{ "arn:aws:iam::aws:policy/AWSDirectConnectReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "directconnect:Describe*" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonGlacierReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "glacier:ListVaults", "glacier:DescribeVault", "glacier:GetVaultNotifications", "glacier:ListJobs", "glacier:DescribeJob", "glacier:GetJobOutput" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSMarketplaceFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "aws-marketplace:*", "cloudformation:CreateStack", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks", "cloudformation:List*", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DeleteSecurityGroup", "ec2:DescribeAccountAttributes", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcs", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonRDSFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "rds:*", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStatistics", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "sns:ListSubscriptions", "sns:ListTopics" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonEC2FullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": "ec2:*", "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": "elasticloadbalancing:*", "Resource": "*" }, { "Effect": "Allow", "Action": "cloudwatch:*", "Resource": "*" }, { "Effect": "Allow", "Action": "autoscaling:*", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSElasticBeanstalkReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "elasticbeanstalk:Check*", "elasticbeanstalk:Describe*", "elasticbeanstalk:List*", "elasticbeanstalk:RequestEnvironmentInfo", "elasticbeanstalk:RetrieveEnvironmentInfo", "ec2:Describe*", "elasticloadbalancing:Describe*", "autoscaling:Describe*", "cloudwatch:Describe*", "cloudwatch:List*", "cloudwatch:Get*", "s3:Get*", "s3:List*", "sns:Get*", "sns:List*", "cloudformation:Describe*", "cloudformation:Get*", "cloudformation:List*", "cloudformation:Validate*", "cloudformation:Estimate*", "rds:Describe*", "sqs:Get*", "sqs:List*" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonSQSFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "sqs:*" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSLambdaFullAccess": { "VersionId": "v2", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:*", "cognito-identity:ListIdentityPools", "cognito-sync:GetCognitoEvents", "cognito-sync:SetCognitoEvents", "dynamodb:*", "iam:ListAttachedRolePolicies", "iam:ListRolePolicies", "iam:ListRoles", "iam:PassRole", "kinesis:DescribeStream", "kinesis:ListStreams", "kinesis:PutRecord", "lambda:*", "logs:*", "s3:*", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "sns:Subscribe", "sns:Unsubscribe" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData", "ds:CreateComputer", "ds:DescribeDirectories", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:PutLogEvents", "ssm:DescribeAssociation", "ssm:GetDocument", "ssm:ListAssociations", "ssm:UpdateAssociationStatus" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/service-role/AWSCloudHSMRole": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:CreateTags", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DetachNetworkInterface" ], "Resource": [ "*" ] } ] } }, "arn:aws:iam::aws:policy/IAMFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:*", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonElastiCacheFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": "elasticache:*", "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:GetObject", "s3:GetObjectVersion", "s3:ListObjects" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSOpsWorksFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "opsworks:*", "ec2:DescribeAvailabilityZones", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancers", "iam:GetRolePolicy", "iam:ListInstanceProfiles", "iam:ListRoles", "iam:ListUsers", "iam:PassRole" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole": { "VersionId": "v2", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Resource": "*", "Action": [ "ec2:AuthorizeSecurityGroupIngress", "ec2:CancelSpotInstanceRequests", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DeleteTags", "ec2:DescribeAvailabilityZones", "ec2:DescribeAccountAttributes", "ec2:DescribeInstances", "ec2:DescribeInstanceStatus", "ec2:DescribeKeyPairs", "ec2:DescribePrefixLists", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeSpotPriceHistory", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcEndpointServices", "ec2:DescribeVpcs", "ec2:ModifyImageAttribute", "ec2:ModifyInstanceAttribute", "ec2:RequestSpotInstances", "ec2:RunInstances", "ec2:TerminateInstances", "iam:GetRole", "iam:GetRolePolicy", "iam:ListInstanceProfiles", "iam:ListRolePolicies", "iam:PassRole", "s3:CreateBucket", "s3:Get*", "s3:List*", "sdb:BatchPutAttributes", "sdb:Select", "sqs:CreateQueue", "sqs:Delete*", "sqs:GetQueue*", "sqs:ReceiveMessage" ] } ] } }, "arn:aws:iam::aws:policy/AmazonRoute53DomainsReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "route53domains:Get*", "route53domains:List*" ], "Resource": [ "*" ] } ] } }, "arn:aws:iam::aws:policy/service-role/AWSOpsWorksRole": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:GetMetricStatistics", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancers", "iam:GetRolePolicy", "iam:ListInstanceProfiles", "iam:ListRoles", "iam:ListUsers", "iam:PassRole", "opsworks:*", "rds:*" ], "Resource": [ "*" ] } ] } }, "arn:aws:iam::aws:policy/SimpleWorkflowFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "swf:*" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonS3FullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSStorageGatewayReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "storagegateway:List*", "storagegateway:Describe*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DescribeSnapshots" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role": { "VersionId": "v2", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Resource": "*", "Action": [ "cloudwatch:*", "dynamodb:*", "ec2:Describe*", "elasticmapreduce:Describe*", "elasticmapreduce:ListBootstrapActions", "elasticmapreduce:ListClusters", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListInstances", "elasticmapreduce:ListSteps", "kinesis:CreateStream", "kinesis:DeleteStream", "kinesis:DescribeStream", "kinesis:GetRecords", "kinesis:GetShardIterator", "kinesis:MergeShards", "kinesis:PutRecord", "kinesis:SplitShard", "rds:Describe*", "s3:*", "sdb:*", "sns:*", "sqs:*" ] } ] } }, "arn:aws:iam::aws:policy/AmazonRedshiftReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "redshift:Describe*", "redshift:ViewQueriesInConsole", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeInternetGateways", "sns:Get*", "sns:List*", "cloudwatch:Describe*", "cloudwatch:List*", "cloudwatch:Get*" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "ec2:Describe*", "Resource": "*" }, { "Effect": "Allow", "Action": "elasticloadbalancing:Describe*", "Resource": "*" }, { "Effect": "Allow", "Action": [ "cloudwatch:ListMetrics", "cloudwatch:GetMetricStatistics", "cloudwatch:Describe*" ], "Resource": "*" }, { "Effect": "Allow", "Action": "autoscaling:Describe*", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonElasticMapReduceReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticmapreduce:Describe*", "elasticmapreduce:List*", "s3:GetObject", "s3:ListAllMyBuckets", "s3:ListBucket", "sdb:Select", "cloudwatch:GetMetricStatistics" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSDirectoryServiceReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ds:Check*", "ds:Describe*", "ds:Get*", "ds:List*", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonVPCReadOnlyAccess": { "VersionId": "v2", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeAddresses", "ec2:DescribeCustomerGateways", "ec2:DescribeDhcpOptions", "ec2:DescribeInternetGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcEndpointServices", "ec2:DescribeVpcPeeringConnection", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "mobileanalytics:*", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/service-role/AWSDataPipelineRole": { "VersionId": "v2", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:*", "datapipeline:DescribeObjects", "datapipeline:EvaluateExpression", "dynamodb:BatchGetItem", "dynamodb:DescribeTable", "dynamodb:GetItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:UpdateTable", "ec2:AuthorizeSecurityGroupIngress", "ec2:CancelSpotInstanceRequests", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DeleteTags", "ec2:Describe*", "ec2:ModifyImageAttribute", "ec2:ModifyInstanceAttribute", "ec2:RequestSpotInstances", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances", "elasticmapreduce:*", "iam:GetRole", "iam:GetRolePolicy", "iam:ListRolePolicies", "iam:ListInstanceProfiles", "iam:PassRole", "rds:DescribeDBInstances", "rds:DescribeDBSecurityGroups", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "s3:CreateBucket", "s3:DeleteObject", "s3:Get*", "s3:List*", "s3:Put*", "sdb:BatchPutAttributes", "sdb:Select*", "sns:GetTopicAttributes", "sns:ListTopics", "sns:Publish", "sns:Subscribe", "sns:Unsubscribe" ], "Resource": [ "*" ] } ] } }, "arn:aws:iam::aws:policy/CloudWatchFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "autoscaling:Describe*", "cloudwatch:*", "logs:*", "sns:*" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/ReadOnlyAccess": { "VersionId": "v2", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "appstream:Get*", "autoscaling:Describe*", "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:GetTemplate", "cloudformation:List*", "cloudfront:Get*", "cloudfront:List*", "cloudtrail:DescribeTrails", "cloudtrail:GetTrailStatus", "cloudwatch:Describe*", "cloudwatch:Get*", "cloudwatch:List*", "directconnect:Describe*", "dynamodb:GetItem", "dynamodb:BatchGetItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:DescribeTable", "dynamodb:ListTables", "ec2:Describe*", "ecs:Describe*", "ecs:List*", "elasticache:Describe*", "elasticbeanstalk:Check*", "elasticbeanstalk:Describe*", "elasticbeanstalk:List*", "elasticbeanstalk:RequestEnvironmentInfo", "elasticbeanstalk:RetrieveEnvironmentInfo", "elasticloadbalancing:Describe*", "elasticmapreduce:Describe*", "elasticmapreduce:List*", "elastictranscoder:Read*", "elastictranscoder:List*", "iam:List*", "iam:GenerateCredentialReport", "iam:Get*", "kinesis:Describe*", "kinesis:Get*", "kinesis:List*", "opsworks:Describe*", "opsworks:Get*", "route53:Get*", "route53:List*", "redshift:Describe*", "redshift:ViewQueriesInConsole", "rds:Describe*", "rds:ListTagsForResource", "s3:Get*", "s3:List*", "sdb:GetAttributes", "sdb:List*", "sdb:Select*", "ses:Get*", "ses:List*", "sns:Get*", "sns:List*", "sqs:GetQueueAttributes", "sqs:ListQueues", "sqs:ReceiveMessage", "storagegateway:List*", "storagegateway:Describe*", "tag:get*", "trustedadvisor:Describe*" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonMachineLearningBatchPredictionsAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "machinelearning:CreateBatchPrediction", "machinelearning:DeleteBatchPrediction", "machinelearning:DescribeBatchPredictions", "machinelearning:GetBatchPrediction", "machinelearning:UpdateBatchPrediction" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSCodeDeployReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "codedeploy:Batch*", "codedeploy:Get*", "codedeploy:List*" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/CloudSearchFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudsearch:*" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSCloudHSMFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "cloudhsm:*", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetRole": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:DescribeImages", "ec2:DescribeSubnets", "ec2:RequestSpotInstances", "ec2:TerminateInstances" ], "Resource": [ "*" ] } ] } }, "arn:aws:iam::aws:policy/AmazonElasticTranscoderJobsSubmitter": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "elastictranscoder:Read*", "elastictranscoder:List*", "elastictranscoder:*Job", "elastictranscoder:*Preset", "s3:List*", "iam:List*", "sns:List*" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ds:*", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "dynamodb:*", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarmHistory", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "cloudwatch:PutMetricAlarm", "datapipeline:ActivatePipeline", "datapipeline:CreatePipeline", "datapipeline:DeletePipeline", "datapipeline:DescribeObjects", "datapipeline:DescribePipelines", "datapipeline:GetPipelineDefinition", "datapipeline:ListPipelines", "datapipeline:PutPipelineDefinition", "datapipeline:QueryObjects", "iam:ListRoles", "sns:CreateTopic", "sns:DeleteTopic", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "sns:Subscribe", "sns:Unsubscribe" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonSESReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ses:Get*", "ses:List*" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/service-role/AutoScalingNotificationAccessRole": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Resource": "*", "Action": [ "sqs:SendMessage", "sqs:GetQueueUrl", "sns:Publish" ] } ] } }, "arn:aws:iam::aws:policy/AmazonKinesisReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kinesis:Get*", "kinesis:List*", "kinesis:Describe*" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSCodeDeployFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": "codedeploy:*", "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:DescribeStream", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:ListStreams", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonRoute53DomainsFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "route53:CreateHostedZone", "route53domains:*" ], "Resource": [ "*" ] } ] } }, "arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "elasticache:Describe*" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonElasticFileSystemReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "elasticfilesystem:Describe*" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/CloudFrontFullAccess": { "VersionId": "v2", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:ListAllMyBuckets" ], "Effect": "Allow", "Resource": "arn:aws:s3:::*" }, { "Action": [ "cloudfront:*", "iam:ListServerCertificates" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/service-role/AmazonMachineLearningRoleforRedshiftDataSource": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateSecurityGroup", "ec2:DescribeInternetGateways", "ec2:DescribeSecurityGroups", "ec2:RevokeSecurityGroupIngress", "redshift:AuthorizeClusterSecurityGroupIngress", "redshift:CreateClusterSecurityGroup", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "redshift:ModifyCluster", "redshift:RevokeClusterSecurityGroupIngress", "s3:GetBucketLocation", "s3:GetBucketPolicy", "s3:GetObject", "s3:PutBucketPolicy", "s3:PutObject" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonMobileAnalyticsNon-financialReportAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "mobileanalytics:GetReports", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSCloudTrailFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sns:AddPermission", "sns:CreateTopic", "sns:DeleteTopic", "sns:ListTopics", "sns:SetTopicAttributes" ], "Resource": "arn:aws:sns:*" }, { "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:DeleteBucket", "s3:ListAllMyBuckets", "s3:PutBucketPolicy", "s3:ListBucket", "s3:GetBucketLocation", "s3:GetObject" ], "Resource": "arn:aws:s3:::*" }, { "Effect": "Allow", "Action": "cloudtrail:*", "Resource": "*" }, { "Effect": "Allow", "Action": [ "logs:CreateLogGroup" ], "Resource": "arn:aws:logs:*" }, { "Effect": "Allow", "Action": [ "iam:PassRole", "iam:ListRoles", "iam:GetRolePolicy" ], "Resource": "arn:aws:iam::*" } ] } }, "arn:aws:iam::aws:policy/AmazonCognitoDeveloperAuthenticatedIdentities": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cognito-identity:GetOpenIdTokenForDeveloperIdentity", "cognito-identity:LookupDeveloperIdentity", "cognito-identity:MergeDeveloperIdentities", "cognito-identity:UnlinkDeveloperIdentity" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/service-role/AWSConfigRole": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudtrail:DescribeTrails", "ec2:Describe*" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonRedshiftFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "redshift:*", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DescribeInternetGateways", "sns:CreateTopic", "sns:Get*", "sns:List*", "cloudwatch:Describe*", "cloudwatch:Get*", "cloudwatch:List*", "cloudwatch:PutMetricAlarm", "cloudwatch:EnableAlarmActions", "cloudwatch:DisableAlarmActions" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonZocaloReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "zocalo:Describe*", "ds:DescribeDirectories", "ec2:DescribeVpcs", "ec2:DescribeSubnets" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSCloudHSMReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudhsm:Get*", "cloudhsm:List*", "cloudhsm:Describe*" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonRoute53ReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "route53:Get*", "route53:List*" ], "Resource": [ "*" ] } ] } }, "arn:aws:iam::aws:policy/AmazonEC2ReportsAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": "ec2-reports:*", "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonSQSReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "sqs:GetQueueAttributes", "sqs:ListQueues" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonKinesisFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "kinesis:*", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonMachineLearningReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "machinelearning:Describe*", "machinelearning:Get*" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/service-role/RDSCloudHsmAuthorizationRole": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudhsm:CreateLunaClient", "cloudhsm:GetClientConfiguration", "cloudhsm:DeleteLunaClient", "cloudhsm:DescribeLunaClient", "cloudhsm:ModifyLunaClient", "cloudhsm:DescribeHapg", "cloudhsm:ModifyHapg", "cloudhsm:GetConfig" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonMachineLearningFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "machinelearning:*" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AdministratorAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "*", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonMachineLearningRealTimePredictionOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "machinelearning:Predict" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSConfigUserAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "config:Get*", "config:Describe*", "config:Deliver*", "tag:GetResources", "tag:GetTagKeys" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/SecurityAudit": { "VersionId": "v2", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "autoscaling:Describe*", "cloudformation:DescribeStack*", "cloudformation:GetTemplate", "cloudformation:ListStack*", "cloudfront:Get*", "cloudfront:List*", "cloudwatch:Describe*", "directconnect:Describe*", "dynamodb:ListTables", "ec2:Describe*", "ecs:Describe*", "ecs:List*", "elasticbeanstalk:Describe*", "elasticache:Describe*", "elasticloadbalancing:Describe*", "elasticmapreduce:DescribeJobFlows", "glacier:ListVaults", "iam:GenerateCredentialReport", "iam:Get*", "iam:List*", "rds:Describe*", "rds:DownloadDBLogFilePortion", "rds:ListTagsForResource", "redshift:Describe*", "route53:GetHostedZone", "route53:ListHostedZones", "route53:ListResourceRecordSets", "s3:GetBucket*", "s3:GetLifecycleConfiguration", "s3:GetObjectAcl", "s3:GetObjectVersionAcl", "s3:ListAllMyBuckets", "sdb:DomainMetadata", "sdb:ListDomains", "sns:GetTopicAttributes", "sns:ListTopics", "sqs:GetQueueAttributes", "sqs:ListQueues" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudwatch:DescribeAlarmHistory", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "datapipeline:DescribeObjects", "datapipeline:DescribePipelines", "datapipeline:GetPipelineDefinition", "datapipeline:ListPipelines", "datapipeline:QueryObjects", "dynamodb:BatchGetItem", "dynamodb:DescribeTable", "dynamodb:GetItem", "dynamodb:ListTables", "dynamodb:Query", "dynamodb:Scan", "sns:ListSubscriptionsByTopic", "sns:ListTopics" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonSNSReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sns:GetTopicAttributes", "sns:List*" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonElasticMapReduceFullAccess": { "VersionId": "v3", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudwatch:*", "ec2:AuthorizeSecurityGroupIngress", "ec2:CancelSpotInstanceRequests", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DeleteTags", "ec2:DescribeAvailabilityZones", "ec2:DescribeAccountAttributes", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSpotInstanceRequests", "ec2:DescribeSpotPriceHistory", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "ec2:ModifyImageAttribute", "ec2:ModifyInstanceAttribute", "ec2:RequestSpotInstances", "ec2:RunInstances", "ec2:TerminateInstances", "elasticmapreduce:*", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:ListRoles", "iam:PassRole", "kms:List*", "s3:*", "sdb:*", "support:CreateCase", "support:DescribeServices", "support:DescribeSeverityLevels" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:Get*", "s3:List*" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSElasticBeanstalkFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "elasticbeanstalk:*", "ec2:*", "elasticloadbalancing:*", "autoscaling:*", "cloudwatch:*", "s3:*", "sns:*", "cloudformation:*", "rds:*", "sqs:*", "iam:PassRole" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "autoscaling:CompleteLifecycleAction", "autoscaling:DeleteLifecycleHook", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLifecycleHooks", "autoscaling:PutLifecycleHook", "autoscaling:RecordLifecycleActionHeartbeat", "ec2:DescribeInstances", "ec2:DescribeInstanceStatus", "tag:GetTags", "tag:GetResources" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonSESFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ses:*" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "logs:Describe*", "logs:Get*", "logs:TestMetricFilter" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "opsworks:AssignInstance", "opsworks:CreateStack", "opsworks:CreateLayer", "opsworks:DeregisterInstance", "opsworks:DescribeInstances", "opsworks:DescribeStackProvisioningParameters", "opsworks:DescribeStacks", "opsworks:UnassignInstance" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "ec2:DescribeInstances" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "iam:AddUserToGroup", "iam:CreateAccessKey", "iam:CreateGroup", "iam:CreateUser", "iam:ListInstanceProfiles", "iam:PassRole", "iam:PutUserPolicy" ], "Resource": [ "*" ] } ] } }, "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccesswithDataPipeline": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarmHistory", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "cloudwatch:PutMetricAlarm", "dynamodb:*", "sns:CreateTopic", "sns:DeleteTopic", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "sns:Subscribe", "sns:Unsubscribe" ], "Effect": "Allow", "Resource": "*", "Sid": "DDBConsole" }, { "Action": [ "datapipeline:*", "iam:ListRoles" ], "Effect": "Allow", "Resource": "*", "Sid": "DDBConsoleImportExport" }, { "Effect": "Allow", "Action": [ "iam:GetRolePolicy", "iam:PassRole" ], "Resource": [ "*" ], "Sid": "IAMEDPRoles" }, { "Action": [ "ec2:CreateTags", "ec2:DescribeInstances", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances", "elasticmapreduce:*", "datapipeline:*" ], "Effect": "Allow", "Resource": "*", "Sid": "EMR" }, { "Action": [ "s3:DeleteObject", "s3:Get*", "s3:List*", "s3:Put*" ], "Effect": "Allow", "Resource": [ "*" ], "Sid": "S3" } ] } }, "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforDataPipelineRole": { "VersionId": "v2", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:*", "datapipeline:*", "dynamodb:*", "ec2:Describe*", "elasticmapreduce:AddJobFlowSteps", "elasticmapreduce:Describe*", "elasticmapreduce:ListInstance*", "rds:Describe*", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "s3:*", "sdb:*", "sns:*", "sqs:*" ], "Resource": [ "*" ] } ] } }, "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "logs:*" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonElasticTranscoderFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "elastictranscoder:*", "cloudfront:*", "s3:List*", "s3:Put*", "s3:Get*", "s3:*MultipartUpload*", "iam:CreateRole", "iam:GetRolePolicy", "iam:PassRole", "iam:PutRolePolicy", "iam:List*", "sns:CreateTopic", "sns:List*" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonMobileAnalyticsWriteOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "mobileanalytics:PutEvents", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSConnector": { "VersionId": "v2", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:GetUser", "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteObject", "s3:GetBucketLocation", "s3:GetObject", "s3:ListBucket", "s3:PutObject", "s3:PutObjectAcl" ], "Resource": "arn:aws:s3:::import-to-ec2-*" }, { "Effect": "Allow", "Action": [ "ec2:CancelConversionTask", "ec2:CancelExportTask", "ec2:CreateImage", "ec2:CreateInstanceExportTask", "ec2:CreateTags", "ec2:CreateVolume", "ec2:DeleteTags", "ec2:DeleteVolume", "ec2:DescribeConversionTasks", "ec2:DescribeExportTasks", "ec2:DescribeImages", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", "ec2:DescribeInstances", "ec2:DescribeRegions", "ec2:DescribeTags", "ec2:DetachVolume", "ec2:ImportInstance", "ec2:ImportVolume", "ec2:ModifyInstanceAttribute", "ec2:RunInstances", "ec2:StartInstances", "ec2:StopInstances", "ec2:TerminateInstances" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "SNS:Publish" ], "Resource": "arn:aws:sns:*:*:metrics-sns-topic-for-*" } ] } }, "arn:aws:iam::aws:policy/AmazonSSMFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:PutMetricData", "ds:CreateComputer", "ds:DescribeDirectories", "ec2:DescribeInstanceStatus", "logs:*", "ssm:*" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:Describe*", "elasticloadbalancing:*", "ecs:*", "iam:ListInstanceProfiles", "iam:ListRoles", "iam:PassRole" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonCognitoReadOnly": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cognito-identity:Describe*", "cognito-identity:Get*", "cognito-identity:List*", "cognito-sync:Describe*", "cognito-sync:Get*", "cognito-sync:List*", "iam:ListOpenIdConnectProviders", "iam:ListRoles", "sns:ListPlatformApplications" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonVPCFullAccess": { "VersionId": "v3", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AcceptVpcPeeringConnection", "ec2:AllocateAddress", "ec2:AssociateAddress", "ec2:AssociateDhcpOptions", "ec2:AssociateRouteTable", "ec2:AttachClassicLinkVpc", "ec2:AttachInternetGateway", "ec2:AttachVpnGateway", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateCustomerGateway", "ec2:CreateDhcpOptions", "ec2:CreateInternetGateway", "ec2:CreateNetworkAcl", "ec2:CreateNetworkAclEntry", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:CreateVpcPeeringConnection", "ec2:CreateVpnConnection", "ec2:CreateVpnConnectionRoute", "ec2:CreateVpnGateway", "ec2:DeleteCustomerGateway", "ec2:DeleteDhcpOptions", "ec2:DeleteInternetGateway", "ec2:DeleteNetworkAcl", "ec2:DeleteNetworkAclEntry", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DeleteSecurityGroup", "ec2:DeleteSubnet", "ec2:DeleteTags", "ec2:DeleteVpc", "ec2:DeleteVpcEndpoints", "ec2:DeleteVpcPeeringConnection", "ec2:DeleteVpnConnection", "ec2:DeleteVpnGateway", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeCustomerGateways", "ec2:DescribeDhcpOptions", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeKeyPairs", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcClassicLink", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcEndpointServices", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:DetachClassicLinkVpc", "ec2:DetachInternetGateway", "ec2:DetachVpnGateway", "ec2:DisableVpcClassicLink", "ec2:DisableVgwRoutePropagation", "ec2:DisassociateAddress", "ec2:DisassociateRouteTable", "ec2:EnableVpcClassicLink", "ec2:EnableVgwRoutePropagation", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:ModifyVpcEndpoint", "ec2:RejectVpcPeeringConnection", "ec2:ReleaseAddress", "ec2:ReplaceNetworkAclAssociation", "ec2:ReplaceNetworkAclEntry", "ec2:ReplaceRouteTableAssociation", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSImportExportFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "importexport:*" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonMachineLearningCreateOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "machinelearning:Create*", "machinelearning:Delete*", "machinelearning:Describe*", "machinelearning:Get*" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSCloudTrailReadOnlyAccess": { "VersionId": "v2", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": "arn:aws:s3:::*" }, { "Effect": "Allow", "Action": [ "cloudtrail:GetTrailStatus", "cloudtrail:DescribeTrails", "cloudtrail:LookupEvents", "s3:ListAllMyBuckets" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSLambdaExecute": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:*" ], "Resource": "arn:aws:logs:*:*:*" }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject" ], "Resource": "arn:aws:s3:::*" } ] } }, "arn:aws:iam::aws:policy/AWSStorageGatewayFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "storagegateway:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:DescribeSnapshots", "ec2:DeleteSnapshot" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonElasticTranscoderReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "elastictranscoder:Read*", "elastictranscoder:List*", "s3:List*", "iam:List*", "sns:List*" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonWorkMailReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ses:Describe*", "ses:Get*", "workmail:Describe*", "workmail:Get*", "workmail:List*", "workmail:Search*" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kinesis:DescribeStream", "kinesis:GetRecords", "kinesis:GetShardIterator", "kinesis:ListStreams", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "tag:getResources", "tag:getTagKeys", "tag:getTagValues" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonMachineLearningManageRealTimeEndpointOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "machinelearning:CreateRealtimeEndpoint", "machinelearning:DeleteRealtimeEndpoint" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/CloudFrontReadOnlyAccess": { "VersionId": "v2", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudfront:Get*", "cloudfront:List*", "iam:ListServerCertificates", "route53:List*" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/service-role/AmazonSNSRole": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "logs:PutMetricFilter", "logs:PutRetentionPolicy" ], "Resource": [ "*" ] } ] } }, "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFinancialReportAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "mobileanalytics:GetReports", "mobileanalytics:GetFinancialReports" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/IAMReadOnlyAccess": { "VersionId": "v2", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iam:GenerateCredentialReport", "iam:GenerateServiceLastAccessedDetails", "iam:Get*", "iam:List*" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonRDSReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "rds:Describe*", "rds:ListTagsForResource", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "cloudwatch:GetMetricStatistics" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonCognitoPowerUser": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cognito-identity:*", "cognito-sync:*", "iam:ListRoles", "iam:ListOpenIdConnectProviders", "sns:ListPlatformApplications" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:ModifyNetworkInterfaceAttribute", "elasticfilesystem:*" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonZocaloFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "zocalo:*", "ds:*", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", "ec2:DescribeAvailabilityZones", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSLambdaReadOnlyAccess": { "VersionId": "v2", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudwatch:Describe*", "cloudwatch:Get*", "cloudwatch:List*", "cognito-identity:ListIdentityPools", "cognito-sync:GetCognitoEvents", "dynamodb:BatchGetItem", "dynamodb:DescribeStream", "dynamodb:DescribeTable", "dynamodb:GetItem", "dynamodb:ListStreams", "dynamodb:ListTables", "dynamodb:Query", "dynamodb:Scan", "iam:ListRoles", "kinesis:DescribeStream", "kinesis:ListStreams", "lambda:List*", "lambda:Get*", "logs:DescribeMetricFilters", "logs:GetLogEvents", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "s3:Get*", "s3:List*", "sns:ListTopics", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSAccountUsageReportAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-portal:ViewUsage" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ecs:CreateCluster", "ecs:DeregisterContainerInstance", "ecs:DiscoverPollEndpoint", "ecs:Poll", "ecs:RegisterContainerInstance", "ecs:Submit*" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonAppStreamFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "appstream:*" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "autoscaling:Describe*", "cloudwatch:Describe*", "cloudwatch:Get*", "cloudwatch:List*", "logs:Get*", "logs:Describe*", "logs:TestMetricFilter", "sns:Get*", "sns:List*" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "tag:getResources", "tag:getTagKeys", "tag:getTagValues", "tag:addResourceTags", "tag:removeResourceTags" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "kms:CreateAlias", "kms:CreateKey", "kms:DeleteAlias", "kms:Describe*", "kms:GenerateRandom", "kms:Get*", "kms:List*", "iam:ListGroups", "iam:ListRoles", "iam:ListUsers" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSImportExportReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "importexport:ListJobs", "importexport:GetStatus" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/service-role/AmazonElasticTranscoderRole": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Sid": "1", "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:Put*", "s3:Get*", "s3:*MultipartUpload*" ], "Resource": [ "*" ] }, { "Sid": "2", "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": [ "*" ] }, { "Sid": "3", "Effect": "Deny", "Action": [ "s3:*Policy*", "sns:*Permission*", "sns:*Delete*", "s3:*Delete*", "sns:*Remove*" ], "Resource": [ "*" ] } ] } }, "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ec2:AuthorizeSecurityGroupIngress", "ec2:Describe*", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:Describe*", "elasticloadbalancing:RegisterInstancesWithLoadBalancer" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ssm:Describe*", "ssm:Get*", "ssm:List*" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSMarketplaceRead-only": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "aws-marketplace:ViewSubscriptions", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeImages", "ec2:DescribeInstances", "ec2:DescribeKeyPairs", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonWorkSpacesApplicationManagerAdminAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "wam:AuthenticatePackager", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSDirectConnectFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "directconnect:*" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSAccountActivityAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "aws-portal:ViewBilling" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonGlacierFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": "glacier:*", "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonWorkMailFullAccess": { "VersionId": "v2", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ds:AuthorizeApplication", "ds:CheckAlias", "ds:CreateAlias", "ds:CreateDirectory", "ds:CreateDomain", "ds:DeleteAlias", "ds:DeleteDirectory", "ds:DescribeDirectories", "ds:ExtendDirectory", "ds:GetDirectoryLimits", "ds:ListAuthorizedApplications", "ds:UnauthorizeApplication", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", "ec2:DeleteSecurityGroup", "ec2:DeleteSubnet", "ec2:DeleteVpc", "ec2:DescribeAvailabilityZones", "ec2:DescribeDomains", "ec2:DescribeRouteTables", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "kms:DescribeKey", "kms:ListAliases", "ses:*", "workmail:*" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSMarketplaceManageSubscriptions": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "aws-marketplace:ViewSubscriptions", "aws-marketplace:Subscribe", "aws-marketplace:Unsubscribe" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSSupportAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "support:*" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSLambdaInvocation-DynamoDB": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lambda:InvokeFunction" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "dynamodb:DescribeStream", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:ListStreams" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "codedeploy:Batch*", "codedeploy:CreateDeployment", "codedeploy:Get*", "codedeploy:List*", "codedeploy:RegisterApplicationRevision" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSDataPipelinePowerUser": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:List*", "dynamodb:DescribeTable", "rds:DescribeDBInstances", "rds:DescribeDBSecurityGroups", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "sns:ListTopics", "iam:PassRole", "iam:ListRoles", "iam:PutRolePolicy", "iam:GetRolePolicy", "iam:GetInstanceProfiles", "iam:ListInstanceProfiles", "iam:CreateInstanceProfile", "iam:AddRoleToInstanceProfile", "datapipeline:*", "cloudwatch:*" ], "Effect": "Allow", "Resource": [ "*" ] } ] } }, "arn:aws:iam::aws:policy/AmazonSNSFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "sns:*" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/CloudSearchReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "cloudsearch:Describe*", "cloudsearch:List*" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "cloudformation:DescribeStacks", "cloudformation:DescribeStackEvents", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:GetTemplate", "cloudformation:List*" ], "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AmazonRoute53FullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "route53:*" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "elasticloadbalancing:DescribeLoadBalancers" ], "Resource": [ "*" ] } ] } }, "arn:aws:iam::aws:policy/service-role/AWSLambdaRole": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "lambda:InvokeFunction" ], "Resource": [ "*" ] } ] } }, "arn:aws:iam::aws:policy/AmazonAppStreamReadOnlyAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "appstream:Get*" ], "Effect": "Allow", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/PowerUserAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "NotAction": "iam:*", "Resource": "*" } ] } }, "arn:aws:iam::aws:policy/AWSDataPipelineFullAccess": { "VersionId": "v1", "IsDefaultVersion": true, "Document": { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:List*", "dynamodb:DescribeTable", "rds:DescribeDBInstances", "rds:DescribeDBSecurityGroups", "redshift:DescribeClusters", "redshift:DescribeClusterSecurityGroups", "sns:CreateTopic", "sns:ListTopics", "sns:Subscribe", "iam:PassRole", "iam:ListRoles", "iam:CreateRole", "iam:PutRolePolicy", "iam:GetRolePolicy", "iam:GetInstanceProfiles", "iam:ListInstanceProfiles", "iam:CreateInstanceProfile", "iam:AddRoleToInstanceProfile", "datapipeline:*", "cloudwatch:*" ], "Effect": "Allow", "Resource": [ "*" ] } ] } } }