Created
March 28, 2018 14:57
-
-
Save libert-xyz/8e9c5ee9bbaebe08038a67b4adda9ebe to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "AWSTemplateFormatVersion": "2010-09-09", | |
| "Outputs": { | |
| "CCRoleArn": { | |
| "Value": { | |
| "Fn::GetAtt": [ | |
| "CCRole", | |
| "Arn" | |
| ] | |
| } | |
| } | |
| }, | |
| "Parameters": { | |
| "Principal": { | |
| "Type": "String", | |
| "Default": "arn:aws:iam::352813966189:root" | |
| }, | |
| "ExternalId": { | |
| "Type": "String" | |
| } | |
| }, | |
| "Resources": { | |
| "CCManagedPolicy": { | |
| "Type": "AWS::IAM::ManagedPolicy", | |
| "Properties": { | |
| "Description": "CC Account Policy", | |
| "PolicyDocument": { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Sid": "FullPolicy", | |
| "Effect": "Allow", | |
| "Action": [ | |
| "acm:DescribeCertificate", | |
| "acm:ListCertificates", | |
| "acm:GetCertificate", | |
| "autoscaling:Describe*", | |
| "cloudformation:DescribeStacks", | |
| "cloudformation:GetStackPolicy", | |
| "cloudformation:GetTemplate", | |
| "cloudformation:ListStackResources", | |
| "cloudfront:List*", | |
| "cloudfront:GetDistributionConfig", | |
| "cloudfront:GetStreamingDistributionConfig", | |
| "cloudhsm:Describe*", | |
| "cloudhsm:List*", | |
| "cloudsearch:Describe*", | |
| "cloudtrail:DescribeTrails", | |
| "cloudtrail:GetTrailStatus", | |
| "cloudwatch:DescribeAlarms", | |
| "cloudwatch:GetMetricStatistics", | |
| "cloudwatch:ListMetrics", | |
| "config:DescribeConfigRules", | |
| "config:GetComplianceDetailsByConfigRule", | |
| "config:Describe*", | |
| "datapipeline:ListPipelines", | |
| "datapipeline:GetPipelineDefinition", | |
| "datapipeline:DescribePipelines", | |
| "directconnect:DescribeLocations", | |
| "directconnect:DescribeConnections", | |
| "directconnect:DescribeVirtualInterfaces", | |
| "dynamodb:ListTables", | |
| "dynamodb:DescribeTable", | |
| "dynamodb:ListTagsOfResource", | |
| "ec2:Describe*", | |
| "ec2:GetConsoleOutput", | |
| "ecs:ListClusters", | |
| "ecs:DescribeClusters", | |
| "ecs:ListContainerInstances", | |
| "ecs:DescribeContainerInstances", | |
| "ecs:ListServices", | |
| "ecs:DescribeServices", | |
| "ecs:ListTaskDefinitions", | |
| "ecs:DescribeTaskDefinition", | |
| "ecs:ListTasks", | |
| "ecs:DescribeTasks", | |
| "elasticache:Describe*", | |
| "elasticache:ListTagsForResource", | |
| "elasticbeanstalk:Describe*", | |
| "elasticfilesystem:Describe*", | |
| "elasticloadbalancing:Describe*", | |
| "elasticmapreduce:Describe*", | |
| "elasticmapreduce:ListSteps", | |
| "elasticmapreduce:ListInstanceGroups", | |
| "elasticmapreduce:ListBootstrapActions", | |
| "elasticmapreduce:ListClusters", | |
| "elasticmapreduce:ListInstances", | |
| "es:ListDomainNames", | |
| "es:DescribeElasticsearchDomains", | |
| "glacier:List*", | |
| "glacier:DescribeVault", | |
| "glacier:GetVaultNotifications", | |
| "glacier:DescribeJob", | |
| "glacier:GetJobOutput", | |
| "iam:Get*", | |
| "iam:List*", | |
| "iam:GenerateCredentialReport", | |
| "iot:DescribeThing", | |
| "iot:ListThings", | |
| "iam:GenerateCredentialReport", | |
| "kinesis:ListStreams", | |
| "kinesis:DescribeStream", | |
| "kinesis:GetShardIterator", | |
| "kinesis:GetRecords", | |
| "kms:Describe*", | |
| "kms:Get*", | |
| "kms:List*", | |
| "lambda:ListFunctions", | |
| "lambda:ListTags", | |
| "organizations:DescribeOrganization", | |
| "organizations:DescribeOrganizationalUnit", | |
| "organizations:ListChildren", | |
| "organizations:ListRoots", | |
| "rds:Describe*", | |
| "rds:ListTagsForResource", | |
| "redshift:Describe*", | |
| "redshift:ViewQueriesInConsole", | |
| "route53:ListHealthChecks", | |
| "route53:ListHostedZones", | |
| "route53:ListResourceRecordSets", | |
| "s3:GetBucketACL", | |
| "s3:GetBucketLocation", | |
| "s3:GetBucketLogging", | |
| "s3:GetBucketPolicy", | |
| "s3:GetBucketTagging", | |
| "s3:GetBucketWebsite", | |
| "s3:GetBucketNotification", | |
| "s3:GetLifecycleConfiguration", | |
| "s3:GetObject", | |
| "s3:GetObjectMetadata", | |
| "s3:GetNotificationConfiguration", | |
| "s3:List*", | |
| "ses:ListIdentities", | |
| "ses:GetSendStatistics", | |
| "ses:GetIdentityDkimAttributes", | |
| "ses:GetIdentityVerificationAttributes", | |
| "ses:GetSendQuota", | |
| "sdb:ListDomains", | |
| "sdb:DomainMetadata", | |
| "support:*", | |
| "swf:ListClosedWorkflowExecutions", | |
| "swf:ListDomains", | |
| "swf:ListActivityTypes", | |
| "swf:ListWorkflowTypes", | |
| "sns:GetTopicAttributes", | |
| "sns:GetSubscriptionAttributes", | |
| "sns:ListTopics", | |
| "sns:ListSubscriptionsByTopic", | |
| "sns:GetSnsTopic", | |
| "ssm:List*", | |
| "sqs:ListQueues", | |
| "sqs:GetQueueAttributes", | |
| "storagegateway:Describe*", | |
| "storagegateway:List*", | |
| "workspaces:DescribeWorkspaceDirectories", | |
| "workspaces:DescribeWorkspaceBundles", | |
| "workspaces:DescribeWorkspaces" | |
| ], | |
| "Resource": [ | |
| "*" | |
| ] | |
| }, | |
| { | |
| "Sid": "CloudWatchLogsSpecific", | |
| "Effect": "Allow", | |
| "Action": [ | |
| "logs:GetLogEvents", | |
| "logs:DescribeLogGroups", | |
| "logs:DescribeLogStreams" | |
| ], | |
| "Resource": [ | |
| "arn:aws:logs:*:*:*" | |
| ] | |
| } | |
| ] | |
| } | |
| } | |
| }, | |
| "CCRole": { | |
| "Type": "AWS::IAM::Role", | |
| "Properties": { | |
| "AssumeRolePolicyDocument": { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Principal": { | |
| "AWS": "arn:aws:iam::352813966189:root" | |
| }, | |
| "Action": "sts:AssumeRole", | |
| "Condition": { | |
| "StringEquals": { | |
| "sts:ExternalId": { | |
| "Ref": "ExternalId" | |
| } | |
| } | |
| } | |
| } | |
| ] | |
| }, | |
| "ManagedPolicyArns": [ | |
| { | |
| "Ref": "CCManagedPolicy" | |
| } | |
| ] | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment