mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
55 lines
1.7 KiB
JSON
55 lines
1.7 KiB
JSON
|
{
|
||
|
"Version": "2012-10-17",
|
||
|
"Statement": [
|
||
|
{
|
||
|
"Sid": "AllowAccessToUnspecifiedKMSResources",
|
||
|
"Effect": "Allow",
|
||
|
"Action": [
|
||
|
"iam:ListRoles",
|
||
|
"kms:CancelKeyDeletion",
|
||
|
"kms:CreateAlias",
|
||
|
"kms:CreateGrant",
|
||
|
"kms:CreateKey",
|
||
|
"kms:DeleteAlias",
|
||
|
"kms:Describe*",
|
||
|
"kms:DisableKey",
|
||
|
"kms:EnableKey",
|
||
|
"kms:GenerateRandom",
|
||
|
"kms:Get*",
|
||
|
"kms:List*",
|
||
|
"kms:RetireGrant",
|
||
|
"kms:ScheduleKeyDeletion",
|
||
|
"kms:TagResource",
|
||
|
"kms:UntagResource",
|
||
|
"kms:UpdateGrant",
|
||
|
"kms:UpdateKeyDescription"
|
||
|
],
|
||
|
"Resource": "*"
|
||
|
},
|
||
|
{
|
||
|
"Sid": "AllowAccessToSpecifiedIAMResources",
|
||
|
"Effect": "Allow",
|
||
|
"Action": [
|
||
|
"iam:CreateRole",
|
||
|
"iam:DeleteRole",
|
||
|
"iam:GetRole",
|
||
|
"iam:ListAttachedRolePolicies",
|
||
|
"iam:ListInstanceProfilesForRole",
|
||
|
"iam:PassRole",
|
||
|
"iam:UpdateAssumeRolePolicy"
|
||
|
],
|
||
|
"Resource": "arn:aws:iam::{{aws_account}}:role/ansible-test-*"
|
||
|
},
|
||
|
{
|
||
|
"Sid": "AllowInstanceProfileCreation",
|
||
|
"Effect": "Allow",
|
||
|
"Action": [
|
||
|
"iam:AddRoleToInstanceProfile",
|
||
|
"iam:CreateInstanceProfile",
|
||
|
"iam:RemoveRoleFromInstanceProfile"
|
||
|
],
|
||
|
"Resource": "arn:aws:iam::{{aws_account}}:instance-profile/ansible-test-*"
|
||
|
}
|
||
|
]
|
||
|
}
|