{ "Version": "2012-10-17", "Statement": [ { "Action": [ "access-analyzer:ListAnalyzers", "access-analyzer:ListFindings", "account:GetAlternateContact", "acm-pca:GetPolicy", "acm-pca:ListCertificateAuthorities", "acm:DescribeCertificate", "acm:ListCertificates", "acm:ListTagsForCertificate", "airflow:GetEnvironment", "airflow:ListEnvironments", "aoss:BatchGetCollection", "aoss:GetSecurityPolicy", "aoss:ListCollections", "aoss:ListSecurityPolicies", "apigateway:GET", "apprunner:DescribeService", "apprunner:ListServices", "appstream:DescribeFleets", "appsync:GetApiCache", "appsync:ListDataSources", "appsync:ListGraphqlApis", "athena:GetWorkGroup", "athena:ListQueryExecutions", "athena:ListWorkGroups", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", "autoscaling:DescribeWarmPool", "backup-gateway:GetGateway", "backup-gateway:ListGateways", "backup:GetBackupVaultAccessPolicy", "backup:ListBackupVaults", "batch:DescribeComputeEnvironments", "bedrock:GetModelCustomizationJob", "bedrock:ListModelCustomizationJobs", "bedrock:GetModelInvocationLoggingConfiguration", "cassandra:Select", "cleanrooms:GetCollaboration", "cleanrooms:ListCollaborations", "cleanrooms:ListMembers", "cloudformation:DescribeStackResource", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks", "cloudformation:GetTemplate", "cloudformation:ListStackResources", "cloudformation:ListStacks", "cloudfront:GetDistribution", "cloudfront:ListDistributions", "cloudfront:ListTagsForResource", "cloudhsm:DescribeClusters", "cloudsearch:DescribeAvailabilityOptions", "cloudsearch:DescribeDomainEndpointOptions", "cloudsearch:DescribeDomains", "cloudsearch:DescribeServiceAccessPolicies", "cloudsearch:ListDomainNames", "cloudtrail:DescribeTrails", "cloudtrail:GetEventSelectors", "cloudtrail:GetInsightSelectors", "cloudtrail:GetTrailStatus", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "codebuild:BatchGetProjects", "codebuild:ListProjects", "codecommit:BatchGetRepositories", "codecommit:ListBranches", "codecommit:ListRepositories", "cognito-idp:DescribeUserPool", "cognito-idp:ListIdentityProviders", "cognito-idp:ListUserPools", "config:DescribeConfigurationRecorderStatus", "config:DescribeConfigurationRecorders", "config:DescribeDeliveryChannelStatus", "config:DescribeDeliveryChannels", "connect:DescribeInstanceStorageConfig", "connect:ListInstanceStorageConfigs", "connect:ListInstances", "controltower:GetEnabledControl", "controltower:ListEnabledControls", "controltower:GetLandingZone", "controltower:GetLandingZoneDriftStatus", "controltower:GetLandingZoneStatus", "controltower:ListLandingZones", "datasync:DescribeTask", "datasync:ListLocations", "datasync:ListTasks", "dax:DescribeClusters", "directconnect:DescribeConnections", "dms:DescribeEndpoints", "dms:DescribeReplicationInstances", "docdb-elastic:GetCluster", "docdb-elastic:ListClusters", "ds:DescribeDirectories", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeGlobalTable", "dynamodb:DescribeTable", "dynamodb:ListBackups", "dynamodb:ListGlobalTables", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeFlowLogs", "ec2:DescribeHosts", "ec2:DescribeImageAttribute", "ec2:DescribeImages", "ec2:DescribeImportImageTasks", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeKeyPairs", "ec2:DescribeLaunchTemplateVersions", "ec2:DescribeManagedPrefixLists", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfaces", "ec2:DescribePlacementGroups", "ec2:DescribeRegions", "ec2:DescribeReservedInstances", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroupRules", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshotAttribute", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeTrafficMirrorTargets", "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayRouteTables", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DescribeTransitGateways", "ec2:DescribeVolumeStatus", "ec2:DescribeVolumes", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcEndpointConnections", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeVpcEndpointServicePermissions", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:GetConsoleOutput", "ec2:GetEbsDefaultKmsKeyId", "ec2:GetEbsEncryptionByDefault", "ec2:GetManagedPrefixListEntries", "ec2:GetSerialConsoleAccessStatus", "ec2:SearchTransitGatewayRoutes", "ecr-public:DescribeImages", "ecr-public:DescribeRepositories", "ecr:DescribeImageReplicationStatus", "ecr:DescribeImageScanFindings", "ecr:DescribeImages", "ecr:DescribePullThroughCacheRules", "ecr:DescribeRegistry", "ecr:DescribeRepositories", "ecr:GetAuthorizationToken", "ecr:GetDownloadUrlForLayer", "ecr:GetLifecyclePolicy", "ecr:GetLifecyclePolicyPreview", "ecr:GetRegistryPolicy", "ecr:GetRegistryScanningConfiguration", "ecr:GetRepositoryPolicy", "ecr:ListImages", "ecr:ListTagsForResource", "ecs:DescribeCapacityProviders", "ecs:DescribeClusters", "ecs:DescribeContainerInstances", "ecs:DescribeServices", "ecs:DescribeTaskDefinition", "ecs:DescribeTasks", "ecs:ListClusters", "ecs:ListContainerInstances", "ecs:ListServices", "ecs:ListTaskDefinitions", "ecs:ListTasks", "eks:AccessKubernetesApi", "eks:DescribeCluster", "eks:DescribeNodeGroup", "eks:ListClusters", "eks:ListNodeGroups" ], "Effect": "Allow", "Resource": "*" } ] }