{ "Version": "2012-10-17", "Statement": [{ "Action": [ "acm:describecertificate", "acm:listcertificates", "apigateway:get", "autoscaling:describe*", "cloudformation:describestack*", "cloudformation:getstackpolicy", "cloudformation:gettemplate", "cloudformation:liststack*", "cloudfront:get*", "cloudfront:list*", "cloudtrail:describetrails", "cloudtrail:geteventselectors", "cloudtrail:gettrailstatus", "cloudtrail:listtags", "cloudwatch:describe*", "codecommit:batchgetrepositories", "codecommit:getbranch", "codecommit:getobjectidentifier", "codecommit:getrepository", "codecommit:list*", "codedeploy:batch*", "codedeploy:get*", "codedeploy:list*", "config:deliver*", "config:describe*", "config:get*", "datapipeline:describeobjects", "datapipeline:describepipelines", "datapipeline:evaluateexpression", "datapipeline:getpipelinedefinition", "datapipeline:listpipelines", "datapipeline:queryobjects", "datapipeline:validatepipelinedefinition", "directconnect:describe*", "dynamodb:listtables", "ec2:describe*", "ecr:describe*", "ecs:describe*", "ecs:list*", "elasticache:describe*", "elasticbeanstalk:describe*", "elasticloadbalancing:describe*", "elasticmapreduce:describejobflows", "elasticmapreduce:listclusters", "es:describeelasticsearchdomainconfig", "es:listdomainnames", "firehose:describe*", "firehose:list*", "glacier:listvaults", "guardduty:listdetectors", "iam:generatecredentialreport", "iam:get*", "iam:list*", "kms:describe*", "kms:get*", "kms:list*", "lambda:getpolicy", "lambda:listfunctions", "logs:DescribeLogGroups", "logs:DescribeMetricFilters", "rds:describe*", "rds:downloaddblogfileportion", "rds:listtagsforresource", "redshift:describe*", "route53:getchange", "route53:getcheckeripranges", "route53:getgeolocation", "route53:gethealthcheck", "route53:gethealthcheckcount", "route53:gethealthchecklastfailurereason", "route53:gethostedzone", "route53:gethostedzonecount", "route53:getreusabledelegationset", "route53:listgeolocations", "route53:listhealthchecks", "route53:listhostedzones", "route53:listhostedzonesbyname", "route53:listqueryloggingconfigs", "route53:listresourcerecordsets", "route53:listreusabledelegationsets", "route53:listtagsforresource", "route53:listtagsforresources", "route53domains:getdomaindetail", "route53domains:getoperationdetail", "route53domains:listdomains", "route53domains:listoperations", "route53domains:listtagsfordomain", "s3:getbucket*", "s3:getlifecycleconfiguration", "s3:getobjectacl", "s3:getobjectversionacl", "s3:listallmybuckets", "sdb:domainmetadata", "sdb:listdomains", "ses:getidentitydkimattributes", "ses:getidentityverificationattributes", "ses:listidentities", "ses:listverifiedemailaddresses", "ses:sendemail", "sns:gettopicattributes", "sns:listsubscriptionsbytopic", "sns:listtopics", "sqs:getqueueattributes", "sqs:listqueues", "support:describetrustedadvisorchecks", "tag:getresources", "tag:gettagkeys" ], "Effect": "Allow", "Resource": "*" }] }