-
Notifications
You must be signed in to change notification settings - Fork 1
/
data_iam_no_access.tf
105 lines (104 loc) · 2.01 KB
/
data_iam_no_access.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
data "aws_iam_policy_document" "no_access" {
statement {
sid = "DenyAllActions"
effect = "Deny"
actions = [
"acm:*",
"artifact:*",
"apigateway:*",
"application-autoscaling:*",
"appmesh:*",
"appstream:*",
"athena:*",
"autoscaling:*",
"autoscaling-plans:*",
"connect:*",
"clouddirectory:*",
"cloud9:*",
"cloudformation:*",
"cloudfront:*",
"cloudhsm:*",
"cloudsearch:*",
"cloudtrail:*",
"cloudwatch:*",
"codebuild:*",
"codecommit:*",
"codedeploy:*",
"codepipeline:*",
"codestar:*",
"cognito:*",
"cognito-identity:*",
"cognito-idp:*",
"cognito-sync:*",
"config:*",
"batch:*",
"datapipeline:*",
"discovery:*",
"dlm:*",
"dms:*",
"ds:*",
"directconnect:*",
"dynamodb:*",
"dax:*",
"ec2:*",
"ec2messages:*",
"ecr:*",
"ecs:*",
"eks:*",
"elasticfilesystem:*",
"elasticloadbalancing:*",
"elasticmapreduce:*",
"elasticache:*",
"es:*",
"events:*",
"execute-api:*",
"firehose:*",
"iam:*",
"inspector:*",
"glacier:*",
"glue:*",
"guardduty:*",
"health:*",
"importexport:*",
"inspector:*",
"kinesis:*",
"kms:*",
"lambda:*",
"lightsail:*",
"logs:*",
"maice:*",
"mgh:*",
"mq:*",
"pricing:*",
"rds:*",
"redshift:*",
"resource-groups:*",
"route53:*",
"route53domains:*",
"s3:*",
"ses:*",
"secretsmanager:*",
"servicediscovery:*",
"shield:*",
"sdb:*",
"sso:*",
"sns:*",
"sqs:*",
"states:*",
"sts:*",
"swf:*",
"storagegateway:*",
"tag:*",
"translate:*",
"trustedadvisor:*",
"waf:*",
"waf-regional:*",
"xray:*",
"aws-marketplace:*",
"aws-marketplace-management:*",
]
resources = [
"*"
]
}
}