Skip to content

Commit

Permalink
upd: update iam/All-permissions_*.json
Browse files Browse the repository at this point in the history
  • Loading branch information
@anna-shcherbak
anna-shcherbak committed Jun 21, 2024
1 parent 149ac82 commit 5508d24
Show file tree
Hide file tree
Showing 2 changed files with 102 additions and 81 deletions.
89 changes: 33 additions & 56 deletions iam/All-permissions_1.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,32 +5,37 @@
"Effect": "Allow",
"Action": [
"access-analyzer:ListAnalyzers",
"access-analyzer:ListFindings",
"acm:DescribeCertificate",
"acm:ListCertificates",
"airflow:GetEnvironment",
"airflow:ListEnvironments",
"apigateway:GET",
"appflow:DescribeFlow",
"appflow:ListFlows",
"appsync:ListGraphqlApis",
"appsync:GetGraphqlApi",
"application-autoscaling:DescribeScalableTargets",
"appsync:GetApiCache",
"appsync:GetGraphqlApi",
"appsync:ListGraphqlApis",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLaunchConfigurations",
"backup:GetBackupPlan",
"backup:ListBackupPlans",
"backup:ListBackupVaults",
"backup:ListTags",
"cloudformation:DescribeStacks",
"cloudformation:ListStacks",
"cloudfront:GetDistributionConfig",
"cloudfront:ListDistributions",
"cloudtrail:DescribeTrails",
"cloudtrail:GetEventSelectors",
"cloudtrail:GetTrailStatus",
"cloudwatch:GetMetricStatistics",
"cloudwatch:DescribeAlarms",
"cloudwatch:DescribeAlarmsForMetric",
"cloudwatch:GetMetricStatistics",
"codebuild:BatchGetProjects",
"codebuild:ListProjects",
"codedeploy:GetDeploymentConfig",
"codedeploy:GetDeploymentGroup",
"codedeploy:ListApplications",
"codedeploy:ListDeploymentGroups",
Expand Down Expand Up @@ -64,6 +69,10 @@
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeRegions",
"ec2:DescribeReservedDBInstances",
"ec2:DescribeReservedElasticsearchInstances",
"ec2:DescribeReservedInstances",
"ec2:DescribeReservedNodes",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroupReferences",
"ec2:DescribeSecurityGroupRules",
Expand All @@ -82,7 +91,6 @@
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways",
"ec2:GetEbsEncryptionByDefault",
"ec2:DescribeReservedInstances",
"ecr:DescribeRepositories",
"ecr:GetLifecyclePolicy",
"ecr:ListTagsForResource",
Expand All @@ -97,11 +105,14 @@
"eks:DescribeCluster",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticache:DescribeCacheSubnetGroups",
"elasticache:DescribeReplicationGroups",
"elasticbeanstalk:DescribeConfigurationSettings",
"elasticbeanstalk:DescribeEnvironments",
"elasticbeanstalk:ListTagsForResource",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:DescribeLifecycleConfiguration",
"elasticloadbalancing:DescribeListenerCertificates",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
Expand All @@ -110,45 +121,50 @@
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:DescribeCluster",
"elasticmapreduce:ListClusters",
"elasticmapreduce:DescribeSecurityConfiguration",
"elasticmapreduce:ListClusters",
"elasticmapreduce:ListSecurityConfigurations",
"es:DescribeDomains",
"es:DescribeElasticsearchDomain",
"es:DescribeElasticsearchDomainConfig",
"es:DescribeElasticsearchDomains",
"es:DescribeInboundConnections",
"es:ESHttpGet",
"es:ListDomainNames",
"es:ListTags",
"events:ListEventBuses",
"events:ListRules",
"firehose:DescribeDeliveryStream",
"firehose:ListDeliveryStreams",
"fsx:DescribeBackups",
"fsx:DescribeFileSystems",
"fsx:DescribeVolumes",
"glacier:GetVaultAccessPolicy",
"glacier:ListTagsForVault",
"glacier:ListVaults",
"glue:GetDataCatalogEncryptionSettings",
"glue:GetJobs",
"glue:GetSecurityConfigurations",
"guardduty:GetDetector",
"guardduty:GetMasterAccount",
"guardduty:ListDetectors",
"iam:GenerateCredentialReport",
"iam:GetAccountPasswordPolicy",
"iam:GetCredentialReport",
"iam:GetGroup",
"iam:GetPolicy",
"iam:GetPolicyVersion",
"iam:GetRole",
"iam:GetUser",
"iam:ListAccessKeys",
"iam:ListAccountAliases",
"iam:ListAttachedRolePolicies",
"iam:ListAttachedUserPolicies",
"iam:ListGroups",
"iam:ListMFADevices",
"iam:ListPolicies",
"iam:ListRoles",
"iam:ListServerCertificates",
"iam:ListUserPolicies",
"iam:ListUsers",
"kafka:ListClusters",
"iam:ListVirtualMFADevices",
"kafka:ListClustersV2",
"kinesis:DescribeStream",
"kinesis:ListStreams",
"kinesisvideo:ListStreams",
Expand All @@ -158,68 +174,29 @@
"kms:ListKeys",
"kms:listAliases",
"lambda:GetFunction",
"lambda:GetFunctionCodeSigningConfig",
"lambda:GetFunctionConcurrency",
"lambda:GetFunctionConfiguration",
"lambda:ListFunctions",
"lightsail:GetInstances",
"logs:DescribeLogGroups",
"logs:DescribeMetricFilters",
"mq:DescribeBroker",
"mq:ListBrokers",
"organizations:DescribeOrganization",
"qldb:DescribeLedger",
"qldb:ListLedgers",
"rds:DescribeDBClusterParameters",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeDBParameters",
"rds:DescribeOptionGroups",
"rds:DescribeDBSnapshotAttributes",
"rds:DescribeDBSnapshots",
"rds:DescribeDBClusterParameters",
"rds:DescribeEventSubscriptions",
"rds:DescribeOptionGroups",
"redshift:DescribeClusterParameters",
"redshift:DescribeClusters",
"redshift:DescribeLoggingStatus",
"route53:ListHostedZones",
"route53:ListQueryLoggingConfigs",
"route53:ListResourceRecordSets",
"route53:ListTagsForResources",
"route53domains:ListDomains",
"route53domains:ListTagsForDomain",
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketPolicy",
"s3:GetBucketTagging",
"s3:GetBucketVersioning",
"s3:GetBucketWebsite",
"s3:GetLifecycleConfiguration",
"s3:GetReplicationConfiguration",
"s3:ListAllMyBuckets",
"s3:GetEncryptionConfiguration",
"s3:GetBucketPublicAccessBlock",
"sagemaker:DescribeEndpointConfig",
"sagemaker:DescribeModel",
"sagemaker:DescribeNotebookInstance",
"sagemaker:ListEndpointConfigs",
"sagemaker:ListModels",
"sagemaker:ListNotebookInstances",
"sagemaker:ListTags",
"securityhub:DescribeHub",
"sns:GetTopicAttributes",
"sns:ListTagsForResource",
"sns:ListTopics",
"sqs:GetQueueAttributes",
"sqs:ListQueues",
"ssm:DescribeInstanceInformation",
"ssm:ListResourceComplianceSummaries",
"states:DescribeStateMachine",
"states:ListStateMachine",
"tag:GetResources",
"waf-regional:ListResourcesForWebACL",
"waf-regional:ListWebACLs",
"waf-regional:GetWebACL",
"waf:GetWebACL",
"waf:ListWebACLs",
"workspaces:DescribeWorkspaceDirectories"
"redshift:DescribeLoggingStatus"
],
"Resource": "*"
}
Expand Down
94 changes: 69 additions & 25 deletions iam/All-permissions_2.json
View file
Original file line number Diff line number Diff line change
@@ -1,27 +1,71 @@
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"batch:DescribeComputeEnvironments",
"cloudformation:ListStacks",
"cloudwatch:DescribeAlarmsForMetric",
"events:ListRules",
"events:ListTargetsByRule",
"guardduty:GetDetector",
"guardduty:GetMasterAccount",
"iam:ListVirtualMFADevices",
"iam:ListAttachedRolePolicies",
"kafka:ListClustersV2",
"lambda:GetFunctionConfiguration",
"wafv2:ListWebACLs",
"workspaces:DescribeWorkspaceImages",
"workspaces:DescribeWorkspaces",
"workspaces:DescribeWorkspacesConnectionStatus",
"xray:GetEncryptionConfig"
],
"Resource": "*"
}
]
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones",
"route53:ListQueryLoggingConfigs",
"route53:ListResourceRecordSets",
"route53:ListTagsForResources",
"route53domains:ListDomains",
"route53domains:ListTagsForDomain",
"s3:GetBucketAcl",
"s3:GetBucketLifecycle",
"s3:GetBucketLocation",
"s3:GetBucketLogging",
"s3:GetBucketNotification",
"s3:GetBucketObjectLockConfiguration",
"s3:GetBucketOwnershipControls",
"s3:GetBucketPolicy",
"s3:GetBucketPublicAccessBlock",
"s3:GetBucketReplication",
"s3:GetBucketTagging",
"s3:GetBucketVersioning",
"s3:GetBucketWebsite",
"s3:GetEncryptionConfiguration",
"s3:GetLifecycleConfiguration",
"s3:GetObject",
"s3:GetReplicationConfiguration",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"sagemaker:DescribeEndpointConfig",
"sagemaker:DescribeModel",
"sagemaker:DescribeNotebookInstance",
"sagemaker:ListEndpointConfigs",
"sagemaker:ListModels",
"sagemaker:ListNotebookInstances",
"sagemaker:ListTags",
"secretsmanager:DescribeSecret",
"secretsmanager:ListSecrets",
"securityhub:DescribeHub",
"sns:GetTopicAttributes",
"sns:ListTagsForResource",
"sns:ListTopics",
"sqs:GetQueueAttributes",
"sqs:ListQueues",
"ssm:DescribeInstanceInformation",
"ssm:ListResourceComplianceSummaries",
"states:DescribeStateMachine",
"states:ListStateMachine",
"tag:GetResources",
"waf-regional:GetWebACL",
"waf-regional:ListResourcesForWebACL",
"waf-regional:ListWebACLs",
"waf:GetRule",
"waf:GetWebACL",
"waf:ListActivatedRulesInRuleGroup",
"waf:ListRuleGroups",
"waf:ListRules",
"waf:ListWebACLs",
"wafv2:ListWebACLs",
"workspaces:DescribeWorkspaceDirectories",
"workspaces:DescribeWorkspaceImages",
"workspaces:DescribeWorkspaces",
"workspaces:DescribeWorkspacesConnectionStatus",
"xray:GetEncryptionConfig"
],
"Resource": "*"
}
]
}

0 comments on commit 5508d24

Please sign in to comment.