Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Sid": "FullAccessToMostServices",
- "Effect": "Allow",
- "Action": [
- "a4b:*",
- "apigateway:*",
- "application-autoscaling:*",
- "discovery:*",
- "appstream:*",
- "appsync:*",
- "artifact:*",
- "athena:*",
- "autoscaling-plans:*",
- "batch:*",
- "aws-portal:*",
- "budgets:*",
- "acm:*",
- "acm-pca:*",
- "chime:*",
- "cloud9:*",
- "clouddirectory:*",
- "cloudformation:*",
- "cloudfront:*",
- "cloudhsm:*",
- "servicediscovery:*",
- "cloudsearch:*",
- "cloudtrail:*",
- "cloudwatch:*",
- "events:*",
- "logs:*",
- "codebuild:*",
- "codecommit:*",
- "codedeploy:*",
- "codepipeline:*",
- "signer:*",
- "codestar:*",
- "cognito-idp:*",
- "cognito-identity:*",
- "cognito-sync:*",
- "comprehend:*",
- "config:*",
- "connect:*",
- "cur:*",
- "ce:*",
- "datapipeline:*",
- "dms:*",
- "devicefarm:*",
- "directconnect:*",
- "ds:*",
- "rds:*",
- "dynamodb:*",
- "dax:*",
- "autoscaling:*",
- "ec2:*",
- "ecr:*",
- "ecs:*",
- "eks:*",
- "elasticbeanstalk:*",
- "elasticfilesystem:*",
- "elasticloadbalancing:*",
- "elasticmapreduce:*",
- "elastictranscoder:*",
- "elasticache:*",
- "es:*",
- "fms:*",
- "freertos:*",
- "gamelift:*",
- "glacier:*",
- "globalaccelerator:*",
- "glue:*",
- "greengrass:*",
- "groundstation:*",
- "guardduty:*",
- "health:*",
- "importexport:*",
- "inspector:*",
- "iot:*",
- "iotanalytics:*",
- "iot1click:*",
- "kms:*",
- "kinesisanalytics:*",
- "firehose:*",
- "kinesis:*",
- "kinesisvideo:*",
- "lambda:*",
- "lex:*",
- "lightsail:*",
- "macie:*",
- "machinelearning:*",
- "aws-marketplace:*",
- "aws-marketplace-management:*",
- "mechanicalturk:*",
- "crowd:*",
- "mediaconnect:*",
- "mediaconvert:*",
- "medialive:*",
- "mediapackage:*",
- "mediastore:*",
- "mediatailor:*",
- "ec2message:*",
- "mgh:*",
- "mobileanalytics:*",
- "mobilehub:*",
- "mq:*",
- "opsworks:*",
- "opsworks-cm:*",
- "organizations:*",
- "personalize:*",
- "mobiletargeting:*",
- "polly:*",
- "pricing:*",
- "quicksight:*",
- "redshift:*",
- "rekognition:*",
- "rds:*",
- "resource-groups:*",
- "tag:*",
- "sagemaker:*",
- "secretsmanager:*",
- "sts:*",
- "serverlessrepo:*",
- "servicecatalog:*",
- "shield:*",
- "shield:*",
- "transfer:*",
- "ses:*",
- "sns:*",
- "sqs:*",
- "s3:*",
- "swf:*",
- "sdb:*",
- "sso:*",
- "snowball:*",
- "states:*",
- "storagegateway:*",
- "sumerian:*",
- "support:*",
- "ssm:*",
- "textract:*",
- "transcribe:*",
- "translate:*",
- "trustedadvisor:*",
- "ec2:*",
- "waf:*",
- "waf-regional:*",
- "workdocs:*",
- "worklink:*",
- "workmail:*",
- "workspaces:*",
- "wam:*",
- "xray:*"
- ],
- "Resource": "*"
- },
- {
- "Sid": "LimitedReadAccessRoute53",
- "Effect": "Allow",
- "Action": [
- "route53:Get*",
- "route53:List*",
- "route53:Test*",
- "route53resolver:Get*",
- "route53resolver:List*",
- "route53domains:Get*",
- "route53domains:List*",
- "route53domains:Check*",
- "route53domains:View*"
- ],
- "Resource": "*"
- },
- {
- "Sid": "CreateOrChangeOnlyWithBoundary",
- "Effect": "Allow",
- "Action": [
- "iam:CreateUser",
- "iam:DeleteUserPolicy",
- "iam:AttachUserPolicy",
- "iam:DetachUserPolicy",
- "iam:PutUserPermissionsBoundary"
- ],
- "Resource": "*",
- "Condition": {
- "StringEquals": {
- "iam:PermissionsBoundary": "arn:aws:iam::polishop-aws:policy/PolishopBoundaries"
- }
- }
- },
- {
- "Sid": "OtherIamTasks",
- "Effect": "Allow",
- "Action": [
- "iam:Get*",
- "iam:List*",
- "iam:Generate*",
- "iam:Simulate*",
- "iam:*Group*",
- "iam:*MFA*",
- "iam:UpdateUser",
- "iam:CreateAccessKey",
- "iam:CreateLoginProfile",
- "iam:CreatePolicy",
- "iam:DeletePolicy",
- "iam:DeletePolicyVersion",
- "iam:PutUserPolicy",
- "iam:SetDefaultPolicyVersion"
- ],
- "Resource": "*"
- },
- {
- "Sid": "NoBoundaryPolicyEdit",
- "Effect": "Deny",
- "Action": [
- "iam:CreatePolicyVersion",
- "iam:DeletePolicy",
- "iam:DeletePolicyVersion",
- "iam:SetDefaultPolicyVersion"
- ],
- "Resource": [
- "arn:aws:iam::polishop-aws:policy/PolishopBoundaries",
- "arn:aws:iam::polishop-aws:policy/ManagerBoundaries"
- ]
- },
- {
- "Sid": "NoBoundaryUserDelete",
- "Effect": "Deny",
- "Action": "iam:DeleteUserPermissionsBoundary",
- "Resource": "*"
- }
- ]
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement