Skip to content

Instantly share code, notes, and snippets.

@giuliocalzolari

giuliocalzolari/AmazonVPCReadOnlyAccess.json

Created November 29, 2017 15:42
Show Gist options
  • Save giuliocalzolari/91acd80ec4c705d225fa170f4a065666 to your computer and use it in GitHub Desktop.
Save giuliocalzolari/91acd80ec4c705d225fa170f4a065666 to your computer and use it in GitHub Desktop.
Download ZIP
AWS managed policies
Raw
AmazonVPCReadOnlyAccess.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:DescribeAddresses",
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeCustomerGateways",
"ec2:DescribeDhcpOptions",
"ec2:DescribeFlowLogs",
"ec2:DescribeInternetGateways",
"ec2:DescribeMovingAddresses",
"ec2:DescribeNatGateways",
"ec2:DescribeNetworkAcls",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribePrefixLists",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVpcAttribute",
"ec2:DescribeVpcClassicLink",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcEndpointServices",
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeVpcs",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways"
],
"Resource": "*"
}
]
}
Raw
ViewOnlyAccess.json
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"acm:ListCertificates",
"athena:List*",
"aws-marketplace:ViewSubscriptions",
"autoscaling:Describe*",
"batch:ListJobs",
"clouddirectory:ListAppliedSchemaArns",
"clouddirectory:ListDevelopmentSchemaArns",
"clouddirectory:ListDirectories",
"clouddirectory:ListPublishedSchemaArns",
"cloudformation:List*",
"cloudformation:DescribeStacks",
"cloudfront:List*",
"cloudhsm:ListAvailableZones",
"cloudhsm:ListLunaClients",
"cloudhsm:ListHapgs",
"cloudhsm:ListHsms",
"cloudsearch:List*",
"cloudsearch:DescribeDomains",
"cloudtrail:DescribeTrails",
"cloudtrail:LookupEvents",
"cloudwatch:List*",
"cloudwatch:GetMetricData",
"codebuild:ListBuilds*",
"codebuild:ListProjects",
"codecommit:List*",
"codedeploy:List*",
"codedeploy:Get*",
"codepipeline:ListPipelines",
"codestar:List*",
"codestar:Verify*",
"cognito-idp:List*",
"cognito-identity:ListIdentities",
"cognito-identity:ListIdentityPools",
"cognito-sync:ListDatasets",
"connect:List*",
"config:List*",
"config:Describe*",
"datapipeline:ListPipelines",
"datapipeline:DescribePipelines",
"datapipeline:GetAccountLimits",
"devicefarm:List*",
"directconnect:Describe*",
"discovery:List*",
"dms:List*",
"ds:DescribeDirectories",
"dynamodb:ListTables",
"ec2:DescribeAccountAttributes",
"ec2:DescribeAddresses",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeBundleTasks",
"ec2:DescribeClassicLinkInstances",
"ec2:DescribeConversionTasks",
"ec2:DescribeCustomerGateways",
"ec2:DescribeDhcpOptions",
"ec2:DescribeExportTasks",
"ec2:DescribeFlowLogs",
"ec2:DescribeHost*",
"ec2:DescribeIdentityIdFormat",
"ec2:DescribeIdFormat",
"ec2:DescribeImage*",
"ec2:DescribeImport*",
"ec2:DescribeInstance*",
"ec2:DescribeInternetGateways",
"ec2:DescribeKeyPairs",
"ec2:DescribeMovingAddresses",
"ec2:DescribeNatGateways",
"ec2:DescribeNetwork*",
"ec2:DescribePlacementGroups",
"ec2:DescribePrefixLists",
"ec2:DescribeRegions",
"ec2:DescribeReserved*",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSnapshot*",
"ec2:DescribeSpot*",
"ec2:DescribeSubnets",
"ec2:DescribeVolume*",
"ec2:DescribeVpc*",
"ec2:DescribeVpnGateways",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecs:List*",
"elasticache:Describe*",
"elasticbeanstalk:DescribeApplicationVersions",
"elasticbeanstalk:DescribeApplications",
"elasticbeanstalk:DescribeEnvironments",
"elasticbeanstalk:ListAvailableSolutionStacks",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticfilesystem:DescribeFileSystems",
"elasticmapreduce:List*",
"elastictranscoder:List*",
"es:DescribeElasticsearchDomain",
"es:DescribeElasticsearchDomains",
"es:ListDomainNames",
"events:ListRuleNamesByTarget",
"events:ListRules",
"events:ListTargetsByRule",
"firehose:List*",
"firehose:DescribeDeliveryStream",
"gamelift:List*",
"glacier:List*",
"iam:List*",
"iam:GetAccountSummary",
"iam:GetLoginProfile",
"importexport:ListJobs",
"inspector:List*",
"iot:List*",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kms:ListKeys",
"lambda:List*",
"lex:GetBotAliases",
"lex:GetBotChannelAssociations",
"lex:GetBots",
"lex:GetBotVersions",
"lex:GetIntents",
"lex:GetIntentVersions",
"lex:GetSlotTypes",
"lex:GetSlotTypeVersions",
"lex:GetUtterancesView",
"lightsail:GetBlueprints",
"lightsail:GetBundles",
"lightsail:GetInstances",
"lightsail:GetInstanceSnapshots",
"lightsail:GetKeyPair",
"lightsail:GetRegions",
"lightsail:GetStaticIps",
"lightsail:IsVpcPeered",
"logs:Describe*",
"machinelearning:Describe*",
"mobilehub:ListAvailableFeatures",
"mobilehub:ListAvailableRegions",
"mobilehub:ListProjects",
"opsworks:Describe*",
"opsworks-cm:Describe*",
"organizations:List*",
"mobiletargeting:GetApplicationSettings",
"mobiletargeting:GetCampaigns",
"mobiletargeting:GetImportJobs",
"mobiletargeting:GetSegments",
"polly:Describe*",
"polly:List*",
"rds:Describe*",
"redshift:DescribeClusters",
"redshift:DescribeEvents",
"redshift:ViewQueriesInConsole",
"route53:List*",
"route53:Get*",
"route53domains:List*",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"sdb:List*",
"servicecatalog:List*",
"ses:List*",
"shield:List*",
"states:ListActivities",
"states:ListStateMachines",
"sns:List*",
"sqs:ListQueues",
"ssm:ListAssociations",
"ssm:ListDocuments",
"storagegateway:ListGateways",
"storagegateway:ListLocalDisks",
"storagegateway:ListVolumeRecoveryPoints",
"storagegateway:ListVolumes",
"swf:List*",
"trustedadvisor:Describe*",
"waf:List*",
"waf-regional:List*",
"workdocs:DescribeAvailableDirectories",
"workdocs:DescribeInstances",
"workmail:Describe*",
"workspaces:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment