wwwy3y3 · July 23, 2020 04:45
diff --git a/permission.json b/permission.json
 {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "CreateResource",
            "Effect": "Allow",
            "Action": [
                "rds:CreateDBSubnetGroup",
                "rds:CreateDBInstance",
                "rds:DescribeDBInstances",
                "rds:ListTagsForResource",
                "rds:ModifyDBInstance",
                "rds:DescribeDBSubnetGroups",
                "s3:GetBucketWebsite",
                "s3:GetReplicationConfiguration",
                "s3:GetLifecycleConfiguration",
                "s3:GetBucketTagging",
                "s3:ListBucket",
                "s3:PutBucketTagging",
                "s3:GetBucketVersioning",
                "s3:GetBucketCORS",
                "s3:CreateBucket",
                "s3:GetBucketObjectLockConfiguration",
                "s3:PutBucketCORS",
                "s3:GetBucketLogging",
                "s3:GetAccelerateConfiguration",
                "s3:GetEncryptionConfiguration",
                "s3:GetBucketRequestPayment",
                "s3:GetBucketLocation",
                "route53:ListHostedZones",
                "route53:ListTagsForResource",
                "route53:GetHostedZone",
                "route53:ListResourceRecordSets",
                "route53:CreateHostedZone",
                "route53:ChangeResourceRecordSets",
                "route53:GetChange",
                "iam:PutRolePolicy",
                "iam:GetRolePolicy",
                "iam:AddRoleToInstanceProfile",
                "iam:CreateInstanceProfile",
                "iam:GetRole",
                "iam:TagRole",
                "iam:PassRole",
                "iam:CreatePolicy",
                "iam:GetPolicy",
                "iam:CreateServiceLinkedRole",
                "iam:UpdateAssumeRolePolicy",
                "iam:GetPolicyVersion",
                "iam:CreateRole",
                "iam:AttachRolePolicy",
                "iam:ListAttachedRolePolicies",
                "iam:GetInstanceProfile",
                "ec2:AuthorizeSecurityGroupIngress",
                "ec2:AttachInternetGateway",
                "ec2:CreateRoute",
                "ec2:CreateInternetGateway",
                "ec2:RevokeSecurityGroupEgress",
                "ec2:DescribeVpcClassicLinkDnsSupport",
                "ec2:CreateTags",
                "ec2:RevokeSecurityGroupIngress",
                "ec2:CreateSubnet",
                "ec2:DescribeSubnets",
                "ec2:CreateVpc",
                "ec2:DescribeVpcAttribute",
                "ec2:ModifySubnetAttribute",
                "ec2:DescribeAvailabilityZones",
                "ec2:DeleteLaunchTemplateVersions",
                "ec2:DeleteLaunchTemplate",
                "ec2:DescribeSecurityGroups",
                "ec2:CreateLaunchTemplate",
                "ec2:DescribeVpcs",
                "ec2:AcceptVpcPeeringConnection",
                "ec2:AssociateVpcCidrBlock",
                "ec2:AssociateRouteTable",
                "ec2:DescribeInternetGateways",
                "ec2:GetLaunchTemplateData",
                "ec2:ModifyVpcPeeringConnectionOptions",
                "ec2:CreateVpcPeeringConnection",
                "ec2:DescribeNetworkAcls",
                "ec2:DescribeRouteTables",
                "ec2:EnableVpcClassicLink",
                "ec2:DescribeLaunchTemplates",
                "ec2:DescribeVpcPeeringConnections",
                "ec2:CreateRouteTable",
                "ec2:DescribeVpcClassicLink",
                "ec2:DeleteTags",
                "ec2:CreateSecurityGroup",
                "ec2:ModifyVpcAttribute",
                "ec2:AuthorizeSecurityGroupEgress",
                "ec2:DescribeTags",
                "ec2:DeleteRoute",
                "ec2:DescribeLaunchTemplateVersions",
                "ec2:CreateLaunchTemplateVersion",
                "ec2:DescribeImages",
                "ec2:ModifyLaunchTemplate",
                "ec2:EnableVpcClassicLinkDnsSupport",
                "ec2:RunInstances",
                "ec2:DescribeAccountAttributes",
                "ec2:DescribeInstances",
                "secretsManager:GetRandomPassword",
                "secretsManager:TagResource",
                "secretsManager:CreateSecret",
                "secretsManager:UpdateSecret",
                "secretsmanager:PutSecretValue",
                "secretsmanager:GetSecretValue",
                "acm:AddTagsToCertificate",
                "acm:RequestCertificate",
                "acm:ListTagsForCertificate",
                "acm:DescribeCertificate",
                "autoscaling:CreateLaunchConfiguration",
                "autoscaling:DescribeAutoScalingGroups",
                "autoscaling:UpdateAutoScalingGroup",
                "autoscaling:DescribeTags",
                "autoscaling:CreateOrUpdateTags",
                "autoscaling:CreateAutoScalingGroup",
                "autoscaling:DescribeLaunchConfigurations",
                "autoscaling:DescribeScalingActivities",
                "autoscaling:DescribeScheduledActions",
                "autoscaling:ResumeProcesses",
                "autoscaling:SuspendProcesses",
                "elasticloadbalancing:CreateLoadBalancer",
                "elasticloadbalancing:DescribeLoadBalancers",
                "eks:CreateCluster",
                "eks:DescribeCluster"
            ],
            "Resource": "*"
        },
        {
            "Sid": "CloudFormationLookUp",
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeVpcs",
                "ec2:DescribeSubnets",
                "ec2:DescribeRouteTables",
                "ec2:DescribeVpnGateways"
            ],
            "Resource": "*"
        },
        {
            "Sid": "TaggingResource",
            "Effect": "Allow",
            "Action": "ec2:CreateTags",
            "Resource": [
                "arn:aws:ec2:*:*:subnet/*",
                "arn:aws:ec2:*:*:vpc/*"
            ]
        },
        {
            "Sid": "CloudFormation",
            "Effect": "Allow",
            "Action": [
                "cloudformation:DescribeStacks",
                "cloudformation:CreateChangeSet",
                "cloudformation:DescribeChangeSet",
                "cloudformation:DescribeStackEvents",
                "cloudformation:GetTemplate",
                "cloudformation:ExecuteChangeSet",
 		"cloudformation:DeleteStack",
 		"cloudformation:DeleteChangeSet",
                "ssm:GetParameters"
            ],
            "Resource": "*"
        },
 	{
 	    "Sid": "DeleteResource",
 	    "Effect": "Allow",
 	    "Action": [
 			"route53:DeleteHostedZone",
 			"iam:DeleteInstanceProfile",
 			"iam:DeleteRole",
 			"iam:DeletePolicy",
 			"iam:DeleteRolePolicy",
 			"iam:DeleteServiceLinkedRole",
 			"iam:RemoveRoleFromInstanceProfile",
 			"iam:DetachRolePolicy",
 			"secretsManager:DeleteSecret",
 			"autoscaling:DeleteLaunchConfiguration",
 			"autoscaling:DeleteTags",
 			"autoscaling:DeleteAutoScalingGroup",
 			"eks:DeleteCluster",
 			"ec2:DeleteSecurityGroup",
 			"rds:DeleteDBSubnetGroup",
 			"elasticloadbalancing:DeleteLoadBalancer"
 		],
 		"Resource": "*"
 	}
    ]
 }
	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "CreateResource",
	"Effect": "Allow",
	"Action": [
	"rds:CreateDBSubnetGroup",
	"rds:CreateDBInstance",
	"rds:DescribeDBInstances",
	"rds:ListTagsForResource",
	"rds:ModifyDBInstance",
	"rds:DescribeDBSubnetGroups",
	"s3:GetBucketWebsite",
	"s3:GetReplicationConfiguration",
	"s3:GetLifecycleConfiguration",
	"s3:GetBucketTagging",
	"s3:ListBucket",
	"s3:PutBucketTagging",
	"s3:GetBucketVersioning",
	"s3:GetBucketCORS",
	"s3:CreateBucket",
	"s3:GetBucketObjectLockConfiguration",
	"s3:PutBucketCORS",
	"s3:GetBucketLogging",
	"s3:GetAccelerateConfiguration",
	"s3:GetEncryptionConfiguration",
	"s3:GetBucketRequestPayment",
	"s3:GetBucketLocation",
	"route53:ListHostedZones",
	"route53:ListTagsForResource",
	"route53:GetHostedZone",
	"route53:ListResourceRecordSets",
	"route53:CreateHostedZone",
	"route53:ChangeResourceRecordSets",
	"route53:GetChange",
	"iam:PutRolePolicy",
	"iam:GetRolePolicy",
	"iam:AddRoleToInstanceProfile",
	"iam:CreateInstanceProfile",
	"iam:GetRole",
	"iam:TagRole",
	"iam:PassRole",
	"iam:CreatePolicy",
	"iam:GetPolicy",
	"iam:CreateServiceLinkedRole",
	"iam:UpdateAssumeRolePolicy",
	"iam:GetPolicyVersion",
	"iam:CreateRole",
	"iam:AttachRolePolicy",
	"iam:ListAttachedRolePolicies",
	"iam:GetInstanceProfile",
	"ec2:AuthorizeSecurityGroupIngress",
	"ec2:AttachInternetGateway",
	"ec2:CreateRoute",
	"ec2:CreateInternetGateway",
	"ec2:RevokeSecurityGroupEgress",
	"ec2:DescribeVpcClassicLinkDnsSupport",
	"ec2:CreateTags",
	"ec2:RevokeSecurityGroupIngress",
	"ec2:CreateSubnet",
	"ec2:DescribeSubnets",
	"ec2:CreateVpc",
	"ec2:DescribeVpcAttribute",
	"ec2:ModifySubnetAttribute",
	"ec2:DescribeAvailabilityZones",
	"ec2:DeleteLaunchTemplateVersions",
	"ec2:DeleteLaunchTemplate",
	"ec2:DescribeSecurityGroups",
	"ec2:CreateLaunchTemplate",
	"ec2:DescribeVpcs",
	"ec2:AcceptVpcPeeringConnection",
	"ec2:AssociateVpcCidrBlock",
	"ec2:AssociateRouteTable",
	"ec2:DescribeInternetGateways",
	"ec2:GetLaunchTemplateData",
	"ec2:ModifyVpcPeeringConnectionOptions",
	"ec2:CreateVpcPeeringConnection",
	"ec2:DescribeNetworkAcls",
	"ec2:DescribeRouteTables",
	"ec2:EnableVpcClassicLink",
	"ec2:DescribeLaunchTemplates",
	"ec2:DescribeVpcPeeringConnections",
	"ec2:CreateRouteTable",
	"ec2:DescribeVpcClassicLink",
	"ec2:DeleteTags",
	"ec2:CreateSecurityGroup",
	"ec2:ModifyVpcAttribute",
	"ec2:AuthorizeSecurityGroupEgress",
	"ec2:DescribeTags",
	"ec2:DeleteRoute",
	"ec2:DescribeLaunchTemplateVersions",
	"ec2:CreateLaunchTemplateVersion",
	"ec2:DescribeImages",
	"ec2:ModifyLaunchTemplate",
	"ec2:EnableVpcClassicLinkDnsSupport",
	"ec2:RunInstances",
	"ec2:DescribeAccountAttributes",
	"ec2:DescribeInstances",
	"secretsManager:GetRandomPassword",
	"secretsManager:TagResource",
	"secretsManager:CreateSecret",
	"secretsManager:UpdateSecret",
	"secretsmanager:PutSecretValue",
	"secretsmanager:GetSecretValue",
	"acm:AddTagsToCertificate",
	"acm:RequestCertificate",
	"acm:ListTagsForCertificate",
	"acm:DescribeCertificate",
	"autoscaling:CreateLaunchConfiguration",
	"autoscaling:DescribeAutoScalingGroups",
	"autoscaling:UpdateAutoScalingGroup",
	"autoscaling:DescribeTags",
	"autoscaling:CreateOrUpdateTags",
	"autoscaling:CreateAutoScalingGroup",
	"autoscaling:DescribeLaunchConfigurations",
	"autoscaling:DescribeScalingActivities",
	"autoscaling:DescribeScheduledActions",
	"autoscaling:ResumeProcesses",
	"autoscaling:SuspendProcesses",
	"elasticloadbalancing:CreateLoadBalancer",
	"elasticloadbalancing:DescribeLoadBalancers",
	"eks:CreateCluster",
	"eks:DescribeCluster"
	],
	"Resource": "*"
	},
	{
	"Sid": "CloudFormationLookUp",
	"Effect": "Allow",
	"Action": [
	"ec2:DescribeVpcs",
	"ec2:DescribeSubnets",
	"ec2:DescribeRouteTables",
	"ec2:DescribeVpnGateways"
	],
	"Resource": "*"
	},
	{
	"Sid": "TaggingResource",
	"Effect": "Allow",
	"Action": "ec2:CreateTags",
	"Resource": [
	"arn:aws:ec2:::subnet/*",
	"arn:aws:ec2:::vpc/*"
	]
	},
	{
	"Sid": "CloudFormation",
	"Effect": "Allow",
	"Action": [
	"cloudformation:DescribeStacks",
	"cloudformation:CreateChangeSet",
	"cloudformation:DescribeChangeSet",
	"cloudformation:DescribeStackEvents",
	"cloudformation:GetTemplate",
	"cloudformation:ExecuteChangeSet",
	"cloudformation:DeleteStack",
	"cloudformation:DeleteChangeSet",
	"ssm:GetParameters"
	],
	"Resource": "*"
	},
	{
	"Sid": "DeleteResource",
	"Effect": "Allow",
	"Action": [
	"route53:DeleteHostedZone",
	"iam:DeleteInstanceProfile",
	"iam:DeleteRole",
	"iam:DeletePolicy",
	"iam:DeleteRolePolicy",
	"iam:DeleteServiceLinkedRole",
	"iam:RemoveRoleFromInstanceProfile",
	"iam:DetachRolePolicy",
	"secretsManager:DeleteSecret",
	"autoscaling:DeleteLaunchConfiguration",
	"autoscaling:DeleteTags",
	"autoscaling:DeleteAutoScalingGroup",
	"eks:DeleteCluster",
	"ec2:DeleteSecurityGroup",
	"rds:DeleteDBSubnetGroup",
	"elasticloadbalancing:DeleteLoadBalancer"
	],
	"Resource": "*"
	}
	]
	}
No results found