Skip to content

Commit 1f0cd0c

Browse files
author
MAMIP Bot
committed
AmazonECSInfrastructureRoleforExpressGatewayServices - Policy Version v1
1 parent b8dc483 commit 1f0cd0c

File tree

1 file changed

+280
-0
lines changed

1 file changed

+280
-0
lines changed

policies/AmazonECSInfrastructureRoleforExpressGatewayServices

Lines changed: 280 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,280 @@
1+
{
2+
"PolicyVersion": {
3+
"CreateDate": "2025-11-12T20:34:08Z",
4+
"VersionId": "v1",
5+
"Document": {
6+
"Version": "2012-10-17",
7+
"Statement": [
8+
{
9+
"Action": "iam:CreateServiceLinkedRole",
10+
"Resource": "*",
11+
"Effect": "Allow",
12+
"Condition": {
13+
"StringEquals": {
14+
"iam:AWSServiceName": [
15+
"ecs.application-autoscaling.amazonaws.com",
16+
"elasticloadbalancing.amazonaws.com"
17+
]
18+
}
19+
},
20+
"Sid": "CreateSLRForAutoscaling"
21+
},
22+
{
23+
"Action": [
24+
"elasticloadbalancing:CreateListener",
25+
"elasticloadbalancing:CreateLoadBalancer",
26+
"elasticloadbalancing:CreateRule",
27+
"elasticloadbalancing:CreateTargetGroup",
28+
"elasticloadbalancing:ModifyListener",
29+
"elasticloadbalancing:ModifyRule",
30+
"elasticloadbalancing:AddListenerCertificates",
31+
"elasticloadbalancing:RemoveListenerCertificates",
32+
"elasticloadbalancing:RegisterTargets",
33+
"elasticloadbalancing:DeregisterTargets",
34+
"elasticloadbalancing:DeleteTargetGroup",
35+
"elasticloadbalancing:DeleteLoadBalancer",
36+
"elasticloadbalancing:DeleteRule",
37+
"elasticloadbalancing:DeleteListener"
38+
],
39+
"Resource": [
40+
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*",
41+
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
42+
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*/*",
43+
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
44+
],
45+
"Effect": "Allow",
46+
"Condition": {
47+
"StringEquals": {
48+
"aws:ResourceTag/AmazonECSManaged": "true"
49+
}
50+
},
51+
"Sid": "ELBOperations"
52+
},
53+
{
54+
"Action": "elasticloadbalancing:AddTags",
55+
"Resource": [
56+
"arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*",
57+
"arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*",
58+
"arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*/*",
59+
"arn:aws:elasticloadbalancing:*:*:targetgroup/*/*"
60+
],
61+
"Effect": "Allow",
62+
"Condition": {
63+
"StringEquals": {
64+
"elasticloadbalancing:CreateAction": [
65+
"CreateLoadBalancer",
66+
"CreateListener",
67+
"CreateRule",
68+
"CreateTargetGroup"
69+
]
70+
}
71+
},
72+
"Sid": "TagOnCreateELBResources"
73+
},
74+
{
75+
"Action": "ec2:CreateSecurityGroup",
76+
"Resource": "arn:aws:ec2:*:*:vpc/*",
77+
"Effect": "Allow",
78+
"Sid": "BlanketAllowCreateSecurityGroupsInVPCs"
79+
},
80+
{
81+
"Action": [
82+
"ec2:CreateSecurityGroup",
83+
"ec2:AuthorizeSecurityGroupEgress",
84+
"ec2:AuthorizeSecurityGroupIngress"
85+
],
86+
"Resource": [
87+
"arn:aws:ec2:*:*:security-group/*",
88+
"arn:aws:ec2:*:*:security-group-rule/*",
89+
"arn:aws:ec2:*:*:vpc/*"
90+
],
91+
"Effect": "Allow",
92+
"Condition": {
93+
"StringEquals": {
94+
"aws:RequestTag/AmazonECSManaged": "true"
95+
}
96+
},
97+
"Sid": "CreateSecurityGroupResourcesWithTags"
98+
},
99+
{
100+
"Action": [
101+
"ec2:AuthorizeSecurityGroupEgress",
102+
"ec2:AuthorizeSecurityGroupIngress",
103+
"ec2:DeleteSecurityGroup",
104+
"ec2:RevokeSecurityGroupEgress",
105+
"ec2:RevokeSecurityGroupIngress"
106+
],
107+
"Resource": [
108+
"arn:aws:ec2:*:*:security-group/*",
109+
"arn:aws:ec2:*:*:vpc/*"
110+
],
111+
"Effect": "Allow",
112+
"Condition": {
113+
"StringEquals": {
114+
"aws:ResourceTag/AmazonECSManaged": "true"
115+
}
116+
},
117+
"Sid": "ModifySecurityGroupOperations"
118+
},
119+
{
120+
"Action": "ec2:CreateTags",
121+
"Resource": [
122+
"arn:aws:ec2:*:*:security-group/*",
123+
"arn:aws:ec2:*:*:security-group-rule/*"
124+
],
125+
"Effect": "Allow",
126+
"Condition": {
127+
"StringEquals": {
128+
"ec2:CreateAction": [
129+
"CreateSecurityGroup",
130+
"AuthorizeSecurityGroupIngress",
131+
"AuthorizeSecurityGroupEgress"
132+
]
133+
}
134+
},
135+
"Sid": "TagOnCreateEC2Resources"
136+
},
137+
{
138+
"Action": [
139+
"acm:RequestCertificate",
140+
"acm:AddTagsToCertificate",
141+
"acm:DeleteCertificate",
142+
"acm:DescribeCertificate"
143+
],
144+
"Resource": [
145+
"arn:aws:acm:*:*:certificate/*"
146+
],
147+
"Effect": "Allow",
148+
"Condition": {
149+
"StringEquals": {
150+
"aws:ResourceTag/AmazonECSManaged": "true"
151+
}
152+
},
153+
"Sid": "CertificateOperations"
154+
},
155+
{
156+
"Action": [
157+
"application-autoscaling:RegisterScalableTarget",
158+
"application-autoscaling:TagResource",
159+
"application-autoscaling:DeregisterScalableTarget"
160+
],
161+
"Resource": [
162+
"arn:aws:application-autoscaling:*:*:scalable-target/*"
163+
],
164+
"Effect": "Allow",
165+
"Condition": {
166+
"StringEquals": {
167+
"aws:ResourceTag/AmazonECSManaged": "true"
168+
}
169+
},
170+
"Sid": "ApplicationAutoscalingCreateOperations"
171+
},
172+
{
173+
"Action": [
174+
"application-autoscaling:PutScalingPolicy",
175+
"application-autoscaling:DeleteScalingPolicy"
176+
],
177+
"Resource": [
178+
"arn:aws:application-autoscaling:*:*:scalable-target/*"
179+
],
180+
"Effect": "Allow",
181+
"Condition": {
182+
"StringEquals": {
183+
"application-autoscaling:service-namespace": "ecs"
184+
}
185+
},
186+
"Sid": "ApplicationAutoscalingPolicyOperations"
187+
},
188+
{
189+
"Action": [
190+
"application-autoscaling:DescribeScalableTargets",
191+
"application-autoscaling:DescribeScalingPolicies",
192+
"application-autoscaling:DescribeScalingActivities"
193+
],
194+
"Resource": [
195+
"arn:aws:application-autoscaling:*:*:scalable-target/*"
196+
],
197+
"Effect": "Allow",
198+
"Sid": "ApplicationAutoscalingReadOperations"
199+
},
200+
{
201+
"Action": [
202+
"cloudwatch:PutMetricAlarm",
203+
"cloudwatch:TagResource"
204+
],
205+
"Resource": [
206+
"arn:aws:cloudwatch:*:*:alarm:*"
207+
],
208+
"Effect": "Allow",
209+
"Condition": {
210+
"StringEquals": {
211+
"aws:RequestTag/AmazonECSManaged": "true"
212+
}
213+
},
214+
"Sid": "CloudWatchAlarmCreateOperations"
215+
},
216+
{
217+
"Action": [
218+
"cloudwatch:DeleteAlarms",
219+
"cloudwatch:DescribeAlarms"
220+
],
221+
"Resource": [
222+
"arn:aws:cloudwatch:*:*:alarm:*"
223+
],
224+
"Effect": "Allow",
225+
"Condition": {
226+
"StringEquals": {
227+
"aws:ResourceTag/AmazonECSManaged": "true"
228+
}
229+
},
230+
"Sid": "CloudWatchAlarmOperations"
231+
},
232+
{
233+
"Action": [
234+
"elasticloadbalancing:DescribeLoadBalancers",
235+
"elasticloadbalancing:DescribeTargetGroups",
236+
"elasticloadbalancing:DescribeListeners",
237+
"elasticloadbalancing:DescribeRules"
238+
],
239+
"Resource": "*",
240+
"Effect": "Allow",
241+
"Sid": "ELBReadOperations"
242+
},
243+
{
244+
"Action": [
245+
"ec2:DescribeSecurityGroups",
246+
"ec2:DescribeSubnets",
247+
"ec2:DescribeRouteTables",
248+
"ec2:DescribeVpcs"
249+
],
250+
"Resource": "*",
251+
"Effect": "Allow",
252+
"Sid": "VPCReadOperations"
253+
},
254+
{
255+
"Action": [
256+
"logs:CreateLogGroup",
257+
"logs:TagResource"
258+
],
259+
"Resource": "arn:aws:logs:*:*:log-group:*",
260+
"Effect": "Allow",
261+
"Condition": {
262+
"StringEquals": {
263+
"aws:RequestTag/AmazonECSManaged": "true"
264+
}
265+
},
266+
"Sid": "CloudWatchLogsCreateOperations"
267+
},
268+
{
269+
"Action": [
270+
"logs:DescribeLogGroups"
271+
],
272+
"Resource": "*",
273+
"Effect": "Allow",
274+
"Sid": "CloudWatchLogsReadOperations"
275+
}
276+
]
277+
},
278+
"IsDefaultVersion": true
279+
}
280+
}

0 commit comments

Comments
 (0)