Rud5G · August 11, 2025 12:18
diff --git a/permissionboundary.json b/permissionboundary.json
 {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowAdminAccess",
      "Effect": "Allow",
      "Action": "*",
      "Resource": "*"
    },
    {
      "Sid": "DenyAccessToCostAndBilling",
      "Effect": "Deny",
      "Action": [
        "account:*",
        "aws-portal:*",
        "savingsplans:*",
        "cur:*",
        "ce:*"
      ],
      "Resource": "*"
    },
    {
      "Sid": "DenyPermBoundaryIAMPolicyAlteration",
      "Effect": "Deny",
      "Action": [
        "iam:DeletePolicy",
        "iam:DeletePolicyVersion",
        "iam:CreatePolicyVersion",
        "iam:SetDefaultPolicyVersion"
      ],
      "Resource": [
        "arn:aws:iam::YourAccount_ID:policy/ScopePermissions"
      ]
    },
    {
      "Sid": "DenyRemovalOfPermBoundaryFromAnyUserOrRole",
      "Effect": "Deny",
      "Action": [
        "iam:DeleteUserPermissionsBoundary",
        "iam:DeleteRolePermissionsBoundary"
      ],
      "Resource": [
        "arn:aws:iam::YourAccount_ID:user/*",
        "arn:aws:iam::YourAccount_ID:role/*"
      ],
      "Condition": {
        "StringEquals": {
          "iam:PermissionsBoundary": "arn:aws:iam::YourAccount_ID:policy/ScopePermissions"
        }
      }
    },
    {
      "Sid": "DenyAccessIfRequiredPermBoundaryIsNotBeingApplied",
      "Effect": "Deny",
      "Action": [
        "iam:PutUserPermissionsBoundary",
        "iam:PutRolePermissionsBoundary"
      ],
      "Resource": [
        "arn:aws:iam::YourAccount_ID:user/*",
        "arn:aws:iam::YourAccount_ID:role/*"
      ],
      "Condition": {
        "StringNotEquals": {
          "iam:PermissionsBoundary": "arn:aws:iam::YourAccount_ID:policy/ScopePermissions"
        }
      }
    },
    {
      "Sid": "DenyUserAndRoleCreationWithOutPermBoundary",
      "Effect": "Deny",
      "Action": [
        "iam:CreateUser",
        "iam:CreateRole"
      ],
      "Resource": [
        "arn:aws:iam::YourAccount_ID:user/*",
        "arn:aws:iam::YourAccount_ID:role/*"
      ],
      "Condition": {
        "StringNotEquals": {
          "iam:PermissionsBoundary": "arn:aws:iam::YourAccount_ID:policy/ScopePermissions"
        }
      }
    },
    {
      "Sid": "DenyIAMActions",
      "Effect": "Deny",
      "Action": "iam:PassRole",
      "Resource": "arn:aws:iam::YourAccount_ID:role/*"
    }
  ]
 }
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "AllowAdminAccess",
	"Effect": "Allow",
	"Action": "*",
	"Resource": "*"
	},
	{
	"Sid": "DenyAccessToCostAndBilling",
	"Effect": "Deny",
	"Action": [
	"account:*",
	"aws-portal:*",
	"savingsplans:*",
	"cur:*",
	"ce:*"
	],
	"Resource": "*"
	},
	{
	"Sid": "DenyPermBoundaryIAMPolicyAlteration",
	"Effect": "Deny",
	"Action": [
	"iam:DeletePolicy",
	"iam:DeletePolicyVersion",
	"iam:CreatePolicyVersion",
	"iam:SetDefaultPolicyVersion"
	],
	"Resource": [
	"arn:aws:iam::YourAccount_ID:policy/ScopePermissions"
	]
	},
	{
	"Sid": "DenyRemovalOfPermBoundaryFromAnyUserOrRole",
	"Effect": "Deny",
	"Action": [
	"iam:DeleteUserPermissionsBoundary",
	"iam:DeleteRolePermissionsBoundary"
	],
	"Resource": [
	"arn:aws:iam::YourAccount_ID:user/*",
	"arn:aws:iam::YourAccount_ID:role/*"
	],
	"Condition": {
	"StringEquals": {
	"iam:PermissionsBoundary": "arn:aws:iam::YourAccount_ID:policy/ScopePermissions"
	}
	}
	},
	{
	"Sid": "DenyAccessIfRequiredPermBoundaryIsNotBeingApplied",
	"Effect": "Deny",
	"Action": [
	"iam:PutUserPermissionsBoundary",
	"iam:PutRolePermissionsBoundary"
	],
	"Resource": [
	"arn:aws:iam::YourAccount_ID:user/*",
	"arn:aws:iam::YourAccount_ID:role/*"
	],
	"Condition": {
	"StringNotEquals": {
	"iam:PermissionsBoundary": "arn:aws:iam::YourAccount_ID:policy/ScopePermissions"
	}
	}
	},
	{
	"Sid": "DenyUserAndRoleCreationWithOutPermBoundary",
	"Effect": "Deny",
	"Action": [
	"iam:CreateUser",
	"iam:CreateRole"
	],
	"Resource": [
	"arn:aws:iam::YourAccount_ID:user/*",
	"arn:aws:iam::YourAccount_ID:role/*"
	],
	"Condition": {
	"StringNotEquals": {
	"iam:PermissionsBoundary": "arn:aws:iam::YourAccount_ID:policy/ScopePermissions"
	}
	}
	},
	{
	"Sid": "DenyIAMActions",
	"Effect": "Deny",
	"Action": "iam:PassRole",
	"Resource": "arn:aws:iam::YourAccount_ID:role/*"
	}
	]
	}