From 69190a17e116a686b26fd5739a4f60d449b5cdbd Mon Sep 17 00:00:00 2001 From: Abhay Kumar Gupta Date: Sat, 17 Jun 2023 12:23:29 +0530 Subject: [PATCH 1/4] Update policy.json fix-issue(#852) --- policy.json | 90 ++++++++++++++++++++++++++--------------------------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/policy.json b/policy.json index b41a15df0..6f5138412 100644 --- a/policy.json +++ b/policy.json @@ -5,15 +5,15 @@ "Sid": "1", "Effect": "Allow", "Action": [ - "ec2:Describe*", - "elasticloadbalancing:Describe*", - "autoscaling:Describe*", - "s3:Describe*", - "ecs:List*", + "ec2:DescribeInstances", + "elasticloadbalancing:DescribeLoadBalancers", + "autoscaling:DescribeAutoScalingGroups", + "s3:ListBuckets", + "ecs:ListClusters", "ce:GetCostAndUsage", "ce:GetCostForecast", "apigateway:GET", - "dynamodb:Describe*" + "dynamodb:DescribeTable" ], "Resource": "*" }, @@ -21,16 +21,16 @@ "Sid": "2", "Effect": "Allow", "Action": [ - "lambda:List*", - "dynamodb:List*", - "cloudfront:List*", - "iam:List*", - "ecs:Describe*", - "glacier:List*", - "sqs:List*", - "route53:List*", - "sns:List*", - "s3:Get*" + "lambda:ListFunctions", + "dynamodb:ListTables", + "cloudfront:ListDistributions", + "iam:ListUsers", + "ecs:DescribeClusters", + "glacier:ListVaults", + "sqs:ListQueues", + "route53:ListHostedZones", + "sns:ListTopics", + "s3:GetObject" ], "Resource": "*" }, @@ -38,17 +38,17 @@ "Sid": "3", "Effect": "Allow", "Action": [ - "acm:List*", - "mq:List*", - "cloudwatch:Get*", + "acm:ListCertificates", + "mq:ListBrokers", + "cloudwatch:GetMetricStatistics", "cloudtrail:LookupEvents", - "datapipeline:List*", - "eks:List*", - "elasticache:Describe*", - "es:List*", - "logs:Describe*", - "rds:Describe*", - "cloudwatch:Describe*" + "datapipeline:ListPipelines", + "eks:ListClusters", + "elasticache:DescribeCacheClusters", + "es:ListDomainNames", + "logs:DescribeLogGroups", + "rds:DescribeDBInstances", + "cloudwatch:DescribeAlarms" ], "Resource": "*" }, @@ -56,17 +56,17 @@ "Sid": "4", "Effect": "Allow", "Action": [ - "glue:Get*", - "organizations:Describe*", - "iam:Get*", - "kinesis:List*", - "kms:List*", - "kms:Describe*", - "redshift:Describe*", - "tag:Get*", - "route53:List*", - "support:Describe*", - "swf:List*", + "glue:GetDatabase", + "organizations:DescribeOrganization", + "iam:GetUser", + "kinesis:ListStreams", + "kms:ListKeys", + "kms:DescribeKey", + "redshift:DescribeClusters", + "tag:GetResources", + "route53:ListResourceRecordSets", + "support:DescribeCases", + "swf:ListDomains", "config:BatchGetResourceConfig" ], "Resource": "*" @@ -75,15 +75,15 @@ "Sid": "5", "Effect": "Allow", "Action": [ - "sns:List*", - "lambda:List*", - "kms:List*", + "sns:ListTopics", + "lambda:ListFunctions", + "kms:ListAliases", "pricing:GetProducts", - "ecr:Describe*", - "elasticfilesystem:Describe*", - "rds:Describe*", - "elasticache:List*", - "eks:Describe*", + "ecr:DescribeRepositories", + "elasticfilesystem:DescribeFileSystems", + "rds:DescribeDBInstances", + "elasticache:ListTagsForResource", + "eks:DescribeCluster", "elasticloadbalancing:DescribeTags" ], "Resource": "*" From aa95e3847eb0e23d82a8f4731a94f0f37b57c14f Mon Sep 17 00:00:00 2001 From: Abhay Kumar Gupta Date: Fri, 23 Jun 2023 14:49:22 +0530 Subject: [PATCH 2/4] Update policy.json --- policy.json | 195 ++++++++++++++++++++++++++++------------------------ 1 file changed, 104 insertions(+), 91 deletions(-) diff --git a/policy.json b/policy.json index 6f5138412..b1236e16f 100644 --- a/policy.json +++ b/policy.json @@ -1,92 +1,105 @@ { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "1", - "Effect": "Allow", - "Action": [ - "ec2:DescribeInstances", - "elasticloadbalancing:DescribeLoadBalancers", - "autoscaling:DescribeAutoScalingGroups", - "s3:ListBuckets", - "ecs:ListClusters", - "ce:GetCostAndUsage", - "ce:GetCostForecast", - "apigateway:GET", - "dynamodb:DescribeTable" - ], - "Resource": "*" - }, - { - "Sid": "2", - "Effect": "Allow", - "Action": [ - "lambda:ListFunctions", - "dynamodb:ListTables", - "cloudfront:ListDistributions", - "iam:ListUsers", - "ecs:DescribeClusters", - "glacier:ListVaults", - "sqs:ListQueues", - "route53:ListHostedZones", - "sns:ListTopics", - "s3:GetObject" - ], - "Resource": "*" - }, - { - "Sid": "3", - "Effect": "Allow", - "Action": [ - "acm:ListCertificates", - "mq:ListBrokers", - "cloudwatch:GetMetricStatistics", - "cloudtrail:LookupEvents", - "datapipeline:ListPipelines", - "eks:ListClusters", - "elasticache:DescribeCacheClusters", - "es:ListDomainNames", - "logs:DescribeLogGroups", - "rds:DescribeDBInstances", - "cloudwatch:DescribeAlarms" - ], - "Resource": "*" - }, - { - "Sid": "4", - "Effect": "Allow", - "Action": [ - "glue:GetDatabase", - "organizations:DescribeOrganization", - "iam:GetUser", - "kinesis:ListStreams", - "kms:ListKeys", - "kms:DescribeKey", - "redshift:DescribeClusters", - "tag:GetResources", - "route53:ListResourceRecordSets", - "support:DescribeCases", - "swf:ListDomains", - "config:BatchGetResourceConfig" - ], - "Resource": "*" - }, - { - "Sid": "5", - "Effect": "Allow", - "Action": [ - "sns:ListTopics", - "lambda:ListFunctions", - "kms:ListAliases", - "pricing:GetProducts", - "ecr:DescribeRepositories", - "elasticfilesystem:DescribeFileSystems", - "rds:DescribeDBInstances", - "elasticache:ListTagsForResource", - "eks:DescribeCluster", - "elasticloadbalancing:DescribeTags" - ], - "Resource": "*" - } - ] -} + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "1", + "Effect": "Allow", + "Action": [ + "ec2:DescribeInstances", + "ec2:DescribeImages", + "ec2:DescribeKeyPairs", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "elasticloadbalancing:DescribeLoadBalancers", + "autoscaling:DescribeAutoScalingGroups", + "s3:ListAllMyBuckets", + "s3:GetBucketLocation", + "s3:GetBucketAcl", + "s3:GetBucketPolicy", + "ecs:ListClusters", + "ecs:ListServices", + "ce:GetCostAndUsage", + "ce:GetCostForecast", + "apigateway:GET", + "dynamodb:DescribeTable", + "cloudwatch:DescribeDashboards", + "es:ListDomainNames" + ], + "Resource": "*" + }, + { + "Sid": "2", + "Effect": "Allow", + "Action": [ + "lambda:ListFunctions", + "dynamodb:ListTables", + "cloudfront:ListDistributions", + "iam:ListRoles", + "ecs:DescribeTasks", + "glacier:ListVaults", + "sqs:ListQueues", + "route53:ListHostedZones", + ":ListTopics", + "s3:GetObject", + "logs:DescribeLogGroups" + ], + "Resource": "*" + }, + { + "Sid": "3", + "Effect": "Allow", + "Action": [ + "acm:ListCertificates", + "mq:ListBrokers", + "cloudwatch:GetMetricStatistics", + "cloudtrail:LookupEvents", + "datapipeline:ListPipelines", + "eks:ListClusters", + "elasticache:DescribeCacheClusters", + "es:ListDomainNames", + "rds:DescribeDBInstances", + "cloudwatch:DescribeAlarms" + ], + "Resource": "*" + }, + { + "Sid": "4", + "Effect": "Allow", + "Action": [ + "glue:GetDatabase", + "glue:GetTables", + "organizations:DescribeOrganization", + "iam:GetUser", + "iam:GetRole", + "kinesis:ListStreams", + "kms:ListKeys", + "kms:DescribeKey", + "redshift:DescribeClusters", + "tag:GetResources", + "route53:ListResourceRecordSets", + "support:DescribeCases", + "swf:ListDomains", + "config:BatchGetResourceConfig" + ], + "Resource": "*" + }, + { + "Sid": "5", + "Effect": "Allow", + "Action": [ + "sns:ListTopics", + "lambda:ListFunctions", + "kms:ListKeys", + "pricing:GetProducts", + "ecr:DescribeRepositories", + "elasticfilesystem:DescribeFileSystems", + "rds:DescribeDBInstances", + "elasticache:ListCacheClusters", + "eks:DescribeCluster", + "elasticloadbalancing:DescribeTags" + ], + "Resource": "*" + } + ] + } + From 0e8b2e0dc13a21bd558d422d7176e40cd83e9fa9 Mon Sep 17 00:00:00 2001 From: Abhay Kumar Gupta Date: Sun, 23 Jul 2023 13:50:06 +0530 Subject: [PATCH 3/4] Update policy.json --- policy.json | 217 +++++++++++++++++++++++++++------------------------- 1 file changed, 113 insertions(+), 104 deletions(-) diff --git a/policy.json b/policy.json index b1236e16f..b0cb7cae7 100644 --- a/policy.json +++ b/policy.json @@ -1,105 +1,114 @@ { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "1", - "Effect": "Allow", - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeImages", - "ec2:DescribeKeyPairs", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "elasticloadbalancing:DescribeLoadBalancers", - "autoscaling:DescribeAutoScalingGroups", - "s3:ListAllMyBuckets", - "s3:GetBucketLocation", - "s3:GetBucketAcl", - "s3:GetBucketPolicy", - "ecs:ListClusters", - "ecs:ListServices", - "ce:GetCostAndUsage", - "ce:GetCostForecast", - "apigateway:GET", - "dynamodb:DescribeTable", - "cloudwatch:DescribeDashboards", - "es:ListDomainNames" - ], - "Resource": "*" - }, - { - "Sid": "2", - "Effect": "Allow", - "Action": [ - "lambda:ListFunctions", - "dynamodb:ListTables", - "cloudfront:ListDistributions", - "iam:ListRoles", - "ecs:DescribeTasks", - "glacier:ListVaults", - "sqs:ListQueues", - "route53:ListHostedZones", - ":ListTopics", - "s3:GetObject", - "logs:DescribeLogGroups" - ], - "Resource": "*" - }, - { - "Sid": "3", - "Effect": "Allow", - "Action": [ - "acm:ListCertificates", - "mq:ListBrokers", - "cloudwatch:GetMetricStatistics", - "cloudtrail:LookupEvents", - "datapipeline:ListPipelines", - "eks:ListClusters", - "elasticache:DescribeCacheClusters", - "es:ListDomainNames", - "rds:DescribeDBInstances", - "cloudwatch:DescribeAlarms" - ], - "Resource": "*" - }, - { - "Sid": "4", - "Effect": "Allow", - "Action": [ - "glue:GetDatabase", - "glue:GetTables", - "organizations:DescribeOrganization", - "iam:GetUser", - "iam:GetRole", - "kinesis:ListStreams", - "kms:ListKeys", - "kms:DescribeKey", - "redshift:DescribeClusters", - "tag:GetResources", - "route53:ListResourceRecordSets", - "support:DescribeCases", - "swf:ListDomains", - "config:BatchGetResourceConfig" - ], - "Resource": "*" - }, - { - "Sid": "5", - "Effect": "Allow", - "Action": [ - "sns:ListTopics", - "lambda:ListFunctions", - "kms:ListKeys", - "pricing:GetProducts", - "ecr:DescribeRepositories", - "elasticfilesystem:DescribeFileSystems", - "rds:DescribeDBInstances", - "elasticache:ListCacheClusters", - "eks:DescribeCluster", - "elasticloadbalancing:DescribeTags" - ], - "Resource": "*" - } - ] - } - + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "1", + "Effect": "Allow", + "Action": [ + "ec2:Describe*", + "elasticloadbalancing:Describe*", + "autoscaling:Describe*", + "s3:Describe*", + "ecs:List*", + "ce:GetCostAndUsage", + "ce:GetCostForecast", + "apigateway:GET", + "dynamodb:Describe*" + ], + "Resource": "*" + }, + { + "Sid": "2", + "Effect": "Allow", + "Action": [ + "lambda:List*", + "dynamodb:List*", + "cloudfront:List*", + "iam:List*", + "ecs:Describe*", + "glacier:List*", + "sqs:List*", + "route53:List*", + "sns:List*", + "s3:Get*" + ], + "Resource": "*" + }, + { + "Sid": "3", + "Effect": "Allow", + "Action": [ + "acm:List*", + "mq:List*", + "cloudwatch:Get*", + "cloudtrail:LookupEvents", + "datapipeline:List*", + "eks:List*", + "elasticache:Describe*", + "es:List*", + "logs:Describe*", + "rds:Describe*", + "cloudwatch:Describe*", + "apigateway:List*", + "cloudfront:List*", + "cloudwatch:List*", + "dynamodb:List*", + "ec2:List*", + "ecr:Describe*", + "ecs:Describe*", + "efs:Describe*", + "eks:Describe*", + "elasticache:List*", + "elasticloadbalancing:Describe*", + "iam:List*", + "kinesis:List*", + "kms:List*", + "lambda:List*", + "opensearch:Describe*", + "rds:Describe*", + "s3:List*", + "servicecatalog:List*", + "sns:List*", + "sqs:List*", + "systemsmanager:List*" + ], + "Resource": "*" + }, + { + "Sid": "4", + "Effect": "Allow", + "Action": [ + "glue:Get*", + "organizations:Describe*", + "iam:Get*", + "kinesis:List*", + "kms:List*", + "kms:Describe*", + "redshift:Describe*", + "tag:Get*", + "route53:List*", + "support:Describe*", + "swf:List*", + "config:BatchGetResourceConfig" + ], + "Resource": "*" + }, + { + "Sid": "5", + "Effect": "Allow", + "Action": [ + "sns:List*", + "lambda:List*", + "kms:List*", + "pricing:GetProducts", + "ecr:Describe*", + "elasticfilesystem:Describe*", + "rds:Describe*", + "elasticache:List*", + "eks:Describe*", + "elasticloadbalancing:DescribeTags" + ], + "Resource": "*" + } + ] +} From 40c55ea210cea7105a6c93ba120c9755f7f5b06d Mon Sep 17 00:00:00 2001 From: Abhay Kumar Gupta Date: Thu, 27 Jul 2023 13:38:46 +0530 Subject: [PATCH 4/4] Update policy.json --- policy.json | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/policy.json b/policy.json index b0cb7cae7..99659eeec 100644 --- a/policy.json +++ b/policy.json @@ -12,7 +12,6 @@ "ecs:List*", "ce:GetCostAndUsage", "ce:GetCostForecast", - "apigateway:GET", "dynamodb:Describe*" ], "Resource": "*" @@ -49,11 +48,11 @@ "logs:Describe*", "rds:Describe*", "cloudwatch:Describe*", - "apigateway:List*", + "apigateway:GET", "cloudfront:List*", "cloudwatch:List*", "dynamodb:List*", - "ec2:List*", + "ec2:Describe*", "ecr:Describe*", "ecs:Describe*", "efs:Describe*", @@ -64,7 +63,6 @@ "kinesis:List*", "kms:List*", "lambda:List*", - "opensearch:Describe*", "rds:Describe*", "s3:List*", "servicecatalog:List*", @@ -102,7 +100,6 @@ "kms:List*", "pricing:GetProducts", "ecr:Describe*", - "elasticfilesystem:Describe*", "rds:Describe*", "elasticache:List*", "eks:Describe*",