AWS CloudWatch:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"logs.amazonaws.com"
},
"Sid":""
}
]
}
AWS vmimport:
{
"Version":"2012-10-17",
"Statement":[
{
"Condition":{
"StringEquals":{
"sts:Externalid":"vmimport"
}
},
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"vmie.amazonaws.com"
}
}
]
}
Amazon Forecast:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"forecast.amazonaws.com"
},
"Sid":""
}
]
}
AWS Transfer for SFTP:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"transfer.amazonaws.com"
}
}
]
}
AWS Service Catalog:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"sns.amazonaws.com"
}
}
]
}
AWS Amplify:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"amplify.amazonaws.com"
}
}
]
}
AWS Kinesis Analytics:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"kinesisanalytics.amazonaws.com"
}
}
]
}
Cross Account:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"AWS":"ARN_VAR"
},
"Sid":""
}
]
}
Amazon Elastic Transcoder:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"elastictranscoder.amazonaws.com"
}
}
]
}
Amazon CloudWatch Events:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"events.amazonaws.com"
},
"Sid":""
}
]
}
AWS OpsWorks:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"opsworks.amazonaws.com"
}
}
]
}
Amazon EC2:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"ec2.amazonaws.com"
}
}
]
}
Amazon RDS Role for Enhanced Monitoring:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"monitoring.rds.amazonaws.com"
},
"Sid":""
}
]
}
AWS SWF:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"swf.amazonaws.com"
},
"Sid":""
}
]
}
CodePipeline:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"codepipeline.amazonaws.com"
}
}
]
}
Amazon EC2 Role for EC2 Container Service:
{
"Version":"2008-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"ec2.amazonaws.com"
},
"Sid":""
}
]
}
AWS Comprehend:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"comprehend.amazonaws.com"
},
"Sid":""
}
]
}
Amazon Elastic MapReduce:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"elasticmapreduce.amazonaws.com"
}
}
]
}
Manheim Bento Management:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":[
"ec2.amazonaws.com"
],
"AWS":[
"arn:aws:iam::931528216295:role/acct-managed/bento_dev_sensei_iam_role",
"arn:aws:iam::423319072129:role/bento_dev_ree_iam_role"
]
}
}
]
}
Amazon Machine Learning Role for Redshift Data Source:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"machinelearning.amazonaws.com"
},
"Sid":""
}
]
}
AWS Glue Service:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"glue.amazonaws.com"
}
}
]
}
Amazon EKS:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"eks.amazonaws.com"
}
}
]
}
Service Catalog:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"servicecatalog.amazonaws.com"
}
}
]
}
Amazon EC2 Container Service Role:
{
"Version":"2008-10-17","Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"ecs.amazonaws.com"
},
"Sid":""
}
]
}
AutoScaling Notification Access:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"autoscaling.amazonaws.com"
}
}
]
}
AWS CloudHSM:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"cloudhsm.amazonaws.com"
}
}
]
}
Amazon EC2 Container Service Task Role:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"ecs-tasks.amazonaws.com"
},
"Sid":""
}
]
}
AWS Backup:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"backup.amazonaws.com"
}
}
]
}
Amazon EC2 Role for Simple Systems Manager:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":[
"ec2.amazonaws.com",
"ssm.amazonaws.com"
]
},
"Sid":""
}
]
}
AWS AppSync:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"appsync.amazonaws.com"
}
}
]
}
Amazon Elastic MapReduce For Autoscaling:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":[
"elasticmapreduce.amazonaws.com",
"application-autoscaling.amazonaws.com"
]
}
}
]
}
DynamoDB Autoscaling:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"application-autoscaling.amazonaws.com"
}
}
]
}
Amazon Data Lifecycle Manager:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"dlm.amazonaws.com"
},
"Sid":""
}
]
}
Amazon DAX:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"dax.amazonaws.com"
}
}
]
}
Amazon API Gateway:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"apigateway.amazonaws.com"
},
"Sid":""
}
]
}
AWS IoT:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"iot.amazonaws.com"
},
"Sid":""
}
]
}
AWS Lambda Edge:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":[
"lambda.amazonaws.com",
"edgelambda.amazonaws.com"
]
}
}
]
}
Amazon SNS:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"sns.amazonaws.com"
}
}
]
}
Amazon EC2 Role for Data Pipeline:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole","Effect":"Allow","Principal":{
"Service":"ec2.amazonaws.com"}}]}
Inner Account:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"AWS":"ARN_VAR"
},
"Sid":""
}
]
}
AWS Data Pipeline:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":[
"datapipeline.amazonaws.com",
"elasticmapreduce.amazonaws.com"
]
}
}
]
}
Amazon EC2 Container Service Autoscale Role:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"application-autoscaling.amazonaws.com"
},
"Sid":""
}
]
}
Amazon RDS:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"rds.amazonaws.com"
},
"Sid":""
}
]
}
AWS CodeBuild:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"codebuild.amazonaws.com"
}
}
]
}
AWS Glue Service Notebook:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"ec2.amazonaws.com"
}
}
]
}
AWS Batch Service:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"batch.amazonaws.com"
}
}
]
}
Amazon Redshift:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"redshift.amazonaws.com"
}
}
]
}
AWS Elastic Beanstalk:
{
"Version":"2012-10-17",
"Statement":[
{
"Condition":{
"StringEquals":{
"sts:ExternalId":"elasticbeanstalk"
}
},
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"elasticbeanstalk.amazonaws.com"
},
"Sid":""
}
]
}
AWS Lambda:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"lambda.amazonaws.com"
}
}
]
}
AWS Greengrass Role:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"greengrass.amazonaws.com"
}
}
]
}
AWS Config:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"config.amazonaws.com"
},
"Sid":""
}
]
}
AWS Step Functions:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"states.amazonaws.com"
}
}
]
}
AWS Storage Gateway:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"storagegateway.amazonaws.com"
}
}
]
}
AWS Cloudformation Role:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"cloudformation.amazonaws.com"
},
"Sid":""
}
]
}
S3:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"s3.amazonaws.com"
}
}
]
}
Amazon Sagemaker:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"sagemaker.amazonaws.com"
}
}
]
}
AWS Directory Service:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"ds.amazonaws.com"
}
}
]
}
Firehose:
{
"Version":"2012-10-17",
"Statement":[
{
"Condition":{
"StringEquals":{
"sts:ExternalId":"AccountID"
}
},
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"firehose.amazonaws.com"
},
"Sid":""
}
]
}
Amazon Elasticsearch Service:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"es.amazonaws.com"
}
}
]
}
AWS CodeDeploy:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"codedeploy.amazonaws.com"
},
"Sid":""
}
]
}
Kinesis Firehose:
{
"Version":"2012-10-17",
"Statement":[
{
"Condition":{
"StringEquals":{
"sts:ExternalId":"AccountID"
}
},
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"firehose.amazonaws.com"
},
"Sid":""
}
]
}
Amazon EC2 Spot Fleet Role:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"spotfleet.amazonaws.com"
},
"Sid":""
}
]
}
Amazon Elastic MapReduce for EC2:
{
"Version":"2012-10-17",
"Statement":[
{
"Action":"sts:AssumeRole",
"Effect":"Allow",
"Principal":{
"Service":"ec2.amazonaws.com"
}
}
]
}
I've also updated the Trust Policy list in my fork if you'd like to pull in those changes as well.