Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n\
- \ \"Action\": [\n \"s3:GetObject\",\n \"s3:GetObjectVersion\"\
- ,\n \"s3:GetBucketVersioning\"\n ],\n \"Resource\": \"\
- *\",\n \"Effect\": \"Allow\"\n },\n {\n \"Action\": [\n\
- \ \"s3:PutObject\"\n ],\n \"Resource\": [\n \"\
- arn:aws:s3:::codepipeline*\"\n ],\n \"Effect\": \"Allow\"\n\
- \ },\n {\n \"Action\": [\n \"lambda:*\"\n ],\n\
- \ \"Resource\": [\n \"arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:*\"\
- \n ],\n \"Effect\": \"Allow\"\n },\n {\n \"Action\"\
- : [\n \"apigateway:*\"\n ],\n \"Resource\": [\n \
- \ \"arn:aws:apigateway:${AWS::Region}::*\"\n ],\n \"Effect\"\
- : \"Allow\"\n },\n {\n \"Action\": [\n \"iam:GetRole\"\
- ,\n \"iam:CreateRole\",\n \"iam:DeleteRole\",\n \"\
- iam:PutRolePolicy\"\n ],\n \"Resource\": [\n \"arn:aws:iam::${AWS::AccountId}:role/*\"\
- \n ],\n \"Effect\": \"Allow\"\n },\n {\n \"Action\"\
- : [\n \"iam:AttachRolePolicy\",\n \"iam:DeleteRolePolicy\"\
- ,\n \"iam:DetachRolePolicy\",\n \"iam:UpdateAssumeRolePolicy\"\
- \n ],\n \"Resource\": [\n \"arn:aws:iam::${AWS::AccountId}:role/*\"\
- \n ],\n \"Effect\": \"Allow\"\n },\n {\n \"Action\"\
- : [\n \"iam:PassRole\"\n ],\n \"Resource\": [\n \
- \ \"*\"\n ],\n \"Effect\": \"Allow\"\n },\n {\n \
- \ \"Action\": [\n \"cloudformation:CreateChangeSet\"\n ],\n\
- \ \"Resource\": [\n \"arn:aws:cloudformation:${AWS::Region}:aws:transform/Serverless-2016-10-31\"\
- \n ],\n \"Effect\": \"Allow\"\n },\n {\n \"Action\"\
- : [\n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \
- \ \"s3:GetBucketVersioning\"\n ],\n \"Resource\": \"*\"\
- ,\n \"Effect\": \"Allow\"\n },\n {\n \"Action\": [\n \
- \ \"s3:PutObject\"\n ],\n \"Resource\": [\n \"\
- arn:aws:s3:::codepipeline*\"\n ],\n \"Effect\": \"Allow\"\n\
- \ },\n {\n \"Action\": [\n \"lambda:*\"\n ],\n\
- \ \"Resource\": [\n \"arn:aws:${AWS::Region}:${AWS::AccountId}:function:*\"\
- \n ],\n \"Effect\": \"Allow\"\n },\n {\n \"Action\"\
- : [\n \"apigateway:*\"\n ],\n \"Resource\": [\n \
- \ \"arn:aws:apigateway:${AWS::Region}::*\"\n ],\n \"Effect\"\
- : \"Allow\"\n },\n {\n \"Action\": [\n \"iam:GetRole\"\
- ,\n \"iam:CreateRole\",\n \"iam:DeleteRole\",\n \"\
- iam:PutRolePolicy\"\n ],\n \"Resource\": [\n \"arn:aws:iam:::role/*\"\
- \n ],\n \"Effect\": \"Allow\"\n },\n {\n \"Action\"\
- : [\n \"codedeploy:CreateApplication\",\n \"codedeploy:DeleteApplication\"\
- ,\n \"codedeploy:RegisterApplicationRevision\"\n ],\n \
- \ \"Resource\": [\n \"arn:aws:codedeploy:${AWS::Region}:application:*\"\
- \n ],\n \"Effect\": \"Allow\"\n },\n {\n \"Action\"\
- : [\n \"codedeploy:CreateDeploymentGroup\",\n \"codedeploy:CreateDeployment\"\
- ,\n \"codedeploy:GetDeployment\"\n ],\n \"Resource\"\
- : [\n \"arn:aws:codedeploy:${AWS::Region}:${AWS::AccountId}:deploymentgroup:*\"\
- \n ],\n \"Effect\": \"Allow\"\n },\n {\n \"Action\"\
- : [\n \"codedeploy:GetDeploymentConfig\"\n ],\n \"Resource\"\
- : [\n \"arn:aws:codedeploy:${AWS::Region}:${AWS::AccountId}:deploymentconfig:*\"\
- \n ],\n \"Effect\": \"Allow\"\n },\n {\n \"Action\"\
- : [\n \"cognito-idp:CreateUserPool\",\n \"cognito-idp:UpdateUserPool\"\
- ,\n \"cognito-idp:DeleteUserPool\",\n \"cognito-idp:AdminCreateUser\"\
- ,\n \"cognito-idp:AdminUpdateUserAttributes\",\n \"cognito-idp:AdminDisableUser\"\
- ,\n \"cognito-idp:AdminEnableUser\",\n \"cognito-idp:AdminDeleteUser\"\
- ,\n \"cognito-idp:CreateUserPoolClient\",\n \"cognito-idp:UpdateUserPoolClient\"\
- ,\n \"cognito-idp:DeleteUserPoolClient\",\n \"cognito-identity:CreateIdentityPool\"\
- ,\n \"cognito-identity:UpdateIdentityPool\",\n \"cognito-identity:DeleteIdentityPool\"\
- ,\n \"cognito-identity:GetIdentityPoolRoles\",\n \"cognito-identity:SetIdentityPoolRoles\"\
- \n ],\n \"Resource\": \"*\",\n \"Effect\": \"Allow\"\n\
- \ },\n {\n \"Action\": [\n \"dynamodb:*\"\n ],\n\
- \ \"Resource\": \"*\",\n \"Effect\": \"Allow\"\n },\n \
- \ {\n \"Action\": [\n \"lambda:ListTags\",\n \"lambda:TagResource\"\
- ,\n \"lambda:UntagResource\"\n ],\n \"Resource\": \"\
- *\",\n \"Effect\": \"Allow\"\n },\n {\n \"Action\": [\n\
- \ \"s3:CreateBucket\",\n \"s3:DeleteBucket\",\n \"\
- s3:PutBucketNotification\"\n ],\n \"Resource\": \"*\",\n \
- \ \"Effect\": \"Allow\"\n }\n ]\n}\n
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement