Skip to content

Instantly share code, notes, and snippets.

@rssnyder

rssnyder/autostopping.json

Last active November 12, 2025 22:18
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save rssnyder/d87821874d9075810d8da7c2411cc2c8 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save rssnyder/d87821874d9075810d8da7c2411cc2c8 to your computer and use it in GitHub Desktop.
Download ZIP
ccm json perms
Raw
autostopping.json
{
"Statement": [
{
"Action": [
"ec2:StopInstances",
"ec2:StartInstances",
"ec2:DescribeInstances",
"ec2:CreateTags"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ec2"
},
{
"Action": [
"ec2:TerminateInstances",
"ec2:RunInstances",
"ec2:RequestSpotInstances",
"ec2:DescribeVolumes",
"ec2:DescribeSpotInstanceRequests",
"ec2:DescribeImages",
"ec2:DescribeAddresses",
"ec2:DeregisterImage",
"ec2:DeleteSnapshot",
"ec2:CreateImage"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ec2spot"
},
{
"Action": [
"ec2:DescribeSpotPriceHistory",
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:DescribeAutoScalingGroups"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "asg"
},
{
"Action": [
"rds:StopDBInstance",
"rds:StopDBCluster",
"rds:StartDBInstance",
"rds:StartDBCluster",
"rds:ListTagsForResource",
"rds:DescribeDBInstances",
"rds:DescribeDBClusters"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "rds"
},
{
"Action": [
"tag:GetResources",
"ecs:UpdateService",
"ecs:ListTasks",
"ecs:ListServices",
"ecs:ListClusters",
"ecs:DescribeTasks",
"ecs:DescribeTaskDefinition",
"ecs:DescribeServices"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "ecs"
}
],
"Version": "2012-10-17"
}
Raw
billing.json
{
"Statement": [
{
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::< YOUR BUCKET HERE >",
"Sid": "getBillingBucket"
},
{
"Action": "s3:GetObject",
"Effect": "Allow",
"Resource": "arn:aws:s3:::< YOUR BUCKET HERE >/*",
"Sid": "readBillingObjects"
},
{
"Action": [
"s3:PutObjectAcl",
"s3:PutObject",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::ce-customer-billing-data-prod/*",
"arn:aws:s3:::ce-customer-billing-data-prod"
],
"Sid": "writeHarnessBucket"
},
{
"Action": [
"organizations:List*",
"organizations:Describe*",
"cur:DescribeReportDefinitions"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "readOrg"
}
],
"Version": "2012-10-17"
}
Raw
commitments.json
{
"Statement": [
{
"Action": [
"ec2:DescribeReservedInstancesOfferings",
"ce:GetSavingsPlansUtilization",
"ce:GetReservationUtilization",
"ec2:DescribeInstanceTypeOfferings",
"ce:GetDimensionValues",
"ce:GetSavingsPlansUtilizationDetails",
"ec2:DescribeReservedInstances",
"ce:GetReservationCoverage",
"ce:GetSavingsPlansCoverage",
"savingsplans:DescribeSavingsPlans",
"organizations:DescribeOrganization"
"ce:GetCostAndUsage"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "commitmentread"
},
{
"Action": [
"ec2:PurchaseReservedInstancesOffering",
"ec2:GetReservedInstancesExchangeQuote",
"ec2:DescribeInstanceTypeOfferings",
"ec2:AcceptReservedInstancesExchangeQuote",
"ec2:DescribeReservedInstancesModifications",
"ec2:ModifyReservedInstances",
"ce:GetCostAndUsage",
"savingsplans:DescribeSavingsPlansOfferings",
"savingsplans:CreateSavingsPlan"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "commitmentwrite"
}
],
"Version": "2012-10-17"
}
Raw
events.json
{
"Statement": [
{
"Action": [
"rds:DescribeDBSnapshots",
"rds:DescribeDBSnapshotAttributes",
"rds:DescribeDBInstances",
"rds:DescribeDBClusters",
"ecs:ListTasks",
"ecs:ListServices",
"ecs:ListContainerInstances",
"ecs:ListClusters*",
"ecs:DescribeTasks",
"ecs:DescribeServices",
"ecs:DescribeContainerInstances",
"ecs:DescribeClusters",
"ec2:DescribeVolumes",
"ec2:DescribeSnapshots",
"ec2:DescribeRegions",
"ec2:DescribeInstances*",
"cloudwatch:GetMetricData",
"ce:GetRightsizingRecommendation"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
}
Raw
getrole.json
{
"Statement": [
{
"Action": "iam:SimulatePrincipalPolicy",
"Effect": "Allow",
"Resource": "arn:aws:iam::664418987337:role/ISEHarnessCERole"
}
],
"Version": "2012-10-17"
}
Raw
loadbalancers.json
{
"Statement": [
{
"Action": [
"s3:ListBucket",
"s3:ListAllMyBuckets",
"s3:GetObject",
"s3:GetBucketLocation",
"logs:PutLogEvents",
"logs:CreateLogStream",
"logs:CreateLogGroup",
"lambda:GetFunction",
"lambda:DeleteFunction",
"lambda:CreateFunction",
"lambda:AddPermission",
"iam:PassRole",
"iam:ListRoles",
"elasticloadbalancing:SetSecurityGroups",
"elasticloadbalancing:SetRulePriorities",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:ModifyRule",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:DeleteRule",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:CreateRule",
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:AddTags",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"cloudwatch:GetMetricStatistics",
"acm:ListCertificates"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "alb"
},
{
"Action": [
"secretsmanager:GetSecretValue",
"ec2:TerminateInstances",
"ec2:RunInstances",
"ec2:ReleaseAddress",
"ec2:ModifyInstanceAttribute",
"ec2:DisassociateAddress",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeKeyPairs",
"ec2:DescribeInstanceTypeOfferings",
"ec2:DescribeImages",
"ec2:AssociateAddress",
"ec2:AllocateAddress"
],
"Effect": "Allow",
"Resource": "*",
"Sid": "proxy"
}
],
"Version": "2012-10-17"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment