mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
0ed1c3ba9c
* Split up testing IAM policies and automate creating them Move to managed policies to avoid the 5KB limit on policies for an IAM entity. The policy file is templated, so need to make sure that there is an easy mechanism to populate the templates and push the new policies. * Update IAM policies for ec2_scaling_policy tests * Fix RouteTable policies DescribeRouteTable should be plural ModifyRouteTable does not exist, but ReplaceRouteTableAssociation does. * Some IAM policies do not allow specified Resources Various IAM policies do not allow Resources to be specified and should just use `*`. This differs per service * [Autoscaling](http://docs.aws.amazon.com/autoscaling/latest/userguide/control-access-using-iam.html#policy-auto-scaling-resources) * [EC2](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/ec2-api-permissions.html#ec2-api-unsupported-resource-permissions) * [ECR](http://docs.aws.amazon.com/AmazonECR/latest/userguide/ecr-supported-iam-actions-resources.html) * [ELB](http://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/load-balancer-authentication-access-control.html) * Finish fixing AWS IAM resource specifications for testing Update Lambda and RDS policies
31 lines
1.7 KiB
JSON
31 lines
1.7 KiB
JSON
{# According to http://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/load-balancer-authentication-access-control.html #}
|
|
{# Resource level access control is not possible for the new ELB API (providing Application Load Balancer functionality #}
|
|
{# While it remains possible for the old API, there is no distinction of the Actions between old API and new API #}
|
|
{
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Sid": "AllowLoadBalancerOperations",
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"elasticloadbalancing:ConfigureHealthCheck",
|
|
"elasticloadbalancing:CreateLoadBalancer",
|
|
"elasticloadbalancing:CreateLoadBalancerListeners",
|
|
"elasticloadbalancing:DeleteLoadBalancer",
|
|
"elasticloadbalancing:DeleteLoadBalancerListeners",
|
|
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
|
|
"elasticloadbalancing:DescribeInstanceHealth",
|
|
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
|
"elasticloadbalancing:DescribeLoadBalancerPolicies",
|
|
"elasticloadbalancing:DescribeLoadBalancerPolicyTypes",
|
|
"elasticloadbalancing:DescribeLoadBalancerTags",
|
|
"elasticloadbalancing:DescribeLoadBalancers",
|
|
"elasticloadbalancing:DisableAvailabilityZonesForLoadBalancer",
|
|
"elasticloadbalancing:EnableAvailabilityZonesForLoadBalancer",
|
|
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
|
"elasticloadbalancing:RegisterInstancesWithLoadBalancer"
|
|
],
|
|
"Resource": "*"
|
|
}
|
|
]
|
|
}
|