restump · August 12, 2020 22:16
diff --git a/now-mid-aws-disco-permissions.json b/now-mid-aws-disco-permissions.json
 {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "account:ListRegions",
        "application-autoscaling:Describe*",
        "autoscaling:Describe*",
        "cloudformation:DescribeStackEvents",
        "cloudformation:DescribeStackResource",
        "cloudformation:DescribeStackResources",
        "cloudformation:DescribeStacks",
        "cloudwatch:Get*",
        "cloudwatch:List*",
        "cognito-idp:List*",
        "cognito-idp:Get*",
        "dynamodb:Describe*",
        "dynamodb:ListTables",
        "ec2:Describe*",
        "ec2:ReportInstanceStatus",
        "ecs:Describe*",
        "ecs:List*",
        "eks:Describe*",
        "eks:List*",
        "elasticache:Describe*",
        "elasticache:List*",
        "elasticfilesystem:Describe*",
        "elasticloadbalancing:Describe*",
        "lambda:Get*",
        "lambda:List*",
        "organizations:Describe*",
        "organizations:List*",
        "rds:Describe*",
        "redshift:Describe*",
        "route53:Describe*",
        "route53:Get*",
        "route53:List*",
        "route53domains:List*",
        "s3:GetBucketLocation",
        "s3:List*",
        "sdb:GetAttributes",
        "sns:GetEndpointAttributes",
        "sns:GetSubscriptionAttributes",
        "sns:ListPlatformApplications",
        "sns:ListSubscriptions",
        "sns:ListSubscriptionsByTopic",
        "sns:ListTopics",
        "tag:Get*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "ApiGatewayPermittedActions",
      "Action": [
        "apigateway:GET"
      ],
      "Effect": "Allow",
      "NotResource": [
        "arn:aws:apigateway:*::/apikeys",
        "arn:aws:apigateway:*::/apikeys/*",
        "arn:aws:apigateway:*::/clientcertificates",
        "arn:aws:apigateway:*::/clientcertificates/*"
      ]
    }
  ]
 }
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Action": [
	"account:ListRegions",
	"application-autoscaling:Describe*",
	"autoscaling:Describe*",
	"cloudformation:DescribeStackEvents",
	"cloudformation:DescribeStackResource",
	"cloudformation:DescribeStackResources",
	"cloudformation:DescribeStacks",
	"cloudwatch:Get*",
	"cloudwatch:List*",
	"cognito-idp:List*",
	"cognito-idp:Get*",
	"dynamodb:Describe*",
	"dynamodb:ListTables",
	"ec2:Describe*",
	"ec2:ReportInstanceStatus",
	"ecs:Describe*",
	"ecs:List*",
	"eks:Describe*",
	"eks:List*",
	"elasticache:Describe*",
	"elasticache:List*",
	"elasticfilesystem:Describe*",
	"elasticloadbalancing:Describe*",
	"lambda:Get*",
	"lambda:List*",
	"organizations:Describe*",
	"organizations:List*",
	"rds:Describe*",
	"redshift:Describe*",
	"route53:Describe*",
	"route53:Get*",
	"route53:List*",
	"route53domains:List*",
	"s3:GetBucketLocation",
	"s3:List*",
	"sdb:GetAttributes",
	"sns:GetEndpointAttributes",
	"sns:GetSubscriptionAttributes",
	"sns:ListPlatformApplications",
	"sns:ListSubscriptions",
	"sns:ListSubscriptionsByTopic",
	"sns:ListTopics",
	"tag:Get*"
	],
	"Effect": "Allow",
	"Resource": "*"
	},
	{
	"Sid": "ApiGatewayPermittedActions",
	"Action": [
	"apigateway:GET"
	],
	"Effect": "Allow",
	"NotResource": [
	"arn:aws:apigateway:*::/apikeys",
	"arn:aws:apigateway:::/apikeys/",
	"arn:aws:apigateway:*::/clientcertificates",
	"arn:aws:apigateway:::/clientcertificates/"
	]
	}
	]
	}