{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "acm:DescribeCertificate", "acm:ListCertificates", "cloudformation:DescribeStacks", "cloudformation:GetStackPolicy", "cloudformation:GetTemplate", "cloudformation:ListStacks", "cloudtrail:DescribeTrails", "cloudtrail:GetEventSelectors", "cloudtrail:GetTrailStatus", "cloudwatch:DescribeAlarms", "cognito-identity:DescribeIdentityPool", "cognito-identity:ListIdentityPools", "cognito-idp:DescribeUserPool", "cognito-idp:ListUserPools", "config:DescribeConfigRules", "config:DescribeConfigurationRecorderStatus", "config:DescribeConfigurationRecorders", "directconnect:DescribeConnections", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeTable", "dynamodb:ListBackups", "dynamodb:ListTables", "dynamodb:ListTagsOfResource", "ec2:DescribeCustomerGateways", "ec2:DescribeFlowLogs", "ec2:DescribeImages", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstances", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSnapshotAttribute", "ec2:DescribeSnapshots", "ec2:DescribeSubnets", "ec2:DescribeVolumes", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ecr:DescribeImages", "ecr:DescribeRepositories", "ecr:GetLifecyclePolicy", "ecr:GetRepositoryPolicy", "ecr:ListImages", "ecs:DescribeClusters", "ecs:ListAccountSettings", "ecs:ListClusters", "eks:DescribeCluster", "eks:ListClusters", "elasticache:DescribeCacheClusters", "elasticache:DescribeCacheParameterGroups", "elasticache:DescribeCacheSecurityGroups", "elasticache:DescribeCacheSubnetGroups", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargetSecurityGroups", "elasticfilesystem:DescribeMountTargets", "elasticfilesystem:DescribeTags", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeListeners", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeLoadBalancerPolicies", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeSSLPolicies", "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTags", "elasticmapreduce:DescribeCluster", "elasticmapreduce:ListClusters", "guardduty:GetDetector", "guardduty:ListDetectors", "iam:GenerateCredentialReport", "iam:GetAccountPasswordPolicy", "iam:GetCredentialReport", "iam:GetGroup", "iam:GetGroupPolicy", "iam:GetLoginProfile", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole", "iam:GetRolePolicy", "iam:GetUserPolicy", "iam:ListAccessKeys", "iam:ListAttachedRolePolicies", "iam:ListEntitiesForPolicy", "iam:ListGroupPolicies", "iam:ListGroups", "iam:ListGroupsForUser", "iam:ListInstanceProfilesForRole", "iam:ListMFADevices", "iam:ListPolicies", "iam:ListRolePolicies", "iam:ListRoleTags", "iam:ListRoles", "iam:ListUserPolicies", "iam:ListUserTags", "iam:ListUsers", "iam:ListVirtualMFADevices", "kms:DescribeKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:ListAliases", "kms:ListGrants", "kms:ListKeys", "lambda:GetFunctionConfiguration", "lambda:GetPolicy", "lambda:ListFunctions", "logs:DescribeMetricFilters", "rds:DescribeDBClusterSnapshotAttributes", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBClusters", "rds:DescribeDBInstances", "rds:DescribeDBParameterGroups", "rds:DescribeDBParameters", "rds:DescribeDBSecurityGroups", "rds:DescribeDBSnapshotAttributes", "rds:DescribeDBSnapshots", "rds:DescribeDBSubnetGroups", "rds:ListTagsForResource", "redshift:DescribeClusterParameterGroups", "redshift:DescribeClusterParameters", "redshift:DescribeClusterSecurityGroups", "redshift:DescribeClusters", "route53:ListHostedZones", "route53:ListResourceRecordSets", "route53domains:ListDomains", "s3:GetBucketAcl", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketPolicy", "s3:GetBucketTagging", "s3:GetBucketVersioning", "s3:GetBucketWebsite", "s3:GetEncryptionConfiguration", "s3:ListAllMyBuckets", "secretsmanager:ListSecrets", "secretsmanager:DescribeSecret", "ses:GetIdentityDkimAttributes", "ses:GetIdentityPolicies", "ses:ListIdentities", "ses:ListIdentityPolicies", "ssm:DescribeParameters", "ssm:GetParameters", "sns:GetTopicAttributes", "sns:ListSubscriptions", "sns:ListTopics", "sqs:GetQueueAttributes", "sqs:ListQueues" ], "Resource": "*" } ] }