mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
1ca0c0e7f7
Due to IAM limits allowing at most 10 policies per group, need to reduce the number of total policies in use.
68 lines
2.3 KiB
JSON
68 lines
2.3 KiB
JSON
{
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Sid": "AllowRDSModuleTests",
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"rds:DescribeDBInstances",
|
|
"rds:CreateDBInstance",
|
|
"rds:ModifyDBInstance",
|
|
"rds:ListTagsForResource",
|
|
"rds:DeleteDBInstance"
|
|
],
|
|
"Resource": [
|
|
"arn:aws:rds:{{aws_region}}:{{aws_account}}:db:ansible-testing*"
|
|
]
|
|
},
|
|
{
|
|
"Sid": "AllowRDSInstanceManageOwnInstance",
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"rds:CreateDBInstance",
|
|
"rds:ModifyDBInstance",
|
|
"rds:ListTagsForResource",
|
|
"rds:DescribeDBInstances"
|
|
],
|
|
"Resource": [
|
|
"arn:aws:rds:{{aws_region}}:{{aws_account}}:db:rds-*"
|
|
]
|
|
},
|
|
{
|
|
"Sid": "AllowRDSSnapshotManageSnapshots",
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"rds:DescribeDBSnapshots",
|
|
"rds:DescribeDBInstances",
|
|
"rds:DescribeDBSnapshots",
|
|
"rds:DeleteDBInstance",
|
|
"rds:CreateDBSnapshot",
|
|
"rds:DeleteDBSnapshot",
|
|
"rds:RestoreDBInstanceFromDBSnapshot",
|
|
"rds:CreateDBInstanceReadReplica"
|
|
],
|
|
"Resource": [
|
|
"arn:aws:rds:{{aws_region}}:{{aws_account}}:snapshot:snapshot-*",
|
|
"arn:aws:rds:{{aws_region}}:{{aws_account}}:snapshot:rds-*",
|
|
"arn:aws:rds:{{aws_region}}:{{aws_account}}:db:rds-*"
|
|
]
|
|
},
|
|
{
|
|
"Sid": "AllowRDSParameterGroupManagement",
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"rds:DescribeDBParameterGroups",
|
|
"rds:DescribeDBParameters",
|
|
"rds:CreateDBParameterGroup",
|
|
"rds:DeleteDBParameterGroup",
|
|
"rds:ModifyDBParameterGroup",
|
|
"rds:ListTagsForResource",
|
|
"rds:AddTagsToResource",
|
|
"rds:RemoveTagsFromResource"
|
|
],
|
|
"Resource": [
|
|
"arn:aws:rds:{{aws_region}}:{{aws_account}}:pg:*"
|
|
]
|
|
}
|
|
]
|
|
}
|