fog-aws 0.4.0 → 0.4.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (40) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +4 -1
  3. data/lib/fog/aws/dns.rb +1 -1
  4. data/lib/fog/aws/iam.rb +57 -20
  5. data/lib/fog/aws/iam/default_policies.json +1574 -0
  6. data/lib/fog/aws/iam/default_policies.rb +15 -0
  7. data/lib/fog/aws/iam/default_policy_versions.json +3372 -0
  8. data/lib/fog/aws/iam/paged_collection.rb +54 -0
  9. data/lib/fog/aws/models/compute/flavors.rb +95 -35
  10. data/lib/fog/aws/models/elb/load_balancer.rb +9 -10
  11. data/lib/fog/aws/models/elb/policies.rb +24 -9
  12. data/lib/fog/aws/models/elb/policy.rb +9 -10
  13. data/lib/fog/aws/models/iam/group.rb +33 -2
  14. data/lib/fog/aws/models/iam/groups.rb +2 -22
  15. data/lib/fog/aws/models/iam/managed_policies.rb +63 -0
  16. data/lib/fog/aws/models/iam/managed_policy.rb +38 -0
  17. data/lib/fog/aws/models/iam/policies.rb +19 -15
  18. data/lib/fog/aws/models/iam/user.rb +34 -2
  19. data/lib/fog/aws/parsers/iam/list_managed_policies.rb +25 -0
  20. data/lib/fog/aws/parsers/iam/policy_version.rb +33 -0
  21. data/lib/fog/aws/region_methods.rb +1 -1
  22. data/lib/fog/aws/requests/compute/allocate_address.rb +21 -19
  23. data/lib/fog/aws/requests/iam/attach_group_policy.rb +26 -0
  24. data/lib/fog/aws/requests/iam/attach_user_policy.rb +30 -4
  25. data/lib/fog/aws/requests/iam/create_access_key.rb +6 -5
  26. data/lib/fog/aws/requests/iam/detach_group_policy.rb +26 -0
  27. data/lib/fog/aws/requests/iam/detach_user_policy.rb +26 -0
  28. data/lib/fog/aws/requests/iam/get_policy.rb +57 -0
  29. data/lib/fog/aws/requests/iam/get_policy_version.rb +59 -0
  30. data/lib/fog/aws/requests/iam/get_user.rb +7 -0
  31. data/lib/fog/aws/requests/iam/list_attached_group_policies.rb +89 -0
  32. data/lib/fog/aws/requests/iam/list_attached_user_policies.rb +89 -0
  33. data/lib/fog/aws/requests/iam/list_policies.rb +47 -2
  34. data/lib/fog/aws/signaturev4.rb +14 -12
  35. data/lib/fog/aws/version.rb +1 -1
  36. data/tests/models/iam/managed_policies_tests.rb +67 -0
  37. data/tests/models/iam/users_tests.rb +20 -0
  38. data/tests/requests/compute/address_tests.rb +33 -20
  39. data/tests/signaturev4_tests.rb +7 -0
  40. metadata +14 -2
@@ -0,0 +1,15 @@
1
+ module Fog
2
+ module AWS
3
+ class IAM
4
+ class Mock
5
+ def self.default_policies
6
+ Fog::JSON.decode(File.read(File.expand_path("../default_policies.json", __FILE__)))
7
+ end
8
+
9
+ def self.default_policy_versions
10
+ Fog::JSON.decode(File.read(File.expand_path("../default_policy_versions.json", __FILE__)))
11
+ end
12
+ end
13
+ end
14
+ end
15
+ end
@@ -0,0 +1,3372 @@
1
+ {
2
+ "arn:aws:iam::aws:policy/AWSDirectConnectReadOnlyAccess": {
3
+ "VersionId": "v1",
4
+ "IsDefaultVersion": true,
5
+ "Document": {
6
+ "Version": "2012-10-17",
7
+ "Statement": [
8
+ {
9
+ "Effect": "Allow",
10
+ "Action": [
11
+ "directconnect:Describe*"
12
+ ],
13
+ "Resource": "*"
14
+ }
15
+ ]
16
+ }
17
+ },
18
+ "arn:aws:iam::aws:policy/AmazonGlacierReadOnlyAccess": {
19
+ "VersionId": "v1",
20
+ "IsDefaultVersion": true,
21
+ "Document": {
22
+ "Version": "2012-10-17",
23
+ "Statement": [
24
+ {
25
+ "Action": [
26
+ "glacier:ListVaults",
27
+ "glacier:DescribeVault",
28
+ "glacier:GetVaultNotifications",
29
+ "glacier:ListJobs",
30
+ "glacier:DescribeJob",
31
+ "glacier:GetJobOutput"
32
+ ],
33
+ "Effect": "Allow",
34
+ "Resource": "*"
35
+ }
36
+ ]
37
+ }
38
+ },
39
+ "arn:aws:iam::aws:policy/AWSMarketplaceFullAccess": {
40
+ "VersionId": "v1",
41
+ "IsDefaultVersion": true,
42
+ "Document": {
43
+ "Version": "2012-10-17",
44
+ "Statement": [
45
+ {
46
+ "Action": [
47
+ "aws-marketplace:*",
48
+ "cloudformation:CreateStack",
49
+ "cloudformation:DescribeStackResource",
50
+ "cloudformation:DescribeStackResources",
51
+ "cloudformation:DescribeStacks",
52
+ "cloudformation:List*",
53
+ "ec2:AuthorizeSecurityGroupEgress",
54
+ "ec2:AuthorizeSecurityGroupIngress",
55
+ "ec2:CreateSecurityGroup",
56
+ "ec2:CreateTags",
57
+ "ec2:DescribeAccountAttributes",
58
+ "ec2:DescribeAddresses",
59
+ "ec2:DeleteSecurityGroup",
60
+ "ec2:DescribeAccountAttributes",
61
+ "ec2:DescribeImages",
62
+ "ec2:DescribeInstances",
63
+ "ec2:DescribeKeyPairs",
64
+ "ec2:DescribeSecurityGroups",
65
+ "ec2:DescribeSubnets",
66
+ "ec2:DescribeTags",
67
+ "ec2:DescribeVpcs",
68
+ "ec2:RunInstances",
69
+ "ec2:StartInstances",
70
+ "ec2:StopInstances",
71
+ "ec2:TerminateInstances"
72
+ ],
73
+ "Effect": "Allow",
74
+ "Resource": "*"
75
+ }
76
+ ]
77
+ }
78
+ },
79
+ "arn:aws:iam::aws:policy/AmazonRDSFullAccess": {
80
+ "VersionId": "v1",
81
+ "IsDefaultVersion": true,
82
+ "Document": {
83
+ "Version": "2012-10-17",
84
+ "Statement": [
85
+ {
86
+ "Action": [
87
+ "rds:*",
88
+ "cloudwatch:DescribeAlarms",
89
+ "cloudwatch:GetMetricStatistics",
90
+ "ec2:DescribeAccountAttributes",
91
+ "ec2:DescribeAvailabilityZones",
92
+ "ec2:DescribeSecurityGroups",
93
+ "ec2:DescribeSubnets",
94
+ "ec2:DescribeVpcs",
95
+ "sns:ListSubscriptions",
96
+ "sns:ListTopics"
97
+ ],
98
+ "Effect": "Allow",
99
+ "Resource": "*"
100
+ }
101
+ ]
102
+ }
103
+ },
104
+ "arn:aws:iam::aws:policy/AmazonEC2FullAccess": {
105
+ "VersionId": "v1",
106
+ "IsDefaultVersion": true,
107
+ "Document": {
108
+ "Version": "2012-10-17",
109
+ "Statement": [
110
+ {
111
+ "Action": "ec2:*",
112
+ "Effect": "Allow",
113
+ "Resource": "*"
114
+ },
115
+ {
116
+ "Effect": "Allow",
117
+ "Action": "elasticloadbalancing:*",
118
+ "Resource": "*"
119
+ },
120
+ {
121
+ "Effect": "Allow",
122
+ "Action": "cloudwatch:*",
123
+ "Resource": "*"
124
+ },
125
+ {
126
+ "Effect": "Allow",
127
+ "Action": "autoscaling:*",
128
+ "Resource": "*"
129
+ }
130
+ ]
131
+ }
132
+ },
133
+ "arn:aws:iam::aws:policy/AWSElasticBeanstalkReadOnlyAccess": {
134
+ "VersionId": "v1",
135
+ "IsDefaultVersion": true,
136
+ "Document": {
137
+ "Version": "2012-10-17",
138
+ "Statement": [
139
+ {
140
+ "Effect": "Allow",
141
+ "Action": [
142
+ "elasticbeanstalk:Check*",
143
+ "elasticbeanstalk:Describe*",
144
+ "elasticbeanstalk:List*",
145
+ "elasticbeanstalk:RequestEnvironmentInfo",
146
+ "elasticbeanstalk:RetrieveEnvironmentInfo",
147
+ "ec2:Describe*",
148
+ "elasticloadbalancing:Describe*",
149
+ "autoscaling:Describe*",
150
+ "cloudwatch:Describe*",
151
+ "cloudwatch:List*",
152
+ "cloudwatch:Get*",
153
+ "s3:Get*",
154
+ "s3:List*",
155
+ "sns:Get*",
156
+ "sns:List*",
157
+ "cloudformation:Describe*",
158
+ "cloudformation:Get*",
159
+ "cloudformation:List*",
160
+ "cloudformation:Validate*",
161
+ "cloudformation:Estimate*",
162
+ "rds:Describe*",
163
+ "sqs:Get*",
164
+ "sqs:List*"
165
+ ],
166
+ "Resource": "*"
167
+ }
168
+ ]
169
+ }
170
+ },
171
+ "arn:aws:iam::aws:policy/AmazonSQSFullAccess": {
172
+ "VersionId": "v1",
173
+ "IsDefaultVersion": true,
174
+ "Document": {
175
+ "Version": "2012-10-17",
176
+ "Statement": [
177
+ {
178
+ "Action": [
179
+ "sqs:*"
180
+ ],
181
+ "Effect": "Allow",
182
+ "Resource": "*"
183
+ }
184
+ ]
185
+ }
186
+ },
187
+ "arn:aws:iam::aws:policy/AWSLambdaFullAccess": {
188
+ "VersionId": "v2",
189
+ "IsDefaultVersion": true,
190
+ "Document": {
191
+ "Version": "2012-10-17",
192
+ "Statement": [
193
+ {
194
+ "Effect": "Allow",
195
+ "Action": [
196
+ "cloudwatch:*",
197
+ "cognito-identity:ListIdentityPools",
198
+ "cognito-sync:GetCognitoEvents",
199
+ "cognito-sync:SetCognitoEvents",
200
+ "dynamodb:*",
201
+ "iam:ListAttachedRolePolicies",
202
+ "iam:ListRolePolicies",
203
+ "iam:ListRoles",
204
+ "iam:PassRole",
205
+ "kinesis:DescribeStream",
206
+ "kinesis:ListStreams",
207
+ "kinesis:PutRecord",
208
+ "lambda:*",
209
+ "logs:*",
210
+ "s3:*",
211
+ "sns:ListSubscriptions",
212
+ "sns:ListSubscriptionsByTopic",
213
+ "sns:ListTopics",
214
+ "sns:Subscribe",
215
+ "sns:Unsubscribe"
216
+ ],
217
+ "Resource": "*"
218
+ }
219
+ ]
220
+ }
221
+ },
222
+ "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM": {
223
+ "VersionId": "v1",
224
+ "IsDefaultVersion": true,
225
+ "Document": {
226
+ "Version": "2012-10-17",
227
+ "Statement": [
228
+ {
229
+ "Effect": "Allow",
230
+ "Action": [
231
+ "cloudwatch:PutMetricData",
232
+ "ds:CreateComputer",
233
+ "ds:DescribeDirectories",
234
+ "logs:CreateLogGroup",
235
+ "logs:CreateLogStream",
236
+ "logs:DescribeLogGroups",
237
+ "logs:DescribeLogStreams",
238
+ "logs:PutLogEvents",
239
+ "ssm:DescribeAssociation",
240
+ "ssm:GetDocument",
241
+ "ssm:ListAssociations",
242
+ "ssm:UpdateAssociationStatus"
243
+ ],
244
+ "Resource": "*"
245
+ }
246
+ ]
247
+ }
248
+ },
249
+ "arn:aws:iam::aws:policy/service-role/AWSCloudHSMRole": {
250
+ "VersionId": "v1",
251
+ "IsDefaultVersion": true,
252
+ "Document": {
253
+ "Version": "2012-10-17",
254
+ "Statement": [
255
+ {
256
+ "Effect": "Allow",
257
+ "Action": [
258
+ "ec2:CreateNetworkInterface",
259
+ "ec2:CreateTags",
260
+ "ec2:DeleteNetworkInterface",
261
+ "ec2:DescribeNetworkInterfaceAttribute",
262
+ "ec2:DescribeNetworkInterfaces",
263
+ "ec2:DescribeSubnets",
264
+ "ec2:DescribeVpcs",
265
+ "ec2:DetachNetworkInterface"
266
+ ],
267
+ "Resource": [
268
+ "*"
269
+ ]
270
+ }
271
+ ]
272
+ }
273
+ },
274
+ "arn:aws:iam::aws:policy/IAMFullAccess": {
275
+ "VersionId": "v1",
276
+ "IsDefaultVersion": true,
277
+ "Document": {
278
+ "Version": "2012-10-17",
279
+ "Statement": [
280
+ {
281
+ "Effect": "Allow",
282
+ "Action": "iam:*",
283
+ "Resource": "*"
284
+ }
285
+ ]
286
+ }
287
+ },
288
+ "arn:aws:iam::aws:policy/AmazonElastiCacheFullAccess": {
289
+ "VersionId": "v1",
290
+ "IsDefaultVersion": true,
291
+ "Document": {
292
+ "Version": "2012-10-17",
293
+ "Statement": [
294
+ {
295
+ "Action": "elasticache:*",
296
+ "Effect": "Allow",
297
+ "Resource": "*"
298
+ }
299
+ ]
300
+ }
301
+ },
302
+ "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy": {
303
+ "VersionId": "v1",
304
+ "IsDefaultVersion": true,
305
+ "Document": {
306
+ "Version": "2012-10-17",
307
+ "Statement": [
308
+ {
309
+ "Action": [
310
+ "s3:GetObject",
311
+ "s3:GetObjectVersion",
312
+ "s3:ListObjects"
313
+ ],
314
+ "Effect": "Allow",
315
+ "Resource": "*"
316
+ }
317
+ ]
318
+ }
319
+ },
320
+ "arn:aws:iam::aws:policy/AWSOpsWorksFullAccess": {
321
+ "VersionId": "v1",
322
+ "IsDefaultVersion": true,
323
+ "Document": {
324
+ "Version": "2012-10-17",
325
+ "Statement": [
326
+ {
327
+ "Effect": "Allow",
328
+ "Action": [
329
+ "opsworks:*",
330
+ "ec2:DescribeAvailabilityZones",
331
+ "ec2:DescribeKeyPairs",
332
+ "ec2:DescribeSecurityGroups",
333
+ "ec2:DescribeAccountAttributes",
334
+ "ec2:DescribeAvailabilityZones",
335
+ "ec2:DescribeSecurityGroups",
336
+ "ec2:DescribeSubnets",
337
+ "ec2:DescribeVpcs",
338
+ "elasticloadbalancing:DescribeInstanceHealth",
339
+ "elasticloadbalancing:DescribeLoadBalancers",
340
+ "iam:GetRolePolicy",
341
+ "iam:ListInstanceProfiles",
342
+ "iam:ListRoles",
343
+ "iam:ListUsers",
344
+ "iam:PassRole"
345
+ ],
346
+ "Resource": "*"
347
+ }
348
+ ]
349
+ }
350
+ },
351
+ "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole": {
352
+ "VersionId": "v2",
353
+ "IsDefaultVersion": true,
354
+ "Document": {
355
+ "Version": "2012-10-17",
356
+ "Statement": [
357
+ {
358
+ "Effect": "Allow",
359
+ "Resource": "*",
360
+ "Action": [
361
+ "ec2:AuthorizeSecurityGroupIngress",
362
+ "ec2:CancelSpotInstanceRequests",
363
+ "ec2:CreateSecurityGroup",
364
+ "ec2:CreateTags",
365
+ "ec2:DeleteTags",
366
+ "ec2:DescribeAvailabilityZones",
367
+ "ec2:DescribeAccountAttributes",
368
+ "ec2:DescribeInstances",
369
+ "ec2:DescribeInstanceStatus",
370
+ "ec2:DescribeKeyPairs",
371
+ "ec2:DescribePrefixLists",
372
+ "ec2:DescribeRouteTables",
373
+ "ec2:DescribeSecurityGroups",
374
+ "ec2:DescribeSpotInstanceRequests",
375
+ "ec2:DescribeSpotPriceHistory",
376
+ "ec2:DescribeSubnets",
377
+ "ec2:DescribeVpcAttribute",
378
+ "ec2:DescribeVpcEndpoints",
379
+ "ec2:DescribeVpcEndpointServices",
380
+ "ec2:DescribeVpcs",
381
+ "ec2:ModifyImageAttribute",
382
+ "ec2:ModifyInstanceAttribute",
383
+ "ec2:RequestSpotInstances",
384
+ "ec2:RunInstances",
385
+ "ec2:TerminateInstances",
386
+ "iam:GetRole",
387
+ "iam:GetRolePolicy",
388
+ "iam:ListInstanceProfiles",
389
+ "iam:ListRolePolicies",
390
+ "iam:PassRole",
391
+ "s3:CreateBucket",
392
+ "s3:Get*",
393
+ "s3:List*",
394
+ "sdb:BatchPutAttributes",
395
+ "sdb:Select",
396
+ "sqs:CreateQueue",
397
+ "sqs:Delete*",
398
+ "sqs:GetQueue*",
399
+ "sqs:ReceiveMessage"
400
+ ]
401
+ }
402
+ ]
403
+ }
404
+ },
405
+ "arn:aws:iam::aws:policy/AmazonRoute53DomainsReadOnlyAccess": {
406
+ "VersionId": "v1",
407
+ "IsDefaultVersion": true,
408
+ "Document": {
409
+ "Version": "2012-10-17",
410
+ "Statement": [
411
+ {
412
+ "Effect": "Allow",
413
+ "Action": [
414
+ "route53domains:Get*",
415
+ "route53domains:List*"
416
+ ],
417
+ "Resource": [
418
+ "*"
419
+ ]
420
+ }
421
+ ]
422
+ }
423
+ },
424
+ "arn:aws:iam::aws:policy/service-role/AWSOpsWorksRole": {
425
+ "VersionId": "v1",
426
+ "IsDefaultVersion": true,
427
+ "Document": {
428
+ "Version": "2012-10-17",
429
+ "Statement": [
430
+ {
431
+ "Effect": "Allow",
432
+ "Action": [
433
+ "cloudwatch:GetMetricStatistics",
434
+ "ec2:DescribeAccountAttributes",
435
+ "ec2:DescribeAvailabilityZones",
436
+ "ec2:DescribeInstances",
437
+ "ec2:DescribeKeyPairs",
438
+ "ec2:DescribeSecurityGroups",
439
+ "ec2:DescribeSubnets",
440
+ "ec2:DescribeVpcs",
441
+ "elasticloadbalancing:DescribeInstanceHealth",
442
+ "elasticloadbalancing:DescribeLoadBalancers",
443
+ "iam:GetRolePolicy",
444
+ "iam:ListInstanceProfiles",
445
+ "iam:ListRoles",
446
+ "iam:ListUsers",
447
+ "iam:PassRole",
448
+ "opsworks:*",
449
+ "rds:*"
450
+ ],
451
+ "Resource": [
452
+ "*"
453
+ ]
454
+ }
455
+ ]
456
+ }
457
+ },
458
+ "arn:aws:iam::aws:policy/SimpleWorkflowFullAccess": {
459
+ "VersionId": "v1",
460
+ "IsDefaultVersion": true,
461
+ "Document": {
462
+ "Version": "2012-10-17",
463
+ "Statement": [
464
+ {
465
+ "Action": [
466
+ "swf:*"
467
+ ],
468
+ "Effect": "Allow",
469
+ "Resource": "*"
470
+ }
471
+ ]
472
+ }
473
+ },
474
+ "arn:aws:iam::aws:policy/AmazonS3FullAccess": {
475
+ "VersionId": "v1",
476
+ "IsDefaultVersion": true,
477
+ "Document": {
478
+ "Version": "2012-10-17",
479
+ "Statement": [
480
+ {
481
+ "Effect": "Allow",
482
+ "Action": "s3:*",
483
+ "Resource": "*"
484
+ }
485
+ ]
486
+ }
487
+ },
488
+ "arn:aws:iam::aws:policy/AWSStorageGatewayReadOnlyAccess": {
489
+ "VersionId": "v1",
490
+ "IsDefaultVersion": true,
491
+ "Document": {
492
+ "Version": "2012-10-17",
493
+ "Statement": [
494
+ {
495
+ "Effect": "Allow",
496
+ "Action": [
497
+ "storagegateway:List*",
498
+ "storagegateway:Describe*"
499
+ ],
500
+ "Resource": "*"
501
+ },
502
+ {
503
+ "Effect": "Allow",
504
+ "Action": [
505
+ "ec2:DescribeSnapshots"
506
+ ],
507
+ "Resource": "*"
508
+ }
509
+ ]
510
+ }
511
+ },
512
+ "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role": {
513
+ "VersionId": "v2",
514
+ "IsDefaultVersion": true,
515
+ "Document": {
516
+ "Version": "2012-10-17",
517
+ "Statement": [
518
+ {
519
+ "Effect": "Allow",
520
+ "Resource": "*",
521
+ "Action": [
522
+ "cloudwatch:*",
523
+ "dynamodb:*",
524
+ "ec2:Describe*",
525
+ "elasticmapreduce:Describe*",
526
+ "elasticmapreduce:ListBootstrapActions",
527
+ "elasticmapreduce:ListClusters",
528
+ "elasticmapreduce:ListInstanceGroups",
529
+ "elasticmapreduce:ListInstances",
530
+ "elasticmapreduce:ListSteps",
531
+ "kinesis:CreateStream",
532
+ "kinesis:DeleteStream",
533
+ "kinesis:DescribeStream",
534
+ "kinesis:GetRecords",
535
+ "kinesis:GetShardIterator",
536
+ "kinesis:MergeShards",
537
+ "kinesis:PutRecord",
538
+ "kinesis:SplitShard",
539
+ "rds:Describe*",
540
+ "s3:*",
541
+ "sdb:*",
542
+ "sns:*",
543
+ "sqs:*"
544
+ ]
545
+ }
546
+ ]
547
+ }
548
+ },
549
+ "arn:aws:iam::aws:policy/AmazonRedshiftReadOnlyAccess": {
550
+ "VersionId": "v1",
551
+ "IsDefaultVersion": true,
552
+ "Document": {
553
+ "Version": "2012-10-17",
554
+ "Statement": [
555
+ {
556
+ "Action": [
557
+ "redshift:Describe*",
558
+ "redshift:ViewQueriesInConsole",
559
+ "ec2:DescribeAccountAttributes",
560
+ "ec2:DescribeAddresses",
561
+ "ec2:DescribeAvailabilityZones",
562
+ "ec2:DescribeSecurityGroups",
563
+ "ec2:DescribeSubnets",
564
+ "ec2:DescribeVpcs",
565
+ "ec2:DescribeInternetGateways",
566
+ "sns:Get*",
567
+ "sns:List*",
568
+ "cloudwatch:Describe*",
569
+ "cloudwatch:List*",
570
+ "cloudwatch:Get*"
571
+ ],
572
+ "Effect": "Allow",
573
+ "Resource": "*"
574
+ }
575
+ ]
576
+ }
577
+ },
578
+ "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess": {
579
+ "VersionId": "v1",
580
+ "IsDefaultVersion": true,
581
+ "Document": {
582
+ "Version": "2012-10-17",
583
+ "Statement": [
584
+ {
585
+ "Effect": "Allow",
586
+ "Action": "ec2:Describe*",
587
+ "Resource": "*"
588
+ },
589
+ {
590
+ "Effect": "Allow",
591
+ "Action": "elasticloadbalancing:Describe*",
592
+ "Resource": "*"
593
+ },
594
+ {
595
+ "Effect": "Allow",
596
+ "Action": [
597
+ "cloudwatch:ListMetrics",
598
+ "cloudwatch:GetMetricStatistics",
599
+ "cloudwatch:Describe*"
600
+ ],
601
+ "Resource": "*"
602
+ },
603
+ {
604
+ "Effect": "Allow",
605
+ "Action": "autoscaling:Describe*",
606
+ "Resource": "*"
607
+ }
608
+ ]
609
+ }
610
+ },
611
+ "arn:aws:iam::aws:policy/AmazonElasticMapReduceReadOnlyAccess": {
612
+ "VersionId": "v1",
613
+ "IsDefaultVersion": true,
614
+ "Document": {
615
+ "Version": "2012-10-17",
616
+ "Statement": [
617
+ {
618
+ "Action": [
619
+ "elasticmapreduce:Describe*",
620
+ "elasticmapreduce:List*",
621
+ "s3:GetObject",
622
+ "s3:ListAllMyBuckets",
623
+ "s3:ListBucket",
624
+ "sdb:Select",
625
+ "cloudwatch:GetMetricStatistics"
626
+ ],
627
+ "Effect": "Allow",
628
+ "Resource": "*"
629
+ }
630
+ ]
631
+ }
632
+ },
633
+ "arn:aws:iam::aws:policy/AWSDirectoryServiceReadOnlyAccess": {
634
+ "VersionId": "v1",
635
+ "IsDefaultVersion": true,
636
+ "Document": {
637
+ "Version": "2012-10-17",
638
+ "Statement": [
639
+ {
640
+ "Action": [
641
+ "ds:Check*",
642
+ "ds:Describe*",
643
+ "ds:Get*",
644
+ "ds:List*",
645
+ "ec2:DescribeNetworkInterfaces",
646
+ "ec2:DescribeSubnets",
647
+ "ec2:DescribeVpcs"
648
+ ],
649
+ "Effect": "Allow",
650
+ "Resource": "*"
651
+ }
652
+ ]
653
+ }
654
+ },
655
+ "arn:aws:iam::aws:policy/AmazonVPCReadOnlyAccess": {
656
+ "VersionId": "v2",
657
+ "IsDefaultVersion": true,
658
+ "Document": {
659
+ "Version": "2012-10-17",
660
+ "Statement": [
661
+ {
662
+ "Effect": "Allow",
663
+ "Action": [
664
+ "ec2:DescribeAddresses",
665
+ "ec2:DescribeCustomerGateways",
666
+ "ec2:DescribeDhcpOptions",
667
+ "ec2:DescribeInternetGateways",
668
+ "ec2:DescribeNetworkAcls",
669
+ "ec2:DescribeNetworkInterfaces",
670
+ "ec2:DescribePrefixLists",
671
+ "ec2:DescribeRouteTables",
672
+ "ec2:DescribeSecurityGroups",
673
+ "ec2:DescribeSubnets",
674
+ "ec2:DescribeVpcAttribute",
675
+ "ec2:DescribeVpcEndpoints",
676
+ "ec2:DescribeVpcEndpointServices",
677
+ "ec2:DescribeVpcPeeringConnection",
678
+ "ec2:DescribeVpcs",
679
+ "ec2:DescribeVpnConnections",
680
+ "ec2:DescribeVpnGateways"
681
+ ],
682
+ "Resource": "*"
683
+ }
684
+ ]
685
+ }
686
+ },
687
+ "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFullAccess": {
688
+ "VersionId": "v1",
689
+ "IsDefaultVersion": true,
690
+ "Document": {
691
+ "Version": "2012-10-17",
692
+ "Statement": [
693
+ {
694
+ "Effect": "Allow",
695
+ "Action": "mobileanalytics:*",
696
+ "Resource": "*"
697
+ }
698
+ ]
699
+ }
700
+ },
701
+ "arn:aws:iam::aws:policy/service-role/AWSDataPipelineRole": {
702
+ "VersionId": "v2",
703
+ "IsDefaultVersion": true,
704
+ "Document": {
705
+ "Version": "2012-10-17",
706
+ "Statement": [
707
+ {
708
+ "Effect": "Allow",
709
+ "Action": [
710
+ "cloudwatch:*",
711
+ "datapipeline:DescribeObjects",
712
+ "datapipeline:EvaluateExpression",
713
+ "dynamodb:BatchGetItem",
714
+ "dynamodb:DescribeTable",
715
+ "dynamodb:GetItem",
716
+ "dynamodb:Query",
717
+ "dynamodb:Scan",
718
+ "dynamodb:UpdateTable",
719
+ "ec2:AuthorizeSecurityGroupIngress",
720
+ "ec2:CancelSpotInstanceRequests",
721
+ "ec2:CreateSecurityGroup",
722
+ "ec2:CreateTags",
723
+ "ec2:DeleteTags",
724
+ "ec2:Describe*",
725
+ "ec2:ModifyImageAttribute",
726
+ "ec2:ModifyInstanceAttribute",
727
+ "ec2:RequestSpotInstances",
728
+ "ec2:RunInstances",
729
+ "ec2:StartInstances",
730
+ "ec2:StopInstances",
731
+ "ec2:TerminateInstances",
732
+ "elasticmapreduce:*",
733
+ "iam:GetRole",
734
+ "iam:GetRolePolicy",
735
+ "iam:ListRolePolicies",
736
+ "iam:ListInstanceProfiles",
737
+ "iam:PassRole",
738
+ "rds:DescribeDBInstances",
739
+ "rds:DescribeDBSecurityGroups",
740
+ "redshift:DescribeClusters",
741
+ "redshift:DescribeClusterSecurityGroups",
742
+ "s3:CreateBucket",
743
+ "s3:DeleteObject",
744
+ "s3:Get*",
745
+ "s3:List*",
746
+ "s3:Put*",
747
+ "sdb:BatchPutAttributes",
748
+ "sdb:Select*",
749
+ "sns:GetTopicAttributes",
750
+ "sns:ListTopics",
751
+ "sns:Publish",
752
+ "sns:Subscribe",
753
+ "sns:Unsubscribe"
754
+ ],
755
+ "Resource": [
756
+ "*"
757
+ ]
758
+ }
759
+ ]
760
+ }
761
+ },
762
+ "arn:aws:iam::aws:policy/CloudWatchFullAccess": {
763
+ "VersionId": "v1",
764
+ "IsDefaultVersion": true,
765
+ "Document": {
766
+ "Version": "2012-10-17",
767
+ "Statement": [
768
+ {
769
+ "Action": [
770
+ "autoscaling:Describe*",
771
+ "cloudwatch:*",
772
+ "logs:*",
773
+ "sns:*"
774
+ ],
775
+ "Effect": "Allow",
776
+ "Resource": "*"
777
+ }
778
+ ]
779
+ }
780
+ },
781
+ "arn:aws:iam::aws:policy/ReadOnlyAccess": {
782
+ "VersionId": "v2",
783
+ "IsDefaultVersion": true,
784
+ "Document": {
785
+ "Version": "2012-10-17",
786
+ "Statement": [
787
+ {
788
+ "Action": [
789
+ "appstream:Get*",
790
+ "autoscaling:Describe*",
791
+ "cloudformation:DescribeStacks",
792
+ "cloudformation:DescribeStackEvents",
793
+ "cloudformation:DescribeStackResource",
794
+ "cloudformation:DescribeStackResources",
795
+ "cloudformation:GetTemplate",
796
+ "cloudformation:List*",
797
+ "cloudfront:Get*",
798
+ "cloudfront:List*",
799
+ "cloudtrail:DescribeTrails",
800
+ "cloudtrail:GetTrailStatus",
801
+ "cloudwatch:Describe*",
802
+ "cloudwatch:Get*",
803
+ "cloudwatch:List*",
804
+ "directconnect:Describe*",
805
+ "dynamodb:GetItem",
806
+ "dynamodb:BatchGetItem",
807
+ "dynamodb:Query",
808
+ "dynamodb:Scan",
809
+ "dynamodb:DescribeTable",
810
+ "dynamodb:ListTables",
811
+ "ec2:Describe*",
812
+ "ecs:Describe*",
813
+ "ecs:List*",
814
+ "elasticache:Describe*",
815
+ "elasticbeanstalk:Check*",
816
+ "elasticbeanstalk:Describe*",
817
+ "elasticbeanstalk:List*",
818
+ "elasticbeanstalk:RequestEnvironmentInfo",
819
+ "elasticbeanstalk:RetrieveEnvironmentInfo",
820
+ "elasticloadbalancing:Describe*",
821
+ "elasticmapreduce:Describe*",
822
+ "elasticmapreduce:List*",
823
+ "elastictranscoder:Read*",
824
+ "elastictranscoder:List*",
825
+ "iam:List*",
826
+ "iam:GenerateCredentialReport",
827
+ "iam:Get*",
828
+ "kinesis:Describe*",
829
+ "kinesis:Get*",
830
+ "kinesis:List*",
831
+ "opsworks:Describe*",
832
+ "opsworks:Get*",
833
+ "route53:Get*",
834
+ "route53:List*",
835
+ "redshift:Describe*",
836
+ "redshift:ViewQueriesInConsole",
837
+ "rds:Describe*",
838
+ "rds:ListTagsForResource",
839
+ "s3:Get*",
840
+ "s3:List*",
841
+ "sdb:GetAttributes",
842
+ "sdb:List*",
843
+ "sdb:Select*",
844
+ "ses:Get*",
845
+ "ses:List*",
846
+ "sns:Get*",
847
+ "sns:List*",
848
+ "sqs:GetQueueAttributes",
849
+ "sqs:ListQueues",
850
+ "sqs:ReceiveMessage",
851
+ "storagegateway:List*",
852
+ "storagegateway:Describe*",
853
+ "tag:get*",
854
+ "trustedadvisor:Describe*"
855
+ ],
856
+ "Effect": "Allow",
857
+ "Resource": "*"
858
+ }
859
+ ]
860
+ }
861
+ },
862
+ "arn:aws:iam::aws:policy/AmazonMachineLearningBatchPredictionsAccess": {
863
+ "VersionId": "v1",
864
+ "IsDefaultVersion": true,
865
+ "Document": {
866
+ "Version": "2012-10-17",
867
+ "Statement": [
868
+ {
869
+ "Effect": "Allow",
870
+ "Action": [
871
+ "machinelearning:CreateBatchPrediction",
872
+ "machinelearning:DeleteBatchPrediction",
873
+ "machinelearning:DescribeBatchPredictions",
874
+ "machinelearning:GetBatchPrediction",
875
+ "machinelearning:UpdateBatchPrediction"
876
+ ],
877
+ "Resource": "*"
878
+ }
879
+ ]
880
+ }
881
+ },
882
+ "arn:aws:iam::aws:policy/AWSCodeDeployReadOnlyAccess": {
883
+ "VersionId": "v1",
884
+ "IsDefaultVersion": true,
885
+ "Document": {
886
+ "Version": "2012-10-17",
887
+ "Statement": [
888
+ {
889
+ "Action": [
890
+ "codedeploy:Batch*",
891
+ "codedeploy:Get*",
892
+ "codedeploy:List*"
893
+ ],
894
+ "Effect": "Allow",
895
+ "Resource": "*"
896
+ }
897
+ ]
898
+ }
899
+ },
900
+ "arn:aws:iam::aws:policy/CloudSearchFullAccess": {
901
+ "VersionId": "v1",
902
+ "IsDefaultVersion": true,
903
+ "Document": {
904
+ "Version": "2012-10-17",
905
+ "Statement": [
906
+ {
907
+ "Action": [
908
+ "cloudsearch:*"
909
+ ],
910
+ "Effect": "Allow",
911
+ "Resource": "*"
912
+ }
913
+ ]
914
+ }
915
+ },
916
+ "arn:aws:iam::aws:policy/AWSCloudHSMFullAccess": {
917
+ "VersionId": "v1",
918
+ "IsDefaultVersion": true,
919
+ "Document": {
920
+ "Version": "2012-10-17",
921
+ "Statement": [
922
+ {
923
+ "Effect": "Allow",
924
+ "Action": "cloudhsm:*",
925
+ "Resource": "*"
926
+ }
927
+ ]
928
+ }
929
+ },
930
+ "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetRole": {
931
+ "VersionId": "v1",
932
+ "IsDefaultVersion": true,
933
+ "Document": {
934
+ "Version": "2012-10-17",
935
+ "Statement": [
936
+ {
937
+ "Effect": "Allow",
938
+ "Action": [
939
+ "ec2:DescribeImages",
940
+ "ec2:DescribeSubnets",
941
+ "ec2:RequestSpotInstances",
942
+ "ec2:TerminateInstances"
943
+ ],
944
+ "Resource": [
945
+ "*"
946
+ ]
947
+ }
948
+ ]
949
+ }
950
+ },
951
+ "arn:aws:iam::aws:policy/AmazonElasticTranscoderJobsSubmitter": {
952
+ "VersionId": "v1",
953
+ "IsDefaultVersion": true,
954
+ "Document": {
955
+ "Version": "2012-10-17",
956
+ "Statement": [
957
+ {
958
+ "Action": [
959
+ "elastictranscoder:Read*",
960
+ "elastictranscoder:List*",
961
+ "elastictranscoder:*Job",
962
+ "elastictranscoder:*Preset",
963
+ "s3:List*",
964
+ "iam:List*",
965
+ "sns:List*"
966
+ ],
967
+ "Effect": "Allow",
968
+ "Resource": "*"
969
+ }
970
+ ]
971
+ }
972
+ },
973
+ "arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess": {
974
+ "VersionId": "v1",
975
+ "IsDefaultVersion": true,
976
+ "Document": {
977
+ "Version": "2012-10-17",
978
+ "Statement": [
979
+ {
980
+ "Action": [
981
+ "ds:*",
982
+ "ec2:AuthorizeSecurityGroupEgress",
983
+ "ec2:AuthorizeSecurityGroupIngress",
984
+ "ec2:CreateNetworkInterface",
985
+ "ec2:CreateSecurityGroup",
986
+ "ec2:DeleteNetworkInterface",
987
+ "ec2:DeleteSecurityGroup",
988
+ "ec2:DescribeNetworkInterfaces",
989
+ "ec2:DescribeSubnets",
990
+ "ec2:DescribeVpcs",
991
+ "ec2:RevokeSecurityGroupEgress",
992
+ "ec2:RevokeSecurityGroupIngress"
993
+ ],
994
+ "Effect": "Allow",
995
+ "Resource": "*"
996
+ }
997
+ ]
998
+ }
999
+ },
1000
+ "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess": {
1001
+ "VersionId": "v1",
1002
+ "IsDefaultVersion": true,
1003
+ "Document": {
1004
+ "Version": "2012-10-17",
1005
+ "Statement": [
1006
+ {
1007
+ "Action": [
1008
+ "dynamodb:*",
1009
+ "cloudwatch:DeleteAlarms",
1010
+ "cloudwatch:DescribeAlarmHistory",
1011
+ "cloudwatch:DescribeAlarms",
1012
+ "cloudwatch:DescribeAlarmsForMetric",
1013
+ "cloudwatch:GetMetricStatistics",
1014
+ "cloudwatch:ListMetrics",
1015
+ "cloudwatch:PutMetricAlarm",
1016
+ "datapipeline:ActivatePipeline",
1017
+ "datapipeline:CreatePipeline",
1018
+ "datapipeline:DeletePipeline",
1019
+ "datapipeline:DescribeObjects",
1020
+ "datapipeline:DescribePipelines",
1021
+ "datapipeline:GetPipelineDefinition",
1022
+ "datapipeline:ListPipelines",
1023
+ "datapipeline:PutPipelineDefinition",
1024
+ "datapipeline:QueryObjects",
1025
+ "iam:ListRoles",
1026
+ "sns:CreateTopic",
1027
+ "sns:DeleteTopic",
1028
+ "sns:ListSubscriptions",
1029
+ "sns:ListSubscriptionsByTopic",
1030
+ "sns:ListTopics",
1031
+ "sns:Subscribe",
1032
+ "sns:Unsubscribe"
1033
+ ],
1034
+ "Effect": "Allow",
1035
+ "Resource": "*"
1036
+ }
1037
+ ]
1038
+ }
1039
+ },
1040
+ "arn:aws:iam::aws:policy/AmazonSESReadOnlyAccess": {
1041
+ "VersionId": "v1",
1042
+ "IsDefaultVersion": true,
1043
+ "Document": {
1044
+ "Version": "2012-10-17",
1045
+ "Statement": [
1046
+ {
1047
+ "Effect": "Allow",
1048
+ "Action": [
1049
+ "ses:Get*",
1050
+ "ses:List*"
1051
+ ],
1052
+ "Resource": "*"
1053
+ }
1054
+ ]
1055
+ }
1056
+ },
1057
+ "arn:aws:iam::aws:policy/service-role/AutoScalingNotificationAccessRole": {
1058
+ "VersionId": "v1",
1059
+ "IsDefaultVersion": true,
1060
+ "Document": {
1061
+ "Version": "2012-10-17",
1062
+ "Statement": [
1063
+ {
1064
+ "Effect": "Allow",
1065
+ "Resource": "*",
1066
+ "Action": [
1067
+ "sqs:SendMessage",
1068
+ "sqs:GetQueueUrl",
1069
+ "sns:Publish"
1070
+ ]
1071
+ }
1072
+ ]
1073
+ }
1074
+ },
1075
+ "arn:aws:iam::aws:policy/AmazonKinesisReadOnlyAccess": {
1076
+ "VersionId": "v1",
1077
+ "IsDefaultVersion": true,
1078
+ "Document": {
1079
+ "Version": "2012-10-17",
1080
+ "Statement": [
1081
+ {
1082
+ "Effect": "Allow",
1083
+ "Action": [
1084
+ "kinesis:Get*",
1085
+ "kinesis:List*",
1086
+ "kinesis:Describe*"
1087
+ ],
1088
+ "Resource": "*"
1089
+ }
1090
+ ]
1091
+ }
1092
+ },
1093
+ "arn:aws:iam::aws:policy/AWSCodeDeployFullAccess": {
1094
+ "VersionId": "v1",
1095
+ "IsDefaultVersion": true,
1096
+ "Document": {
1097
+ "Version": "2012-10-17",
1098
+ "Statement": [
1099
+ {
1100
+ "Action": "codedeploy:*",
1101
+ "Effect": "Allow",
1102
+ "Resource": "*"
1103
+ }
1104
+ ]
1105
+ }
1106
+ },
1107
+ "arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole": {
1108
+ "VersionId": "v1",
1109
+ "IsDefaultVersion": true,
1110
+ "Document": {
1111
+ "Version": "2012-10-17",
1112
+ "Statement": [
1113
+ {
1114
+ "Effect": "Allow",
1115
+ "Action": [
1116
+ "dynamodb:DescribeStream",
1117
+ "dynamodb:GetRecords",
1118
+ "dynamodb:GetShardIterator",
1119
+ "dynamodb:ListStreams",
1120
+ "logs:CreateLogGroup",
1121
+ "logs:CreateLogStream",
1122
+ "logs:PutLogEvents"
1123
+ ],
1124
+ "Resource": "*"
1125
+ }
1126
+ ]
1127
+ }
1128
+ },
1129
+ "arn:aws:iam::aws:policy/AmazonRoute53DomainsFullAccess": {
1130
+ "VersionId": "v1",
1131
+ "IsDefaultVersion": true,
1132
+ "Document": {
1133
+ "Version": "2012-10-17",
1134
+ "Statement": [
1135
+ {
1136
+ "Effect": "Allow",
1137
+ "Action": [
1138
+ "route53:CreateHostedZone",
1139
+ "route53domains:*"
1140
+ ],
1141
+ "Resource": [
1142
+ "*"
1143
+ ]
1144
+ }
1145
+ ]
1146
+ }
1147
+ },
1148
+ "arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess": {
1149
+ "VersionId": "v1",
1150
+ "IsDefaultVersion": true,
1151
+ "Document": {
1152
+ "Version": "2012-10-17",
1153
+ "Statement": [
1154
+ {
1155
+ "Action": [
1156
+ "elasticache:Describe*"
1157
+ ],
1158
+ "Effect": "Allow",
1159
+ "Resource": "*"
1160
+ }
1161
+ ]
1162
+ }
1163
+ },
1164
+ "arn:aws:iam::aws:policy/AmazonElasticFileSystemReadOnlyAccess": {
1165
+ "VersionId": "v1",
1166
+ "IsDefaultVersion": true,
1167
+ "Document": {
1168
+ "Version": "2012-10-17",
1169
+ "Statement": [
1170
+ {
1171
+ "Action": [
1172
+ "ec2:DescribeAvailabilityZones",
1173
+ "ec2:DescribeNetworkInterfaceAttribute",
1174
+ "ec2:DescribeNetworkInterfaces",
1175
+ "ec2:DescribeSecurityGroups",
1176
+ "ec2:DescribeSubnets",
1177
+ "ec2:DescribeVpcs",
1178
+ "elasticfilesystem:Describe*"
1179
+ ],
1180
+ "Effect": "Allow",
1181
+ "Resource": "*"
1182
+ }
1183
+ ]
1184
+ }
1185
+ },
1186
+ "arn:aws:iam::aws:policy/CloudFrontFullAccess": {
1187
+ "VersionId": "v2",
1188
+ "IsDefaultVersion": true,
1189
+ "Document": {
1190
+ "Version": "2012-10-17",
1191
+ "Statement": [
1192
+ {
1193
+ "Action": [
1194
+ "s3:ListAllMyBuckets"
1195
+ ],
1196
+ "Effect": "Allow",
1197
+ "Resource": "arn:aws:s3:::*"
1198
+ },
1199
+ {
1200
+ "Action": [
1201
+ "cloudfront:*",
1202
+ "iam:ListServerCertificates"
1203
+ ],
1204
+ "Effect": "Allow",
1205
+ "Resource": "*"
1206
+ }
1207
+ ]
1208
+ }
1209
+ },
1210
+ "arn:aws:iam::aws:policy/service-role/AmazonMachineLearningRoleforRedshiftDataSource": {
1211
+ "VersionId": "v1",
1212
+ "IsDefaultVersion": true,
1213
+ "Document": {
1214
+ "Version": "2012-10-17",
1215
+ "Statement": [
1216
+ {
1217
+ "Effect": "Allow",
1218
+ "Action": [
1219
+ "ec2:AuthorizeSecurityGroupIngress",
1220
+ "ec2:CreateSecurityGroup",
1221
+ "ec2:DescribeInternetGateways",
1222
+ "ec2:DescribeSecurityGroups",
1223
+ "ec2:RevokeSecurityGroupIngress",
1224
+ "redshift:AuthorizeClusterSecurityGroupIngress",
1225
+ "redshift:CreateClusterSecurityGroup",
1226
+ "redshift:DescribeClusters",
1227
+ "redshift:DescribeClusterSecurityGroups",
1228
+ "redshift:ModifyCluster",
1229
+ "redshift:RevokeClusterSecurityGroupIngress",
1230
+ "s3:GetBucketLocation",
1231
+ "s3:GetBucketPolicy",
1232
+ "s3:GetObject",
1233
+ "s3:PutBucketPolicy",
1234
+ "s3:PutObject"
1235
+ ],
1236
+ "Resource": "*"
1237
+ }
1238
+ ]
1239
+ }
1240
+ },
1241
+ "arn:aws:iam::aws:policy/AmazonMobileAnalyticsNon-financialReportAccess": {
1242
+ "VersionId": "v1",
1243
+ "IsDefaultVersion": true,
1244
+ "Document": {
1245
+ "Version": "2012-10-17",
1246
+ "Statement": [
1247
+ {
1248
+ "Effect": "Allow",
1249
+ "Action": "mobileanalytics:GetReports",
1250
+ "Resource": "*"
1251
+ }
1252
+ ]
1253
+ }
1254
+ },
1255
+ "arn:aws:iam::aws:policy/AWSCloudTrailFullAccess": {
1256
+ "VersionId": "v1",
1257
+ "IsDefaultVersion": true,
1258
+ "Document": {
1259
+ "Version": "2012-10-17",
1260
+ "Statement": [
1261
+ {
1262
+ "Effect": "Allow",
1263
+ "Action": [
1264
+ "sns:AddPermission",
1265
+ "sns:CreateTopic",
1266
+ "sns:DeleteTopic",
1267
+ "sns:ListTopics",
1268
+ "sns:SetTopicAttributes"
1269
+ ],
1270
+ "Resource": "arn:aws:sns:*"
1271
+ },
1272
+ {
1273
+ "Effect": "Allow",
1274
+ "Action": [
1275
+ "s3:CreateBucket",
1276
+ "s3:DeleteBucket",
1277
+ "s3:ListAllMyBuckets",
1278
+ "s3:PutBucketPolicy",
1279
+ "s3:ListBucket",
1280
+ "s3:GetBucketLocation",
1281
+ "s3:GetObject"
1282
+ ],
1283
+ "Resource": "arn:aws:s3:::*"
1284
+ },
1285
+ {
1286
+ "Effect": "Allow",
1287
+ "Action": "cloudtrail:*",
1288
+ "Resource": "*"
1289
+ },
1290
+ {
1291
+ "Effect": "Allow",
1292
+ "Action": [
1293
+ "logs:CreateLogGroup"
1294
+ ],
1295
+ "Resource": "arn:aws:logs:*"
1296
+ },
1297
+ {
1298
+ "Effect": "Allow",
1299
+ "Action": [
1300
+ "iam:PassRole",
1301
+ "iam:ListRoles",
1302
+ "iam:GetRolePolicy"
1303
+ ],
1304
+ "Resource": "arn:aws:iam::*"
1305
+ }
1306
+ ]
1307
+ }
1308
+ },
1309
+ "arn:aws:iam::aws:policy/AmazonCognitoDeveloperAuthenticatedIdentities": {
1310
+ "VersionId": "v1",
1311
+ "IsDefaultVersion": true,
1312
+ "Document": {
1313
+ "Version": "2012-10-17",
1314
+ "Statement": [
1315
+ {
1316
+ "Effect": "Allow",
1317
+ "Action": [
1318
+ "cognito-identity:GetOpenIdTokenForDeveloperIdentity",
1319
+ "cognito-identity:LookupDeveloperIdentity",
1320
+ "cognito-identity:MergeDeveloperIdentities",
1321
+ "cognito-identity:UnlinkDeveloperIdentity"
1322
+ ],
1323
+ "Resource": "*"
1324
+ }
1325
+ ]
1326
+ }
1327
+ },
1328
+ "arn:aws:iam::aws:policy/service-role/AWSConfigRole": {
1329
+ "VersionId": "v1",
1330
+ "IsDefaultVersion": true,
1331
+ "Document": {
1332
+ "Version": "2012-10-17",
1333
+ "Statement": [
1334
+ {
1335
+ "Effect": "Allow",
1336
+ "Action": [
1337
+ "cloudtrail:DescribeTrails",
1338
+ "ec2:Describe*"
1339
+ ],
1340
+ "Resource": "*"
1341
+ }
1342
+ ]
1343
+ }
1344
+ },
1345
+ "arn:aws:iam::aws:policy/AmazonRedshiftFullAccess": {
1346
+ "VersionId": "v1",
1347
+ "IsDefaultVersion": true,
1348
+ "Document": {
1349
+ "Version": "2012-10-17",
1350
+ "Statement": [
1351
+ {
1352
+ "Action": [
1353
+ "redshift:*",
1354
+ "ec2:DescribeAccountAttributes",
1355
+ "ec2:DescribeAddresses",
1356
+ "ec2:DescribeAvailabilityZones",
1357
+ "ec2:DescribeSecurityGroups",
1358
+ "ec2:DescribeSubnets",
1359
+ "ec2:DescribeVpcs",
1360
+ "ec2:DescribeInternetGateways",
1361
+ "sns:CreateTopic",
1362
+ "sns:Get*",
1363
+ "sns:List*",
1364
+ "cloudwatch:Describe*",
1365
+ "cloudwatch:Get*",
1366
+ "cloudwatch:List*",
1367
+ "cloudwatch:PutMetricAlarm",
1368
+ "cloudwatch:EnableAlarmActions",
1369
+ "cloudwatch:DisableAlarmActions"
1370
+ ],
1371
+ "Effect": "Allow",
1372
+ "Resource": "*"
1373
+ }
1374
+ ]
1375
+ }
1376
+ },
1377
+ "arn:aws:iam::aws:policy/AmazonZocaloReadOnlyAccess": {
1378
+ "VersionId": "v1",
1379
+ "IsDefaultVersion": true,
1380
+ "Document": {
1381
+ "Version": "2012-10-17",
1382
+ "Statement": [
1383
+ {
1384
+ "Effect": "Allow",
1385
+ "Action": [
1386
+ "zocalo:Describe*",
1387
+ "ds:DescribeDirectories",
1388
+ "ec2:DescribeVpcs",
1389
+ "ec2:DescribeSubnets"
1390
+ ],
1391
+ "Resource": "*"
1392
+ }
1393
+ ]
1394
+ }
1395
+ },
1396
+ "arn:aws:iam::aws:policy/AWSCloudHSMReadOnlyAccess": {
1397
+ "VersionId": "v1",
1398
+ "IsDefaultVersion": true,
1399
+ "Document": {
1400
+ "Version": "2012-10-17",
1401
+ "Statement": [
1402
+ {
1403
+ "Effect": "Allow",
1404
+ "Action": [
1405
+ "cloudhsm:Get*",
1406
+ "cloudhsm:List*",
1407
+ "cloudhsm:Describe*"
1408
+ ],
1409
+ "Resource": "*"
1410
+ }
1411
+ ]
1412
+ }
1413
+ },
1414
+ "arn:aws:iam::aws:policy/AmazonRoute53ReadOnlyAccess": {
1415
+ "VersionId": "v1",
1416
+ "IsDefaultVersion": true,
1417
+ "Document": {
1418
+ "Version": "2012-10-17",
1419
+ "Statement": [
1420
+ {
1421
+ "Effect": "Allow",
1422
+ "Action": [
1423
+ "route53:Get*",
1424
+ "route53:List*"
1425
+ ],
1426
+ "Resource": [
1427
+ "*"
1428
+ ]
1429
+ }
1430
+ ]
1431
+ }
1432
+ },
1433
+ "arn:aws:iam::aws:policy/AmazonEC2ReportsAccess": {
1434
+ "VersionId": "v1",
1435
+ "IsDefaultVersion": true,
1436
+ "Document": {
1437
+ "Version": "2012-10-17",
1438
+ "Statement": [
1439
+ {
1440
+ "Action": "ec2-reports:*",
1441
+ "Effect": "Allow",
1442
+ "Resource": "*"
1443
+ }
1444
+ ]
1445
+ }
1446
+ },
1447
+ "arn:aws:iam::aws:policy/AmazonSQSReadOnlyAccess": {
1448
+ "VersionId": "v1",
1449
+ "IsDefaultVersion": true,
1450
+ "Document": {
1451
+ "Version": "2012-10-17",
1452
+ "Statement": [
1453
+ {
1454
+ "Action": [
1455
+ "sqs:GetQueueAttributes",
1456
+ "sqs:ListQueues"
1457
+ ],
1458
+ "Effect": "Allow",
1459
+ "Resource": "*"
1460
+ }
1461
+ ]
1462
+ }
1463
+ },
1464
+ "arn:aws:iam::aws:policy/AmazonKinesisFullAccess": {
1465
+ "VersionId": "v1",
1466
+ "IsDefaultVersion": true,
1467
+ "Document": {
1468
+ "Version": "2012-10-17",
1469
+ "Statement": [
1470
+ {
1471
+ "Effect": "Allow",
1472
+ "Action": "kinesis:*",
1473
+ "Resource": "*"
1474
+ }
1475
+ ]
1476
+ }
1477
+ },
1478
+ "arn:aws:iam::aws:policy/AmazonMachineLearningReadOnlyAccess": {
1479
+ "VersionId": "v1",
1480
+ "IsDefaultVersion": true,
1481
+ "Document": {
1482
+ "Version": "2012-10-17",
1483
+ "Statement": [
1484
+ {
1485
+ "Effect": "Allow",
1486
+ "Action": [
1487
+ "machinelearning:Describe*",
1488
+ "machinelearning:Get*"
1489
+ ],
1490
+ "Resource": "*"
1491
+ }
1492
+ ]
1493
+ }
1494
+ },
1495
+ "arn:aws:iam::aws:policy/service-role/RDSCloudHsmAuthorizationRole": {
1496
+ "VersionId": "v1",
1497
+ "IsDefaultVersion": true,
1498
+ "Document": {
1499
+ "Version": "2012-10-17",
1500
+ "Statement": [
1501
+ {
1502
+ "Effect": "Allow",
1503
+ "Action": [
1504
+ "cloudhsm:CreateLunaClient",
1505
+ "cloudhsm:GetClientConfiguration",
1506
+ "cloudhsm:DeleteLunaClient",
1507
+ "cloudhsm:DescribeLunaClient",
1508
+ "cloudhsm:ModifyLunaClient",
1509
+ "cloudhsm:DescribeHapg",
1510
+ "cloudhsm:ModifyHapg",
1511
+ "cloudhsm:GetConfig"
1512
+ ],
1513
+ "Resource": "*"
1514
+ }
1515
+ ]
1516
+ }
1517
+ },
1518
+ "arn:aws:iam::aws:policy/AmazonMachineLearningFullAccess": {
1519
+ "VersionId": "v1",
1520
+ "IsDefaultVersion": true,
1521
+ "Document": {
1522
+ "Version": "2012-10-17",
1523
+ "Statement": [
1524
+ {
1525
+ "Effect": "Allow",
1526
+ "Action": [
1527
+ "machinelearning:*"
1528
+ ],
1529
+ "Resource": "*"
1530
+ }
1531
+ ]
1532
+ }
1533
+ },
1534
+ "arn:aws:iam::aws:policy/AdministratorAccess": {
1535
+ "VersionId": "v1",
1536
+ "IsDefaultVersion": true,
1537
+ "Document": {
1538
+ "Version": "2012-10-17",
1539
+ "Statement": [
1540
+ {
1541
+ "Effect": "Allow",
1542
+ "Action": "*",
1543
+ "Resource": "*"
1544
+ }
1545
+ ]
1546
+ }
1547
+ },
1548
+ "arn:aws:iam::aws:policy/AmazonMachineLearningRealTimePredictionOnlyAccess": {
1549
+ "VersionId": "v1",
1550
+ "IsDefaultVersion": true,
1551
+ "Document": {
1552
+ "Version": "2012-10-17",
1553
+ "Statement": [
1554
+ {
1555
+ "Effect": "Allow",
1556
+ "Action": [
1557
+ "machinelearning:Predict"
1558
+ ],
1559
+ "Resource": "*"
1560
+ }
1561
+ ]
1562
+ }
1563
+ },
1564
+ "arn:aws:iam::aws:policy/AWSConfigUserAccess": {
1565
+ "VersionId": "v1",
1566
+ "IsDefaultVersion": true,
1567
+ "Document": {
1568
+ "Version": "2012-10-17",
1569
+ "Statement": [
1570
+ {
1571
+ "Effect": "Allow",
1572
+ "Action": [
1573
+ "config:Get*",
1574
+ "config:Describe*",
1575
+ "config:Deliver*",
1576
+ "tag:GetResources",
1577
+ "tag:GetTagKeys"
1578
+ ],
1579
+ "Resource": "*"
1580
+ }
1581
+ ]
1582
+ }
1583
+ },
1584
+ "arn:aws:iam::aws:policy/SecurityAudit": {
1585
+ "VersionId": "v2",
1586
+ "IsDefaultVersion": true,
1587
+ "Document": {
1588
+ "Version": "2012-10-17",
1589
+ "Statement": [
1590
+ {
1591
+ "Action": [
1592
+ "autoscaling:Describe*",
1593
+ "cloudformation:DescribeStack*",
1594
+ "cloudformation:GetTemplate",
1595
+ "cloudformation:ListStack*",
1596
+ "cloudfront:Get*",
1597
+ "cloudfront:List*",
1598
+ "cloudwatch:Describe*",
1599
+ "directconnect:Describe*",
1600
+ "dynamodb:ListTables",
1601
+ "ec2:Describe*",
1602
+ "ecs:Describe*",
1603
+ "ecs:List*",
1604
+ "elasticbeanstalk:Describe*",
1605
+ "elasticache:Describe*",
1606
+ "elasticloadbalancing:Describe*",
1607
+ "elasticmapreduce:DescribeJobFlows",
1608
+ "glacier:ListVaults",
1609
+ "iam:GenerateCredentialReport",
1610
+ "iam:Get*",
1611
+ "iam:List*",
1612
+ "rds:Describe*",
1613
+ "rds:DownloadDBLogFilePortion",
1614
+ "rds:ListTagsForResource",
1615
+ "redshift:Describe*",
1616
+ "route53:GetHostedZone",
1617
+ "route53:ListHostedZones",
1618
+ "route53:ListResourceRecordSets",
1619
+ "s3:GetBucket*",
1620
+ "s3:GetLifecycleConfiguration",
1621
+ "s3:GetObjectAcl",
1622
+ "s3:GetObjectVersionAcl",
1623
+ "s3:ListAllMyBuckets",
1624
+ "sdb:DomainMetadata",
1625
+ "sdb:ListDomains",
1626
+ "sns:GetTopicAttributes",
1627
+ "sns:ListTopics",
1628
+ "sqs:GetQueueAttributes",
1629
+ "sqs:ListQueues"
1630
+ ],
1631
+ "Effect": "Allow",
1632
+ "Resource": "*"
1633
+ }
1634
+ ]
1635
+ }
1636
+ },
1637
+ "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess": {
1638
+ "VersionId": "v1",
1639
+ "IsDefaultVersion": true,
1640
+ "Document": {
1641
+ "Version": "2012-10-17",
1642
+ "Statement": [
1643
+ {
1644
+ "Action": [
1645
+ "cloudwatch:DescribeAlarmHistory",
1646
+ "cloudwatch:DescribeAlarms",
1647
+ "cloudwatch:DescribeAlarmsForMetric",
1648
+ "cloudwatch:GetMetricStatistics",
1649
+ "cloudwatch:ListMetrics",
1650
+ "datapipeline:DescribeObjects",
1651
+ "datapipeline:DescribePipelines",
1652
+ "datapipeline:GetPipelineDefinition",
1653
+ "datapipeline:ListPipelines",
1654
+ "datapipeline:QueryObjects",
1655
+ "dynamodb:BatchGetItem",
1656
+ "dynamodb:DescribeTable",
1657
+ "dynamodb:GetItem",
1658
+ "dynamodb:ListTables",
1659
+ "dynamodb:Query",
1660
+ "dynamodb:Scan",
1661
+ "sns:ListSubscriptionsByTopic",
1662
+ "sns:ListTopics"
1663
+ ],
1664
+ "Effect": "Allow",
1665
+ "Resource": "*"
1666
+ }
1667
+ ]
1668
+ }
1669
+ },
1670
+ "arn:aws:iam::aws:policy/AmazonSNSReadOnlyAccess": {
1671
+ "VersionId": "v1",
1672
+ "IsDefaultVersion": true,
1673
+ "Document": {
1674
+ "Version": "2012-10-17",
1675
+ "Statement": [
1676
+ {
1677
+ "Effect": "Allow",
1678
+ "Action": [
1679
+ "sns:GetTopicAttributes",
1680
+ "sns:List*"
1681
+ ],
1682
+ "Resource": "*"
1683
+ }
1684
+ ]
1685
+ }
1686
+ },
1687
+ "arn:aws:iam::aws:policy/AmazonElasticMapReduceFullAccess": {
1688
+ "VersionId": "v3",
1689
+ "IsDefaultVersion": true,
1690
+ "Document": {
1691
+ "Version": "2012-10-17",
1692
+ "Statement": [
1693
+ {
1694
+ "Action": [
1695
+ "cloudwatch:*",
1696
+ "ec2:AuthorizeSecurityGroupIngress",
1697
+ "ec2:CancelSpotInstanceRequests",
1698
+ "ec2:CreateSecurityGroup",
1699
+ "ec2:CreateTags",
1700
+ "ec2:DeleteTags",
1701
+ "ec2:DescribeAvailabilityZones",
1702
+ "ec2:DescribeAccountAttributes",
1703
+ "ec2:DescribeInstances",
1704
+ "ec2:DescribeKeyPairs",
1705
+ "ec2:DescribeRouteTables",
1706
+ "ec2:DescribeSecurityGroups",
1707
+ "ec2:DescribeSpotInstanceRequests",
1708
+ "ec2:DescribeSpotPriceHistory",
1709
+ "ec2:DescribeSubnets",
1710
+ "ec2:DescribeVpcAttribute",
1711
+ "ec2:DescribeVpcs",
1712
+ "ec2:ModifyImageAttribute",
1713
+ "ec2:ModifyInstanceAttribute",
1714
+ "ec2:RequestSpotInstances",
1715
+ "ec2:RunInstances",
1716
+ "ec2:TerminateInstances",
1717
+ "elasticmapreduce:*",
1718
+ "iam:GetPolicy",
1719
+ "iam:GetPolicyVersion",
1720
+ "iam:ListRoles",
1721
+ "iam:PassRole",
1722
+ "kms:List*",
1723
+ "s3:*",
1724
+ "sdb:*",
1725
+ "support:CreateCase",
1726
+ "support:DescribeServices",
1727
+ "support:DescribeSeverityLevels"
1728
+ ],
1729
+ "Effect": "Allow",
1730
+ "Resource": "*"
1731
+ }
1732
+ ]
1733
+ }
1734
+ },
1735
+ "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess": {
1736
+ "VersionId": "v1",
1737
+ "IsDefaultVersion": true,
1738
+ "Document": {
1739
+ "Version": "2012-10-17",
1740
+ "Statement": [
1741
+ {
1742
+ "Effect": "Allow",
1743
+ "Action": [
1744
+ "s3:Get*",
1745
+ "s3:List*"
1746
+ ],
1747
+ "Resource": "*"
1748
+ }
1749
+ ]
1750
+ }
1751
+ },
1752
+ "arn:aws:iam::aws:policy/AWSElasticBeanstalkFullAccess": {
1753
+ "VersionId": "v1",
1754
+ "IsDefaultVersion": true,
1755
+ "Document": {
1756
+ "Version": "2012-10-17",
1757
+ "Statement": [
1758
+ {
1759
+ "Effect": "Allow",
1760
+ "Action": [
1761
+ "elasticbeanstalk:*",
1762
+ "ec2:*",
1763
+ "elasticloadbalancing:*",
1764
+ "autoscaling:*",
1765
+ "cloudwatch:*",
1766
+ "s3:*",
1767
+ "sns:*",
1768
+ "cloudformation:*",
1769
+ "rds:*",
1770
+ "sqs:*",
1771
+ "iam:PassRole"
1772
+ ],
1773
+ "Resource": "*"
1774
+ }
1775
+ ]
1776
+ }
1777
+ },
1778
+ "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole": {
1779
+ "VersionId": "v1",
1780
+ "IsDefaultVersion": true,
1781
+ "Document": {
1782
+ "Version": "2012-10-17",
1783
+ "Statement": [
1784
+ {
1785
+ "Effect": "Allow",
1786
+ "Action": [
1787
+ "autoscaling:CompleteLifecycleAction",
1788
+ "autoscaling:DeleteLifecycleHook",
1789
+ "autoscaling:DescribeAutoScalingGroups",
1790
+ "autoscaling:DescribeLifecycleHooks",
1791
+ "autoscaling:PutLifecycleHook",
1792
+ "autoscaling:RecordLifecycleActionHeartbeat",
1793
+ "ec2:DescribeInstances",
1794
+ "ec2:DescribeInstanceStatus",
1795
+ "tag:GetTags",
1796
+ "tag:GetResources"
1797
+ ],
1798
+ "Resource": "*"
1799
+ }
1800
+ ]
1801
+ }
1802
+ },
1803
+ "arn:aws:iam::aws:policy/AmazonSESFullAccess": {
1804
+ "VersionId": "v1",
1805
+ "IsDefaultVersion": true,
1806
+ "Document": {
1807
+ "Version": "2012-10-17",
1808
+ "Statement": [
1809
+ {
1810
+ "Effect": "Allow",
1811
+ "Action": [
1812
+ "ses:*"
1813
+ ],
1814
+ "Resource": "*"
1815
+ }
1816
+ ]
1817
+ }
1818
+ },
1819
+ "arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess": {
1820
+ "VersionId": "v1",
1821
+ "IsDefaultVersion": true,
1822
+ "Document": {
1823
+ "Version": "2012-10-17",
1824
+ "Statement": [
1825
+ {
1826
+ "Action": [
1827
+ "logs:Describe*",
1828
+ "logs:Get*",
1829
+ "logs:TestMetricFilter"
1830
+ ],
1831
+ "Effect": "Allow",
1832
+ "Resource": "*"
1833
+ }
1834
+ ]
1835
+ }
1836
+ },
1837
+ "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI": {
1838
+ "VersionId": "v1",
1839
+ "IsDefaultVersion": true,
1840
+ "Document": {
1841
+ "Version": "2012-10-17",
1842
+ "Statement": [
1843
+ {
1844
+ "Effect": "Allow",
1845
+ "Action": [
1846
+ "opsworks:AssignInstance",
1847
+ "opsworks:CreateStack",
1848
+ "opsworks:CreateLayer",
1849
+ "opsworks:DeregisterInstance",
1850
+ "opsworks:DescribeInstances",
1851
+ "opsworks:DescribeStackProvisioningParameters",
1852
+ "opsworks:DescribeStacks",
1853
+ "opsworks:UnassignInstance"
1854
+ ],
1855
+ "Resource": [
1856
+ "*"
1857
+ ]
1858
+ },
1859
+ {
1860
+ "Effect": "Allow",
1861
+ "Action": [
1862
+ "ec2:DescribeInstances"
1863
+ ],
1864
+ "Resource": [
1865
+ "*"
1866
+ ]
1867
+ },
1868
+ {
1869
+ "Effect": "Allow",
1870
+ "Action": [
1871
+ "iam:AddUserToGroup",
1872
+ "iam:CreateAccessKey",
1873
+ "iam:CreateGroup",
1874
+ "iam:CreateUser",
1875
+ "iam:ListInstanceProfiles",
1876
+ "iam:PassRole",
1877
+ "iam:PutUserPolicy"
1878
+ ],
1879
+ "Resource": [
1880
+ "*"
1881
+ ]
1882
+ }
1883
+ ]
1884
+ }
1885
+ },
1886
+ "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccesswithDataPipeline": {
1887
+ "VersionId": "v1",
1888
+ "IsDefaultVersion": true,
1889
+ "Document": {
1890
+ "Version": "2012-10-17",
1891
+ "Statement": [
1892
+ {
1893
+ "Action": [
1894
+ "cloudwatch:DeleteAlarms",
1895
+ "cloudwatch:DescribeAlarmHistory",
1896
+ "cloudwatch:DescribeAlarms",
1897
+ "cloudwatch:DescribeAlarmsForMetric",
1898
+ "cloudwatch:GetMetricStatistics",
1899
+ "cloudwatch:ListMetrics",
1900
+ "cloudwatch:PutMetricAlarm",
1901
+ "dynamodb:*",
1902
+ "sns:CreateTopic",
1903
+ "sns:DeleteTopic",
1904
+ "sns:ListSubscriptions",
1905
+ "sns:ListSubscriptionsByTopic",
1906
+ "sns:ListTopics",
1907
+ "sns:Subscribe",
1908
+ "sns:Unsubscribe"
1909
+ ],
1910
+ "Effect": "Allow",
1911
+ "Resource": "*",
1912
+ "Sid": "DDBConsole"
1913
+ },
1914
+ {
1915
+ "Action": [
1916
+ "datapipeline:*",
1917
+ "iam:ListRoles"
1918
+ ],
1919
+ "Effect": "Allow",
1920
+ "Resource": "*",
1921
+ "Sid": "DDBConsoleImportExport"
1922
+ },
1923
+ {
1924
+ "Effect": "Allow",
1925
+ "Action": [
1926
+ "iam:GetRolePolicy",
1927
+ "iam:PassRole"
1928
+ ],
1929
+ "Resource": [
1930
+ "*"
1931
+ ],
1932
+ "Sid": "IAMEDPRoles"
1933
+ },
1934
+ {
1935
+ "Action": [
1936
+ "ec2:CreateTags",
1937
+ "ec2:DescribeInstances",
1938
+ "ec2:RunInstances",
1939
+ "ec2:StartInstances",
1940
+ "ec2:StopInstances",
1941
+ "ec2:TerminateInstances",
1942
+ "elasticmapreduce:*",
1943
+ "datapipeline:*"
1944
+ ],
1945
+ "Effect": "Allow",
1946
+ "Resource": "*",
1947
+ "Sid": "EMR"
1948
+ },
1949
+ {
1950
+ "Action": [
1951
+ "s3:DeleteObject",
1952
+ "s3:Get*",
1953
+ "s3:List*",
1954
+ "s3:Put*"
1955
+ ],
1956
+ "Effect": "Allow",
1957
+ "Resource": [
1958
+ "*"
1959
+ ],
1960
+ "Sid": "S3"
1961
+ }
1962
+ ]
1963
+ }
1964
+ },
1965
+ "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforDataPipelineRole": {
1966
+ "VersionId": "v2",
1967
+ "IsDefaultVersion": true,
1968
+ "Document": {
1969
+ "Version": "2012-10-17",
1970
+ "Statement": [
1971
+ {
1972
+ "Effect": "Allow",
1973
+ "Action": [
1974
+ "cloudwatch:*",
1975
+ "datapipeline:*",
1976
+ "dynamodb:*",
1977
+ "ec2:Describe*",
1978
+ "elasticmapreduce:AddJobFlowSteps",
1979
+ "elasticmapreduce:Describe*",
1980
+ "elasticmapreduce:ListInstance*",
1981
+ "rds:Describe*",
1982
+ "redshift:DescribeClusters",
1983
+ "redshift:DescribeClusterSecurityGroups",
1984
+ "s3:*",
1985
+ "sdb:*",
1986
+ "sns:*",
1987
+ "sqs:*"
1988
+ ],
1989
+ "Resource": [
1990
+ "*"
1991
+ ]
1992
+ }
1993
+ ]
1994
+ }
1995
+ },
1996
+ "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess": {
1997
+ "VersionId": "v1",
1998
+ "IsDefaultVersion": true,
1999
+ "Document": {
2000
+ "Version": "2012-10-17",
2001
+ "Statement": [
2002
+ {
2003
+ "Action": [
2004
+ "logs:*"
2005
+ ],
2006
+ "Effect": "Allow",
2007
+ "Resource": "*"
2008
+ }
2009
+ ]
2010
+ }
2011
+ },
2012
+ "arn:aws:iam::aws:policy/AmazonElasticTranscoderFullAccess": {
2013
+ "VersionId": "v1",
2014
+ "IsDefaultVersion": true,
2015
+ "Document": {
2016
+ "Version": "2012-10-17",
2017
+ "Statement": [
2018
+ {
2019
+ "Action": [
2020
+ "elastictranscoder:*",
2021
+ "cloudfront:*",
2022
+ "s3:List*",
2023
+ "s3:Put*",
2024
+ "s3:Get*",
2025
+ "s3:*MultipartUpload*",
2026
+ "iam:CreateRole",
2027
+ "iam:GetRolePolicy",
2028
+ "iam:PassRole",
2029
+ "iam:PutRolePolicy",
2030
+ "iam:List*",
2031
+ "sns:CreateTopic",
2032
+ "sns:List*"
2033
+ ],
2034
+ "Effect": "Allow",
2035
+ "Resource": "*"
2036
+ }
2037
+ ]
2038
+ }
2039
+ },
2040
+ "arn:aws:iam::aws:policy/AmazonMobileAnalyticsWriteOnlyAccess": {
2041
+ "VersionId": "v1",
2042
+ "IsDefaultVersion": true,
2043
+ "Document": {
2044
+ "Version": "2012-10-17",
2045
+ "Statement": [
2046
+ {
2047
+ "Effect": "Allow",
2048
+ "Action": "mobileanalytics:PutEvents",
2049
+ "Resource": "*"
2050
+ }
2051
+ ]
2052
+ }
2053
+ },
2054
+ "arn:aws:iam::aws:policy/AWSConnector": {
2055
+ "VersionId": "v2",
2056
+ "IsDefaultVersion": true,
2057
+ "Document": {
2058
+ "Version": "2012-10-17",
2059
+ "Statement": [
2060
+ {
2061
+ "Effect": "Allow",
2062
+ "Action": "iam:GetUser",
2063
+ "Resource": "*"
2064
+ },
2065
+ {
2066
+ "Effect": "Allow",
2067
+ "Action": [
2068
+ "s3:ListAllMyBuckets"
2069
+ ],
2070
+ "Resource": "*"
2071
+ },
2072
+ {
2073
+ "Effect": "Allow",
2074
+ "Action": [
2075
+ "s3:CreateBucket",
2076
+ "s3:DeleteBucket",
2077
+ "s3:DeleteObject",
2078
+ "s3:GetBucketLocation",
2079
+ "s3:GetObject",
2080
+ "s3:ListBucket",
2081
+ "s3:PutObject",
2082
+ "s3:PutObjectAcl"
2083
+ ],
2084
+ "Resource": "arn:aws:s3:::import-to-ec2-*"
2085
+ },
2086
+ {
2087
+ "Effect": "Allow",
2088
+ "Action": [
2089
+ "ec2:CancelConversionTask",
2090
+ "ec2:CancelExportTask",
2091
+ "ec2:CreateImage",
2092
+ "ec2:CreateInstanceExportTask",
2093
+ "ec2:CreateTags",
2094
+ "ec2:CreateVolume",
2095
+ "ec2:DeleteTags",
2096
+ "ec2:DeleteVolume",
2097
+ "ec2:DescribeConversionTasks",
2098
+ "ec2:DescribeExportTasks",
2099
+ "ec2:DescribeImages",
2100
+ "ec2:DescribeInstanceAttribute",
2101
+ "ec2:DescribeInstanceStatus",
2102
+ "ec2:DescribeInstances",
2103
+ "ec2:DescribeRegions",
2104
+ "ec2:DescribeTags",
2105
+ "ec2:DetachVolume",
2106
+ "ec2:ImportInstance",
2107
+ "ec2:ImportVolume",
2108
+ "ec2:ModifyInstanceAttribute",
2109
+ "ec2:RunInstances",
2110
+ "ec2:StartInstances",
2111
+ "ec2:StopInstances",
2112
+ "ec2:TerminateInstances"
2113
+ ],
2114
+ "Resource": "*"
2115
+ },
2116
+ {
2117
+ "Effect": "Allow",
2118
+ "Action": [
2119
+ "SNS:Publish"
2120
+ ],
2121
+ "Resource": "arn:aws:sns:*:*:metrics-sns-topic-for-*"
2122
+ }
2123
+ ]
2124
+ }
2125
+ },
2126
+ "arn:aws:iam::aws:policy/AmazonSSMFullAccess": {
2127
+ "VersionId": "v1",
2128
+ "IsDefaultVersion": true,
2129
+ "Document": {
2130
+ "Version": "2012-10-17",
2131
+ "Statement": [
2132
+ {
2133
+ "Effect": "Allow",
2134
+ "Action": [
2135
+ "cloudwatch:PutMetricData",
2136
+ "ds:CreateComputer",
2137
+ "ds:DescribeDirectories",
2138
+ "ec2:DescribeInstanceStatus",
2139
+ "logs:*",
2140
+ "ssm:*"
2141
+ ],
2142
+ "Resource": "*"
2143
+ }
2144
+ ]
2145
+ }
2146
+ },
2147
+ "arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess": {
2148
+ "VersionId": "v1",
2149
+ "IsDefaultVersion": true,
2150
+ "Document": {
2151
+ "Version": "2012-10-17",
2152
+ "Statement": [
2153
+ {
2154
+ "Effect": "Allow",
2155
+ "Action": [
2156
+ "ec2:Describe*",
2157
+ "elasticloadbalancing:*",
2158
+ "ecs:*",
2159
+ "iam:ListInstanceProfiles",
2160
+ "iam:ListRoles",
2161
+ "iam:PassRole"
2162
+ ],
2163
+ "Resource": "*"
2164
+ }
2165
+ ]
2166
+ }
2167
+ },
2168
+ "arn:aws:iam::aws:policy/AmazonCognitoReadOnly": {
2169
+ "VersionId": "v1",
2170
+ "IsDefaultVersion": true,
2171
+ "Document": {
2172
+ "Version": "2012-10-17",
2173
+ "Statement": [
2174
+ {
2175
+ "Effect": "Allow",
2176
+ "Action": [
2177
+ "cognito-identity:Describe*",
2178
+ "cognito-identity:Get*",
2179
+ "cognito-identity:List*",
2180
+ "cognito-sync:Describe*",
2181
+ "cognito-sync:Get*",
2182
+ "cognito-sync:List*",
2183
+ "iam:ListOpenIdConnectProviders",
2184
+ "iam:ListRoles",
2185
+ "sns:ListPlatformApplications"
2186
+ ],
2187
+ "Resource": "*"
2188
+ }
2189
+ ]
2190
+ }
2191
+ },
2192
+ "arn:aws:iam::aws:policy/AmazonVPCFullAccess": {
2193
+ "VersionId": "v3",
2194
+ "IsDefaultVersion": true,
2195
+ "Document": {
2196
+ "Version": "2012-10-17",
2197
+ "Statement": [
2198
+ {
2199
+ "Effect": "Allow",
2200
+ "Action": [
2201
+ "ec2:AcceptVpcPeeringConnection",
2202
+ "ec2:AllocateAddress",
2203
+ "ec2:AssociateAddress",
2204
+ "ec2:AssociateDhcpOptions",
2205
+ "ec2:AssociateRouteTable",
2206
+ "ec2:AttachClassicLinkVpc",
2207
+ "ec2:AttachInternetGateway",
2208
+ "ec2:AttachVpnGateway",
2209
+ "ec2:AuthorizeSecurityGroupEgress",
2210
+ "ec2:AuthorizeSecurityGroupIngress",
2211
+ "ec2:CreateCustomerGateway",
2212
+ "ec2:CreateDhcpOptions",
2213
+ "ec2:CreateInternetGateway",
2214
+ "ec2:CreateNetworkAcl",
2215
+ "ec2:CreateNetworkAclEntry",
2216
+ "ec2:CreateRoute",
2217
+ "ec2:CreateRouteTable",
2218
+ "ec2:CreateSecurityGroup",
2219
+ "ec2:CreateSubnet",
2220
+ "ec2:CreateTags",
2221
+ "ec2:CreateVpc",
2222
+ "ec2:CreateVpcEndpoint",
2223
+ "ec2:CreateVpcPeeringConnection",
2224
+ "ec2:CreateVpnConnection",
2225
+ "ec2:CreateVpnConnectionRoute",
2226
+ "ec2:CreateVpnGateway",
2227
+ "ec2:DeleteCustomerGateway",
2228
+ "ec2:DeleteDhcpOptions",
2229
+ "ec2:DeleteInternetGateway",
2230
+ "ec2:DeleteNetworkAcl",
2231
+ "ec2:DeleteNetworkAclEntry",
2232
+ "ec2:DeleteRoute",
2233
+ "ec2:DeleteRouteTable",
2234
+ "ec2:DeleteSecurityGroup",
2235
+ "ec2:DeleteSubnet",
2236
+ "ec2:DeleteTags",
2237
+ "ec2:DeleteVpc",
2238
+ "ec2:DeleteVpcEndpoints",
2239
+ "ec2:DeleteVpcPeeringConnection",
2240
+ "ec2:DeleteVpnConnection",
2241
+ "ec2:DeleteVpnGateway",
2242
+ "ec2:DescribeAddresses",
2243
+ "ec2:DescribeAvailabilityZones",
2244
+ "ec2:DescribeCustomerGateways",
2245
+ "ec2:DescribeDhcpOptions",
2246
+ "ec2:DescribeInstances",
2247
+ "ec2:DescribeInternetGateways",
2248
+ "ec2:DescribeKeyPairs",
2249
+ "ec2:DescribeNetworkAcls",
2250
+ "ec2:DescribeNetworkInterfaces",
2251
+ "ec2:DescribePrefixLists",
2252
+ "ec2:DescribeRouteTables",
2253
+ "ec2:DescribeSecurityGroups",
2254
+ "ec2:DescribeSubnets",
2255
+ "ec2:DescribeTags",
2256
+ "ec2:DescribeVpcAttribute",
2257
+ "ec2:DescribeVpcClassicLink",
2258
+ "ec2:DescribeVpcEndpoints",
2259
+ "ec2:DescribeVpcEndpointServices",
2260
+ "ec2:DescribeVpcPeeringConnections",
2261
+ "ec2:DescribeVpcs",
2262
+ "ec2:DescribeVpnConnections",
2263
+ "ec2:DescribeVpnGateways",
2264
+ "ec2:DetachClassicLinkVpc",
2265
+ "ec2:DetachInternetGateway",
2266
+ "ec2:DetachVpnGateway",
2267
+ "ec2:DisableVpcClassicLink",
2268
+ "ec2:DisableVgwRoutePropagation",
2269
+ "ec2:DisassociateAddress",
2270
+ "ec2:DisassociateRouteTable",
2271
+ "ec2:EnableVpcClassicLink",
2272
+ "ec2:EnableVgwRoutePropagation",
2273
+ "ec2:ModifySubnetAttribute",
2274
+ "ec2:ModifyVpcAttribute",
2275
+ "ec2:ModifyVpcEndpoint",
2276
+ "ec2:RejectVpcPeeringConnection",
2277
+ "ec2:ReleaseAddress",
2278
+ "ec2:ReplaceNetworkAclAssociation",
2279
+ "ec2:ReplaceNetworkAclEntry",
2280
+ "ec2:ReplaceRouteTableAssociation",
2281
+ "ec2:RevokeSecurityGroupEgress",
2282
+ "ec2:RevokeSecurityGroupIngress"
2283
+ ],
2284
+ "Resource": "*"
2285
+ }
2286
+ ]
2287
+ }
2288
+ },
2289
+ "arn:aws:iam::aws:policy/AWSImportExportFullAccess": {
2290
+ "VersionId": "v1",
2291
+ "IsDefaultVersion": true,
2292
+ "Document": {
2293
+ "Version": "2012-10-17",
2294
+ "Statement": [
2295
+ {
2296
+ "Effect": "Allow",
2297
+ "Action": [
2298
+ "importexport:*"
2299
+ ],
2300
+ "Resource": "*"
2301
+ }
2302
+ ]
2303
+ }
2304
+ },
2305
+ "arn:aws:iam::aws:policy/AmazonMachineLearningCreateOnlyAccess": {
2306
+ "VersionId": "v1",
2307
+ "IsDefaultVersion": true,
2308
+ "Document": {
2309
+ "Version": "2012-10-17",
2310
+ "Statement": [
2311
+ {
2312
+ "Effect": "Allow",
2313
+ "Action": [
2314
+ "machinelearning:Create*",
2315
+ "machinelearning:Delete*",
2316
+ "machinelearning:Describe*",
2317
+ "machinelearning:Get*"
2318
+ ],
2319
+ "Resource": "*"
2320
+ }
2321
+ ]
2322
+ }
2323
+ },
2324
+ "arn:aws:iam::aws:policy/AWSCloudTrailReadOnlyAccess": {
2325
+ "VersionId": "v2",
2326
+ "IsDefaultVersion": true,
2327
+ "Document": {
2328
+ "Version": "2012-10-17",
2329
+ "Statement": [
2330
+ {
2331
+ "Effect": "Allow",
2332
+ "Action": [
2333
+ "s3:GetObject"
2334
+ ],
2335
+ "Resource": "arn:aws:s3:::*"
2336
+ },
2337
+ {
2338
+ "Effect": "Allow",
2339
+ "Action": [
2340
+ "cloudtrail:GetTrailStatus",
2341
+ "cloudtrail:DescribeTrails",
2342
+ "cloudtrail:LookupEvents",
2343
+ "s3:ListAllMyBuckets"
2344
+ ],
2345
+ "Resource": "*"
2346
+ }
2347
+ ]
2348
+ }
2349
+ },
2350
+ "arn:aws:iam::aws:policy/AWSLambdaExecute": {
2351
+ "VersionId": "v1",
2352
+ "IsDefaultVersion": true,
2353
+ "Document": {
2354
+ "Version": "2012-10-17",
2355
+ "Statement": [
2356
+ {
2357
+ "Effect": "Allow",
2358
+ "Action": [
2359
+ "logs:*"
2360
+ ],
2361
+ "Resource": "arn:aws:logs:*:*:*"
2362
+ },
2363
+ {
2364
+ "Effect": "Allow",
2365
+ "Action": [
2366
+ "s3:GetObject",
2367
+ "s3:PutObject"
2368
+ ],
2369
+ "Resource": "arn:aws:s3:::*"
2370
+ }
2371
+ ]
2372
+ }
2373
+ },
2374
+ "arn:aws:iam::aws:policy/AWSStorageGatewayFullAccess": {
2375
+ "VersionId": "v1",
2376
+ "IsDefaultVersion": true,
2377
+ "Document": {
2378
+ "Version": "2012-10-17",
2379
+ "Statement": [
2380
+ {
2381
+ "Effect": "Allow",
2382
+ "Action": [
2383
+ "storagegateway:*"
2384
+ ],
2385
+ "Resource": "*"
2386
+ },
2387
+ {
2388
+ "Effect": "Allow",
2389
+ "Action": [
2390
+ "ec2:DescribeSnapshots",
2391
+ "ec2:DeleteSnapshot"
2392
+ ],
2393
+ "Resource": "*"
2394
+ }
2395
+ ]
2396
+ }
2397
+ },
2398
+ "arn:aws:iam::aws:policy/AmazonElasticTranscoderReadOnlyAccess": {
2399
+ "VersionId": "v1",
2400
+ "IsDefaultVersion": true,
2401
+ "Document": {
2402
+ "Version": "2012-10-17",
2403
+ "Statement": [
2404
+ {
2405
+ "Action": [
2406
+ "elastictranscoder:Read*",
2407
+ "elastictranscoder:List*",
2408
+ "s3:List*",
2409
+ "iam:List*",
2410
+ "sns:List*"
2411
+ ],
2412
+ "Effect": "Allow",
2413
+ "Resource": "*"
2414
+ }
2415
+ ]
2416
+ }
2417
+ },
2418
+ "arn:aws:iam::aws:policy/AmazonWorkMailReadOnlyAccess": {
2419
+ "VersionId": "v1",
2420
+ "IsDefaultVersion": true,
2421
+ "Document": {
2422
+ "Version": "2012-10-17",
2423
+ "Statement": [
2424
+ {
2425
+ "Effect": "Allow",
2426
+ "Action": [
2427
+ "ses:Describe*",
2428
+ "ses:Get*",
2429
+ "workmail:Describe*",
2430
+ "workmail:Get*",
2431
+ "workmail:List*",
2432
+ "workmail:Search*"
2433
+ ],
2434
+ "Resource": "*"
2435
+ }
2436
+ ]
2437
+ }
2438
+ },
2439
+ "arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole": {
2440
+ "VersionId": "v1",
2441
+ "IsDefaultVersion": true,
2442
+ "Document": {
2443
+ "Version": "2012-10-17",
2444
+ "Statement": [
2445
+ {
2446
+ "Effect": "Allow",
2447
+ "Action": [
2448
+ "kinesis:DescribeStream",
2449
+ "kinesis:GetRecords",
2450
+ "kinesis:GetShardIterator",
2451
+ "kinesis:ListStreams",
2452
+ "logs:CreateLogGroup",
2453
+ "logs:CreateLogStream",
2454
+ "logs:PutLogEvents"
2455
+ ],
2456
+ "Resource": "*"
2457
+ }
2458
+ ]
2459
+ }
2460
+ },
2461
+ "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorReadOnlyAccess": {
2462
+ "VersionId": "v1",
2463
+ "IsDefaultVersion": true,
2464
+ "Document": {
2465
+ "Version": "2012-10-17",
2466
+ "Statement": [
2467
+ {
2468
+ "Effect": "Allow",
2469
+ "Action": [
2470
+ "tag:getResources",
2471
+ "tag:getTagKeys",
2472
+ "tag:getTagValues"
2473
+ ],
2474
+ "Resource": "*"
2475
+ }
2476
+ ]
2477
+ }
2478
+ },
2479
+ "arn:aws:iam::aws:policy/AmazonMachineLearningManageRealTimeEndpointOnlyAccess": {
2480
+ "VersionId": "v1",
2481
+ "IsDefaultVersion": true,
2482
+ "Document": {
2483
+ "Version": "2012-10-17",
2484
+ "Statement": [
2485
+ {
2486
+ "Effect": "Allow",
2487
+ "Action": [
2488
+ "machinelearning:CreateRealtimeEndpoint",
2489
+ "machinelearning:DeleteRealtimeEndpoint"
2490
+ ],
2491
+ "Resource": "*"
2492
+ }
2493
+ ]
2494
+ }
2495
+ },
2496
+ "arn:aws:iam::aws:policy/CloudFrontReadOnlyAccess": {
2497
+ "VersionId": "v2",
2498
+ "IsDefaultVersion": true,
2499
+ "Document": {
2500
+ "Version": "2012-10-17",
2501
+ "Statement": [
2502
+ {
2503
+ "Action": [
2504
+ "cloudfront:Get*",
2505
+ "cloudfront:List*",
2506
+ "iam:ListServerCertificates",
2507
+ "route53:List*"
2508
+ ],
2509
+ "Effect": "Allow",
2510
+ "Resource": "*"
2511
+ }
2512
+ ]
2513
+ }
2514
+ },
2515
+ "arn:aws:iam::aws:policy/service-role/AmazonSNSRole": {
2516
+ "VersionId": "v1",
2517
+ "IsDefaultVersion": true,
2518
+ "Document": {
2519
+ "Version": "2012-10-17",
2520
+ "Statement": [
2521
+ {
2522
+ "Effect": "Allow",
2523
+ "Action": [
2524
+ "logs:CreateLogGroup",
2525
+ "logs:CreateLogStream",
2526
+ "logs:PutLogEvents",
2527
+ "logs:PutMetricFilter",
2528
+ "logs:PutRetentionPolicy"
2529
+ ],
2530
+ "Resource": [
2531
+ "*"
2532
+ ]
2533
+ }
2534
+ ]
2535
+ }
2536
+ },
2537
+ "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFinancialReportAccess": {
2538
+ "VersionId": "v1",
2539
+ "IsDefaultVersion": true,
2540
+ "Document": {
2541
+ "Version": "2012-10-17",
2542
+ "Statement": [
2543
+ {
2544
+ "Effect": "Allow",
2545
+ "Action": [
2546
+ "mobileanalytics:GetReports",
2547
+ "mobileanalytics:GetFinancialReports"
2548
+ ],
2549
+ "Resource": "*"
2550
+ }
2551
+ ]
2552
+ }
2553
+ },
2554
+ "arn:aws:iam::aws:policy/IAMReadOnlyAccess": {
2555
+ "VersionId": "v2",
2556
+ "IsDefaultVersion": true,
2557
+ "Document": {
2558
+ "Version": "2012-10-17",
2559
+ "Statement": [
2560
+ {
2561
+ "Effect": "Allow",
2562
+ "Action": [
2563
+ "iam:GenerateCredentialReport",
2564
+ "iam:Get*",
2565
+ "iam:List*"
2566
+ ],
2567
+ "Resource": "*"
2568
+ }
2569
+ ]
2570
+ }
2571
+ },
2572
+ "arn:aws:iam::aws:policy/AmazonRDSReadOnlyAccess": {
2573
+ "VersionId": "v1",
2574
+ "IsDefaultVersion": true,
2575
+ "Document": {
2576
+ "Version": "2012-10-17",
2577
+ "Statement": [
2578
+ {
2579
+ "Action": [
2580
+ "rds:Describe*",
2581
+ "rds:ListTagsForResource",
2582
+ "ec2:DescribeAccountAttributes",
2583
+ "ec2:DescribeAvailabilityZones",
2584
+ "ec2:DescribeSecurityGroups",
2585
+ "ec2:DescribeVpcs"
2586
+ ],
2587
+ "Effect": "Allow",
2588
+ "Resource": "*"
2589
+ },
2590
+ {
2591
+ "Action": [
2592
+ "cloudwatch:GetMetricStatistics"
2593
+ ],
2594
+ "Effect": "Allow",
2595
+ "Resource": "*"
2596
+ }
2597
+ ]
2598
+ }
2599
+ },
2600
+ "arn:aws:iam::aws:policy/AmazonCognitoPowerUser": {
2601
+ "VersionId": "v1",
2602
+ "IsDefaultVersion": true,
2603
+ "Document": {
2604
+ "Version": "2012-10-17",
2605
+ "Statement": [
2606
+ {
2607
+ "Effect": "Allow",
2608
+ "Action": [
2609
+ "cognito-identity:*",
2610
+ "cognito-sync:*",
2611
+ "iam:ListRoles",
2612
+ "iam:ListOpenIdConnectProviders",
2613
+ "sns:ListPlatformApplications"
2614
+ ],
2615
+ "Resource": "*"
2616
+ }
2617
+ ]
2618
+ }
2619
+ },
2620
+ "arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess": {
2621
+ "VersionId": "v1",
2622
+ "IsDefaultVersion": true,
2623
+ "Document": {
2624
+ "Version": "2012-10-17",
2625
+ "Statement": [
2626
+ {
2627
+ "Action": [
2628
+ "ec2:CreateNetworkInterface",
2629
+ "ec2:DeleteNetworkInterface",
2630
+ "ec2:DescribeAvailabilityZones",
2631
+ "ec2:DescribeNetworkInterfaceAttribute",
2632
+ "ec2:DescribeNetworkInterfaces",
2633
+ "ec2:DescribeSecurityGroups",
2634
+ "ec2:DescribeSubnets",
2635
+ "ec2:DescribeVpcs",
2636
+ "ec2:ModifyNetworkInterfaceAttribute",
2637
+ "elasticfilesystem:*"
2638
+ ],
2639
+ "Effect": "Allow",
2640
+ "Resource": "*"
2641
+ }
2642
+ ]
2643
+ }
2644
+ },
2645
+ "arn:aws:iam::aws:policy/AmazonZocaloFullAccess": {
2646
+ "VersionId": "v1",
2647
+ "IsDefaultVersion": true,
2648
+ "Document": {
2649
+ "Version": "2012-10-17",
2650
+ "Statement": [
2651
+ {
2652
+ "Effect": "Allow",
2653
+ "Action": [
2654
+ "zocalo:*",
2655
+ "ds:*",
2656
+ "ec2:AuthorizeSecurityGroupEgress",
2657
+ "ec2:AuthorizeSecurityGroupIngress",
2658
+ "ec2:CreateNetworkInterface",
2659
+ "ec2:CreateSecurityGroup",
2660
+ "ec2:CreateSubnet",
2661
+ "ec2:CreateTags",
2662
+ "ec2:CreateVpc",
2663
+ "ec2:DescribeAvailabilityZones",
2664
+ "ec2:DescribeNetworkInterfaces",
2665
+ "ec2:DescribeSubnets",
2666
+ "ec2:DescribeVpcs",
2667
+ "ec2:DeleteNetworkInterface",
2668
+ "ec2:DeleteSecurityGroup",
2669
+ "ec2:RevokeSecurityGroupEgress",
2670
+ "ec2:RevokeSecurityGroupIngress"
2671
+ ],
2672
+ "Resource": "*"
2673
+ }
2674
+ ]
2675
+ }
2676
+ },
2677
+ "arn:aws:iam::aws:policy/AWSLambdaReadOnlyAccess": {
2678
+ "VersionId": "v2",
2679
+ "IsDefaultVersion": true,
2680
+ "Document": {
2681
+ "Version": "2012-10-17",
2682
+ "Statement": [
2683
+ {
2684
+ "Effect": "Allow",
2685
+ "Action": [
2686
+ "cloudwatch:Describe*",
2687
+ "cloudwatch:Get*",
2688
+ "cloudwatch:List*",
2689
+ "cognito-identity:ListIdentityPools",
2690
+ "cognito-sync:GetCognitoEvents",
2691
+ "dynamodb:BatchGetItem",
2692
+ "dynamodb:DescribeStream",
2693
+ "dynamodb:DescribeTable",
2694
+ "dynamodb:GetItem",
2695
+ "dynamodb:ListStreams",
2696
+ "dynamodb:ListTables",
2697
+ "dynamodb:Query",
2698
+ "dynamodb:Scan",
2699
+ "iam:ListRoles",
2700
+ "kinesis:DescribeStream",
2701
+ "kinesis:ListStreams",
2702
+ "lambda:List*",
2703
+ "lambda:Get*",
2704
+ "logs:DescribeMetricFilters",
2705
+ "logs:GetLogEvents",
2706
+ "logs:DescribeLogGroups",
2707
+ "logs:DescribeLogStreams",
2708
+ "s3:Get*",
2709
+ "s3:List*",
2710
+ "sns:ListTopics",
2711
+ "sns:ListSubscriptions",
2712
+ "sns:ListSubscriptionsByTopic"
2713
+ ],
2714
+ "Resource": "*"
2715
+ }
2716
+ ]
2717
+ }
2718
+ },
2719
+ "arn:aws:iam::aws:policy/AWSAccountUsageReportAccess": {
2720
+ "VersionId": "v1",
2721
+ "IsDefaultVersion": true,
2722
+ "Document": {
2723
+ "Version": "2012-10-17",
2724
+ "Statement": [
2725
+ {
2726
+ "Effect": "Allow",
2727
+ "Action": [
2728
+ "aws-portal:ViewUsage"
2729
+ ],
2730
+ "Resource": "*"
2731
+ }
2732
+ ]
2733
+ }
2734
+ },
2735
+ "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role": {
2736
+ "VersionId": "v1",
2737
+ "IsDefaultVersion": true,
2738
+ "Document": {
2739
+ "Version": "2012-10-17",
2740
+ "Statement": [
2741
+ {
2742
+ "Effect": "Allow",
2743
+ "Action": [
2744
+ "ecs:CreateCluster",
2745
+ "ecs:DeregisterContainerInstance",
2746
+ "ecs:DiscoverPollEndpoint",
2747
+ "ecs:Poll",
2748
+ "ecs:RegisterContainerInstance",
2749
+ "ecs:Submit*"
2750
+ ],
2751
+ "Resource": "*"
2752
+ }
2753
+ ]
2754
+ }
2755
+ },
2756
+ "arn:aws:iam::aws:policy/AmazonAppStreamFullAccess": {
2757
+ "VersionId": "v1",
2758
+ "IsDefaultVersion": true,
2759
+ "Document": {
2760
+ "Version": "2012-10-17",
2761
+ "Statement": [
2762
+ {
2763
+ "Action": [
2764
+ "appstream:*"
2765
+ ],
2766
+ "Effect": "Allow",
2767
+ "Resource": "*"
2768
+ }
2769
+ ]
2770
+ }
2771
+ },
2772
+ "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess": {
2773
+ "VersionId": "v1",
2774
+ "IsDefaultVersion": true,
2775
+ "Document": {
2776
+ "Version": "2012-10-17",
2777
+ "Statement": [
2778
+ {
2779
+ "Action": [
2780
+ "autoscaling:Describe*",
2781
+ "cloudwatch:Describe*",
2782
+ "cloudwatch:Get*",
2783
+ "cloudwatch:List*",
2784
+ "logs:Get*",
2785
+ "logs:Describe*",
2786
+ "logs:TestMetricFilter",
2787
+ "sns:Get*",
2788
+ "sns:List*"
2789
+ ],
2790
+ "Effect": "Allow",
2791
+ "Resource": "*"
2792
+ }
2793
+ ]
2794
+ }
2795
+ },
2796
+ "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole": {
2797
+ "VersionId": "v1",
2798
+ "IsDefaultVersion": true,
2799
+ "Document": {
2800
+ "Version": "2012-10-17",
2801
+ "Statement": [
2802
+ {
2803
+ "Effect": "Allow",
2804
+ "Action": [
2805
+ "logs:CreateLogGroup",
2806
+ "logs:CreateLogStream",
2807
+ "logs:PutLogEvents"
2808
+ ],
2809
+ "Resource": "*"
2810
+ }
2811
+ ]
2812
+ }
2813
+ },
2814
+ "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorFullAccess": {
2815
+ "VersionId": "v1",
2816
+ "IsDefaultVersion": true,
2817
+ "Document": {
2818
+ "Version": "2012-10-17",
2819
+ "Statement": [
2820
+ {
2821
+ "Effect": "Allow",
2822
+ "Action": [
2823
+ "tag:getResources",
2824
+ "tag:getTagKeys",
2825
+ "tag:getTagValues",
2826
+ "tag:addResourceTags",
2827
+ "tag:removeResourceTags"
2828
+ ],
2829
+ "Resource": "*"
2830
+ }
2831
+ ]
2832
+ }
2833
+ },
2834
+ "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser": {
2835
+ "VersionId": "v1",
2836
+ "IsDefaultVersion": true,
2837
+ "Document": {
2838
+ "Version": "2012-10-17",
2839
+ "Statement": [
2840
+ {
2841
+ "Effect": "Allow",
2842
+ "Action": [
2843
+ "kms:CreateAlias",
2844
+ "kms:CreateKey",
2845
+ "kms:DeleteAlias",
2846
+ "kms:Describe*",
2847
+ "kms:GenerateRandom",
2848
+ "kms:Get*",
2849
+ "kms:List*",
2850
+ "iam:ListGroups",
2851
+ "iam:ListRoles",
2852
+ "iam:ListUsers"
2853
+ ],
2854
+ "Resource": "*"
2855
+ }
2856
+ ]
2857
+ }
2858
+ },
2859
+ "arn:aws:iam::aws:policy/AWSImportExportReadOnlyAccess": {
2860
+ "VersionId": "v1",
2861
+ "IsDefaultVersion": true,
2862
+ "Document": {
2863
+ "Version": "2012-10-17",
2864
+ "Statement": [
2865
+ {
2866
+ "Effect": "Allow",
2867
+ "Action": [
2868
+ "importexport:ListJobs",
2869
+ "importexport:GetStatus"
2870
+ ],
2871
+ "Resource": "*"
2872
+ }
2873
+ ]
2874
+ }
2875
+ },
2876
+ "arn:aws:iam::aws:policy/service-role/AmazonElasticTranscoderRole": {
2877
+ "VersionId": "v1",
2878
+ "IsDefaultVersion": true,
2879
+ "Document": {
2880
+ "Version": "2012-10-17",
2881
+ "Statement": [
2882
+ {
2883
+ "Sid": "1",
2884
+ "Effect": "Allow",
2885
+ "Action": [
2886
+ "s3:ListBucket",
2887
+ "s3:Put*",
2888
+ "s3:Get*",
2889
+ "s3:*MultipartUpload*"
2890
+ ],
2891
+ "Resource": [
2892
+ "*"
2893
+ ]
2894
+ },
2895
+ {
2896
+ "Sid": "2",
2897
+ "Effect": "Allow",
2898
+ "Action": [
2899
+ "sns:Publish"
2900
+ ],
2901
+ "Resource": [
2902
+ "*"
2903
+ ]
2904
+ },
2905
+ {
2906
+ "Sid": "3",
2907
+ "Effect": "Deny",
2908
+ "Action": [
2909
+ "s3:*Policy*",
2910
+ "sns:*Permission*",
2911
+ "sns:*Delete*",
2912
+ "s3:*Delete*",
2913
+ "sns:*Remove*"
2914
+ ],
2915
+ "Resource": [
2916
+ "*"
2917
+ ]
2918
+ }
2919
+ ]
2920
+ }
2921
+ },
2922
+ "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole": {
2923
+ "VersionId": "v1",
2924
+ "IsDefaultVersion": true,
2925
+ "Document": {
2926
+ "Version": "2012-10-17",
2927
+ "Statement": [
2928
+ {
2929
+ "Effect": "Allow",
2930
+ "Action": [
2931
+ "ec2:AuthorizeSecurityGroupIngress",
2932
+ "ec2:Describe*",
2933
+ "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
2934
+ "elasticloadbalancing:Describe*",
2935
+ "elasticloadbalancing:RegisterInstancesWithLoadBalancer"
2936
+ ],
2937
+ "Resource": "*"
2938
+ }
2939
+ ]
2940
+ }
2941
+ },
2942
+ "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess": {
2943
+ "VersionId": "v1",
2944
+ "IsDefaultVersion": true,
2945
+ "Document": {
2946
+ "Version": "2012-10-17",
2947
+ "Statement": [
2948
+ {
2949
+ "Effect": "Allow",
2950
+ "Action": [
2951
+ "ssm:Describe*",
2952
+ "ssm:Get*",
2953
+ "ssm:List*"
2954
+ ],
2955
+ "Resource": "*"
2956
+ }
2957
+ ]
2958
+ }
2959
+ },
2960
+ "arn:aws:iam::aws:policy/AWSMarketplaceRead-only": {
2961
+ "VersionId": "v1",
2962
+ "IsDefaultVersion": true,
2963
+ "Document": {
2964
+ "Version": "2012-10-17",
2965
+ "Statement": [
2966
+ {
2967
+ "Action": [
2968
+ "aws-marketplace:ViewSubscriptions",
2969
+ "ec2:DescribeAccountAttributes",
2970
+ "ec2:DescribeAddresses",
2971
+ "ec2:DescribeImages",
2972
+ "ec2:DescribeInstances",
2973
+ "ec2:DescribeKeyPairs",
2974
+ "ec2:DescribeSecurityGroups",
2975
+ "ec2:DescribeSubnets",
2976
+ "ec2:DescribeVpcs"
2977
+ ],
2978
+ "Effect": "Allow",
2979
+ "Resource": "*"
2980
+ }
2981
+ ]
2982
+ }
2983
+ },
2984
+ "arn:aws:iam::aws:policy/AmazonWorkSpacesApplicationManagerAdminAccess": {
2985
+ "VersionId": "v1",
2986
+ "IsDefaultVersion": true,
2987
+ "Document": {
2988
+ "Version": "2012-10-17",
2989
+ "Statement": [
2990
+ {
2991
+ "Effect": "Allow",
2992
+ "Action": "wam:AuthenticatePackager",
2993
+ "Resource": "*"
2994
+ }
2995
+ ]
2996
+ }
2997
+ },
2998
+ "arn:aws:iam::aws:policy/AWSDirectConnectFullAccess": {
2999
+ "VersionId": "v1",
3000
+ "IsDefaultVersion": true,
3001
+ "Document": {
3002
+ "Version": "2012-10-17",
3003
+ "Statement": [
3004
+ {
3005
+ "Effect": "Allow",
3006
+ "Action": [
3007
+ "directconnect:*"
3008
+ ],
3009
+ "Resource": "*"
3010
+ }
3011
+ ]
3012
+ }
3013
+ },
3014
+ "arn:aws:iam::aws:policy/AWSAccountActivityAccess": {
3015
+ "VersionId": "v1",
3016
+ "IsDefaultVersion": true,
3017
+ "Document": {
3018
+ "Version": "2012-10-17",
3019
+ "Statement": [
3020
+ {
3021
+ "Effect": "Allow",
3022
+ "Action": [
3023
+ "aws-portal:ViewBilling"
3024
+ ],
3025
+ "Resource": "*"
3026
+ }
3027
+ ]
3028
+ }
3029
+ },
3030
+ "arn:aws:iam::aws:policy/AmazonGlacierFullAccess": {
3031
+ "VersionId": "v1",
3032
+ "IsDefaultVersion": true,
3033
+ "Document": {
3034
+ "Version": "2012-10-17",
3035
+ "Statement": [
3036
+ {
3037
+ "Action": "glacier:*",
3038
+ "Effect": "Allow",
3039
+ "Resource": "*"
3040
+ }
3041
+ ]
3042
+ }
3043
+ },
3044
+ "arn:aws:iam::aws:policy/AmazonWorkMailFullAccess": {
3045
+ "VersionId": "v2",
3046
+ "IsDefaultVersion": true,
3047
+ "Document": {
3048
+ "Version": "2012-10-17",
3049
+ "Statement": [
3050
+ {
3051
+ "Effect": "Allow",
3052
+ "Action": [
3053
+ "ds:AuthorizeApplication",
3054
+ "ds:CheckAlias",
3055
+ "ds:CreateAlias",
3056
+ "ds:CreateDirectory",
3057
+ "ds:CreateDomain",
3058
+ "ds:DeleteAlias",
3059
+ "ds:DeleteDirectory",
3060
+ "ds:DescribeDirectories",
3061
+ "ds:ExtendDirectory",
3062
+ "ds:GetDirectoryLimits",
3063
+ "ds:ListAuthorizedApplications",
3064
+ "ds:UnauthorizeApplication",
3065
+ "ec2:AuthorizeSecurityGroupEgress",
3066
+ "ec2:AuthorizeSecurityGroupIngress",
3067
+ "ec2:CreateNetworkInterface",
3068
+ "ec2:CreateSecurityGroup",
3069
+ "ec2:CreateSubnet",
3070
+ "ec2:CreateTags",
3071
+ "ec2:CreateVpc",
3072
+ "ec2:DeleteSecurityGroup",
3073
+ "ec2:DeleteSubnet",
3074
+ "ec2:DeleteVpc",
3075
+ "ec2:DescribeAvailabilityZones",
3076
+ "ec2:DescribeDomains",
3077
+ "ec2:DescribeRouteTables",
3078
+ "ec2:DescribeSubnets",
3079
+ "ec2:DescribeVpcs",
3080
+ "ec2:RevokeSecurityGroupEgress",
3081
+ "ec2:RevokeSecurityGroupIngress",
3082
+ "kms:DescribeKey",
3083
+ "kms:ListAliases",
3084
+ "ses:*",
3085
+ "workmail:*"
3086
+ ],
3087
+ "Resource": "*"
3088
+ }
3089
+ ]
3090
+ }
3091
+ },
3092
+ "arn:aws:iam::aws:policy/AWSMarketplaceManageSubscriptions": {
3093
+ "VersionId": "v1",
3094
+ "IsDefaultVersion": true,
3095
+ "Document": {
3096
+ "Version": "2012-10-17",
3097
+ "Statement": [
3098
+ {
3099
+ "Action": [
3100
+ "aws-marketplace:ViewSubscriptions",
3101
+ "aws-marketplace:Subscribe",
3102
+ "aws-marketplace:Unsubscribe"
3103
+ ],
3104
+ "Effect": "Allow",
3105
+ "Resource": "*"
3106
+ }
3107
+ ]
3108
+ }
3109
+ },
3110
+ "arn:aws:iam::aws:policy/AWSSupportAccess": {
3111
+ "VersionId": "v1",
3112
+ "IsDefaultVersion": true,
3113
+ "Document": {
3114
+ "Version": "2012-10-17",
3115
+ "Statement": [
3116
+ {
3117
+ "Effect": "Allow",
3118
+ "Action": [
3119
+ "support:*"
3120
+ ],
3121
+ "Resource": "*"
3122
+ }
3123
+ ]
3124
+ }
3125
+ },
3126
+ "arn:aws:iam::aws:policy/AWSLambdaInvocation-DynamoDB": {
3127
+ "VersionId": "v1",
3128
+ "IsDefaultVersion": true,
3129
+ "Document": {
3130
+ "Version": "2012-10-17",
3131
+ "Statement": [
3132
+ {
3133
+ "Effect": "Allow",
3134
+ "Action": [
3135
+ "lambda:InvokeFunction"
3136
+ ],
3137
+ "Resource": "*"
3138
+ },
3139
+ {
3140
+ "Effect": "Allow",
3141
+ "Action": [
3142
+ "dynamodb:DescribeStream",
3143
+ "dynamodb:GetRecords",
3144
+ "dynamodb:GetShardIterator",
3145
+ "dynamodb:ListStreams"
3146
+ ],
3147
+ "Resource": "*"
3148
+ }
3149
+ ]
3150
+ }
3151
+ },
3152
+ "arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess": {
3153
+ "VersionId": "v1",
3154
+ "IsDefaultVersion": true,
3155
+ "Document": {
3156
+ "Version": "2012-10-17",
3157
+ "Statement": [
3158
+ {
3159
+ "Action": [
3160
+ "codedeploy:Batch*",
3161
+ "codedeploy:CreateDeployment",
3162
+ "codedeploy:Get*",
3163
+ "codedeploy:List*",
3164
+ "codedeploy:RegisterApplicationRevision"
3165
+ ],
3166
+ "Effect": "Allow",
3167
+ "Resource": "*"
3168
+ }
3169
+ ]
3170
+ }
3171
+ },
3172
+ "arn:aws:iam::aws:policy/AWSDataPipelinePowerUser": {
3173
+ "VersionId": "v1",
3174
+ "IsDefaultVersion": true,
3175
+ "Document": {
3176
+ "Version": "2012-10-17",
3177
+ "Statement": [
3178
+ {
3179
+ "Action": [
3180
+ "s3:List*",
3181
+ "dynamodb:DescribeTable",
3182
+ "rds:DescribeDBInstances",
3183
+ "rds:DescribeDBSecurityGroups",
3184
+ "redshift:DescribeClusters",
3185
+ "redshift:DescribeClusterSecurityGroups",
3186
+ "sns:ListTopics",
3187
+ "iam:PassRole",
3188
+ "iam:ListRoles",
3189
+ "iam:PutRolePolicy",
3190
+ "iam:GetRolePolicy",
3191
+ "iam:GetInstanceProfiles",
3192
+ "iam:ListInstanceProfiles",
3193
+ "iam:CreateInstanceProfile",
3194
+ "iam:AddRoleToInstanceProfile",
3195
+ "datapipeline:*",
3196
+ "cloudwatch:*"
3197
+ ],
3198
+ "Effect": "Allow",
3199
+ "Resource": [
3200
+ "*"
3201
+ ]
3202
+ }
3203
+ ]
3204
+ }
3205
+ },
3206
+ "arn:aws:iam::aws:policy/AmazonSNSFullAccess": {
3207
+ "VersionId": "v1",
3208
+ "IsDefaultVersion": true,
3209
+ "Document": {
3210
+ "Version": "2012-10-17",
3211
+ "Statement": [
3212
+ {
3213
+ "Action": [
3214
+ "sns:*"
3215
+ ],
3216
+ "Effect": "Allow",
3217
+ "Resource": "*"
3218
+ }
3219
+ ]
3220
+ }
3221
+ },
3222
+ "arn:aws:iam::aws:policy/CloudSearchReadOnlyAccess": {
3223
+ "VersionId": "v1",
3224
+ "IsDefaultVersion": true,
3225
+ "Document": {
3226
+ "Version": "2012-10-17",
3227
+ "Statement": [
3228
+ {
3229
+ "Action": [
3230
+ "cloudsearch:Describe*",
3231
+ "cloudsearch:List*"
3232
+ ],
3233
+ "Effect": "Allow",
3234
+ "Resource": "*"
3235
+ }
3236
+ ]
3237
+ }
3238
+ },
3239
+ "arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess": {
3240
+ "VersionId": "v1",
3241
+ "IsDefaultVersion": true,
3242
+ "Document": {
3243
+ "Version": "2012-10-17",
3244
+ "Statement": [
3245
+ {
3246
+ "Effect": "Allow",
3247
+ "Action": [
3248
+ "cloudformation:DescribeStacks",
3249
+ "cloudformation:DescribeStackEvents",
3250
+ "cloudformation:DescribeStackResource",
3251
+ "cloudformation:DescribeStackResources",
3252
+ "cloudformation:GetTemplate",
3253
+ "cloudformation:List*"
3254
+ ],
3255
+ "Resource": "*"
3256
+ }
3257
+ ]
3258
+ }
3259
+ },
3260
+ "arn:aws:iam::aws:policy/AmazonRoute53FullAccess": {
3261
+ "VersionId": "v1",
3262
+ "IsDefaultVersion": true,
3263
+ "Document": {
3264
+ "Version": "2012-10-17",
3265
+ "Statement": [
3266
+ {
3267
+ "Effect": "Allow",
3268
+ "Action": [
3269
+ "route53:*"
3270
+ ],
3271
+ "Resource": [
3272
+ "*"
3273
+ ]
3274
+ },
3275
+ {
3276
+ "Effect": "Allow",
3277
+ "Action": [
3278
+ "elasticloadbalancing:DescribeLoadBalancers"
3279
+ ],
3280
+ "Resource": [
3281
+ "*"
3282
+ ]
3283
+ }
3284
+ ]
3285
+ }
3286
+ },
3287
+ "arn:aws:iam::aws:policy/service-role/AWSLambdaRole": {
3288
+ "VersionId": "v1",
3289
+ "IsDefaultVersion": true,
3290
+ "Document": {
3291
+ "Version": "2012-10-17",
3292
+ "Statement": [
3293
+ {
3294
+ "Effect": "Allow",
3295
+ "Action": [
3296
+ "lambda:InvokeFunction"
3297
+ ],
3298
+ "Resource": [
3299
+ "*"
3300
+ ]
3301
+ }
3302
+ ]
3303
+ }
3304
+ },
3305
+ "arn:aws:iam::aws:policy/AmazonAppStreamReadOnlyAccess": {
3306
+ "VersionId": "v1",
3307
+ "IsDefaultVersion": true,
3308
+ "Document": {
3309
+ "Version": "2012-10-17",
3310
+ "Statement": [
3311
+ {
3312
+ "Action": [
3313
+ "appstream:Get*"
3314
+ ],
3315
+ "Effect": "Allow",
3316
+ "Resource": "*"
3317
+ }
3318
+ ]
3319
+ }
3320
+ },
3321
+ "arn:aws:iam::aws:policy/PowerUserAccess": {
3322
+ "VersionId": "v1",
3323
+ "IsDefaultVersion": true,
3324
+ "Document": {
3325
+ "Version": "2012-10-17",
3326
+ "Statement": [
3327
+ {
3328
+ "Effect": "Allow",
3329
+ "NotAction": "iam:*",
3330
+ "Resource": "*"
3331
+ }
3332
+ ]
3333
+ }
3334
+ },
3335
+ "arn:aws:iam::aws:policy/AWSDataPipelineFullAccess": {
3336
+ "VersionId": "v1",
3337
+ "IsDefaultVersion": true,
3338
+ "Document": {
3339
+ "Version": "2012-10-17",
3340
+ "Statement": [
3341
+ {
3342
+ "Action": [
3343
+ "s3:List*",
3344
+ "dynamodb:DescribeTable",
3345
+ "rds:DescribeDBInstances",
3346
+ "rds:DescribeDBSecurityGroups",
3347
+ "redshift:DescribeClusters",
3348
+ "redshift:DescribeClusterSecurityGroups",
3349
+ "sns:CreateTopic",
3350
+ "sns:ListTopics",
3351
+ "sns:Subscribe",
3352
+ "iam:PassRole",
3353
+ "iam:ListRoles",
3354
+ "iam:CreateRole",
3355
+ "iam:PutRolePolicy",
3356
+ "iam:GetRolePolicy",
3357
+ "iam:GetInstanceProfiles",
3358
+ "iam:ListInstanceProfiles",
3359
+ "iam:CreateInstanceProfile",
3360
+ "iam:AddRoleToInstanceProfile",
3361
+ "datapipeline:*",
3362
+ "cloudwatch:*"
3363
+ ],
3364
+ "Effect": "Allow",
3365
+ "Resource": [
3366
+ "*"
3367
+ ]
3368
+ }
3369
+ ]
3370
+ }
3371
+ }
3372
+ }