Skip to content

Instantly share code, notes, and snippets.

@kmcquade

kmcquade/jlongman-short.json

Created February 8, 2020 00:17
Show Gist options
  • Save kmcquade/5bdb5368d9e9f4f8e63469786fc7fd82 to your computer and use it in GitHub Desktop.
Save kmcquade/5bdb5368d9e9f4f8e63469786fc7fd82 to your computer and use it in GitHub Desktop.
Download ZIP
minimized policy with his question
Raw
jlongman-short.json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "A4bTaggingDevice",
"Effect": "Allow",
"Action": [
"a4b:t*",
"a4b:un*"
],
"Resource": [
"arn:${Partition}:a4b:${Region}:${Account}:device/${Resource_id}"
]
},
{
"Sid": "A4bTaggingRoom",
"Effect": "Allow",
"Action": [
"a4b:t*",
"a4b:un*"
],
"Resource": [
"arn:${Partition}:a4b:${Region}:${Account}:room/${Resource_id}"
]
},
{
"Sid": "A4bTaggingUser",
"Effect": "Allow",
"Action": [
"a4b:t*",
"a4b:un*"
],
"Resource": [
"arn:${Partition}:a4b:${Region}:${Account}:user/${Resource_id}"
]
},
{
"Sid": "Access-analyzerTaggingAnalyzer",
"Effect": "Allow",
"Action": [
"access-analyzer:t*",
"access-analyzer:un*"
],
"Resource": [
"arn:${Partition}:access-analyzer:${Region}:${Account}:analyzer/${analyzerName}"
]
},
{
"Sid": "AcmTaggingCertificate",
"Effect": "Allow",
"Action": [
"acm:a*",
"acm:rem*"
],
"Resource": [
"arn:${Partition}:acm:${Region}:${Account}:certificate/${CertificateId}"
]
},
{
"Sid": "Acm-pcaTaggingCertificateauthority",
"Effect": "Allow",
"Action": [
"acm-pca:t*",
"acm-pca:un*"
],
"Resource": [
"arn:${Partition}:acm-pca:${Region}:${Account}:certificate-authority/${CertificateAuthorityId}"
]
},
{
"Sid": "AmplifyTaggingApps",
"Effect": "Allow",
"Action": [
"amplify:t*",
"amplify:un*"
],
"Resource": [
"arn:${Partition}:amplify:${Region}:${Account}:apps/${AppId}/branches/${BranchName}/jobs/${JobId}"
]
},
{
"Sid": "AmplifyTaggingBranches",
"Effect": "Allow",
"Action": [
"amplify:t*",
"amplify:un*"
],
"Resource": [
"arn:${Partition}:amplify:${Region}:${Account}:apps/${AppId}/branches/${BranchName}/jobs/${JobId}"
]
},
{
"Sid": "AmplifyTaggingJobs",
"Effect": "Allow",
"Action": [
"amplify:t*",
"amplify:un*"
],
"Resource": [
"arn:${Partition}:amplify:${Region}:${Account}:apps/${AppId}/branches/${BranchName}/jobs/${JobId}"
]
},
{
"Sid": "AppmeshTaggingMesh",
"Effect": "Allow",
"Action": [
"appmesh:t*",
"appmesh:un*"
],
"Resource": [
"arn:${Partition}:appmesh:${Region}:${Account}:mesh/${MeshName}/virtualNode/${VirtualNodeName}",
"arn:${Partition}:appmesh:${Region}:${Account}:mesh/${MeshName}/virtualRouter/${VirtualRouterName}",
"arn:${Partition}:appmesh:${Region}:${Account}:mesh/${MeshName}/virtualService/${VirtualServiceName}"
]
},
{
"Sid": "AppmeshTaggingRoute",
"Effect": "Allow",
"Action": [
"appmesh:t*",
"appmesh:un*"
],
"Resource": [
"arn:${Partition}:appmesh:${Region}:${Account}:mesh/${MeshName}/virtualNode/${VirtualNodeName}",
"arn:${Partition}:appmesh:${Region}:${Account}:mesh/${MeshName}/virtualRouter/${VirtualRouterName}",
"arn:${Partition}:appmesh:${Region}:${Account}:mesh/${MeshName}/virtualService/${VirtualServiceName}"
]
},
{
"Sid": "AppmeshTaggingVirtualnode",
"Effect": "Allow",
"Action": [
"appmesh:t*",
"appmesh:un*"
],
"Resource": [
"arn:${Partition}:appmesh:${Region}:${Account}:mesh/${MeshName}/virtualNode/${VirtualNodeName}",
"arn:${Partition}:appmesh:${Region}:${Account}:mesh/${MeshName}/virtualRouter/${VirtualRouterName}",
"arn:${Partition}:appmesh:${Region}:${Account}:mesh/${MeshName}/virtualService/${VirtualServiceName}"
]
},
{
"Sid": "AppmeshTaggingVirtualrouter",
"Effect": "Allow",
"Action": [
"appmesh:t*",
"appmesh:un*"
],
"Resource": [
"arn:${Partition}:appmesh:${Region}:${Account}:mesh/${MeshName}/virtualNode/${VirtualNodeName}",
"arn:${Partition}:appmesh:${Region}:${Account}:mesh/${MeshName}/virtualRouter/${VirtualRouterName}",
"arn:${Partition}:appmesh:${Region}:${Account}:mesh/${MeshName}/virtualService/${VirtualServiceName}"
]
},
{
"Sid": "AppmeshTaggingVirtualservice",
"Effect": "Allow",
"Action": [
"appmesh:t*",
"appmesh:un*"
],
"Resource": [
"arn:${Partition}:appmesh:${Region}:${Account}:mesh/${MeshName}/virtualNode/${VirtualNodeName}",
"arn:${Partition}:appmesh:${Region}:${Account}:mesh/${MeshName}/virtualRouter/${VirtualRouterName}",
"arn:${Partition}:appmesh:${Region}:${Account}:mesh/${MeshName}/virtualService/${VirtualServiceName}"
]
},
{
"Sid": "AppstreamTaggingFleet",
"Effect": "Allow",
"Action": [
"appstream:t*",
"appstream:un*"
],
"Resource": [
"arn:${Partition}:appstream:${Region}:${Account}:fleet/${FleetName}"
]
},
{
"Sid": "AppstreamTaggingImage",
"Effect": "Allow",
"Action": [
"appstream:t*",
"appstream:un*"
],
"Resource": [
"arn:${Partition}:appstream:${Region}:${Account}:image/${ImageName}"
]
},
{
"Sid": "AppstreamTaggingImagebuilder",
"Effect": "Allow",
"Action": [
"appstream:t*",
"appstream:un*"
],
"Resource": [
"arn:${Partition}:appstream:${Region}:${Account}:image-builder/${ImageBuilderName}"
]
},
{
"Sid": "AppstreamTaggingStack",
"Effect": "Allow",
"Action": [
"appstream:t*",
"appstream:un*"
],
"Resource": [
"arn:${Partition}:appstream:${Region}:${Account}:stack/${StackName}"
]
},
{
"Sid": "AppsyncTaggingGraphqlapi",
"Effect": "Allow",
"Action": [
"appsync:t*",
"appsync:un*"
],
"Resource": [
"arn:${Partition}:appsync:${Region}:${Account}:apis/${GraphQLAPIId}"
]
},
{
"Sid": "AthenaTaggingWorkgroup",
"Effect": "Allow",
"Action": [
"athena:t*",
"athena:un*"
],
"Resource": [
"arn:${Partition}:athena:${Region}:${Account}:workgroup/${WorkGroupName}"
]
},
{
"Sid": "AutoscalingTaggingAutoscalinggroup",
"Effect": "Allow",
"Action": [
"autoscaling:createo*",
"autoscaling:deletet*"
],
"Resource": [
"arn:${Partition}:autoscaling:${Region}:${Account}:autoScalingGroup:${GroupId}:autoScalingGroupName/${GroupFriendlyName}"
]
},
{
"Sid": "ClouddirectoryTaggingDirectory",
"Effect": "Allow",
"Action": [
"clouddirectory:t*",
"clouddirectory:un*"
],
"Resource": [
"arn:${Partition}:clouddirectory:${Region}:${Account}:directory/${DirectoryId}"
]
},
{
"Sid": "CloudformationTaggingStack",
"Effect": "Allow",
"Action": [
"cloudformation:t*",
"cloudformation:un*"
],
"Resource": [
"arn:${Partition}:cloudformation:${Region}:${Account}:stack/${StackName}/${Id}"
]
},
{
"Sid": "CloudformationTaggingStackset",
"Effect": "Allow",
"Action": [
"cloudformation:t*",
"cloudformation:un*"
],
"Resource": [
"arn:${Partition}:cloudformation:${Region}:${Account}:stackset/${StackSetName}:${Id}"
]
},
{
"Sid": "CloudfrontTaggingDistribution",
"Effect": "Allow",
"Action": [
"cloudfront:t*",
"cloudfront:un*"
],
"Resource": [
"arn:${Partition}:cloudfront::${Account}:distribution/${DistributionId}"
]
},
{
"Sid": "CloudfrontTaggingStreamingdistribution",
"Effect": "Allow",
"Action": [
"cloudfront:t*",
"cloudfront:un*"
],
"Resource": [
"arn:${Partition}:cloudfront::${Account}:streaming-distribution/${DistributionId}"
]
},
{
"Sid": "CloudsearchTaggingDomain",
"Effect": "Allow",
"Action": [
"cloudsearch:a*",
"cloudsearch:r*"
],
"Resource": [
"arn:${Partition}:cloudsearch:${Region}:${Account}:domain/${DomainName}"
]
},
{
"Sid": "CloudtrailTaggingTrail",
"Effect": "Allow",
"Action": [
"cloudtrail:a*",
"cloudtrail:r*"
],
"Resource": [
"arn:${Partition}:cloudtrail:${Region}:${Account}:trail/${TrailName}"
]
},
{
"Sid": "CloudwatchTaggingAlarm",
"Effect": "Allow",
"Action": [
"cloudwatch:t*",
"cloudwatch:u*"
],
"Resource": [
"arn:${Partition}:cloudwatch:${Region}:${Account}:alarm:${AlarmName}"
]
},
{
"Sid": "CodedeployTaggingInstance",
"Effect": "Allow",
"Action": [
"codedeploy:a*",
"codedeploy:rem*"
],
"Resource": [
"arn:${Partition}:codedeploy:${Region}:${Account}:instance:${InstanceName}"
]
},
{
"Sid": "CodedeployTaggingApplication",
"Effect": "Allow",
"Action": [
"codedeploy:t*",
"codedeploy:un*"
],
"Resource": [
"arn:${Partition}:codedeploy:${Region}:${Account}:instance:${InstanceName}"
]
},
{
"Sid": "CodedeployTaggingDeploymentgroup",
"Effect": "Allow",
"Action": [
"codedeploy:t*",
"codedeploy:un*"
],
"Resource": [
"arn:${Partition}:codedeploy:${Region}:${Account}:deploymentgroup:${ApplicationName}/${DeploymentGroupName}"
]
},
{
"Sid": "CodepipelineTaggingActiontype",
"Effect": "Allow",
"Action": [
"codepipeline:t*",
"codepipeline:un*"
],
"Resource": [
"arn:${Partition}:codepipeline:${Region}:${Account}:actiontype:${Owner}/${Category}/${Provider}/${Version}"
]
},
{
"Sid": "CodepipelineTaggingPipeline",
"Effect": "Allow",
"Action": [
"codepipeline:t*",
"codepipeline:un*"
],
"Resource": [
"arn:${Partition}:codepipeline:${Region}:${Account}:${PipelineName}"
]
},
{
"Sid": "CodepipelineTaggingWebhook",
"Effect": "Allow",
"Action": [
"codepipeline:t*",
"codepipeline:un*"
],
"Resource": [
"arn:${Partition}:codepipeline:${Region}:${Account}:${PipelineName}"
]
},
{
"Sid": "CodestarTaggingProject",
"Effect": "Allow",
"Action": [
"codestar:t*",
"codestar:un*"
],
"Resource": [
"arn:${Partition}:codestar:${Region}:${Account}:project/${ProjectId}"
]
},
{
"Sid": "Codestar-notificationsTaggingNotificationrule",
"Effect": "Allow",
"Action": [
"codestar-notifications:t*",
"codestar-notifications:unt*"
],
"Resource": [
"arn:${Partition}:codestar-notifications:${Region}:${Account}:notificationrule/${NotificationRuleId}"
]
},
{
"Sid": "Cognito-identityTaggingIdentitypool",
"Effect": "Allow",
"Action": [
"cognito-identity:t*",
"cognito-identity:unt*"
],
"Resource": [
"arn:${Partition}:cognito-identity:${Region}:${Account}:identitypool/${IdentityPoolId}"
]
},
{
"Sid": "Cognito-idpTaggingUserpool",
"Effect": "Allow",
"Action": [
"cognito-idp:t*",
"cognito-idp:un*"
],
"Resource": [
"arn:${Partition}:cognito-idp:${Region}:${Account}:userpool/${UserPoolId}"
]
},
{
"Sid": "ComprehendTaggingDocumentclassifier",
"Effect": "Allow",
"Action": [
"comprehend:t*",
"comprehend:un*"
],
"Resource": [
"arn:${Partition}:comprehend:${Region}:${Account}:document-classifier/${DocumentClassifierName}"
]
},
{
"Sid": "ComprehendTaggingDocumentclassifierendpoint",
"Effect": "Allow",
"Action": [
"comprehend:t*",
"comprehend:un*"
],
"Resource": [
"arn:${Partition}:comprehend:${Region}:${Account}:document-classifier-endpoint/${DocumentClassifierEndpointName}"
]
},
{
"Sid": "ComprehendTaggingEntityrecognizer",
"Effect": "Allow",
"Action": [
"comprehend:t*",
"comprehend:un*"
],
"Resource": [
"arn:${Partition}:comprehend:${Region}:${Account}:entity-recognizer/${EntityRecognizerName}"
]
},
{
"Sid": "ConfigTaggingAggregationauthorization",
"Effect": "Allow",
"Action": [
"config:t*",
"config:u*"
],
"Resource": [
"arn:${Partition}:config:${Region}:${Account}:aggregation-authorization/${AggregatorAccount}/${AggregatorRegion}"
]
},
{
"Sid": "ConfigTaggingConfigrule",
"Effect": "Allow",
"Action": [
"config:t*",
"config:u*"
],
"Resource": [
"arn:${Partition}:config:${Region}:${Account}:config-rule/${ConfigRuleId}"
]
},
{
"Sid": "ConfigTaggingConfigurationaggregator",
"Effect": "Allow",
"Action": [
"config:t*",
"config:u*"
],
"Resource": [
"arn:${Partition}:config:${Region}:${Account}:config-aggregator/${AggregatorId}"
]
},
{
"Sid": "ConfigTaggingConformancepack",
"Effect": "Allow",
"Action": [
"config:t*",
"config:u*"
],
"Resource": [
"arn:${Partition}:config:${Region}:${Account}:conformance-pack/${ConformancePackName}/${ConformancePackId}"
]
},
{
"Sid": "ConnectTaggingUser",
"Effect": "Allow",
"Action": [
"connect:t*",
"connect:un*"
],
"Resource": [
"arn:${Partition}:connect:${Region}:${Account}:instance/${InstanceId}/agent/${UserId}"
]
},
{
"Sid": "DataexchangeTaggingDatasets",
"Effect": "Allow",
"Action": [
"dataexchange:t*",
"dataexchange:un*"
],
"Resource": [
"arn:${Partition}:dataexchange:${Region}:${Account}:data-sets/${DataSetId}"
]
},
{
"Sid": "DataexchangeTaggingRevisions",
"Effect": "Allow",
"Action": [
"dataexchange:t*",
"dataexchange:un*"
],
"Resource": [
"arn:${Partition}:dataexchange:${Region}:${Account}:data-sets/${DataSetId}"
]
},
{
"Sid": "DatasyncTaggingAgent",
"Effect": "Allow",
"Action": [
"datasync:un*"
],
"Resource": [
"arn:${Partition}:datasync:${Region}:${AccountId}:agent/${AgentId}"
]
},
{
"Sid": "DatasyncTaggingLocation",
"Effect": "Allow",
"Action": [
"datasync:un*"
],
"Resource": [
"arn:${Partition}:datasync:${Region}:${AccountId}:location/${LocationId}"
]
},
{
"Sid": "DatasyncTaggingTask",
"Effect": "Allow",
"Action": [
"datasync:un*"
],
"Resource": [
"arn:${Partition}:datasync:${Region}:${AccountId}:task/${TaskId}"
]
},
{
"Sid": "DaxTaggingApplication",
"Effect": "Allow",
"Action": [
"dax:t*",
"dax:un*"
],
"Resource": [
"arn:${Partition}:dax:${Region}:${Account}:cache/${ClusterName}"
]
},
{
"Sid": "DevicefarmTaggingDevice",
"Effect": "Allow",
"Action": [
"devicefarm:t*",
"devicefarm:un*"
],
"Resource": [
"arn:${Partition}:devicefarm:${Region}:${Account}:devicepool:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:instanceprofile:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:networkprofile:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:project:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:run:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:session:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:vpceconfiguration:${ResourceId}"
]
},
{
"Sid": "DevicefarmTaggingDeviceinstance",
"Effect": "Allow",
"Action": [
"devicefarm:t*",
"devicefarm:un*"
],
"Resource": [
"arn:${Partition}:devicefarm:${Region}:${Account}:devicepool:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:instanceprofile:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:networkprofile:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:project:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:run:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:session:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:vpceconfiguration:${ResourceId}"
]
},
{
"Sid": "DevicefarmTaggingDevicepool",
"Effect": "Allow",
"Action": [
"devicefarm:t*",
"devicefarm:un*"
],
"Resource": [
"arn:${Partition}:devicefarm:${Region}:${Account}:devicepool:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:instanceprofile:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:networkprofile:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:project:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:run:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:session:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:vpceconfiguration:${ResourceId}"
]
},
{
"Sid": "DevicefarmTaggingInstanceprofile",
"Effect": "Allow",
"Action": [
"devicefarm:t*",
"devicefarm:un*"
],
"Resource": [
"arn:${Partition}:devicefarm:${Region}:${Account}:devicepool:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:instanceprofile:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:networkprofile:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:project:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:run:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:session:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:vpceconfiguration:${ResourceId}"
]
},
{
"Sid": "DevicefarmTaggingNetworkprofile",
"Effect": "Allow",
"Action": [
"devicefarm:t*",
"devicefarm:un*"
],
"Resource": [
"arn:${Partition}:devicefarm:${Region}:${Account}:devicepool:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:instanceprofile:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:networkprofile:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:project:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:run:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:session:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:vpceconfiguration:${ResourceId}"
]
},
{
"Sid": "DevicefarmTaggingProject",
"Effect": "Allow",
"Action": [
"devicefarm:t*",
"devicefarm:un*"
],
"Resource": [
"arn:${Partition}:devicefarm:${Region}:${Account}:devicepool:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:instanceprofile:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:networkprofile:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:project:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:run:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:session:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:vpceconfiguration:${ResourceId}"
]
},
{
"Sid": "DevicefarmTaggingRun",
"Effect": "Allow",
"Action": [
"devicefarm:t*",
"devicefarm:un*"
],
"Resource": [
"arn:${Partition}:devicefarm:${Region}:${Account}:devicepool:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:instanceprofile:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:networkprofile:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:project:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:run:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:session:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:vpceconfiguration:${ResourceId}"
]
},
{
"Sid": "DevicefarmTaggingSession",
"Effect": "Allow",
"Action": [
"devicefarm:t*",
"devicefarm:un*"
],
"Resource": [
"arn:${Partition}:devicefarm:${Region}:${Account}:devicepool:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:instanceprofile:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:networkprofile:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:project:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:run:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:session:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:vpceconfiguration:${ResourceId}"
]
},
{
"Sid": "DevicefarmTaggingVpceconfiguration",
"Effect": "Allow",
"Action": [
"devicefarm:t*",
"devicefarm:un*"
],
"Resource": [
"arn:${Partition}:devicefarm:${Region}:${Account}:devicepool:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:instanceprofile:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:networkprofile:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:project:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:run:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:session:${ResourceId}",
"arn:${Partition}:devicefarm:${Region}:${Account}:vpceconfiguration:${ResourceId}"
]
},
{
"Sid": "DirectconnectTaggingDxcon",
"Effect": "Allow",
"Action": [
"directconnect:t*",
"directconnect:un*"
],
"Resource": [
"arn:${Partition}:directconnect:${Region}:${Account}:dxcon/${ConnectionId}"
]
},
{
"Sid": "DirectconnectTaggingDxlag",
"Effect": "Allow",
"Action": [
"directconnect:t*",
"directconnect:un*"
],
"Resource": [
"arn:${Partition}:directconnect:${Region}:${Account}:dxlag/${LagId}"
]
},
{
"Sid": "DirectconnectTaggingDxvif",
"Effect": "Allow",
"Action": [
"directconnect:t*",
"directconnect:un*"
],
"Resource": [
"arn:${Partition}:directconnect:${Region}:${Account}:dxvif/${VirtualInterfaceId}"
]
},
{
"Sid": "DlmTaggingPolicy",
"Effect": "Allow",
"Action": [
"dlm:t*",
"dlm:un*"
],
"Resource": [
"arn:${Partition}:dlm:${Region}:${Account}:policy/${ResourceName}"
]
},
{
"Sid": "DmsTaggingNone",
"Effect": "Allow",
"Action": [
"dms:ad*",
"dms:rem*"
],
"Resource": [
"arn:${Partition}:dms:${Region}:${Account}:es:",
"arn:${Partition}:dms:${Region}:${Account}:es:",
"arn:${Partition}:dms:${Region}:${Account}:es:",
"arn:${Partition}:dms:${Region}:${Account}:es:",
"arn:${Partition}:dms:${Region}:${Account}:es:",
"arn:${Partition}:dms:${Region}:${Account}:es:",
"arn:${Partition}:dms:${Region}:${Account}:rep:",
"arn:${Partition}:dms:${Region}:${Account}:rep:",
"arn:${Partition}:dms:${Region}:${Account}:rep:",
"arn:${Partition}:dms:${Region}:${Account}:rep:",
"arn:${Partition}:dms:${Region}:${Account}:rep:",
"arn:${Partition}:dms:${Region}:${Account}:rep:",
"arn:${Partition}:dms:${Region}:${Account}:subgrp:",
"arn:${Partition}:dms:${Region}:${Account}:subgrp:",
"arn:${Partition}:dms:${Region}:${Account}:subgrp:",
"arn:${Partition}:dms:${Region}:${Account}:subgrp:",
"arn:${Partition}:dms:${Region}:${Account}:subgrp:",
"arn:${Partition}:dms:${Region}:${Account}:subgrp:",
"arn:${Partition}:dms:${Region}:${Account}:task:",
"arn:${Partition}:dms:${Region}:${Account}:task:",
"arn:${Partition}:dms:${Region}:${Account}:task:",
"arn:${Partition}:dms:${Region}:${Account}:task:",
"arn:${Partition}:dms:${Region}:${Account}:task:",
"arn:${Partition}:dms:${Region}:${Account}:task:"
]
},
{
"Sid": "DsTaggingDirectory",
"Effect": "Allow",
"Action": [
"ds:addt*",
"ds:removet*"
],
"Resource": [
"arn:${Partition}:ds:${Region}:${Account}:directory/${DirectoryId}"
]
},
{
"Sid": "DynamodbTaggingTable",
"Effect": "Allow",
"Action": [
"dynamodb:t*",
"dynamodb:un*"
],
"Resource": [
"arn:${Partition}:dynamodb:${Region}:${Account}:table/${TableName}"
]
},
{
"Sid": "Ec2TaggingCapacityreservation",
"Effect": "Allow",
"Action": [
"ec2:createta*",
"ec2:deleteta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}:${Account}:capacity-reservation/${CapacityReservationId}"
]
},
{
"Sid": "Ec2TaggingClientvpnendpoint",
"Effect": "Allow",
"Action": [
"ec2:createta*",
"ec2:deleteta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}:${Account}:client-vpn-endpoint/${ClientVpnEndpointId}"
]
},
{
"Sid": "Ec2TaggingDhcpoptions",
"Effect": "Allow",
"Action": [
"ec2:createta*",
"ec2:deleteta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}:${Account}:dhcp-options/${DhcpOptionsId}"
]
},
{
"Sid": "Ec2TaggingFpgaimage",
"Effect": "Allow",
"Action": [
"ec2:createta*",
"ec2:deleteta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}::fpga-image/${FpgaImageId}"
]
},
{
"Sid": "Ec2TaggingImage",
"Effect": "Allow",
"Action": [
"ec2:createta*",
"ec2:deleteta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}::image/${ImageId}"
]
},
{
"Sid": "Ec2TaggingInstance",
"Effect": "Allow",
"Action": [
"ec2:createta*",
"ec2:deleteta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}:${Account}:instance/${InstanceId}"
]
},
{
"Sid": "Ec2TaggingInternetgateway",
"Effect": "Allow",
"Action": [
"ec2:createta*",
"ec2:deleteta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}:${Account}:internet-gateway/${InternetGatewayId}"
]
},
{
"Sid": "Ec2TaggingNetworkacl",
"Effect": "Allow",
"Action": [
"ec2:createta*",
"ec2:deleteta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}:${Account}:network-acl/${NaclId}"
]
},
{
"Sid": "Ec2TaggingNetworkinterface",
"Effect": "Allow",
"Action": [
"ec2:createta*",
"ec2:deleteta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}:${Account}:network-interface/${NetworkInterfaceId}"
]
},
{
"Sid": "Ec2TaggingReservedinstances",
"Effect": "Allow",
"Action": [
"ec2:createta*",
"ec2:deleteta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}:${Account}:reserved-instances/${ReservationId}"
]
},
{
"Sid": "Ec2TaggingRoutetable",
"Effect": "Allow",
"Action": [
"ec2:createta*",
"ec2:deleteta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}:${Account}:route-table/${RouteTableId}"
]
},
{
"Sid": "Ec2TaggingSecuritygroup",
"Effect": "Allow",
"Action": [
"ec2:createta*",
"ec2:deleteta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}:${Account}:security-group/${SecurityGroupId}"
]
},
{
"Sid": "Ec2TaggingSnapshot",
"Effect": "Allow",
"Action": [
"ec2:createta*",
"ec2:deleteta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}::snapshot/${SnapshotId}"
]
},
{
"Sid": "Ec2TaggingSpotinstancerequest",
"Effect": "Allow",
"Action": [
"ec2:createta*",
"ec2:deleteta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}::spot-instances-request/${SpotInstanceRequestId}"
]
},
{
"Sid": "Ec2TaggingSubnet",
"Effect": "Allow",
"Action": [
"ec2:createta*",
"ec2:deleteta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}:${Account}:subnet/${SubnetId}"
]
},
{
"Sid": "Ec2TaggingTrafficmirrorfilter",
"Effect": "Allow",
"Action": [
"ec2:createta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}:${Account}:traffic-mirror-filter/${TrafficMirrorFilterId}"
]
},
{
"Sid": "Ec2TaggingTrafficmirrorsession",
"Effect": "Allow",
"Action": [
"ec2:createta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}:${Account}:traffic-mirror-session/${TrafficMirrorSessionId}"
]
},
{
"Sid": "Ec2TaggingTrafficmirrortarget",
"Effect": "Allow",
"Action": [
"ec2:createta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}:${Account}:traffic-mirror-target/${TrafficMirrorTargetId}"
]
},
{
"Sid": "Ec2TaggingTransitgateway",
"Effect": "Allow",
"Action": [
"ec2:createta*",
"ec2:deleteta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}:${Account}:transit-gateway/${TransitGatewayId}"
]
},
{
"Sid": "Ec2TaggingTransitgatewayattachment",
"Effect": "Allow",
"Action": [
"ec2:createta*",
"ec2:deleteta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-attachment/${TransitGatewayAttachmentId}"
]
},
{
"Sid": "Ec2TaggingTransitgatewayroutetable",
"Effect": "Allow",
"Action": [
"ec2:createta*",
"ec2:deleteta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}:${Account}:transit-gateway-route-table/${TransitGatewayRouteTableId}"
]
},
{
"Sid": "Ec2TaggingVolume",
"Effect": "Allow",
"Action": [
"ec2:createta*",
"ec2:deleteta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}:${Account}:volume/${VolumeId}"
]
},
{
"Sid": "Ec2TaggingVpc",
"Effect": "Allow",
"Action": [
"ec2:createta*",
"ec2:deleteta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}:${Account}:vpc/${VpcId}"
]
},
{
"Sid": "Ec2TaggingVpnconnection",
"Effect": "Allow",
"Action": [
"ec2:createta*",
"ec2:deleteta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}:${Account}:vpn-connection/${VpnConnectionId}"
]
},
{
"Sid": "Ec2TaggingVpngateway",
"Effect": "Allow",
"Action": [
"ec2:createta*",
"ec2:deleteta*"
],
"Resource": [
"arn:${Partition}:ec2:${Region}:${Account}:vpn-gateway/${VpnGatewayId}"
]
},
{
"Sid": "EcrTaggingRepository",
"Effect": "Allow",
"Action": [
"ecr:t*",
"ecr:un*"
],
"Resource": [
"arn:${Partition}:ecr:${Region}:${Account}:repository/${RepositoryName}"
]
},
{
"Sid": "EcsTaggingCluster",
"Effect": "Allow",
"Action": [
"ecs:t*",
"ecs:un*"
],
"Resource": [
"arn:${Partition}:ecs:${Region}:${Account}:cluster/${ClusterName}"
]
},
{
"Sid": "EcsTaggingContainerinstance",
"Effect": "Allow",
"Action": [
"ecs:t*",
"ecs:un*"
],
"Resource": [
"arn:${Partition}:ecs:${Region}:${Account}:container-instance/${ContainerInstanceId}"
]
},
{
"Sid": "EcsTaggingService",
"Effect": "Allow",
"Action": [
"ecs:t*",
"ecs:un*"
],
"Resource": [
"arn:${Partition}:ecs:${Region}:${Account}:service/${ServiceName}"
]
},
{
"Sid": "EcsTaggingTask",
"Effect": "Allow",
"Action": [
"ecs:t*",
"ecs:un*"
],
"Resource": [
"arn:${Partition}:ecs:${Region}:${Account}:task/${TaskId}"
]
},
{
"Sid": "EcsTaggingTaskdefinition",
"Effect": "Allow",
"Action": [
"ecs:t*",
"ecs:un*"
],
"Resource": [
"arn:${Partition}:ecs:${Region}:${Account}:task-definition/${TaskDefinitionFamilyName}:${TaskDefinitionRevisionNumber}"
]
},
{
"Sid": "EksTaggingCluster",
"Effect": "Allow",
"Action": [
"eks:t*",
"eks:un*"
],
"Resource": [
"arn:${Partition}:eks:${Region}:${Account}:cluster/${ClusterName}"
]
},
{
"Sid": "EksTaggingFargateprofile",
"Effect": "Allow",
"Action": [
"eks:t*",
"eks:un*"
],
"Resource": [
"arn:${Partition}:eks:${Region}:${Account}:fargateprofile/${ClusterName}/${FargateProfileName}/${UUID}"
]
},
{
"Sid": "EksTaggingNodegroup",
"Effect": "Allow",
"Action": [
"eks:t*",
"eks:un*"
],
"Resource": [
"arn:${Partition}:eks:${Region}:${Account}:nodegroup/${ClusterName}/${NodegroupName}/${UUID}"
]
},
{
"Sid": "ElasticbeanstalkTaggingApplication",
"Effect": "Allow",
"Action": [
"elasticbeanstalk:ad*",
"elasticbeanstalk:rem*"
],
"Resource": [
"arn:${Partition}:elasticbeanstalk:${Region}:${Account}:application/${ApplicationName}"
]
},
{
"Sid": "ElasticbeanstalkTaggingApplicationversion",
"Effect": "Allow",
"Action": [
"elasticbeanstalk:ad*",
"elasticbeanstalk:rem*"
],
"Resource": [
"arn:${Partition}:elasticbeanstalk:${Region}:${Account}:applicationversion/${ApplicationName}/${VersionLabel}"
]
},
{
"Sid": "ElasticbeanstalkTaggingConfigurationtemplate",
"Effect": "Allow",
"Action": [
"elasticbeanstalk:ad*",
"elasticbeanstalk:rem*"
],
"Resource": [
"arn:${Partition}:elasticbeanstalk:${Region}:${Account}:configurationtemplate/${ApplicationName}/${TemplateName}"
]
},
{
"Sid": "ElasticbeanstalkTaggingEnvironment",
"Effect": "Allow",
"Action": [
"elasticbeanstalk:ad*",
"elasticbeanstalk:rem*"
],
"Resource": [
"arn:${Partition}:elasticbeanstalk:${Region}:${Account}:environment/${ApplicationName}/${EnvironmentName}"
]
},
{
"Sid": "ElasticbeanstalkTaggingPlatform",
"Effect": "Allow",
"Action": [
"elasticbeanstalk:ad*",
"elasticbeanstalk:rem*"
],
"Resource": [
"arn:${Partition}:elasticbeanstalk:${Region}::platform/${PlatformNameWithVersion}"
]
},
{
"Sid": "ElasticfilesystemTaggingFilesystem",
"Effect": "Allow",
"Action": [
"elasticfilesystem:createt*",
"elasticfilesystem:deletet*"
],
"Resource": [
"arn:${Partition}:elasticfilesystem:${Region}:${Account}:file-system/${FileSystemId}"
]
},
{
"Sid": "ElasticloadbalancingTaggingLoadbalancer",
"Effect": "Allow",
"Action": [
"elasticloadbalancing:addt*",
"elasticloadbalancing:removet*"
],
"Resource": [
"arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/net/${LoadBalancerName}/${LoadBalancerId}"
]
},
{
"Sid": "ElasticloadbalancingTaggingLoadbalancerapp",
"Effect": "Allow",
"Action": [
"elasticloadbalancing:addt*",
"elasticloadbalancing:removet*"
],
"Resource": [
"arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/net/${LoadBalancerName}/${LoadBalancerId}"
]
},
{
"Sid": "ElasticloadbalancingTaggingLoadbalancernet",
"Effect": "Allow",
"Action": [
"elasticloadbalancing:addt*",
"elasticloadbalancing:removet*"
],
"Resource": [
"arn:${Partition}:elasticloadbalancing:${Region}:${Account}:loadbalancer/net/${LoadBalancerName}/${LoadBalancerId}"
]
},
{
"Sid": "ElasticloadbalancingTaggingTargetgroup",
"Effect": "Allow",
"Action": [
"elasticloadbalancing:addt*",
"elasticloadbalancing:removet*"
],
"Resource": [
"arn:${Partition}:elasticloadbalancing:${Region}:${Account}:targetgroup/${TargetGroupName}/${TargetGroupId}"
]
},
{
"Sid": "ElasticmapreduceTaggingCluster",
"Effect": "Allow",
"Action": [
"elasticmapreduce:addt*",
"elasticmapreduce:removet*"
],
"Resource": [
"arn:${Partition}:elasticmapreduce:${Region}:${Account}:cluster/${ClusterId}"
]
},
{
"Sid": "ElasticmapreduceTaggingEditor",
"Effect": "Allow",
"Action": [
"elasticmapreduce:addt*",
"elasticmapreduce:removet*"
],
"Resource": [
"arn:${Partition}:elasticmapreduce:${Region}:${Account}:editor/${EditorId}"
]
},
{
"Sid": "EsTaggingDomain",
"Effect": "Allow",
"Action": [
"es:a*",
"es:r*"
],
"Resource": [
"arn:${Partition}:es:${Region}:${Account}:domain/${DomainName}"
]
},
{
"Sid": "EventsTaggingRule",
"Effect": "Allow",
"Action": [
"events:ta*",
"events:u*"
],
"Resource": [
"arn:${Partition}:events:${Region}:${Account}:rule/[${EventBusName}/]${RuleName}"
]
},
{
"Sid": "FmsTaggingPolicy",
"Effect": "Allow",
"Action": [
"fms:t*",
"fms:u*"
],
"Resource": [
"arn:${Partition}:fms:${Region}:${Account}:policy/${Id}"
]
},
{
"Sid": "FsxTaggingNone",
"Effect": "Allow",
"Action": [
"fsx:t*",
"fsx:un*"
],
"Resource": [
"arn:${Partition}:fsx:${Region}:${Account}:backup/",
"arn:${Partition}:fsx:${Region}:${Account}:file-system/",
"arn:${Partition}:fsx:${Region}:${Account}:task/"
]
},
{
"Sid": "FsxTaggingFilesystem",
"Effect": "Allow",
"Action": [
"fsx:created*"
],
"Resource": [
"arn:${Partition}:fsx:${Region}:${Account}:file-system/"
]
},
{
"Sid": "FsxTaggingTask",
"Effect": "Allow",
"Action": [
"fsx:created*"
],
"Resource": [
"arn:${Partition}:fsx:${Region}:${Account}:task/"
]
},
{
"Sid": "GameliftTaggingAlias",
"Effect": "Allow",
"Action": [
"gamelift:t*",
"gamelift:un*"
],
"Resource": [
"arn:${Partition}:gamelift:${Region}::alias/${AliasId}"
]
},
{
"Sid": "GameliftTaggingBuild",
"Effect": "Allow",
"Action": [
"gamelift:t*",
"gamelift:un*"
],
"Resource": [
"arn:${Partition}:gamelift:${Region}:${AccountId}:build/${BuildId}"
]
},
{
"Sid": "GameliftTaggingFleet",
"Effect": "Allow",
"Action": [
"gamelift:t*",
"gamelift:un*"
],
"Resource": [
"arn:${Partition}:gamelift:${Region}:${Account}:fleet/${FleetId}"
]
},
{
"Sid": "GameliftTaggingGamesessionqueue",
"Effect": "Allow",
"Action": [
"gamelift:t*",
"gamelift:un*"
],
"Resource": [
"arn:${Partition}:gamelift:${Region}:${Account}:gamesessionqueue/${GameSessionQueueName}"
]
},
{
"Sid": "GameliftTaggingMatchmakingconfiguration",
"Effect": "Allow",
"Action": [
"gamelift:t*",
"gamelift:un*"
],
"Resource": [
"arn:${Partition}:gamelift:${Region}:${Account}:matchmakingconfiguration/${MatchmakingConfigurationName}"
]
},
{
"Sid": "GameliftTaggingMatchmakingruleset",
"Effect": "Allow",
"Action": [
"gamelift:t*",
"gamelift:un*"
],
"Resource": [
"arn:${Partition}:gamelift:${Region}:${Account}:matchmakingruleset/${MatchmakingRuleSetName}"
]
},
{
"Sid": "GameliftTaggingScript",
"Effect": "Allow",
"Action": [
"gamelift:t*",
"gamelift:un*"
],
"Resource": [
"arn:${Partition}:gamelift:${Region}:${AccountId}:script/${ScriptId}"
]
},
{
"Sid": "GlacierTaggingVault",
"Effect": "Allow",
"Action": [
"glacier:ad*",
"glacier:r*"
],
"Resource": [
"arn:${Partition}:glacier:${Region}:${Account}:vaults/${VaultName}"
]
},
{
"Sid": "GlueTaggingCrawler",
"Effect": "Allow",
"Action": [
"glue:t*",
"glue:un*"
],
"Resource": [
"arn:${Partition}:glue:${Region}:${Account}:crawler/${CrawlerName}"
]
},
{
"Sid": "GlueTaggingDevendpoint",
"Effect": "Allow",
"Action": [
"glue:t*",
"glue:un*"
],
"Resource": [
"arn:${Partition}:glue:${Region}:${Account}:devendpoint/${DevEndpointName}"
]
},
{
"Sid": "GlueTaggingJob",
"Effect": "Allow",
"Action": [
"glue:t*",
"glue:un*"
],
"Resource": [
"arn:${Partition}:glue:${Region}:${Account}:job/${JobName}"
]
},
{
"Sid": "GlueTaggingTrigger",
"Effect": "Allow",
"Action": [
"glue:t*",
"glue:un*"
],
"Resource": [
"arn:${Partition}:glue:${Region}:${Account}:trigger/${TriggerName}"
]
},
{
"Sid": "GlueTaggingWorkflow",
"Effect": "Allow",
"Action": [
"glue:t*",
"glue:un*"
],
"Resource": [
"arn:${Partition}:glue:${Region}:${Account}:workflow/${WorkflowName}"
]
},
{
"Sid": "GreengrassTaggingBulkdeployment",
"Effect": "Allow",
"Action": [
"greengrass:t*",
"greengrass:un*"
],
"Resource": [
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/cores/${CoreDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/devices/${DeviceDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/functions/${FunctionDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/loggers/${LoggerDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/resources/${ResourceDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/subscriptions/${SubscriptionDefinitionId}"
]
},
{
"Sid": "GreengrassTaggingConnectordefinition",
"Effect": "Allow",
"Action": [
"greengrass:t*",
"greengrass:un*"
],
"Resource": [
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/cores/${CoreDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/devices/${DeviceDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/functions/${FunctionDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/loggers/${LoggerDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/resources/${ResourceDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/subscriptions/${SubscriptionDefinitionId}"
]
},
{
"Sid": "GreengrassTaggingCoredefinition",
"Effect": "Allow",
"Action": [
"greengrass:t*",
"greengrass:un*"
],
"Resource": [
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/cores/${CoreDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/devices/${DeviceDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/functions/${FunctionDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/loggers/${LoggerDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/resources/${ResourceDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/subscriptions/${SubscriptionDefinitionId}"
]
},
{
"Sid": "GreengrassTaggingDevicedefinition",
"Effect": "Allow",
"Action": [
"greengrass:t*",
"greengrass:un*"
],
"Resource": [
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/cores/${CoreDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/devices/${DeviceDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/functions/${FunctionDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/loggers/${LoggerDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/resources/${ResourceDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/subscriptions/${SubscriptionDefinitionId}"
]
},
{
"Sid": "GreengrassTaggingFunctiondefinition",
"Effect": "Allow",
"Action": [
"greengrass:t*",
"greengrass:un*"
],
"Resource": [
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/cores/${CoreDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/devices/${DeviceDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/functions/${FunctionDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/loggers/${LoggerDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/resources/${ResourceDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/subscriptions/${SubscriptionDefinitionId}"
]
},
{
"Sid": "GreengrassTaggingGroup",
"Effect": "Allow",
"Action": [
"greengrass:t*",
"greengrass:un*"
],
"Resource": [
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/cores/${CoreDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/devices/${DeviceDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/functions/${FunctionDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/loggers/${LoggerDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/resources/${ResourceDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/subscriptions/${SubscriptionDefinitionId}"
]
},
{
"Sid": "GreengrassTaggingLoggerdefinition",
"Effect": "Allow",
"Action": [
"greengrass:t*",
"greengrass:un*"
],
"Resource": [
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/cores/${CoreDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/devices/${DeviceDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/functions/${FunctionDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/loggers/${LoggerDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/resources/${ResourceDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/subscriptions/${SubscriptionDefinitionId}"
]
},
{
"Sid": "GreengrassTaggingResourcedefinition",
"Effect": "Allow",
"Action": [
"greengrass:t*",
"greengrass:un*"
],
"Resource": [
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/cores/${CoreDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/devices/${DeviceDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/functions/${FunctionDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/loggers/${LoggerDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/resources/${ResourceDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/subscriptions/${SubscriptionDefinitionId}"
]
},
{
"Sid": "GreengrassTaggingSubscriptiondefinition",
"Effect": "Allow",
"Action": [
"greengrass:t*",
"greengrass:un*"
],
"Resource": [
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/cores/${CoreDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/devices/${DeviceDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/functions/${FunctionDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/groups/${GroupId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/loggers/${LoggerDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/resources/${ResourceDefinitionId}",
"arn:${Partition}:greengrass:${Region}:${Account}:/greengrass/definition/subscriptions/${SubscriptionDefinitionId}"
]
},
{
"Sid": "GroundstationTaggingConfig",
"Effect": "Allow",
"Action": [
"groundstation:t*",
"groundstation:un*"
],
"Resource": [
"arn:${Partition}:groundstation:${Region}:${Account}:config/${configType}/${configId}"
]
},
{
"Sid": "GroundstationTaggingContact",
"Effect": "Allow",
"Action": [
"groundstation:t*",
"groundstation:un*"
],
"Resource": [
"arn:${Partition}:groundstation:${Region}:${Account}:contact/${contactId}"
]
},
{
"Sid": "GroundstationTaggingDataflowendpointgroup",
"Effect": "Allow",
"Action": [
"groundstation:t*",
"groundstation:un*"
],
"Resource": [
"arn:${Partition}:groundstation:${Region}:${Account}:dataflow-endpoint-group/${dataflowEndpointGroupId}"
]
},
{
"Sid": "GroundstationTaggingMissionprofile",
"Effect": "Allow",
"Action": [
"groundstation:t*",
"groundstation:un*"
],
"Resource": [
"arn:${Partition}:groundstation:${Region}:${Account}:mission-profile/${missionProfileId}"
]
},
{
"Sid": "IamTaggingRole",
"Effect": "Allow",
"Action": [
"iam:tagr*",
"iam:untagr*"
],
"Resource": [
"arn:${Partition}:iam::${Account}:role/${RoleNameWithPath}"
]
},
{
"Sid": "IamTaggingUser",
"Effect": "Allow",
"Action": [
"iam:tagu*",
"iam:untagu*"
],
"Resource": [
"arn:${Partition}:iam::${Account}:user/${aws:username}"
]
},
{
"Sid": "ImagebuilderTaggingComponent",
"Effect": "Allow",
"Action": [
"imagebuilder:t*",
"imagebuilder:un*"
],
"Resource": [
"arn:${Partition}:imagebuilder:${Region}:${Account}:component/${ComponentName}/${ComponentVersion}/${ComponentBuildVersion}"
]
},
{
"Sid": "ImagebuilderTaggingDistributionconfiguration",
"Effect": "Allow",
"Action": [
"imagebuilder:t*",
"imagebuilder:un*"
],
"Resource": [
"arn:${Partition}:imagebuilder:${Region}:${Account}:distribution-configuration/${DistributionConfigurationName}"
]
},
{
"Sid": "ImagebuilderTaggingImage",
"Effect": "Allow",
"Action": [
"imagebuilder:t*",
"imagebuilder:un*"
],
"Resource": [
"arn:${Partition}:imagebuilder:${Region}:${Account}:image/${ImageName}/${ImageVersion}/${ImageBuildVersion}"
]
},
{
"Sid": "ImagebuilderTaggingImagepipeline",
"Effect": "Allow",
"Action": [
"imagebuilder:t*",
"imagebuilder:un*"
],
"Resource": [
"arn:${Partition}:imagebuilder:${Region}:${Account}:image-pipeline/${ImagePipelineName}"
]
},
{
"Sid": "ImagebuilderTaggingImagerecipe",
"Effect": "Allow",
"Action": [
"imagebuilder:t*",
"imagebuilder:un*"
],
"Resource": [
"arn:${Partition}:imagebuilder:${Region}:${Account}:image-recipe/${ImageRecipeName}/${ImageRecipeVersion}"
]
},
{
"Sid": "ImagebuilderTaggingInfrastructureconfiguration",
"Effect": "Allow",
"Action": [
"imagebuilder:t*",
"imagebuilder:un*"
],
"Resource": [
"arn:${Partition}:imagebuilder:${Region}:${Account}:infrastructure-configuration/${ResourceId}"
]
},
{
"Sid": "IotTaggingBillinggroup",
"Effect": "Allow",
"Action": [
"iot:deleteb*",
"iot:ta*",
"iot:un*"
],
"Resource": [
"arn:${Partition}:iot:${Region}:${Account}:billinggroup/${BillingGroupName}"
]
},
{
"Sid": "IotTaggingThinggroup",
"Effect": "Allow",
"Action": [
"iot:deleted*",
"iot:ta*",
"iot:un*"
],
"Resource": [
"arn:${Partition}:iot:${Region}:${Account}:thinggroup/${ThingGroupName}"
]
},
{
"Sid": "IotTaggingJob",
"Effect": "Allow",
"Action": [
"iot:ta*",
"iot:un*"
],
"Resource": [
"arn:${Partition}:iot:${Region}:${Account}:job/${JobId}"
]
},
{
"Sid": "IotTaggingOtaupdate",
"Effect": "Allow",
"Action": [
"iot:ta*",
"iot:un*"
],
"Resource": [
"arn:${Partition}:iot:${Region}:${Account}:otaupdate/${otaUpdateId}"
]
},
{
"Sid": "IotTaggingRule",
"Effect": "Allow",
"Action": [
"iot:ta*",
"iot:un*"
],
"Resource": [
"arn:${Partition}:iot:${Region}:${Account}:rule/${ruleName}"
]
},
{
"Sid": "IotTaggingScheduledaudit",
"Effect": "Allow",
"Action": [
"iot:ta*",
"iot:un*"
],
"Resource": [
"arn:${Partition}:iot:${Region}:${Account}:scheduledaudit/${ScheduleName}"
]
},
{
"Sid": "IotTaggingSecurityprofile",
"Effect": "Allow",
"Action": [
"iot:ta*",
"iot:un*"
],
"Resource": [
"arn:${Partition}:iot:${Region}:${Account}:securityprofile/${SecurityProfileName}"
]
},
{
"Sid": "IotTaggingStream",
"Effect": "Allow",
"Action": [
"iot:ta*",
"iot:un*"
],
"Resource": [
"arn:${Partition}:iot:${Region}:${Account}:stream/${streamId}"
]
},
{
"Sid": "IotTaggingThingtype",
"Effect": "Allow",
"Action": [
"iot:ta*",
"iot:un*"
],
"Resource": [
"arn:${Partition}:iot:${Region}:${Account}:thingtype/${ThingTypeName}"
]
},
{
"Sid": "IotanalyticsTaggingChannel",
"Effect": "Allow",
"Action": [
"iotanalytics:t*",
"iotanalytics:un*"
],
"Resource": [
"arn:${Partition}:iotanalytics:${Region}:${Account}:channel/${ChannelName}"
]
},
{
"Sid": "IotanalyticsTaggingDataset",
"Effect": "Allow",
"Action": [
"iotanalytics:t*",
"iotanalytics:un*"
],
"Resource": [
"arn:${Partition}:iotanalytics:${Region}:${Account}:dataset/${DatasetName}"
]
},
{
"Sid": "IotanalyticsTaggingDatastore",
"Effect": "Allow",
"Action": [
"iotanalytics:t*",
"iotanalytics:un*"
],
"Resource": [
"arn:${Partition}:iotanalytics:${Region}:${Account}:datastore/${DatastoreName}"
]
},
{
"Sid": "IotanalyticsTaggingPipeline",
"Effect": "Allow",
"Action": [
"iotanalytics:t*",
"iotanalytics:un*"
],
"Resource": [
"arn:${Partition}:iotanalytics:${Region}:${Account}:pipeline/${PipelineName}"
]
},
{
"Sid": "IoteventsTaggingDetectormodel",
"Effect": "Allow",
"Action": [
"iotevents:t*",
"iotevents:un*"
],
"Resource": [
"arn:${Partition}:iotevents:${Region}:${Account}:detectorModel/${DetectorModelName}"
]
},
{
"Sid": "IoteventsTaggingInput",
"Effect": "Allow",
"Action": [
"iotevents:t*",
"iotevents:un*"
],
"Resource": [
"arn:${Partition}:iotevents:${Region}:${Account}:input/${inputName}"
]
},
{
"Sid": "IotthingsgraphTaggingSysteminstance",
"Effect": "Allow",
"Action": [
"iotthingsgraph:t*",
"iotthingsgraph:unt*"
],
"Resource": [
"arn:${Partition}:iotthingsgraph:${Region}:${Account}:Deployment/${NamespacePath}"
]
},
{
"Sid": "KafkaTaggingCluster",
"Effect": "Allow",
"Action": [
"kafka:t*",
"kafka:un*"
],
"Resource": [
"arn:${Partition}:kafka:${Region}:${Account}:cluster/${ClusterName}/${UUID}"
]
},
{
"Sid": "KinesisTaggingStream",
"Effect": "Allow",
"Action": [
"kinesis:a*",
"kinesis:rem*"
],
"Resource": [
"arn:${Partition}:kinesis:${Region}:${Account}:stream/${StreamName}"
]
},
{
"Sid": "KinesisanalyticsTaggingApplication",
"Effect": "Allow",
"Action": [
"kinesisanalytics:t*",
"kinesisanalytics:un*"
],
"Resource": [
"arn:${Partition}:kinesisanalytics:${Region}:${Account}:application/${ApplicationName}"
]
},
{
"Sid": "KinesisvideoTaggingChannel",
"Effect": "Allow",
"Action": [
"kinesisvideo:tagr*",
"kinesisvideo:untagr*"
],
"Resource": [
"arn:${Partition}:kinesisvideo:${Region}:${Account}:channel/${ChannelName}/${CreationTime}"
]
},
{
"Sid": "KinesisvideoTaggingStream",
"Effect": "Allow",
"Action": [
"kinesisvideo:t*",
"kinesisvideo:un*"
],
"Resource": [
"arn:${Partition}:kinesisvideo:${Region}:${Account}:stream/${StreamName}/${CreationTime}"
]
},
{
"Sid": "KmsTaggingKmskey",
"Effect": "Allow",
"Action": [
"kms:t*",
"kms:un*"
],
"Resource": [
"arn:${Partition}:kms:${Region}:${Account}:key/${KeyId}"
]
},
{
"Sid": "License-managerTaggingLicenseconfiguration",
"Effect": "Allow",
"Action": [
"license-manager:t*",
"license-manager:un*"
],
"Resource": [
"arn:${Partition}:license-manager:${Region}:${Account}:license-configuration/${LicenseConfigurationId}"
]
},
{
"Sid": "MachinelearningTaggingBatchprediction",
"Effect": "Allow",
"Action": [
"machinelearning:a*",
"machinelearning:deletet*"
],
"Resource": [
"arn:${Partition}:machinelearning:${Region}:${Account}:batchprediction/${BatchPredictionId}"
]
},
{
"Sid": "MachinelearningTaggingDatasource",
"Effect": "Allow",
"Action": [
"machinelearning:a*",
"machinelearning:deletet*"
],
"Resource": [
"arn:${Partition}:machinelearning:${Region}:${Account}:datasource/${DatasourceId}"
]
},
{
"Sid": "MachinelearningTaggingEvaluation",
"Effect": "Allow",
"Action": [
"machinelearning:a*",
"machinelearning:deletet*"
],
"Resource": [
"arn:${Partition}:machinelearning:${Region}:${Account}:evaluation/${EvaluationId}"
]
},
{
"Sid": "MachinelearningTaggingMlmodel",
"Effect": "Allow",
"Action": [
"machinelearning:a*",
"machinelearning:deletet*"
],
"Resource": [
"arn:${Partition}:machinelearning:${Region}:${Account}:mlmodel/${MlModelId}"
]
},
{
"Sid": "MediaconvertTaggingJobtemplate",
"Effect": "Allow",
"Action": [
"mediaconvert:t*",
"mediaconvert:un*"
],
"Resource": [
"arn:${Partition}:mediaconvert:${Region}:${Account}:jobTemplates/${JobTemplateName}"
]
},
{
"Sid": "MediaconvertTaggingPreset",
"Effect": "Allow",
"Action": [
"mediaconvert:t*",
"mediaconvert:un*"
],
"Resource": [
"arn:${Partition}:mediaconvert:${Region}:${Account}:presets/${PresetName}"
]
},
{
"Sid": "MediaconvertTaggingQueue",
"Effect": "Allow",
"Action": [
"mediaconvert:t*",
"mediaconvert:un*"
],
"Resource": [
"arn:${Partition}:mediaconvert:${Region}:${Account}:queues/${QueueName}"
]
},
{
"Sid": "MedialiveTaggingMultiplex",
"Effect": "Allow",
"Action": [
"medialive:createm*"
],
"Resource": [
"arn:${Partition}:medialive:${Region}:${Account}:inputSecurityGroup:",
"arn:${Partition}:medialive:${Region}:${Account}:multiplex:",
"arn:${Partition}:medialive:${Region}:${Account}:reservation:"
]
},
{
"Sid": "MedialiveTaggingNone",
"Effect": "Allow",
"Action": [
"medialive:createt*",
"medialive:deletet*"
],
"Resource": [
"arn:${Partition}:medialive:${Region}:${Account}:inputSecurityGroup:",
"arn:${Partition}:medialive:${Region}:${Account}:inputSecurityGroup:",
"arn:${Partition}:medialive:${Region}:${Account}:inputSecurityGroup:",
"arn:${Partition}:medialive:${Region}:${Account}:inputSecurityGroup:",
"arn:${Partition}:medialive:${Region}:${Account}:inputSecurityGroup:",
"arn:${Partition}:medialive:${Region}:${Account}:multiplex:",
"arn:${Partition}:medialive:${Region}:${Account}:multiplex:",
"arn:${Partition}:medialive:${Region}:${Account}:multiplex:",
"arn:${Partition}:medialive:${Region}:${Account}:multiplex:",
"arn:${Partition}:medialive:${Region}:${Account}:multiplex:",
"arn:${Partition}:medialive:${Region}:${Account}:reservation:",
"arn:${Partition}:medialive:${Region}:${Account}:reservation:",
"arn:${Partition}:medialive:${Region}:${Account}:reservation:",
"arn:${Partition}:medialive:${Region}:${Account}:reservation:",
"arn:${Partition}:medialive:${Region}:${Account}:reservation:"
]
},
{
"Sid": "MobiletargetingTaggingApps",
"Effect": "Allow",
"Action": [
"mobiletargeting:t*",
"mobiletargeting:un*"
],
"Resource": [
"arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/segments/${SegmentId}"
]
},
{
"Sid": "MobiletargetingTaggingCampaigns",
"Effect": "Allow",
"Action": [
"mobiletargeting:t*",
"mobiletargeting:un*"
],
"Resource": [
"arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/segments/${SegmentId}"
]
},
{
"Sid": "MobiletargetingTaggingSegments",
"Effect": "Allow",
"Action": [
"mobiletargeting:t*",
"mobiletargeting:un*"
],
"Resource": [
"arn:${Partition}:mobiletargeting:${Region}:${Account}:apps/${AppId}/segments/${SegmentId}"
]
},
{
"Sid": "NetworkmanagerTaggingDevice",
"Effect": "Allow",
"Action": [
"networkmanager:t*",
"networkmanager:un*"
],
"Resource": [
"arn:${Partition}:networkmanager::${Account}:device/${GlobalNetworkId}/${ResourceId}"
]
},
{
"Sid": "NetworkmanagerTaggingGlobalnetwork",
"Effect": "Allow",
"Action": [
"networkmanager:t*",
"networkmanager:un*"
],
"Resource": [
"arn:${Partition}:networkmanager::${Account}:global-network/${ResourceId}"
]
},
{
"Sid": "NetworkmanagerTaggingLink",
"Effect": "Allow",
"Action": [
"networkmanager:t*",
"networkmanager:un*"
],
"Resource": [
"arn:${Partition}:networkmanager::${Account}:link/${GlobalNetworkId}/${ResourceId}"
]
},
{
"Sid": "NetworkmanagerTaggingSite",
"Effect": "Allow",
"Action": [
"networkmanager:t*",
"networkmanager:un*"
],
"Resource": [
"arn:${Partition}:networkmanager::${Account}:site/${GlobalNetworkId}/${ResourceId}"
]
},
{
"Sid": "QldbTaggingLedger",
"Effect": "Allow",
"Action": [
"qldb:t*",
"qldb:un*"
],
"Resource": [
"arn:${Partition}:qldb:${Region}:${Account}:ledger/${LedgerName}"
]
},
{
"Sid": "RamTaggingResourceshare",
"Effect": "Allow",
"Action": [
"ram:t*",
"ram:un*"
],
"Resource": [
"arn:${Partition}:ram:${Region}:${Account}:resource-share/${ResourcePath}"
]
},
{
"Sid": "RdsTaggingDb",
"Effect": "Allow",
"Action": [
"rds:addt*",
"rds:removet*"
],
"Resource": [
"arn:${Partition}:rds:${Region}:${Account}:og:${OptionGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:pg:${ParameterGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:ri:${ReservedDbInstanceName}",
"arn:${Partition}:rds:${Region}:${Account}:secgrp:${SecurityGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:snapshot:${SnapshotName}",
"arn:${Partition}:rds:${Region}:${Account}:subgrp:${SubnetGroupName}"
]
},
{
"Sid": "RdsTaggingEs",
"Effect": "Allow",
"Action": [
"rds:addt*",
"rds:removet*"
],
"Resource": [
"arn:${Partition}:rds:${Region}:${Account}:og:${OptionGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:pg:${ParameterGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:ri:${ReservedDbInstanceName}",
"arn:${Partition}:rds:${Region}:${Account}:secgrp:${SecurityGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:snapshot:${SnapshotName}",
"arn:${Partition}:rds:${Region}:${Account}:subgrp:${SubnetGroupName}"
]
},
{
"Sid": "RdsTaggingOg",
"Effect": "Allow",
"Action": [
"rds:addt*",
"rds:removet*"
],
"Resource": [
"arn:${Partition}:rds:${Region}:${Account}:og:${OptionGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:pg:${ParameterGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:ri:${ReservedDbInstanceName}",
"arn:${Partition}:rds:${Region}:${Account}:secgrp:${SecurityGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:snapshot:${SnapshotName}",
"arn:${Partition}:rds:${Region}:${Account}:subgrp:${SubnetGroupName}"
]
},
{
"Sid": "RdsTaggingPg",
"Effect": "Allow",
"Action": [
"rds:addt*",
"rds:removet*"
],
"Resource": [
"arn:${Partition}:rds:${Region}:${Account}:og:${OptionGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:pg:${ParameterGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:ri:${ReservedDbInstanceName}",
"arn:${Partition}:rds:${Region}:${Account}:secgrp:${SecurityGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:snapshot:${SnapshotName}",
"arn:${Partition}:rds:${Region}:${Account}:subgrp:${SubnetGroupName}"
]
},
{
"Sid": "RdsTaggingRi",
"Effect": "Allow",
"Action": [
"rds:addt*",
"rds:removet*"
],
"Resource": [
"arn:${Partition}:rds:${Region}:${Account}:og:${OptionGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:pg:${ParameterGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:ri:${ReservedDbInstanceName}",
"arn:${Partition}:rds:${Region}:${Account}:secgrp:${SecurityGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:snapshot:${SnapshotName}",
"arn:${Partition}:rds:${Region}:${Account}:subgrp:${SubnetGroupName}"
]
},
{
"Sid": "RdsTaggingSecgrp",
"Effect": "Allow",
"Action": [
"rds:addt*",
"rds:removet*"
],
"Resource": [
"arn:${Partition}:rds:${Region}:${Account}:og:${OptionGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:pg:${ParameterGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:ri:${ReservedDbInstanceName}",
"arn:${Partition}:rds:${Region}:${Account}:secgrp:${SecurityGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:snapshot:${SnapshotName}",
"arn:${Partition}:rds:${Region}:${Account}:subgrp:${SubnetGroupName}"
]
},
{
"Sid": "RdsTaggingSnapshot",
"Effect": "Allow",
"Action": [
"rds:addt*",
"rds:removet*"
],
"Resource": [
"arn:${Partition}:rds:${Region}:${Account}:og:${OptionGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:pg:${ParameterGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:ri:${ReservedDbInstanceName}",
"arn:${Partition}:rds:${Region}:${Account}:secgrp:${SecurityGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:snapshot:${SnapshotName}",
"arn:${Partition}:rds:${Region}:${Account}:subgrp:${SubnetGroupName}"
]
},
{
"Sid": "RdsTaggingSubgrp",
"Effect": "Allow",
"Action": [
"rds:addt*",
"rds:removet*"
],
"Resource": [
"arn:${Partition}:rds:${Region}:${Account}:og:${OptionGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:pg:${ParameterGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:ri:${ReservedDbInstanceName}",
"arn:${Partition}:rds:${Region}:${Account}:secgrp:${SecurityGroupName}",
"arn:${Partition}:rds:${Region}:${Account}:snapshot:${SnapshotName}",
"arn:${Partition}:rds:${Region}:${Account}:subgrp:${SubnetGroupName}"
]
},
{
"Sid": "Resource-groupsTaggingGroup",
"Effect": "Allow",
"Action": [
"resource-groups:t*",
"resource-groups:un*"
],
"Resource": [
"arn:${Partition}:resource-groups:${Region}:${Account}:group/${GroupName}"
]
},
{
"Sid": "Route53TaggingHealthcheck",
"Effect": "Allow",
"Action": [
"route53:changet*"
],
"Resource": [
"arn:${Partition}:route53:::healthcheck/${Id}"
]
},
{
"Sid": "Route53TaggingHostedzone",
"Effect": "Allow",
"Action": [
"route53:changet*"
],
"Resource": [
"arn:${Partition}:route53:::hostedzone/${Id}"
]
},
{
"Sid": "Route53resolverTaggingResolverendpoint",
"Effect": "Allow",
"Action": [
"route53resolver:t*",
"route53resolver:un*"
],
"Resource": [
"arn:${Partition}:route53resolver:${Region}:${Account}:resolver-endpoint/${ResourceId}"
]
},
{
"Sid": "Route53resolverTaggingResolverrule",
"Effect": "Allow",
"Action": [
"route53resolver:t*",
"route53resolver:un*"
],
"Resource": [
"arn:${Partition}:route53resolver:${Region}:${Account}:resolver-rule/${ResourceId}"
]
},
{
"Sid": "S3TaggingObject",
"Effect": "Allow",
"Action": [
"s3:deleteobjectt*",
"s3:deleteobjectversiont*",
"s3:putobjectt*",
"s3:putobjectversiont*",
"s3:replicatet*"
],
"Resource": [
"arn:${Partition}:s3:::${BucketName}/${ObjectName}"
]
},
{
"Sid": "S3TaggingBucket",
"Effect": "Allow",
"Action": [
"s3:putbuckett*"
],
"Resource": [
"arn:${Partition}:s3:::${BucketName}"
]
},
{
"Sid": "SagemakerTaggingApp",
"Effect": "Allow",
"Action": [
"sagemaker:ad*",
"sagemaker:deleteta*"
],
"Resource": [
"arn:${Partition}:sagemaker:${Region}:${Account}:app/${DomainId}/${UserProfileName}/${AppType}/${AppName}"
]
},
{
"Sid": "SagemakerTaggingAutomljob",
"Effect": "Allow",
"Action": [
"sagemaker:ad*",
"sagemaker:deleteta*"
],
"Resource": [
"arn:${Partition}:sagemaker:${Region}:${Account}:automl-job/${AutoMLJobJobName}"
]
},
{
"Sid": "SagemakerTaggingDomain",
"Effect": "Allow",
"Action": [
"sagemaker:ad*",
"sagemaker:deleteta*"
],
"Resource": [
"arn:${Partition}:sagemaker:${Region}:${Account}:domain/${DomainId}"
]
},
{
"Sid": "SagemakerTaggingEndpoint",
"Effect": "Allow",
"Action": [
"sagemaker:ad*",
"sagemaker:deleteta*"
],
"Resource": [
"arn:${Partition}:sagemaker:${Region}:${Account}:endpoint/${EndpointName}"
]
},
{
"Sid": "SagemakerTaggingEndpointconfig",
"Effect": "Allow",
"Action": [
"sagemaker:ad*",
"sagemaker:deleteta*"
],
"Resource": [
"arn:${Partition}:sagemaker:${Region}:${Account}:endpoint-config/${EndpointConfigName}"
]
},
{
"Sid": "SagemakerTaggingExperiment",
"Effect": "Allow",
"Action": [
"sagemaker:ad*",
"sagemaker:deleteta*"
],
"Resource": [
"arn:${Partition}:sagemaker:${Region}:${Account}:experiment/${ExperimentName}"
]
},
{
"Sid": "SagemakerTaggingExperimenttrial",
"Effect": "Allow",
"Action": [
"sagemaker:ad*",
"sagemaker:deleteta*"
],
"Resource": [
"arn:${Partition}:sagemaker:${Region}:${Account}:experiment-trial/${TrialName}"
]
},
{
"Sid": "SagemakerTaggingExperimenttrialcomponent",
"Effect": "Allow",
"Action": [
"sagemaker:ad*",
"sagemaker:deleteta*"
],
"Resource": [
"arn:${Partition}:sagemaker:${Region}:${Account}:experiment-trial-component/${TrialComponentName}"
]
},
{
"Sid": "SagemakerTaggingFlowdefinition",
"Effect": "Allow",
"Action": [
"sagemaker:ad*",
"sagemaker:deleteta*"
],
"Resource": [
"arn:${Partition}:sagemaker:${Region}:${Account}:flow-definition/${FlowDefinitionName}"
]
},
{
"Sid": "SagemakerTaggingHumantaskui",
"Effect": "Allow",
"Action": [
"sagemaker:ad*",
"sagemaker:deleteta*"
],
"Resource": [
"arn:${Partition}:sagemaker:${Region}:${Account}:human-task-ui/${HumanTaskUiName}"
]
},
{
"Sid": "SagemakerTaggingHyperparametertuningjob",
"Effect": "Allow",
"Action": [
"sagemaker:ad*",
"sagemaker:deleteta*"
],
"Resource": [
"arn:${Partition}:sagemaker:${Region}:${Account}:hyper-parameter-tuning-job/${HyperParameterTuningJobName}"
]
},
{
"Sid": "SagemakerTaggingLabelingjob",
"Effect": "Allow",
"Action": [
"sagemaker:ad*",
"sagemaker:deleteta*"
],
"Resource": [
"arn:${Partition}:sagemaker:${Region}:${Account}:labeling-job/${LabelingJobName}"
]
},
{
"Sid": "SagemakerTaggingModel",
"Effect": "Allow",
"Action": [
"sagemaker:ad*",
"sagemaker:deleteta*"
],
"Resource": [
"arn:${Partition}:sagemaker:${Region}:${Account}:model/${ModelName}"
]
},
{
"Sid": "SagemakerTaggingMonitoringschedule",
"Effect": "Allow",
"Action": [
"sagemaker:ad*",
"sagemaker:deleteta*"
],
"Resource": [
"arn:${Partition}:sagemaker:${Region}:${Account}:monitoring-schedule/${MonitoringScheduleName}"
]
},
{
"Sid": "SagemakerTaggingNotebookinstance",
"Effect": "Allow",
"Action": [
"sagemaker:ad*",
"sagemaker:deleteta*"
],
"Resource": [
"arn:${Partition}:sagemaker:${Region}:${Account}:notebook-instance/${NotebookInstanceName}"
]
},
{
"Sid": "SagemakerTaggingProcessingjob",
"Effect": "Allow",
"Action": [
"sagemaker:ad*",
"sagemaker:deleteta*"
],
"Resource": [
"arn:${Partition}:sagemaker:${Region}:${Account}:processing-job/${ProcessingJobName}"
]
},
{
"Sid": "SagemakerTaggingTrainingjob",
"Effect": "Allow",
"Action": [
"sagemaker:ad*",
"sagemaker:deleteta*"
],
"Resource": [
"arn:${Partition}:sagemaker:${Region}:${Account}:training-job/${TrainingJobName}"
]
},
{
"Sid": "SagemakerTaggingTransformjob",
"Effect": "Allow",
"Action": [
"sagemaker:ad*",
"sagemaker:deleteta*"
],
"Resource": [
"arn:${Partition}:sagemaker:${Region}:${Account}:transform-job/${TransformJobName}"
]
},
{
"Sid": "SagemakerTaggingUserprofile",
"Effect": "Allow",
"Action": [
"sagemaker:ad*",
"sagemaker:deleteta*"
],
"Resource": [
"arn:${Partition}:sagemaker:${Region}:${Account}:user-profile/${DomainId}/${UserProfileName}"
]
},
{
"Sid": "SagemakerTaggingWorkteam",
"Effect": "Allow",
"Action": [
"sagemaker:ad*",
"sagemaker:deleteta*"
],
"Resource": [
"arn:${Partition}:sagemaker:${Region}:${Account}:workteam/${WorkteamName}"
]
},
{
"Sid": "SagemakerTaggingCompilationjob",
"Effect": "Allow",
"Action": [
"sagemaker:deleteta*"
],
"Resource": [
"arn:${Partition}:sagemaker:${Region}:${Account}:compilation-job/${CompilationJobName}"
]
},
{
"Sid": "SavingsplansTaggingSavingsplan",
"Effect": "Allow",
"Action": [
"savingsplans:t*",
"savingsplans:u*"
],
"Resource": [
"arn:${Partition}:savingsplans::${Account}:savingsplan/${ResourceId}"
]
},
{
"Sid": "SchemasTaggingDiscoverer",
"Effect": "Allow",
"Action": [
"schemas:t*",
"schemas:un*"
],
"Resource": [
"arn:${Partition}:schemas:${Region}:${Account}:discoverer/${DiscovererId}"
]
},
{
"Sid": "SchemasTaggingRegistry",
"Effect": "Allow",
"Action": [
"schemas:t*",
"schemas:un*"
],
"Resource": [
"arn:${Partition}:schemas:${Region}:${Account}:registry/${RegistryName}"
]
},
{
"Sid": "SchemasTaggingSchema",
"Effect": "Allow",
"Action": [
"schemas:t*",
"schemas:un*"
],
"Resource": [
"arn:${Partition}:schemas:${Region}:${Account}:schema/${RegistryName}/${SchemaName}"
]
},
{
"Sid": "SecretsmanagerTaggingSecret",
"Effect": "Allow",
"Action": [
"secretsmanager:t*",
"secretsmanager:un*"
],
"Resource": [
"arn:${Partition}:secretsmanager:${Region}:${Account}:secret:${SecretId}"
]
},
{
"Sid": "SesTaggingConfigurationset",
"Effect": "Allow",
"Action": [
"ses:ta*",
"ses:un*"
],
"Resource": [
"arn:${Partition}:ses:${Region}:${Account}:configuration-set/${ConfigurationSetName}"
]
},
{
"Sid": "SesTaggingDedicatedippool",
"Effect": "Allow",
"Action": [
"ses:ta*",
"ses:un*"
],
"Resource": [
"arn:${Partition}:ses:${Region}:${Account}:dedicated-ip-pool/${CustomVerificationEmailTemplateName}"
]
},
{
"Sid": "SesTaggingDeliverabilitytestreport",
"Effect": "Allow",
"Action": [
"ses:ta*",
"ses:un*"
],
"Resource": [
"arn:${Partition}:ses:${Region}:${Account}:deliverability-test-report/${CustomVerificationEmailTemplateName}"
]
},
{
"Sid": "SesTaggingIdentity",
"Effect": "Allow",
"Action": [
"ses:ta*",
"ses:un*"
],
"Resource": [
"arn:${Partition}:ses:${Region}:${Account}:identity/${IdentityName}"
]
},
{
"Sid": "SignerTaggingSigningprofile",
"Effect": "Allow",
"Action": [
"signer:t*",
"signer:u*"
],
"Resource": [
"arn:${Partition}:signer:${Region}::/signing-profiles/${profileName}"
]
},
{
"Sid": "SnsTaggingTopic",
"Effect": "Allow",
"Action": [
"sns:t*",
"sns:unt*"
],
"Resource": [
"arn:${Partition}:sns:${Region}:${Account}:${TopicName}"
]
},
{
"Sid": "SqsTaggingQueue",
"Effect": "Allow",
"Action": [
"sqs:t*",
"sqs:u*"
],
"Resource": [
"arn:${Partition}:sqs:${Region}:${Account}:${QueueName}"
]
},
{
"Sid": "SsmTaggingDocument",
"Effect": "Allow",
"Action": [
"ssm:a*",
"ssm:rem*"
],
"Resource": [
"arn:${Partition}:ssm:${Region}:${Account}:document/${DocumentName}"
]
},
{
"Sid": "SsmTaggingMaintenancewindow",
"Effect": "Allow",
"Action": [
"ssm:a*",
"ssm:rem*"
],
"Resource": [
"arn:${Partition}:ssm:${Region}:${Account}:maintenancewindow/${ResourceId}"
]
},
{
"Sid": "SsmTaggingManagedinstance",
"Effect": "Allow",
"Action": [
"ssm:a*",
"ssm:rem*"
],
"Resource": [
"arn:${Partition}:ssm:${Region}:${Account}:managed-instance/${ManagedInstanceName}"
]
},
{
"Sid": "SsmTaggingParameter",
"Effect": "Allow",
"Action": [
"ssm:a*",
"ssm:rem*"
],
"Resource": [
"arn:${Partition}:ssm:${Region}:${Account}:parameter/${FullyQualifiedParameterName}"
]
},
{
"Sid": "SsmTaggingPatchbaseline",
"Effect": "Allow",
"Action": [
"ssm:a*",
"ssm:rem*"
],
"Resource": [
"arn:${Partition}:ssm:${Region}:${Account}:patchbaseline/${PatchBaselineIdResourceId}"
]
},
{
"Sid": "StatesTaggingActivity",
"Effect": "Allow",
"Action": [
"states:t*",
"states:un*"
],
"Resource": [
"arn:${Partition}:states:${Region}:${Account}:activity:${ActivityName}"
]
},
{
"Sid": "StatesTaggingStatemachine",
"Effect": "Allow",
"Action": [
"states:t*",
"states:un*"
],
"Resource": [
"arn:${Partition}:states:${Region}:${Account}:activity:${ActivityName}"
]
},
{
"Sid": "StoragegatewayTaggingShare",
"Effect": "Allow",
"Action": [
"storagegateway:addt*",
"storagegateway:rem*"
],
"Resource": [
"arn:${Partition}:storagegateway:${Region}:${Account}:share/${ShareId}"
]
},
{
"Sid": "StoragegatewayTaggingGateway",
"Effect": "Allow",
"Action": [
"storagegateway:addt*",
"storagegateway:rem*"
],
"Resource": [
"arn:${Partition}:storagegateway:${Region}:${Account}:gateway/${GatewayId}/volume/${VolumeId}"
]
},
{
"Sid": "StoragegatewayTaggingTape",
"Effect": "Allow",
"Action": [
"storagegateway:addt*",
"storagegateway:rem*"
],
"Resource": [
"arn:${Partition}:storagegateway:${Region}:${Account}:gateway/${GatewayId}/volume/${VolumeId}"
]
},
{
"Sid": "StoragegatewayTaggingVolume",
"Effect": "Allow",
"Action": [
"storagegateway:addt*",
"storagegateway:rem*"
],
"Resource": [
"arn:${Partition}:storagegateway:${Region}:${Account}:gateway/${GatewayId}/volume/${VolumeId}"
]
},
{
"Sid": "SwfTaggingDomain",
"Effect": "Allow",
"Action": [
"swf:ta*",
"swf:u*"
],
"Resource": [
"arn:${Partition}:swf::${Account}:domain/${DomainName}"
]
},
{
"Sid": "TransferTaggingServer",
"Effect": "Allow",
"Action": [
"transfer:ta*",
"transfer:un*"
],
"Resource": [
"arn:${Partition}:transfer:${region}:${account}:server/${serverId}"
]
},
{
"Sid": "TransferTaggingUser",
"Effect": "Allow",
"Action": [
"transfer:ta*",
"transfer:un*"
],
"Resource": [
"arn:${Partition}:transfer:${region}:${account}:user/${serverId}/${username}"
]
},
{
"Sid": "WafTaggingRatebasedrule",
"Effect": "Allow",
"Action": [
"waf:t*",
"waf:un*"
],
"Resource": [
"arn:${Partition}:waf::${Account}:ratebasedrule/${Id}"
]
},
{
"Sid": "WafTaggingRule",
"Effect": "Allow",
"Action": [
"waf:t*",
"waf:un*"
],
"Resource": [
"arn:${Partition}:waf::${Account}:rule/${Id}"
]
},
{
"Sid": "WafTaggingRulegroup",
"Effect": "Allow",
"Action": [
"waf:t*",
"waf:un*"
],
"Resource": [
"arn:${Partition}:waf::${Account}:rulegroup/${Id}"
]
},
{
"Sid": "WafTaggingWebacl",
"Effect": "Allow",
"Action": [
"waf:t*",
"waf:un*"
],
"Resource": [
"arn:${Partition}:waf::${Account}:webacl/${Id}"
]
},
{
"Sid": "Waf-regionalTaggingRatebasedrule",
"Effect": "Allow",
"Action": [
"waf-regional:t*",
"waf-regional:un*"
],
"Resource": [
"arn:${Partition}:waf-regional:${Region}:${Account}:ratebasedrule/${Id}"
]
},
{
"Sid": "Waf-regionalTaggingRule",
"Effect": "Allow",
"Action": [
"waf-regional:t*",
"waf-regional:un*"
],
"Resource": [
"arn:${Partition}:waf-regional:${Region}:${Account}:rule/${Id}"
]
},
{
"Sid": "Waf-regionalTaggingRulegroup",
"Effect": "Allow",
"Action": [
"waf-regional:t*",
"waf-regional:un*"
],
"Resource": [
"arn:${Partition}:waf-regional:${Region}:${Account}:rulegroup/${Id}"
]
},
{
"Sid": "Waf-regionalTaggingWebacl",
"Effect": "Allow",
"Action": [
"waf-regional:t*",
"waf-regional:un*"
],
"Resource": [
"arn:${Partition}:waf-regional:${Region}:${Account}:webacl/${Id}"
]
},
{
"Sid": "Wafv2TaggingIpset",
"Effect": "Allow",
"Action": [
"wafv2:t*",
"wafv2:un*"
],
"Resource": [
"arn:${Partition}:wafv2:${Region}:${Account}:${Scope}/rulegroup/${Name}/${Id}",
"arn:${Partition}:wafv2:${Region}:${Account}:${Scope}/webacl/${Name}/${Id}"
]
},
{
"Sid": "Wafv2TaggingRegexpatternset",
"Effect": "Allow",
"Action": [
"wafv2:t*",
"wafv2:un*"
],
"Resource": [
"arn:${Partition}:wafv2:${Region}:${Account}:${Scope}/rulegroup/${Name}/${Id}",
"arn:${Partition}:wafv2:${Region}:${Account}:${Scope}/webacl/${Name}/${Id}"
]
},
{
"Sid": "Wafv2TaggingRulegroup",
"Effect": "Allow",
"Action": [
"wafv2:t*",
"wafv2:un*"
],
"Resource": [
"arn:${Partition}:wafv2:${Region}:${Account}:${Scope}/rulegroup/${Name}/${Id}",
"arn:${Partition}:wafv2:${Region}:${Account}:${Scope}/webacl/${Name}/${Id}"
]
},
{
"Sid": "Wafv2TaggingWebacl",
"Effect": "Allow",
"Action": [
"wafv2:t*",
"wafv2:un*"
],
"Resource": [
"arn:${Partition}:wafv2:${Region}:${Account}:${Scope}/rulegroup/${Name}/${Id}",
"arn:${Partition}:wafv2:${Region}:${Account}:${Scope}/webacl/${Name}/${Id}"
]
},
{
"Sid": "MultMultNone",
"Effect": "Allow",
"Action": [
"backup:t*",
"backup:un*",
"cloudhsm:a*",
"cloudhsm:r*",
"cloudhsm:t*",
"cloudhsm:u*",
"datapipeline:ad*",
"datapipeline:rem*",
"discovery:createt*",
"discovery:deletet*",
"elasticache:ad*",
"elasticache:rem*",
"inspector:se*",
"mediatailor:t*",
"mediatailor:u*",
"organizations:t*",
"organizations:un*",
"redshift:createt*",
"redshift:deletet*",
"route53domains:de*",
"route53domains:updatet*",
"sts:t*",
"tag:t*",
"tag:u*",
"workspaces:createt*"
],
"Resource": [
"*"
]
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment