Johnz86 · December 3, 2024 14:11
diff --git a/aws-eks-developer-permission.json b/aws-eks-developer-permission.json
 {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowSelfManageCredentials",
            "Effect": "Allow",
            "Action": [
                "iam:CreateAccessKey",
                "iam:DeleteAccessKey",
                "iam:ListAccessKeys",
                "iam:UpdateAccessKey",
                "iam:GetAccessKeyLastUsed",
                "iam:CreateVirtualMFADevice",
                "iam:DeleteVirtualMFADevice",
                "iam:ListVirtualMFADevices",
                "iam:EnableMFADevice",
                "iam:DeactivateMFADevice",
                "iam:ResyncMFADevice",
                "iam:ListSigningCertificates",
                "iam:GetLoginProfile",
                "iam:UpdateLoginProfile",
                "iam:ListMFADevices",
                "iam:ChangePassword",
                "iam:GetUser",
                "iam:ListUserTags",
                "iam:TagUser",
                "iam:UntagUser",
                "iam:GenerateServiceLastAccessedDetails"
            ],
            "Resource": "arn:aws:iam::*:user/${aws:username}"
        },
        {
            "Sid": "AllowEKSFullAccess",
            "Effect": "Allow",
            "Action": [
                "eks:ListClusters",
                "eks:DescribeCluster",
                "eks:AccessKubernetesApi",
                "eks:CreateCluster",
                "eks:UpdateClusterVersion",
                "eks:DeleteCluster",
                "eks:CreateNodegroup",
                "eks:UpdateNodegroupVersion",
                "eks:DeleteNodegroup",
                "eks:AssociateIdentityProviderConfig",
                "eks:DisassociateIdentityProviderConfig",
                "eks:DescribeIdentityProviderConfig",
                "eks:TagResource",
                "eks:UntagResource",
                "eks:DescribeNodegroup",
                "eks:ListNodegroups",
                "eks:ListUpdates",
                "eks:DescribeUpdate",
                "eks:ListAddons",
                "eks:DescribeAddon",
                "eks:DescribeAddonVersions",
                "eks:ListIdentityProviderConfigs",
                "eks:UpdateClusterConfig",
                "eks:CreateAddon",
                "eks:UpdateAddon",
                "eks:DeleteAddon",
                "eks:ListTagsForResource",
                "eks:ListFargateProfiles",
                "eks:DescribeFargateProfile",
                "eks:CreateFargateProfile",
                "eks:DeleteFargateProfile"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowEC2Networking",
            "Effect": "Allow",
            "Action": [
                "ec2:CreateVpc",
                "ec2:DeleteVpc",
                "ec2:CreateSubnet",
                "ec2:DeleteSubnet",
                "ec2:CreateSecurityGroup",
                "ec2:DeleteSecurityGroup",
                "ec2:AuthorizeSecurityGroupIngress",
                "ec2:AuthorizeSecurityGroupEgress",
                "ec2:RevokeSecurityGroupIngress",
                "ec2:RevokeSecurityGroupEgress",
                "ec2:DescribeVpcs",
                "ec2:DescribeSubnets",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeRouteTables",
                "ec2:DescribeInternetGateways",
                "ec2:DescribeNetworkInterfaces",
                "ec2:DescribeAvailabilityZones",
                "ec2:DescribeInstances",
                "ec2:DescribeTags",
                "ec2:DescribeNatGateways"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowIAMReadAccess",
            "Effect": "Allow",
            "Action": [
                "iam:GetRole",
                "iam:ListRoles",
                "iam:GetRolePolicy",
                "iam:ListRolePolicies"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowPassSpecificRoles",
            "Effect": "Allow",
            "Action": "iam:PassRole",
            "Resource": [
                "arn:aws:iam::<Account-ID>:role/EKSClusterRole",
                "arn:aws:iam::<Account-ID>:role/EKSNodegroupRole"
            ],
            "Condition": {
                "StringEquals": {
                    "iam:PassedToService": "eks.amazonaws.com"
                }
            }
        },
        {
            "Sid": "AllowSTSAccess",
            "Effect": "Allow",
            "Action": [
                "sts:GetCallerIdentity"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowSSMAccess",
            "Effect": "Allow",
            "Action": [
                "ssm:GetParameter",
                "ssm:GetParameters"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowCloudFormationAccess",
            "Effect": "Allow",
            "Action": [
                "cloudformation:CreateStack",
                "cloudformation:UpdateStack",
                "cloudformation:DeleteStack",
                "cloudformation:DescribeStacks",
                "cloudformation:ListStacks",
                "cloudformation:GetTemplate",
                "cloudformation:DescribeStackEvents",
                "cloudformation:ListStackResources"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowAutoscalingAccess",
            "Effect": "Allow",
            "Action": [
                "autoscaling:DescribeAutoScalingGroups",
                "autoscaling:UpdateAutoScalingGroup",
                "autoscaling:CreateAutoScalingGroup",
                "autoscaling:DeleteAutoScalingGroup",
                "autoscaling:DescribeAutoScalingInstances",
                "autoscaling:DescribeLaunchConfigurations",
                "autoscaling:DescribeScalingActivities",
                "autoscaling:DescribePolicies",
                "autoscaling:DescribeScheduledActions"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowELBAccess",
            "Effect": "Allow",
            "Action": [
                "elasticloadbalancing:DescribeLoadBalancers",
                "elasticloadbalancing:CreateLoadBalancer",
                "elasticloadbalancing:DeleteLoadBalancer",
                "elasticloadbalancing:DescribeTargetGroups",
                "elasticloadbalancing:CreateTargetGroup",
                "elasticloadbalancing:DeleteTargetGroup",
                "elasticloadbalancing:DescribeListeners",
                "elasticloadbalancing:DescribeRules",
                "elasticloadbalancing:DescribeTargetHealth"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowCloudWatchAccess",
            "Effect": "Allow",
            "Action": [
                "cloudwatch:PutMetricData",
                "cloudwatch:GetMetricData",
                "cloudwatch:ListMetrics",
                "cloudwatch:GetDashboard",
                "cloudwatch:GetMetricStatistics",
                "cloudwatch:DescribeAlarms"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowLogsAccess",
            "Effect": "Allow",
            "Action": [
                "logs:DescribeLogGroups",
                "logs:DescribeLogStreams",
                "logs:GetLogEvents",
                "logs:FilterLogEvents"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowTagAccess",
            "Effect": "Allow",
            "Action": [
                "tag:GetResources",
                "tag:TagResources",
                "tag:UntagResources",
                "tag:GetTagKeys",
                "tag:GetTagValues"
            ],
            "Resource": "*"
        },
        {
            "Sid": "AllowCloudTrailAccess",
            "Effect": "Allow",
            "Action": [
                "cloudtrail:LookupEvents"
            ],
            "Resource": "*"
        }
    ]
 }
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "AllowSelfManageCredentials",
	"Effect": "Allow",
	"Action": [
	"iam:CreateAccessKey",
	"iam:DeleteAccessKey",
	"iam:ListAccessKeys",
	"iam:UpdateAccessKey",
	"iam:GetAccessKeyLastUsed",
	"iam:CreateVirtualMFADevice",
	"iam:DeleteVirtualMFADevice",
	"iam:ListVirtualMFADevices",
	"iam:EnableMFADevice",
	"iam:DeactivateMFADevice",
	"iam:ResyncMFADevice",
	"iam:ListSigningCertificates",
	"iam:GetLoginProfile",
	"iam:UpdateLoginProfile",
	"iam:ListMFADevices",
	"iam:ChangePassword",
	"iam:GetUser",
	"iam:ListUserTags",
	"iam:TagUser",
	"iam:UntagUser",
	"iam:GenerateServiceLastAccessedDetails"
	],
	"Resource": "arn:aws:iam::*:user/${aws:username}"
	},
	{
	"Sid": "AllowEKSFullAccess",
	"Effect": "Allow",
	"Action": [
	"eks:ListClusters",
	"eks:DescribeCluster",
	"eks:AccessKubernetesApi",
	"eks:CreateCluster",
	"eks:UpdateClusterVersion",
	"eks:DeleteCluster",
	"eks:CreateNodegroup",
	"eks:UpdateNodegroupVersion",
	"eks:DeleteNodegroup",
	"eks:AssociateIdentityProviderConfig",
	"eks:DisassociateIdentityProviderConfig",
	"eks:DescribeIdentityProviderConfig",
	"eks:TagResource",
	"eks:UntagResource",
	"eks:DescribeNodegroup",
	"eks:ListNodegroups",
	"eks:ListUpdates",
	"eks:DescribeUpdate",
	"eks:ListAddons",
	"eks:DescribeAddon",
	"eks:DescribeAddonVersions",
	"eks:ListIdentityProviderConfigs",
	"eks:UpdateClusterConfig",
	"eks:CreateAddon",
	"eks:UpdateAddon",
	"eks:DeleteAddon",
	"eks:ListTagsForResource",
	"eks:ListFargateProfiles",
	"eks:DescribeFargateProfile",
	"eks:CreateFargateProfile",
	"eks:DeleteFargateProfile"
	],
	"Resource": "*"
	},
	{
	"Sid": "AllowEC2Networking",
	"Effect": "Allow",
	"Action": [
	"ec2:CreateVpc",
	"ec2:DeleteVpc",
	"ec2:CreateSubnet",
	"ec2:DeleteSubnet",
	"ec2:CreateSecurityGroup",
	"ec2:DeleteSecurityGroup",
	"ec2:AuthorizeSecurityGroupIngress",
	"ec2:AuthorizeSecurityGroupEgress",
	"ec2:RevokeSecurityGroupIngress",
	"ec2:RevokeSecurityGroupEgress",
	"ec2:DescribeVpcs",
	"ec2:DescribeSubnets",
	"ec2:DescribeSecurityGroups",
	"ec2:DescribeRouteTables",
	"ec2:DescribeInternetGateways",
	"ec2:DescribeNetworkInterfaces",
	"ec2:DescribeAvailabilityZones",
	"ec2:DescribeInstances",
	"ec2:DescribeTags",
	"ec2:DescribeNatGateways"
	],
	"Resource": "*"
	},
	{
	"Sid": "AllowIAMReadAccess",
	"Effect": "Allow",
	"Action": [
	"iam:GetRole",
	"iam:ListRoles",
	"iam:GetRolePolicy",
	"iam:ListRolePolicies"
	],
	"Resource": "*"
	},
	{
	"Sid": "AllowPassSpecificRoles",
	"Effect": "Allow",
	"Action": "iam:PassRole",
	"Resource": [
	"arn:aws:iam::<Account-ID>:role/EKSClusterRole",
	"arn:aws:iam::<Account-ID>:role/EKSNodegroupRole"
	],
	"Condition": {
	"StringEquals": {
	"iam:PassedToService": "eks.amazonaws.com"
	}
	}
	},
	{
	"Sid": "AllowSTSAccess",
	"Effect": "Allow",
	"Action": [
	"sts:GetCallerIdentity"
	],
	"Resource": "*"
	},
	{
	"Sid": "AllowSSMAccess",
	"Effect": "Allow",
	"Action": [
	"ssm:GetParameter",
	"ssm:GetParameters"
	],
	"Resource": "*"
	},
	{
	"Sid": "AllowCloudFormationAccess",
	"Effect": "Allow",
	"Action": [
	"cloudformation:CreateStack",
	"cloudformation:UpdateStack",
	"cloudformation:DeleteStack",
	"cloudformation:DescribeStacks",
	"cloudformation:ListStacks",
	"cloudformation:GetTemplate",
	"cloudformation:DescribeStackEvents",
	"cloudformation:ListStackResources"
	],
	"Resource": "*"
	},
	{
	"Sid": "AllowAutoscalingAccess",
	"Effect": "Allow",
	"Action": [
	"autoscaling:DescribeAutoScalingGroups",
	"autoscaling:UpdateAutoScalingGroup",
	"autoscaling:CreateAutoScalingGroup",
	"autoscaling:DeleteAutoScalingGroup",
	"autoscaling:DescribeAutoScalingInstances",
	"autoscaling:DescribeLaunchConfigurations",
	"autoscaling:DescribeScalingActivities",
	"autoscaling:DescribePolicies",
	"autoscaling:DescribeScheduledActions"
	],
	"Resource": "*"
	},
	{
	"Sid": "AllowELBAccess",
	"Effect": "Allow",
	"Action": [
	"elasticloadbalancing:DescribeLoadBalancers",
	"elasticloadbalancing:CreateLoadBalancer",
	"elasticloadbalancing:DeleteLoadBalancer",
	"elasticloadbalancing:DescribeTargetGroups",
	"elasticloadbalancing:CreateTargetGroup",
	"elasticloadbalancing:DeleteTargetGroup",
	"elasticloadbalancing:DescribeListeners",
	"elasticloadbalancing:DescribeRules",
	"elasticloadbalancing:DescribeTargetHealth"
	],
	"Resource": "*"
	},
	{
	"Sid": "AllowCloudWatchAccess",
	"Effect": "Allow",
	"Action": [
	"cloudwatch:PutMetricData",
	"cloudwatch:GetMetricData",
	"cloudwatch:ListMetrics",
	"cloudwatch:GetDashboard",
	"cloudwatch:GetMetricStatistics",
	"cloudwatch:DescribeAlarms"
	],
	"Resource": "*"
	},
	{
	"Sid": "AllowLogsAccess",
	"Effect": "Allow",
	"Action": [
	"logs:DescribeLogGroups",
	"logs:DescribeLogStreams",
	"logs:GetLogEvents",
	"logs:FilterLogEvents"
	],
	"Resource": "*"
	},
	{
	"Sid": "AllowTagAccess",
	"Effect": "Allow",
	"Action": [
	"tag:GetResources",
	"tag:TagResources",
	"tag:UntagResources",
	"tag:GetTagKeys",
	"tag:GetTagValues"
	],
	"Resource": "*"
	},
	{
	"Sid": "AllowCloudTrailAccess",
	"Effect": "Allow",
	"Action": [
	"cloudtrail:LookupEvents"
	],
	"Resource": "*"
	}
	]
	}