/
permissions_scope_account.json
140 lines (140 loc) · 5.72 KB
/
permissions_scope_account.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowLintingPolicies",
"Effect": "Allow",
"Action": [
"access-analyzer:ValidatePolicy",
"acm-pca:GetPolicy",
"acm-pca:ListCertificateAuthorities",
"appmesh:GetMeshPolicy",
"appsync:GetResourcePolicy",
"backup:GetBackupVaultAccessPolicy",
"backup:ListBackupVaults",
"cloudtrail:GetResourcePolicy",
"cloudtrail:ListChannels",
"codeartifact:GetDomainPermissionsPolicy",
"codeartifact:GetRepositoryPermissionsPolicy",
"codeartifact:ListDomains",
"codeartifact:ListRepositories",
"codebuild:GetResourcePolicy",
"codebuild:ListProjects",
"codebuild:ListReportGroups",
"datazone:GetDomainSharingPolicy",
"dynamodb:DescribeTable",
"dynamodb:GetResourcePolicy",
"dynamodb:ListTables",
"ec2:DescribeRegions",
"ec2:DescribeVpcEndpoints",
"ec2:GetResourcePolicy",
"ecr:DescribeRepositories",
"ecr:GetRepositoryPolicy",
"ecr:GetRegistryPolicy",
"ecr-public:DescribeRepositories",
"ecr-public:GetRepositoryPolicy",
"elasticfilesystem:DescribeFileSystemPolicy",
"elasticfilesystem:DescribeFileSystems",
"es:DescribeDomain",
"es:ListDomainNames",
"events:ListEventBuses",
"glacier:GetVaultAccessPolicy",
"glacier:GetVaultLock",
"glacier:ListVaults",
"glue:GetResourcePolicy",
"iam:GetGroupPolicy",
"iam:GetPolicyVersion",
"iam:GetRolePolicy",
"iam:GetUserPolicy",
"iam:ListGroupPolicies",
"iam:ListGroups",
"iam:ListPolicies",
"iam:ListPolicyVersions",
"iam:ListRolePolicies",
"iam:ListRoles",
"iam:ListUserPolicies",
"iam:ListUsers",
"iot:GetPolicyVersion",
"iot:ListPolicies",
"iot:ListPolicyVersions",
"kinesis:GetResourcePolicy",
"kinesis:ListStreamConsumers",
"kinesis:ListStreams",
"kms:DescribeKey",
"kms:GetKeyPolicy",
"kms:ListKeys",
"lambda:GetLayerVersionPolicy",
"lambda:GetPolicy",
"lambda:ListFunctions",
"lambda:ListLayers",
"lambda:ListLayerVersions",
"lambda:ListVersionsByFunction",
"lex:DescribeResourcePolicy",
"lex:ListBotAliases",
"lex:ListBots",
"logs:DescribeDeliveryDestinations",
"logs:DescribeDestinations",
"logs:DescribeResourcePolicies",
"logs:GetDeliveryDestinationPolicy",
"mediastore:GetContainerPolicy",
"mediastore:ListContainers",
"organizations:DescribeOrganization",
"organizations:DescribePolicy",
"organizations:DescribeResourcePolicy",
"organizations:ListPolicies",
"organizations:ListRoots",
"ram:GetPermission",
"ram:GetResourcePolicies",
"ram:ListPermissions",
"ram:ListResources",
"redshift-serverless:GetResourcePolicy",
"redshift-serverless:ListSnapshots",
"refactor-spaces:GetResourcePolicy",
"refactor-spaces:ListEnvironments",
"rekognition:DescribeProjects",
"rekognition:ListProjectPolicies",
"s3:GetAccessPointPolicy",
"s3:GetAccessPointPolicyForObjectLambda",
"s3:GetBucketLocation",
"s3:GetBucketPolicy",
"s3:GetMultiRegionAccessPointPolicy",
"s3:ListAccessPoints",
"s3:ListAccessPointsForObjectLambda",
"s3:ListAllMyBuckets",
"s3:ListMultiRegionAccessPoints",
"s3express:GetBucketPolicy",
"s3express:ListAllMyDirectoryBuckets",
"schemas:GetResourcePolicy",
"schemas:ListRegistries",
"secretsmanager:GetResourcePolicy",
"secretsmanager:ListSecrets",
"securityhub:DescribeProducts",
"securityhub:ListEnabledProductsForImport",
"ses:GetIdentityPolicies",
"ses:ListIdentities",
"ses:ListIdentityPolicies",
"sns:GetTopicAttributes",
"sns:ListTopics",
"sqs:GetQueueAttributes",
"sqs:ListQueues",
"ssm:DescribeParameters",
"ssm:GetResourcePolicies",
"ssm-contacts:GetContactPolicy",
"ssm-contacts:ListContacts",
"ssm-incidents:GetResourcePolicies",
"ssm-incidents:ListResponsePlans",
"sso:DescribePermissionSet",
"sso:GetInlinePolicyForPermissionSet",
"sso:ListInstances",
"sso:ListPermissionSets"
],
"Resource": "*"
},
{
"Sid": "AllowLintingPoliciesForAPIGatewayRESTAPIs",
"Effect": "Allow",
"Action": "apigateway:GET",
"Resource": "arn:aws:apigateway:*::/restapis"
}
]
}