{ "Version": "2012-10-17", "Statement": [ { "Action": [ "iam:GenerateCredentialReport", "iam:GetAccessKeyLastUsed", "iam:GetAccountAuthorizationDetails", "iam:GetAccountPasswordPolicy", "iam:GetAccountSummary", "iam:GetCredentialReport", "iam:GetLoginProfile", "iam:GetOpenIDConnectProvider", "iam:GetPolicyVersion", "iam:GetRole", "iam:GetRolePolicy", "iam:GetSAMLProvider", "iam:GetServerCertificate", "iam:GetUser", "iam:GetUserPolicy", "iam:ListAccessKeys", "iam:ListAccountAliases", "iam:ListAttachedGroupPolicies", "iam:ListAttachedRolePolicies", "iam:ListAttachedUserPolicies", "iam:ListEntitiesForPolicy", "iam:ListGroupPolicies", "iam:ListGroups", "iam:ListGroupsForUser", "iam:ListInstanceProfiles", "iam:ListMFADevices", "iam:ListOpenIDConnectProviders", "iam:ListPolicies", "iam:ListPolicyVersions", "iam:ListRolePolicies", "iam:ListRoleTags", "iam:ListRoles", "iam:ListSAMLProviders", "iam:ListServerCertificates", "iam:ListSigningCertificates", "iam:ListUserPolicies", "iam:ListUserTags", "iam:ListUsers", "iam:SimulatePrincipalPolicy", "inspector:ListFindings", "kafka:ListClusters", "kafka:ListClustersV2", "kendra:DescribeIndex", "kendra:ListIndices", "kinesis:DescribeStream", "kinesis:ListShards", "kinesis:ListStreams", "kinesis:ListTagsForStream", "kinesisanalytics:DescribeApplication", "kinesisanalytics:ListApplications", "kms:DescribeKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:ListAliases", "kms:ListKeys", "lambda:GetAccountSettings", "lambda:GetFunction", "lambda:GetLayerVersionPolicy", "lambda:GetPolicy", "lambda:ListFunctions", "lambda:ListLayers", "lambda:ListTags", "logs:DescribeDestinations", "logs:DescribeLogGroups", "logs:DescribeMetricFilters", "memorydb:DescribeClusters", "memorydb:DescribeSubnetGroups", "memorydb:ListTags", "mq:DescribeBroker", "mq:ListBrokers", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:DescribePolicy", "organizations:ListAccounts", "organizations:ListAccountsForParent", "organizations:ListOrganizationalUnitsForParent", "organizations:ListPolicies", "organizations:ListRoots", "organizations:ListTagsForResource", "organizations:ListTargetsForPolicy", "outposts:ListOutposts", "quicksight:DescribeAccountSettings", "quicksight:DescribeAccountSubscription", "quicksight:DescribeIpRestriction", "quicksight:ListUsers", "rbin:GetRule", "rbin:ListRules", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBEngineVersions", "rds:DescribeDBInstances", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSnapshots", "rds:DescribeDbProxies", "rds:DescribeEventSubscriptions", "rds:DescribeGlobalClusters", "rds:DescribeOptionGroups", "rds:DescribePendingMaintenanceActions", "rds:DescribeReservedDBInstances", "redshift:DescribeClusterParameterGroups", "redshift:DescribeClusterParameters", "redshift:DescribeClusterSnapshots", "redshift:DescribeClusterSubnetGroups", "redshift:DescribeClusters", "redshift:DescribeLoggingStatus", "route53:GetHostedZone", "route53:ListHealthChecks", "route53:ListHostedZones", "route53:ListHostedZonesByName", "route53:ListHostedZonesByVpc", "route53:ListResourceRecordSets", "route53:ListVPCAssociationAuthorizations", "route53resolver:ListResolverQueryLogConfigAssociations", "route53resolver:ListResolverQueryLogConfigs", "s3:GetAccessPointPolicy", "s3:GetAccessPointPolicyStatus", "s3:GetAccountPublicAccessBlock", "s3:GetBucketAcl", "s3:GetBucketCORS", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketNotification", "s3:GetBucketObjectLockConfiguration", "s3:GetBucketOwnershipControls", "s3:GetBucketPolicy", "s3:GetBucketPolicyStatus", "s3:GetBucketPublicAccessBlock", "s3:GetBucketTagging", "s3:GetBucketVersioning", "s3:GetBucketWebsite", "s3:GetEncryptionConfiguration", "s3:GetLifecycleConfiguration", "s3:GetReplicationConfiguration", "s3:ListAccessPoints", "s3:ListAllMyBuckets", "sagemaker:DescribeNotebookInstance", "sagemaker:ListNotebookInstances", "secretsmanager:DescribeSecret", "secretsmanager:GetResourcePolicy", "secretsmanager:ListSecrets", "serverlessrepo:GetApplication", "serverlessrepo:GetApplicationPolicy", "serverlessrepo:ListApplications", "ses:DescribeConfigurationSet", "ses:DescribeReceiptRuleSet", "ses:GetIdentityDkimAttributes", "ses:GetIdentityMailFromDomainAttributes", "ses:GetIdentityNotificationAttributes", "ses:GetIdentityVerificationAttributes", "ses:ListConfigurationSets", "ses:ListIdentities", "ses:ListIdentityPolicies", "ses:ListReceiptRuleSets", "sns:GetSubscriptionAttributes", "sns:GetTopicAttributes", "sns:ListSubscriptions", "sns:ListTopics", "sqs:GetQueueAttributes", "sqs:ListQueueTags", "sqs:ListQueues", "ssm:DescribeDocument", "ssm:DescribeDocumentPermission", "ssm:DescribeInstanceInformation", "ssm:DescribeParameters", "ssm:GetDocument", "ssm:GetServiceSetting", "ssm:ListDocumentVersions", "ssm:ListDocuments", "states:DescribeStateMachine", "states:ListStateMachines", "storagegateway:DescribeGatewayInformation", "storagegateway:DescribeNFSFileShares", "storagegateway:DescribeSMBFileShares", "storagegateway:ListFileShares", "storagegateway:ListGateways", "sts:GetCallerIdentity", "support:*", "tag:GetResources", "transcribe:GetMedicalTranscriptionJob", "transcribe:GetTranscriptionJob", "transcribe:ListMedicalTranscriptionJobs", "transcribe:ListTranscriptionJobs", "transfer:DescribeServer", "transfer:DescribeUser", "transfer:ListServers", "transfer:ListUsers", "wafv2:GetWebACL", "wafv2:ListLoggingConfigurations", "wafv2:ListResourcesForWebACL", "wafv2:ListWebACLs", "workspaces:DescribeWorkspaceBundles", "workspaces:DescribeWorkspaceDirectories", "workspaces:DescribeWorkspaces", "workspaces:DescribeWorkspacesConnectionStatus" ], "Effect": "Allow", "Resource": "*" } ] }