{ "Version": "2012-10-17", "Statement": [ { "Sid": "FullPolicy", "Action": [ "acm:DescribeCertificate", "acm:ListCertificates", "acm:GetCertificate", "autoscaling:Describe*", "cloudformation:DescribeStacks", "cloudformation:GetStackPolicy", "cloudformation:GetTemplate", "cloudformation:ListStackResources", "cloudfront:List*", "cloudfront:GetDistributionConfig", "cloudfront:GetStreamingDistributionConfig", "cloudhsm:Describe*", "cloudhsm:List*", "cloudsearch:Describe*", "cloudtrail:DescribeTrails", "cloudtrail:GetTrailStatus", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "cognito-idp:List*", "cognito-idp:Describe*", "config:DescribeConfigRules", "config:GetComplianceDetailsByConfigRule", "config:Describe*", "datapipeline:ListPipelines", "datapipeline:GetPipelineDefinition", "datapipeline:DescribePipelines", "directconnect:DescribeLocations", "directconnect:DescribeConnections", "directconnect:DescribeVirtualInterfaces", "dynamodb:ListTables", "dynamodb:DescribeTable", "dynamodb:ListTagsOfResource", "ec2:Describe*", "ec2:GetConsoleOutput", "ecs:ListClusters", "ecs:DescribeClusters", "ecs:ListContainerInstances", "ecs:DescribeContainerInstances", "ecs:ListServices", "ecs:DescribeServices", "ecs:ListTaskDefinitions", "ecs:DescribeTaskDefinition", "ecs:ListTasks", "ecs:DescribeTasks", "elasticache:Describe*", "elasticache:ListTagsForResource", "elasticbeanstalk:Describe*", "elasticfilesystem:Describe*", "elasticloadbalancing:Describe*", "elasticmapreduce:Describe*", "elasticmapreduce:ListSteps", "elasticmapreduce:ListInstanceGroups", "elasticmapreduce:ListBootstrapActions", "elasticmapreduce:ListClusters", "elasticmapreduce:ListInstances", "es:ListDomainNames", "es:DescribeElasticsearchDomains", "glacier:List*", "glacier:DescribeVault", "glacier:GetVaultNotifications", "glacier:DescribeJob", "glacier:GetJobOutput", "iam:Get*", "iam:List*", "iam:GenerateCredentialReport", "iot:DescribeThing", "iot:ListThings", "iam:GenerateCredentialReport", "kinesis:ListStreams", "kinesis:DescribeStream", "kinesis:GetShardIterator", "kinesis:GetRecords", "kms:Describe*", "kms:Get*", "kms:List*", "lambda:ListFunctions", "lambda:ListTags", "rds:Describe*", "rds:ListTagsForResource", "redshift:Describe*", "redshift:ViewQueriesInConsole", "route53:ListHealthChecks", "route53:ListHostedZones", "route53:ListResourceRecordSets", "s3:GetBucketACL", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketPolicy", "s3:GetBucketTagging", "s3:GetBucketWebsite", "s3:GetBucketNotification", "s3:GetLifecycleConfiguration", "s3:List*", "ses:ListIdentities", "ses:GetSendStatistics", "ses:GetIdentityDkimAttributes", "ses:GetIdentityVerificationAttributes", "ses:GetSendQuota", "sdb:ListDomains", "sdb:DomainMetadata", "support:Describe*", "swf:ListClosedWorkflowExecutions", "swf:ListDomains", "swf:ListActivityTypes", "swf:ListWorkflowTypes", "sns:GetTopicAttributes", "sns:GetSubscriptionAttributes", "sns:ListTopics", "sns:ListSubscriptionsByTopic", "ssm:List*", "sqs:ListQueues", "sqs:GetQueueAttributes", "storagegateway:Describe*", "storagegateway:List*", "workspaces:DescribeWorkspaceDirectories", "workspaces:DescribeWorkspaceBundles", "workspaces:DescribeWorkspaces", "Organizations:List*", "Organizations:Describe*" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "CloudWatchLogsSpecific", "Effect": "Allow", "Action": [ "logs:GetLogEvents", "logs:DescribeLogGroups", "logs:DescribeLogStreams" ], "Resource": [ "arn:aws:logs:*:*:*" ] } ] }