Skip to content

Instantly share code, notes, and snippets.

@kingdonb

kingdonb/get-policy

Created November 4, 2019 14:48
Show Gist options
  • Save kingdonb/cceb6e5f0db4ae7980fd1ab130e2c72e to your computer and use it in GitHub Desktop.
Save kingdonb/cceb6e5f0db4ae7980fd1ab130e2c72e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
get-policy
{
"Policy": {
"PolicyName": "boundary-delegated-iam",
"PolicyId": "ANPAJK7TA6Q6CLUXZOC2E",
"Arn": "arn:aws:iam::209773529123:policy/boundary-delegated-iam",
"Path": "/",
"DefaultVersionId": "v5",
"AttachmentCount": 1,
"PermissionsBoundaryUsageCount": 128,
"IsAttachable": true,
"Description": "Permission Boundary for all delegated users/roles in this account",
"CreateDate": "2018-07-19T13:58:07Z",
"UpdateDate": "2018-09-18T20:23:00Z"
}
}
Raw
get-policy-version
{
"PolicyVersion": {
"Document": {
"Version": "2012-10-17",
"Statement": [
{
"Resource": "*",
"Effect": "Allow",
"NotAction": [
"iam:CreateRole",
"iam:CreateUser",
"iam:DeleteRolePolicy",
"iam:DeleteUserPolicy",
"iam:UpdateRole",
"iam:UpdateUser",
"iam:AttachRolePolicy",
"iam:AttachUserPolicy",
"iam:DetachRolePolicy",
"iam:DetachUserPolicy",
"iam:PutRolePolicy",
"iam:PutUserPolicy",
"iam:PutRolePermissionsBoundary",
"iam:PutUserPermissionsBoundary",
"iam:CreateAccessKey",
"iam:DeleteAccessKey",
"iam:UpdateAccessKey",
"iam:DeleteRolePermissionsBoundary",
"iam:DeleteUserPermissionsBoundary",
"ec2:CreateVpc",
"ec2:CreateDefaultVpc",
"ec2:DeleteVpc",
"ec2:DeleteFlowLogs",
"cloudhsm:*",
"guardduty:Delete*",
"guardduty:Disassociate*"
],
"Sid": "AllowNonRestrictedServices"
},
{
"Condition": {
"StringEquals": {
"iam:PermissionsBoundary": "arn:aws:iam::209773529123:policy/boundary-delegated-iam"
}
},
"Action": [
"iam:CreateRole",
"iam:CreateUser",
"iam:DeleteRolePolicy",
"iam:DeleteUserPolicy",
"iam:UpdateRole",
"iam:UpdateUser",
"iam:AttachRolePolicy",
"iam:AttachUserPolicy",
"iam:DetachRolePolicy",
"iam:DetachUserPolicy",
"iam:PutRolePolicy",
"iam:PutUserPolicy",
"iam:PutRolePermissionsBoundary",
"iam:PutUserPermissionsBoundary"
],
"Resource": "*",
"Effect": "Allow",
"Sid": "AllowIAMWithBoundary"
},
{
"Action": [
"iam:CreatePolicyVersion",
"iam:DeletePolicy",
"iam:DeletePolicyVersion",
"iam:SetDefaultPolicyVersion"
],
"Resource": "arn:aws:iam::209773529123:policy/boundary-delegated-iam",
"Effect": "Deny",
"Sid": "DenyBoundaryPolicyEdit"
},
{
"Condition": {
"ForAnyValue:StringNotLike": {
"ec2:InstanceType": [
"*.nano",
"*.micro",
"*.small",
"*.medium",
"*.large",
"*.xlarge",
"*.2xlarge"
]
}
},
"Action": [
"ec2:RunInstances",
"ec2:ModifyInstanceAttribute"
],
"Resource": "arn:aws:ec2:*:*:instance/*",
"Effect": "Deny",
"Sid": "DenyLargeInstances"
},
{
"Condition": {
"StringNotEquals": {
"aws:RequestedRegion": [
"us-east-1",
"us-east-2"
]
}
},
"Action": "*",
"Resource": "*",
"Effect": "Deny",
"Sid": "DenyOtherRegions"
},
{
"Resource": "arn:aws:iam::209773529123:role/SuperSaiyan",
"Effect": "Deny",
"NotAction": [
"iam:Get*",
"iam:List*"
],
"Sid": "DenyModifyingPowerRole"
}
]
},
"VersionId": "v5",
"IsDefaultVersion": true,
"CreateDate": "2018-09-18T20:23:00Z"
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment