11{
2- "Version" : " 2012-10-17"
3- "Statement" : [
4- {
5- "Sid" : " AWSObservability"
6- "Effect" : " Allow"
7- "Action" : [
8- " cloudformation:CancelUpdateStack"
9- " cloudformation:CreateChangeSet"
10- " cloudformation:CreateStack"
11- " cloudformation:CreateUploadBucket"
12- " cloudformation:DeleteChangeSet"
13- " cloudformation:DeleteStack"
14- " cloudformation:DescribeAccountLimits"
15- " cloudformation:DescribeChangeSet"
16- " cloudformation:DescribeStackDriftDetectionStatus"
17- " cloudformation:DescribeStackEvents"
18- " cloudformation:DescribeStackInstance"
19- " cloudformation:DescribeStackResource"
20- " cloudformation:DescribeStackResourceDrifts"
21- " cloudformation:DescribeStackResources"
22- " cloudformation:DescribeStacks"
23- " cloudformation:DescribeType"
24- " cloudformation:DescribeTypeRegistration"
25- " cloudformation:DetectStackDrift"
26- " cloudformation:DetectStackResourceDrift"
27- " cloudformation:EstimateTemplateCost"
28- " cloudformation:ExecuteChangeSet"
29- " cloudformation:GetStackPolicy"
30- " cloudformation:GetTemplate"
31- " cloudformation:GetTemplateSummary"
32- " cloudformation:ListChangeSets"
33- " cloudformation:ListExports"
34- " cloudformation:ListImports"
35- " cloudformation:ListStackInstances"
36- " cloudformation:ListStackResources"
37- " cloudformation:ListStacks"
38- " cloudformation:ListTypeRegistrations"
39- " cloudformation:ListTypeVersions"
40- " cloudformation:ListTypes"
41- " cloudformation:TagResource"
42- " cloudformation:UntagResource"
43- " cloudformation:UpdateStack"
44- " cloudformation:ValidateTemplate"
45- " cloudtrail:CreateTrail"
46- " cloudtrail:DeleteTrail"
47- " cloudtrail:DescribeTrails"
48- " cloudtrail:StartLogging"
49- " cloudtrail:StopLogging"
50- " cloudtrail:UpdateTrail"
51- " cloudwatch:DeleteAlarms"
52- " cloudwatch:DeleteMetricStream"
53- " cloudwatch:GetMetricStream"
54- " cloudwatch:PutMetricAlarm"
55- " events:DeleteRule"
56- " events:DescribeRule"
57- " events:PutRule"
58- " events:PutTargets"
59- " events:RemoveTargets"
60- " firehose:CreateDeliveryStream"
61- " firehose:DeleteDeliveryStream"
62- " firehose:DescribeDeliveryStream"
63- " iam:AttachRolePolicy"
64- " iam:CreatePolicy"
65- " iam:CreateRole"
66- " iam:DeletePolicy"
67- " iam:DeleteRole"
68- " iam:DeleteRolePolicy"
69- " iam:DetachRolePolicy"
70- " iam:GetPolicy"
71- " iam:GetRole"
72- " iam:GetRolePolicy"
73- " iam:ListRoles"
74- " iam:PassRole"
75- " iam:PutRolePolicy"
76- " iam:TagRole"
77- " iam:UntagRole"
78- " iam:UpdateRole"
79- " lambda:AddPermission"
80- " lambda:CreateFunction"
81- " lambda:DeleteFunction"
82- " lambda:GetFunction"
83- " lambda:GetFunctionConfiguration"
84- " lambda:InvokeFunction"
85- " lambda:ListTags"
86- " lambda:RemovePermission"
87- " lambda:TagResource"
88- " lambda:UpdateFunctionCode"
89- " lambda:UpdateFunctionConfiguration"
90- " logs:CreateLogDelivery"
91- " logs:CreateLogGroup"
92- " logs:CreateLogStream"
93- " logs:DeleteDestination"
94- " logs:DeleteLogDelivery"
95- " logs:DeleteLogGroup"
96- " logs:DeleteLogStream"
97- " logs:DeleteResourcePolicy"
98- " logs:DeleteRetentionPolicy"
99- " logs:DeleteSubscriptionFilter"
100- " logs:DescribeLogGroups"
101- " logs:DescribeSubscriptionFilters"
102- " logs:DisassociateKmsKey"
103- " logs:PutDestination"
104- " logs:PutDestinationPolicy"
105- " logs:PutLogEvents"
106- " logs:PutResourcePolicy"
107- " logs:PutRetentionPolicy"
108- " logs:PutSubscriptionFilter"
109- " logs:TagLogGroup"
110- " logs:UntagLogGroup"
111- " logs:UpdateLogDelivery"
112- " s3:CreateBucket"
113- " s3:DeleteBucket"
114- " s3:DeleteBucketPolicy"
115- " s3:DeleteObject"
116- " s3:GetBucketPolicy"
117- " s3:GetObject"
118- " s3:ListBucket"
119- " s3:PutBucketNotification"
120- " s3:PutBucketPolicy"
121- " s3:PutBucketPublicAccessBlock"
122- " secretsmanager:DescribeSecret"
123- " secretsmanager:GetRandomPassword"
124- " secretsmanager:GetResourcePolicy"
125- " secretsmanager:GetSecretValue"
126- " secretsmanager:ListSecretVersionIds"
127- " serverlessrepo:CreateCloudFormationChangeSet"
128- " serverlessrepo:CreateCloudFormationTemplate"
129- " serverlessrepo:GetApplication"
130- " serverlessrepo:GetApplicationPolicy"
131- " serverlessrepo:GetCloudFormationTemplate"
132- " serverlessrepo:ListApplicationDependencies"
133- " serverlessrepo:ListApplicationVersions"
134- " serverlessrepo:ListApplications"
135- " serverlessrepo:SearchApplications"
136- " sns:ConfirmSubscription"
137- " sns:CreateTopic"
138- " sns:DeleteEndpoint"
139- " sns:DeleteTopic"
140- " sns:GetTopicAttributes"
141- " sns:ListSubscriptions"
142- " sns:ListSubscriptionsByTopic"
143- " sns:ListTopics"
144- " sns:Publish"
145- " sns:SetSubscriptionAttributes"
146- " sns:SetTopicAttributes"
147- " sns:Subscribe"
148- " sns:Unsubscribe"
149- " sqs:CreateQueue"
150- " sqs:DeleteQueue"
151- " sqs:GetQueueAttributes"
152- " sqs:GetQueueUrl"
153- " sqs:ListDeadLetterSourceQueues"
154- " sqs:ListQueueTags"
155- " sqs:ListQueues"
156- " sqs:PurgeQueue"
157- " sqs:ReceiveMessage"
158- ],
159- "Resource" : " *"
160- }
161- ]
162- }
2+ "Version" : " 2012-10-17"
3+ "Statement" : [
4+ {
5+ "Sid" : " AWSObservability"
6+ "Effect" : " Allow"
7+ "Action" : [
8+ " cloudformation:CancelUpdateStack"
9+ " cloudformation:CreateChangeSet"
10+ " cloudformation:CreateStack"
11+ " cloudformation:CreateUploadBucket"
12+ " cloudformation:DeleteChangeSet"
13+ " cloudformation:DeleteStack"
14+ " cloudformation:DescribeAccountLimits"
15+ " cloudformation:DescribeChangeSet"
16+ " cloudformation:DescribeStackDriftDetectionStatus"
17+ " cloudformation:DescribeStackEvents"
18+ " cloudformation:DescribeStackInstance"
19+ " cloudformation:DescribeStackResource"
20+ " cloudformation:DescribeStackResourceDrifts"
21+ " cloudformation:DescribeStackResources"
22+ " cloudformation:DescribeStacks"
23+ " cloudformation:DescribeType"
24+ " cloudformation:DescribeTypeRegistration"
25+ " cloudformation:DetectStackDrift"
26+ " cloudformation:DetectStackResourceDrift"
27+ " cloudformation:EstimateTemplateCost"
28+ " cloudformation:ExecuteChangeSet"
29+ " cloudformation:GetStackPolicy"
30+ " cloudformation:GetTemplate"
31+ " cloudformation:GetTemplateSummary"
32+ " cloudformation:ListChangeSets"
33+ " cloudformation:ListExports"
34+ " cloudformation:ListImports"
35+ " cloudformation:ListStackInstances"
36+ " cloudformation:ListStackResources"
37+ " cloudformation:ListStacks"
38+ " cloudformation:ListTypeRegistrations"
39+ " cloudformation:ListTypeVersions"
40+ " cloudformation:ListTypes"
41+ " cloudformation:TagResource"
42+ " cloudformation:UntagResource"
43+ " cloudformation:UpdateStack"
44+ " cloudformation:ValidateTemplate"
45+ " cloudtrail:AddTags"
46+ " cloudtrail:CreateTrail"
47+ " cloudtrail:DeleteTrail"
48+ " cloudtrail:DescribeTrails"
49+ " cloudtrail:PutEventSelectors"
50+ " cloudtrail:RemoveTags"
51+ " cloudtrail:StartLogging"
52+ " cloudtrail:StopLogging"
53+ " cloudtrail:UpdateTrail"
54+ " cloudwatch:DeleteAlarms"
55+ " cloudwatch:DeleteMetricStream"
56+ " cloudwatch:GetMetricStream"
57+ " cloudwatch:PutMetricAlarm"
58+ " events:DeleteRule"
59+ " events:DescribeRule"
60+ " events:PutRule"
61+ " events:PutTargets"
62+ " events:RemoveTargets"
63+ " firehose:CreateDeliveryStream"
64+ " firehose:DeleteDeliveryStream"
65+ " firehose:DescribeDeliveryStream"
66+ " firehose:TagDeliveryStream"
67+ " firehose:UntagDeliveryStream"
68+ " firehose:UpdateDestination"
69+ " iam:AttachRolePolicy"
70+ " iam:CreatePolicy"
71+ " iam:CreateRole"
72+ " iam:DeletePolicy"
73+ " iam:DeleteRole"
74+ " iam:DeleteRolePolicy"
75+ " iam:DetachRolePolicy"
76+ " iam:GetPolicy"
77+ " iam:GetRole"
78+ " iam:GetRolePolicy"
79+ " iam:ListRoles"
80+ " iam:PassRole"
81+ " iam:PutRolePolicy"
82+ " iam:TagRole"
83+ " iam:UntagRole"
84+ " iam:UpdateRole"
85+ " lambda:AddPermission"
86+ " lambda:CreateFunction"
87+ " lambda:DeleteFunction"
88+ " lambda:GetFunction"
89+ " lambda:GetFunctionConfiguration"
90+ " lambda:InvokeFunction"
91+ " lambda:ListTags"
92+ " lambda:RemovePermission"
93+ " lambda:TagResource"
94+ " lambda:UntagResource"
95+ " lambda:UpdateFunctionCode"
96+ " lambda:UpdateFunctionConfiguration"
97+ " logs:CreateLogDelivery"
98+ " logs:CreateLogGroup"
99+ " logs:CreateLogStream"
100+ " logs:DeleteDestination"
101+ " logs:DeleteLogDelivery"
102+ " logs:DeleteLogGroup"
103+ " logs:DeleteLogStream"
104+ " logs:DeleteResourcePolicy"
105+ " logs:DeleteRetentionPolicy"
106+ " logs:DeleteSubscriptionFilter"
107+ " logs:DescribeLogGroups"
108+ " logs:DescribeSubscriptionFilters"
109+ " logs:DisassociateKmsKey"
110+ " logs:ListTagsForResource"
111+ " logs:PutDestination"
112+ " logs:PutDestinationPolicy"
113+ " logs:PutLogEvents"
114+ " logs:PutResourcePolicy"
115+ " logs:PutRetentionPolicy"
116+ " logs:PutSubscriptionFilter"
117+ " logs:TagLogGroup"
118+ " logs:TagResource"
119+ " logs:UntagLogGroup"
120+ " logs:UntagResource"
121+ " logs:UpdateLogDelivery"
122+ " s3:CreateBucket"
123+ " s3:DeleteBucket"
124+ " s3:DeleteBucketPolicy"
125+ " s3:DeleteObject"
126+ " s3:GetBucketPolicy"
127+ " s3:GetObject"
128+ " s3:ListBucket"
129+ " s3:PutBucketNotification"
130+ " s3:PutBucketPolicy"
131+ " s3:PutBucketPublicAccessBlock"
132+ " s3:PutBucketTagging"
133+ " secretsmanager:DescribeSecret"
134+ " secretsmanager:GetRandomPassword"
135+ " secretsmanager:GetResourcePolicy"
136+ " secretsmanager:GetSecretValue"
137+ " secretsmanager:ListSecretVersionIds"
138+ " serverlessrepo:CreateCloudFormationChangeSet"
139+ " serverlessrepo:CreateCloudFormationTemplate"
140+ " serverlessrepo:GetApplication"
141+ " serverlessrepo:GetApplicationPolicy"
142+ " serverlessrepo:GetCloudFormationTemplate"
143+ " serverlessrepo:ListApplicationDependencies"
144+ " serverlessrepo:ListApplicationVersions"
145+ " serverlessrepo:ListApplications"
146+ " serverlessrepo:SearchApplications"
147+ " sns:ConfirmSubscription"
148+ " sns:CreateTopic"
149+ " sns:DeleteEndpoint"
150+ " sns:DeleteTopic"
151+ " sns:GetTopicAttributes"
152+ " sns:ListSubscriptions"
153+ " sns:ListSubscriptionsByTopic"
154+ " sns:ListTopics"
155+ " sns:Publish"
156+ " sns:SetSubscriptionAttributes"
157+ " sns:SetTopicAttributes"
158+ " sns:Subscribe"
159+ " sns:TagResource"
160+ " sns:Unsubscribe"
161+ " sns:UntagResource"
162+ " sqs:CreateQueue"
163+ " sqs:DeleteQueue"
164+ " sqs:GetQueueAttributes"
165+ " sqs:GetQueueUrl"
166+ " sqs:ListDeadLetterSourceQueues"
167+ " sqs:ListQueueTags"
168+ " sqs:ListQueues"
169+ " sqs:PurgeQueue"
170+ " sqs:ReceiveMessage"
171+ ],
172+ "Resource" : " *"
173+ }
174+ ]
175+ }
0 commit comments