diff --git a/iam/clouds/aws/CloudGovernanceInfra/CloudGovernanceDeletePolicy.json b/iam/clouds/aws/CloudGovernanceInfra/CloudGovernanceDeletePolicy.json index 98cc39a8..1e6be754 100644 --- a/iam/clouds/aws/CloudGovernanceInfra/CloudGovernanceDeletePolicy.json +++ b/iam/clouds/aws/CloudGovernanceInfra/CloudGovernanceDeletePolicy.json @@ -16,6 +16,17 @@ ], "Resource": "*" }, + { + "Sid": "ElasticFileSystem", + "Effect": "Allow", + "Action": [ + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeMountTargets", + "elasticfilesystem:DeleteMountTarget", + "elasticfilesystem:DeleteFileSystem" + ], + "Resource": "*" + }, { "Sid": "EC2AccountLevel", "Effect": "Allow", diff --git a/iam/clouds/aws/CloudGovernanceInfra/CloudGovernanceInfra.tar b/iam/clouds/aws/CloudGovernanceInfra/CloudGovernanceInfra.tar index f2c3f86f..4aa94231 100644 Binary files a/iam/clouds/aws/CloudGovernanceInfra/CloudGovernanceInfra.tar and b/iam/clouds/aws/CloudGovernanceInfra/CloudGovernanceInfra.tar differ diff --git a/iam/clouds/aws/CloudGovernanceInfra/CloudGovernanceReadPolicy.json b/iam/clouds/aws/CloudGovernanceInfra/CloudGovernanceReadPolicy.json index 4fd7ad69..647bf36a 100644 --- a/iam/clouds/aws/CloudGovernanceInfra/CloudGovernanceReadPolicy.json +++ b/iam/clouds/aws/CloudGovernanceInfra/CloudGovernanceReadPolicy.json @@ -148,6 +148,15 @@ "rds:DescribeDBInstances" ], "Resource": "*" + }, + { + "Sid": "ElasticFileSystem", + "Effect": "Allow", + "Action": [ + "elasticfilesystem:DescribeFileSystems", + "elasticfilesystem:DescribeMountTargets" + ], + "Resource": "*" } ] } diff --git a/iam/clouds/aws/create_bucket.sh b/iam/clouds/aws/create_bucket.sh deleted file mode 100644 index b5709214..00000000 --- a/iam/clouds/aws/create_bucket.sh +++ /dev/null @@ -1,10 +0,0 @@ -# Need to create once dedicate bucket - replace -# create bucket -aws s3api create-bucket --bucket --region us-east-2 --create-bucket-configuration LocationConstraint=us-east-2 -# create folder logs -aws s3api put-object --bucket --key logs -# ls bucket -aws s3 ls s3:// - -# delete bucket -aws s3api delete-bucket --bucket --region us-east-2 diff --git a/iam/clouds/aws/delete/CloudGovernanceDeleteCostExplorerPolicy b/iam/clouds/aws/delete/CloudGovernanceDeleteCostExplorerPolicy deleted file mode 100644 index 91d4e393..00000000 --- a/iam/clouds/aws/delete/CloudGovernanceDeleteCostExplorerPolicy +++ /dev/null @@ -1,14 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "ce:GetCostAndUsage", - "ce:GetCostForecast" - ], - "Resource": "*" - } - ] -} diff --git a/iam/clouds/aws/delete/CloudGovernanceEC2Policy b/iam/clouds/aws/delete/CloudGovernanceEC2Policy deleted file mode 100644 index b7310a80..00000000 --- a/iam/clouds/aws/delete/CloudGovernanceEC2Policy +++ /dev/null @@ -1,84 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "ec2:DeleteTags", - "ec2:CreateTags" - ], - "Resource": [ - "arn:aws:ec2:*:account_id:instance/*", - "arn:aws:ec2:*:account_id:route-table/*", - "arn:aws:ec2:*:account_id:network-interface/*", - "arn:aws:ec2:*:account_id:internet-gateway/*", - "arn:aws:ec2:*:account_id:dhcp-options/*", - "arn:aws:ec2:*::snapshot/*", - "arn:aws:ec2:*:account_id:vpc/*", - "arn:aws:ec2:*:account_id:elastic-ip/*", - "arn:aws:ec2:*:account_id:network-acl/*", - "arn:aws:ec2:*:account_id:natgateway/*", - "arn:aws:ec2:*:account_id:security-group/*", - "arn:aws:ec2:*:account_id:vpc-endpoint/*", - "arn:aws:ec2:*:account_id:subnet/*", - "arn:aws:ec2:*:account_id:volume/*", - "arn:aws:ec2:*::image/*" - ] - }, - { - "Sid": "VisualEditor1", - "Effect": "Allow", - "Action": [ - "ec2:DeregisterImage", - "ec2:DeleteSubnet", - "ec2:DeleteSnapshot", - "ec2:DescribeAddresses", - "ec2:DescribeInstances", - "ec2:DeleteVpcEndpoints", - "ec2:DeleteVpcPeeringConnection", - "autoscaling:DescribeLaunchConfigurations", - "ec2:DescribeRegions", - "ec2:CreateImage", - "ec2:CreateVpc", - "ec2:DescribeDhcpOptions", - "ec2:DescribeSnapshots", - "ec2:DeleteRouteTable", - "ec2:DescribeInternetGateways", - "ec2:DeleteVolume", - "ec2:DescribeNetworkInterfaces", - "autoscaling:DescribeAutoScalingGroups", - "ec2:DescribeVolumes", - "ec2:DeleteInternetGateway", - "ec2:DescribeNetworkAcls", - "ec2:DescribeRouteTables", - "ec2:DeleteNetworkAcl", - "ec2:ReleaseAddress", - "ec2:AssociateDhcpOptions", - "ec2:TerminateInstances", - "ec2:DetachNetworkInterface", - "ec2:DescribeTags", - "ec2:DescribeVpcPeeringConnections", - "ec2:ModifyNetworkInterfaceAttribute", - "ec2:DeleteNetworkInterface", - "ec2:DetachInternetGateway", - "ec2:DescribeNatGateways", - "cloudwatch:GetMetricStatistics", - "ec2:StopInstances", - "ec2:DisassociateRouteTable", - "ec2:DescribeSecurityGroups", - "ec2:RevokeSecurityGroupIngress", - "ec2:DescribeImages", - "ec2:DescribeVpcs", - "ec2:DeleteSecurityGroup", - "ec2:DescribeInstanceTypes", - "ec2:DeleteDhcpOptions", - "ec2:DeleteNatGateway", - "ec2:DescribeVpcEndpoints", - "ec2:DeleteVpc", - "ec2:DescribeSubnets" - ], - "Resource": "*" - } - ] -} diff --git a/iam/clouds/aws/delete/CloudGovernanceELBPolicy b/iam/clouds/aws/delete/CloudGovernanceELBPolicy deleted file mode 100644 index 71dda920..00000000 --- a/iam/clouds/aws/delete/CloudGovernanceELBPolicy +++ /dev/null @@ -1,16 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:DescribeTags", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:DescribeLoadBalancers" - ], - "Resource": "*" - } - ] -} diff --git a/iam/clouds/aws/delete/CloudGovernanceIAMPolicy b/iam/clouds/aws/delete/CloudGovernanceIAMPolicy deleted file mode 100644 index 37333179..00000000 --- a/iam/clouds/aws/delete/CloudGovernanceIAMPolicy +++ /dev/null @@ -1,31 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "iam:GetRole", - "iam:DeleteAccessKey", - "iam:DeleteGroup", - "iam:TagRole", - "iam:DeleteUserPolicy", - "iam:ListRoles", - "iam:DeleteUser", - "iam:ListUserPolicies", - "iam:CreateUser", - "iam:TagUser", - "sts:AssumeRole", - "iam:RemoveUserFromGroup", - "iam:GetUserPolicy", - "iam:ListAttachedRolePolicies", - "iam:ListUsers", - "iam:GetUser", - "iam:ListAccessKeys", - "iam:ListRolePolicies", - "iam:ListAccountAliases" - ], - "Resource": "*" - } - ] -} diff --git a/iam/clouds/aws/delete/CloudGovernancePricePolicy b/iam/clouds/aws/delete/CloudGovernancePricePolicy deleted file mode 100644 index ce96476d..00000000 --- a/iam/clouds/aws/delete/CloudGovernancePricePolicy +++ /dev/null @@ -1,11 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": "pricing:GetProducts", - "Resource": "*" - } - ] -} diff --git a/iam/clouds/aws/delete/CloudGovernanceS3Policy b/iam/clouds/aws/delete/CloudGovernanceS3Policy deleted file mode 100644 index b22fb251..00000000 --- a/iam/clouds/aws/delete/CloudGovernanceS3Policy +++ /dev/null @@ -1,23 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "s3:PutObject", - "s3:GetObject", - "s3:ListAllMyBuckets", - "s3:CreateBucket", - "s3:ListBucket", - "s3:PutObjectTagging", - "s3:DeleteObject", - "s3:DeleteBucket", - "s3:putBucketTagging", - "s3:GetBucketTagging", - "s3:GetBucketLocation" - ], - "Resource": "*" - } - ] -} diff --git a/iam/clouds/aws/delete/CloudGovernanceTrailPolicy b/iam/clouds/aws/delete/CloudGovernanceTrailPolicy deleted file mode 100644 index 8808e632..00000000 --- a/iam/clouds/aws/delete/CloudGovernanceTrailPolicy +++ /dev/null @@ -1,14 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "cloudtrail:LookupEvents", - "cloudtrail:ListTrails" - ], - "Resource": "*" - } - ] -} diff --git a/iam/clouds/aws/not_delete/CloudGovernanceCostExplorerPolicy b/iam/clouds/aws/not_delete/CloudGovernanceCostExplorerPolicy deleted file mode 100644 index 91d4e393..00000000 --- a/iam/clouds/aws/not_delete/CloudGovernanceCostExplorerPolicy +++ /dev/null @@ -1,14 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "ce:GetCostAndUsage", - "ce:GetCostForecast" - ], - "Resource": "*" - } - ] -} diff --git a/iam/clouds/aws/not_delete/CloudGovernanceEC2Policy b/iam/clouds/aws/not_delete/CloudGovernanceEC2Policy deleted file mode 100644 index 09d89c17..00000000 --- a/iam/clouds/aws/not_delete/CloudGovernanceEC2Policy +++ /dev/null @@ -1,59 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "ec2:DeleteTags", - "ec2:CreateTags" - ], - "Resource": [ - "arn:aws:ec2:*:account_id:instance/*", - "arn:aws:ec2:*:account_id:route-table/*", - "arn:aws:ec2:*:account_id:network-interface/*", - "arn:aws:ec2:*:account_id:internet-gateway/*", - "arn:aws:ec2:*:account_id:dhcp-options/*", - "arn:aws:ec2:*::snapshot/*", - "arn:aws:ec2:*:account_id:vpc/*", - "arn:aws:ec2:*:account_id:elastic-ip/*", - "arn:aws:ec2:*:account_id:network-acl/*", - "arn:aws:ec2:*:account_id:natgateway/*", - "arn:aws:ec2:*:account_id:security-group/*", - "arn:aws:ec2:*:account_id:vpc-endpoint/*", - "arn:aws:ec2:*:account_id:subnet/*", - "arn:aws:ec2:*:account_id:volume/*", - "arn:aws:ec2:*::image/*" - ] - }, - { - "Sid": "VisualEditor1", - "Effect": "Allow", - "Action": [ - "ec2:DescribeAddresses", - "ec2:DescribeInstances", - "ec2:DescribeTags", - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeRegions", - "ec2:DescribeDhcpOptions", - "ec2:DescribeNatGateways", - "cloudwatch:GetMetricStatistics", - "ec2:DescribeSnapshots", - "ec2:DescribeSecurityGroups", - "ec2:DescribeImages", - "ec2:DescribeInternetGateways", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeVpcs", - "ec2:DescribeVolumes", - "ec2:DescribeInstanceTypes", - "ec2:createVpc", - "ec2:DescribeVpcEndpoints", - "ec2:DeleteVpc", - "ec2:DescribeSubnets", - "ec2:DescribeNetworkAcls", - "ec2:DescribeRouteTables" - ], - "Resource": "*" - } - ] -} diff --git a/iam/clouds/aws/not_delete/CloudGovernanceELBPolicy b/iam/clouds/aws/not_delete/CloudGovernanceELBPolicy deleted file mode 100644 index b3c5f1e1..00000000 --- a/iam/clouds/aws/not_delete/CloudGovernanceELBPolicy +++ /dev/null @@ -1,21 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:DescribeTags", - "elasticloadbalancing:AddTags" - ], - "Resource": "*" - }, - { - "Sid": "VisualEditor1", - "Effect": "Allow", - "Action": "elasticloadbalancing:DescribeLoadBalancers", - "Resource": "*" - } - ] -} diff --git a/iam/clouds/aws/not_delete/CloudGovernanceIAMPolicy b/iam/clouds/aws/not_delete/CloudGovernanceIAMPolicy deleted file mode 100644 index 37333179..00000000 --- a/iam/clouds/aws/not_delete/CloudGovernanceIAMPolicy +++ /dev/null @@ -1,31 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "iam:GetRole", - "iam:DeleteAccessKey", - "iam:DeleteGroup", - "iam:TagRole", - "iam:DeleteUserPolicy", - "iam:ListRoles", - "iam:DeleteUser", - "iam:ListUserPolicies", - "iam:CreateUser", - "iam:TagUser", - "sts:AssumeRole", - "iam:RemoveUserFromGroup", - "iam:GetUserPolicy", - "iam:ListAttachedRolePolicies", - "iam:ListUsers", - "iam:GetUser", - "iam:ListAccessKeys", - "iam:ListRolePolicies", - "iam:ListAccountAliases" - ], - "Resource": "*" - } - ] -} diff --git a/iam/clouds/aws/not_delete/CloudGovernancePricePolicy b/iam/clouds/aws/not_delete/CloudGovernancePricePolicy deleted file mode 100644 index ce96476d..00000000 --- a/iam/clouds/aws/not_delete/CloudGovernancePricePolicy +++ /dev/null @@ -1,11 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": "pricing:GetProducts", - "Resource": "*" - } - ] -} diff --git a/iam/clouds/aws/not_delete/CloudGovernanceS3Policy b/iam/clouds/aws/not_delete/CloudGovernanceS3Policy deleted file mode 100644 index 0d2d59ab..00000000 --- a/iam/clouds/aws/not_delete/CloudGovernanceS3Policy +++ /dev/null @@ -1,20 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "s3:PutObject", - "s3:GetObject", - "s3:ListAllMyBuckets", - "s3:CreateBucket", - "s3:ListBucket", - "s3:PutObjectTagging", - "s3:DeleteObject", - "s3:DeleteBucket", - ], - "Resource": "*" - } - ] -} diff --git a/iam/clouds/aws/not_delete/CloudGovernanceTrailPolicy b/iam/clouds/aws/not_delete/CloudGovernanceTrailPolicy deleted file mode 100644 index 8808e632..00000000 --- a/iam/clouds/aws/not_delete/CloudGovernanceTrailPolicy +++ /dev/null @@ -1,14 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor0", - "Effect": "Allow", - "Action": [ - "cloudtrail:LookupEvents", - "cloudtrail:ListTrails" - ], - "Resource": "*" - } - ] -}