{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Effect": "Allow",
			"Action": [
				"application-autoscaling:DescribeScalingPolicies",
				"cloudwatch:GetMetricData",
				"ec2:AssociateRouteTable",
				"ec2:AttachInternetGateway",
				"ec2:AuthorizeSecurityGroupEgress",
				"ec2:AuthorizeSecurityGroupIngress",
				"ec2:CreateInternetGateway",
				"ec2:CreateRoute",
				"ec2:CreateRouteTable",
				"ec2:CreateSecurityGroup",
				"ec2:CreateSubnet",
				"ec2:CreateTags",
				"ec2:CreateVpc",
				"ec2:DescribeAccountAttributes",
				"ec2:DescribeAvailabilityZones",
				"ec2:DescribeInternetGateways",
				"ec2:DescribeNetworkAcls",
				"ec2:DescribeRouteTables",
				"ec2:DescribeSecurityGroups",
				"ec2:DescribeSubnets",
				"ec2:DescribeVpcAttribute",
				"ec2:DescribeVpcClassicLink",
				"ec2:DescribeVpcClassicLinkDnsSupport",
				"ec2:DescribeVpcs",
				"ec2:ModifySubnetAttribute",
				"ec2:ModifyVpcAttribute",
				"ec2:RevokeSecurityGroupEgress",
				"ec2:RevokeSecurityGroupEgress",
				"ec2:RevokeSecurityGroupIngress",
				"ecr:BatchCheckLayerAvailability",
				"ecr:CompleteLayerUpload",
				"ecr:CreateRepository",
				"ecr:DescribeImages",
				"ecr:DescribeRepositories",
				"ecr:GetAuthorizationToken",
				"ecr:GetRegistryScanningConfiguration",
				"ecr:InitiateLayerUpload",
				"ecr:ListTagsForResource",
				"ecr:PutImage",
				"ecr:TagResource",
				"ecr:UploadLayerPart",
				"ecs:CreateCluster",
				"ecs:CreateService",
				"ecs:DescribeClusters",
				"ecs:DescribeServices",
				"ecs:DescribeTaskDefinition",
				"ecs:ListAccountSettings",
				"ecs:ListClusters",
				"ecs:ListServices",
				"ecs:RegisterTaskDefinition",
				"ecs:TagResource",
				"ecs:UpdateService",
				"elasticfilesystem:CreateFileSystem",
				"elasticfilesystem:CreateMountTarget",
				"elasticfilesystem:CreateMountTarget",
				"elasticfilesystem:DescribeFileSystems",
				"elasticfilesystem:DescribeLifecycleConfiguration",
				"elasticfilesystem:DescribeMountTargetSecurityGroups",
				"elasticfilesystem:DescribeMountTargets",
				"elasticfilesystem:TagResource",
				"elasticfilesystem:UpdateFileSystem",
				"elasticloadbalancing:AddTags",
				"elasticloadbalancing:CreateListener",
				"elasticloadbalancing:CreateLoadBalancer",
				"elasticloadbalancing:CreateTargetGroup",
				"elasticloadbalancing:DescribeListeners",
				"elasticloadbalancing:DescribeLoadBalancerAttributes",
				"elasticloadbalancing:DescribeLoadBalancers",
				"elasticloadbalancing:DescribeTags",
				"elasticloadbalancing:DescribeTargetGroupAttributes",
				"elasticloadbalancing:DescribeTargetGroups",
				"elasticloadbalancing:ModifyLoadBalancerAttributes",
				"elasticloadbalancing:ModifyTargetGroupAttributes",
				"elasticloadbalancing:SetSecurityGroups",
				"iam:AttachRolePolicy",
				"iam:CreatePolicy",
				"iam:CreateRole",
				"iam:CreateServiceLinkedRole",
				"iam:GetPolicy",
				"iam:GetPolicyVersion",
				"iam:GetRole",
				"iam:ListAttachedRolePolicies",
				"iam:ListRolePolicies",
				"iam:PassRole",
				"iam:TagRole",
				"lambda:CreateFunction",
				"lambda:GetFunction",
				"lambda:GetFunctionCodeSigningConfig",
				"lambda:ListVersionsByFunction",
				"logs:CreateLogGroup",
				"logs:DescribeLogGroups",
				"logs:FilterLogEvents",
				"logs:ListTagsLogGroup",
				"logs:TagResource",
				"rds:AddTagsToResource",
				"rds:CreateDBInstance",
				"rds:CreateDBSubnetGroup",
				"rds:DescribeDBInstances",
				"rds:DescribeDBSubnetGroups",
				"rds:ListTagsForResource",
				"rds:ModifyDBInstance"
			],
			"Resource": "*"
		}
	]
}

Was this page helpful?

ArchitectureDestroy policies