RubyGems - fog-aws - Versions diffs - 0.4.0 → 0.4.1 - Mend

fog-aws 0.4.0 → 0.4.1

Files changed (40) hide show

checksums.yaml +4 -4
data/Gemfile +4 -1
data/lib/fog/aws/dns.rb +1 -1
data/lib/fog/aws/iam.rb +57 -20
data/lib/fog/aws/iam/default_policies.json +1574 -0
data/lib/fog/aws/iam/default_policies.rb +15 -0
data/lib/fog/aws/iam/default_policy_versions.json +3372 -0
data/lib/fog/aws/iam/paged_collection.rb +54 -0
data/lib/fog/aws/models/compute/flavors.rb +95 -35
data/lib/fog/aws/models/elb/load_balancer.rb +9 -10
data/lib/fog/aws/models/elb/policies.rb +24 -9
data/lib/fog/aws/models/elb/policy.rb +9 -10
data/lib/fog/aws/models/iam/group.rb +33 -2
data/lib/fog/aws/models/iam/groups.rb +2 -22
data/lib/fog/aws/models/iam/managed_policies.rb +63 -0
data/lib/fog/aws/models/iam/managed_policy.rb +38 -0
data/lib/fog/aws/models/iam/policies.rb +19 -15
data/lib/fog/aws/models/iam/user.rb +34 -2
data/lib/fog/aws/parsers/iam/list_managed_policies.rb +25 -0
data/lib/fog/aws/parsers/iam/policy_version.rb +33 -0
data/lib/fog/aws/region_methods.rb +1 -1
data/lib/fog/aws/requests/compute/allocate_address.rb +21 -19
data/lib/fog/aws/requests/iam/attach_group_policy.rb +26 -0
data/lib/fog/aws/requests/iam/attach_user_policy.rb +30 -4
data/lib/fog/aws/requests/iam/create_access_key.rb +6 -5
data/lib/fog/aws/requests/iam/detach_group_policy.rb +26 -0
data/lib/fog/aws/requests/iam/detach_user_policy.rb +26 -0
data/lib/fog/aws/requests/iam/get_policy.rb +57 -0
data/lib/fog/aws/requests/iam/get_policy_version.rb +59 -0
data/lib/fog/aws/requests/iam/get_user.rb +7 -0
data/lib/fog/aws/requests/iam/list_attached_group_policies.rb +89 -0
data/lib/fog/aws/requests/iam/list_attached_user_policies.rb +89 -0
data/lib/fog/aws/requests/iam/list_policies.rb +47 -2
data/lib/fog/aws/signaturev4.rb +14 -12
data/lib/fog/aws/version.rb +1 -1
data/tests/models/iam/managed_policies_tests.rb +67 -0
data/tests/models/iam/users_tests.rb +20 -0
data/tests/requests/compute/address_tests.rb +33 -20
data/tests/signaturev4_tests.rb +7 -0
metadata +14 -2

data/lib/fog/aws/iam/default_policies.rb ADDED

@@ -0,0 +1,15 @@
+module Fog
+  module AWS
+    class IAM
+      class Mock
+        def self.default_policies
+          Fog::JSON.decode(File.read(File.expand_path("../default_policies.json", __FILE__)))
+        end
+        def self.default_policy_versions
+          Fog::JSON.decode(File.read(File.expand_path("../default_policy_versions.json", __FILE__)))
+        end
+      end
+    end
+  end
+end

data/lib/fog/aws/iam/default_policy_versions.json ADDED

@@ -0,0 +1,3372 @@
+{
+  "arn:aws:iam::aws:policy/AWSDirectConnectReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "directconnect:Describe*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonGlacierReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "glacier:ListVaults",
+            "glacier:DescribeVault",
+            "glacier:GetVaultNotifications",
+            "glacier:ListJobs",
+            "glacier:DescribeJob",
+            "glacier:GetJobOutput"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSMarketplaceFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "aws-marketplace:*",
+            "cloudformation:CreateStack",
+            "cloudformation:DescribeStackResource",
+            "cloudformation:DescribeStackResources",
+            "cloudformation:DescribeStacks",
+            "cloudformation:List*",
+            "ec2:AuthorizeSecurityGroupEgress",
+            "ec2:AuthorizeSecurityGroupIngress",
+            "ec2:CreateSecurityGroup",
+            "ec2:CreateTags",
+            "ec2:DescribeAccountAttributes",
+            "ec2:DescribeAddresses",
+            "ec2:DeleteSecurityGroup",
+            "ec2:DescribeAccountAttributes",
+            "ec2:DescribeImages",
+            "ec2:DescribeInstances",
+            "ec2:DescribeKeyPairs",
+            "ec2:DescribeSecurityGroups",
+            "ec2:DescribeSubnets",
+            "ec2:DescribeTags",
+            "ec2:DescribeVpcs",
+            "ec2:RunInstances",
+            "ec2:StartInstances",
+            "ec2:StopInstances",
+            "ec2:TerminateInstances"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonRDSFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "rds:*",
+            "cloudwatch:DescribeAlarms",
+            "cloudwatch:GetMetricStatistics",
+            "ec2:DescribeAccountAttributes",
+            "ec2:DescribeAvailabilityZones",
+            "ec2:DescribeSecurityGroups",
+            "ec2:DescribeSubnets",
+            "ec2:DescribeVpcs",
+            "sns:ListSubscriptions",
+            "sns:ListTopics"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonEC2FullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": "ec2:*",
+          "Effect": "Allow",
+          "Resource": "*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": "elasticloadbalancing:*",
+          "Resource": "*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": "cloudwatch:*",
+          "Resource": "*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": "autoscaling:*",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSElasticBeanstalkReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "elasticbeanstalk:Check*",
+            "elasticbeanstalk:Describe*",
+            "elasticbeanstalk:List*",
+            "elasticbeanstalk:RequestEnvironmentInfo",
+            "elasticbeanstalk:RetrieveEnvironmentInfo",
+            "ec2:Describe*",
+            "elasticloadbalancing:Describe*",
+            "autoscaling:Describe*",
+            "cloudwatch:Describe*",
+            "cloudwatch:List*",
+            "cloudwatch:Get*",
+            "s3:Get*",
+            "s3:List*",
+            "sns:Get*",
+            "sns:List*",
+            "cloudformation:Describe*",
+            "cloudformation:Get*",
+            "cloudformation:List*",
+            "cloudformation:Validate*",
+            "cloudformation:Estimate*",
+            "rds:Describe*",
+            "sqs:Get*",
+            "sqs:List*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonSQSFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "sqs:*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSLambdaFullAccess": {
+    "VersionId": "v2",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "cloudwatch:*",
+            "cognito-identity:ListIdentityPools",
+            "cognito-sync:GetCognitoEvents",
+            "cognito-sync:SetCognitoEvents",
+            "dynamodb:*",
+            "iam:ListAttachedRolePolicies",
+            "iam:ListRolePolicies",
+            "iam:ListRoles",
+            "iam:PassRole",
+            "kinesis:DescribeStream",
+            "kinesis:ListStreams",
+            "kinesis:PutRecord",
+            "lambda:*",
+            "logs:*",
+            "s3:*",
+            "sns:ListSubscriptions",
+            "sns:ListSubscriptionsByTopic",
+            "sns:ListTopics",
+            "sns:Subscribe",
+            "sns:Unsubscribe"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "cloudwatch:PutMetricData",
+            "ds:CreateComputer",
+            "ds:DescribeDirectories",
+            "logs:CreateLogGroup",
+            "logs:CreateLogStream",
+            "logs:DescribeLogGroups",
+            "logs:DescribeLogStreams",
+            "logs:PutLogEvents",
+            "ssm:DescribeAssociation",
+            "ssm:GetDocument",
+            "ssm:ListAssociations",
+            "ssm:UpdateAssociationStatus"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/service-role/AWSCloudHSMRole": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "ec2:CreateNetworkInterface",
+            "ec2:CreateTags",
+            "ec2:DeleteNetworkInterface",
+            "ec2:DescribeNetworkInterfaceAttribute",
+            "ec2:DescribeNetworkInterfaces",
+            "ec2:DescribeSubnets",
+            "ec2:DescribeVpcs",
+            "ec2:DetachNetworkInterface"
+          ],
+          "Resource": [
+            "*"
+          ]
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/IAMFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": "iam:*",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonElastiCacheFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": "elasticache:*",
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "s3:GetObject",
+            "s3:GetObjectVersion",
+            "s3:ListObjects"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSOpsWorksFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "opsworks:*",
+            "ec2:DescribeAvailabilityZones",
+            "ec2:DescribeKeyPairs",
+            "ec2:DescribeSecurityGroups",
+            "ec2:DescribeAccountAttributes",
+            "ec2:DescribeAvailabilityZones",
+            "ec2:DescribeSecurityGroups",
+            "ec2:DescribeSubnets",
+            "ec2:DescribeVpcs",
+            "elasticloadbalancing:DescribeInstanceHealth",
+            "elasticloadbalancing:DescribeLoadBalancers",
+            "iam:GetRolePolicy",
+            "iam:ListInstanceProfiles",
+            "iam:ListRoles",
+            "iam:ListUsers",
+            "iam:PassRole"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole": {
+    "VersionId": "v2",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Resource": "*",
+          "Action": [
+            "ec2:AuthorizeSecurityGroupIngress",
+            "ec2:CancelSpotInstanceRequests",
+            "ec2:CreateSecurityGroup",
+            "ec2:CreateTags",
+            "ec2:DeleteTags",
+            "ec2:DescribeAvailabilityZones",
+            "ec2:DescribeAccountAttributes",
+            "ec2:DescribeInstances",
+            "ec2:DescribeInstanceStatus",
+            "ec2:DescribeKeyPairs",
+            "ec2:DescribePrefixLists",
+            "ec2:DescribeRouteTables",
+            "ec2:DescribeSecurityGroups",
+            "ec2:DescribeSpotInstanceRequests",
+            "ec2:DescribeSpotPriceHistory",
+            "ec2:DescribeSubnets",
+            "ec2:DescribeVpcAttribute",
+            "ec2:DescribeVpcEndpoints",
+            "ec2:DescribeVpcEndpointServices",
+            "ec2:DescribeVpcs",
+            "ec2:ModifyImageAttribute",
+            "ec2:ModifyInstanceAttribute",
+            "ec2:RequestSpotInstances",
+            "ec2:RunInstances",
+            "ec2:TerminateInstances",
+            "iam:GetRole",
+            "iam:GetRolePolicy",
+            "iam:ListInstanceProfiles",
+            "iam:ListRolePolicies",
+            "iam:PassRole",
+            "s3:CreateBucket",
+            "s3:Get*",
+            "s3:List*",
+            "sdb:BatchPutAttributes",
+            "sdb:Select",
+            "sqs:CreateQueue",
+            "sqs:Delete*",
+            "sqs:GetQueue*",
+            "sqs:ReceiveMessage"
+          ]
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonRoute53DomainsReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "route53domains:Get*",
+            "route53domains:List*"
+          ],
+          "Resource": [
+            "*"
+          ]
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/service-role/AWSOpsWorksRole": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "cloudwatch:GetMetricStatistics",
+            "ec2:DescribeAccountAttributes",
+            "ec2:DescribeAvailabilityZones",
+            "ec2:DescribeInstances",
+            "ec2:DescribeKeyPairs",
+            "ec2:DescribeSecurityGroups",
+            "ec2:DescribeSubnets",
+            "ec2:DescribeVpcs",
+            "elasticloadbalancing:DescribeInstanceHealth",
+            "elasticloadbalancing:DescribeLoadBalancers",
+            "iam:GetRolePolicy",
+            "iam:ListInstanceProfiles",
+            "iam:ListRoles",
+            "iam:ListUsers",
+            "iam:PassRole",
+            "opsworks:*",
+            "rds:*"
+          ],
+          "Resource": [
+            "*"
+          ]
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/SimpleWorkflowFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "swf:*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonS3FullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": "s3:*",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSStorageGatewayReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "storagegateway:List*",
+            "storagegateway:Describe*"
+          ],
+          "Resource": "*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "ec2:DescribeSnapshots"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role": {
+    "VersionId": "v2",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Resource": "*",
+          "Action": [
+            "cloudwatch:*",
+            "dynamodb:*",
+            "ec2:Describe*",
+            "elasticmapreduce:Describe*",
+            "elasticmapreduce:ListBootstrapActions",
+            "elasticmapreduce:ListClusters",
+            "elasticmapreduce:ListInstanceGroups",
+            "elasticmapreduce:ListInstances",
+            "elasticmapreduce:ListSteps",
+            "kinesis:CreateStream",
+            "kinesis:DeleteStream",
+            "kinesis:DescribeStream",
+            "kinesis:GetRecords",
+            "kinesis:GetShardIterator",
+            "kinesis:MergeShards",
+            "kinesis:PutRecord",
+            "kinesis:SplitShard",
+            "rds:Describe*",
+            "s3:*",
+            "sdb:*",
+            "sns:*",
+            "sqs:*"
+          ]
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonRedshiftReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "redshift:Describe*",
+            "redshift:ViewQueriesInConsole",
+            "ec2:DescribeAccountAttributes",
+            "ec2:DescribeAddresses",
+            "ec2:DescribeAvailabilityZones",
+            "ec2:DescribeSecurityGroups",
+            "ec2:DescribeSubnets",
+            "ec2:DescribeVpcs",
+            "ec2:DescribeInternetGateways",
+            "sns:Get*",
+            "sns:List*",
+            "cloudwatch:Describe*",
+            "cloudwatch:List*",
+            "cloudwatch:Get*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": "ec2:Describe*",
+          "Resource": "*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": "elasticloadbalancing:Describe*",
+          "Resource": "*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "cloudwatch:ListMetrics",
+            "cloudwatch:GetMetricStatistics",
+            "cloudwatch:Describe*"
+          ],
+          "Resource": "*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": "autoscaling:Describe*",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonElasticMapReduceReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "elasticmapreduce:Describe*",
+            "elasticmapreduce:List*",
+            "s3:GetObject",
+            "s3:ListAllMyBuckets",
+            "s3:ListBucket",
+            "sdb:Select",
+            "cloudwatch:GetMetricStatistics"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSDirectoryServiceReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "ds:Check*",
+            "ds:Describe*",
+            "ds:Get*",
+            "ds:List*",
+            "ec2:DescribeNetworkInterfaces",
+            "ec2:DescribeSubnets",
+            "ec2:DescribeVpcs"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonVPCReadOnlyAccess": {
+    "VersionId": "v2",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "ec2:DescribeAddresses",
+            "ec2:DescribeCustomerGateways",
+            "ec2:DescribeDhcpOptions",
+            "ec2:DescribeInternetGateways",
+            "ec2:DescribeNetworkAcls",
+            "ec2:DescribeNetworkInterfaces",
+            "ec2:DescribePrefixLists",
+            "ec2:DescribeRouteTables",
+            "ec2:DescribeSecurityGroups",
+            "ec2:DescribeSubnets",
+            "ec2:DescribeVpcAttribute",
+            "ec2:DescribeVpcEndpoints",
+            "ec2:DescribeVpcEndpointServices",
+            "ec2:DescribeVpcPeeringConnection",
+            "ec2:DescribeVpcs",
+            "ec2:DescribeVpnConnections",
+            "ec2:DescribeVpnGateways"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": "mobileanalytics:*",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/service-role/AWSDataPipelineRole": {
+    "VersionId": "v2",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "cloudwatch:*",
+            "datapipeline:DescribeObjects",
+            "datapipeline:EvaluateExpression",
+            "dynamodb:BatchGetItem",
+            "dynamodb:DescribeTable",
+            "dynamodb:GetItem",
+            "dynamodb:Query",
+            "dynamodb:Scan",
+            "dynamodb:UpdateTable",
+            "ec2:AuthorizeSecurityGroupIngress",
+            "ec2:CancelSpotInstanceRequests",
+            "ec2:CreateSecurityGroup",
+            "ec2:CreateTags",
+            "ec2:DeleteTags",
+            "ec2:Describe*",
+            "ec2:ModifyImageAttribute",
+            "ec2:ModifyInstanceAttribute",
+            "ec2:RequestSpotInstances",
+            "ec2:RunInstances",
+            "ec2:StartInstances",
+            "ec2:StopInstances",
+            "ec2:TerminateInstances",
+            "elasticmapreduce:*",
+            "iam:GetRole",
+            "iam:GetRolePolicy",
+            "iam:ListRolePolicies",
+            "iam:ListInstanceProfiles",
+            "iam:PassRole",
+            "rds:DescribeDBInstances",
+            "rds:DescribeDBSecurityGroups",
+            "redshift:DescribeClusters",
+            "redshift:DescribeClusterSecurityGroups",
+            "s3:CreateBucket",
+            "s3:DeleteObject",
+            "s3:Get*",
+            "s3:List*",
+            "s3:Put*",
+            "sdb:BatchPutAttributes",
+            "sdb:Select*",
+            "sns:GetTopicAttributes",
+            "sns:ListTopics",
+            "sns:Publish",
+            "sns:Subscribe",
+            "sns:Unsubscribe"
+          ],
+          "Resource": [
+            "*"
+          ]
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/CloudWatchFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "autoscaling:Describe*",
+            "cloudwatch:*",
+            "logs:*",
+            "sns:*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/ReadOnlyAccess": {
+    "VersionId": "v2",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "appstream:Get*",
+            "autoscaling:Describe*",
+            "cloudformation:DescribeStacks",
+            "cloudformation:DescribeStackEvents",
+            "cloudformation:DescribeStackResource",
+            "cloudformation:DescribeStackResources",
+            "cloudformation:GetTemplate",
+            "cloudformation:List*",
+            "cloudfront:Get*",
+            "cloudfront:List*",
+            "cloudtrail:DescribeTrails",
+            "cloudtrail:GetTrailStatus",
+            "cloudwatch:Describe*",
+            "cloudwatch:Get*",
+            "cloudwatch:List*",
+            "directconnect:Describe*",
+            "dynamodb:GetItem",
+            "dynamodb:BatchGetItem",
+            "dynamodb:Query",
+            "dynamodb:Scan",
+            "dynamodb:DescribeTable",
+            "dynamodb:ListTables",
+            "ec2:Describe*",
+            "ecs:Describe*",
+            "ecs:List*",
+            "elasticache:Describe*",
+            "elasticbeanstalk:Check*",
+            "elasticbeanstalk:Describe*",
+            "elasticbeanstalk:List*",
+            "elasticbeanstalk:RequestEnvironmentInfo",
+            "elasticbeanstalk:RetrieveEnvironmentInfo",
+            "elasticloadbalancing:Describe*",
+            "elasticmapreduce:Describe*",
+            "elasticmapreduce:List*",
+            "elastictranscoder:Read*",
+            "elastictranscoder:List*",
+            "iam:List*",
+            "iam:GenerateCredentialReport",
+            "iam:Get*",
+            "kinesis:Describe*",
+            "kinesis:Get*",
+            "kinesis:List*",
+            "opsworks:Describe*",
+            "opsworks:Get*",
+            "route53:Get*",
+            "route53:List*",
+            "redshift:Describe*",
+            "redshift:ViewQueriesInConsole",
+            "rds:Describe*",
+            "rds:ListTagsForResource",
+            "s3:Get*",
+            "s3:List*",
+            "sdb:GetAttributes",
+            "sdb:List*",
+            "sdb:Select*",
+            "ses:Get*",
+            "ses:List*",
+            "sns:Get*",
+            "sns:List*",
+            "sqs:GetQueueAttributes",
+            "sqs:ListQueues",
+            "sqs:ReceiveMessage",
+            "storagegateway:List*",
+            "storagegateway:Describe*",
+            "tag:get*",
+            "trustedadvisor:Describe*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonMachineLearningBatchPredictionsAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "machinelearning:CreateBatchPrediction",
+            "machinelearning:DeleteBatchPrediction",
+            "machinelearning:DescribeBatchPredictions",
+            "machinelearning:GetBatchPrediction",
+            "machinelearning:UpdateBatchPrediction"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSCodeDeployReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "codedeploy:Batch*",
+            "codedeploy:Get*",
+            "codedeploy:List*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/CloudSearchFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "cloudsearch:*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSCloudHSMFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": "cloudhsm:*",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetRole": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "ec2:DescribeImages",
+            "ec2:DescribeSubnets",
+            "ec2:RequestSpotInstances",
+            "ec2:TerminateInstances"
+          ],
+          "Resource": [
+            "*"
+          ]
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonElasticTranscoderJobsSubmitter": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "elastictranscoder:Read*",
+            "elastictranscoder:List*",
+            "elastictranscoder:*Job",
+            "elastictranscoder:*Preset",
+            "s3:List*",
+            "iam:List*",
+            "sns:List*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "ds:*",
+            "ec2:AuthorizeSecurityGroupEgress",
+            "ec2:AuthorizeSecurityGroupIngress",
+            "ec2:CreateNetworkInterface",
+            "ec2:CreateSecurityGroup",
+            "ec2:DeleteNetworkInterface",
+            "ec2:DeleteSecurityGroup",
+            "ec2:DescribeNetworkInterfaces",
+            "ec2:DescribeSubnets",
+            "ec2:DescribeVpcs",
+            "ec2:RevokeSecurityGroupEgress",
+            "ec2:RevokeSecurityGroupIngress"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "dynamodb:*",
+            "cloudwatch:DeleteAlarms",
+            "cloudwatch:DescribeAlarmHistory",
+            "cloudwatch:DescribeAlarms",
+            "cloudwatch:DescribeAlarmsForMetric",
+            "cloudwatch:GetMetricStatistics",
+            "cloudwatch:ListMetrics",
+            "cloudwatch:PutMetricAlarm",
+            "datapipeline:ActivatePipeline",
+            "datapipeline:CreatePipeline",
+            "datapipeline:DeletePipeline",
+            "datapipeline:DescribeObjects",
+            "datapipeline:DescribePipelines",
+            "datapipeline:GetPipelineDefinition",
+            "datapipeline:ListPipelines",
+            "datapipeline:PutPipelineDefinition",
+            "datapipeline:QueryObjects",
+            "iam:ListRoles",
+            "sns:CreateTopic",
+            "sns:DeleteTopic",
+            "sns:ListSubscriptions",
+            "sns:ListSubscriptionsByTopic",
+            "sns:ListTopics",
+            "sns:Subscribe",
+            "sns:Unsubscribe"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonSESReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "ses:Get*",
+            "ses:List*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/service-role/AutoScalingNotificationAccessRole": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Resource": "*",
+          "Action": [
+            "sqs:SendMessage",
+            "sqs:GetQueueUrl",
+            "sns:Publish"
+          ]
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonKinesisReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "kinesis:Get*",
+            "kinesis:List*",
+            "kinesis:Describe*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSCodeDeployFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": "codedeploy:*",
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "dynamodb:DescribeStream",
+            "dynamodb:GetRecords",
+            "dynamodb:GetShardIterator",
+            "dynamodb:ListStreams",
+            "logs:CreateLogGroup",
+            "logs:CreateLogStream",
+            "logs:PutLogEvents"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonRoute53DomainsFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "route53:CreateHostedZone",
+            "route53domains:*"
+          ],
+          "Resource": [
+            "*"
+          ]
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "elasticache:Describe*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonElasticFileSystemReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "ec2:DescribeAvailabilityZones",
+            "ec2:DescribeNetworkInterfaceAttribute",
+            "ec2:DescribeNetworkInterfaces",
+            "ec2:DescribeSecurityGroups",
+            "ec2:DescribeSubnets",
+            "ec2:DescribeVpcs",
+            "elasticfilesystem:Describe*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/CloudFrontFullAccess": {
+    "VersionId": "v2",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "s3:ListAllMyBuckets"
+          ],
+          "Effect": "Allow",
+          "Resource": "arn:aws:s3:::*"
+        },
+        {
+          "Action": [
+            "cloudfront:*",
+            "iam:ListServerCertificates"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/service-role/AmazonMachineLearningRoleforRedshiftDataSource": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "ec2:AuthorizeSecurityGroupIngress",
+            "ec2:CreateSecurityGroup",
+            "ec2:DescribeInternetGateways",
+            "ec2:DescribeSecurityGroups",
+            "ec2:RevokeSecurityGroupIngress",
+            "redshift:AuthorizeClusterSecurityGroupIngress",
+            "redshift:CreateClusterSecurityGroup",
+            "redshift:DescribeClusters",
+            "redshift:DescribeClusterSecurityGroups",
+            "redshift:ModifyCluster",
+            "redshift:RevokeClusterSecurityGroupIngress",
+            "s3:GetBucketLocation",
+            "s3:GetBucketPolicy",
+            "s3:GetObject",
+            "s3:PutBucketPolicy",
+            "s3:PutObject"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonMobileAnalyticsNon-financialReportAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": "mobileanalytics:GetReports",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSCloudTrailFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "sns:AddPermission",
+            "sns:CreateTopic",
+            "sns:DeleteTopic",
+            "sns:ListTopics",
+            "sns:SetTopicAttributes"
+          ],
+          "Resource": "arn:aws:sns:*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "s3:CreateBucket",
+            "s3:DeleteBucket",
+            "s3:ListAllMyBuckets",
+            "s3:PutBucketPolicy",
+            "s3:ListBucket",
+            "s3:GetBucketLocation",
+            "s3:GetObject"
+          ],
+          "Resource": "arn:aws:s3:::*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": "cloudtrail:*",
+          "Resource": "*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "logs:CreateLogGroup"
+          ],
+          "Resource": "arn:aws:logs:*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "iam:PassRole",
+            "iam:ListRoles",
+            "iam:GetRolePolicy"
+          ],
+          "Resource": "arn:aws:iam::*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonCognitoDeveloperAuthenticatedIdentities": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "cognito-identity:GetOpenIdTokenForDeveloperIdentity",
+            "cognito-identity:LookupDeveloperIdentity",
+            "cognito-identity:MergeDeveloperIdentities",
+            "cognito-identity:UnlinkDeveloperIdentity"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/service-role/AWSConfigRole": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "cloudtrail:DescribeTrails",
+            "ec2:Describe*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonRedshiftFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "redshift:*",
+            "ec2:DescribeAccountAttributes",
+            "ec2:DescribeAddresses",
+            "ec2:DescribeAvailabilityZones",
+            "ec2:DescribeSecurityGroups",
+            "ec2:DescribeSubnets",
+            "ec2:DescribeVpcs",
+            "ec2:DescribeInternetGateways",
+            "sns:CreateTopic",
+            "sns:Get*",
+            "sns:List*",
+            "cloudwatch:Describe*",
+            "cloudwatch:Get*",
+            "cloudwatch:List*",
+            "cloudwatch:PutMetricAlarm",
+            "cloudwatch:EnableAlarmActions",
+            "cloudwatch:DisableAlarmActions"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonZocaloReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "zocalo:Describe*",
+            "ds:DescribeDirectories",
+            "ec2:DescribeVpcs",
+            "ec2:DescribeSubnets"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSCloudHSMReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "cloudhsm:Get*",
+            "cloudhsm:List*",
+            "cloudhsm:Describe*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonRoute53ReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "route53:Get*",
+            "route53:List*"
+          ],
+          "Resource": [
+            "*"
+          ]
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonEC2ReportsAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": "ec2-reports:*",
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonSQSReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "sqs:GetQueueAttributes",
+            "sqs:ListQueues"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonKinesisFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": "kinesis:*",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonMachineLearningReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "machinelearning:Describe*",
+            "machinelearning:Get*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/service-role/RDSCloudHsmAuthorizationRole": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "cloudhsm:CreateLunaClient",
+            "cloudhsm:GetClientConfiguration",
+            "cloudhsm:DeleteLunaClient",
+            "cloudhsm:DescribeLunaClient",
+            "cloudhsm:ModifyLunaClient",
+            "cloudhsm:DescribeHapg",
+            "cloudhsm:ModifyHapg",
+            "cloudhsm:GetConfig"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonMachineLearningFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "machinelearning:*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AdministratorAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": "*",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonMachineLearningRealTimePredictionOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "machinelearning:Predict"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSConfigUserAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "config:Get*",
+            "config:Describe*",
+            "config:Deliver*",
+            "tag:GetResources",
+            "tag:GetTagKeys"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/SecurityAudit": {
+    "VersionId": "v2",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "autoscaling:Describe*",
+            "cloudformation:DescribeStack*",
+            "cloudformation:GetTemplate",
+            "cloudformation:ListStack*",
+            "cloudfront:Get*",
+            "cloudfront:List*",
+            "cloudwatch:Describe*",
+            "directconnect:Describe*",
+            "dynamodb:ListTables",
+            "ec2:Describe*",
+            "ecs:Describe*",
+            "ecs:List*",
+            "elasticbeanstalk:Describe*",
+            "elasticache:Describe*",
+            "elasticloadbalancing:Describe*",
+            "elasticmapreduce:DescribeJobFlows",
+            "glacier:ListVaults",
+            "iam:GenerateCredentialReport",
+            "iam:Get*",
+            "iam:List*",
+            "rds:Describe*",
+            "rds:DownloadDBLogFilePortion",
+            "rds:ListTagsForResource",
+            "redshift:Describe*",
+            "route53:GetHostedZone",
+            "route53:ListHostedZones",
+            "route53:ListResourceRecordSets",
+            "s3:GetBucket*",
+            "s3:GetLifecycleConfiguration",
+            "s3:GetObjectAcl",
+            "s3:GetObjectVersionAcl",
+            "s3:ListAllMyBuckets",
+            "sdb:DomainMetadata",
+            "sdb:ListDomains",
+            "sns:GetTopicAttributes",
+            "sns:ListTopics",
+            "sqs:GetQueueAttributes",
+            "sqs:ListQueues"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "cloudwatch:DescribeAlarmHistory",
+            "cloudwatch:DescribeAlarms",
+            "cloudwatch:DescribeAlarmsForMetric",
+            "cloudwatch:GetMetricStatistics",
+            "cloudwatch:ListMetrics",
+            "datapipeline:DescribeObjects",
+            "datapipeline:DescribePipelines",
+            "datapipeline:GetPipelineDefinition",
+            "datapipeline:ListPipelines",
+            "datapipeline:QueryObjects",
+            "dynamodb:BatchGetItem",
+            "dynamodb:DescribeTable",
+            "dynamodb:GetItem",
+            "dynamodb:ListTables",
+            "dynamodb:Query",
+            "dynamodb:Scan",
+            "sns:ListSubscriptionsByTopic",
+            "sns:ListTopics"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonSNSReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "sns:GetTopicAttributes",
+            "sns:List*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonElasticMapReduceFullAccess": {
+    "VersionId": "v3",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "cloudwatch:*",
+            "ec2:AuthorizeSecurityGroupIngress",
+            "ec2:CancelSpotInstanceRequests",
+            "ec2:CreateSecurityGroup",
+            "ec2:CreateTags",
+            "ec2:DeleteTags",
+            "ec2:DescribeAvailabilityZones",
+            "ec2:DescribeAccountAttributes",
+            "ec2:DescribeInstances",
+            "ec2:DescribeKeyPairs",
+            "ec2:DescribeRouteTables",
+            "ec2:DescribeSecurityGroups",
+            "ec2:DescribeSpotInstanceRequests",
+            "ec2:DescribeSpotPriceHistory",
+            "ec2:DescribeSubnets",
+            "ec2:DescribeVpcAttribute",
+            "ec2:DescribeVpcs",
+            "ec2:ModifyImageAttribute",
+            "ec2:ModifyInstanceAttribute",
+            "ec2:RequestSpotInstances",
+            "ec2:RunInstances",
+            "ec2:TerminateInstances",
+            "elasticmapreduce:*",
+            "iam:GetPolicy",
+            "iam:GetPolicyVersion",
+            "iam:ListRoles",
+            "iam:PassRole",
+            "kms:List*",
+            "s3:*",
+            "sdb:*",
+            "support:CreateCase",
+            "support:DescribeServices",
+            "support:DescribeSeverityLevels"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "s3:Get*",
+            "s3:List*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSElasticBeanstalkFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "elasticbeanstalk:*",
+            "ec2:*",
+            "elasticloadbalancing:*",
+            "autoscaling:*",
+            "cloudwatch:*",
+            "s3:*",
+            "sns:*",
+            "cloudformation:*",
+            "rds:*",
+            "sqs:*",
+            "iam:PassRole"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "autoscaling:CompleteLifecycleAction",
+            "autoscaling:DeleteLifecycleHook",
+            "autoscaling:DescribeAutoScalingGroups",
+            "autoscaling:DescribeLifecycleHooks",
+            "autoscaling:PutLifecycleHook",
+            "autoscaling:RecordLifecycleActionHeartbeat",
+            "ec2:DescribeInstances",
+            "ec2:DescribeInstanceStatus",
+            "tag:GetTags",
+            "tag:GetResources"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonSESFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "ses:*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "logs:Describe*",
+            "logs:Get*",
+            "logs:TestMetricFilter"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "opsworks:AssignInstance",
+            "opsworks:CreateStack",
+            "opsworks:CreateLayer",
+            "opsworks:DeregisterInstance",
+            "opsworks:DescribeInstances",
+            "opsworks:DescribeStackProvisioningParameters",
+            "opsworks:DescribeStacks",
+            "opsworks:UnassignInstance"
+          ],
+          "Resource": [
+            "*"
+          ]
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "ec2:DescribeInstances"
+          ],
+          "Resource": [
+            "*"
+          ]
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "iam:AddUserToGroup",
+            "iam:CreateAccessKey",
+            "iam:CreateGroup",
+            "iam:CreateUser",
+            "iam:ListInstanceProfiles",
+            "iam:PassRole",
+            "iam:PutUserPolicy"
+          ],
+          "Resource": [
+            "*"
+          ]
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccesswithDataPipeline": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "cloudwatch:DeleteAlarms",
+            "cloudwatch:DescribeAlarmHistory",
+            "cloudwatch:DescribeAlarms",
+            "cloudwatch:DescribeAlarmsForMetric",
+            "cloudwatch:GetMetricStatistics",
+            "cloudwatch:ListMetrics",
+            "cloudwatch:PutMetricAlarm",
+            "dynamodb:*",
+            "sns:CreateTopic",
+            "sns:DeleteTopic",
+            "sns:ListSubscriptions",
+            "sns:ListSubscriptionsByTopic",
+            "sns:ListTopics",
+            "sns:Subscribe",
+            "sns:Unsubscribe"
+          ],
+          "Effect": "Allow",
+          "Resource": "*",
+          "Sid": "DDBConsole"
+        },
+        {
+          "Action": [
+            "datapipeline:*",
+            "iam:ListRoles"
+          ],
+          "Effect": "Allow",
+          "Resource": "*",
+          "Sid": "DDBConsoleImportExport"
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "iam:GetRolePolicy",
+            "iam:PassRole"
+          ],
+          "Resource": [
+            "*"
+          ],
+          "Sid": "IAMEDPRoles"
+        },
+        {
+          "Action": [
+            "ec2:CreateTags",
+            "ec2:DescribeInstances",
+            "ec2:RunInstances",
+            "ec2:StartInstances",
+            "ec2:StopInstances",
+            "ec2:TerminateInstances",
+            "elasticmapreduce:*",
+            "datapipeline:*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*",
+          "Sid": "EMR"
+        },
+        {
+          "Action": [
+            "s3:DeleteObject",
+            "s3:Get*",
+            "s3:List*",
+            "s3:Put*"
+          ],
+          "Effect": "Allow",
+          "Resource": [
+            "*"
+          ],
+          "Sid": "S3"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforDataPipelineRole": {
+    "VersionId": "v2",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "cloudwatch:*",
+            "datapipeline:*",
+            "dynamodb:*",
+            "ec2:Describe*",
+            "elasticmapreduce:AddJobFlowSteps",
+            "elasticmapreduce:Describe*",
+            "elasticmapreduce:ListInstance*",
+            "rds:Describe*",
+            "redshift:DescribeClusters",
+            "redshift:DescribeClusterSecurityGroups",
+            "s3:*",
+            "sdb:*",
+            "sns:*",
+            "sqs:*"
+          ],
+          "Resource": [
+            "*"
+          ]
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "logs:*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonElasticTranscoderFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "elastictranscoder:*",
+            "cloudfront:*",
+            "s3:List*",
+            "s3:Put*",
+            "s3:Get*",
+            "s3:*MultipartUpload*",
+            "iam:CreateRole",
+            "iam:GetRolePolicy",
+            "iam:PassRole",
+            "iam:PutRolePolicy",
+            "iam:List*",
+            "sns:CreateTopic",
+            "sns:List*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonMobileAnalyticsWriteOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": "mobileanalytics:PutEvents",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSConnector": {
+    "VersionId": "v2",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": "iam:GetUser",
+          "Resource": "*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "s3:ListAllMyBuckets"
+          ],
+          "Resource": "*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "s3:CreateBucket",
+            "s3:DeleteBucket",
+            "s3:DeleteObject",
+            "s3:GetBucketLocation",
+            "s3:GetObject",
+            "s3:ListBucket",
+            "s3:PutObject",
+            "s3:PutObjectAcl"
+          ],
+          "Resource": "arn:aws:s3:::import-to-ec2-*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "ec2:CancelConversionTask",
+            "ec2:CancelExportTask",
+            "ec2:CreateImage",
+            "ec2:CreateInstanceExportTask",
+            "ec2:CreateTags",
+            "ec2:CreateVolume",
+            "ec2:DeleteTags",
+            "ec2:DeleteVolume",
+            "ec2:DescribeConversionTasks",
+            "ec2:DescribeExportTasks",
+            "ec2:DescribeImages",
+            "ec2:DescribeInstanceAttribute",
+            "ec2:DescribeInstanceStatus",
+            "ec2:DescribeInstances",
+            "ec2:DescribeRegions",
+            "ec2:DescribeTags",
+            "ec2:DetachVolume",
+            "ec2:ImportInstance",
+            "ec2:ImportVolume",
+            "ec2:ModifyInstanceAttribute",
+            "ec2:RunInstances",
+            "ec2:StartInstances",
+            "ec2:StopInstances",
+            "ec2:TerminateInstances"
+          ],
+          "Resource": "*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "SNS:Publish"
+          ],
+          "Resource": "arn:aws:sns:*:*:metrics-sns-topic-for-*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonSSMFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "cloudwatch:PutMetricData",
+            "ds:CreateComputer",
+            "ds:DescribeDirectories",
+            "ec2:DescribeInstanceStatus",
+            "logs:*",
+            "ssm:*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "ec2:Describe*",
+            "elasticloadbalancing:*",
+            "ecs:*",
+            "iam:ListInstanceProfiles",
+            "iam:ListRoles",
+            "iam:PassRole"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonCognitoReadOnly": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "cognito-identity:Describe*",
+            "cognito-identity:Get*",
+            "cognito-identity:List*",
+            "cognito-sync:Describe*",
+            "cognito-sync:Get*",
+            "cognito-sync:List*",
+            "iam:ListOpenIdConnectProviders",
+            "iam:ListRoles",
+            "sns:ListPlatformApplications"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonVPCFullAccess": {
+    "VersionId": "v3",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "ec2:AcceptVpcPeeringConnection",
+            "ec2:AllocateAddress",
+            "ec2:AssociateAddress",
+            "ec2:AssociateDhcpOptions",
+            "ec2:AssociateRouteTable",
+            "ec2:AttachClassicLinkVpc",
+            "ec2:AttachInternetGateway",
+            "ec2:AttachVpnGateway",
+            "ec2:AuthorizeSecurityGroupEgress",
+            "ec2:AuthorizeSecurityGroupIngress",
+            "ec2:CreateCustomerGateway",
+            "ec2:CreateDhcpOptions",
+            "ec2:CreateInternetGateway",
+            "ec2:CreateNetworkAcl",
+            "ec2:CreateNetworkAclEntry",
+            "ec2:CreateRoute",
+            "ec2:CreateRouteTable",
+            "ec2:CreateSecurityGroup",
+            "ec2:CreateSubnet",
+            "ec2:CreateTags",
+            "ec2:CreateVpc",
+            "ec2:CreateVpcEndpoint",
+            "ec2:CreateVpcPeeringConnection",
+            "ec2:CreateVpnConnection",
+            "ec2:CreateVpnConnectionRoute",
+            "ec2:CreateVpnGateway",
+            "ec2:DeleteCustomerGateway",
+            "ec2:DeleteDhcpOptions",
+            "ec2:DeleteInternetGateway",
+            "ec2:DeleteNetworkAcl",
+            "ec2:DeleteNetworkAclEntry",
+            "ec2:DeleteRoute",
+            "ec2:DeleteRouteTable",
+            "ec2:DeleteSecurityGroup",
+            "ec2:DeleteSubnet",
+            "ec2:DeleteTags",
+            "ec2:DeleteVpc",
+            "ec2:DeleteVpcEndpoints",
+            "ec2:DeleteVpcPeeringConnection",
+            "ec2:DeleteVpnConnection",
+            "ec2:DeleteVpnGateway",
+            "ec2:DescribeAddresses",
+            "ec2:DescribeAvailabilityZones",
+            "ec2:DescribeCustomerGateways",
+            "ec2:DescribeDhcpOptions",
+            "ec2:DescribeInstances",
+            "ec2:DescribeInternetGateways",
+            "ec2:DescribeKeyPairs",
+            "ec2:DescribeNetworkAcls",
+            "ec2:DescribeNetworkInterfaces",
+            "ec2:DescribePrefixLists",
+            "ec2:DescribeRouteTables",
+            "ec2:DescribeSecurityGroups",
+            "ec2:DescribeSubnets",
+            "ec2:DescribeTags",
+            "ec2:DescribeVpcAttribute",
+            "ec2:DescribeVpcClassicLink",
+            "ec2:DescribeVpcEndpoints",
+            "ec2:DescribeVpcEndpointServices",
+            "ec2:DescribeVpcPeeringConnections",
+            "ec2:DescribeVpcs",
+            "ec2:DescribeVpnConnections",
+            "ec2:DescribeVpnGateways",
+            "ec2:DetachClassicLinkVpc",
+            "ec2:DetachInternetGateway",
+            "ec2:DetachVpnGateway",
+            "ec2:DisableVpcClassicLink",
+            "ec2:DisableVgwRoutePropagation",
+            "ec2:DisassociateAddress",
+            "ec2:DisassociateRouteTable",
+            "ec2:EnableVpcClassicLink",
+            "ec2:EnableVgwRoutePropagation",
+            "ec2:ModifySubnetAttribute",
+            "ec2:ModifyVpcAttribute",
+            "ec2:ModifyVpcEndpoint",
+            "ec2:RejectVpcPeeringConnection",
+            "ec2:ReleaseAddress",
+            "ec2:ReplaceNetworkAclAssociation",
+            "ec2:ReplaceNetworkAclEntry",
+            "ec2:ReplaceRouteTableAssociation",
+            "ec2:RevokeSecurityGroupEgress",
+            "ec2:RevokeSecurityGroupIngress"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSImportExportFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "importexport:*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonMachineLearningCreateOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "machinelearning:Create*",
+            "machinelearning:Delete*",
+            "machinelearning:Describe*",
+            "machinelearning:Get*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSCloudTrailReadOnlyAccess": {
+    "VersionId": "v2",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "s3:GetObject"
+          ],
+          "Resource": "arn:aws:s3:::*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "cloudtrail:GetTrailStatus",
+            "cloudtrail:DescribeTrails",
+            "cloudtrail:LookupEvents",
+            "s3:ListAllMyBuckets"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSLambdaExecute": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "logs:*"
+          ],
+          "Resource": "arn:aws:logs:*:*:*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "s3:GetObject",
+            "s3:PutObject"
+          ],
+          "Resource": "arn:aws:s3:::*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSStorageGatewayFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "storagegateway:*"
+          ],
+          "Resource": "*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "ec2:DescribeSnapshots",
+            "ec2:DeleteSnapshot"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonElasticTranscoderReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "elastictranscoder:Read*",
+            "elastictranscoder:List*",
+            "s3:List*",
+            "iam:List*",
+            "sns:List*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonWorkMailReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "ses:Describe*",
+            "ses:Get*",
+            "workmail:Describe*",
+            "workmail:Get*",
+            "workmail:List*",
+            "workmail:Search*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "kinesis:DescribeStream",
+            "kinesis:GetRecords",
+            "kinesis:GetShardIterator",
+            "kinesis:ListStreams",
+            "logs:CreateLogGroup",
+            "logs:CreateLogStream",
+            "logs:PutLogEvents"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "tag:getResources",
+            "tag:getTagKeys",
+            "tag:getTagValues"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonMachineLearningManageRealTimeEndpointOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "machinelearning:CreateRealtimeEndpoint",
+            "machinelearning:DeleteRealtimeEndpoint"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/CloudFrontReadOnlyAccess": {
+    "VersionId": "v2",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "cloudfront:Get*",
+            "cloudfront:List*",
+            "iam:ListServerCertificates",
+            "route53:List*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/service-role/AmazonSNSRole": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "logs:CreateLogGroup",
+            "logs:CreateLogStream",
+            "logs:PutLogEvents",
+            "logs:PutMetricFilter",
+            "logs:PutRetentionPolicy"
+          ],
+          "Resource": [
+            "*"
+          ]
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFinancialReportAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "mobileanalytics:GetReports",
+            "mobileanalytics:GetFinancialReports"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/IAMReadOnlyAccess": {
+    "VersionId": "v2",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "iam:GenerateCredentialReport",
+            "iam:Get*",
+            "iam:List*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonRDSReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "rds:Describe*",
+            "rds:ListTagsForResource",
+            "ec2:DescribeAccountAttributes",
+            "ec2:DescribeAvailabilityZones",
+            "ec2:DescribeSecurityGroups",
+            "ec2:DescribeVpcs"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        },
+        {
+          "Action": [
+            "cloudwatch:GetMetricStatistics"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonCognitoPowerUser": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "cognito-identity:*",
+            "cognito-sync:*",
+            "iam:ListRoles",
+            "iam:ListOpenIdConnectProviders",
+            "sns:ListPlatformApplications"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "ec2:CreateNetworkInterface",
+            "ec2:DeleteNetworkInterface",
+            "ec2:DescribeAvailabilityZones",
+            "ec2:DescribeNetworkInterfaceAttribute",
+            "ec2:DescribeNetworkInterfaces",
+            "ec2:DescribeSecurityGroups",
+            "ec2:DescribeSubnets",
+            "ec2:DescribeVpcs",
+            "ec2:ModifyNetworkInterfaceAttribute",
+            "elasticfilesystem:*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonZocaloFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "zocalo:*",
+            "ds:*",
+            "ec2:AuthorizeSecurityGroupEgress",
+            "ec2:AuthorizeSecurityGroupIngress",
+            "ec2:CreateNetworkInterface",
+            "ec2:CreateSecurityGroup",
+            "ec2:CreateSubnet",
+            "ec2:CreateTags",
+            "ec2:CreateVpc",
+            "ec2:DescribeAvailabilityZones",
+            "ec2:DescribeNetworkInterfaces",
+            "ec2:DescribeSubnets",
+            "ec2:DescribeVpcs",
+            "ec2:DeleteNetworkInterface",
+            "ec2:DeleteSecurityGroup",
+            "ec2:RevokeSecurityGroupEgress",
+            "ec2:RevokeSecurityGroupIngress"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSLambdaReadOnlyAccess": {
+    "VersionId": "v2",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "cloudwatch:Describe*",
+            "cloudwatch:Get*",
+            "cloudwatch:List*",
+            "cognito-identity:ListIdentityPools",
+            "cognito-sync:GetCognitoEvents",
+            "dynamodb:BatchGetItem",
+            "dynamodb:DescribeStream",
+            "dynamodb:DescribeTable",
+            "dynamodb:GetItem",
+            "dynamodb:ListStreams",
+            "dynamodb:ListTables",
+            "dynamodb:Query",
+            "dynamodb:Scan",
+            "iam:ListRoles",
+            "kinesis:DescribeStream",
+            "kinesis:ListStreams",
+            "lambda:List*",
+            "lambda:Get*",
+            "logs:DescribeMetricFilters",
+            "logs:GetLogEvents",
+            "logs:DescribeLogGroups",
+            "logs:DescribeLogStreams",
+            "s3:Get*",
+            "s3:List*",
+            "sns:ListTopics",
+            "sns:ListSubscriptions",
+            "sns:ListSubscriptionsByTopic"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSAccountUsageReportAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "aws-portal:ViewUsage"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "ecs:CreateCluster",
+            "ecs:DeregisterContainerInstance",
+            "ecs:DiscoverPollEndpoint",
+            "ecs:Poll",
+            "ecs:RegisterContainerInstance",
+            "ecs:Submit*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonAppStreamFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "appstream:*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "autoscaling:Describe*",
+            "cloudwatch:Describe*",
+            "cloudwatch:Get*",
+            "cloudwatch:List*",
+            "logs:Get*",
+            "logs:Describe*",
+            "logs:TestMetricFilter",
+            "sns:Get*",
+            "sns:List*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "logs:CreateLogGroup",
+            "logs:CreateLogStream",
+            "logs:PutLogEvents"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "tag:getResources",
+            "tag:getTagKeys",
+            "tag:getTagValues",
+            "tag:addResourceTags",
+            "tag:removeResourceTags"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "kms:CreateAlias",
+            "kms:CreateKey",
+            "kms:DeleteAlias",
+            "kms:Describe*",
+            "kms:GenerateRandom",
+            "kms:Get*",
+            "kms:List*",
+            "iam:ListGroups",
+            "iam:ListRoles",
+            "iam:ListUsers"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSImportExportReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "importexport:ListJobs",
+            "importexport:GetStatus"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/service-role/AmazonElasticTranscoderRole": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Sid": "1",
+          "Effect": "Allow",
+          "Action": [
+            "s3:ListBucket",
+            "s3:Put*",
+            "s3:Get*",
+            "s3:*MultipartUpload*"
+          ],
+          "Resource": [
+            "*"
+          ]
+        },
+        {
+          "Sid": "2",
+          "Effect": "Allow",
+          "Action": [
+            "sns:Publish"
+          ],
+          "Resource": [
+            "*"
+          ]
+        },
+        {
+          "Sid": "3",
+          "Effect": "Deny",
+          "Action": [
+            "s3:*Policy*",
+            "sns:*Permission*",
+            "sns:*Delete*",
+            "s3:*Delete*",
+            "sns:*Remove*"
+          ],
+          "Resource": [
+            "*"
+          ]
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "ec2:AuthorizeSecurityGroupIngress",
+            "ec2:Describe*",
+            "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
+            "elasticloadbalancing:Describe*",
+            "elasticloadbalancing:RegisterInstancesWithLoadBalancer"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "ssm:Describe*",
+            "ssm:Get*",
+            "ssm:List*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSMarketplaceRead-only": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "aws-marketplace:ViewSubscriptions",
+            "ec2:DescribeAccountAttributes",
+            "ec2:DescribeAddresses",
+            "ec2:DescribeImages",
+            "ec2:DescribeInstances",
+            "ec2:DescribeKeyPairs",
+            "ec2:DescribeSecurityGroups",
+            "ec2:DescribeSubnets",
+            "ec2:DescribeVpcs"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonWorkSpacesApplicationManagerAdminAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": "wam:AuthenticatePackager",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSDirectConnectFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "directconnect:*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSAccountActivityAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "aws-portal:ViewBilling"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonGlacierFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": "glacier:*",
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonWorkMailFullAccess": {
+    "VersionId": "v2",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "ds:AuthorizeApplication",
+            "ds:CheckAlias",
+            "ds:CreateAlias",
+            "ds:CreateDirectory",
+            "ds:CreateDomain",
+            "ds:DeleteAlias",
+            "ds:DeleteDirectory",
+            "ds:DescribeDirectories",
+            "ds:ExtendDirectory",
+            "ds:GetDirectoryLimits",
+            "ds:ListAuthorizedApplications",
+            "ds:UnauthorizeApplication",
+            "ec2:AuthorizeSecurityGroupEgress",
+            "ec2:AuthorizeSecurityGroupIngress",
+            "ec2:CreateNetworkInterface",
+            "ec2:CreateSecurityGroup",
+            "ec2:CreateSubnet",
+            "ec2:CreateTags",
+            "ec2:CreateVpc",
+            "ec2:DeleteSecurityGroup",
+            "ec2:DeleteSubnet",
+            "ec2:DeleteVpc",
+            "ec2:DescribeAvailabilityZones",
+            "ec2:DescribeDomains",
+            "ec2:DescribeRouteTables",
+            "ec2:DescribeSubnets",
+            "ec2:DescribeVpcs",
+            "ec2:RevokeSecurityGroupEgress",
+            "ec2:RevokeSecurityGroupIngress",
+            "kms:DescribeKey",
+            "kms:ListAliases",
+            "ses:*",
+            "workmail:*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSMarketplaceManageSubscriptions": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "aws-marketplace:ViewSubscriptions",
+            "aws-marketplace:Subscribe",
+            "aws-marketplace:Unsubscribe"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSSupportAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "support:*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSLambdaInvocation-DynamoDB": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "lambda:InvokeFunction"
+          ],
+          "Resource": "*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "dynamodb:DescribeStream",
+            "dynamodb:GetRecords",
+            "dynamodb:GetShardIterator",
+            "dynamodb:ListStreams"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "codedeploy:Batch*",
+            "codedeploy:CreateDeployment",
+            "codedeploy:Get*",
+            "codedeploy:List*",
+            "codedeploy:RegisterApplicationRevision"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSDataPipelinePowerUser": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "s3:List*",
+            "dynamodb:DescribeTable",
+            "rds:DescribeDBInstances",
+            "rds:DescribeDBSecurityGroups",
+            "redshift:DescribeClusters",
+            "redshift:DescribeClusterSecurityGroups",
+            "sns:ListTopics",
+            "iam:PassRole",
+            "iam:ListRoles",
+            "iam:PutRolePolicy",
+            "iam:GetRolePolicy",
+            "iam:GetInstanceProfiles",
+            "iam:ListInstanceProfiles",
+            "iam:CreateInstanceProfile",
+            "iam:AddRoleToInstanceProfile",
+            "datapipeline:*",
+            "cloudwatch:*"
+          ],
+          "Effect": "Allow",
+          "Resource": [
+            "*"
+          ]
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonSNSFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "sns:*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/CloudSearchReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "cloudsearch:Describe*",
+            "cloudsearch:List*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "cloudformation:DescribeStacks",
+            "cloudformation:DescribeStackEvents",
+            "cloudformation:DescribeStackResource",
+            "cloudformation:DescribeStackResources",
+            "cloudformation:GetTemplate",
+            "cloudformation:List*"
+          ],
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonRoute53FullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "route53:*"
+          ],
+          "Resource": [
+            "*"
+          ]
+        },
+        {
+          "Effect": "Allow",
+          "Action": [
+            "elasticloadbalancing:DescribeLoadBalancers"
+          ],
+          "Resource": [
+            "*"
+          ]
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/service-role/AWSLambdaRole": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Action": [
+            "lambda:InvokeFunction"
+          ],
+          "Resource": [
+            "*"
+          ]
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AmazonAppStreamReadOnlyAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "appstream:Get*"
+          ],
+          "Effect": "Allow",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/PowerUserAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "NotAction": "iam:*",
+          "Resource": "*"
+        }
+      ]
+    }
+  },
+  "arn:aws:iam::aws:policy/AWSDataPipelineFullAccess": {
+    "VersionId": "v1",
+    "IsDefaultVersion": true,
+    "Document": {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Action": [
+            "s3:List*",
+            "dynamodb:DescribeTable",
+            "rds:DescribeDBInstances",
+            "rds:DescribeDBSecurityGroups",
+            "redshift:DescribeClusters",
+            "redshift:DescribeClusterSecurityGroups",
+            "sns:CreateTopic",
+            "sns:ListTopics",
+            "sns:Subscribe",
+            "iam:PassRole",
+            "iam:ListRoles",
+            "iam:CreateRole",
+            "iam:PutRolePolicy",
+            "iam:GetRolePolicy",
+            "iam:GetInstanceProfiles",
+            "iam:ListInstanceProfiles",
+            "iam:CreateInstanceProfile",
+            "iam:AddRoleToInstanceProfile",
+            "datapipeline:*",
+            "cloudwatch:*"
+          ],
+          "Effect": "Allow",
+          "Resource": [
+            "*"
+          ]
+        }
+      ]
+    }
+  }
+}