rupakg · September 20, 2018 21:41
diff --git a/stackery-setup-iam-policy.json b/stackery-setup-iam-policy.json
 {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "lambda:CreateFunction",
                "cloudformation:ListExports",
                "cloudformation:CreateChangeSet",
                "sns:ListEndpointsByPlatformApplication",
                "cloudformation:DescribeStackEvents",
                "sns:DeletePlatformApplication",
                "s3:PutLifecycleConfiguration",
                "cloudformation:UpdateStack",
                "s3:PutObjectTagging",
                "s3:DeleteObject",
                "cloudformation:DescribeChangeSet",
                "s3:GetIpConfiguration",
                "cloudformation:ListStackResources",
                "s3:GetBucketWebsite",
                "lambda:ListFunctions",
                "lambda:GetEventSourceMapping",
                "s3:PutReplicationConfiguration",
                "cloudformation:SignalResource",
                "s3:DeleteObjectVersionTagging",
                "s3:GetBucketNotification",
                "s3:GetReplicationConfiguration",
                "s3:PutObject",
                "s3:PutBucketNotification",
                "cloudformation:GetStackPolicy",
                "cloudformation:DeleteStack",
                "lambda:DeleteEventSourceMapping",
                "cloudformation:ValidateTemplate",
                "sns:GetSMSAttributes",
                "cloudformation:CreateUploadBucket",
                "s3:GetLifecycleConfiguration",
                "cloudformation:CancelUpdateStack",
                "s3:GetInventoryConfiguration",
                "s3:GetBucketTagging",
                "s3:ReplicateTags",
                "cloudformation:UpdateTerminationProtection",
                "sns:ListTopics",
                "sns:CreatePlatformEndpoint",
                "s3:ListBucket",
                "cloudformation:CreateStackInstances",
                "cloudformation:EstimateTemplateCost",
                "s3:AbortMultipartUpload",
                "s3:PutBucketTagging",
                "cloudformation:DescribeStackSetOperation",
                "cloudformation:StopStackSetOperation",
                "s3:DeleteBucket",
                "s3:PutBucketVersioning",
                "s3:ListBucketMultipartUploads",
                "lambda:UpdateEventSourceMapping",
                "cloudformation:ListImports",
                "s3:PutMetricsConfiguration",
                "sns:CreatePlatformApplication",
                "sns:SetSMSAttributes",
                "s3:PutObjectVersionTagging",
                "s3:GetBucketVersioning",
                "sns:ListSubscriptions",
                "s3:PutInventoryConfiguration",
                "s3:PutBucketWebsite",
                "s3:ListAllMyBuckets",
                "s3:PutBucketRequestPayment",
                "s3:GetBucketCORS",
                "s3:GetObjectVersion",
                "sns:ListPlatformApplications",
                "cloudformation:DeleteStackInstances",
                "s3:PutAnalyticsConfiguration",
                "s3:GetObjectVersionTagging",
                "cloudformation:ListStackInstances",
                "s3:CreateBucket",
                "sns:Unsubscribe",
                "cloudformation:DescribeStackResource",
                "cloudformation:UpdateStackSet",
                "sns:CheckIfPhoneNumberIsOptedOut",
                "sns:OptInPhoneNumber",
                "cloudformation:ContinueUpdateRollback",
                "s3:ReplicateObject",
                "cloudformation:ListStackSetOperationResults",
                "s3:GetObjectAcl",
                "sns:SetEndpointAttributes",
                "s3:DeleteBucketWebsite",
                "s3:GetObjectVersionAcl",
                "sns:SetPlatformApplicationAttributes",
                "s3:HeadBucket",
                "cloudformation:CreateStackSet",
                "cloudformation:ExecuteChangeSet",
                "s3:DeleteObjectTagging",
                "cloudformation:DescribeStackInstance",
                "cloudformation:DescribeStackResources",
                "sns:GetPlatformApplicationAttributes",
                "sns:GetSubscriptionAttributes",
                "s3:PutBucketCORS",
                "s3:ListMultipartUploadParts",
                "cloudformation:DescribeStacks",
                "sns:DeleteEndpoint",
                "s3:GetObject",
                "sns:ListPhoneNumbersOptedOut",
                "sns:GetEndpointAttributes",
                "s3:PutBucketLogging",
                "cloudformation:GetTemplate",
                "lambda:ListEventSourceMappings",
                "s3:GetAnalyticsConfiguration",
                "s3:GetObjectVersionForReplication",
                "s3:ListBucketByTags",
                "s3:PutAccelerateConfiguration",
                "cloudformation:UpdateStackInstances",
                "cloudformation:ListStackSetOperations",
                "s3:DeleteObjectVersion",
                "s3:GetBucketLogging",
                "s3:ListBucketVersions",
                "s3:RestoreObject",
                "s3:GetAccelerateConfiguration",
                "lambda:GetAccountSettings",
                "lambda:CreateEventSourceMapping",
                "s3:GetBucketPolicy",
                "cloudformation:DeleteChangeSet",
                "s3:PutEncryptionConfiguration",
                "s3:GetEncryptionConfiguration",
                "s3:GetObjectVersionTorrent",
                "s3:GetBucketRequestPayment",
                "s3:GetObjectTagging",
                "cloudformation:DescribeAccountLimits",
                "s3:GetMetricsConfiguration",
                "sqs:ListQueues",
                "cloudformation:ListStacks",
                "s3:GetBucketAcl",
                "cloudformation:DeleteStackSet",
                "cloudformation:GetTemplateSummary",
                "s3:PutIpConfiguration",
                "s3:GetObjectTorrent",
                "sns:SetSubscriptionAttributes",
                "cloudformation:DescribeStackSet",
                "cloudformation:ListStackSets",
                "cloudformation:CreateStack",
                "s3:GetBucketLocation",
                "s3:ReplicateDelete",
                "cloudformation:ListChangeSets"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "lambda:TagResource",
                "lambda:ListVersionsByFunction",
                "sns:DeleteTopic",
                "sqs:ReceiveMessage",
                "iam:CreateRole",
                "iam:AttachRolePolicy",
                "lambda:GetFunctionConfiguration",
                "lambda:InvokeAsync",
                "sns:SetTopicAttributes",
                "iam:PutRolePolicy",
                "sqs:ListQueueTags",
                "lambda:UntagResource",
                "lambda:PutFunctionConcurrency",
                "iam:PassRole",
                "iam:DetachRolePolicy",
                "sns:Publish",
                "lambda:ListTags",
                "iam:DeleteRolePolicy",
                "lambda:DeleteFunction",
                "sns:Subscribe",
                "sns:ConfirmSubscription",
                "lambda:GetAlias",
                "sqs:GetQueueUrl",
                "sns:ListSubscriptionsByTopic",
                "sns:GetTopicAttributes",
                "lambda:InvokeFunction",
                "lambda:GetFunction",
                "lambda:ListAliases",
                "lambda:UpdateFunctionConfiguration",
                "sns:CreateTopic",
                "iam:DeleteRole",
                "sqs:GetQueueAttributes",
                "lambda:UpdateAlias",
                "lambda:UpdateFunctionCode",
                "lambda:AddPermission",
                "sqs:ListDeadLetterSourceQueues",
                "sqs:DeleteQueue",
                "lambda:DeleteAlias",
                "iam:UpdateRole",
                "lambda:PublishVersion",
                "lambda:DeleteFunctionConcurrency",
                "sqs:CreateQueue",
                "lambda:RemovePermission",
                "lambda:GetPolicy",
                "lambda:CreateAlias"
            ],
            "Resource": [
                "arn:aws:iam::*:role/*",
                "arn:aws:lambda:*:*:function:*",
                "arn:aws:sns:*:*:*",
                "arn:aws:sqs:*:*:*"
            ]
        }
    ]
 }
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "VisualEditor0",
	"Effect": "Allow",
	"Action": [
	"lambda:CreateFunction",
	"cloudformation:ListExports",
	"cloudformation:CreateChangeSet",
	"sns:ListEndpointsByPlatformApplication",
	"cloudformation:DescribeStackEvents",
	"sns:DeletePlatformApplication",
	"s3:PutLifecycleConfiguration",
	"cloudformation:UpdateStack",
	"s3:PutObjectTagging",
	"s3:DeleteObject",
	"cloudformation:DescribeChangeSet",
	"s3:GetIpConfiguration",
	"cloudformation:ListStackResources",
	"s3:GetBucketWebsite",
	"lambda:ListFunctions",
	"lambda:GetEventSourceMapping",
	"s3:PutReplicationConfiguration",
	"cloudformation:SignalResource",
	"s3:DeleteObjectVersionTagging",
	"s3:GetBucketNotification",
	"s3:GetReplicationConfiguration",
	"s3:PutObject",
	"s3:PutBucketNotification",
	"cloudformation:GetStackPolicy",
	"cloudformation:DeleteStack",
	"lambda:DeleteEventSourceMapping",
	"cloudformation:ValidateTemplate",
	"sns:GetSMSAttributes",
	"cloudformation:CreateUploadBucket",
	"s3:GetLifecycleConfiguration",
	"cloudformation:CancelUpdateStack",
	"s3:GetInventoryConfiguration",
	"s3:GetBucketTagging",
	"s3:ReplicateTags",
	"cloudformation:UpdateTerminationProtection",
	"sns:ListTopics",
	"sns:CreatePlatformEndpoint",
	"s3:ListBucket",
	"cloudformation:CreateStackInstances",
	"cloudformation:EstimateTemplateCost",
	"s3:AbortMultipartUpload",
	"s3:PutBucketTagging",
	"cloudformation:DescribeStackSetOperation",
	"cloudformation:StopStackSetOperation",
	"s3:DeleteBucket",
	"s3:PutBucketVersioning",
	"s3:ListBucketMultipartUploads",
	"lambda:UpdateEventSourceMapping",
	"cloudformation:ListImports",
	"s3:PutMetricsConfiguration",
	"sns:CreatePlatformApplication",
	"sns:SetSMSAttributes",
	"s3:PutObjectVersionTagging",
	"s3:GetBucketVersioning",
	"sns:ListSubscriptions",
	"s3:PutInventoryConfiguration",
	"s3:PutBucketWebsite",
	"s3:ListAllMyBuckets",
	"s3:PutBucketRequestPayment",
	"s3:GetBucketCORS",
	"s3:GetObjectVersion",
	"sns:ListPlatformApplications",
	"cloudformation:DeleteStackInstances",
	"s3:PutAnalyticsConfiguration",
	"s3:GetObjectVersionTagging",
	"cloudformation:ListStackInstances",
	"s3:CreateBucket",
	"sns:Unsubscribe",
	"cloudformation:DescribeStackResource",
	"cloudformation:UpdateStackSet",
	"sns:CheckIfPhoneNumberIsOptedOut",
	"sns:OptInPhoneNumber",
	"cloudformation:ContinueUpdateRollback",
	"s3:ReplicateObject",
	"cloudformation:ListStackSetOperationResults",
	"s3:GetObjectAcl",
	"sns:SetEndpointAttributes",
	"s3:DeleteBucketWebsite",
	"s3:GetObjectVersionAcl",
	"sns:SetPlatformApplicationAttributes",
	"s3:HeadBucket",
	"cloudformation:CreateStackSet",
	"cloudformation:ExecuteChangeSet",
	"s3:DeleteObjectTagging",
	"cloudformation:DescribeStackInstance",
	"cloudformation:DescribeStackResources",
	"sns:GetPlatformApplicationAttributes",
	"sns:GetSubscriptionAttributes",
	"s3:PutBucketCORS",
	"s3:ListMultipartUploadParts",
	"cloudformation:DescribeStacks",
	"sns:DeleteEndpoint",
	"s3:GetObject",
	"sns:ListPhoneNumbersOptedOut",
	"sns:GetEndpointAttributes",
	"s3:PutBucketLogging",
	"cloudformation:GetTemplate",
	"lambda:ListEventSourceMappings",
	"s3:GetAnalyticsConfiguration",
	"s3:GetObjectVersionForReplication",
	"s3:ListBucketByTags",
	"s3:PutAccelerateConfiguration",
	"cloudformation:UpdateStackInstances",
	"cloudformation:ListStackSetOperations",
	"s3:DeleteObjectVersion",
	"s3:GetBucketLogging",
	"s3:ListBucketVersions",
	"s3:RestoreObject",
	"s3:GetAccelerateConfiguration",
	"lambda:GetAccountSettings",
	"lambda:CreateEventSourceMapping",
	"s3:GetBucketPolicy",
	"cloudformation:DeleteChangeSet",
	"s3:PutEncryptionConfiguration",
	"s3:GetEncryptionConfiguration",
	"s3:GetObjectVersionTorrent",
	"s3:GetBucketRequestPayment",
	"s3:GetObjectTagging",
	"cloudformation:DescribeAccountLimits",
	"s3:GetMetricsConfiguration",
	"sqs:ListQueues",
	"cloudformation:ListStacks",
	"s3:GetBucketAcl",
	"cloudformation:DeleteStackSet",
	"cloudformation:GetTemplateSummary",
	"s3:PutIpConfiguration",
	"s3:GetObjectTorrent",
	"sns:SetSubscriptionAttributes",
	"cloudformation:DescribeStackSet",
	"cloudformation:ListStackSets",
	"cloudformation:CreateStack",
	"s3:GetBucketLocation",
	"s3:ReplicateDelete",
	"cloudformation:ListChangeSets"
	],
	"Resource": "*"
	},
	{
	"Sid": "VisualEditor1",
	"Effect": "Allow",
	"Action": [
	"lambda:TagResource",
	"lambda:ListVersionsByFunction",
	"sns:DeleteTopic",
	"sqs:ReceiveMessage",
	"iam:CreateRole",
	"iam:AttachRolePolicy",
	"lambda:GetFunctionConfiguration",
	"lambda:InvokeAsync",
	"sns:SetTopicAttributes",
	"iam:PutRolePolicy",
	"sqs:ListQueueTags",
	"lambda:UntagResource",
	"lambda:PutFunctionConcurrency",
	"iam:PassRole",
	"iam:DetachRolePolicy",
	"sns:Publish",
	"lambda:ListTags",
	"iam:DeleteRolePolicy",
	"lambda:DeleteFunction",
	"sns:Subscribe",
	"sns:ConfirmSubscription",
	"lambda:GetAlias",
	"sqs:GetQueueUrl",
	"sns:ListSubscriptionsByTopic",
	"sns:GetTopicAttributes",
	"lambda:InvokeFunction",
	"lambda:GetFunction",
	"lambda:ListAliases",
	"lambda:UpdateFunctionConfiguration",
	"sns:CreateTopic",
	"iam:DeleteRole",
	"sqs:GetQueueAttributes",
	"lambda:UpdateAlias",
	"lambda:UpdateFunctionCode",
	"lambda:AddPermission",
	"sqs:ListDeadLetterSourceQueues",
	"sqs:DeleteQueue",
	"lambda:DeleteAlias",
	"iam:UpdateRole",
	"lambda:PublishVersion",
	"lambda:DeleteFunctionConcurrency",
	"sqs:CreateQueue",
	"lambda:RemovePermission",
	"lambda:GetPolicy",
	"lambda:CreateAlias"
	],
	"Resource": [
	"arn:aws:iam:::role/",
	"arn:aws:lambda:::function:*",
	"arn:aws:sns:::*",
	"arn:aws:sqs:::*"
	]
	}
	]
	}