Merge pull request #56 from aws-samples/Swara-changes

Add new services as supported by RCPs and VPCEOrgID.

Author: liwadman

resource_control_policies/identity_perimeter_rcp.json

@@ -7,18 +7,23 @@
             "Principal": "*",
             "Action": [
                 "s3:*",
-                "sqs:*",
-                "kms:*",
-                "secretsmanager:*",
                 "sts:AssumeRole",
                 "sts:DecodeAuthorizationMessage",
                 "sts:GetAccessKeyInfo",
                 "sts:GetFederationToken",
                 "sts:GetServiceBearerToken",
                 "sts:GetSessionToken",
                 "sts:SetContext",
-                "aoss:*",
-                "ecr:*"
+                "kms:*",
+                "sqs:*",
+                "secretsmanager:*",
+                "cognito-identity:*",
+                "cognito-idp:*",
+                "cognito-sync:*",
+                "logs:*",
+                "dynamodb:*",
+                "ecr:*",
+                "aoss:*"
             ],
             "Resource": "*",
             "Condition": {
@@ -72,12 +77,17 @@
             "Principal": "*",
             "Action": [
                 "s3:*",
-                "sqs:*",
+                "sts:*",
                 "kms:*",
+                "sqs:*",
                 "secretsmanager:*",
-                "sts:*",
-                "aoss:*",
-                "ecr:*"
+                "cognito-identity:*",
+                "cognito-idp:*",
+                "cognito-sync:*",
+                "logs:*",
+                "dynamodb:*",
+                "ecr:*",
+                "aoss:*"
             ],
             "Resource": "*",
             "Condition": {

resource_control_policies/network_perimeter_sourcevpc_rcp.json

@@ -6,17 +6,19 @@
       "Effect": "Deny",
       "Principal": "*",
       "Action": [
-        "sqs:*",
+        "aoss:*",
+        "cognito-idp:*",
+        "cognito-sync:*",
+        "dynamodb:*",
+        "logs:*",
         "secretsmanager:*",
         "sts:AssumeRole",
         "sts:DecodeAuthorizationMessage",
         "sts:GetAccessKeyInfo",
         "sts:GetFederationToken",
         "sts:GetServiceBearerToken",
         "sts:GetSessionToken",
-        "sts:SetContext",
-        "aoss:*",
-        "ecr:*"
+        "sts:SetContext"
       ],
       "Resource": "*",
       "Condition": {
@@ -53,17 +55,19 @@
       "Effect": "Deny",
       "Principal": "*",
       "Action": [
-        "sqs:*",
+        "aoss:*",
+        "cognito-idp:*",
+        "cognito-sync:*",
+        "dynamodb:*",
+        "logs:*",
         "secretsmanager:*",
         "sts:AssumeRole",
         "sts:DecodeAuthorizationMessage",
         "sts:GetAccessKeyInfo",
         "sts:GetFederationToken",
         "sts:GetServiceBearerToken",
         "sts:GetSessionToken",
-        "sts:SetContext",
-        "aoss:*",
-        "ecr:*"
+        "sts:SetContext"
       ],
       "Resource": "*",
       "Condition": {
@@ -80,17 +84,19 @@
       "Effect": "Deny",
       "Principal": "*",
       "Action": [
-        "sqs:*",
+        "aoss:*",
+        "cognito-idp:*",
+        "cognito-sync:*",
+        "dynamodb:*",
+        "logs:*",
         "secretsmanager:*",
         "sts:AssumeRole",
         "sts:DecodeAuthorizationMessage",
         "sts:GetAccessKeyInfo",
         "sts:GetFederationToken",
         "sts:GetServiceBearerToken",
         "sts:GetSessionToken",
-        "sts:SetContext",
-        "aoss:*",
-        "ecr:*"
+        "sts:SetContext"
       ],
       "Resource": "*",
       "Condition": {

resource_control_policies/network_perimeter_vpceorgid_rcp.json

@@ -6,8 +6,11 @@
             "Effect": "Deny",
             "Principal": "*",
             "Action": [
+                "cognito-identity:*",
+                "ecr:*",
+                "kms:*",
                 "s3:*",
-                "kms:*"
+                "sqs:*"
             ],
             "Resource": "*",
             "Condition": {

service_control_policies/network_perimeter_vpceorgid_scp.json

@@ -9,33 +9,50 @@
             "applicationinsights:*",
             "apprunner:*",
             "athena:*",
+            "b2bi:*",
+            "cassandra:*",
             "cloudformation:*",
+            "cognito-identity:*",
             "comprehendmedical:*",
             "compute-optimizer:*",
             "datasync:*",
             "discovery:*",
+            "dms:*",
+            "ds-data:*",
             "ebs:*",
+            "ecr:*",
+            "ecs:*",
             "firehose:*",
             "healthlake:*",
+            "identitystore:*",
             "iotfleetwise:*",
+            "iottwinmaker:*",
             "iotwireless:*",
+            "kinesisanalytics:*",
             "kms:*",
             "lambda:*",
             "medical-imaging:*",
+            "network-firewall:*",
             "omics:*",
             "payment-cryptography:*",
             "polly:*",
+            "pricing:*",
             "rbin:*",
             "rekognition:*",
+            "route53:*",
             "s3:*",
             "scheduler:*",
             "servicediscovery:*",
             "servicequotas:*",
+            "ses:*",
+            "sms-voice:*",
+            "sqs:*",
             "ssm-contacts:*",
             "storagegateway:*",
             "textract:*",
             "transcribe:*",
-            "transfer:*"
+            "transfer:*",
+            "workmail:*"
          ],
          "Resource":"*",
          "Condition":{