This repository has been archived by the owner on Oct 6, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 55
/
Copy patheks-admin-iam-policy.json
159 lines (159 loc) · 5.78 KB
/
eks-admin-iam-policy.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CFN",
"Effect": "Allow",
"Action": [
"cloudformation:CreateUploadBucket",
"cloudformation:DeleteStackInstances",
"cloudformation:ListExports",
"cloudformation:DescribeStackDriftDetectionStatus",
"cloudformation:DetectStackDrift",
"cloudformation:CancelUpdateStack",
"cloudformation:UpdateStackInstances",
"cloudformation:ListStackSetOperations",
"cloudformation:ListStackInstances",
"cloudformation:UpdateTerminationProtection",
"cloudformation:DescribeStackResource",
"cloudformation:UpdateStackSet",
"cloudformation:CreateChangeSet",
"cloudformation:CreateStackInstances",
"cloudformation:DeleteChangeSet",
"cloudformation:ContinueUpdateRollback",
"cloudformation:ListStackSetOperationResults",
"cloudformation:DetectStackResourceDrift",
"cloudformation:EstimateTemplateCost",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStackSetOperation",
"cloudformation:UpdateStack",
"cloudformation:DescribeAccountLimits",
"cloudformation:StopStackSetOperation",
"cloudformation:DescribeChangeSet",
"cloudformation:CreateStackSet",
"cloudformation:ExecuteChangeSet",
"cloudformation:ListStackResources",
"cloudformation:ListStacks",
"cloudformation:ListImports",
"cloudformation:DescribeStackInstance",
"cloudformation:DescribeStackResources",
"cloudformation:SignalResource",
"cloudformation:DeleteStackSet",
"cloudformation:GetTemplateSummary",
"cloudformation:DescribeStacks",
"cloudformation:DescribeStackResourceDrifts",
"cloudformation:GetStackPolicy",
"cloudformation:DescribeStackSet",
"cloudformation:ListStackSets",
"cloudformation:CreateStack",
"cloudformation:GetTemplate",
"cloudformation:DeleteStack",
"cloudformation:ValidateTemplate",
"cloudformation:ListChangeSets"
],
"Resource": "*"
},
{
"Sid": "EKSFullAccess",
"Effect": "Allow",
"Action": "eks:*",
"Resource": "*"
},
{
"Sid": "IAM",
"Effect": "Allow",
"Action": [
"iam:CreateInstanceProfile",
"iam:DeleteInstanceProfile",
"iam:GetRole",
"iam:GetInstanceProfile",
"iam:RemoveRoleFromInstanceProfile",
"iam:CreateRole",
"iam:DeleteRole",
"iam:AttachRolePolicy",
"iam:PutRolePolicy",
"iam:AddRoleToInstanceProfile",
"iam:PassRole",
"iam:DetachRolePolicy",
"iam:DeleteRolePolicy",
"iam:GetRolePolicy"
],
"Resource": "*"
},
{
"Sid": "Lambda",
"Effect": "Allow",
"Action": [
"lambda:CreateFunction",
"lambda:AddPermission",
"lambda:RemovePermission",
"lambda:TagResource",
"lambda:GetLayerVersion",
"lambda:PublishLayerVersion",
"lambda:InvokeAsync",
"lambda:GetAccountSettings",
"lambda:GetFunctionConfiguration",
"lambda:CreateEventSourceMapping",
"lambda:GetLayerVersionPolicy",
"lambda:UntagResource",
"lambda:PutFunctionConcurrency",
"lambda:ListTags",
"lambda:DeleteLayerVersion",
"lambda:DeleteFunction",
"lambda:GetAlias",
"lambda:UpdateEventSourceMapping",
"lambda:GetEventSourceMapping",
"lambda:InvokeFunction",
"lambda:GetFunction",
"lambda:UpdateFunctionConfiguration",
"lambda:UpdateAlias",
"lambda:UpdateFunctionCode",
"lambda:DeleteAlias",
"lambda:PublishVersion",
"lambda:DeleteFunctionConcurrency",
"lambda:DeleteEventSourceMapping",
"lambda:GetPolicy",
"lambda:CreateAlias"
],
"Resource": "*"
},
{
"Sid": "S3",
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "*"
},
{
"Sid": "CWE",
"Effect": "Allow",
"Action": [
"events:PutRule",
"events:DescribeRule",
"events:RemoveTargets",
"events:PutTargets",
"events:DeleteRule"
],
"Resource": "*"
},
{
"Sid": "SAR",
"Effect": "Allow",
"Action": [
"serverlessrepo:GetCloudFormationTemplate",
"serverlessrepo:CreateCloudFormationTemplate"
],
"Resource": "*"
},
{
"Sid": "SSM",
"Effect": "Allow",
"Action": [
"ssm:GetParameters",
"ssm:GetParameter"
],
"Resource": [
"arn:aws:ssm:*:*:parameter/aws/service/eks/optimized-ami/*"
]
}
]
}