Skip to content

Commit

Permalink
Updated the iam policy (#827)
Browse files Browse the repository at this point in the history
  • Loading branch information
@athiruma
athiruma authored Sep 4, 2024
1 parent fa1aeb8 commit aacbe35
Show file tree
Hide file tree
Showing 2 changed files with 316 additions and 167 deletions.
343 changes: 176 additions & 167 deletions iam/clouds/aws/CloudGovernanceDeletePolicy.json
View file
Original file line number Diff line number Diff line change
@@ -1,169 +1,178 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CostExplorer",
"Effect": "Allow",
"Action": [
"ce:GetCostAndUsage",
"ce:GetCostForecast"
],
"Resource": "*"
},
{
"Sid": "EC2AccountLevel",
"Effect": "Allow",
"Action": [
"ec2:DeleteTags",
"ec2:CreateTags"
],
"Resource": [
"arn:aws:ec2:*:account_id:instance/*",
"arn:aws:ec2:*:account_id:route-table/*",
"arn:aws:ec2:*:account_id:network-interface/*",
"arn:aws:ec2:*:account_id:internet-gateway/*",
"arn:aws:ec2:*:account_id:dhcp-options/*",
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*:account_id:vpc/*",
"arn:aws:ec2:*:account_id:elastic-ip/*",
"arn:aws:ec2:*:account_id:network-acl/*",
"arn:aws:ec2:*:account_id:natgateway/*",
"arn:aws:ec2:*:account_id:security-group/*",
"arn:aws:ec2:*:account_id:vpc-endpoint/*",
"arn:aws:ec2:*:account_id:subnet/*",
"arn:aws:ec2:*:account_id:volume/*",
"arn:aws:ec2:*::image/*"
]
},
{
"Sid": "EC2ResourceLevel",
"Effect": "Allow",
"Action": [
"ec2:DeregisterImage",
"ec2:DeleteSubnet",
"ec2:DeleteSnapshot",
"ec2:DescribeAddresses",
"ec2:DescribeInstances",
"ec2:DeleteVpcEndpoints",
"ec2:DeleteVpcPeeringConnection",
"autoscaling:DescribeLaunchConfigurations",
"ec2:DescribeRegions",
"ec2:CreateImage",
"ec2:CreateVpc",
"ec2:DescribeDhcpOptions",
"ec2:DescribeSnapshots",
"ec2:DeleteRouteTable",
"ec2:DescribeInternetGateways",
"ec2:DeleteVolume",
"ec2:DescribeNetworkInterfaces",
"autoscaling:DescribeAutoScalingGroups",
"ec2:DescribeVolumes",
"ec2:DeleteInternetGateway",
"ec2:DescribeNetworkAcls",
"ec2:DescribeRouteTables",
"ec2:DeleteNetworkAcl",
"ec2:ReleaseAddress",
"ec2:AssociateDhcpOptions",
"ec2:TerminateInstances",
"ec2:DetachNetworkInterface",
"ec2:DescribeTags",
"ec2:DescribeVpcPeeringConnections",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DeleteNetworkInterface",
"ec2:DetachInternetGateway",
"ec2:DescribeNatGateways",
"cloudwatch:GetMetricStatistics",
"ec2:StopInstances",
"ec2:DisassociateRouteTable",
"ec2:DescribeSecurityGroups",
"ec2:RevokeSecurityGroupIngress",
"ec2:DescribeImages",
"ec2:DescribeVpcs",
"ec2:DeleteSecurityGroup",
"ec2:DescribeInstanceTypes",
"ec2:DeleteDhcpOptions",
"ec2:DeleteNatGateway",
"ec2:DescribeVpcEndpoints",
"ec2:DeleteVpc",
"ec2:DescribeSubnets"
],
"Resource": "*"
},
{
"Sid": "LoadBalancer",
"Effect": "Allow",
"Action": [
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:DescribeLoadBalancers"
],
"Resource": "*"
},
{
"Sid": "IAM",
"Effect": "Allow",
"Action": [
"iam:GetRole",
"iam:DeleteAccessKey",
"iam:DeleteGroup",
"iam:TagRole",
"iam:DeleteUserPolicy",
"iam:ListRoles",
"iam:DeleteUser",
"iam:ListUserPolicies",
"iam:CreateUser",
"iam:TagUser",
"sts:AssumeRole",
"iam:RemoveUserFromGroup",
"iam:GetUserPolicy",
"iam:ListAttachedRolePolicies",
"iam:ListUsers",
"iam:GetUser",
"iam:ListAccessKeys",
"iam:ListRolePolicies",
"iam:ListAccountAliases"
],
"Resource": "*"
},
{
"Sid": "Pricing",
"Effect": "Allow",
"Action": "pricing:GetProducts",
"Resource": "*"
},
{
"Sid": "S3Bucket",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListAllMyBuckets",
"s3:CreateBucket",
"s3:ListBucket",
"s3:PutObjectTagging",
"s3:DeleteObject",
"s3:DeleteBucket",
"s3:putBucketTagging",
"s3:GetBucketTagging",
"s3:GetBucketLocation"
],
"Resource": "*"
},
{
"Sid": "CloudTrail",
"Effect": "Allow",
"Action": [
"cloudtrail:LookupEvents",
"cloudtrail:ListTrails"
],
"Resource": "*"
},
{
"Sid": "CloudWatch",
"Effect": "Allow",
"Action": "cloudwatch:GetMetricData",
"Resource": "*"
}
]
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CostExplorer",
"Effect": "Allow",
"Action": [
"ce:GetCostAndUsage",
"ce:GetCostForecast"
],
"Resource": "*"
},
{
"Sid": "EC2AccountLevel",
"Effect": "Allow",
"Action": [
"ec2:DeleteTags",
"ec2:CreateTags"
],
"Resource": [
"arn:aws:ec2:*:account_id:instance/*",
"arn:aws:ec2:*:account_id:route-table/*",
"arn:aws:ec2:*:account_id:network-interface/*",
"arn:aws:ec2:*:account_id:internet-gateway/*",
"arn:aws:ec2:*:account_id:dhcp-options/*",
"arn:aws:ec2:*::snapshot/*",
"arn:aws:ec2:*:account_id:vpc/*",
"arn:aws:ec2:*:account_id:elastic-ip/*",
"arn:aws:ec2:*:account_id:network-acl/*",
"arn:aws:ec2:*:account_id:natgateway/*",
"arn:aws:ec2:*:account_id:security-group/*",
"arn:aws:ec2:*:account_id:vpc-endpoint/*",
"arn:aws:ec2:*:account_id:subnet/*",
"arn:aws:ec2:*:account_id:volume/*",
"arn:aws:ec2:*::image/*"
]
},
{
"Sid": "EC2ResourceLevel",
"Effect": "Allow",
"Action": [
"ec2:DeregisterImage",
"ec2:DeleteSubnet",
"ec2:DeleteSnapshot",
"ec2:DescribeAddresses",
"ec2:DescribeInstances",
"ec2:DeleteVpcEndpoints",
"ec2:DeleteVpcPeeringConnection",
"autoscaling:DescribeLaunchConfigurations",
"ec2:DescribeRegions",
"ec2:CreateImage",
"ec2:CreateVpc",
"ec2:DescribeDhcpOptions",
"ec2:DescribeSnapshots",
"ec2:DeleteRouteTable",
"ec2:DescribeInternetGateways",
"ec2:DeleteVolume",
"ec2:DescribeNetworkInterfaces",
"autoscaling:DescribeAutoScalingGroups",
"ec2:DescribeVolumes",
"ec2:DeleteInternetGateway",
"ec2:DescribeNetworkAcls",
"ec2:DescribeRouteTables",
"ec2:DeleteNetworkAcl",
"ec2:ReleaseAddress",
"ec2:AssociateDhcpOptions",
"ec2:TerminateInstances",
"ec2:DetachNetworkInterface",
"ec2:DescribeTags",
"ec2:DescribeVpcPeeringConnections",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:DeleteNetworkInterface",
"ec2:DetachInternetGateway",
"ec2:DescribeNatGateways",
"ec2:StopInstances",
"ec2:DisassociateRouteTable",
"ec2:DescribeSecurityGroups",
"ec2:RevokeSecurityGroupIngress",
"ec2:DescribeImages",
"ec2:DescribeVpcs",
"ec2:DeleteSecurityGroup",
"ec2:DescribeInstanceTypes",
"ec2:DeleteDhcpOptions",
"ec2:DeleteNatGateway",
"ec2:DescribeVpcEndpoints",
"ec2:DeleteVpc",
"ec2:DescribeSubnets"
],
"Resource": "*"
},
{
"Sid": "LoadBalancer",
"Effect": "Allow",
"Action": [
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:DescribeLoadBalancers"
],
"Resource": "*"
},
{
"Sid": "IAM",
"Effect": "Allow",
"Action": [
"iam:GetRole",
"iam:DeleteAccessKey",
"iam:DeleteGroup",
"iam:TagRole",
"iam:DeleteUserPolicy",
"iam:ListRoles",
"iam:DeleteUser",
"iam:ListUserPolicies",
"iam:CreateUser",
"iam:TagUser",
"sts:AssumeRole",
"iam:RemoveUserFromGroup",
"iam:GetUserPolicy",
"iam:ListAttachedRolePolicies",
"iam:ListUsers",
"iam:GetUser",
"iam:ListAccessKeys",
"iam:ListRolePolicies",
"iam:ListAccountAliases",
"iam:DeleteRole",
"iam:DetachRolePolicy",
"iam:DeletePolicy",
"iam:DeleteRolePolicy",
"iam:ListInstanceProfilesForRole",
"iam:RemoveRoleFromInstanceProfile",
"sts:GetCallerIdentity"
],
"Resource": "*"
},
{
"Sid": "Pricing",
"Effect": "Allow",
"Action": "pricing:GetProducts",
"Resource": "*"
},
{
"Sid": "S3Bucket",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListAllMyBuckets",
"s3:CreateBucket",
"s3:ListBucket",
"s3:PutObjectTagging",
"s3:DeleteObject",
"s3:DeleteBucket",
"s3:putBucketTagging",
"s3:GetBucketTagging",
"s3:GetBucketLocation"
],
"Resource": "*"
},
{
"Sid": "CloudTrail",
"Effect": "Allow",
"Action": [
"cloudtrail:LookupEvents",
"cloudtrail:ListTrails"
],
"Resource": "*"
},
{
"Sid": "CloudWatch",
"Effect": "Allow",
"Action": [
"cloudwatch:GetMetricStatistics",
"cloudwatch:GetMetricData"
],
"Resource": "*"
}
]
}
Loading

0 comments on commit aacbe35

Please sign in to comment.