kotovalexarian-likes-github/fog--fog-aws
1
0
Fork 0
mirror of https://github.com/fog/fog-aws.git synced 2022-11-09 13:50:52 -05:00
Code Releases Activity
fog--fog-aws/lib/fog/aws/iam/default_policy_versions.json
Eugene Howe 1248610871 mocks around iam policies
2017-01-18 09:14:40 -05:00

3373 lines
86 KiB
JSON
Raw Blame History

{
"arn:aws:iam::aws:policy/AWSDirectConnectReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"directconnect:Describe*"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonGlacierReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"glacier:ListVaults",
"glacier:DescribeVault",
"glacier:GetVaultNotifications",
"glacier:ListJobs",
"glacier:DescribeJob",
"glacier:GetJobOutput"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSMarketplaceFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"aws-marketplace:*",
"cloudformation:CreateStack",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:DescribeStacks",
"cloudformation:List*",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DeleteSecurityGroup",
"ec2:DescribeAccountAttributes",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVpcs",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonRDSFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"rds:*",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricStatistics",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"sns:ListSubscriptions",
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonEC2FullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "ec2:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "elasticloadbalancing:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "cloudwatch:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "autoscaling:*",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSElasticBeanstalkReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"elasticbeanstalk:Check*",
"elasticbeanstalk:Describe*",
"elasticbeanstalk:List*",
"elasticbeanstalk:RequestEnvironmentInfo",
"elasticbeanstalk:RetrieveEnvironmentInfo",
"ec2:Describe*",
"elasticloadbalancing:Describe*",
"autoscaling:Describe*",
"cloudwatch:Describe*",
"cloudwatch:List*",
"cloudwatch:Get*",
"s3:Get*",
"s3:List*",
"sns:Get*",
"sns:List*",
"cloudformation:Describe*",
"cloudformation:Get*",
"cloudformation:List*",
"cloudformation:Validate*",
"cloudformation:Estimate*",
"rds:Describe*",
"sqs:Get*",
"sqs:List*"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonSQSFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"sqs:*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSLambdaFullAccess": {
"VersionId": "v2",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:*",
"cognito-identity:ListIdentityPools",
"cognito-sync:GetCognitoEvents",
"cognito-sync:SetCognitoEvents",
"dynamodb:*",
"iam:ListAttachedRolePolicies",
"iam:ListRolePolicies",
"iam:ListRoles",
"iam:PassRole",
"kinesis:DescribeStream",
"kinesis:ListStreams",
"kinesis:PutRecord",
"lambda:*",
"logs:*",
"s3:*",
"sns:ListSubscriptions",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"sns:Subscribe",
"sns:Unsubscribe"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData",
"ds:CreateComputer",
"ds:DescribeDirectories",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"logs:PutLogEvents",
"ssm:DescribeAssociation",
"ssm:GetDocument",
"ssm:ListAssociations",
"ssm:UpdateAssociationStatus"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/service-role/AWSCloudHSMRole": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:CreateTags",
"ec2:DeleteNetworkInterface",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DetachNetworkInterface"
],
"Resource": [
"*"
]
}
]
}
},
"arn:aws:iam::aws:policy/IAMFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iam:*",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonElastiCacheFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "elasticache:*",
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:ListObjects"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSOpsWorksFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"opsworks:*",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeKeyPairs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeLoadBalancers",
"iam:GetRolePolicy",
"iam:ListInstanceProfiles",
"iam:ListRoles",
"iam:ListUsers",
"iam:PassRole"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole": {
"VersionId": "v2",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": "*",
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CancelSpotInstanceRequests",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:DescribeKeyPairs",
"ec2:DescribePrefixLists",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeSpotPriceHistory",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcEndpointServices",
"ec2:DescribeVpcs",
"ec2:ModifyImageAttribute",
"ec2:ModifyInstanceAttribute",
"ec2:RequestSpotInstances",
"ec2:RunInstances",
"ec2:TerminateInstances",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:ListInstanceProfiles",
"iam:ListRolePolicies",
"iam:PassRole",
"s3:CreateBucket",
"s3:Get*",
"s3:List*",
"sdb:BatchPutAttributes",
"sdb:Select",
"sqs:CreateQueue",
"sqs:Delete*",
"sqs:GetQueue*",
"sqs:ReceiveMessage"
]
}
]
}
},
"arn:aws:iam::aws:policy/AmazonRoute53DomainsReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53domains:Get*",
"route53domains:List*"
],
"Resource": [
"*"
]
}
]
}
},
"arn:aws:iam::aws:policy/service-role/AWSOpsWorksRole": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:GetMetricStatistics",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeLoadBalancers",
"iam:GetRolePolicy",
"iam:ListInstanceProfiles",
"iam:ListRoles",
"iam:ListUsers",
"iam:PassRole",
"opsworks:*",
"rds:*"
],
"Resource": [
"*"
]
}
]
}
},
"arn:aws:iam::aws:policy/SimpleWorkflowFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"swf:*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonS3FullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSStorageGatewayReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"storagegateway:List*",
"storagegateway:Describe*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeSnapshots"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role": {
"VersionId": "v2",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": "*",
"Action": [
"cloudwatch:*",
"dynamodb:*",
"ec2:Describe*",
"elasticmapreduce:Describe*",
"elasticmapreduce:ListBootstrapActions",
"elasticmapreduce:ListClusters",
"elasticmapreduce:ListInstanceGroups",
"elasticmapreduce:ListInstances",
"elasticmapreduce:ListSteps",
"kinesis:CreateStream",
"kinesis:DeleteStream",
"kinesis:DescribeStream",
"kinesis:GetRecords",
"kinesis:GetShardIterator",
"kinesis:MergeShards",
"kinesis:PutRecord",
"kinesis:SplitShard",
"rds:Describe*",
"s3:*",
"sdb:*",
"sns:*",
"sqs:*"
]
}
]
}
},
"arn:aws:iam::aws:policy/AmazonRedshiftReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"redshift:Describe*",
"redshift:ViewQueriesInConsole",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeInternetGateways",
"sns:Get*",
"sns:List*",
"cloudwatch:Describe*",
"cloudwatch:List*",
"cloudwatch:Get*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:Describe*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "elasticloadbalancing:Describe*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
"cloudwatch:Describe*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "autoscaling:Describe*",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonElasticMapReduceReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"elasticmapreduce:Describe*",
"elasticmapreduce:List*",
"s3:GetObject",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"sdb:Select",
"cloudwatch:GetMetricStatistics"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSDirectoryServiceReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ds:Check*",
"ds:Describe*",
"ds:Get*",
"ds:List*",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonVPCReadOnlyAccess": {
"VersionId": "v2",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeAddresses",
"ec2:DescribeCustomerGateways",
"ec2:DescribeDhcpOptions",
"ec2:DescribeInternetGateways",
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribePrefixLists",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcEndpointServices",
"ec2:DescribeVpcPeeringConnection",
"ec2:DescribeVpcs",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonMobileAnalyticsFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "mobileanalytics:*",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/service-role/AWSDataPipelineRole": {
"VersionId": "v2",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:*",
"datapipeline:DescribeObjects",
"datapipeline:EvaluateExpression",
"dynamodb:BatchGetItem",
"dynamodb:DescribeTable",
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:UpdateTable",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CancelSpotInstanceRequests",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:Describe*",
"ec2:ModifyImageAttribute",
"ec2:ModifyInstanceAttribute",
"ec2:RequestSpotInstances",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances",
"elasticmapreduce:*",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:ListRolePolicies",
"iam:ListInstanceProfiles",
"iam:PassRole",
"rds:DescribeDBInstances",
"rds:DescribeDBSecurityGroups",
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"s3:CreateBucket",
"s3:DeleteObject",
"s3:Get*",
"s3:List*",
"s3:Put*",
"sdb:BatchPutAttributes",
"sdb:Select*",
"sns:GetTopicAttributes",
"sns:ListTopics",
"sns:Publish",
"sns:Subscribe",
"sns:Unsubscribe"
],
"Resource": [
"*"
]
}
]
}
},
"arn:aws:iam::aws:policy/CloudWatchFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"autoscaling:Describe*",
"cloudwatch:*",
"logs:*",
"sns:*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/ReadOnlyAccess": {
"VersionId": "v2",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"appstream:Get*",
"autoscaling:Describe*",
"cloudformation:DescribeStacks",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:GetTemplate",
"cloudformation:List*",
"cloudfront:Get*",
"cloudfront:List*",
"cloudtrail:DescribeTrails",
"cloudtrail:GetTrailStatus",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"directconnect:Describe*",
"dynamodb:GetItem",
"dynamodb:BatchGetItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"ec2:Describe*",
"ecs:Describe*",
"ecs:List*",
"elasticache:Describe*",
"elasticbeanstalk:Check*",
"elasticbeanstalk:Describe*",
"elasticbeanstalk:List*",
"elasticbeanstalk:RequestEnvironmentInfo",
"elasticbeanstalk:RetrieveEnvironmentInfo",
"elasticloadbalancing:Describe*",
"elasticmapreduce:Describe*",
"elasticmapreduce:List*",
"elastictranscoder:Read*",
"elastictranscoder:List*",
"iam:List*",
"iam:GenerateCredentialReport",
"iam:Get*",
"kinesis:Describe*",
"kinesis:Get*",
"kinesis:List*",
"opsworks:Describe*",
"opsworks:Get*",
"route53:Get*",
"route53:List*",
"redshift:Describe*",
"redshift:ViewQueriesInConsole",
"rds:Describe*",
"rds:ListTagsForResource",
"s3:Get*",
"s3:List*",
"sdb:GetAttributes",
"sdb:List*",
"sdb:Select*",
"ses:Get*",
"ses:List*",
"sns:Get*",
"sns:List*",
"sqs:GetQueueAttributes",
"sqs:ListQueues",
"sqs:ReceiveMessage",
"storagegateway:List*",
"storagegateway:Describe*",
"tag:get*",
"trustedadvisor:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonMachineLearningBatchPredictionsAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"machinelearning:CreateBatchPrediction",
"machinelearning:DeleteBatchPrediction",
"machinelearning:DescribeBatchPredictions",
"machinelearning:GetBatchPrediction",
"machinelearning:UpdateBatchPrediction"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSCodeDeployReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"codedeploy:Batch*",
"codedeploy:Get*",
"codedeploy:List*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/CloudSearchFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"cloudsearch:*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSCloudHSMFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "cloudhsm:*",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetRole": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeImages",
"ec2:DescribeSubnets",
"ec2:RequestSpotInstances",
"ec2:TerminateInstances"
],
"Resource": [
"*"
]
}
]
}
},
"arn:aws:iam::aws:policy/AmazonElasticTranscoderJobsSubmitter": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"elastictranscoder:Read*",
"elastictranscoder:List*",
"elastictranscoder:*Job",
"elastictranscoder:*Preset",
"s3:List*",
"iam:List*",
"sns:List*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ds:*",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"dynamodb:*",
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarmHistory",
"cloudwatch:DescribeAlarms",
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"cloudwatch:PutMetricAlarm",
"datapipeline:ActivatePipeline",
"datapipeline:CreatePipeline",
"datapipeline:DeletePipeline",
"datapipeline:DescribeObjects",
"datapipeline:DescribePipelines",
"datapipeline:GetPipelineDefinition",
"datapipeline:ListPipelines",
"datapipeline:PutPipelineDefinition",
"datapipeline:QueryObjects",
"iam:ListRoles",
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:ListSubscriptions",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"sns:Subscribe",
"sns:Unsubscribe"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonSESReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ses:Get*",
"ses:List*"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/service-role/AutoScalingNotificationAccessRole": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Resource": "*",
"Action": [
"sqs:SendMessage",
"sqs:GetQueueUrl",
"sns:Publish"
]
}
]
}
},
"arn:aws:iam::aws:policy/AmazonKinesisReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kinesis:Get*",
"kinesis:List*",
"kinesis:Describe*"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSCodeDeployFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "codedeploy:*",
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:DescribeStream",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:ListStreams",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonRoute53DomainsFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:CreateHostedZone",
"route53domains:*"
],
"Resource": [
"*"
]
}
]
}
},
"arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"elasticache:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonElasticFileSystemReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"elasticfilesystem:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/CloudFrontFullAccess": {
"VersionId": "v2",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:ListAllMyBuckets"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*"
},
{
"Action": [
"cloudfront:*",
"iam:ListServerCertificates"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/service-role/AmazonMachineLearningRoleforRedshiftDataSource": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:RevokeSecurityGroupIngress",
"redshift:AuthorizeClusterSecurityGroupIngress",
"redshift:CreateClusterSecurityGroup",
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"redshift:ModifyCluster",
"redshift:RevokeClusterSecurityGroupIngress",
"s3:GetBucketLocation",
"s3:GetBucketPolicy",
"s3:GetObject",
"s3:PutBucketPolicy",
"s3:PutObject"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonMobileAnalyticsNon-financialReportAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "mobileanalytics:GetReports",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSCloudTrailFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sns:AddPermission",
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:ListTopics",
"sns:SetTopicAttributes"
],
"Resource": "arn:aws:sns:*"
},
{
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:ListAllMyBuckets",
"s3:PutBucketPolicy",
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetObject"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "cloudtrail:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup"
],
"Resource": "arn:aws:logs:*"
},
{
"Effect": "Allow",
"Action": [
"iam:PassRole",
"iam:ListRoles",
"iam:GetRolePolicy"
],
"Resource": "arn:aws:iam::*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonCognitoDeveloperAuthenticatedIdentities": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cognito-identity:GetOpenIdTokenForDeveloperIdentity",
"cognito-identity:LookupDeveloperIdentity",
"cognito-identity:MergeDeveloperIdentities",
"cognito-identity:UnlinkDeveloperIdentity"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/service-role/AWSConfigRole": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudtrail:DescribeTrails",
"ec2:Describe*"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonRedshiftFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"redshift:*",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeInternetGateways",
"sns:CreateTopic",
"sns:Get*",
"sns:List*",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"cloudwatch:PutMetricAlarm",
"cloudwatch:EnableAlarmActions",
"cloudwatch:DisableAlarmActions"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonZocaloReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"zocalo:Describe*",
"ds:DescribeDirectories",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSCloudHSMReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudhsm:Get*",
"cloudhsm:List*",
"cloudhsm:Describe*"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonRoute53ReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:Get*",
"route53:List*"
],
"Resource": [
"*"
]
}
]
}
},
"arn:aws:iam::aws:policy/AmazonEC2ReportsAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "ec2-reports:*",
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonSQSReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"sqs:GetQueueAttributes",
"sqs:ListQueues"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonKinesisFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "kinesis:*",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonMachineLearningReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"machinelearning:Describe*",
"machinelearning:Get*"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/service-role/RDSCloudHsmAuthorizationRole": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudhsm:CreateLunaClient",
"cloudhsm:GetClientConfiguration",
"cloudhsm:DeleteLunaClient",
"cloudhsm:DescribeLunaClient",
"cloudhsm:ModifyLunaClient",
"cloudhsm:DescribeHapg",
"cloudhsm:ModifyHapg",
"cloudhsm:GetConfig"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonMachineLearningFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"machinelearning:*"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AdministratorAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonMachineLearningRealTimePredictionOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"machinelearning:Predict"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSConfigUserAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"config:Get*",
"config:Describe*",
"config:Deliver*",
"tag:GetResources",
"tag:GetTagKeys"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/SecurityAudit": {
"VersionId": "v2",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"autoscaling:Describe*",
"cloudformation:DescribeStack*",
"cloudformation:GetTemplate",
"cloudformation:ListStack*",
"cloudfront:Get*",
"cloudfront:List*",
"cloudwatch:Describe*",
"directconnect:Describe*",
"dynamodb:ListTables",
"ec2:Describe*",
"ecs:Describe*",
"ecs:List*",
"elasticbeanstalk:Describe*",
"elasticache:Describe*",
"elasticloadbalancing:Describe*",
"elasticmapreduce:DescribeJobFlows",
"glacier:ListVaults",
"iam:GenerateCredentialReport",
"iam:Get*",
"iam:List*",
"rds:Describe*",
"rds:DownloadDBLogFilePortion",
"rds:ListTagsForResource",
"redshift:Describe*",
"route53:GetHostedZone",
"route53:ListHostedZones",
"route53:ListResourceRecordSets",
"s3:GetBucket*",
"s3:GetLifecycleConfiguration",
"s3:GetObjectAcl",
"s3:GetObjectVersionAcl",
"s3:ListAllMyBuckets",
"sdb:DomainMetadata",
"sdb:ListDomains",
"sns:GetTopicAttributes",
"sns:ListTopics",
"sqs:GetQueueAttributes",
"sqs:ListQueues"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"cloudwatch:DescribeAlarmHistory",
"cloudwatch:DescribeAlarms",
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"datapipeline:DescribeObjects",
"datapipeline:DescribePipelines",
"datapipeline:GetPipelineDefinition",
"datapipeline:ListPipelines",
"datapipeline:QueryObjects",
"dynamodb:BatchGetItem",
"dynamodb:DescribeTable",
"dynamodb:GetItem",
"dynamodb:ListTables",
"dynamodb:Query",
"dynamodb:Scan",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonSNSReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sns:GetTopicAttributes",
"sns:List*"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonElasticMapReduceFullAccess": {
"VersionId": "v3",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"cloudwatch:*",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CancelSpotInstanceRequests",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeSpotPriceHistory",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcs",
"ec2:ModifyImageAttribute",
"ec2:ModifyInstanceAttribute",
"ec2:RequestSpotInstances",
"ec2:RunInstances",
"ec2:TerminateInstances",
"elasticmapreduce:*",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:ListRoles",
"iam:PassRole",
"kms:List*",
"s3:*",
"sdb:*",
"support:CreateCase",
"support:DescribeServices",
"support:DescribeSeverityLevels"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSElasticBeanstalkFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"elasticbeanstalk:*",
"ec2:*",
"elasticloadbalancing:*",
"autoscaling:*",
"cloudwatch:*",
"s3:*",
"sns:*",
"cloudformation:*",
"rds:*",
"sqs:*",
"iam:PassRole"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"autoscaling:CompleteLifecycleAction",
"autoscaling:DeleteLifecycleHook",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLifecycleHooks",
"autoscaling:PutLifecycleHook",
"autoscaling:RecordLifecycleActionHeartbeat",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"tag:GetTags",
"tag:GetResources"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonSESFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ses:*"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:Describe*",
"logs:Get*",
"logs:TestMetricFilter"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"opsworks:AssignInstance",
"opsworks:CreateStack",
"opsworks:CreateLayer",
"opsworks:DeregisterInstance",
"opsworks:DescribeInstances",
"opsworks:DescribeStackProvisioningParameters",
"opsworks:DescribeStacks",
"opsworks:UnassignInstance"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"iam:AddUserToGroup",
"iam:CreateAccessKey",
"iam:CreateGroup",
"iam:CreateUser",
"iam:ListInstanceProfiles",
"iam:PassRole",
"iam:PutUserPolicy"
],
"Resource": [
"*"
]
}
]
}
},
"arn:aws:iam::aws:policy/AmazonDynamoDBFullAccesswithDataPipeline": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarmHistory",
"cloudwatch:DescribeAlarms",
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"cloudwatch:PutMetricAlarm",
"dynamodb:*",
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:ListSubscriptions",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"sns:Subscribe",
"sns:Unsubscribe"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "DDBConsole"
},
{
"Action": [
"datapipeline:*",
"iam:ListRoles"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "DDBConsoleImportExport"
},
{
"Effect": "Allow",
"Action": [
"iam:GetRolePolicy",
"iam:PassRole"
],
"Resource": [
"*"
],
"Sid": "IAMEDPRoles"
},
{
"Action": [
"ec2:CreateTags",
"ec2:DescribeInstances",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances",
"elasticmapreduce:*",
"datapipeline:*"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "EMR"
},
{
"Action": [
"s3:DeleteObject",
"s3:Get*",
"s3:List*",
"s3:Put*"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "S3"
}
]
}
},
"arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforDataPipelineRole": {
"VersionId": "v2",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:*",
"datapipeline:*",
"dynamodb:*",
"ec2:Describe*",
"elasticmapreduce:AddJobFlowSteps",
"elasticmapreduce:Describe*",
"elasticmapreduce:ListInstance*",
"rds:Describe*",
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"s3:*",
"sdb:*",
"sns:*",
"sqs:*"
],
"Resource": [
"*"
]
}
]
}
},
"arn:aws:iam::aws:policy/CloudWatchLogsFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonElasticTranscoderFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"elastictranscoder:*",
"cloudfront:*",
"s3:List*",
"s3:Put*",
"s3:Get*",
"s3:*MultipartUpload*",
"iam:CreateRole",
"iam:GetRolePolicy",
"iam:PassRole",
"iam:PutRolePolicy",
"iam:List*",
"sns:CreateTopic",
"sns:List*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonMobileAnalyticsWriteOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "mobileanalytics:PutEvents",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSConnector": {
"VersionId": "v2",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iam:GetUser",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": "arn:aws:s3:::import-to-ec2-*"
},
{
"Effect": "Allow",
"Action": [
"ec2:CancelConversionTask",
"ec2:CancelExportTask",
"ec2:CreateImage",
"ec2:CreateInstanceExportTask",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DeleteTags",
"ec2:DeleteVolume",
"ec2:DescribeConversionTasks",
"ec2:DescribeExportTasks",
"ec2:DescribeImages",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstances",
"ec2:DescribeRegions",
"ec2:DescribeTags",
"ec2:DetachVolume",
"ec2:ImportInstance",
"ec2:ImportVolume",
"ec2:ModifyInstanceAttribute",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:TerminateInstances"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"SNS:Publish"
],
"Resource": "arn:aws:sns:*:*:metrics-sns-topic-for-*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonSSMFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:PutMetricData",
"ds:CreateComputer",
"ds:DescribeDirectories",
"ec2:DescribeInstanceStatus",
"logs:*",
"ssm:*"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:Describe*",
"elasticloadbalancing:*",
"ecs:*",
"iam:ListInstanceProfiles",
"iam:ListRoles",
"iam:PassRole"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonCognitoReadOnly": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cognito-identity:Describe*",
"cognito-identity:Get*",
"cognito-identity:List*",
"cognito-sync:Describe*",
"cognito-sync:Get*",
"cognito-sync:List*",
"iam:ListOpenIdConnectProviders",
"iam:ListRoles",
"sns:ListPlatformApplications"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonVPCFullAccess": {
"VersionId": "v3",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:AcceptVpcPeeringConnection",
"ec2:AllocateAddress",
"ec2:AssociateAddress",
"ec2:AssociateDhcpOptions",
"ec2:AssociateRouteTable",
"ec2:AttachClassicLinkVpc",
"ec2:AttachInternetGateway",
"ec2:AttachVpnGateway",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateCustomerGateway",
"ec2:CreateDhcpOptions",
"ec2:CreateInternetGateway",
"ec2:CreateNetworkAcl",
"ec2:CreateNetworkAclEntry",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateTags",
"ec2:CreateVpc",
"ec2:CreateVpcEndpoint",
"ec2:CreateVpcPeeringConnection",
"ec2:CreateVpnConnection",
"ec2:CreateVpnConnectionRoute",
"ec2:CreateVpnGateway",
"ec2:DeleteCustomerGateway",
"ec2:DeleteDhcpOptions",
"ec2:DeleteInternetGateway",
"ec2:DeleteNetworkAcl",
"ec2:DeleteNetworkAclEntry",
"ec2:DeleteRoute",
"ec2:DeleteRouteTable",
"ec2:DeleteSecurityGroup",
"ec2:DeleteSubnet",
"ec2:DeleteTags",
"ec2:DeleteVpc",
"ec2:DeleteVpcEndpoints",
"ec2:DeleteVpcPeeringConnection",
"ec2:DeleteVpnConnection",
"ec2:DeleteVpnGateway",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeCustomerGateways",
"ec2:DescribeDhcpOptions",
"ec2:DescribeInstances",
"ec2:DescribeInternetGateways",
"ec2:DescribeKeyPairs",
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribePrefixLists",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcClassicLink",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcEndpointServices",
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeVpcs",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways",
"ec2:DetachClassicLinkVpc",
"ec2:DetachInternetGateway",
"ec2:DetachVpnGateway",
"ec2:DisableVpcClassicLink",
"ec2:DisableVgwRoutePropagation",
"ec2:DisassociateAddress",
"ec2:DisassociateRouteTable",
"ec2:EnableVpcClassicLink",
"ec2:EnableVgwRoutePropagation",
"ec2:ModifySubnetAttribute",
"ec2:ModifyVpcAttribute",
"ec2:ModifyVpcEndpoint",
"ec2:RejectVpcPeeringConnection",
"ec2:ReleaseAddress",
"ec2:ReplaceNetworkAclAssociation",
"ec2:ReplaceNetworkAclEntry",
"ec2:ReplaceRouteTableAssociation",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSImportExportFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"importexport:*"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonMachineLearningCreateOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"machinelearning:Create*",
"machinelearning:Delete*",
"machinelearning:Describe*",
"machinelearning:Get*"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSCloudTrailReadOnlyAccess": {
"VersionId": "v2",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"cloudtrail:GetTrailStatus",
"cloudtrail:DescribeTrails",
"cloudtrail:LookupEvents",
"s3:ListAllMyBuckets"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSLambdaExecute": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:*"
],
"Resource": "arn:aws:logs:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSStorageGatewayFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"storagegateway:*"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeSnapshots",
"ec2:DeleteSnapshot"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonElasticTranscoderReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"elastictranscoder:Read*",
"elastictranscoder:List*",
"s3:List*",
"iam:List*",
"sns:List*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonWorkMailReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ses:Describe*",
"ses:Get*",
"workmail:Describe*",
"workmail:Get*",
"workmail:List*",
"workmail:Search*"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kinesis:DescribeStream",
"kinesis:GetRecords",
"kinesis:GetShardIterator",
"kinesis:ListStreams",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/ResourceGroupsandTagEditorReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"tag:getResources",
"tag:getTagKeys",
"tag:getTagValues"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonMachineLearningManageRealTimeEndpointOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"machinelearning:CreateRealtimeEndpoint",
"machinelearning:DeleteRealtimeEndpoint"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/CloudFrontReadOnlyAccess": {
"VersionId": "v2",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"cloudfront:Get*",
"cloudfront:List*",
"iam:ListServerCertificates",
"route53:List*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/service-role/AmazonSNSRole": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:PutMetricFilter",
"logs:PutRetentionPolicy"
],
"Resource": [
"*"
]
}
]
}
},
"arn:aws:iam::aws:policy/AmazonMobileAnalyticsFinancialReportAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"mobileanalytics:GetReports",
"mobileanalytics:GetFinancialReports"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/IAMReadOnlyAccess": {
"VersionId": "v2",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:GenerateCredentialReport",
"iam:GenerateServiceLastAccessedDetails",
"iam:Get*",
"iam:List*"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonRDSReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"rds:Describe*",
"rds:ListTagsForResource",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeSecurityGroups",
"ec2:DescribeVpcs"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"cloudwatch:GetMetricStatistics"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonCognitoPowerUser": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cognito-identity:*",
"cognito-sync:*",
"iam:ListRoles",
"iam:ListOpenIdConnectProviders",
"sns:ListPlatformApplications"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DeleteNetworkInterface",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:ModifyNetworkInterfaceAttribute",
"elasticfilesystem:*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonZocaloFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"zocalo:*",
"ds:*",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateTags",
"ec2:CreateVpc",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DeleteNetworkInterface",
"ec2:DeleteSecurityGroup",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSLambdaReadOnlyAccess": {
"VersionId": "v2",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"cognito-identity:ListIdentityPools",
"cognito-sync:GetCognitoEvents",
"dynamodb:BatchGetItem",
"dynamodb:DescribeStream",
"dynamodb:DescribeTable",
"dynamodb:GetItem",
"dynamodb:ListStreams",
"dynamodb:ListTables",
"dynamodb:Query",
"dynamodb:Scan",
"iam:ListRoles",
"kinesis:DescribeStream",
"kinesis:ListStreams",
"lambda:List*",
"lambda:Get*",
"logs:DescribeMetricFilters",
"logs:GetLogEvents",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams",
"s3:Get*",
"s3:List*",
"sns:ListTopics",
"sns:ListSubscriptions",
"sns:ListSubscriptionsByTopic"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSAccountUsageReportAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"aws-portal:ViewUsage"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ecs:CreateCluster",
"ecs:DeregisterContainerInstance",
"ecs:DiscoverPollEndpoint",
"ecs:Poll",
"ecs:RegisterContainerInstance",
"ecs:Submit*"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonAppStreamFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"appstream:*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"autoscaling:Describe*",
"cloudwatch:Describe*",
"cloudwatch:Get*",
"cloudwatch:List*",
"logs:Get*",
"logs:Describe*",
"logs:TestMetricFilter",
"sns:Get*",
"sns:List*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/ResourceGroupsandTagEditorFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"tag:getResources",
"tag:getTagKeys",
"tag:getTagValues",
"tag:addResourceTags",
"tag:removeResourceTags"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:CreateAlias",
"kms:CreateKey",
"kms:DeleteAlias",
"kms:Describe*",
"kms:GenerateRandom",
"kms:Get*",
"kms:List*",
"iam:ListGroups",
"iam:ListRoles",
"iam:ListUsers"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSImportExportReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"importexport:ListJobs",
"importexport:GetStatus"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/service-role/AmazonElasticTranscoderRole": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:Put*",
"s3:Get*",
"s3:*MultipartUpload*"
],
"Resource": [
"*"
]
},
{
"Sid": "2",
"Effect": "Allow",
"Action": [
"sns:Publish"
],
"Resource": [
"*"
]
},
{
"Sid": "3",
"Effect": "Deny",
"Action": [
"s3:*Policy*",
"sns:*Permission*",
"sns:*Delete*",
"s3:*Delete*",
"sns:*Remove*"
],
"Resource": [
"*"
]
}
]
}
},
"arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:Describe*",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:Describe*",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssm:Describe*",
"ssm:Get*",
"ssm:List*"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSMarketplaceRead-only": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"aws-marketplace:ViewSubscriptions",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonWorkSpacesApplicationManagerAdminAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "wam:AuthenticatePackager",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSDirectConnectFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"directconnect:*"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSAccountActivityAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"aws-portal:ViewBilling"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonGlacierFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "glacier:*",
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonWorkMailFullAccess": {
"VersionId": "v2",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ds:AuthorizeApplication",
"ds:CheckAlias",
"ds:CreateAlias",
"ds:CreateDirectory",
"ds:CreateDomain",
"ds:DeleteAlias",
"ds:DeleteDirectory",
"ds:DescribeDirectories",
"ds:ExtendDirectory",
"ds:GetDirectoryLimits",
"ds:ListAuthorizedApplications",
"ds:UnauthorizeApplication",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateNetworkInterface",
"ec2:CreateSecurityGroup",
"ec2:CreateSubnet",
"ec2:CreateTags",
"ec2:CreateVpc",
"ec2:DeleteSecurityGroup",
"ec2:DeleteSubnet",
"ec2:DeleteVpc",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeDomains",
"ec2:DescribeRouteTables",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"kms:DescribeKey",
"kms:ListAliases",
"ses:*",
"workmail:*"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSMarketplaceManageSubscriptions": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"aws-marketplace:ViewSubscriptions",
"aws-marketplace:Subscribe",
"aws-marketplace:Unsubscribe"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSSupportAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"support:*"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSLambdaInvocation-DynamoDB": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:InvokeFunction"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"dynamodb:DescribeStream",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:ListStreams"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"codedeploy:Batch*",
"codedeploy:CreateDeployment",
"codedeploy:Get*",
"codedeploy:List*",
"codedeploy:RegisterApplicationRevision"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSDataPipelinePowerUser": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:List*",
"dynamodb:DescribeTable",
"rds:DescribeDBInstances",
"rds:DescribeDBSecurityGroups",
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"sns:ListTopics",
"iam:PassRole",
"iam:ListRoles",
"iam:PutRolePolicy",
"iam:GetRolePolicy",
"iam:GetInstanceProfiles",
"iam:ListInstanceProfiles",
"iam:CreateInstanceProfile",
"iam:AddRoleToInstanceProfile",
"datapipeline:*",
"cloudwatch:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
]
}
},
"arn:aws:iam::aws:policy/AmazonSNSFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"sns:*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/CloudSearchReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"cloudsearch:Describe*",
"cloudsearch:List*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudformation:DescribeStacks",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:GetTemplate",
"cloudformation:List*"
],
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AmazonRoute53FullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:DescribeLoadBalancers"
],
"Resource": [
"*"
]
}
]
}
},
"arn:aws:iam::aws:policy/service-role/AWSLambdaRole": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"lambda:InvokeFunction"
],
"Resource": [
"*"
]
}
]
}
},
"arn:aws:iam::aws:policy/AmazonAppStreamReadOnlyAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"appstream:Get*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/PowerUserAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"NotAction": "iam:*",
"Resource": "*"
}
]
}
},
"arn:aws:iam::aws:policy/AWSDataPipelineFullAccess": {
"VersionId": "v1",
"IsDefaultVersion": true,
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:List*",
"dynamodb:DescribeTable",
"rds:DescribeDBInstances",
"rds:DescribeDBSecurityGroups",
"redshift:DescribeClusters",
"redshift:DescribeClusterSecurityGroups",
"sns:CreateTopic",
"sns:ListTopics",
"sns:Subscribe",
"iam:PassRole",
"iam:ListRoles",
"iam:CreateRole",
"iam:PutRolePolicy",
"iam:GetRolePolicy",
"iam:GetInstanceProfiles",
"iam:ListInstanceProfiles",
"iam:CreateInstanceProfile",
"iam:AddRoleToInstanceProfile",
"datapipeline:*",
"cloudwatch:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
]
}
}
}
View git blame Copy permalink