress", "ec2:DisassociateAddress", "ec2:AssociateAddress", "ec2:CreateTags", "ec2:DeleteTags", "ec2:CreateSecurityGroup", "ec2:DeleteSecurityGroup", "ec2:AuthorizeSecurityGroup*", "ec2:RevokeSecurityGroup*", "ec2:CreateLaunchTemplate*", "ec2:DeleteLaunchTemplate*" ], "Resource": "*" }, { "Sid": "LTRunInstances", "Effect": "Allow", "Action": "ec2:RunInstances", "Resource": "*", "Condition": { "ArnLike": { "ec2:LaunchTemplate": "arn:aws:ec2:*:*:launch-template/*" } } }, { "Sid": "ASG", "Effect": "Allow", "Action": [ "autoscaling:AttachInstances", "autoscaling:*LoadBalancer*", "autoscaling:*AutoScalingGroup", "autoscaling:*LaunchConfiguration", "autoscaling:DeleteScheduledAction", "autoscaling:DetachInstances", "autoscaling:PutNotificationConfiguration", "autoscaling:PutScalingPolicy", "autoscaling:PutScheduledUpdateGroupAction", "autoscaling:ResumeProcesses", "autoscaling:SuspendProcesses", "autoscaling:*Tags" ], "Resource": [ "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*" ] }, { "Sid": "ASGPolicy", "Effect": "Allow", "Action": [ "autoscaling:DeletePolicy" ], "Resource": [ "*" ] }, { "Sid": "EBSLR", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*" ], "Condition": { "StringLike": { "iam:AWSServiceName": "elasticbeanstalk.amazonaws.com" } } }, { "Sid": "S3Obj", "Effect": "Allow", "Action": [ "s3:Delete*", "s3:Get*", "s3:Put*" ], "Resource": [ "arn:aws:s3:::elasticbeanstalk-*/*", "arn:aws:s3:::elasticbeanstalk-env-resources-*/*" ] }, { "Sid": "S3Bucket", "Effect": "Allow", "Action": [ "s3:GetBucket*", "s3:ListBucket", "s3:PutBucketPolicy" ], "Resource": "arn:aws:s3:::elasticbeanstalk-*" }, { "Sid": "CFN", "Effect": "Allow", "Action": [ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:GetTemplate", "cloudformation:ListStackResources", "cloudformation:UpdateStack", "cloudformation:ContinueUpdateRollback", "cloudformation:CancelUpdateStack" ], "Resource": "arn:aws:cloudformation:*:*:stack/awseb-e-*" }, { "Sid": "CloudWatch", "Effect": "Allow", "Action": [ "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms" ], "Resource": "arn:aws:cloudwatch:*:*:alarm:awseb-*" }, { "Sid": "ELB", "Effect": "Allow", "Action": [ "elasticloadbalancing:Create*", "elasticloadbalancing:Delete*", "elasticloadbalancing:Modify*", "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:DeRegisterTargets", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:*Tags", "elasticloadbalancing:ConfigureHealthCheck", "elasticloadbalancing:SetRulePriorities", "elasticloadbalancing:SetLoadBalancerPoliciesOfListener" ], "Resource": [ "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/awseb-*/*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/awseb-*/*", "arn:aws:elasticloadbalancing:*:*:listener/awseb-*", "arn:aws:elasticloadbalancing:*:*:listener/app/awseb-*", "arn:aws:elasticloadbalancing:*:*:listener/net/awseb-*", "arn:aws:elasticloadbalancing:*:*:listener-rule/app/awseb-*/*/*/*" ] }, { "Sid": "ListAPIs", "Effect": "Allow", "Action": [ "autoscaling:Describe*", "cloudformation:Describe*", "logs:Describe*", "ec2:Describe*", "ecs:Describe*", "ecs:List*", "elasticloadbalancing:Describe*", "rds:Describe*", "sns:List*", "iam:List*", "acm:Describe*", "acm:List*" ], "Resource": "*" }, { "Sid": "AllowPassRole", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::*:role/aws-elasticbeanstalk-*", "Condition": { "StringEquals": { "iam:PassedToService": [ "elasticbeanstalk.amazonaws.com", "ec2.amazonaws.com", "autoscaling.amazonaws.com", "elasticloadbalancing.amazonaws.com", "ecs.amazonaws.com", "cloudformation.amazonaws.com" ] } } } ] }, "VersionId": "v2" }, "AWSElasticBeanstalkRoleECS": { "PolicyName": "AWSElasticBeanstalkRoleECS", "PolicyId": "ANPAZKAPJZG4ORP4E3ZEZ", "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleECS", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-05T21:47:27+00:00", "UpdateDate": "2020-06-05T21:47:27+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowECS", "Effect": "Allow", "Action": [ "ecs:CreateCluster", "ecs:DeleteCluster", "ecs:RegisterTaskDefinition", "ecs:DeRegisterTaskDefinition" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSElasticBeanstalkRoleRDS": { "PolicyName": "AWSElasticBeanstalkRoleRDS", "PolicyId": "ANPAZKAPJZG4G5JWEESE4", "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleRDS", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-05T21:46:55+00:00", "UpdateDate": "2020-06-05T21:46:55+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowRDS", "Effect": "Allow", "Action": [ "rds:CreateDBSecurityGroup", "rds:DeleteDBSecurityGroup", "rds:AuthorizeDBSecurityGroupIngress", "rds:CreateDBInstance", "rds:ModifyDBInstance", "rds:DeleteDBInstance" ], "Resource": [ "arn:aws:rds:*:*:secgrp:awseb-e-*", "arn:aws:rds:*:*:db:*" ] } ] }, "VersionId": "v1" }, "AWSElasticBeanstalkRoleSNS": { "PolicyName": "AWSElasticBeanstalkRoleSNS", "PolicyId": "ANPAZKAPJZG4PARPZJ2UZ", "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleSNS", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-05T21:46:22+00:00", "UpdateDate": "2020-06-05T21:46:22+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowBeanstalkManageSNS", "Effect": "Allow", "Action": [ "sns:CreateTopic", "sns:SetTopicAttributes", "sns:DeleteTopic" ], "Resource": [ "arn:aws:sns:*:*:ElasticBeanstalkNotifications-*" ] }, { "Sid": "AllowSNSPublish", "Effect": "Allow", "Action": [ "sns:GetTopicAttributes", "sns:Subscribe", "sns:Unsubscribe", "sns:Publish" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSElasticBeanstalkRoleWorkerTier": { "PolicyName": "AWSElasticBeanstalkRoleWorkerTier", "PolicyId": "ANPAZKAPJZG4LTO4NS2Z5", "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkRoleWorkerTier", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-05T21:43:37+00:00", "UpdateDate": "2020-06-05T21:43:37+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowSQS", "Effect": "Allow", "Action": [ "sqs:TagQueue", "sqs:DeleteQueue", "sqs:GetQueueAttributes", "sqs:CreateQueue" ], "Resource": "arn:aws:sqs:*:*:awseb-e-*" }, { "Sid": "AllowDDB", "Effect": "Allow", "Action": [ "dynamodb:CreateTable", "dynamodb:TagResource", "dynamodb:DescribeTable", "dynamodb:DeleteTable" ], "Resource": "arn:aws:dynamodb:*:*:table/awseb-e-*" } ] }, "VersionId": "v1" }, "AWSElasticBeanstalkService": { "PolicyName": "AWSElasticBeanstalkService", "PolicyId": "ANPAJKQ5SN74ZQ4WASXBM", "Arn": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService", "Path": "/service-role/", "DefaultVersionId": "v16", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-04-11T20:27:23+00:00", "UpdateDate": "2019-06-14T23:18:46+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowCloudformationOperationsOnElasticBeanstalkStacks", "Effect": "Allow", "Action": [ "cloudformation:*" ], "Resource": [ "arn:aws:cloudformation:*:*:stack/awseb-*", "arn:aws:cloudformation:*:*:stack/eb-*" ] }, { "Sid": "AllowDeleteCloudwatchLogGroups", "Effect": "Allow", "Action": [ "logs:DeleteLogGroup" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*" ] }, { "Sid": "AllowS3OperationsOnElasticBeanstalkBuckets", "Effect": "Allow", "Action": [ "s3:*" ], "Resource": [ "arn:aws:s3:::elasticbeanstalk-*", "arn:aws:s3:::elasticbeanstalk-*/*" ] }, { "Sid": "AllowLaunchTemplateRunInstances", "Effect": "Allow", "Action": "ec2:RunInstances", "Resource": "*", "Condition": { "ArnLike": { "ec2:LaunchTemplate": "arn:aws:ec2:*:*:launch-template/*" } } }, { "Sid": "AllowOperations", "Effect": "Allow", "Action": [ "autoscaling:AttachInstances", "autoscaling:CreateAutoScalingGroup", "autoscaling:CreateLaunchConfiguration", "autoscaling:DeleteLaunchConfiguration", "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteScheduledAction", "autoscaling:DescribeAccountLimits", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeLoadBalancers", "autoscaling:DescribeNotificationConfigurations", "autoscaling:DescribeScalingActivities", "autoscaling:DescribeScheduledActions", "autoscaling:DetachInstances", "autoscaling:DeletePolicy", "autoscaling:PutScalingPolicy", "autoscaling:PutScheduledUpdateGroupAction", "autoscaling:PutNotificationConfiguration", "autoscaling:ResumeProcesses", "autoscaling:SetDesiredCapacity", "autoscaling:SuspendProcesses", "autoscaling:TerminateInstanceInAutoScalingGroup", "autoscaling:UpdateAutoScalingGroup", "cloudwatch:PutMetricAlarm", "ec2:AssociateAddress", "ec2:AllocateAddress", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateLaunchTemplate", "ec2:CreateLaunchTemplateVersion", "ec2:DescribeLaunchTemplates", "ec2:DescribeLaunchTemplateVersions", "ec2:DeleteLaunchTemplate", "ec2:DeleteLaunchTemplateVersions", "ec2:CreateSecurityGroup", "ec2:DeleteSecurityGroup", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeInstanceAttribute", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeVpcClassicLink", "ec2:DisassociateAddress", "ec2:ReleaseAddress", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:TerminateInstances", "ecs:CreateCluster", "ecs:DeleteCluster", "ecs:DescribeClusters", "ecs:RegisterTaskDefinition", "elasticbeanstalk:*", "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", "elasticloadbalancing:ConfigureHealthCheck", "elasticloadbalancing:CreateLoadBalancer", "elasticloadbalancing:DeleteLoadBalancer", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetHealth", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:DeregisterTargets", "iam:ListRoles", "iam:PassRole", "logs:CreateLogGroup", "logs:PutRetentionPolicy", "logs:DescribeLogGroups", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeOrderableDBInstanceOptions", "s3:GetObject", "s3:GetObjectAcl", "s3:ListBucket", "sns:CreateTopic", "sns:GetTopicAttributes", "sns:ListSubscriptionsByTopic", "sns:Subscribe", "sns:SetTopicAttributes", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "codebuild:CreateProject", "codebuild:DeleteProject", "codebuild:BatchGetBuilds", "codebuild:StartBuild" ], "Resource": [ "*" ] } ] }, "VersionId": "v16" }, "AWSElasticBeanstalkServiceRolePolicy": { "PolicyName": "AWSElasticBeanstalkServiceRolePolicy", "PolicyId": "ANPAIID62QSI3OSIPQXTM", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticBeanstalkServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v6", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-09-13T23:46:37+00:00", "UpdateDate": "2019-06-06T21:59:51+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowCloudformationReadOperationsOnElasticBeanstalkStacks", "Effect": "Allow", "Action": [ "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks" ], "Resource": [ "arn:aws:cloudformation:*:*:stack/awseb-*", "arn:aws:cloudformation:*:*:stack/eb-*" ] }, { "Sid": "AllowOperations", "Effect": "Allow", "Action": [ "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeNotificationConfigurations", "autoscaling:DescribeScalingActivities", "autoscaling:PutNotificationConfiguration", "ec2:DescribeInstanceStatus", "ec2:AssociateAddress", "ec2:DescribeAddresses", "ec2:DescribeInstances", "ec2:DescribeSecurityGroups", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetHealth", "elasticloadbalancing:DescribeTargetGroups", "lambda:GetFunction", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sns:Publish" ], "Resource": [ "*" ] }, { "Sid": "AllowOperationsOnHealthStreamingLogs", "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:DeleteLogGroup", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*" } ] }, "VersionId": "v6" }, "AWSElasticBeanstalkWebTier": { "PolicyName": "AWSElasticBeanstalkWebTier", "PolicyId": "ANPAIUF4325SJYOREKW3A", "Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier", "Path": "/", "DefaultVersionId": "v7", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-02-08T23:08:54+00:00", "UpdateDate": "2020-09-09T19:38:36+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "BucketAccess", "Action": [ "s3:Get*", "s3:List*", "s3:PutObject" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::elasticbeanstalk-*", "arn:aws:s3:::elasticbeanstalk-*/*" ] }, { "Sid": "XRayAccess", "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", "xray:GetSamplingRules", "xray:GetSamplingTargets", "xray:GetSamplingStatisticSummaries" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "CloudWatchLogsAccess", "Action": [ "logs:PutLogEvents", "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:DescribeLogGroups" ], "Effect": "Allow", "Resource": [ "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*" ] }, { "Sid": "ElasticBeanstalkHealthAccess", "Action": [ "elasticbeanstalk:PutInstanceStatistics" ], "Effect": "Allow", "Resource": [ "arn:aws:elasticbeanstalk:*:*:application/*", "arn:aws:elasticbeanstalk:*:*:environment/*" ] } ] }, "VersionId": "v7" }, "AWSElasticBeanstalkWorkerTier": { "PolicyName": "AWSElasticBeanstalkWorkerTier", "PolicyId": "ANPAJQDLBRSJVKVF4JMSK", "Arn": "arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier", "Path": "/", "DefaultVersionId": "v6", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-02-08T23:12:02+00:00", "UpdateDate": "2020-09-09T19:53:40+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "MetricsAccess", "Action": [ "cloudwatch:PutMetricData" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "XRayAccess", "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", "xray:GetSamplingRules", "xray:GetSamplingTargets", "xray:GetSamplingStatisticSummaries" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "QueueAccess", "Action": [ "sqs:ChangeMessageVisibility", "sqs:DeleteMessage", "sqs:ReceiveMessage", "sqs:SendMessage" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "BucketAccess", "Action": [ "s3:Get*", "s3:List*", "s3:PutObject" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::elasticbeanstalk-*", "arn:aws:s3:::elasticbeanstalk-*/*" ] }, { "Sid": "DynamoPeriodicTasks", "Action": [ "dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:DeleteItem", "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:UpdateItem" ], "Effect": "Allow", "Resource": [ "arn:aws:dynamodb:*:*:table/*-stack-AWSEBWorkerCronLeaderRegistry*" ] }, { "Sid": "CloudWatchLogsAccess", "Action": [ "logs:PutLogEvents", "logs:CreateLogStream" ], "Effect": "Allow", "Resource": [ "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk*" ] }, { "Sid": "ElasticBeanstalkHealthAccess", "Action": [ "elasticbeanstalk:PutInstanceStatistics" ], "Effect": "Allow", "Resource": [ "arn:aws:elasticbeanstalk:*:*:application/*", "arn:aws:elasticbeanstalk:*:*:environment/*" ] } ] }, "VersionId": "v6" }, "AWSElasticLoadBalancingClassicServiceRolePolicy": { "PolicyName": "AWSElasticLoadBalancingClassicServiceRolePolicy", "PolicyId": "ANPAIUMWW3QP7DPZPNVU4", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticLoadBalancingClassicServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-09-19T22:36:18+00:00", "UpdateDate": "2019-10-07T23:04:27+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeAddresses", "ec2:DescribeInstances", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs", "ec2:DescribeInternetGateways", "ec2:DescribeAccountAttributes", "ec2:DescribeClassicLinkInstances", "ec2:DescribeVpcClassicLink", "ec2:CreateSecurityGroup", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute", "ec2:AuthorizeSecurityGroupIngress", "ec2:AssociateAddress", "ec2:DisassociateAddress", "ec2:AttachNetworkInterface", "ec2:DetachNetworkInterface", "ec2:AssignPrivateIpAddresses", "ec2:AssignIpv6Addresses", "ec2:UnassignIpv6Addresses" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSElasticLoadBalancingServiceRolePolicy": { "PolicyName": "AWSElasticLoadBalancingServiceRolePolicy", "PolicyId": "ANPAIMHWGGSRHLOQUICJQ", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSElasticLoadBalancingServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v6", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-09-19T22:19:04+00:00", "UpdateDate": "2020-05-19T16:40:28+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeAddresses", "ec2:DescribeCoipPools", "ec2:DescribeInstances", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs", "ec2:DescribeInternetGateways", "ec2:DescribeAccountAttributes", "ec2:DescribeClassicLinkInstances", "ec2:DescribeVpcClassicLink", "ec2:CreateSecurityGroup", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:GetCoipPoolUsage", "ec2:ModifyNetworkInterfaceAttribute", "ec2:AllocateAddress", "ec2:AuthorizeSecurityGroupIngress", "ec2:AssociateAddress", "ec2:DisassociateAddress", "ec2:AttachNetworkInterface", "ec2:DetachNetworkInterface", "ec2:AssignPrivateIpAddresses", "ec2:AssignIpv6Addresses", "ec2:ReleaseAddress", "ec2:UnassignIpv6Addresses", "logs:CreateLogDelivery", "logs:GetLogDelivery", "logs:UpdateLogDelivery", "logs:DeleteLogDelivery", "logs:ListLogDeliveries", "outposts:GetOutpostInstanceTypes" ], "Resource": "*" } ] }, "VersionId": "v6" }, "AWSElementalMediaConvertFullAccess": { "PolicyName": "AWSElementalMediaConvertFullAccess", "PolicyId": "ANPAIXDREOCL6LV7RBJWC", "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaConvertFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-06-25T19:25:35+00:00", "UpdateDate": "2019-06-10T22:52:25+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "mediaconvert:*", "s3:ListAllMyBuckets", "s3:ListBucket" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringLike": { "iam:PassedToService": [ "mediaconvert.amazonaws.com" ] } } } ] }, "VersionId": "v2" }, "AWSElementalMediaConvertReadOnly": { "PolicyName": "AWSElementalMediaConvertReadOnly", "PolicyId": "ANPAJSXYOBSLJN3JEDO42", "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaConvertReadOnly", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-06-25T19:25:14+00:00", "UpdateDate": "2019-06-10T22:52:18+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "mediaconvert:Get*", "mediaconvert:List*", "mediaconvert:DescribeEndpoints", "s3:ListAllMyBuckets", "s3:ListBucket" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSElementalMediaLiveFullAccess": { "PolicyName": "AWSElementalMediaLiveFullAccess", "PolicyId": "ANPAZKAPJZG4K5KSJBKUE", "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaLiveFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-07-08T17:07:14+00:00", "UpdateDate": "2020-07-08T17:07:14+00:00", "Document": { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": "medialive:*", "Resource": "*" } }, "VersionId": "v1" }, "AWSElementalMediaLiveReadOnly": { "PolicyName": "AWSElementalMediaLiveReadOnly", "PolicyId": "ANPAZKAPJZG4L7DTGZPRO", "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaLiveReadOnly", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-07-08T16:38:07+00:00", "UpdateDate": "2020-07-08T16:38:07+00:00", "Document": { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": [ "medialive:List*", "medialive:Describe*" ], "Resource": "*" } }, "VersionId": "v1" }, "AWSElementalMediaPackageFullAccess": { "PolicyName": "AWSElementalMediaPackageFullAccess", "PolicyId": "ANPAIYI6IYR3JRFAVNQHC", "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaPackageFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-12-29T23:39:52+00:00", "UpdateDate": "2017-12-29T23:39:52+00:00", "Document": { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": "mediapackage:*", "Resource": "*" } }, "VersionId": "v1" }, "AWSElementalMediaPackageReadOnly": { "PolicyName": "AWSElementalMediaPackageReadOnly", "PolicyId": "ANPAJ42DVTPUHKXNYZQCO", "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaPackageReadOnly", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-12-30T00:04:29+00:00", "UpdateDate": "2017-12-30T00:04:29+00:00", "Document": { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": [ "mediapackage:List*", "mediapackage:Describe*" ], "Resource": "*" } }, "VersionId": "v1" }, "AWSElementalMediaStoreFullAccess": { "PolicyName": "AWSElementalMediaStoreFullAccess", "PolicyId": "ANPAJZFYFW2QXSNK7OH6Y", "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaStoreFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-03-05T23:15:31+00:00", "UpdateDate": "2018-03-05T23:15:31+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "mediastore:*" ], "Effect": "Allow", "Resource": "*", "Condition": { "Bool": { "aws:SecureTransport": "true" } } } ] }, "VersionId": "v1" }, "AWSElementalMediaStoreReadOnly": { "PolicyName": "AWSElementalMediaStoreReadOnly", "PolicyId": "ANPAI4EFXRATQYOFTAEFM", "Arn": "arn:aws:iam::aws:policy/AWSElementalMediaStoreReadOnly", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-03-08T19:48:22+00:00", "UpdateDate": "2018-03-08T19:48:22+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "mediastore:Get*", "mediastore:List*", "mediastore:Describe*" ], "Effect": "Allow", "Resource": "*", "Condition": { "Bool": { "aws:SecureTransport": "true" } } } ] }, "VersionId": "v1" }, "AWSEnhancedClassicNetworkingMangementPolicy": { "PolicyName": "AWSEnhancedClassicNetworkingMangementPolicy", "PolicyId": "ANPAI7T4V2HZTS72QVO52", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSEnhancedClassicNetworkingMangementPolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-09-20T17:29:09+00:00", "UpdateDate": "2017-09-20T17:29:09+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ec2:DescribeInstances", "ec2:DescribeSecurityGroups" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSFMAdminFullAccess": { "PolicyName": "AWSFMAdminFullAccess", "PolicyId": "ANPAJLAGM5X6WSNPF4EAQ", "Arn": "arn:aws:iam::aws:policy/AWSFMAdminFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-05-09T18:06:18+00:00", "UpdateDate": "2018-05-09T18:06:18+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "fms:*", "waf:*", "waf-regional:*", "elasticloadbalancing:SetWebACL", "organizations:DescribeOrganization" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSFMAdminReadOnlyAccess": { "PolicyName": "AWSFMAdminReadOnlyAccess", "PolicyId": "ANPAJA3UKVVBN62QFIKLW", "Arn": "arn:aws:iam::aws:policy/AWSFMAdminReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-05-09T20:07:39+00:00", "UpdateDate": "2018-05-09T20:07:39+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "fms:Get*", "fms:List*", "waf:Get*", "waf:List*", "waf-regional:Get*", "waf-regional:List*", "organizations:DescribeOrganization" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSFMMemberReadOnlyAccess": { "PolicyName": "AWSFMMemberReadOnlyAccess", "PolicyId": "ANPAIB2IVAQ4XXNHHA3DW", "Arn": "arn:aws:iam::aws:policy/AWSFMMemberReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-05-09T21:05:29+00:00", "UpdateDate": "2018-05-09T21:05:29+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "fms:GetAdminAccount", "waf:Get*", "waf:List*", "waf-regional:Get*", "waf-regional:List*", "organizations:DescribeOrganization" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSForWordPressPluginPolicy": { "PolicyName": "AWSForWordPressPluginPolicy", "PolicyId": "ANPAZKAPJZG4KEKYXDWNJ", "Arn": "arn:aws:iam::aws:policy/AWSForWordPressPluginPolicy", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-10-30T00:27:46+00:00", "UpdateDate": "2020-01-20T23:20:47+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "Permissions1", "Effect": "Allow", "Action": [ "polly:SynthesizeSpeech", "polly:DescribeVoices", "translate:TranslateText" ], "Resource": "*" }, { "Sid": "Permissions2", "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetBucketAcl", "s3:GetBucketPolicy", "s3:PutObject", "s3:DeleteObject", "s3:CreateBucket", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::audio_for_wordpress*", "arn:aws:s3:::audio-for-wordpress*" ] }, { "Sid": "Permissions3", "Effect": "Allow", "Action": [ "acm:AddTagsToCertificate", "acm:DescribeCertificate", "acm:RequestCertificate", "cloudformation:CreateStack", "cloudfront:ListDistributions" ], "Resource": "*", "Condition": { "StringEquals": { "aws:RequestedRegion": "us-east-1" } } }, { "Sid": "Permissions4", "Effect": "Allow", "Action": [ "acm:DeleteCertificate", "cloudformation:DeleteStack", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResources", "cloudformation:UpdateStack", "cloudfront:CreateDistribution", "cloudfront:CreateInvalidation", "cloudfront:DeleteDistribution", "cloudfront:GetDistribution", "cloudfront:GetInvalidation", "cloudfront:TagResource", "cloudfront:UpdateDistribution" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/createdBy": "AWSForWordPressPlugin" } } } ] }, "VersionId": "v2" }, "AWSGlobalAcceleratorSLRPolicy": { "PolicyName": "AWSGlobalAcceleratorSLRPolicy", "PolicyId": "ANPAZKAPJZG4EJ5ZEQR2C", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSGlobalAcceleratorSLRPolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-04-05T19:39:13+00:00", "UpdateDate": "2021-05-19T17:10:49+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeSubnets", "ec2:DescribeRegions", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DeleteNetworkInterface" ], "Resource": "*" }, { "Effect": "Allow", "Action": "ec2:DeleteSecurityGroup", "Resource": "*", "Condition": { "StringEquals": { "ec2:ResourceTag/AWSServiceName": "GlobalAccelerator" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateSecurityGroup", "ec2:DescribeSecurityGroups" ], "Resource": "*" }, { "Effect": "Allow", "Action": "elasticloadbalancing:DescribeLoadBalancers", "Resource": "*" }, { "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": [ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:network-interface/*" ] } ] }, "VersionId": "v5" }, "AWSGlueConsoleFullAccess": { "PolicyName": "AWSGlueConsoleFullAccess", "PolicyId": "ANPAJNZGDEOD7MISOVSVI", "Arn": "arn:aws:iam::aws:policy/AWSGlueConsoleFullAccess", "Path": "/", "DefaultVersionId": "v12", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-08-14T13:37:39+00:00", "UpdateDate": "2019-02-11T19:49:01+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "glue:*", "redshift:DescribeClusters", "redshift:DescribeClusterSubnetGroups", "iam:ListRoles", "iam:ListUsers", "iam:ListGroups", "iam:ListRolePolicies", "iam:GetRole", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcEndpoints", "ec2:DescribeRouteTables", "ec2:DescribeVpcAttribute", "ec2:DescribeKeyPairs", "ec2:DescribeInstances", "ec2:DescribeImages", "rds:DescribeDBInstances", "rds:DescribeDBClusters", "rds:DescribeDBSubnetGroups", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:GetBucketAcl", "s3:GetBucketLocation", "cloudformation:DescribeStacks", "cloudformation:GetTemplateSummary", "dynamodb:ListTables", "kms:ListAliases", "kms:DescribeKey", "cloudwatch:GetMetricData", "cloudwatch:ListDashboards" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::aws-glue-*/*", "arn:aws:s3:::*/*aws-glue-*/*", "arn:aws:s3:::aws-glue-*" ] }, { "Effect": "Allow", "Action": [ "tag:GetResources" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "s3:CreateBucket" ], "Resource": [ "arn:aws:s3:::aws-glue-*" ] }, { "Effect": "Allow", "Action": [ "logs:GetLogEvents" ], "Resource": [ "arn:aws:logs:*:*:/aws-glue/*" ] }, { "Effect": "Allow", "Action": [ "cloudformation:CreateStack", "cloudformation:DeleteStack" ], "Resource": "arn:aws:cloudformation:*:*:stack/aws-glue*/*" }, { "Effect": "Allow", "Action": [ "ec2:RunInstances" ], "Resource": [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:key-pair/*", "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:volume/*" ] }, { "Effect": "Allow", "Action": [ "ec2:TerminateInstances", "ec2:CreateTags", "ec2:DeleteTags" ], "Resource": [ "arn:aws:ec2:*:*:instance/*" ], "Condition": { "StringLike": { "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/aws-glue-*/*" }, "StringEquals": { "ec2:ResourceTag/aws:cloudformation:logical-id": "ZeppelinInstance" } } }, { "Action": [ "iam:PassRole" ], "Effect": "Allow", "Resource": "arn:aws:iam::*:role/AWSGlueServiceRole*", "Condition": { "StringLike": { "iam:PassedToService": [ "glue.amazonaws.com" ] } } }, { "Action": [ "iam:PassRole" ], "Effect": "Allow", "Resource": "arn:aws:iam::*:role/AWSGlueServiceNotebookRole*", "Condition": { "StringLike": { "iam:PassedToService": [ "ec2.amazonaws.com" ] } } }, { "Action": [ "iam:PassRole" ], "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/service-role/AWSGlueServiceRole*" ], "Condition": { "StringLike": { "iam:PassedToService": [ "glue.amazonaws.com" ] } } } ] }, "VersionId": "v12" }, "AWSGlueConsoleSageMakerNotebookFullAccess": { "PolicyName": "AWSGlueConsoleSageMakerNotebookFullAccess", "PolicyId": "ANPAJELFOHJC42QS3ZSYY", "Arn": "arn:aws:iam::aws:policy/AWSGlueConsoleSageMakerNotebookFullAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-10-05T17:52:35+00:00", "UpdateDate": "2021-07-15T15:24:19+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "glue:*", "redshift:DescribeClusters", "redshift:DescribeClusterSubnetGroups", "iam:ListRoles", "iam:ListRolePolicies", "iam:GetRole", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcEndpoints", "ec2:DescribeRouteTables", "ec2:DescribeVpcAttribute", "ec2:DescribeKeyPairs", "ec2:DescribeInstances", "ec2:DescribeImages", "ec2:CreateNetworkInterface", "ec2:AttachNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DeleteNetworkInterface", "ec2:DescribeAvailabilityZones", "ec2:DescribeInternetGateways", "ec2:DescribeNetworkInterfaces", "rds:DescribeDBInstances", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:GetBucketAcl", "s3:GetBucketLocation", "cloudformation:DescribeStacks", "cloudformation:GetTemplateSummary", "dynamodb:ListTables", "kms:ListAliases", "kms:DescribeKey", "sagemaker:ListNotebookInstances", "cloudformation:ListStacks", "cloudwatch:GetMetricData", "cloudwatch:ListDashboards" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::*/*aws-glue-*/*", "arn:aws:s3:::aws-glue-*" ] }, { "Effect": "Allow", "Action": [ "s3:CreateBucket" ], "Resource": [ "arn:aws:s3:::aws-glue-*" ] }, { "Effect": "Allow", "Action": [ "logs:GetLogEvents" ], "Resource": [ "arn:aws:logs:*:*:/aws-glue/*" ] }, { "Effect": "Allow", "Action": [ "cloudformation:CreateStack", "cloudformation:DeleteStack" ], "Resource": "arn:aws:cloudformation:*:*:stack/aws-glue*/*" }, { "Effect": "Allow", "Action": [ "sagemaker:CreatePresignedNotebookInstanceUrl", "sagemaker:CreateNotebookInstance", "sagemaker:DeleteNotebookInstance", "sagemaker:DescribeNotebookInstance", "sagemaker:StartNotebookInstance", "sagemaker:StopNotebookInstance", "sagemaker:UpdateNotebookInstance", "sagemaker:ListTags" ], "Resource": "arn:aws:sagemaker:*:*:notebook-instance/aws-glue-*" }, { "Effect": "Allow", "Action": [ "sagemaker:DescribeNotebookInstanceLifecycleConfig", "sagemaker:CreateNotebookInstanceLifecycleConfig", "sagemaker:DeleteNotebookInstanceLifecycleConfig", "sagemaker:ListNotebookInstanceLifecycleConfigs" ], "Resource": "arn:aws:sagemaker:*:*:notebook-instance-lifecycle-config/aws-glue-*" }, { "Effect": "Allow", "Action": [ "ec2:RunInstances" ], "Resource": [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:key-pair/*", "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:volume/*" ] }, { "Effect": "Allow", "Action": [ "ec2:TerminateInstances", "ec2:CreateTags", "ec2:DeleteTags" ], "Resource": [ "arn:aws:ec2:*:*:instance/*" ], "Condition": { "StringLike": { "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/aws-glue-*/*" }, "StringEquals": { "ec2:ResourceTag/aws:cloudformation:logical-id": "ZeppelinInstance" } } }, { "Effect": "Allow", "Action": [ "tag:GetResources" ], "Resource": [ "*" ], "Condition": { "ForAllValues:StringLike": { "aws:TagKeys": [ "aws-glue-*" ] } } }, { "Action": [ "iam:PassRole" ], "Effect": "Allow", "Resource": "arn:aws:iam::*:role/AWSGlueServiceRole*", "Condition": { "StringLike": { "iam:PassedToService": [ "glue.amazonaws.com" ] } } }, { "Action": [ "iam:PassRole" ], "Effect": "Allow", "Resource": "arn:aws:iam::*:role/AWSGlueServiceNotebookRole*", "Condition": { "StringLike": { "iam:PassedToService": [ "ec2.amazonaws.com" ] } } }, { "Action": [ "iam:PassRole" ], "Effect": "Allow", "Resource": "arn:aws:iam::*:role/AWSGlueServiceSageMakerNotebookRole*", "Condition": { "StringLike": { "iam:PassedToService": [ "sagemaker.amazonaws.com" ] } } }, { "Action": [ "iam:PassRole" ], "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/service-role/AWSGlueServiceRole*" ], "Condition": { "StringLike": { "iam:PassedToService": [ "glue.amazonaws.com" ] } } } ] }, "VersionId": "v3" }, "AWSGlueDataBrewServiceRole": { "PolicyName": "AWSGlueDataBrewServiceRole", "PolicyId": "ANPAZKAPJZG4HSXDEANHC", "Arn": "arn:aws:iam::aws:policy/service-role/AWSGlueDataBrewServiceRole", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-04T21:26:50+00:00", "UpdateDate": "2020-12-04T21:26:50+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "glue:GetDatabases", "glue:GetPartitions", "glue:GetTable", "glue:GetTables", "glue:GetConnection" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::databrew-public-datasets-*" ] }, { "Effect": "Allow", "Action": [ "ec2:DescribeVpcEndpoints", "ec2:DescribeRouteTables", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:CreateNetworkInterface" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": "ec2:DeleteNetworkInterface", "Condition": { "StringLike": { "aws:ResourceTag/aws-glue-service-resource": "*" } }, "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ec2:CreateTags", "ec2:DeleteTags" ], "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": [ "aws-glue-service-resource" ] } }, "Resource": [ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*" ] }, { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws-glue-databrew/*" ] }, { "Effect": "Allow", "Action": [ "lakeformation:GetDataAccess" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSGlueSchemaRegistryFullAccess": { "PolicyName": "AWSGlueSchemaRegistryFullAccess", "PolicyId": "ANPAZKAPJZG4H2OHGXA4A", "Arn": "arn:aws:iam::aws:policy/AWSGlueSchemaRegistryFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-11-20T00:19:00+00:00", "UpdateDate": "2020-11-20T00:19:00+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AWSGlueSchemaRegistryFullAccess", "Effect": "Allow", "Action": [ "glue:CreateRegistry", "glue:UpdateRegistry", "glue:DeleteRegistry", "glue:GetRegistry", "glue:ListRegistries", "glue:CreateSchema", "glue:UpdateSchema", "glue:DeleteSchema", "glue:GetSchema", "glue:ListSchemas", "glue:RegisterSchemaVersion", "glue:DeleteSchemaVersions", "glue:GetSchemaByDefinition", "glue:GetSchemaVersion", "glue:GetSchemaVersionsDiff", "glue:ListSchemaVersions", "glue:CheckSchemaVersionValidity", "glue:PutSchemaVersionMetadata", "glue:RemoveSchemaVersionMetadata", "glue:QuerySchemaVersionMetadata" ], "Resource": [ "*" ] }, { "Sid": "AWSGlueSchemaRegistryTagsFullAccess", "Effect": "Allow", "Action": [ "glue:GetTags", "glue:TagResource", "glue:UnTagResource" ], "Resource": [ "arn:aws:glue:*:*:schema/*", "arn:aws:glue:*:*:registry/*" ] } ] }, "VersionId": "v1" }, "AWSGlueSchemaRegistryReadonlyAccess": { "PolicyName": "AWSGlueSchemaRegistryReadonlyAccess", "PolicyId": "ANPAZKAPJZG4B2SFYL4LZ", "Arn": "arn:aws:iam::aws:policy/AWSGlueSchemaRegistryReadonlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-11-20T00:20:06+00:00", "UpdateDate": "2020-11-20T00:20:06+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AWSGlueSchemaRegistryReadonlyAccess", "Effect": "Allow", "Action": [ "glue:GetRegistry", "glue:ListRegistries", "glue:GetSchema", "glue:ListSchemas", "glue:GetSchemaByDefinition", "glue:GetSchemaVersion", "glue:ListSchemaVersions", "glue:GetSchemaVersionsDiff", "glue:CheckSchemaVersionValidity", "glue:QuerySchemaVersionMetadata", "glue:GetTags" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSGlueServiceNotebookRole": { "PolicyName": "AWSGlueServiceNotebookRole", "PolicyId": "ANPAIMRC6VZUHJYCTKWFI", "Arn": "arn:aws:iam::aws:policy/service-role/AWSGlueServiceNotebookRole", "Path": "/service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-08-14T13:37:42+00:00", "UpdateDate": "2019-10-07T18:05:54+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "glue:CreateDatabase", "glue:CreatePartition", "glue:CreateTable", "glue:DeleteDatabase", "glue:DeletePartition", "glue:DeleteTable", "glue:GetDatabase", "glue:GetDatabases", "glue:GetPartition", "glue:GetPartitions", "glue:GetTable", "glue:GetTableVersions", "glue:GetTables", "glue:UpdateDatabase", "glue:UpdatePartition", "glue:UpdateTable", "glue:CreateConnection", "glue:CreateJob", "glue:DeleteConnection", "glue:DeleteJob", "glue:GetConnection", "glue:GetConnections", "glue:GetDevEndpoint", "glue:GetDevEndpoints", "glue:GetJob", "glue:GetJobs", "glue:UpdateJob", "glue:BatchDeleteConnection", "glue:UpdateConnection", "glue:GetUserDefinedFunction", "glue:UpdateUserDefinedFunction", "glue:GetUserDefinedFunctions", "glue:DeleteUserDefinedFunction", "glue:CreateUserDefinedFunction", "glue:BatchGetPartition", "glue:BatchDeletePartition", "glue:BatchCreatePartition", "glue:BatchDeleteTable", "glue:UpdateDevEndpoint", "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets", "s3:GetBucketAcl" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::crawler-public*", "arn:aws:s3:::aws-glue*" ] }, { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::aws-glue*" ] }, { "Effect": "Allow", "Action": [ "ec2:CreateTags", "ec2:DeleteTags" ], "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": [ "aws-glue-service-resource" ] } }, "Resource": [ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:instance/*" ] } ] }, "VersionId": "v3" }, "AWSGlueServiceRole": { "PolicyName": "AWSGlueServiceRole", "PolicyId": "ANPAIRUJCPEBPMEZFAS32", "Arn": "arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole", "Path": "/service-role/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-08-14T13:37:21+00:00", "UpdateDate": "2018-06-25T18:23:09+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "glue:*", "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets", "s3:GetBucketAcl", "ec2:DescribeVpcEndpoints", "ec2:DescribeRouteTables", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "iam:ListRolePolicies", "iam:GetRole", "iam:GetRolePolicy", "cloudwatch:PutMetricData" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "s3:CreateBucket" ], "Resource": [ "arn:aws:s3:::aws-glue-*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::aws-glue-*/*", "arn:aws:s3:::*/*aws-glue-*/*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::crawler-public*", "arn:aws:s3:::aws-glue-*" ] }, { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ "arn:aws:logs:*:*:/aws-glue/*" ] }, { "Effect": "Allow", "Action": [ "ec2:CreateTags", "ec2:DeleteTags" ], "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": [ "aws-glue-service-resource" ] } }, "Resource": [ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:instance/*" ] } ] }, "VersionId": "v4" }, "AWSGrafanaAccountAdministrator": { "PolicyName": "AWSGrafanaAccountAdministrator", "PolicyId": "ANPAZKAPJZG4KHVCM25DH", "Arn": "arn:aws:iam::aws:policy/AWSGrafanaAccountAdministrator", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-02-23T00:20:38+00:00", "UpdateDate": "2021-02-23T00:20:38+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AWSGrafanaOrganizationAdmin", "Effect": "Allow", "Action": [ "iam:ListRoles" ], "Resource": "*" }, { "Sid": "GrafanaIAMGetRolePermission", "Effect": "Allow", "Action": "iam:GetRole", "Resource": "arn:aws:iam::*:role/*" }, { "Sid": "AWSGrafanaPermissions", "Effect": "Allow", "Action": [ "grafana:*" ], "Resource": "arn:aws:grafana:*:*:/workspaces*" }, { "Sid": "GrafanaIAMPassRolePermission", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::*:role/*", "Condition": { "StringLike": { "iam:PassedToService": "grafana.amazonaws.com" } } }, { "Sid": "SSOSLRPermission", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "sso.amazonaws.com" } }, "Resource": "arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO" } ] }, "VersionId": "v1" }, "AWSGrafanaConsoleReadOnlyAccess": { "PolicyName": "AWSGrafanaConsoleReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4OHSWBMKNF", "Arn": "arn:aws:iam::aws:policy/AWSGrafanaConsoleReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-02-23T00:10:40+00:00", "UpdateDate": "2021-02-23T00:10:40+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AWSGrafanaConsoleReadOnlyAccess", "Effect": "Allow", "Action": [ "grafana:DescribeWorkspace", "grafana:ListPermissions", "grafana:ListWorkspaces" ], "Resource": "arn:aws:grafana:*:*:/workspaces*" } ] }, "VersionId": "v1" }, "AWSGrafanaWorkspacePermissionManagement": { "PolicyName": "AWSGrafanaWorkspacePermissionManagement", "PolicyId": "ANPAZKAPJZG4G37QQNGZW", "Arn": "arn:aws:iam::aws:policy/AWSGrafanaWorkspacePermissionManagement", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-02-23T00:15:54+00:00", "UpdateDate": "2021-02-23T00:15:54+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AWSGrafanaPermissions", "Effect": "Allow", "Action": [ "grafana:DescribeWorkspace", "grafana:UpdatePermissions", "grafana:ListPermissions", "grafana:ListWorkspaces" ], "Resource": "arn:aws:grafana:*:*:/workspaces*" } ] }, "VersionId": "v1" }, "AWSGreengrassFullAccess": { "PolicyName": "AWSGreengrassFullAccess", "PolicyId": "ANPAJWPV6OBK4QONH4J3O", "Arn": "arn:aws:iam::aws:policy/AWSGreengrassFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-05-03T00:47:37+00:00", "UpdateDate": "2017-05-03T00:47:37+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "greengrass:*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSGreengrassReadOnlyAccess": { "PolicyName": "AWSGreengrassReadOnlyAccess", "PolicyId": "ANPAJLSKLXFVTQTZ5GY3I", "Arn": "arn:aws:iam::aws:policy/AWSGreengrassReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-10-30T16:01:43+00:00", "UpdateDate": "2018-10-30T16:01:43+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "greengrass:List*", "greengrass:Get*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSGreengrassResourceAccessRolePolicy": { "PolicyName": "AWSGreengrassResourceAccessRolePolicy", "PolicyId": "ANPAJPKEIMB6YMXDEVRTM", "Arn": "arn:aws:iam::aws:policy/service-role/AWSGreengrassResourceAccessRolePolicy", "Path": "/service-role/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-02-14T21:17:24+00:00", "UpdateDate": "2018-11-14T00:35:02+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowGreengrassAccessToShadows", "Action": [ "iot:DeleteThingShadow", "iot:GetThingShadow", "iot:UpdateThingShadow" ], "Effect": "Allow", "Resource": [ "arn:aws:iot:*:*:thing/GG_*", "arn:aws:iot:*:*:thing/*-gcm", "arn:aws:iot:*:*:thing/*-gda", "arn:aws:iot:*:*:thing/*-gci" ] }, { "Sid": "AllowGreengrassToDescribeThings", "Action": [ "iot:DescribeThing" ], "Effect": "Allow", "Resource": "arn:aws:iot:*:*:thing/*" }, { "Sid": "AllowGreengrassToDescribeCertificates", "Action": [ "iot:DescribeCertificate" ], "Effect": "Allow", "Resource": "arn:aws:iot:*:*:cert/*" }, { "Sid": "AllowGreengrassToCallGreengrassServices", "Action": [ "greengrass:*" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "AllowGreengrassToGetLambdaFunctions", "Action": [ "lambda:GetFunction", "lambda:GetFunctionConfiguration" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "AllowGreengrassToGetGreengrassSecrets", "Action": [ "secretsmanager:GetSecretValue" ], "Effect": "Allow", "Resource": "arn:aws:secretsmanager:*:*:secret:greengrass-*" }, { "Sid": "AllowGreengrassAccessToS3Objects", "Action": [ "s3:GetObject" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::*Greengrass*", "arn:aws:s3:::*GreenGrass*", "arn:aws:s3:::*greengrass*", "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*sagemaker*" ] }, { "Sid": "AllowGreengrassAccessToS3BucketLocation", "Action": [ "s3:GetBucketLocation" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "AllowGreengrassAccessToSageMakerTrainingJobs", "Action": [ "sagemaker:DescribeTrainingJob" ], "Effect": "Allow", "Resource": [ "arn:aws:sagemaker:*:*:training-job/*" ] } ] }, "VersionId": "v5" }, "AWSHealthFullAccess": { "PolicyName": "AWSHealthFullAccess", "PolicyId": "ANPAI3CUMPCPEUPCSXC4Y", "Arn": "arn:aws:iam::aws:policy/AWSHealthFullAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-12-06T12:30:31+00:00", "UpdateDate": "2020-11-16T18:11:34+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "organizations:EnableAWSServiceAccess", "organizations:DisableAWSServiceAccess" ], "Resource": "*", "Condition": { "StringEquals": { "organizations:ServicePrincipal": "health.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "health:*", "organizations:ListAccounts", "organizations:ListParents", "organizations:DescribeAccount", "organizations:ListDelegatedAdministrators" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "health.amazonaws.com" } } } ] }, "VersionId": "v3" }, "AWSIQContractServiceRolePolicy": { "PolicyName": "AWSIQContractServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4E26ATDUIP", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSIQContractServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-08-22T19:28:39+00:00", "UpdateDate": "2019-08-22T19:28:39+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "aws-marketplace:Subscribe" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSIQFullAccess": { "PolicyName": "AWSIQFullAccess", "PolicyId": "ANPAZKAPJZG4P4TAHETXT", "Arn": "arn:aws:iam::aws:policy/AWSIQFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-04-04T23:13:42+00:00", "UpdateDate": "2019-09-25T20:22:34+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "iq:*", "iq-permission:*" ], "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "permission.iq.amazonaws.com", "contract.iq.amazonaws.com" ] } } } ] }, "VersionId": "v2" }, "AWSIQPermissionServiceRolePolicy": { "PolicyName": "AWSIQPermissionServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4J77DMGFZ5", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSIQPermissionServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-08-22T19:36:29+00:00", "UpdateDate": "2019-08-22T19:36:29+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:DeleteRole", "iam:ListAttachedRolePolicies" ], "Resource": "arn:aws:iam::*:role/AWSIQPermission-*" }, { "Effect": "Allow", "Action": [ "iam:AttachRolePolicy" ], "Resource": "arn:aws:iam::*:role/AWSIQPermission-*", "Condition": { "ArnEquals": { "iam:PolicyARN": "arn:aws:iam::aws:policy/AWSDenyAll" } } }, { "Effect": "Allow", "Action": [ "iam:DetachRolePolicy" ], "Resource": "arn:aws:iam::*:role/AWSIQPermission-*" } ] }, "VersionId": "v1" }, "AWSImageBuilderFullAccess": { "PolicyName": "AWSImageBuilderFullAccess", "PolicyId": "ANPAZKAPJZG4EO4HCSNZH", "Arn": "arn:aws:iam::aws:policy/AWSImageBuilderFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-20T18:25:12+00:00", "UpdateDate": "2021-04-13T17:33:42+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "imagebuilder:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "sns:ListTopics" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": "arn:aws:sns:*:*:*imagebuilder*" }, { "Effect": "Allow", "Action": [ "license-manager:ListLicenseConfigurations", "license-manager:ListLicenseSpecificationsForResource" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:GetRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder" }, { "Effect": "Allow", "Action": [ "iam:GetInstanceProfile" ], "Resource": "arn:aws:iam::*:instance-profile/*imagebuilder*" }, { "Effect": "Allow", "Action": [ "iam:ListInstanceProfiles", "iam:ListRoles" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": [ "arn:aws:iam::*:instance-profile/*imagebuilder*", "arn:aws:iam::*:role/*imagebuilder*" ], "Condition": { "StringEquals": { "iam:PassedToService": "ec2.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:GetBucketLocation" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": "arn:aws:s3::*:*imagebuilder*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder", "Condition": { "StringLike": { "iam:AWSServiceName": "imagebuilder.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "ec2:DescribeImages", "ec2:DescribeSnapshots", "ec2:DescribeVpcs", "ec2:DescribeRegions", "ec2:DescribeVolumes", "ec2:DescribeSubnets", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeLaunchTemplates" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSImageBuilderReadOnlyAccess": { "PolicyName": "AWSImageBuilderReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4OD5TC5BXP", "Arn": "arn:aws:iam::aws:policy/AWSImageBuilderReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-19T22:29:23+00:00", "UpdateDate": "2019-12-19T22:29:23+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "imagebuilder:Get*", "imagebuilder:List*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:GetRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/imagebuilder.amazonaws.com/AWSServiceRoleForImageBuilder" } ] }, "VersionId": "v1" }, "AWSImportExportFullAccess": { "PolicyName": "AWSImportExportFullAccess", "PolicyId": "ANPAJCQCT4JGTLC6722MQ", "Arn": "arn:aws:iam::aws:policy/AWSImportExportFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:43+00:00", "UpdateDate": "2015-02-06T18:40:43+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "importexport:*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSImportExportReadOnlyAccess": { "PolicyName": "AWSImportExportReadOnlyAccess", "PolicyId": "ANPAJNTV4OG52ESYZHCNK", "Arn": "arn:aws:iam::aws:policy/AWSImportExportReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:42+00:00", "UpdateDate": "2015-02-06T18:40:42+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "importexport:ListJobs", "importexport:GetStatus" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSIncidentManagerResolverAccess": { "PolicyName": "AWSIncidentManagerResolverAccess", "PolicyId": "ANPAZKAPJZG4EQ4SDPENY", "Arn": "arn:aws:iam::aws:policy/AWSIncidentManagerResolverAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-05-10T06:12:34+00:00", "UpdateDate": "2021-05-10T06:12:34+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "StartIncidentPermissions", "Effect": "Allow", "Action": [ "ssm-incidents:StartIncident" ], "Resource": "*" }, { "Sid": "ResponsePlanReadOnlyPermissions", "Effect": "Allow", "Action": [ "ssm-incidents:ListResponsePlans", "ssm-incidents:GetResponsePlan" ], "Resource": "*" }, { "Sid": "IncidentRecordResolverPermissions", "Effect": "Allow", "Action": [ "ssm-incidents:ListIncidentRecords", "ssm-incidents:GetIncidentRecord", "ssm-incidents:UpdateIncidentRecord", "ssm-incidents:ListTimelineEvents", "ssm-incidents:CreateTimelineEvent", "ssm-incidents:GetTimelineEvent", "ssm-incidents:UpdateTimelineEvent", "ssm-incidents:DeleteTimelineEvent", "ssm-incidents:ListRelatedItems", "ssm-incidents:UpdateRelatedItems" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSIncidentManagerServiceRolePolicy": { "PolicyName": "AWSIncidentManagerServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4INCMTEIEV", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSIncidentManagerServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-05-10T03:34:45+00:00", "UpdateDate": "2021-05-10T03:34:45+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "UpdateIncidentRecordPermissions", "Effect": "Allow", "Action": [ "ssm-incidents:ListIncidentRecords", "ssm-incidents:CreateTimelineEvent" ], "Resource": "*" }, { "Sid": "RelatedOpsItemPermissions", "Effect": "Allow", "Action": [ "ssm:CreateOpsItem", "ssm:AssociateOpsItemRelatedItem" ], "Resource": "*" }, { "Sid": "IncidentEngagementPermissions", "Effect": "Allow", "Action": "ssm-contacts:StartEngagement", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSIoT1ClickFullAccess": { "PolicyName": "AWSIoT1ClickFullAccess", "PolicyId": "ANPAJPQNJPDUDESCCAMIA", "Arn": "arn:aws:iam::aws:policy/AWSIoT1ClickFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-05-11T22:10:14+00:00", "UpdateDate": "2018-05-11T22:10:14+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "iot1click:*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSIoT1ClickReadOnlyAccess": { "PolicyName": "AWSIoT1ClickReadOnlyAccess", "PolicyId": "ANPAI35VTLD3EBNY2JGXS", "Arn": "arn:aws:iam::aws:policy/AWSIoT1ClickReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-05-11T21:49:24+00:00", "UpdateDate": "2018-05-11T21:49:24+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "iot1click:Describe*", "iot1click:Get*", "iot1click:List*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSIoTAnalyticsFullAccess": { "PolicyName": "AWSIoTAnalyticsFullAccess", "PolicyId": "ANPAJ7FB5ZEKQN445QGKY", "Arn": "arn:aws:iam::aws:policy/AWSIoTAnalyticsFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-06-18T23:02:45+00:00", "UpdateDate": "2018-06-18T23:02:45+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iotanalytics:*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSIoTAnalyticsReadOnlyAccess": { "PolicyName": "AWSIoTAnalyticsReadOnlyAccess", "PolicyId": "ANPAJ3Z4LYBELMXGFLGMI", "Arn": "arn:aws:iam::aws:policy/AWSIoTAnalyticsReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-06-18T21:37:49+00:00", "UpdateDate": "2018-06-18T21:37:49+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iotanalytics:Describe*", "iotanalytics:List*", "iotanalytics:Get*", "iotanalytics:SampleChannelData" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSIoTConfigAccess": { "PolicyName": "AWSIoTConfigAccess", "PolicyId": "ANPAIWWGD4LM4EMXNRL7I", "Arn": "arn:aws:iam::aws:policy/AWSIoTConfigAccess", "Path": "/", "DefaultVersionId": "v9", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-10-27T21:52:07+00:00", "UpdateDate": "2019-09-27T20:48:00+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:AcceptCertificateTransfer", "iot:AddThingToThingGroup", "iot:AssociateTargetsWithJob", "iot:AttachPolicy", "iot:AttachPrincipalPolicy", "iot:AttachThingPrincipal", "iot:CancelCertificateTransfer", "iot:CancelJob", "iot:CancelJobExecution", "iot:ClearDefaultAuthorizer", "iot:CreateAuthorizer", "iot:CreateCertificateFromCsr", "iot:CreateJob", "iot:CreateKeysAndCertificate", "iot:CreateOTAUpdate", "iot:CreatePolicy", "iot:CreatePolicyVersion", "iot:CreateRoleAlias", "iot:CreateStream", "iot:CreateThing", "iot:CreateThingGroup", "iot:CreateThingType", "iot:CreateTopicRule", "iot:DeleteAuthorizer", "iot:DeleteCACertificate", "iot:DeleteCertificate", "iot:DeleteJob", "iot:DeleteJobExecution", "iot:DeleteOTAUpdate", "iot:DeletePolicy", "iot:DeletePolicyVersion", "iot:DeleteRegistrationCode", "iot:DeleteRoleAlias", "iot:DeleteStream", "iot:DeleteThing", "iot:DeleteThingGroup", "iot:DeleteThingType", "iot:DeleteTopicRule", "iot:DeleteV2LoggingLevel", "iot:DeprecateThingType", "iot:DescribeAuthorizer", "iot:DescribeCACertificate", "iot:DescribeCertificate", "iot:DescribeDefaultAuthorizer", "iot:DescribeEndpoint", "iot:DescribeEventConfigurations", "iot:DescribeIndex", "iot:DescribeJob", "iot:DescribeJobExecution", "iot:DescribeRoleAlias", "iot:DescribeStream", "iot:DescribeThing", "iot:DescribeThingGroup", "iot:DescribeThingRegistrationTask", "iot:DescribeThingType", "iot:DetachPolicy", "iot:DetachPrincipalPolicy", "iot:DetachThingPrincipal", "iot:DisableTopicRule", "iot:EnableTopicRule", "iot:GetEffectivePolicies", "iot:GetIndexingConfiguration", "iot:GetJobDocument", "iot:GetLoggingOptions", "iot:GetOTAUpdate", "iot:GetPolicy", "iot:GetPolicyVersion", "iot:GetRegistrationCode", "iot:GetTopicRule", "iot:GetV2LoggingOptions", "iot:ListAttachedPolicies", "iot:ListAuthorizers", "iot:ListCACertificates", "iot:ListCertificates", "iot:ListCertificatesByCA", "iot:ListIndices", "iot:ListJobExecutionsForJob", "iot:ListJobExecutionsForThing", "iot:ListJobs", "iot:ListOTAUpdates", "iot:ListOutgoingCertificates", "iot:ListPolicies", "iot:ListPolicyPrincipals", "iot:ListPolicyVersions", "iot:ListPrincipalPolicies", "iot:ListPrincipalThings", "iot:ListRoleAliases", "iot:ListStreams", "iot:ListTargetsForPolicy", "iot:ListThingGroups", "iot:ListThingGroupsForThing", "iot:ListThingPrincipals", "iot:ListThingRegistrationTaskReports", "iot:ListThingRegistrationTasks", "iot:ListThings", "iot:ListThingsInThingGroup", "iot:ListThingTypes", "iot:ListTopicRules", "iot:ListV2LoggingLevels", "iot:RegisterCACertificate", "iot:RegisterCertificate", "iot:RegisterThing", "iot:RejectCertificateTransfer", "iot:RemoveThingFromThingGroup", "iot:ReplaceTopicRule", "iot:SearchIndex", "iot:SetDefaultAuthorizer", "iot:SetDefaultPolicyVersion", "iot:SetLoggingOptions", "iot:SetV2LoggingLevel", "iot:SetV2LoggingOptions", "iot:StartThingRegistrationTask", "iot:StopThingRegistrationTask", "iot:TestAuthorization", "iot:TestInvokeAuthorizer", "iot:TransferCertificate", "iot:UpdateAuthorizer", "iot:UpdateCACertificate", "iot:UpdateCertificate", "iot:UpdateEventConfigurations", "iot:UpdateIndexingConfiguration", "iot:UpdateRoleAlias", "iot:UpdateStream", "iot:UpdateThing", "iot:UpdateThingGroup", "iot:UpdateThingGroupsForThing", "iot:UpdateAccountAuditConfiguration", "iot:DescribeAccountAuditConfiguration", "iot:DeleteAccountAuditConfiguration", "iot:StartOnDemandAuditTask", "iot:CancelAuditTask", "iot:DescribeAuditTask", "iot:ListAuditTasks", "iot:CreateScheduledAudit", "iot:UpdateScheduledAudit", "iot:DeleteScheduledAudit", "iot:DescribeScheduledAudit", "iot:ListScheduledAudits", "iot:ListAuditFindings", "iot:CreateSecurityProfile", "iot:DescribeSecurityProfile", "iot:UpdateSecurityProfile", "iot:DeleteSecurityProfile", "iot:AttachSecurityProfile", "iot:DetachSecurityProfile", "iot:ListSecurityProfiles", "iot:ListSecurityProfilesForTarget", "iot:ListTargetsForSecurityProfile", "iot:ListActiveViolations", "iot:ListViolationEvents", "iot:ValidateSecurityProfileBehaviors" ], "Resource": "*" } ] }, "VersionId": "v9" }, "AWSIoTConfigReadOnlyAccess": { "PolicyName": "AWSIoTConfigReadOnlyAccess", "PolicyId": "ANPAJHENEMXGX4XMFOIOI", "Arn": "arn:aws:iam::aws:policy/AWSIoTConfigReadOnlyAccess", "Path": "/", "DefaultVersionId": "v8", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-10-27T21:52:31+00:00", "UpdateDate": "2019-09-27T20:52:40+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:DescribeAuthorizer", "iot:DescribeCACertificate", "iot:DescribeCertificate", "iot:DescribeDefaultAuthorizer", "iot:DescribeEndpoint", "iot:DescribeEventConfigurations", "iot:DescribeIndex", "iot:DescribeJob", "iot:DescribeJobExecution", "iot:DescribeRoleAlias", "iot:DescribeStream", "iot:DescribeThing", "iot:DescribeThingGroup", "iot:DescribeThingRegistrationTask", "iot:DescribeThingType", "iot:GetEffectivePolicies", "iot:GetIndexingConfiguration", "iot:GetJobDocument", "iot:GetLoggingOptions", "iot:GetOTAUpdate", "iot:GetPolicy", "iot:GetPolicyVersion", "iot:GetRegistrationCode", "iot:GetTopicRule", "iot:GetV2LoggingOptions", "iot:ListAttachedPolicies", "iot:ListAuthorizers", "iot:ListCACertificates", "iot:ListCertificates", "iot:ListCertificatesByCA", "iot:ListIndices", "iot:ListJobExecutionsForJob", "iot:ListJobExecutionsForThing", "iot:ListJobs", "iot:ListOTAUpdates", "iot:ListOutgoingCertificates", "iot:ListPolicies", "iot:ListPolicyPrincipals", "iot:ListPolicyVersions", "iot:ListPrincipalPolicies", "iot:ListPrincipalThings", "iot:ListRoleAliases", "iot:ListStreams", "iot:ListTargetsForPolicy", "iot:ListThingGroups", "iot:ListThingGroupsForThing", "iot:ListThingPrincipals", "iot:ListThingRegistrationTaskReports", "iot:ListThingRegistrationTasks", "iot:ListThings", "iot:ListThingsInThingGroup", "iot:ListThingTypes", "iot:ListTopicRules", "iot:ListV2LoggingLevels", "iot:SearchIndex", "iot:TestAuthorization", "iot:TestInvokeAuthorizer", "iot:DescribeAccountAuditConfiguration", "iot:DescribeAuditTask", "iot:ListAuditTasks", "iot:DescribeScheduledAudit", "iot:ListScheduledAudits", "iot:ListAuditFindings", "iot:DescribeSecurityProfile", "iot:ListSecurityProfiles", "iot:ListSecurityProfilesForTarget", "iot:ListTargetsForSecurityProfile", "iot:ListActiveViolations", "iot:ListViolationEvents", "iot:ValidateSecurityProfileBehaviors" ], "Resource": "*" } ] }, "VersionId": "v8" }, "AWSIoTDataAccess": { "PolicyName": "AWSIoTDataAccess", "PolicyId": "ANPAJM2KI2UJDR24XPS2K", "Arn": "arn:aws:iam::aws:policy/AWSIoTDataAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-10-27T21:51:18+00:00", "UpdateDate": "2021-06-23T21:34:47+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Connect", "iot:Publish", "iot:Subscribe", "iot:Receive", "iot:GetThingShadow", "iot:UpdateThingShadow", "iot:DeleteThingShadow", "iot:ListNamedShadowsForThing" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction": { "PolicyName": "AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction", "PolicyId": "ANPAZKAPJZG4HEHG3RV6B", "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderAddThingsToThingGroupMitigationAction", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-08-07T17:55:37+00:00", "UpdateDate": "2019-08-07T17:55:37+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:ListPrincipalThings", "iot:AddThingToThingGroup" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSIoTDeviceDefenderAudit": { "PolicyName": "AWSIoTDeviceDefenderAudit", "PolicyId": "ANPAJKUN6OAGIHZ66TRKO", "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderAudit", "Path": "/service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-07-18T21:17:40+00:00", "UpdateDate": "2019-11-25T23:52:43+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:GetLoggingOptions", "iot:GetV2LoggingOptions", "iot:ListCACertificates", "iot:ListCertificates", "iot:DescribeCACertificate", "iot:DescribeCertificate", "iot:ListPolicies", "iot:GetPolicy", "iot:GetEffectivePolicies", "iot:ListRoleAliases", "iot:DescribeRoleAlias", "cognito-identity:GetIdentityPoolRoles", "iam:ListRolePolicies", "iam:ListAttachedRolePolicies", "iam:GetRole", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRolePolicy", "iam:GenerateServiceLastAccessedDetails", "iam:GetServiceLastAccessedDetails" ], "Resource": [ "*" ] } ] }, "VersionId": "v3" }, "AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction": { "PolicyName": "AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction", "PolicyId": "ANPAZKAPJZG4G34KP2NLZ", "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderEnableIoTLoggingMitigationAction", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-08-07T17:04:07+00:00", "UpdateDate": "2019-08-07T17:04:07+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:SetV2LoggingOptions" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "iot.amazonaws.com" ] } } } ] }, "VersionId": "v1" }, "AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction": { "PolicyName": "AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction", "PolicyId": "ANPAZKAPJZG4GZL2FL6JV", "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderPublishFindingsToSNSMitigationAction", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-08-07T17:04:37+00:00", "UpdateDate": "2019-08-07T17:04:37+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction": { "PolicyName": "AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction", "PolicyId": "ANPAZKAPJZG4HN4VCIBCR", "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderReplaceDefaultPolicyMitigationAction", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-08-07T17:04:57+00:00", "UpdateDate": "2019-08-07T17:04:57+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:CreatePolicyVersion" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSIoTDeviceDefenderUpdateCACertMitigationAction": { "PolicyName": "AWSIoTDeviceDefenderUpdateCACertMitigationAction", "PolicyId": "ANPAZKAPJZG4KLBGET6KX", "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderUpdateCACertMitigationAction", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-08-07T17:05:49+00:00", "UpdateDate": "2019-08-07T17:05:49+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:UpdateCACertificate" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction": { "PolicyName": "AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction", "PolicyId": "ANPAZKAPJZG4KB4AHFGEB", "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTDeviceDefenderUpdateDeviceCertMitigationAction", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-08-07T17:06:00+00:00", "UpdateDate": "2019-08-07T17:06:00+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:UpdateCertificate" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSIoTDeviceTesterForFreeRTOSFullAccess": { "PolicyName": "AWSIoTDeviceTesterForFreeRTOSFullAccess", "PolicyId": "ANPAZKAPJZG4ADNJ2YUUH", "Arn": "arn:aws:iam::aws:policy/AWSIoTDeviceTesterForFreeRTOSFullAccess", "Path": "/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-02-12T20:33:53+00:00", "UpdateDate": "2020-12-15T18:03:46+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::*:role/idt-*", "Condition": { "StringEquals": { "iam:PassedToService": "iot.amazonaws.com" } } }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "iot:DeleteThing", "iot:AttachThingPrincipal", "iot:DeleteCertificate", "iot:GetRegistrationCode", "iot:CreatePolicy", "iot:UpdateCACertificate", "s3:ListBucket", "iot:DescribeEndpoint", "iot:CreateOTAUpdate", "iot:CreateStream", "signer:ListSigningJobs", "acm:ListCertificates", "iot:CreateKeysAndCertificate", "iot:UpdateCertificate", "iot:CreateCertificateFromCsr", "iot:DetachThingPrincipal", "iot:RegisterCACertificate", "iot:CreateThing", "freertos:ListHardwarePlatforms", "iam:ListRoles", "iot:RegisterCertificate", "iot:DeleteCACertificate", "signer:PutSigningProfile", "s3:ListAllMyBuckets", "signer:ListSigningPlatforms", "iot-device-tester:SendMetrics", "iot-device-tester:SupportedVersion", "iot-device-tester:LatestIdt", "iot-device-tester:CheckVersion", "iot-device-tester:DownloadTestSuite" ], "Resource": "*" }, { "Sid": "VisualEditor2", "Effect": "Allow", "Action": [ "iam:GetRole", "signer:StartSigningJob", "acm:GetCertificate", "signer:DescribeSigningJob", "s3:CreateBucket", "execute-api:Invoke", "s3:DeleteBucket", "s3:PutBucketVersioning", "signer:CancelSigningProfile" ], "Resource": [ "arn:aws:execute-api:us-east-1:098862408343:9xpmnvs5h4/prod/POST/metrics", "arn:aws:signer:*:*:/signing-profiles/*", "arn:aws:signer:*:*:/signing-jobs/*", "arn:aws:iam::*:role/idt-*", "arn:aws:acm:*:*:certificate/*", "arn:aws:s3:::idt-*", "arn:aws:s3:::afr-ota*" ] }, { "Sid": "VisualEditor3", "Effect": "Allow", "Action": [ "iot:DeleteStream", "iot:DeleteCertificate", "iot:AttachPolicy", "iot:DetachPolicy", "iot:DeletePolicy", "s3:ListBucketVersions", "iot:UpdateCertificate", "iot:GetOTAUpdate", "iot:DeleteOTAUpdate", "iot:DescribeJobExecution" ], "Resource": [ "arn:aws:s3:::afr-ota*", "arn:aws:iot:*:*:thinggroup/idt*", "arn:aws:iam::*:role/idt-*" ] }, { "Sid": "VisualEditor4", "Effect": "Allow", "Action": [ "iot:DeleteCertificate", "iot:AttachPolicy", "iot:DetachPolicy", "s3:DeleteObjectVersion", "iot:DeleteOTAUpdate", "s3:PutObject", "s3:GetObject", "iot:DeleteStream", "iot:DeletePolicy", "s3:DeleteObject", "iot:UpdateCertificate", "iot:GetOTAUpdate", "s3:GetObjectVersion", "iot:DescribeJobExecution" ], "Resource": [ "arn:aws:s3:::afr-ota*/*", "arn:aws:s3:::idt-*/*", "arn:aws:iot:*:*:policy/idt*", "arn:aws:iam::*:role/idt-*", "arn:aws:iot:*:*:otaupdate/idt*", "arn:aws:iot:*:*:thing/idt*", "arn:aws:iot:*:*:cert/*", "arn:aws:iot:*:*:job/*", "arn:aws:iot:*:*:stream/*" ] }, { "Sid": "VisualEditor5", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::afr-ota*/*", "arn:aws:s3:::idt-*/*" ] }, { "Sid": "VisualEditor6", "Effect": "Allow", "Action": [ "iot:CancelJobExecution" ], "Resource": [ "arn:aws:iot:*:*:job/*", "arn:aws:iot:*:*:thing/idt*" ] }, { "Sid": "VisualEditor7", "Effect": "Allow", "Action": [ "ec2:TerminateInstances" ], "Resource": [ "arn:aws:ec2:*:*:instance/*" ], "Condition": { "StringEquals": { "ec2:ResourceTag/Owner": "IoTDeviceTester" } } }, { "Sid": "VisualEditor8", "Effect": "Allow", "Action": [ "ec2:AuthorizeSecurityGroupIngress", "ec2:DeleteSecurityGroup" ], "Resource": [ "arn:aws:ec2:*:*:security-group/*" ], "Condition": { "StringEquals": { "ec2:ResourceTag/Owner": "IoTDeviceTester" } } }, { "Sid": "VisualEditor9", "Effect": "Allow", "Action": [ "ec2:RunInstances" ], "Resource": [ "arn:aws:ec2:*:*:instance/*" ], "Condition": { "StringEquals": { "aws:RequestTag/Owner": "IoTDeviceTester" } } }, { "Sid": "VisualEditor10", "Effect": "Allow", "Action": [ "ec2:RunInstances" ], "Resource": [ "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:key-pair/*", "arn:aws:ec2:*:*:placement-group/*", "arn:aws:ec2:*:*:snapshot/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:subnet/*" ] }, { "Sid": "VisualEditor11", "Effect": "Allow", "Action": [ "ec2:CreateSecurityGroup" ], "Resource": [ "arn:aws:ec2:*:*:security-group/*" ], "Condition": { "StringEquals": { "aws:RequestTag/Owner": "IoTDeviceTester" } } }, { "Sid": "VisualEditor12", "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:DescribeSecurityGroups", "ssm:DescribeParameters", "ssm:GetParameters" ], "Resource": "*" }, { "Sid": "VisualEditor13", "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": [ "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:instance/*" ], "Condition": { "ForAnyValue:StringEquals": { "ec2:CreateAction": [ "RunInstances", "CreateSecurityGroup" ], "aws:TagKeys": [ "Owner" ] } } } ] }, "VersionId": "v5" }, "AWSIoTDeviceTesterForGreengrassFullAccess": { "PolicyName": "AWSIoTDeviceTesterForGreengrassFullAccess", "PolicyId": "ANPAZKAPJZG4ORKVZSPY7", "Arn": "arn:aws:iam::aws:policy/AWSIoTDeviceTesterForGreengrassFullAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-02-20T21:21:27+00:00", "UpdateDate": "2020-06-25T17:01:56+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor1", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::*:role/idt-*", "Condition": { "StringEquals": { "iam:PassedToService": [ "iot.amazonaws.com", "lambda.amazonaws.com", "greengrass.amazonaws.com" ] } } }, { "Sid": "VisualEditor2", "Effect": "Allow", "Action": [ "lambda:CreateFunction", "iot:DeleteCertificate", "lambda:DeleteFunction", "execute-api:Invoke", "iot:UpdateCertificate" ], "Resource": [ "arn:aws:execute-api:us-east-1:098862408343:9xpmnvs5h4/prod/POST/metrics", "arn:aws:lambda:*:*:function:idt-*", "arn:aws:iot:*:*:cert/*" ] }, { "Sid": "VisualEditor3", "Effect": "Allow", "Action": [ "iot:CreateThing", "iot:DeleteThing" ], "Resource": [ "arn:aws:iot:*:*:thing/idt-*", "arn:aws:iot:*:*:cert/*" ] }, { "Sid": "VisualEditor4", "Effect": "Allow", "Action": [ "iot:AttachPolicy", "iot:DetachPolicy", "iot:DeletePolicy" ], "Resource": [ "arn:aws:iot:*:*:policy/idt-*", "arn:aws:iot:*:*:cert/*" ] }, { "Sid": "VisualEditor5", "Effect": "Allow", "Action": [ "iot:CreateJob", "iot:DescribeJob", "iot:DescribeJobExecution", "iot:DeleteJob" ], "Resource": [ "arn:aws:iot:*:*:thing/idt-*", "arn:aws:iot:*:*:job/*" ] }, { "Sid": "VisualEditor6", "Effect": "Allow", "Action": [ "iot:DescribeEndpoint", "greengrass:*", "iam:ListAttachedRolePolicies", "iot:CreatePolicy", "iot:GetThingShadow", "iot:CreateKeysAndCertificate", "iot:ListThings", "iot:UpdateThingShadow", "iot:CreateCertificateFromCsr", "iot-device-tester:SendMetrics", "iot-device-tester:SupportedVersion", "iot-device-tester:LatestIdt", "iot-device-tester:CheckVersion", "iot-device-tester:DownloadTestSuite" ], "Resource": "*" }, { "Sid": "VisualEditor7", "Effect": "Allow", "Action": [ "iot:DetachThingPrincipal", "iot:AttachThingPrincipal" ], "Resource": [ "arn:aws:iot:*:*:thing/idt-*", "arn:aws:iot:*:*:cert/*" ] }, { "Sid": "VisualEditor8", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:DeleteObjectVersion", "s3:ListBucketVersions", "s3:CreateBucket", "s3:DeleteObject", "s3:DeleteBucket" ], "Resource": "arn:aws:s3:::idt*" } ] }, "VersionId": "v4" }, "AWSIoTEventsFullAccess": { "PolicyName": "AWSIoTEventsFullAccess", "PolicyId": "ANPAJGA726P7LVUWJZ2LM", "Arn": "arn:aws:iam::aws:policy/AWSIoTEventsFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-01-10T22:51:57+00:00", "UpdateDate": "2019-01-10T22:51:57+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iotevents:*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSIoTEventsReadOnlyAccess": { "PolicyName": "AWSIoTEventsReadOnlyAccess", "PolicyId": "ANPAJYJFNAR7CN5JW52PG", "Arn": "arn:aws:iam::aws:policy/AWSIoTEventsReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-01-10T22:50:08+00:00", "UpdateDate": "2019-09-23T17:22:04+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iotevents:Describe*", "iotevents:List*" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSIoTFleetHubFederationAccess": { "PolicyName": "AWSIoTFleetHubFederationAccess", "PolicyId": "ANPAZKAPJZG4H4EGQA254", "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTFleetHubFederationAccess", "Path": "/service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-15T08:08:05+00:00", "UpdateDate": "2021-05-24T14:12:59+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:DescribeIndex", "iot:DescribeThingGroup", "iot:GetBucketsAggregation", "iot:GetCardinality", "iot:GetIndexingConfiguration", "iot:GetPercentiles", "iot:GetStatistics", "iot:SearchIndex", "iot:CreateFleetMetric", "iot:ListFleetMetrics", "iot:DeleteFleetMetric", "iot:DescribeFleetMetric", "iot:UpdateFleetMetric", "iot:ListThingGroups", "iot:ListThingsInThingGroup", "iot:ListJobTemplates", "iot:DescribeJobTemplate", "iot:ListJobs", "iot:CreateJob", "iot:CancelJob", "iot:DescribeJob", "iot:ListJobExecutionsForJob", "iot:ListJobExecutionsForThing", "iot:DescribeJobExecution", "iotfleethub:DescribeApplication", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "cloudwatch:ListMetrics", "sns:ListTopics" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "sns:CreateTopic", "sns:DeleteTopic", "sns:ListSubscriptionsByTopic", "sns:Subscribe", "sns:Unsubscribe" ], "Resource": "arn:aws:sns:*:*:iotfleethub*" }, { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarmHistory" ], "Resource": "arn:aws:cloudwatch:*:*:iotfleethub*" } ] }, "VersionId": "v3" }, "AWSIoTFullAccess": { "PolicyName": "AWSIoTFullAccess", "PolicyId": "ANPAJU2FPGG6PQWN72V2G", "Arn": "arn:aws:iam::aws:policy/AWSIoTFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-10-08T15:19:49+00:00", "UpdateDate": "2015-10-08T15:19:49+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSIoTLogging": { "PolicyName": "AWSIoTLogging", "PolicyId": "ANPAI6R6Z2FHHGS454W7W", "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTLogging", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-10-08T15:17:25+00:00", "UpdateDate": "2015-10-08T15:17:25+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:PutMetricFilter", "logs:PutRetentionPolicy", "logs:GetLogEvents", "logs:DeleteLogStream" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSIoTOTAUpdate": { "PolicyName": "AWSIoTOTAUpdate", "PolicyId": "ANPAJLJYWX53STBZFPUEY", "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTOTAUpdate", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-12-20T20:36:53+00:00", "UpdateDate": "2017-12-20T20:36:53+00:00", "Document": { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": [ "iot:CreateJob", "signer:DescribeSigningJob" ], "Resource": "*" } }, "VersionId": "v1" }, "AWSIoTRuleActions": { "PolicyName": "AWSIoTRuleActions", "PolicyId": "ANPAJEZ6FS7BUZVUHMOKY", "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTRuleActions", "Path": "/service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-10-08T15:14:51+00:00", "UpdateDate": "2018-01-16T19:28:19+00:00", "Document": { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": [ "dynamodb:PutItem", "kinesis:PutRecord", "iot:Publish", "s3:PutObject", "sns:Publish", "sqs:SendMessage*", "cloudwatch:SetAlarmState", "cloudwatch:PutMetricData", "es:ESHttpPut", "firehose:PutRecord" ], "Resource": "*" } }, "VersionId": "v2" }, "AWSIoTSiteWiseConsoleFullAccess": { "PolicyName": "AWSIoTSiteWiseConsoleFullAccess", "PolicyId": "ANPAZKAPJZG4K7KP5VA7F", "Arn": "arn:aws:iam::aws:policy/AWSIoTSiteWiseConsoleFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-05-31T21:37:49+00:00", "UpdateDate": "2019-05-31T21:37:49+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": "iotsitewise:*", "Effect": "Allow", "Resource": "*" }, { "Action": [ "iotanalytics:List*", "iotanalytics:Describe*", "iotanalytics:Create*" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "iot:DescribeEndpoint", "iot:GetThingShadow" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "greengrass:GetGroup", "greengrass:GetGroupVersion", "greengrass:GetCoreDefinitionVersion", "greengrass:ListGroups" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "secretsmanager:ListSecrets", "secretsmanager:CreateSecret" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "secretsmanager:UpdateSecret" ], "Effect": "Allow", "Resource": "arn:aws:secretsmanager:*:*:secret:greengrass-*" }, { "Action": [ "tag:GetResources" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "iam:CreateServiceLinkedRole" ], "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/iotsitewise.amazonaws.com/AWSServiceRoleForIoTSiteWise*", "Condition": { "StringEquals": { "iam:AWSServiceName": "iotsitewise.amazonaws.com" } } }, { "Action": [ "iam:PassRole" ], "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/iotsitewise.amazonaws.com/AWSServiceRoleForIoTSiteWise*", "Condition": { "StringEquals": { "iam:PassedToService": "iotsitewise.amazonaws.com" } } } ] }, "VersionId": "v1" }, "AWSIoTSiteWiseFullAccess": { "PolicyName": "AWSIoTSiteWiseFullAccess", "PolicyId": "ANPAILUK3XBM6TZ5Q3PX2", "Arn": "arn:aws:iam::aws:policy/AWSIoTSiteWiseFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-12-04T20:53:39+00:00", "UpdateDate": "2018-12-04T20:53:39+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iotsitewise:*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSIoTSiteWiseMonitorPortalAccess": { "PolicyName": "AWSIoTSiteWiseMonitorPortalAccess", "PolicyId": "ANPAZKAPJZG4E6CZDALWJ", "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTSiteWiseMonitorPortalAccess", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-05-19T20:01:21+00:00", "UpdateDate": "2020-05-19T20:01:21+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iotsitewise:CreateProject", "iotsitewise:DescribeProject", "iotsitewise:UpdateProject", "iotsitewise:DeleteProject", "iotsitewise:ListProjects", "iotsitewise:BatchAssociateProjectAssets", "iotsitewise:BatchDisassociateProjectAssets", "iotsitewise:ListProjectAssets", "iotsitewise:CreateDashboard", "iotsitewise:DescribeDashboard", "iotsitewise:UpdateDashboard", "iotsitewise:DeleteDashboard", "iotsitewise:ListDashboards", "iotsitewise:CreateAccessPolicy", "iotsitewise:DescribeAccessPolicy", "iotsitewise:UpdateAccessPolicy", "iotsitewise:DeleteAccessPolicy", "iotsitewise:ListAccessPolicies", "iotsitewise:DescribeAsset", "iotsitewise:ListAssets", "iotsitewise:ListAssociatedAssets", "iotsitewise:DescribeAssetProperty", "iotsitewise:GetAssetPropertyValue", "iotsitewise:GetAssetPropertyValueHistory", "iotsitewise:GetAssetPropertyAggregates", "sso-directory:DescribeUsers" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSIoTSiteWiseMonitorServiceRolePolicy": { "PolicyName": "AWSIoTSiteWiseMonitorServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4CR556M6Y5", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSIoTSiteWiseMonitorServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-14T00:59:10+00:00", "UpdateDate": "2019-12-13T22:19:25+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iotsitewise:CreateProject", "iotsitewise:DescribeProject", "iotsitewise:UpdateProject", "iotsitewise:DeleteProject", "iotsitewise:ListProjects", "iotsitewise:BatchAssociateProjectAssets", "iotsitewise:BatchDisassociateProjectAssets", "iotsitewise:ListProjectAssets", "iotsitewise:CreateDashboard", "iotsitewise:DescribeDashboard", "iotsitewise:UpdateDashboard", "iotsitewise:DeleteDashboard", "iotsitewise:ListDashboards", "iotsitewise:CreateAccessPolicy", "iotsitewise:DescribeAccessPolicy", "iotsitewise:UpdateAccessPolicy", "iotsitewise:DeleteAccessPolicy", "iotsitewise:ListAccessPolicies", "iotsitewise:DescribeAsset", "iotsitewise:ListAssets", "iotsitewise:ListAssociatedAssets", "iotsitewise:DescribeAssetProperty", "iotsitewise:GetAssetPropertyValue", "iotsitewise:GetAssetPropertyValueHistory", "iotsitewise:GetAssetPropertyAggregates", "sso-directory:DescribeUsers" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSIoTSiteWiseReadOnlyAccess": { "PolicyName": "AWSIoTSiteWiseReadOnlyAccess", "PolicyId": "ANPAJLHEAFKME2QL64WKK", "Arn": "arn:aws:iam::aws:policy/AWSIoTSiteWiseReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-12-04T20:55:11+00:00", "UpdateDate": "2018-12-04T20:55:11+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iotsitewise:Describe*", "iotsitewise:List*", "iotsitewise:Get*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSIoTThingsRegistration": { "PolicyName": "AWSIoTThingsRegistration", "PolicyId": "ANPAI3YQXTC5XAEVTJNEU", "Arn": "arn:aws:iam::aws:policy/service-role/AWSIoTThingsRegistration", "Path": "/service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-12-01T20:21:52+00:00", "UpdateDate": "2020-10-05T19:20:12+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:AddThingToThingGroup", "iot:AttachPolicy", "iot:AttachPrincipalPolicy", "iot:AttachThingPrincipal", "iot:CreateCertificateFromCsr", "iot:CreatePolicy", "iot:CreateThing", "iot:DescribeCertificate", "iot:DescribeThing", "iot:DescribeThingGroup", "iot:DescribeThingType", "iot:DetachPolicy", "iot:DetachThingPrincipal", "iot:GetPolicy", "iot:ListAttachedPolicies", "iot:ListPolicyPrincipals", "iot:ListPrincipalPolicies", "iot:ListPrincipalThings", "iot:ListTargetsForPolicy", "iot:ListThingGroupsForThing", "iot:ListThingPrincipals", "iot:RegisterCertificate", "iot:RegisterThing", "iot:RemoveThingFromThingGroup", "iot:UpdateCertificate", "iot:UpdateThing", "iot:UpdateThingGroupsForThing", "iot:AddThingToBillingGroup", "iot:DescribeBillingGroup", "iot:RemoveThingFromBillingGroup" ], "Resource": [ "*" ] } ] }, "VersionId": "v3" }, "AWSIoTWirelessDataAccess": { "PolicyName": "AWSIoTWirelessDataAccess", "PolicyId": "ANPAZKAPJZG4HH6GBXNUO", "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessDataAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-15T15:31:39+00:00", "UpdateDate": "2020-12-15T15:31:39+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iotwireless:SendDataToWirelessDevice" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSIoTWirelessFullAccess": { "PolicyName": "AWSIoTWirelessFullAccess", "PolicyId": "ANPAZKAPJZG4L5RZVVSRQ", "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-15T15:27:57+00:00", "UpdateDate": "2020-12-15T15:27:57+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iotwireless:*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSIoTWirelessFullPublishAccess": { "PolicyName": "AWSIoTWirelessFullPublishAccess", "PolicyId": "ANPAZKAPJZG4JSRC2FZ22", "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessFullPublishAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-15T15:29:59+00:00", "UpdateDate": "2020-12-15T15:29:59+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:DescribeEndpoint", "iot:Publish" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSIoTWirelessGatewayCertManager": { "PolicyName": "AWSIoTWirelessGatewayCertManager", "PolicyId": "ANPAZKAPJZG4O6BH33Y6U", "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessGatewayCertManager", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-15T15:30:48+00:00", "UpdateDate": "2020-12-15T15:30:48+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "IoTWirelessGatewayCertManager", "Effect": "Allow", "Action": [ "iot:CreateKeysAndCertificate", "iot:DescribeCertificate", "iot:ListCertificates" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSIoTWirelessLogging": { "PolicyName": "AWSIoTWirelessLogging", "PolicyId": "ANPAZKAPJZG4L3X44AIHR", "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessLogging", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-15T15:32:40+00:00", "UpdateDate": "2020-12-15T15:32:40+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/iotwireless*" } ] }, "VersionId": "v1" }, "AWSIoTWirelessReadOnlyAccess": { "PolicyName": "AWSIoTWirelessReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4FJYYSL3ZA", "Arn": "arn:aws:iam::aws:policy/AWSIoTWirelessReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-15T15:28:56+00:00", "UpdateDate": "2020-12-15T15:28:56+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iotwireless:List*", "iotwireless:Get*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy": { "PolicyName": "AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy", "PolicyId": "ANPAIADMJEHVVYK5AUQOO", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSKeyManagementServiceCustomKeyStoresServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-14T20:10:53+00:00", "UpdateDate": "2018-11-14T20:10:53+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudhsm:Describe*", "ec2:CreateNetworkInterface", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateSecurityGroup", "ec2:DescribeSecurityGroups", "ec2:RevokeSecurityGroupEgress", "ec2:DeleteSecurityGroup" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy": { "PolicyName": "AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4P3NRAIDRH", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSKeyManagementServiceMultiRegionKeysServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-06-16T15:37:37+00:00", "UpdateDate": "2021-06-16T15:37:37+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kms:SynchronizeMultiRegionKey" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSKeyManagementServicePowerUser": { "PolicyName": "AWSKeyManagementServicePowerUser", "PolicyId": "ANPAJNPP7PPPPMJRV2SA4", "Arn": "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:40+00:00", "UpdateDate": "2017-03-07T00:55:11+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kms:CreateAlias", "kms:CreateKey", "kms:DeleteAlias", "kms:Describe*", "kms:GenerateRandom", "kms:Get*", "kms:List*", "kms:TagResource", "kms:UntagResource", "iam:ListGroups", "iam:ListRoles", "iam:ListUsers" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSLakeFormationCrossAccountManager": { "PolicyName": "AWSLakeFormationCrossAccountManager", "PolicyId": "ANPAZKAPJZG4HPT7Y7QL3", "Arn": "arn:aws:iam::aws:policy/AWSLakeFormationCrossAccountManager", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-08-04T20:59:46+00:00", "UpdateDate": "2020-12-07T23:11:36+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ram:CreateResourceShare" ], "Resource": "*", "Condition": { "StringLikeIfExists": { "ram:RequestedResourceType": [ "glue:Table", "glue:Database", "glue:Catalog" ] } } }, { "Effect": "Allow", "Action": [ "ram:UpdateResourceShare", "ram:DeleteResourceShare" ], "Resource": "*", "Condition": { "StringLike": { "ram:ResourceShareName": [ "LakeFormation*" ] } } }, { "Effect": "Allow", "Action": [ "glue:PutResourcePolicy", "glue:DeleteResourcePolicy", "organizations:DescribeOrganization", "organizations:DescribeAccount", "ram:Get*", "ram:List*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "organizations:ListRoots", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AWSLakeFormationDataAdmin": { "PolicyName": "AWSLakeFormationDataAdmin", "PolicyId": "ANPAZKAPJZG4OWCH3ENIA", "Arn": "arn:aws:iam::aws:policy/AWSLakeFormationDataAdmin", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-08-08T17:33:44+00:00", "UpdateDate": "2019-12-16T22:41:40+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lakeformation:*", "cloudtrail:DescribeTrails", "cloudtrail:LookupEvents", "glue:GetDatabase", "glue:GetDatabases", "glue:CreateDatabase", "glue:UpdateDatabase", "glue:DeleteDatabase", "glue:GetConnections", "glue:SearchTables", "glue:GetTable", "glue:CreateTable", "glue:UpdateTable", "glue:DeleteTable", "glue:GetTableVersions", "glue:GetPartitions", "glue:GetTables", "glue:GetWorkflow", "glue:ListWorkflows", "glue:BatchGetWorkflows", "glue:DeleteWorkflow", "glue:GetWorkflowRuns", "glue:StartWorkflowRun", "glue:GetWorkflow", "s3:ListBucket", "s3:GetBucketLocation", "s3:ListAllMyBuckets", "s3:GetBucketAcl", "iam:ListUsers", "iam:ListRoles", "iam:GetRole", "iam:GetRolePolicy" ], "Resource": "*" }, { "Effect": "Deny", "Action": [ "lakeformation:PutDataLakeSettings" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSLambdaBasicExecutionRole": { "PolicyName": "AWSLambdaBasicExecutionRole", "PolicyId": "ANPAJNCQGXC42545SKXIK", "Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 5, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-04-09T15:03:43+00:00", "UpdateDate": "2015-04-09T15:03:43+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSLambdaDynamoDBExecutionRole": { "PolicyName": "AWSLambdaDynamoDBExecutionRole", "PolicyId": "ANPAIP7WNAGMIPYNW4WQG", "Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-04-09T15:09:29+00:00", "UpdateDate": "2015-04-09T15:09:29+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:DescribeStream", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:ListStreams", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSLambdaENIManagementAccess": { "PolicyName": "AWSLambdaENIManagementAccess", "PolicyId": "ANPAJXAW2Q3KPTURUT2QC", "Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaENIManagementAccess", "Path": "/service-role/", "DefaultVersionId": "v2", "AttachmentCount": 4, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-12-06T00:37:27+00:00", "UpdateDate": "2020-10-01T20:07:26+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", "ec2:AssignPrivateIpAddresses", "ec2:UnassignPrivateIpAddresses" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSLambdaExecute": { "PolicyName": "AWSLambdaExecute", "PolicyId": "ANPAJE5FX7FQZSU5XAKGO", "Arn": "arn:aws:iam::aws:policy/AWSLambdaExecute", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:46+00:00", "UpdateDate": "2015-02-06T18:40:46+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:*" ], "Resource": "arn:aws:logs:*:*:*" }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject" ], "Resource": "arn:aws:s3:::*" } ] }, "VersionId": "v1" }, "AWSLambdaInvocation-DynamoDB": { "PolicyName": "AWSLambdaInvocation-DynamoDB", "PolicyId": "ANPAJTHQ3EKCQALQDYG5G", "Arn": "arn:aws:iam::aws:policy/AWSLambdaInvocation-DynamoDB", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:47+00:00", "UpdateDate": "2015-02-06T18:40:47+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lambda:InvokeFunction" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "dynamodb:DescribeStream", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:ListStreams" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSLambdaKinesisExecutionRole": { "PolicyName": "AWSLambdaKinesisExecutionRole", "PolicyId": "ANPAJHOLKJPXV4GBRMJUQ", "Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole", "Path": "/service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-04-09T15:14:16+00:00", "UpdateDate": "2018-11-19T20:09:24+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kinesis:DescribeStream", "kinesis:DescribeStreamSummary", "kinesis:GetRecords", "kinesis:GetShardIterator", "kinesis:ListShards", "kinesis:ListStreams", "kinesis:SubscribeToShard", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSLambdaMSKExecutionRole": { "PolicyName": "AWSLambdaMSKExecutionRole", "PolicyId": "ANPAZKAPJZG4FHMXOHIS5", "Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaMSKExecutionRole", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-08-11T17:35:05+00:00", "UpdateDate": "2020-08-11T17:35:05+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kafka:DescribeCluster", "kafka:GetBootstrapBrokers", "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DescribeVpcs", "ec2:DeleteNetworkInterface", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSLambdaReplicator": { "PolicyName": "AWSLambdaReplicator", "PolicyId": "ANPAIIQFXZNNLL3E2HKTG", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLambdaReplicator", "Path": "/aws-service-role/", "DefaultVersionId": "v3", "AttachmentCount": 1, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-05-23T17:53:03+00:00", "UpdateDate": "2017-12-08T00:17:54+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "LambdaCreateDeletePermission", "Effect": "Allow", "Action": [ "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:DisableReplication" ], "Resource": [ "arn:aws:lambda:*:*:function:*" ] }, { "Sid": "IamPassRolePermission", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "*" ], "Condition": { "StringLikeIfExists": { "iam:PassedToService": "lambda.amazonaws.com" } } }, { "Sid": "CloudFrontListDistributions", "Effect": "Allow", "Action": [ "cloudfront:ListDistributionsByLambdaFunction" ], "Resource": [ "*" ] } ] }, "VersionId": "v3" }, "AWSLambdaRole": { "PolicyName": "AWSLambdaRole", "PolicyId": "ANPAJX4DPCRGTC4NFDUXI", "Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaRole", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 1, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:28+00:00", "UpdateDate": "2015-02-06T18:41:28+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lambda:InvokeFunction" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSLambdaSQSQueueExecutionRole": { "PolicyName": "AWSLambdaSQSQueueExecutionRole", "PolicyId": "ANPAJFWJZI6JNND4TSELK", "Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-06-14T21:50:45+00:00", "UpdateDate": "2018-06-14T21:50:45+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:GetQueueAttributes", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSLambdaVPCAccessExecutionRole": { "PolicyName": "AWSLambdaVPCAccessExecutionRole", "PolicyId": "ANPAJVTME3YLVNL72YR2K", "Arn": "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole", "Path": "/service-role/", "DefaultVersionId": "v2", "AttachmentCount": 2, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-02-11T23:15:26+00:00", "UpdateDate": "2020-10-15T22:53:03+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", "ec2:AssignPrivateIpAddresses", "ec2:UnassignPrivateIpAddresses" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSLambda_FullAccess": { "PolicyName": "AWSLambda_FullAccess", "PolicyId": "ANPAZKAPJZG4OXQPYWZ5D", "Arn": "arn:aws:iam::aws:policy/AWSLambda_FullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 1, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-11-17T21:14:08+00:00", "UpdateDate": "2020-11-17T21:14:08+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudformation:DescribeStacks", "cloudformation:ListStackResources", "cloudwatch:ListMetrics", "cloudwatch:GetMetricData", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "kms:ListAliases", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies", "iam:ListRolePolicies", "iam:ListRoles", "lambda:*", "logs:DescribeLogGroups", "states:DescribeStateMachine", "states:ListStateMachines", "tag:GetResources", "xray:GetTraceSummaries", "xray:BatchGetTraces" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "lambda.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "logs:DescribeLogStreams", "logs:GetLogEvents", "logs:FilterLogEvents" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/*" } ] }, "VersionId": "v1" }, "AWSLambda_ReadOnlyAccess": { "PolicyName": "AWSLambda_ReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4IERNVMNPE", "Arn": "arn:aws:iam::aws:policy/AWSLambda_ReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-11-17T21:10:32+00:00", "UpdateDate": "2020-11-17T21:10:32+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudformation:DescribeStacks", "cloudformation:ListStackResources", "cloudwatch:GetMetricData", "cloudwatch:ListMetrics", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "kms:ListAliases", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies", "iam:ListRolePolicies", "iam:ListRoles", "logs:DescribeLogGroups", "lambda:Get*", "lambda:List*", "states:DescribeStateMachine", "states:ListStateMachines", "tag:GetResources", "xray:GetTraceSummaries", "xray:BatchGetTraces" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "logs:DescribeLogStreams", "logs:GetLogEvents", "logs:FilterLogEvents" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/*" } ] }, "VersionId": "v1" }, "AWSLicenseManagerConsumptionPolicy": { "PolicyName": "AWSLicenseManagerConsumptionPolicy", "PolicyId": "ANPAZKAPJZG4KWNLLSDDM", "Arn": "arn:aws:iam::aws:policy/service-role/AWSLicenseManagerConsumptionPolicy", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-08-11T23:18:08+00:00", "UpdateDate": "2021-08-11T23:18:08+00:00", "Document": { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": [ "license-manager:CheckoutLicense", "license-manager:CheckInLicense", "license-manager:ExtendLicenseConsumption", "license-manager:GetLicense" ], "Resource": "*" } }, "VersionId": "v1" }, "AWSLicenseManagerMasterAccountRolePolicy": { "PolicyName": "AWSLicenseManagerMasterAccountRolePolicy", "PolicyId": "ANPAIJE2NOZW2BDEHYUH2", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerMasterAccountRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-26T19:03:51+00:00", "UpdateDate": "2019-08-29T22:56:41+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "S3BucketPermissions", "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:ListBucket", "s3:GetLifecycleConfiguration", "s3:PutLifecycleConfiguration", "s3:GetBucketPolicy", "s3:PutBucketPolicy" ], "Resource": [ "arn:aws:s3:::aws-license-manager-service-*" ] }, { "Sid": "S3ObjectPermissions1", "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:PutObject", "s3:GetObject", "s3:ListBucketMultipartUploads", "s3:ListMultipartUploadParts" ], "Resource": [ "arn:aws:s3:::aws-license-manager-service-*" ] }, { "Sid": "S3ObjectPermissions2", "Effect": "Allow", "Action": [ "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::aws-license-manager-service-*/resource_sync/*" ] }, { "Sid": "AthenaPermissions", "Effect": "Allow", "Action": [ "athena:GetQueryExecution", "athena:GetQueryResults", "athena:StartQueryExecution" ], "Resource": [ "*" ] }, { "Sid": "GluePermissions", "Effect": "Allow", "Action": [ "glue:GetTable", "glue:GetPartition", "glue:GetPartitions" ], "Resource": [ "*" ] }, { "Sid": "OrganizationPermissions", "Effect": "Allow", "Action": [ "organizations:DescribeOrganization", "organizations:ListAccounts", "organizations:DescribeAccount", "organizations:ListChildren", "organizations:ListParents", "organizations:ListAccountsForParent", "organizations:ListRoots", "organizations:ListAWSServiceAccessForOrganization" ], "Resource": [ "*" ] }, { "Sid": "RAMPermissions1", "Effect": "Allow", "Action": [ "ram:GetResourceShares", "ram:GetResourceShareAssociations", "ram:TagResource" ], "Resource": [ "*" ] }, { "Sid": "RAMPermissions2", "Effect": "Allow", "Action": [ "ram:CreateResourceShare" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "aws:RequestTag/Service": "LicenseManager" } } }, { "Sid": "RAMPermissions3", "Effect": "Allow", "Action": [ "ram:AssociateResourceShare", "ram:DisassociateResourceShare", "ram:UpdateResourceShare", "ram:DeleteResourceShare" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "ram:ResourceTag/Service": "LicenseManager" } } }, { "Sid": "IAMGetRoles", "Effect": "Allow", "Action": [ "iam:GetRole" ], "Resource": [ "*" ] }, { "Sid": "IAMPassRoles", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/LicenseManagerServiceResourceDataSyncRole*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "cloudformation.amazonaws.com", "glue.amazonaws.com" ] } } }, { "Sid": "CloudformationPermission", "Effect": "Allow", "Action": [ "cloudformation:UpdateStack", "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStacks" ], "Resource": [ "arn:aws:cloudformation:*:*:stack/LicenseManagerCrossAccountCloudDiscoveryStack/*" ] }, { "Sid": "GlueUpdatePermissions", "Effect": "Allow", "Action": [ "glue:CreateTable", "glue:UpdateTable", "glue:DeleteTable", "glue:UpdateJob", "glue:UpdateCrawler" ], "Resource": [ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:crawler/LicenseManagerResourceSynDataCrawler", "arn:aws:glue:*:*:job/LicenseManagerResourceSynDataProcessJob", "arn:aws:glue:*:*:table/license_manager_resource_inventory_db/*", "arn:aws:glue:*:*:table/license_manager_resource_sync/*", "arn:aws:glue:*:*:database/license_manager_resource_inventory_db", "arn:aws:glue:*:*:database/license_manager_resource_sync" ] } ] }, "VersionId": "v3" }, "AWSLicenseManagerMemberAccountRolePolicy": { "PolicyName": "AWSLicenseManagerMemberAccountRolePolicy", "PolicyId": "ANPAJZTYEY2LEGBYAVUY4", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerMemberAccountRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-26T19:04:32+00:00", "UpdateDate": "2019-11-15T22:09:32+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "LicenseManagerPermissions", "Effect": "Allow", "Action": [ "license-manager:UpdateLicenseSpecificationsForResource", "license-manager:GetLicenseConfiguration" ], "Resource": [ "*" ] }, { "Sid": "SSMPermissions", "Effect": "Allow", "Action": [ "ssm:ListInventoryEntries", "ssm:GetInventory", "ssm:CreateAssociation", "ssm:CreateResourceDataSync", "ssm:DeleteResourceDataSync", "ssm:ListResourceDataSync", "ssm:ListAssociations" ], "Resource": [ "*" ] }, { "Sid": "RAMPermissions", "Effect": "Allow", "Action": [ "ram:AcceptResourceShareInvitation", "ram:GetResourceShareInvitations" ], "Resource": [ "*" ] } ] }, "VersionId": "v2" }, "AWSLicenseManagerServiceRolePolicy": { "PolicyName": "AWSLicenseManagerServiceRolePolicy", "PolicyId": "ANPAIM7JPETWHTYNBQSZE", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSLicenseManagerServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v7", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-26T19:02:53+00:00", "UpdateDate": "2021-07-30T01:43:19+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "IAMPermissions", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/license-management.marketplace.amazonaws.com/AWSServiceRoleForMarketplaceLicenseManagement" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "license-management.marketplace.amazonaws.com" } } }, { "Sid": "IAMPermissionsForCreatingMemberSLR", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:*:iam::*:role/aws-service-role/license-manager.member-account.amazonaws.com/AWSServiceRoleForAWSLicenseManagerMemberAccountRole" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "license-manager.member-account.amazonaws.com" } } }, { "Sid": "S3BucketPermissions1", "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::aws-license-manager-service-*" ] }, { "Sid": "S3BucketPermissions2", "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets" ], "Resource": [ "*" ] }, { "Sid": "S3ObjectPermissions", "Effect": "Allow", "Action": [ "s3:PutObject" ], "Resource": [ "arn:aws:s3:::aws-license-manager-service-*" ] }, { "Sid": "SNSAccountPermissions", "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": [ "arn:aws:sns:*:*:aws-license-manager-service-*" ] }, { "Sid": "SNSTopicPermissions", "Effect": "Allow", "Action": [ "sns:ListTopics" ], "Resource": [ "*" ] }, { "Sid": "EC2Permissions", "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:DescribeImages", "ec2:DescribeHosts" ], "Resource": [ "*" ] }, { "Sid": "SSMPermissions", "Effect": "Allow", "Action": [ "ssm:ListInventoryEntries", "ssm:GetInventory", "ssm:CreateAssociation" ], "Resource": [ "*" ] }, { "Sid": "OrganizationPermissions", "Effect": "Allow", "Action": [ "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeOrganization", "organizations:ListDelegatedAdministrators" ], "Resource": [ "*" ] }, { "Sid": "LicenseManagerPermissions", "Effect": "Allow", "Action": [ "license-manager:GetServiceSettings", "license-manager:GetLicense*", "license-manager:UpdateLicenseSpecificationsForResource", "license-manager:List*" ], "Resource": [ "*" ] } ] }, "VersionId": "v7" }, "AWSMarketplaceAmiIngestion": { "PolicyName": "AWSMarketplaceAmiIngestion", "PolicyId": "ANPAZKAPJZG4AV3OZYWEM", "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceAmiIngestion", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-09-25T20:55:10+00:00", "UpdateDate": "2020-09-25T20:55:10+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ec2:ModifySnapshotAttribute" ], "Effect": "Allow", "Resource": "arn:aws:ec2:us-east-1::snapshot/snap-*" }, { "Action": [ "ec2:DescribeImageAttribute", "ec2:DescribeImages", "ec2:DescribeSnapshotAttribute", "ec2:ModifyImageAttribute" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSMarketplaceFullAccess": { "PolicyName": "AWSMarketplaceFullAccess", "PolicyId": "ANPAI2DV5ULJSO2FYVPYG", "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceFullAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-11T17:21:45+00:00", "UpdateDate": "2018-08-08T21:13:02+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace:*", "cloudformation:CreateStack", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks", "cloudformation:List*", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DeleteSecurityGroup", "ec2:DescribeAccountAttributes", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcs", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CopyImage", "ec2:DeregisterImage", "ec2:DescribeSnapshots", "ec2:DeleteSnapshot", "ec2:CreateImage", "ec2:DescribeInstanceStatus", "ssm:GetAutomationExecution", "ssm:UpdateDocumentDefaultVersion", "ssm:CreateDocument", "ssm:StartAutomationExecution", "ssm:ListDocuments", "ssm:UpdateDocument", "ssm:DescribeDocument", "sns:ListTopics", "sns:GetTopicAttributes", "sns:CreateTopic", "iam:GetRole", "iam:GetInstanceProfile", "iam:ListRoles", "iam:ListInstanceProfiles" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::*image-build*" ] }, { "Effect": "Allow", "Action": [ "sns:Publish", "sns:setTopicAttributes" ], "Resource": "arn:aws:sns:*:*:*image-build*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "*" ], "Condition": { "StringLike": { "iam:PassedToService": [ "ec2.amazonaws.com", "ssm.amazonaws.com" ] } } } ] }, "VersionId": "v3" }, "AWSMarketplaceGetEntitlements": { "PolicyName": "AWSMarketplaceGetEntitlements", "PolicyId": "ANPAJLPIMQE4WMHDC2K7C", "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceGetEntitlements", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-03-27T19:37:24+00:00", "UpdateDate": "2017-03-27T19:37:24+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "aws-marketplace:GetEntitlements" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSMarketplaceImageBuildFullAccess": { "PolicyName": "AWSMarketplaceImageBuildFullAccess", "PolicyId": "ANPAI4QBMJWC3BNHBHN6I", "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceImageBuildFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-07-31T23:29:49+00:00", "UpdateDate": "2018-08-08T21:11:59+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace:ListBuilds", "aws-marketplace:StartBuild", "aws-marketplace:DescribeBuilds" ], "Resource": "*" }, { "Effect": "Allow", "Action": "ec2:TerminateInstances", "Resource": "*", "Condition": { "StringLike": { "ec2:ResourceTag/marketplace-image-build:build-id": "*" } } }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": [ "arn:aws:iam::*:role/*Automation*", "arn:aws:iam::*:role/*Instance*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "ec2.amazonaws.com", "ssm.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "ssm:GetAutomationExecution", "ssm:CreateDocument", "ssm:StartAutomationExecution", "ssm:ListDocuments", "ssm:UpdateDocument", "ssm:UpdateDocumentDefaultVersion", "ssm:DescribeDocument", "ec2:DeregisterImage", "ec2:CopyImage", "ec2:DescribeSnapshots", "ec2:DescribeSecurityGroups", "ec2:DescribeImages", "ec2:DescribeSubnets", "ec2:DeleteSnapshot", "ec2:CreateImage", "ec2:RunInstances", "ec2:DescribeInstanceStatus", "sns:GetTopicAttributes", "iam:GetRole", "iam:GetInstanceProfile" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::*image-build*" ] }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": [ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*:*:instance/*" ] }, { "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": [ "arn:aws:sns:*:*:*image-build*" ] } ] }, "VersionId": "v2" }, "AWSMarketplaceLicenseManagementServiceRolePolicy": { "PolicyName": "AWSMarketplaceLicenseManagementServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4DTCV6FSO7", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSMarketplaceLicenseManagementServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-03T08:33:40+00:00", "UpdateDate": "2020-12-03T08:33:40+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowLicenseManagerActions", "Effect": "Allow", "Action": [ "organizations:DescribeOrganization", "license-manager:ListReceivedGrants", "license-manager:ListDistributedGrants", "license-manager:GetGrant", "license-manager:CreateGrant", "license-manager:CreateGrantVersion", "license-manager:DeleteGrant", "license-manager:AcceptGrant" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSMarketplaceManageSubscriptions": { "PolicyName": "AWSMarketplaceManageSubscriptions", "PolicyId": "ANPAJRDW2WIFN7QLUAKBQ", "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceManageSubscriptions", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:32+00:00", "UpdateDate": "2019-10-28T21:49:43+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "aws-marketplace:ViewSubscriptions", "aws-marketplace:Subscribe", "aws-marketplace:Unsubscribe" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "aws-marketplace:CreatePrivateMarketplaceRequests", "aws-marketplace:ListPrivateMarketplaceRequests", "aws-marketplace:DescribePrivateMarketplaceRequests" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v2" }, "AWSMarketplaceMeteringFullAccess": { "PolicyName": "AWSMarketplaceMeteringFullAccess", "PolicyId": "ANPAJ65YJPG7CC7LDXNA6", "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-03-17T22:39:22+00:00", "UpdateDate": "2016-03-17T22:39:22+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "aws-marketplace:MeterUsage" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSMarketplaceMeteringRegisterUsage": { "PolicyName": "AWSMarketplaceMeteringRegisterUsage", "PolicyId": "ANPAZKAPJZG4OIHJX73MZ", "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceMeteringRegisterUsage", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-21T01:17:54+00:00", "UpdateDate": "2019-11-21T01:17:54+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "aws-marketplace:RegisterUsage" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSMarketplaceProcurementSystemAdminFullAccess": { "PolicyName": "AWSMarketplaceProcurementSystemAdminFullAccess", "PolicyId": "ANPAZKAPJZG4FIYNR3TC4", "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceProcurementSystemAdminFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-06-25T13:07:47+00:00", "UpdateDate": "2019-06-25T13:07:47+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace:PutProcurementSystemConfiguration", "aws-marketplace:DescribeProcurementSystemConfiguration", "organizations:Describe*", "organizations:List*" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSMarketplaceRead-only": { "PolicyName": "AWSMarketplaceRead-only", "PolicyId": "ANPAJOOM6LETKURTJ3XZ2", "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceRead-only", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:31+00:00", "UpdateDate": "2019-10-28T21:51:31+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Resource": "*", "Action": [ "aws-marketplace:ViewSubscriptions", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Effect": "Allow" }, { "Resource": "*", "Effect": "Allow", "Action": [ "aws-marketplace:ListBuilds", "aws-marketplace:DescribeBuilds", "iam:ListRoles", "iam:ListInstanceProfiles", "sns:GetTopicAttributes", "sns:ListTopics" ] }, { "Resource": "*", "Effect": "Allow", "Action": [ "aws-marketplace:ListPrivateMarketplaceRequests", "aws-marketplace:DescribePrivateMarketplaceRequests" ] } ] }, "VersionId": "v3" }, "AWSMarketplaceSellerFullAccess": { "PolicyName": "AWSMarketplaceSellerFullAccess", "PolicyId": "ANPAZKAPJZG4JF7OFUANW", "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceSellerFullAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-07-02T20:40:09+00:00", "UpdateDate": "2020-10-09T22:23:38+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace-management:uploadFiles", "aws-marketplace-management:viewMarketing", "aws-marketplace-management:viewReports", "aws-marketplace-management:viewSupport", "aws-marketplace-management:viewSettings", "aws-marketplace:ListChangeSets", "aws-marketplace:DescribeChangeSet", "aws-marketplace:StartChangeSet", "aws-marketplace:CancelChangeSet", "aws-marketplace:ListEntities", "aws-marketplace:DescribeEntity", "aws-marketplace:ListTasks", "aws-marketplace:DescribeTask", "aws-marketplace:UpdateTask", "aws-marketplace:CompleteTask", "ec2:DescribeImages", "ec2:DescribeSnapshots", "ec2:ModifyImageAttribute", "ec2:ModifySnapshotAttribute" ], "Resource": "*" }, { "Action": [ "aws-marketplace:SearchAgreements", "aws-marketplace:DescribeAgreement", "aws-marketplace:GetAgreementTerms" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "aws-marketplace:PartyType": "Proposer" }, "ForAllValues:StringEquals": { "aws-marketplace:AgreementType": [ "PurchaseAgreement" ] } } }, { "Effect": "Allow", "Action": [ "iam:GetRole", "iam:PassRole" ], "Resource": "arn:aws:iam::*:role/*", "Condition": { "StringEquals": { "iam:PassedToService": "assets.marketplace.amazonaws.com" } } } ] }, "VersionId": "v4" }, "AWSMarketplaceSellerProductsFullAccess": { "PolicyName": "AWSMarketplaceSellerProductsFullAccess", "PolicyId": "ANPAZKAPJZG4DS2YFEG4N", "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceSellerProductsFullAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-07-02T21:06:25+00:00", "UpdateDate": "2020-10-09T22:22:38+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace:ListChangeSets", "aws-marketplace:DescribeChangeSet", "aws-marketplace:StartChangeSet", "aws-marketplace:CancelChangeSet", "aws-marketplace:ListEntities", "aws-marketplace:DescribeEntity", "aws-marketplace:ListTasks", "aws-marketplace:DescribeTask", "aws-marketplace:UpdateTask", "aws-marketplace:CompleteTask", "ec2:DescribeImages", "ec2:DescribeSnapshots", "ec2:ModifyImageAttribute", "ec2:ModifySnapshotAttribute" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:GetRole", "iam:PassRole" ], "Resource": "arn:aws:iam::*:role/*", "Condition": { "StringEquals": { "iam:PassedToService": "assets.marketplace.amazonaws.com" } } } ] }, "VersionId": "v3" }, "AWSMarketplaceSellerProductsReadOnly": { "PolicyName": "AWSMarketplaceSellerProductsReadOnly", "PolicyId": "ANPAZKAPJZG4K5Y2Q5F7D", "Arn": "arn:aws:iam::aws:policy/AWSMarketplaceSellerProductsReadOnly", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-07-02T21:40:47+00:00", "UpdateDate": "2020-03-05T23:11:53+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace:ListChangeSets", "aws-marketplace:DescribeChangeSet", "aws-marketplace:ListEntities", "aws-marketplace:DescribeEntity", "aws-marketplace:ListTasks", "aws-marketplace:DescribeTask", "ec2:DescribeImages", "ec2:DescribeSnapshots" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSMigrationHubDMSAccess": { "PolicyName": "AWSMigrationHubDMSAccess", "PolicyId": "ANPAIUQB56VA4JHLN7G2W", "Arn": "arn:aws:iam::aws:policy/service-role/AWSMigrationHubDMSAccess", "Path": "/service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-08-14T14:00:06+00:00", "UpdateDate": "2019-10-07T17:51:53+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "mgh:CreateProgressUpdateStream" ], "Effect": "Allow", "Resource": "arn:aws:mgh:*:*:progressUpdateStream/DMS" }, { "Action": [ "mgh:AssociateCreatedArtifact", "mgh:DescribeMigrationTask", "mgh:DisassociateCreatedArtifact", "mgh:ImportMigrationTask", "mgh:ListCreatedArtifacts", "mgh:NotifyMigrationTaskState", "mgh:PutResourceAttributes", "mgh:NotifyApplicationState", "mgh:DescribeApplicationState", "mgh:AssociateDiscoveredResource", "mgh:DisassociateDiscoveredResource", "mgh:ListDiscoveredResources" ], "Effect": "Allow", "Resource": "arn:aws:mgh:*:*:progressUpdateStream/DMS/*" }, { "Action": [ "mgh:ListMigrationTasks", "mgh:GetHomeRegion" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v2" }, "AWSMigrationHubDiscoveryAccess": { "PolicyName": "AWSMigrationHubDiscoveryAccess", "PolicyId": "ANPAITRMRLSV7JAL6YIGG", "Arn": "arn:aws:iam::aws:policy/service-role/AWSMigrationHubDiscoveryAccess", "Path": "/service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-08-14T13:30:51+00:00", "UpdateDate": "2020-08-06T17:34:42+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "discovery:ListConfigurations", "discovery:DescribeConfigurations" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:volume/*" ], "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": "aws:migrationhub:source-id" } } }, { "Effect": "Allow", "Action": "dms:AddTagsToResource", "Resource": [ "arn:aws:dms:*:*:endpoint:*" ], "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": "aws:migrationhub:source-id" } } }, { "Effect": "Allow", "Action": [ "ec2:DescribeInstanceAttribute" ], "Resource": [ "*" ] } ] }, "VersionId": "v3" }, "AWSMigrationHubFullAccess": { "PolicyName": "AWSMigrationHubFullAccess", "PolicyId": "ANPAJ4A2SZKHUYHDYIGOK", "Arn": "arn:aws:iam::aws:policy/AWSMigrationHubFullAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-08-14T14:02:54+00:00", "UpdateDate": "2019-06-19T21:14:41+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "mgh:*", "discovery:*" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "iam:GetRole" ], "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*", "Condition": { "StringEquals": { "iam:AWSServiceName": "continuousexport.discovery.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Resource": "arn:aws:iam::*:role/aws-service-role/continuousexport.discovery.amazonaws.com/AWSServiceRoleForApplicationDiscoveryServiceContinuousExport*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "migrationhub.amazonaws.com", "dmsintegration.migrationhub.amazonaws.com", "smsintegration.migrationhub.amazonaws.com" ] } } } ] }, "VersionId": "v4" }, "AWSMigrationHubSMSAccess": { "PolicyName": "AWSMigrationHubSMSAccess", "PolicyId": "ANPAIWQYYT6TSVIRJO4TY", "Arn": "arn:aws:iam::aws:policy/service-role/AWSMigrationHubSMSAccess", "Path": "/service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-08-14T13:57:54+00:00", "UpdateDate": "2019-10-07T18:01:22+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "mgh:CreateProgressUpdateStream" ], "Effect": "Allow", "Resource": "arn:aws:mgh:*:*:progressUpdateStream/SMS" }, { "Action": [ "mgh:AssociateCreatedArtifact", "mgh:DescribeMigrationTask", "mgh:DisassociateCreatedArtifact", "mgh:ImportMigrationTask", "mgh:ListCreatedArtifacts", "mgh:NotifyMigrationTaskState", "mgh:PutResourceAttributes", "mgh:NotifyApplicationState", "mgh:DescribeApplicationState", "mgh:AssociateDiscoveredResource", "mgh:DisassociateDiscoveredResource", "mgh:ListDiscoveredResources" ], "Effect": "Allow", "Resource": "arn:aws:mgh:*:*:progressUpdateStream/SMS/*" }, { "Action": [ "mgh:ListMigrationTasks", "mgh:GetHomeRegion" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v2" }, "AWSMobileHub_FullAccess": { "PolicyName": "AWSMobileHub_FullAccess", "PolicyId": "ANPAIJLU43R6AGRBK76DM", "Arn": "arn:aws:iam::aws:policy/AWSMobileHub_FullAccess", "Path": "/", "DefaultVersionId": "v14", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-01-05T19:56:01+00:00", "UpdateDate": "2019-12-19T23:15:52+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "apigateway:GET", "apigateway:POST", "cloudfront:GetDistribution", "devicefarm:CreateProject", "devicefarm:ListJobs", "devicefarm:ListRuns", "devicefarm:GetProject", "devicefarm:GetRun", "devicefarm:ListArtifacts", "devicefarm:ListProjects", "devicefarm:ScheduleRun", "dynamodb:DescribeTable", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "iam:ListSAMLProviders", "lambda:ListFunctions", "sns:ListTopics", "lex:GetIntent", "lex:GetIntents", "lex:GetSlotType", "lex:GetSlotTypes", "lex:GetBot", "lex:GetBots", "lex:GetBotAlias", "lex:GetBotAliases", "mobilehub:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": "arn:aws:s3:::*/aws-my-sample-app*.zip" }, { "Effect": "Allow", "Action": [ "s3:PutObject" ], "Resource": "arn:aws:s3:::*-mobilehub-*/*" }, { "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": "arn:aws:s3:::*-mobilehub-*" } ] }, "VersionId": "v14" }, "AWSMobileHub_ReadOnly": { "PolicyName": "AWSMobileHub_ReadOnly", "PolicyId": "ANPAIBXVYVL3PWQFBZFGW", "Arn": "arn:aws:iam::aws:policy/AWSMobileHub_ReadOnly", "Path": "/", "DefaultVersionId": "v10", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-01-05T19:55:48+00:00", "UpdateDate": "2018-07-23T21:59:05+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:DescribeTable", "iam:ListSAMLProviders", "lambda:ListFunctions", "sns:ListTopics", "lex:GetIntent", "lex:GetIntents", "lex:GetSlotType", "lex:GetSlotTypes", "lex:GetBot", "lex:GetBots", "lex:GetBotAlias", "lex:GetBotAliases", "mobilehub:ExportProject", "mobilehub:GenerateProjectParameters", "mobilehub:GetProject", "mobilehub:SynchronizeProject", "mobilehub:GetProjectSnapshot", "mobilehub:ListProjectSnapshots", "mobilehub:ListAvailableConnectors", "mobilehub:ListAvailableFeatures", "mobilehub:ListAvailableRegions", "mobilehub:ListProjects", "mobilehub:ValidateProject", "mobilehub:VerifyServiceRole", "mobilehub:DescribeBundle", "mobilehub:ExportBundle", "mobilehub:ListBundles" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": "arn:aws:s3:::*/aws-my-sample-app*.zip" } ] }, "VersionId": "v10" }, "AWSNetworkFirewallServiceRolePolicy": { "PolicyName": "AWSNetworkFirewallServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4DF6QQZAL3", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSNetworkFirewallServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-11-17T17:17:26+00:00", "UpdateDate": "2020-11-17T17:17:26+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:CreateVpcEndpoint", "ec2:DescribeVpcEndpoints" ], "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", "Condition": { "StringEquals": { "ec2:CreateAction": "CreateVpcEndpoint", "aws:RequestTag/AWSNetworkFirewallManaged": "true" } } }, { "Effect": "Allow", "Action": [ "ec2:DeleteVpcEndpoints" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/AWSNetworkFirewallManaged": "true" } } } ] }, "VersionId": "v1" }, "AWSNetworkManagerFullAccess": { "PolicyName": "AWSNetworkManagerFullAccess", "PolicyId": "ANPAZKAPJZG4ARXJ4NU7I", "Arn": "arn:aws:iam::aws:policy/AWSNetworkManagerFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-03T17:37:58+00:00", "UpdateDate": "2019-12-03T17:37:58+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "networkmanager:*", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "networkmanager.amazonaws.com" ] } } } ] }, "VersionId": "v1" }, "AWSNetworkManagerReadOnlyAccess": { "PolicyName": "AWSNetworkManagerReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4LZFJOS62Z", "Arn": "arn:aws:iam::aws:policy/AWSNetworkManagerReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-03T17:35:05+00:00", "UpdateDate": "2019-12-03T17:35:05+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "networkmanager:Describe*", "networkmanager:Get*", "networkmanager:List*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSNetworkManagerServiceRolePolicy": { "PolicyName": "AWSNetworkManagerServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4B346KOB7I", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSNetworkManagerServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-03T14:03:35+00:00", "UpdateDate": "2021-06-07T16:18:24+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "directconnect:DescribeDirectConnectGateways", "directconnect:DescribeConnections", "directconnect:DescribeDirectConnectGatewayAttachments", "directconnect:DescribeLocations", "directconnect:DescribeVirtualInterfaces", "ec2:DescribeCustomerGateways", "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayRouteTables", "ec2:DescribeTransitGateways", "ec2:DescribeVpnConnections", "ec2:DescribeVpcs", "ec2:GetTransitGatewayRouteTableAssociations", "ec2:SearchTransitGatewayRoutes", "ec2:DescribeTransitGatewayPeeringAttachments", "ec2:DescribeTransitGatewayConnects", "ec2:DescribeTransitGatewayConnectPeers" ], "Resource": "*" } ] }, "VersionId": "v4" }, "AWSOpsWorksCMInstanceProfileRole": { "PolicyName": "AWSOpsWorksCMInstanceProfileRole", "PolicyId": "ANPAICSU3OSHCURP2WIZW", "Arn": "arn:aws:iam::aws:policy/AWSOpsWorksCMInstanceProfileRole", "Path": "/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-11-24T09:48:22+00:00", "UpdateDate": "2021-04-23T17:34:03+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudformation:DescribeStackResource", "cloudformation:SignalResource" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "s3:AbortMultipartUpload", "s3:DeleteObject", "s3:GetObject", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListMultipartUploadParts", "s3:PutObject" ], "Resource": "arn:aws:s3:::aws-opsworks-cm-*", "Effect": "Allow" }, { "Action": "acm:GetCertificate", "Resource": "*", "Effect": "Allow" }, { "Action": "secretsmanager:GetSecretValue", "Resource": "arn:aws:secretsmanager:*:*:opsworks-cm!aws-opsworks-cm-secrets-*", "Effect": "Allow" } ] }, "VersionId": "v5" }, "AWSOpsWorksCMServiceRole": { "PolicyName": "AWSOpsWorksCMServiceRole", "PolicyId": "ANPAJ6I6MPGJE62URSHCO", "Arn": "arn:aws:iam::aws:policy/service-role/AWSOpsWorksCMServiceRole", "Path": "/service-role/", "DefaultVersionId": "v14", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-11-24T09:49:46+00:00", "UpdateDate": "2021-04-23T17:32:13+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Resource": [ "arn:aws:s3:::aws-opsworks-cm-*" ], "Action": [ "s3:CreateBucket", "s3:DeleteObject", "s3:DeleteBucket", "s3:GetObject", "s3:ListBucket", "s3:PutBucketPolicy", "s3:PutObject", "s3:GetBucketTagging", "s3:PutBucketTagging" ] }, { "Effect": "Allow", "Resource": [ "*" ], "Action": [ "tag:UntagResources", "tag:TagResources" ] }, { "Effect": "Allow", "Resource": [ "*" ], "Action": [ "ssm:DescribeInstanceInformation", "ssm:GetCommandInvocation", "ssm:ListCommandInvocations", "ssm:ListCommands" ] }, { "Effect": "Allow", "Resource": [ "*" ], "Condition": { "StringLike": { "ssm:resourceTag/aws:cloudformation:stack-name": "aws-opsworks-cm-*" } }, "Action": [ "ssm:SendCommand" ] }, { "Effect": "Allow", "Resource": [ "arn:aws:ssm:*::document/*", "arn:aws:s3:::aws-opsworks-cm-*" ], "Action": [ "ssm:SendCommand" ] }, { "Effect": "Allow", "Resource": [ "*" ], "Action": [ "ec2:AllocateAddress", "ec2:AssociateAddress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateImage", "ec2:CreateSecurityGroup", "ec2:CreateSnapshot", "ec2:CreateTags", "ec2:DeleteSecurityGroup", "ec2:DeleteSnapshot", "ec2:DeregisterImage", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeImages", "ec2:DescribeInstanceStatus", "ec2:DescribeInstances", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DisassociateAddress", "ec2:ReleaseAddress", "ec2:RunInstances", "ec2:StopInstances" ] }, { "Effect": "Allow", "Resource": [ "*" ], "Condition": { "StringLike": { "ec2:ResourceTag/aws:cloudformation:stack-name": "aws-opsworks-cm-*" } }, "Action": [ "ec2:TerminateInstances", "ec2:RebootInstances" ] }, { "Effect": "Allow", "Resource": [ "arn:aws:opsworks-cm:*:*:server/*" ], "Action": [ "opsworks-cm:DeleteServer", "opsworks-cm:StartMaintenance" ] }, { "Effect": "Allow", "Resource": [ "arn:aws:cloudformation:*:*:stack/aws-opsworks-cm-*" ], "Action": [ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks", "cloudformation:UpdateStack" ] }, { "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/aws-opsworks-cm-*", "arn:aws:iam::*:role/service-role/aws-opsworks-cm-*" ], "Action": [ "iam:PassRole" ] }, { "Effect": "Allow", "Resource": "*", "Action": [ "acm:DeleteCertificate", "acm:ImportCertificate" ] }, { "Effect": "Allow", "Resource": "arn:aws:secretsmanager:*:*:opsworks-cm!aws-opsworks-cm-secrets-*", "Action": [ "secretsmanager:CreateSecret", "secretsmanager:GetSecretValue", "secretsmanager:UpdateSecret", "secretsmanager:DeleteSecret", "secretsmanager:TagResource", "secretsmanager:UntagResource" ] }, { "Effect": "Allow", "Action": "ec2:DeleteTags", "Resource": [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:elastic-ip/*", "arn:aws:ec2:*:*:security-group/*" ] } ] }, "VersionId": "v14" }, "AWSOpsWorksCloudWatchLogs": { "PolicyName": "AWSOpsWorksCloudWatchLogs", "PolicyId": "ANPAJXFIK7WABAY5CPXM4", "Arn": "arn:aws:iam::aws:policy/AWSOpsWorksCloudWatchLogs", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-03-30T17:47:19+00:00", "UpdateDate": "2017-03-30T17:47:19+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Resource": [ "arn:aws:logs:*:*:*" ] } ] }, "VersionId": "v1" }, "AWSOpsWorksInstanceRegistration": { "PolicyName": "AWSOpsWorksInstanceRegistration", "PolicyId": "ANPAJG3LCPVNI4WDZCIMU", "Arn": "arn:aws:iam::aws:policy/AWSOpsWorksInstanceRegistration", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-06-03T14:23:15+00:00", "UpdateDate": "2016-06-03T14:23:15+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "opsworks:DescribeStackProvisioningParameters", "opsworks:DescribeStacks", "opsworks:RegisterInstance" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSOpsWorksRegisterCLI_EC2": { "PolicyName": "AWSOpsWorksRegisterCLI_EC2", "PolicyId": "ANPAZKAPJZG4NCE3CMCRC", "Arn": "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI_EC2", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-06-18T15:56:17+00:00", "UpdateDate": "2019-06-18T15:56:17+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "opsworks:AssignInstance", "opsworks:CreateLayer", "opsworks:DeregisterInstance", "opsworks:DescribeInstances", "opsworks:DescribeStackProvisioningParameters", "opsworks:DescribeStacks", "opsworks:UnassignInstance" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ec2:DescribeInstances" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSOpsWorksRegisterCLI_OnPremises": { "PolicyName": "AWSOpsWorksRegisterCLI_OnPremises", "PolicyId": "ANPAZKAPJZG4EZJ5DYEPG", "Arn": "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI_OnPremises", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-06-18T15:33:16+00:00", "UpdateDate": "2019-06-18T15:33:16+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "opsworks:AssignInstance", "opsworks:CreateLayer", "opsworks:DeregisterInstance", "opsworks:DescribeInstances", "opsworks:DescribeStackProvisioningParameters", "opsworks:DescribeStacks", "opsworks:UnassignInstance" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ec2:DescribeInstances" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "iam:CreateGroup", "iam:AddUserToGroup" ], "Resource": [ "arn:aws:iam::*:group/AWS/OpsWorks/OpsWorks-*" ] }, { "Effect": "Allow", "Action": [ "iam:CreateUser", "iam:CreateAccessKey" ], "Resource": [ "arn:aws:iam::*:user/AWS/OpsWorks/OpsWorks-*" ] }, { "Effect": "Allow", "Action": [ "iam:AttachUserPolicy" ], "Resource": [ "arn:aws:iam::*:user/AWS/OpsWorks/OpsWorks-*" ], "Condition": { "ArnEquals": { "iam:PolicyARN": "arn:aws:iam::aws:policy/AWSOpsWorksInstanceRegistration" } } } ] }, "VersionId": "v1" }, "AWSOpsWorks_FullAccess": { "PolicyName": "AWSOpsWorks_FullAccess", "PolicyId": "ANPAZKAPJZG4D626GOURR", "Arn": "arn:aws:iam::aws:policy/AWSOpsWorks_FullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-01-22T16:29:08+00:00", "UpdateDate": "2021-01-22T16:29:08+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:GetMetricStatistics", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancers", "iam:GetRolePolicy", "iam:ListInstanceProfiles", "iam:ListRoles", "iam:ListUsers", "opsworks:*" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "opsworks.amazonaws.com" } } } ] }, "VersionId": "v1" }, "AWSOrganizationsFullAccess": { "PolicyName": "AWSOrganizationsFullAccess", "PolicyId": "ANPAJZXBNRCJKNLQHSB5M", "Arn": "arn:aws:iam::aws:policy/AWSOrganizationsFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-06T20:31:57+00:00", "UpdateDate": "2018-11-06T20:31:57+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "organizations:*", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSOrganizationsReadOnlyAccess": { "PolicyName": "AWSOrganizationsReadOnlyAccess", "PolicyId": "ANPAJY5RQATUV77PEPVOM", "Arn": "arn:aws:iam::aws:policy/AWSOrganizationsReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-06T20:32:38+00:00", "UpdateDate": "2018-11-06T20:32:38+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "organizations:Describe*", "organizations:List*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSOrganizationsServiceTrustPolicy": { "PolicyName": "AWSOrganizationsServiceTrustPolicy", "PolicyId": "ANPAIQH6ROMVVECFVRJPK", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSOrganizationsServiceTrustPolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 1, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-10-10T23:04:07+00:00", "UpdateDate": "2017-11-01T06:01:18+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowDeletionOfServiceLinkedRoleForOrganizations", "Effect": "Allow", "Action": [ "iam:DeleteRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/organizations.amazonaws.com/*" ] }, { "Sid": "AllowCreationOfServiceLinkedRoles", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSOutpostsServiceRolePolicy": { "PolicyName": "AWSOutpostsServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4NM7FW2RO7", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSOutpostsServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-11-09T22:55:56+00:00", "UpdateDate": "2020-11-09T22:55:56+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSPanoramaApplianceRolePolicy": { "PolicyName": "AWSPanoramaApplianceRolePolicy", "PolicyId": "ANPAZKAPJZG4CWIHTBB4Y", "Arn": "arn:aws:iam::aws:policy/service-role/AWSPanoramaApplianceRolePolicy", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-01T13:13:18+00:00", "UpdateDate": "2020-12-01T13:13:18+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "PanoramaDeviceCreateLogStream", "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/panorama_device*:log-stream:*" }, { "Sid": "PanoramaDeviceCreateLogGroup", "Effect": "Allow", "Action": "logs:CreateLogGroup", "Resource": "arn:aws:logs:*:*:log-group:/aws/panorama_device*" } ] }, "VersionId": "v1" }, "AWSPanoramaFullAccess": { "PolicyName": "AWSPanoramaFullAccess", "PolicyId": "ANPAZKAPJZG4IAPULBSWQ", "Arn": "arn:aws:iam::aws:policy/AWSPanoramaFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-01T13:12:47+00:00", "UpdateDate": "2020-12-01T13:12:47+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "panorama:*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSPanoramaGreengrassGroupRolePolicy": { "PolicyName": "AWSPanoramaGreengrassGroupRolePolicy", "PolicyId": "ANPAZKAPJZG4IRCPXKCEG", "Arn": "arn:aws:iam::aws:policy/service-role/AWSPanoramaGreengrassGroupRolePolicy", "Path": "/service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-01T13:10:22+00:00", "UpdateDate": "2021-01-06T19:30:35+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "PanoramaS3Access", "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetBucket*", "s3:GetObject", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::*aws-panorama*" ] }, { "Sid": "PanoramaCLoudWatchPutDashboard", "Effect": "Allow", "Action": "cloudwatch:PutDashboard", "Resource": [ "arn:aws:cloudwatch::*:dashboard/panorama*" ] }, { "Sid": "PanoramaCloudWatchPutMetricData", "Effect": "Allow", "Action": "cloudwatch:PutMetricData", "Resource": "*" }, { "Sid": "PanoramaGreenGrassCloudWatchAccess", "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents", "logs:CreateLogGroup" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/greengrass/*" }, { "Sid": "PanoramaAccess", "Effect": "Allow", "Action": [ "panorama:*" ], "Resource": [ "*" ] } ] }, "VersionId": "v2" }, "AWSPanoramaSageMakerRolePolicy": { "PolicyName": "AWSPanoramaSageMakerRolePolicy", "PolicyId": "ANPAZKAPJZG4O23KYQMI2", "Arn": "arn:aws:iam::aws:policy/service-role/AWSPanoramaSageMakerRolePolicy", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-01T13:13:54+00:00", "UpdateDate": "2020-12-01T13:13:54+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "PanoramaSageMakerS3Access", "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:GetBucket*" ], "Resource": [ "arn:aws:s3:::*aws-panorama*" ] } ] }, "VersionId": "v1" }, "AWSPanoramaServiceRolePolicy": { "PolicyName": "AWSPanoramaServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4G7G35B6C5", "Arn": "arn:aws:iam::aws:policy/service-role/AWSPanoramaServiceRolePolicy", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-01T13:14:43+00:00", "UpdateDate": "2020-12-01T13:14:43+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "PanoramaIoTThingAccess", "Effect": "Allow", "Action": [ "iot:CreateThing", "iot:DeleteThing", "iot:DeleteThingShadow", "iot:DescribeThing", "iot:GetThingShadow", "iot:UpdateThing", "iot:UpdateThingShadow" ], "Resource": [ "arn:aws:iot:*:*:thing/panorama*" ] }, { "Sid": "PanoramaIoTCertificateAccess", "Effect": "Allow", "Action": [ "iot:AttachThingPrincipal", "iot:DetachThingPrincipal", "iot:UpdateCertificate", "iot:DeleteCertificate", "iot:AttachPrincipalPolicy", "iot:DetachPrincipalPolicy" ], "Resource": [ "arn:aws:iot:*:*:thing/panorama*", "arn:aws:iot:*:*:cert/*" ] }, { "Sid": "PanoramaIoTCreateCertificateAndPolicyAccess", "Effect": "Allow", "Action": [ "iot:CreateKeysAndCertificate", "iot:CreatePolicy" ], "Resource": [ "*" ] }, { "Sid": "PanoramaIoTCreatePolicyVersionAccess", "Effect": "Allow", "Action": [ "iot:CreatePolicyVersion" ], "Resource": [ "arn:aws:iot:*:*:policy/panorama*" ] }, { "Sid": "PanoramaIoTJobAccess", "Effect": "Allow", "Action": [ "iot:DescribeJobExecution", "iot:CreateJob", "iot:DeleteJob" ], "Resource": [ "arn:aws:iot:*:*:job/panorama*", "arn:aws:iot:*:*:thing/panorama*" ] }, { "Sid": "PanoramaIoTEndpointAccess", "Effect": "Allow", "Action": [ "iot:DescribeEndpoint" ], "Resource": [ "*" ] }, { "Sid": "PanoramaAccess", "Effect": "Allow", "Action": [ "panorama:Describe*", "panorama:List*", "panorama:Get*" ], "Resource": [ "*" ] }, { "Sid": "PanoramaS3Access", "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:DeleteBucket", "s3:ListBucket", "s3:GetBucket*", "s3:CreateBucket" ], "Resource": [ "arn:aws:s3:::*aws-panorama*" ] }, { "Sid": "PanoramaIAMPassSageMakerRoleAccess", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/AWSPanoramaSageMakerRole", "arn:aws:iam::*:role/service-role/AWSPanoramaSageMakerRole" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "sagemaker.amazonaws.com" ] } } }, { "Sid": "PanoramaIAMPassGreengrassRoleAccess", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/AWSPanoramaGreengrassGroupRole", "arn:aws:iam::*:role/service-role/AWSPanoramaGreengrassGroupRole", "arn:aws:iam::*:role/AWSPanoramaGreengrassRole", "arn:aws:iam::*:role/service-role/AWSPanoramaGreengrassRole" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "greengrass.amazonaws.com" ] } } }, { "Sid": "PanoramaIAMPassIoTRoleAccess", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/AWSPanoramaApplianceRole", "arn:aws:iam::*:role/service-role/AWSPanoramaApplianceRole" ], "Condition": { "StringEqualsIfExists": { "iam:PassedToService": "iot.amazonaws.com" } } }, { "Sid": "PanoramaGreenGrassAccess", "Effect": "Allow", "Action": [ "greengrass:AssociateRoleToGroup", "greengrass:AssociateServiceRoleToAccount", "greengrass:CreateResourceDefinition", "greengrass:CreateResourceDefinitionVersion", "greengrass:CreateCoreDefinition", "greengrass:CreateCoreDefinitionVersion", "greengrass:CreateDeployment", "greengrass:CreateFunctionDefinition", "greengrass:CreateFunctionDefinitionVersion", "greengrass:CreateGroup", "greengrass:CreateGroupCertificateAuthority", "greengrass:CreateGroupVersion", "greengrass:CreateLoggerDefinition", "greengrass:CreateLoggerDefinitionVersion", "greengrass:CreateSubscriptionDefinition", "greengrass:CreateSubscriptionDefinitionVersion", "greengrass:DeleteCoreDefinition", "greengrass:DeleteFunctionDefinition", "greengrass:DeleteResourceDefinition", "greengrass:DeleteGroup", "greengrass:DeleteLoggerDefinition", "greengrass:DeleteSubscriptionDefinition", "greengrass:DisassociateRoleFromGroup", "greengrass:DisassociateServiceRoleFromAccount", "greengrass:GetAssociatedRole", "greengrass:GetConnectivityInfo", "greengrass:GetCoreDefinition", "greengrass:GetCoreDefinitionVersion", "greengrass:GetDeploymentStatus", "greengrass:GetDeviceDefinition", "greengrass:GetDeviceDefinitionVersion", "greengrass:GetFunctionDefinition", "greengrass:GetFunctionDefinitionVersion", "greengrass:GetGroup", "greengrass:GetGroupCertificateAuthority", "greengrass:GetGroupCertificateConfiguration", "greengrass:GetGroupVersion", "greengrass:GetLoggerDefinition", "greengrass:GetLoggerDefinitionVersion", "greengrass:GetResourceDefinition", "greengrass:GetServiceRoleForAccount", "greengrass:GetSubscriptionDefinition", "greengrass:GetSubscriptionDefinitionVersion", "greengrass:ListCoreDefinitionVersions", "greengrass:ListCoreDefinitions", "greengrass:ListDeployments", "greengrass:ListDeviceDefinitionVersions", "greengrass:ListDeviceDefinitions", "greengrass:ListFunctionDefinitionVersions", "greengrass:ListFunctionDefinitions", "greengrass:ListGroupCertificateAuthorities", "greengrass:ListGroupVersions", "greengrass:ListGroups", "greengrass:ListLoggerDefinitionVersions", "greengrass:ListLoggerDefinitions", "greengrass:ListSubscriptionDefinitionVersions", "greengrass:ListSubscriptionDefinitions", "greengrass:ResetDeployments", "greengrass:UpdateConnectivityInfo", "greengrass:UpdateCoreDefinition", "greengrass:UpdateDeviceDefinition", "greengrass:UpdateFunctionDefinition", "greengrass:UpdateGroup", "greengrass:UpdateGroupCertificateConfiguration", "greengrass:UpdateLoggerDefinition", "greengrass:UpdateSubscriptionDefinition", "greengrass:UpdateResourceDefinition" ], "Resource": [ "*" ] }, { "Sid": "PanoramaLambdaUsersFunctionAccess", "Effect": "Allow", "Action": [ "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:ListFunctions", "lambda:ListVersionsByFunction" ], "Resource": [ "arn:aws:lambda:*:*:function:*" ] }, { "Sid": "PanoramaSageMakerWriteAccess", "Effect": "Allow", "Action": [ "sagemaker:CreateTrainingJob", "sagemaker:StopTrainingJob", "sagemaker:CreateCompilationJob", "sagemaker:DescribeCompilationJob", "sagemaker:StopCompilationJob" ], "Resource": [ "arn:aws:sagemaker:*:*:training-job/panorama*", "arn:aws:sagemaker:*:*:compilation-job/panorama*" ] }, { "Sid": "PanoramaSageMakerListAccess", "Effect": "Allow", "Action": [ "sagemaker:ListCompilationJobs" ], "Resource": [ "*" ] }, { "Sid": "PanoramaSageMakerReadAccess", "Effect": "Allow", "Action": [ "sagemaker:DescribeTrainingJob" ], "Resource": [ "arn:aws:sagemaker:*:*:training-job/*" ] }, { "Sid": "PanoramaCWLogsAccess", "Effect": "Allow", "Action": [ "iot:AttachPolicy", "iot:CreateRoleAlias" ], "Resource": [ "arn:aws:iot:*:*:policy/panorama*", "arn:aws:iot:*:*:rolealias/panorama*" ] } ] }, "VersionId": "v1" }, "AWSPriceListServiceFullAccess": { "PolicyName": "AWSPriceListServiceFullAccess", "PolicyId": "ANPAIADJ4GBYNHKABML3Q", "Arn": "arn:aws:iam::aws:policy/AWSPriceListServiceFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-22T00:36:27+00:00", "UpdateDate": "2017-11-22T00:36:27+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "pricing:*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSPrivateMarketplaceAdminFullAccess": { "PolicyName": "AWSPrivateMarketplaceAdminFullAccess", "PolicyId": "ANPAJ6VRZDDCYDOVCOCEI", "Arn": "arn:aws:iam::aws:policy/AWSPrivateMarketplaceAdminFullAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-27T16:32:32+00:00", "UpdateDate": "2020-12-03T15:12:31+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace:CreatePrivateMarketplace", "aws-marketplace:StartPrivateMarketplace", "aws-marketplace:StopPrivateMarketplace", "aws-marketplace:DescribePrivateMarketplaceStatus", "aws-marketplace:AssociateProductsWithPrivateMarketplace", "aws-marketplace:DisassociateProductsFromPrivateMarketplace", "aws-marketplace:ListPrivateMarketplaceProducts", "aws-marketplace:DescribePrivateMarketplaceProducts", "aws-marketplace:ListPrivateMarketplaceRequests", "aws-marketplace:DescribePrivateMarketplaceRequests", "aws-marketplace:UpdatePrivateMarketplaceSettings", "aws-marketplace:DescribePrivateMarketplaceSettings", "aws-marketplace:CreatePrivateMarketplaceProfile", "aws-marketplace:UpdatePrivateMarketplaceProfile", "aws-marketplace:DescribePrivateMarketplaceProfile" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "aws-marketplace:ListEntities", "aws-marketplace:DescribeEntity", "aws-marketplace:StartChangeSet", "aws-marketplace:ListChangeSets", "aws-marketplace:DescribeChangeSet", "aws-marketplace:CancelChangeSet" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AWSPrivateMarketplaceRequests": { "PolicyName": "AWSPrivateMarketplaceRequests", "PolicyId": "ANPAZKAPJZG4AV6W3DAIW", "Arn": "arn:aws:iam::aws:policy/AWSPrivateMarketplaceRequests", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-10-28T21:44:03+00:00", "UpdateDate": "2019-10-28T21:44:03+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-marketplace:CreatePrivateMarketplaceRequests", "aws-marketplace:ListPrivateMarketplaceRequests", "aws-marketplace:DescribePrivateMarketplaceRequests" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSProtonDeveloperAccess": { "PolicyName": "AWSProtonDeveloperAccess", "PolicyId": "ANPAZKAPJZG4FWOFPRNSU", "Arn": "arn:aws:iam::aws:policy/AWSProtonDeveloperAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-02-17T19:02:08+00:00", "UpdateDate": "2021-02-17T19:02:08+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "proton:ListServiceTemplates", "proton:ListServiceTemplateMajorVersions", "proton:ListServiceTemplateMinorVersions", "proton:ListServices", "proton:ListServiceInstances", "proton:ListEnvironments", "proton:GetServiceTemplate", "proton:GetServiceTemplateMajorVersion", "proton:GetServiceTemplateMinorVersion", "proton:GetService", "proton:GetServiceInstance", "proton:GetEnvironment", "proton:CreateService", "proton:UpdateService", "proton:UpdateServiceInstance", "proton:UpdateServicePipeline", "proton:DeleteService", "codestar-connections:ListConnections" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "codestar-connections:PassConnection" ], "Resource": "arn:aws:codestar-connections:*:*:connection/*", "Condition": { "StringEquals": { "codestar-connections:PassedToService": "proton.amazonaws.com" } } } ] }, "VersionId": "v1" }, "AWSProtonFullAccess": { "PolicyName": "AWSProtonFullAccess", "PolicyId": "ANPAZKAPJZG4IOK6P734E", "Arn": "arn:aws:iam::aws:policy/AWSProtonFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-02-17T19:07:18+00:00", "UpdateDate": "2021-02-17T19:07:18+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "proton:*", "codestar-connections:ListConnections", "kms:ListAliases", "kms:DescribeKey" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:CreateGrant" ], "Resource": "*", "Condition": { "StringLike": { "kms:ViaService": "proton.*.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "proton.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "codestar-connections:PassConnection" ], "Resource": "arn:aws:codestar-connections:*:*:connection/*", "Condition": { "StringEquals": { "codestar-connections:PassedToService": "proton.amazonaws.com" } } } ] }, "VersionId": "v1" }, "AWSProtonReadOnlyAccess": { "PolicyName": "AWSProtonReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4DW2EHEZB3", "Arn": "arn:aws:iam::aws:policy/AWSProtonReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-02-17T19:09:12+00:00", "UpdateDate": "2021-02-17T19:09:12+00:00", "Document": { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": [ "proton:List*", "proton:Get*" ], "Resource": "*" } }, "VersionId": "v1" }, "AWSPurchaseOrdersServiceRolePolicy": { "PolicyName": "AWSPurchaseOrdersServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4KQXTYO5FP", "Arn": "arn:aws:iam::aws:policy/AWSPurchaseOrdersServiceRolePolicy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-05-06T18:15:47+00:00", "UpdateDate": "2020-05-06T18:15:47+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-portal:*Billing", "awsbillingconsole:*Billing", "purchase-orders:*PurchaseOrders" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSQuickSightDescribeRDS": { "PolicyName": "AWSQuickSightDescribeRDS", "PolicyId": "ANPAJU5J6OAMCJD3OO76O", "Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightDescribeRDS", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-11-10T23:24:50+00:00", "UpdateDate": "2015-11-10T23:24:50+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "rds:Describe*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSQuickSightDescribeRedshift": { "PolicyName": "AWSQuickSightDescribeRedshift", "PolicyId": "ANPAJFEM6MLSLTW4ZNBW2", "Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightDescribeRedshift", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-11-10T23:25:01+00:00", "UpdateDate": "2015-11-10T23:25:01+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "redshift:Describe*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSQuickSightElasticsearchPolicy": { "PolicyName": "AWSQuickSightElasticsearchPolicy", "PolicyId": "ANPAZKAPJZG4BLUM3JVIN", "Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightElasticsearchPolicy", "Path": "/service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-09-09T17:27:19+00:00", "UpdateDate": "2020-10-15T17:09:55+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "es:ESHttpGet" ], "Resource": [ "arn:aws:es:*:*:domain/*/", "arn:aws:es:*:*:domain/*/_cluster/settings", "arn:aws:es:*:*:domain/*/_cat/indices" ] }, { "Effect": "Allow", "Action": "es:ListDomainNames", "Resource": "*" }, { "Effect": "Allow", "Action": [ "es:DescribeElasticsearchDomain" ], "Resource": [ "arn:aws:es:*:*:domain/*" ] }, { "Effect": "Allow", "Action": [ "es:ESHttpPost", "es:ESHttpGet" ], "Resource": [ "arn:aws:es:*:*:domain/*/_opendistro/_sql" ] } ] }, "VersionId": "v2" }, "AWSQuickSightIoTAnalyticsAccess": { "PolicyName": "AWSQuickSightIoTAnalyticsAccess", "PolicyId": "ANPAJIZNDRUTKCN5HLZOE", "Arn": "arn:aws:iam::aws:policy/AWSQuickSightIoTAnalyticsAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-29T17:00:54+00:00", "UpdateDate": "2017-11-29T17:00:54+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "iotanalytics:ListDatasets", "iotanalytics:DescribeDataset", "iotanalytics:GetDatasetContent" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSQuickSightListIAM": { "PolicyName": "AWSQuickSightListIAM", "PolicyId": "ANPAI3CH5UUWZN4EKGILO", "Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightListIAM", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-11-10T23:25:07+00:00", "UpdateDate": "2015-11-10T23:25:07+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:List*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSQuickSightSageMakerPolicy": { "PolicyName": "AWSQuickSightSageMakerPolicy", "PolicyId": "ANPAZKAPJZG4MCLBVDT2I", "Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightSageMakerPolicy", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-01-17T17:18:13+00:00", "UpdateDate": "2020-01-17T17:18:13+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sagemaker:DescribeTransformJob", "sagemaker:StopTransformJob", "sagemaker:CreateTransformJob" ], "Resource": "arn:aws:sagemaker:*:*:transform-job/quicksight-auto-generated-*" }, { "Effect": "Allow", "Action": "sagemaker:ListModels", "Resource": "*" }, { "Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::quicksight-ml.*" } ] }, "VersionId": "v1" }, "AWSQuickSightTimestreamPolicy": { "PolicyName": "AWSQuickSightTimestreamPolicy", "PolicyId": "ANPAZKAPJZG4CFKVDHQJH", "Arn": "arn:aws:iam::aws:policy/service-role/AWSQuickSightTimestreamPolicy", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-09-30T21:47:03+00:00", "UpdateDate": "2020-09-30T21:47:03+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "timestream:Select", "timestream:CancelQuery", "timestream:ListTables", "timestream:ListDatabases", "timestream:ListMeasures", "timestream:DescribeTable", "timestream:DescribeDatabase", "timestream:SelectValues", "timestream:DescribeEndpoints" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSQuicksightAthenaAccess": { "PolicyName": "AWSQuicksightAthenaAccess", "PolicyId": "ANPAI4JB77JXFQXDWNRPM", "Arn": "arn:aws:iam::aws:policy/service-role/AWSQuicksightAthenaAccess", "Path": "/service-role/", "DefaultVersionId": "v10", "AttachmentCount": 1, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-12-09T02:31:03+00:00", "UpdateDate": "2021-07-07T20:09:06+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "athena:BatchGetQueryExecution", "athena:CancelQueryExecution", "athena:GetCatalogs", "athena:GetExecutionEngine", "athena:GetExecutionEngines", "athena:GetNamespace", "athena:GetNamespaces", "athena:GetQueryExecution", "athena:GetQueryExecutions", "athena:GetQueryResults", "athena:GetQueryResultsStream", "athena:GetTable", "athena:GetTables", "athena:ListQueryExecutions", "athena:RunQuery", "athena:StartQueryExecution", "athena:StopQueryExecution", "athena:ListWorkGroups", "athena:ListEngineVersions", "athena:GetWorkGroup", "athena:GetDataCatalog", "athena:GetDatabase", "athena:GetTableMetadata", "athena:ListDataCatalogs", "athena:ListDatabases", "athena:ListTableMetadata" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "glue:CreateDatabase", "glue:DeleteDatabase", "glue:GetDatabase", "glue:GetDatabases", "glue:UpdateDatabase", "glue:CreateTable", "glue:DeleteTable", "glue:BatchDeleteTable", "glue:UpdateTable", "glue:GetTable", "glue:GetTables", "glue:BatchCreatePartition", "glue:CreatePartition", "glue:DeletePartition", "glue:BatchDeletePartition", "glue:UpdatePartition", "glue:GetPartition", "glue:GetPartitions", "glue:BatchGetPartition" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:ListMultipartUploadParts", "s3:AbortMultipartUpload", "s3:CreateBucket", "s3:PutObject", "s3:PutBucketPublicAccessBlock" ], "Resource": [ "arn:aws:s3:::aws-athena-query-results-*" ] }, { "Effect": "Allow", "Action": [ "lakeformation:GetDataAccess" ], "Resource": [ "*" ] } ] }, "VersionId": "v10" }, "AWSResourceAccessManagerFullAccess": { "PolicyName": "AWSResourceAccessManagerFullAccess", "PolicyId": "ANPAZKAPJZG4FYRGF63DP", "Arn": "arn:aws:iam::aws:policy/AWSResourceAccessManagerFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-06-04T17:28:22+00:00", "UpdateDate": "2019-06-04T17:28:22+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ram:*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSResourceAccessManagerReadOnlyAccess": { "PolicyName": "AWSResourceAccessManagerReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4BQV2LHYJY", "Arn": "arn:aws:iam::aws:policy/AWSResourceAccessManagerReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-09T20:58:37+00:00", "UpdateDate": "2019-12-09T20:58:37+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ram:Get*", "ram:List*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSResourceAccessManagerResourceShareParticipantAccess": { "PolicyName": "AWSResourceAccessManagerResourceShareParticipantAccess", "PolicyId": "ANPAZKAPJZG4LIFEGGUIU", "Arn": "arn:aws:iam::aws:policy/AWSResourceAccessManagerResourceShareParticipantAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-09T20:41:37+00:00", "UpdateDate": "2019-12-09T20:41:37+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ram:AcceptResourceShareInvitation", "ram:GetResourcePolicies", "ram:GetResourceShareInvitations", "ram:GetResourceShares", "ram:ListPendingInvitationResources", "ram:ListPrincipals", "ram:ListResources", "ram:RejectResourceShareInvitation" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSResourceAccessManagerServiceRolePolicy": { "PolicyName": "AWSResourceAccessManagerServiceRolePolicy", "PolicyId": "ANPAJU667A3V5UAXC4YNE", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSResourceAccessManagerServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-14T19:28:28+00:00", "UpdateDate": "2018-11-14T19:28:28+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListChildren", "organizations:ListOrganizationalUnitsForParent", "organizations:ListParents", "organizations:ListRoots" ], "Resource": "*" }, { "Sid": "AllowDeletionOfServiceLinkedRoleForResourceAccessManager", "Effect": "Allow", "Action": [ "iam:DeleteRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/ram.amazonaws.com/*" ] } ] }, "VersionId": "v1" }, "AWSResourceGroupsReadOnlyAccess": { "PolicyName": "AWSResourceGroupsReadOnlyAccess", "PolicyId": "ANPAIXFKM2WGBJAEWMFEG", "Arn": "arn:aws:iam::aws:policy/AWSResourceGroupsReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-03-07T10:27:04+00:00", "UpdateDate": "2019-02-05T17:56:25+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "resource-groups:Get*", "resource-groups:List*", "resource-groups:Search*", "tag:Get*", "cloudformation:DescribeStacks", "cloudformation:ListStackResources", "ec2:DescribeInstances", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshots", "ec2:DescribeVolumes", "ec2:DescribeVpcs", "elasticache:DescribeCacheClusters", "elasticache:DescribeSnapshots", "elasticache:ListTagsForResource", "elasticbeanstalk:DescribeEnvironments", "elasticmapreduce:DescribeCluster", "elasticmapreduce:ListClusters", "glacier:ListVaults", "glacier:DescribeVault", "glacier:ListTagsForVault", "kinesis:ListStreams", "kinesis:DescribeStream", "kinesis:ListTagsForStream", "opsworks:DescribeStacks", "opsworks:ListTags", "rds:DescribeDBInstances", "rds:DescribeDBSnapshots", "rds:ListTagsForResource", "redshift:DescribeClusters", "redshift:DescribeTags", "route53domains:ListDomains", "route53:ListHealthChecks", "route53:GetHealthCheck", "route53:ListHostedZones", "route53:GetHostedZone", "route53:ListTagsForResource", "storagegateway:ListGateways", "storagegateway:DescribeGatewayInformation", "storagegateway:ListTagsForResource", "s3:ListAllMyBuckets", "s3:GetBucketTagging", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTags", "ssm:ListDocuments" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v2" }, "AWSRoboMakerReadOnlyAccess": { "PolicyName": "AWSRoboMakerReadOnlyAccess", "PolicyId": "ANPAIXFHP2ALXXGGECYJI", "Arn": "arn:aws:iam::aws:policy/AWSRoboMakerReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-26T05:30:50+00:00", "UpdateDate": "2020-08-28T23:10:18+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "robomaker:List*", "robomaker:BatchDescribe*", "robomaker:Describe*", "robomaker:Get*" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSRoboMakerServicePolicy": { "PolicyName": "AWSRoboMakerServicePolicy", "PolicyId": "ANPAJYLVVUUQMAEEZ3ZNY", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSRoboMakerServicePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-26T06:30:08+00:00", "UpdateDate": "2020-08-04T20:38:08+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ec2:CreateNetworkInterfacePermission", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeSecurityGroups", "greengrass:CreateDeployment", "greengrass:CreateGroupVersion", "greengrass:CreateFunctionDefinition", "greengrass:CreateFunctionDefinitionVersion", "greengrass:GetDeploymentStatus", "greengrass:GetGroup", "greengrass:GetGroupVersion", "greengrass:GetCoreDefinitionVersion", "greengrass:GetFunctionDefinitionVersion", "greengrass:GetAssociatedRole", "lambda:CreateFunction", "robomaker:CreateSimulationJob", "robomaker:CancelSimulationJob" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "robomaker:TagResource" ], "Effect": "Allow", "Resource": [ "arn:aws:robomaker:*:*:/createsimulationjob", "arn:aws:robomaker:*:*:simulation-job/*" ] }, { "Action": [ "lambda:UpdateFunctionCode", "lambda:GetFunction", "lambda:UpdateFunctionConfiguration", "lambda:DeleteFunction", "lambda:ListVersionsByFunction", "lambda:GetAlias", "lambda:UpdateAlias", "lambda:CreateAlias", "lambda:DeleteAlias" ], "Effect": "Allow", "Resource": "arn:aws:lambda:*:*:function:aws-robomaker-*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": [ "lambda.amazonaws.com", "robomaker.amazonaws.com" ] } } } ] }, "VersionId": "v5" }, "AWSRoboMakerServiceRolePolicy": { "PolicyName": "AWSRoboMakerServiceRolePolicy", "PolicyId": "ANPAIOSFFLBBLCTKS3ATC", "Arn": "arn:aws:iam::aws:policy/AWSRoboMakerServiceRolePolicy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-26T05:33:19+00:00", "UpdateDate": "2018-11-26T05:33:19+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ec2:CreateNetworkInterfacePermission", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeSecurityGroups", "greengrass:CreateDeployment", "greengrass:CreateGroupVersion", "greengrass:CreateFunctionDefinition", "greengrass:CreateFunctionDefinitionVersion", "greengrass:GetDeploymentStatus", "greengrass:GetGroup", "greengrass:GetGroupVersion", "greengrass:GetCoreDefinitionVersion", "greengrass:GetFunctionDefinitionVersion", "greengrass:GetAssociatedRole", "lambda:CreateFunction" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "lambda:UpdateFunctionCode", "lambda:GetFunction", "lambda:UpdateFunctionConfiguration" ], "Effect": "Allow", "Resource": "arn:aws:lambda:*:*:function:aws-robomaker-*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEqualsIfExists": { "iam:PassedToService": "lambda.amazonaws.com" } } } ] }, "VersionId": "v1" }, "AWSRoboMaker_FullAccess": { "PolicyName": "AWSRoboMaker_FullAccess", "PolicyId": "ANPAZKAPJZG4FACURHLCA", "Arn": "arn:aws:iam::aws:policy/AWSRoboMaker_FullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-09-10T18:34:18+00:00", "UpdateDate": "2020-09-10T18:34:18+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "robomaker:*", "Resource": "*" }, { "Effect": "Allow", "Action": "s3:GetObject", "Resource": "*", "Condition": { "StringEquals": { "aws:CalledViaFirst": "robomaker.amazonaws.com" } } }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "robomaker.amazonaws.com" } } } ] }, "VersionId": "v1" }, "AWSSSMOpsInsightsServiceRolePolicy": { "PolicyName": "AWSSSMOpsInsightsServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4ITJH2GWAW", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSSMOpsInsightsServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-06-16T20:12:52+00:00", "UpdateDate": "2021-06-16T20:12:52+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowCreateOpsItem", "Effect": "Allow", "Action": [ "ssm:CreateOpsItem", "ssm:AddTagsToResource" ], "Resource": "*" }, { "Sid": "AllowAccessOpsItem", "Effect": "Allow", "Action": [ "ssm:UpdateOpsItem", "ssm:GetOpsItem" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/SsmOperationalInsight": "true" } } } ] }, "VersionId": "v1" }, "AWSSSODirectoryAdministrator": { "PolicyName": "AWSSSODirectoryAdministrator", "PolicyId": "ANPAI2TCZRD7WRD5D2E2Q", "Arn": "arn:aws:iam::aws:policy/AWSSSODirectoryAdministrator", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-10-31T23:54:00+00:00", "UpdateDate": "2020-08-18T17:17:40+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AWSSSODirectoryAdministrator", "Effect": "Allow", "Action": [ "sso-directory:*", "sso:ListDirectoryAssociations" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSSSODirectoryReadOnly": { "PolicyName": "AWSSSODirectoryReadOnly", "PolicyId": "ANPAJDPMQELJXZD2NC6JG", "Arn": "arn:aws:iam::aws:policy/AWSSSODirectoryReadOnly", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-10-31T23:49:32+00:00", "UpdateDate": "2019-11-26T22:37:16+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AWSSSODirectoryReadOnly", "Effect": "Allow", "Action": [ "sso-directory:Search*", "sso-directory:Describe*", "sso-directory:List*", "sso-directory:Get*" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSSSOMasterAccountAdministrator": { "PolicyName": "AWSSSOMasterAccountAdministrator", "PolicyId": "ANPAIHXAQZIS3GOYIETUC", "Arn": "arn:aws:iam::aws:policy/AWSSSOMasterAccountAdministrator", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-06-27T20:36:51+00:00", "UpdateDate": "2021-08-04T21:10:42+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AWSSSOCreateSLR", "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO", "Condition": { "StringLike": { "iam:AWSServiceName": "sso.amazonaws.com" } } }, { "Sid": "AWSSSOMasterAccountAdministrator", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO", "Condition": { "StringLike": { "iam:PassedToService": "sso.amazonaws.com" } } }, { "Sid": "AWSSSOMemberAccountAdministrator", "Effect": "Allow", "Action": [ "ds:DescribeTrusts", "ds:UnauthorizeApplication", "ds:DescribeDirectories", "ds:AuthorizeApplication", "iam:ListPolicies", "organizations:EnableAWSServiceAccess", "organizations:ListRoots", "organizations:ListAccounts", "organizations:ListOrganizationalUnitsForParent", "organizations:ListAccountsForParent", "organizations:DescribeOrganization", "organizations:ListChildren", "organizations:DescribeAccount", "organizations:ListParents", "sso:*", "sso-directory:*", "ds:CreateAlias" ], "Resource": "*" } ] }, "VersionId": "v4" }, "AWSSSOMemberAccountAdministrator": { "PolicyName": "AWSSSOMemberAccountAdministrator", "PolicyId": "ANPAIQYHEY7KJWXZFNDPY", "Arn": "arn:aws:iam::aws:policy/AWSSSOMemberAccountAdministrator", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-06-27T20:45:42+00:00", "UpdateDate": "2021-08-04T20:13:14+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AWSSSOMemberAccountAdministrator", "Effect": "Allow", "Action": [ "ds:DescribeDirectories", "ds:AuthorizeApplication", "ds:UnauthorizeApplication", "ds:DescribeTrusts", "iam:ListPolicies", "organizations:EnableAWSServiceAccess", "organizations:DescribeOrganization", "organizations:DescribeAccount", "organizations:ListRoots", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListParents", "organizations:ListChildren", "organizations:ListOrganizationalUnitsForParent", "sso:*", "sso-directory:*", "ds:CreateAlias" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AWSSSOReadOnly": { "PolicyName": "AWSSSOReadOnly", "PolicyId": "ANPAJBSMEEZXFDMKMY43I", "Arn": "arn:aws:iam::aws:policy/AWSSSOReadOnly", "Path": "/", "DefaultVersionId": "v6", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-06-27T20:24:34+00:00", "UpdateDate": "2020-09-10T21:26:29+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AWSSSOReadOnly", "Effect": "Allow", "Action": [ "ds:DescribeDirectories", "ds:DescribeTrusts", "iam:ListPolicies", "organizations:DescribeOrganization", "organizations:DescribeAccount", "organizations:ListParents", "organizations:ListChildren", "organizations:ListAccounts", "organizations:ListRoots", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "sso:Describe*", "sso:Get*", "sso:List*", "sso:Search*", "sso-directory:DescribeDirectory" ], "Resource": "*" } ] }, "VersionId": "v6" }, "AWSSSOServiceRolePolicy": { "PolicyName": "AWSSSOServiceRolePolicy", "PolicyId": "ANPAIJ52KSWOD4GI54XP2", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSSOServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v13", "AttachmentCount": 1, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-12-05T18:36:15+00:00", "UpdateDate": "2020-11-19T00:02:00+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "IAMRoleProvisioningActions", "Effect": "Allow", "Action": [ "iam:AttachRolePolicy", "iam:CreateRole", "iam:PutRolePolicy", "iam:UpdateRole", "iam:UpdateRoleDescription", "iam:UpdateAssumeRolePolicy" ], "Resource": [ "arn:aws:iam::*:role/aws-reserved/sso.amazonaws.com/*" ], "Condition": { "StringNotEquals": { "aws:PrincipalOrgMasterAccountId": "${aws:PrincipalAccount}" } } }, { "Sid": "IAMRoleReadActions", "Effect": "Allow", "Action": [ "iam:GetRole", "iam:ListRoles" ], "Resource": [ "*" ] }, { "Sid": "IAMRoleCleanupActions", "Effect": "Allow", "Action": [ "iam:DeleteRole", "iam:DeleteRolePolicy", "iam:DetachRolePolicy", "iam:ListRolePolicies", "iam:ListAttachedRolePolicies" ], "Resource": [ "arn:aws:iam::*:role/aws-reserved/sso.amazonaws.com/*" ] }, { "Sid": "IAMSLRCleanupActions", "Effect": "Allow", "Action": [ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus", "iam:DeleteRole", "iam:GetRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/sso.amazonaws.com/AWSServiceRoleForSSO" ] }, { "Sid": "IAMSAMLProviderProvisioningActions", "Effect": "Allow", "Action": [ "iam:CreateSAMLProvider", "iam:UpdateSAMLProvider" ], "Resource": [ "arn:aws:iam::*:saml-provider/AWSSSO_*" ], "Condition": { "StringNotEquals": { "aws:PrincipalOrgMasterAccountId": "${aws:PrincipalAccount}" } } }, { "Sid": "IAMSAMLProviderCleanupActions", "Effect": "Allow", "Action": [ "iam:DeleteSAMLProvider", "iam:GetSAMLProvider" ], "Resource": [ "arn:aws:iam::*:saml-provider/AWSSSO_*" ] }, { "Effect": "Allow", "Action": [ "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAccounts" ], "Resource": [ "*" ] }, { "Sid": "AllowUnauthAppForDirectory", "Effect": "Allow", "Action": [ "ds:UnauthorizeApplication" ], "Resource": [ "*" ] }, { "Sid": "AllowDescribeForDirectory", "Effect": "Allow", "Action": [ "ds:DescribeDirectories", "ds:DescribeTrusts" ], "Resource": [ "*" ] }, { "Sid": "AllowDescribeAndListOperationsOnIdentitySource", "Effect": "Allow", "Action": [ "identitystore:DescribeUser", "identitystore:DescribeGroup", "identitystore:ListGroups", "identitystore:ListUsers" ], "Resource": [ "*" ] } ] }, "VersionId": "v13" }, "AWSSavingsPlansFullAccess": { "PolicyName": "AWSSavingsPlansFullAccess", "PolicyId": "ANPAZKAPJZG4NDDOS76AO", "Arn": "arn:aws:iam::aws:policy/AWSSavingsPlansFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-06T22:45:18+00:00", "UpdateDate": "2019-11-06T22:45:18+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "savingsplans:*", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSSavingsPlansReadOnlyAccess": { "PolicyName": "AWSSavingsPlansReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4OQ26WIHJ5", "Arn": "arn:aws:iam::aws:policy/AWSSavingsPlansReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-06T22:45:10+00:00", "UpdateDate": "2019-11-06T22:45:10+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "savingsplans:Describe*", "savingsplans:List*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSSecurityHubFullAccess": { "PolicyName": "AWSSecurityHubFullAccess", "PolicyId": "ANPAJ4262VZCA4HPBZSO6", "Arn": "arn:aws:iam::aws:policy/AWSSecurityHubFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-27T23:54:34+00:00", "UpdateDate": "2018-11-27T23:54:34+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "securityhub:*", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringLike": { "iam:AWSServiceName": "securityhub.amazonaws.com" } } } ] }, "VersionId": "v1" }, "AWSSecurityHubOrganizationsAccess": { "PolicyName": "AWSSecurityHubOrganizationsAccess", "PolicyId": "ANPAZKAPJZG4KVIUTRVOZ", "Arn": "arn:aws:iam::aws:policy/AWSSecurityHubOrganizationsAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-03-15T20:53:03+00:00", "UpdateDate": "2021-03-15T20:53:03+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "organizations:ListAccounts", "organizations:DescribeOrganization" ], "Resource": "*" }, { "Effect": "Allow", "Action": "organizations:EnableAWSServiceAccess", "Resource": "*", "Condition": { "StringEquals": { "organizations:ServicePrincipal": "securityhub.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "organizations:RegisterDelegatedAdministrator", "organizations:DeregisterDelegatedAdministrator" ], "Resource": "arn:aws:organizations::*:account/o-*/*", "Condition": { "StringEquals": { "organizations:ServicePrincipal": "securityhub.amazonaws.com" } } } ] }, "VersionId": "v1" }, "AWSSecurityHubReadOnlyAccess": { "PolicyName": "AWSSecurityHubReadOnlyAccess", "PolicyId": "ANPAIEBAQNOFUCLFJ3UHG", "Arn": "arn:aws:iam::aws:policy/AWSSecurityHubReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-28T01:34:29+00:00", "UpdateDate": "2019-06-25T22:45:52+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "securityhub:Get*", "securityhub:List*", "securityhub:Describe*" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSSecurityHubServiceRolePolicy": { "PolicyName": "AWSSecurityHubServiceRolePolicy", "PolicyId": "ANPAJQPCESDDYDLLSOGYO", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSecurityHubServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v9", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-27T23:47:51+00:00", "UpdateDate": "2021-07-14T20:32:48+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudtrail:DescribeTrails", "cloudtrail:GetTrailStatus", "cloudtrail:GetEventSelectors", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "logs:DescribeMetricFilters", "sns:ListSubscriptionsByTopic", "config:DescribeConfigurationRecorders", "config:DescribeConfigurationRecorderStatus", "config:DescribeConfigRules", "config:BatchGetResourceConfig", "config:SelectResourceConfig", "iam:GenerateCredentialReport", "iam:GetCredentialReport", "organizations:ListAccounts", "organizations:DescribeAccount", "organizations:DescribeOrganization", "config:PutEvaluations" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "config:PutConfigRule", "config:DeleteConfigRule", "config:GetComplianceDetailsByConfigRule", "config:DescribeConfigRuleEvaluationStatus" ], "Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/*securityhub*" } ] }, "VersionId": "v9" }, "AWSServiceCatalogAdminFullAccess": { "PolicyName": "AWSServiceCatalogAdminFullAccess", "PolicyId": "ANPAJWLJU4BZ7AQUJSBVM", "Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogAdminFullAccess", "Path": "/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-02-15T17:19:40+00:00", "UpdateDate": "2019-02-06T01:57:54+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStacks", "cloudformation:SetStackPolicy", "cloudformation:UpdateStack", "cloudformation:CreateChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:ExecuteChangeSet", "cloudformation:ListChangeSets", "cloudformation:DeleteChangeSet", "cloudformation:ListStackResources", "cloudformation:TagResource", "cloudformation:CreateStackSet", "cloudformation:CreateStackInstances", "cloudformation:UpdateStackSet", "cloudformation:UpdateStackInstances", "cloudformation:DeleteStackSet", "cloudformation:DeleteStackInstances", "cloudformation:DescribeStackSet", "cloudformation:DescribeStackInstance", "cloudformation:DescribeStackSetOperation", "cloudformation:ListStackInstances", "cloudformation:ListStackSetOperations", "cloudformation:ListStackSetOperationResults" ], "Resource": [ "arn:aws:cloudformation:*:*:stack/SC-*", "arn:aws:cloudformation:*:*:stack/StackSet-SC-*", "arn:aws:cloudformation:*:*:changeSet/SC-*", "arn:aws:cloudformation:*:*:stackset/SC-*" ] }, { "Effect": "Allow", "Action": [ "cloudformation:CreateUploadBucket", "cloudformation:GetTemplateSummary", "cloudformation:ValidateTemplate", "iam:GetGroup", "iam:GetRole", "iam:GetUser", "iam:ListGroups", "iam:ListRoles", "iam:ListUsers", "servicecatalog:*", "ssm:DescribeDocument", "ssm:GetAutomationExecution", "ssm:ListDocuments", "ssm:ListDocumentVersions", "config:DescribeConfigurationRecorders", "config:DescribeConfigurationRecorderStatus" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "servicecatalog.amazonaws.com" } } } ] }, "VersionId": "v5" }, "AWSServiceCatalogAdminReadOnlyAccess": { "PolicyName": "AWSServiceCatalogAdminReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4MC6ZR7YFX", "Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogAdminReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-10-25T18:53:38+00:00", "UpdateDate": "2019-10-25T18:53:38+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudformation:DescribeStackEvents", "cloudformation:DescribeStacks", "cloudformation:DescribeChangeSet", "cloudformation:ListChangeSets", "cloudformation:ListStackResources", "cloudformation:DescribeStackSet", "cloudformation:DescribeStackInstance", "cloudformation:DescribeStackSetOperation", "cloudformation:ListStackInstances", "cloudformation:ListStackSetOperations", "cloudformation:ListStackSetOperationResults" ], "Resource": [ "arn:aws:cloudformation:*:*:stack/SC-*", "arn:aws:cloudformation:*:*:stack/StackSet-SC-*", "arn:aws:cloudformation:*:*:changeSet/SC-*", "arn:aws:cloudformation:*:*:stackset/SC-*" ] }, { "Effect": "Allow", "Action": [ "cloudformation:GetTemplateSummary", "iam:GetGroup", "iam:GetRole", "iam:GetUser", "iam:ListGroups", "iam:ListRoles", "iam:ListUsers", "servicecatalog:Get*", "servicecatalog:List*", "servicecatalog:Describe*", "servicecatalog:ScanProvisionedProducts", "servicecatalog:Search*", "ssm:DescribeDocument", "ssm:GetAutomationExecution", "ssm:ListDocuments", "ssm:ListDocumentVersions", "config:DescribeConfigurationRecorders", "config:DescribeConfigurationRecorderStatus" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSServiceCatalogAppRegistryFullAccess": { "PolicyName": "AWSServiceCatalogAppRegistryFullAccess", "PolicyId": "ANPAZKAPJZG4N2G3EPAYN", "Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogAppRegistryFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-11-12T22:25:58+00:00", "UpdateDate": "2020-11-12T22:25:58+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudformation:DescribeStacks", "servicecatalog:CreateApplication", "servicecatalog:GetApplication", "servicecatalog:UpdateApplication", "servicecatalog:DeleteApplication", "servicecatalog:ListApplications", "servicecatalog:AssociateResource", "servicecatalog:DisassociateResource", "servicecatalog:ListAssociatedResources", "servicecatalog:AssociateAttributeGroup", "servicecatalog:DisassociateAttributeGroup", "servicecatalog:ListAssociatedAttributeGroups", "servicecatalog:CreateAttributeGroup", "servicecatalog:UpdateAttributeGroup", "servicecatalog:DeleteAttributeGroup", "servicecatalog:GetAttributeGroup", "servicecatalog:ListAttributeGroups" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSServiceCatalogAppRegistryReadOnlyAccess": { "PolicyName": "AWSServiceCatalogAppRegistryReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4M3SSCJCST", "Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogAppRegistryReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-11-12T22:34:32+00:00", "UpdateDate": "2020-11-12T22:34:32+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "servicecatalog:GetApplication", "servicecatalog:ListApplications", "servicecatalog:ListAssociatedResources", "servicecatalog:ListAssociatedAttributeGroups", "servicecatalog:GetAttributeGroup", "servicecatalog:ListAttributeGroups" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSServiceCatalogAppRegistryServiceRolePolicy": { "PolicyName": "AWSServiceCatalogAppRegistryServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4H3V4QGJFH", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceCatalogAppRegistryServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-05-18T22:18:55+00:00", "UpdateDate": "2021-08-11T19:49:17+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "cloudformation:DescribeStacks", "Resource": "*" }, { "Effect": "Allow", "Action": [ "resource-groups:CreateGroup", "resource-groups:Tag" ], "Resource": "*", "Condition": { "StringEquals": { "aws:RequestTag/EnableAWSServiceCatalogAppRegistry": "true" } } }, { "Effect": "Allow", "Action": [ "resource-groups:DeleteGroup", "resource-groups:UpdateGroup", "resource-groups:GetGroup", "resource-groups:GetTags", "resource-groups:Tag", "resource-groups:Untag" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/EnableAWSServiceCatalogAppRegistry": "true" } } } ] }, "VersionId": "v2" }, "AWSServiceCatalogEndUserFullAccess": { "PolicyName": "AWSServiceCatalogEndUserFullAccess", "PolicyId": "ANPAJTLLC4DGDMTZB54M4", "Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogEndUserFullAccess", "Path": "/", "DefaultVersionId": "v7", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-02-15T17:22:32+00:00", "UpdateDate": "2019-07-10T20:30:52+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStacks", "cloudformation:SetStackPolicy", "cloudformation:ValidateTemplate", "cloudformation:UpdateStack", "cloudformation:CreateChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:ExecuteChangeSet", "cloudformation:ListChangeSets", "cloudformation:DeleteChangeSet", "cloudformation:TagResource", "cloudformation:CreateStackSet", "cloudformation:CreateStackInstances", "cloudformation:UpdateStackSet", "cloudformation:UpdateStackInstances", "cloudformation:DeleteStackSet", "cloudformation:DeleteStackInstances", "cloudformation:DescribeStackSet", "cloudformation:DescribeStackInstance", "cloudformation:DescribeStackSetOperation", "cloudformation:ListStackInstances", "cloudformation:ListStackResources", "cloudformation:ListStackSetOperations", "cloudformation:ListStackSetOperationResults" ], "Resource": [ "arn:aws:cloudformation:*:*:stack/SC-*", "arn:aws:cloudformation:*:*:stack/StackSet-SC-*", "arn:aws:cloudformation:*:*:changeSet/SC-*", "arn:aws:cloudformation:*:*:stackset/SC-*" ] }, { "Effect": "Allow", "Action": [ "cloudformation:GetTemplateSummary", "servicecatalog:DescribeProduct", "servicecatalog:DescribeProductView", "servicecatalog:DescribeProvisioningParameters", "servicecatalog:ListLaunchPaths", "servicecatalog:ProvisionProduct", "servicecatalog:SearchProducts", "ssm:DescribeDocument", "ssm:GetAutomationExecution", "config:DescribeConfigurationRecorders", "config:DescribeConfigurationRecorderStatus" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "servicecatalog:DescribeProvisionedProduct", "servicecatalog:DescribeRecord", "servicecatalog:ListRecordHistory", "servicecatalog:ListStackInstancesForProvisionedProduct", "servicecatalog:ScanProvisionedProducts", "servicecatalog:TerminateProvisionedProduct", "servicecatalog:UpdateProvisionedProduct", "servicecatalog:SearchProvisionedProducts", "servicecatalog:CreateProvisionedProductPlan", "servicecatalog:DescribeProvisionedProductPlan", "servicecatalog:ExecuteProvisionedProductPlan", "servicecatalog:DeleteProvisionedProductPlan", "servicecatalog:ListProvisionedProductPlans", "servicecatalog:ListServiceActionsForProvisioningArtifact", "servicecatalog:ExecuteProvisionedProductServiceAction", "servicecatalog:DescribeServiceActionExecutionParameters" ], "Resource": "*", "Condition": { "StringEquals": { "servicecatalog:userLevel": "self" } } } ] }, "VersionId": "v7" }, "AWSServiceCatalogEndUserReadOnlyAccess": { "PolicyName": "AWSServiceCatalogEndUserReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4IWYKXJJED", "Arn": "arn:aws:iam::aws:policy/AWSServiceCatalogEndUserReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-10-25T18:49:34+00:00", "UpdateDate": "2019-10-25T18:49:34+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudformation:DescribeStackEvents", "cloudformation:DescribeStacks", "cloudformation:DescribeChangeSet", "cloudformation:ListChangeSets", "cloudformation:DescribeStackSet", "cloudformation:DescribeStackInstance", "cloudformation:DescribeStackSetOperation", "cloudformation:ListStackInstances", "cloudformation:ListStackResources", "cloudformation:ListStackSetOperations", "cloudformation:ListStackSetOperationResults" ], "Resource": [ "arn:aws:cloudformation:*:*:stack/SC-*", "arn:aws:cloudformation:*:*:stack/StackSet-SC-*", "arn:aws:cloudformation:*:*:changeSet/SC-*", "arn:aws:cloudformation:*:*:stackset/SC-*" ] }, { "Effect": "Allow", "Action": [ "cloudformation:GetTemplateSummary", "servicecatalog:DescribeProduct", "servicecatalog:DescribeProductView", "servicecatalog:DescribeProvisioningParameters", "servicecatalog:ListLaunchPaths", "servicecatalog:SearchProducts", "ssm:DescribeDocument", "ssm:GetAutomationExecution", "config:DescribeConfigurationRecorders", "config:DescribeConfigurationRecorderStatus" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "servicecatalog:DescribeProvisionedProduct", "servicecatalog:DescribeRecord", "servicecatalog:ListRecordHistory", "servicecatalog:ListStackInstancesForProvisionedProduct", "servicecatalog:ScanProvisionedProducts", "servicecatalog:SearchProvisionedProducts", "servicecatalog:DescribeProvisionedProductPlan", "servicecatalog:ListProvisionedProductPlans", "servicecatalog:ListServiceActionsForProvisioningArtifact", "servicecatalog:DescribeServiceActionExecutionParameters" ], "Resource": "*", "Condition": { "StringEquals": { "servicecatalog:userLevel": "self" } } } ] }, "VersionId": "v1" }, "AWSServiceRoleForAmazonEKSNodegroup": { "PolicyName": "AWSServiceRoleForAmazonEKSNodegroup", "PolicyId": "ANPAZKAPJZG4KH2AAMJJG", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForAmazonEKSNodegroup", "Path": "/aws-service-role/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-07T01:34:26+00:00", "UpdateDate": "2020-08-31T19:07:38+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "SharedSecurityGroupRelatedPermissions", "Effect": "Allow", "Action": [ "ec2:RevokeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:DescribeInstances", "ec2:RevokeSecurityGroupEgress", "ec2:DeleteSecurityGroup" ], "Resource": "*", "Condition": { "StringLike": { "ec2:ResourceTag/eks": "*" } } }, { "Sid": "EKSCreatedSecurityGroupRelatedPermissions", "Effect": "Allow", "Action": [ "ec2:RevokeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:DescribeInstances", "ec2:RevokeSecurityGroupEgress", "ec2:DeleteSecurityGroup" ], "Resource": "*", "Condition": { "StringLike": { "ec2:ResourceTag/eks:nodegroup-name": "*" } } }, { "Sid": "LaunchTemplateRelatedPermissions", "Effect": "Allow", "Action": [ "ec2:DeleteLaunchTemplate", "ec2:CreateLaunchTemplateVersion" ], "Resource": "*", "Condition": { "StringLike": { "ec2:ResourceTag/eks:nodegroup-name": "*" } } }, { "Sid": "AutoscalingRelatedPermissions", "Effect": "Allow", "Action": [ "autoscaling:UpdateAutoScalingGroup", "autoscaling:DeleteAutoScalingGroup", "autoscaling:TerminateInstanceInAutoScalingGroup", "autoscaling:CompleteLifecycleAction", "autoscaling:PutLifecycleHook", "autoscaling:PutNotificationConfiguration" ], "Resource": "arn:aws:autoscaling:*:*:*:autoScalingGroupName/eks-*" }, { "Sid": "AllowAutoscalingToCreateSLR", "Effect": "Allow", "Condition": { "StringEquals": { "iam:AWSServiceName": "autoscaling.amazonaws.com" } }, "Action": "iam:CreateServiceLinkedRole", "Resource": "*" }, { "Sid": "AllowASGCreationByEKS", "Effect": "Allow", "Action": [ "autoscaling:CreateOrUpdateTags", "autoscaling:CreateAutoScalingGroup" ], "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "aws:TagKeys": [ "eks", "eks:cluster-name", "eks:nodegroup-name" ] } } }, { "Sid": "AllowPassRoleToAutoscaling", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "autoscaling.amazonaws.com" } } }, { "Sid": "AllowPassRoleToEC2", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEqualsIfExists": { "iam:PassedToService": [ "ec2.amazonaws.com", "ec2.amazonaws.com.cn" ] } } }, { "Sid": "PermissionsToManageResourcesForNodegroups", "Effect": "Allow", "Action": [ "iam:GetRole", "ec2:CreateLaunchTemplate", "ec2:DescribeInstances", "iam:GetInstanceProfile", "ec2:DescribeLaunchTemplates", "autoscaling:DescribeAutoScalingGroups", "ec2:CreateSecurityGroup", "ec2:DescribeLaunchTemplateVersions", "ec2:RunInstances", "ec2:DescribeSecurityGroups", "ec2:GetConsoleOutput", "ec2:DescribeRouteTables", "ec2:DescribeSubnets" ], "Resource": "*" }, { "Sid": "PermissionsToCreateAndManageInstanceProfiles", "Effect": "Allow", "Action": [ "iam:CreateInstanceProfile", "iam:DeleteInstanceProfile", "iam:RemoveRoleFromInstanceProfile", "iam:AddRoleToInstanceProfile" ], "Resource": "arn:aws:iam::*:instance-profile/eks-*" }, { "Sid": "PermissionsToManageEKSAndKubernetesTags", "Effect": "Allow", "Action": [ "ec2:CreateTags", "ec2:DeleteTags" ], "Resource": "*", "Condition": { "ForAnyValue:StringLike": { "aws:TagKeys": [ "eks", "eks:cluster-name", "eks:nodegroup-name", "kubernetes.io/cluster/*" ] } } } ] }, "VersionId": "v5" }, "AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy": { "PolicyName": "AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4M4BX2KX5V", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForCloudWatchAlarmsActionSSMServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-10-01T09:49:01+00:00", "UpdateDate": "2020-10-01T09:49:01+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ssm:CreateOpsItem" ], "Resource": "*", "Effect": "Allow" } ] }, "VersionId": "v1" }, "AWSServiceRoleForCodeGuru-Profiler": { "PolicyName": "AWSServiceRoleForCodeGuru-Profiler", "PolicyId": "ANPAZKAPJZG4GNVXVLNQT", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForCodeGuru-Profiler", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-26T22:04:26+00:00", "UpdateDate": "2020-06-26T22:04:26+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowSNSPublishToSendNotifications", "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSServiceRoleForEC2ScheduledInstances": { "PolicyName": "AWSServiceRoleForEC2ScheduledInstances", "PolicyId": "ANPAJ7Y4TT63D6QBKCY4O", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForEC2ScheduledInstances", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-10-12T18:31:55+00:00", "UpdateDate": "2017-10-12T18:31:55+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": [ "arn:aws:ec2:*:*:instance/*" ], "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": [ "aws:ec2sri:scheduledInstanceId" ] } } }, { "Effect": "Allow", "Action": [ "ec2:TerminateInstances" ], "Resource": "*", "Condition": { "StringLike": { "ec2:ResourceTag/aws:ec2sri:scheduledInstanceId": "*" } } } ] }, "VersionId": "v1" }, "AWSServiceRoleForImageBuilder": { "PolicyName": "AWSServiceRoleForImageBuilder", "PolicyId": "ANPAZKAPJZG4NE22WISEW", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForImageBuilder", "Path": "/aws-service-role/", "DefaultVersionId": "v13", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-29T22:02:13+00:00", "UpdateDate": "2021-08-11T18:07:10+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:RunInstances" ], "Resource": [ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:key-pair/*" ] }, { "Effect": "Allow", "Action": [ "ec2:RunInstances" ], "Resource": [ "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:instance/*" ], "Condition": { "StringEquals": { "aws:RequestTag/CreatedBy": "EC2 Image Builder" } } }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": [ "ec2.amazonaws.com", "ec2.amazonaws.com.cn" ] } } }, { "Effect": "Allow", "Action": [ "ec2:StopInstances", "ec2:TerminateInstances" ], "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "ec2:ResourceTag/CreatedBy": "EC2 Image Builder" } } }, { "Effect": "Allow", "Action": [ "ec2:CopyImage", "ec2:CreateImage", "ec2:CreateLaunchTemplate", "ec2:DeregisterImage", "ec2:DescribeImages", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", "ec2:DescribeInstances", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeInstanceTypes", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:ModifyImageAttribute" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:ModifySnapshotAttribute" ], "Resource": "arn:aws:ec2:*::snapshot/*", "Condition": { "ForAnyValue:StringEquals": { "ec2:ResourceTag/CreatedBy": "EC2 Image Builder" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": "arn:aws:ec2:*::image/*" }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "aws:RequestTag/CreatedBy": "EC2 Image Builder" } } }, { "Effect": "Allow", "Action": [ "license-manager:UpdateLicenseSpecificationsForResource" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ssm:ListCommands", "ssm:ListCommandInvocations", "ssm:AddTagsToResource", "ssm:DescribeInstanceInformation", "ssm:GetAutomationExecution", "ssm:StopAutomationExecution", "ssm:ListInventoryEntries", "ssm:SendAutomationSignal", "ssm:DescribeInstanceAssociationsStatus", "ssm:DescribeAssociationExecutions" ], "Resource": "*" }, { "Effect": "Allow", "Action": "ssm:SendCommand", "Resource": [ "arn:aws:ssm:*:*:document/AWS-RunPowerShellScript", "arn:aws:ssm:*:*:document/AWS-RunShellScript", "arn:aws:ssm:*:*:document/AWSEC2-RunSysprep", "arn:aws:s3:::*" ] }, { "Effect": "Allow", "Action": [ "ssm:SendCommand" ], "Resource": [ "arn:aws:ec2:*:*:instance/*" ], "Condition": { "ForAnyValue:StringEquals": { "ssm:resourceTag/CreatedBy": [ "EC2 Image Builder" ] } } }, { "Effect": "Allow", "Action": "ssm:StartAutomationExecution", "Resource": "arn:aws:ssm:*:*:automation-definition/ImageBuilder*" }, { "Effect": "Allow", "Action": [ "ssm:CreateAssociation", "ssm:DeleteAssociation" ], "Resource": [ "arn:aws:ssm:*:*:document/AWS-GatherSoftwareInventory", "arn:aws:ssm:*:*:association/*", "arn:aws:ec2:*:*:instance/*" ] }, { "Effect": "Allow", "Action": [ "kms:Encrypt", "kms:Decrypt", "kms:ReEncryptFrom", "kms:ReEncryptTo", "kms:GenerateDataKeyWithoutPlaintext", "kms:DescribeKey" ], "Resource": "*", "Condition": { "ForAllValues:StringEquals": { "kms:EncryptionContextKeys": [ "aws:ebs:id" ] }, "StringLike": { "kms:ViaService": [ "ec2.*.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": "kms:CreateGrant", "Resource": "*", "Condition": { "Bool": { "kms:GrantIsForAWSResource": true }, "StringLike": { "kms:ViaService": [ "ec2.*.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "arn:aws:iam::*:role/EC2ImageBuilderDistributionCrossAccountRole" }, { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:CreateLogGroup", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/imagebuilder/*" }, { "Effect": "Allow", "Action": [ "ec2:CreateLaunchTemplateVersion", "ec2:DescribeLaunchTemplates", "ec2:ModifyLaunchTemplate" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "ssm.amazonaws.com" } } } ] }, "VersionId": "v13" }, "AWSServiceRoleForIoTSiteWise": { "PolicyName": "AWSServiceRoleForIoTSiteWise", "PolicyId": "ANPAJGQU4DZIQP6HLYQPE", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForIoTSiteWise", "Path": "/aws-service-role/", "DefaultVersionId": "v7", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-14T19:19:17+00:00", "UpdateDate": "2020-04-25T02:15:01+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "greengrass:GetAssociatedRole", "greengrass:GetCoreDefinition", "greengrass:GetCoreDefinitionVersion", "greengrass:GetGroup", "greengrass:GetGroupVersion" ], "Resource": "*", "Effect": "Allow" }, { "Action": [ "logs:CreateLogGroup", "logs:DescribeLogGroups" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/iotsitewise*", "Effect": "Allow" }, { "Action": [ "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/iotsitewise*:log-stream:*", "Effect": "Allow" } ] }, "VersionId": "v7" }, "AWSServiceRoleForLogDeliveryPolicy": { "PolicyName": "AWSServiceRoleForLogDeliveryPolicy", "PolicyId": "ANPAZKAPJZG4EMA7ANTDG", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForLogDeliveryPolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-10-04T17:31:19+00:00", "UpdateDate": "2021-07-15T20:07:44+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "firehose:PutRecord", "firehose:PutRecordBatch", "firehose:ListTagsForDeliveryStream" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/LogDeliveryEnabled": "true" } } } ] }, "VersionId": "v3" }, "AWSServiceRoleForMonitronPolicy": { "PolicyName": "AWSServiceRoleForMonitronPolicy", "PolicyId": "ANPAZKAPJZG4NYRIH2RCH", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForMonitronPolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-02T19:06:08+00:00", "UpdateDate": "2020-12-02T19:06:08+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "sso:GetManagedApplicationInstance", "sso:GetProfile", "sso:ListProfiles", "sso:AssociateProfile", "sso:ListDirectoryAssociations", "sso-directory:DescribeUsers", "sso-directory:SearchUsers" ], "Resource": "*", "Effect": "Allow" } ] }, "VersionId": "v1" }, "AWSServiceRoleForSMS": { "PolicyName": "AWSServiceRoleForSMS", "PolicyId": "ANPAZKAPJZG4OSYRD2VJZ", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSServiceRoleForSMS", "Path": "/aws-service-role/", "DefaultVersionId": "v10", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-08-06T18:39:29+00:00", "UpdateDate": "2020-10-15T17:28:13+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudformation:CreateChangeSet", "cloudformation:CreateStack" ], "Resource": "arn:aws:cloudformation:*:*:stack/sms-app-*/*", "Condition": { "Null": { "cloudformation:ResourceTypes": "false" }, "ForAllValues:StringEquals": { "cloudformation:ResourceTypes": [ "AWS::EC2::Instance", "AWS::ApplicationInsights::Application", "AWS::ResourceGroups::Group" ] } } }, { "Effect": "Allow", "Action": [ "cloudformation:DeleteStack", "cloudformation:ExecuteChangeSet", "cloudformation:DeleteChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:GetTemplate" ], "Resource": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" }, { "Effect": "Allow", "Action": [ "cloudformation:ValidateTemplate", "s3:ListAllMyBuckets" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteObject", "s3:GetBucketAcl", "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:PutObject", "s3:PutObjectAcl", "s3:PutLifecycleConfiguration" ], "Resource": "arn:aws:s3:::sms-app-*" }, { "Effect": "Allow", "Action": [ "sms:CreateReplicationJob", "sms:DeleteReplicationJob", "sms:GetReplicationJobs", "sms:GetReplicationRuns", "sms:GetServers", "sms:ImportServerCatalog", "sms:StartOnDemandReplicationRun", "sms:UpdateReplicationJob" ], "Resource": "*" }, { "Effect": "Allow", "Action": "ssm:SendCommand", "Resource": [ "arn:aws:ssm:*::document/AWS-RunRemoteScript", "arn:aws:s3:::sms-app-*" ] }, { "Effect": "Allow", "Action": "ssm:SendCommand", "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "StringEquals": { "ssm:resourceTag/UseForSMSApplicationValidation": [ "true" ] } } }, { "Effect": "Allow", "Action": [ "ssm:CancelCommand", "ssm:GetCommandInvocation" ], "Resource": "*" }, { "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": "arn:aws:ec2:*:*:snapshot/*", "Condition": { "StringEquals": { "ec2:CreateAction": "CopySnapshot" } } }, { "Effect": "Allow", "Action": "ec2:CopySnapshot", "Resource": "arn:aws:ec2:*:*:snapshot/*", "Condition": { "StringLike": { "aws:RequestTag/SMSJobId": [ "sms-*" ] } } }, { "Effect": "Allow", "Action": [ "ec2:ModifySnapshotAttribute", "ec2:DeleteSnapshot" ], "Resource": "arn:aws:ec2:*:*:snapshot/*", "Condition": { "StringLike": { "ec2:ResourceTag/SMSJobId": [ "sms-*" ] } } }, { "Effect": "Allow", "Action": [ "ec2:CopyImage", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeSnapshots", "ec2:DescribeSnapshotAttribute", "ec2:DeregisterImage", "ec2:ImportImage", "ec2:DescribeImportImageTasks", "ec2:GetEbsEncryptionByDefault" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:GetRole", "iam:GetInstanceProfile" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DisassociateIamInstanceProfile", "ec2:AssociateIamInstanceProfile", "ec2:ReplaceIamInstanceProfileAssociation" ], "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "StringLike": { "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" } } }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "ec2.amazonaws.com" } } }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEqualsIfExists": { "iam:PassedToService": "cloudformation.amazonaws.com" }, "StringLike": { "iam:AssociatedResourceArn": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" } } }, { "Effect": "Allow", "Action": [ "ec2:RunInstances" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CreateTags", "ec2:DeleteTags" ], "Resource": "arn:aws:ec2:*:*:instance/*" }, { "Effect": "Allow", "Action": [ "ec2:ModifyInstanceAttribute", "ec2:StopInstances", "ec2:StartInstances", "ec2:TerminateInstances" ], "Resource": "*", "Condition": { "StringLike": { "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" } } }, { "Effect": "Allow", "Action": [ "applicationinsights:Describe*", "applicationinsights:List*", "cloudformation:ListStackResources" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "applicationinsights:CreateApplication", "applicationinsights:CreateComponent", "applicationinsights:UpdateApplication", "applicationinsights:DeleteApplication", "applicationinsights:UpdateComponentConfiguration", "applicationinsights:DeleteComponent" ], "Resource": "arn:aws:applicationinsights:*:*:application/resource-group/sms-app-*" }, { "Effect": "Allow", "Action": [ "resource-groups:CreateGroup", "resource-groups:GetGroup", "resource-groups:UpdateGroup", "resource-groups:DeleteGroup" ], "Resource": "arn:aws:resource-groups:*:*:group/sms-app-*", "Condition": { "StringLike": { "aws:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" } } }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/application-insights.amazonaws.com/AWSServiceRoleForApplicationInsights" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "application-insights.amazonaws.com" } } } ] }, "VersionId": "v10" }, "AWSShieldDRTAccessPolicy": { "PolicyName": "AWSShieldDRTAccessPolicy", "PolicyId": "ANPAJWNCSZ4PARLO37VVY", "Arn": "arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy", "Path": "/service-role/", "DefaultVersionId": "v6", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-06-05T22:29:39+00:00", "UpdateDate": "2020-12-15T17:28:15+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "SRTAccessProtectedResources", "Effect": "Allow", "Action": [ "cloudfront:List*", "route53:List*", "elasticloadbalancing:Describe*", "cloudwatch:Describe*", "cloudwatch:Get*", "cloudwatch:List*", "cloudfront:GetDistribution*", "globalaccelerator:ListAccelerators", "globalaccelerator:DescribeAccelerator", "ec2:DescribeRegions", "ec2:DescribeAddresses" ], "Resource": "*" }, { "Sid": "SRTManageProtections", "Effect": "Allow", "Action": [ "shield:*", "waf:*", "wafv2:*", "waf-regional:*", "elasticloadbalancing:SetWebACL", "cloudfront:UpdateDistribution", "apigateway:SetWebACL" ], "Resource": "*" } ] }, "VersionId": "v6" }, "AWSStepFunctionsConsoleFullAccess": { "PolicyName": "AWSStepFunctionsConsoleFullAccess", "PolicyId": "ANPAJIYC52YWRX6OSMJWK", "Arn": "arn:aws:iam::aws:policy/AWSStepFunctionsConsoleFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-01-11T21:54:31+00:00", "UpdateDate": "2017-01-12T00:19:34+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "states:*", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:ListRoles", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::*:role/service-role/StatesExecutionRole*" }, { "Effect": "Allow", "Action": "lambda:ListFunctions", "Resource": "*" } ] }, "VersionId": "v2" }, "AWSStepFunctionsFullAccess": { "PolicyName": "AWSStepFunctionsFullAccess", "PolicyId": "ANPAJXKA6VP3UFBVHDPPA", "Arn": "arn:aws:iam::aws:policy/AWSStepFunctionsFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-01-11T21:51:32+00:00", "UpdateDate": "2017-01-11T21:51:32+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "states:*", "Resource": "*" } ] }, "VersionId": "v1" }, "AWSStepFunctionsReadOnlyAccess": { "PolicyName": "AWSStepFunctionsReadOnlyAccess", "PolicyId": "ANPAJONHB2TJQDJPFW5TM", "Arn": "arn:aws:iam::aws:policy/AWSStepFunctionsReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-01-11T21:46:19+00:00", "UpdateDate": "2017-11-10T22:03:49+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "states:ListStateMachines", "states:ListActivities", "states:DescribeStateMachine", "states:DescribeStateMachineForExecution", "states:ListExecutions", "states:DescribeExecution", "states:GetExecutionHistory", "states:DescribeActivity" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSStorageGatewayFullAccess": { "PolicyName": "AWSStorageGatewayFullAccess", "PolicyId": "ANPAJG5SSPAVOGK3SIDGU", "Arn": "arn:aws:iam::aws:policy/AWSStorageGatewayFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:09+00:00", "UpdateDate": "2015-02-06T18:41:09+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "storagegateway:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DescribeSnapshots", "ec2:DeleteSnapshot" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSStorageGatewayReadOnlyAccess": { "PolicyName": "AWSStorageGatewayReadOnlyAccess", "PolicyId": "ANPAIFKCTUVOPD5NICXJK", "Arn": "arn:aws:iam::aws:policy/AWSStorageGatewayReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:10+00:00", "UpdateDate": "2015-02-06T18:41:10+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "storagegateway:List*", "storagegateway:Describe*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DescribeSnapshots" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSStorageGatewayServiceRolePolicy": { "PolicyName": "AWSStorageGatewayServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4E4ZEKWU2U", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSStorageGatewayServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-02-17T19:03:19+00:00", "UpdateDate": "2021-02-17T19:03:19+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "fsx:ListTagsForResource" ], "Resource": "arn:aws:fsx:*:*:backup/*" } ] }, "VersionId": "v1" }, "AWSSupportAccess": { "PolicyName": "AWSSupportAccess", "PolicyId": "ANPAJSNKQX2OW67GF4S7E", "Arn": "arn:aws:iam::aws:policy/AWSSupportAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:11+00:00", "UpdateDate": "2015-02-06T18:41:11+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "support:*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSSupportServiceRolePolicy": { "PolicyName": "AWSSupportServiceRolePolicy", "PolicyId": "ANPAJ7W6266ELXF5MISDS", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSupportServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v16", "AttachmentCount": 1, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-04-19T18:04:44+00:00", "UpdateDate": "2021-07-01T21:52:12+00:00", "Document": { "Statement": [ { "Action": [ "apigateway:GET" ], "Effect": "Allow", "Resource": [ "arn:aws:apigateway:*::/account", "arn:aws:apigateway:*::/apis", "arn:aws:apigateway:*::/apis/*", "arn:aws:apigateway:*::/apis/*/authorizers", "arn:aws:apigateway:*::/apis/*/authorizers/*", "arn:aws:apigateway:*::/apis/*/deployments", "arn:aws:apigateway:*::/apis/*/deployments/*", "arn:aws:apigateway:*::/apis/*/integrations", "arn:aws:apigateway:*::/apis/*/integrations/*", "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses", "arn:aws:apigateway:*::/apis/*/integrations/*/integrationresponses/*", "arn:aws:apigateway:*::/apis/*/models", "arn:aws:apigateway:*::/apis/*/models/*", "arn:aws:apigateway:*::/apis/*/routes", "arn:aws:apigateway:*::/apis/*/routes/*", "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses", "arn:aws:apigateway:*::/apis/*/routes/*/routeresponses/*", "arn:aws:apigateway:*::/apis/*/stages", "arn:aws:apigateway:*::/apis/*/stages/*", "arn:aws:apigateway:*::/clientcertificates", "arn:aws:apigateway:*::/clientcertificates/*", "arn:aws:apigateway:*::/domainnames", "arn:aws:apigateway:*::/domainnames/*", "arn:aws:apigateway:*::/domainnames/*/apimappings", "arn:aws:apigateway:*::/domainnames/*/apimappings/*", "arn:aws:apigateway:*::/domainnames/*/basepathmappings", "arn:aws:apigateway:*::/domainnames/*/basepathmappings/*", "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/restapis/*", "arn:aws:apigateway:*::/restapis/*/authorizers", "arn:aws:apigateway:*::/restapis/*/authorizers/*", "arn:aws:apigateway:*::/restapis/*/deployments", "arn:aws:apigateway:*::/restapis/*/deployments/*", "arn:aws:apigateway:*::/restapis/*/models", "arn:aws:apigateway:*::/restapis/*/models/*", "arn:aws:apigateway:*::/restapis/*/models/*/default_template", "arn:aws:apigateway:*::/restapis/*/resources", "arn:aws:apigateway:*::/restapis/*/resources/*", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration/responses/*", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/responses/*", "arn:aws:apigateway:*::/restapis/*/stages/*/sdks/*", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*/integration", "arn:aws:apigateway:*::/restapis/*/stages", "arn:aws:apigateway:*::/restapis/*/stages/*" ] }, { "Action": [ "iam:DeleteRole" ], "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/aws-service-role/support.amazonaws.com/AWSServiceRoleForSupport" ] }, { "Action": [ "a4b:getDevice", "a4b:getProfile", "a4b:getRoom", "a4b:getRoomSkillParameter", "a4b:getSkillGroup", "a4b:searchDevices", "a4b:searchProfiles", "a4b:searchRooms", "a4b:searchSkillGroups", "access-analyzer:getFinding", "access-analyzer:listAnalyzers", "access-analyzer:listArchiveRules", "access-analyzer:listFindings", "acm-pca:describeCertificateAuthority", "acm-pca:describeCertificateAuthorityAuditReport", "acm-pca:getCertificate", "acm-pca:getCertificateAuthorityCertificate", "acm-pca:getCertificateAuthorityCsr", "acm-pca:listCertificateAuthorities", "acm-pca:listTags", "acm:describeCertificate", "acm:getCertificate", "acm:listCertificates", "acm:listTagsForCertificate", "airflow:getEnvironment", "airflow:listEnvironments", "airflow:listTagsForResource", "amplify:getApp", "amplify:getBranch", "amplify:getDomainAssociation", "amplify:getJob", "amplify:getWebhook", "amplify:listApps", "amplify:listWebhooks", "appflow:describeConnectorEntity", "appflow:describeConnectorProfiles", "appflow:describeFlow", "appflow:listFlows", "application-autoscaling:describeScalableTargets", "application-autoscaling:describeScalingActivities", "application-autoscaling:describeScalingPolicies", "application-autoscaling:describeScheduledActions", "appmesh:describeMesh", "appmesh:describeRoute", "appmesh:describeVirtualNode", "appmesh:describeVirtualRouter", "appmesh:describeVirtualService", "appmesh:listMeshes", "appmesh:listRoutes", "appmesh:listVirtualNodes", "appmesh:listVirtualRouters", "appmesh:listVirtualServices", "appstream:describeDirectoryConfigs", "appstream:describeFleets", "appstream:describeImageBuilders", "appstream:describeImages", "appstream:describeSessions", "appstream:describeStacks", "appstream:listAssociatedFleets", "appstream:listAssociatedStacks", "appstream:listTagsForResource", "appsync:getFunction", "appsync:getGraphqlApi", "appsync:getIntrospectionSchema", "appsync:getResolver", "appsync:getSchemaCreationStatus", "appsync:getType", "appsync:listDataSources", "appsync:listFunctions", "appsync:listGraphqlApis", "appsync:listResolvers", "appsync:listTypes", "athena:batchGetNamedQuery", "athena:batchGetQueryExecution", "athena:getNamedQuery", "athena:getQueryExecution", "athena:getWorkGroup", "athena:listNamedQueries", "athena:listQueryExecutions", "athena:listTagsForResource", "athena:listWorkGroups", "auditmanager:getAccountStatus", "auditmanager:getDelegations", "auditmanager:listAssessmentFrameworks", "auditmanager:listAssessmentReports", "auditmanager:listAssessments", "auditmanager:listControls", "auditmanager:listKeywordsForDataSource", "auditmanager:listNotifications", "autoscaling-plans:describeScalingPlanResources", "autoscaling-plans:describeScalingPlans", "autoscaling-plans:getScalingPlanResourceForecastData", "autoscaling:describeAccountLimits", "autoscaling:describeAdjustmentTypes", "autoscaling:describeAutoScalingGroups", "autoscaling:describeAutoScalingInstances", "autoscaling:describeAutoScalingNotificationTypes", "autoscaling:describeInstanceRefreshes", "autoscaling:describeLaunchConfigurations", "autoscaling:describeLifecycleHooks", "autoscaling:describeLifecycleHookTypes", "autoscaling:describeLoadBalancers", "autoscaling:describeLoadBalancerTargetGroups", "autoscaling:describeMetricCollectionTypes", "autoscaling:describeNotificationConfigurations", "autoscaling:describePolicies", "autoscaling:describeScalingActivities", "autoscaling:describeScalingProcessTypes", "autoscaling:describeScheduledActions", "autoscaling:describeTags", "autoscaling:describeTerminationPolicyTypes", "backup:describeBackupJob", "backup:describeBackupVault", "backup:describeProtectedResource", "backup:describeRecoveryPoint", "backup:describeRestoreJob", "backup:getBackupPlan", "backup:getBackupPlanFromJSON", "backup:getBackupPlanFromTemplate", "backup:getBackupSelection", "backup:getBackupVaultAccessPolicy", "backup:getBackupVaultNotifications", "backup:getRecoveryPointRestoreMetadata", "backup:getSupportedResourceTypes", "backup:listBackupJobs", "backup:listBackupPlans", "backup:listBackupPlanTemplates", "backup:listBackupPlanVersions", "backup:listBackupSelections", "backup:listBackupVaults", "backup:listProtectedResources", "backup:listRecoveryPointsByBackupVault", "backup:listRecoveryPointsByResource", "backup:listRestoreJobs", "backup:listTags", "batch:describeComputeEnvironments", "batch:describeJobDefinitions", "batch:describeJobQueues", "batch:describeJobs", "batch:listJobs", "braket:getDevice", "braket:getQuantumTask", "braket:searchDevices", "braket:searchQuantumTasks", "budgets:viewBudget", "ce:getCostAndUsage", "ce:getCostAndUsageWithResources", "ce:getCostForecast", "ce:getDimensionValues", "ce:getReservationCoverage", "ce:getReservationPurchaseRecommendation", "ce:getReservationUtilization", "ce:getRightsizingRecommendation", "ce:getSavingsPlansCoverage", "ce:getSavingsPlansPurchaseRecommendation", "ce:getSavingsPlansUtilization", "ce:getSavingsPlansUtilizationDetails", "ce:getTags", "cloud9:describeEnvironmentMemberships", "cloud9:describeEnvironments", "cloud9:listEnvironments", "clouddirectory:getDirectory", "clouddirectory:listDirectories", "cloudformation:describeAccountLimits", "cloudformation:describeChangeSet", "cloudformation:describeStackEvents", "cloudformation:describeStackInstance", "cloudformation:describeStackResource", "cloudformation:describeStackResources", "cloudformation:describeStacks", "cloudformation:describeStackSet", "cloudformation:describeStackSetOperation", "cloudformation:estimateTemplateCost", "cloudformation:getStackPolicy", "cloudformation:getTemplate", "cloudformation:getTemplateSummary", "cloudformation:listChangeSets", "cloudformation:listExports", "cloudformation:listImports", "cloudformation:listStackInstances", "cloudformation:listStackResources", "cloudformation:listStacks", "cloudformation:listStackSetOperationResults", "cloudformation:listStackSetOperations", "cloudformation:listStackSets", "cloudfront:getCloudFrontOriginAccessIdentity", "cloudfront:getCloudFrontOriginAccessIdentityConfig", "cloudfront:getDistribution", "cloudfront:getDistributionConfig", "cloudfront:getInvalidation", "cloudfront:getStreamingDistribution", "cloudfront:getStreamingDistributionConfig", "cloudfront:listCloudFrontOriginAccessIdentities", "cloudfront:listDistributions", "cloudfront:listDistributionsByWebACLId", "cloudfront:listInvalidations", "cloudfront:listStreamingDistributions", "cloudhsm:describeBackups", "cloudhsm:describeClusters", "cloudsearch:describeAnalysisSchemes", "cloudsearch:describeAvailabilityOptions", "cloudsearch:describeDomains", "cloudsearch:describeExpressions", "cloudsearch:describeIndexFields", "cloudsearch:describeScalingParameters", "cloudsearch:describeServiceAccessPolicies", "cloudsearch:describeSuggesters", "cloudsearch:listDomainNames", "cloudtrail:describeTrails", "cloudtrail:getEventSelectors", "cloudtrail:getInsightSelectors", "cloudtrail:getTrail", "cloudtrail:getTrailStatus", "cloudtrail:listPublicKeys", "cloudtrail:listTags", "cloudtrail:listTrails", "cloudtrail:lookupEvents", "cloudwatch:describeAlarmHistory", "cloudwatch:describeAlarms", "cloudwatch:describeAlarmsForMetric", "cloudwatch:describeAnomalyDetectors", "cloudwatch:describeInsightRules", "cloudwatch:getDashboard", "cloudwatch:getInsightRuleReport", "cloudwatch:getMetricData", "cloudwatch:getMetricStatistics", "cloudwatch:listDashboards", "cloudwatch:listMetrics", "codeartifact:describeDomain", "codeartifact:describePackageVersion", "codeartifact:describeRepository", "codeartifact:getDomainPermissionsPolicy", "codeartifact:getRepositoryEndPoint", "codeartifact:getRepositoryPermissionsPolicy", "codeartifact:listDomains", "codeartifact:listPackages", "codeartifact:listPackageVersionAssets", "codeartifact:listPackageVersions", "codeartifact:listRepositories", "codeartifact:listRepositoriesInDomain", "codebuild:batchGetBuildBatches", "codebuild:batchGetBuilds", "codebuild:batchGetProjects", "codebuild:listBuildBatches", "codebuild:listBuildBatchesForProject", "codebuild:listBuilds", "codebuild:listBuildsForProject", "codebuild:listCuratedEnvironmentImages", "codebuild:listProjects", "codebuild:listSourceCredentials", "codecommit:batchGetRepositories", "codecommit:getBranch", "codecommit:getRepository", "codecommit:getRepositoryTriggers", "codecommit:listBranches", "codecommit:listRepositories", "codedeploy:batchGetApplicationRevisions", "codedeploy:batchGetApplications", "codedeploy:batchGetDeploymentGroups", "codedeploy:batchGetDeploymentInstances", "codedeploy:batchGetDeployments", "codedeploy:batchGetDeploymentTargets", "codedeploy:batchGetOnPremisesInstances", "codedeploy:getApplication", "codedeploy:getApplicationRevision", "codedeploy:getDeployment", "codedeploy:getDeploymentConfig", "codedeploy:getDeploymentGroup", "codedeploy:getDeploymentInstance", "codedeploy:getDeploymentTarget", "codedeploy:getOnPremisesInstance", "codedeploy:listApplicationRevisions", "codedeploy:listApplications", "codedeploy:listDeploymentConfigs", "codedeploy:listDeploymentGroups", "codedeploy:listDeploymentInstances", "codedeploy:listDeployments", "codedeploy:listDeploymentTargets", "codedeploy:listGitHubAccountTokenNames", "codedeploy:listOnPremisesInstances", "codepipeline:getJobDetails", "codepipeline:getPipeline", "codepipeline:getPipelineExecution", "codepipeline:getPipelineState", "codepipeline:listActionExecutions", "codepipeline:listActionTypes", "codepipeline:listPipelineExecutions", "codepipeline:listPipelines", "codepipeline:listWebhooks", "codestar:describeProject", "codestar:listProjects", "codestar:listResources", "codestar:listTeamMembers", "codestar:listUserProfiles", "cognito-identity:describeIdentityPool", "cognito-identity:getIdentityPoolRoles", "cognito-identity:listIdentities", "cognito-identity:listIdentityPools", "cognito-idp:adminGetUser", "cognito-idp:describeIdentityProvider", "cognito-idp:describeResourceServer", "cognito-idp:describeRiskConfiguration", "cognito-idp:describeUserImportJob", "cognito-idp:describeUserPool", "cognito-idp:describeUserPoolClient", "cognito-idp:describeUserPoolDomain", "cognito-idp:getGroup", "cognito-idp:getUICustomization", "cognito-idp:getUser", "cognito-idp:getUserPoolMfaConfig", "cognito-idp:listGroups", "cognito-idp:listIdentityProviders", "cognito-idp:listResourceServers", "cognito-idp:listUserImportJobs", "cognito-idp:listUserPoolClients", "cognito-idp:listUserPools", "cognito-sync:describeDataset", "cognito-sync:describeIdentityPoolUsage", "cognito-sync:describeIdentityUsage", "cognito-sync:getCognitoEvents", "cognito-sync:getIdentityPoolConfiguration", "cognito-sync:listDatasets", "cognito-sync:listIdentityPoolUsage", "compute-optimizer:getAutoScalingGroupRecommendations", "compute-optimizer:getEBSVolumeRecommendations", "compute-optimizer:getEC2InstanceRecommendations", "compute-optimizer:getEC2RecommendationProjectedMetrics", "compute-optimizer:getEnrollmentStatus", "compute-optimizer:getRecommendationSummaries", "config:describeConfigRuleEvaluationStatus", "config:describeConfigRules", "config:describeConfigurationRecorders", "config:describeConfigurationRecorderStatus", "config:describeDeliveryChannels", "config:describeDeliveryChannelStatus", "config:getResourceConfigHistory", "config:listDiscoveredResources", "connect:describeUser", "connect:getCurrentMetricData", "connect:getMetricData", "connect:listRoutingProfiles", "connect:listSecurityProfiles", "connect:listUsers", "controltower:describeAccountFactoryConfig", "controltower:describeCoreService", "controltower:describeGuardrail", "controltower:describeGuardrailForTarget", "controltower:describeManagedAccount", "controltower:describeSingleSignOn", "controltower:getAvailableUpdates", "controltower:getHomeRegion", "controltower:getLandingZoneStatus", "controltower:listDirectoryGroups", "controltower:listGuardrailsForTarget", "controltower:listGuardrailViolations", "controltower:listManagedAccounts", "controltower:listManagedAccountsForGuardrail", "controltower:listManagedAccountsForParent", "controltower:listManagedOrganizationalUnits", "controltower:listManagedOrganizationalUnitsForGuardrail", "databrew:describeDataset", "databrew:describeJob", "databrew:describeProject", "databrew:describeRecipe", "databrew:listDatasets", "databrew:listJobRuns", "databrew:listJobs", "databrew:listProjects", "databrew:listRecipes", "databrew:listRecipeVersions", "databrew:listTagsForResource", "datapipeline:describeObjects", "datapipeline:describePipelines", "datapipeline:getPipelineDefinition", "datapipeline:listPipelines", "datapipeline:queryObjects", "datasync:describeAgent", "datasync:describeLocationEfs", "datasync:describeLocationFsxWindows", "datasync:describeLocationNfs", "datasync:describeLocationObjectStorage", "datasync:describeLocationS3", "datasync:describeLocationSmb", "datasync:describeTask", "datasync:describeTaskExecution", "datasync:listAgents", "datasync:listLocations", "datasync:listTaskExecutions", "datasync:listTasks", "dax:describeClusters", "dax:describeDefaultParameters", "dax:describeEvents", "dax:describeParameterGroups", "dax:describeParameters", "dax:describeSubnetGroups", "detective:getMembers", "detective:listGraphs", "detective:listInvitations", "detective:listMembers", "devicefarm:getAccountSettings", "devicefarm:getDevice", "devicefarm:getDevicePool", "devicefarm:getDevicePoolCompatibility", "devicefarm:getJob", "devicefarm:getProject", "devicefarm:getRemoteAccessSession", "devicefarm:getRun", "devicefarm:getSuite", "devicefarm:getTest", "devicefarm:getTestGridProject", "devicefarm:getTestGridSession", "devicefarm:getUpload", "devicefarm:listArtifacts", "devicefarm:listDevicePools", "devicefarm:listDevices", "devicefarm:listJobs", "devicefarm:listProjects", "devicefarm:listRemoteAccessSessions", "devicefarm:listRuns", "devicefarm:listSamples", "devicefarm:listSuites", "devicefarm:listTestGridProjects", "devicefarm:listTestGridSessionActions", "devicefarm:listTestGridSessionArtifacts", "devicefarm:listTestGridSessions", "devicefarm:listTests", "devicefarm:listUniqueProblems", "devicefarm:listUploads", "directconnect:describeConnections", "directconnect:describeConnectionsOnInterconnect", "directconnect:describeInterconnects", "directconnect:describeLocations", "directconnect:describeVirtualGateways", "directconnect:describeVirtualInterfaces", "dlm:getLifecyclePolicies", "dlm:getLifecyclePolicy", "dms:describeAccountAttributes", "dms:describeConnections", "dms:describeEndpoints", "dms:describeEndpointTypes", "dms:describeOrderableReplicationInstances", "dms:describeRefreshSchemasStatus", "dms:describeReplicationInstances", "dms:describeReplicationSubnetGroups", "ds:describeConditionalForwarders", "ds:describeDirectories", "ds:describeEventTopics", "ds:describeSnapshots", "ds:describeTrusts", "ds:getDirectoryLimits", "ds:getSnapshotLimits", "ds:listIpRoutes", "ds:listSchemaExtensions", "ds:listTagsForResource", "dynamodb:describeBackup", "dynamodb:describeContinuousBackups", "dynamodb:describeGlobalTable", "dynamodb:describeLimits", "dynamodb:describeStream", "dynamodb:describeTable", "dynamodb:describeTimeToLive", "dynamodb:listBackups", "dynamodb:listGlobalTables", "dynamodb:listStreams", "dynamodb:listTables", "dynamodb:listTagsOfResource", "ec2:acceptReservedInstancesExchangeQuote", "ec2:cancelReservedInstancesListing", "ec2:createReservedInstancesListing", "ec2:describeAccountAttributes", "ec2:describeAddresses", "ec2:describeAvailabilityZones", "ec2:describeBundleTasks", "ec2:describeByoipCidrs", "ec2:describeCapacityReservations", "ec2:describeClassicLinkInstances", "ec2:describeClientVpnAuthorizationRules", "ec2:describeClientVpnConnections", "ec2:describeClientVpnEndpoints", "ec2:describeClientVpnRoutes", "ec2:describeClientVpnTargetNetworks", "ec2:describeCoipPools", "ec2:describeConversionTasks", "ec2:describeCustomerGateways", "ec2:describeDhcpOptions", "ec2:describeElasticGpus", "ec2:describeExportImageTasks", "ec2:describeExportTasks", "ec2:describeFastSnapshotRestores", "ec2:describeFleetHistory", "ec2:describeFleetInstances", "ec2:describeFleets", "ec2:describeFlowLogs", "ec2:describeHostReservationOfferings", "ec2:describeHostReservations", "ec2:describeHosts", "ec2:describeIdentityIdFormat", "ec2:describeIdFormat", "ec2:describeImageAttribute", "ec2:describeImages", "ec2:describeImportImageTasks", "ec2:describeImportSnapshotTasks", "ec2:describeInstanceAttribute", "ec2:describeInstances", "ec2:describeInstanceStatus", "ec2:describeInternetGateways", "ec2:describeKeyPairs", "ec2:describeLaunchTemplates", "ec2:describeLaunchTemplateVersions", "ec2:describeLocalGatewayRouteTables", "ec2:describeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", "ec2:describeLocalGatewayRouteTableVpcAssociations", "ec2:describeLocalGateways", "ec2:describeLocalGatewayVirtualInterfaceGroups", "ec2:describeLocalGatewayVirtualInterfaces", "ec2:describeMovingAddresses", "ec2:describeNatGateways", "ec2:describeNetworkAcls", "ec2:describeNetworkInterfaceAttribute", "ec2:describeNetworkInterfaces", "ec2:describePlacementGroups", "ec2:describePrefixLists", "ec2:describePublicIpv4Pools", "ec2:describeRegions", "ec2:describeReservedInstances", "ec2:describeReservedInstancesListings", "ec2:describeReservedInstancesModifications", "ec2:describeReservedInstancesOfferings", "ec2:describeRouteTables", "ec2:describeScheduledInstances", "ec2:describeSecurityGroups", "ec2:describeSnapshotAttribute", "ec2:describeSnapshots", "ec2:describeSpotDatafeedSubscription", "ec2:describeSpotFleetInstances", "ec2:describeSpotFleetRequestHistory", "ec2:describeSpotFleetRequests", "ec2:describeSpotInstanceRequests", "ec2:describeSpotPriceHistory", "ec2:describeSubnets", "ec2:describeTags", "ec2:describeTrafficMirrorFilters", "ec2:describeTrafficMirrorSessions", "ec2:describeTrafficMirrorTargets", "ec2:describeTransitGatewayAttachments", "ec2:describeTransitGatewayRouteTables", "ec2:describeTransitGateways", "ec2:describeTransitGatewayVpcAttachments", "ec2:describeVolumeAttribute", "ec2:describeVolumes", "ec2:describeVolumesModifications", "ec2:describeVolumeStatus", "ec2:describeVpcAttribute", "ec2:describeVpcClassicLink", "ec2:describeVpcClassicLinkDnsSupport", "ec2:describeVpcEndpointConnectionNotifications", "ec2:describeVpcEndpointConnections", "ec2:describeVpcEndpoints", "ec2:describeVpcEndpointServiceConfigurations", "ec2:describeVpcEndpointServicePermissions", "ec2:describeVpcEndpointServices", "ec2:describeVpcPeeringConnections", "ec2:describeVpcs", "ec2:describeVpnConnections", "ec2:describeVpnGateways", "ec2:getCoipPoolUsage", "ec2:getConsoleScreenshot", "ec2:getReservedInstancesExchangeQuote", "ec2:getTransitGatewayAttachmentPropagations", "ec2:getTransitGatewayRouteTableAssociations", "ec2:getTransitGatewayRouteTablePropagations", "ec2:modifyReservedInstances", "ec2:purchaseReservedInstancesOffering", "ec2:searchLocalGatewayRoutes", "ecr:batchCheckLayerAvailability", "ecr:describeImages", "ecr:describeRepositories", "ecr:getRepositoryPolicy", "ecr:listImages", "ecs:describeClusters", "ecs:describeContainerInstances", "ecs:describeServices", "ecs:describeTaskDefinition", "ecs:describeTasks", "ecs:listClusters", "ecs:listContainerInstances", "ecs:listServices", "ecs:listTaskDefinitions", "ecs:listTasks", "eks:describeCluster", "eks:describeFargateProfile", "eks:describeNodegroup", "eks:describeUpdate", "eks:listClusters", "eks:listFargateProfiles", "eks:listNodegroups", "eks:listUpdates", "elasticache:describeCacheClusters", "elasticache:describeCacheEngineVersions", "elasticache:describeCacheParameterGroups", "elasticache:describeCacheParameters", "elasticache:describeCacheSecurityGroups", "elasticache:describeCacheSubnetGroups", "elasticache:describeEngineDefaultParameters", "elasticache:describeEvents", "elasticache:describeReplicationGroups", "elasticache:describeReservedCacheNodes", "elasticache:describeReservedCacheNodesOfferings", "elasticache:describeSnapshots", "elasticache:listAllowedNodeTypeModifications", "elasticache:listTagsForResource", "elasticbeanstalk:checkDNSAvailability", "elasticbeanstalk:describeApplications", "elasticbeanstalk:describeApplicationVersions", "elasticbeanstalk:describeConfigurationOptions", "elasticbeanstalk:describeConfigurationSettings", "elasticbeanstalk:describeEnvironmentHealth", "elasticbeanstalk:describeEnvironmentManagedActionHistory", "elasticbeanstalk:describeEnvironmentManagedActions", "elasticbeanstalk:describeEnvironmentResources", "elasticbeanstalk:describeEnvironments", "elasticbeanstalk:describeEvents", "elasticbeanstalk:describeInstancesHealth", "elasticbeanstalk:describePlatformVersion", "elasticbeanstalk:listAvailableSolutionStacks", "elasticbeanstalk:listPlatformVersions", "elasticbeanstalk:validateConfigurationSettings", "elasticfilesystem:describeAccessPoints", "elasticfilesystem:describeFileSystemPolicy", "elasticfilesystem:describeFileSystems", "elasticfilesystem:describeLifecycleConfiguration", "elasticfilesystem:describeMountTargets", "elasticfilesystem:describeMountTargetSecurityGroups", "elasticfilesystem:describeTags", "elasticfilesystem:listTagsForResource", "elasticloadbalancing:describeInstanceHealth", "elasticloadbalancing:describeListenerCertificates", "elasticloadbalancing:describeListeners", "elasticloadbalancing:describeLoadBalancerAttributes", "elasticloadbalancing:describeLoadBalancerPolicies", "elasticloadbalancing:describeLoadBalancerPolicyTypes", "elasticloadbalancing:describeLoadBalancers", "elasticloadbalancing:describeRules", "elasticloadbalancing:describeSSLPolicies", "elasticloadbalancing:describeTags", "elasticloadbalancing:describeTargetGroupAttributes", "elasticloadbalancing:describeTargetGroups", "elasticloadbalancing:describeTargetHealth", "elasticmapreduce:describeCluster", "elasticmapreduce:describeSecurityConfiguration", "elasticmapreduce:describeStep", "elasticmapreduce:listBootstrapActions", "elasticmapreduce:listClusters", "elasticmapreduce:listInstanceGroups", "elasticmapreduce:listInstances", "elasticmapreduce:listSecurityConfigurations", "elasticmapreduce:listSteps", "elastictranscoder:listJobsByPipeline", "elastictranscoder:listJobsByStatus", "elastictranscoder:listPipelines", "elastictranscoder:listPresets", "elastictranscoder:readPipeline", "elastictranscoder:readPreset", "es:describeElasticsearchDomain", "es:describeElasticsearchDomainConfig", "es:describeElasticsearchDomains", "es:listDomainNames", "es:listTags", "events:describeApiDestination", "events:describeEventBus", "events:describeEventSource", "events:describePartnerEventSource", "events:describeRule", "events:listApiDestinations", "events:listConnections", "events:listEventBuses", "events:listEventSources", "events:listPartnerEventSourceAccounts", "events:listPartnerEventSources", "events:listRuleNamesByTarget", "events:listRules", "events:listTargetsByRule", "events:testEventPattern", "firehose:describeDeliveryStream", "firehose:listDeliveryStreams", "fms:getAdminAccount", "fms:getComplianceDetail", "fms:getNotificationChannel", "fms:getPolicy", "fms:getProtectionStatus", "fms:listComplianceStatus", "fms:listMemberAccounts", "fms:listPolicies", "forecast:describeDataset", "forecast:describeDatasetGroup", "forecast:describeDatasetImportJob", "forecast:describeForecast", "forecast:describeForecastExportJob", "forecast:describePredictor", "forecast:getAccuracyMetrics", "forecast:listDatasetGroups", "forecast:listDatasetImportJobs", "forecast:listDatasets", "forecast:listForecastExportJobs", "forecast:listForecasts", "forecast:listPredictors", "fsx:describeBackups", "fsx:describeDataRepositoryTasks", "fsx:describeFileSystems", "fsx:listTagsForResource", "glacier:describeJob", "glacier:describeVault", "glacier:getDataRetrievalPolicy", "glacier:getVaultAccessPolicy", "glacier:getVaultLock", "glacier:getVaultNotifications", "glacier:listJobs", "glacier:listTagsForVault", "glacier:listVaults", "globalaccelerator:describeAccelerator", "globalaccelerator:describeAcceleratorAttributes", "globalaccelerator:describeEndpointGroup", "globalaccelerator:describeListener", "globalaccelerator:listAccelerators", "globalaccelerator:listEndpointGroups", "globalaccelerator:listListeners", "glue:batchGetPartition", "glue:checkSchemaVersionValidity", "glue:getCatalogImportStatus", "glue:getClassifier", "glue:getClassifiers", "glue:getCrawler", "glue:getCrawlerMetrics", "glue:getCrawlers", "glue:getDatabase", "glue:getDatabases", "glue:getDataflowGraph", "glue:getDevEndpoint", "glue:getDevEndpoints", "glue:getJob", "glue:getJobRun", "glue:getJobRuns", "glue:getJobs", "glue:getMapping", "glue:getPartition", "glue:getPartitions", "glue:getRegistry", "glue:getSchema", "glue:getSchemaByDefinition", "glue:getSchemaVersion", "glue:getSchemaVersionsDiff", "glue:getTable", "glue:getTables", "glue:getTableVersions", "glue:getTrigger", "glue:getTriggers", "glue:getUserDefinedFunction", "glue:getUserDefinedFunctions", "glue:listRegistries", "glue:listSchemas", "glue:listSchemaVersions", "glue:querySchemaVersionMetadata", "greengrass:getConnectivityInfo", "greengrass:getCoreDefinition", "greengrass:getCoreDefinitionVersion", "greengrass:getDeploymentStatus", "greengrass:getDeviceDefinition", "greengrass:getDeviceDefinitionVersion", "greengrass:getFunctionDefinition", "greengrass:getFunctionDefinitionVersion", "greengrass:getGroup", "greengrass:getGroupCertificateAuthority", "greengrass:getGroupVersion", "greengrass:getLoggerDefinition", "greengrass:getLoggerDefinitionVersion", "greengrass:getResourceDefinitionVersion", "greengrass:getServiceRoleForAccount", "greengrass:getSubscriptionDefinition", "greengrass:getSubscriptionDefinitionVersion", "greengrass:listCoreDefinitions", "greengrass:listCoreDefinitionVersions", "greengrass:listDeployments", "greengrass:listDeviceDefinitions", "greengrass:listDeviceDefinitionVersions", "greengrass:listFunctionDefinitions", "greengrass:listFunctionDefinitionVersions", "greengrass:listGroups", "greengrass:listGroupVersions", "greengrass:listLoggerDefinitions", "greengrass:listLoggerDefinitionVersions", "greengrass:listResourceDefinitions", "greengrass:listResourceDefinitionVersions", "greengrass:listSubscriptionDefinitions", "greengrass:listSubscriptionDefinitionVersions", "guardduty:getDetector", "guardduty:getFindings", "guardduty:getFindingsStatistics", "guardduty:getInvitationsCount", "guardduty:getIPSet", "guardduty:getMasterAccount", "guardduty:getMembers", "guardduty:getThreatIntelSet", "guardduty:listDetectors", "guardduty:listFindings", "guardduty:listInvitations", "guardduty:listIPSets", "guardduty:listMembers", "guardduty:listThreatIntelSets", "health:describeAffectedAccountsForOrganization", "health:describeAffectedEntities", "health:describeAffectedEntitiesForOrganization", "health:describeEntityAggregates", "health:describeEventAggregates", "health:describeEventDetails", "health:describeEventDetailsForOrganization", "health:describeEvents", "health:describeEventsForOrganization", "health:describeEventTypes", "health:describeHealthServiceStatusForOrganization", "iam:getAccessKeyLastUsed", "iam:getAccountAuthorizationDetails", "iam:getAccountPasswordPolicy", "iam:getAccountSummary", "iam:getContextKeysForCustomPolicy", "iam:getContextKeysForPrincipalPolicy", "iam:getCredentialReport", "iam:getGroup", "iam:getGroupPolicy", "iam:getInstanceProfile", "iam:getLoginProfile", "iam:getOpenIDConnectProvider", "iam:getPolicy", "iam:getPolicyVersion", "iam:getRole", "iam:getRolePolicy", "iam:getSAMLProvider", "iam:getServerCertificate", "iam:getSSHPublicKey", "iam:getUser", "iam:getUserPolicy", "iam:listAccessKeys", "iam:listAccountAliases", "iam:listAttachedGroupPolicies", "iam:listAttachedRolePolicies", "iam:listAttachedUserPolicies", "iam:listEntitiesForPolicy", "iam:listGroupPolicies", "iam:listGroups", "iam:listGroupsForUser", "iam:listInstanceProfiles", "iam:listInstanceProfilesForRole", "iam:listMFADevices", "iam:listOpenIDConnectProviders", "iam:listPolicies", "iam:listPolicyVersions", "iam:listRolePolicies", "iam:listRoles", "iam:listSAMLProviders", "iam:listServerCertificates", "iam:listSigningCertificates", "iam:listSSHPublicKeys", "iam:listUserPolicies", "iam:listUsers", "iam:listVirtualMFADevices", "iam:simulateCustomPolicy", "iam:simulatePrincipalPolicy", "imagebuilder:getComponent", "imagebuilder:getComponentPolicy", "imagebuilder:getContainerRecipe", "imagebuilder:getDistributionConfiguration", "imagebuilder:getImage", "imagebuilder:getImagePipeline", "imagebuilder:getImagePolicy", "imagebuilder:getImageRecipe", "imagebuilder:getImageRecipePolicy", "imagebuilder:getInfrastructureConfiguration", "imagebuilder:listComponentBuildVersions", "imagebuilder:listComponents", "imagebuilder:listContainerRecipes", "imagebuilder:listDistributionConfigurations", "imagebuilder:listImageBuildVersions", "imagebuilder:listImagePipelineImages", "imagebuilder:listImagePipelines", "imagebuilder:listImageRecipes", "imagebuilder:listImages", "imagebuilder:listInfrastructureConfigurations", "imagebuilder:listTagsForResource", "importexport:getStatus", "importexport:listJobs", "inspector:describeAssessmentRuns", "inspector:describeAssessmentTargets", "inspector:describeAssessmentTemplates", "inspector:describeCrossAccountAccessRole", "inspector:describeResourceGroups", "inspector:describeRulesPackages", "inspector:getTelemetryMetadata", "inspector:listAssessmentRunAgents", "inspector:listAssessmentRuns", "inspector:listAssessmentTargets", "inspector:listAssessmentTemplates", "inspector:listEventSubscriptions", "inspector:listRulesPackages", "inspector:listTagsForResource", "iot:describeAuthorizer", "iot:describeCACertificate", "iot:describeCertificate", "iot:describeDefaultAuthorizer", "iot:describeEndpoint", "iot:describeIndex", "iot:describeJobExecution", "iot:describeThing", "iot:describeThingGroup", "iot:describeTunnel", "iot:getEffectivePolicies", "iot:getIndexingConfiguration", "iot:getLoggingOptions", "iot:getPolicy", "iot:getPolicyVersion", "iot:getTopicRule", "iot:getV2LoggingOptions", "iot:listAttachedPolicies", "iot:listAuthorizers", "iot:listCACertificates", "iot:listCertificates", "iot:listCertificatesByCA", "iot:listJobExecutionsForJob", "iot:listJobExecutionsForThing", "iot:listJobs", "iot:listOutgoingCertificates", "iot:listPolicies", "iot:listPolicyPrincipals", "iot:listPolicyVersions", "iot:listPrincipalPolicies", "iot:listPrincipalThings", "iot:listRoleAliases", "iot:listTargetsForPolicy", "iot:listThingGroups", "iot:listThingGroupsForThing", "iot:listThingPrincipals", "iot:listThingRegistrationTasks", "iot:listThings", "iot:listThingTypes", "iot:listTopicRules", "iot:listTunnels", "iot:listV2LoggingLevels", "iotevents:describeDetector", "iotevents:describeDetectorModel", "iotevents:describeInput", "iotevents:describeLoggingOptions", "iotevents:listDetectorModels", "iotevents:listDetectorModelVersions", "iotevents:listDetectors", "iotevents:listInputs", "iotsitewise:describeAccessPolicy", "iotsitewise:describeAsset", "iotsitewise:describeAssetModel", "iotsitewise:describeAssetProperty", "iotsitewise:describeDashboard", "iotsitewise:describeGateway", "iotsitewise:describeGatewayCapabilityConfiguration", "iotsitewise:describeLoggingOptions", "iotsitewise:describePortal", "iotsitewise:describeProject", "iotsitewise:listAccessPolicies", "iotsitewise:listAssetModels", "iotsitewise:listAssets", "iotsitewise:listAssociatedAssets", "iotsitewise:listDashboards", "iotsitewise:listGateways", "iotsitewise:listPortals", "iotsitewise:listProjectAssets", "iotsitewise:listProjects", "iotwireless:getDestination", "iotwireless:getDeviceProfile", "iotwireless:getPartnerAccount", "iotwireless:getServiceEndpoint", "iotwireless:getServiceProfile", "iotwireless:getWirelessDevice", "iotwireless:getWirelessDeviceStatistics", "iotwireless:getWirelessGateway", "iotwireless:getWirelessGatewayCertificate", "iotwireless:getWirelessGatewayFirmwareInformation", "iotwireless:getWirelessGatewayStatistics", "iotwireless:getWirelessGatewayTask", "iotwireless:getWirelessGatewayTaskDefinition", "iotwireless:listDestinations", "iotwireless:listDeviceProfiles", "iotwireless:listPartnerAccounts", "iotwireless:listServiceProfiles", "iotwireless:listTagsForResource", "iotwireless:listWirelessDevices", "iotwireless:listWirelessGateways", "iotwireless:listWirelessGatewayTaskDefinitions", "kafka:describeCluster", "kafka:getBootstrapBrokers", "kafka:listClusters", "kafka:listNodes", "kendra:describeDataSource", "kendra:describeFaq", "kendra:describeIndex", "kendra:listDataSources", "kendra:listFaqs", "kendra:listIndices", "kinesis:describeStream", "kinesis:listStreams", "kinesis:listTagsForStream", "kinesisanalytics:describeApplication", "kinesisanalytics:describeApplicationSnapshot", "kinesisanalytics:listApplications", "kinesisanalytics:listApplicationSnapshots", "kms:describeKey", "kms:getKeyPolicy", "kms:getKeyRotationStatus", "kms:listAliases", "kms:listGrants", "kms:listKeyPolicies", "kms:listKeys", "kms:listResourceTags", "kms:listRetirableGrants", "lambda:getAccountSettings", "lambda:getAlias", "lambda:getEventSourceMapping", "lambda:getFunction", "lambda:getFunctionConcurrency", "lambda:getFunctionConfiguration", "lambda:getFunctionEventInvokeConfig", "lambda:getLayerVersion", "lambda:getLayerVersionPolicy", "lambda:getPolicy", "lambda:getProvisionedConcurrencyConfig", "lambda:listAliases", "lambda:listEventSourceMappings", "lambda:listFunctionEventInvokeConfigs", "lambda:listFunctions", "lambda:listLayers", "lambda:listLayerVersions", "lambda:listProvisionedConcurrencyConfigs", "lambda:listVersionsByFunction", "launchwizard:describeProvisionedApp", "launchwizard:describeProvisioningEvents", "launchwizard:listProvisionedApps", "lex:getBot", "lex:getBotAlias", "lex:getBotAliases", "lex:getBotChannelAssociation", "lex:getBotChannelAssociations", "lex:getBots", "lex:getBotVersions", "lex:getBuiltinIntent", "lex:getBuiltinIntents", "lex:getBuiltinSlotTypes", "lex:getIntent", "lex:getIntents", "lex:getIntentVersions", "lex:getSlotType", "lex:getSlotTypes", "lex:getSlotTypeVersions", "license-manager:getLicenseConfiguration", "license-manager:getServiceSettings", "license-manager:listAssociationsForLicenseConfiguration", "license-manager:listFailuresForLicenseConfigurationOperations", "license-manager:listLicenseConfigurations", "license-manager:listLicenseSpecificationsForResource", "license-manager:listResourceInventory", "license-manager:listUsageForLicenseConfiguration", "lightsail:getActiveNames", "lightsail:getAlarms", "lightsail:getAutoSnapshots", "lightsail:getBlueprints", "lightsail:getBundles", "lightsail:getCertificates", "lightsail:getContainerImages", "lightsail:getContainerServiceDeployments", "lightsail:getContainerServices", "lightsail:getDisk", "lightsail:getDisks", "lightsail:getDiskSnapshot", "lightsail:getDiskSnapshots", "lightsail:getDistributions", "lightsail:getDomain", "lightsail:getDomains", "lightsail:getExportSnapshotRecords", "lightsail:getInstance", "lightsail:getInstanceMetricData", "lightsail:getInstancePortStates", "lightsail:getInstances", "lightsail:getInstanceSnapshot", "lightsail:getInstanceSnapshots", "lightsail:getInstanceState", "lightsail:getKeyPair", "lightsail:getKeyPairs", "lightsail:getLoadBalancer", "lightsail:getLoadBalancers", "lightsail:getLoadBalancerTlsCertificates", "lightsail:getOperation", "lightsail:getOperations", "lightsail:getOperationsForResource", "lightsail:getRegions", "lightsail:getRelationalDatabase", "lightsail:getRelationalDatabases", "lightsail:getRelationalDatabaseSnapshot", "lightsail:getRelationalDatabaseSnapshots", "lightsail:getStaticIp", "lightsail:getStaticIps", "logs:describeDestinations", "logs:describeExportTasks", "logs:describeLogGroups", "logs:describeLogStreams", "logs:describeMetricFilters", "logs:describeQueries", "logs:describeSubscriptionFilters", "logs:testMetricFilter", "lookoutmetrics:describeAlert", "lookoutmetrics:describeAnomalyDetector", "lookoutmetrics:describeMetricSet", "lookoutmetrics:getAnomalyGroup", "lookoutmetrics:getDataQualityMetrics", "lookoutmetrics:getFeedback", "lookoutmetrics:listAlerts", "lookoutmetrics:listAnomalyDetectors", "lookoutmetrics:listAnomalyGroupSummaries", "lookoutmetrics:listMetricSets", "machinelearning:describeBatchPredictions", "machinelearning:describeDataSources", "machinelearning:describeEvaluations", "machinelearning:describeMLModels", "machinelearning:getBatchPrediction", "machinelearning:getDataSource", "machinelearning:getEvaluation", "machinelearning:getMLModel", "managedblockchain:getMember", "managedblockchain:getNetwork", "managedblockchain:getNode", "managedblockchain:listMembers", "managedblockchain:listNetworks", "managedblockchain:listNodes", "mediaconnect:describeFlow", "mediaconnect:listEntitlements", "mediaconnect:listFlows", "mediaconvert:describeEndpoints", "mediaconvert:getJob", "mediaconvert:getJobTemplate", "mediaconvert:getPreset", "mediaconvert:getQueue", "mediaconvert:listJobs", "mediaconvert:listJobTemplates", "medialive:describeChannel", "medialive:describeInput", "medialive:describeInputDevice", "medialive:describeInputSecurityGroup", "medialive:describeMultiplex", "medialive:describeOffering", "medialive:describeReservation", "medialive:describeSchedule", "medialive:listChannels", "medialive:listInputDevices", "medialive:listInputs", "medialive:listInputSecurityGroups", "medialive:listMultiplexes", "medialive:listOfferings", "medialive:listReservations", "mediapackage:describeChannel", "mediapackage:describeOriginEndpoint", "mediapackage:listChannels", "mediapackage:listOriginEndpoints", "mediastore:describeContainer", "mediastore:describeObject", "mediastore:getContainerPolicy", "mediastore:getCorsPolicy", "mediastore:listContainers", "mediastore:listItems", "mediatailor:getPlaybackConfiguration", "mediatailor:listPlaybackConfigurations", "mgn:describeJobLogItems", "mgn:describeJobs", "mgn:describeReplicationConfigurationTemplates", "mgn:describeSourceServers", "mgn:getLaunchConfiguration", "mgn:getReplicationConfiguration", "mobiletargeting:getAdmChannel", "mobiletargeting:getApnsChannel", "mobiletargeting:getApnsSandboxChannel", "mobiletargeting:getApnsVoipChannel", "mobiletargeting:getApnsVoipSandboxChannel", "mobiletargeting:getApp", "mobiletargeting:getApplicationSettings", "mobiletargeting:getApps", "mobiletargeting:getBaiduChannel", "mobiletargeting:getCampaign", "mobiletargeting:getCampaignActivities", "mobiletargeting:getCampaigns", "mobiletargeting:getCampaignVersion", "mobiletargeting:getCampaignVersions", "mobiletargeting:getEmailChannel", "mobiletargeting:getEndpoint", "mobiletargeting:getEventStream", "mobiletargeting:getExportJob", "mobiletargeting:getExportJobs", "mobiletargeting:getGcmChannel", "mobiletargeting:getImportJob", "mobiletargeting:getImportJobs", "mobiletargeting:getSegment", "mobiletargeting:getSegmentImportJobs", "mobiletargeting:getSegments", "mobiletargeting:getSegmentVersion", "mobiletargeting:getSegmentVersions", "mobiletargeting:getSmsChannel", "mq:describeBroker", "mq:describeConfiguration", "mq:describeConfigurationRevision", "mq:describeUser", "mq:listBrokers", "mq:listConfigurationRevisions", "mq:listConfigurations", "mq:listUsers", "network-firewall:describeFirewall", "network-firewall:describeFirewallPolicy", "network-firewall:describeLoggingConfiguration", "network-firewall:describeRuleGroup", "network-firewall:listFirewallPolicies", "network-firewall:listFirewalls", "network-firewall:listRuleGroups", "networkmanager:describeGlobalNetworks", "networkmanager:getCustomerGatewayAssociations", "networkmanager:getDevices", "networkmanager:getLinkAssociations", "networkmanager:getLinks", "networkmanager:getSites", "networkmanager:getTransitGatewayRegistrations", "opsworks-cm:describeAccountAttributes", "opsworks-cm:describeBackups", "opsworks-cm:describeEvents", "opsworks-cm:describeNodeAssociationStatus", "opsworks-cm:describeServers", "opsworks:describeAgentVersions", "opsworks:describeApps", "opsworks:describeCommands", "opsworks:describeDeployments", "opsworks:describeEcsClusters", "opsworks:describeElasticIps", "opsworks:describeElasticLoadBalancers", "opsworks:describeInstances", "opsworks:describeLayers", "opsworks:describeLoadBasedAutoScaling", "opsworks:describeMyUserProfile", "opsworks:describePermissions", "opsworks:describeRaidArrays", "opsworks:describeRdsDbInstances", "opsworks:describeServiceErrors", "opsworks:describeStackProvisioningParameters", "opsworks:describeStacks", "opsworks:describeStackSummary", "opsworks:describeTimeBasedAutoScaling", "opsworks:describeUserProfiles", "opsworks:describeVolumes", "opsworks:getHostnameSuggestion", "organizations:listAccounts", "outposts:getOutpost", "outposts:getOutpostInstanceTypes", "outposts:listOutposts", "outposts:listSites", "personalize:describeAlgorithm", "personalize:describeCampaign", "personalize:describeDataset", "personalize:describeDatasetGroup", "personalize:describeDatasetImportJob", "personalize:describeEventTracker", "personalize:describeFeatureTransformation", "personalize:describeRecipe", "personalize:describeSchema", "personalize:describeSolution", "personalize:describeSolutionVersion", "personalize:listCampaigns", "personalize:listDatasetGroups", "personalize:listDatasetImportJobs", "personalize:listDatasets", "personalize:listEventTrackers", "personalize:listRecipes", "personalize:listSchemas", "personalize:listSolutions", "personalize:listSolutionVersions", "polly:describeVoices", "polly:getLexicon", "polly:listLexicons", "pricing:describeServices", "pricing:getAttributeValues", "pricing:getProducts", "quicksight:describeDashboard", "quicksight:describeDashboardPermissions", "quicksight:describeGroup", "quicksight:describeIAMPolicyAssignment", "quicksight:describeTemplate", "quicksight:describeTemplateAlias", "quicksight:describeTemplatePermissions", "quicksight:describeUser", "quicksight:listDashboards", "quicksight:listGroupMemberships", "quicksight:listGroups", "quicksight:listIAMPolicyAssignments", "quicksight:listIAMPolicyAssignmentsForUser", "quicksight:listTemplateAliases", "quicksight:listTemplates", "quicksight:listTemplateVersions", "quicksight:listUserGroups", "quicksight:listUsers", "rds:describeAccountAttributes", "rds:describeCertificates", "rds:describeDBClusterParameterGroups", "rds:describeDBClusterParameters", "rds:describeDBClusters", "rds:describeDBClusterSnapshots", "rds:describeDBEngineVersions", "rds:describeDBInstances", "rds:describeDBParameterGroups", "rds:describeDBParameters", "rds:describeDBSecurityGroups", "rds:describeDBSnapshotAttributes", "rds:describeDBSnapshots", "rds:describeDBSubnetGroups", "rds:describeEngineDefaultClusterParameters", "rds:describeEngineDefaultParameters", "rds:describeEventCategories", "rds:describeEvents", "rds:describeEventSubscriptions", "rds:describeExportTasks", "rds:describeOptionGroupOptions", "rds:describeOptionGroups", "rds:describeOrderableDBInstanceOptions", "rds:describePendingMaintenanceActions", "rds:describeReservedDBInstances", "rds:describeReservedDBInstancesOfferings", "rds:listTagsForResource", "redshift:describeClusterParameterGroups", "redshift:describeClusterParameters", "redshift:describeClusters", "redshift:describeClusterSecurityGroups", "redshift:describeClusterSnapshots", "redshift:describeClusterSubnetGroups", "redshift:describeClusterVersions", "redshift:describeDefaultClusterParameters", "redshift:describeEventCategories", "redshift:describeEvents", "redshift:describeEventSubscriptions", "redshift:describeHsmClientCertificates", "redshift:describeHsmConfigurations", "redshift:describeLoggingStatus", "redshift:describeOrderableClusterOptions", "redshift:describeReservedNodeOfferings", "redshift:describeReservedNodes", "redshift:describeResize", "redshift:describeSnapshotCopyGrants", "redshift:describeStorage", "redshift:describeTableRestoreStatus", "redshift:describeTags", "redshift-data:describeStatement", "redshift-data:listStatements", "rekognition:listCollections", "rekognition:listFaces", "resource-groups:getGroup", "resource-groups:getGroupQuery", "resource-groups:getTags", "resource-groups:listGroupResources", "resource-groups:listGroups", "resource-groups:searchResources", "robomaker:batchDescribeSimulationJob", "robomaker:describeDeploymentJob", "robomaker:describeFleet", "robomaker:describeRobot", "robomaker:describeRobotApplication", "robomaker:describeSimulationApplication", "robomaker:describeSimulationJob", "robomaker:listDeploymentJobs", "robomaker:listFleets", "robomaker:listRobotApplications", "robomaker:listRobots", "robomaker:listSimulationApplications", "robomaker:listSimulationJobs", "route53:getChange", "route53:getCheckerIpRanges", "route53:getGeoLocation", "route53:getHealthCheck", "route53:getHealthCheckCount", "route53:getHealthCheckLastFailureReason", "route53:getHealthCheckStatus", "route53:getHostedZone", "route53:getHostedZoneCount", "route53:getReusableDelegationSet", "route53:getTrafficPolicy", "route53:getTrafficPolicyInstance", "route53:getTrafficPolicyInstanceCount", "route53:listGeoLocations", "route53:listHealthChecks", "route53:listHostedZones", "route53:listHostedZonesByName", "route53:listResourceRecordSets", "route53:listReusableDelegationSets", "route53:listTagsForResource", "route53:listTagsForResources", "route53:listTrafficPolicies", "route53:listTrafficPolicyInstances", "route53:listTrafficPolicyInstancesByHostedZone", "route53:listTrafficPolicyInstancesByPolicy", "route53:listTrafficPolicyVersions", "route53domains:checkDomainAvailability", "route53domains:getContactReachabilityStatus", "route53domains:getDomainDetail", "route53domains:getOperationDetail", "route53domains:listDomains", "route53domains:listOperations", "route53domains:listTagsForDomain", "route53domains:viewBilling", "route53resolver:getFirewallConfig", "route53resolver:getFirewallDomainList", "route53resolver:getFirewallRuleGroup", "route53resolver:getFirewallRuleGroupAssociation", "route53resolver:getResolverDnssecConfig", "route53resolver:getResolverRulePolicy", "route53resolver:listFirewallConfigs", "route53resolver:listFirewallDomainLists", "route53resolver:listFirewallDomains", "route53resolver:listFirewallRuleGroupAssociations", "route53resolver:listFirewallRuleGroups", "route53resolver:listFirewallRules", "route53resolver:listResolverDnssecConfigs", "route53resolver:listResolverEndpointIpAddresses", "route53resolver:listResolverEndpoints", "route53resolver:listResolverRuleAssociations", "route53resolver:listResolverRules", "route53resolver:listTagsForResource", "s3:getAccelerateConfiguration", "s3:getAccessPointConfigurationForObjectLambda", "s3:getAccessPointForObjectLambda", "s3:getAccessPointPolicyStatusForObjectLambda", "s3:getAnalyticsConfiguration", "s3:getBucketAcl", "s3:getBucketCORS", "s3:getBucketLocation", "s3:getBucketLogging", "s3:getBucketNotification", "s3:getBucketPolicy", "s3:getBucketRequestPayment", "s3:getBucketTagging", "s3:getBucketVersioning", "s3:getBucketWebsite", "s3:getEncryptionConfiguration", "s3:getInventoryConfiguration", "s3:getLifecycleConfiguration", "s3:getMetricsConfiguration", "s3:getReplicationConfiguration", "s3:listAccessPointsForObjectLambda", "s3:listAllMyBuckets", "s3:listBucket", "s3:listBucketMultipartUploads", "sagemaker:describeAction", "sagemaker:describeAlgorithm", "sagemaker:describeApp", "sagemaker:describeArtifact", "sagemaker:describeAutoMLJob", "sagemaker:describeCompilationJob", "sagemaker:describeContext", "sagemaker:describeDataQualityJobDefinition", "sagemaker:describeDevice", "sagemaker:describeDeviceFleet", "sagemaker:describeDomain", "sagemaker:describeEdgePackagingJob", "sagemaker:describeEndpoint", "sagemaker:describeEndpointConfig", "sagemaker:describeExperiment", "sagemaker:describeFeatureGroup", "sagemaker:describeHumanTaskUi", "sagemaker:describeHyperParameterTuningJob", "sagemaker:describeImage", "sagemaker:describeImageVersion", "sagemaker:describeLabelingJob", "sagemaker:describeModel", "sagemaker:describeModelBiasJobDefinition", "sagemaker:describeModelExplainabilityJobDefinition", "sagemaker:describeModelPackage", "sagemaker:describeModelPackageGroup", "sagemaker:describeModelQualityJobDefinition", "sagemaker:describeMonitoringSchedule", "sagemaker:describeNotebookInstance", "sagemaker:describeNotebookInstanceLifecycleConfig", "sagemaker:describePipeline", "sagemaker:describePipelineDefinitionForExecution", "sagemaker:describePipelineExecution", "sagemaker:describeProcessingJob", "sagemaker:describeProject", "sagemaker:describeSubscribedWorkteam", "sagemaker:describeTrainingJob", "sagemaker:describeTransformJob", "sagemaker:describeTrial", "sagemaker:describeTrialComponent", "sagemaker:describeUserProfile", "sagemaker:describeWorkteam", "sagemaker:listActions", "sagemaker:listAlgorithms", "sagemaker:listApps", "sagemaker:listArtifacts", "sagemaker:listAssociations", "sagemaker:listAutoMLJobs", "sagemaker:listCandidatesForAutoMLJob", "sagemaker:listCodeRepositories", "sagemaker:listCompilationJobs", "sagemaker:listContexts", "sagemaker:listDataQualityJobDefinitions", "sagemaker:listDeviceFleets", "sagemaker:listDevices", "sagemaker:listDomains", "sagemaker:listEdgePackagingJobs", "sagemaker:listEndpointConfigs", "sagemaker:listEndpoints", "sagemaker:listExperiments", "sagemaker:listFeatureGroups", "sagemaker:listFlowDefinitions", "sagemaker:listHumanTaskUis", "sagemaker:listHyperParameterTuningJobs", "sagemaker:listImages", "sagemaker:listImageVersions", "sagemaker:listLabelingJobs", "sagemaker:listLabelingJobsForWorkteam", "sagemaker:listModelBiasJobDefinitions", "sagemaker:listModelExplainabilityJobDefinitions", "sagemaker:listModelPackageGroups", "sagemaker:listModelPackages", "sagemaker:listModelQualityJobDefinitions", "sagemaker:listModels", "sagemaker:listMonitoringExecutions", "sagemaker:listMonitoringSchedules", "sagemaker:listNotebookInstanceLifecycleConfigs", "sagemaker:listNotebookInstances", "sagemaker:listPipelineExecutions", "sagemaker:listPipelineExecutionSteps", "sagemaker:listPipelineParametersForExecution", "sagemaker:listPipelines", "sagemaker:listProcessingJobs", "sagemaker:listProjects", "sagemaker:listSubscribedWorkteams", "sagemaker:listTags", "sagemaker:listTrainingJobs", "sagemaker:listTrainingJobsForHyperParameterTuningJob", "sagemaker:listTransformJobs", "sagemaker:listTrialComponents", "sagemaker:listTrials", "sagemaker:listUserProfiles", "sagemaker:listWorkteams", "sdb:domainMetadata", "sdb:listDomains", "secretsmanager:describeSecret", "secretsmanager:getResourcePolicy", "secretsmanager:listSecrets", "secretsmanager:listSecretVersionIds", "securityhub:getEnabledStandards", "securityhub:getFindings", "securityhub:getInsightResults", "securityhub:getInsights", "securityhub:getMasterAccount", "securityhub:getMembers", "securityhub:listEnabledProductsForImport", "securityhub:listInvitations", "securityhub:listMembers", "servicecatalog:describeConstraint", "servicecatalog:describePortfolio", "servicecatalog:describeProduct", "servicecatalog:describeProductAsAdmin", "servicecatalog:describeProductView", "servicecatalog:describeProvisioningArtifact", "servicecatalog:describeProvisioningParameters", "servicecatalog:describeRecord", "servicecatalog:listAcceptedPortfolioShares", "servicecatalog:listConstraintsForPortfolio", "servicecatalog:listLaunchPaths", "servicecatalog:listPortfolioAccess", "servicecatalog:listPortfolios", "servicecatalog:listPortfoliosForProduct", "servicecatalog:listPrincipalsForPortfolio", "servicecatalog:listProvisioningArtifacts", "servicecatalog:listRecordHistory", "servicecatalog:scanProvisionedProducts", "servicecatalog:searchProducts", "servicequotas:getAssociationForServiceQuotaTemplate", "servicequotas:getAWSDefaultServiceQuota", "servicequotas:getRequestedServiceQuotaChange", "servicequotas:getServiceQuota", "servicequotas:getServiceQuotaIncreaseRequestFromTemplate", "servicequotas:listAWSDefaultServiceQuotas", "servicequotas:listRequestedServiceQuotaChangeHistory", "servicequotas:listRequestedServiceQuotaChangeHistoryByQuota", "servicequotas:listServiceQuotaIncreaseRequestsInTemplate", "servicequotas:listServiceQuotas", "servicequotas:listServices", "ses:describeActiveReceiptRuleSet", "ses:describeReceiptRule", "ses:describeReceiptRuleSet", "ses:getAccount", "ses:getBlacklistReports", "ses:getConfigurationSet", "ses:getConfigurationSetEventDestinations", "ses:getDedicatedIp", "ses:getDedicatedIps", "ses:getDeliverabilityDashboardOptions", "ses:getDeliverabilityTestReport", "ses:getDomainDeliverabilityCampaign", "ses:getDomainStatisticsReport", "ses:getEmailIdentity", "ses:getIdentityDkimAttributes", "ses:getIdentityMailFromDomainAttributes", "ses:getIdentityNotificationAttributes", "ses:getIdentityPolicies", "ses:getIdentityVerificationAttributes", "ses:getSendQuota", "ses:getSendStatistics", "ses:listConfigurationSets", "ses:listDedicatedIpPools", "ses:listDeliverabilityTestReports", "ses:listDomainDeliverabilityCampaigns", "ses:listEmailIdentities", "ses:listIdentities", "ses:listIdentityPolicies", "ses:listReceiptFilters", "ses:listReceiptRuleSets", "ses:listTagsForResource", "ses:listVerifiedEmailAddresses", "shield:describeAttack", "shield:describeProtection", "shield:describeSubscription", "shield:listAttacks", "shield:listProtections", "sms-voice:getConfigurationSetEventDestinations", "sms:getConnectors", "sms:getReplicationJobs", "sms:getReplicationRuns", "sms:getServers", "snowball:describeAddress", "snowball:describeAddresses", "snowball:describeJob", "snowball:getSnowballUsage", "snowball:listJobs", "sns:checkIfPhoneNumberIsOptedOut", "sns:getEndpointAttributes", "sns:getPlatformApplicationAttributes", "sns:getSMSAttributes", "sns:getSubscriptionAttributes", "sns:getTopicAttributes", "sns:listEndpointsByPlatformApplication", "sns:listPhoneNumbersOptedOut", "sns:listPlatformApplications", "sns:listSubscriptions", "sns:listSubscriptionsByTopic", "sns:listTopics", "sqs:getQueueAttributes", "sqs:getQueueUrl", "sqs:listDeadLetterSourceQueues", "sqs:listQueues", "ssm:describeActivations", "ssm:describeAssociation", "ssm:describeAssociationExecutions", "ssm:describeAssociationExecutionTargets", "ssm:describeAutomationExecutions", "ssm:describeAutomationStepExecutions", "ssm:describeAvailablePatches", "ssm:describeDocument", "ssm:describeDocumentPermission", "ssm:describeEffectiveInstanceAssociations", "ssm:describeEffectivePatchesForPatchBaseline", "ssm:describeInstanceAssociationsStatus", "ssm:describeInstanceInformation", "ssm:describeInstancePatches", "ssm:describeInstancePatchStates", "ssm:describeInstancePatchStatesForPatchGroup", "ssm:describeInventoryDeletions", "ssm:describeMaintenanceWindowExecutions", "ssm:describeMaintenanceWindowExecutionTaskInvocations", "ssm:describeMaintenanceWindowExecutionTasks", "ssm:describeMaintenanceWindows", "ssm:describeMaintenanceWindowSchedule", "ssm:describeMaintenanceWindowsForTarget", "ssm:describeMaintenanceWindowTargets", "ssm:describeMaintenanceWindowTasks", "ssm:describeOpsItems", "ssm:describeParameters", "ssm:describePatchBaselines", "ssm:describePatchGroups", "ssm:describePatchGroupState", "ssm:describePatchProperties", "ssm:describeSessions", "ssm:getAutomationExecution", "ssm:getCommandInvocation", "ssm:getConnectionStatus", "ssm:getDefaultPatchBaseline", "ssm:getDeployablePatchSnapshotForInstance", "ssm:getInventorySchema", "ssm:getMaintenanceWindow", "ssm:getMaintenanceWindowExecution", "ssm:getMaintenanceWindowExecutionTask", "ssm:getMaintenanceWindowExecutionTaskInvocation", "ssm:getMaintenanceWindowTask", "ssm:getOpsItem", "ssm:getPatchBaseline", "ssm:getPatchBaselineForPatchGroup", "ssm:getServiceSetting", "ssm:labelParameterVersion", "ssm:listAssociations", "ssm:listAssociationVersions", "ssm:listCommandInvocations", "ssm:listCommands", "ssm:listComplianceItems", "ssm:listComplianceSummaries", "ssm:listDocuments", "ssm:listDocumentVersions", "ssm:listOpsItemEvents", "ssm:listResourceComplianceSummaries", "ssm:listResourceDataSync", "ssm:listTagsForResource", "states:describeActivity", "states:describeExecution", "states:describeStateMachine", "states:describeStateMachineForExecution", "states:getExecutionHistory", "states:listActivities", "states:listExecutions", "states:listStateMachines", "storagegateway:describeBandwidthRateLimit", "storagegateway:describeCache", "storagegateway:describeCachediSCSIVolumes", "storagegateway:describeGatewayInformation", "storagegateway:describeMaintenanceStartTime", "storagegateway:describeNFSFileShares", "storagegateway:describeSMBFileShares", "storagegateway:describeSMBSettings", "storagegateway:describeSnapshotSchedule", "storagegateway:describeStorediSCSIVolumes", "storagegateway:describeTapeArchives", "storagegateway:describeTapeRecoveryPoints", "storagegateway:describeTapes", "storagegateway:describeUploadBuffer", "storagegateway:describeVTLDevices", "storagegateway:describeWorkingStorage", "storagegateway:listFileShares", "storagegateway:listGateways", "storagegateway:listLocalDisks", "storagegateway:listTagsForResource", "storagegateway:listTapes", "storagegateway:listVolumeInitiators", "storagegateway:listVolumeRecoveryPoints", "storagegateway:listVolumes", "swf:countClosedWorkflowExecutions", "swf:countOpenWorkflowExecutions", "swf:countPendingActivityTasks", "swf:countPendingDecisionTasks", "swf:describeActivityType", "swf:describeDomain", "swf:describeWorkflowExecution", "swf:describeWorkflowType", "swf:getWorkflowExecutionHistory", "swf:listActivityTypes", "swf:listClosedWorkflowExecutions", "swf:listDomains", "swf:listOpenWorkflowExecutions", "swf:listWorkflowTypes", "synthetics:describeCanaries", "synthetics:describeCanariesLastRun", "synthetics:describeRuntimeVersions", "synthetics:getCanary", "synthetics:getCanaryRuns", "transfer:describeServer", "transfer:describeUser", "transfer:listServers", "transfer:listTagsForResource", "transfer:listUsers", "waf-regional:getByteMatchSet", "waf-regional:getChangeTokenStatus", "waf-regional:getIPSet", "waf-regional:getRule", "waf-regional:getSqlInjectionMatchSet", "waf-regional:getWebACL", "waf-regional:getWebACLForResource", "waf-regional:listByteMatchSets", "waf-regional:listIPSets", "waf-regional:listResourcesForWebACL", "waf-regional:listRules", "waf-regional:listSqlInjectionMatchSets", "waf-regional:listWebACLs", "waf:getByteMatchSet", "waf:getChangeTokenStatus", "waf:getIPSet", "waf:getRule", "waf:getSampledRequests", "waf:getSizeConstraintSet", "waf:getSqlInjectionMatchSet", "waf:getWebACL", "waf:getXssMatchSet", "waf:listByteMatchSets", "waf:listIPSets", "waf:listRules", "waf:listSizeConstraintSets", "waf:listSqlInjectionMatchSets", "waf:listWebACLs", "waf:listXssMatchSets", "wafv2:checkCapacity", "wafv2:describeManagedRuleGroup", "wafv2:getIPSet", "wafv2:getLoggingConfiguration", "wafv2:getPermissionPolicy", "wafv2:getRateBasedStatementManagedKeys", "wafv2:getRegexPatternSet", "wafv2:getRuleGroup", "wafv2:getSampledRequests", "wafv2:getWebACL", "wafv2:getWebACLForResource", "wafv2:listAvailableManagedRuleGroups", "wafv2:listIPSets", "wafv2:listLoggingConfigurations", "wafv2:listRegexPatternSets", "wafv2:listResourcesForWebACL", "wafv2:listRuleGroups", "wafv2:listTagsForResource", "wafv2:listWebACLs", "workdocs:checkAlias", "workdocs:describeAvailableDirectories", "workdocs:describeInstances", "worklink:describeAuditStreamConfiguration", "worklink:describeCompanyNetworkConfiguration", "worklink:describeDevice", "worklink:describeDevicePolicyConfiguration", "worklink:describeDomain", "worklink:describeFleetMetadata", "worklink:describeIdentityProviderConfiguration", "worklink:describeWebsiteCertificateAuthority", "worklink:listDevices", "worklink:listDomains", "worklink:listFleets", "worklink:listWebsiteAuthorizationProviders", "worklink:listWebsiteCertificateAuthorities", "workmail:describeGroup", "workmail:describeOrganization", "workmail:describeResource", "workmail:describeUser", "workmail:listAliases", "workmail:listGroupMembers", "workmail:listGroups", "workmail:listMailboxPermissions", "workmail:listOrganizations", "workmail:listResourceDelegates", "workmail:listResources", "workmail:listUsers", "workspaces:describeAccount", "workspaces:describeAccountModifications", "workspaces:describeIpGroups", "workspaces:describeTags", "workspaces:describeWorkspaceBundles", "workspaces:describeWorkspaceDirectories", "workspaces:describeWorkspaceImages", "workspaces:describeWorkspaces", "workspaces:describeWorkspacesConnectionStatus" ], "Effect": "Allow", "Resource": [ "*" ] } ], "Version": "2012-10-17" }, "VersionId": "v16" }, "AWSSystemsManagerAccountDiscoveryServicePolicy": { "PolicyName": "AWSSystemsManagerAccountDiscoveryServicePolicy", "PolicyId": "ANPAZKAPJZG4BPDSHIWK5", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerAccountDiscoveryServicePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-10-24T17:21:05+00:00", "UpdateDate": "2020-05-27T18:04:51+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListChildren", "organizations:ListParents", "organizations:ListDelegatedServicesForAccount", "organizations:ListDelegatedAdministrators" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AWSSystemsManagerChangeManagementServicePolicy": { "PolicyName": "AWSSystemsManagerChangeManagementServicePolicy", "PolicyId": "ANPAZKAPJZG4MZTL6DXTC", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerChangeManagementServicePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-07T22:21:57+00:00", "UpdateDate": "2020-12-07T22:21:57+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ssm:CreateAssociation", "ssm:DeleteAssociation", "ssm:CreateOpsItem", "ssm:GetOpsItem", "ssm:UpdateOpsItem", "ssm:StartAutomationExecution", "ssm:StopAutomationExecution", "ssm:GetAutomationExecution", "ssm:GetCalendarState", "ssm:GetDocument" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "cloudwatch:DescribeAlarms" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "sso:ListDirectoryAssociations" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "sso-directory:DescribeUsers", "sso-directory:IsMemberInGroup" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": "iam:GetGroup", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": [ "ssm.amazonaws.com" ] } } } ] }, "VersionId": "v1" }, "AWSSystemsManagerOpsDataSyncServiceRolePolicy": { "PolicyName": "AWSSystemsManagerOpsDataSyncServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4FUXS4O2QJ", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSSystemsManagerOpsDataSyncServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-04-26T20:42:39+00:00", "UpdateDate": "2021-04-26T20:42:39+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ssm:GetOpsItem", "ssm:UpdateOpsItem" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/ExplorerSecurityHubOpsItem": "true" } } }, { "Effect": "Allow", "Action": [ "ssm:CreateOpsItem" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ssm:AddTagsToResource" ], "Resource": "arn:aws:ssm:*:*:opsitem/*" }, { "Effect": "Allow", "Action": [ "ssm:UpdateServiceSetting", "ssm:GetServiceSetting" ], "Resource": [ "arn:aws:ssm:*:*:servicesetting/ssm/opsitem/*", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/*" ] }, { "Effect": "Allow", "Action": [ "securityhub:GetFindings", "securityhub:BatchUpdateFindings" ], "Resource": [ "*" ] }, { "Effect": "Deny", "Action": "securityhub:BatchUpdateFindings", "Resource": "*", "Condition": { "StringEquals": { "securityhub:ASFFSyntaxPath/Workflow.Status": "SUPPRESSED" }, "Null": { "securityhub:ASFFSyntaxPath/Confidence": false, "securityhub:ASFFSyntaxPath/Criticality": false, "securityhub:ASFFSyntaxPath/Note": false, "securityhub:ASFFSyntaxPath/RelatedFindings": false, "securityhub:ASFFSyntaxPath/Types": false, "securityhub:ASFFSyntaxPath/UserDefinedFields": false, "securityhub:ASFFSyntaxPath/VerificationState": false } } } ] }, "VersionId": "v1" }, "AWSThinkboxAWSPortalAdminPolicy": { "PolicyName": "AWSThinkboxAWSPortalAdminPolicy", "PolicyId": "ANPAZKAPJZG4BVM3T5TP2", "Arn": "arn:aws:iam::aws:policy/AWSThinkboxAWSPortalAdminPolicy", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-05-27T19:41:02+00:00", "UpdateDate": "2020-08-20T17:16:03+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AttachInternetGateway", "ec2:AssociateAddress", "ec2:AssociateRouteTable", "ec2:AllocateAddress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateFleet", "ec2:CreateLaunchTemplate", "ec2:CreateInternetGateway", "ec2:CreateNatGateway", "ec2:CreatePlacementGroup", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:DescribeAvailabilityZones", "ec2:DescribeAddresses", "ec2:DescribeFleets", "ec2:DescribeFleetHistory", "ec2:DescribeFleetInstances", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeLaunchTemplates", "ec2:DescribeRouteTables", "ec2:DescribeNatGateways", "ec2:DescribeTags", "ec2:DescribeKeyPairs", "ec2:DescribePlacementGroups", "ec2:DescribeInstanceTypeOfferings", "ec2:DescribeRegions", "ec2:DescribeSpotFleetRequestHistory", "ec2:DescribeSecurityGroups", "ec2:DescribeSpotFleetInstances", "ec2:DescribeSpotFleetRequests", "ec2:DescribeSpotPriceHistory", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcEndpoints", "ec2:GetConsoleOutput", "ec2:ImportKeyPair", "ec2:ReleaseAddress", "ec2:RequestSpotFleet", "ec2:CancelSpotFleetRequests", "ec2:DisassociateAddress", "ec2:DeleteFleets", "ec2:DeleteLaunchTemplate", "ec2:DeleteVpc", "ec2:DeletePlacementGroup", "ec2:DeleteVpcEndpoints", "ec2:DeleteInternetGateway", "ec2:DeleteSecurityGroup", "ec2:RevokeSecurityGroupIngress", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DisassociateRouteTable", "ec2:DeleteSubnet", "ec2:DeleteNatGateway", "ec2:DetachInternetGateway", "ec2:ModifyInstanceAttribute", "ec2:ModifyFleet", "ec2:ModifySpotFleetRequest", "ec2:ModifyVpcAttribute" ], "Resource": "*" }, { "Effect": "Allow", "Action": "ec2:RunInstances", "Resource": [ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:key-pair/*", "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*:*:launch-template/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:placement-group/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*::image/*" ] }, { "Effect": "Allow", "Action": "ec2:RunInstances", "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "StringLike": { "ec2:InstanceProfile": "arn:aws:iam::*:instance-profile/AWSPortal*" } } }, { "Effect": "Allow", "Action": "ec2:TerminateInstances", "Resource": "*", "Condition": { "StringEquals": { "ec2:ResourceTag/aws:cloudformation:logical-id": "ReverseForwarder" } } }, { "Effect": "Allow", "Action": "ec2:TerminateInstances", "Resource": "*", "Condition": { "StringLike": { "ec2:ResourceTag/aws:ec2spot:fleet-request-id": "*" } } }, { "Effect": "Allow", "Action": "ec2:TerminateInstances", "Resource": "*", "Condition": { "StringLike": { "ec2:PlacementGroup": "*DeadlinePlacementGroup*" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "StringLike": { "ec2:PlacementGroup": "*DeadlinePlacementGroup*" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": "*", "Condition": { "StringLike": { "ec2:CreateAction": "RunInstances" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateTags", "ec2:DeleteTags" ], "Resource": [ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:internet-gateway/*", "arn:aws:ec2:*:*:route-table/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:vpc/*", "arn:aws:ec2:*:*:natgateway/*" ] }, { "Effect": "Allow", "Action": [ "iam:GetUser" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:GetInstanceProfile" ], "Resource": [ "arn:aws:iam::*:instance-profile/AWSPortal*" ] }, { "Effect": "Allow", "Action": [ "iam:GetPolicy", "iam:ListEntitiesForPolicy", "iam:ListPolicyVersions" ], "Resource": [ "arn:aws:iam::*:policy/AWSPortal*" ] }, { "Effect": "Allow", "Action": [ "iam:GetRole", "iam:GetRolePolicy" ], "Resource": [ "arn:aws:iam::*:role/AWSPortal*", "arn:aws:iam::*:role/DeadlineSpot*" ] }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/AWSPortal*", "arn:aws:iam::*:role/DeadlineSpot*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "ec2.amazonaws.com", "ec2fleet.amazonaws.com", "spot.amazonaws.com", "spotfleet.amazonaws.com", "cloudformation.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/*", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "ec2fleet.amazonaws.com", "spot.amazonaws.com", "spotfleet.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketVersioning", "s3:PutBucketAcl", "s3:PutBucketCORS", "s3:PutBucketVersioning", "s3:GetBucketAcl", "s3:GetObject", "s3:PutBucketLogging", "s3:PutBucketTagging", "s3:PutObject", "s3:ListBucket", "s3:ListBucketVersions", "s3:PutEncryptionConfiguration", "s3:PutLifecycleConfiguration", "s3:DeleteBucket", "s3:DeleteObject", "s3:DeleteBucketPolicy", "s3:DeleteObjectVersion" ], "Resource": [ "arn:aws:s3::*:awsportal*", "arn:aws:s3::*:stack*", "arn:aws:s3::*:aws-portal-cache*", "arn:aws:s3::*:logs-for-aws-portal-cache*", "arn:aws:s3::*:logs-for-stack*" ] }, { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "dynamodb:Scan" ], "Resource": "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" }, { "Effect": "Allow", "Action": [ "cloudformation:CreateStack", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResources", "cloudformation:DeleteStack", "cloudformation:DeleteChangeSet", "cloudformation:ListStackResources", "cloudformation:CreateChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:ExecuteChangeSet", "cloudformation:UpdateTerminationProtection" ], "Resource": [ "arn:aws:cloudformation:*:*:stack/stack*/*", "arn:aws:cloudformation:*:*:stack/Deadline*/*" ] }, { "Effect": "Allow", "Action": [ "cloudformation:EstimateTemplateCost", "cloudformation:DescribeStacks" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "logs:DescribeLogStreams", "logs:GetLogEvents", "logs:PutRetentionPolicy", "logs:DeleteRetentionPolicy" ], "Resource": "arn:aws:logs:*:*:log-group:/thinkbox*" }, { "Effect": "Allow", "Action": [ "logs:DescribeLogGroups", "logs:CreateLogGroup" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:Encrypt", "kms:GenerateDataKey" ], "Resource": [ "*" ], "Condition": { "StringLike": { "kms:ViaService": [ "s3.*.amazonaws.com", "secretsmanager.*.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "secretsmanager:CreateSecret" ], "Resource": "*", "Condition": { "StringLike": { "secretsmanager:Name": [ "rcs-tls-pw*" ] } } }, { "Effect": "Allow", "Action": [ "secretsmanager:DeleteSecret", "secretsmanager:UpdateSecret", "secretsmanager:DescribeSecret", "secretsmanager:TagResource" ], "Resource": "arn:aws:secretsmanager:*:*:secret:rcs-tls-pw*" } ] }, "VersionId": "v4" }, "AWSThinkboxAWSPortalGatewayPolicy": { "PolicyName": "AWSThinkboxAWSPortalGatewayPolicy", "PolicyId": "ANPAZKAPJZG4FP27FM4BH", "Arn": "arn:aws:iam::aws:policy/AWSThinkboxAWSPortalGatewayPolicy", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-05-27T19:05:00+00:00", "UpdateDate": "2020-06-30T16:02:07+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:PutLogEvents", "logs:DescribeLogStreams", "logs:DescribeLogGroups", "logs:CreateLogStream" ], "Resource": [ "arn:aws:logs:*:*:log-group:/thinkbox*" ] }, { "Effect": "Allow", "Action": [ "logs:CreateLogGroup" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::aws-portal-cache*" ] }, { "Effect": "Allow", "Action": "dynamodb:Scan", "Resource": [ "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::stack*" ] }, { "Effect": "Allow", "Action": [ "s3:PutObject" ], "Resource": [ "arn:aws:s3:::stack*/gateway_certs/*" ] }, { "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue" ], "Resource": [ "arn:aws:secretsmanager:*:*:secret:rcs-tls-pw-stack*" ] } ] }, "VersionId": "v2" }, "AWSThinkboxAWSPortalWorkerPolicy": { "PolicyName": "AWSThinkboxAWSPortalWorkerPolicy", "PolicyId": "ANPAZKAPJZG4PI3G53MMS", "Arn": "arn:aws:iam::aws:policy/AWSThinkboxAWSPortalWorkerPolicy", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-05-27T19:15:05+00:00", "UpdateDate": "2020-12-07T23:27:47+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeTags" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ec2:TerminateInstances" ], "Resource": [ "arn:aws:ec2:*:*:instance/*" ], "Condition": { "StringEquals": { "ec2:ResourceTag/DeadlineRole": "DeadlineRenderNode" } } }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::aws-portal-cache*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::stack*/gateway_certs/*" ] }, { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams", "logs:DescribeLogGroups" ], "Resource": [ "arn:aws:logs:*:*:log-group:/thinkbox*" ] }, { "Effect": "Allow", "Action": [ "logs:CreateLogGroup" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "sqs:SendMessage", "sqs:GetQueueUrl" ], "Resource": [ "arn:aws:sqs:*:*:DeadlineAWS*" ] } ] }, "VersionId": "v4" }, "AWSThinkboxAssetServerPolicy": { "PolicyName": "AWSThinkboxAssetServerPolicy", "PolicyId": "ANPAZKAPJZG4KDWZE3HCT", "Arn": "arn:aws:iam::aws:policy/AWSThinkboxAssetServerPolicy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-05-27T19:18:53+00:00", "UpdateDate": "2020-05-27T19:18:53+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:GetLogEvents" ], "Resource": [ "arn:aws:logs:*:*:log-group:/thinkbox*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::aws-portal-cache*" ] } ] }, "VersionId": "v1" }, "AWSThinkboxDeadlineResourceTrackerAccessPolicy": { "PolicyName": "AWSThinkboxDeadlineResourceTrackerAccessPolicy", "PolicyId": "ANPAZKAPJZG4OUKJ73IOS", "Arn": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineResourceTrackerAccessPolicy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-05-27T19:25:05+00:00", "UpdateDate": "2020-05-27T19:25:05+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:ListStreams" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "dynamodb:BatchWriteItem", "dynamodb:DeleteItem", "dynamodb:DescribeStream", "dynamodb:DescribeTable", "dynamodb:GetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:PutItem", "dynamodb:Scan", "dynamodb:UpdateItem", "dynamodb:UpdateTable" ], "Resource": [ "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeHealth*", "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeInfo*", "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" ] }, { "Effect": "Allow", "Action": [ "ec2:CancelSpotFleetRequests", "ec2:DeleteFleets", "ec2:DescribeFleetInstances", "ec2:DescribeFleets", "ec2:DescribeInstances", "ec2:DescribeSpotFleetInstances", "ec2:DescribeSpotFleetRequests" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ec2:RebootInstances", "ec2:TerminateInstances" ], "Resource": [ "arn:aws:ec2:*:*:instance/*" ], "Condition": { "StringLike": { "ec2:ResourceTag/DeadlineTrackedAWSResource": "*" } } }, { "Effect": "Allow", "Action": [ "events:PutEvents" ], "Resource": [ "arn:aws:events:*:*:event-bus/default" ] }, { "Effect": "Allow", "Action": [ "lambda:InvokeFunction" ], "Resource": [ "arn:aws:lambda:*:*:function:DeadlineResourceTracker*" ] }, { "Effect": "Allow", "Action": [ "logs:CreateLogGroup" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/lambda/DeadlineResourceTracker*" ] }, { "Effect": "Allow", "Action": [ "sqs:DeleteMessage", "sqs:GetQueueAttributes", "sqs:ReceiveMessage" ], "Resource": [ "arn:aws:sqs:*:*:DeadlineAWSComputeNodeStateMessageQueue*" ] } ] }, "VersionId": "v1" }, "AWSThinkboxDeadlineResourceTrackerAdminPolicy": { "PolicyName": "AWSThinkboxDeadlineResourceTrackerAdminPolicy", "PolicyId": "ANPAZKAPJZG4FKWWNUOP2", "Arn": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineResourceTrackerAdminPolicy", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-05-27T19:29:09+00:00", "UpdateDate": "2021-08-12T21:28:43+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "cloudformation:ListStacks" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:UpdateStack", "cloudformation:DescribeStacks", "cloudformation:UpdateTerminationProtection" ], "Resource": [ "arn:aws:cloudformation:*:*:stack/DeadlineResourceTracker*" ] }, { "Effect": "Allow", "Action": [ "dynamodb:CreateTable", "dynamodb:DeleteTable", "dynamodb:DescribeTable", "dynamodb:ListTagsOfResource", "dynamodb:TagResource", "dynamodb:UntagResource" ], "Resource": [ "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeHealth*", "arn:aws:dynamodb:*:*:table/DeadlineEC2ComputeNodeInfo*", "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" ] }, { "Effect": "Allow", "Action": [ "dynamodb:BatchWriteItem", "dynamodb:Scan" ], "Resource": [ "arn:aws:dynamodb:*:*:table/DeadlineFleetHealth*" ] }, { "Effect": "Allow", "Action": [ "events:DeleteRule", "events:DescribeRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets" ], "Resource": [ "arn:aws:events:*:*:rule/DeadlineResourceTracker*" ] }, { "Effect": "Allow", "Action": [ "iam:GetRole", "iam:ListAttachedRolePolicies" ], "Resource": [ "arn:aws:iam::*:role/DeadlineResourceTracker*" ] }, { "Effect": "Allow", "Action": [ "iam:GetUser" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/*" ], "Condition": { "StringEquals": { "iam:AWSServiceName": [ "dynamodb.application-autoscaling.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/DeadlineResourceTrackerAccess*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "lambda.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/dynamodb.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_DynamoDBTable" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "application-autoscaling.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "lambda:GetEventSourceMapping" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "lambda:CreateEventSourceMapping", "lambda:DeleteEventSourceMapping" ], "Resource": [ "*" ], "Condition": { "StringLike": { "lambda:FunctionArn": [ "arn:aws:lambda:*:*:function:DeadlineResourceTracker*" ] } } }, { "Effect": "Allow", "Action": [ "lambda:AddPermission", "lambda:RemovePermission" ], "Resource": [ "arn:aws:lambda:*:*:function:DeadlineResourceTracker*" ], "Condition": { "StringLike": { "lambda:Principal": "events.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:ListTags", "lambda:PutFunctionConcurrency", "lambda:TagResource", "lambda:UntagResource", "lambda:UpdateFunctionCode" ], "Resource": [ "arn:aws:lambda:*:*:function:DeadlineResourceTracker*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::*/deadline_aws_resource_tracker-*.zip", "arn:aws:s3:::*/DeadlineAWSResourceTrackerTemplate-*.yaml" ] }, { "Effect": "Allow", "Action": [ "sqs:CreateQueue", "sqs:DeleteQueue", "sqs:GetQueueAttributes", "sqs:ListQueueTags", "sqs:TagQueue", "sqs:UntagQueue" ], "Resource": [ "arn:aws:sqs:*:*:DeadlineAWSComputeNodeState*", "arn:aws:sqs:*:*:DeadlineResourceTracker*" ] } ] }, "VersionId": "v4" }, "AWSThinkboxDeadlineSpotEventPluginAdminPolicy": { "PolicyName": "AWSThinkboxDeadlineSpotEventPluginAdminPolicy", "PolicyId": "ANPAZKAPJZG4MNSGMZZZZ", "Arn": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineSpotEventPluginAdminPolicy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-05-27T19:38:34+00:00", "UpdateDate": "2020-05-27T19:38:34+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:CancelSpotFleetRequests", "ec2:DescribeSpotFleetInstances", "ec2:DescribeSpotFleetRequests", "ec2:ModifySpotFleetRequest", "ec2:RequestSpotFleet" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": [ "arn:aws:ec2:*:*:instance/*" ], "Condition": { "StringEquals": { "ec2:CreateAction": "RunInstances" } } }, { "Effect": "Allow", "Action": [ "ec2:RunInstances" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ec2:TerminateInstances" ], "Resource": [ "arn:aws:ec2:*:*:instance/*" ], "Condition": { "StringLike": { "ec2:ResourceTag/aws:ec2spot:fleet-request-id": "*" } } }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/*" ], "Condition": { "StringEquals": { "iam:AWSServiceName": [ "spot.amazonaws.com", "spotfleet.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "iam:GetInstanceProfile" ], "Resource": [ "arn:aws:iam::*:instance-profile/*" ] }, { "Effect": "Allow", "Action": [ "iam:GetRole" ], "Resource": [ "arn:aws:iam::*:role/aws-ec2-spot-fleet-tagging-role", "arn:aws:iam::*:role/DeadlineSpot*" ] }, { "Effect": "Allow", "Action": [ "iam:GetUser" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/aws-ec2-spot-fleet-tagging-role", "arn:aws:iam::*:role/DeadlineSpot*" ], "Condition": { "StringLike": { "iam:PassedToService": "ec2.amazonaws.com" } } } ] }, "VersionId": "v1" }, "AWSThinkboxDeadlineSpotEventPluginWorkerPolicy": { "PolicyName": "AWSThinkboxDeadlineSpotEventPluginWorkerPolicy", "PolicyId": "ANPAZKAPJZG4JS2KSV4B2", "Arn": "arn:aws:iam::aws:policy/AWSThinkboxDeadlineSpotEventPluginWorkerPolicy", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-05-27T19:35:00+00:00", "UpdateDate": "2020-12-07T23:31:31+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:DescribeTags" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ec2:TerminateInstances" ], "Resource": [ "arn:aws:ec2:*:*:instance/*" ], "Condition": { "StringEquals": { "ec2:ResourceTag/DeadlineTrackedAWSResource": "SpotEventPlugin" } } }, { "Effect": "Allow", "Action": [ "ec2:TerminateInstances" ], "Resource": [ "arn:aws:ec2:*:*:instance/*" ], "Condition": { "StringEquals": { "ec2:ResourceTag/DeadlineResourceTracker": "SpotEventPlugin" } } }, { "Effect": "Allow", "Action": [ "sqs:GetQueueUrl", "sqs:SendMessage" ], "Resource": [ "arn:aws:sqs:*:*:DeadlineAWSComputeNodeState*" ] } ] }, "VersionId": "v2" }, "AWSTransferConsoleFullAccess": { "PolicyName": "AWSTransferConsoleFullAccess", "PolicyId": "ANPAZKAPJZG4KYSTLCO3J", "Arn": "arn:aws:iam::aws:policy/AWSTransferConsoleFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-14T19:33:25+00:00", "UpdateDate": "2020-12-14T19:33:25+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "transfer.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "acm:ListCertificates", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcEndpoints", "health:DescribeEventAggregates", "iam:GetPolicyVersion", "iam:ListPolicies", "iam:ListRoles", "route53:ListHostedZones", "s3:ListAllMyBuckets", "transfer:*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSTransferFullAccess": { "PolicyName": "AWSTransferFullAccess", "PolicyId": "ANPAZKAPJZG4KGELFKPYK", "Arn": "arn:aws:iam::aws:policy/AWSTransferFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-14T19:37:23+00:00", "UpdateDate": "2020-12-14T19:37:23+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "transfer:*", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "transfer.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "ec2:DescribeVpcEndpoints", "ec2:DescribeNetworkInterfaces", "ec2:DescribeAddresses" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSTransferLoggingAccess": { "PolicyName": "AWSTransferLoggingAccess", "PolicyId": "ANPAISIP5WGJX7VKXRQZO", "Arn": "arn:aws:iam::aws:policy/service-role/AWSTransferLoggingAccess", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-01-14T15:32:50+00:00", "UpdateDate": "2019-01-14T15:32:50+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:CreateLogGroup", "logs:PutLogEvents" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSTransferReadOnlyAccess": { "PolicyName": "AWSTransferReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4ITRAALBSI", "Arn": "arn:aws:iam::aws:policy/AWSTransferReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-08-27T17:54:51+00:00", "UpdateDate": "2020-08-27T17:54:51+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "transfer:DescribeUser", "transfer:DescribeServer", "transfer:ListUsers", "transfer:ListServers", "transfer:TestIdentityProvider", "transfer:ListTagsForResource" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSTrustedAdvisorReportingServiceRolePolicy": { "PolicyName": "AWSTrustedAdvisorReportingServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4NCBYW5OGK", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorReportingServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-19T17:41:13+00:00", "UpdateDate": "2020-09-11T21:36:48+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "organizations:DescribeOrganization", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListChildren", "organizations:ListParents", "organizations:DescribeOrganizationalUnit", "organizations:DescribeAccount" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v2" }, "AWSTrustedAdvisorServiceRolePolicy": { "PolicyName": "AWSTrustedAdvisorServiceRolePolicy", "PolicyId": "ANPAJH4QJ2WMHBOB47BUE", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSTrustedAdvisorServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v9", "AttachmentCount": 1, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-02-22T21:24:25+00:00", "UpdateDate": "2021-08-10T22:41:30+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "autoscaling:DescribeAccountLimits", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLaunchConfigurations", "cloudformation:DescribeAccountLimits", "cloudformation:DescribeStacks", "cloudformation:ListStacks", "cloudfront:ListDistributions", "cloudtrail:DescribeTrails", "cloudtrail:GetTrailStatus", "dynamodb:DescribeLimits", "dynamodb:DescribeTable", "dynamodb:ListTables", "ec2:DescribeAddresses", "ec2:DescribeReservedInstances", "ec2:DescribeInstances", "ec2:DescribeVpcs", "ec2:DescribeInternetGateways", "ec2:DescribeImages", "ec2:DescribeVolumes", "ec2:DescribeSecurityGroups", "ec2:DescribeReservedInstancesOfferings", "ec2:DescribeSnapshots", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:DescribeLaunchTemplateVersions", "elasticloadbalancing:DescribeAccountLimits", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancerPolicies", "elasticloadbalancing:DescribeLoadBalancerPolicyTypes", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups", "iam:GenerateCredentialReport", "iam:GetAccountPasswordPolicy", "iam:GetAccountSummary", "iam:GetCredentialReport", "iam:GetServerCertificate", "iam:ListServerCertificates", "kinesis:DescribeLimits", "rds:DescribeAccountAttributes", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSnapshots", "rds:DescribeDBSubnetGroups", "rds:DescribeEngineDefaultParameters", "rds:DescribeEvents", "rds:DescribeOptionGroupOptions", "rds:DescribeOptionGroups", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribeReservedDBInstances", "rds:DescribeReservedDBInstancesOfferings", "rds:ListTagsForResource", "redshift:DescribeClusters", "redshift:DescribeReservedNodeOfferings", "redshift:DescribeReservedNodes", "route53:GetAccountLimit", "route53:GetHealthCheck", "route53:GetHostedZone", "route53:ListHealthChecks", "route53:ListHostedZones", "route53:ListHostedZonesByName", "route53:ListResourceRecordSets", "s3:GetAccountPublicAccessBlock", "s3:GetBucketAcl", "s3:GetBucketPolicy", "s3:GetBucketPolicyStatus", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketVersioning", "s3:GetBucketPublicAccessBlock", "s3:ListBucket", "s3:ListAllMyBuckets", "ses:GetSendQuota", "sqs:ListQueues", "cloudwatch:GetMetricStatistics", "ce:GetReservationPurchaseRecommendation", "ce:GetSavingsPlansPurchaseRecommendation" ], "Resource": "*" } ] }, "VersionId": "v9" }, "AWSVPCS2SVpnServiceRolePolicy": { "PolicyName": "AWSVPCS2SVpnServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4ENV7ZVNT6", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSVPCS2SVpnServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-08-06T14:13:58+00:00", "UpdateDate": "2019-08-06T14:13:58+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "0", "Effect": "Allow", "Action": [ "acm:ExportCertificate", "acm:DescribeCertificate", "acm:ListCertificates", "acm-pca:DescribeCertificateAuthority" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AWSVPCTransitGatewayServiceRolePolicy": { "PolicyName": "AWSVPCTransitGatewayServiceRolePolicy", "PolicyId": "ANPAJS2PBJSYV2EZW3MIQ", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AWSVPCTransitGatewayServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-26T16:21:17+00:00", "UpdateDate": "2021-04-15T16:31:44+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DeleteNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:AssignIpv6Addresses", "ec2:UnAssignIpv6Addresses" ], "Resource": "*", "Effect": "Allow", "Sid": "0" } ] }, "VersionId": "v2" }, "AWSWAFConsoleFullAccess": { "PolicyName": "AWSWAFConsoleFullAccess", "PolicyId": "ANPAZKAPJZG4AZOTQ7KAT", "Arn": "arn:aws:iam::aws:policy/AWSWAFConsoleFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-04-06T18:38:38+00:00", "UpdateDate": "2020-10-01T20:13:57+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "apigateway:GET", "apigateway:SetWebACL", "cloudfront:ListDistributions", "cloudfront:ListDistributionsByWebACLId", "cloudfront:UpdateDistribution", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "ec2:DescribeRegions", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:SetWebACL", "appsync:ListGraphqlApis", "appsync:SetWebACL", "waf-regional:*", "waf:*", "wafv2:*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v2" }, "AWSWAFConsoleReadOnlyAccess": { "PolicyName": "AWSWAFConsoleReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4NCJLTIT64", "Arn": "arn:aws:iam::aws:policy/AWSWAFConsoleReadOnlyAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-04-06T18:43:24+00:00", "UpdateDate": "2020-10-01T20:13:54+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "apigateway:GET", "cloudfront:ListDistributions", "cloudfront:ListDistributionsByWebACLId", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "ec2:DescribeRegions", "elasticloadbalancing:DescribeLoadBalancers", "appsync:ListGraphqlApis", "waf-regional:Get*", "waf-regional:List*", "waf:Get*", "waf:List*", "wafv2:Describe*", "wafv2:Get*", "wafv2:List*", "wafv2:CheckCapacity" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v3" }, "AWSWAFFullAccess": { "PolicyName": "AWSWAFFullAccess", "PolicyId": "ANPAJMIKIAFXZEGOLRH7C", "Arn": "arn:aws:iam::aws:policy/AWSWAFFullAccess", "Path": "/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-10-06T20:44:00+00:00", "UpdateDate": "2020-10-01T20:13:54+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "waf:*", "waf-regional:*", "wafv2:*", "elasticloadbalancing:SetWebACL", "apigateway:SetWebACL", "appsync:SetWebACL" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v5" }, "AWSWAFReadOnlyAccess": { "PolicyName": "AWSWAFReadOnlyAccess", "PolicyId": "ANPAINZVDMX2SBF7EU2OC", "Arn": "arn:aws:iam::aws:policy/AWSWAFReadOnlyAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-10-06T20:43:45+00:00", "UpdateDate": "2020-06-22T22:38:54+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "waf:Get*", "waf:List*", "waf-regional:Get*", "waf-regional:List*", "wafv2:Get*", "wafv2:List*", "wafv2:Describe*", "wafv2:CheckCapacity" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v4" }, "AWSXRayDaemonWriteAccess": { "PolicyName": "AWSXRayDaemonWriteAccess", "PolicyId": "ANPAIOE47HSUE5AVBNEDM", "Arn": "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-08-28T23:00:33+00:00", "UpdateDate": "2018-08-28T23:00:33+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", "xray:GetSamplingRules", "xray:GetSamplingTargets", "xray:GetSamplingStatisticSummaries" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSXrayFullAccess": { "PolicyName": "AWSXrayFullAccess", "PolicyId": "ANPAJQBYG45NSJMVQDB2K", "Arn": "arn:aws:iam::aws:policy/AWSXrayFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-12-01T18:30:55+00:00", "UpdateDate": "2016-12-01T18:30:55+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "xray:*" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AWSXrayReadOnlyAccess": { "PolicyName": "AWSXrayReadOnlyAccess", "PolicyId": "ANPAIH4OFXWPS6ZX6OPGQ", "Arn": "arn:aws:iam::aws:policy/AWSXrayReadOnlyAccess", "Path": "/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-12-01T18:27:02+00:00", "UpdateDate": "2020-09-03T22:19:40+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "xray:GetSamplingRules", "xray:GetSamplingTargets", "xray:GetSamplingStatisticSummaries", "xray:BatchGetTraces", "xray:GetServiceGraph", "xray:GetTraceGraph", "xray:GetTraceSummaries", "xray:GetGroups", "xray:GetGroup", "xray:ListTagsForResource", "xray:GetTimeSeriesServiceStatistics", "xray:GetInsightSummaries", "xray:GetInsight", "xray:GetInsightEvents", "xray:GetInsightImpactGraph" ], "Resource": [ "*" ] } ] }, "VersionId": "v5" }, "AWSXrayWriteOnlyAccess": { "PolicyName": "AWSXrayWriteOnlyAccess", "PolicyId": "ANPAIAACM4LMYSRGBCTM6", "Arn": "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-12-01T18:19:53+00:00", "UpdateDate": "2018-08-28T23:03:04+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords", "xray:GetSamplingRules", "xray:GetSamplingTargets", "xray:GetSamplingStatisticSummaries" ], "Resource": [ "*" ] } ] }, "VersionId": "v2" }, "AWS_ConfigRole": { "PolicyName": "AWS_ConfigRole", "PolicyId": "ANPAZKAPJZG4PP7QZ4FBG", "Arn": "arn:aws:iam::aws:policy/service-role/AWS_ConfigRole", "Path": "/service-role/", "DefaultVersionId": "v7", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-09-15T20:30:30+00:00", "UpdateDate": "2021-07-27T22:41:23+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "access-analyzer:GetAnalyzer", "access-analyzer:ListAnalyzers", "access-analyzer:ListArchiveRules", "access-analyzer:ListTagsForResource", "acm:DescribeCertificate", "acm:ListCertificates", "acm:ListTagsForCertificate", "apigateway:GET", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeLifecycleHooks", "autoscaling:DescribePolicies", "autoscaling:DescribeScheduledActions", "autoscaling:DescribeTags", "backup:DescribeBackupVault", "backup:DescribeRecoveryPoint", "backup:GetBackupPlan", "backup:GetBackupSelection", "backup:GetBackupVaultAccessPolicy", "backup:GetBackupVaultNotifications", "backup:ListBackupPlans", "backup:ListBackupSelections", "backup:ListBackupVaults", "backup:ListRecoveryPointsByBackupVault", "backup:ListTags", "cloudformation:DescribeType", "cloudformation:ListTypes", "cloudfront:ListDistributions", "cloudfront:ListTagsForResource", "cloudtrail:DescribeTrails", "cloudtrail:GetEventSelectors", "cloudtrail:GetTrailStatus", "cloudtrail:ListTags", "cloudwatch:DescribeAlarms", "codepipeline:GetPipeline", "codepipeline:GetPipelineState", "codepipeline:ListPipelines", "config:BatchGet*", "config:Describe*", "config:Get*", "config:List*", "config:Put*", "config:Select*", "dax:DescribeClusters", "dms:DescribeEventSubscriptions", "dms:DescribeReplicationInstances", "dms:DescribeReplicationSubnetGroups", "dms:ListTagsForResource", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeLimits", "dynamodb:DescribeTable", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "ec2:Describe*", "ec2:GetEbsEncryptionByDefault", "ecr-public:DescribeRepositories", "ecr-public:GetRepositoryCatalogData", "ecr-public:ListTagsForResource", "ecr:DescribeRepositories", "ecr:GetLifecyclePolicy", "ecr:GetRepositoryPolicy", "ecr:ListTagsForResource", "ecs:DescribeClusters", "ecs:DescribeServices", "ecs:DescribeTaskDefinition", "ecs:DescribeTaskSets", "ecs:ListClusters", "ecs:ListServices", "ecs:ListTagsForResource", "ecs:ListTaskDefinitions", "eks:DescribeCluster", "eks:DescribeNodegroup", "eks:ListClusters", "eks:ListNodegroups", "elasticache:DescribeCacheClusters", "elasticache:DescribeCacheParameterGroups", "elasticache:DescribeCacheSubnetGroups", "elasticache:DescribeReplicationGroups", "elasticache:ListTagsForResource", "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeBackupPolicy", "elasticfilesystem:DescribeFileSystemPolicy", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeLifecycleConfiguration", "elasticfilesystem:DescribeMountTargets", "elasticfilesystem:DescribeMountTargetSecurityGroups", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancerPolicies", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticmapreduce:DescribeCluster", "elasticmapreduce:DescribeSecurityConfiguration", "elasticmapreduce:DescribeStep", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:GetManagedScalingPolicy", "elasticmapreduce:ListClusters", "elasticmapreduce:ListInstanceFleets", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListInstances", "elasticmapreduce:ListSecurityConfigurations", "elasticmapreduce:ListSteps", "es:DescribeElasticsearchDomain", "es:DescribeElasticsearchDomains", "es:ListDomainNames", "es:ListTags", "firehose:DescribeDeliveryStream", "firehose:ListDeliveryStreams", "firehose:ListTagsForDeliveryStream", "fsx:DescribeFileSystems", "globalaccelerator:DescribeAccelerator", "globalaccelerator:DescribeEndpointGroup", "globalaccelerator:DescribeListener", "globalaccelerator:ListAccelerators", "globalaccelerator:ListEndpointGroups", "globalaccelerator:ListListeners", "globalaccelerator:ListTagsForResource", "guardduty:GetDetector", "guardduty:GetFindings", "guardduty:GetMasterAccount", "guardduty:ListDetectors", "guardduty:ListFindings", "iam:GenerateCredentialReport", "iam:GetAccountAuthorizationDetails", "iam:GetAccountPasswordPolicy", "iam:GetAccountSummary", "iam:GetCredentialReport", "iam:GetGroup", "iam:GetGroupPolicy", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole", "iam:GetRolePolicy", "iam:GetUser", "iam:GetUserPolicy", "iam:ListAttachedGroupPolicies", "iam:ListAttachedRolePolicies", "iam:ListAttachedUserPolicies", "iam:ListEntitiesForPolicy", "iam:ListGroupPolicies", "iam:ListGroupsForUser", "iam:ListInstanceProfilesForRole", "iam:ListPolicyVersions", "iam:ListRolePolicies", "iam:ListUserPolicies", "iam:ListVirtualMFADevices", "kafka:DescribeCluster", "kafka:ListClusters", "kinesis:DescribeStreamConsumer", "kinesis:DescribeStreamSummary", "kinesis:ListStreamConsumers", "kinesis:ListStreams", "kinesis:ListTagsForStream", "kms:DescribeKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:ListKeys", "kms:ListResourceTags", "lambda:GetAlias", "lambda:GetFunction", "lambda:GetFunctionCodeSigningConfig", "lambda:GetPolicy", "lambda:ListAliases", "lambda:ListFunctions", "lambda:ListVersionsByFunction", "logs:DescribeLogGroups", "logs:ListTagsLogGroup", "network-firewall:DescribeLoggingConfiguration", "network-firewall:ListFirewalls", "organizations:DescribeOrganization", "rds:DescribeDBParameterGroups", "rds:DescribeDBClusters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSnapshotAttributes", "rds:DescribeDBSnapshots", "rds:DescribeDBSubnetGroups", "rds:DescribeEventSubscriptions", "rds:ListTagsForResource", "redshift:DescribeClusterParameterGroups", "redshift:DescribeClusterParameters", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "redshift:DescribeClusterSnapshots", "redshift:DescribeClusterSubnetGroups", "redshift:DescribeEventSubscriptions", "redshift:DescribeLoggingStatus", "route53:GetHealthCheck", "route53:GetHostedZone", "route53:ListHealthChecks", "route53:ListHostedZones", "route53:ListHostedZonesByName", "route53:ListQueryLoggingConfigs", "route53:ListResourceRecordSets", "route53:ListTagsForResource", "route53resolver:GetResolverEndpoint", "route53resolver:GetResolverRule", "route53resolver:GetResolverRuleAssociation", "route53resolver:ListResolverEndpointIpAddresses", "route53resolver:ListResolverEndpoints", "route53resolver:ListResolverRuleAssociations", "route53resolver:ListResolverRules", "route53resolver:ListTagsForResource", "s3:GetAccelerateConfiguration", "s3:GetAccessPoint", "s3:GetAccessPointPolicy", "s3:GetAccessPointPolicyStatus", "s3:GetAccountPublicAccessBlock", "s3:GetBucketAcl", "s3:GetBucketCORS", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketNotification", "s3:GetBucketObjectLockConfiguration", "s3:GetBucketPolicy", "s3:GetBucketPublicAccessBlock", "s3:GetBucketRequestPayment", "s3:GetBucketTagging", "s3:GetBucketVersioning", "s3:GetBucketWebsite", "s3:GetEncryptionConfiguration", "s3:GetLifecycleConfiguration", "s3:GetReplicationConfiguration", "s3:ListAccessPoints", "s3:ListAllMyBuckets", "s3:ListBucket", "sagemaker:DescribeCodeRepository", "sagemaker:DescribeEndpoint", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeModel", "sagemaker:DescribeMonitoringSchedule", "sagemaker:DescribeNotebookInstance", "sagemaker:DescribeNotebookInstanceLifecycleConfig", "sagemaker:DescribeWorkteam", "sagemaker:ListCodeRepositories", "sagemaker:ListEndpointConfigs", "sagemaker:ListEndpoints", "sagemaker:ListModels", "sagemaker:ListMonitoringSchedules", "sagemaker:ListNotebookInstanceLifecycleConfigs", "sagemaker:ListNotebookInstances", "sagemaker:ListTags", "sagemaker:ListWorkteams", "secretsmanager:ListSecrets", "secretsmanager:ListSecretVersionIds", "securityhub:DescribeHub", "shield:DescribeDRTAccess", "shield:DescribeProtection", "shield:DescribeSubscription", "sns:GetSubscriptionAttributes", "sns:GetTopicAttributes", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTagsForResource", "sns:ListTopics", "sqs:GetQueueAttributes", "sqs:ListQueues", "sqs:ListQueueTags", "ssm:DescribeAutomationExecutions", "ssm:DescribeDocument", "ssm:DescribeDocumentPermission", "ssm:GetAutomationExecution", "ssm:GetDocument", "ssm:ListDocuments", "states:DescribeStateMachine", "states:ListStateMachines", "states:ListTagsForResource", "storagegateway:ListGateways", "storagegateway:ListTagsForResource", "storagegateway:ListVolumes", "support:DescribeCases", "tag:GetResources", "waf-regional:GetLoggingConfiguration", "waf-regional:GetWebACL", "waf-regional:GetWebACLForResource", "waf:GetLoggingConfiguration", "waf:GetWebACL", "wafv2:GetLoggingConfiguration" ], "Resource": "*" } ] }, "VersionId": "v7" }, "AccessAnalyzerServiceRolePolicy": { "PolicyName": "AccessAnalyzerServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4CAIXDDRI2", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AccessAnalyzerServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-02T17:13:10+00:00", "UpdateDate": "2020-11-24T20:58:37+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeAddresses", "ec2:DescribeByoipCidrs", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "iam:GetRole", "iam:ListRoles", "kms:DescribeKey", "kms:GetKeyPolicy", "kms:ListGrants", "kms:ListKeyPolicies", "kms:ListKeys", "lambda:GetLayerVersionPolicy", "lambda:GetPolicy", "lambda:ListAliases", "lambda:ListFunctions", "lambda:ListLayers", "lambda:ListLayerVersions", "lambda:ListVersionsByFunction", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListChildren", "organizations:ListDelegatedAdministrators", "organizations:ListOrganizationalUnitsForParent", "organizations:ListParents", "organizations:ListRoots", "s3:GetAccessPoint", "s3:GetAccessPointPolicy", "s3:GetAccessPointPolicyStatus", "s3:GetAccountPublicAccessBlock", "s3:GetBucketAcl", "s3:GetBucketLocation", "s3:GetBucketPolicyStatus", "s3:GetBucketPolicy", "s3:GetBucketPublicAccessBlock", "s3:ListAccessPoints", "s3:ListAllMyBuckets", "sns:GetTopicAttributes", "sns:ListTopics", "secretsmanager:DescribeSecret", "secretsmanager:GetResourcePolicy", "secretsmanager:ListSecrets", "sqs:GetQueueAttributes", "sqs:ListQueues" ], "Resource": "*" } ] }, "VersionId": "v5" }, "AdministratorAccess": { "PolicyName": "AdministratorAccess", "PolicyId": "ANPAIWMBCKSKIEE64ZLYK", "Arn": "arn:aws:iam::aws:policy/AdministratorAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 4, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:39:46+00:00", "UpdateDate": "2015-02-06T18:39:46+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "*", "Resource": "*" } ] }, "VersionId": "v1" }, "AdministratorAccess-AWSElasticBeanstalk": { "PolicyName": "AdministratorAccess-AWSElasticBeanstalk", "PolicyId": "ANPAZKAPJZG4AX52KWGWY", "Arn": "arn:aws:iam::aws:policy/AdministratorAccess-AWSElasticBeanstalk", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-01-22T19:36:54+00:00", "UpdateDate": "2021-03-09T22:36:27+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "acm:Describe*", "acm:List*", "autoscaling:Describe*", "cloudformation:Describe*", "cloudformation:Estimate*", "cloudformation:Get*", "cloudformation:List*", "cloudformation:Validate*", "cloudtrail:LookupEvents", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "codecommit:Get*", "codecommit:UploadArchive", "ec2:AllocateAddress", "ec2:AssociateAddress", "ec2:AuthorizeSecurityGroup*", "ec2:CreateLaunchTemplate*", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DeleteLaunchTemplate*", "ec2:DeleteSecurityGroup", "ec2:DeleteTags", "ec2:Describe*", "ec2:DisassociateAddress", "ec2:ReleaseAddress", "ec2:RevokeSecurityGroup*", "ecs:CreateCluster", "ecs:DeRegisterTaskDefinition", "ecs:Describe*", "ecs:List*", "ecs:RegisterTaskDefinition", "elasticbeanstalk:*", "elasticloadbalancing:Describe*", "iam:GetRole", "iam:ListAttachedRolePolicies", "iam:ListInstanceProfiles", "iam:ListRolePolicies", "iam:ListRoles", "iam:ListServerCertificates", "logs:Describe*", "rds:Describe*", "s3:ListAllMyBuckets", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "sqs:ListQueues" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "autoscaling:*" ], "Resource": [ "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/awseb-e-*", "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/eb-*", "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/awseb-e-*", "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/eb-*" ] }, { "Effect": "Allow", "Action": [ "cloudformation:CancelUpdateStack", "cloudformation:ContinueUpdateRollback", "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:GetTemplate", "cloudformation:ListStackResources", "cloudformation:SignalResource", "cloudformation:TagResource", "cloudformation:UntagResource", "cloudformation:UpdateStack" ], "Resource": [ "arn:aws:cloudformation:*:*:stack/awseb-*", "arn:aws:cloudformation:*:*:stack/eb-*" ] }, { "Effect": "Allow", "Action": [ "cloudwatch:DeleteAlarms", "cloudwatch:PutMetricAlarm" ], "Resource": [ "arn:aws:cloudwatch:*:*:alarm:awseb-*", "arn:aws:cloudwatch:*:*:alarm:eb-*" ] }, { "Effect": "Allow", "Action": [ "codebuild:BatchGetBuilds", "codebuild:CreateProject", "codebuild:DeleteProject", "codebuild:StartBuild" ], "Resource": "arn:aws:codebuild:*:*:project/Elastic-Beanstalk-*" }, { "Effect": "Allow", "Action": [ "dynamodb:CreateTable", "dynamodb:DeleteTable", "dynamodb:DescribeTable", "dynamodb:TagResource" ], "Resource": [ "arn:aws:dynamodb:*:*:table/awseb-e-*", "arn:aws:dynamodb:*:*:table/eb-*" ] }, { "Effect": "Allow", "Action": [ "ec2:RebootInstances", "ec2:TerminateInstances" ], "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "StringLike": { "ec2:ResourceTag/aws:cloudformation:stack-id": [ "arn:aws:cloudformation:*:*:stack/awseb-e-*", "arn:aws:cloudformation:*:*:stack/eb-*" ] } } }, { "Effect": "Allow", "Action": "ec2:RunInstances", "Resource": "*", "Condition": { "ArnLike": { "ec2:LaunchTemplate": "arn:aws:ec2:*:*:launch-template/*" } } }, { "Effect": "Allow", "Action": [ "ecs:DeleteCluster" ], "Resource": "arn:aws:ecs:*:*:cluster/awseb-*" }, { "Effect": "Allow", "Action": [ "elasticloadbalancing:*Rule", "elasticloadbalancing:*Tags", "elasticloadbalancing:SetRulePriorities", "elasticloadbalancing:SetSecurityGroups" ], "Resource": [ "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*/*" ] }, { "Effect": "Allow", "Action": [ "elasticloadbalancing:*" ], "Resource": [ "arn:aws:elasticloadbalancing:*:*:targetgroup/awseb-*", "arn:aws:elasticloadbalancing:*:*:targetgroup/eb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/awseb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/eb-*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/*/awseb-*/*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/*/eb-*/*", "arn:aws:elasticloadbalancing:*:*:listener/awseb-*", "arn:aws:elasticloadbalancing:*:*:listener/eb-*", "arn:aws:elasticloadbalancing:*:*:listener/*/awseb-*/*/*", "arn:aws:elasticloadbalancing:*:*:listener/*/eb-*/*/*", "arn:aws:elasticloadbalancing:*:*:listener-rule/app/awseb-*/*/*/*", "arn:aws:elasticloadbalancing:*:*:listener-rule/app/eb-*/*/*/*" ] }, { "Effect": "Allow", "Action": [ "iam:AddRoleToInstanceProfile", "iam:CreateInstanceProfile", "iam:CreateRole" ], "Resource": [ "arn:aws:iam::*:role/aws-elasticbeanstalk*", "arn:aws:iam::*:instance-profile/aws-elasticbeanstalk*" ] }, { "Effect": "Allow", "Action": [ "iam:AttachRolePolicy" ], "Resource": "arn:aws:iam::*:role/aws-elasticbeanstalk*", "Condition": { "StringLike": { "iam:PolicyArn": [ "arn:aws:iam::aws:policy/AWSElasticBeanstalk*", "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalk*" ] } } }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::*:role/*", "Condition": { "StringEquals": { "iam:PassedToService": [ "elasticbeanstalk.amazonaws.com", "ec2.amazonaws.com", "ec2.amazonaws.com.cn", "autoscaling.amazonaws.com", "elasticloadbalancing.amazonaws.com", "ecs.amazonaws.com", "cloudformation.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling*", "arn:aws:iam::*:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*", "arn:aws:iam::*:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing*", "arn:aws:iam::*:role/aws-service-role/managedupdates.elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*", "arn:aws:iam::*:role/aws-service-role/maintenance.elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk*" ], "Condition": { "StringLike": { "iam:AWSServiceName": [ "autoscaling.amazonaws.com", "elasticbeanstalk.amazonaws.com", "elasticloadbalancing.amazonaws.com", "managedupdates.elasticbeanstalk.amazonaws.com", "maintenance.elasticbeanstalk.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:DeleteLogGroup", "logs:PutRetentionPolicy" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/elasticbeanstalk/*" }, { "Effect": "Allow", "Action": [ "rds:*DBSubnetGroup", "rds:AuthorizeDBSecurityGroupIngress", "rds:CreateDBInstance", "rds:CreateDBSecurityGroup", "rds:DeleteDBInstance", "rds:DeleteDBSecurityGroup", "rds:ModifyDBInstance", "rds:RestoreDBInstanceFromDBSnapshot" ], "Resource": [ "arn:aws:rds:*:*:db:*", "arn:aws:rds:*:*:secgrp:awseb-e-*", "arn:aws:rds:*:*:secgrp:eb-*", "arn:aws:rds:*:*:snapshot:*", "arn:aws:rds:*:*:subgrp:awseb-e-*", "arn:aws:rds:*:*:subgrp:eb-*" ] }, { "Effect": "Allow", "Action": [ "s3:Delete*", "s3:Get*", "s3:Put*" ], "Resource": "arn:aws:s3:::elasticbeanstalk-*/*" }, { "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:GetBucket*", "s3:ListBucket", "s3:PutBucketPolicy" ], "Resource": "arn:aws:s3:::elasticbeanstalk-*" }, { "Effect": "Allow", "Action": [ "sns:CreateTopic", "sns:DeleteTopic", "sns:GetTopicAttributes", "sns:Publish", "sns:SetTopicAttributes", "sns:Subscribe", "sns:Unsubscribe" ], "Resource": "arn:aws:sns:*:*:ElasticBeanstalkNotifications-*" }, { "Effect": "Allow", "Action": [ "sqs:*QueueAttributes", "sqs:CreateQueue", "sqs:DeleteQueue", "sqs:SendMessage", "sqs:TagQueue" ], "Resource": [ "arn:aws:sqs:*:*:awseb-e-*", "arn:aws:sqs:*:*:eb-*" ] } ] }, "VersionId": "v2" }, "AdministratorAccess-Amplify": { "PolicyName": "AdministratorAccess-Amplify", "PolicyId": "ANPAZKAPJZG4AML23RALR", "Arn": "arn:aws:iam::aws:policy/AdministratorAccess-Amplify", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-01T19:03:08+00:00", "UpdateDate": "2021-07-26T22:49:07+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "CLICloudformationPolicy", "Effect": "Allow", "Action": [ "cloudformation:CreateChangeSet", "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeChangeSet", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks", "cloudformation:ExecuteChangeSet", "cloudformation:GetTemplate", "cloudformation:UpdateStack", "cloudformation:ListStackResources" ], "Resource": [ "arn:aws:cloudformation:*:*:stack/amplify-*" ] }, { "Sid": "CLIManageviaCFNPolicy", "Effect": "Allow", "Action": [ "iam:ListRoleTags", "iam:TagRole", "iam:AttachRolePolicy", "iam:CreatePolicy", "iam:DeletePolicy", "iam:DeleteRole", "iam:DeleteRolePolicy", "iam:DetachRolePolicy", "iam:PutRolePolicy", "iam:UpdateRole", "iam:GetRole", "iam:GetPolicy", "iam:GetRolePolicy", "iam:PassRole", "iam:ListPolicyVersions", "iam:CreatePolicyVersion", "iam:DeletePolicyVersion", "iam:CreateRole", "iam:ListRolePolicies", "iam:PutRolePermissionsBoundary", "iam:DeleteRolePermissionsBoundary", "appsync:CreateApiKey", "appsync:CreateDataSource", "appsync:CreateFunction", "appsync:CreateResolver", "appsync:CreateType", "appsync:DeleteApiKey", "appsync:DeleteDataSource", "appsync:DeleteFunction", "appsync:DeleteResolver", "appsync:DeleteType", "appsync:GetDataSource", "appsync:GetFunction", "appsync:GetIntrospectionSchema", "appsync:GetResolver", "appsync:GetSchemaCreationStatus", "appsync:GetType", "appsync:GraphQL", "appsync:ListApiKeys", "appsync:ListDataSources", "appsync:ListFunctions", "appsync:ListGraphqlApis", "appsync:ListResolvers", "appsync:ListResolversByFunction", "appsync:ListTypes", "appsync:StartSchemaCreation", "appsync:UpdateApiKey", "appsync:UpdateDataSource", "appsync:UpdateFunction", "appsync:UpdateResolver", "appsync:UpdateType", "appsync:TagResource", "appsync:CreateGraphqlApi", "appsync:DeleteGraphqlApi", "appsync:GetGraphqlApi", "appsync:ListTagsForResource", "appsync:UpdateGraphqlApi", "apigateway:DELETE", "apigateway:GET", "apigateway:PATCH", "apigateway:POST", "apigateway:PUT", "cognito-idp:CreateUserPool", "cognito-identity:CreateIdentityPool", "cognito-identity:DeleteIdentityPool", "cognito-identity:DescribeIdentity", "cognito-identity:DescribeIdentityPool", "cognito-identity:SetIdentityPoolRoles", "cognito-identity:GetIdentityPoolRoles", "cognito-identity:UpdateIdentityPool", "cognito-idp:CreateUserPoolClient", "cognito-idp:DeleteGroup", "cognito-idp:DeleteUserPool", "cognito-idp:DeleteUserPoolClient", "cognito-idp:DescribeUserPool", "cognito-idp:DescribeUserPoolClient", "cognito-idp:ListTagsForResource", "cognito-idp:ListUserPoolClients", "cognito-idp:UpdateUserPoolClient", "cognito-idp:CreateGroup", "cognito-idp:DeleteGroup", "cognito-identity:TagResource", "cognito-idp:TagResource", "cognito-idp:UpdateUserPool", "lambda:AddPermission", "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:InvokeAsync", "lambda:InvokeFunction", "lambda:RemovePermission", "lambda:UpdateFunctionCode", "lambda:UpdateFunctionConfiguration", "lambda:ListTags", "lambda:TagResource", "lambda:UntagResource", "lambda:DeleteFunction", "lambda:AddLayerVersionPermission", "lambda:CreateEventSourceMapping", "lambda:DeleteEventSourceMapping", "lambda:DeleteLayerVersion", "lambda:GetEventSourceMapping", "lambda:GetLayerVersion", "lambda:ListEventSourceMappings", "lambda:ListLayerVersions", "lambda:PublishLayerVersion", "lambda:RemoveLayerVersionPermission", "dynamodb:CreateTable", "dynamodb:DeleteItem", "dynamodb:DeleteTable", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeTable", "dynamodb:DescribeTimeToLive", "dynamodb:ListStreams", "dynamodb:PutItem", "dynamodb:TagResource", "dynamodb:ListTagsOfResource", "dynamodb:UpdateContinuousBackups", "dynamodb:UpdateItem", "dynamodb:UpdateTable", "dynamodb:UpdateTimeToLive", "s3:CreateBucket", "s3:ListBucket", "s3:PutBucketAcl", "s3:PutBucketCORS", "s3:PutBucketNotification", "s3:PutBucketPolicy", "s3:PutBucketWebsite", "s3:PutObjectAcl", "cloudfront:CreateCloudFrontOriginAccessIdentity", "cloudfront:CreateDistribution", "cloudfront:DeleteCloudFrontOriginAccessIdentity", "cloudfront:DeleteDistribution", "cloudfront:GetCloudFrontOriginAccessIdentity", "cloudfront:GetCloudFrontOriginAccessIdentityConfig", "cloudfront:GetDistribution", "cloudfront:GetDistributionConfig", "cloudfront:TagResource", "cloudfront:UntagResource", "cloudfront:UpdateCloudFrontOriginAccessIdentity", "cloudfront:UpdateDistribution", "events:DeleteRule", "events:DescribeRule", "events:ListRuleNamesByTarget", "events:PutRule", "events:PutTargets", "events:RemoveTargets", "mobiletargeting:GetApp", "kinesis:AddTagsToStream", "kinesis:CreateStream", "kinesis:DeleteStream", "kinesis:DescribeStream", "kinesis:PutRecords", "es:AddTags", "es:CreateElasticsearchDomain", "es:DeleteElasticsearchDomain", "es:DescribeElasticsearchDomain", "s3:PutEncryptionConfiguration" ], "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "cloudformation.amazonaws.com" ] } } }, { "Sid": "CLISDKCalls", "Effect": "Allow", "Action": [ "appsync:GetIntrospectionSchema", "appsync:GraphQL", "appsync:UpdateApiKey", "appsync:ListApiKeys", "s3:PutObject", "s3:GetObject", "s3:ListBucket", "s3:ListBucketVersions", "s3:DeleteBucket", "s3:DeleteBucketPolicy", "s3:DeleteBucketWebsite", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:GetBucketLocation", "s3:ListAllMyBuckets", "amplify:*", "amplifybackend:*", "sts:AssumeRole", "mobiletargeting:*", "cognito-idp:AdminAddUserToGroup", "cognito-idp:AdminCreateUser", "cognito-idp:CreateGroup", "cognito-idp:DeleteGroup", "cognito-idp:DeleteUser", "cognito-idp:ListUsers", "cognito-idp:AdminGetUser", "cognito-idp:ListUsersInGroup", "cognito-idp:AdminDisableUser", "cognito-idp:AdminRemoveUserFromGroup", "cognito-idp:AdminResetUserPassword", "cognito-idp:AdminListGroupsForUser", "cognito-idp:ListGroups", "cognito-idp:AdminDeleteUser", "cognito-idp:AdminListUserAuthEvents", "cognito-idp:AdminDeleteUser", "cognito-idp:AdminConfirmSignUp", "cognito-idp:AdminEnableUser", "cognito-idp:AdminUpdateUserAttributes", "cognito-idp:DescribeIdentityProvider", "cognito-idp:DescribeUserPool", "cognito-idp:DeleteUserPool", "cognito-idp:DescribeUserPoolClient", "cognito-idp:CreateUserPool", "cognito-idp:CreateUserPoolClient", "cognito-idp:UpdateUserPool", "cognito-idp:AdminSetUserPassword", "cognito-idp:ListUserPools", "cognito-idp:ListUserPoolClients", "cognito-identity:GetIdentityPoolRoles", "cognito-identity:SetIdentityPoolRoles", "cognito-identity:CreateIdentityPool", "cognito-identity:DeleteIdentityPool", "cognito-identity:ListIdentityPools", "cognito-identity:DescribeIdentityPool", "dynamodb:DescribeTable", "lambda:GetFunction", "lambda:CreateFunction", "lambda:AddPermission", "lambda:DeleteFunction", "iam:PutRolePolicy", "iam:CreatePolicy", "iam:AttachRolePolicy", "iam:ListPolicyVersions", "iam:ListAttachedRolePolicies", "iam:CreateRole", "iam:PassRole", "iam:ListRolePolicies", "iam:DeleteRolePolicy", "iam:CreatePolicyVersion", "iam:DeletePolicyVersion", "iam:DeleteRole", "cloudformation:ListStacks", "sns:CreateSMSSandboxPhoneNumber", "sns:GetSMSSandboxAccountStatus", "sns:VerifySMSSandboxPhoneNumber", "sns:DeleteSMSSandboxPhoneNumber", "sns:ListSMSSandboxPhoneNumbers", "sns:ListOriginationNumbers" ], "Resource": "*" }, { "Sid": "AmplifySSMCalls", "Effect": "Allow", "Action": [ "ssm:PutParameter", "ssm:DeleteParameter", "ssm:GetParametersByPath", "ssm:GetParameters", "ssm:GetParameter", "ssm:DeleteParameters" ], "Resource": "arn:aws:ssm:*:*:parameter/amplify/*" } ] }, "VersionId": "v3" }, "AlexaForBusinessDeviceSetup": { "PolicyName": "AlexaForBusinessDeviceSetup", "PolicyId": "ANPAIUEFZFUTDTY4HGFU2", "Arn": "arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-30T16:47:16+00:00", "UpdateDate": "2019-05-20T21:05:39+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "a4b:RegisterDevice", "a4b:CompleteRegistration", "a4b:SearchDevices", "a4b:SearchNetworkProfiles", "a4b:GetNetworkProfile", "a4b:PutDeviceSetupEvents" ], "Resource": "*" }, { "Sid": "A4bDeviceSetupAccess", "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue" ], "Resource": "arn:aws:secretsmanager:*:*:secret:A4BNetworkProfile*" } ] }, "VersionId": "v2" }, "AlexaForBusinessFullAccess": { "PolicyName": "AlexaForBusinessFullAccess", "PolicyId": "ANPAILUT3JGG7WRIMVNH2", "Arn": "arn:aws:iam::aws:policy/AlexaForBusinessFullAccess", "Path": "/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-30T16:47:09+00:00", "UpdateDate": "2020-07-01T21:01:55+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "a4b:*", "kms:DescribeKey" ], "Resource": "*" }, { "Action": [ "iam:CreateServiceLinkedRole" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringLike": { "iam:AWSServiceName": [ "*a4b.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Resource": "arn:aws:iam::*:role/aws-service-role/*a4b.amazonaws.com/AWSServiceRoleForAlexaForBusiness*" }, { "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:DeleteSecret", "secretsmanager:UpdateSecret" ], "Resource": "arn:aws:secretsmanager:*:*:secret:A4B*" }, { "Effect": "Allow", "Action": "secretsmanager:CreateSecret", "Resource": "*", "Condition": { "StringLike": { "secretsmanager:Name": "A4B*" } } } ] }, "VersionId": "v5" }, "AlexaForBusinessGatewayExecution": { "PolicyName": "AlexaForBusinessGatewayExecution", "PolicyId": "ANPAI3LZ7YP7KHLG4DT2Q", "Arn": "arn:aws:iam::aws:policy/AlexaForBusinessGatewayExecution", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-30T16:47:19+00:00", "UpdateDate": "2017-11-30T16:47:19+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "a4b:Send*", "a4b:Get*" ], "Resource": "arn:aws:a4b:*:*:gateway/*" }, { "Effect": "Allow", "Action": [ "sqs:ReceiveMessage", "sqs:DeleteMessage" ], "Resource": [ "arn:aws:sqs:*:*:dd-*", "arn:aws:sqs:*:*:sd-*" ] }, { "Effect": "Allow", "Action": [ "a4b:List*", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogGroups", "logs:PutLogEvents" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AlexaForBusinessLifesizeDelegatedAccessPolicy": { "PolicyName": "AlexaForBusinessLifesizeDelegatedAccessPolicy", "PolicyId": "ANPAZKAPJZG4HXQBRRIQV", "Arn": "arn:aws:iam::aws:policy/AlexaForBusinessLifesizeDelegatedAccessPolicy", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-04T19:46:56+00:00", "UpdateDate": "2020-06-12T20:31:59+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "a4b:DisassociateDeviceFromRoom", "a4b:DeleteDevice", "a4b:UpdateDevice", "a4b:GetDevice" ], "Resource": [ "arn:aws:a4b:us-east-1:*:device/*/*:A2IWO7UEGWV4TL" ] }, { "Effect": "Allow", "Action": [ "a4b:RegisterAVSDevice" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "a4b:amazonId": [ "A2IWO7UEGWV4TL" ] } } }, { "Effect": "Allow", "Action": [ "a4b:SearchDevices" ], "Resource": [ "*" ], "Condition": { "ForAllValues:StringLike": { "a4b:filters_deviceType": [ "*A2IWO7UEGWV4TL" ] }, "Null": { "a4b:filters_deviceType": "false" } } }, { "Effect": "Allow", "Action": [ "a4b:AssociateDeviceWithRoom" ], "Resource": [ "arn:aws:a4b:us-east-1:*:device/*/*:A2IWO7UEGWV4TL", "arn:aws:a4b:us-east-1:*:room/*" ] }, { "Effect": "Allow", "Action": [ "a4b:GetRoom", "a4b:GetAddressBook", "a4b:SearchRooms", "a4b:CreateContact", "a4b:CreateRoom", "a4b:UpdateContact", "a4b:ListConferenceProviders", "a4b:DeleteRoom", "a4b:CreateAddressBook", "a4b:DisassociateContactFromAddressBook", "a4b:CreateConferenceProvider", "a4b:PutConferencePreference", "a4b:DeleteAddressBook", "a4b:AssociateContactWithAddressBook", "a4b:DeleteContact", "a4b:SearchProfiles", "a4b:UpdateProfile", "a4b:GetContact" ], "Resource": "*" }, { "Action": [ "kms:DescribeKey" ], "Effect": "Allow", "Resource": "arn:aws:kms:*:*:key/*" } ] }, "VersionId": "v2" }, "AlexaForBusinessNetworkProfileServicePolicy": { "PolicyName": "AlexaForBusinessNetworkProfileServicePolicy", "PolicyId": "ANPAI7GYBNGIZU2EDSMGQ", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AlexaForBusinessNetworkProfileServicePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-03-13T00:53:40+00:00", "UpdateDate": "2019-04-05T21:57:56+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "A4bPcaTagAccess", "Action": [ "acm-pca:GetCertificate", "acm-pca:IssueCertificate", "acm-pca:RevokeCertificate" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/a4b": "enabled" } } }, { "Sid": "A4bNetworkProfileAccess", "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue" ], "Resource": "arn:aws:secretsmanager:*:*:secret:A4BNetworkProfile*" } ] }, "VersionId": "v2" }, "AlexaForBusinessPolyDelegatedAccessPolicy": { "PolicyName": "AlexaForBusinessPolyDelegatedAccessPolicy", "PolicyId": "ANPAZKAPJZG4FIHC2UP5Z", "Arn": "arn:aws:iam::aws:policy/AlexaForBusinessPolyDelegatedAccessPolicy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-10-16T19:48:45+00:00", "UpdateDate": "2019-10-16T19:48:45+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "a4b:DisassociateDeviceFromRoom", "a4b:DeleteDevice", "a4b:UpdateDevice", "a4b:GetDevice" ], "Effect": "Allow", "Resource": [ "arn:aws:a4b:us-east-1:*:device/*/*:A238TWV36W3S92", "arn:aws:a4b:us-east-1:*:device/*/*:A1FUZ1SC53VJXD" ] }, { "Action": [ "a4b:RegisterAVSDevice" ], "Effect": "Allow", "Resource": [ "*" ], "Condition": { "StringEquals": { "a4b:amazonId": [ "A238TWV36W3S92", "A1FUZ1SC53VJXD" ] } } }, { "Action": [ "a4b:SearchDevices" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "a4b:AssociateDeviceWithRoom" ], "Effect": "Allow", "Resource": [ "arn:aws:a4b:us-east-1:*:device/*/*:A238TWV36W3S92", "arn:aws:a4b:us-east-1:*:device/*/*:A1FUZ1SC53VJXD", "arn:aws:a4b:us-east-1:*:room/*" ] }, { "Action": [ "a4b:GetRoom", "a4b:SearchRooms", "a4b:CreateRoom", "a4b:GetProfile", "a4b:SearchSkillGroups", "a4b:DisassociateSkillGroupFromRoom", "a4b:AssociateSkillGroupWithRoom", "a4b:GetSkillGroup", "a4b:SearchProfiles", "a4b:GetAddressBook", "a4b:UpdateRoom" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AlexaForBusinessReadOnlyAccess": { "PolicyName": "AlexaForBusinessReadOnlyAccess", "PolicyId": "ANPAI6BKSTB4XMLPBFFJ2", "Arn": "arn:aws:iam::aws:policy/AlexaForBusinessReadOnlyAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-30T16:47:12+00:00", "UpdateDate": "2019-11-20T00:25:33+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "a4b:Get*", "a4b:List*", "a4b:Search*" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AmazonAPIGatewayAdministrator": { "PolicyName": "AmazonAPIGatewayAdministrator", "PolicyId": "ANPAJ4PT6VY5NLKTNUYSI", "Arn": "arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-07-09T17:34:45+00:00", "UpdateDate": "2015-07-09T17:34:45+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "apigateway:*" ], "Resource": "arn:aws:apigateway:*::/*" } ] }, "VersionId": "v1" }, "AmazonAPIGatewayInvokeFullAccess": { "PolicyName": "AmazonAPIGatewayInvokeFullAccess", "PolicyId": "ANPAIIWAX2NOOQJ4AIEQ6", "Arn": "arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-07-09T17:36:12+00:00", "UpdateDate": "2018-12-18T18:25:10+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "execute-api:Invoke", "execute-api:ManageConnections" ], "Resource": "arn:aws:execute-api:*:*:*" } ] }, "VersionId": "v2" }, "AmazonAPIGatewayPushToCloudWatchLogs": { "PolicyName": "AmazonAPIGatewayPushToCloudWatchLogs", "PolicyId": "ANPAIK4GFO7HLKYN64ASK", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-11-11T23:41:46+00:00", "UpdateDate": "2015-11-11T23:41:46+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:PutLogEvents", "logs:GetLogEvents", "logs:FilterLogEvents" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonAppFlowFullAccess": { "PolicyName": "AmazonAppFlowFullAccess", "PolicyId": "ANPAZKAPJZG4PGBU2ALC4", "Arn": "arn:aws:iam::aws:policy/AmazonAppFlowFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-02T23:30:14+00:00", "UpdateDate": "2020-12-07T22:49:15+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "appflow:*", "Resource": "*" }, { "Sid": "ListRolesForRedshift", "Effect": "Allow", "Action": "iam:ListRoles", "Resource": "*" }, { "Sid": "KMSListAccess", "Action": [ "kms:ListKeys", "kms:DescribeKey", "kms:ListAliases" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "KMSGrantAccess", "Effect": "Allow", "Action": [ "kms:CreateGrant" ], "Resource": "*", "Condition": { "StringLike": { "kms:ViaService": "appflow.*.amazonaws.com" }, "Bool": { "kms:GrantIsForAWSResource": "true" } } }, { "Sid": "KMSListGrantAccess", "Effect": "Allow", "Action": [ "kms:ListGrants" ], "Resource": "*", "Condition": { "StringLike": { "kms:ViaService": "appflow.*.amazonaws.com" } } }, { "Sid": "S3ReadAccess", "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:ListBucket", "s3:GetBucketLocation", "s3:GetBucketPolicy" ], "Resource": "*" }, { "Sid": "S3PutBucketPolicyAccess", "Effect": "Allow", "Action": [ "s3:PutBucketPolicy" ], "Resource": "arn:aws:s3:::appflow-*" }, { "Sid": "SecretsManagerCreateSecretAccess", "Effect": "Allow", "Action": "secretsmanager:CreateSecret", "Resource": "*", "Condition": { "StringLike": { "secretsmanager:Name": "appflow!*" }, "ForAnyValue:StringEquals": { "aws:CalledVia": [ "appflow.amazonaws.com" ] } } }, { "Sid": "SecretsManagerPutResourcePolicyAccess", "Effect": "Allow", "Action": [ "secretsmanager:PutResourcePolicy" ], "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": [ "appflow.amazonaws.com" ] }, "StringEqualsIgnoreCase": { "secretsmanager:ResourceTag/aws:secretsmanager:owningService": "appflow" } } } ] }, "VersionId": "v2" }, "AmazonAppFlowReadOnlyAccess": { "PolicyName": "AmazonAppFlowReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4CCGEQPIQI", "Arn": "arn:aws:iam::aws:policy/AmazonAppFlowReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-02T23:26:51+00:00", "UpdateDate": "2020-06-02T23:26:51+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "appflow:DescribeConnectors", "appflow:DescribeConnectorProfiles", "appflow:DescribeFlows", "appflow:DescribeFlowExecution", "appflow:DescribeConnectorFields", "appflow:ListConnectorFields", "appflow:ListTagsForResource" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonAppStreamFullAccess": { "PolicyName": "AmazonAppStreamFullAccess", "PolicyId": "ANPAJLZZXU2YQVGL4QDNC", "Arn": "arn:aws:iam::aws:policy/AmazonAppStreamFullAccess", "Path": "/", "DefaultVersionId": "v6", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:09+00:00", "UpdateDate": "2020-08-28T17:24:35+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "appstream:*" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget", "application-autoscaling:DescribeScheduledActions", "application-autoscaling:PutScheduledAction", "application-autoscaling:DeleteScheduledAction" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStatistics", "cloudwatch:PutMetricAlarm" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcEndpoints" ], "Effect": "Allow", "Resource": "*" }, { "Action": "iam:ListRoles", "Effect": "Allow", "Resource": "*" }, { "Action": "iam:PassRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/service-role/ApplicationAutoScalingForAmazonAppStreamAccess", "Condition": { "StringLike": { "iam:PassedToService": "application-autoscaling.amazonaws.com" } } }, { "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/appstream.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_AppStreamFleet", "Condition": { "StringLike": { "iam:AWSServiceName": "appstream.application-autoscaling.amazonaws.com" } } } ] }, "VersionId": "v6" }, "AmazonAppStreamReadOnlyAccess": { "PolicyName": "AmazonAppStreamReadOnlyAccess", "PolicyId": "ANPAJXIFDGB4VBX23DX7K", "Arn": "arn:aws:iam::aws:policy/AmazonAppStreamReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:10+00:00", "UpdateDate": "2016-12-07T21:00:06+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "appstream:Get*", "appstream:List*", "appstream:Describe*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonAppStreamServiceAccess": { "PolicyName": "AmazonAppStreamServiceAccess", "PolicyId": "ANPAISBRZ7LMMCBYEF3SE", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonAppStreamServiceAccess", "Path": "/service-role/", "DefaultVersionId": "v8", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-11-19T04:17:37+00:00", "UpdateDate": "2020-06-26T16:33:54+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeAvailabilityZones", "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", "ec2:DescribeSubnets", "ec2:AssociateAddress", "ec2:DisassociateAddress", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcEndpoints", "s3:ListAllMyBuckets", "ds:DescribeDirectories" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:ListBucket", "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:GetObjectVersion", "s3:DeleteObjectVersion", "s3:GetBucketPolicy", "s3:PutBucketPolicy", "s3:PutEncryptionConfiguration" ], "Resource": [ "arn:aws:s3:::appstream2-36fb080bb8-*", "arn:aws:s3:::appstream-app-settings-*", "arn:aws:s3:::appstream-logs-*" ] } ] }, "VersionId": "v8" }, "AmazonAthenaFullAccess": { "PolicyName": "AmazonAthenaFullAccess", "PolicyId": "ANPAIPJMLMD4C7RYZ6XCK", "Arn": "arn:aws:iam::aws:policy/AmazonAthenaFullAccess", "Path": "/", "DefaultVersionId": "v7", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-11-30T16:46:01+00:00", "UpdateDate": "2021-07-07T20:15:04+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "athena:*" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "glue:CreateDatabase", "glue:DeleteDatabase", "glue:GetDatabase", "glue:GetDatabases", "glue:UpdateDatabase", "glue:CreateTable", "glue:DeleteTable", "glue:BatchDeleteTable", "glue:UpdateTable", "glue:GetTable", "glue:GetTables", "glue:BatchCreatePartition", "glue:CreatePartition", "glue:DeletePartition", "glue:BatchDeletePartition", "glue:UpdatePartition", "glue:GetPartition", "glue:GetPartitions", "glue:BatchGetPartition" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:ListMultipartUploadParts", "s3:AbortMultipartUpload", "s3:CreateBucket", "s3:PutObject", "s3:PutBucketPublicAccessBlock" ], "Resource": [ "arn:aws:s3:::aws-athena-query-results-*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::athena-examples*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetBucketLocation", "s3:ListAllMyBuckets" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "sns:ListTopics", "sns:GetTopicAttributes" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "lakeformation:GetDataAccess" ], "Resource": [ "*" ] } ] }, "VersionId": "v7" }, "AmazonAugmentedAIFullAccess": { "PolicyName": "AmazonAugmentedAIFullAccess", "PolicyId": "ANPAZKAPJZG4HJOEBWQWI", "Arn": "arn:aws:iam::aws:policy/AmazonAugmentedAIFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-03T16:21:56+00:00", "UpdateDate": "2019-12-03T16:21:56+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sagemaker:*HumanLoop", "sagemaker:*HumanLoops", "sagemaker:*FlowDefinition", "sagemaker:*FlowDefinitions", "sagemaker:*HumanTaskUi", "sagemaker:*HumanTaskUis" ], "Resource": "*", "Condition": { "StringEqualsIfExists": { "sagemaker:WorkteamType": [ "private-crowd", "vendor-crowd" ] } } }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "arn:aws:iam::*:role/*", "Condition": { "StringEquals": { "iam:PassedToService": [ "sagemaker.amazonaws.com" ] } } } ] }, "VersionId": "v1" }, "AmazonAugmentedAIHumanLoopFullAccess": { "PolicyName": "AmazonAugmentedAIHumanLoopFullAccess", "PolicyId": "ANPAZKAPJZG4DLDNVPZG4", "Arn": "arn:aws:iam::aws:policy/AmazonAugmentedAIHumanLoopFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-03T16:20:47+00:00", "UpdateDate": "2019-12-03T16:20:47+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sagemaker:*HumanLoop", "sagemaker:*HumanLoops" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonAugmentedAIIntegratedAPIAccess": { "PolicyName": "AmazonAugmentedAIIntegratedAPIAccess", "PolicyId": "ANPAZKAPJZG4A7KC4RFTV", "Arn": "arn:aws:iam::aws:policy/AmazonAugmentedAIIntegratedAPIAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-04-22T20:47:32+00:00", "UpdateDate": "2020-04-22T20:47:32+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sagemaker:*HumanLoop", "sagemaker:*HumanLoops", "sagemaker:*FlowDefinition", "sagemaker:*FlowDefinitions", "sagemaker:*HumanTaskUi", "sagemaker:*HumanTaskUis" ], "Resource": "*", "Condition": { "StringEqualsIfExists": { "sagemaker:WorkteamType": [ "private-crowd", "vendor-crowd" ] } } }, { "Effect": "Allow", "Action": [ "textract:AnalyzeDocument" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "rekognition:DetectModerationLabels" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "arn:aws:iam::*:role/*", "Condition": { "StringEquals": { "iam:PassedToService": [ "sagemaker.amazonaws.com" ] } } } ] }, "VersionId": "v1" }, "AmazonBraketFullAccess": { "PolicyName": "AmazonBraketFullAccess", "PolicyId": "ANPAZKAPJZG4HUAKO7NZO", "Arn": "arn:aws:iam::aws:policy/AmazonBraketFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-08-06T20:12:37+00:00", "UpdateDate": "2021-02-18T07:48:38+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:ListBucket" ], "Resource": "arn:aws:s3:::amazon-braket-*" }, { "Effect": "Allow", "Action": [ "logs:Describe*", "logs:Get*", "logs:List*", "logs:StartQuery", "logs:StopQuery", "logs:TestMetricFilter", "logs:FilterLogEvents" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/braket:*" }, { "Effect": "Allow", "Action": [ "iam:ListRoles", "iam:ListRolePolicies", "iam:GetRole", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "sagemaker:ListNotebookInstances" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "sagemaker:CreatePresignedNotebookInstanceUrl", "sagemaker:CreateNotebookInstance", "sagemaker:DeleteNotebookInstance", "sagemaker:DescribeNotebookInstance", "sagemaker:StartNotebookInstance", "sagemaker:StopNotebookInstance", "sagemaker:UpdateNotebookInstance", "sagemaker:ListTags", "sagemaker:AddTags", "sagemaker:DeleteTags" ], "Resource": "arn:aws:sagemaker:*:*:notebook-instance/amazon-braket-*" }, { "Effect": "Allow", "Action": [ "sagemaker:DescribeNotebookInstanceLifecycleConfig", "sagemaker:CreateNotebookInstanceLifecycleConfig", "sagemaker:DeleteNotebookInstanceLifecycleConfig", "sagemaker:ListNotebookInstanceLifecycleConfigs", "sagemaker:UpdateNotebookInstanceLifecycleConfig" ], "Resource": "arn:aws:sagemaker:*:*:notebook-instance-lifecycle-config/amazon-braket-*" }, { "Effect": "Allow", "Action": "braket:*", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/braket.amazonaws.com/AWSServiceRoleForAmazonBraket*", "Condition": { "StringEquals": { "iam:AWSServiceName": "braket.amazonaws.com" } } }, { "Action": [ "iam:PassRole" ], "Effect": "Allow", "Resource": "arn:aws:iam::*:role/service-role/AmazonBraketServiceSageMakerNotebookRole*", "Condition": { "StringLike": { "iam:PassedToService": [ "sagemaker.amazonaws.com" ] } } } ] }, "VersionId": "v2" }, "AmazonBraketServiceRolePolicy": { "PolicyName": "AmazonBraketServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4NIYU42I3S", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonBraketServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-08-04T17:12:23+00:00", "UpdateDate": "2020-08-06T20:10:42+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:ListBucket" ], "Resource": "arn:aws:s3:::amazon-braket-*" }, { "Effect": "Allow", "Action": [ "logs:PutLogEvents", "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:CreateLogGroup", "logs:DescribeLogGroups" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/braket:*" } ] }, "VersionId": "v2" }, "AmazonChimeFullAccess": { "PolicyName": "AmazonChimeFullAccess", "PolicyId": "ANPAIUJFSAKUERNORYRWO", "Arn": "arn:aws:iam::aws:policy/AmazonChimeFullAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-01T22:15:43+00:00", "UpdateDate": "2020-12-14T21:00:52+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "chime:*" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "s3:ListBucket", "s3:ListAllMyBuckets", "s3:GetBucketAcl", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketVersioning", "s3:GetBucketWebsite" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "logs:CreateLogDelivery", "logs:DeleteLogDelivery", "logs:GetLogDelivery", "logs:ListLogDeliveries", "logs:DescribeResourcePolicies", "logs:PutResourcePolicy", "logs:CreateLogGroup", "logs:DescribeLogGroups" ], "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": [ "sns:CreateTopic", "sns:GetTopicAttributes" ], "Resource": [ "arn:aws:sns:*:*:ChimeVoiceConnector-Streaming*" ] }, { "Effect": "Allow", "Action": [ "sqs:GetQueueAttributes", "sqs:CreateQueue" ], "Resource": [ "arn:aws:sqs:*:*:ChimeVoiceConnector-Streaming*" ] }, { "Action": [ "kinesis:ListStreams" ], "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": [ "kinesis:DescribeStream" ], "Resource": [ "arn:aws:kinesis:*:*:stream/chime-chat-*", "arn:aws:kinesis:*:*:stream/chime-messaging-*" ] }, { "Effect": "Allow", "Action": [ "s3:GetEncryptionConfiguration", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::chime-chat-*" ] } ] }, "VersionId": "v3" }, "AmazonChimeReadOnly": { "PolicyName": "AmazonChimeReadOnly", "PolicyId": "ANPAJLBFZZFABRXVWRTCI", "Arn": "arn:aws:iam::aws:policy/AmazonChimeReadOnly", "Path": "/", "DefaultVersionId": "v10", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-01T22:04:17+00:00", "UpdateDate": "2020-12-14T20:53:57+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "chime:List*", "chime:Get*", "chime:Describe*", "chime:SearchAvailablePhoneNumbers" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v10" }, "AmazonChimeSDK": { "PolicyName": "AmazonChimeSDK", "PolicyId": "ANPAZKAPJZG4ACM6EA4B7", "Arn": "arn:aws:iam::aws:policy/AmazonChimeSDK", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-02-04T21:53:37+00:00", "UpdateDate": "2020-09-18T21:07:30+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "chime:CreateMeeting", "chime:CreateMeetingWithAttendees", "chime:DeleteMeeting", "chime:GetMeeting", "chime:ListMeetings", "chime:CreateAttendee", "chime:BatchCreateAttendee", "chime:DeleteAttendee", "chime:GetAttendee", "chime:ListAttendees", "chime:ListAttendeeTags", "chime:ListMeetingTags", "chime:ListTagsForResource", "chime:TagAttendee", "chime:TagMeeting", "chime:TagResource", "chime:UntagAttendee", "chime:UntagMeeting", "chime:UntagResource" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v3" }, "AmazonChimeServiceRolePolicy": { "PolicyName": "AmazonChimeServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4NA5XMV3PI", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-09-30T22:25:06+00:00", "UpdateDate": "2019-09-30T22:25:06+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/chime.amazonaws.com/AWSServiceRoleForAmazonChime" ], "Condition": { "StringLike": { "iam:AWSServiceName": "chime.amazonaws.com" } } } ] }, "VersionId": "v1" }, "AmazonChimeTranscriptionServiceLinkedRolePolicy": { "PolicyName": "AmazonChimeTranscriptionServiceLinkedRolePolicy", "PolicyId": "ANPAZKAPJZG4DC6EM4O3Q", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeTranscriptionServiceLinkedRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-08-04T21:47:41+00:00", "UpdateDate": "2021-08-04T21:47:41+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "transcribe:StartStreamTranscription", "transcribe:StartMedicalStreamTranscription" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonChimeUserManagement": { "PolicyName": "AmazonChimeUserManagement", "PolicyId": "ANPAJGLHVUHNMQPSDGSOO", "Arn": "arn:aws:iam::aws:policy/AmazonChimeUserManagement", "Path": "/", "DefaultVersionId": "v8", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-01T22:17:26+00:00", "UpdateDate": "2020-02-18T19:26:10+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "chime:ListAccounts", "chime:GetAccount", "chime:GetAccountSettings", "chime:UpdateAccountSettings", "chime:ListUsers", "chime:GetUser", "chime:GetUserByEmail", "chime:InviteUsers", "chime:InviteUsersFromProvider", "chime:SuspendUsers", "chime:ActivateUsers", "chime:UpdateUserLicenses", "chime:ResetPersonalPIN", "chime:LogoutUser", "chime:ListDomains", "chime:GetDomain", "chime:ListDirectories", "chime:ListGroups", "chime:SubmitSupportRequest", "chime:ListDelegates", "chime:ListAccountUsageReportData", "chime:GetMeetingDetail", "chime:ListMeetingEvents", "chime:ListMeetingsReportData", "chime:GetUserActivityReportData", "chime:UpdateUser", "chime:BatchUpdateUser", "chime:BatchSuspendUser", "chime:BatchUnsuspendUser", "chime:AssociatePhoneNumberWithUser", "chime:DisassociatePhoneNumberFromUser", "chime:GetPhoneNumber", "chime:ListPhoneNumbers", "chime:GetUserSettings", "chime:UpdateUserSettings", "chime:CreateUser", "chime:AssociateSigninDelegateGroupsWithAccount", "chime:DisassociateSigninDelegateGroupsFromAccount" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v8" }, "AmazonChimeVoiceConnectorServiceLinkedRolePolicy": { "PolicyName": "AmazonChimeVoiceConnectorServiceLinkedRolePolicy", "PolicyId": "ANPAZKAPJZG4GP44ZBY4P", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonChimeVoiceConnectorServiceLinkedRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-09-30T22:16:42+00:00", "UpdateDate": "2019-09-30T22:16:42+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "chime:GetVoiceConnector*" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AmazonCloudDirectoryFullAccess": { "PolicyName": "AmazonCloudDirectoryFullAccess", "PolicyId": "ANPAJG3XQK77ATFLCF2CK", "Arn": "arn:aws:iam::aws:policy/AmazonCloudDirectoryFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-02-25T00:41:39+00:00", "UpdateDate": "2017-02-25T00:41:39+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "clouddirectory:*" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AmazonCloudDirectoryReadOnlyAccess": { "PolicyName": "AmazonCloudDirectoryReadOnlyAccess", "PolicyId": "ANPAICMSZQGR3O62KMD6M", "Arn": "arn:aws:iam::aws:policy/AmazonCloudDirectoryReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-02-28T23:42:06+00:00", "UpdateDate": "2017-02-28T23:42:06+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "clouddirectory:List*", "clouddirectory:Get*", "clouddirectory:LookupPolicy", "clouddirectory:BatchRead" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AmazonCodeGuruProfilerAgentAccess": { "PolicyName": "AmazonCodeGuruProfilerAgentAccess", "PolicyId": "ANPAZKAPJZG4NJEGTVMFC", "Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruProfilerAgentAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-02-05T22:11:56+00:00", "UpdateDate": "2021-04-02T23:21:37+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "codeguru-profiler:ConfigureAgent", "codeguru-profiler:CreateProfilingGroup", "codeguru-profiler:PostAgentProfile" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonCodeGuruProfilerFullAccess": { "PolicyName": "AmazonCodeGuruProfilerFullAccess", "PolicyId": "ANPAZKAPJZG4FVCBNS424", "Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruProfilerFullAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-03T10:13:27+00:00", "UpdateDate": "2020-07-15T03:23:08+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "codeguru-profiler:*", "iam:ListRoles", "iam:ListUsers", "sns:ListTopics", "codeguru:*" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "iam:CreateServiceLinkedRole" ], "Effect": "Allow", "Resource": "arn:aws:iam::*:role/*AWSServiceRoleForCodeGuruProfiler*", "Condition": { "StringEquals": { "iam:AWSServiceName": "codeguru-profiler.amazonaws.com" } } } ] }, "VersionId": "v4" }, "AmazonCodeGuruProfilerReadOnlyAccess": { "PolicyName": "AmazonCodeGuruProfilerReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4LUSUINUHE", "Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruProfilerReadOnlyAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-03T10:30:15+00:00", "UpdateDate": "2020-06-27T23:52:52+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "codeguru:Get*", "codeguru-profiler:BatchGet*", "codeguru-profiler:Describe*", "codeguru-profiler:Get*", "codeguru-profiler:List*", "iam:ListRoles", "iam:ListUsers" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v3" }, "AmazonCodeGuruReviewerFullAccess": { "PolicyName": "AmazonCodeGuruReviewerFullAccess", "PolicyId": "ANPAZKAPJZG4ENLFBTHWM", "Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruReviewerFullAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-03T08:33:47+00:00", "UpdateDate": "2020-08-29T04:16:08+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AmazonCodeGuruReviewerFullAccess", "Effect": "Allow", "Action": [ "codeguru-reviewer:*", "codeguru:*" ], "Resource": "*" }, { "Sid": "AmazonCodeGuruReviewerSLRCreation", "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", "Condition": { "StringLike": { "iam:AWSServiceName": "codeguru-reviewer.amazonaws.com" } } }, { "Sid": "AmazonCodeGuruReviewerSLRDeletion", "Effect": "Allow", "Action": [ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer" }, { "Sid": "CodeCommitAccess", "Effect": "Allow", "Action": [ "codecommit:ListRepositories" ], "Resource": "*" }, { "Sid": "CodeCommitTagManagement", "Effect": "Allow", "Action": [ "codecommit:TagResource", "codecommit:UntagResource" ], "Resource": "*", "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": "codeguru-reviewer" } } }, { "Sid": "CodeConnectTagManagement", "Effect": "Allow", "Action": [ "codestar-connections:TagResource", "codestar-connections:UntagResource", "codestar-connections:ListTagsForResource" ], "Resource": "*", "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": "codeguru-reviewer" } } }, { "Sid": "CodeConnectManagedRules", "Effect": "Allow", "Action": [ "codestar-connections:UseConnection", "codestar-connections:ListConnections", "codestar-connections:PassConnection" ], "Resource": "*", "Condition": { "ForAllValues:StringEquals": { "codestar-connections:ProviderAction": [ "ListRepositories", "ListOwners" ] } } }, { "Sid": "CloudWatchEventsManagedRules", "Effect": "Allow", "Action": [ "events:PutRule", "events:PutTargets", "events:DeleteRule", "events:RemoveTargets" ], "Resource": "*", "Condition": { "StringEquals": { "events:ManagedBy": "codeguru-reviewer.amazonaws.com" } } } ] }, "VersionId": "v3" }, "AmazonCodeGuruReviewerReadOnlyAccess": { "PolicyName": "AmazonCodeGuruReviewerReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4FOJ4PYG77", "Arn": "arn:aws:iam::aws:policy/AmazonCodeGuruReviewerReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-03T08:48:24+00:00", "UpdateDate": "2020-08-29T04:15:32+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AmazonCodeGuruReviewerReadOnlyAccess", "Effect": "Allow", "Action": [ "codeguru:Get*", "codeguru-reviewer:List*", "codeguru-reviewer:Describe*", "codeguru-reviewer:Get*" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonCodeGuruReviewerServiceRolePolicy": { "PolicyName": "AmazonCodeGuruReviewerServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4NJY3GAUD2", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonCodeGuruReviewerServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-03T05:31:12+00:00", "UpdateDate": "2020-11-27T15:09:46+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AccessCodeGuruReviewerEnabledRepositories", "Effect": "Allow", "Action": [ "codecommit:GetRepository", "codecommit:GetBranch", "codecommit:DescribePullRequestEvents", "codecommit:GetCommentsForPullRequest", "codecommit:GetDifferences", "codecommit:GetPullRequest", "codecommit:ListPullRequests", "codecommit:PostCommentForPullRequest", "codecommit:GitPull", "codecommit:UntagResource" ], "Resource": "*", "Condition": { "StringLike": { "aws:ResourceTag/codeguru-reviewer": "enabled" } } }, { "Sid": "AccessCodeGuruReviewerEnabledConnections", "Effect": "Allow", "Action": [ "codestar-connections:UseConnection" ], "Resource": "*", "Condition": { "ForAllValues:StringEquals": { "codestar-connections:ProviderAction": [ "ListBranches", "GetBranch", "ListRepositories", "ListOwners", "ListPullRequests", "GetPullRequest", "ListPullRequestComments", "ListPullRequestCommits", "ListCommitFiles", "ListBranchCommits", "CreatePullRequestDiffComment", "GitPull" ] }, "Null": { "aws:ResourceTag/codeguru-reviewer": "false" } } }, { "Sid": "CloudWatchEventsResourceCleanup", "Effect": "Allow", "Action": [ "events:DeleteRule", "events:RemoveTargets" ], "Resource": "*", "Condition": { "StringEquals": { "events:ManagedBy": "codeguru-reviewer.amazonaws.com" } } }, { "Sid": "AllowGuruS3GetObject", "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::codeguru-reviewer-*", "arn:aws:s3:::codeguru-reviewer-*/*" ] } ] }, "VersionId": "v4" }, "AmazonCognitoDeveloperAuthenticatedIdentities": { "PolicyName": "AmazonCognitoDeveloperAuthenticatedIdentities", "PolicyId": "ANPAIQOKZ5BGKLCMTXH4W", "Arn": "arn:aws:iam::aws:policy/AmazonCognitoDeveloperAuthenticatedIdentities", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-03-24T17:22:23+00:00", "UpdateDate": "2015-03-24T17:22:23+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cognito-identity:GetOpenIdTokenForDeveloperIdentity", "cognito-identity:LookupDeveloperIdentity", "cognito-identity:MergeDeveloperIdentities", "cognito-identity:UnlinkDeveloperIdentity" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonCognitoIdpEmailServiceRolePolicy": { "PolicyName": "AmazonCognitoIdpEmailServiceRolePolicy", "PolicyId": "ANPAIX7PW362PLAQFKBHM", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonCognitoIdpEmailServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-03-21T21:32:25+00:00", "UpdateDate": "2019-03-21T21:32:25+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ses:SendEmail", "ses:SendRawEmail" ], "Resource": "*" }, { "Effect": "Deny", "Action": [ "ses:List*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonCognitoIdpServiceRolePolicy": { "PolicyName": "AmazonCognitoIdpServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4LEUDXVZDR", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonCognitoIdpServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-26T22:30:20+00:00", "UpdateDate": "2020-06-26T22:30:20+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cognito-idp:Describe*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonCognitoPowerUser": { "PolicyName": "AmazonCognitoPowerUser", "PolicyId": "ANPAJKW5H2HNCPGCYGR6Y", "Arn": "arn:aws:iam::aws:policy/AmazonCognitoPowerUser", "Path": "/", "DefaultVersionId": "v6", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-03-24T17:14:56+00:00", "UpdateDate": "2021-06-01T17:33:32+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cognito-identity:*", "cognito-idp:*", "cognito-sync:*", "iam:ListRoles", "iam:ListOpenIdConnectProviders", "iam:GetRole", "iam:ListSAMLProviders", "iam:GetSAMLProvider", "kinesis:ListStreams", "lambda:GetPolicy", "lambda:ListFunctions", "sns:GetSMSSandboxAccountStatus", "sns:ListPlatformApplications", "ses:ListIdentities", "ses:GetIdentityVerificationAttributes", "mobiletargeting:GetApps", "acm:ListCertificates" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "cognito-idp.amazonaws.com", "email.cognito-idp.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdp*", "arn:aws:iam::*:role/aws-service-role/email.cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdpEmail*" ] } ] }, "VersionId": "v6" }, "AmazonCognitoReadOnly": { "PolicyName": "AmazonCognitoReadOnly", "PolicyId": "ANPAJBFTRZD2GQGJHSVQK", "Arn": "arn:aws:iam::aws:policy/AmazonCognitoReadOnly", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-03-24T17:06:46+00:00", "UpdateDate": "2019-08-01T19:21:04+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cognito-identity:Describe*", "cognito-identity:Get*", "cognito-identity:List*", "cognito-idp:Describe*", "cognito-idp:AdminGet*", "cognito-idp:AdminList*", "cognito-idp:List*", "cognito-idp:Get*", "cognito-sync:Describe*", "cognito-sync:Get*", "cognito-sync:List*", "iam:ListOpenIdConnectProviders", "iam:ListRoles", "sns:ListPlatformApplications" ], "Resource": "*" } ] }, "VersionId": "v4" }, "AmazonConnectReadOnlyAccess": { "PolicyName": "AmazonConnectReadOnlyAccess", "PolicyId": "ANPAIVZMH7VU6YYKRY6ZU", "Arn": "arn:aws:iam::aws:policy/AmazonConnectReadOnlyAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-10-17T21:00:44+00:00", "UpdateDate": "2019-11-06T22:10:18+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "connect:Get*", "connect:Describe*", "connect:List*", "ds:DescribeDirectories" ], "Resource": "*" }, { "Effect": "Deny", "Action": "connect:GetFederationTokens", "Resource": "*" } ] }, "VersionId": "v3" }, "AmazonConnectServiceLinkedRolePolicy": { "PolicyName": "AmazonConnectServiceLinkedRolePolicy", "PolicyId": "ANPAJ6R6FMTSRUJSKI72Y", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonConnectServiceLinkedRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-09-07T00:21:43+00:00", "UpdateDate": "2021-04-14T00:13:10+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "connect:*" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "iam:DeleteRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect_*" }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetObjectAcl", "s3:PutObject", "s3:PutObjectAcl", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::amazon-connect-*/*" ] }, { "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:GetBucketAcl" ], "Resource": [ "arn:aws:s3:::amazon-connect-*" ] }, { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/connect/*:*" ] }, { "Effect": "Allow", "Action": [ "lex:ListBots", "lex:ListBotAliases" ], "Resource": "*" } ] }, "VersionId": "v4" }, "AmazonConnect_FullAccess": { "PolicyName": "AmazonConnect_FullAccess", "PolicyId": "ANPAZKAPJZG4JXAE7KLRO", "Arn": "arn:aws:iam::aws:policy/AmazonConnect_FullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-11-20T19:54:21+00:00", "UpdateDate": "2021-07-01T18:41:26+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "connect:*", "ds:CreateAlias", "ds:AuthorizeApplication", "ds:CreateIdentityPoolDirectory", "ds:DeleteDirectory", "ds:DescribeDirectories", "ds:UnauthorizeApplication", "firehose:DescribeDeliveryStream", "firehose:ListDeliveryStreams", "kinesis:DescribeStream", "kinesis:ListStreams", "kms:DescribeKey", "kms:ListAliases", "lex:GetBots", "lex:ListBots", "lex:ListBotAliases", "logs:CreateLogGroup", "s3:GetBucketLocation", "s3:ListAllMyBuckets", "lambda:ListFunctions", "ds:CheckAlias" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:GetBucketAcl" ], "Resource": "arn:aws:s3:::amazon-connect-*" }, { "Effect": "Allow", "Action": [ "servicequotas:GetServiceQuota" ], "Resource": "arn:aws:servicequotas:*:*:connect/*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "connect.amazonaws.com" } } }, { "Effect": "Allow", "Action": "iam:DeleteServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/connect.amazonaws.com/AWSServiceRoleForAmazonConnect*" } ] }, "VersionId": "v2" }, "AmazonDMSCloudWatchLogsRole": { "PolicyName": "AmazonDMSCloudWatchLogsRole", "PolicyId": "ANPAJBG7UXZZXUJD3TDJE", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-01-07T23:44:53+00:00", "UpdateDate": "2016-01-07T23:44:53+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowDescribeOnAllLogGroups", "Effect": "Allow", "Action": [ "logs:DescribeLogGroups" ], "Resource": [ "*" ] }, { "Sid": "AllowDescribeOfAllLogStreamsOnDmsTasksLogGroup", "Effect": "Allow", "Action": [ "logs:DescribeLogStreams" ], "Resource": [ "arn:aws:logs:*:*:log-group:dms-tasks-*" ] }, { "Sid": "AllowCreationOfDmsTasksLogGroups", "Effect": "Allow", "Action": [ "logs:CreateLogGroup" ], "Resource": [ "arn:aws:logs:*:*:log-group:dms-tasks-*" ] }, { "Sid": "AllowCreationOfDmsTaskLogStream", "Effect": "Allow", "Action": [ "logs:CreateLogStream" ], "Resource": [ "arn:aws:logs:*:*:log-group:dms-tasks-*:log-stream:dms-task-*" ] }, { "Sid": "AllowUploadOfLogEventsToDmsTaskLogStream", "Effect": "Allow", "Action": [ "logs:PutLogEvents" ], "Resource": [ "arn:aws:logs:*:*:log-group:dms-tasks-*:log-stream:dms-task-*" ] } ] }, "VersionId": "v1" }, "AmazonDMSRedshiftS3Role": { "PolicyName": "AmazonDMSRedshiftS3Role", "PolicyId": "ANPAI3CCUQ4U5WNC5F6B6", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role", "Path": "/service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-04-20T17:05:56+00:00", "UpdateDate": "2019-07-08T18:19:14+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:ListBucket", "s3:DeleteBucket", "s3:GetBucketLocation", "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:GetObjectVersion", "s3:GetBucketPolicy", "s3:PutBucketPolicy", "s3:GetBucketAcl", "s3:PutBucketVersioning", "s3:GetBucketVersioning", "s3:PutLifecycleConfiguration", "s3:GetLifecycleConfiguration", "s3:DeleteBucketPolicy" ], "Resource": "arn:aws:s3:::dms-*" } ] }, "VersionId": "v3" }, "AmazonDMSVPCManagementRole": { "PolicyName": "AmazonDMSVPCManagementRole", "PolicyId": "ANPAJHKIGMBQI4AEFFSYO", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole", "Path": "/service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-11-18T16:33:19+00:00", "UpdateDate": "2016-05-23T16:29:57+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:DescribeAvailabilityZones", "ec2:DescribeInternetGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DeleteNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AmazonDRSVPCManagement": { "PolicyName": "AmazonDRSVPCManagement", "PolicyId": "ANPAJPXIBTTZMBEFEX6UA", "Arn": "arn:aws:iam::aws:policy/AmazonDRSVPCManagement", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-09-02T00:09:20+00:00", "UpdateDate": "2015-09-02T00:09:20+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:DescribeAvailabilityZones", "ec2:DescribeInternetGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:ModifyNetworkInterfaceAttribute", "ec2:RevokeSecurityGroupIngress" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonDetectiveFullAccess": { "PolicyName": "AmazonDetectiveFullAccess", "PolicyId": "ANPAZKAPJZG4IRLX3QVOO", "Arn": "arn:aws:iam::aws:policy/AmazonDetectiveFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-04-30T17:57:15+00:00", "UpdateDate": "2020-10-21T22:07:28+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "detective:*", "organizations:DescribeOrganization", "organizations:ListAccounts" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "guardduty:ArchiveFindings" ], "Resource": "arn:aws:guardduty:*:*:detector/*" }, { "Effect": "Allow", "Action": [ "guardduty:ListDetectors" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonDevOpsGuruFullAccess": { "PolicyName": "AmazonDevOpsGuruFullAccess", "PolicyId": "ANPAZKAPJZG4BQEAUGTMM", "Arn": "arn:aws:iam::aws:policy/AmazonDevOpsGuruFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-01T16:38:12+00:00", "UpdateDate": "2020-12-01T16:38:12+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "DevOpsGuruFullAccess", "Effect": "Allow", "Action": [ "devops-guru:*" ], "Resource": "*" }, { "Sid": "CloudFormationListStacksAccess", "Effect": "Allow", "Action": [ "cloudformation:DescribeStacks", "cloudformation:ListStacks" ], "Resource": "*" }, { "Sid": "CloudWatchGetMetricDataAccess", "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData" ], "Resource": "*" }, { "Sid": "SnsListTopicsAccess", "Effect": "Allow", "Action": [ "sns:ListTopics" ], "Resource": "*" }, { "Sid": "SnsTopicOperations", "Effect": "Allow", "Action": [ "sns:CreateTopic", "sns:GetTopicAttributes", "sns:SetTopicAttributes", "sns:Publish" ], "Resource": "arn:aws:sns:*:*:DevOps-Guru-*" }, { "Sid": "DevOpsGuruSlrCreation", "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru", "Condition": { "StringLike": { "iam:AWSServiceName": "devops-guru.amazonaws.com" } } }, { "Sid": "DevOpsGuruSlrDeletion", "Effect": "Allow", "Action": [ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Resource": "arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru" } ] }, "VersionId": "v1" }, "AmazonDevOpsGuruReadOnlyAccess": { "PolicyName": "AmazonDevOpsGuruReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4JK4QO3QK6", "Arn": "arn:aws:iam::aws:policy/AmazonDevOpsGuruReadOnlyAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-01T16:34:40+00:00", "UpdateDate": "2021-06-14T22:34:43+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "DevOpsGuruReadOnlyAccess", "Effect": "Allow", "Action": [ "devops-guru:DescribeAccountHealth", "devops-guru:DescribeAccountOverview", "devops-guru:DescribeAnomaly", "devops-guru:DescribeFeedback", "devops-guru:DescribeInsight", "devops-guru:DescribeResourceCollectionHealth", "devops-guru:DescribeServiceIntegration", "devops-guru:GetCostEstimation", "devops-guru:GetResourceCollection", "devops-guru:ListAnomaliesForInsight", "devops-guru:ListEvents", "devops-guru:ListInsights", "devops-guru:ListNotificationChannels", "devops-guru:ListRecommendations", "devops-guru:SearchInsights", "devops-guru:StartCostEstimation" ], "Resource": "*" }, { "Sid": "CloudFormationListStacksAccess", "Effect": "Allow", "Action": [ "cloudformation:DescribeStacks", "cloudformation:ListStacks" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:GetRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/devops-guru.amazonaws.com/AWSServiceRoleForDevOpsGuru" }, { "Sid": "CloudWatchGetMetricDataAccess", "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AmazonDevOpsGuruServiceRolePolicy": { "PolicyName": "AmazonDevOpsGuruServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4LOGPH224B", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonDevOpsGuruServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-01T10:24:42+00:00", "UpdateDate": "2021-04-21T23:51:53+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "autoscaling:DescribeAutoScalingGroups", "cloudtrail:LookupEvents", "cloudwatch:GetMetricData", "cloudwatch:ListMetrics", "cloudwatch:DescribeAnomalyDetectors", "cloudwatch:DescribeAlarms", "cloudwatch:ListDashboards", "cloudwatch:GetDashboard", "cloudformation:GetTemplate", "cloudformation:ListStacks", "cloudformation:ListStackResources", "cloudformation:DescribeStacks", "cloudformation:ListImports", "codedeploy:BatchGetDeployments", "codedeploy:GetDeploymentGroup", "codedeploy:ListDeployments", "config:DescribeConfigurationRecorderStatus", "config:GetResourceConfigHistory", "events:ListRuleNamesByTarget", "xray:GetServiceGraph" ], "Resource": "*" }, { "Sid": "AllowPutTargetsOnASpecificRule", "Effect": "Allow", "Action": [ "events:PutTargets", "events:PutRule" ], "Resource": "arn:aws:events:*:*:rule/DevOps-Guru-managed-*" }, { "Sid": "AllowCreateOpsItem", "Effect": "Allow", "Action": [ "ssm:CreateOpsItem" ], "Resource": "*" }, { "Sid": "AllowAddTagsToOpsItem", "Effect": "Allow", "Action": [ "ssm:AddTagsToResource" ], "Resource": "arn:aws:ssm:*:*:opsitem/*" }, { "Sid": "AllowAccessOpsItem", "Effect": "Allow", "Action": [ "ssm:GetOpsItem", "ssm:UpdateOpsItem" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/DevOps-GuruInsightSsmOpsItemRelated": "true" } } } ] }, "VersionId": "v2" }, "AmazonDocDBConsoleFullAccess": { "PolicyName": "AmazonDocDBConsoleFullAccess", "PolicyId": "ANPAJHV6VMSNDDHJ3ESNI", "Arn": "arn:aws:iam::aws:policy/AmazonDocDBConsoleFullAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-01-09T20:37:28+00:00", "UpdateDate": "2021-04-05T22:42:40+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "rds:AddRoleToDBCluster", "rds:AddSourceIdentifierToSubscription", "rds:AddTagsToResource", "rds:ApplyPendingMaintenanceAction", "rds:CopyDBClusterParameterGroup", "rds:CopyDBClusterSnapshot", "rds:CopyDBParameterGroup", "rds:CreateDBCluster", "rds:CreateDBClusterParameterGroup", "rds:CreateDBClusterSnapshot", "rds:CreateDBInstance", "rds:CreateDBParameterGroup", "rds:CreateDBSubnetGroup", "rds:CreateEventSubscription", "rds:DeleteDBCluster", "rds:DeleteDBClusterParameterGroup", "rds:DeleteDBClusterSnapshot", "rds:DeleteDBInstance", "rds:DeleteDBParameterGroup", "rds:DeleteDBSubnetGroup", "rds:DeleteEventSubscription", "rds:DescribeAccountAttributes", "rds:DescribeCertificates", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBLogFiles", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSubnetGroups", "rds:DescribeEngineDefaultClusterParameters", "rds:DescribeEngineDefaultParameters", "rds:DescribeEventCategories", "rds:DescribeEventSubscriptions", "rds:DescribeEvents", "rds:DescribeOptionGroups", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribePendingMaintenanceActions", "rds:DescribeValidDBInstanceModifications", "rds:DownloadDBLogFilePortion", "rds:FailoverDBCluster", "rds:ListTagsForResource", "rds:ModifyDBCluster", "rds:ModifyDBClusterParameterGroup", "rds:ModifyDBClusterSnapshotAttribute", "rds:ModifyDBInstance", "rds:ModifyDBParameterGroup", "rds:ModifyDBSubnetGroup", "rds:ModifyEventSubscription", "rds:PromoteReadReplicaDBCluster", "rds:RebootDBInstance", "rds:RemoveRoleFromDBCluster", "rds:RemoveSourceIdentifierFromSubscription", "rds:RemoveTagsFromResource", "rds:ResetDBClusterParameterGroup", "rds:ResetDBParameterGroup", "rds:RestoreDBClusterFromSnapshot", "rds:RestoreDBClusterToPointInTime" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "iam:GetRole", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "ec2:AllocateAddress", "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AssociateAddress", "ec2:AssociateRouteTable", "ec2:AssociateSubnetCidrBlock", "ec2:AssociateVpcCidrBlock", "ec2:AttachInternetGateway", "ec2:AttachNetworkInterface", "ec2:CreateCustomerGateway", "ec2:CreateDefaultSubnet", "ec2:CreateDefaultVpc", "ec2:CreateInternetGateway", "ec2:CreateNatGateway", "ec2:CreateNetworkInterface", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeCustomerGateways", "ec2:DescribeInstances", "ec2:DescribeNatGateways", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroupReferences", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:ModifyVpcEndpoint", "kms:DescribeKey", "kms:ListAliases", "kms:ListKeyPolicies", "kms:ListKeys", "kms:ListRetirableGrants", "logs:DescribeLogStreams", "logs:GetLogEvents", "sns:ListSubscriptions", "sns:ListTopics", "sns:Publish" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS", "Condition": { "StringLike": { "iam:AWSServiceName": "rds.amazonaws.com" } } } ] }, "VersionId": "v3" }, "AmazonDocDBFullAccess": { "PolicyName": "AmazonDocDBFullAccess", "PolicyId": "ANPAIQKACUF6JJHALEG5K", "Arn": "arn:aws:iam::aws:policy/AmazonDocDBFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-01-09T20:21:44+00:00", "UpdateDate": "2019-01-09T20:21:44+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "rds:AddRoleToDBCluster", "rds:AddSourceIdentifierToSubscription", "rds:AddTagsToResource", "rds:ApplyPendingMaintenanceAction", "rds:CopyDBClusterParameterGroup", "rds:CopyDBClusterSnapshot", "rds:CopyDBParameterGroup", "rds:CreateDBCluster", "rds:CreateDBClusterParameterGroup", "rds:CreateDBClusterSnapshot", "rds:CreateDBInstance", "rds:CreateDBParameterGroup", "rds:CreateDBSubnetGroup", "rds:CreateEventSubscription", "rds:DeleteDBCluster", "rds:DeleteDBClusterParameterGroup", "rds:DeleteDBClusterSnapshot", "rds:DeleteDBInstance", "rds:DeleteDBParameterGroup", "rds:DeleteDBSubnetGroup", "rds:DeleteEventSubscription", "rds:DescribeAccountAttributes", "rds:DescribeCertificates", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBLogFiles", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSubnetGroups", "rds:DescribeEngineDefaultClusterParameters", "rds:DescribeEngineDefaultParameters", "rds:DescribeEventCategories", "rds:DescribeEventSubscriptions", "rds:DescribeEvents", "rds:DescribeOptionGroups", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribePendingMaintenanceActions", "rds:DescribeValidDBInstanceModifications", "rds:DownloadDBLogFilePortion", "rds:FailoverDBCluster", "rds:ListTagsForResource", "rds:ModifyDBCluster", "rds:ModifyDBClusterParameterGroup", "rds:ModifyDBClusterSnapshotAttribute", "rds:ModifyDBInstance", "rds:ModifyDBParameterGroup", "rds:ModifyDBSubnetGroup", "rds:ModifyEventSubscription", "rds:PromoteReadReplicaDBCluster", "rds:RebootDBInstance", "rds:RemoveRoleFromDBCluster", "rds:RemoveSourceIdentifierFromSubscription", "rds:RemoveTagsFromResource", "rds:ResetDBClusterParameterGroup", "rds:ResetDBParameterGroup", "rds:RestoreDBClusterFromSnapshot", "rds:RestoreDBClusterToPointInTime" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "kms:ListAliases", "kms:ListKeyPolicies", "kms:ListKeys", "kms:ListRetirableGrants", "logs:DescribeLogStreams", "logs:GetLogEvents", "sns:ListSubscriptions", "sns:ListTopics", "sns:Publish" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS", "Condition": { "StringLike": { "iam:AWSServiceName": "rds.amazonaws.com" } } } ] }, "VersionId": "v1" }, "AmazonDocDBReadOnlyAccess": { "PolicyName": "AmazonDocDBReadOnlyAccess", "PolicyId": "ANPAI477RMVACLTLWY5RQ", "Arn": "arn:aws:iam::aws:policy/AmazonDocDBReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-01-09T20:30:28+00:00", "UpdateDate": "2019-01-09T20:30:28+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "rds:DescribeAccountAttributes", "rds:DescribeCertificates", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBLogFiles", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSubnetGroups", "rds:DescribeEventCategories", "rds:DescribeEventSubscriptions", "rds:DescribeEvents", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribePendingMaintenanceActions", "rds:DownloadDBLogFilePortion", "rds:ListTagsForResource" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeInternetGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "kms:ListKeys", "kms:ListRetirableGrants", "kms:ListAliases", "kms:ListKeyPolicies" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "logs:DescribeLogStreams", "logs:GetLogEvents" ], "Effect": "Allow", "Resource": [ "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*", "arn:aws:logs:*:*:log-group:/aws/docdb/*:log-stream:*" ] } ] }, "VersionId": "v1" }, "AmazonDynamoDBFullAccess": { "PolicyName": "AmazonDynamoDBFullAccess", "PolicyId": "ANPAINUGF2JSOSUY76KYA", "Arn": "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess", "Path": "/", "DefaultVersionId": "v15", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:11+00:00", "UpdateDate": "2021-01-29T17:38:30+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "dynamodb:*", "dax:*", "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarmHistory", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "cloudwatch:PutMetricAlarm", "cloudwatch:GetMetricData", "datapipeline:ActivatePipeline", "datapipeline:CreatePipeline", "datapipeline:DeletePipeline", "datapipeline:DescribeObjects", "datapipeline:DescribePipelines", "datapipeline:GetPipelineDefinition", "datapipeline:ListPipelines", "datapipeline:PutPipelineDefinition", "datapipeline:QueryObjects", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "iam:GetRole", "iam:ListRoles", "kms:DescribeKey", "kms:ListAliases", "sns:CreateTopic", "sns:DeleteTopic", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "sns:Subscribe", "sns:Unsubscribe", "sns:SetTopicAttributes", "lambda:CreateFunction", "lambda:ListFunctions", "lambda:ListEventSourceMappings", "lambda:CreateEventSourceMapping", "lambda:DeleteEventSourceMapping", "lambda:GetFunctionConfiguration", "lambda:DeleteFunction", "resource-groups:ListGroups", "resource-groups:ListGroupResources", "resource-groups:GetGroup", "resource-groups:GetGroupQuery", "resource-groups:DeleteGroup", "resource-groups:CreateGroup", "tag:GetResources", "kinesis:ListStreams", "kinesis:DescribeStream", "kinesis:DescribeStreamSummary" ], "Effect": "Allow", "Resource": "*" }, { "Action": "cloudwatch:GetInsightRuleReport", "Effect": "Allow", "Resource": "arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*" }, { "Action": [ "iam:PassRole" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringLike": { "iam:PassedToService": [ "application-autoscaling.amazonaws.com", "application-autoscaling.amazonaws.com.cn", "dax.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "replication.dynamodb.amazonaws.com", "dax.amazonaws.com", "dynamodb.application-autoscaling.amazonaws.com", "contributorinsights.dynamodb.amazonaws.com", "kinesisreplication.dynamodb.amazonaws.com" ] } } } ] }, "VersionId": "v15" }, "AmazonDynamoDBFullAccesswithDataPipeline": { "PolicyName": "AmazonDynamoDBFullAccesswithDataPipeline", "PolicyId": "ANPAJ3ORT7KDISSXGHJXA", "Arn": "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccesswithDataPipeline", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:14+00:00", "UpdateDate": "2015-11-12T02:17:42+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarmHistory", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "cloudwatch:PutMetricAlarm", "dynamodb:*", "sns:CreateTopic", "sns:DeleteTopic", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "sns:Subscribe", "sns:Unsubscribe", "sns:SetTopicAttributes" ], "Effect": "Allow", "Resource": "*", "Sid": "DDBConsole" }, { "Action": [ "lambda:*", "iam:ListRoles" ], "Effect": "Allow", "Resource": "*", "Sid": "DDBConsoleTriggers" }, { "Action": [ "datapipeline:*", "iam:ListRoles" ], "Effect": "Allow", "Resource": "*", "Sid": "DDBConsoleImportExport" }, { "Effect": "Allow", "Action": [ "iam:GetRolePolicy", "iam:PassRole" ], "Resource": [ "*" ], "Sid": "IAMEDPRoles" }, { "Action": [ "ec2:CreateTags", "ec2:DescribeInstances", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances", "elasticmapreduce:*", "datapipeline:*" ], "Effect": "Allow", "Resource": "*", "Sid": "EMR" }, { "Action": [ "s3:DeleteObject", "s3:Get*", "s3:List*", "s3:Put*" ], "Effect": "Allow", "Resource": [ "*" ], "Sid": "S3" } ] }, "VersionId": "v2" }, "AmazonDynamoDBReadOnlyAccess": { "PolicyName": "AmazonDynamoDBReadOnlyAccess", "PolicyId": "ANPAIY2XFNA232XJ6J7X2", "Arn": "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess", "Path": "/", "DefaultVersionId": "v13", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:12+00:00", "UpdateDate": "2021-01-27T01:01:47+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "cloudwatch:DescribeAlarmHistory", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "cloudwatch:GetMetricData", "datapipeline:DescribeObjects", "datapipeline:DescribePipelines", "datapipeline:GetPipelineDefinition", "datapipeline:ListPipelines", "datapipeline:QueryObjects", "dynamodb:BatchGetItem", "dynamodb:Describe*", "dynamodb:List*", "dynamodb:GetItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:PartiQLSelect", "dax:Describe*", "dax:List*", "dax:GetItem", "dax:BatchGetItem", "dax:Query", "dax:Scan", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "iam:GetRole", "iam:ListRoles", "kms:DescribeKey", "kms:ListAliases", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "lambda:ListFunctions", "lambda:ListEventSourceMappings", "lambda:GetFunctionConfiguration", "resource-groups:ListGroups", "resource-groups:ListGroupResources", "resource-groups:GetGroup", "resource-groups:GetGroupQuery", "tag:GetResources", "kinesis:ListStreams", "kinesis:DescribeStream", "kinesis:DescribeStreamSummary" ], "Effect": "Allow", "Resource": "*" }, { "Action": "cloudwatch:GetInsightRuleReport", "Effect": "Allow", "Resource": "arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*" } ] }, "VersionId": "v13" }, "AmazonEC2ContainerRegistryFullAccess": { "PolicyName": "AmazonEC2ContainerRegistryFullAccess", "PolicyId": "ANPAIESRL7KD7IIVF6V4W", "Arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-12-21T17:06:48+00:00", "UpdateDate": "2020-12-05T00:04:19+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecr:*", "cloudtrail:LookupEvents" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "replication.ecr.amazonaws.com" ] } } } ] }, "VersionId": "v3" }, "AmazonEC2ContainerRegistryPowerUser": { "PolicyName": "AmazonEC2ContainerRegistryPowerUser", "PolicyId": "ANPAJDNE5PIHROIBGGDDW", "Arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-12-21T17:05:33+00:00", "UpdateDate": "2019-12-10T20:48:08+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:GetRepositoryPolicy", "ecr:DescribeRepositories", "ecr:ListImages", "ecr:DescribeImages", "ecr:BatchGetImage", "ecr:GetLifecyclePolicy", "ecr:GetLifecyclePolicyPreview", "ecr:ListTagsForResource", "ecr:DescribeImageScanFindings", "ecr:InitiateLayerUpload", "ecr:UploadLayerPart", "ecr:CompleteLayerUpload", "ecr:PutImage" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AmazonEC2ContainerRegistryReadOnly": { "PolicyName": "AmazonEC2ContainerRegistryReadOnly", "PolicyId": "ANPAIFYZPA37OOHVIH7KQ", "Arn": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-12-21T17:04:15+00:00", "UpdateDate": "2019-12-10T20:56:32+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:GetRepositoryPolicy", "ecr:DescribeRepositories", "ecr:ListImages", "ecr:DescribeImages", "ecr:BatchGetImage", "ecr:GetLifecyclePolicy", "ecr:GetLifecyclePolicyPreview", "ecr:ListTagsForResource", "ecr:DescribeImageScanFindings" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AmazonEC2ContainerServiceAutoscaleRole": { "PolicyName": "AmazonEC2ContainerServiceAutoscaleRole", "PolicyId": "ANPAIUAP3EGGGXXCPDQKK", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceAutoscaleRole", "Path": "/service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-05-12T23:25:44+00:00", "UpdateDate": "2018-02-05T19:15:15+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecs:DescribeServices", "ecs:UpdateService" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "cloudwatch:DescribeAlarms", "cloudwatch:PutMetricAlarm" ], "Resource": [ "*" ] } ] }, "VersionId": "v2" }, "AmazonEC2ContainerServiceEventsRole": { "PolicyName": "AmazonEC2ContainerServiceEventsRole", "PolicyId": "ANPAITKFNIUAG27VSYNZ4", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceEventsRole", "Path": "/service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-05-30T16:51:35+00:00", "UpdateDate": "2018-05-22T19:13:11+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecs:RunTask" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": [ "*" ], "Condition": { "StringLike": { "iam:PassedToService": "ecs-tasks.amazonaws.com" } } } ] }, "VersionId": "v2" }, "AmazonEC2ContainerServiceRole": { "PolicyName": "AmazonEC2ContainerServiceRole", "PolicyId": "ANPAJO53W2XHNACG7V77Q", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole", "Path": "/service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-04-09T16:14:19+00:00", "UpdateDate": "2016-08-11T13:08:01+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AuthorizeSecurityGroupIngress", "ec2:Describe*", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:Describe*", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:RegisterTargets" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonEC2ContainerServiceforEC2Role": { "PolicyName": "AmazonEC2ContainerServiceforEC2Role", "PolicyId": "ANPAJLYJCVHC7TQHCSQDS", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role", "Path": "/service-role/", "DefaultVersionId": "v6", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-03-19T18:45:18+00:00", "UpdateDate": "2019-06-13T19:11:37+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeTags", "ecs:CreateCluster", "ecs:DeregisterContainerInstance", "ecs:DiscoverPollEndpoint", "ecs:Poll", "ecs:RegisterContainerInstance", "ecs:StartTelemetrySession", "ecs:UpdateContainerInstancesState", "ecs:Submit*", "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*" } ] }, "VersionId": "v6" }, "AmazonEC2FullAccess": { "PolicyName": "AmazonEC2FullAccess", "PolicyId": "ANPAI3VAJF5ZCRZ7MCQE6", "Arn": "arn:aws:iam::aws:policy/AmazonEC2FullAccess", "Path": "/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:15+00:00", "UpdateDate": "2018-11-27T02:16:56+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": "ec2:*", "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": "elasticloadbalancing:*", "Resource": "*" }, { "Effect": "Allow", "Action": "cloudwatch:*", "Resource": "*" }, { "Effect": "Allow", "Action": "autoscaling:*", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "autoscaling.amazonaws.com", "ec2scheduled.amazonaws.com", "elasticloadbalancing.amazonaws.com", "spot.amazonaws.com", "spotfleet.amazonaws.com", "transitgateway.amazonaws.com" ] } } } ] }, "VersionId": "v5" }, "AmazonEC2ReadOnlyAccess": { "PolicyName": "AmazonEC2ReadOnlyAccess", "PolicyId": "ANPAIGDT4SV4GSETWTBZK", "Arn": "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:17+00:00", "UpdateDate": "2015-02-06T18:40:17+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:Describe*", "Resource": "*" }, { "Effect": "Allow", "Action": "elasticloadbalancing:Describe*", "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudwatch:ListMetrics", "cloudwatch:GetMetricStatistics", "cloudwatch:Describe*" ], "Resource": "*" }, { "Effect": "Allow", "Action": "autoscaling:Describe*", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonEC2RolePolicyForLaunchWizard": { "PolicyName": "AmazonEC2RolePolicyForLaunchWizard", "PolicyId": "ANPAZKAPJZG4CBGI56NFS", "Arn": "arn:aws:iam::aws:policy/AmazonEC2RolePolicyForLaunchWizard", "Path": "/", "DefaultVersionId": "v8", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-13T08:05:53+00:00", "UpdateDate": "2021-05-24T23:05:02+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AttachVolume", "ec2:RebootInstances", "ec2:StartInstances", "ec2:StopInstances" ], "Resource": [ "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:instance/*" ], "Condition": { "StringLike": { "ec2:ResourceTag/LaunchWizardResourceGroupID": "*" } } }, { "Effect": "Allow", "Action": [ "ec2:ReplaceRoute" ], "Resource": "arn:aws:ec2:*:*:route-table/*", "Condition": { "StringLike": { "ec2:ResourceTag/LaunchWizardApplicationType": "*" } } }, { "Effect": "Allow", "Action": [ "ec2:DescribeAddresses", "ec2:AssociateAddress", "ec2:DescribeInstances", "ec2:DescribeImages", "ec2:DescribeRegions", "ec2:DescribeVolumes", "ec2:DescribeRouteTables", "ec2:ModifyInstanceAttribute", "cloudwatch:GetMetricStatistics", "cloudwatch:PutMetricData", "ssm:GetCommandInvocation" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CreateTags", "ec2:CreateVolume" ], "Resource": "*", "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": [ "LaunchWizardResourceGroupID", "LaunchWizardApplicationType" ] } } }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:ListBucket", "s3:PutObject", "s3:PutObjectTagging", "s3:GetBucketLocation", "logs:PutLogEvents", "logs:DescribeLogGroups", "logs:DescribeLogStreams" ], "Resource": [ "arn:aws:logs:*:*:*", "arn:aws:s3:::launchwizard*", "arn:aws:s3:::aws-sap-data-provider/config.properties" ] }, { "Effect": "Allow", "Action": "logs:Create*", "Resource": "arn:aws:logs:*:*:*" }, { "Effect": "Allow", "Action": [ "ec2:Describe*", "cloudformation:DescribeStackResources", "cloudformation:SignalResource", "cloudformation:DescribeStackResource", "cloudformation:DescribeStacks" ], "Resource": "*", "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": "LaunchWizardResourceGroupID" } } }, { "Effect": "Allow", "Action": [ "dynamodb:BatchGetItem", "dynamodb:PutItem", "sqs:ReceiveMessage", "sqs:SendMessage", "dynamodb:Scan", "s3:ListBucket", "dynamodb:Query", "dynamodb:UpdateItem", "dynamodb:DeleteTable", "dynamodb:CreateTable", "s3:GetObject", "dynamodb:DescribeTable", "s3:GetBucketLocation", "dynamodb:UpdateTable" ], "Resource": [ "arn:aws:s3:::launchwizard*", "arn:aws:dynamodb:*:*:table/LaunchWizard*", "arn:aws:sqs:*:*:LaunchWizard*" ] }, { "Effect": "Allow", "Action": "ssm:SendCommand", "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "StringLike": { "ssm:resourceTag/LaunchWizardApplicationType": "*" } } }, { "Effect": "Allow", "Action": [ "ssm:SendCommand", "ssm:GetDocument" ], "Resource": [ "arn:aws:ssm:*:*:document/AWSSAP-InstallBackint" ] }, { "Effect": "Allow", "Action": [ "fsx:DescribeFileSystems", "fsx:ListTagsForResource" ], "Resource": "*", "Condition": { "ForAllValues:StringLike": { "aws:TagKeys": "LaunchWizard*" } } } ] }, "VersionId": "v8" }, "AmazonEC2RoleforAWSCodeDeploy": { "PolicyName": "AmazonEC2RoleforAWSCodeDeploy", "PolicyId": "ANPAIAZKXZ27TAJ4PVWGK", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy", "Path": "/service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-05-19T18:10:14+00:00", "UpdateDate": "2017-03-20T17:14:10+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:GetObject", "s3:GetObjectVersion", "s3:ListBucket" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonEC2RoleforAWSCodeDeployLimited": { "PolicyName": "AmazonEC2RoleforAWSCodeDeployLimited", "PolicyId": "ANPAZKAPJZG4NN2A7WC6C", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeployLimited", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-08-24T17:55:18+00:00", "UpdateDate": "2020-08-24T17:55:18+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:GetObject", "s3:GetObjectVersion", "s3:ListBucket" ], "Resource": "arn:aws:s3:::*/CodeDeploy/*", "Effect": "Allow" }, { "Action": [ "s3:GetObject", "s3:GetObjectVersion", "s3:ListBucket" ], "Resource": "*", "Condition": { "StringEquals": { "s3:ExistingObjectTag/UseWithCodeDeploy": "true" } }, "Effect": "Allow" } ] }, "VersionId": "v1" }, "AmazonEC2RoleforDataPipelineRole": { "PolicyName": "AmazonEC2RoleforDataPipelineRole", "PolicyId": "ANPAJ3Z5I2WAJE5DN2J36", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforDataPipelineRole", "Path": "/service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:25+00:00", "UpdateDate": "2016-02-22T17:24:05+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:*", "datapipeline:*", "dynamodb:*", "ec2:Describe*", "elasticmapreduce:AddJobFlowSteps", "elasticmapreduce:Describe*", "elasticmapreduce:ListInstance*", "elasticmapreduce:ModifyInstanceGroups", "rds:Describe*", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "s3:*", "sdb:*", "sns:*", "sqs:*" ], "Resource": [ "*" ] } ] }, "VersionId": "v3" }, "AmazonEC2RoleforSSM": { "PolicyName": "AmazonEC2RoleforSSM", "PolicyId": "ANPAI6TL3SMY22S4KMMX6", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM", "Path": "/service-role/", "DefaultVersionId": "v8", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-05-29T17:48:35+00:00", "UpdateDate": "2019-01-24T19:20:51+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ssm:DescribeAssociation", "ssm:GetDeployablePatchSnapshotForInstance", "ssm:GetDocument", "ssm:DescribeDocument", "ssm:GetManifest", "ssm:GetParameters", "ssm:ListAssociations", "ssm:ListInstanceAssociations", "ssm:PutInventory", "ssm:PutComplianceItems", "ssm:PutConfigurePackageResult", "ssm:UpdateAssociationStatus", "ssm:UpdateInstanceAssociationStatus", "ssm:UpdateInstanceInformation" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2messages:AcknowledgeMessage", "ec2messages:DeleteMessage", "ec2messages:FailMessage", "ec2messages:GetEndpoint", "ec2messages:GetMessages", "ec2messages:SendReply" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DescribeInstanceStatus" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ds:CreateComputer", "ds:DescribeDirectories" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:PutObject", "s3:GetObject", "s3:GetEncryptionConfiguration", "s3:AbortMultipartUpload", "s3:ListMultipartUploadParts", "s3:ListBucket", "s3:ListBucketMultipartUploads" ], "Resource": "*" } ] }, "VersionId": "v8" }, "AmazonEC2SpotFleetAutoscaleRole": { "PolicyName": "AmazonEC2SpotFleetAutoscaleRole", "PolicyId": "ANPAIMFFRMIOBGDP2TAVE", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetAutoscaleRole", "Path": "/service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-08-19T18:27:22+00:00", "UpdateDate": "2019-02-18T19:17:03+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeSpotFleetRequests", "ec2:ModifySpotFleetRequest" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "cloudwatch:DescribeAlarms", "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms" ], "Resource": [ "*" ] }, { "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/ec2.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_EC2SpotFleetRequest", "Condition": { "StringLike": { "iam:AWSServiceName": "ec2.application-autoscaling.amazonaws.com" } } } ] }, "VersionId": "v3" }, "AmazonEC2SpotFleetTaggingRole": { "PolicyName": "AmazonEC2SpotFleetTaggingRole", "PolicyId": "ANPAJ5U6UMLCEYLX5OLC4", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole", "Path": "/service-role/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-06-29T18:19:29+00:00", "UpdateDate": "2020-04-23T19:30:49+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeImages", "ec2:DescribeSubnets", "ec2:RequestSpotInstances", "ec2:TerminateInstances", "ec2:DescribeInstanceStatus", "ec2:CreateTags", "ec2:RunInstances" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": "iam:PassRole", "Condition": { "StringEquals": { "iam:PassedToService": [ "ec2.amazonaws.com", "ec2.amazonaws.com.cn" ] } }, "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "elasticloadbalancing:RegisterInstancesWithLoadBalancer" ], "Resource": [ "arn:aws:elasticloadbalancing:*:*:loadbalancer/*" ] }, { "Effect": "Allow", "Action": [ "elasticloadbalancing:RegisterTargets" ], "Resource": [ "arn:aws:elasticloadbalancing:*:*:*/*" ] } ] }, "VersionId": "v5" }, "AmazonECSServiceRolePolicy": { "PolicyName": "AmazonECSServiceRolePolicy", "PolicyId": "ANPAIVUWKCAI7URU4WUEI", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonECSServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v8", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-10-14T01:18:58+00:00", "UpdateDate": "2021-01-13T20:04:13+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "ECSTaskManagement", "Effect": "Allow", "Action": [ "ec2:AttachNetworkInterface", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:Describe*", "ec2:DetachNetworkInterface", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:Describe*", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:RegisterTargets", "route53:ChangeResourceRecordSets", "route53:CreateHealthCheck", "route53:DeleteHealthCheck", "route53:Get*", "route53:List*", "route53:UpdateHealthCheck", "servicediscovery:DeregisterInstance", "servicediscovery:Get*", "servicediscovery:List*", "servicediscovery:RegisterInstance", "servicediscovery:UpdateInstanceCustomHealthStatus" ], "Resource": "*" }, { "Sid": "AutoScaling", "Effect": "Allow", "Action": [ "autoscaling:Describe*" ], "Resource": "*" }, { "Sid": "AutoScalingManagement", "Effect": "Allow", "Action": [ "autoscaling:DeletePolicy", "autoscaling:PutScalingPolicy", "autoscaling:SetInstanceProtection", "autoscaling:UpdateAutoScalingGroup" ], "Resource": "*", "Condition": { "Null": { "autoscaling:ResourceTag/AmazonECSManaged": "false" } } }, { "Sid": "AutoScalingPlanManagement", "Effect": "Allow", "Action": [ "autoscaling-plans:CreateScalingPlan", "autoscaling-plans:DeleteScalingPlan", "autoscaling-plans:DescribeScalingPlans" ], "Resource": "*" }, { "Sid": "CWAlarmManagement", "Effect": "Allow", "Action": [ "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "cloudwatch:PutMetricAlarm" ], "Resource": "arn:aws:cloudwatch:*:*:alarm:*" }, { "Sid": "ECSTagging", "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": "arn:aws:ec2:*:*:network-interface/*" }, { "Sid": "CWLogGroupManagement", "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:DescribeLogGroups", "logs:PutRetentionPolicy" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/ecs/*" }, { "Sid": "CWLogStreamManagement", "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/ecs/*:log-stream:*" }, { "Sid": "ExecuteCommandSessionManagement", "Effect": "Allow", "Action": [ "ssm:DescribeSessions" ], "Resource": "*" }, { "Sid": "ExecuteCommand", "Effect": "Allow", "Action": [ "ssm:StartSession" ], "Resource": [ "arn:aws:ecs:*:*:task/*", "arn:aws:ssm:*:*:document/AmazonECS-ExecuteInteractiveCommand" ] } ] }, "VersionId": "v8" }, "AmazonECSTaskExecutionRolePolicy": { "PolicyName": "AmazonECSTaskExecutionRolePolicy", "PolicyId": "ANPAJG4T4G4PV56DE72PY", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-16T18:48:22+00:00", "UpdateDate": "2017-11-16T18:48:22+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonECS_FullAccess": { "PolicyName": "AmazonECS_FullAccess", "PolicyId": "ANPAJ7S7AN6YQPTJC7IFS", "Arn": "arn:aws:iam::aws:policy/AmazonECS_FullAccess", "Path": "/", "DefaultVersionId": "v19", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-07T21:36:54+00:00", "UpdateDate": "2020-10-12T21:02:23+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget", "appmesh:DescribeVirtualGateway", "appmesh:DescribeVirtualNode", "appmesh:ListMeshes", "appmesh:ListVirtualGateways", "appmesh:ListVirtualNodes", "autoscaling:CreateAutoScalingGroup", "autoscaling:CreateLaunchConfiguration", "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteLaunchConfiguration", "autoscaling:Describe*", "autoscaling:UpdateAutoScalingGroup", "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStack*", "cloudformation:UpdateStack", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStatistics", "cloudwatch:PutMetricAlarm", "codedeploy:BatchGetApplicationRevisions", "codedeploy:BatchGetApplications", "codedeploy:BatchGetDeploymentGroups", "codedeploy:BatchGetDeployments", "codedeploy:ContinueDeployment", "codedeploy:CreateApplication", "codedeploy:CreateDeployment", "codedeploy:CreateDeploymentGroup", "codedeploy:GetApplication", "codedeploy:GetApplicationRevision", "codedeploy:GetDeployment", "codedeploy:GetDeploymentConfig", "codedeploy:GetDeploymentGroup", "codedeploy:GetDeploymentTarget", "codedeploy:ListApplicationRevisions", "codedeploy:ListApplications", "codedeploy:ListDeploymentConfigs", "codedeploy:ListDeploymentGroups", "codedeploy:ListDeployments", "codedeploy:ListDeploymentTargets", "codedeploy:RegisterApplicationRevision", "codedeploy:StopDeployment", "ec2:AssociateRouteTable", "ec2:AttachInternetGateway", "ec2:AuthorizeSecurityGroupIngress", "ec2:CancelSpotFleetRequests", "ec2:CreateInternetGateway", "ec2:CreateLaunchTemplate", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateVpc", "ec2:DeleteLaunchTemplate", "ec2:DeleteSubnet", "ec2:DeleteVpc", "ec2:Describe*", "ec2:DetachInternetGateway", "ec2:DisassociateRouteTable", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:RequestSpotFleet", "ec2:RunInstances", "ecs:*", "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:DescribeFileSystems", "elasticloadbalancing:CreateListener", "elasticloadbalancing:CreateLoadBalancer", "elasticloadbalancing:CreateRule", "elasticloadbalancing:CreateTargetGroup", "elasticloadbalancing:DeleteListener", "elasticloadbalancing:DeleteLoadBalancer", "elasticloadbalancing:DeleteRule", "elasticloadbalancing:DeleteTargetGroup", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTargetGroups", "events:DeleteRule", "events:DescribeRule", "events:ListRuleNamesByTarget", "events:ListTargetsByRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets", "fsx:DescribeFileSystems", "iam:ListAttachedRolePolicies", "iam:ListInstanceProfiles", "iam:ListRoles", "lambda:ListFunctions", "logs:CreateLogGroup", "logs:DescribeLogGroups", "logs:FilterLogEvents", "route53:CreateHostedZone", "route53:DeleteHostedZone", "route53:GetHealthCheck", "route53:GetHostedZone", "route53:ListHostedZonesByName", "servicediscovery:CreatePrivateDnsNamespace", "servicediscovery:CreateService", "servicediscovery:DeleteService", "servicediscovery:GetNamespace", "servicediscovery:GetOperation", "servicediscovery:GetService", "servicediscovery:ListNamespaces", "servicediscovery:ListServices", "servicediscovery:UpdateService", "sns:ListTopics" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ssm:GetParameter", "ssm:GetParameters", "ssm:GetParametersByPath" ], "Resource": "arn:aws:ssm:*:*:parameter/aws/service/ecs*" }, { "Effect": "Allow", "Action": [ "ec2:DeleteInternetGateway", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DeleteSecurityGroup" ], "Resource": [ "*" ], "Condition": { "StringLike": { "ec2:ResourceTag/aws:cloudformation:stack-name": "EC2ContainerService-*" } } }, { "Action": "iam:PassRole", "Effect": "Allow", "Resource": [ "*" ], "Condition": { "StringLike": { "iam:PassedToService": "ecs-tasks.amazonaws.com" } } }, { "Action": "iam:PassRole", "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/ecsInstanceRole*" ], "Condition": { "StringLike": { "iam:PassedToService": [ "ec2.amazonaws.com", "ec2.amazonaws.com.cn" ] } } }, { "Action": "iam:PassRole", "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/ecsAutoscaleRole*" ], "Condition": { "StringLike": { "iam:PassedToService": [ "application-autoscaling.amazonaws.com", "application-autoscaling.amazonaws.com.cn" ] } } }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringLike": { "iam:AWSServiceName": [ "autoscaling.amazonaws.com", "ecs.amazonaws.com", "ecs.application-autoscaling.amazonaws.com", "spot.amazonaws.com", "spotfleet.amazonaws.com" ] } } } ] }, "VersionId": "v19" }, "AmazonEKSClusterPolicy": { "PolicyName": "AmazonEKSClusterPolicy", "PolicyId": "ANPAIBTLDQMIC6UOIGFWA", "Arn": "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", "Path": "/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-05-27T21:06:14+00:00", "UpdateDate": "2021-06-15T20:57:05+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "autoscaling:DescribeAutoScalingGroups", "autoscaling:UpdateAutoScalingGroup", "ec2:AttachVolume", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateRoute", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:CreateVolume", "ec2:DeleteRoute", "ec2:DeleteSecurityGroup", "ec2:DeleteVolume", "ec2:DescribeInstances", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:DescribeVolumesModifications", "ec2:DescribeVpcs", "ec2:DescribeDhcpOptions", "ec2:DescribeNetworkInterfaces", "ec2:DetachVolume", "ec2:ModifyInstanceAttribute", "ec2:ModifyVolume", "ec2:RevokeSecurityGroupIngress", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeInternetGateways", "elasticloadbalancing:AddTags", "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", "elasticloadbalancing:AttachLoadBalancerToSubnets", "elasticloadbalancing:ConfigureHealthCheck", "elasticloadbalancing:CreateListener", "elasticloadbalancing:CreateLoadBalancer", "elasticloadbalancing:CreateLoadBalancerListeners", "elasticloadbalancing:CreateLoadBalancerPolicy", "elasticloadbalancing:CreateTargetGroup", "elasticloadbalancing:DeleteListener", "elasticloadbalancing:DeleteLoadBalancer", "elasticloadbalancing:DeleteLoadBalancerListeners", "elasticloadbalancing:DeleteTargetGroup", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancerPolicies", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroupAttributes", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "elasticloadbalancing:DetachLoadBalancerFromSubnets", "elasticloadbalancing:ModifyListener", "elasticloadbalancing:ModifyLoadBalancerAttributes", "elasticloadbalancing:ModifyTargetGroup", "elasticloadbalancing:ModifyTargetGroupAttributes", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer", "elasticloadbalancing:SetLoadBalancerPoliciesOfListener", "kms:DescribeKey" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" } } } ] }, "VersionId": "v5" }, "AmazonEKSFargatePodExecutionRolePolicy": { "PolicyName": "AmazonEKSFargatePodExecutionRolePolicy", "PolicyId": "ANPAZKAPJZG4FJRXZH7YQ", "Arn": "arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-22T04:34:29+00:00", "UpdateDate": "2019-11-22T04:34:29+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:BatchGetImage" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonEKSForFargateServiceRolePolicy": { "PolicyName": "AmazonEKSForFargateServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4JAUTVFICB", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSForFargateServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-22T04:36:25+00:00", "UpdateDate": "2019-11-22T04:36:25+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeDhcpOptions", "ec2:DescribeRouteTables" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonEKSServicePolicy": { "PolicyName": "AmazonEKSServicePolicy", "PolicyId": "ANPAJFCNXU6HPGCIVXYDI", "Arn": "arn:aws:iam::aws:policy/AmazonEKSServicePolicy", "Path": "/", "DefaultVersionId": "v6", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-05-27T21:08:21+00:00", "UpdateDate": "2020-05-27T19:27:03+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DescribeInstances", "ec2:DescribeNetworkInterfaces", "ec2:DetachNetworkInterface", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute", "iam:ListAttachedRolePolicies", "eks:UpdateClusterVersion" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CreateTags", "ec2:DeleteTags" ], "Resource": [ "arn:aws:ec2:*:*:vpc/*", "arn:aws:ec2:*:*:subnet/*" ] }, { "Effect": "Allow", "Action": "route53:AssociateVPCWithHostedZone", "Resource": "*" }, { "Effect": "Allow", "Action": "logs:CreateLogGroup", "Resource": "*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:DescribeLogStreams" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*:*" }, { "Effect": "Allow", "Action": "logs:PutLogEvents", "Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*:*:*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringLike": { "iam:AWSServiceName": "eks.amazonaws.com" } } } ] }, "VersionId": "v6" }, "AmazonEKSServiceRolePolicy": { "PolicyName": "AmazonEKSServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4KZBLSP26Y", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEKSServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-02-21T20:10:47+00:00", "UpdateDate": "2020-05-27T19:30:19+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DetachNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DescribeInstances", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:CreateNetworkInterfacePermission", "iam:ListAttachedRolePolicies", "ec2:CreateSecurityGroup" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DeleteSecurityGroup", "ec2:RevokeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupIngress" ], "Resource": "arn:aws:ec2:*:*:security-group/*", "Condition": { "ForAnyValue:StringLike": { "ec2:ResourceTag/Name": "eks-cluster-sg*" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateTags", "ec2:DeleteTags" ], "Resource": [ "arn:aws:ec2:*:*:vpc/*", "arn:aws:ec2:*:*:subnet/*" ], "Condition": { "ForAnyValue:StringLike": { "aws:TagKeys": [ "kubernetes.io/cluster/*" ] } } }, { "Effect": "Allow", "Action": [ "ec2:CreateTags", "ec2:DeleteTags" ], "Resource": [ "arn:aws:ec2:*:*:security-group/*" ], "Condition": { "ForAnyValue:StringLike": { "aws:TagKeys": [ "kubernetes.io/cluster/*" ], "aws:RequestTag/Name": "eks-cluster-sg*" } } }, { "Effect": "Allow", "Action": "route53:AssociateVPCWithHostedZone", "Resource": "arn:aws:route53:::hostedzone/*" }, { "Effect": "Allow", "Action": "logs:CreateLogGroup", "Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:DescribeLogStreams" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*:*" }, { "Effect": "Allow", "Action": "logs:PutLogEvents", "Resource": "arn:aws:logs:*:*:log-group:/aws/eks/*:*:*" } ] }, "VersionId": "v2" }, "AmazonEKSVPCResourceController": { "PolicyName": "AmazonEKSVPCResourceController", "PolicyId": "ANPAZKAPJZG4PBOFT2NNA", "Arn": "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-08-12T00:55:34+00:00", "UpdateDate": "2020-08-12T00:55:34+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:CreateNetworkInterfacePermission", "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "ec2:ResourceTag/eks:eni:owner": "eks-vpc-resource-controller" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:DetachNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DeleteNetworkInterface", "ec2:AttachNetworkInterface", "ec2:UnassignPrivateIpAddresses", "ec2:AssignPrivateIpAddresses" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonEKSWorkerNodePolicy": { "PolicyName": "AmazonEKSWorkerNodePolicy", "PolicyId": "ANPAIBVMOY52IPQ6HD3PO", "Arn": "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-05-27T21:09:01+00:00", "UpdateDate": "2018-05-27T21:09:01+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ec2:DescribeInstances", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:DescribeVolumesModifications", "ec2:DescribeVpcs", "eks:DescribeCluster" ], "Resource": "*", "Effect": "Allow" } ] }, "VersionId": "v1" }, "AmazonEKS_CNI_Policy": { "PolicyName": "AmazonEKS_CNI_Policy", "PolicyId": "ANPAJWLAS474LDBXNNTM4", "Arn": "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-05-27T21:07:42+00:00", "UpdateDate": "2020-04-20T20:52:01+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AssignPrivateIpAddresses", "ec2:AttachNetworkInterface", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeInstances", "ec2:DescribeTags", "ec2:DescribeNetworkInterfaces", "ec2:DescribeInstanceTypes", "ec2:DetachNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute", "ec2:UnassignPrivateIpAddresses" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": [ "arn:aws:ec2:*:*:network-interface/*" ] } ] }, "VersionId": "v4" }, "AmazonEMRCleanupPolicy": { "PolicyName": "AmazonEMRCleanupPolicy", "PolicyId": "ANPAI4YEZURRMKACW56EA", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEMRCleanupPolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-09-26T23:54:19+00:00", "UpdateDate": "2020-09-29T21:11:54+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Resource": "*", "Action": [ "ec2:DescribeInstances", "ec2:DescribeLaunchTemplates", "ec2:DescribeSpotInstanceRequests", "ec2:DeleteLaunchTemplate", "ec2:ModifyInstanceAttribute", "ec2:TerminateInstances", "ec2:CancelSpotInstanceRequests", "ec2:DeleteNetworkInterface", "ec2:DescribeInstanceAttribute", "ec2:DescribeVolumeStatus", "ec2:DescribeVolumes", "ec2:DetachVolume", "ec2:DeleteVolume", "ec2:DescribePlacementGroups", "ec2:DeletePlacementGroup" ] } ] }, "VersionId": "v3" }, "AmazonEMRContainersServiceRolePolicy": { "PolicyName": "AmazonEMRContainersServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4P24YZ52G4", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEMRContainersServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-09T00:38:19+00:00", "UpdateDate": "2020-12-09T00:38:19+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "eks:DescribeCluster", "ec2:DescribeRouteTables", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancers" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonEMRFullAccessPolicy_v2": { "PolicyName": "AmazonEMRFullAccessPolicy_v2", "PolicyId": "ANPAZKAPJZG4BK4MMWW4W", "Arn": "arn:aws:iam::aws:policy/AmazonEMRFullAccessPolicy_v2", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-03-12T01:50:29+00:00", "UpdateDate": "2021-03-23T16:57:10+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "RunJobFlowExplicitlyWithEMRManagedTag", "Effect": "Allow", "Action": [ "elasticmapreduce:RunJobFlow" ], "Resource": "*", "Condition": { "StringEquals": { "aws:RequestTag/for-use-with-amazon-emr-managed-policies": "true" } } }, { "Sid": "ElasticMapReduceActions", "Effect": "Allow", "Action": [ "elasticmapreduce:AddInstanceFleet", "elasticmapreduce:AddInstanceGroups", "elasticmapreduce:AddJobFlowSteps", "elasticmapreduce:AddTags", "elasticmapreduce:CancelSteps", "elasticmapreduce:CreateEditor", "elasticmapreduce:CreateSecurityConfiguration", "elasticmapreduce:DeleteEditor", "elasticmapreduce:DeleteSecurityConfiguration", "elasticmapreduce:DescribeCluster", "elasticmapreduce:DescribeEditor", "elasticmapreduce:DescribeJobFlows", "elasticmapreduce:DescribeSecurityConfiguration", "elasticmapreduce:DescribeStep", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:GetManagedScalingPolicy", "elasticmapreduce:ListBootstrapActions", "elasticmapreduce:ListClusters", "elasticmapreduce:ListEditors", "elasticmapreduce:ListInstanceFleets", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListInstances", "elasticmapreduce:ListSecurityConfigurations", "elasticmapreduce:ListSteps", "elasticmapreduce:ModifyCluster", "elasticmapreduce:ModifyInstanceFleet", "elasticmapreduce:ModifyInstanceGroups", "elasticmapreduce:OpenEditorInConsole", "elasticmapreduce:PutAutoScalingPolicy", "elasticmapreduce:PutBlockPublicAccessConfiguration", "elasticmapreduce:PutManagedScalingPolicy", "elasticmapreduce:RemoveAutoScalingPolicy", "elasticmapreduce:RemoveManagedScalingPolicy", "elasticmapreduce:RemoveTags", "elasticmapreduce:SetTerminationProtection", "elasticmapreduce:StartEditor", "elasticmapreduce:StopEditor", "elasticmapreduce:TerminateJobFlows", "elasticmapreduce:ViewEventsFromAllClustersInConsole" ], "Resource": "*" }, { "Sid": "ViewMetricsInEMRConsole", "Effect": "Allow", "Action": [ "cloudwatch:GetMetricStatistics" ], "Resource": "*" }, { "Sid": "PassRoleForElasticMapReduce", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::*:role/EMR_DefaultRole", "Condition": { "StringLike": { "iam:PassedToService": "elasticmapreduce.amazonaws.com*" } } }, { "Sid": "PassRoleForEC2", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::*:role/EMR_EC2_DefaultRole", "Condition": { "StringLike": { "iam:PassedToService": "ec2.amazonaws.com*" } } }, { "Sid": "PassRoleForAutoScaling", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::*:role/EMR_AutoScaling_DefaultRole", "Condition": { "StringLike": { "iam:PassedToService": "application-autoscaling.amazonaws.com*" } } }, { "Sid": "ElasticMapReduceServiceLinkedRole", "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/elasticmapreduce.amazonaws.com*/AWSServiceRoleForEMRCleanup*", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "elasticmapreduce.amazonaws.com", "elasticmapreduce.amazonaws.com.cn" ] } } }, { "Sid": "ConsoleUIActions", "Effect": "Allow", "Action": [ "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeImages", "ec2:DescribeKeyPairs", "ec2:DescribeNatGateways", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcEndpoints", "s3:ListAllMyBuckets", "iam:ListRoles" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonEMRReadOnlyAccessPolicy_v2": { "PolicyName": "AmazonEMRReadOnlyAccessPolicy_v2", "PolicyId": "ANPAZKAPJZG4GDFTJ74PD", "Arn": "arn:aws:iam::aws:policy/AmazonEMRReadOnlyAccessPolicy_v2", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-03-12T01:39:16+00:00", "UpdateDate": "2021-03-12T01:39:16+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "ElasticMapReduceActions", "Action": [ "elasticmapreduce:DescribeCluster", "elasticmapreduce:DescribeEditor", "elasticmapreduce:DescribeJobFlows", "elasticmapreduce:DescribeSecurityConfiguration", "elasticmapreduce:DescribeStep", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:GetManagedScalingPolicy", "elasticmapreduce:ListBootstrapActions", "elasticmapreduce:ListClusters", "elasticmapreduce:ListEditors", "elasticmapreduce:ListInstanceFleets", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListInstances", "elasticmapreduce:ListSecurityConfigurations", "elasticmapreduce:ListSteps", "elasticmapreduce:ViewEventsFromAllClustersInConsole" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "ViewMetricsInEMRConsole", "Action": [ "cloudwatch:GetMetricStatistics" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonEMRServicePolicy_v2": { "PolicyName": "AmazonEMRServicePolicy_v2", "PolicyId": "ANPAZKAPJZG4M2DU3H3GW", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonEMRServicePolicy_v2", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-03-12T01:11:08+00:00", "UpdateDate": "2021-03-12T01:11:08+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "CreateInTaggedNetwork", "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:RunInstances", "ec2:CreateFleet", "ec2:CreateLaunchTemplate", "ec2:CreateLaunchTemplateVersion" ], "Resource": [ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ], "Condition": { "StringEquals": { "aws:ResourceTag/for-use-with-amazon-emr-managed-policies": "true" } } }, { "Sid": "CreateWithEMRTaggedLaunchTemplate", "Effect": "Allow", "Action": [ "ec2:CreateFleet", "ec2:RunInstances", "ec2:CreateLaunchTemplateVersion" ], "Resource": "arn:aws:ec2:*:*:launch-template/*", "Condition": { "StringEquals": { "aws:ResourceTag/for-use-with-amazon-emr-managed-policies": "true" } } }, { "Sid": "CreateEMRTaggedLaunchTemplate", "Effect": "Allow", "Action": "ec2:CreateLaunchTemplate", "Resource": "arn:aws:ec2:*:*:launch-template/*", "Condition": { "StringEquals": { "aws:RequestTag/for-use-with-amazon-emr-managed-policies": "true" } } }, { "Sid": "CreateEMRTaggedInstancesAndVolumes", "Effect": "Allow", "Action": [ "ec2:RunInstances", "ec2:CreateFleet" ], "Resource": [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*" ], "Condition": { "StringEquals": { "aws:RequestTag/for-use-with-amazon-emr-managed-policies": "true" } } }, { "Sid": "ResourcesToLaunchEC2", "Effect": "Allow", "Action": [ "ec2:RunInstances", "ec2:CreateFleet", "ec2:CreateLaunchTemplate", "ec2:CreateLaunchTemplateVersion" ], "Resource": [ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*::image/ami-*", "arn:aws:ec2:*:*:key-pair/*", "arn:aws:ec2:*:*:capacity-reservation/*", "arn:aws:ec2:*:*:placement-group/EMR_*", "arn:aws:ec2:*:*:fleet/*", "arn:aws:ec2:*:*:dedicated-host/*", "arn:aws:resource-groups:*:*:group/*" ] }, { "Sid": "ManageEMRTaggedResources", "Effect": "Allow", "Action": [ "ec2:CreateLaunchTemplateVersion", "ec2:DeleteLaunchTemplate", "ec2:DeleteNetworkInterface", "ec2:ModifyInstanceAttribute", "ec2:TerminateInstances" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/for-use-with-amazon-emr-managed-policies": "true" } } }, { "Sid": "ManageTagsOnEMRTaggedResources", "Effect": "Allow", "Action": [ "ec2:CreateTags", "ec2:DeleteTags" ], "Resource": [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:launch-template/*" ], "Condition": { "StringEquals": { "aws:ResourceTag/for-use-with-amazon-emr-managed-policies": "true" } } }, { "Sid": "CreateNetworkInterfaceNeededForPrivateSubnet", "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface" ], "Resource": [ "arn:aws:ec2:*:*:network-interface/*" ], "Condition": { "StringEquals": { "aws:RequestTag/for-use-with-amazon-emr-managed-policies": "true" } } }, { "Sid": "TagOnCreateTaggedEMRResources", "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": [ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:launch-template/*" ], "Condition": { "StringEquals": { "ec2:CreateAction": [ "RunInstances", "CreateFleet", "CreateLaunchTemplate", "CreateNetworkInterface" ] } } }, { "Sid": "TagPlacementGroups", "Effect": "Allow", "Action": [ "ec2:CreateTags", "ec2:DeleteTags" ], "Resource": [ "arn:aws:ec2:*:*:placement-group/EMR_*" ] }, { "Sid": "ListActionsForEC2Resources", "Effect": "Allow", "Action": [ "ec2:DescribeAccountAttributes", "ec2:DescribeCapacityReservations", "ec2:DescribeDhcpOptions", "ec2:DescribeInstances", "ec2:DescribeLaunchTemplates", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaces", "ec2:DescribePlacementGroups", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:DescribeVolumeStatus", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs" ], "Resource": "*" }, { "Sid": "CreateDefaultSecurityGroupWithEMRTags", "Effect": "Allow", "Action": [ "ec2:CreateSecurityGroup" ], "Resource": [ "arn:aws:ec2:*:*:security-group/*" ], "Condition": { "StringEquals": { "aws:RequestTag/for-use-with-amazon-emr-managed-policies": "true" } } }, { "Sid": "CreateDefaultSecurityGroupInVPCWithEMRTags", "Effect": "Allow", "Action": [ "ec2:CreateSecurityGroup" ], "Resource": [ "arn:aws:ec2:*:*:vpc/*" ], "Condition": { "StringEquals": { "aws:ResourceTag/for-use-with-amazon-emr-managed-policies": "true" } } }, { "Sid": "TagOnCreateDefaultSecurityGroupWithEMRTags", "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": "arn:aws:ec2:*:*:security-group/*", "Condition": { "StringEquals": { "aws:RequestTag/for-use-with-amazon-emr-managed-policies": "true", "ec2:CreateAction": "CreateSecurityGroup" } } }, { "Sid": "ManageSecurityGroups", "Effect": "Allow", "Action": [ "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/for-use-with-amazon-emr-managed-policies": "true" } } }, { "Sid": "CreateEMRPlacementGroups", "Effect": "Allow", "Action": [ "ec2:CreatePlacementGroup" ], "Resource": "arn:aws:ec2:*:*:placement-group/EMR_*" }, { "Sid": "DeletePlacementGroups", "Effect": "Allow", "Action": [ "ec2:DeletePlacementGroup" ], "Resource": "*" }, { "Sid": "AutoScaling", "Effect": "Allow", "Action": [ "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget" ], "Resource": "*" }, { "Sid": "ResourceGroupsForCapacityReservations", "Effect": "Allow", "Action": [ "resource-groups:ListGroupResources" ], "Resource": "*" }, { "Sid": "AutoScalingCloudWatch", "Effect": "Allow", "Action": [ "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms" ], "Resource": "arn:aws:cloudwatch:*:*:alarm:*_EMR_Auto_Scaling" }, { "Sid": "PassRoleForAutoScaling", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::*:role/EMR_AutoScaling_DefaultRole", "Condition": { "StringLike": { "iam:PassedToService": "application-autoscaling.amazonaws.com*" } } }, { "Sid": "PassRoleForEC2", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::*:role/EMR_EC2_DefaultRole", "Condition": { "StringLike": { "iam:PassedToService": "ec2.amazonaws.com*" } } } ] }, "VersionId": "v1" }, "AmazonESCognitoAccess": { "PolicyName": "AmazonESCognitoAccess", "PolicyId": "ANPAJL2FUMODIGNDPTZHO", "Arn": "arn:aws:iam::aws:policy/AmazonESCognitoAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-02-28T22:29:18+00:00", "UpdateDate": "2018-02-28T22:29:18+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cognito-idp:DescribeUserPool", "cognito-idp:CreateUserPoolClient", "cognito-idp:DeleteUserPoolClient", "cognito-idp:DescribeUserPoolClient", "cognito-idp:AdminInitiateAuth", "cognito-idp:AdminUserGlobalSignOut", "cognito-idp:ListUserPoolClients", "cognito-identity:DescribeIdentityPool", "cognito-identity:UpdateIdentityPool", "cognito-identity:SetIdentityPoolRoles", "cognito-identity:GetIdentityPoolRoles" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringLike": { "iam:PassedToService": "cognito-identity.amazonaws.com" } } } ] }, "VersionId": "v1" }, "AmazonESFullAccess": { "PolicyName": "AmazonESFullAccess", "PolicyId": "ANPAJM6ZTCU24QL5PZCGC", "Arn": "arn:aws:iam::aws:policy/AmazonESFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-10-01T19:14:00+00:00", "UpdateDate": "2015-10-01T19:14:00+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "es:*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonESReadOnlyAccess": { "PolicyName": "AmazonESReadOnlyAccess", "PolicyId": "ANPAJUDMRLOQ7FPAR46FQ", "Arn": "arn:aws:iam::aws:policy/AmazonESReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-10-01T19:18:24+00:00", "UpdateDate": "2018-10-03T03:32:56+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "es:Describe*", "es:List*", "es:Get*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonElastiCacheFullAccess": { "PolicyName": "AmazonElastiCacheFullAccess", "PolicyId": "ANPAIA2V44CPHAUAAECKG", "Arn": "arn:aws:iam::aws:policy/AmazonElastiCacheFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:20+00:00", "UpdateDate": "2017-12-07T17:48:26+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": "elasticache:*", "Effect": "Allow", "Resource": "*" }, { "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/elasticache.amazonaws.com/AWSServiceRoleForElastiCache", "Condition": { "StringLike": { "iam:AWSServiceName": "elasticache.amazonaws.com" } } } ] }, "VersionId": "v2" }, "AmazonElastiCacheReadOnlyAccess": { "PolicyName": "AmazonElastiCacheReadOnlyAccess", "PolicyId": "ANPAIPDACSNQHSENWAKM2", "Arn": "arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:21+00:00", "UpdateDate": "2015-02-06T18:40:21+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticache:Describe*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonElasticContainerRegistryPublicFullAccess": { "PolicyName": "AmazonElasticContainerRegistryPublicFullAccess", "PolicyId": "ANPAZKAPJZG4F2SFMTI3G", "Arn": "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-01T17:25:52+00:00", "UpdateDate": "2020-12-01T17:25:52+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecr-public:*", "sts:GetServiceBearerToken" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonElasticContainerRegistryPublicPowerUser": { "PolicyName": "AmazonElasticContainerRegistryPublicPowerUser", "PolicyId": "ANPAZKAPJZG4P6F7N3OP7", "Arn": "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicPowerUser", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-01T16:16:54+00:00", "UpdateDate": "2020-12-01T16:16:54+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecr-public:GetAuthorizationToken", "sts:GetServiceBearerToken", "ecr-public:BatchCheckLayerAvailability", "ecr-public:GetRepositoryPolicy", "ecr-public:DescribeRepositories", "ecr-public:DescribeRegistries", "ecr-public:DescribeImages", "ecr-public:DescribeImageTags", "ecr-public:GetRepositoryCatalogData", "ecr-public:GetRegistryCatalogData", "ecr-public:InitiateLayerUpload", "ecr-public:UploadLayerPart", "ecr-public:CompleteLayerUpload", "ecr-public:PutImage" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonElasticContainerRegistryPublicReadOnly": { "PolicyName": "AmazonElasticContainerRegistryPublicReadOnly", "PolicyId": "ANPAZKAPJZG4AD7UYLF25", "Arn": "arn:aws:iam::aws:policy/AmazonElasticContainerRegistryPublicReadOnly", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-01T17:27:04+00:00", "UpdateDate": "2020-12-01T17:27:04+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecr-public:GetAuthorizationToken", "sts:GetServiceBearerToken", "ecr-public:BatchCheckLayerAvailability", "ecr-public:GetRepositoryPolicy", "ecr-public:DescribeRepositories", "ecr-public:DescribeRegistries", "ecr-public:DescribeImages", "ecr-public:DescribeImageTags", "ecr-public:GetRepositoryCatalogData", "ecr-public:GetRegistryCatalogData" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonElasticFileSystemClientFullAccess": { "PolicyName": "AmazonElasticFileSystemClientFullAccess", "PolicyId": "ANPAZKAPJZG4KAMR2MLDF", "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-01-13T16:27:00+00:00", "UpdateDate": "2020-01-13T16:27:00+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "elasticfilesystem:ClientMount", "elasticfilesystem:ClientRootAccess", "elasticfilesystem:ClientWrite", "elasticfilesystem:DescribeMountTargets" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonElasticFileSystemClientReadOnlyAccess": { "PolicyName": "AmazonElasticFileSystemClientReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4LBXR6UPYS", "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-01-13T16:24:36+00:00", "UpdateDate": "2020-01-13T16:24:36+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "elasticfilesystem:ClientMount", "elasticfilesystem:DescribeMountTargets" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonElasticFileSystemClientReadWriteAccess": { "PolicyName": "AmazonElasticFileSystemClientReadWriteAccess", "PolicyId": "ANPAZKAPJZG4H74P6RBOF", "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemClientReadWriteAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-01-13T16:21:55+00:00", "UpdateDate": "2020-01-13T16:21:55+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "elasticfilesystem:ClientMount", "elasticfilesystem:ClientWrite", "elasticfilesystem:DescribeMountTargets" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonElasticFileSystemFullAccess": { "PolicyName": "AmazonElasticFileSystemFullAccess", "PolicyId": "ANPAJKXTMNVQGIDNCKPBC", "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess", "Path": "/", "DefaultVersionId": "v7", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-05-27T16:22:28+00:00", "UpdateDate": "2021-05-10T14:25:43+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:GetMetricData", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute", "elasticfilesystem:CreateFileSystem", "elasticfilesystem:CreateMountTarget", "elasticfilesystem:CreateTags", "elasticfilesystem:CreateAccessPoint", "elasticfilesystem:DeleteFileSystem", "elasticfilesystem:DeleteMountTarget", "elasticfilesystem:DeleteTags", "elasticfilesystem:DeleteAccessPoint", "elasticfilesystem:DeleteFileSystemPolicy", "elasticfilesystem:DescribeAccountPreferences", "elasticfilesystem:DescribeBackupPolicy", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeFileSystemPolicy", "elasticfilesystem:DescribeLifecycleConfiguration", "elasticfilesystem:DescribeMountTargets", "elasticfilesystem:DescribeMountTargetSecurityGroups", "elasticfilesystem:DescribeTags", "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:ModifyMountTargetSecurityGroups", "elasticfilesystem:PutAccountPreferences", "elasticfilesystem:PutBackupPolicy", "elasticfilesystem:PutLifecycleConfiguration", "elasticfilesystem:PutFileSystemPolicy", "elasticfilesystem:UpdateFileSystem", "elasticfilesystem:TagResource", "elasticfilesystem:UntagResource", "elasticfilesystem:ListTagsForResource", "elasticfilesystem:Backup", "elasticfilesystem:Restore", "kms:DescribeKey", "kms:ListAliases" ], "Effect": "Allow", "Resource": "*" }, { "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "*", "Condition": { "StringLike": { "iam:AWSServiceName": [ "elasticfilesystem.amazonaws.com" ] } } } ] }, "VersionId": "v7" }, "AmazonElasticFileSystemReadOnlyAccess": { "PolicyName": "AmazonElasticFileSystemReadOnlyAccess", "PolicyId": "ANPAIPN5S4NE5JJOKVC4Y", "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemReadOnlyAccess", "Path": "/", "DefaultVersionId": "v6", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-05-27T16:25:25+00:00", "UpdateDate": "2021-05-10T14:20:55+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:GetMetricData", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "elasticfilesystem:DescribeAccountPreferences", "elasticfilesystem:DescribeBackupPolicy", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeFileSystemPolicy", "elasticfilesystem:DescribeLifecycleConfiguration", "elasticfilesystem:DescribeMountTargets", "elasticfilesystem:DescribeMountTargetSecurityGroups", "elasticfilesystem:DescribeTags", "elasticfilesystem:DescribeAccessPoints", "elasticfilesystem:ListTagsForResource", "kms:ListAliases" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v6" }, "AmazonElasticFileSystemServiceRolePolicy": { "PolicyName": "AmazonElasticFileSystemServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4FXCJYWBN7", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonElasticFileSystemServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v3", "AttachmentCount": 1, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-05T16:52:41+00:00", "UpdateDate": "2020-07-16T19:27:41+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "backup-storage:MountCapsule", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeNetworkInterfaceAttribute", "ec2:ModifyNetworkInterfaceAttribute", "tag:GetResources" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:DescribeKey" ], "Resource": "arn:aws:kms:*:*:key/*" }, { "Effect": "Allow", "Action": [ "backup:CreateBackupVault", "backup:PutBackupVaultAccessPolicy" ], "Resource": [ "arn:aws:backup:*:*:backup-vault:aws/efs/automatic-backup-vault" ] }, { "Effect": "Allow", "Action": [ "backup:CreateBackupPlan", "backup:CreateBackupSelection" ], "Resource": [ "arn:aws:backup:*:*:backup-plan:*" ] }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "*", "Condition": { "StringLike": { "iam:AWSServiceName": [ "backup.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/backup.amazonaws.com/AWSServiceRoleForBackup" ], "Condition": { "StringLike": { "iam:PassedToService": "backup.amazonaws.com" } } } ] }, "VersionId": "v3" }, "AmazonElasticFileSystemsUtils": { "PolicyName": "AmazonElasticFileSystemsUtils", "PolicyId": "ANPAZKAPJZG4KVOAQRKXW", "Arn": "arn:aws:iam::aws:policy/AmazonElasticFileSystemsUtils", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-09-29T15:16:47+00:00", "UpdateDate": "2020-09-29T15:16:47+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ssm:DescribeAssociation", "ssm:GetDeployablePatchSnapshotForInstance", "ssm:GetDocument", "ssm:DescribeDocument", "ssm:GetManifest", "ssm:GetParameter", "ssm:GetParameters", "ssm:ListAssociations", "ssm:ListInstanceAssociations", "ssm:PutInventory", "ssm:PutComplianceItems", "ssm:PutConfigurePackageResult", "ssm:UpdateAssociationStatus", "ssm:UpdateInstanceAssociationStatus", "ssm:UpdateInstanceInformation" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2messages:AcknowledgeMessage", "ec2messages:DeleteMessage", "ec2messages:FailMessage", "ec2messages:GetEndpoint", "ec2messages:GetMessages", "ec2messages:SendReply" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "elasticfilesystem:DescribeMountTargets" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DescribeAvailabilityZones" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "logs:PutLogEvents", "logs:DescribeLogStreams", "logs:DescribeLogGroups", "logs:CreateLogStream", "logs:CreateLogGroup", "logs:PutRetentionPolicy" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonElasticMapReduceEditorsRole": { "PolicyName": "AmazonElasticMapReduceEditorsRole", "PolicyId": "ANPAIBI5CIE6OHUIGLYVG", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceEditorsRole", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-16T21:55:25+00:00", "UpdateDate": "2018-11-16T21:55:25+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateSecurityGroup", "ec2:DescribeSecurityGroups", "ec2:RevokeSecurityGroupEgress", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DescribeNetworkInterfaces", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DescribeTags", "ec2:DescribeInstances", "ec2:DescribeSubnets", "elasticmapreduce:ListInstances", "elasticmapreduce:DescribeCluster" ], "Resource": "*" }, { "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": "arn:aws:ec2:*:*:network-interface/*", "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": [ "aws:elasticmapreduce:editor-id", "aws:elasticmapreduce:job-flow-id" ] } } } ] }, "VersionId": "v1" }, "AmazonElasticMapReduceFullAccess": { "PolicyName": "AmazonElasticMapReduceFullAccess", "PolicyId": "ANPAIZP5JFP3AMSGINBB2", "Arn": "arn:aws:iam::aws:policy/AmazonElasticMapReduceFullAccess", "Path": "/", "DefaultVersionId": "v7", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:22+00:00", "UpdateDate": "2019-10-11T15:19:30+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudwatch:*", "cloudformation:CreateStack", "cloudformation:DescribeStackEvents", "ec2:AuthorizeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress", "ec2:CancelSpotInstanceRequests", "ec2:CreateRoute", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DeleteRoute", "ec2:DeleteTags", "ec2:DeleteSecurityGroup", "ec2:DescribeAvailabilityZones", "ec2:DescribeAccountAttributes", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeSpotPriceHistory", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "ec2:DescribeRouteTables", "ec2:DescribeNetworkAcls", "ec2:CreateVpcEndpoint", "ec2:ModifyImageAttribute", "ec2:ModifyInstanceAttribute", "ec2:RequestSpotInstances", "ec2:RevokeSecurityGroupEgress", "ec2:RunInstances", "ec2:TerminateInstances", "elasticmapreduce:*", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:ListRoles", "iam:PassRole", "kms:List*", "s3:*", "sdb:*" ], "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringLike": { "iam:AWSServiceName": [ "elasticmapreduce.amazonaws.com", "elasticmapreduce.amazonaws.com.cn" ] } } } ] }, "VersionId": "v7" }, "AmazonElasticMapReducePlacementGroupPolicy": { "PolicyName": "AmazonElasticMapReducePlacementGroupPolicy", "PolicyId": "ANPAZKAPJZG4LC2KU77YD", "Arn": "arn:aws:iam::aws:policy/AmazonElasticMapReducePlacementGroupPolicy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-09-29T00:37:08+00:00", "UpdateDate": "2020-09-29T00:37:08+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Resource": "*", "Effect": "Allow", "Action": [ "ec2:DeletePlacementGroup", "ec2:DescribePlacementGroups" ] }, { "Resource": "arn:aws:ec2:*:*:placement-group/EMR_*", "Effect": "Allow", "Action": [ "ec2:CreatePlacementGroup" ] } ] }, "VersionId": "v1" }, "AmazonElasticMapReduceReadOnlyAccess": { "PolicyName": "AmazonElasticMapReduceReadOnlyAccess", "PolicyId": "ANPAIHP6NH2S6GYFCOINC", "Arn": "arn:aws:iam::aws:policy/AmazonElasticMapReduceReadOnlyAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:23+00:00", "UpdateDate": "2020-07-29T23:14:09+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticmapreduce:Describe*", "elasticmapreduce:List*", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:ViewEventsFromAllClustersInConsole", "s3:GetObject", "s3:ListAllMyBuckets", "s3:ListBucket", "sdb:Select", "cloudwatch:GetMetricStatistics" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v3" }, "AmazonElasticMapReduceRole": { "PolicyName": "AmazonElasticMapReduceRole", "PolicyId": "ANPAIDI2BQT2LKXZG36TW", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole", "Path": "/service-role/", "DefaultVersionId": "v10", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:20+00:00", "UpdateDate": "2020-06-24T22:24:20+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Resource": "*", "Action": [ "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CancelSpotInstanceRequests", "ec2:CreateFleet", "ec2:CreateLaunchTemplate", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DeleteLaunchTemplate", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:DeleteTags", "ec2:DescribeAvailabilityZones", "ec2:DescribeAccountAttributes", "ec2:DescribeDhcpOptions", "ec2:DescribeImages", "ec2:DescribeInstanceStatus", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeLaunchTemplates", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeSpotPriceHistory", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcEndpointServices", "ec2:DescribeVpcs", "ec2:DetachNetworkInterface", "ec2:ModifyImageAttribute", "ec2:ModifyInstanceAttribute", "ec2:RequestSpotInstances", "ec2:RevokeSecurityGroupEgress", "ec2:RunInstances", "ec2:TerminateInstances", "ec2:DeleteVolume", "ec2:DescribeVolumeStatus", "ec2:DescribeVolumes", "ec2:DetachVolume", "iam:GetRole", "iam:GetRolePolicy", "iam:ListInstanceProfiles", "iam:ListRolePolicies", "iam:PassRole", "s3:CreateBucket", "s3:Get*", "s3:List*", "sdb:BatchPutAttributes", "sdb:Select", "sqs:CreateQueue", "sqs:Delete*", "sqs:GetQueue*", "sqs:PurgeQueue", "sqs:ReceiveMessage", "cloudwatch:PutMetricAlarm", "cloudwatch:DescribeAlarms", "cloudwatch:DeleteAlarms", "application-autoscaling:RegisterScalableTarget", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:PutScalingPolicy", "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:Describe*" ] }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/spot.amazonaws.com/AWSServiceRoleForEC2Spot*", "Condition": { "StringLike": { "iam:AWSServiceName": "spot.amazonaws.com" } } } ] }, "VersionId": "v10" }, "AmazonElasticMapReduceforAutoScalingRole": { "PolicyName": "AmazonElasticMapReduceforAutoScalingRole", "PolicyId": "ANPAJSVXG6QHPE6VHDZ4Q", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforAutoScalingRole", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-11-18T01:09:10+00:00", "UpdateDate": "2016-11-18T01:09:10+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudwatch:DescribeAlarms", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ModifyInstanceGroups" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonElasticMapReduceforEC2Role": { "PolicyName": "AmazonElasticMapReduceforEC2Role", "PolicyId": "ANPAIGALS5RCDLZLB3PGS", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role", "Path": "/service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:21+00:00", "UpdateDate": "2017-08-11T23:57:30+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Resource": "*", "Action": [ "cloudwatch:*", "dynamodb:*", "ec2:Describe*", "elasticmapreduce:Describe*", "elasticmapreduce:ListBootstrapActions", "elasticmapreduce:ListClusters", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListInstances", "elasticmapreduce:ListSteps", "kinesis:CreateStream", "kinesis:DeleteStream", "kinesis:DescribeStream", "kinesis:GetRecords", "kinesis:GetShardIterator", "kinesis:MergeShards", "kinesis:PutRecord", "kinesis:SplitShard", "rds:Describe*", "s3:*", "sdb:*", "sns:*", "sqs:*", "glue:CreateDatabase", "glue:UpdateDatabase", "glue:DeleteDatabase", "glue:GetDatabase", "glue:GetDatabases", "glue:CreateTable", "glue:UpdateTable", "glue:DeleteTable", "glue:GetTable", "glue:GetTables", "glue:GetTableVersions", "glue:CreatePartition", "glue:BatchCreatePartition", "glue:UpdatePartition", "glue:DeletePartition", "glue:BatchDeletePartition", "glue:GetPartition", "glue:GetPartitions", "glue:BatchGetPartition", "glue:CreateUserDefinedFunction", "glue:UpdateUserDefinedFunction", "glue:DeleteUserDefinedFunction", "glue:GetUserDefinedFunction", "glue:GetUserDefinedFunctions" ] } ] }, "VersionId": "v3" }, "AmazonElasticTranscoderRole": { "PolicyName": "AmazonElasticTranscoderRole", "PolicyId": "ANPAJNW3WMKVXFJ2KPIQ2", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonElasticTranscoderRole", "Path": "/service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:26+00:00", "UpdateDate": "2019-06-13T22:48:22+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:Get*", "s3:PutObject", "s3:PutObjectAcl", "s3:*MultipartUpload*" ], "Sid": "1", "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "sns:Publish" ], "Sid": "2", "Resource": [ "*" ] } ] }, "VersionId": "v2" }, "AmazonElasticTranscoder_FullAccess": { "PolicyName": "AmazonElasticTranscoder_FullAccess", "PolicyId": "ANPAICFT6XVF3RSR4E7JG", "Arn": "arn:aws:iam::aws:policy/AmazonElasticTranscoder_FullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-04-27T18:59:35+00:00", "UpdateDate": "2019-06-10T22:51:51+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "elastictranscoder:*", "s3:ListAllMyBuckets", "s3:ListBucket", "iam:ListRoles", "sns:ListTopics" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "iam:PassRole" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringLike": { "iam:PassedToService": [ "elastictranscoder.amazonaws.com" ] } } } ] }, "VersionId": "v2" }, "AmazonElasticTranscoder_JobsSubmitter": { "PolicyName": "AmazonElasticTranscoder_JobsSubmitter", "PolicyId": "ANPAJ7AUMMRQOVZRI734S", "Arn": "arn:aws:iam::aws:policy/AmazonElasticTranscoder_JobsSubmitter", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-06-07T21:12:16+00:00", "UpdateDate": "2019-06-10T22:49:34+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "elastictranscoder:Read*", "elastictranscoder:List*", "elastictranscoder:*Job", "elastictranscoder:*Preset", "s3:ListAllMyBuckets", "s3:ListBucket", "iam:ListRoles", "sns:ListTopics" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonElasticTranscoder_ReadOnlyAccess": { "PolicyName": "AmazonElasticTranscoder_ReadOnlyAccess", "PolicyId": "ANPAI3R3CR6KVEWD4DPFY", "Arn": "arn:aws:iam::aws:policy/AmazonElasticTranscoder_ReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-06-07T21:09:56+00:00", "UpdateDate": "2019-06-10T22:48:32+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "elastictranscoder:Read*", "elastictranscoder:List*", "s3:ListAllMyBuckets", "s3:ListBucket", "iam:ListRoles", "sns:ListTopics" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonElasticsearchServiceRolePolicy": { "PolicyName": "AmazonElasticsearchServiceRolePolicy", "PolicyId": "ANPAJFEWZPHXKLCVHEUIC", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonElasticsearchServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-07-07T00:15:31+00:00", "UpdateDate": "2020-08-31T10:30:23+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1480452973134", "Action": [ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "elasticloadbalancing:AddListenerCertificates", "elasticloadbalancing:RemoveListenerCertificates" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v3" }, "AmazonEventBridgeApiDestinationsServiceRolePolicy": { "PolicyName": "AmazonEventBridgeApiDestinationsServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4GHQV22EVJ", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEventBridgeApiDestinationsServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-02-11T20:52:05+00:00", "UpdateDate": "2021-02-11T20:52:05+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "secretsmanager:CreateSecret", "secretsmanager:UpdateSecret", "secretsmanager:DescribeSecret", "secretsmanager:DeleteSecret", "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue" ], "Resource": "arn:aws:secretsmanager:*:*:secret:events!connection/*" } ] }, "VersionId": "v1" }, "AmazonEventBridgeFullAccess": { "PolicyName": "AmazonEventBridgeFullAccess", "PolicyId": "ANPAZKAPJZG4BUM4GCASI", "Arn": "arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-07-11T14:08:55+00:00", "UpdateDate": "2021-03-04T18:56:38+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "events:*", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/AmazonEventBridgeApiDestinationsServiceRolePolicy", "Condition": { "StringEquals": { "iam:AWSServiceName": "apidestinations.events.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "secretsmanager:CreateSecret", "secretsmanager:UpdateSecret", "secretsmanager:DeleteSecret", "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue" ], "Resource": "arn:aws:secretsmanager:*:*:secret:events!*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::*:role/*", "Condition": { "StringLike": { "iam:PassedToService": "events.amazonaws.com" } } } ] }, "VersionId": "v2" }, "AmazonEventBridgeReadOnlyAccess": { "PolicyName": "AmazonEventBridgeReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4BDMP3LZME", "Arn": "arn:aws:iam::aws:policy/AmazonEventBridgeReadOnlyAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-07-11T13:59:07+00:00", "UpdateDate": "2021-03-04T19:08:31+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "events:DescribeRule", "events:DescribeEventBus", "events:DescribeEventSource", "events:ListEventBuses", "events:ListEventSources", "events:ListRuleNamesByTarget", "events:ListRules", "events:ListTargetsByRule", "events:TestEventPattern", "events:DescribeArchive", "events:ListArchives", "events:DescribeReplay", "events:ListReplays", "events:DescribeConnection", "events:ListConnections", "events:DescribeApiDestination", "events:ListApiDestinations" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AmazonEventBridgeSchemasFullAccess": { "PolicyName": "AmazonEventBridgeSchemasFullAccess", "PolicyId": "ANPAZKAPJZG4JF3KP3V5J", "Arn": "arn:aws:iam::aws:policy/AmazonEventBridgeSchemasFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-28T23:12:53+00:00", "UpdateDate": "2019-11-28T23:12:53+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AmazonEventBridgeSchemasFullAccess", "Effect": "Allow", "Action": [ "schemas:*" ], "Resource": "*" }, { "Sid": "AmazonEventBridgeManageRule", "Effect": "Allow", "Action": [ "events:PutRule", "events:PutTargets", "events:EnableRule", "events:DisableRule", "events:DeleteRule", "events:RemoveTargets", "events:ListTargetsByRule" ], "Resource": "arn:aws:events:*:*:rule/*Schemas*" }, { "Sid": "IAMCreateServiceLinkedRoleForAmazonEventBridgeSchemas", "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/schemas.amazonaws.com/AWSServiceRoleForSchemas" } ] }, "VersionId": "v1" }, "AmazonEventBridgeSchemasReadOnlyAccess": { "PolicyName": "AmazonEventBridgeSchemasReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4JK7CLVFIU", "Arn": "arn:aws:iam::aws:policy/AmazonEventBridgeSchemasReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-28T23:05:57+00:00", "UpdateDate": "2020-05-01T00:50:53+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AmazonEventBridgeSchemasReadOnlyAccess", "Effect": "Allow", "Action": [ "schemas:ListDiscoverers", "schemas:DescribeDiscoverer", "schemas:ListRegistries", "schemas:DescribeRegistry", "schemas:SearchSchemas", "schemas:ListSchemas", "schemas:ListSchemaVersions", "schemas:DescribeSchema", "schemas:GetDiscoveredSchema", "schemas:DescribeCodeBinding", "schemas:GetCodeBindingSource", "schemas:ListTagsForResource", "schemas:GetResourcePolicy" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonEventBridgeSchemasServiceRolePolicy": { "PolicyName": "AmazonEventBridgeSchemasServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4GZI6BHNDI", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonEventBridgeSchemasServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-27T01:10:40+00:00", "UpdateDate": "2019-11-27T01:10:40+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "events:PutRule", "events:PutTargets", "events:EnableRule", "events:DisableRule", "events:DeleteRule", "events:RemoveTargets", "events:ListTargetsByRule" ], "Resource": [ "arn:aws:events:*:*:rule/*Schemas-*" ] } ] }, "VersionId": "v1" }, "AmazonFISServiceRolePolicy": { "PolicyName": "AmazonFISServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4JLZR2TQJD", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonFISServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-21T21:18:19+00:00", "UpdateDate": "2021-06-30T13:50:04+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "EventBridge", "Effect": "Allow", "Action": [ "events:PutRule", "events:DeleteRule", "events:DescribeRule", "events:PutTargets", "events:RemoveTargets" ], "Resource": "*", "Condition": { "StringEquals": { "events:ManagedBy": "fis.amazonaws.com" } } }, { "Sid": "Tagging", "Effect": "Allow", "Action": [ "tag:GetResources" ], "Resource": "*" }, { "Sid": "CloudWatch", "Effect": "Allow", "Action": [ "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmHistory" ], "Resource": "*" }, { "Sid": "DescribeUserResources", "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "iam:GetUser", "iam:GetRole", "iam:ListUsers", "iam:ListRoles", "rds:DescribeDBClusters", "rds:DescribeDBInstances", "ecs:DescribeClusters", "eks:DescribeNodegroup" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AmazonFSxConsoleFullAccess": { "PolicyName": "AmazonFSxConsoleFullAccess", "PolicyId": "ANPAITDDJ23Y5UZ2WCZRQ", "Arn": "arn:aws:iam::aws:policy/AmazonFSxConsoleFullAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-28T16:36:05+00:00", "UpdateDate": "2021-06-08T12:14:00+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:DescribeAlarms", "ds:DescribeDirectories", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "firehose:ListDeliveryStreams", "fsx:*", "kms:ListAliases", "logs:DescribeLogGroups", "s3:ListBucket" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "fsx.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "s3.data-source.lustre.fsx.amazonaws.com" ] } } } ] }, "VersionId": "v4" }, "AmazonFSxConsoleReadOnlyAccess": { "PolicyName": "AmazonFSxConsoleReadOnlyAccess", "PolicyId": "ANPAJQUISIZNHGLA6YQFM", "Arn": "arn:aws:iam::aws:policy/AmazonFSxConsoleReadOnlyAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-28T16:35:24+00:00", "UpdateDate": "2021-06-08T12:21:09+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:DescribeAlarms", "ds:DescribeDirectories", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "firehose:ListDeliveryStreams", "fsx:Describe*", "fsx:ListTagsForResource", "kms:DescribeKey", "logs:DescribeLogGroups" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AmazonFSxFullAccess": { "PolicyName": "AmazonFSxFullAccess", "PolicyId": "ANPAIEUV6Z2X4VNZRVB5I", "Arn": "arn:aws:iam::aws:policy/AmazonFSxFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-28T16:34:43+00:00", "UpdateDate": "2021-06-08T12:05:31+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ds:DescribeDirectories", "fsx:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "fsx.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "s3.data-source.lustre.fsx.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/fsx/*:log-group:*" ] }, { "Effect": "Allow", "Action": [ "firehose:PutRecord" ], "Resource": [ "arn:aws:firehose:*:*:deliverystream/aws-fsx-*" ] } ] }, "VersionId": "v2" }, "AmazonFSxReadOnlyAccess": { "PolicyName": "AmazonFSxReadOnlyAccess", "PolicyId": "ANPAJ4ICPKXR6KK32HT52", "Arn": "arn:aws:iam::aws:policy/AmazonFSxReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-28T16:33:32+00:00", "UpdateDate": "2018-11-28T16:33:32+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "fsx:Describe*", "fsx:ListTagsForResource" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonFSxServiceRolePolicy": { "PolicyName": "AmazonFSxServiceRolePolicy", "PolicyId": "ANPAIVQ24YKVRBV5IYQ5G", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonFSxServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-28T10:38:37+00:00", "UpdateDate": "2021-06-07T21:03:26+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData", "ds:AuthorizeApplication", "ds:GetAuthorizedApplicationDetails", "ds:UnauthorizeApplication", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DescribeAddresses", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DisassociateAddress", "route53:AssociateVPCWithHostedZone" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/fsx/*" }, { "Effect": "Allow", "Action": [ "firehose:DescribeDeliveryStream", "firehose:PutRecord", "firehose:PutRecordBatch" ], "Resource": "arn:aws:firehose:*:*:deliverystream/aws-fsx-*" } ] }, "VersionId": "v4" }, "AmazonForecastFullAccess": { "PolicyName": "AmazonForecastFullAccess", "PolicyId": "ANPAIAKOTFNTUECQVU7C4", "Arn": "arn:aws:iam::aws:policy/AmazonForecastFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-01-18T01:52:29+00:00", "UpdateDate": "2019-01-18T01:52:29+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "forecast:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "forecast.amazonaws.com" } } } ] }, "VersionId": "v1" }, "AmazonFraudDetectorFullAccessPolicy": { "PolicyName": "AmazonFraudDetectorFullAccessPolicy", "PolicyId": "ANPAZKAPJZG4AAPDEABT6", "Arn": "arn:aws:iam::aws:policy/AmazonFraudDetectorFullAccessPolicy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-03T22:46:26+00:00", "UpdateDate": "2019-12-03T22:46:26+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "frauddetector:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "sagemaker:ListEndpoints", "sagemaker:DescribeEndpoint" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:GetBucketLocation" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:ListRoles" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "frauddetector.amazonaws.com" } } } ] }, "VersionId": "v1" }, "AmazonFreeRTOSFullAccess": { "PolicyName": "AmazonFreeRTOSFullAccess", "PolicyId": "ANPAJAN6PSDCOH6HXG2SE", "Arn": "arn:aws:iam::aws:policy/AmazonFreeRTOSFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-29T15:32:51+00:00", "UpdateDate": "2017-11-29T15:32:51+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "freertos:*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonFreeRTOSOTAUpdate": { "PolicyName": "AmazonFreeRTOSOTAUpdate", "PolicyId": "ANPAINC2TXHAYDOK3SWMU", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonFreeRTOSOTAUpdate", "Path": "/service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-08-27T22:43:07+00:00", "UpdateDate": "2020-12-18T17:47:30+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObjectVersion", "s3:PutObject", "s3:GetObject" ], "Resource": "arn:aws:s3:::afr-ota*" }, { "Effect": "Allow", "Action": [ "signer:StartSigningJob", "signer:DescribeSigningJob", "signer:GetSigningProfile", "signer:PutSigningProfile" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:ListBucketVersions", "s3:ListBucket", "s3:ListAllMyBuckets", "s3:GetBucketLocation" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iot:DeleteJob", "iot:DescribeJob" ], "Resource": "arn:aws:iot:*:*:job/AFR_OTA*" }, { "Effect": "Allow", "Action": [ "iot:DeleteStream" ], "Resource": "arn:aws:iot:*:*:stream/AFR_OTA*" }, { "Effect": "Allow", "Action": [ "iot:CreateStream", "iot:CreateJob" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AmazonGlacierFullAccess": { "PolicyName": "AmazonGlacierFullAccess", "PolicyId": "ANPAJQSTZJWB2AXXAKHVQ", "Arn": "arn:aws:iam::aws:policy/AmazonGlacierFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:28+00:00", "UpdateDate": "2015-02-06T18:40:28+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": "glacier:*", "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonGlacierReadOnlyAccess": { "PolicyName": "AmazonGlacierReadOnlyAccess", "PolicyId": "ANPAI2D5NJKMU274MET4E", "Arn": "arn:aws:iam::aws:policy/AmazonGlacierReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:27+00:00", "UpdateDate": "2016-05-05T18:46:10+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "glacier:DescribeJob", "glacier:DescribeVault", "glacier:GetDataRetrievalPolicy", "glacier:GetJobOutput", "glacier:GetVaultAccessPolicy", "glacier:GetVaultLock", "glacier:GetVaultNotifications", "glacier:ListJobs", "glacier:ListMultipartUploads", "glacier:ListParts", "glacier:ListTagsForVault", "glacier:ListVaults" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonGuardDutyFullAccess": { "PolicyName": "AmazonGuardDutyFullAccess", "PolicyId": "ANPAIKUTKSN4KC63VDQUM", "Arn": "arn:aws:iam::aws:policy/AmazonGuardDutyFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-28T22:31:30+00:00", "UpdateDate": "2021-02-16T23:39:53+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "guardduty:*", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringLike": { "iam:AWSServiceName": "guardduty.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "organizations:EnableAWSServiceAccess", "organizations:RegisterDelegatedAdministrator", "organizations:ListDelegatedAdministrators", "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribeAccount", "organizations:DescribeOrganization" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonGuardDutyReadOnlyAccess": { "PolicyName": "AmazonGuardDutyReadOnlyAccess", "PolicyId": "ANPAIVMCEDV336RWUSNHG", "Arn": "arn:aws:iam::aws:policy/AmazonGuardDutyReadOnlyAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-28T22:29:40+00:00", "UpdateDate": "2021-02-16T23:37:57+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "guardduty:Describe*", "guardduty:Get*", "guardduty:List*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "organizations:ListDelegatedAdministrators", "organizations:ListAWSServiceAccessForOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribeAccount", "organizations:DescribeOrganization" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AmazonGuardDutyServiceRolePolicy": { "PolicyName": "AmazonGuardDutyServiceRolePolicy", "PolicyId": "ANPAIHZREZOWNSSA6FWQO", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonGuardDutyServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-28T20:12:59+00:00", "UpdateDate": "2021-08-03T23:14:07+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:DescribeImages", "ec2:DescribeVpcEndpoints", "ec2:DescribeSubnets", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeTransitGatewayAttachments", "organizations:ListAccounts", "organizations:DescribeAccount", "s3:GetBucketPublicAccessBlock", "s3:GetEncryptionConfiguration", "s3:GetBucketTagging", "s3:GetAccountPublicAccessBlock", "s3:ListAllMyBuckets", "s3:GetBucketAcl", "s3:GetBucketPolicy", "s3:GetBucketPolicyStatus" ], "Resource": "*" } ] }, "VersionId": "v4" }, "AmazonHealthLakeFullAccess": { "PolicyName": "AmazonHealthLakeFullAccess", "PolicyId": "ANPAZKAPJZG4OMJS7NARX", "Arn": "arn:aws:iam::aws:policy/AmazonHealthLakeFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-02-17T01:07:05+00:00", "UpdateDate": "2021-02-17T01:07:05+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "healthlake:*", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:GetBucketLocation", "iam:ListRoles" ], "Resource": "*", "Effect": "Allow" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "healthlake.amazonaws.com" } } } ] }, "VersionId": "v1" }, "AmazonHealthLakeReadOnlyAccess": { "PolicyName": "AmazonHealthLakeReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4MIFB6JFLV", "Arn": "arn:aws:iam::aws:policy/AmazonHealthLakeReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-02-17T02:43:31+00:00", "UpdateDate": "2021-02-17T02:43:31+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "healthlake:ListFHIRDatastores", "healthlake:DescribeFHIRDatastore", "healthlake:DescribeFHIRImportJob", "healthlake:DescribeFHIRExportJob", "healthlake:GetCapabilities", "healthlake:ReadResource", "healthlake:SearchWithGet", "healthlake:SearchWithPost" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonHoneycodeFullAccess": { "PolicyName": "AmazonHoneycodeFullAccess", "PolicyId": "ANPAZKAPJZG4ECUH6WAX6", "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-24T20:28:11+00:00", "UpdateDate": "2020-06-24T20:28:11+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "honeycode:*" ], "Resource": "*", "Effect": "Allow" } ] }, "VersionId": "v1" }, "AmazonHoneycodeReadOnlyAccess": { "PolicyName": "AmazonHoneycodeReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4CRFGMHZ3B", "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-24T20:28:16+00:00", "UpdateDate": "2020-12-01T17:27:53+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "honeycode:List*", "honeycode:Get*", "honeycode:Describe*", "honeycode:Query*" ], "Resource": "*", "Effect": "Allow" } ] }, "VersionId": "v2" }, "AmazonHoneycodeServiceRolePolicy": { "PolicyName": "AmazonHoneycodeServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4COQCKOKUQ", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonHoneycodeServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-11-18T18:03:08+00:00", "UpdateDate": "2020-11-18T18:03:08+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "sso:GetManagedApplicationInstance" ], "Resource": "*", "Effect": "Allow" } ] }, "VersionId": "v1" }, "AmazonHoneycodeTeamAssociationFullAccess": { "PolicyName": "AmazonHoneycodeTeamAssociationFullAccess", "PolicyId": "ANPAZKAPJZG4JH4KLR35J", "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeTeamAssociationFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-24T20:28:27+00:00", "UpdateDate": "2020-06-24T20:28:27+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "honeycode:ListTeamAssociations", "honeycode:ApproveTeamAssociation", "honeycode:RejectTeamAssociation" ], "Resource": "*", "Effect": "Allow" } ] }, "VersionId": "v1" }, "AmazonHoneycodeTeamAssociationReadOnlyAccess": { "PolicyName": "AmazonHoneycodeTeamAssociationReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4KRI4FOLPG", "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeTeamAssociationReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-24T20:27:46+00:00", "UpdateDate": "2020-06-24T20:27:46+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "honeycode:ListTeamAssociations" ], "Resource": "*", "Effect": "Allow" } ] }, "VersionId": "v1" }, "AmazonHoneycodeWorkbookFullAccess": { "PolicyName": "AmazonHoneycodeWorkbookFullAccess", "PolicyId": "ANPAZKAPJZG4OQLA2WKSW", "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeWorkbookFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-24T20:28:46+00:00", "UpdateDate": "2020-12-01T17:30:06+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "honeycode:GetScreenData", "honeycode:InvokeScreenAutomation", "honeycode:BatchCreateTableRows", "honeycode:BatchDeleteTableRows", "honeycode:BatchUpdateTableRows", "honeycode:BatchUpsertTableRows", "honeycode:DescribeTableDataImportJob", "honeycode:ListTableColumns", "honeycode:ListTableRows", "honeycode:ListTables", "honeycode:QueryTableRows", "honeycode:StartTableDataImportJob" ], "Resource": "*", "Effect": "Allow" } ] }, "VersionId": "v2" }, "AmazonHoneycodeWorkbookReadOnlyAccess": { "PolicyName": "AmazonHoneycodeWorkbookReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4GUHKYOSNH", "Arn": "arn:aws:iam::aws:policy/AmazonHoneycodeWorkbookReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-24T20:28:07+00:00", "UpdateDate": "2020-12-01T17:32:49+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "honeycode:GetScreenData", "honeycode:DescribeTableDataImportJob", "honeycode:ListTableColumns", "honeycode:ListTableRows", "honeycode:ListTables", "honeycode:QueryTableRows" ], "Resource": "*", "Effect": "Allow" } ] }, "VersionId": "v2" }, "AmazonInspectorFullAccess": { "PolicyName": "AmazonInspectorFullAccess", "PolicyId": "ANPAI7Y6NTA27NWNA5U5E", "Arn": "arn:aws:iam::aws:policy/AmazonInspectorFullAccess", "Path": "/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-10-07T17:08:04+00:00", "UpdateDate": "2017-12-21T14:53:31+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "inspector:*", "ec2:DescribeInstances", "ec2:DescribeTags", "sns:ListTopics", "events:DescribeRule", "events:ListRuleNamesByTarget" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": [ "inspector.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/inspector.amazonaws.com/AWSServiceRoleForAmazonInspector", "Condition": { "StringLike": { "iam:AWSServiceName": "inspector.amazonaws.com" } } } ] }, "VersionId": "v5" }, "AmazonInspectorReadOnlyAccess": { "PolicyName": "AmazonInspectorReadOnlyAccess", "PolicyId": "ANPAJXQNTHTEJ2JFRN2SE", "Arn": "arn:aws:iam::aws:policy/AmazonInspectorReadOnlyAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-10-07T17:08:01+00:00", "UpdateDate": "2019-10-01T15:17:54+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "inspector:Describe*", "inspector:Get*", "inspector:List*", "inspector:Preview*", "ec2:DescribeInstances", "ec2:DescribeTags", "sns:ListTopics", "events:DescribeRule", "events:ListRuleNamesByTarget" ], "Resource": "*" } ] }, "VersionId": "v4" }, "AmazonInspectorServiceRolePolicy": { "PolicyName": "AmazonInspectorServiceRolePolicy", "PolicyId": "ANPAJKBMSBWLU2TGXHHUQ", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonInspectorServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-21T15:48:27+00:00", "UpdateDate": "2020-09-11T17:12:02+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "directconnect:DescribeConnections", "directconnect:DescribeDirectConnectGateways", "directconnect:DescribeDirectConnectGatewayAssociations", "directconnect:DescribeDirectConnectGatewayAttachments", "directconnect:DescribeVirtualGateways", "directconnect:DescribeVirtualInterfaces", "directconnect:DescribeTags", "ec2:DescribeAvailabilityZones", "ec2:DescribeCustomerGateways", "ec2:DescribeInstances", "ec2:DescribeTags", "ec2:DescribeInternetGateways", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:DescribeManagedPrefixLists", "ec2:GetManagedPrefixListEntries", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeTransitGateways", "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribeTransitGatewayRouteTables", "ec2:SearchTransitGatewayRoutes", "ec2:DescribeTransitGatewayPeeringAttachments", "ec2:GetTransitGatewayRouteTablePropagations", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeRules", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth" ], "Resource": "*" } ] }, "VersionId": "v5" }, "AmazonKendraFullAccess": { "PolicyName": "AmazonKendraFullAccess", "PolicyId": "ANPAZKAPJZG4BK2ALV3AM", "Arn": "arn:aws:iam::aws:policy/AmazonKendraFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-03T16:15:37+00:00", "UpdateDate": "2019-12-03T16:15:37+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "kendra.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:ListRoles" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs", "ec2:DescribeSubnets" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:ListKeys", "kms:ListAliases", "kms:DescribeKey" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:GetBucketLocation" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "secretsmanager:ListSecrets" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "secretsmanager:CreateSecret", "secretsmanager:DescribeSecret" ], "Resource": "arn:aws:secretsmanager:*:*:secret:AmazonKendra-*" }, { "Effect": "Allow", "Action": "kendra:*", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonKendraReadOnlyAccess": { "PolicyName": "AmazonKendraReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4POKTT2LDN", "Arn": "arn:aws:iam::aws:policy/AmazonKendraReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-03T16:13:45+00:00", "UpdateDate": "2021-05-27T17:01:20+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kendra:Describe*", "kendra:List*", "kendra:Query", "kendra:GetQuerySuggestions" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonKeyspacesFullAccess": { "PolicyName": "AmazonKeyspacesFullAccess", "PolicyId": "ANPAZKAPJZG4HMS72N6JG", "Arn": "arn:aws:iam::aws:policy/AmazonKeyspacesFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-04-23T17:06:37+00:00", "UpdateDate": "2021-06-01T19:31:39+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cassandra:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeleteScheduledAction", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:DescribeScheduledActions", "application-autoscaling:PutScheduledAction", "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget", "kms:DescribeKey", "kms:ListAliases" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "cloudwatch:PutMetricAlarm" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/cassandra.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_CassandraTable", "Condition": { "StringLike": { "iam:AWSServiceName": "cassandra.application-autoscaling.amazonaws.com" } } } ] }, "VersionId": "v2" }, "AmazonKeyspacesReadOnlyAccess": { "PolicyName": "AmazonKeyspacesReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4LHLFMFIPN", "Arn": "arn:aws:iam::aws:policy/AmazonKeyspacesReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-04-23T17:07:14+00:00", "UpdateDate": "2021-06-01T19:32:47+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cassandra:Select" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:DescribeScheduledActions", "cloudwatch:DescribeAlarms", "kms:DescribeKey", "kms:ListAliases" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonKinesisAnalyticsFullAccess": { "PolicyName": "AmazonKinesisAnalyticsFullAccess", "PolicyId": "ANPAJQOSKHTXP43R7P5AC", "Arn": "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-09-21T19:01:14+00:00", "UpdateDate": "2016-09-21T19:01:14+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "kinesisanalytics:*", "Resource": "*" }, { "Effect": "Allow", "Action": [ "kinesis:CreateStream", "kinesis:DeleteStream", "kinesis:DescribeStream", "kinesis:ListStreams", "kinesis:PutRecord", "kinesis:PutRecords" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "firehose:DescribeDeliveryStream", "firehose:ListDeliveryStreams" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" ], "Resource": "*" }, { "Effect": "Allow", "Action": "logs:GetLogEvents", "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:ListPolicyVersions", "iam:ListRoles" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::*:role/service-role/kinesis-analytics*" } ] }, "VersionId": "v1" }, "AmazonKinesisAnalyticsReadOnly": { "PolicyName": "AmazonKinesisAnalyticsReadOnly", "PolicyId": "ANPAIJIEXZAFUK43U7ARK", "Arn": "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsReadOnly", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-09-21T18:16:43+00:00", "UpdateDate": "2016-09-21T18:16:43+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kinesisanalytics:Describe*", "kinesisanalytics:Get*", "kinesisanalytics:List*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kinesis:DescribeStream", "kinesis:ListStreams" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "firehose:DescribeDeliveryStream", "firehose:ListDeliveryStreams" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" ], "Resource": "*" }, { "Effect": "Allow", "Action": "logs:GetLogEvents", "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:ListPolicyVersions", "iam:ListRoles" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonKinesisFirehoseFullAccess": { "PolicyName": "AmazonKinesisFirehoseFullAccess", "PolicyId": "ANPAJMZQMTZ7FRBFHHAHI", "Arn": "arn:aws:iam::aws:policy/AmazonKinesisFirehoseFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-10-07T18:45:26+00:00", "UpdateDate": "2015-10-07T18:45:26+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "firehose:*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonKinesisFirehoseReadOnlyAccess": { "PolicyName": "AmazonKinesisFirehoseReadOnlyAccess", "PolicyId": "ANPAJ36NT645INW4K24W6", "Arn": "arn:aws:iam::aws:policy/AmazonKinesisFirehoseReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-10-07T18:43:39+00:00", "UpdateDate": "2015-10-07T18:43:39+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "firehose:Describe*", "firehose:List*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonKinesisFullAccess": { "PolicyName": "AmazonKinesisFullAccess", "PolicyId": "ANPAIVF32HAMOXCUYRAYE", "Arn": "arn:aws:iam::aws:policy/AmazonKinesisFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:29+00:00", "UpdateDate": "2015-02-06T18:40:29+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "kinesis:*", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonKinesisReadOnlyAccess": { "PolicyName": "AmazonKinesisReadOnlyAccess", "PolicyId": "ANPAIOCMTDT5RLKZ2CAJO", "Arn": "arn:aws:iam::aws:policy/AmazonKinesisReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:30+00:00", "UpdateDate": "2015-02-06T18:40:30+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kinesis:Get*", "kinesis:List*", "kinesis:Describe*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonKinesisVideoStreamsFullAccess": { "PolicyName": "AmazonKinesisVideoStreamsFullAccess", "PolicyId": "ANPAIZAN5AK7E7UVYIAZY", "Arn": "arn:aws:iam::aws:policy/AmazonKinesisVideoStreamsFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-12-01T23:27:18+00:00", "UpdateDate": "2017-12-01T23:27:18+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "kinesisvideo:*", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonKinesisVideoStreamsReadOnlyAccess": { "PolicyName": "AmazonKinesisVideoStreamsReadOnlyAccess", "PolicyId": "ANPAJDS2DKUCYTEA7M6UA", "Arn": "arn:aws:iam::aws:policy/AmazonKinesisVideoStreamsReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-12-01T23:14:32+00:00", "UpdateDate": "2017-12-01T23:14:32+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kinesisvideo:Describe*", "kinesisvideo:Get*", "kinesisvideo:List*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonLambdaRolePolicyForLaunchWizardSAP": { "PolicyName": "AmazonLambdaRolePolicyForLaunchWizardSAP", "PolicyId": "ANPAZKAPJZG4NMJOHL3TN", "Arn": "arn:aws:iam::aws:policy/AmazonLambdaRolePolicyForLaunchWizardSAP", "Path": "/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-03-30T20:25:12+00:00", "UpdateDate": "2020-12-04T16:00:56+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:CreateRoute", "ec2:DeleteRoute" ], "Resource": "arn:aws:ec2:*:*:route-table/*", "Condition": { "StringLike": { "ec2:ResourceTag/LaunchWizardApplicationType": "*" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": "*", "Condition": { "StringLike": { "ec2:ResourceTag/LaunchWizardApplicationType": "*" }, "ForAllValues:StringLike": { "aws:TagKeys": "LaunchWizard*" } } }, { "Effect": "Allow", "Action": [ "ssm:GetParameter" ], "Resource": "arn:aws:ssm:*:*:parameter/LaunchWizard*" }, { "Effect": "Allow", "Action": [ "ssm:GetDocument", "ssm:sendCommand" ], "Resource": [ "arn:aws:ssm:*:*:document/AWS-RunShellScript" ] }, { "Effect": "Allow", "Action": [ "ssm:SendCommand" ], "Resource": [ "arn:aws:ec2:*:*:instance/*" ], "Condition": { "StringLike": { "ssm:resourceTag/LaunchWizardApplicationType": "*" } } }, { "Effect": "Allow", "Action": [ "ssm:ListCommands", "ec2:DescribeVpcs", "ec2:DescribeRouteTables", "ec2:DescribeInstances", "ec2:DescribeTags", "ec2:DescribeInstanceAttribute", "ec2:ModifyInstanceAttribute" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:ListBucketVersions", "s3:GetObject", "s3:GetObjectVersion", "s3:GetObjectVersionAcl", "s3:PutObject", "s3:PutObjectTagging", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:DeleteBucket" ], "Resource": [ "arn:aws:s3:::launchwizard*" ] } ] }, "VersionId": "v5" }, "AmazonLaunchWizard_Fullaccess": { "PolicyName": "AmazonLaunchWizard_Fullaccess", "PolicyId": "ANPAZKAPJZG4ABPQ7BLC2", "Arn": "arn:aws:iam::aws:policy/AmazonLaunchWizard_Fullaccess", "Path": "/", "DefaultVersionId": "v10", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-08-06T17:47:30+00:00", "UpdateDate": "2021-05-24T23:04:20+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "applicationinsights:*", "Resource": "*" }, { "Effect": "Allow", "Action": "resource-groups:List*", "Resource": "*" }, { "Effect": "Allow", "Action": [ "route53:ChangeResourceRecordSets", "route53:GetChange", "route53:ListResourceRecordSets", "route53:ListHostedZones", "route53:ListHostedZonesByName" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:ListBucket", "s3:GetBucketLocation" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:ListKeys", "kms:ListAliases" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudwatch:List*", "cloudwatch:Get*", "cloudwatch:Describe*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CreateInternetGateway", "ec2:CreateNatGateway", "ec2:CreateVpc", "ec2:CreateKeyPair", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSubnet" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:AllocateAddress", "ec2:AllocateHosts", "ec2:AssignPrivateIpAddresses", "ec2:AssociateAddress", "ec2:CreateDhcpOptions", "ec2:CreateEgressOnlyInternetGateway", "ec2:CreateNetworkInterface", "ec2:CreateVolume", "ec2:CreateVpcEndpoint", "ec2:CreateTags", "ec2:DeleteTags", "ec2:RunInstances", "ec2:StartInstances", "ec2:ModifyInstanceAttribute", "ec2:ModifySubnetAttribute", "ec2:ModifyVolumeAttribute", "ec2:ModifyVpcAttribute", "ec2:AssociateDhcpOptions", "ec2:AssociateSubnetCidrBlock", "ec2:AttachInternetGateway", "ec2:AttachNetworkInterface", "ec2:AttachVolume", "ec2:DeleteDhcpOptions", "ec2:DeleteInternetGateway", "ec2:DeleteKeyPair", "ec2:DeleteNatGateway", "ec2:DeleteSecurityGroup", "ec2:DeleteVolume", "ec2:DeleteVpc", "ec2:DetachInternetGateway", "ec2:DetachVolume", "ec2:DeleteSnapshot", "ec2:AssociateRouteTable", "ec2:AssociateVpcCidrBlock", "ec2:DeleteNetworkAcl", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DeleteSubnet", "ec2:DetachNetworkInterface", "ec2:DisassociateAddress", "ec2:DisassociateVpcCidrBlock", "ec2:GetLaunchTemplateData", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifyVolume", "ec2:AuthorizeSecurityGroupEgress", "ec2:GetConsoleOutput", "ec2:GetPasswordData", "ec2:ReleaseAddress", "ec2:ReplaceRoute", "ec2:ReplaceRouteTableAssociation", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:DisassociateIamInstanceProfile", "ec2:DisassociateRouteTable", "ec2:DisassociateSubnetCidrBlock", "ec2:ModifyInstancePlacement", "ec2:DeletePlacementGroup", "ec2:CreatePlacementGroup", "elasticfilesystem:DeleteFileSystem", "elasticfilesystem:DeleteMountTarget", "ds:AddIpRoutes", "ds:CreateComputer", "ds:CreateMicrosoftAD", "ds:DeleteDirectory" ], "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "aws:CalledVia": "launchwizard.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "cloudformation:DescribeStack*", "cloudformation:Get*", "cloudformation:ListStacks", "cloudformation:SignalResource", "cloudformation:DeleteStack" ], "Resource": [ "arn:aws:cloudformation:*:*:stack/LaunchWizard*/*", "arn:aws:cloudformation:*:*:stack/ApplicationInsights*/*" ] }, { "Effect": "Allow", "Action": [ "ec2:StopInstances", "ec2:TerminateInstances" ], "Resource": "*", "Condition": { "StringLike": { "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/LaunchWizard-*/*" } } }, { "Effect": "Allow", "Action": [ "iam:CreateInstanceProfile", "iam:DeleteInstanceProfile", "iam:RemoveRoleFromInstanceProfile", "iam:AddRoleToInstanceProfile" ], "Resource": [ "arn:aws:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard*", "arn:aws:iam::*:instance-profile/LaunchWizard*" ] }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard*", "arn:aws:iam::*:role/service-role/AmazonLambdaRoleForLaunchWizard*", "arn:aws:iam::*:instance-profile/LaunchWizard*" ], "Condition": { "StringEqualsIfExists": { "iam:PassedToService": [ "lambda.amazonaws.com", "ec2.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "autoscaling:AttachInstances", "autoscaling:CreateAutoScalingGroup", "autoscaling:CreateLaunchConfiguration", "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteLaunchConfiguration", "autoscaling:UpdateAutoScalingGroup", "logs:CreateLogStream", "logs:DeleteLogGroup", "logs:DeleteLogStream", "logs:DescribeLog*", "logs:PutLogEvents", "resource-groups:CreateGroup", "resource-groups:DeleteGroup", "sns:ListSubscriptionsByTopic", "sns:Publish", "ssm:DeleteDocument", "ssm:DeleteParameter*", "ssm:DescribeDocument*", "ssm:GetDocument", "ssm:PutParameter" ], "Resource": [ "arn:aws:resource-groups:*:*:group/LaunchWizard*", "arn:aws:sns:*:*:*", "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/LaunchWizard*", "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/LaunchWizard*", "arn:aws:ssm:*:*:parameter/LaunchWizard*", "arn:aws:ssm:*:*:document/LaunchWizard*", "arn:aws:logs:*:*:log-group:*:*:*", "arn:aws:logs:*:*:log-group:LaunchWizard*" ] }, { "Effect": "Allow", "Action": "ssm:SendCommand", "Resource": "*", "Condition": { "ForAllValues:StringLike": { "aws:TagKeys": "LaunchWizard*" } } }, { "Effect": "Allow", "Action": [ "logs:DeleteLogStream", "logs:GetLogEvents", "logs:PutLogEvents", "ssm:AddTagsToResource", "ssm:DescribeDocument", "ssm:GetDocument", "ssm:ListTagsForResource", "ssm:RemoveTagsFromResource" ], "Resource": [ "arn:aws:logs:*:*:log-group:*:*:*", "arn:aws:logs:*:*:log-group:LaunchWizard*", "arn:aws:ssm:*:*:parameter/LaunchWizard*", "arn:aws:ssm:*:*:document/LaunchWizard*" ] }, { "Effect": "Allow", "Action": [ "autoscaling:Describe*", "cloudformation:DescribeAccountLimits", "cloudformation:DescribeStackDriftDetectionStatus", "cloudformation:List*", "ds:Describe*", "ds:ListAuthorizedApplications", "ec2:Describe*", "ec2:Get*", "iam:GetRole", "iam:GetRolePolicy", "iam:GetUser", "iam:GetPolicyVersion", "iam:GetPolicy", "iam:List*", "logs:CreateLogGroup", "logs:GetLogDelivery", "logs:GetLogRecord", "logs:ListLogDeliveries", "resource-groups:Get*", "resource-groups:List*", "servicequotas:GetServiceQuota", "servicequotas:ListServiceQuotas", "sns:ListSubscriptions", "sns:ListTopics", "ssm:CreateDocument", "ssm:DescribeAutomation*", "ssm:DescribeInstanceInformation", "ssm:DescribeParameters", "ssm:GetAutomationExecution", "ssm:GetCommandInvocation", "ssm:GetParameter*", "ssm:GetConnectionStatus", "ssm:ListCommand*", "ssm:ListDocument*", "ssm:ListInstanceAssociations", "ssm:SendAutomationSignal", "ssm:StartAutomationExecution", "ssm:StopAutomationExecution", "tag:Get*" ], "Resource": "*" }, { "Effect": "Allow", "Action": "logs:GetLog*", "Resource": [ "arn:aws:logs:*:*:log-group:*:*:*", "arn:aws:logs:*:*:log-group:LaunchWizard*" ] }, { "Effect": "Allow", "Action": [ "cloudformation:List*", "cloudformation:Describe*" ], "Resource": "arn:aws:cloudformation:*:*:stack/LaunchWizard*/" }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "autoscaling.amazonaws.com", "application-insights.amazonaws.com", "events.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": "launchwizard:*", "Resource": "*" }, { "Effect": "Allow", "Action": [ "sqs:TagQueue", "sqs:GetQueueUrl", "sqs:AddPermission", "sqs:ListQueues", "sqs:DeleteQueue", "sqs:GetQueueAttributes", "sqs:ListQueueTags", "sqs:CreateQueue", "sqs:SetQueueAttributes" ], "Resource": "arn:aws:sqs:*:*:LaunchWizard*" }, { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricAlarm", "iam:GetInstanceProfile", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms" ], "Resource": [ "arn:aws:cloudwatch:*:*:alarm:LaunchWizard*", "arn:aws:iam::*:instance-profile/LaunchWizard*" ] }, { "Effect": "Allow", "Action": [ "cloudformation:CreateStack", "route53:ListHostedZones", "ec2:CreateSecurityGroup", "ec2:AuthorizeSecurityGroupIngress", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:CreateFileSystem", "elasticfilesystem:CreateMountTarget", "elasticfilesystem:DescribeMountTargets", "elasticfilesystem:DescribeMountTargetSecurityGroups" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::launchwizard*", "arn:aws:s3:::launchwizard*/*", "arn:aws:s3:::aws-sap-data-provider/config.properties" ] }, { "Effect": "Allow", "Action": "cloudformation:TagResource", "Resource": "*", "Condition": { "ForAllValues:StringLike": { "aws:TagKeys": "LaunchWizard*" } } }, { "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:PutBucketVersioning", "s3:DeleteBucket", "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:InvokeFunction" ], "Resource": [ "arn:aws:lambda:*:*:function:LaunchWizard*", "arn:aws:s3:::launchwizard*" ] }, { "Effect": "Allow", "Action": [ "dynamodb:CreateTable", "dynamodb:DescribeTable", "dynamodb:DeleteTable" ], "Resource": "arn:aws:dynamodb:*:*:table/LaunchWizard*" }, { "Effect": "Allow", "Action": [ "secretsmanager:CreateSecret", "secretsmanager:DeleteSecret", "secretsmanager:TagResource", "secretsmanager:UntagResource", "secretsmanager:PutResourcePolicy", "secretsmanager:DeleteResourcePolicy", "secretsmanager:ListSecretVersionIds", "secretsmanager:GetSecretValue" ], "Resource": "arn:aws:secretsmanager:*:*:secret:LaunchWizard*" }, { "Effect": "Allow", "Action": [ "secretsmanager:GetRandomPassword", "secretsmanager:ListSecrets" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ssm:CreateOpsMetadata" ], "Resource": "*" }, { "Effect": "Allow", "Action": "ssm:DeleteOpsMetadata", "Resource": "arn:aws:ssm:*:*:opsmetadata/aws/ssm/LaunchWizard*" }, { "Effect": "Allow", "Action": [ "sns:CreateTopic", "sns:DeleteTopic", "sns:Subscribe", "sns:Unsubscribe" ], "Resource": "arn:aws:sns:*:*:LaunchWizard*" }, { "Effect": "Allow", "Action": [ "fsx:UntagResource", "fsx:TagResource", "fsx:DeleteFileSystem", "fsx:ListTagsForResource" ], "Resource": "*", "Condition": { "StringLike": { "aws:ResourceTag/Name": "LaunchWizard*" } } }, { "Effect": "Allow", "Action": [ "fsx:CreateFileSystem" ], "Resource": "*", "Condition": { "StringLike": { "aws:RequestTag/Name": [ "LaunchWizard*" ] } } }, { "Effect": "Allow", "Action": [ "fsx:DescribeFileSystems" ], "Resource": "*" } ] }, "VersionId": "v10" }, "AmazonLexChannelsAccess": { "PolicyName": "AmazonLexChannelsAccess", "PolicyId": "ANPAZKAPJZG4HVR6S6UVL", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonLexChannelsAccess", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-01-13T20:12:46+00:00", "UpdateDate": "2021-01-13T20:12:46+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "lex:ListBots" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonLexFullAccess": { "PolicyName": "AmazonLexFullAccess", "PolicyId": "ANPAJVLXDHKVC23HRTKSI", "Arn": "arn:aws:iam::aws:policy/AmazonLexFullAccess", "Path": "/", "DefaultVersionId": "v7", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-04-11T23:20:36+00:00", "UpdateDate": "2021-07-26T21:48:05+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:GetMetricStatistics", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "kms:DescribeKey", "kms:ListAliases", "lambda:GetPolicy", "lambda:ListFunctions", "lex:*", "polly:DescribeVoices", "polly:SynthesizeSpeech", "kendra:ListIndices", "iam:ListRoles", "s3:ListAllMyBuckets", "logs:DescribeLogGroups", "s3:GetBucketLocation" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "lambda:AddPermission", "lambda:RemovePermission" ], "Resource": "arn:aws:lambda:*:*:function:AmazonLex*", "Condition": { "StringEquals": { "lambda:Principal": "lex.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:GetRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots", "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels", "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*", "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*" ] }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "lex.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "channels.lex.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "lexv2.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "channels.lexv2.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots", "arn:aws:iam::*:role/aws-service-role/channels.lex.amazonaws.com/AWSServiceRoleForLexChannels", "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*", "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*" ] }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lex.amazonaws.com/AWSServiceRoleForLexBots" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "lex.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/lexv2.amazonaws.com/AWSServiceRoleForLexV2Bots*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "lexv2.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/channels.lexv2.amazonaws.com/AWSServiceRoleForLexV2Channels*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "channels.lexv2.amazonaws.com" ] } } } ] }, "VersionId": "v7" }, "AmazonLexReadOnly": { "PolicyName": "AmazonLexReadOnly", "PolicyId": "ANPAJGBI5LSMAJNDGBNAM", "Arn": "arn:aws:iam::aws:policy/AmazonLexReadOnly", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-04-11T23:13:33+00:00", "UpdateDate": "2021-07-26T22:04:56+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lex:GetBot", "lex:GetBotAlias", "lex:GetBotAliases", "lex:GetBots", "lex:GetBotChannelAssociation", "lex:GetBotChannelAssociations", "lex:GetBotVersions", "lex:GetBuiltinIntent", "lex:GetBuiltinIntents", "lex:GetBuiltinSlotTypes", "lex:GetIntent", "lex:GetIntents", "lex:GetIntentVersions", "lex:GetSlotType", "lex:GetSlotTypes", "lex:GetSlotTypeVersions", "lex:GetUtterancesView", "lex:DescribeBot", "lex:DescribeBotAlias", "lex:DescribeBotChannel", "lex:DescribeBotLocale", "lex:DescribeBotVersion", "lex:DescribeExport", "lex:DescribeImport", "lex:DescribeIntent", "lex:DescribeResourcePolicy", "lex:DescribeSlot", "lex:DescribeSlotType", "lex:ListBots", "lex:ListBotLocales", "lex:ListBotAliases", "lex:ListBotChannels", "lex:ListBotVersions", "lex:ListBuiltInIntents", "lex:ListBuiltInSlotTypes", "lex:ListExports", "lex:ListImports", "lex:ListIntents", "lex:ListSlots", "lex:ListSlotTypes", "lex:ListTagsForResource" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonLexRunBotsOnly": { "PolicyName": "AmazonLexRunBotsOnly", "PolicyId": "ANPAJVZGB5CM3N6YWJHBE", "Arn": "arn:aws:iam::aws:policy/AmazonLexRunBotsOnly", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-04-11T23:06:24+00:00", "UpdateDate": "2020-05-12T19:26:15+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "lex:PostContent", "lex:PostText", "lex:PutSession", "lex:GetSession", "lex:DeleteSession" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonLexV2BotPolicy": { "PolicyName": "AmazonLexV2BotPolicy", "PolicyId": "ANPAZKAPJZG4DXFCYFGBA", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonLexV2BotPolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-01-13T20:10:29+00:00", "UpdateDate": "2021-01-13T20:10:29+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "polly:SynthesizeSpeech" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AmazonLookoutEquipmentFullAccess": { "PolicyName": "AmazonLookoutEquipmentFullAccess", "PolicyId": "ANPAZKAPJZG4KPPCPGNJA", "Arn": "arn:aws:iam::aws:policy/AmazonLookoutEquipmentFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-04-08T15:52:08+00:00", "UpdateDate": "2021-05-05T16:46:56+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lookoutequipment:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": [ "lookoutequipment.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "kms:DescribeKey", "kms:RetireGrant", "kms:CreateGrant" ], "Resource": "*", "Condition": { "StringLike": { "kms:ViaService": "lookoutequipment.*.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "kms:DescribeKey" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonLookoutEquipmentReadOnlyAccess": { "PolicyName": "AmazonLookoutEquipmentReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4DNIMPJYBT", "Arn": "arn:aws:iam::aws:policy/AmazonLookoutEquipmentReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-05-05T16:47:55+00:00", "UpdateDate": "2021-05-05T16:47:55+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lookoutequipment:DescribeDataset", "lookoutequipment:DescribeDataIngestionJob", "lookoutequipment:DescribeModel", "lookoutequipment:DescribeInferenceScheduler", "lookoutequipment:ListDatasets", "lookoutequipment:ListDataIngestionJobs", "lookoutequipment:ListModels", "lookoutequipment:ListInferenceSchedulers", "lookoutequipment:ListInferenceExecutions", "lookoutequipment:ListTagsForResource" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonLookoutMetricsFullAccess": { "PolicyName": "AmazonLookoutMetricsFullAccess", "PolicyId": "ANPAZKAPJZG4CYQN5ZMMA", "Arn": "arn:aws:iam::aws:policy/AmazonLookoutMetricsFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-05-07T00:43:38+00:00", "UpdateDate": "2021-05-07T00:43:38+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lookoutmetrics:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "arn:aws:iam::*:role/*LookoutMetrics*", "Condition": { "StringEquals": { "iam:PassedToService": "lookoutmetrics.amazonaws.com" } } } ] }, "VersionId": "v1" }, "AmazonLookoutMetricsReadOnlyAccess": { "PolicyName": "AmazonLookoutMetricsReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4MP33SLV3F", "Arn": "arn:aws:iam::aws:policy/AmazonLookoutMetricsReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-05-07T00:43:34+00:00", "UpdateDate": "2021-05-07T00:43:34+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lookoutmetrics:DescribeMetricSet", "lookoutmetrics:ListMetricSets", "lookoutmetrics:DescribeAnomalyDetector", "lookoutmetrics:ListAnomalyDetectors", "lookoutmetrics:DescribeAnomalyDetectionExecutions", "lookoutmetrics:DescribeAlert", "lookoutmetrics:ListAlerts", "lookoutmetrics:ListTagsForResource", "lookoutmetrics:ListAnomalyGroupSummaries", "lookoutmetrics:ListAnomalyGroupTimeSeries", "lookoutmetrics:GetAnomalyGroup", "lookoutmetrics:GetDataQualityMetrics", "lookoutmetrics:GetSampleData", "lookoutmetrics:GetFeedback" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonLookoutVisionConsoleFullAccess": { "PolicyName": "AmazonLookoutVisionConsoleFullAccess", "PolicyId": "ANPAZKAPJZG4NJJ7RFZ5A", "Arn": "arn:aws:iam::aws:policy/AmazonLookoutVisionConsoleFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-05-11T19:37:17+00:00", "UpdateDate": "2021-05-11T19:37:17+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "LookoutVisionFullAccess", "Effect": "Allow", "Action": [ "lookoutvision:*" ], "Resource": "*" }, { "Sid": "LookoutVisionConsoleS3BucketSearchAccess", "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets" ], "Resource": "*" }, { "Sid": "LookoutVisionConsoleS3BucketFirstUseSetupAccess", "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:PutBucketVersioning", "s3:PutLifecycleConfiguration", "s3:PutEncryptionConfiguration", "s3:PutBucketPublicAccessBlock" ], "Resource": "arn:aws:s3:::lookoutvision-*" }, { "Sid": "LookoutVisionConsoleS3BucketAccess", "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetBucketLocation", "s3:GetBucketVersioning" ], "Resource": "arn:aws:s3:::lookoutvision-*" }, { "Sid": "LookoutVisionConsoleS3ObjectAccess", "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetObjectVersion", "s3:PutObject", "s3:AbortMultipartUpload", "s3:ListMultipartUploadParts" ], "Resource": "arn:aws:s3:::lookoutvision-*/*" }, { "Sid": "LookoutVisionConsoleDatasetLabelingToolsAccess", "Effect": "Allow", "Action": [ "groundtruthlabeling:RunGenerateManifestByCrawlingJob", "groundtruthlabeling:AssociatePatchToManifestJob", "groundtruthlabeling:DescribeConsoleJob" ], "Resource": "*" }, { "Sid": "LookoutVisionConsoleDashboardAccess", "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics" ], "Resource": "*" }, { "Sid": "LookoutVisionConsoleTagSelectorAccess", "Effect": "Allow", "Action": [ "tag:GetTagKeys", "tag:GetTagValues" ], "Resource": "*" }, { "Sid": "LookoutVisionConsoleKmsKeySelectorAccess", "Effect": "Allow", "Action": [ "kms:ListAliases" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonLookoutVisionConsoleReadOnlyAccess": { "PolicyName": "AmazonLookoutVisionConsoleReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4CE2DP5IDX", "Arn": "arn:aws:iam::aws:policy/AmazonLookoutVisionConsoleReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-05-11T19:32:02+00:00", "UpdateDate": "2021-05-11T19:32:02+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "LookoutVisionReadOnlyAccess", "Effect": "Allow", "Action": [ "lookoutvision:DescribeDataset", "lookoutvision:DescribeModel", "lookoutvision:DescribeProject", "lookoutvision:DescribeTrialDetection", "lookoutvision:ListDatasetEntries", "lookoutvision:ListModels", "lookoutvision:ListProjects", "lookoutvision:ListTagsForResource", "lookoutvision:ListTrialDetections" ], "Resource": "*" }, { "Sid": "LookoutVisionConsoleS3BucketSearchAccess", "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets" ], "Resource": "*" }, { "Sid": "LookoutVisionConsoleS3ObjectReadAccess", "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetObjectVersion" ], "Resource": "arn:aws:s3:::lookoutvision-*/*" }, { "Sid": "LookoutVisionConsoleDashboardAccess", "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonLookoutVisionFullAccess": { "PolicyName": "AmazonLookoutVisionFullAccess", "PolicyId": "ANPAZKAPJZG4CMORWIX77", "Arn": "arn:aws:iam::aws:policy/AmazonLookoutVisionFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-05-11T19:24:54+00:00", "UpdateDate": "2021-05-11T19:24:54+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "LookoutVisionFullAccess", "Effect": "Allow", "Action": [ "lookoutvision:*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonLookoutVisionReadOnlyAccess": { "PolicyName": "AmazonLookoutVisionReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4OJEEMR6Q3", "Arn": "arn:aws:iam::aws:policy/AmazonLookoutVisionReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-05-11T19:11:07+00:00", "UpdateDate": "2021-05-11T19:11:07+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "LookoutVisionReadOnlyAccess", "Effect": "Allow", "Action": [ "lookoutvision:DescribeDataset", "lookoutvision:DescribeModel", "lookoutvision:DescribeProject", "lookoutvision:ListDatasetEntries", "lookoutvision:ListModels", "lookoutvision:ListProjects", "lookoutvision:ListTagsForResource" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonMCSFullAccess": { "PolicyName": "AmazonMCSFullAccess", "PolicyId": "ANPAZKAPJZG4K6JRQY7NV", "Arn": "arn:aws:iam::aws:policy/AmazonMCSFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-03T13:45:25+00:00", "UpdateDate": "2020-04-17T19:19:29+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget", "application-autoscaling:PutScheduledAction", "application-autoscaling:DeleteScheduledAction", "application-autoscaling:DescribeScheduledActions" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cassandra:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "cloudwatch:PutMetricAlarm" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/cassandra.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_CassandraTable", "Condition": { "StringLike": { "iam:AWSServiceName": "cassandra.application-autoscaling.amazonaws.com" } } } ] }, "VersionId": "v2" }, "AmazonMCSReadOnlyAccess": { "PolicyName": "AmazonMCSReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4F6NKMXCNS", "Arn": "arn:aws:iam::aws:policy/AmazonMCSReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-03T13:46:21+00:00", "UpdateDate": "2020-04-17T19:21:34+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cassandra:Select" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:DescribeScheduledActions", "cloudwatch:DescribeAlarms" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonMQApiFullAccess": { "PolicyName": "AmazonMQApiFullAccess", "PolicyId": "ANPAI4CMO533EBV3L2GW4", "Arn": "arn:aws:iam::aws:policy/AmazonMQApiFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-12-18T20:31:31+00:00", "UpdateDate": "2020-11-04T16:45:35+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "mq:*", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DetachNetworkInterface", "ec2:DescribeInternetGateways", "ec2:DescribeNetworkInterfaces", "ec2:DescribeNetworkInterfacePermissions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogGroup" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/amazonmq/*" ] }, { "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "*", "Condition": { "StringLike": { "iam:AWSServiceName": "mq.amazonaws.com" } } } ] }, "VersionId": "v2" }, "AmazonMQApiReadOnlyAccess": { "PolicyName": "AmazonMQApiReadOnlyAccess", "PolicyId": "ANPAIKI5JRHKAFHXQJKMO", "Arn": "arn:aws:iam::aws:policy/AmazonMQApiReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-12-18T20:31:13+00:00", "UpdateDate": "2018-12-18T20:31:13+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "mq:Describe*", "mq:List*", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonMQFullAccess": { "PolicyName": "AmazonMQFullAccess", "PolicyId": "ANPAJLKBROJNQYDDXOOGG", "Arn": "arn:aws:iam::aws:policy/AmazonMQFullAccess", "Path": "/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-28T15:28:29+00:00", "UpdateDate": "2020-11-04T16:34:09+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "mq:*", "cloudformation:CreateStack", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DetachNetworkInterface", "ec2:DescribeInternetGateways", "ec2:DescribeNetworkInterfaces", "ec2:DescribeNetworkInterfacePermissions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:CreateSecurityGroup", "ec2:AuthorizeSecurityGroupIngress" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogGroup" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/amazonmq/*" ] }, { "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "*", "Condition": { "StringLike": { "iam:AWSServiceName": "mq.amazonaws.com" } } } ] }, "VersionId": "v5" }, "AmazonMQReadOnlyAccess": { "PolicyName": "AmazonMQReadOnlyAccess", "PolicyId": "ANPAJFH3NKGULDUU66D5C", "Arn": "arn:aws:iam::aws:policy/AmazonMQReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-28T15:30:32+00:00", "UpdateDate": "2017-11-28T19:02:03+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "mq:Describe*", "mq:List*", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonMQServiceRolePolicy": { "PolicyName": "AmazonMQServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4LFY3JJDI6", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonMQServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-11-04T16:07:17+00:00", "UpdateDate": "2020-11-04T16:07:17+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeVpcEndpoints" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CreateVpcEndpoint" ], "Resource": [ "arn:aws:ec2:*:*:vpc/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:security-group/*" ] }, { "Effect": "Allow", "Action": [ "ec2:CreateVpcEndpoint" ], "Resource": [ "arn:aws:ec2:*:*:vpc-endpoint/*" ], "Condition": { "StringEquals": { "aws:RequestTag/AMQManaged": "true" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", "Condition": { "StringEquals": { "ec2:CreateAction": "CreateVpcEndpoint" } } }, { "Effect": "Allow", "Action": [ "ec2:DeleteVpcEndpoints" ], "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", "Condition": { "StringEquals": { "ec2:ResourceTag/AMQManaged": "true" } } }, { "Effect": "Allow", "Action": [ "logs:PutLogEvents", "logs:DescribeLogStreams", "logs:DescribeLogGroups", "logs:CreateLogStream", "logs:CreateLogGroup" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/amazonmq/*" ] } ] }, "VersionId": "v1" }, "AmazonMSKFullAccess": { "PolicyName": "AmazonMSKFullAccess", "PolicyId": "ANPAJERQQQTWI5OMENTQE", "Arn": "arn:aws:iam::aws:policy/AmazonMSKFullAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-01-14T22:07:52+00:00", "UpdateDate": "2020-03-14T00:45:51+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kafka:*", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeSecurityGroups", "kms:DescribeKey", "kms:CreateGrant", "logs:CreateLogDelivery", "logs:GetLogDelivery", "logs:UpdateLogDelivery", "logs:DeleteLogDelivery", "logs:ListLogDeliveries", "S3:GetBucketPolicy", "logs:PutResourcePolicy", "logs:DescribeResourcePolicies", "logs:DescribeLogGroups", "firehose:TagDeliveryStream" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/kafka.amazonaws.com/AWSServiceRoleForKafka*", "Condition": { "StringLike": { "iam:AWSServiceName": "kafka.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:AttachRolePolicy", "iam:PutRolePolicy" ], "Resource": "arn:aws:iam::*:role/aws-service-role/kafka.amazonaws.com/AWSServiceRoleForKafka*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/delivery.logs.amazonaws.com/AWSServiceRoleForLogDelivery*", "Condition": { "StringLike": { "iam:AWSServiceName": "delivery.logs.amazonaws.com" } } } ] }, "VersionId": "v3" }, "AmazonMSKReadOnlyAccess": { "PolicyName": "AmazonMSKReadOnlyAccess", "PolicyId": "ANPAJGMUI3DP2EVP3VGYO", "Arn": "arn:aws:iam::aws:policy/AmazonMSKReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-01-14T22:28:45+00:00", "UpdateDate": "2019-01-14T22:28:45+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "kafka:Describe*", "kafka:List*", "kafka:Get*", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "kms:DescribeKey" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonMWAAServiceRolePolicy": { "PolicyName": "AmazonMWAAServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4JU5RBMG7W", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonMWAAServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-11-24T14:13:41+00:00", "UpdateDate": "2020-11-24T14:13:41+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:CreateLogGroup", "logs:DescribeLogGroups" ], "Resource": "arn:aws:logs:*:*:log-group:airflow-*:*" }, { "Effect": "Allow", "Action": [ "ec2:AttachNetworkInterface", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DescribeDhcpOptions", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:DetachNetworkInterface" ], "Resource": "*" }, { "Effect": "Allow", "Action": "ec2:CreateVpcEndpoint", "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", "Condition": { "ForAnyValue:StringEquals": { "aws:TagKeys": "AmazonMWAAManaged" } } }, { "Effect": "Allow", "Action": [ "ec2:ModifyVpcEndpoint", "ec2:DeleteVpcEndpoints" ], "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", "Condition": { "Null": { "aws:ResourceTag/AmazonMWAAManaged": false } } }, { "Effect": "Allow", "Action": [ "ec2:CreateVpcEndpoint", "ec2:ModifyVpcEndpoint" ], "Resource": [ "arn:aws:ec2:*:*:vpc/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:subnet/*" ] }, { "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": "arn:aws:ec2:*:*:vpc-endpoint/*", "Condition": { "StringEquals": { "ec2:CreateAction": "CreateVpcEndpoint" }, "ForAnyValue:StringEquals": { "aws:TagKeys": "AmazonMWAAManaged" } } } ] }, "VersionId": "v1" }, "AmazonMachineLearningBatchPredictionsAccess": { "PolicyName": "AmazonMachineLearningBatchPredictionsAccess", "PolicyId": "ANPAILOI4HTQSFTF3GQSC", "Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningBatchPredictionsAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-04-09T17:12:19+00:00", "UpdateDate": "2015-04-09T17:12:19+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "machinelearning:CreateBatchPrediction", "machinelearning:DeleteBatchPrediction", "machinelearning:DescribeBatchPredictions", "machinelearning:GetBatchPrediction", "machinelearning:UpdateBatchPrediction" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonMachineLearningCreateOnlyAccess": { "PolicyName": "AmazonMachineLearningCreateOnlyAccess", "PolicyId": "ANPAJDRUNIC2RYAMAT3CK", "Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningCreateOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-04-09T17:18:09+00:00", "UpdateDate": "2016-06-29T20:55:03+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "machinelearning:Add*", "machinelearning:Create*", "machinelearning:Delete*", "machinelearning:Describe*", "machinelearning:Get*" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonMachineLearningFullAccess": { "PolicyName": "AmazonMachineLearningFullAccess", "PolicyId": "ANPAIWKW6AGSGYOQ5ERHC", "Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-04-09T17:25:41+00:00", "UpdateDate": "2015-04-09T17:25:41+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "machinelearning:*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonMachineLearningManageRealTimeEndpointOnlyAccess": { "PolicyName": "AmazonMachineLearningManageRealTimeEndpointOnlyAccess", "PolicyId": "ANPAJJL3PC3VCSVZP6OCI", "Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningManageRealTimeEndpointOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-04-09T17:32:41+00:00", "UpdateDate": "2015-04-09T17:32:41+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "machinelearning:CreateRealtimeEndpoint", "machinelearning:DeleteRealtimeEndpoint" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonMachineLearningReadOnlyAccess": { "PolicyName": "AmazonMachineLearningReadOnlyAccess", "PolicyId": "ANPAIW5VYBCGEX56JCINC", "Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-04-09T17:40:02+00:00", "UpdateDate": "2015-04-09T17:40:02+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "machinelearning:Describe*", "machinelearning:Get*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonMachineLearningRealTimePredictionOnlyAccess": { "PolicyName": "AmazonMachineLearningRealTimePredictionOnlyAccess", "PolicyId": "ANPAIWMCNQPRWMWT36GVQ", "Arn": "arn:aws:iam::aws:policy/AmazonMachineLearningRealTimePredictionOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-04-09T17:44:06+00:00", "UpdateDate": "2015-04-09T17:44:06+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "machinelearning:Predict" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonMachineLearningRoleforRedshiftDataSourceV3": { "PolicyName": "AmazonMachineLearningRoleforRedshiftDataSourceV3", "PolicyId": "ANPAZKAPJZG4DIXIZO4E2", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonMachineLearningRoleforRedshiftDataSourceV3", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-24T18:00:09+00:00", "UpdateDate": "2020-06-24T18:00:09+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateSecurityGroup", "ec2:DescribeInternetGateways", "ec2:DescribeSecurityGroups", "ec2:RevokeSecurityGroupIngress", "redshift:AuthorizeClusterSecurityGroupIngress", "redshift:CreateClusterSecurityGroup", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "redshift:ModifyCluster", "redshift:RevokeClusterSecurityGroupIngress" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:PutBucketPolicy", "s3:GetBucketLocation", "s3:GetBucketPolicy", "s3:GetObject", "s3:PutObject" ], "Resource": "arn:aws:s3:::amazon-machine-learning*" } ] }, "VersionId": "v1" }, "AmazonMacieFullAccess": { "PolicyName": "AmazonMacieFullAccess", "PolicyId": "ANPAJJF2N5FR6S5TZN5OA", "Arn": "arn:aws:iam::aws:policy/AmazonMacieFullAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-08-14T14:54:30+00:00", "UpdateDate": "2020-05-13T19:05:16+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Resource": "*", "Action": [ "macie:*", "macie2:*" ] }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringLike": { "iam:AWSServiceName": "macie.amazonaws.com" } } } ] }, "VersionId": "v3" }, "AmazonMacieHandshakeRole": { "PolicyName": "AmazonMacieHandshakeRole", "PolicyId": "ANPAJ7CVEIVL347MLOVKI", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonMacieHandshakeRole", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-06-28T15:46:10+00:00", "UpdateDate": "2018-06-28T15:46:10+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "iam:AWSServiceName": "macie.amazonaws.com" } } } ] }, "VersionId": "v1" }, "AmazonMacieServiceRole": { "PolicyName": "AmazonMacieServiceRole", "PolicyId": "ANPAJVV7PON3FPBL2PSGC", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonMacieServiceRole", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-08-14T14:53:26+00:00", "UpdateDate": "2017-08-14T14:53:26+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Resource": "*", "Action": [ "s3:Get*", "s3:List*" ] } ] }, "VersionId": "v1" }, "AmazonMacieServiceRolePolicy": { "PolicyName": "AmazonMacieServiceRolePolicy", "PolicyId": "ANPAJPLHONRH2HP2H6TNQ", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonMacieServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-06-19T22:17:38+00:00", "UpdateDate": "2021-04-13T17:55:07+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudtrail:DescribeTrails", "cloudtrail:GetEventSelectors", "cloudtrail:GetTrailStatus", "cloudtrail:ListTags", "cloudtrail:LookupEvents", "iam:ListAccountAliases", "organizations:DescribeAccount", "organizations:ListAccounts", "s3:GetAccountPublicAccessBlock", "s3:ListAllMyBuckets", "s3:GetBucketAcl", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketPolicy", "s3:GetBucketPolicyStatus", "s3:GetBucketPublicAccessBlock", "s3:GetBucketTagging", "s3:GetBucketVersioning", "s3:GetBucketWebsite", "s3:GetEncryptionConfiguration", "s3:GetLifecycleConfiguration", "s3:GetReplicationConfiguration", "s3:ListBucket", "s3:GetObject", "s3:GetObjectAcl", "s3:GetObjectTagging" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudtrail:CreateTrail", "cloudtrail:StartLogging", "cloudtrail:StopLogging", "cloudtrail:UpdateTrail", "cloudtrail:DeleteTrail", "cloudtrail:PutEventSelectors" ], "Resource": "arn:aws:cloudtrail:*:*:trail/AWSMacieTrail-DO-NOT-EDIT" }, { "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteBucketPolicy", "s3:DeleteBucketWebsite", "s3:DeleteObject", "s3:DeleteObjectTagging", "s3:DeleteObjectVersion", "s3:DeleteObjectVersionTagging", "s3:PutBucketPolicy" ], "Resource": [ "arn:aws:s3:::awsmacie-*", "arn:aws:s3:::awsmacietrail-*", "arn:aws:s3:::*-awsmacietrail-*" ] }, { "Effect": "Allow", "Action": [ "logs:CreateLogGroup" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/macie/*" ] }, { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/macie/*:log-stream:*" ] } ] }, "VersionId": "v5" }, "AmazonMacieSetupRole": { "PolicyName": "AmazonMacieSetupRole", "PolicyId": "ANPAJ5DC6UBVKND7ADSKA", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonMacieSetupRole", "Path": "/service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-08-14T14:53:34+00:00", "UpdateDate": "2019-09-27T18:41:21+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Resource": "*", "Action": [ "cloudtrail:DescribeTrails", "cloudtrail:GetEventSelectors", "cloudtrail:GetTrailStatus", "cloudtrail:ListTags", "cloudtrail:LookupEvents", "iam:ListAccountAliases", "s3:GetBucket*", "s3:ListBucket", "s3:ListAllMyBuckets" ] }, { "Effect": "Allow", "Resource": "arn:aws:cloudtrail:*:*:trail/AWSMacieTrail-DO-NOT-EDIT", "Action": [ "cloudtrail:CreateTrail", "cloudtrail:StartLogging", "cloudtrail:StopLogging", "cloudtrail:UpdateTrail", "cloudtrail:DeleteTrail", "cloudtrail:PutEventSelectors" ] }, { "Effect": "Allow", "Resource": [ "arn:aws:s3:::awsmacie-*", "arn:aws:s3:::awsmacietrail-*", "arn:aws:s3:::*-awsmacietrail-*" ], "Action": [ "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteBucketPolicy", "s3:DeleteBucketWebsite", "s3:DeleteObject", "s3:DeleteObjectTagging", "s3:DeleteObjectVersion", "s3:DeleteObjectVersionTagging", "s3:PutBucketPolicy" ] } ] }, "VersionId": "v2" }, "AmazonManagedBlockchainConsoleFullAccess": { "PolicyName": "AmazonManagedBlockchainConsoleFullAccess", "PolicyId": "ANPAZKAPJZG4ONVQBFILL", "Arn": "arn:aws:iam::aws:policy/AmazonManagedBlockchainConsoleFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-04-29T21:23:25+00:00", "UpdateDate": "2019-04-29T21:23:25+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "managedblockchain:*", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:CreateVpcEndpoint", "kms:ListAliases", "kms:DescribeKey" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonManagedBlockchainFullAccess": { "PolicyName": "AmazonManagedBlockchainFullAccess", "PolicyId": "ANPAZKAPJZG4CGBOJKRYD", "Arn": "arn:aws:iam::aws:policy/AmazonManagedBlockchainFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-04-29T21:39:29+00:00", "UpdateDate": "2019-04-29T21:39:29+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "managedblockchain:*" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AmazonManagedBlockchainReadOnlyAccess": { "PolicyName": "AmazonManagedBlockchainReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4OIIAURVWV", "Arn": "arn:aws:iam::aws:policy/AmazonManagedBlockchainReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-04-30T18:17:31+00:00", "UpdateDate": "2019-04-30T18:17:31+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "managedblockchain:Get*", "managedblockchain:List*" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AmazonManagedBlockchainServiceRolePolicy": { "PolicyName": "AmazonManagedBlockchainServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4MMO7477QN", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonManagedBlockchainServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-01-17T19:51:28+00:00", "UpdateDate": "2020-01-17T19:51:28+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "logs:CreateLogGroup" ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/managedblockchain/*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/managedblockchain/*:log-stream:*" ] } ] }, "VersionId": "v1" }, "AmazonMechanicalTurkFullAccess": { "PolicyName": "AmazonMechanicalTurkFullAccess", "PolicyId": "ANPAJDGCL5BET73H5QIQC", "Arn": "arn:aws:iam::aws:policy/AmazonMechanicalTurkFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-12-11T19:08:19+00:00", "UpdateDate": "2015-12-11T19:08:19+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "mechanicalturk:*" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AmazonMechanicalTurkReadOnly": { "PolicyName": "AmazonMechanicalTurkReadOnly", "PolicyId": "ANPAIO5IY3G3WXSX5PPRM", "Arn": "arn:aws:iam::aws:policy/AmazonMechanicalTurkReadOnly", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-12-11T19:08:28+00:00", "UpdateDate": "2019-09-25T21:06:26+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "mechanicalturk:Get*", "mechanicalturk:List*" ], "Resource": [ "*" ] } ] }, "VersionId": "v3" }, "AmazonMobileAnalyticsFinancialReportAccess": { "PolicyName": "AmazonMobileAnalyticsFinancialReportAccess", "PolicyId": "ANPAJKJHO2R27TXKCWBU4", "Arn": "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFinancialReportAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:35+00:00", "UpdateDate": "2015-02-06T18:40:35+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "mobileanalytics:GetReports", "mobileanalytics:GetFinancialReports" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonMobileAnalyticsFullAccess": { "PolicyName": "AmazonMobileAnalyticsFullAccess", "PolicyId": "ANPAIJIKLU2IJ7WJ6DZFG", "Arn": "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:34+00:00", "UpdateDate": "2015-02-06T18:40:34+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "mobileanalytics:*", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonMobileAnalyticsNon-financialReportAccess": { "PolicyName": "AmazonMobileAnalyticsNon-financialReportAccess", "PolicyId": "ANPAIQLKQ4RXPUBBVVRDE", "Arn": "arn:aws:iam::aws:policy/AmazonMobileAnalyticsNon-financialReportAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:36+00:00", "UpdateDate": "2015-02-06T18:40:36+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "mobileanalytics:GetReports", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonMobileAnalyticsWriteOnlyAccess": { "PolicyName": "AmazonMobileAnalyticsWriteOnlyAccess", "PolicyId": "ANPAJ5TAWBBQC2FAL3G6G", "Arn": "arn:aws:iam::aws:policy/AmazonMobileAnalyticsWriteOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:37+00:00", "UpdateDate": "2015-02-06T18:40:37+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "mobileanalytics:PutEvents", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonMonitronFullAccess": { "PolicyName": "AmazonMonitronFullAccess", "PolicyId": "ANPAZKAPJZG4MHDVZEITQ", "Arn": "arn:aws:iam::aws:policy/AmazonMonitronFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-02T22:40:28+00:00", "UpdateDate": "2020-12-02T22:40:28+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "monitron.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "monitron:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:ListKeys", "kms:DescribeKey", "kms:ListAliases" ], "Resource": "*" }, { "Effect": "Allow", "Action": "kms:CreateGrant", "Resource": "*", "Condition": { "StringLike": { "kms:ViaService": [ "monitron.*.amazonaws.com" ] }, "Bool": { "kms:GrantIsForAWSResource": true } } }, { "Sid": "AWSSSOPermissions", "Effect": "Allow", "Action": [ "organizations:DescribeAccount", "organizations:DescribeOrganization", "ds:DescribeDirectories", "ds:DescribeTrusts" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonNimbleStudio-LaunchProfileWorker": { "PolicyName": "AmazonNimbleStudio-LaunchProfileWorker", "PolicyId": "ANPAZKAPJZG4G3GPJQ7LQ", "Arn": "arn:aws:iam::aws:policy/AmazonNimbleStudio-LaunchProfileWorker", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-04-28T04:47:02+00:00", "UpdateDate": "2021-04-28T04:47:02+00:00", "Document": { "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "fsx:DescribeFileSystems", "ds:DescribeDirectories" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "aws:CalledViaLast": "nimble.amazonaws.com" } }, "Sid": "GetLaunchProfileInitializationDependencies" } ], "Version": "2012-10-17" }, "VersionId": "v1" }, "AmazonNimbleStudio-StudioAdmin": { "PolicyName": "AmazonNimbleStudio-StudioAdmin", "PolicyId": "ANPAZKAPJZG4PTQDL2ND4", "Arn": "arn:aws:iam::aws:policy/AmazonNimbleStudio-StudioAdmin", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-04-28T04:47:36+00:00", "UpdateDate": "2021-04-28T04:47:36+00:00", "Document": { "Statement": [ { "Sid": "StudioAdminFullAccess", "Effect": "Allow", "Action": [ "nimble:CreateStreamingSession", "nimble:GetStreamingSession", "nimble:CreateStreamingSessionStream", "nimble:GetStreamingSessionStream", "nimble:DeleteStreamingSession", "nimble:ListEulas", "nimble:ListEulaAcceptances", "nimble:GetEula", "nimble:AcceptEulas", "nimble:ListStudioMembers", "nimble:GetStudioMember", "nimble:ListStreamingSessions", "nimble:GetStreamingImage", "nimble:ListStreamingImages", "nimble:GetLaunchProfileInitialization", "nimble:GetLaunchProfileDetails", "nimble:GetFeatureMap", "nimble:PutStudioLogEvents", "nimble:ListLaunchProfiles", "nimble:GetLaunchProfile", "nimble:GetLaunchProfileMember", "nimble:ListLaunchProfileMembers", "nimble:PutLaunchProfileMembers", "nimble:UpdateLaunchProfileMember", "nimble:DeleteLaunchProfileMember" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "sso-directory:DescribeUsers", "sso-directory:SearchUsers" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ds:CreateComputer", "ds:DescribeDirectories", "ec2:DescribeSubnets", "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterfacePermission", "ec2:DescribeSecurityGroups", "fsx:DescribeFileSystems" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "aws:CalledViaLast": "nimble.amazonaws.com" } } } ], "Version": "2012-10-17" }, "VersionId": "v1" }, "AmazonNimbleStudio-StudioUser": { "PolicyName": "AmazonNimbleStudio-StudioUser", "PolicyId": "ANPAZKAPJZG4CA37MTXJV", "Arn": "arn:aws:iam::aws:policy/AmazonNimbleStudio-StudioUser", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-04-28T04:48:11+00:00", "UpdateDate": "2021-08-16T18:26:50+00:00", "Document": { "Statement": [ { "Effect": "Allow", "Action": [ "ds:CreateComputer", "ec2:DescribeSubnets", "ec2:CreateNetworkInterfacePermission", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterfacePermission", "ec2:DeleteNetworkInterface", "ec2:CreateNetworkInterface", "ec2:DescribeSecurityGroups", "fsx:DescribeFileSystems", "ds:DescribeDirectories" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "aws:CalledViaLast": "nimble.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "sso-directory:DescribeUsers", "sso-directory:SearchUsers" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "nimble:ListLaunchProfiles" ], "Resource": "*", "Condition": { "StringEquals": { "nimble:requesterPrincipalId": "${nimble:principalId}" } } }, { "Effect": "Allow", "Action": [ "nimble:ListStudioMembers", "nimble:GetStudioMember", "nimble:ListEulas", "nimble:ListEulaAcceptances", "nimble:GetFeatureMap", "nimble:PutStudioLogEvents" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "nimble:DeleteStreamingSession", "nimble:GetStreamingSession", "nimble:CreateStreamingSessionStream", "nimble:GetStreamingSessionStream", "nimble:ListStreamingSessions" ], "Resource": "*", "Condition": { "StringEquals": { "nimble:ownedBy": "${nimble:requesterPrincipalId}" } } } ], "Version": "2012-10-17" }, "VersionId": "v2" }, "AmazonPersonalizeFullAccess": { "PolicyName": "AmazonPersonalizeFullAccess", "PolicyId": "ANPAJ45XBPPZNI3MMVAUK", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonPersonalizeFullAccess", "Path": "/service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-12-04T22:24:33+00:00", "UpdateDate": "2019-05-30T23:46:59+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "personalize:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData", "cloudwatch:ListMetrics" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::*Personalize*", "arn:aws:s3:::*personalize*" ] }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "personalize.amazonaws.com" } } } ] }, "VersionId": "v2" }, "AmazonPollyFullAccess": { "PolicyName": "AmazonPollyFullAccess", "PolicyId": "ANPAJUZOYQU6XQYPR7EWS", "Arn": "arn:aws:iam::aws:policy/AmazonPollyFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-11-30T18:59:06+00:00", "UpdateDate": "2016-11-30T18:59:06+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "polly:*" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AmazonPollyReadOnlyAccess": { "PolicyName": "AmazonPollyReadOnlyAccess", "PolicyId": "ANPAJ5FENL3CVPL2FPDLA", "Arn": "arn:aws:iam::aws:policy/AmazonPollyReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-11-30T18:59:24+00:00", "UpdateDate": "2018-07-17T16:41:07+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "polly:DescribeVoices", "polly:GetLexicon", "polly:GetSpeechSynthesisTask", "polly:ListLexicons", "polly:ListSpeechSynthesisTasks", "polly:SynthesizeSpeech" ], "Resource": [ "*" ] } ] }, "VersionId": "v2" }, "AmazonPrometheusConsoleFullAccess": { "PolicyName": "AmazonPrometheusConsoleFullAccess", "PolicyId": "ANPAZKAPJZG4P7IR2JZ6H", "Arn": "arn:aws:iam::aws:policy/AmazonPrometheusConsoleFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-15T18:11:10+00:00", "UpdateDate": "2020-12-15T18:11:10+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "aps:CreateWorkspace", "aps:DescribeWorkspace", "aps:UpdateWorkspaceAlias", "aps:DeleteWorkspace", "aps:ListWorkspaces" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonPrometheusFullAccess": { "PolicyName": "AmazonPrometheusFullAccess", "PolicyId": "ANPAZKAPJZG4POZK2DGLM", "Arn": "arn:aws:iam::aws:policy/AmazonPrometheusFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-15T18:10:46+00:00", "UpdateDate": "2020-12-15T18:10:46+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "aps:*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonPrometheusQueryAccess": { "PolicyName": "AmazonPrometheusQueryAccess", "PolicyId": "ANPAZKAPJZG4GQ2MT4E46", "Arn": "arn:aws:iam::aws:policy/AmazonPrometheusQueryAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-19T01:02:58+00:00", "UpdateDate": "2020-12-19T01:02:58+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "aps:GetLabels", "aps:GetMetricMetadata", "aps:GetSeries", "aps:QueryMetrics" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonPrometheusRemoteWriteAccess": { "PolicyName": "AmazonPrometheusRemoteWriteAccess", "PolicyId": "ANPAZKAPJZG4JHMXH2L3T", "Arn": "arn:aws:iam::aws:policy/AmazonPrometheusRemoteWriteAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-19T01:04:32+00:00", "UpdateDate": "2020-12-19T01:04:32+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "aps:RemoteWrite" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonQLDBConsoleFullAccess": { "PolicyName": "AmazonQLDBConsoleFullAccess", "PolicyId": "ANPAZKAPJZG4H2DEHAFRU", "Arn": "arn:aws:iam::aws:policy/AmazonQLDBConsoleFullAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-09-05T18:24:20+00:00", "UpdateDate": "2021-05-27T17:22:17+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "qldb:CreateLedger", "qldb:UpdateLedger", "qldb:UpdateLedgerPermissionsMode", "qldb:DeleteLedger", "qldb:ListLedgers", "qldb:DescribeLedger", "qldb:ExportJournalToS3", "qldb:ListJournalS3Exports", "qldb:ListJournalS3ExportsForLedger", "qldb:DescribeJournalS3Export", "qldb:CancelJournalKinesisStream", "qldb:DescribeJournalKinesisStream", "qldb:ListJournalKinesisStreamsForLedger", "qldb:StreamJournalToKinesis", "qldb:GetBlock", "qldb:GetDigest", "qldb:GetRevision", "qldb:TagResource", "qldb:UntagResource", "qldb:ListTagsForResource", "qldb:SendCommand", "qldb:ExecuteStatement", "qldb:ShowCatalog", "qldb:InsertSampleData", "qldb:PartiQLCreateTable", "qldb:PartiQLCreateIndex", "qldb:PartiQLDropTable", "qldb:PartiQLDropIndex", "qldb:PartiQLUndropTable", "qldb:PartiQLDelete", "qldb:PartiQLInsert", "qldb:PartiQLUpdate", "qldb:PartiQLSelect", "qldb:PartiQLHistoryFunction" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "dbqms:*" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "kinesis:ListStreams", "kinesis:DescribeStream" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v3" }, "AmazonQLDBFullAccess": { "PolicyName": "AmazonQLDBFullAccess", "PolicyId": "ANPAZKAPJZG4HHBBWGE2J", "Arn": "arn:aws:iam::aws:policy/AmazonQLDBFullAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-09-05T18:23:32+00:00", "UpdateDate": "2021-05-27T17:15:06+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "qldb:CreateLedger", "qldb:UpdateLedger", "qldb:UpdateLedgerPermissionsMode", "qldb:DeleteLedger", "qldb:ListLedgers", "qldb:DescribeLedger", "qldb:ExportJournalToS3", "qldb:ListJournalS3Exports", "qldb:ListJournalS3ExportsForLedger", "qldb:DescribeJournalS3Export", "qldb:CancelJournalKinesisStream", "qldb:DescribeJournalKinesisStream", "qldb:ListJournalKinesisStreamsForLedger", "qldb:StreamJournalToKinesis", "qldb:GetDigest", "qldb:GetRevision", "qldb:GetBlock", "qldb:TagResource", "qldb:UntagResource", "qldb:ListTagsForResource", "qldb:SendCommand", "qldb:PartiQLCreateTable", "qldb:PartiQLCreateIndex", "qldb:PartiQLDropTable", "qldb:PartiQLDropIndex", "qldb:PartiQLUndropTable", "qldb:PartiQLDelete", "qldb:PartiQLInsert", "qldb:PartiQLUpdate", "qldb:PartiQLSelect", "qldb:PartiQLHistoryFunction" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AmazonQLDBReadOnly": { "PolicyName": "AmazonQLDBReadOnly", "PolicyId": "ANPAZKAPJZG4IC74JOQJR", "Arn": "arn:aws:iam::aws:policy/AmazonQLDBReadOnly", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-09-05T18:19:24+00:00", "UpdateDate": "2021-07-02T02:17:25+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "qldb:ListLedgers", "qldb:DescribeLedger", "qldb:ListJournalS3Exports", "qldb:ListJournalS3ExportsForLedger", "qldb:DescribeJournalS3Export", "qldb:DescribeJournalKinesisStream", "qldb:ListJournalKinesisStreamsForLedger", "qldb:GetBlock", "qldb:GetDigest", "qldb:GetRevision", "qldb:ListTagsForResource" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AmazonRDSBetaServiceRolePolicy": { "PolicyName": "AmazonRDSBetaServiceRolePolicy", "PolicyId": "ANPAJ36CJAE6OYAR4YEK4", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSBetaServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-05-02T19:41:04+00:00", "UpdateDate": "2020-11-18T22:40:34+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AllocateAddress", "ec2:AssociateAddress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeCoipPools", "ec2:DescribeInternetGateways", "ec2:DescribeLocalGatewayRouteTables", "ec2:DescribeLocalGatewayRouteTableVpcAssociations", "ec2:DescribeLocalGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "ec2:DisassociateAddress", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifyVpcEndpoint", "ec2:ReleaseAddress", "ec2:RevokeSecurityGroupIngress", "ec2:CreateVpcEndpoint", "ec2:DescribeVpcEndpoints", "ec2:DeleteVpcEndpoints" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogGroup" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/rds/*" ] }, { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*" ] }, { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData" ], "Resource": "*", "Condition": { "StringEquals": { "cloudwatch:namespace": "AWS/RDS" } } } ] }, "VersionId": "v5" }, "AmazonRDSDataFullAccess": { "PolicyName": "AmazonRDSDataFullAccess", "PolicyId": "ANPAJ5HUMNZCSW4IC74T6", "Arn": "arn:aws:iam::aws:policy/AmazonRDSDataFullAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-20T21:29:36+00:00", "UpdateDate": "2019-11-20T21:58:46+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "SecretsManagerDbCredentialsAccess", "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue", "secretsmanager:PutResourcePolicy", "secretsmanager:PutSecretValue", "secretsmanager:DeleteSecret", "secretsmanager:DescribeSecret", "secretsmanager:TagResource" ], "Resource": "arn:aws:secretsmanager:*:*:secret:rds-db-credentials/*" }, { "Sid": "RDSDataServiceAccess", "Effect": "Allow", "Action": [ "dbqms:CreateFavoriteQuery", "dbqms:DescribeFavoriteQueries", "dbqms:UpdateFavoriteQuery", "dbqms:DeleteFavoriteQueries", "dbqms:GetQueryString", "dbqms:CreateQueryHistory", "dbqms:DescribeQueryHistory", "dbqms:UpdateQueryHistory", "dbqms:DeleteQueryHistory", "rds-data:ExecuteSql", "rds-data:ExecuteStatement", "rds-data:BatchExecuteStatement", "rds-data:BeginTransaction", "rds-data:CommitTransaction", "rds-data:RollbackTransaction", "secretsmanager:CreateSecret", "secretsmanager:ListSecrets", "secretsmanager:GetRandomPassword", "tag:GetResources" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AmazonRDSDirectoryServiceAccess": { "PolicyName": "AmazonRDSDirectoryServiceAccess", "PolicyId": "ANPAIL4KBY57XWMYUHKUU", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess", "Path": "/service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-02-26T02:02:05+00:00", "UpdateDate": "2019-05-15T16:51:50+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ds:DescribeDirectories", "ds:AuthorizeApplication", "ds:UnauthorizeApplication", "ds:GetAuthorizedApplicationDetails" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonRDSEnhancedMonitoringRole": { "PolicyName": "AmazonRDSEnhancedMonitoringRole", "PolicyId": "ANPAJV7BS425S4PTSSVGK", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-11-11T19:58:29+00:00", "UpdateDate": "2015-11-11T19:58:29+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "EnableCreationAndManagementOfRDSCloudwatchLogGroups", "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:PutRetentionPolicy" ], "Resource": [ "arn:aws:logs:*:*:log-group:RDS*" ] }, { "Sid": "EnableCreationAndManagementOfRDSCloudwatchLogStreams", "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams", "logs:GetLogEvents" ], "Resource": [ "arn:aws:logs:*:*:log-group:RDS*:log-stream:*" ] } ] }, "VersionId": "v1" }, "AmazonRDSFullAccess": { "PolicyName": "AmazonRDSFullAccess", "PolicyId": "ANPAI3R4QMOG6Q5A4VWVG", "Arn": "arn:aws:iam::aws:policy/AmazonRDSFullAccess", "Path": "/", "DefaultVersionId": "v8", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:52+00:00", "UpdateDate": "2020-11-24T19:30:26+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "rds:*", "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStatistics", "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeCoipPools", "ec2:DescribeInternetGateways", "ec2:DescribeLocalGatewayRouteTables", "ec2:DescribeLocalGatewayRouteTableVpcAssociations", "ec2:DescribeLocalGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "ec2:GetCoipPoolUsage", "sns:ListSubscriptions", "sns:ListTopics", "sns:Publish", "logs:DescribeLogStreams", "logs:GetLogEvents", "outposts:GetOutpostInstanceTypes" ], "Effect": "Allow", "Resource": "*" }, { "Action": "pi:*", "Effect": "Allow", "Resource": "arn:aws:pi:*:*:metrics/rds/*" }, { "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "*", "Condition": { "StringLike": { "iam:AWSServiceName": [ "rds.amazonaws.com", "rds.application-autoscaling.amazonaws.com" ] } } } ] }, "VersionId": "v8" }, "AmazonRDSPreviewServiceRolePolicy": { "PolicyName": "AmazonRDSPreviewServiceRolePolicy", "PolicyId": "ANPAIZHJJBU3675JOUEMQ", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSPreviewServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-05-31T18:02:00+00:00", "UpdateDate": "2020-11-19T19:54:51+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "rds:CrossRegionCommunication" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:AllocateAddress", "ec2:AssociateAddress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeCoipPools", "ec2:DescribeInternetGateways", "ec2:DescribeLocalGatewayRouteTables", "ec2:DescribeLocalGatewayRouteTableVpcAssociations", "ec2:DescribeLocalGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "ec2:DisassociateAddress", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ReleaseAddress", "ec2:RevokeSecurityGroupIngress" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogGroup" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/rds/*" ] }, { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*" ] }, { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData" ], "Resource": "*", "Condition": { "StringEquals": { "cloudwatch:namespace": "AWS/RDS" } } } ] }, "VersionId": "v4" }, "AmazonRDSReadOnlyAccess": { "PolicyName": "AmazonRDSReadOnlyAccess", "PolicyId": "ANPAJKTTTYV2IIHKLZ346", "Arn": "arn:aws:iam::aws:policy/AmazonRDSReadOnlyAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:53+00:00", "UpdateDate": "2017-08-28T21:36:32+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "rds:Describe*", "rds:ListTagsForResource", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeInternetGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "cloudwatch:GetMetricStatistics", "logs:DescribeLogStreams", "logs:GetLogEvents" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v3" }, "AmazonRDSServiceRolePolicy": { "PolicyName": "AmazonRDSServiceRolePolicy", "PolicyId": "ANPAIPEU5ZOBJWKWHUIBA", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRDSServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v9", "AttachmentCount": 1, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-01-08T18:17:46+00:00", "UpdateDate": "2020-11-21T00:08:24+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "rds:CrossRegionCommunication" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:AllocateAddress", "ec2:AssociateAddress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeCoipPools", "ec2:DescribeInternetGateways", "ec2:DescribeLocalGatewayRouteTables", "ec2:DescribeLocalGatewayRouteTableVpcAssociations", "ec2:DescribeLocalGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "ec2:DisassociateAddress", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifyVpcEndpoint", "ec2:ReleaseAddress", "ec2:RevokeSecurityGroupIngress", "ec2:CreateVpcEndpoint", "ec2:DescribeVpcEndpoints", "ec2:DeleteVpcEndpoints", "ec2:AssignPrivateIpAddresses", "ec2:UnassignPrivateIpAddresses" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogGroup" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/rds/*", "arn:aws:logs:*:*:log-group:/aws/docdb/*", "arn:aws:logs:*:*:log-group:/aws/neptune/*" ] }, { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*", "arn:aws:logs:*:*:log-group:/aws/docdb/*:log-stream:*", "arn:aws:logs:*:*:log-group:/aws/neptune/*:log-stream:*" ] }, { "Effect": "Allow", "Action": [ "kinesis:CreateStream", "kinesis:PutRecord", "kinesis:PutRecords", "kinesis:DescribeStream", "kinesis:SplitShard", "kinesis:MergeShards", "kinesis:DeleteStream", "kinesis:UpdateShardCount" ], "Resource": [ "arn:aws:kinesis:*:*:stream/aws-rds-das-*" ] }, { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData" ], "Resource": "*", "Condition": { "StringEquals": { "cloudwatch:namespace": "AWS/RDS" } } } ] }, "VersionId": "v9" }, "AmazonRedshiftDataFullAccess": { "PolicyName": "AmazonRedshiftDataFullAccess", "PolicyId": "ANPAZKAPJZG4PX5LA5SG6", "Arn": "arn:aws:iam::aws:policy/AmazonRedshiftDataFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-09-09T19:23:55+00:00", "UpdateDate": "2021-07-27T20:05:33+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "DataAPIPermissions", "Effect": "Allow", "Action": [ "redshift-data:BatchExecuteStatement", "redshift-data:ExecuteStatement", "redshift-data:CancelStatement", "redshift-data:ListStatements", "redshift-data:GetStatementResult", "redshift-data:DescribeStatement", "redshift-data:ListDatabases", "redshift-data:ListSchemas", "redshift-data:ListTables", "redshift-data:DescribeTable" ], "Resource": "*" }, { "Sid": "SecretsManagerPermissions", "Effect": "Allow", "Action": [ "secretsmanager:GetSecretValue" ], "Resource": "*", "Condition": { "StringLike": { "secretsmanager:ResourceTag/RedshiftDataFullAccess": "*" } } }, { "Sid": "GetCredentialsForAPIUser", "Effect": "Allow", "Action": "redshift:GetClusterCredentials", "Resource": [ "arn:aws:redshift:*:*:dbname:*/*", "arn:aws:redshift:*:*:dbuser:*/redshift_data_api_user" ] }, { "Sid": "DenyCreateAPIUser", "Effect": "Deny", "Action": "redshift:CreateClusterUser", "Resource": [ "arn:aws:redshift:*:*:dbuser:*/redshift_data_api_user" ] }, { "Sid": "ServiceLinkedRole", "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/redshift-data.amazonaws.com/AWSServiceRoleForRedshift", "Condition": { "StringLike": { "iam:AWSServiceName": "redshift-data.amazonaws.com" } } } ] }, "VersionId": "v2" }, "AmazonRedshiftFullAccess": { "PolicyName": "AmazonRedshiftFullAccess", "PolicyId": "ANPAISEKCHH4YDB46B5ZO", "Arn": "arn:aws:iam::aws:policy/AmazonRedshiftFullAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:50+00:00", "UpdateDate": "2020-09-09T19:51:19+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "redshift:*", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeInternetGateways", "sns:CreateTopic", "sns:Get*", "sns:List*", "cloudwatch:Describe*", "cloudwatch:Get*", "cloudwatch:List*", "cloudwatch:PutMetricAlarm", "cloudwatch:EnableAlarmActions", "cloudwatch:DisableAlarmActions", "tag:GetResources", "tag:UntagResources", "tag:GetTagValues", "tag:GetTagKeys", "tag:TagResources" ], "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/redshift.amazonaws.com/AWSServiceRoleForRedshift", "Condition": { "StringLike": { "iam:AWSServiceName": "redshift.amazonaws.com" } } }, { "Sid": "DataAPIPermissions", "Action": [ "redshift-data:ExecuteStatement", "redshift-data:CancelStatement", "redshift-data:ListStatements", "redshift-data:GetStatementResult", "redshift-data:DescribeStatement", "redshift-data:ListDatabases", "redshift-data:ListSchemas", "redshift-data:ListTables", "redshift-data:DescribeTable" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "SecretsManagerListPermissions", "Action": [ "secretsmanager:ListSecrets" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "SecretsManagerCreateGetPermissions", "Action": [ "secretsmanager:CreateSecret", "secretsmanager:GetSecretValue", "secretsmanager:TagResource" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringLike": { "secretsmanager:ResourceTag/RedshiftDataFullAccess": "*" } } } ] }, "VersionId": "v4" }, "AmazonRedshiftQueryEditor": { "PolicyName": "AmazonRedshiftQueryEditor", "PolicyId": "ANPAINVFHHP7CWVHTGBGM", "Arn": "arn:aws:iam::aws:policy/AmazonRedshiftQueryEditor", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-10-04T22:50:32+00:00", "UpdateDate": "2021-02-16T19:33:45+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "redshift:GetClusterCredentials", "redshift:ListSchemas", "redshift:ListTables", "redshift:ListDatabases", "redshift:ExecuteQuery", "redshift:FetchResults", "redshift:CancelQuery", "redshift:DescribeClusters", "redshift:DescribeQuery", "redshift:DescribeTable", "redshift:ViewQueriesFromConsole", "redshift:DescribeSavedQueries", "redshift:CreateSavedQuery", "redshift:DeleteSavedQueries", "redshift:ModifySavedQuery" ], "Resource": "*" }, { "Sid": "DataAPIPermissions", "Action": [ "redshift-data:ExecuteStatement", "redshift-data:ListDatabases", "redshift-data:ListSchemas", "redshift-data:ListTables", "redshift-data:DescribeTable" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "DataAPIIAMSessionPermissionsRestriction", "Action": [ "redshift-data:GetStatementResult", "redshift-data:CancelStatement", "redshift-data:DescribeStatement", "redshift-data:ListStatements" ], "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "redshift-data:statement-owner-iam-userid": "${aws:userid}" } } }, { "Sid": "SecretsManagerListPermissions", "Action": [ "secretsmanager:ListSecrets" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "SecretsManagerCreateGetPermissions", "Action": [ "secretsmanager:CreateSecret", "secretsmanager:GetSecretValue", "secretsmanager:TagResource" ], "Effect": "Allow", "Resource": "arn:aws:secretsmanager:*:*:secret:*", "Condition": { "StringEquals": { "secretsmanager:ResourceTag/RedshiftQueryOwner": "${aws:userid}" } } } ] }, "VersionId": "v4" }, "AmazonRedshiftReadOnlyAccess": { "PolicyName": "AmazonRedshiftReadOnlyAccess", "PolicyId": "ANPAIGD46KSON64QBSEZM", "Arn": "arn:aws:iam::aws:policy/AmazonRedshiftReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:51+00:00", "UpdateDate": "2015-02-06T18:40:51+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "redshift:Describe*", "redshift:ViewQueriesInConsole", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeInternetGateways", "sns:Get*", "sns:List*", "cloudwatch:Describe*", "cloudwatch:List*", "cloudwatch:Get*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonRedshiftServiceLinkedRolePolicy": { "PolicyName": "AmazonRedshiftServiceLinkedRolePolicy", "PolicyId": "ANPAJPY2VXNRUYOY3SRZS", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonRedshiftServiceLinkedRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-09-18T19:19:45+00:00", "UpdateDate": "2020-09-15T20:44:31+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeNetworkInterfaces", "ec2:DescribeAddresses", "ec2:AssociateAddress", "ec2:DisassociateAddress", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute", "ec2:CreateVpcEndpoint", "ec2:DeleteVpcEndpoints", "ec2:DescribeVpcEndpoints", "ec2:ModifyVpcEndpoint" ], "Resource": "*" } ] }, "VersionId": "v3" }, "AmazonRekognitionCustomLabelsFullAccess": { "PolicyName": "AmazonRekognitionCustomLabelsFullAccess", "PolicyId": "ANPAZKAPJZG4OJEQDEQQQ", "Arn": "arn:aws:iam::aws:policy/AmazonRekognitionCustomLabelsFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-01-08T19:18:34+00:00", "UpdateDate": "2020-04-17T17:26:10+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:ListAllMyBuckets", "s3:GetBucketAcl", "s3:GetBucketLocation", "s3:GetObject", "s3:GetObjectAcl", "s3:GetObjectTagging", "s3:GetObjectVersion", "s3:PutObject" ], "Resource": "arn:aws:s3:::*custom-labels*" }, { "Effect": "Allow", "Action": [ "rekognition:CreateProject", "rekognition:CreateProjectVersion", "rekognition:StartProjectVersion", "rekognition:StopProjectVersion", "rekognition:DescribeProjects", "rekognition:DescribeProjectVersions", "rekognition:DetectCustomLabels", "rekognition:DeleteProject", "rekognition:DeleteProjectVersion" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonRekognitionFullAccess": { "PolicyName": "AmazonRekognitionFullAccess", "PolicyId": "ANPAIWDAOK6AIFDVX6TT6", "Arn": "arn:aws:iam::aws:policy/AmazonRekognitionFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-11-30T14:40:44+00:00", "UpdateDate": "2016-11-30T14:40:44+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "rekognition:*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonRekognitionReadOnlyAccess": { "PolicyName": "AmazonRekognitionReadOnlyAccess", "PolicyId": "ANPAILWSUHXUY4ES43SA4", "Arn": "arn:aws:iam::aws:policy/AmazonRekognitionReadOnlyAccess", "Path": "/", "DefaultVersionId": "v6", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-11-30T14:58:06+00:00", "UpdateDate": "2020-10-15T22:07:44+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "rekognition:CompareFaces", "rekognition:DetectFaces", "rekognition:DetectLabels", "rekognition:ListCollections", "rekognition:ListFaces", "rekognition:SearchFaces", "rekognition:SearchFacesByImage", "rekognition:DetectText", "rekognition:GetCelebrityInfo", "rekognition:RecognizeCelebrities", "rekognition:DetectModerationLabels", "rekognition:GetLabelDetection", "rekognition:GetFaceDetection", "rekognition:GetContentModeration", "rekognition:GetPersonTracking", "rekognition:GetCelebrityRecognition", "rekognition:GetFaceSearch", "rekognition:GetTextDetection", "rekognition:GetSegmentDetection", "rekognition:DescribeStreamProcessor", "rekognition:ListStreamProcessors", "rekognition:DescribeProjects", "rekognition:DescribeProjectVersions", "rekognition:DetectCustomLabels", "rekognition:DetectProtectiveEquipment" ], "Resource": "*" } ] }, "VersionId": "v6" }, "AmazonRekognitionServiceRole": { "PolicyName": "AmazonRekognitionServiceRole", "PolicyId": "ANPAJI6Q3CUQAVBJ2CTE2", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonRekognitionServiceRole", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-29T16:52:13+00:00", "UpdateDate": "2017-11-29T16:52:13+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": "arn:aws:sns:*:*:AmazonRekognition*" }, { "Effect": "Allow", "Action": [ "kinesis:PutRecord", "kinesis:PutRecords" ], "Resource": "arn:aws:kinesis:*:*:stream/AmazonRekognition*" }, { "Effect": "Allow", "Action": [ "kinesisvideo:GetDataEndpoint", "kinesisvideo:GetMedia" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonRoute53AutoNamingFullAccess": { "PolicyName": "AmazonRoute53AutoNamingFullAccess", "PolicyId": "ANPAJCNJBBLMJN2ZMV62Y", "Arn": "arn:aws:iam::aws:policy/AmazonRoute53AutoNamingFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-01-18T18:40:41+00:00", "UpdateDate": "2018-01-18T18:40:41+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "route53:GetHostedZone", "route53:ListHostedZonesByName", "route53:CreateHostedZone", "route53:DeleteHostedZone", "route53:ChangeResourceRecordSets", "route53:CreateHealthCheck", "route53:GetHealthCheck", "route53:DeleteHealthCheck", "route53:UpdateHealthCheck", "ec2:DescribeVpcs", "ec2:DescribeRegions", "servicediscovery:*" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AmazonRoute53AutoNamingReadOnlyAccess": { "PolicyName": "AmazonRoute53AutoNamingReadOnlyAccess", "PolicyId": "ANPAJBPMV2EFBFFKJ6SI4", "Arn": "arn:aws:iam::aws:policy/AmazonRoute53AutoNamingReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-01-18T03:02:59+00:00", "UpdateDate": "2018-01-18T03:02:59+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "servicediscovery:Get*", "servicediscovery:List*" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AmazonRoute53AutoNamingRegistrantAccess": { "PolicyName": "AmazonRoute53AutoNamingRegistrantAccess", "PolicyId": "ANPAJKXLG7EKP2O5SVZW6", "Arn": "arn:aws:iam::aws:policy/AmazonRoute53AutoNamingRegistrantAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-03-12T22:33:20+00:00", "UpdateDate": "2018-03-12T22:33:20+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "route53:GetHostedZone", "route53:ListHostedZonesByName", "route53:ChangeResourceRecordSets", "route53:CreateHealthCheck", "route53:GetHealthCheck", "route53:DeleteHealthCheck", "route53:UpdateHealthCheck", "servicediscovery:Get*", "servicediscovery:List*", "servicediscovery:RegisterInstance", "servicediscovery:DeregisterInstance" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AmazonRoute53DomainsFullAccess": { "PolicyName": "AmazonRoute53DomainsFullAccess", "PolicyId": "ANPAIPAFBMIYUILMOKL6G", "Arn": "arn:aws:iam::aws:policy/AmazonRoute53DomainsFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:56+00:00", "UpdateDate": "2015-02-06T18:40:56+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "route53:CreateHostedZone", "route53domains:*" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AmazonRoute53DomainsReadOnlyAccess": { "PolicyName": "AmazonRoute53DomainsReadOnlyAccess", "PolicyId": "ANPAIDRINP6PPTRXYVQCI", "Arn": "arn:aws:iam::aws:policy/AmazonRoute53DomainsReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:57+00:00", "UpdateDate": "2015-02-06T18:40:57+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "route53domains:Get*", "route53domains:List*" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AmazonRoute53FullAccess": { "PolicyName": "AmazonRoute53FullAccess", "PolicyId": "ANPAJWVDLG5RPST6PHQ3A", "Arn": "arn:aws:iam::aws:policy/AmazonRoute53FullAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:54+00:00", "UpdateDate": "2018-12-20T21:42:00+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "route53:*", "route53domains:*", "cloudfront:ListDistributions", "elasticloadbalancing:DescribeLoadBalancers", "elasticbeanstalk:DescribeEnvironments", "s3:ListBucket", "s3:GetBucketLocation", "s3:GetBucketWebsite", "ec2:DescribeVpcs", "ec2:DescribeVpcEndpoints", "ec2:DescribeRegions", "sns:ListTopics", "sns:ListSubscriptionsByTopic", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStatistics" ], "Resource": "*" }, { "Effect": "Allow", "Action": "apigateway:GET", "Resource": "arn:aws:apigateway:*::/domainnames" } ] }, "VersionId": "v4" }, "AmazonRoute53ReadOnlyAccess": { "PolicyName": "AmazonRoute53ReadOnlyAccess", "PolicyId": "ANPAITOYK2ZAOQFXV2JNC", "Arn": "arn:aws:iam::aws:policy/AmazonRoute53ReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:55+00:00", "UpdateDate": "2016-11-15T21:15:16+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "route53:Get*", "route53:List*", "route53:TestDNSAnswer" ], "Resource": [ "*" ] } ] }, "VersionId": "v2" }, "AmazonRoute53ResolverFullAccess": { "PolicyName": "AmazonRoute53ResolverFullAccess", "PolicyId": "ANPAZKAPJZG4MZN2MQCY3", "Arn": "arn:aws:iam::aws:policy/AmazonRoute53ResolverFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-05-30T18:10:50+00:00", "UpdateDate": "2020-07-17T19:03:27+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "route53resolver:*", "ec2:DescribeSubnets", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfaces", "ec2:CreateNetworkInterfacePermission", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs", "ec2:DescribeAvailabilityZones" ], "Resource": [ "*" ] } ] }, "VersionId": "v2" }, "AmazonRoute53ResolverReadOnlyAccess": { "PolicyName": "AmazonRoute53ResolverReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4CARVKYCWY", "Arn": "arn:aws:iam::aws:policy/AmazonRoute53ResolverReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-05-30T18:11:31+00:00", "UpdateDate": "2019-09-27T16:37:48+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "route53resolver:Get*", "route53resolver:List*", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs", "ec2:DescribeSubnets" ], "Resource": [ "*" ] } ] }, "VersionId": "v2" }, "AmazonS3FullAccess": { "PolicyName": "AmazonS3FullAccess", "PolicyId": "ANPAIFIR6V6BVTRAHWINE", "Arn": "arn:aws:iam::aws:policy/AmazonS3FullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 1, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:58+00:00", "UpdateDate": "2015-02-06T18:40:58+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonS3OutpostsFullAccess": { "PolicyName": "AmazonS3OutpostsFullAccess", "PolicyId": "ANPAZKAPJZG4BKMLUXKOR", "Arn": "arn:aws:iam::aws:policy/AmazonS3OutpostsFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-10-02T17:26:30+00:00", "UpdateDate": "2020-10-02T17:26:30+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3-outposts:*", "Resource": "*" }, { "Effect": "Allow", "Action": [ "datasync:ListTasks", "datasync:ListLocations", "datasync:DescribeTask", "datasync:DescribeLocation*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeNetworkInterfaces" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "outposts:ListOutposts", "outposts:GetOutpost" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonS3OutpostsReadOnlyAccess": { "PolicyName": "AmazonS3OutpostsReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4PJ2AX4CUB", "Arn": "arn:aws:iam::aws:policy/AmazonS3OutpostsReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-10-02T18:55:58+00:00", "UpdateDate": "2020-10-02T18:55:58+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3-outposts:Get*", "s3-outposts:List*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "datasync:ListTasks", "datasync:ListLocations", "datasync:DescribeTask", "datasync:DescribeLocation*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeNetworkInterfaces" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "outposts:ListOutposts", "outposts:GetOutpost" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonS3ReadOnlyAccess": { "PolicyName": "AmazonS3ReadOnlyAccess", "PolicyId": "ANPAIZTJ4DXE7G6AGAE6M", "Arn": "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:59+00:00", "UpdateDate": "2015-02-06T18:40:59+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:Get*", "s3:List*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonSESFullAccess": { "PolicyName": "AmazonSESFullAccess", "PolicyId": "ANPAJ2P4NXCHAT7NDPNR4", "Arn": "arn:aws:iam::aws:policy/AmazonSESFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:02+00:00", "UpdateDate": "2015-02-06T18:41:02+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ses:*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonSESReadOnlyAccess": { "PolicyName": "AmazonSESReadOnlyAccess", "PolicyId": "ANPAINV2XPFRMWJJNSCGI", "Arn": "arn:aws:iam::aws:policy/AmazonSESReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:03+00:00", "UpdateDate": "2015-02-06T18:41:03+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ses:Get*", "ses:List*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonSNSFullAccess": { "PolicyName": "AmazonSNSFullAccess", "PolicyId": "ANPAJWEKLCXXUNT2SOLSG", "Arn": "arn:aws:iam::aws:policy/AmazonSNSFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:05+00:00", "UpdateDate": "2015-02-06T18:41:05+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "sns:*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonSNSReadOnlyAccess": { "PolicyName": "AmazonSNSReadOnlyAccess", "PolicyId": "ANPAIZGQCQTFOFPMHSB6W", "Arn": "arn:aws:iam::aws:policy/AmazonSNSReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:06+00:00", "UpdateDate": "2015-02-06T18:41:06+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sns:GetTopicAttributes", "sns:List*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonSNSRole": { "PolicyName": "AmazonSNSRole", "PolicyId": "ANPAJK5GQB7CIK7KHY2GA", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonSNSRole", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:30+00:00", "UpdateDate": "2015-02-06T18:41:30+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:PutMetricFilter", "logs:PutRetentionPolicy" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AmazonSQSFullAccess": { "PolicyName": "AmazonSQSFullAccess", "PolicyId": "ANPAI65L554VRJ33ECQS6", "Arn": "arn:aws:iam::aws:policy/AmazonSQSFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:07+00:00", "UpdateDate": "2015-02-06T18:41:07+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "sqs:*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonSQSReadOnlyAccess": { "PolicyName": "AmazonSQSReadOnlyAccess", "PolicyId": "ANPAIUGSSQY362XGCM6KW", "Arn": "arn:aws:iam::aws:policy/AmazonSQSReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:08+00:00", "UpdateDate": "2018-08-20T23:35:49+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sqs:ListDeadLetterSourceQueues", "sqs:ListQueues" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonSSMAutomationApproverAccess": { "PolicyName": "AmazonSSMAutomationApproverAccess", "PolicyId": "ANPAIDSSXIRWBSLWWIORC", "Arn": "arn:aws:iam::aws:policy/AmazonSSMAutomationApproverAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-08-07T23:07:28+00:00", "UpdateDate": "2017-08-07T23:07:28+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ssm:DescribeAutomationExecutions", "ssm:GetAutomationExecution", "ssm:SendAutomationSignal" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "AmazonSSMAutomationRole": { "PolicyName": "AmazonSSMAutomationRole", "PolicyId": "ANPAJIBQCTBCXD2XRNB6W", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole", "Path": "/service-role/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-12-05T22:09:55+00:00", "UpdateDate": "2017-07-24T23:29:12+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lambda:InvokeFunction" ], "Resource": [ "arn:aws:lambda:*:*:function:Automation*" ] }, { "Effect": "Allow", "Action": [ "ec2:CreateImage", "ec2:CopyImage", "ec2:DeregisterImage", "ec2:DescribeImages", "ec2:DeleteSnapshot", "ec2:StartInstances", "ec2:RunInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:DescribeInstanceStatus", "ec2:CreateTags", "ec2:DeleteTags", "ec2:DescribeTags", "cloudformation:CreateStack", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStacks", "cloudformation:UpdateStack", "cloudformation:DeleteStack" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ssm:*" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": [ "arn:aws:sns:*:*:Automation*" ] } ] }, "VersionId": "v5" }, "AmazonSSMDirectoryServiceAccess": { "PolicyName": "AmazonSSMDirectoryServiceAccess", "PolicyId": "ANPAJ7OJQH3CZU674ERII", "Arn": "arn:aws:iam::aws:policy/AmazonSSMDirectoryServiceAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-03-15T17:44:38+00:00", "UpdateDate": "2019-03-15T17:44:38+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ds:CreateComputer", "ds:DescribeDirectories" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonSSMFullAccess": { "PolicyName": "AmazonSSMFullAccess", "PolicyId": "ANPAJA7V6HI4ISQFMDYAG", "Arn": "arn:aws:iam::aws:policy/AmazonSSMFullAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-05-29T17:39:47+00:00", "UpdateDate": "2019-11-20T20:08:56+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData", "ds:CreateComputer", "ds:DescribeDirectories", "ec2:DescribeInstanceStatus", "logs:*", "ssm:*", "ec2messages:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*", "Condition": { "StringLike": { "iam:AWSServiceName": "ssm.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Resource": "arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*" }, { "Effect": "Allow", "Action": [ "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel" ], "Resource": "*" } ] }, "VersionId": "v4" }, "AmazonSSMMaintenanceWindowRole": { "PolicyName": "AmazonSSMMaintenanceWindowRole", "PolicyId": "ANPAJV3JNYSTZ47VOXYME", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonSSMMaintenanceWindowRole", "Path": "/service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-12-01T15:57:54+00:00", "UpdateDate": "2019-07-27T00:16:05+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ssm:GetAutomationExecution", "ssm:GetParameters", "ssm:ListCommands", "ssm:SendCommand", "ssm:StartAutomationExecution" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "lambda:InvokeFunction" ], "Resource": [ "arn:aws:lambda:*:*:function:SSM*", "arn:aws:lambda:*:*:function:*:SSM*" ] }, { "Effect": "Allow", "Action": [ "states:DescribeExecution", "states:StartExecution" ], "Resource": [ "arn:aws:states:*:*:stateMachine:SSM*", "arn:aws:states:*:*:execution:SSM*" ] }, { "Effect": "Allow", "Action": [ "resource-groups:ListGroups", "resource-groups:ListGroupResources" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "tag:GetResources" ], "Resource": [ "*" ] } ] }, "VersionId": "v3" }, "AmazonSSMManagedInstanceCore": { "PolicyName": "AmazonSSMManagedInstanceCore", "PolicyId": "ANPAIXSHM2BNB2D3AXXRU", "Arn": "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 2, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-03-15T17:22:12+00:00", "UpdateDate": "2019-05-23T16:54:21+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ssm:DescribeAssociation", "ssm:GetDeployablePatchSnapshotForInstance", "ssm:GetDocument", "ssm:DescribeDocument", "ssm:GetManifest", "ssm:GetParameter", "ssm:GetParameters", "ssm:ListAssociations", "ssm:ListInstanceAssociations", "ssm:PutInventory", "ssm:PutComplianceItems", "ssm:PutConfigurePackageResult", "ssm:UpdateAssociationStatus", "ssm:UpdateInstanceAssociationStatus", "ssm:UpdateInstanceInformation" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2messages:AcknowledgeMessage", "ec2messages:DeleteMessage", "ec2messages:FailMessage", "ec2messages:GetEndpoint", "ec2messages:GetMessages", "ec2messages:SendReply" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonSSMPatchAssociation": { "PolicyName": "AmazonSSMPatchAssociation", "PolicyId": "ANPAZKAPJZG4EWLEL5ZX7", "Arn": "arn:aws:iam::aws:policy/AmazonSSMPatchAssociation", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 1, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-05-13T16:00:42+00:00", "UpdateDate": "2020-05-13T16:00:42+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ssm:DescribeEffectivePatchesForPatchBaseline", "Resource": "arn:aws:ssm:*:*:patchbaseline/*" }, { "Effect": "Allow", "Action": "ssm:GetPatchBaseline", "Resource": "arn:aws:ssm:*:*:patchbaseline/*" }, { "Effect": "Allow", "Action": "tag:GetResources", "Resource": "*" }, { "Effect": "Allow", "Action": "ssm:DescribePatchBaselines", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonSSMReadOnlyAccess": { "PolicyName": "AmazonSSMReadOnlyAccess", "PolicyId": "ANPAJODSKQGGJTHRYZ5FC", "Arn": "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-05-29T17:44:19+00:00", "UpdateDate": "2015-05-29T17:44:19+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ssm:Describe*", "ssm:Get*", "ssm:List*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonSSMServiceRolePolicy": { "PolicyName": "AmazonSSMServiceRolePolicy", "PolicyId": "ANPAIXJ26NUGBA3TCV7EC", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonSSMServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v13", "AttachmentCount": 1, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-13T19:20:08+00:00", "UpdateDate": "2021-04-26T20:43:46+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ssm:CancelCommand", "ssm:GetCommandInvocation", "ssm:ListCommandInvocations", "ssm:ListCommands", "ssm:SendCommand", "ssm:GetAutomationExecution", "ssm:GetParameters", "ssm:StartAutomationExecution", "ssm:ListTagsForResource", "ssm:GetCalendarState" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ssm:UpdateServiceSetting", "ssm:GetServiceSetting" ], "Resource": [ "arn:aws:ssm:*:*:servicesetting/ssm/opsitem/*", "arn:aws:ssm:*:*:servicesetting/ssm/opsdata/*" ] }, { "Effect": "Allow", "Action": [ "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", "ec2:DescribeInstances" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "lambda:InvokeFunction" ], "Resource": [ "arn:aws:lambda:*:*:function:SSM*", "arn:aws:lambda:*:*:function:*:SSM*" ] }, { "Effect": "Allow", "Action": [ "states:DescribeExecution", "states:StartExecution" ], "Resource": [ "arn:aws:states:*:*:stateMachine:SSM*", "arn:aws:states:*:*:execution:SSM*" ] }, { "Effect": "Allow", "Action": [ "resource-groups:ListGroups", "resource-groups:ListGroupResources", "resource-groups:GetGroupQuery" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "cloudformation:DescribeStacks", "cloudformation:ListStackResources" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "tag:GetResources" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "config:SelectResourceConfig" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "compute-optimizer:GetEC2InstanceRecommendations", "compute-optimizer:GetEnrollmentStatus" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "support:DescribeTrustedAdvisorChecks", "support:DescribeTrustedAdvisorCheckSummaries", "support:DescribeTrustedAdvisorCheckResult", "support:DescribeCases" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "config:DescribeComplianceByConfigRule", "config:DescribeComplianceByResource", "config:DescribeRemediationConfigurations", "config:DescribeConfigurationRecorders" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": [ "ssm.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": "organizations:DescribeOrganization", "Resource": "*" }, { "Effect": "Allow", "Action": "cloudformation:ListStackSets", "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudformation:ListStackInstances", "cloudformation:DescribeStackSetOperation", "cloudformation:DeleteStackSet" ], "Resource": "arn:aws:cloudformation:*:*:stackset/AWS-QuickSetup-SSM*:*" }, { "Effect": "Allow", "Action": "cloudformation:DeleteStackInstances", "Resource": [ "arn:aws:cloudformation:*:*:stackset/AWS-QuickSetup-SSM*:*", "arn:aws:cloudformation:*:*:stackset-target/AWS-QuickSetup-SSM*:*", "arn:aws:cloudformation:*:*:type/resource/*" ] }, { "Effect": "Allow", "Action": [ "events:PutRule", "events:PutTargets" ], "Resource": "*", "Condition": { "StringEquals": { "events:ManagedBy": "ssm.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "events:RemoveTargets", "events:DeleteRule" ], "Resource": [ "arn:aws:events:*:*:rule/SSMExplorerManagedRule" ] }, { "Effect": "Allow", "Action": "events:DescribeRule", "Resource": "*" }, { "Effect": "Allow", "Action": "securityhub:DescribeHub", "Resource": "*" } ] }, "VersionId": "v13" }, "AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy": { "PolicyName": "AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4NAOSKQH4V", "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-11-27T18:48:07+00:00", "UpdateDate": "2021-07-02T06:13:39+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "apigateway:GET", "apigateway:POST", "apigateway:PUT", "apigateway:PATCH", "apigateway:DELETE" ], "Resource": "*", "Condition": { "StringLike": { "aws:ResourceTag/sagemaker:launch-source": "*" } } }, { "Effect": "Allow", "Action": [ "apigateway:POST" ], "Resource": "*", "Condition": { "ForAnyValue:StringLike": { "aws:TagKeys": [ "sagemaker:launch-source" ] } } }, { "Effect": "Allow", "Action": [ "apigateway:PATCH" ], "Resource": [ "arn:aws:apigateway:*::/account" ] }, { "Effect": "Allow", "Action": [ "cloudformation:CreateStack", "cloudformation:UpdateStack", "cloudformation:DeleteStack" ], "Resource": "arn:aws:cloudformation:*:*:stack/SC-*", "Condition": { "ArnLikeIfExists": { "cloudformation:RoleArn": [ "arn:aws:sts::*:assumed-role/AmazonSageMakerServiceCatalog*" ] } } }, { "Effect": "Allow", "Action": [ "cloudformation:DescribeStackEvents", "cloudformation:DescribeStacks" ], "Resource": "arn:aws:cloudformation:*:*:stack/SC-*" }, { "Effect": "Allow", "Action": [ "cloudformation:GetTemplateSummary", "cloudformation:ValidateTemplate" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "codebuild:CreateProject", "codebuild:DeleteProject", "codebuild:UpdateProject" ], "Resource": [ "arn:aws:codebuild:*:*:project/sagemaker-*" ] }, { "Effect": "Allow", "Action": [ "codecommit:CreateCommit", "codecommit:CreateRepository", "codecommit:DeleteRepository", "codecommit:GetRepository", "codecommit:TagResource" ], "Resource": [ "arn:aws:codecommit:*:*:sagemaker-*" ] }, { "Effect": "Allow", "Action": [ "codecommit:ListRepositories" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "codepipeline:CreatePipeline", "codepipeline:DeletePipeline", "codepipeline:GetPipeline", "codepipeline:GetPipelineState", "codepipeline:StartPipelineExecution", "codepipeline:TagResource", "codepipeline:UpdatePipeline" ], "Resource": [ "arn:aws:codepipeline:*:*:sagemaker-*" ] }, { "Effect": "Allow", "Action": [ "cognito-idp:CreateUserPool" ], "Resource": "*", "Condition": { "ForAnyValue:StringLike": { "aws:TagKeys": [ "sagemaker:launch-source" ] } } }, { "Effect": "Allow", "Action": [ "cognito-idp:CreateGroup", "cognito-idp:CreateUserPoolDomain", "cognito-idp:CreateUserPoolClient", "cognito-idp:DeleteGroup", "cognito-idp:DeleteUserPool", "cognito-idp:DeleteUserPoolClient", "cognito-idp:DeleteUserPoolDomain", "cognito-idp:DescribeUserPool", "cognito-idp:DescribeUserPoolClient", "cognito-idp:UpdateUserPool", "cognito-idp:UpdateUserPoolClient" ], "Resource": "*", "Condition": { "StringLike": { "aws:ResourceTag/sagemaker:launch-source": "*" } } }, { "Effect": "Allow", "Action": [ "ecr:CreateRepository", "ecr:DeleteRepository" ], "Resource": [ "arn:aws:ecr:*:*:repository/sagemaker-*" ] }, { "Effect": "Allow", "Action": [ "events:DescribeRule", "events:DeleteRule", "events:DisableRule", "events:EnableRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets" ], "Resource": [ "arn:aws:events:*:*:rule/sagemaker-*" ] }, { "Effect": "Allow", "Action": [ "firehose:CreateDeliveryStream", "firehose:DeleteDeliveryStream", "firehose:DescribeDeliveryStream", "firehose:StartDeliveryStreamEncryption", "firehose:StopDeliveryStreamEncryption", "firehose:UpdateDestination" ], "Resource": "arn:aws:firehose:*:*:deliverystream/sagemaker-*" }, { "Effect": "Allow", "Action": [ "glue:CreateDatabase", "glue:DeleteDatabase" ], "Resource": [ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/sagemaker-*", "arn:aws:glue:*:*:table/sagemaker-*", "arn:aws:glue:*:*:userDefinedFunction/sagemaker-*" ] }, { "Effect": "Allow", "Action": [ "glue:CreateClassifier", "glue:DeleteClassifier", "glue:DeleteCrawler", "glue:DeleteJob", "glue:DeleteTrigger", "glue:DeleteWorkflow", "glue:StopCrawler" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "glue:CreateWorkflow" ], "Resource": [ "arn:aws:glue:*:*:workflow/sagemaker-*" ] }, { "Effect": "Allow", "Action": [ "glue:CreateJob" ], "Resource": [ "arn:aws:glue:*:*:job/sagemaker-*" ] }, { "Effect": "Allow", "Action": [ "glue:CreateCrawler", "glue:GetCrawler" ], "Resource": [ "arn:aws:glue:*:*:crawler/sagemaker-*" ] }, { "Effect": "Allow", "Action": [ "glue:CreateTrigger", "glue:GetTrigger" ], "Resource": [ "arn:aws:glue:*:*:trigger/sagemaker-*" ] }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/service-role/AmazonSageMakerServiceCatalog*" ] }, { "Effect": "Allow", "Action": [ "lambda:AddPermission", "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:InvokeFunction", "lambda:RemovePermission" ], "Resource": [ "arn:aws:lambda:*:*:function:sagemaker-*" ] }, { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DeleteLogGroup", "logs:DeleteLogStream", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:PutRetentionPolicy" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/apigateway/AccessLogs/*", "arn:aws:logs:*:*:log-group::log-stream:*" ] }, { "Effect": "Allow", "Action": "s3:GetObject", "Resource": "*", "Condition": { "StringEquals": { "s3:ExistingObjectTag/servicecatalog:provisioning": "true" } } }, { "Effect": "Allow", "Action": "s3:GetObject", "Resource": [ "arn:aws:s3:::sagemaker-*" ] }, { "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteBucketPolicy", "s3:GetBucketPolicy", "s3:PutBucketAcl", "s3:PutBucketNotification", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", "s3:PutBucketLogging", "s3:PutEncryptionConfiguration", "s3:PutBucketTagging", "s3:PutObjectTagging" ], "Resource": "arn:aws:s3:::sagemaker-*" }, { "Effect": "Allow", "Action": [ "sagemaker:CreateEndpoint", "sagemaker:CreateEndpointConfig", "sagemaker:CreateModel", "sagemaker:CreateWorkteam", "sagemaker:DeleteEndpoint", "sagemaker:DeleteEndpointConfig", "sagemaker:DeleteModel", "sagemaker:DeleteWorkteam", "sagemaker:DescribeModel", "sagemaker:DescribeEndpointConfig", "sagemaker:DescribeEndpoint", "sagemaker:DescribeWorkteam", "sagemaker:CreateCodeRepository", "sagemaker:DescribeCodeRepository", "sagemaker:UpdateCodeRepository", "sagemaker:DeleteCodeRepository" ], "Resource": [ "arn:aws:sagemaker:*:*:*" ] }, { "Effect": "Allow", "Action": [ "states:CreateStateMachine", "states:DeleteStateMachine", "states:UpdateStateMachine" ], "Resource": [ "arn:aws:states:*:*:stateMachine:sagemaker-*" ] }, { "Effect": "Allow", "Action": "codestar-connections:PassConnection", "Resource": "arn:aws:codestar-connections:*:*:connection/*", "Condition": { "StringEquals": { "codestar-connections:PassedToService": "codepipeline.amazonaws.com" } } } ] }, "VersionId": "v2" }, "AmazonSageMakerCoreServiceRolePolicy": { "PolicyName": "AmazonSageMakerCoreServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4MMWQCSNKX", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonSageMakerCoreServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-21T21:40:47+00:00", "UpdateDate": "2020-12-21T21:40:47+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterfacePermission" ], "Resource": "*", "Condition": { "StringEquals": { "ec2:AuthorizedService": "sagemaker.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "ec2:DescribeDhcpOptions", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonSageMakerEdgeDeviceFleetPolicy": { "PolicyName": "AmazonSageMakerEdgeDeviceFleetPolicy", "PolicyId": "ANPAZKAPJZG4CPENAJLBT", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonSageMakerEdgeDeviceFleetPolicy", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-08T16:17:22+00:00", "UpdateDate": "2020-12-08T16:17:22+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "DeviceS3Access", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetBucketLocation" ], "Resource": [ "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*sagemaker*" ] }, { "Sid": "SageMakerEdgeApis", "Effect": "Allow", "Action": [ "sagemaker:SendHeartbeat", "sagemaker:GetDeviceRegistration" ], "Resource": "*" }, { "Sid": "CreateIoTRoleAlias", "Effect": "Allow", "Action": [ "iot:CreateRoleAlias", "iot:DescribeRoleAlias", "iot:UpdateRoleAlias", "iot:ListTagsForResource", "iot:TagResource" ], "Resource": [ "arn:aws:iot:*:*:rolealias/SageMakerEdge*" ] }, { "Sid": "CreateIoTRoleAliasIamPermissionsGetRole", "Effect": "Allow", "Action": [ "iam:GetRole" ], "Resource": [ "arn:aws:iam::*:role/*SageMaker*", "arn:aws:iam::*:role/*Sagemaker*", "arn:aws:iam::*:role/*sagemaker*" ] }, { "Sid": "CreateIoTRoleAliasIamPermissionsPassRole", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/*SageMaker*", "arn:aws:iam::*:role/*Sagemaker*", "arn:aws:iam::*:role/*sagemaker*" ], "Condition": { "StringEqualsIfExists": { "iam:PassedToService": [ "iot.amazonaws.com", "credentials.iot.amazonaws.com" ] } } } ] }, "VersionId": "v1" }, "AmazonSageMakerFeatureStoreAccess": { "PolicyName": "AmazonSageMakerFeatureStoreAccess", "PolicyId": "ANPAZKAPJZG4FO5MQNGJU", "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerFeatureStoreAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-01T16:24:05+00:00", "UpdateDate": "2021-02-24T02:18:50+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetBucketAcl", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*sagemaker*" ] } ] }, "VersionId": "v2" }, "AmazonSageMakerFullAccess": { "PolicyName": "AmazonSageMakerFullAccess", "PolicyId": "ANPAJZ5IWYMXO5QDB4QOG", "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess", "Path": "/", "DefaultVersionId": "v20", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-29T13:07:59+00:00", "UpdateDate": "2021-07-16T00:06:59+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sagemaker:*" ], "NotResource": [ "arn:aws:sagemaker:*:*:domain/*", "arn:aws:sagemaker:*:*:user-profile/*", "arn:aws:sagemaker:*:*:app/*", "arn:aws:sagemaker:*:*:flow-definition/*" ] }, { "Effect": "Allow", "Action": [ "sagemaker:CreatePresignedDomainUrl", "sagemaker:DescribeDomain", "sagemaker:ListDomains", "sagemaker:DescribeUserProfile", "sagemaker:ListUserProfiles", "sagemaker:*App", "sagemaker:ListApps" ], "Resource": "*" }, { "Effect": "Allow", "Action": "sagemaker:*", "Resource": [ "arn:aws:sagemaker:*:*:flow-definition/*" ], "Condition": { "StringEqualsIfExists": { "sagemaker:WorkteamType": [ "private-crowd", "vendor-crowd" ] } } }, { "Effect": "Allow", "Action": [ "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeleteScheduledAction", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:DescribeScheduledActions", "application-autoscaling:PutScalingPolicy", "application-autoscaling:PutScheduledAction", "application-autoscaling:RegisterScalableTarget", "aws-marketplace:ViewSubscriptions", "cloudformation:GetTemplateSummary", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "cloudwatch:PutMetricAlarm", "cloudwatch:PutMetricData", "codecommit:BatchGetRepositories", "codecommit:CreateRepository", "codecommit:GetRepository", "codecommit:List*", "cognito-idp:AdminAddUserToGroup", "cognito-idp:AdminCreateUser", "cognito-idp:AdminDeleteUser", "cognito-idp:AdminDisableUser", "cognito-idp:AdminEnableUser", "cognito-idp:AdminRemoveUserFromGroup", "cognito-idp:CreateGroup", "cognito-idp:CreateUserPool", "cognito-idp:CreateUserPoolClient", "cognito-idp:CreateUserPoolDomain", "cognito-idp:DescribeUserPool", "cognito-idp:DescribeUserPoolClient", "cognito-idp:List*", "cognito-idp:UpdateUserPool", "cognito-idp:UpdateUserPoolClient", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:CreateVpcEndpoint", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DescribeDhcpOptions", "ec2:DescribeNetworkInterfaces", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ecr:BatchCheckLayerAvailability", "ecr:BatchGetImage", "ecr:CreateRepository", "ecr:Describe*", "ecr:GetAuthorizationToken", "ecr:GetDownloadUrlForLayer", "ecr:StartImageScan", "elastic-inference:Connect", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargets", "fsx:DescribeFileSystems", "glue:CreateJob", "glue:DeleteJob", "glue:GetJob*", "glue:GetTable*", "glue:GetWorkflowRun", "glue:ResetJobBookmark", "glue:StartJobRun", "glue:StartWorkflowRun", "glue:UpdateJob", "groundtruthlabeling:*", "iam:ListRoles", "kms:DescribeKey", "kms:ListAliases", "lambda:ListFunctions", "logs:CreateLogDelivery", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DeleteLogDelivery", "logs:Describe*", "logs:GetLogDelivery", "logs:GetLogEvents", "logs:ListLogDeliveries", "logs:PutLogEvents", "logs:PutResourcePolicy", "logs:UpdateLogDelivery", "robomaker:CreateSimulationApplication", "robomaker:DescribeSimulationApplication", "robomaker:DeleteSimulationApplication", "robomaker:CreateSimulationJob", "robomaker:DescribeSimulationJob", "robomaker:CancelSimulationJob", "secretsmanager:ListSecrets", "servicecatalog:Describe*", "servicecatalog:List*", "servicecatalog:ScanProvisionedProducts", "servicecatalog:SearchProducts", "servicecatalog:SearchProvisionedProducts", "sns:ListTopics", "tag:GetResources" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ecr:SetRepositoryPolicy", "ecr:CompleteLayerUpload", "ecr:BatchDeleteImage", "ecr:UploadLayerPart", "ecr:DeleteRepositoryPolicy", "ecr:InitiateLayerUpload", "ecr:DeleteRepository", "ecr:PutImage" ], "Resource": [ "arn:aws:ecr:*:*:repository/*sagemaker*" ] }, { "Effect": "Allow", "Action": [ "codecommit:GitPull", "codecommit:GitPush" ], "Resource": [ "arn:aws:codecommit:*:*:*sagemaker*", "arn:aws:codecommit:*:*:*SageMaker*", "arn:aws:codecommit:*:*:*Sagemaker*" ] }, { "Action": [ "codebuild:BatchGetBuilds", "codebuild:StartBuild" ], "Resource": [ "arn:aws:codebuild:*:*:project/sagemaker*", "arn:aws:codebuild:*:*:build/*" ], "Effect": "Allow" }, { "Action": [ "states:DescribeExecution", "states:GetExecutionHistory", "states:StartExecution", "states:StopExecution", "states:UpdateStateMachine" ], "Resource": [ "arn:aws:states:*:*:statemachine:*sagemaker*", "arn:aws:states:*:*:execution:*sagemaker*:*" ], "Effect": "Allow" }, { "Effect": "Allow", "Action": [ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue", "secretsmanager:CreateSecret" ], "Resource": [ "arn:aws:secretsmanager:*:*:secret:AmazonSageMaker-*" ] }, { "Effect": "Allow", "Action": [ "secretsmanager:DescribeSecret", "secretsmanager:GetSecretValue" ], "Resource": "*", "Condition": { "StringEquals": { "secretsmanager:ResourceTag/SageMaker": "true" } } }, { "Effect": "Allow", "Action": [ "servicecatalog:ProvisionProduct" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "servicecatalog:TerminateProvisionedProduct", "servicecatalog:UpdateProvisionedProduct" ], "Resource": "*", "Condition": { "StringEquals": { "servicecatalog:userLevel": "self" } } }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:AbortMultipartUpload" ], "Resource": [ "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*sagemaker*", "arn:aws:s3:::*aws-glue*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "s3:ExistingObjectTag/SageMaker": "true" } } }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": "*", "Condition": { "StringEquals": { "s3:ExistingObjectTag/servicecatalog:provisioning": "true" } } }, { "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:GetBucketLocation", "s3:ListBucket", "s3:ListAllMyBuckets", "s3:GetBucketCors", "s3:PutBucketCors" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:GetBucketAcl", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*sagemaker*" ] }, { "Effect": "Allow", "Action": [ "lambda:InvokeFunction" ], "Resource": [ "arn:aws:lambda:*:*:function:*SageMaker*", "arn:aws:lambda:*:*:function:*sagemaker*", "arn:aws:lambda:*:*:function:*Sagemaker*", "arn:aws:lambda:*:*:function:*LabelingFunction*" ] }, { "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/sagemaker.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_SageMakerEndpoint", "Condition": { "StringLike": { "iam:AWSServiceName": "sagemaker.application-autoscaling.amazonaws.com" } } }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "robomaker.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "sns:Subscribe", "sns:CreateTopic" ], "Resource": [ "arn:aws:sns:*:*:*SageMaker*", "arn:aws:sns:*:*:*Sagemaker*", "arn:aws:sns:*:*:*sagemaker*" ] }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "arn:aws:iam::*:role/*AmazonSageMaker*", "Condition": { "StringEquals": { "iam:PassedToService": [ "glue.amazonaws.com", "robomaker.amazonaws.com", "states.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "arn:aws:iam::*:role/*", "Condition": { "StringEquals": { "iam:PassedToService": "sagemaker.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "athena:ListDataCatalogs", "athena:ListDatabases", "athena:ListTableMetadata", "athena:GetQueryExecution", "athena:GetQueryResults", "athena:StartQueryExecution", "athena:StopQueryExecution" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "glue:CreateTable" ], "Resource": [ "arn:aws:glue:*:*:table/*/sagemaker_tmp_*", "arn:aws:glue:*:*:table/sagemaker_featurestore/*", "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/*" ] }, { "Effect": "Allow", "Action": [ "glue:DeleteTable" ], "Resource": [ "arn:aws:glue:*:*:table/*/sagemaker_tmp_*", "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/*" ] }, { "Effect": "Allow", "Action": [ "glue:GetDatabases", "glue:GetTable", "glue:GetTables" ], "Resource": [ "arn:aws:glue:*:*:table/*", "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/*" ] }, { "Effect": "Allow", "Action": [ "glue:CreateDatabase", "glue:GetDatabase" ], "Resource": [ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/sagemaker_featurestore", "arn:aws:glue:*:*:database/sagemaker_processing", "arn:aws:glue:*:*:database/default", "arn:aws:glue:*:*:database/sagemaker_data_wrangler" ] }, { "Effect": "Allow", "Action": [ "redshift-data:ExecuteStatement", "redshift-data:DescribeStatement", "redshift-data:CancelStatement", "redshift-data:GetStatementResult", "redshift-data:ListSchemas", "redshift-data:ListTables" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "redshift:GetClusterCredentials" ], "Resource": [ "arn:aws:redshift:*:*:dbuser:*/sagemaker_access*", "arn:aws:redshift:*:*:dbname:*" ] } ] }, "VersionId": "v20" }, "AmazonSageMakerGroundTruthExecution": { "PolicyName": "AmazonSageMakerGroundTruthExecution", "PolicyId": "ANPAZKAPJZG4FYNFSJXO3", "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerGroundTruthExecution", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-07-09T19:30:20+00:00", "UpdateDate": "2020-07-09T19:30:20+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "CustomLabelingJobs", "Effect": "Allow", "Action": [ "lambda:InvokeFunction" ], "Resource": [ "arn:aws:lambda:*:*:function:*GtRecipe*", "arn:aws:lambda:*:*:function:*LabelingFunction*", "arn:aws:lambda:*:*:function:*SageMaker*", "arn:aws:lambda:*:*:function:*sagemaker*", "arn:aws:lambda:*:*:function:*Sagemaker*" ] }, { "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:GetObject", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::*GroundTruth*", "arn:aws:s3:::*Groundtruth*", "arn:aws:s3:::*groundtruth*", "arn:aws:s3:::*SageMaker*", "arn:aws:s3:::*Sagemaker*", "arn:aws:s3:::*sagemaker*" ] }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "s3:ExistingObjectTag/SageMaker": "true" } } }, { "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:ListBucket" ], "Resource": "*" }, { "Sid": "CloudWatch", "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData", "logs:CreateLogStream", "logs:CreateLogGroup", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Resource": "*" }, { "Sid": "StreamingQueue", "Effect": "Allow", "Action": [ "sqs:CreateQueue", "sqs:DeleteMessage", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sqs:ReceiveMessage", "sqs:SendMessage", "sqs:SendMessageBatch", "sqs:SetQueueAttributes" ], "Resource": "arn:aws:sqs:*:*:*GroundTruth*" }, { "Sid": "StreamingTopicSubscribe", "Effect": "Allow", "Action": "sns:Subscribe", "Resource": [ "arn:aws:sns:*:*:*GroundTruth*", "arn:aws:sns:*:*:*Groundtruth*", "arn:aws:sns:*:*:*groundTruth*", "arn:aws:sns:*:*:*groundtruth*", "arn:aws:sns:*:*:*SageMaker*", "arn:aws:sns:*:*:*Sagemaker*", "arn:aws:sns:*:*:*sageMaker*", "arn:aws:sns:*:*:*sagemaker*" ], "Condition": { "StringEquals": { "sns:Protocol": "sqs" }, "StringLike": { "sns:Endpoint": "arn:aws:sqs:*:*:*GroundTruth*" } } }, { "Sid": "StreamingTopic", "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": [ "arn:aws:sns:*:*:*GroundTruth*", "arn:aws:sns:*:*:*Groundtruth*", "arn:aws:sns:*:*:*groundTruth*", "arn:aws:sns:*:*:*groundtruth*", "arn:aws:sns:*:*:*SageMaker*", "arn:aws:sns:*:*:*Sagemaker*", "arn:aws:sns:*:*:*sageMaker*", "arn:aws:sns:*:*:*sagemaker*" ] }, { "Sid": "StreamingTopicUnsubscribe", "Effect": "Allow", "Action": [ "sns:Unsubscribe" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonSageMakerMechanicalTurkAccess": { "PolicyName": "AmazonSageMakerMechanicalTurkAccess", "PolicyId": "ANPAZKAPJZG4AYDBKMMDV", "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerMechanicalTurkAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-03T16:19:36+00:00", "UpdateDate": "2019-12-03T16:19:36+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sagemaker:*FlowDefinition", "sagemaker:*FlowDefinitions" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonSageMakerNotebooksServiceRolePolicy": { "PolicyName": "AmazonSageMakerNotebooksServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4MYB7OEJED", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonSageMakerNotebooksServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-10-18T20:27:37+00:00", "UpdateDate": "2020-08-28T22:39:39+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "elasticfilesystem:CreateFileSystem", "Resource": "*", "Condition": { "StringLike": { "aws:RequestTag/ManagedByAmazonSageMakerResource": "*" } } }, { "Effect": "Allow", "Action": [ "elasticfilesystem:CreateMountTarget", "elasticfilesystem:DeleteFileSystem", "elasticfilesystem:DeleteMountTarget" ], "Resource": "*", "Condition": { "StringLike": { "aws:ResourceTag/ManagedByAmazonSageMakerResource": "*" } } }, { "Effect": "Allow", "Action": [ "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargets" ], "Resource": "*" }, { "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": [ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*" ] }, { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:DeleteNetworkInterface", "ec2:DescribeDhcpOptions", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterfacePermission", "ec2:DeleteSecurityGroup", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress" ], "Resource": "*", "Condition": { "StringLike": { "ec2:ResourceTag/ManagedByAmazonSageMakerResource": "*" } } }, { "Effect": "Allow", "Action": [ "sso:CreateManagedApplicationInstance", "sso:DeleteManagedApplicationInstance", "sso:GetManagedApplicationInstance" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "sagemaker:CreateUserProfile", "sagemaker:DescribeUserProfile" ], "Resource": "*" } ] }, "VersionId": "v5" }, "AmazonSageMakerPipelinesIntegrations": { "PolicyName": "AmazonSageMakerPipelinesIntegrations", "PolicyId": "ANPAZKAPJZG4FK53JOAN3", "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerPipelinesIntegrations", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-07-30T16:35:10+00:00", "UpdateDate": "2021-07-30T16:35:10+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:InvokeFunction", "lambda:UpdateFunctionCode" ], "Resource": [ "arn:aws:lambda:*:*:function:*sagemaker*", "arn:aws:lambda:*:*:function:*sageMaker*", "arn:aws:lambda:*:*:function:*SageMaker*" ] }, { "Effect": "Allow", "Action": [ "sqs:CreateQueue", "sqs:SendMessage" ], "Resource": [ "arn:aws:sqs:*:*:*sagemaker*", "arn:aws:sqs:*:*:*sageMaker*", "arn:aws:sqs:*:*:*SageMaker*" ] }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "arn:aws:iam::*:role/*", "Condition": { "StringEquals": { "iam:PassedToService": [ "lambda.amazonaws.com" ] } } } ] }, "VersionId": "v1" }, "AmazonSageMakerReadOnly": { "PolicyName": "AmazonSageMakerReadOnly", "PolicyId": "ANPAJTZ2FTFCQ6CFLQA2O", "Arn": "arn:aws:iam::aws:policy/AmazonSageMakerReadOnly", "Path": "/", "DefaultVersionId": "v10", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-29T13:07:09+00:00", "UpdateDate": "2021-06-10T20:19:55+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sagemaker:Describe*", "sagemaker:List*", "sagemaker:BatchGetMetrics", "sagemaker:GetDeviceRegistration", "sagemaker:GetDeviceFleetReport", "sagemaker:GetSearchSuggestions", "sagemaker:GetRecord", "sagemaker:Search", "sagemaker:BatchGetRecord" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:DescribeScheduledActions", "aws-marketplace:ViewSubscriptions", "cloudwatch:DescribeAlarms", "cognito-idp:DescribeUserPool", "cognito-idp:DescribeUserPoolClient", "cognito-idp:ListGroups", "cognito-idp:ListIdentityProviders", "cognito-idp:ListUserPoolClients", "cognito-idp:ListUserPools", "cognito-idp:ListUsers", "cognito-idp:ListUsersInGroup", "ecr:Describe*" ], "Resource": "*" } ] }, "VersionId": "v10" }, "AmazonSumerianFullAccess": { "PolicyName": "AmazonSumerianFullAccess", "PolicyId": "ANPAJMGUENPB56MXVVGBE", "Arn": "arn:aws:iam::aws:policy/AmazonSumerianFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-04-24T20:14:16+00:00", "UpdateDate": "2018-04-24T20:14:16+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sumerian:*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonTextractFullAccess": { "PolicyName": "AmazonTextractFullAccess", "PolicyId": "ANPAIQDD47A7H3GBVPWOQ", "Arn": "arn:aws:iam::aws:policy/AmazonTextractFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-28T19:07:42+00:00", "UpdateDate": "2018-11-28T19:07:42+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "textract:*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonTextractServiceRole": { "PolicyName": "AmazonTextractServiceRole", "PolicyId": "ANPAJBDSAWESWLL34WASG", "Arn": "arn:aws:iam::aws:policy/service-role/AmazonTextractServiceRole", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-28T19:12:16+00:00", "UpdateDate": "2018-11-28T19:12:16+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": "arn:aws:sns:*:*:AmazonTextract*" } ] }, "VersionId": "v1" }, "AmazonTimestreamConsoleFullAccess": { "PolicyName": "AmazonTimestreamConsoleFullAccess", "PolicyId": "ANPAZKAPJZG4AZJLUKMAZ", "Arn": "arn:aws:iam::aws:policy/AmazonTimestreamConsoleFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-09-30T21:47:18+00:00", "UpdateDate": "2021-05-20T00:48:09+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "timestream:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:DescribeKey", "kms:ListKeys", "kms:ListAliases" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:CreateGrant" ], "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "kms:EncryptionContextKeys": "aws:timestream:database-name" }, "Bool": { "kms:GrantIsForAWSResource": true }, "StringLike": { "kms:ViaService": "timestream.*.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "dbqms:CreateFavoriteQuery", "dbqms:DescribeFavoriteQueries", "dbqms:UpdateFavoriteQuery", "dbqms:DeleteFavoriteQueries", "dbqms:GetQueryString", "dbqms:CreateQueryHistory", "dbqms:DescribeQueryHistory", "dbqms:UpdateQueryHistory", "dbqms:DeleteQueryHistory" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonTimestreamFullAccess": { "PolicyName": "AmazonTimestreamFullAccess", "PolicyId": "ANPAZKAPJZG4CGYUJBH4V", "Arn": "arn:aws:iam::aws:policy/AmazonTimestreamFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-09-30T21:47:14+00:00", "UpdateDate": "2020-09-30T21:47:14+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "timestream:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:DescribeKey" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:CreateGrant" ], "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "kms:EncryptionContextKeys": "aws:timestream:database-name" }, "Bool": { "kms:GrantIsForAWSResource": true }, "StringLike": { "kms:ViaService": "timestream.*.amazonaws.com" } } } ] }, "VersionId": "v1" }, "AmazonTimestreamReadOnlyAccess": { "PolicyName": "AmazonTimestreamReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4I7VUQXAEJ", "Arn": "arn:aws:iam::aws:policy/AmazonTimestreamReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-09-30T21:47:08+00:00", "UpdateDate": "2020-09-30T21:47:08+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "timestream:CancelQuery", "timestream:DescribeDatabase", "timestream:DescribeEndpoints", "timestream:DescribeTable", "timestream:ListDatabases", "timestream:ListMeasures", "timestream:ListTables", "timestream:ListTagsForResource", "timestream:Select", "timestream:SelectValues" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonTranscribeFullAccess": { "PolicyName": "AmazonTranscribeFullAccess", "PolicyId": "ANPAINAV45F5NT5RMFO7K", "Arn": "arn:aws:iam::aws:policy/AmazonTranscribeFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-04-04T16:06:16+00:00", "UpdateDate": "2018-04-04T16:06:16+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "transcribe:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::*transcribe*" ] } ] }, "VersionId": "v1" }, "AmazonTranscribeReadOnlyAccess": { "PolicyName": "AmazonTranscribeReadOnlyAccess", "PolicyId": "ANPAJM6JONISXCAZKFCAO", "Arn": "arn:aws:iam::aws:policy/AmazonTranscribeReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-04-04T16:05:06+00:00", "UpdateDate": "2018-04-04T16:05:06+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "transcribe:Get*", "transcribe:List*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonVPCCrossAccountNetworkInterfaceOperations": { "PolicyName": "AmazonVPCCrossAccountNetworkInterfaceOperations", "PolicyId": "ANPAJ53Y4ZY5OHP4CNRJC", "Arn": "arn:aws:iam::aws:policy/AmazonVPCCrossAccountNetworkInterfaceOperations", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-07-18T20:47:16+00:00", "UpdateDate": "2020-06-16T14:16:49+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeRouteTables", "ec2:CreateRoute", "ec2:DeleteRoute", "ec2:ReplaceRoute" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ec2:DescribeNetworkInterfaces", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterfacePermission", "ec2:DescribeNetworkInterfacePermissions", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeAvailabilityZones", "ec2:DescribeRegions", "ec2:DescribeVpcs", "ec2:DescribeSubnets" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ec2:AssignPrivateIpAddresses", "ec2:UnassignPrivateIpAddresses" ], "Resource": [ "*" ] } ] }, "VersionId": "v4" }, "AmazonVPCFullAccess": { "PolicyName": "AmazonVPCFullAccess", "PolicyId": "ANPAJBWPGNOVKZD3JI2P2", "Arn": "arn:aws:iam::aws:policy/AmazonVPCFullAccess", "Path": "/", "DefaultVersionId": "v9", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:16+00:00", "UpdateDate": "2021-08-02T19:12:14+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AcceptVpcPeeringConnection", "ec2:AcceptVpcEndpointConnections", "ec2:AllocateAddress", "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AssociateAddress", "ec2:AssociateDhcpOptions", "ec2:AssociateRouteTable", "ec2:AssociateSubnetCidrBlock", "ec2:AssociateVpcCidrBlock", "ec2:AttachClassicLinkVpc", "ec2:AttachInternetGateway", "ec2:AttachNetworkInterface", "ec2:AttachVpnGateway", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateCarrierGateway", "ec2:CreateCustomerGateway", "ec2:CreateDefaultSubnet", "ec2:CreateDefaultVpc", "ec2:CreateDhcpOptions", "ec2:CreateEgressOnlyInternetGateway", "ec2:CreateFlowLogs", "ec2:CreateInternetGateway", "ec2:CreateLocalGatewayRouteTableVpcAssociation", "ec2:CreateNatGateway", "ec2:CreateNetworkAcl", "ec2:CreateNetworkAclEntry", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:CreateVpcEndpointConnectionNotification", "ec2:CreateVpcEndpointServiceConfiguration", "ec2:CreateVpcPeeringConnection", "ec2:CreateVpnConnection", "ec2:CreateVpnConnectionRoute", "ec2:CreateVpnGateway", "ec2:DeleteCarrierGateway", "ec2:DeleteCustomerGateway", "ec2:DeleteDhcpOptions", "ec2:DeleteEgressOnlyInternetGateway", "ec2:DeleteFlowLogs", "ec2:DeleteInternetGateway", "ec2:DeleteLocalGatewayRouteTableVpcAssociation", "ec2:DeleteNatGateway", "ec2:DeleteNetworkAcl", "ec2:DeleteNetworkAclEntry", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DeleteSecurityGroup", "ec2:DeleteSubnet", "ec2:DeleteTags", "ec2:DeleteVpc", "ec2:DeleteVpcEndpoints", "ec2:DeleteVpcEndpointConnectionNotifications", "ec2:DeleteVpcEndpointServiceConfigurations", "ec2:DeleteVpcPeeringConnection", "ec2:DeleteVpnConnection", "ec2:DeleteVpnConnectionRoute", "ec2:DeleteVpnGateway", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeCarrierGateways", "ec2:DescribeClassicLinkInstances", "ec2:DescribeCustomerGateways", "ec2:DescribeDhcpOptions", "ec2:DescribeEgressOnlyInternetGateways", "ec2:DescribeFlowLogs", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeIpv6Pools", "ec2:DescribeLocalGatewayRouteTables", "ec2:DescribeLocalGatewayRouteTableVpcAssociations", "ec2:DescribeKeyPairs", "ec2:DescribeMovingAddresses", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfacePermissions", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroupReferences", "ec2:DescribeSecurityGroupRules", "ec2:DescribeSecurityGroups", "ec2:DescribeStaleSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcClassicLink", "ec2:DescribeVpcClassicLinkDnsSupport", "ec2:DescribeVpcEndpointConnectionNotifications", "ec2:DescribeVpcEndpointConnections", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeVpcEndpointServicePermissions", "ec2:DescribeVpcEndpointServices", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:DetachClassicLinkVpc", "ec2:DetachInternetGateway", "ec2:DetachNetworkInterface", "ec2:DetachVpnGateway", "ec2:DisableVgwRoutePropagation", "ec2:DisableVpcClassicLink", "ec2:DisableVpcClassicLinkDnsSupport", "ec2:DisassociateAddress", "ec2:DisassociateRouteTable", "ec2:DisassociateSubnetCidrBlock", "ec2:DisassociateVpcCidrBlock", "ec2:EnableVgwRoutePropagation", "ec2:EnableVpcClassicLink", "ec2:EnableVpcClassicLinkDnsSupport", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifySecurityGroupRules", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:ModifyVpcEndpoint", "ec2:ModifyVpcEndpointConnectionNotification", "ec2:ModifyVpcEndpointServiceConfiguration", "ec2:ModifyVpcEndpointServicePermissions", "ec2:ModifyVpcPeeringConnectionOptions", "ec2:ModifyVpcTenancy", "ec2:MoveAddressToVpc", "ec2:RejectVpcEndpointConnections", "ec2:RejectVpcPeeringConnection", "ec2:ReleaseAddress", "ec2:ReplaceNetworkAclAssociation", "ec2:ReplaceNetworkAclEntry", "ec2:ReplaceRoute", "ec2:ReplaceRouteTableAssociation", "ec2:ResetNetworkInterfaceAttribute", "ec2:RestoreAddressToClassic", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:UnassignIpv6Addresses", "ec2:UnassignPrivateIpAddresses", "ec2:UpdateSecurityGroupRuleDescriptionsEgress", "ec2:UpdateSecurityGroupRuleDescriptionsIngress" ], "Resource": "*" } ] }, "VersionId": "v9" }, "AmazonVPCReadOnlyAccess": { "PolicyName": "AmazonVPCReadOnlyAccess", "PolicyId": "ANPAIICZJNOJN36GTG6CM", "Arn": "arn:aws:iam::aws:policy/AmazonVPCReadOnlyAccess", "Path": "/", "DefaultVersionId": "v8", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:17+00:00", "UpdateDate": "2021-08-02T15:47:38+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeCarrierGateways", "ec2:DescribeClassicLinkInstances", "ec2:DescribeCustomerGateways", "ec2:DescribeDhcpOptions", "ec2:DescribeEgressOnlyInternetGateways", "ec2:DescribeFlowLogs", "ec2:DescribeInternetGateways", "ec2:DescribeLocalGatewayRouteTables", "ec2:DescribeLocalGatewayRouteTableVpcAssociations", "ec2:DescribeMovingAddresses", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfacePermissions", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroupReferences", "ec2:DescribeSecurityGroupRules", "ec2:DescribeSecurityGroups", "ec2:DescribeStaleSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcClassicLink", "ec2:DescribeVpcClassicLinkDnsSupport", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcEndpointConnectionNotifications", "ec2:DescribeVpcEndpointConnections", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeVpcEndpointServicePermissions", "ec2:DescribeVpcEndpointServices", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways" ], "Resource": "*" } ] }, "VersionId": "v8" }, "AmazonWorkDocsFullAccess": { "PolicyName": "AmazonWorkDocsFullAccess", "PolicyId": "ANPAZKAPJZG4GTERAZYCR", "Arn": "arn:aws:iam::aws:policy/AmazonWorkDocsFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-04-16T23:05:11+00:00", "UpdateDate": "2020-04-16T23:05:11+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "workdocs:*", "ds:DescribeDirectories", "ec2:DescribeVpcs", "ec2:DescribeSubnets" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonWorkDocsReadOnlyAccess": { "PolicyName": "AmazonWorkDocsReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4EDG6WGO5A", "Arn": "arn:aws:iam::aws:policy/AmazonWorkDocsReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-01-08T23:49:59+00:00", "UpdateDate": "2020-01-08T23:49:59+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "workdocs:Describe*", "ds:DescribeDirectories", "ec2:DescribeVpcs", "ec2:DescribeSubnets" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonWorkLinkFullAccess": { "PolicyName": "AmazonWorkLinkFullAccess", "PolicyId": "ANPAJM4ITL7TEVURHCQSY", "Arn": "arn:aws:iam::aws:policy/AmazonWorkLinkFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-01-23T18:52:09+00:00", "UpdateDate": "2019-09-23T18:37:42+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "worklink:*" ], "Resource": "arn:aws:worklink:*:*:*" } ] }, "VersionId": "v2" }, "AmazonWorkLinkReadOnly": { "PolicyName": "AmazonWorkLinkReadOnly", "PolicyId": "ANPAIANQMFGU4EUUZKFQ4", "Arn": "arn:aws:iam::aws:policy/AmazonWorkLinkReadOnly", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-01-23T19:07:10+00:00", "UpdateDate": "2019-09-23T18:37:21+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "worklink:Describe*", "worklink:List*", "worklink:Search*" ], "Resource": "arn:aws:worklink:*:*:*" } ] }, "VersionId": "v3" }, "AmazonWorkLinkServiceRolePolicy": { "PolicyName": "AmazonWorkLinkServiceRolePolicy", "PolicyId": "ANPAINJJP6CO7ATFCV4CU", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonWorkLinkServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-03-18T18:00:16+00:00", "UpdateDate": "2020-02-07T20:48:49+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:CreateNetworkInterfacePermission", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DeleteNetworkInterface" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kinesis:PutRecord", "kinesis:PutRecords" ], "Resource": "arn:aws:kinesis:*:*:stream/AmazonWorkLink-*" }, { "Effect": "Allow", "Action": [ "elasticloadbalancing:ModifyListener", "elasticloadbalancing:AddListenerCertificates", "elasticloadbalancing:RemoveListenerCertificates" ], "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonWorkMailEventsServiceRolePolicy": { "PolicyName": "AmazonWorkMailEventsServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4JG5LNO3U7", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AmazonWorkMailEventsServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-04-16T16:52:43+00:00", "UpdateDate": "2019-04-16T16:52:43+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonWorkMailFullAccess": { "PolicyName": "AmazonWorkMailFullAccess", "PolicyId": "ANPAJQVKNMT7SVATQ4AUY", "Arn": "arn:aws:iam::aws:policy/AmazonWorkMailFullAccess", "Path": "/", "DefaultVersionId": "v10", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:41+00:00", "UpdateDate": "2020-12-21T14:13:40+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ds:AuthorizeApplication", "ds:CheckAlias", "ds:CreateAlias", "ds:CreateDirectory", "ds:CreateIdentityPoolDirectory", "ds:DeleteDirectory", "ds:DescribeDirectories", "ds:GetDirectoryLimits", "ds:ListAuthorizedApplications", "ds:UnauthorizeApplication", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", "ec2:DeleteSecurityGroup", "ec2:DeleteSubnet", "ec2:DeleteVpc", "ec2:DescribeAvailabilityZones", "ec2:DescribeRouteTables", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "kms:DescribeKey", "kms:ListAliases", "lambda:ListFunctions", "route53:ChangeResourceRecordSets", "route53:ListHostedZones", "route53:ListResourceRecordSets", "route53:GetHostedZone", "route53domains:CheckDomainAvailability", "route53domains:ListDomains", "ses:*", "workmail:*", "iam:ListRoles", "logs:DescribeLogGroups", "logs:CreateLogGroup", "logs:PutRetentionPolicy", "cloudwatch:GetMetricData" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "events.workmail.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Resource": "arn:aws:iam::*:role/aws-service-role/events.workmail.amazonaws.com/AWSServiceRoleForAmazonWorkMailEvents*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::*:role/*workmail*", "Condition": { "StringLike": { "iam:PassedToService": "events.workmail.amazonaws.com" } } } ] }, "VersionId": "v10" }, "AmazonWorkMailMessageFlowFullAccess": { "PolicyName": "AmazonWorkMailMessageFlowFullAccess", "PolicyId": "ANPAZKAPJZG4ORQUVJL66", "Arn": "arn:aws:iam::aws:policy/AmazonWorkMailMessageFlowFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-02-11T11:08:35+00:00", "UpdateDate": "2021-02-11T11:08:35+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "workmailmessageflow:*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonWorkMailMessageFlowReadOnlyAccess": { "PolicyName": "AmazonWorkMailMessageFlowReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4M6UETQLYG", "Arn": "arn:aws:iam::aws:policy/AmazonWorkMailMessageFlowReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-01-28T12:40:08+00:00", "UpdateDate": "2021-01-28T12:40:08+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "workmailmessageflow:Get*" ], "Resource": "*", "Effect": "Allow" } ] }, "VersionId": "v1" }, "AmazonWorkMailReadOnlyAccess": { "PolicyName": "AmazonWorkMailReadOnlyAccess", "PolicyId": "ANPAJHF7J65E2QFKCWAJM", "Arn": "arn:aws:iam::aws:policy/AmazonWorkMailReadOnlyAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:42+00:00", "UpdateDate": "2019-07-25T08:24:50+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ses:Describe*", "ses:Get*", "workmail:Describe*", "workmail:Get*", "workmail:List*", "workmail:Search*", "lambda:ListFunctions", "iam:ListRoles", "logs:DescribeLogGroups", "cloudwatch:GetMetricData" ], "Resource": "*" } ] }, "VersionId": "v4" }, "AmazonWorkSpacesAdmin": { "PolicyName": "AmazonWorkSpacesAdmin", "PolicyId": "ANPAJ26AU6ATUQCT5KVJU", "Arn": "arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-09-22T22:21:15+00:00", "UpdateDate": "2016-08-18T23:08:42+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "workspaces:CreateWorkspaces", "workspaces:DescribeWorkspaces", "workspaces:RebootWorkspaces", "workspaces:RebuildWorkspaces", "workspaces:TerminateWorkspaces", "workspaces:DescribeWorkspaceDirectories", "workspaces:DescribeWorkspaceBundles", "workspaces:ModifyWorkspaceProperties", "workspaces:StopWorkspaces", "workspaces:StartWorkspaces", "workspaces:DescribeWorkspacesConnectionStatus", "workspaces:CreateTags", "workspaces:DeleteTags", "workspaces:DescribeTags", "kms:ListKeys", "kms:ListAliases", "kms:DescribeKey" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonWorkSpacesApplicationManagerAdminAccess": { "PolicyName": "AmazonWorkSpacesApplicationManagerAdminAccess", "PolicyId": "ANPAJPRL4KYETIH7XGTSS", "Arn": "arn:aws:iam::aws:policy/AmazonWorkSpacesApplicationManagerAdminAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-04-09T14:03:18+00:00", "UpdateDate": "2015-04-09T14:03:18+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "wam:AuthenticatePackager", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonWorkSpacesSelfServiceAccess": { "PolicyName": "AmazonWorkSpacesSelfServiceAccess", "PolicyId": "ANPAZKAPJZG4MLHUSTJAF", "Arn": "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-06-27T19:22:52+00:00", "UpdateDate": "2019-06-27T19:22:52+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "workspaces:RebootWorkspaces", "workspaces:RebuildWorkspaces", "workspaces:ModifyWorkspaceProperties" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonWorkSpacesServiceAccess": { "PolicyName": "AmazonWorkSpacesServiceAccess", "PolicyId": "ANPAZKAPJZG4KRXBM753F", "Arn": "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-06-27T19:19:09+00:00", "UpdateDate": "2020-03-18T23:32:10+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaces" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v2" }, "AmazonZocaloFullAccess": { "PolicyName": "AmazonZocaloFullAccess", "PolicyId": "ANPAJLCDXYRINDMUXEVL6", "Arn": "arn:aws:iam::aws:policy/AmazonZocaloFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:13+00:00", "UpdateDate": "2015-02-06T18:41:13+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "zocalo:*", "ds:*", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AmazonZocaloReadOnlyAccess": { "PolicyName": "AmazonZocaloReadOnlyAccess", "PolicyId": "ANPAISRCSSJNS3QPKZJPM", "Arn": "arn:aws:iam::aws:policy/AmazonZocaloReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:14+00:00", "UpdateDate": "2015-02-06T18:41:14+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "zocalo:Describe*", "ds:DescribeDirectories", "ec2:DescribeVpcs", "ec2:DescribeSubnets" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AppRunnerServiceRolePolicy": { "PolicyName": "AppRunnerServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4FKEGI2QN2", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AppRunnerServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-05-14T19:15:04+00:00", "UpdateDate": "2021-05-14T19:15:04+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:PutRetentionPolicy" ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/apprunner/*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Resource": [ "arn:aws:logs:*:*:log-group:/aws/apprunner/*:log-stream:*" ] }, { "Effect": "Allow", "Action": [ "events:PutRule", "events:PutTargets", "events:DeleteRule", "events:RemoveTargets", "events:DescribeRule", "events:EnableRule", "events:DisableRule" ], "Resource": "arn:aws:events:*:*:rule/AWSAppRunnerManagedRule*" } ] }, "VersionId": "v1" }, "ApplicationAutoScalingForAmazonAppStreamAccess": { "PolicyName": "ApplicationAutoScalingForAmazonAppStreamAccess", "PolicyId": "ANPAIEL3HJCCWFVHA6KPG", "Arn": "arn:aws:iam::aws:policy/service-role/ApplicationAutoScalingForAmazonAppStreamAccess", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-02-06T21:39:56+00:00", "UpdateDate": "2017-02-06T21:39:56+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "appstream:UpdateFleet", "appstream:DescribeFleets" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "cloudwatch:DescribeAlarms" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "ApplicationDiscoveryServiceContinuousExportServiceRolePolicy": { "PolicyName": "ApplicationDiscoveryServiceContinuousExportServiceRolePolicy", "PolicyId": "ANPAJMGMY3P6OEWOELRFE", "Arn": "arn:aws:iam::aws:policy/aws-service-role/ApplicationDiscoveryServiceContinuousExportServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-08-09T20:22:01+00:00", "UpdateDate": "2018-08-13T22:31:21+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "glue:CreateDatabase", "glue:UpdateDatabase", "glue:CreateTable", "glue:UpdateTable", "firehose:CreateDeliveryStream", "firehose:DescribeDeliveryStream", "logs:CreateLogGroup" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "firehose:DeleteDeliveryStream", "firehose:PutRecord", "firehose:PutRecordBatch", "firehose:UpdateDestination" ], "Effect": "Allow", "Resource": "arn:aws:firehose:*:*:deliverystream/aws-application-discovery-service*" }, { "Action": [ "s3:CreateBucket", "s3:ListBucket", "s3:PutBucketLogging", "s3:PutEncryptionConfiguration" ], "Effect": "Allow", "Resource": "arn:aws:s3:::aws-application-discovery-service*" }, { "Action": [ "s3:GetObject" ], "Effect": "Allow", "Resource": "arn:aws:s3:::aws-application-discovery-service*/*" }, { "Action": [ "logs:CreateLogStream", "logs:PutRetentionPolicy" ], "Effect": "Allow", "Resource": "arn:aws:logs:*:*:log-group:/aws/application-discovery-service/firehose*" }, { "Action": [ "iam:PassRole" ], "Effect": "Allow", "Resource": "arn:aws:iam::*:role/AWSApplicationDiscoveryServiceFirehose", "Condition": { "StringLike": { "iam:PassedToService": "firehose.amazonaws.com" } } }, { "Action": [ "iam:PassRole" ], "Effect": "Allow", "Resource": "arn:aws:iam::*:role/service-role/AWSApplicationDiscoveryServiceFirehose", "Condition": { "StringLike": { "iam:PassedToService": "firehose.amazonaws.com" } } } ] }, "VersionId": "v2" }, "AutoScalingConsoleFullAccess": { "PolicyName": "AutoScalingConsoleFullAccess", "PolicyId": "ANPAIYEN6FJGYYWJFFCZW", "Arn": "arn:aws:iam::aws:policy/AutoScalingConsoleFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-01-12T19:43:16+00:00", "UpdateDate": "2018-02-06T23:15:36+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateKeyPair", "ec2:CreateSecurityGroup", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeImages", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribePlacementGroups", "ec2:DescribeSecurityGroups", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcClassicLink", "ec2:ImportKeyPair" ], "Resource": "*" }, { "Effect": "Allow", "Action": "elasticloadbalancing:Describe*", "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudwatch:ListMetrics", "cloudwatch:GetMetricStatistics", "cloudwatch:PutMetricAlarm", "cloudwatch:Describe*" ], "Resource": "*" }, { "Effect": "Allow", "Action": "autoscaling:*", "Resource": "*" }, { "Effect": "Allow", "Action": [ "sns:ListSubscriptions", "sns:ListTopics" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:ListRoles", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "autoscaling.amazonaws.com" } } } ] }, "VersionId": "v2" }, "AutoScalingConsoleReadOnlyAccess": { "PolicyName": "AutoScalingConsoleReadOnlyAccess", "PolicyId": "ANPAI3A7GDXOYQV3VUQMK", "Arn": "arn:aws:iam::aws:policy/AutoScalingConsoleReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-01-12T19:48:53+00:00", "UpdateDate": "2017-01-12T19:48:53+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeVpcs", "ec2:DescribeVpcClassicLink", "ec2:DescribeAvailabilityZones", "ec2:DescribeSubnets" ], "Resource": "*" }, { "Effect": "Allow", "Action": "elasticloadbalancing:Describe*", "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudwatch:ListMetrics", "cloudwatch:GetMetricStatistics", "cloudwatch:Describe*" ], "Resource": "*" }, { "Effect": "Allow", "Action": "autoscaling:Describe*", "Resource": "*" }, { "Effect": "Allow", "Action": [ "sns:ListSubscriptions", "sns:ListTopics" ], "Resource": "*" } ] }, "VersionId": "v1" }, "AutoScalingFullAccess": { "PolicyName": "AutoScalingFullAccess", "PolicyId": "ANPAIAWRCSJDDXDXGPCFU", "Arn": "arn:aws:iam::aws:policy/AutoScalingFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-01-12T19:31:58+00:00", "UpdateDate": "2018-02-06T21:59:13+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "autoscaling:*", "Resource": "*" }, { "Effect": "Allow", "Action": "cloudwatch:PutMetricAlarm", "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeImages", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribePlacementGroups", "ec2:DescribeSecurityGroups", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeSubnets", "ec2:DescribeVpcClassicLink" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "autoscaling.amazonaws.com" } } } ] }, "VersionId": "v2" }, "AutoScalingNotificationAccessRole": { "PolicyName": "AutoScalingNotificationAccessRole", "PolicyId": "ANPAIO2VMUPGDC5PZVXVA", "Arn": "arn:aws:iam::aws:policy/service-role/AutoScalingNotificationAccessRole", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:22+00:00", "UpdateDate": "2015-02-06T18:41:22+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Resource": "*", "Action": [ "sqs:SendMessage", "sqs:GetQueueUrl", "sns:Publish" ] } ] }, "VersionId": "v1" }, "AutoScalingReadOnlyAccess": { "PolicyName": "AutoScalingReadOnlyAccess", "PolicyId": "ANPAIAFWUVLC2LPLSFTFG", "Arn": "arn:aws:iam::aws:policy/AutoScalingReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-01-12T19:39:35+00:00", "UpdateDate": "2017-01-12T19:39:35+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "autoscaling:Describe*", "Resource": "*" } ] }, "VersionId": "v1" }, "AutoScalingServiceRolePolicy": { "PolicyName": "AutoScalingServiceRolePolicy", "PolicyId": "ANPAIC5D2V7MRWBMHGD7G", "Arn": "arn:aws:iam::aws:policy/aws-service-role/AutoScalingServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-01-08T23:10:55+00:00", "UpdateDate": "2021-03-29T22:33:25+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "EC2InstanceManagement", "Effect": "Allow", "Action": [ "ec2:AttachClassicLinkVpc", "ec2:CancelSpotInstanceRequests", "ec2:CreateFleet", "ec2:CreateTags", "ec2:DeleteTags", "ec2:Describe*", "ec2:DetachClassicLinkVpc", "ec2:ModifyInstanceAttribute", "ec2:RequestSpotInstances", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Resource": "*" }, { "Sid": "EC2InstanceProfileManagement", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringLike": { "iam:PassedToService": "ec2.amazonaws.com*" } } }, { "Sid": "EC2SpotManagement", "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "spot.amazonaws.com" } } }, { "Sid": "ELBManagement", "Effect": "Allow", "Action": [ "elasticloadbalancing:Register*", "elasticloadbalancing:Deregister*", "elasticloadbalancing:Describe*" ], "Resource": "*" }, { "Sid": "CWManagement", "Effect": "Allow", "Action": [ "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "cloudwatch:PutMetricAlarm" ], "Resource": "*" }, { "Sid": "SNSManagement", "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": "*" }, { "Sid": "EventBridgeRuleManagement", "Effect": "Allow", "Action": [ "events:PutRule", "events:PutTargets", "events:RemoveTargets", "events:DeleteRule", "events:DescribeRule" ], "Resource": "*", "Condition": { "StringEquals": { "events:ManagedBy": "autoscaling.amazonaws.com" } } } ] }, "VersionId": "v5" }, "AwsGlueDataBrewFullAccessPolicy": { "PolicyName": "AwsGlueDataBrewFullAccessPolicy", "PolicyId": "ANPAZKAPJZG4ACNRIK7M3", "Arn": "arn:aws:iam::aws:policy/AwsGlueDataBrewFullAccessPolicy", "Path": "/", "DefaultVersionId": "v6", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-11-11T16:51:39+00:00", "UpdateDate": "2021-06-30T18:23:37+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "appflow:DescribeFlow", "appflow:DescribeFlowExecutionRecords", "appflow:ListFlows", "databrew:*", "glue:GetConnection", "glue:GetConnections", "glue:GetDatabases", "glue:GetPartitions", "glue:GetTable", "glue:GetTables", "glue:GetDataCatalogEncryptionSettings", "dataexchange:ListDataSets", "dataexchange:ListDataSetRevisions", "dataexchange:ListRevisionAssets", "dataexchange:CreateJob", "dataexchange:StartJob", "dataexchange:GetJob", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "kms:DescribeKey", "kms:ListKeys", "kms:ListAliases", "redshift:DescribeClusters", "redshift:DescribeClusterSubnetGroups", "redshift-data:ListDatabases", "redshift-data:ListSchemas", "redshift-data:ListTables", "s3:ListAllMyBuckets", "s3:GetBucketCORS", "s3:GetBucketLocation", "s3:GetEncryptionConfiguration", "secretsmanager:ListSecrets", "secretsmanager:DescribeSecret", "sts:GetCallerIdentity", "cloudtrail:LookupEvents", "iam:ListRoles", "iam:GetRole" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "glue:CreateConnection" ], "Resource": [ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:connection/AwsGlueDataBrew-*" ] }, { "Effect": "Allow", "Action": [ "glue:GetDatabases" ], "Resource": [ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/*" ] }, { "Effect": "Allow", "Action": [ "glue:CreateTable" ], "Resource": [ "arn:aws:glue:*:*:catalog", "arn:aws:glue:*:*:database/*", "arn:aws:glue:*:*:table/*/awsgluedatabrew*" ] }, { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::databrew-public-datasets-*" ] }, { "Effect": "Allow", "Action": [ "kms:GenerateDataKey" ], "Resource": [ "*" ], "Condition": { "StringLike": { "kms:ViaService": "s3.*.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "arn:aws:iam::*:role/*", "Condition": { "StringEquals": { "iam:PassedToService": [ "databrew.amazonaws.com" ] } } } ] }, "VersionId": "v6" }, "BatchServiceRolePolicy": { "PolicyName": "BatchServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4COHHXEWBT", "Arn": "arn:aws:iam::aws:policy/aws-service-role/BatchServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-03-10T06:55:36+00:00", "UpdateDate": "2021-03-25T22:50:04+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeAccountAttributes", "ec2:DescribeInstances", "ec2:DescribeInstanceAttribute", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeKeyPairs", "ec2:DescribeImages", "ec2:DescribeImageAttribute", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeSpotFleetInstances", "ec2:DescribeSpotFleetRequests", "ec2:DescribeSpotPriceHistory", "ec2:DescribeVpcClassicLink", "ec2:DescribeLaunchTemplateVersions", "ec2:RequestSpotFleet", "autoscaling:DescribeAccountLimits", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeAutoScalingInstances", "ecs:DescribeClusters", "ecs:DescribeContainerInstances", "ecs:DescribeTaskDefinition", "ecs:DescribeTasks", "ecs:ListClusters", "ecs:ListContainerInstances", "ecs:ListTaskDefinitionFamilies", "ecs:ListTaskDefinitions", "ecs:ListTasks", "ecs:DeregisterTaskDefinition", "ecs:TagResource", "ecs:ListAccountSettings", "logs:DescribeLogGroups", "iam:GetInstanceProfile", "iam:GetRole" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/batch/job*" }, { "Effect": "Allow", "Action": [ "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/batch/job*:log-stream:*" }, { "Effect": "Allow", "Action": [ "autoscaling:CreateOrUpdateTags" ], "Resource": "*", "Condition": { "Null": { "aws:RequestTag/AWSBatchServiceTag": "false" } } }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": [ "*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "ec2.amazonaws.com", "ec2.amazonaws.com.cn", "ecs-tasks.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "spot.amazonaws.com", "spotfleet.amazonaws.com", "autoscaling.amazonaws.com", "ecs.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "ec2:CreateLaunchTemplate" ], "Resource": "*", "Condition": { "Null": { "aws:RequestTag/AWSBatchServiceTag": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:TerminateInstances", "ec2:CancelSpotFleetRequests", "ec2:ModifySpotFleetRequest", "ec2:DeleteLaunchTemplate" ], "Resource": "*", "Condition": { "Null": { "aws:ResourceTag/AWSBatchServiceTag": "false" } } }, { "Effect": "Allow", "Action": [ "autoscaling:CreateLaunchConfiguration", "autoscaling:DeleteLaunchConfiguration" ], "Resource": "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/AWSBatch*" }, { "Effect": "Allow", "Action": [ "autoscaling:CreateAutoScalingGroup", "autoscaling:UpdateAutoScalingGroup", "autoscaling:SetDesiredCapacity", "autoscaling:DeleteAutoScalingGroup", "autoscaling:SuspendProcesses", "autoscaling:PutNotificationConfiguration", "autoscaling:TerminateInstanceInAutoScalingGroup" ], "Resource": "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/AWSBatch*" }, { "Effect": "Allow", "Action": [ "ecs:DeleteCluster", "ecs:DeregisterContainerInstance", "ecs:RunTask", "ecs:StartTask", "ecs:StopTask" ], "Resource": "arn:aws:ecs:*:*:cluster/AWSBatch*" }, { "Effect": "Allow", "Action": [ "ecs:RunTask", "ecs:StartTask", "ecs:StopTask" ], "Resource": "arn:aws:ecs:*:*:task-definition/*" }, { "Effect": "Allow", "Action": [ "ecs:StopTask" ], "Resource": "arn:aws:ecs:*:*:task/*/*" }, { "Effect": "Allow", "Action": [ "ecs:CreateCluster", "ecs:RegisterTaskDefinition" ], "Resource": "*", "Condition": { "Null": { "aws:RequestTag/AWSBatchServiceTag": "false" } } }, { "Effect": "Allow", "Action": "ec2:RunInstances", "Resource": [ "arn:aws:ec2:*::image/*", "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:volume/*", "arn:aws:ec2:*:*:key-pair/*", "arn:aws:ec2:*:*:launch-template/*", "arn:aws:ec2:*:*:placement-group/*", "arn:aws:ec2:*:*:capacity-reservation/*", "arn:aws:ec2:*:*:elastic-gpu/*", "arn:aws:elastic-inference:*:*:elastic-inference-accelerator/*" ] }, { "Effect": "Allow", "Action": "ec2:RunInstances", "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "Null": { "aws:RequestTag/AWSBatchServiceTag": "false" } } }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "ec2:CreateAction": [ "RunInstances", "CreateLaunchTemplate", "RequestSpotFleet" ] } } } ] }, "VersionId": "v3" }, "Billing": { "PolicyName": "Billing", "PolicyId": "ANPAIFTHXT6FFMIRT7ZEA", "Arn": "arn:aws:iam::aws:policy/job-function/Billing", "Path": "/job-function/", "DefaultVersionId": "v5", "AttachmentCount": 1, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-11-10T17:33:18+00:00", "UpdateDate": "2020-10-05T20:37:01+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-portal:*Billing", "aws-portal:*Usage", "aws-portal:*PaymentMethods", "budgets:ViewBudget", "budgets:ModifyBudget", "ce:UpdatePreferences", "ce:CreateReport", "ce:UpdateReport", "ce:DeleteReport", "ce:CreateNotificationSubscription", "ce:UpdateNotificationSubscription", "ce:DeleteNotificationSubscription", "cur:DescribeReportDefinitions", "cur:PutReportDefinition", "cur:ModifyReportDefinition", "cur:DeleteReportDefinition", "purchase-orders:*PurchaseOrders" ], "Resource": "*" } ] }, "VersionId": "v5" }, "CertificateManagerServiceRolePolicy": { "PolicyName": "CertificateManagerServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4G2T4BX7CL", "Arn": "arn:aws:iam::aws:policy/aws-service-role/CertificateManagerServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-25T17:56:49+00:00", "UpdateDate": "2020-06-25T17:56:49+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "acm-pca:IssueCertificate", "acm-pca:GetCertificate" ], "Resource": "*" } ] }, "VersionId": "v1" }, "ClientVPNServiceConnectionsRolePolicy": { "PolicyName": "ClientVPNServiceConnectionsRolePolicy", "PolicyId": "ANPAZKAPJZG4PG4VWZTEZ", "Arn": "arn:aws:iam::aws:policy/aws-service-role/ClientVPNServiceConnectionsRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-08-12T19:48:06+00:00", "UpdateDate": "2020-08-12T19:48:06+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lambda:InvokeFunction" ], "Resource": "arn:aws:lambda:*:*:function:AWSClientVPN-*" } ] }, "VersionId": "v1" }, "ClientVPNServiceRolePolicy": { "PolicyName": "ClientVPNServiceRolePolicy", "PolicyId": "ANPAI2SV25KUCYQYS5N74", "Arn": "arn:aws:iam::aws:policy/aws-service-role/ClientVPNServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-12-10T21:20:25+00:00", "UpdateDate": "2020-08-12T19:39:34+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeInternetGateways", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DeleteNetworkInterface", "ec2:DescribeAccountAttributes", "ds:AuthorizeApplication", "ds:DescribeDirectories", "ds:GetDirectoryLimits", "ds:UnauthorizeApplication", "logs:DescribeLogStreams", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogGroups", "acm:GetCertificate", "acm:DescribeCertificate", "iam:GetSAMLProvider", "lambda:GetFunctionConfiguration" ], "Resource": "*" } ] }, "VersionId": "v5" }, "CloudFormationStackSetsOrgAdminServiceRolePolicy": { "PolicyName": "CloudFormationStackSetsOrgAdminServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4JEQ3CDBDV", "Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudFormationStackSetsOrgAdminServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-10T00:20:05+00:00", "UpdateDate": "2019-12-10T00:20:05+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowsAWSOrganizationsReadAPIs", "Effect": "Allow", "Action": [ "organizations:List*", "organizations:Describe*" ], "Resource": "*" }, { "Sid": "AllowAssumeRoleInMemberAccounts", "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "arn:aws:iam::*:role/stacksets-exec-*" } ] }, "VersionId": "v1" }, "CloudFormationStackSetsOrgMemberServiceRolePolicy": { "PolicyName": "CloudFormationStackSetsOrgMemberServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4LHV6H6QDU", "Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudFormationStackSetsOrgMemberServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-09T23:52:37+00:00", "UpdateDate": "2019-12-09T23:52:37+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "iam:CreateRole", "iam:DeleteRole", "iam:GetRole" ], "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/stacksets-exec-*" ] }, { "Action": [ "iam:DetachRolePolicy", "iam:AttachRolePolicy" ], "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/stacksets-exec-*" ], "Condition": { "StringEquals": { "iam:PolicyARN": "arn:aws:iam::aws:policy/AdministratorAccess" } } } ] }, "VersionId": "v1" }, "CloudFrontFullAccess": { "PolicyName": "CloudFrontFullAccess", "PolicyId": "ANPAIPRV52SH6HDCCFY6U", "Arn": "arn:aws:iam::aws:policy/CloudFrontFullAccess", "Path": "/", "DefaultVersionId": "v6", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:39:50+00:00", "UpdateDate": "2020-09-03T20:18:42+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:ListAllMyBuckets" ], "Effect": "Allow", "Resource": "arn:aws:s3:::*" }, { "Action": [ "acm:ListCertificates", "cloudfront:*", "iam:ListServerCertificates", "waf:ListWebACLs", "waf:GetWebACL", "wafv2:ListWebACLs", "wafv2:GetWebACL", "kinesis:ListStreams" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "kinesis:DescribeStream" ], "Effect": "Allow", "Resource": "arn:aws:kinesis:*:*:*" }, { "Action": [ "iam:ListRoles" ], "Effect": "Allow", "Resource": "arn:aws:iam::*:*" } ] }, "VersionId": "v6" }, "CloudFrontReadOnlyAccess": { "PolicyName": "CloudFrontReadOnlyAccess", "PolicyId": "ANPAJJZMNYOTZCNQP36LG", "Arn": "arn:aws:iam::aws:policy/CloudFrontReadOnlyAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:39:55+00:00", "UpdateDate": "2020-02-19T19:49:16+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "acm:ListCertificates", "cloudfront:Get*", "cloudfront:List*", "iam:ListServerCertificates", "route53:List*", "waf:ListWebACLs", "waf:GetWebACL", "wafv2:ListWebACLs", "wafv2:GetWebACL" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v4" }, "CloudHSMServiceRolePolicy": { "PolicyName": "CloudHSMServiceRolePolicy", "PolicyId": "ANPAJILYY7JP6JLMQG56I", "Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudHSMServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-06T19:12:46+00:00", "UpdateDate": "2017-11-06T19:12:46+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:DescribeLogStreams" ], "Resource": [ "arn:aws:logs:*:*:*" ] } ] }, "VersionId": "v1" }, "CloudSearchFullAccess": { "PolicyName": "CloudSearchFullAccess", "PolicyId": "ANPAIM6OOWKQ7L7VBOZOC", "Arn": "arn:aws:iam::aws:policy/CloudSearchFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:39:56+00:00", "UpdateDate": "2015-02-06T18:39:56+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudsearch:*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "CloudSearchReadOnlyAccess": { "PolicyName": "CloudSearchReadOnlyAccess", "PolicyId": "ANPAJWPLX7N7BCC3RZLHW", "Arn": "arn:aws:iam::aws:policy/CloudSearchReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:39:57+00:00", "UpdateDate": "2015-02-06T18:39:57+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudsearch:Describe*", "cloudsearch:List*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "CloudTrailServiceRolePolicy": { "PolicyName": "CloudTrailServiceRolePolicy", "PolicyId": "ANPAJXQJ45EGU6U7NQBW4", "Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudTrailServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-10-24T21:21:44+00:00", "UpdateDate": "2018-10-24T21:21:44+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "CloudTrailFullAccess", "Effect": "Allow", "Action": [ "cloudtrail:*" ], "Resource": "*" }, { "Sid": "AwsOrgsAccess", "Effect": "Allow", "Action": [ "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "CloudWatch-CrossAccountAccess": { "PolicyName": "CloudWatch-CrossAccountAccess", "PolicyId": "ANPAZKAPJZG4OV6AFDA5J", "Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudWatch-CrossAccountAccess", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 1, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-07-23T09:59:27+00:00", "UpdateDate": "2019-07-23T09:59:27+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "sts:AssumeRole" ], "Resource": [ "arn:aws:iam::*:role/CloudWatch-CrossAccountSharing*" ], "Effect": "Allow" } ] }, "VersionId": "v1" }, "CloudWatchActionsEC2Access": { "PolicyName": "CloudWatchActionsEC2Access", "PolicyId": "ANPAIOWD4E3FVSORSZTGU", "Arn": "arn:aws:iam::aws:policy/CloudWatchActionsEC2Access", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-07-07T00:00:33+00:00", "UpdateDate": "2015-07-07T00:00:33+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:Describe*", "ec2:Describe*", "ec2:RebootInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Resource": "*" } ] }, "VersionId": "v1" }, "CloudWatchAgentAdminPolicy": { "PolicyName": "CloudWatchAgentAdminPolicy", "PolicyId": "ANPAICMXPKT7EBAF6KR3O", "Arn": "arn:aws:iam::aws:policy/CloudWatchAgentAdminPolicy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-03-07T00:52:31+00:00", "UpdateDate": "2018-03-07T00:52:31+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData", "ec2:DescribeTags", "logs:PutLogEvents", "logs:DescribeLogStreams", "logs:DescribeLogGroups", "logs:CreateLogStream", "logs:CreateLogGroup" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ssm:GetParameter", "ssm:PutParameter" ], "Resource": "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*" } ] }, "VersionId": "v1" }, "CloudWatchAgentServerPolicy": { "PolicyName": "CloudWatchAgentServerPolicy", "PolicyId": "ANPAIGOPKN7KRDAKTLG4I", "Arn": "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-03-07T01:06:44+00:00", "UpdateDate": "2019-10-17T23:08:51+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData", "ec2:DescribeVolumes", "ec2:DescribeTags", "logs:PutLogEvents", "logs:DescribeLogStreams", "logs:DescribeLogGroups", "logs:CreateLogStream", "logs:CreateLogGroup" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ssm:GetParameter" ], "Resource": "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-*" } ] }, "VersionId": "v2" }, "CloudWatchApplicationInsightsFullAccess": { "PolicyName": "CloudWatchApplicationInsightsFullAccess", "PolicyId": "ANPAZKAPJZG4MSQN23AKX", "Arn": "arn:aws:iam::aws:policy/CloudWatchApplicationInsightsFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-11-24T18:44:14+00:00", "UpdateDate": "2020-11-24T18:44:14+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "applicationinsights:*", "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/application-insights.amazonaws.com/AWSServiceRoleForApplicationInsights" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "application-insights.amazonaws.com" } } } ] }, "VersionId": "v1" }, "CloudWatchApplicationInsightsReadOnlyAccess": { "PolicyName": "CloudWatchApplicationInsightsReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4AX4TJYLSI", "Arn": "arn:aws:iam::aws:policy/CloudWatchApplicationInsightsReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-11-24T18:48:00+00:00", "UpdateDate": "2020-11-24T18:48:00+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "applicationinsights:Describe*", "applicationinsights:List*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "CloudWatchAutomaticDashboardsAccess": { "PolicyName": "CloudWatchAutomaticDashboardsAccess", "PolicyId": "ANPAZKAPJZG4JFCXGSE2Q", "Arn": "arn:aws:iam::aws:policy/CloudWatchAutomaticDashboardsAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-07-23T10:01:08+00:00", "UpdateDate": "2021-04-20T13:05:40+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "autoscaling:DescribeAutoScalingGroups", "cloudfront:GetDistribution", "cloudfront:ListDistributions", "dynamodb:DescribeTable", "dynamodb:ListTables", "ec2:DescribeInstances", "ec2:DescribeVolumes", "ecs:DescribeClusters", "ecs:DescribeContainerInstances", "ecs:ListClusters", "ecs:ListContainerInstances", "ecs:ListServices", "elasticache:DescribeCacheClusters", "elasticbeanstalk:DescribeEnvironments", "elasticfilesystem:DescribeFileSystems", "elasticloadbalancing:DescribeLoadBalancers", "kinesis:DescribeStream", "kinesis:ListStreams", "lambda:GetFunction", "lambda:ListFunctions", "rds:DescribeDBClusters", "rds:DescribeDBInstances", "resource-groups:ListGroupResources", "resource-groups:ListGroups", "route53:GetHealthCheck", "route53:ListHealthChecks", "s3:ListAllMyBuckets", "s3:ListBucket", "sns:ListTopics", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sqs:ListQueues", "synthetics:DescribeCanariesLastRun", "tag:GetResources" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "apigateway:GET" ], "Effect": "Allow", "Resource": [ "arn:aws:apigateway:*::/restapis*" ] } ] }, "VersionId": "v4" }, "CloudWatchEventsBuiltInTargetExecutionAccess": { "PolicyName": "CloudWatchEventsBuiltInTargetExecutionAccess", "PolicyId": "ANPAIC5AQ5DATYSNF4AUM", "Arn": "arn:aws:iam::aws:policy/service-role/CloudWatchEventsBuiltInTargetExecutionAccess", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-01-14T18:35:49+00:00", "UpdateDate": "2016-01-14T18:35:49+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "CloudWatchEventsBuiltInTargetExecutionAccess", "Effect": "Allow", "Action": [ "ec2:Describe*", "ec2:RebootInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:CreateSnapshot" ], "Resource": "*" } ] }, "VersionId": "v1" }, "CloudWatchEventsFullAccess": { "PolicyName": "CloudWatchEventsFullAccess", "PolicyId": "ANPAJZLOYLNHESMYOJAFU", "Arn": "arn:aws:iam::aws:policy/CloudWatchEventsFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-01-14T18:37:08+00:00", "UpdateDate": "2016-01-14T18:37:08+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "CloudWatchEventsFullAccess", "Effect": "Allow", "Action": "events:*", "Resource": "*" }, { "Sid": "IAMPassRoleForCloudWatchEvents", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "arn:aws:iam::*:role/AWS_Events_Invoke_Targets" } ] }, "VersionId": "v1" }, "CloudWatchEventsInvocationAccess": { "PolicyName": "CloudWatchEventsInvocationAccess", "PolicyId": "ANPAJJXD6JKJLK2WDLZNO", "Arn": "arn:aws:iam::aws:policy/service-role/CloudWatchEventsInvocationAccess", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-01-14T18:36:33+00:00", "UpdateDate": "2016-01-14T18:36:33+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "CloudWatchEventsInvocationAccess", "Effect": "Allow", "Action": [ "kinesis:PutRecord" ], "Resource": "*" } ] }, "VersionId": "v1" }, "CloudWatchEventsReadOnlyAccess": { "PolicyName": "CloudWatchEventsReadOnlyAccess", "PolicyId": "ANPAIILJPXXA6F7GYLYBS", "Arn": "arn:aws:iam::aws:policy/CloudWatchEventsReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-01-14T18:27:18+00:00", "UpdateDate": "2017-08-10T17:25:34+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "CloudWatchEventsReadOnlyAccess", "Effect": "Allow", "Action": [ "events:DescribeRule", "events:ListRuleNamesByTarget", "events:ListRules", "events:ListTargetsByRule", "events:TestEventPattern", "events:DescribeEventBus" ], "Resource": "*" } ] }, "VersionId": "v2" }, "CloudWatchEventsServiceRolePolicy": { "PolicyName": "CloudWatchEventsServiceRolePolicy", "PolicyId": "ANPAJNVASSNSIDZIP4X7I", "Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudWatchEventsServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-17T00:42:04+00:00", "UpdateDate": "2017-11-17T00:42:04+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:DescribeAlarms", "ec2:DescribeInstanceStatus", "ec2:DescribeInstances", "ec2:DescribeSnapshots", "ec2:DescribeVolumeStatus", "ec2:DescribeVolumes", "ec2:RebootInstances", "ec2:StopInstances", "ec2:TerminateInstances", "ec2:CreateSnapshot" ], "Resource": "*" } ] }, "VersionId": "v1" }, "CloudWatchFullAccess": { "PolicyName": "CloudWatchFullAccess", "PolicyId": "ANPAIKEABORKUXN6DEAZU", "Arn": "arn:aws:iam::aws:policy/CloudWatchFullAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:00+00:00", "UpdateDate": "2018-08-09T19:10:43+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "autoscaling:Describe*", "cloudwatch:*", "logs:*", "sns:*", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole" ], "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents*", "Condition": { "StringLike": { "iam:AWSServiceName": "events.amazonaws.com" } } } ] }, "VersionId": "v3" }, "CloudWatchLambdaInsightsExecutionRolePolicy": { "PolicyName": "CloudWatchLambdaInsightsExecutionRolePolicy", "PolicyId": "ANPAZKAPJZG4EDWWYYDS6", "Arn": "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-10-07T19:27:06+00:00", "UpdateDate": "2020-10-07T19:27:06+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "logs:CreateLogGroup", "Resource": "*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/lambda-insights:*" } ] }, "VersionId": "v1" }, "CloudWatchLogsFullAccess": { "PolicyName": "CloudWatchLogsFullAccess", "PolicyId": "ANPAJ3ZGNWK2R5HW5BQFO", "Arn": "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:02+00:00", "UpdateDate": "2015-02-06T18:40:02+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "logs:*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "CloudWatchLogsReadOnlyAccess": { "PolicyName": "CloudWatchLogsReadOnlyAccess", "PolicyId": "ANPAJ2YIYDYSNNEHK3VKW", "Arn": "arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:03+00:00", "UpdateDate": "2019-01-14T19:32:45+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "logs:Describe*", "logs:Get*", "logs:List*", "logs:StartQuery", "logs:StopQuery", "logs:TestMetricFilter", "logs:FilterLogEvents" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v4" }, "CloudWatchReadOnlyAccess": { "PolicyName": "CloudWatchReadOnlyAccess", "PolicyId": "ANPAJN23PDQP7SZQAE3QE", "Arn": "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:01+00:00", "UpdateDate": "2020-07-17T17:49:09+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "autoscaling:Describe*", "cloudwatch:Describe*", "cloudwatch:Get*", "cloudwatch:List*", "logs:Get*", "logs:List*", "logs:StartQuery", "logs:StopQuery", "logs:Describe*", "logs:TestMetricFilter", "logs:FilterLogEvents", "sns:Get*", "sns:List*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v4" }, "CloudWatchSyntheticsFullAccess": { "PolicyName": "CloudWatchSyntheticsFullAccess", "PolicyId": "ANPAZKAPJZG4MAGQWEZP4", "Arn": "arn:aws:iam::aws:policy/CloudWatchSyntheticsFullAccess", "Path": "/", "DefaultVersionId": "v7", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-25T17:39:46+00:00", "UpdateDate": "2021-07-20T15:56:52+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "synthetics:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:PutEncryptionConfiguration" ], "Resource": [ "arn:aws:s3:::cw-syn-results-*" ] }, { "Effect": "Allow", "Action": [ "iam:ListRoles", "s3:ListAllMyBuckets", "s3:GetBucketLocation", "xray:GetTraceSummaries", "xray:BatchGetTraces", "apigateway:GET" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:ListBucket" ], "Resource": "arn:aws:s3:::cw-syn-*" }, { "Effect": "Allow", "Action": [ "s3:GetObjectVersion" ], "Resource": "arn:aws:s3:::aws-synthetics-library-*" }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/service-role/CloudWatchSyntheticsRole*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "lambda.amazonaws.com", "synthetics.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "iam:GetRole" ], "Resource": [ "arn:aws:iam::*:role/service-role/CloudWatchSyntheticsRole*" ] }, { "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms" ], "Resource": [ "arn:aws:cloudwatch:*:*:alarm:Synthetics-*" ] }, { "Effect": "Allow", "Action": [ "cloudwatch:DescribeAlarms" ], "Resource": [ "arn:aws:cloudwatch:*:*:alarm:*" ] }, { "Effect": "Allow", "Action": [ "lambda:CreateFunction", "lambda:AddPermission", "lambda:PublishVersion", "lambda:UpdateFunctionCode", "lambda:UpdateFunctionConfiguration", "lambda:GetFunctionConfiguration" ], "Resource": [ "arn:aws:lambda:*:*:function:cwsyn-*" ] }, { "Effect": "Allow", "Action": [ "lambda:GetLayerVersion", "lambda:PublishLayerVersion" ], "Resource": [ "arn:aws:lambda:*:*:layer:cwsyn-*", "arn:aws:lambda:*:*:layer:Synthetics:*" ] }, { "Effect": "Allow", "Action": [ "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "sns:ListTopics" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "sns:CreateTopic", "sns:Subscribe", "sns:ListSubscriptionsByTopic" ], "Resource": [ "arn:*:sns:*:*:Synthetics-*" ] } ] }, "VersionId": "v7" }, "CloudWatchSyntheticsReadOnlyAccess": { "PolicyName": "CloudWatchSyntheticsReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4C7XDT2FFB", "Arn": "arn:aws:iam::aws:policy/CloudWatchSyntheticsReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-25T17:45:40+00:00", "UpdateDate": "2020-03-06T19:26:01+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "synthetics:Describe*", "synthetics:Get*", "synthetics:List*" ], "Resource": "*" } ] }, "VersionId": "v2" }, "CloudwatchApplicationInsightsServiceLinkedRolePolicy": { "PolicyName": "CloudwatchApplicationInsightsServiceLinkedRolePolicy", "PolicyId": "ANPAJH3SHQERZRQMQOQ44", "Arn": "arn:aws:iam::aws:policy/aws-service-role/CloudwatchApplicationInsightsServiceLinkedRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v15", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-12-01T16:22:12+00:00", "UpdateDate": "2021-08-13T19:59:56+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:DescribeAlarmHistory", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "cloudwatch:ListMetrics", "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms", "cloudwatch:PutAnomalyDetector", "cloudwatch:DeleteAnomalyDetector", "cloudwatch:DescribeAnomalyDetectors" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "logs:FilterLogEvents", "logs:GetLogEvents", "logs:DescribeLogStreams", "logs:DescribeLogGroups" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "events:DescribeRule" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "cloudFormation:CreateStack", "cloudFormation:UpdateStack", "cloudFormation:DeleteStack", "cloudFormation:DescribeStackResources" ], "Resource": [ "arn:aws:cloudformation:*:*:stack/ApplicationInsights-*" ] }, { "Effect": "Allow", "Action": [ "cloudFormation:DescribeStacks", "cloudFormation:ListStackResources" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "tag:GetResources" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "resource-groups:ListGroupResources", "resource-groups:GetGroupQuery", "resource-groups:GetGroup" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "autoscaling:DescribeAutoScalingGroups" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ssm:PutParameter", "ssm:DeleteParameter", "ssm:AddTagsToResource", "ssm:RemoveTagsFromResource", "ssm:GetParameters" ], "Resource": "arn:aws:ssm:*:*:parameter/AmazonCloudWatch-ApplicationInsights-*" }, { "Effect": "Allow", "Action": [ "ssm:CreateAssociation", "ssm:UpdateAssociation", "ssm:DeleteAssociation", "ssm:DescribeAssociation" ], "Resource": [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ssm:*:*:association/*", "arn:aws:ssm:*:*:managed-instance/*", "arn:aws:ssm:*:*:document/AWSEC2-ApplicationInsightsCloudwatchAgentInstallAndConfigure", "arn:aws:ssm:*:*:document/AWS-ConfigureAWSPackage", "arn:aws:ssm:*:*:document/AmazonCloudWatch-ManageAgent" ] }, { "Effect": "Allow", "Action": [ "ssm:GetOpsItem", "ssm:CreateOpsItem", "ssm:DescribeOpsItems", "ssm:UpdateOpsItem", "ssm:DescribeInstanceInformation" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ssm:AddTagsToResource" ], "Resource": "arn:aws:ssm:*:*:opsitem/*" }, { "Effect": "Allow", "Action": [ "ssm:ListCommandInvocations" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": "ssm:SendCommand", "Resource": [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ssm:*:*:document/AWSEC2-CheckPerformanceCounterSets", "arn:aws:ssm:*:*:document/AWS-ConfigureAWSPackage", "arn:aws:ssm:*:*:document/AWSEC2-DetectWorkload" ] }, { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:DescribeVolumes", "ec2:DescribeVolumeStatus" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "rds:DescribeDBInstances", "rds:DescribeDBClusters" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "lambda:GetFunctionConfiguration", "lambda:ListEventSourceMappings" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "events:PutRule", "events:PutTargets", "events:RemoveTargets", "events:DeleteRule" ], "Resource": [ "arn:aws:events:*:*:rule/AmazonCloudWatch-ApplicationInsights-*" ] }, { "Effect": "Allow", "Action": [ "xray:GetServiceGraph", "xray:GetTraceSummaries", "xray:GetTimeSeriesServiceStatistics", "xray:GetTraceGraph" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "dynamodb:DescribeTable", "dynamodb:DescribeContributorInsights", "dynamodb:DescribeTimeToLive" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "application-autoscaling:DescribeScalableTargets" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "s3:GetMetricsConfiguration", "s3:GetReplicationConfiguration" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "states:DescribeExecution", "states:DescribeStateMachine", "states:GetExecutionHistory" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "apigateway:GET" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ecs:DescribeClusters", "ecs:DescribeContainerInstances", "ecs:DescribeServices", "ecs:DescribeTaskDefinition", "ecs:DescribeTasks", "ecs:DescribeTaskSets", "ecs:ListClusters", "ecs:ListContainerInstances", "ecs:ListServices", "ecs:ListTasks" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "eks:DescribeCluster", "eks:DescribeFargateProfile", "eks:DescribeNodegroup", "eks:ListClusters", "eks:ListFargateProfiles", "eks:ListNodegroups", "fsx:DescribeFileSystems" ], "Resource": [ "*" ] } ] }, "VersionId": "v15" }, "ComprehendDataAccessRolePolicy": { "PolicyName": "ComprehendDataAccessRolePolicy", "PolicyId": "ANPAJHSDRRKS2Z3MYUPQY", "Arn": "arn:aws:iam::aws:policy/service-role/ComprehendDataAccessRolePolicy", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-03-06T22:28:15+00:00", "UpdateDate": "2019-03-06T22:28:15+00:00", "Document": { "Version": "2012-10-17", "Statement": { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:ListBucket", "s3:PutObject" ], "Resource": [ "arn:aws:s3:::*Comprehend*", "arn:aws:s3:::*comprehend*" ] } }, "VersionId": "v1" }, "ComprehendFullAccess": { "PolicyName": "ComprehendFullAccess", "PolicyId": "ANPAITBM2PMWNG2P7RZEQ", "Arn": "arn:aws:iam::aws:policy/ComprehendFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-29T18:08:43+00:00", "UpdateDate": "2017-12-05T01:36:24+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "comprehend:*", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:GetBucketLocation", "iam:ListRoles", "iam:GetRole" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v2" }, "ComprehendMedicalFullAccess": { "PolicyName": "ComprehendMedicalFullAccess", "PolicyId": "ANPAJR5SUEX6PPJ3K4RAO", "Arn": "arn:aws:iam::aws:policy/ComprehendMedicalFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-27T17:55:52+00:00", "UpdateDate": "2018-11-27T17:55:52+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "comprehendmedical:*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "ComprehendReadOnly": { "PolicyName": "ComprehendReadOnly", "PolicyId": "ANPAJIUV5K2YCHQBBAH7G", "Arn": "arn:aws:iam::aws:policy/ComprehendReadOnly", "Path": "/", "DefaultVersionId": "v8", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-29T18:10:19+00:00", "UpdateDate": "2021-03-26T21:19:49+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "comprehend:DetectDominantLanguage", "comprehend:BatchDetectDominantLanguage", "comprehend:DetectEntities", "comprehend:BatchDetectEntities", "comprehend:DetectKeyPhrases", "comprehend:BatchDetectKeyPhrases", "comprehend:DetectPiiEntities", "comprehend:ContainsPiiEntities", "comprehend:DetectSentiment", "comprehend:BatchDetectSentiment", "comprehend:DetectSyntax", "comprehend:BatchDetectSyntax", "comprehend:ClassifyDocument", "comprehend:DescribeTopicsDetectionJob", "comprehend:ListTopicsDetectionJobs", "comprehend:DescribeDominantLanguageDetectionJob", "comprehend:ListDominantLanguageDetectionJobs", "comprehend:DescribeEntitiesDetectionJob", "comprehend:ListEntitiesDetectionJobs", "comprehend:DescribeKeyPhrasesDetectionJob", "comprehend:ListKeyPhrasesDetectionJobs", "comprehend:DescribePiiEntitiesDetectionJob", "comprehend:ListPiiEntitiesDetectionJobs", "comprehend:DescribeSentimentDetectionJob", "comprehend:ListSentimentDetectionJobs", "comprehend:DescribeDocumentClassifier", "comprehend:ListDocumentClassifiers", "comprehend:DescribeDocumentClassificationJob", "comprehend:ListDocumentClassificationJobs", "comprehend:DescribeEntityRecognizer", "comprehend:ListEntityRecognizers", "comprehend:ListTagsForResource", "comprehend:DescribeEndpoint", "comprehend:ListEndpoints" ], "Resource": "*" } ] }, "VersionId": "v8" }, "ComputeOptimizerReadOnlyAccess": { "PolicyName": "ComputeOptimizerReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4FI27MEARJ", "Arn": "arn:aws:iam::aws:policy/ComputeOptimizerReadOnlyAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-03-07T00:11:02+00:00", "UpdateDate": "2020-12-23T18:00:54+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "compute-optimizer:DescribeRecommendationExportJobs", "compute-optimizer:GetEnrollmentStatus", "compute-optimizer:GetRecommendationSummaries", "compute-optimizer:GetEC2InstanceRecommendations", "compute-optimizer:GetEC2RecommendationProjectedMetrics", "compute-optimizer:GetAutoScalingGroupRecommendations", "compute-optimizer:GetEBSVolumeRecommendations", "compute-optimizer:GetLambdaFunctionRecommendations", "ec2:DescribeInstances", "ec2:DescribeVolumes", "autoscaling:DescribeAutoScalingGroups", "lambda:ListFunctions", "lambda:ListProvisionedConcurrencyConfigs", "cloudwatch:GetMetricData", "organizations:ListAccounts", "organizations:DescribeOrganization", "organizations:DescribeAccount" ], "Resource": "*" } ] }, "VersionId": "v3" }, "ComputeOptimizerServiceRolePolicy": { "PolicyName": "ComputeOptimizerServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4HPOQZNRNJ", "Arn": "arn:aws:iam::aws:policy/aws-service-role/ComputeOptimizerServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-03T08:45:19+00:00", "UpdateDate": "2019-12-03T08:45:19+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "ComputeOptimizerFullAccess", "Effect": "Allow", "Action": [ "compute-optimizer:*" ], "Resource": "*" }, { "Sid": "AwsOrgsAccess", "Effect": "Allow", "Action": [ "organizations:DescribeOrganization", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization" ], "Resource": [ "*" ] }, { "Sid": "CloudWatchAccess", "Effect": "Allow", "Action": [ "cloudwatch:GetMetricData" ], "Resource": "*" } ] }, "VersionId": "v1" }, "ConfigConformsServiceRolePolicy": { "PolicyName": "ConfigConformsServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4BCH3IIJPN", "Arn": "arn:aws:iam::aws:policy/aws-service-role/ConfigConformsServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-07-25T21:38:05+00:00", "UpdateDate": "2019-11-13T18:29:21+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "config:PutConfigRule", "config:DeleteConfigRule", "config:DescribeConfigRules" ], "Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/config-conforms.amazonaws.com*" }, { "Effect": "Allow", "Action": [ "config:DescribeRemediationConfigurations", "config:DeleteRemediationConfiguration", "config:PutRemediationConfigurations" ], "Resource": "arn:aws:config:*:*:remediation-configuration/aws-service-remediation-configuration/config-conforms.amazonaws.com*" }, { "Effect": "Allow", "Action": [ "iam:GetRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/config-conforms.amazonaws.com/*" }, { "Effect": "Allow", "Action": [ "iam:GetRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/remediation.config.amazonaws.com/AWSServiceRoleForConfigRemediation" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/remediation.config.amazonaws.com/AWSServiceRoleForConfigRemediation", "Condition": { "StringLike": { "iam:AWSServiceName": "remediation.config.amazonaws.com" } } }, { "Action": "iam:PassRole", "Resource": "*", "Effect": "Allow", "Condition": { "StringEquals": { "iam:PassedToService": "ssm.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "ssm:DescribeDocument", "ssm:GetDocument" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:PutObjectAcl", "s3:GetObject", "s3:GetBucketAcl" ], "Resource": "arn:aws:s3:::awsconfigconforms*" }, { "Effect": "Allow", "Action": [ "cloudformation:CreateStack", "cloudformation:DeleteStack", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks", "cloudformation:GetStackPolicy", "cloudformation:SetStackPolicy", "cloudformation:UpdateStack", "cloudformation:UpdateTerminationProtection", "cloudformation:ValidateTemplate", "cloudformation:ListStackResources" ], "Resource": "arn:aws:cloudformation:*:*:stack/awsconfigconforms-*" } ] }, "VersionId": "v4" }, "DAXServiceRolePolicy": { "PolicyName": "DAXServiceRolePolicy", "PolicyId": "ANPAJQWMGC67G4DWMREGM", "Arn": "arn:aws:iam::aws:policy/aws-service-role/DAXServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-03-05T17:51:25+00:00", "UpdateDate": "2018-03-05T17:51:25+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute", "ec2:RevokeSecurityGroupIngress" ], "Resource": "*" } ] }, "VersionId": "v1" }, "DataScientist": { "PolicyName": "DataScientist", "PolicyId": "ANPAJ5YHI2BQW7EQFYDXS", "Arn": "arn:aws:iam::aws:policy/job-function/DataScientist", "Path": "/job-function/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-11-10T17:28:48+00:00", "UpdateDate": "2019-12-03T16:48:34+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "autoscaling:*", "cloudwatch:*", "cloudformation:CreateStack", "cloudformation:DescribeStackEvents", "datapipeline:Describe*", "datapipeline:ListPipelines", "datapipeline:GetPipelineDefinition", "datapipeline:QueryObjects", "dynamodb:*", "ec2:CancelSpotInstanceRequests", "ec2:CancelSpotFleetRequests", "ec2:CreateTags", "ec2:DeleteTags", "ec2:Describe*", "ec2:ModifyImageAttribute", "ec2:ModifyInstanceAttribute", "ec2:ModifySpotFleetRequest", "ec2:RequestSpotInstances", "ec2:RequestSpotFleet", "elasticfilesystem:*", "elasticmapreduce:*", "es:*", "firehose:*", "fsx:DescribeFileSystems", "iam:GetInstanceProfile", "iam:GetRole", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:ListRoles", "kinesis:*", "kms:List*", "lambda:Create*", "lambda:Delete*", "lambda:Get*", "lambda:InvokeFunction", "lambda:PublishVersion", "lambda:Update*", "lambda:List*", "machinelearning:*", "sdb:*", "rds:*", "sns:ListSubscriptions", "sns:ListTopics", "logs:DescribeLogStreams", "logs:GetLogEvents", "redshift:*", "s3:CreateBucket", "sns:CreateTopic", "sns:Get*", "sns:List*" ], "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:Abort*", "s3:DeleteObject", "s3:Get*", "s3:List*", "s3:PutAccelerateConfiguration", "s3:PutBucketCors", "s3:PutBucketLogging", "s3:PutBucketNotification", "s3:PutBucketTagging", "s3:PutObject", "s3:Replicate*", "s3:RestoreObject" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ec2:RunInstances", "ec2:TerminateInstances" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/DataPipelineDefaultRole", "arn:aws:iam::*:role/DataPipelineDefaultResourceRole", "arn:aws:iam::*:role/EMR_EC2_DefaultRole", "arn:aws:iam::*:role/EMR_DefaultRole", "arn:aws:iam::*:role/kinesis-*" ] }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "sagemaker.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "sagemaker:*" ], "NotResource": [ "arn:aws:sagemaker:*:*:domain/*", "arn:aws:sagemaker:*:*:user-profile/*", "arn:aws:sagemaker:*:*:app/*", "arn:aws:sagemaker:*:*:flow-definition/*" ] }, { "Effect": "Allow", "Action": [ "sagemaker:CreatePresignedDomainUrl", "sagemaker:DescribeDomain", "sagemaker:ListDomains", "sagemaker:DescribeUserProfile", "sagemaker:ListUserProfiles", "sagemaker:*App", "sagemaker:ListApps" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "sagemaker:*FlowDefinition", "sagemaker:*FlowDefinitions" ], "Resource": "*", "Condition": { "StringEqualsIfExists": { "sagemaker:WorkteamType": [ "private-crowd", "vendor-crowd" ] } } } ] }, "VersionId": "v5" }, "DatabaseAdministrator": { "PolicyName": "DatabaseAdministrator", "PolicyId": "ANPAIGBMAW4VUQKOQNVT6", "Arn": "arn:aws:iam::aws:policy/job-function/DatabaseAdministrator", "Path": "/job-function/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-11-10T17:25:43+00:00", "UpdateDate": "2019-01-08T00:48:02+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:DeleteAlarms", "cloudwatch:Describe*", "cloudwatch:DisableAlarmActions", "cloudwatch:EnableAlarmActions", "cloudwatch:Get*", "cloudwatch:List*", "cloudwatch:PutMetricAlarm", "datapipeline:ActivatePipeline", "datapipeline:CreatePipeline", "datapipeline:DeletePipeline", "datapipeline:DescribeObjects", "datapipeline:DescribePipelines", "datapipeline:GetPipelineDefinition", "datapipeline:ListPipelines", "datapipeline:PutPipelineDefinition", "datapipeline:QueryObjects", "dynamodb:*", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeInternetGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "elasticache:*", "iam:ListRoles", "iam:GetRole", "kms:ListKeys", "lambda:CreateEventSourceMapping", "lambda:CreateFunction", "lambda:DeleteEventSourceMapping", "lambda:DeleteFunction", "lambda:GetFunctionConfiguration", "lambda:ListEventSourceMappings", "lambda:ListFunctions", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:FilterLogEvents", "logs:GetLogEvents", "logs:Create*", "logs:PutLogEvents", "logs:PutMetricFilter", "rds:*", "redshift:*", "s3:CreateBucket", "sns:CreateTopic", "sns:DeleteTopic", "sns:Get*", "sns:List*", "sns:SetTopicAttributes", "sns:Subscribe", "sns:Unsubscribe" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:DeleteObject*", "s3:Get*", "s3:List*", "s3:PutAccelerateConfiguration", "s3:PutBucketTagging", "s3:PutBucketVersioning", "s3:PutBucketWebsite", "s3:PutLifecycleConfiguration", "s3:PutReplicationConfiguration", "s3:PutObject*", "s3:Replicate*", "s3:RestoreObject" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::*:role/rds-monitoring-role", "arn:aws:iam::*:role/rdbms-lambda-access", "arn:aws:iam::*:role/lambda_exec_role", "arn:aws:iam::*:role/lambda-dynamodb-*", "arn:aws:iam::*:role/lambda-vpc-execution-role", "arn:aws:iam::*:role/DataPipelineDefaultRole", "arn:aws:iam::*:role/DataPipelineDefaultResourceRole" ] } ] }, "VersionId": "v2" }, "DynamoDBCloudWatchContributorInsightsServiceRolePolicy": { "PolicyName": "DynamoDBCloudWatchContributorInsightsServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4G4VWJTRGV", "Arn": "arn:aws:iam::aws:policy/aws-service-role/DynamoDBCloudWatchContributorInsightsServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-15T21:13:58+00:00", "UpdateDate": "2019-11-15T21:13:58+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudwatch:DeleteInsightRules", "cloudwatch:PutInsightRule" ], "Effect": "Allow", "Resource": "arn:aws:cloudwatch:*:*:insight-rule/DynamoDBContributorInsights*" }, { "Action": [ "cloudwatch:DescribeInsightRules" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "DynamoDBKinesisReplicationServiceRolePolicy": { "PolicyName": "DynamoDBKinesisReplicationServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4A745YPIYL", "Arn": "arn:aws:iam::aws:policy/aws-service-role/DynamoDBKinesisReplicationServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-11-12T00:43:25+00:00", "UpdateDate": "2020-11-12T00:43:25+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "kms:GenerateDataKey", "Resource": "*", "Condition": { "StringLike": { "kms:ViaService": "kinesis.*.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "kinesis:PutRecord", "kinesis:PutRecords", "kinesis:DescribeStream" ], "Resource": "*" } ] }, "VersionId": "v1" }, "DynamoDBReplicationServiceRolePolicy": { "PolicyName": "DynamoDBReplicationServiceRolePolicy", "PolicyId": "ANPAJCUNRXL4BWASNJED2", "Arn": "arn:aws:iam::aws:policy/aws-service-role/DynamoDBReplicationServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v6", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-09T23:55:34+00:00", "UpdateDate": "2020-09-09T18:43:04+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:DescribeTable", "dynamodb:UpdateTable", "dynamodb:Scan", "dynamodb:DescribeStream", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:DescribeTimeToLive", "dynamodb:UpdateTimeToLive", "dynamodb:DescribeLimits", "application-autoscaling:RegisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:PutScalingPolicy", "application-autoscaling:DescribeScalingPolicies" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "dynamodb.application-autoscaling.amazonaws.com" ] } } } ] }, "VersionId": "v6" }, "EC2FleetTimeShiftableServiceRolePolicy": { "PolicyName": "EC2FleetTimeShiftableServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4IU3TFNWBH", "Arn": "arn:aws:iam::aws:policy/aws-service-role/EC2FleetTimeShiftableServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-23T19:47:15+00:00", "UpdateDate": "2019-12-23T19:47:15+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeImages", "ec2:DescribeSubnets", "ec2:DescribeInstances", "ec2:RunInstances", "ec2:CreateFleet" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "*" ], "Condition": { "StringEquals": { "iam:PassedToService": [ "ec2.amazonaws.com", "ec2.amazonaws.com.cn" ] } } }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:spot-instances-request/*" ] }, { "Effect": "Allow", "Action": [ "ec2:TerminateInstances" ], "Resource": "*", "Condition": { "StringLike": { "ec2:ResourceTag/aws:ec2:fleet-id": "*" } } } ] }, "VersionId": "v1" }, "EC2InstanceConnect": { "PolicyName": "EC2InstanceConnect", "PolicyId": "ANPAZKAPJZG4PBRCMEYY5", "Arn": "arn:aws:iam::aws:policy/EC2InstanceConnect", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-06-27T18:53:34+00:00", "UpdateDate": "2019-06-27T18:53:34+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "EC2InstanceConnect", "Action": [ "ec2:DescribeInstances", "ec2-instance-connect:SendSSHPublicKey" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "EC2InstanceProfileForImageBuilder": { "PolicyName": "EC2InstanceProfileForImageBuilder", "PolicyId": "ANPAZKAPJZG4EJC2UPLYL", "Arn": "arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-01T19:08:23+00:00", "UpdateDate": "2020-08-27T16:40:50+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "imagebuilder:GetComponent" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:Decrypt" ], "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "kms:EncryptionContextKeys": "aws:imagebuilder:arn", "aws:CalledVia": [ "imagebuilder.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": "arn:aws:s3:::ec2imagebuilder*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:CreateLogGroup", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/imagebuilder/*" } ] }, "VersionId": "v3" }, "EC2InstanceProfileForImageBuilderECRContainerBuilds": { "PolicyName": "EC2InstanceProfileForImageBuilderECRContainerBuilds", "PolicyId": "ANPAZKAPJZG4C32QNC6KD", "Arn": "arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilderECRContainerBuilds", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-11T19:48:15+00:00", "UpdateDate": "2020-12-11T19:48:15+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "imagebuilder:GetComponent", "imagebuilder:GetContainerRecipe", "ecr:GetAuthorizationToken", "ecr:BatchGetImage", "ecr:InitiateLayerUpload", "ecr:UploadLayerPart", "ecr:CompleteLayerUpload", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:PutImage" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kms:Decrypt" ], "Resource": "*", "Condition": { "ForAnyValue:StringEquals": { "kms:EncryptionContextKeys": "aws:imagebuilder:arn", "aws:CalledVia": [ "imagebuilder.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": "arn:aws:s3:::ec2imagebuilder*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:CreateLogGroup", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/imagebuilder/*" } ] }, "VersionId": "v1" }, "ECRReplicationServiceRolePolicy": { "PolicyName": "ECRReplicationServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4NS3XDKIDR", "Arn": "arn:aws:iam::aws:policy/aws-service-role/ECRReplicationServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-04T22:11:28+00:00", "UpdateDate": "2020-12-04T22:11:28+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecr:CreateRepository", "ecr:ReplicateImage" ], "Resource": "*" } ] }, "VersionId": "v1" }, "Ec2ImageBuilderCrossAccountDistributionAccess": { "PolicyName": "Ec2ImageBuilderCrossAccountDistributionAccess", "PolicyId": "ANPAZKAPJZG4PHZOLIXKT", "Arn": "arn:aws:iam::aws:policy/Ec2ImageBuilderCrossAccountDistributionAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-09-30T19:22:54+00:00", "UpdateDate": "2020-09-30T19:22:54+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": "arn:aws:ec2:*::image/*" }, { "Effect": "Allow", "Action": [ "ec2:DescribeImages", "ec2:CopyImage", "ec2:ModifyImageAttribute" ], "Resource": "*" } ] }, "VersionId": "v1" }, "ElastiCacheServiceRolePolicy": { "PolicyName": "ElastiCacheServiceRolePolicy", "PolicyId": "ANPAIML5LIBUZBVCSF7PI", "Arn": "arn:aws:iam::aws:policy/aws-service-role/ElastiCacheServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-12-07T17:50:04+00:00", "UpdateDate": "2020-02-06T21:27:13+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute", "ec2:RevokeSecurityGroupIngress", "cloudwatch:PutMetricData", "outposts:GetOutpost", "outposts:GetOutpostInstanceTypes", "outposts:ListOutposts", "outposts:ListSites" ], "Resource": "*" } ] }, "VersionId": "v3" }, "ElasticLoadBalancingFullAccess": { "PolicyName": "ElasticLoadBalancingFullAccess", "PolicyId": "ANPAIDPMLA3IUIOQCISJ4", "Arn": "arn:aws:iam::aws:policy/ElasticLoadBalancingFullAccess", "Path": "/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-09-20T20:42:07+00:00", "UpdateDate": "2020-12-04T20:01:39+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "elasticloadbalancing:*", "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeInternetGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeVpcClassicLink", "ec2:DescribeInstances", "ec2:DescribeNetworkInterfaces", "ec2:DescribeClassicLinkInstances", "ec2:DescribeRouteTables", "ec2:DescribeCoipPools", "ec2:GetCoipPoolUsage", "cognito-idp:DescribeUserPoolClient" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "elasticloadbalancing.amazonaws.com" } } } ] }, "VersionId": "v5" }, "ElasticLoadBalancingReadOnly": { "PolicyName": "ElasticLoadBalancingReadOnly", "PolicyId": "ANPAJMO7B7SNFLQ6HH736", "Arn": "arn:aws:iam::aws:policy/ElasticLoadBalancingReadOnly", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-09-20T20:17:09+00:00", "UpdateDate": "2018-09-20T20:17:09+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "elasticloadbalancing:Describe*", "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DescribeInstances", "ec2:DescribeClassicLinkInstances", "ec2:DescribeSecurityGroups" ], "Resource": "*" } ] }, "VersionId": "v1" }, "ElementalActivationsDownloadSoftwareAccess": { "PolicyName": "ElementalActivationsDownloadSoftwareAccess", "PolicyId": "ANPAZKAPJZG4IQVGBB6WY", "Arn": "arn:aws:iam::aws:policy/ElementalActivationsDownloadSoftwareAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-09-08T17:26:09+00:00", "UpdateDate": "2020-09-08T17:26:09+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "elemental-activations:Get*", "elemental-activations:Download*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "ElementalActivationsFullAccess": { "PolicyName": "ElementalActivationsFullAccess", "PolicyId": "ANPAZKAPJZG4IYX6A6CKJ", "Arn": "arn:aws:iam::aws:policy/ElementalActivationsFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-06-04T21:00:13+00:00", "UpdateDate": "2020-06-04T21:00:13+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "elemental-activations:*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "ElementalActivationsGenerateLicenses": { "PolicyName": "ElementalActivationsGenerateLicenses", "PolicyId": "ANPAZKAPJZG4LVMPXPYYJ", "Arn": "arn:aws:iam::aws:policy/ElementalActivationsGenerateLicenses", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-08-28T18:28:58+00:00", "UpdateDate": "2020-08-28T18:28:58+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "elemental-activations:Get*", "elemental-activations:GenerateLicenses", "elemental-activations:StartFileUpload", "elemental-activations:CompleteFileUpload" ], "Resource": "*" } ] }, "VersionId": "v1" }, "ElementalActivationsReadOnlyAccess": { "PolicyName": "ElementalActivationsReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4JBRIPMTYG", "Arn": "arn:aws:iam::aws:policy/ElementalActivationsReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-08-28T16:51:01+00:00", "UpdateDate": "2020-08-28T16:51:01+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "elemental-activations:Get*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "ElementalAppliancesSoftwareFullAccess": { "PolicyName": "ElementalAppliancesSoftwareFullAccess", "PolicyId": "ANPAZKAPJZG4DHARJPIR5", "Arn": "arn:aws:iam::aws:policy/ElementalAppliancesSoftwareFullAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-07-31T16:28:53+00:00", "UpdateDate": "2021-02-05T21:01:25+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "elemental-appliances-software:*", "elemental-activations:CompleteAccountRegistration" ], "Resource": "*" } ] }, "VersionId": "v4" }, "ElementalAppliancesSoftwareReadOnlyAccess": { "PolicyName": "ElementalAppliancesSoftwareReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4CLKYU5WOM", "Arn": "arn:aws:iam::aws:policy/ElementalAppliancesSoftwareReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-04-01T22:31:09+00:00", "UpdateDate": "2020-04-01T22:31:09+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "elemental-appliances-software:List*", "elemental-appliances-software:Get*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "ElementalSupportCenterFullAccess": { "PolicyName": "ElementalSupportCenterFullAccess", "PolicyId": "ANPAZKAPJZG4ECPR57WVQ", "Arn": "arn:aws:iam::aws:policy/ElementalSupportCenterFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-11-25T18:08:30+00:00", "UpdateDate": "2021-02-05T21:02:54+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "elemental-support-cases:*", "elemental-support-content:*", "elemental-activations:CompleteAccountRegistration" ], "Resource": "*" } ] }, "VersionId": "v2" }, "FMSServiceRolePolicy": { "PolicyName": "FMSServiceRolePolicy", "PolicyId": "ANPAI62NTGYJB446ACUEA", "Arn": "arn:aws:iam::aws:policy/aws-service-role/FMSServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v19", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-03-28T23:01:12+00:00", "UpdateDate": "2021-08-12T19:21:06+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "waf:UpdateWebACL", "waf:DeleteWebACL", "waf:GetWebACL", "waf:GetRuleGroup", "waf:ListSubscribedRuleGroups", "waf-regional:UpdateWebACL", "waf-regional:DeleteWebACL", "waf-regional:GetWebACL", "waf-regional:GetRuleGroup", "waf-regional:ListSubscribedRuleGroups", "waf-regional:ListResourcesForWebACL", "waf-regional:AssociateWebACL", "waf-regional:DisassociateWebACL", "elasticloadbalancing:SetWebACL", "apigateway:SetWebACL", "elasticloadbalancing:SetSecurityGroups" ], "Resource": [ "arn:aws:waf:*:*:webacl/*", "arn:aws:waf-regional:*:*:webacl/*", "arn:aws:waf:*:*:rulegroup/*", "arn:aws:waf-regional:*:*:rulegroup/*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*", "arn:aws:apigateway:*::/restapis/*/stages/*" ] }, { "Effect": "Allow", "Action": [ "wafv2:PutLoggingConfiguration", "wafv2:GetLoggingConfiguration", "wafv2:ListLoggingConfigurations", "wafv2:DeleteLoggingConfiguration" ], "Resource": [ "arn:aws:wafv2:*:*:regional/webacl/*", "arn:aws:wafv2:*:*:global/webacl/*" ] }, { "Effect": "Allow", "Action": [ "waf:CreateWebACL", "waf-regional:CreateWebACL", "waf:GetChangeToken", "waf-regional:GetChangeToken" ], "Resource": [ "arn:aws:waf:*:*:*", "arn:aws:waf-regional:*:*:*" ] }, { "Effect": "Allow", "Action": [ "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "waf:PutPermissionPolicy", "waf:GetPermissionPolicy", "waf:DeletePermissionPolicy", "waf-regional:PutPermissionPolicy", "waf-regional:GetPermissionPolicy", "waf-regional:DeletePermissionPolicy" ], "Resource": [ "arn:aws:waf:*:*:webacl/*", "arn:aws:waf:*:*:rulegroup/*", "arn:aws:waf-regional:*:*:webacl/*", "arn:aws:waf-regional:*:*:rulegroup/*" ] }, { "Effect": "Allow", "Action": [ "cloudfront:GetDistribution", "cloudfront:UpdateDistribution", "cloudfront:ListDistributionsByWebACLId", "cloudfront:ListDistributions" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "config:DeleteConfigRule", "config:DescribeComplianceByConfigRule", "config:DescribeConfigRuleEvaluationStatus", "config:DescribeConfigRules", "config:GetComplianceDetailsByConfigRule", "config:PutConfigRule", "config:StartConfigRulesEvaluation" ], "Resource": "arn:aws:config:*:*:config-rule/aws-service-rule/fms.amazonaws.com/*" }, { "Effect": "Allow", "Action": [ "config:DescribeConfigurationRecorders", "config:DescribeConfigurationRecorderStatus", "config:PutConfigurationRecorder", "config:StartConfigurationRecorder", "config:PutDeliveryChannel", "config:DescribeDeliveryChannels", "config:DescribeDeliveryChannelStatus", "config:GetComplianceSummaryByConfigRule", "config:GetDiscoveredResourceCounts", "config:PutEvaluations", "config:SelectResourceConfig" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS" ] }, { "Effect": "Allow", "Action": [ "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAccounts", "organizations:DescribeOrganizationalUnit", "organizations:ListChildren", "organizations:ListRoots", "organizations:ListParents", "organizations:ListOrganizationalUnitsForParent", "organizations:ListAWSServiceAccessForOrganization" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "shield:CreateProtection", "shield:DeleteProtection", "shield:DescribeProtection", "shield:ListProtections", "shield:ListAttacks", "shield:CreateSubscription", "shield:DescribeSubscription", "shield:GetSubscriptionState", "shield:DescribeDRTAccess", "shield:DescribeEmergencyContactSettings", "shield:UpdateEmergencyContactSettings", "elasticloadbalancing:DescribeLoadBalancers", "ec2:DescribeAddresses" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:DeleteSecurityGroup", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:UpdateSecurityGroupRuleDescriptionsEgress", "ec2:UpdateSecurityGroupRuleDescriptionsIngress", "ec2:DescribeNetworkInterfaceAttribute" ], "Resource": [ "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*" ] }, { "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": [ "arn:aws:ec2:*:*:security-group/*" ] }, { "Effect": "Allow", "Action": [ "ec2:CreateSecurityGroup", "ec2:DescribeSecurityGroupReferences", "ec2:DescribeSecurityGroups", "ec2:DescribeStaleSecurityGroups", "ec2:DescribeNetworkInterfaces", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DescribeVpcs", "ec2:DescribeVpcPeeringConnections" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "wafv2:TagResource", "wafv2:ListResourcesForWebACL", "wafv2:AssociateWebACL", "wafv2:ListTagsForResource", "wafv2:UntagResource", "wafv2:GetWebACL", "wafv2:DisassociateFirewallManager", "wafv2:DeleteWebACL", "wafv2:DisassociateWebACL" ], "Resource": [ "arn:aws:wafv2:*:*:global/webacl/*", "arn:aws:wafv2:*:*:regional/webacl/*" ] }, { "Effect": "Allow", "Action": [ "wafv2:UpdateWebACL", "wafv2:CreateWebACL", "wafv2:DeleteFirewallManagerRuleGroups", "wafv2:PutFirewallManagerRuleGroups" ], "Resource": [ "arn:aws:wafv2:*:*:global/webacl/*", "arn:aws:wafv2:*:*:regional/webacl/*", "arn:aws:wafv2:*:*:global/rulegroup/*", "arn:aws:wafv2:*:*:regional/rulegroup/*", "arn:aws:wafv2:*:*:global/managedruleset/*", "arn:aws:wafv2:*:*:regional/managedruleset/*", "arn:aws:wafv2:*:*:global/ipset/*", "arn:aws:wafv2:*:*:regional/ipset/*", "arn:aws:wafv2:*:*:global/regexpatternset/*", "arn:aws:wafv2:*:*:regional/regexpatternset/*" ] }, { "Effect": "Allow", "Action": [ "wafv2:PutPermissionPolicy", "wafv2:GetPermissionPolicy", "wafv2:DeletePermissionPolicy" ], "Resource": [ "arn:aws:wafv2:*:*:global/rulegroup/*", "arn:aws:wafv2:*:*:regional/rulegroup/*" ] }, { "Effect": "Allow", "Action": [ "cloudfront:ListTagsForResource" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "wafv2:GetWebACLForResource" ], "Resource": [ "arn:aws:wafv2:*:*:regional/webacl/*" ] }, { "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": "arn:aws:ec2:*:*:route-table/*", "Condition": { "StringEquals": { "ec2:CreateAction": "CreateRouteTable" }, "ForAllValues:StringEquals": { "aws:TagKeys": [ "Name", "FMManaged" ] } } }, { "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": [ "arn:aws:ec2:*:*:subnet/*" ], "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": [ "Name", "FMManaged" ] } } }, { "Effect": "Allow", "Action": "ec2:DeleteRouteTable", "Resource": "arn:aws:ec2:*:*:route-table/*", "Condition": { "StringEquals": { "ec2:ResourceTag/FMManaged": "true" } } }, { "Effect": "Allow", "Action": [ "ec2:AssociateRouteTable", "ec2:CreateSubnet", "ec2:CreateRouteTable", "ec2:DeleteSubnet", "ec2:DisassociateRouteTable", "ec2:ReplaceRouteTableAssociation" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DescribeInternetGateways", "ec2:DescribeRouteTables", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcEndpoints" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ram:TagResource" ], "Resource": [ "arn:aws:ram:*:*:resource-share/*" ], "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": [ "Name", "FMManaged" ] } } }, { "Effect": "Allow", "Action": [ "ram:AssociateResourceShare", "ram:UpdateResourceShare", "ram:DeleteResourceShare" ], "Resource": "arn:aws:ram:*:*:resource-share/*", "Condition": { "StringEquals": { "aws:ResourceTag/FMManaged": "true" } } }, { "Effect": "Allow", "Action": "ram:CreateResourceShare", "Resource": "*", "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": [ "Name", "FMManaged" ] }, "StringEquals": { "aws:RequestTag/FMManaged": [ "true" ] } } }, { "Sid": "ram", "Effect": "Allow", "Action": [ "ram:GetResourceShareAssociations", "ram:GetResourceShares" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": [ "network-firewall.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": "iam:GetRole", "Resource": "*" }, { "Effect": "Allow", "Action": [ "network-firewall:TagResource" ], "Resource": "*", "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": [ "Name", "FMManaged" ] } } }, { "Effect": "Allow", "Action": [ "network-firewall:AssociateSubnets", "network-firewall:CreateFirewall", "network-firewall:CreateFirewallPolicy", "network-firewall:DisassociateSubnets", "network-firewall:UpdateFirewallDeleteProtection", "network-firewall:UpdateFirewallPolicy", "network-firewall:UpdateFirewallPolicyChangeProtection", "network-firewall:UpdateSubnetChangeProtection", "network-firewall:AssociateFirewallPolicy", "network-firewall:DescribeFirewall", "network-firewall:DescribeFirewallPolicy", "network-firewall:DescribeRuleGroup", "network-firewall:ListFirewallPolicies", "network-firewall:ListFirewalls", "network-firewall:ListRuleGroups", "network-firewall:PutResourcePolicy", "network-firewall:DescribeResourcePolicy", "network-firewall:DeleteResourcePolicy" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "network-firewall:DeleteFirewallPolicy", "network-firewall:DeleteFirewall" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/FMManaged": "true" } } }, { "Effect": "Allow", "Action": [ "logs:ListLogDeliveries" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "route53resolver:ListFirewallRuleGroupAssociations", "route53resolver:ListTagsForResource", "route53resolver:ListFirewallRuleGroups", "route53resolver:GetFirewallRuleGroupAssociation", "route53resolver:GetFirewallRuleGroup", "route53resolver:GetFirewallRuleGroupPolicy", "route53resolver:PutFirewallRuleGroupPolicy" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "route53resolver:UpdateFirewallRuleGroupAssociation", "route53resolver:DisassociateFirewallRuleGroup" ], "Resource": "arn:aws:route53resolver:*:*:firewall-rule-group-association/*", "Condition": { "StringEquals": { "aws:ResourceTag/FMManaged": "true" } } }, { "Effect": "Allow", "Action": [ "route53resolver:AssociateFirewallRuleGroup", "route53resolver:TagResource" ], "Resource": "arn:aws:route53resolver:*:*:firewall-rule-group-association/*", "Condition": { "StringEquals": { "aws:RequestTag/FMManaged": "true" } } } ] }, "VersionId": "v19" }, "FSxDeleteServiceLinkedRoleAccess": { "PolicyName": "FSxDeleteServiceLinkedRoleAccess", "PolicyId": "ANPAJ6IRP2YV2YPKWPPNQ", "Arn": "arn:aws:iam::aws:policy/aws-service-role/FSxDeleteServiceLinkedRoleAccess", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-28T10:40:24+00:00", "UpdateDate": "2018-11-28T10:40:24+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus", "iam:GetRole" ], "Resource": "arn:*:iam::*:role/aws-service-role/s3.data-source.lustre.fsx.amazonaws.com/AWSServiceRoleForFSxS3Access_*" } ] }, "VersionId": "v1" }, "GameLiftGameServerGroupPolicy": { "PolicyName": "GameLiftGameServerGroupPolicy", "PolicyId": "ANPAZKAPJZG4JTX4JYBF6", "Arn": "arn:aws:iam::aws:policy/GameLiftGameServerGroupPolicy", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-04-03T23:12:19+00:00", "UpdateDate": "2020-05-13T17:27:43+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:TerminateInstances", "Resource": "*", "Condition": { "StringEquals": { "ec2:ResourceTag/GameLift": "GameServerGroups" } } }, { "Effect": "Allow", "Action": [ "autoscaling:CompleteLifecycleAction", "autoscaling:ResumeProcesses", "autoscaling:EnterStandby", "autoscaling:SetInstanceProtection", "autoscaling:UpdateAutoScalingGroup", "autoscaling:SuspendProcesses", "autoscaling:DetachInstances" ], "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceTag/GameLift": "GameServerGroups" } } }, { "Effect": "Allow", "Action": [ "ec2:DescribeImages", "ec2:DescribeInstances", "autoscaling:DescribeAutoScalingGroups", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeSubnets" ], "Resource": "*" }, { "Effect": "Allow", "Action": "sns:Publish", "Resource": [ "arn:*:sns:*:*:ActivatingLifecycleHookTopic-*", "arn:*:sns:*:*:TerminatingLifecycleHookTopic-*" ] }, { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData" ], "Resource": "*", "Condition": { "StringEquals": { "cloudwatch:namespace": "AWS/GameLift" } } } ] }, "VersionId": "v3" }, "GlobalAcceleratorFullAccess": { "PolicyName": "GlobalAcceleratorFullAccess", "PolicyId": "ANPAJ3NSRQKPB42BCNRT6", "Arn": "arn:aws:iam::aws:policy/GlobalAcceleratorFullAccess", "Path": "/", "DefaultVersionId": "v6", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-27T02:44:44+00:00", "UpdateDate": "2020-12-04T19:17:26+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "globalaccelerator:*" ], "Effect": "Allow", "Resource": "*" }, { "Action": "elasticloadbalancing:DescribeLoadBalancers", "Effect": "Allow", "Resource": "*" }, { "Action": [ "ec2:DescribeAddresses", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeRegions", "ec2:DescribeSubnets" ], "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/globalaccelerator.amazonaws.com/AWSServiceRoleForGlobalAccelerator*", "Condition": { "StringEquals": { "iam:AWSServiceName": "globalaccelerator.amazonaws.com" } } } ] }, "VersionId": "v6" }, "GlobalAcceleratorReadOnlyAccess": { "PolicyName": "GlobalAcceleratorReadOnlyAccess", "PolicyId": "ANPAJYXHGCVENJKQZRNGU", "Arn": "arn:aws:iam::aws:policy/GlobalAcceleratorReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-27T02:41:00+00:00", "UpdateDate": "2018-11-27T02:41:00+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "globalaccelerator:Describe*", "globalaccelerator:List*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "GreengrassOTAUpdateArtifactAccess": { "PolicyName": "GreengrassOTAUpdateArtifactAccess", "PolicyId": "ANPAIFGE66SKIK3GW5UC2", "Arn": "arn:aws:iam::aws:policy/service-role/GreengrassOTAUpdateArtifactAccess", "Path": "/service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-29T18:11:47+00:00", "UpdateDate": "2018-12-18T00:59:43+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AllowsIotToAccessGreengrassOTAUpdateArtifacts", "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::*-greengrass-updates/*" ] } ] }, "VersionId": "v2" }, "Health_OrganizationsServiceRolePolicy": { "PolicyName": "Health_OrganizationsServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4EZKGOJYHQ", "Arn": "arn:aws:iam::aws:policy/aws-service-role/Health_OrganizationsServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-16T13:28:21+00:00", "UpdateDate": "2020-06-08T12:48:44+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "organizations:ListAccounts", "Resource": "*" }, { "Sid": "ListAWSServiceAccessForOrganization0", "Effect": "Allow", "Action": "organizations:ListAWSServiceAccessForOrganization", "Resource": "*" } ] }, "VersionId": "v2" }, "IAMAccessAdvisorReadOnly": { "PolicyName": "IAMAccessAdvisorReadOnly", "PolicyId": "ANPAZKAPJZG4FNDX5PG6Z", "Arn": "arn:aws:iam::aws:policy/IAMAccessAdvisorReadOnly", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-06-21T19:33:45+00:00", "UpdateDate": "2019-06-21T19:33:45+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:ListRoles", "iam:ListUsers", "iam:ListGroups", "iam:ListPolicies", "iam:ListPoliciesGrantingServiceAccess", "iam:GenerateServiceLastAccessedDetails", "iam:GenerateOrganizationsAccessReport", "iam:GenerateCredentialReport", "iam:GetRole", "iam:GetPolicy", "iam:GetServiceLastAccessedDetails", "iam:GetServiceLastAccessedDetailsWithEntities", "iam:GetOrganizationsAccessReport", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribePolicy", "organizations:ListChildren", "organizations:ListParents", "organizations:ListPoliciesForTarget", "organizations:ListRoots", "organizations:ListPolicies", "organizations:ListTargetsForPolicy" ], "Resource": "*" } ] }, "VersionId": "v1" }, "IAMAccessAnalyzerFullAccess": { "PolicyName": "IAMAccessAnalyzerFullAccess", "PolicyId": "ANPAZKAPJZG4MAZGHIYZN", "Arn": "arn:aws:iam::aws:policy/IAMAccessAnalyzerFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-02T17:12:40+00:00", "UpdateDate": "2019-12-02T17:12:40+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "access-analyzer:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "access-analyzer.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListChildren", "organizations:ListDelegatedAdministrators", "organizations:ListOrganizationalUnitsForParent", "organizations:ListParents", "organizations:ListRoots" ], "Resource": "*" } ] }, "VersionId": "v1" }, "IAMAccessAnalyzerReadOnlyAccess": { "PolicyName": "IAMAccessAnalyzerReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4GY4R3GAPM", "Arn": "arn:aws:iam::aws:policy/IAMAccessAnalyzerReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-12-02T17:12:53+00:00", "UpdateDate": "2021-03-16T20:37:30+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "access-analyzer:Get*", "access-analyzer:List*", "access-analyzer:ValidatePolicy" ], "Resource": "*" } ] }, "VersionId": "v2" }, "IAMFullAccess": { "PolicyName": "IAMFullAccess", "PolicyId": "ANPAI7XKCFMBPM3QQRRVQ", "Arn": "arn:aws:iam::aws:policy/IAMFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:38+00:00", "UpdateDate": "2019-06-21T19:40:00+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:*", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribePolicy", "organizations:ListChildren", "organizations:ListParents", "organizations:ListPoliciesForTarget", "organizations:ListRoots", "organizations:ListPolicies", "organizations:ListTargetsForPolicy" ], "Resource": "*" } ] }, "VersionId": "v2" }, "IAMReadOnlyAccess": { "PolicyName": "IAMReadOnlyAccess", "PolicyId": "ANPAJKSO7NDY4T57MWDSQ", "Arn": "arn:aws:iam::aws:policy/IAMReadOnlyAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:40:39+00:00", "UpdateDate": "2018-01-25T19:11:27+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:GenerateCredentialReport", "iam:GenerateServiceLastAccessedDetails", "iam:Get*", "iam:List*", "iam:SimulateCustomPolicy", "iam:SimulatePrincipalPolicy" ], "Resource": "*" } ] }, "VersionId": "v4" }, "IAMSelfManageServiceSpecificCredentials": { "PolicyName": "IAMSelfManageServiceSpecificCredentials", "PolicyId": "ANPAI4VT74EMXK2PMQJM2", "Arn": "arn:aws:iam::aws:policy/IAMSelfManageServiceSpecificCredentials", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-12-22T17:25:18+00:00", "UpdateDate": "2016-12-22T17:25:18+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:CreateServiceSpecificCredential", "iam:ListServiceSpecificCredentials", "iam:UpdateServiceSpecificCredential", "iam:DeleteServiceSpecificCredential", "iam:ResetServiceSpecificCredential" ], "Resource": "arn:aws:iam::*:user/${aws:username}" } ] }, "VersionId": "v1" }, "IAMUserChangePassword": { "PolicyName": "IAMUserChangePassword", "PolicyId": "ANPAJ4L4MM2A7QIEB56MS", "Arn": "arn:aws:iam::aws:policy/IAMUserChangePassword", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-11-15T00:25:16+00:00", "UpdateDate": "2016-11-15T23:18:55+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:ChangePassword" ], "Resource": [ "arn:aws:iam::*:user/${aws:username}" ] }, { "Effect": "Allow", "Action": [ "iam:GetAccountPasswordPolicy" ], "Resource": "*" } ] }, "VersionId": "v2" }, "IAMUserSSHKeys": { "PolicyName": "IAMUserSSHKeys", "PolicyId": "ANPAJTSHUA4UXGXU7ANUA", "Arn": "arn:aws:iam::aws:policy/IAMUserSSHKeys", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-07-09T17:08:54+00:00", "UpdateDate": "2015-07-09T17:08:54+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:DeleteSSHPublicKey", "iam:GetSSHPublicKey", "iam:ListSSHPublicKeys", "iam:UpdateSSHPublicKey", "iam:UploadSSHPublicKey" ], "Resource": "arn:aws:iam::*:user/${aws:username}" } ] }, "VersionId": "v1" }, "IVSRecordToS3": { "PolicyName": "IVSRecordToS3", "PolicyId": "ANPAZKAPJZG4M65NGVKOJ", "Arn": "arn:aws:iam::aws:policy/aws-service-role/IVSRecordToS3", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-12-05T00:10:43+00:00", "UpdateDate": "2020-12-05T00:10:43+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:PutObject" ], "Resource": [ "arn:aws:s3:::AWSIVS_*/ivs/*" ] } ] }, "VersionId": "v1" }, "KafkaServiceRolePolicy": { "PolicyName": "KafkaServiceRolePolicy", "PolicyId": "ANPAJUXPRZ76MAP2EVQJU", "Arn": "arn:aws:iam::aws:policy/aws-service-role/KafkaServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-15T23:31:48+00:00", "UpdateDate": "2020-08-26T20:40:53+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:CreateNetworkInterfacePermission", "ec2:AttachNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DetachNetworkInterface", "acm-pca:GetCertificateAuthorityCertificate", "secretsmanager:ListSecrets" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "secretsmanager:GetResourcePolicy", "secretsmanager:PutResourcePolicy", "secretsmanager:DeleteResourcePolicy", "secretsmanager:DescribeSecret" ], "Resource": "*", "Condition": { "ArnLike": { "secretsmanager:SecretId": "arn:*:secretsmanager:*:*:secret:AmazonMSK_*" } } } ] }, "VersionId": "v3" }, "LakeFormationDataAccessServiceRolePolicy": { "PolicyName": "LakeFormationDataAccessServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4N342E3KHW", "Arn": "arn:aws:iam::aws:policy/aws-service-role/LakeFormationDataAccessServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-06-20T20:46:19+00:00", "UpdateDate": "2019-06-20T20:46:19+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets" ], "Resource": [ "arn:aws:s3:::*" ] } ] }, "VersionId": "v1" }, "LexBotPolicy": { "PolicyName": "LexBotPolicy", "PolicyId": "ANPAJJ3NZRBBQKSESXXJC", "Arn": "arn:aws:iam::aws:policy/aws-service-role/LexBotPolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-02-17T22:18:13+00:00", "UpdateDate": "2019-11-13T22:29:16+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "polly:SynthesizeSpeech" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "comprehend:DetectSentiment" ], "Resource": [ "*" ] } ] }, "VersionId": "v2" }, "LexChannelPolicy": { "PolicyName": "LexChannelPolicy", "PolicyId": "ANPAJKYEISPO63JTBJWPY", "Arn": "arn:aws:iam::aws:policy/aws-service-role/LexChannelPolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-02-17T23:23:24+00:00", "UpdateDate": "2017-02-17T23:23:24+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "lex:PostText" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "LightsailExportAccess": { "PolicyName": "LightsailExportAccess", "PolicyId": "ANPAJ4LZGPQLZWMVR4WMQ", "Arn": "arn:aws:iam::aws:policy/aws-service-role/LightsailExportAccess", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-09-28T16:35:54+00:00", "UpdateDate": "2018-09-28T16:35:54+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:DeleteServiceLinkedRole", "iam:GetServiceLinkedRoleDeletionStatus" ], "Resource": "arn:aws:iam::*:role/aws-service-role/lightsail.amazonaws.com/AWSServiceRoleForLightsail*" }, { "Effect": "Allow", "Action": [ "ec2:CopySnapshot", "ec2:DescribeSnapshots", "ec2:CopyImage", "ec2:DescribeImages" ], "Resource": "*" } ] }, "VersionId": "v1" }, "MediaPackageServiceRolePolicy": { "PolicyName": "MediaPackageServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4GXH4HDK6N", "Arn": "arn:aws:iam::aws:policy/aws-service-role/MediaPackageServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-09-18T17:45:47+00:00", "UpdateDate": "2020-09-18T17:45:47+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "logs:PutLogEvents", "Resource": "arn:aws:logs:*:*:log-group:/aws/MediaPackage/*:log-stream:*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:CreateLogGroup", "logs:DescribeLogGroups", "logs:DescribeLogStreams" ], "Resource": "arn:aws:logs:*:*:log-group:/aws/MediaPackage/*" } ] }, "VersionId": "v1" }, "MigrationHubDMSAccessServiceRolePolicy": { "PolicyName": "MigrationHubDMSAccessServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4IV7DIZ555", "Arn": "arn:aws:iam::aws:policy/aws-service-role/MigrationHubDMSAccessServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-06-12T17:50:39+00:00", "UpdateDate": "2019-10-07T17:57:44+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "mgh:CreateProgressUpdateStream", "Resource": "arn:aws:mgh:*:*:progressUpdateStream/DMS" }, { "Effect": "Allow", "Action": [ "mgh:DescribeMigrationTask", "mgh:AssociateDiscoveredResource", "mgh:ListDiscoveredResources", "mgh:ImportMigrationTask", "mgh:ListCreatedArtifacts", "mgh:DisassociateDiscoveredResource", "mgh:AssociateCreatedArtifact", "mgh:NotifyMigrationTaskState", "mgh:DisassociateCreatedArtifact", "mgh:PutResourceAttributes" ], "Resource": "arn:aws:mgh:*:*:progressUpdateStream/DMS/migrationTask/*" }, { "Effect": "Allow", "Action": [ "mgh:ListMigrationTasks", "mgh:NotifyApplicationState", "mgh:DescribeApplicationState", "mgh:GetHomeRegion" ], "Resource": "*" } ] }, "VersionId": "v2" }, "MigrationHubSMSAccessServiceRolePolicy": { "PolicyName": "MigrationHubSMSAccessServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4JCW2B2IGB", "Arn": "arn:aws:iam::aws:policy/aws-service-role/MigrationHubSMSAccessServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-06-12T18:30:28+00:00", "UpdateDate": "2019-10-07T18:02:22+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "mgh:CreateProgressUpdateStream", "Resource": "arn:aws:mgh:*:*:progressUpdateStream/SMS" }, { "Effect": "Allow", "Action": [ "mgh:DescribeMigrationTask", "mgh:AssociateDiscoveredResource", "mgh:ListDiscoveredResources", "mgh:ImportMigrationTask", "mgh:ListCreatedArtifacts", "mgh:DisassociateDiscoveredResource", "mgh:AssociateCreatedArtifact", "mgh:NotifyMigrationTaskState", "mgh:DisassociateCreatedArtifact", "mgh:PutResourceAttributes" ], "Resource": "arn:aws:mgh:*:*:progressUpdateStream/SMS/migrationTask/*" }, { "Effect": "Allow", "Action": [ "mgh:ListMigrationTasks", "mgh:NotifyApplicationState", "mgh:DescribeApplicationState", "mgh:GetHomeRegion" ], "Resource": "*" } ] }, "VersionId": "v2" }, "MigrationHubServiceRolePolicy": { "PolicyName": "MigrationHubServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4NWLJ3LLW3", "Arn": "arn:aws:iam::aws:policy/aws-service-role/MigrationHubServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-06-12T17:22:16+00:00", "UpdateDate": "2020-08-06T18:08:46+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "discovery:ListConfigurations", "discovery:DescribeConfigurations" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:image/*", "arn:aws:ec2:*:*:volume/*" ], "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": "aws:migrationhub:source-id" } } }, { "Effect": "Allow", "Action": "dms:AddTagsToResource", "Resource": [ "arn:aws:dms:*:*:endpoint:*" ], "Condition": { "ForAllValues:StringEquals": { "aws:TagKeys": "aws:migrationhub:source-id" } } }, { "Effect": "Allow", "Action": [ "ec2:DescribeInstanceAttribute" ], "Resource": [ "*" ] } ] }, "VersionId": "v3" }, "NeptuneConsoleFullAccess": { "PolicyName": "NeptuneConsoleFullAccess", "PolicyId": "ANPAJWTD4ELX2KRNICUVQ", "Arn": "arn:aws:iam::aws:policy/NeptuneConsoleFullAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-06-19T21:35:19+00:00", "UpdateDate": "2020-09-02T17:25:07+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "rds:CreateDBCluster", "rds:CreateDBInstance" ], "Resource": [ "arn:aws:rds:*:*:*" ], "Condition": { "StringEquals": { "rds:DatabaseEngine": [ "graphdb", "neptune" ] } } }, { "Action": [ "rds:AddRoleToDBCluster", "rds:AddSourceIdentifierToSubscription", "rds:AddTagsToResource", "rds:ApplyPendingMaintenanceAction", "rds:CopyDBClusterParameterGroup", "rds:CopyDBClusterSnapshot", "rds:CopyDBParameterGroup", "rds:CreateDBClusterParameterGroup", "rds:CreateDBClusterSnapshot", "rds:CreateDBParameterGroup", "rds:CreateDBSubnetGroup", "rds:CreateEventSubscription", "rds:DeleteDBCluster", "rds:DeleteDBClusterParameterGroup", "rds:DeleteDBClusterSnapshot", "rds:DeleteDBInstance", "rds:DeleteDBParameterGroup", "rds:DeleteDBSubnetGroup", "rds:DeleteEventSubscription", "rds:DescribeAccountAttributes", "rds:DescribeCertificates", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBLogFiles", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSubnetGroups", "rds:DescribeEngineDefaultClusterParameters", "rds:DescribeEngineDefaultParameters", "rds:DescribeEventCategories", "rds:DescribeEventSubscriptions", "rds:DescribeEvents", "rds:DescribeOptionGroups", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribePendingMaintenanceActions", "rds:DescribeValidDBInstanceModifications", "rds:DownloadDBLogFilePortion", "rds:FailoverDBCluster", "rds:ListTagsForResource", "rds:ModifyDBCluster", "rds:ModifyDBClusterParameterGroup", "rds:ModifyDBClusterSnapshotAttribute", "rds:ModifyDBInstance", "rds:ModifyDBParameterGroup", "rds:ModifyDBSubnetGroup", "rds:ModifyEventSubscription", "rds:PromoteReadReplicaDBCluster", "rds:RebootDBInstance", "rds:RemoveRoleFromDBCluster", "rds:RemoveSourceIdentifierFromSubscription", "rds:RemoveTagsFromResource", "rds:ResetDBClusterParameterGroup", "rds:ResetDBParameterGroup", "rds:RestoreDBClusterFromSnapshot", "rds:RestoreDBClusterToPointInTime" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "ec2:AllocateAddress", "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AssociateAddress", "ec2:AssociateRouteTable", "ec2:AssociateSubnetCidrBlock", "ec2:AssociateVpcCidrBlock", "ec2:AttachInternetGateway", "ec2:AttachNetworkInterface", "ec2:CreateCustomerGateway", "ec2:CreateDefaultSubnet", "ec2:CreateDefaultVpc", "ec2:CreateInternetGateway", "ec2:CreateNatGateway", "ec2:CreateNetworkInterface", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:CreateVpcEndpoint", "ec2:DescribeAccountAttributes", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeAvailabilityZones", "ec2:DescribeCustomerGateways", "ec2:DescribeInstances", "ec2:DescribeNatGateways", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroupReferences", "ec2:DescribeSecurityGroups", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:ModifyVpcEndpoint", "iam:ListRoles", "kms:ListAliases", "kms:ListKeyPolicies", "kms:ListKeys", "kms:ListRetirableGrants", "logs:DescribeLogStreams", "logs:GetLogEvents", "sns:ListSubscriptions", "sns:ListTopics", "sns:Publish" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": "iam:PassRole", "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "iam:passedToService": "rds.amazonaws.com" } } }, { "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS", "Condition": { "StringLike": { "iam:AWSServiceName": "rds.amazonaws.com" } } } ] }, "VersionId": "v4" }, "NeptuneFullAccess": { "PolicyName": "NeptuneFullAccess", "PolicyId": "ANPAIXSDEYRCNJRC6ITFK", "Arn": "arn:aws:iam::aws:policy/NeptuneFullAccess", "Path": "/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-05-30T19:17:31+00:00", "UpdateDate": "2020-09-02T17:24:56+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "rds:CreateDBCluster", "rds:CreateDBInstance" ], "Resource": [ "arn:aws:rds:*:*:*" ], "Condition": { "StringEquals": { "rds:DatabaseEngine": [ "graphdb", "neptune" ] } } }, { "Action": [ "rds:AddRoleToDBCluster", "rds:AddSourceIdentifierToSubscription", "rds:AddTagsToResource", "rds:ApplyPendingMaintenanceAction", "rds:CopyDBClusterParameterGroup", "rds:CopyDBClusterSnapshot", "rds:CopyDBParameterGroup", "rds:CreateDBClusterParameterGroup", "rds:CreateDBClusterSnapshot", "rds:CreateDBParameterGroup", "rds:CreateDBSubnetGroup", "rds:CreateEventSubscription", "rds:DeleteDBCluster", "rds:DeleteDBClusterParameterGroup", "rds:DeleteDBClusterSnapshot", "rds:DeleteDBInstance", "rds:DeleteDBParameterGroup", "rds:DeleteDBSubnetGroup", "rds:DeleteEventSubscription", "rds:DescribeAccountAttributes", "rds:DescribeCertificates", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBLogFiles", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSubnetGroups", "rds:DescribeEngineDefaultClusterParameters", "rds:DescribeEngineDefaultParameters", "rds:DescribeEventCategories", "rds:DescribeEventSubscriptions", "rds:DescribeEvents", "rds:DescribeOptionGroups", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribePendingMaintenanceActions", "rds:DescribeValidDBInstanceModifications", "rds:DownloadDBLogFilePortion", "rds:FailoverDBCluster", "rds:ListTagsForResource", "rds:ModifyDBCluster", "rds:ModifyDBClusterParameterGroup", "rds:ModifyDBClusterSnapshotAttribute", "rds:ModifyDBInstance", "rds:ModifyDBParameterGroup", "rds:ModifyDBSubnetGroup", "rds:ModifyEventSubscription", "rds:PromoteReadReplicaDBCluster", "rds:RebootDBInstance", "rds:RemoveRoleFromDBCluster", "rds:RemoveSourceIdentifierFromSubscription", "rds:RemoveTagsFromResource", "rds:ResetDBClusterParameterGroup", "rds:ResetDBParameterGroup", "rds:RestoreDBClusterFromSnapshot", "rds:RestoreDBClusterToPointInTime" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "kms:ListAliases", "kms:ListKeyPolicies", "kms:ListKeys", "kms:ListRetirableGrants", "logs:DescribeLogStreams", "logs:GetLogEvents", "sns:ListSubscriptions", "sns:ListTopics", "sns:Publish" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": "iam:PassRole", "Effect": "Allow", "Resource": "*", "Condition": { "StringEquals": { "iam:passedToService": "rds.amazonaws.com" } } }, { "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS", "Condition": { "StringLike": { "iam:AWSServiceName": "rds.amazonaws.com" } } } ] }, "VersionId": "v5" }, "NeptuneReadOnlyAccess": { "PolicyName": "NeptuneReadOnlyAccess", "PolicyId": "ANPAJS5OQ5RXULC66WTGQ", "Arn": "arn:aws:iam::aws:policy/NeptuneReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-05-30T19:16:37+00:00", "UpdateDate": "2018-05-30T19:16:37+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "rds:DescribeAccountAttributes", "rds:DescribeCertificates", "rds:DescribeDBClusterParameterGroups", "rds:DescribeDBClusterParameters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBLogFiles", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSubnetGroups", "rds:DescribeEventCategories", "rds:DescribeEventSubscriptions", "rds:DescribeEvents", "rds:DescribeOrderableDBInstanceOptions", "rds:DescribePendingMaintenanceActions", "rds:DownloadDBLogFilePortion", "rds:ListTagsForResource" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeInternetGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "kms:ListKeys", "kms:ListRetirableGrants", "kms:ListAliases", "kms:ListKeyPolicies" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "logs:DescribeLogStreams", "logs:GetLogEvents" ], "Effect": "Allow", "Resource": [ "arn:aws:logs:*:*:log-group:/aws/rds/*:log-stream:*", "arn:aws:logs:*:*:log-group:/aws/neptune/*:log-stream:*" ] } ] }, "VersionId": "v1" }, "NetworkAdministrator": { "PolicyName": "NetworkAdministrator", "PolicyId": "ANPAJPNMADZFJCVPJVZA2", "Arn": "arn:aws:iam::aws:policy/job-function/NetworkAdministrator", "Path": "/job-function/", "DefaultVersionId": "v9", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-11-10T17:31:35+00:00", "UpdateDate": "2021-07-20T21:05:41+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "autoscaling:Describe*", "cloudfront:ListDistributions", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStatistics", "cloudwatch:PutMetricAlarm", "directconnect:*", "ec2:AcceptVpcEndpointConnections", "ec2:AllocateAddress", "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AssociateAddress", "ec2:AssociateDhcpOptions", "ec2:AssociateRouteTable", "ec2:AssociateSubnetCidrBlock", "ec2:AssociateVpcCidrBlock", "ec2:AttachInternetGateway", "ec2:AttachNetworkInterface", "ec2:AttachVpnGateway", "ec2:CreateCarrierGateway", "ec2:CreateCustomerGateway", "ec2:CreateDefaultSubnet", "ec2:CreateDefaultVpc", "ec2:CreateDhcpOptions", "ec2:CreateEgressOnlyInternetGateway", "ec2:CreateFlowLogs", "ec2:CreateInternetGateway", "ec2:CreateNatGateway", "ec2:CreateNetworkAcl", "ec2:CreateNetworkAclEntry", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:CreatePlacementGroup", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:CreateVpcEndpointConnectionNotification", "ec2:CreateVpcEndpointServiceConfiguration", "ec2:CreateVpnConnection", "ec2:CreateVpnConnectionRoute", "ec2:CreateVpnGateway", "ec2:DeleteCarrierGateway", "ec2:DeleteEgressOnlyInternetGateway", "ec2:DeleteFlowLogs", "ec2:DeleteNatGateway", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DeletePlacementGroup", "ec2:DeleteSubnet", "ec2:DeleteTags", "ec2:DeleteVpc", "ec2:DeleteVpcEndpointConnectionNotifications", "ec2:DeleteVpcEndpointServiceConfigurations", "ec2:DeleteVpcEndpoints", "ec2:DeleteVpnConnection", "ec2:DeleteVpnConnectionRoute", "ec2:DeleteVpnGateway", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeCarrierGateways", "ec2:DescribeClassicLinkInstances", "ec2:DescribeCustomerGateways", "ec2:DescribeDhcpOptions", "ec2:DescribeEgressOnlyInternetGateways", "ec2:DescribeFlowLogs", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeKeyPairs", "ec2:DescribeMovingAddresses", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfacePermissions", "ec2:DescribeNetworkInterfaces", "ec2:DescribePlacementGroups", "ec2:DescribePrefixLists", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroupReferences", "ec2:DescribeSecurityGroups", "ec2:DescribeStaleSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcClassicLink", "ec2:DescribeVpcClassicLinkDnsSupport", "ec2:DescribeVpcEndpointConnectionNotifications", "ec2:DescribeVpcEndpointConnections", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeVpcEndpointServicePermissions", "ec2:DescribeVpcEndpointServices", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:DetachInternetGateway", "ec2:DetachNetworkInterface", "ec2:DetachVpnGateway", "ec2:DisableVgwRoutePropagation", "ec2:DisableVpcClassicLinkDnsSupport", "ec2:DisassociateAddress", "ec2:DisassociateRouteTable", "ec2:DisassociateSubnetCidrBlock", "ec2:DisassociateVpcCidrBlock", "ec2:EnableVgwRoutePropagation", "ec2:EnableVpcClassicLinkDnsSupport", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:ModifyVpcEndpoint", "ec2:ModifyVpcEndpointConnectionNotification", "ec2:ModifyVpcEndpointServiceConfiguration", "ec2:ModifyVpcEndpointServicePermissions", "ec2:ModifyVpcPeeringConnectionOptions", "ec2:ModifyVpcTenancy", "ec2:MoveAddressToVpc", "ec2:RejectVpcEndpointConnections", "ec2:ReleaseAddress", "ec2:ReplaceNetworkAclAssociation", "ec2:ReplaceNetworkAclEntry", "ec2:ReplaceRoute", "ec2:ReplaceRouteTableAssociation", "ec2:ResetNetworkInterfaceAttribute", "ec2:RestoreAddressToClassic", "ec2:UnassignIpv6Addresses", "ec2:UnassignPrivateIpAddresses", "ec2:UpdateSecurityGroupRuleDescriptionsEgress", "ec2:UpdateSecurityGroupRuleDescriptionsIngress", "elasticbeanstalk:Describe*", "elasticbeanstalk:List*", "elasticbeanstalk:RequestEnvironmentInfo", "elasticbeanstalk:RetrieveEnvironmentInfo", "elasticloadbalancing:*", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:GetLogEvents", "route53:*", "route53domains:*", "sns:CreateTopic", "sns:ListSubscriptionsByTopic", "sns:ListTopics" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:AcceptVpcPeeringConnection", "ec2:AttachClassicLinkVpc", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateVpcPeeringConnection", "ec2:DeleteCustomerGateway", "ec2:DeleteDhcpOptions", "ec2:DeleteInternetGateway", "ec2:DeleteNetworkAcl", "ec2:DeleteNetworkAclEntry", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DeleteSecurityGroup", "ec2:DeleteVolume", "ec2:DeleteVpcPeeringConnection", "ec2:DetachClassicLinkVpc", "ec2:DisableVpcClassicLink", "ec2:EnableVpcClassicLink", "ec2:GetConsoleScreenshot", "ec2:RejectVpcPeeringConnection", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ec2:CreateLocalGatewayRoute", "ec2:CreateLocalGatewayRouteTableVpcAssociation", "ec2:DeleteLocalGatewayRoute", "ec2:DeleteLocalGatewayRouteTableVpcAssociation", "ec2:DescribeLocalGatewayRouteTableVirtualInterfaceGroupAssociations", "ec2:DescribeLocalGatewayRouteTableVpcAssociations", "ec2:DescribeLocalGatewayRouteTables", "ec2:DescribeLocalGatewayVirtualInterfaceGroups", "ec2:DescribeLocalGatewayVirtualInterfaces", "ec2:DescribeLocalGateways", "ec2:SearchLocalGatewayRoutes" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:GetBucketWebsite", "s3:ListBucket" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "iam:GetRole", "iam:ListRoles", "iam:PassRole" ], "Resource": "arn:aws:iam::*:role/flow-logs-*" }, { "Effect": "Allow", "Action": [ "networkmanager:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:AcceptTransitGatewayVpcAttachment", "ec2:AssociateTransitGatewayRouteTable", "ec2:CreateTransitGateway", "ec2:CreateTransitGatewayRoute", "ec2:CreateTransitGatewayRouteTable", "ec2:CreateTransitGatewayVpcAttachment", "ec2:DeleteTransitGateway", "ec2:DeleteTransitGatewayRoute", "ec2:DeleteTransitGatewayRouteTable", "ec2:DeleteTransitGatewayVpcAttachment", "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayRouteTables", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribeTransitGateways", "ec2:DisableTransitGatewayRouteTablePropagation", "ec2:DisassociateTransitGatewayRouteTable", "ec2:EnableTransitGatewayRouteTablePropagation", "ec2:ExportTransitGatewayRoutes", "ec2:GetTransitGatewayAttachmentPropagations", "ec2:GetTransitGatewayRouteTableAssociations", "ec2:GetTransitGatewayRouteTablePropagations", "ec2:ModifyTransitGateway", "ec2:ModifyTransitGatewayVpcAttachment", "ec2:RejectTransitGatewayVpcAttachment", "ec2:ReplaceTransitGatewayRoute", "ec2:SearchTransitGatewayRoutes" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "*", "Condition": { "StringLike": { "iam:AWSServiceName": [ "transitgateway.amazonaws.com" ] } } } ] }, "VersionId": "v9" }, "PowerUserAccess": { "PolicyName": "PowerUserAccess", "PolicyId": "ANPAJYRXTHIB4FOVS3ZXS", "Arn": "arn:aws:iam::aws:policy/PowerUserAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:39:47+00:00", "UpdateDate": "2019-03-20T22:19:03+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "NotAction": [ "iam:*", "organizations:*", "account:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole", "iam:DeleteServiceLinkedRole", "iam:ListRoles", "organizations:DescribeOrganization", "account:ListRegions" ], "Resource": "*" } ] }, "VersionId": "v4" }, "QuickSightAccessForS3StorageManagementAnalyticsReadOnly": { "PolicyName": "QuickSightAccessForS3StorageManagementAnalyticsReadOnly", "PolicyId": "ANPAIFWG3L3WDMR4I7ZJW", "Arn": "arn:aws:iam::aws:policy/service-role/QuickSightAccessForS3StorageManagementAnalyticsReadOnly", "Path": "/service-role/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-06-12T18:18:38+00:00", "UpdateDate": "2019-10-08T23:53:11+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": [ "arn:aws:s3:::s3-analytics-export-shared-*" ] }, { "Action": [ "s3:GetAnalyticsConfiguration", "s3:ListAllMyBuckets", "s3:GetBucketLocation" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v4" }, "RDSCloudHsmAuthorizationRole": { "PolicyName": "RDSCloudHsmAuthorizationRole", "PolicyId": "ANPAIWKFXRLQG2ROKKXLE", "Arn": "arn:aws:iam::aws:policy/service-role/RDSCloudHsmAuthorizationRole", "Path": "/service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:29+00:00", "UpdateDate": "2019-09-26T22:14:29+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudhsm:CreateLunaClient", "cloudhsm:DeleteLunaClient", "cloudhsm:DescribeHapg", "cloudhsm:DescribeLunaClient", "cloudhsm:GetConfig", "cloudhsm:ModifyHapg", "cloudhsm:ModifyLunaClient" ], "Resource": "*" } ] }, "VersionId": "v2" }, "ReadOnlyAccess": { "PolicyName": "ReadOnlyAccess", "PolicyId": "ANPAILL3HVNFSB6DCOWYQ", "Arn": "arn:aws:iam::aws:policy/ReadOnlyAccess", "Path": "/", "DefaultVersionId": "v78", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:39:48+00:00", "UpdateDate": "2021-05-25T23:10:47+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "a4b:Get*", "a4b:List*", "a4b:Search*", "access-analyzer:GetAccessPreview", "access-analyzer:GetAnalyzedResource", "access-analyzer:GetAnalyzer", "access-analyzer:GetArchiveRule", "access-analyzer:GetFinding", "access-analyzer:GetGeneratedPolicy", "access-analyzer:ListAccessPreviewFindings", "access-analyzer:ListAccessPreviews", "access-analyzer:ListAnalyzedResources", "access-analyzer:ListAnalyzers", "access-analyzer:ListArchiveRules", "access-analyzer:ListFindings", "access-analyzer:ListPolicyGenerations", "access-analyzer:ListTagsForResource", "access-analyzer:ValidatePolicy", "acm-pca:Describe*", "acm-pca:Get*", "acm-pca:List*", "acm:Describe*", "acm:Get*", "acm:List*", "amplify:GetApp", "amplify:GetBranch", "amplify:GetDomainAssociation", "amplify:GetJob", "amplify:ListApps", "amplify:ListBranches", "amplify:ListDomainAssociations", "amplify:ListJobs", "apigateway:GET", "application-autoscaling:Describe*", "applicationinsights:Describe*", "applicationinsights:List*", "appmesh:Describe*", "appmesh:List*", "appstream:Describe*", "appstream:List*", "appsync:Get*", "appsync:List*", "athena:Batch*", "athena:Get*", "athena:List*", "auditmanager:GetAccountStatus", "auditmanager:GetAssessment", "auditmanager:GetAssessmentFramework", "auditmanager:GetAssessmentReportUrl", "auditmanager:GetChangeLogs", "auditmanager:GetControl", "auditmanager:GetDelegations", "auditmanager:GetEvidence", "auditmanager:GetEvidenceByEvidenceFolder", "auditmanager:GetEvidenceFolder", "auditmanager:GetEvidenceFoldersByAssessment", "auditmanager:GetEvidenceFoldersByAssessmentControl", "auditmanager:GetOrganizationAdminAccount", "auditmanager:GetServicesInScope", "auditmanager:GetSettings", "auditmanager:ListAssessmentFrameworks", "auditmanager:ListAssessmentReports", "auditmanager:ListAssessments", "auditmanager:ListControls", "auditmanager:ListKeywordsForDataSource", "auditmanager:ListNotifications", "auditmanager:ListTagsForResource", "auditmanager:ValidateAssessmentReportIntegrity", "autoscaling-plans:Describe*", "autoscaling-plans:GetScalingPlanResourceForecastData", "autoscaling:Describe*", "aws-portal:View*", "backup:Describe*", "backup:Get*", "backup:List*", "batch:Describe*", "batch:List*", "braket:GetDevice", "braket:GetQuantumTask", "braket:SearchDevices", "braket:SearchQuantumTasks", "budgets:Describe*", "budgets:View*", "cassandra:Select", "chatbot:Describe*", "chatbot:Get*", "chime:Get*", "chime:List*", "chime:Retrieve*", "chime:Search*", "chime:Validate*", "cloud9:Describe*", "cloud9:List*", "clouddirectory:BatchRead", "clouddirectory:Get*", "clouddirectory:List*", "clouddirectory:LookupPolicy", "cloudformation:Describe*", "cloudformation:Detect*", "cloudformation:Estimate*", "cloudformation:Get*", "cloudformation:List*", "cloudfront:Get*", "cloudfront:List*", "cloudhsm:Describe*", "cloudhsm:Get*", "cloudhsm:List*", "cloudsearch:Describe*", "cloudsearch:List*", "cloudtrail:Describe*", "cloudtrail:Get*", "cloudtrail:List*", "cloudtrail:LookupEvents", "cloudwatch:Describe*", "cloudwatch:Get*", "cloudwatch:List*", "codeartifact:DescribeDomain", "codeartifact:DescribePackageVersion", "codeartifact:DescribeRepository", "codeartifact:GetAuthorizationToken", "codeartifact:GetDomainPermissionsPolicy", "codeartifact:GetPackageVersionAsset", "codeartifact:GetPackageVersionReadme", "codeartifact:GetRepositoryEndpoint", "codeartifact:GetRepositoryPermissionsPolicy", "codeartifact:ListDomains", "codeartifact:ListPackageVersionAssets", "codeartifact:ListPackageVersionDependencies", "codeartifact:ListPackageVersions", "codeartifact:ListPackages", "codeartifact:ListRepositories", "codeartifact:ListRepositoriesInDomain", "codeartifact:ListTagsForResource", "codeartifact:ReadFromRepository", "codebuild:BatchGet*", "codebuild:DescribeCodeCoverages", "codebuild:DescribeTestCases", "codebuild:List*", "codecommit:BatchGet*", "codecommit:Describe*", "codecommit:Get*", "codecommit:GitPull", "codecommit:List*", "codedeploy:BatchGet*", "codedeploy:Get*", "codedeploy:List*", "codeguru-profiler:Describe*", "codeguru-profiler:Get*", "codeguru-profiler:List*", "codeguru-reviewer:Describe*", "codeguru-reviewer:Get*", "codeguru-reviewer:List*", "codepipeline:Get*", "codepipeline:List*", "codestar-notifications:ListTargets", "codestar-notifications:describeNotificationRule", "codestar-notifications:listEventTypes", "codestar-notifications:listNotificationRules", "codestar-notifications:listTagsForResource", "codestar:Describe*", "codestar:Get*", "codestar:List*", "codestar:Verify*", "cognito-identity:Describe*", "cognito-identity:GetCredentialsForIdentity", "cognito-identity:GetIdentityPoolRoles", "cognito-identity:GetOpenIdToken", "cognito-identity:GetOpenIdTokenForDeveloperIdentity", "cognito-identity:List*", "cognito-identity:Lookup*", "cognito-idp:AdminGet*", "cognito-idp:AdminList*", "cognito-idp:Describe*", "cognito-idp:Get*", "cognito-idp:List*", "cognito-sync:Describe*", "cognito-sync:Get*", "cognito-sync:List*", "cognito-sync:QueryRecords", "compute-optimizer:DescribeRecommendationExportJobs", "compute-optimizer:GetAutoScalingGroupRecommendations", "compute-optimizer:GetEBSVolumeRecommendations", "compute-optimizer:GetEC2InstanceRecommendations", "compute-optimizer:GetEC2RecommendationProjectedMetrics", "compute-optimizer:GetEnrollmentStatus", "compute-optimizer:GetLambdaFunctionRecommendations", "compute-optimizer:GetRecommendationSummaries", "config:BatchGetAggregateResourceConfig", "config:BatchGetResourceConfig", "config:Deliver*", "config:Describe*", "config:Get*", "config:List*", "config:SelectAggregateResourceConfig", "config:SelectResourceConfig", "connect:Describe*", "connect:GetFederationToken", "connect:List*", "dataexchange:Get*", "dataexchange:List*", "datapipeline:Describe*", "datapipeline:EvaluateExpression", "datapipeline:Get*", "datapipeline:List*", "datapipeline:QueryObjects", "datapipeline:Validate*", "datasync:Describe*", "datasync:List*", "dax:BatchGetItem", "dax:Describe*", "dax:GetItem", "dax:ListTags", "dax:Query", "dax:Scan", "deepcomposer:GetComposition", "deepcomposer:GetModel", "deepcomposer:GetSampleModel", "deepcomposer:ListCompositions", "deepcomposer:ListModels", "deepcomposer:ListSampleModels", "deepcomposer:ListTrainingTopics", "detective:Get*", "detective:List*", "devicefarm:Get*", "devicefarm:List*", "devops-guru:DescribeAccountHealth", "devops-guru:DescribeAccountOverview", "devops-guru:DescribeAnomaly", "devops-guru:DescribeInsight", "devops-guru:DescribeResourceCollectionHealth", "devops-guru:DescribeServiceIntegration", "devops-guru:GetResourceCollection", "devops-guru:ListAnomaliesForInsight", "devops-guru:ListEvents", "devops-guru:ListInsights", "devops-guru:ListNotificationChannels", "devops-guru:ListRecommendations", "devops-guru:SearchInsights", "directconnect:Describe*", "discovery:Describe*", "discovery:Get*", "discovery:List*", "dlm:Get*", "dms:Describe*", "dms:List*", "dms:Test*", "ds:Check*", "ds:Describe*", "ds:Get*", "ds:List*", "ds:Verify*", "dynamodb:BatchGet*", "dynamodb:Describe*", "dynamodb:Get*", "dynamodb:List*", "dynamodb:Query", "dynamodb:Scan", "ec2:Describe*", "ec2:Get*", "ec2:SearchTransitGatewayRoutes", "ec2messages:Get*", "ecr-public:BatchCheckLayerAvailability", "ecr-public:DescribeImageTags", "ecr-public:DescribeImages", "ecr-public:DescribeRegistries", "ecr-public:DescribeRepositories", "ecr-public:GetAuthorizationToken", "ecr-public:GetRegistryCatalogData", "ecr-public:GetRepositoryCatalogData", "ecr-public:GetRepositoryPolicy", "ecr-public:ListTagsForResource", "ecr:BatchCheck*", "ecr:BatchGet*", "ecr:Describe*", "ecr:Get*", "ecr:List*", "ecs:Describe*", "ecs:List*", "eks:Describe*", "eks:List*", "elasticache:Describe*", "elasticache:List*", "elasticbeanstalk:Check*", "elasticbeanstalk:Describe*", "elasticbeanstalk:List*", "elasticbeanstalk:Request*", "elasticbeanstalk:Retrieve*", "elasticbeanstalk:Validate*", "elasticfilesystem:Describe*", "elasticloadbalancing:Describe*", "elasticmapreduce:Describe*", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:List*", "elasticmapreduce:View*", "elastictranscoder:List*", "elastictranscoder:Read*", "elemental-appliances-software:Get*", "elemental-appliances-software:List*", "es:Describe*", "es:ESHttpGet", "es:ESHttpHead", "es:Get*", "es:List*", "events:Describe*", "events:List*", "events:Test*", "firehose:Describe*", "firehose:List*", "fis:GetAction", "fis:GetExperiment", "fis:GetExperimentTemplate", "fis:ListActions", "fis:ListExperimentTemplates", "fis:ListExperiments", "fis:ListTagsForResource", "fms:GetAdminAccount", "fms:GetAppsList", "fms:GetComplianceDetail", "fms:GetNotificationChannel", "fms:GetPolicy", "fms:GetProtectionStatus", "fms:GetProtocolsList", "fms:GetViolationDetails", "fms:ListAppsLists", "fms:ListComplianceStatus", "fms:ListMemberAccounts", "fms:ListPolicies", "fms:ListProtocolsLists", "fms:ListTagsForResource", "forecast:DescribeDataset", "forecast:DescribeDatasetGroup", "forecast:DescribeDatasetImportJob", "forecast:DescribeForecast", "forecast:DescribeForecastExportJob", "forecast:DescribePredictor", "forecast:DescribePredictorBacktestExportJob", "forecast:GetAccuracyMetrics", "forecast:ListDatasetGroups", "forecast:ListDatasetImportJobs", "forecast:ListDatasets", "forecast:ListForecastExportJobs", "forecast:ListForecasts", "forecast:ListPredictorBacktestExportJobs", "forecast:ListPredictors", "forecast:QueryForecast", "freertos:Describe*", "freertos:List*", "fsx:Describe*", "fsx:List*", "gamelift:Describe*", "gamelift:Get*", "gamelift:List*", "gamelift:ResolveAlias", "gamelift:Search*", "glacier:Describe*", "glacier:Get*", "glacier:List*", "globalaccelerator:Describe*", "globalaccelerator:List*", "glue:BatchGetDevEndpoints", "glue:BatchGetJobs", "glue:BatchGetPartition", "glue:BatchGetTriggers", "glue:BatchGetWorkflows", "glue:CheckSchemaVersionValidity", "glue:GetCatalogImportStatus", "glue:GetClassifier", "glue:GetClassifiers", "glue:GetCrawler", "glue:GetCrawlerMetrics", "glue:GetCrawlers", "glue:GetDataCatalogEncryptionSettings", "glue:GetDatabase", "glue:GetDatabases", "glue:GetDataflowGraph", "glue:GetDevEndpoint", "glue:GetDevEndpoints", "glue:GetJob", "glue:GetJobBookmark", "glue:GetJobRun", "glue:GetJobRuns", "glue:GetJobs", "glue:GetMLTaskRun", "glue:GetMLTaskRuns", "glue:GetMLTransform", "glue:GetMLTransforms", "glue:GetMapping", "glue:GetPartition", "glue:GetPartitions", "glue:GetPlan", "glue:GetRegistry", "glue:GetResourcePolicy", "glue:GetSchema", "glue:GetSchemaByDefinition", "glue:GetSchemaVersion", "glue:GetSchemaVersionsDiff", "glue:GetSecurityConfiguration", "glue:GetSecurityConfigurations", "glue:GetTable", "glue:GetTableVersion", "glue:GetTableVersions", "glue:GetTables", "glue:GetTags", "glue:GetTrigger", "glue:GetTriggers", "glue:GetUserDefinedFunction", "glue:GetUserDefinedFunctions", "glue:GetWorkflow", "glue:GetWorkflowRun", "glue:GetWorkflowRunProperties", "glue:GetWorkflowRuns", "glue:ListCrawlers", "glue:ListDevEndpoints", "glue:ListJobs", "glue:ListMLTransforms", "glue:ListRegistries", "glue:ListSchemaVersions", "glue:ListSchemas", "glue:ListTriggers", "glue:ListWorkflows", "glue:QuerySchemaVersionMetadata", "greengrass:DescribeComponent", "greengrass:Get*", "greengrass:List*", "groundstation:DescribeContact", "groundstation:GetConfig", "groundstation:GetDataflowEndpointGroup", "groundstation:GetMinuteUsage", "groundstation:GetMissionProfile", "groundstation:GetSatellite", "groundstation:ListConfigs", "groundstation:ListContacts", "groundstation:ListDataflowEndpointGroups", "groundstation:ListGroundStations", "groundstation:ListMissionProfiles", "groundstation:ListSatellites", "groundstation:ListTagsForResource", "guardduty:DescribeOrganizationConfiguration", "guardduty:DescribePublishingDestination", "guardduty:Get*", "guardduty:List*", "health:Describe*", "iam:Generate*", "iam:Get*", "iam:List*", "iam:Simulate*", "imagebuilder:Get*", "imagebuilder:List*", "importexport:Get*", "importexport:List*", "inspector:Describe*", "inspector:Get*", "inspector:List*", "inspector:Preview*", "iot:Describe*", "iot:Get*", "iot:List*", "iotanalytics:Describe*", "iotanalytics:Get*", "iotanalytics:List*", "iotanalytics:SampleChannelData", "iotevents:DescribeAlarm", "iotevents:DescribeAlarmModel", "iotevents:DescribeDetector", "iotevents:DescribeDetectorModel", "iotevents:DescribeInput", "iotevents:DescribeLoggingOptions", "iotevents:ListAlarmModelVersions", "iotevents:ListAlarmModels", "iotevents:ListAlarms", "iotevents:ListDetectorModelVersions", "iotevents:ListDetectorModels", "iotevents:ListDetectors", "iotevents:ListInputs", "iotevents:ListTagsForResource", "iotfleethub:DescribeApplication", "iotfleethub:ListApplications", "iotsitewise:Describe*", "iotsitewise:Get*", "iotsitewise:List*", "iotwireless:GetDestination", "iotwireless:GetDeviceProfile", "iotwireless:GetPartnerAccount", "iotwireless:GetServiceEndpoint", "iotwireless:GetServiceProfile", "iotwireless:GetWirelessDevice", "iotwireless:GetWirelessDeviceStatistics", "iotwireless:GetWirelessGateway", "iotwireless:GetWirelessGatewayCertificate", "iotwireless:GetWirelessGatewayFirmwareInformation", "iotwireless:GetWirelessGatewayStatistics", "iotwireless:GetWirelessGatewayTask", "iotwireless:GetWirelessGatewayTaskDefinition", "iotwireless:ListDestinations", "iotwireless:ListDeviceProfiles", "iotwireless:ListPartnerAccounts", "iotwireless:ListServiceProfiles", "iotwireless:ListTagsForResource", "iotwireless:ListWirelessDevices", "iotwireless:ListWirelessGatewayTaskDefinitions", "iotwireless:ListWirelessGateways", "ivs:BatchGetChannel", "ivs:GetChannel", "ivs:GetPlaybackKeyPair", "ivs:GetRecordingConfiguration", "ivs:ListChannels", "ivs:ListPlaybackKeyPairs", "ivs:ListRecordingConfigurations", "ivs:ListStreams", "ivs:ListTagsForResource", "kafka:Describe*", "kafka:Get*", "kafka:List*", "kendra:DescribeDataSource", "kendra:DescribeFaq", "kendra:DescribeIndex", "kendra:DescribeThesaurus", "kendra:ListDataSourceSyncJobs", "kendra:ListDataSources", "kendra:ListFaqs", "kendra:ListIndices", "kendra:ListTagsForResource", "kendra:ListThesauri", "kendra:Query", "kinesis:Describe*", "kinesis:Get*", "kinesis:List*", "kinesisanalytics:Describe*", "kinesisanalytics:Discover*", "kinesisanalytics:Get*", "kinesisanalytics:List*", "kinesisvideo:Describe*", "kinesisvideo:Get*", "kinesisvideo:List*", "kms:Describe*", "kms:Get*", "kms:List*", "lambda:Get*", "lambda:List*", "lex:Get*", "license-manager:Get*", "license-manager:List*", "lightsail:GetActiveNames", "lightsail:GetAlarms", "lightsail:GetAutoSnapshots", "lightsail:GetBlueprints", "lightsail:GetBundles", "lightsail:GetCertificates", "lightsail:GetCloudFormationStackRecords", "lightsail:GetContainerAPIMetadata", "lightsail:GetContainerImages", "lightsail:GetContainerServiceDeployments", "lightsail:GetContainerServiceMetricData", "lightsail:GetContainerServicePowers", "lightsail:GetContainerServices", "lightsail:GetDisk", "lightsail:GetDiskSnapshot", "lightsail:GetDiskSnapshots", "lightsail:GetDisks", "lightsail:GetDistributionBundles", "lightsail:GetDistributionLatestCacheReset", "lightsail:GetDistributionMetricData", "lightsail:GetDistributions", "lightsail:GetDomain", "lightsail:GetDomains", "lightsail:GetExportSnapshotRecords", "lightsail:GetInstance", "lightsail:GetInstanceMetricData", "lightsail:GetInstancePortStates", "lightsail:GetInstanceSnapshot", "lightsail:GetInstanceSnapshots", "lightsail:GetInstanceState", "lightsail:GetInstances", "lightsail:GetKeyPair", "lightsail:GetKeyPairs", "lightsail:GetLoadBalancer", "lightsail:GetLoadBalancerMetricData", "lightsail:GetLoadBalancerTlsCertificates", "lightsail:GetLoadBalancers", "lightsail:GetOperation", "lightsail:GetOperations", "lightsail:GetOperationsForResource", "lightsail:GetRegions", "lightsail:GetRelationalDatabase", "lightsail:GetRelationalDatabaseBlueprints", "lightsail:GetRelationalDatabaseBundles", "lightsail:GetRelationalDatabaseEvents", "lightsail:GetRelationalDatabaseLogEvents", "lightsail:GetRelationalDatabaseLogStreams", "lightsail:GetRelationalDatabaseMetricData", "lightsail:GetRelationalDatabaseParameters", "lightsail:GetRelationalDatabaseSnapshot", "lightsail:GetRelationalDatabaseSnapshots", "lightsail:GetRelationalDatabases", "lightsail:GetStaticIp", "lightsail:GetStaticIps", "lightsail:Is*", "logs:Describe*", "logs:FilterLogEvents", "logs:Get*", "logs:ListTagsLogGroup", "logs:StartQuery", "logs:StopQuery", "logs:TestMetricFilter", "lookoutvision:DescribeDataset", "lookoutvision:DescribeModel", "lookoutvision:DescribeProject", "lookoutvision:ListDatasetEntries", "lookoutvision:ListModels", "lookoutvision:ListProjects", "lookoutvision:ListTagsForResource", "machinelearning:Describe*", "machinelearning:Get*", "mediaconvert:DescribeEndpoints", "mediaconvert:Get*", "mediaconvert:List*", "mediapackage:Describe*", "mediapackage:List*", "mediastore:DescribeContainer", "mediastore:DescribeObject", "mediastore:GetContainerPolicy", "mediastore:GetCorsPolicy", "mediastore:GetLifecyclePolicy", "mediastore:GetMetricPolicy", "mediastore:GetObject", "mediastore:ListContainers", "mediastore:ListItems", "mediastore:ListTagsForResource", "mgh:Describe*", "mgh:GetHomeRegion", "mgh:List*", "mgn:DescribeJobLogItems", "mgn:DescribeJobs", "mgn:DescribeReplicationConfigurationTemplates", "mgn:DescribeSourceServers", "mgn:GetLaunchConfiguration", "mgn:GetReplicationConfiguration", "mobileanalytics:Get*", "mobilehub:Describe*", "mobilehub:Export*", "mobilehub:Generate*", "mobilehub:Get*", "mobilehub:List*", "mobilehub:Validate*", "mobilehub:Verify*", "mobiletargeting:Get*", "mobiletargeting:List*", "mq:Describe*", "mq:List*", "network-firewall:DescribeFirewall", "network-firewall:DescribeFirewallPolicy", "network-firewall:DescribeLoggingConfiguration", "network-firewall:DescribeResourcePolicy", "network-firewall:DescribeRuleGroup", "network-firewall:ListFirewallPolicies", "network-firewall:ListFirewalls", "network-firewall:ListRuleGroups", "network-firewall:ListTagsForResource", "networkmanager:DescribeGlobalNetworks", "networkmanager:GetConnections", "networkmanager:GetCustomerGatewayAssociations", "networkmanager:GetDevices", "networkmanager:GetLinkAssociations", "networkmanager:GetLinks", "networkmanager:GetSites", "networkmanager:GetTransitGatewayConnectPeerAssociations", "networkmanager:GetTransitGatewayRegistrations", "opsworks-cm:Describe*", "opsworks-cm:List*", "opsworks:Describe*", "opsworks:Get*", "organizations:Describe*", "organizations:List*", "outposts:Get*", "outposts:List*", "personalize:Describe*", "personalize:Get*", "personalize:List*", "pi:DescribeDimensionKeys", "pi:GetResourceMetrics", "polly:Describe*", "polly:Get*", "polly:List*", "polly:SynthesizeSpeech", "qldb:DescribeJournalS3Export", "qldb:DescribeLedger", "qldb:GetBlock", "qldb:GetDigest", "qldb:GetRevision", "qldb:ListJournalS3Exports", "qldb:ListJournalS3ExportsForLedger", "qldb:ListLedgers", "qldb:ListTagsForResource", "ram:Get*", "ram:List*", "rds:Describe*", "rds:Download*", "rds:List*", "redshift:Describe*", "redshift:GetReservedNodeExchangeOfferings", "redshift:View*", "rekognition:CompareFaces", "rekognition:Detect*", "rekognition:List*", "rekognition:Search*", "resource-groups:Get*", "resource-groups:List*", "resource-groups:Search*", "robomaker:BatchDescribe*", "robomaker:Describe*", "robomaker:Get*", "robomaker:List*", "route53:Get*", "route53:List*", "route53:Test*", "route53domains:Check*", "route53domains:Get*", "route53domains:List*", "route53domains:View*", "route53resolver:Get*", "route53resolver:List*", "s3:DescribeJob", "s3:Get*", "s3:List*", "sagemaker:Describe*", "sagemaker:GetSearchSuggestions", "sagemaker:List*", "sagemaker:Search", "savingsplans:DescribeSavingsPlanRates", "savingsplans:DescribeSavingsPlans", "savingsplans:DescribeSavingsPlansOfferingRates", "savingsplans:DescribeSavingsPlansOfferings", "savingsplans:ListTagsForResource", "schemas:Describe*", "schemas:Get*", "schemas:List*", "schemas:Search*", "sdb:Get*", "sdb:List*", "sdb:Select*", "secretsmanager:Describe*", "secretsmanager:GetResourcePolicy", "secretsmanager:List*", "securityhub:Describe*", "securityhub:Get*", "securityhub:List*", "serverlessrepo:Get*", "serverlessrepo:List*", "serverlessrepo:SearchApplications", "servicecatalog:Describe*", "servicecatalog:GetApplication", "servicecatalog:GetAttributeGroup", "servicecatalog:List*", "servicecatalog:Scan*", "servicecatalog:Search*", "servicediscovery:Get*", "servicediscovery:List*", "servicequotas:GetAWSDefaultServiceQuota", "servicequotas:GetAssociationForServiceQuotaTemplate", "servicequotas:GetRequestedServiceQuotaChange", "servicequotas:GetServiceQuota", "servicequotas:GetServiceQuotaIncreaseRequestFromTemplate", "servicequotas:ListAWSDefaultServiceQuotas", "servicequotas:ListRequestedServiceQuotaChangeHistory", "servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota", "servicequotas:ListServiceQuotaIncreaseRequestsInTemplate", "servicequotas:ListServiceQuotas", "servicequotas:ListServices", "ses:Describe*", "ses:Get*", "ses:List*", "shield:Describe*", "shield:Get*", "shield:List*", "signer:DescribeSigningJob", "signer:GetSigningPlatform", "signer:GetSigningProfile", "signer:ListProfilePermissions", "signer:ListSigningJobs", "signer:ListSigningPlatforms", "signer:ListSigningProfiles", "signer:ListTagsForResource", "snowball:Describe*", "snowball:Get*", "snowball:List*", "sns:Check*", "sns:Get*", "sns:List*", "sqs:Get*", "sqs:List*", "sqs:Receive*", "ssm-contacts:DescribeEngagement", "ssm-contacts:DescribePage", "ssm-contacts:GetContact", "ssm-contacts:GetContactChannel", "ssm-contacts:ListContactChannels", "ssm-contacts:ListContacts", "ssm-contacts:ListEngagements", "ssm-contacts:ListPageReceipts", "ssm-contacts:ListPagesByContact", "ssm-contacts:ListPagesByEngagement", "ssm-incidents:GetIncidentRecord", "ssm-incidents:GetReplicationSet", "ssm-incidents:GetResourcePolicies", "ssm-incidents:GetResponsePlan", "ssm-incidents:GetTimelineEvent", "ssm-incidents:ListIncidentRecords", "ssm-incidents:ListRelatedItems", "ssm-incidents:ListReplicationSets", "ssm-incidents:ListResponsePlans", "ssm-incidents:ListTagsForResource", "ssm-incidents:ListTimelineEvents", "ssm:Describe*", "ssm:Get*", "ssm:List*", "sso-directory:Describe*", "sso-directory:List*", "sso-directory:Search*", "sso:Describe*", "sso:Get*", "sso:List*", "sso:Search*", "states:Describe*", "states:GetExecutionHistory", "states:List*", "storagegateway:Describe*", "storagegateway:List*", "sts:GetAccessKeyInfo", "sts:GetCallerIdentity", "sts:GetSessionToken", "swf:Count*", "swf:Describe*", "swf:Get*", "swf:List*", "synthetics:Describe*", "synthetics:Get*", "synthetics:List*", "tag:Get*", "transcribe:Get*", "transcribe:List*", "transfer:Describe*", "transfer:List*", "transfer:TestIdentityProvider", "trustedadvisor:Describe*", "waf-regional:Get*", "waf-regional:List*", "waf:Get*", "waf:List*", "wafv2:CheckCapacity", "wafv2:Describe*", "wafv2:Get*", "wafv2:List*", "workdocs:CheckAlias", "workdocs:Describe*", "workdocs:Get*", "worklink:Describe*", "worklink:List*", "workmail:Describe*", "workmail:Get*", "workmail:List*", "workmail:Search*", "workspaces:Describe*", "xray:BatchGet*", "xray:Get*" ], "Resource": "*" } ] }, "VersionId": "v78" }, "ResourceGroupsandTagEditorFullAccess": { "PolicyName": "ResourceGroupsandTagEditorFullAccess", "PolicyId": "ANPAJNOS54ZFXN4T2Y34A", "Arn": "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorFullAccess", "Path": "/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:39:53+00:00", "UpdateDate": "2019-10-02T23:57:57+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "tag:getResources", "tag:getTagKeys", "tag:getTagValues", "tag:TagResources", "tag:UntagResources", "resource-groups:*", "cloudformation:DescribeStacks", "cloudformation:ListStackResources" ], "Resource": "*" } ] }, "VersionId": "v5" }, "ResourceGroupsandTagEditorReadOnlyAccess": { "PolicyName": "ResourceGroupsandTagEditorReadOnlyAccess", "PolicyId": "ANPAJHXQTPI5I5JKAIU74", "Arn": "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:39:54+00:00", "UpdateDate": "2019-03-07T19:43:17+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "tag:getResources", "tag:getTagKeys", "tag:getTagValues", "resource-groups:Get*", "resource-groups:List*", "resource-groups:Search*", "cloudformation:DescribeStacks", "cloudformation:ListStackResources" ], "Resource": "*" } ] }, "VersionId": "v2" }, "Route53RecoveryReadinessServiceRolePolicy": { "PolicyName": "Route53RecoveryReadinessServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4J7MSL2FYD", "Arn": "arn:aws:iam::aws:policy/aws-service-role/Route53RecoveryReadinessServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2021-07-15T16:06:21+00:00", "UpdateDate": "2021-07-15T16:06:21+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:DescribeReservedCapacity", "dynamodb:DescribeReservedCapacityOfferings" ], "Resource": "arn:aws:dynamodb:*:*:*" }, { "Effect": "Allow", "Action": [ "dynamodb:DescribeTable", "dynamodb:DescribeTimeToLive" ], "Resource": "arn:aws:dynamodb:*:*:table/*" }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "arn:aws:iam::*:role/aws-service-role/servicequotas.amazonaws.com/AWSServiceRoleForServiceQuotas", "Condition": { "StringLike": { "iam:AWSServiceName": "servicequotas.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "rds:DescribeDBClusters" ], "Resource": "arn:aws:rds:*:*:cluster:*" }, { "Effect": "Allow", "Action": [ "rds:DescribeDBInstances" ], "Resource": "arn:aws:rds:*:*:db:*" }, { "Effect": "Allow", "Action": [ "route53:ListResourceRecordSets" ], "Resource": "arn:aws:route53:::hostedzone/*" }, { "Effect": "Allow", "Action": [ "route53:GetHealthCheck", "route53:GetHealthCheckStatus" ], "Resource": "arn:aws:route53:::healthcheck/*" }, { "Effect": "Allow", "Action": [ "servicequotas:RequestServiceQuotaIncrease" ], "Resource": "arn:aws:servicequotas:*:*:*" }, { "Effect": "Allow", "Action": [ "sns:GetTopicAttributes", "sns:ListSubscriptionsByTopic" ], "Resource": "arn:aws:sns:*:*:*" }, { "Effect": "Allow", "Action": [ "sqs:GetQueueAttributes", "sqs:GetQueueUrl" ], "Resource": "arn:aws:sqs:*:*:*" }, { "Effect": "Allow", "Action": [ "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingPolicies", "autoscaling:DescribeAccountLimits", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLifecycleHooks", "autoscaling:DescribeLoadBalancers", "autoscaling:DescribeLoadBalancerTargetGroups", "autoscaling:DescribeNotificationConfigurations", "autoscaling:DescribePolicies", "cloudwatch:GetMetricData", "cloudwatch:DescribeAlarms", "dynamodb:DescribeLimits", "dynamodb:ListGlobalTables", "dynamodb:ListTables", "ec2:DescribeAvailabilityZones", "ec2:DescribeInstances", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:GetEbsEncryptionByDefault", "ec2:GetEbsDefaultKmsKeyId", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", "kafka:DescribeCluster", "kafka:DescribeConfigurationRevision", "lambda:ListFunctions", "rds:DescribeAccountAttributes", "route53:GetHostedZone", "servicequotas:ListAWSDefaultServiceQuotas", "servicequotas:ListRequestedServiceQuotaChangeHistory", "servicequotas:ListServiceQuotas", "servicequotas:ListServices", "sns:GetEndpointAttributes", "sns:GetSubscriptionAttributes" ], "Resource": "*" } ] }, "VersionId": "v1" }, "Route53ResolverServiceRolePolicy": { "PolicyName": "Route53ResolverServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4AEMJZANMJ", "Arn": "arn:aws:iam::aws:policy/aws-service-role/Route53ResolverServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-08-12T17:47:24+00:00", "UpdateDate": "2020-08-12T17:47:24+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "logs:CreateLogDelivery", "logs:GetLogDelivery", "logs:UpdateLogDelivery", "logs:DeleteLogDelivery", "logs:ListLogDeliveries", "logs:DescribeResourcePolicies", "logs:DescribeLogGroups", "s3:GetBucketPolicy" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "S3StorageLensServiceRolePolicy": { "PolicyName": "S3StorageLensServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4IHOVJESMS", "Arn": "arn:aws:iam::aws:policy/aws-service-role/S3StorageLensServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-11-18T18:15:40+00:00", "UpdateDate": "2020-11-18T18:15:40+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "AwsOrgsAccess", "Effect": "Allow", "Action": [ "organizations:DescribeOrganization", "organizations:ListAccounts", "organizations:ListAWSServiceAccessForOrganization", "organizations:ListDelegatedAdministrators" ], "Resource": [ "*" ] } ] }, "VersionId": "v1" }, "SecretsManagerReadWrite": { "PolicyName": "SecretsManagerReadWrite", "PolicyId": "ANPAI3VG7CI5BIQZQ6G2E", "Arn": "arn:aws:iam::aws:policy/SecretsManagerReadWrite", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-04-04T18:05:29+00:00", "UpdateDate": "2020-06-24T18:01:22+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "secretsmanager:*", "cloudformation:CreateChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:DescribeStackResource", "cloudformation:DescribeStacks", "cloudformation:ExecuteChangeSet", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "kms:DescribeKey", "kms:ListAliases", "kms:ListKeys", "lambda:ListFunctions", "rds:DescribeDBClusters", "rds:DescribeDBInstances", "redshift:DescribeClusters", "tag:GetResources" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "lambda:AddPermission", "lambda:CreateFunction", "lambda:GetFunction", "lambda:InvokeFunction", "lambda:UpdateFunctionConfiguration" ], "Effect": "Allow", "Resource": "arn:aws:lambda:*:*:function:SecretsManager*" }, { "Action": [ "serverlessrepo:CreateCloudFormationChangeSet", "serverlessrepo:GetApplication" ], "Effect": "Allow", "Resource": "arn:aws:serverlessrepo:*:*:applications/SecretsManager*" }, { "Action": [ "s3:GetObject" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::awsserverlessrepo-changesets*", "arn:aws:s3:::secrets-manager-rotation-apps-*/*" ] } ] }, "VersionId": "v3" }, "SecurityAudit": { "PolicyName": "SecurityAudit", "PolicyId": "ANPAIX2T3QCXHR2OGGCTO", "Arn": "arn:aws:iam::aws:policy/SecurityAudit", "Path": "/", "DefaultVersionId": "v35", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:01+00:00", "UpdateDate": "2021-04-14T20:28:28+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Resource": "*", "Action": [ "access-analyzer:GetAnalyzedResource", "access-analyzer:GetAnalyzer", "access-analyzer:GetArchiveRule", "access-analyzer:GetFinding", "access-analyzer:ListAnalyzedResources", "access-analyzer:ListAnalyzers", "access-analyzer:ListArchiveRules", "access-analyzer:ListFindings", "access-analyzer:ListTagsForResource", "acm-pca:ListPermissions", "acm:Describe*", "acm:List*", "application-autoscaling:Describe*", "appmesh:Describe*", "appmesh:List*", "appsync:List*", "athena:GetWorkGroup", "athena:List*", "autoscaling-plans:DescribeScalingPlans", "autoscaling:Describe*", "batch:DescribeComputeEnvironments", "batch:DescribeJobDefinitions", "chime:List*", "cloud9:Describe*", "cloud9:ListEnvironments", "clouddirectory:ListDirectories", "cloudformation:DescribeStack*", "cloudformation:GetStackPolicy", "cloudformation:GetTemplate", "cloudformation:ListStack*", "cloudfront:Get*", "cloudfront:List*", "cloudhsm:ListHapgs", "cloudhsm:ListHsms", "cloudhsm:ListLunaClients", "cloudsearch:DescribeDomainEndpointOptions", "cloudsearch:DescribeDomains", "cloudsearch:DescribeServiceAccessPolicies", "cloudtrail:DescribeTrails", "cloudtrail:GetEventSelectors", "cloudtrail:GetTrailStatus", "cloudtrail:ListTags", "cloudtrail:LookupEvents", "cloudwatch:Describe*", "cloudwatch:ListTagsForResource", "codebuild:ListProjects", "codecommit:BatchGetRepositories", "codecommit:GetBranch", "codecommit:GetObjectIdentifier", "codecommit:GetRepository", "codecommit:GetRepositoryTriggers", "codecommit:List*", "codedeploy:Batch*", "codedeploy:Get*", "codedeploy:List*", "codepipeline:GetJobDetails", "codepipeline:GetPipeline", "codepipeline:GetPipelineExecution", "codepipeline:GetPipelineState", "codepipeline:ListPipelines", "codestar:Describe*", "codestar:List*", "cognito-identity:ListIdentityPools", "cognito-idp:DescribeIdentityProvider", "cognito-idp:DescribeResourceServer", "cognito-idp:DescribeRiskConfiguration", "cognito-idp:DescribeUserImportJob", "cognito-idp:DescribeUserPool", "cognito-idp:DescribeUserPoolClient", "cognito-idp:DescribeUserPoolDomain", "cognito-idp:ListDevices", "cognito-idp:ListGroups", "cognito-idp:ListIdentityProviders", "cognito-idp:ListResourceServers", "cognito-idp:ListTagsForResource", "cognito-idp:ListUserImportJobs", "cognito-idp:ListUserPoolClients", "cognito-idp:ListUserPools", "cognito-idp:ListUsers", "cognito-idp:ListUsersInGroup", "cognito-sync:Describe*", "cognito-sync:List*", "comprehend:Describe*", "comprehend:List*", "config:BatchGetAggregateResourceConfig", "config:BatchGetResourceConfig", "config:Deliver*", "config:Describe*", "config:Get*", "config:List*", "datapipeline:DescribeObjects", "datapipeline:DescribePipelines", "datapipeline:EvaluateExpression", "datapipeline:GetPipelineDefinition", "datapipeline:ListPipelines", "datapipeline:QueryObjects", "datapipeline:ValidatePipelineDefinition", "datasync:Describe*", "datasync:List*", "dax:Describe*", "dax:ListTags", "detective:GetGraphIngestState", "detective:ListGraphs", "detective:ListMembers", "directconnect:Describe*", "dms:Describe*", "dms:ListTagsForResource", "ds:DescribeDirectories", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeGlobalTable", "dynamodb:DescribeTable", "dynamodb:DescribeTimeToLive", "dynamodb:ListBackups", "dynamodb:ListGlobalTables", "dynamodb:ListStreams", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "ec2:Describe*", "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayMulticastDomains", "ec2:DescribeTransitGatewayPeeringAttachments", "ec2:DescribeTransitGatewayRouteTables", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribeTransitGateways", "ec2:GetManagedPrefixListAssociations", "ec2:GetManagedPrefixListEntries", "ec2:GetTransitGatewayAttachmentPropagations", "ec2:GetTransitGatewayMulticastDomainAssociations", "ec2:GetTransitGatewayPrefixListReferences", "ec2:GetTransitGatewayRouteTableAssociations", "ec2:GetTransitGatewayRouteTablePropagations", "ecr-public:DescribeImageTags", "ecr-public:DescribeImages", "ecr-public:DescribeRegistries", "ecr-public:DescribeRepositories", "ecr-public:GetRegistryCatalogData", "ecr-public:GetRepositoryCatalogData", "ecr-public:GetRepositoryPolicy", "ecr:DescribeImageScanFindings", "ecr:DescribeImages", "ecr:DescribeRepositories", "ecr:GetLifecyclePolicy", "ecr:GetRepositoryPolicy", "ecr:ListImages", "ecr:ListTagsForResource", "ecs:Describe*", "ecs:List*", "eks:DescribeCluster", "eks:DescribeNodeGroup", "eks:ListClusters", "eks:ListNodeGroups", "elasticache:Describe*", "elasticache:ListTagsForResource", "elasticbeanstalk:Describe*", "elasticbeanstalk:DescribeApplications", "elasticbeanstalk:ListTagsForResource", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargetSecurityGroups", "elasticfilesystem:DescribeMountTargets", "elasticloadbalancing:Describe*", "elasticmapreduce:Describe*", "elasticmapreduce:GetBlockPublicAccessConfiguration", "elasticmapreduce:ListClusters", "elasticmapreduce:ListInstances", "elasticmapreduce:ListSecurityConfigurations", "es:Describe*", "es:ListDomainNames", "es:ListElasticsearchInstanceTypeDetails", "es:ListElasticsearchVersions", "es:ListTags", "events:Describe*", "events:List*", "events:TestEventPattern", "firehose:Describe*", "firehose:List*", "fms:ListComplianceStatus", "fms:ListPolicies", "fsx:Describe*", "fsx:List*", "gamelift:ListBuilds", "gamelift:ListFleets", "glacier:DescribeVault", "glacier:GetVaultAccessPolicy", "glacier:ListVaults", "globalaccelerator:Describe*", "globalaccelerator:List*", "glue:GetCrawlers", "glue:GetDataCatalogEncryptionSettings", "glue:GetDatabases", "glue:GetDevEndpoints", "glue:GetJobs", "greengrass:List*", "guardduty:DescribePublishingDestination", "guardduty:Get*", "guardduty:List*", "iam:GenerateCredentialReport", "iam:GenerateServiceLastAccessedDetails", "iam:Get*", "iam:List*", "iam:SimulateCustomPolicy", "iam:SimulatePrincipalPolicy", "inspector:Describe*", "inspector:Get*", "inspector:List*", "inspector:Preview*", "iot:Describe*", "iot:GetPolicy", "iot:GetPolicyVersion", "iot:List*", "kinesis:DescribeLimits", "kinesis:DescribeStream", "kinesis:DescribeStreamConsumer", "kinesis:DescribeStreamSummary", "kinesis:ListStreamConsumers", "kinesis:ListStreams", "kinesis:ListTagsForStream", "kinesisanalytics:ListApplications", "kms:Describe*", "kms:Get*", "kms:List*", "lambda:GetAccountSettings", "lambda:GetFunctionConfiguration", "lambda:GetFunctionEventInvokeConfig", "lambda:GetLayerVersionPolicy", "lambda:GetPolicy", "lambda:List*", "license-manager:List*", "lightsail:GetInstances", "lightsail:GetLoadBalancers", "logs:Describe*", "logs:ListTagsLogGroup", "machinelearning:DescribeMLModels", "mediaconnect:Describe*", "mediaconnect:List*", "mediastore:GetContainerPolicy", "mediastore:ListContainers", "mq:DescribeBroker", "mq:DescribeBrokerEngineTypes", "mq:DescribeBrokerInstanceOptions", "mq:DescribeConfiguration", "mq:DescribeConfigurationRevision", "mq:DescribeUser", "mq:ListBrokers", "mq:ListConfigurationRevisions", "mq:ListConfigurations", "mq:ListTags", "mq:ListUsers", "network-firewall:ListFirewalls", "opsworks-cm:DescribeServers", "opsworks:DescribeStacks", "organizations:Describe*", "organizations:List*", "quicksight:Describe*", "quicksight:List*", "ram:List*", "rds:Describe*", "rds:DownloadDBLogFilePortion", "rds:ListTagsForResource", "redshift:Describe*", "rekognition:Describe*", "rekognition:List*", "robomaker:Describe*", "robomaker:List*", "route53:Get*", "route53:List*", "route53domains:GetDomainDetail", "route53domains:GetOperationDetail", "route53domains:ListDomains", "route53domains:ListOperations", "route53domains:ListTagsForDomain", "route53resolver:Get*", "route53resolver:List*", "s3:GetAccelerateConfiguration", "s3:GetAccessPoint", "s3:GetAccessPointPolicy", "s3:GetAccessPointPolicyStatus", "s3:GetAccountPublicAccessBlock", "s3:GetAnalyticsConfiguration", "s3:GetBucket*", "s3:GetEncryptionConfiguration", "s3:GetInventoryConfiguration", "s3:GetLifecycleConfiguration", "s3:GetMetricsConfiguration", "s3:GetObjectAcl", "s3:GetObjectVersionAcl", "s3:GetReplicationConfiguration", "s3:ListAccessPoints", "s3:ListAllMyBuckets", "sagemaker:Describe*", "sagemaker:List*", "schemas:DescribeCodeBinding", "schemas:DescribeDiscoverer", "schemas:DescribeRegistry", "schemas:DescribeSchema", "schemas:ListDiscoverers", "schemas:ListRegistries", "schemas:ListSchemaVersions", "schemas:ListSchemas", "schemas:ListTagsForResource", "sdb:DomainMetadata", "sdb:ListDomains", "secretsmanager:DescribeSecret", "secretsmanager:GetResourcePolicy", "secretsmanager:ListSecretVersionIds", "secretsmanager:ListSecrets", "securityhub:Describe*", "securityhub:Get*", "securityhub:List*", "serverlessrepo:GetApplicationPolicy", "serverlessrepo:List*", "servicequotas:GetAWSDefaultServiceQuota", "servicequotas:GetAssociationForServiceQuotaTemplate", "servicequotas:GetRequestedServiceQuotaChange", "servicequotas:GetServiceQuota", "servicequotas:GetServiceQuotaIncreaseRequestFromTemplate", "servicequotas:ListAWSDefaultServiceQuotas", "servicequotas:ListRequestedServiceQuotaChangeHistory", "servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota", "servicequotas:ListServiceQuotaIncreaseRequestsInTemplate", "servicequotas:ListServiceQuotas", "servicequotas:ListServices", "servicequotas:ListTagsForResource", "ses:GetIdentityDkimAttributes", "ses:GetIdentityPolicies", "ses:GetIdentityVerificationAttributes", "ses:ListIdentities", "ses:ListIdentityPolicies", "ses:ListVerifiedEmailAddresses", "shield:Describe*", "shield:List*", "snowball:ListClusters", "snowball:ListJobs", "sns:GetTopicAttributes", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTagsForResource", "sns:ListTopics", "sqs:GetQueueAttributes", "sqs:ListDeadLetterSourceQueues", "sqs:ListQueueTags", "sqs:ListQueues", "ssm:Describe*", "ssm:GetAutomationExecution", "ssm:ListAssociationVersions", "ssm:ListAssociations", "ssm:ListCommands", "ssm:ListComplianceItems", "ssm:ListComplianceSummaries", "ssm:ListDocumentMetadataHistory", "ssm:ListDocumentVersions", "ssm:ListDocuments", "ssm:ListInventoryEntries", "ssm:ListOpsMetadata", "ssm:ListResourceComplianceSummaries", "ssm:ListResourceDataSync", "ssm:ListTagsForResource", "sso:DescribePermissionsPolicies", "sso:List*", "states:ListStateMachines", "storagegateway:DescribeBandwidthRateLimit", "storagegateway:DescribeCache", "storagegateway:DescribeCachediSCSIVolumes", "storagegateway:DescribeGatewayInformation", "storagegateway:DescribeMaintenanceStartTime", "storagegateway:DescribeNFSFileShares", "storagegateway:DescribeSnapshotSchedule", "storagegateway:DescribeStorediSCSIVolumes", "storagegateway:DescribeTapeArchives", "storagegateway:DescribeTapeRecoveryPoints", "storagegateway:DescribeTapes", "storagegateway:DescribeUploadBuffer", "storagegateway:DescribeVTLDevices", "storagegateway:DescribeWorkingStorage", "storagegateway:List*", "support:DescribeTrustedAdvisorCheckRefreshStatuses", "support:DescribeTrustedAdvisorCheckResult", "support:DescribeTrustedAdvisorCheckSummaries", "support:DescribeTrustedAdvisorChecks", "tag:GetResources", "tag:GetTagKeys", "transfer:Describe*", "transfer:List*", "translate:List*", "trustedadvisor:Describe*", "waf-regional:GetWebACL", "waf-regional:ListResourcesForWebACL", "waf-regional:ListTagsForResource", "waf-regional:ListWebACLs", "waf:GetWebACL", "waf:ListTagsForResource", "waf:ListWebACLs", "wafv2:GetWebACL", "wafv2:ListAvailableManagedRuleGroups", "wafv2:ListIPSets", "wafv2:ListLoggingConfigurations", "wafv2:ListRegexPatternSets", "wafv2:ListResourcesForWebACL", "wafv2:ListRuleGroups", "wafv2:ListTagsForResource", "wafv2:ListWebACLs", "workdocs:DescribeResourcePermissions", "workspaces:Describe*", "xray:GetEncryptionConfig", "xray:GetGroup", "xray:GetGroups", "xray:GetSamplingRules", "xray:GetSamplingTargets", "xray:ListTagsForResource" ] }, { "Effect": "Allow", "Action": [ "apigateway:GET" ], "Resource": [ "arn:aws:apigateway:*::/apis", "arn:aws:apigateway:*::/apis/*/routes", "arn:aws:apigateway:*::/apis/*/stages", "arn:aws:apigateway:*::/apis/*/stages/*", "arn:aws:apigateway:*::/clientcertificates/*", "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/restapis/*/authorizers", "arn:aws:apigateway:*::/restapis/*/authorizers/*", "arn:aws:apigateway:*::/restapis/*/documentation/versions", "arn:aws:apigateway:*::/restapis/*/resources", "arn:aws:apigateway:*::/restapis/*/resources/*", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", "arn:aws:apigateway:*::/restapis/*/stages", "arn:aws:apigateway:*::/restapis/*/stages/*", "arn:aws:apigateway:*::/tags/*", "arn:aws:apigateway:*::/vpclinks" ] } ] }, "VersionId": "v35" }, "ServerMigrationConnector": { "PolicyName": "ServerMigrationConnector", "PolicyId": "ANPAJKZRWXIPK5HSG3QDQ", "Arn": "arn:aws:iam::aws:policy/ServerMigrationConnector", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-10-24T21:45:56+00:00", "UpdateDate": "2016-10-24T21:45:56+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:GetUser", "Resource": "*" }, { "Effect": "Allow", "Action": [ "sms:SendMessage", "sms:GetMessages" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteObject", "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:PutObject", "s3:PutObjectAcl", "s3:PutLifecycleConfiguration", "s3:AbortMultipartUpload", "s3:ListBucketMultipartUploads", "s3:ListMultipartUploadParts" ], "Resource": [ "arn:aws:s3:::sms-b-*", "arn:aws:s3:::import-to-ec2-*", "arn:aws:s3:::server-migration-service-upgrade", "arn:aws:s3:::server-migration-service-upgrade/*", "arn:aws:s3:::connector-platform-upgrade-info/*", "arn:aws:s3:::connector-platform-upgrade-info", "arn:aws:s3:::connector-platform-upgrade-bundles/*", "arn:aws:s3:::connector-platform-upgrade-bundles", "arn:aws:s3:::connector-platform-release-notes/*", "arn:aws:s3:::connector-platform-release-notes" ] }, { "Effect": "Allow", "Action": "awsconnector:*", "Resource": "*" }, { "Effect": "Allow", "Action": [ "SNS:Publish" ], "Resource": "arn:aws:sns:*:*:metrics-sns-topic-for-*" } ] }, "VersionId": "v1" }, "ServerMigrationServiceConsoleFullAccess": { "PolicyName": "ServerMigrationServiceConsoleFullAccess", "PolicyId": "ANPAZKAPJZG4IIEMRGEYB", "Arn": "arn:aws:iam::aws:policy/ServerMigrationServiceConsoleFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-05-09T17:18:57+00:00", "UpdateDate": "2020-07-20T22:00:37+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "sms:*" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "cloudformation:ListStacks", "cloudformation:DescribeStacks", "cloudformation:DescribeStackResources" ], "Effect": "Allow", "Resource": "*" }, { "Action": "s3:ListAllMyBuckets", "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::sms-app-*/*" }, { "Action": [ "ec2:DescribeKeyPairs", "ec2:DescribeVpcs", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "iam:ListRoles" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "iam:CreateServiceLinkedRole" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "sms.amazonaws.com" } }, "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:GetInstanceProfile", "Resource": "*" } ] }, "VersionId": "v2" }, "ServerMigrationServiceLaunchRole": { "PolicyName": "ServerMigrationServiceLaunchRole", "PolicyId": "ANPAIIIAAMVUCBR2OLXZO", "Arn": "arn:aws:iam::aws:policy/service-role/ServerMigrationServiceLaunchRole", "Path": "/service-role/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-26T19:53:06+00:00", "UpdateDate": "2020-10-15T17:29:00+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:ModifyInstanceAttribute", "ec2:StopInstances", "ec2:StartInstances", "ec2:TerminateInstances" ], "Resource": "*", "Condition": { "StringLike": { "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" } } }, { "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": "arn:aws:ec2:*:*:instance/*" }, { "Effect": "Allow", "Action": [ "ec2:DisassociateIamInstanceProfile", "ec2:AssociateIamInstanceProfile", "ec2:ReplaceIamInstanceProfileAssociation" ], "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "StringLike": { "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" } } }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "ec2.amazonaws.com" } } }, { "Effect": "Allow", "Action": [ "ec2:RunInstances", "ec2:Describe*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "applicationinsights:Describe*", "applicationinsights:List*", "cloudformation:ListStackResources", "cloudformation:DescribeStacks" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "applicationinsights:CreateApplication", "applicationinsights:CreateComponent", "applicationinsights:UpdateApplication", "applicationinsights:DeleteApplication", "applicationinsights:UpdateComponentConfiguration", "applicationinsights:DeleteComponent" ], "Resource": "arn:aws:applicationinsights:*:*:application/resource-group/sms-app-*" }, { "Effect": "Allow", "Action": [ "resource-groups:CreateGroup", "resource-groups:GetGroup", "resource-groups:UpdateGroup", "resource-groups:DeleteGroup" ], "Resource": "arn:aws:resource-groups:*:*:group/sms-app-*", "Condition": { "StringLike": { "aws:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" } } }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": [ "arn:aws:iam::*:role/aws-service-role/application-insights.amazonaws.com/AWSServiceRoleForApplicationInsights" ], "Condition": { "StringEquals": { "iam:AWSServiceName": "application-insights.amazonaws.com" } } } ] }, "VersionId": "v4" }, "ServerMigrationServiceRoleForInstanceValidation": { "PolicyName": "ServerMigrationServiceRoleForInstanceValidation", "PolicyId": "ANPAZKAPJZG4LJMOLEWUV", "Arn": "arn:aws:iam::aws:policy/service-role/ServerMigrationServiceRoleForInstanceValidation", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-07-20T22:25:07+00:00", "UpdateDate": "2020-07-20T22:25:07+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::sms-app-*/*" }, { "Effect": "Allow", "Action": "sms:NotifyAppValidationOutput", "Resource": "*" } ] }, "VersionId": "v1" }, "ServerMigration_ServiceRole": { "PolicyName": "ServerMigration_ServiceRole", "PolicyId": "ANPAZKAPJZG4NKLZNDFDI", "Arn": "arn:aws:iam::aws:policy/service-role/ServerMigration_ServiceRole", "Path": "/service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2020-08-11T20:41:44+00:00", "UpdateDate": "2020-10-15T17:26:32+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudformation:CreateChangeSet", "cloudformation:CreateStack" ], "Resource": "arn:aws:cloudformation:*:*:stack/sms-app-*/*", "Condition": { "Null": { "cloudformation:ResourceTypes": "false" }, "ForAllValues:StringEquals": { "cloudformation:ResourceTypes": [ "AWS::EC2::Instance", "AWS::ApplicationInsights::Application", "AWS::ResourceGroups::Group" ] } } }, { "Effect": "Allow", "Action": [ "cloudformation:DeleteStack", "cloudformation:ExecuteChangeSet", "cloudformation:DeleteChangeSet", "cloudformation:DescribeChangeSet", "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:GetTemplate" ], "Resource": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" }, { "Effect": "Allow", "Action": [ "cloudformation:ValidateTemplate", "s3:ListAllMyBuckets" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteObject", "s3:GetBucketAcl", "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:PutObject", "s3:PutObjectAcl", "s3:PutLifecycleConfiguration" ], "Resource": "arn:aws:s3:::sms-app-*" }, { "Effect": "Allow", "Action": [ "sms:CreateReplicationJob", "sms:DeleteReplicationJob", "sms:GetReplicationJobs", "sms:GetReplicationRuns", "sms:GetServers", "sms:ImportServerCatalog", "sms:StartOnDemandReplicationRun", "sms:UpdateReplicationJob" ], "Resource": "*" }, { "Effect": "Allow", "Action": "ssm:SendCommand", "Resource": [ "arn:aws:ssm:*::document/AWS-RunRemoteScript", "arn:aws:s3:::sms-app-*" ] }, { "Effect": "Allow", "Action": "ssm:SendCommand", "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "StringEquals": { "ssm:resourceTag/UseForSMSApplicationValidation": [ "true" ] } } }, { "Effect": "Allow", "Action": [ "ssm:CancelCommand", "ssm:GetCommandInvocation" ], "Resource": "*" }, { "Effect": "Allow", "Action": "ec2:CreateTags", "Resource": "arn:aws:ec2:*:*:snapshot/*", "Condition": { "StringEquals": { "ec2:CreateAction": "CopySnapshot" } } }, { "Effect": "Allow", "Action": "ec2:CopySnapshot", "Resource": "arn:aws:ec2:*:*:snapshot/*", "Condition": { "StringLike": { "aws:RequestTag/SMSJobId": [ "sms-*" ] } } }, { "Effect": "Allow", "Action": [ "ec2:ModifySnapshotAttribute", "ec2:DeleteSnapshot" ], "Resource": "arn:aws:ec2:*:*:snapshot/*", "Condition": { "StringLike": { "ec2:ResourceTag/SMSJobId": [ "sms-*" ] } } }, { "Effect": "Allow", "Action": [ "ec2:CopyImage", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeSnapshots", "ec2:DescribeSnapshotAttribute", "ec2:DeregisterImage", "ec2:ImportImage", "ec2:DescribeImportImageTasks", "ec2:GetEbsEncryptionByDefault" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iam:GetRole", "iam:GetInstanceProfile" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DisassociateIamInstanceProfile", "ec2:AssociateIamInstanceProfile", "ec2:ReplaceIamInstanceProfileAssociation" ], "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "StringLike": { "ec2:ResourceTag/aws:cloudformation:stack-id": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" } } }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "ec2.amazonaws.com" } } }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEqualsIfExists": { "iam:PassedToService": "cloudformation.amazonaws.com" }, "StringLike": { "iam:AssociatedResourceArn": "arn:aws:cloudformation:*:*:stack/sms-app-*/*" } } } ] }, "VersionId": "v2" }, "ServiceQuotasFullAccess": { "PolicyName": "ServiceQuotasFullAccess", "PolicyId": "ANPAZKAPJZG4CGHQWENW3", "Arn": "arn:aws:iam::aws:policy/ServiceQuotasFullAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-06-24T15:44:35+00:00", "UpdateDate": "2021-02-04T21:29:43+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "autoscaling:DescribeAccountLimits", "cloudformation:DescribeAccountLimits", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:PutMetricAlarm", "dynamodb:DescribeLimits", "elasticloadbalancing:DescribeAccountLimits", "iam:GetAccountSummary", "kinesis:DescribeLimits", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAWSServiceAccessForOrganization", "rds:DescribeAccountAttributes", "route53:GetAccountLimit", "tag:GetTagKeys", "tag:GetTagValues", "servicequotas:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudwatch:DeleteAlarms" ], "Resource": "*", "Condition": { "Null": { "aws:ResourceTag/ServiceQuotaMonitor": "false" } } }, { "Effect": "Allow", "Action": [ "organizations:EnableAWSServiceAccess" ], "Resource": "*", "Condition": { "StringLike": { "organizations:ServicePrincipal": [ "servicequotas.amazonaws.com" ] } } }, { "Effect": "Allow", "Action": [ "iam:CreateServiceLinkedRole" ], "Resource": "*", "Condition": { "StringEquals": { "iam:AWSServiceName": "servicequotas.amazonaws.com" } } } ] }, "VersionId": "v4" }, "ServiceQuotasReadOnlyAccess": { "PolicyName": "ServiceQuotasReadOnlyAccess", "PolicyId": "ANPAZKAPJZG4ITU2HGGUJ", "Arn": "arn:aws:iam::aws:policy/ServiceQuotasReadOnlyAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-06-24T15:31:06+00:00", "UpdateDate": "2020-12-21T18:11:57+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "autoscaling:DescribeAccountLimits", "cloudformation:DescribeAccountLimits", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "dynamodb:DescribeLimits", "elasticloadbalancing:DescribeAccountLimits", "iam:GetAccountSummary", "kinesis:DescribeLimits", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:ListAWSServiceAccessForOrganization", "rds:DescribeAccountAttributes", "route53:GetAccountLimit", "tag:GetTagKeys", "tag:GetTagValues", "servicequotas:GetAssociationForServiceQuotaTemplate", "servicequotas:GetAWSDefaultServiceQuota", "servicequotas:GetRequestedServiceQuotaChange", "servicequotas:GetServiceQuota", "servicequotas:GetServiceQuotaIncreaseRequestFromTemplate", "servicequotas:ListAWSDefaultServiceQuotas", "servicequotas:ListRequestedServiceQuotaChangeHistory", "servicequotas:ListRequestedServiceQuotaChangeHistoryByQuota", "servicequotas:ListServices", "servicequotas:ListServiceQuotas", "servicequotas:ListServiceQuotaIncreaseRequestsInTemplate", "servicequotas:ListTagsForResource" ], "Resource": "*" } ] }, "VersionId": "v2" }, "ServiceQuotasServiceRolePolicy": { "PolicyName": "ServiceQuotasServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4FCG7EVJIR", "Arn": "arn:aws:iam::aws:policy/aws-service-role/ServiceQuotasServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-05-22T20:44:17+00:00", "UpdateDate": "2019-06-24T14:52:56+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "support:*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v2" }, "SimpleWorkflowFullAccess": { "PolicyName": "SimpleWorkflowFullAccess", "PolicyId": "ANPAIFE3AV6VE7EANYBVM", "Arn": "arn:aws:iam::aws:policy/SimpleWorkflowFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-02-06T18:41:04+00:00", "UpdateDate": "2015-02-06T18:41:04+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "swf:*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v1" }, "SupportUser": { "PolicyName": "SupportUser", "PolicyId": "ANPAI3V4GSSN5SJY3P2RO", "Arn": "arn:aws:iam::aws:policy/job-function/SupportUser", "Path": "/job-function/", "DefaultVersionId": "v5", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-11-10T17:21:53+00:00", "UpdateDate": "2021-06-11T19:46:10+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "support:*", "acm:DescribeCertificate", "acm:GetCertificate", "acm:List*", "acm-pca:DescribeCertificateAuthority", "acm-pca:ListCertificateAuthorities", "apigateway:GET", "autoscaling:Describe*", "aws-marketplace:ViewSubscriptions", "cloudformation:Describe*", "cloudformation:Get*", "cloudformation:List*", "cloudformation:EstimateTemplateCost", "cloudfront:Get*", "cloudfront:List*", "cloudsearch:Describe*", "cloudsearch:List*", "cloudtrail:DescribeTrails", "cloudtrail:GetTrailStatus", "cloudtrail:LookupEvents", "cloudtrail:ListTags", "cloudtrail:ListPublicKeys", "cloudwatch:Describe*", "cloudwatch:Get*", "cloudwatch:List*", "codecommit:BatchGetRepositories", "codecommit:Get*", "codecommit:List*", "codedeploy:Batch*", "codedeploy:Get*", "codedeploy:List*", "codepipeline:AcknowledgeJob", "codepipeline:AcknowledgeThirdPartyJob", "codepipeline:ListActionTypes", "codepipeline:ListPipelines", "codepipeline:PollForJobs", "codepipeline:PollForThirdPartyJobs", "codepipeline:GetPipelineState", "codepipeline:GetPipeline", "cognito-identity:List*", "cognito-identity:LookupDeveloperIdentity", "cognito-identity:Describe*", "cognito-idp:Describe*", "cognito-idp:List*", "cognito-sync:Describe*", "cognito-sync:GetBulkPublishDetails", "cognito-sync:GetCognitoEvents", "cognito-sync:GetIdentityPoolConfiguration", "cognito-sync:List*", "config:DescribeConfigurationRecorders", "config:DescribeConfigurationRecorderStatus", "config:DescribeConfigRuleEvaluationStatus", "config:DescribeConfigRules", "config:DescribeDeliveryChannels", "config:DescribeDeliveryChannelStatus", "config:GetResourceConfigHistory", "config:ListDiscoveredResources", "datapipeline:DescribeObjects", "datapipeline:DescribePipelines", "datapipeline:GetPipelineDefinition", "datapipeline:ListPipelines", "datapipeline:QueryObjects", "datapipeline:ReportTaskProgress", "datapipeline:ReportTaskRunnerHeartbeat", "devicefarm:List*", "devicefarm:Get*", "directconnect:Describe*", "discovery:Describe*", "discovery:ListConfigurations", "dms:Describe*", "dms:List*", "ds:DescribeDirectories", "ds:DescribeSnapshots", "ds:GetDirectoryLimits", "ds:GetSnapshotLimits", "ds:ListAuthorizedApplications", "dynamodb:DescribeLimits", "dynamodb:DescribeTable", "dynamodb:ListTables", "ec2:Describe*", "ec2:DescribeHosts", "ec2:describeIdentityIdFormat", "ec2:DescribeIdFormat", "ec2:DescribeInstanceAttribute", "ec2:DescribeNatGateways", "ec2:DescribeReservedInstancesModifications", "ec2:DescribeTags", "ecr:GetRepositoryPolicy", "ecr:BatchCheckLayerAvailability", "ecr:DescribeRepositories", "ecr:ListImages", "ecs:Describe*", "ecs:List*", "elasticache:Describe*", "elasticache:List*", "elasticbeanstalk:Check*", "elasticbeanstalk:Describe*", "elasticbeanstalk:List*", "elasticbeanstalk:RequestEnvironmentInfo", "elasticbeanstalk:RetrieveEnvironmentInfo", "elasticbeanstalk:ValidateConfigurationSettings", "elasticfilesystem:Describe*", "elasticloadbalancing:Describe*", "elasticmapreduce:Describe*", "elasticmapreduce:List*", "elastictranscoder:List*", "elastictranscoder:ReadJob", "elasticfilesystem:DescribeFileSystems", "es:Describe*", "es:List*", "es:ESHttpGet", "es:ESHttpHead", "events:DescribeRule", "events:List*", "events:TestEventPattern", "firehose:Describe*", "firehose:List*", "gamelift:List*", "gamelift:Describe*", "glacier:ListVaults", "glacier:DescribeVault", "glacier:DescribeJob", "glacier:Get*", "glacier:List*", "iam:GenerateCredentialReport", "iam:GenerateServiceLastAccessedDetails", "iam:Get*", "iam:List*", "importexport:GetStatus", "importexport:ListJobs", "inspector:Describe*", "inspector:List*", "iot:Describe*", "iot:Get*", "iot:List*", "kinesisanalytics:DescribeApplication", "kinesisanalytics:DiscoverInputSchema", "kinesisanalytics:GetApplicationState", "kinesisanalytics:ListApplications", "kinesis:Describe*", "kinesis:Get*", "kinesis:List*", "kms:Describe*", "kms:Get*", "kms:List*", "lambda:List*", "lambda:Get*", "logs:Describe*", "logs:TestMetricFilter", "machinelearning:Describe*", "machinelearning:Get*", "mobilehub:GetProject", "mobilehub:List*", "mobilehub:ValidateProject", "mobilehub:VerifyServiceRole", "opsworks:Describe*", "rds:Describe*", "rds:ListTagsForResource", "redshift:Describe*", "route53:Get*", "route53:List*", "route53domains:CheckDomainAvailability", "route53domains:GetDomainDetail", "route53domains:GetOperationDetail", "route53domains:List*", "s3:List*", "sdb:GetAttributes", "sdb:List*", "sdb:Select*", "servicecatalog:SearchProducts", "servicecatalog:DescribeProduct", "servicecatalog:DescribeProductView", "servicecatalog:ListLaunchPaths", "servicecatalog:DescribeProvisioningParameters", "servicecatalog:ListRecordHistory", "servicecatalog:DescribeRecord", "servicecatalog:ScanProvisionedProducts", "ses:Get*", "ses:List*", "sns:Get*", "sns:List*", "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sqs:ListQueues", "sqs:ReceiveMessage", "ssm:List*", "ssm:Describe*", "storagegateway:Describe*", "storagegateway:List*", "swf:Count*", "swf:Describe*", "swf:Get*", "swf:List*", "waf:Get*", "waf:List*", "workspaces:Describe*", "workdocs:Describe*", "workmail:Describe*", "workmail:Get*", "workspaces:Describe*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v5" }, "SystemAdministrator": { "PolicyName": "SystemAdministrator", "PolicyId": "ANPAITJPEZXCYCBXANDSW", "Arn": "arn:aws:iam::aws:policy/job-function/SystemAdministrator", "Path": "/job-function/", "DefaultVersionId": "v6", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-11-10T17:23:56+00:00", "UpdateDate": "2020-08-24T20:05:29+00:00", "Document": { "Statement": [ { "Action": [ "acm:Describe*", "acm:Get*", "acm:List*", "acm:Request*", "acm:Resend*", "autoscaling:*", "cloudtrail:DescribeTrails", "cloudtrail:GetTrailStatus", "cloudtrail:ListPublicKeys", "cloudtrail:ListTags", "cloudtrail:LookupEvents", "cloudtrail:StartLogging", "cloudtrail:StopLogging", "cloudwatch:*", "codecommit:BatchGetRepositories", "codecommit:CreateBranch", "codecommit:CreateRepository", "codecommit:Get*", "codecommit:GitPull", "codecommit:GitPush", "codecommit:List*", "codecommit:Put*", "codecommit:Test*", "codecommit:Update*", "codedeploy:*", "codepipeline:*", "config:*", "ds:*", "ec2:Allocate*", "ec2:AssignPrivateIpAddresses*", "ec2:Associate*", "ec2:Allocate*", "ec2:AttachInternetGateway", "ec2:AttachNetworkInterface", "ec2:AttachVpnGateway", "ec2:Bundle*", "ec2:Cancel*", "ec2:Copy*", "ec2:CreateCustomerGateway", "ec2:CreateDhcpOptions", "ec2:CreateFlowLogs", "ec2:CreateImage", "ec2:CreateInstanceExportTask", "ec2:CreateInternetGateway", "ec2:CreateKeyPair", "ec2:CreateLaunchTemplate", "ec2:CreateLaunchTemplateVersion", "ec2:CreateNatGateway", "ec2:CreateNetworkInterface", "ec2:CreatePlacementGroup", "ec2:CreateReservedInstancesListing", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSnapshot", "ec2:CreateSpotDatafeedSubscription", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVolume", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:CreateVpnConnection", "ec2:CreateVpnConnectionRoute", "ec2:CreateVpnGateway", "ec2:DeleteFlowLogs", "ec2:DeleteKeyPair", "ec2:DeleteLaunchTemplate", "ec2:DeleteLaunchTemplateVersions", "ec2:DeleteNatGateway", "ec2:DeleteNetworkInterface", "ec2:DeletePlacementGroup", "ec2:DeleteSnapshot", "ec2:DeleteSpotDatafeedSubscription", "ec2:DeleteSubnet", "ec2:DeleteTags", "ec2:DeleteVpc", "ec2:DeleteVpcEndpoints", "ec2:DeleteVpnConnection", "ec2:DeleteVpnConnectionRoute", "ec2:DeleteVpnGateway", "ec2:DeregisterImage", "ec2:Describe*", "ec2:DetachInternetGateway", "ec2:DetachNetworkInterface", "ec2:DetachVpnGateway", "ec2:DisableVgwRoutePropagation", "ec2:DisableVpcClassicLinkDnsSupport", "ec2:DisassociateAddress", "ec2:DisassociateRouteTable", "ec2:EnableVgwRoutePropagation", "ec2:EnableVolumeIO", "ec2:EnableVpcClassicLinkDnsSupport", "ec2:GetConsoleOutput", "ec2:GetHostReservationPurchasePreview", "ec2:GetLaunchTemplateData", "ec2:GetPasswordData", "ec2:Import*", "ec2:Modify*", "ec2:MonitorInstances", "ec2:MoveAddressToVpc", "ec2:Purchase*", "ec2:RegisterImage", "ec2:Release*", "ec2:Replace*", "ec2:ReportInstanceStatus", "ec2:Request*", "ec2:Reset*", "ec2:RestoreAddressToClassic", "ec2:RunScheduledInstances", "ec2:UnassignPrivateIpAddresses", "ec2:UnmonitorInstances", "ec2:UpdateSecurityGroupRuleDescriptionsEgress", "ec2:UpdateSecurityGroupRuleDescriptionsIngress", "elasticloadbalancing:*", "events:*", "iam:GetAccount*", "iam:GetContextKeys*", "iam:GetCredentialReport", "iam:ListAccountAliases", "iam:ListGroups", "iam:ListOpenIDConnectProviders", "iam:ListPolicies", "iam:ListPoliciesGrantingServiceAccess", "iam:ListRoles", "iam:ListSAMLProviders", "iam:ListServerCertificates", "iam:Simulate*", "iam:UpdateServerCertificate", "iam:UpdateSigningCertificate", "kinesis:ListStreams", "kinesis:PutRecord", "kms:CreateAlias", "kms:CreateKey", "kms:DeleteAlias", "kms:Describe*", "kms:GenerateRandom", "kms:Get*", "kms:List*", "kms:Encrypt", "kms:ReEncrypt*", "lambda:Create*", "lambda:Delete*", "lambda:Get*", "lambda:InvokeFunction", "lambda:List*", "lambda:PublishVersion", "lambda:Update*", "logs:*", "rds:Describe*", "rds:ListTagsForResource", "route53:*", "route53domains:*", "ses:*", "sns:*", "sqs:*", "trustedadvisor:*" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "ec2:AcceptVpcPeeringConnection", "ec2:AttachClassicLinkVpc", "ec2:AttachVolume", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateVpcPeeringConnection", "ec2:DeleteCustomerGateway", "ec2:DeleteDhcpOptions", "ec2:DeleteInternetGateway", "ec2:DeleteNetworkAcl*", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DeleteSecurityGroup", "ec2:DeleteVolume", "ec2:DeleteVpcPeeringConnection", "ec2:DetachClassicLinkVpc", "ec2:DetachVolume", "ec2:DisableVpcClassicLink", "ec2:EnableVpcClassicLink", "ec2:GetConsoleScreenshot", "ec2:RebootInstances", "ec2:RejectVpcPeeringConnection", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": "s3:*", "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "iam:GetAccessKeyLastUsed", "iam:GetGroup*", "iam:GetInstanceProfile", "iam:GetLoginProfile", "iam:GetOpenIDConnectProvider", "iam:GetPolicy*", "iam:GetRole*", "iam:GetSAMLProvider", "iam:GetSSHPublicKey", "iam:GetServerCertificate", "iam:GetServiceLastAccessed*", "iam:GetUser*", "iam:ListAccessKeys", "iam:ListAttached*", "iam:ListEntitiesForPolicy", "iam:ListGroupPolicies", "iam:ListGroupsForUser", "iam:ListInstanceProfiles*", "iam:ListMFADevices", "iam:ListPolicyVersions", "iam:ListRolePolicies", "iam:ListSSHPublicKeys", "iam:ListSigningCertificates", "iam:ListUserPolicies", "iam:Upload*" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "iam:GetRole", "iam:ListRoles", "iam:PassRole" ], "Effect": "Allow", "Resource": [ "arn:aws:iam::*:role/rds-monitoring-role", "arn:aws:iam::*:role/ec2-sysadmin-*", "arn:aws:iam::*:role/ecr-sysadmin-*", "arn:aws:iam::*:role/lambda-sysadmin-*" ] } ], "Version": "2012-10-17" }, "VersionId": "v6" }, "TranslateFullAccess": { "PolicyName": "TranslateFullAccess", "PolicyId": "ANPAIAPOAEI2VFQYUK5RY", "Arn": "arn:aws:iam::aws:policy/TranslateFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-27T23:36:20+00:00", "UpdateDate": "2020-01-08T21:22:27+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "translate:*", "comprehend:DetectDominantLanguage", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:GetBucketLocation", "iam:ListRoles", "iam:GetRole" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v2" }, "TranslateReadOnly": { "PolicyName": "TranslateReadOnly", "PolicyId": "ANPAJYAMZMTQNWUDJKY2E", "Arn": "arn:aws:iam::aws:policy/TranslateReadOnly", "Path": "/", "DefaultVersionId": "v6", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2017-11-29T18:22:00+00:00", "UpdateDate": "2020-11-23T17:31:06+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "translate:TranslateText", "translate:GetTerminology", "translate:ListTerminologies", "translate:ListTextTranslationJobs", "translate:DescribeTextTranslationJob", "translate:GetParallelData", "translate:ListParallelData", "comprehend:DetectDominantLanguage", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v6" }, "VMImportExportRoleForAWSConnector": { "PolicyName": "VMImportExportRoleForAWSConnector", "PolicyId": "ANPAJFLQOOJ6F5XNX4LAW", "Arn": "arn:aws:iam::aws:policy/service-role/VMImportExportRoleForAWSConnector", "Path": "/service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2015-09-03T20:48:59+00:00", "UpdateDate": "2015-09-03T20:48:59+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetBucketLocation", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::import-to-ec2-*" ] }, { "Effect": "Allow", "Action": [ "ec2:ModifySnapshotAttribute", "ec2:CopySnapshot", "ec2:RegisterImage", "ec2:Describe*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "ViewOnlyAccess": { "PolicyName": "ViewOnlyAccess", "PolicyId": "ANPAID22R6XPJATWOFDK6", "Arn": "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess", "Path": "/job-function/", "DefaultVersionId": "v11", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2016-11-10T17:20:15+00:00", "UpdateDate": "2021-06-11T19:27:03+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "acm:ListCertificates", "athena:List*", "aws-marketplace:ViewSubscriptions", "autoscaling:Describe*", "batch:ListJobs", "clouddirectory:ListAppliedSchemaArns", "clouddirectory:ListDevelopmentSchemaArns", "clouddirectory:ListDirectories", "clouddirectory:ListPublishedSchemaArns", "cloudformation:List*", "cloudformation:DescribeStacks", "cloudfront:List*", "cloudhsm:ListAvailableZones", "cloudhsm:ListLunaClients", "cloudhsm:ListHapgs", "cloudhsm:ListHsms", "cloudsearch:List*", "cloudsearch:DescribeDomains", "cloudtrail:DescribeTrails", "cloudtrail:LookupEvents", "cloudwatch:List*", "cloudwatch:Get*", "codebuild:ListBuilds*", "codebuild:ListProjects", "codecommit:List*", "codedeploy:List*", "codedeploy:Get*", "codepipeline:ListPipelines", "codestar:List*", "cognito-idp:List*", "cognito-identity:ListIdentities", "cognito-identity:ListIdentityPools", "cognito-sync:ListDatasets", "connect:List*", "config:List*", "config:Describe*", "datapipeline:ListPipelines", "datapipeline:DescribePipelines", "datapipeline:GetAccountLimits", "dax:DescribeClusters", "dax:DescribeDefaultParameters", "dax:DescribeEvents", "dax:DescribeParameterGroups", "dax:DescribeParameters", "dax:DescribeSubnetGroups", "dax:ListTags", "devicefarm:List*", "directconnect:Describe*", "discovery:List*", "dms:List*", "ds:DescribeDirectories", "dynamodb:DescribeBackup", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeGlobalTable", "dynamodb:DescribeGlobalTableSettings", "dynamodb:DescribeLimits", "dynamodb:DescribeReservedCapacity", "dynamodb:DescribeReservedCapacityOfferings", "dynamodb:DescribeStream", "dynamodb:DescribeTable", "dynamodb:DescribeTimeToLive", "dynamodb:ListBackups", "dynamodb:ListGlobalTables", "dynamodb:ListStreams", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeBundleTasks", "ec2:DescribeClassicLinkInstances", "ec2:DescribeConversionTasks", "ec2:DescribeCustomerGateways", "ec2:DescribeDhcpOptions", "ec2:DescribeExportTasks", "ec2:DescribeFlowLogs", "ec2:DescribeHost*", "ec2:DescribeIdentityIdFormat", "ec2:DescribeIdFormat", "ec2:DescribeImage*", "ec2:DescribeImport*", "ec2:DescribeInstance*", "ec2:DescribeInternetGateways", "ec2:DescribeKeyPairs", "ec2:DescribeMovingAddresses", "ec2:DescribeNatGateways", "ec2:DescribeNetwork*", "ec2:DescribePlacementGroups", "ec2:DescribePrefixLists", "ec2:DescribeRegions", "ec2:DescribeReserved*", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshot*", "ec2:DescribeSpot*", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVolume*", "ec2:DescribeVpc*", "ec2:DescribeVpnGateways", "ecr:DescribeRepositories", "ecr:ListImages", "ecs:List*", "ecs:Describe*", "elasticache:Describe*", "elasticbeanstalk:DescribeApplicationVersions", "elasticbeanstalk:DescribeApplications", "elasticbeanstalk:DescribeEnvironments", "elasticbeanstalk:ListAvailableSolutionStacks", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeTargetGroups", "elasticfilesystem:DescribeFileSystems", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeTargetHealth", "elasticmapreduce:List*", "elastictranscoder:List*", "es:DescribeElasticsearchDomain", "es:DescribeElasticsearchDomains", "es:ListDomainNames", "events:ListRuleNamesByTarget", "events:ListRules", "events:ListTargetsByRule", "firehose:List*", "firehose:DescribeDeliveryStream", "fsx:DescribeFileSystems", "gamelift:List*", "glacier:List*", "greengrass:List*", "iam:List*", "iam:GetAccountSummary", "iam:GetLoginProfile", "importexport:ListJobs", "inspector:List*", "iot:List*", "kinesis:ListStreams", "kinesisanalytics:ListApplications", "kms:ListKeys", "lambda:List*", "lex:GetBotAliases", "lex:GetBotChannelAssociations", "lex:GetBots", "lex:GetBotVersions", "lex:GetIntents", "lex:GetIntentVersions", "lex:GetSlotTypes", "lex:GetSlotTypeVersions", "lex:GetUtterancesView", "lightsail:GetBlueprints", "lightsail:GetBundles", "lightsail:GetInstances", "lightsail:GetInstanceSnapshots", "lightsail:GetKeyPair", "lightsail:GetRegions", "lightsail:GetStaticIps", "lightsail:IsVpcPeered", "logs:Describe*", "machinelearning:Describe*", "mobilehub:ListAvailableFeatures", "mobilehub:ListAvailableRegions", "mobilehub:ListProjects", "opsworks:Describe*", "opsworks-cm:Describe*", "organizations:List*", "outposts:GetOutpost", "outposts:GetOutpostInstanceTypes", "outposts:ListOutposts", "outposts:ListSites", "outposts:ListTagsForResource", "mobiletargeting:GetApplicationSettings", "mobiletargeting:GetCampaigns", "mobiletargeting:GetImportJobs", "mobiletargeting:GetSegments", "polly:Describe*", "polly:List*", "rds:Describe*", "redshift:DescribeClusters", "redshift:DescribeEvents", "redshift:ViewQueriesInConsole", "route53:List*", "route53:Get*", "route53domains:List*", "route53resolver:Get*", "route53resolver:List*", "s3:ListAllMyBuckets", "s3:ListBucket", "sagemaker:Describe*", "sagemaker:List*", "sdb:List*", "servicecatalog:List*", "ses:List*", "shield:List*", "states:ListActivities", "states:ListStateMachines", "sns:List*", "sqs:ListQueues", "ssm:ListAssociations", "ssm:ListDocuments", "storagegateway:ListGateways", "storagegateway:ListLocalDisks", "storagegateway:ListVolumeRecoveryPoints", "storagegateway:ListVolumes", "swf:List*", "trustedadvisor:Describe*", "waf:List*", "waf-regional:List*", "wafv2:List*", "workdocs:DescribeAvailableDirectories", "workdocs:DescribeInstances", "workmail:Describe*", "workspaces:Describe*" ], "Effect": "Allow", "Resource": "*" } ] }, "VersionId": "v11" }, "WAFLoggingServiceRolePolicy": { "PolicyName": "WAFLoggingServiceRolePolicy", "PolicyId": "ANPAJZ7N545GUNUHNTYOM", "Arn": "arn:aws:iam::aws:policy/aws-service-role/WAFLoggingServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-08-24T21:05:47+00:00", "UpdateDate": "2018-08-24T21:05:47+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "firehose:PutRecord", "firehose:PutRecordBatch" ], "Resource": [ "arn:aws:firehose:*:*:deliverystream/aws-waf-logs-*" ] } ] }, "VersionId": "v1" }, "WAFRegionalLoggingServiceRolePolicy": { "PolicyName": "WAFRegionalLoggingServiceRolePolicy", "PolicyId": "ANPAJE43HAZMEH4CI6SU2", "Arn": "arn:aws:iam::aws:policy/aws-service-role/WAFRegionalLoggingServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-08-24T18:40:55+00:00", "UpdateDate": "2018-08-24T18:40:55+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "firehose:PutRecord", "firehose:PutRecordBatch" ], "Resource": [ "arn:aws:firehose:*:*:deliverystream/aws-waf-logs-*" ] } ] }, "VersionId": "v1" }, "WAFV2LoggingServiceRolePolicy": { "PolicyName": "WAFV2LoggingServiceRolePolicy", "PolicyId": "ANPAZKAPJZG4AHQ3ASNCX", "Arn": "arn:aws:iam::aws:policy/aws-service-role/WAFV2LoggingServiceRolePolicy", "Path": "/aws-service-role/", "DefaultVersionId": "v2", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-11-07T00:40:56+00:00", "UpdateDate": "2020-07-23T17:04:25+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "firehose:PutRecord", "firehose:PutRecordBatch" ], "Resource": [ "arn:aws:firehose:*:*:deliverystream/aws-waf-logs-*" ] }, { "Effect": "Allow", "Action": "organizations:DescribeOrganization", "Resource": "*" } ] }, "VersionId": "v2" }, "WellArchitectedConsoleFullAccess": { "PolicyName": "WellArchitectedConsoleFullAccess", "PolicyId": "ANPAIH6HSBHM3VSYC5SKA", "Arn": "arn:aws:iam::aws:policy/WellArchitectedConsoleFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-29T18:19:23+00:00", "UpdateDate": "2018-11-29T18:19:23+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "wellarchitected:*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "WellArchitectedConsoleReadOnlyAccess": { "PolicyName": "WellArchitectedConsoleReadOnlyAccess", "PolicyId": "ANPAIUTK35NDTYF6T2GFY", "Arn": "arn:aws:iam::aws:policy/WellArchitectedConsoleReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2018-11-29T18:21:08+00:00", "UpdateDate": "2018-11-29T18:21:08+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "wellarchitected:Get*", "wellarchitected:List*" ], "Resource": "*" } ] }, "VersionId": "v1" }, "WorkLinkServiceRolePolicy": { "PolicyName": "WorkLinkServiceRolePolicy", "PolicyId": "ANPAJ6JTE3DI5JOULLNLS", "Arn": "arn:aws:iam::aws:policy/WorkLinkServiceRolePolicy", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 0, "PermissionsBoundaryUsageCount": 0, "IsAttachable": true, "CreateDate": "2019-01-23T19:03:45+00:00", "UpdateDate": "2019-01-23T19:03:45+00:00", "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:CreateNetworkInterfacePermission", "ec2:ModifyNetworkInterfaceAttribute", "ec2:DeleteNetworkInterface" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "kinesis:PutRecord", "kinesis:PutRecords" ], "Resource": "arn:aws:kinesis:*:*:stream/AmazonWorkLink-*" } ] }, "VersionId": "v1" } }