-
Notifications
You must be signed in to change notification settings - Fork 45
Expand file tree
/
Copy pathpdf2pdf-codebuild-policy.json
More file actions
101 lines (101 loc) · 3.88 KB
/
pdf2pdf-codebuild-policy.json
File metadata and controls
101 lines (101 loc) · 3.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "S3Access",
"Effect": "Allow",
"Action": "s3:*",
"Resource": ["arn:aws:s3:::cdk-*", "arn:aws:s3:::cdk-*/*", "arn:aws:s3:::pdfaccessibility*", "arn:aws:s3:::pdfaccessibility*/*"]
},
{
"Sid": "ECRAccess",
"Effect": "Allow",
"Action": "ecr:*",
"Resource": "arn:aws:ecr:*:*:repository/cdk-*"
},
{
"Sid": "ECRAuth",
"Effect": "Allow",
"Action": "ecr:GetAuthorizationToken",
"Resource": "*"
},
{
"Sid": "LambdaAccess",
"Effect": "Allow",
"Action": "lambda:*",
"Resource": "arn:aws:lambda:*:*:function:*"
},
{
"Sid": "ECSAccess",
"Effect": "Allow",
"Action": "ecs:*",
"Resource": "*"
},
{
"Sid": "EC2Access",
"Effect": "Allow",
"Action": "ec2:*",
"Resource": "*"
},
{
"Sid": "StepFunctionsAccess",
"Effect": "Allow",
"Action": "states:*",
"Resource": "arn:aws:states:*:*:stateMachine:*"
},
{
"Sid": "IAMRoleAccess",
"Effect": "Allow",
"Action": ["iam:CreateRole", "iam:DeleteRole", "iam:GetRole", "iam:PassRole", "iam:AttachRolePolicy", "iam:DetachRolePolicy", "iam:PutRolePolicy", "iam:GetRolePolicy", "iam:DeleteRolePolicy", "iam:TagRole", "iam:UntagRole", "iam:ListRolePolicies", "iam:ListAttachedRolePolicies", "iam:UpdateAssumeRolePolicy", "iam:ListRoleTags"],
"Resource": ["arn:aws:iam::*:role/PDFAccessibility*", "arn:aws:iam::*:role/cdk-*"]
},
{
"Sid": "IAMPolicyAccess",
"Effect": "Allow",
"Action": ["iam:CreatePolicy", "iam:DeletePolicy", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:CreatePolicyVersion", "iam:DeletePolicyVersion", "iam:ListPolicyVersions"],
"Resource": "arn:aws:iam::*:policy/*"
},
{
"Sid": "CloudFormationAccess",
"Effect": "Allow",
"Action": "cloudformation:*",
"Resource": ["arn:aws:cloudformation:*:*:stack/PDFAccessibility*/*", "arn:aws:cloudformation:*:*:stack/CDKToolkit/*"]
},
{
"Sid": "LogsAccess",
"Effect": "Allow",
"Action": "logs:*",
"Resource": ["arn:aws:logs:*:*:log-group:/aws/codebuild/*", "arn:aws:logs:*:*:log-group:/aws/lambda/*", "arn:aws:logs:*:*:log-group:/ecs/*", "arn:aws:logs:*:*:log-group:/aws/states/*"]
},
{
"Sid": "CloudWatchAccess",
"Effect": "Allow",
"Action": ["cloudwatch:PutMetricData", "cloudwatch:PutDashboard", "cloudwatch:DeleteDashboards", "cloudwatch:GetDashboard"],
"Resource": "*"
},
{
"Sid": "SecretsManagerAccess",
"Effect": "Allow",
"Action": ["secretsmanager:CreateSecret", "secretsmanager:UpdateSecret", "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret"],
"Resource": "arn:aws:secretsmanager:*:*:secret:/myapp/*"
},
{
"Sid": "STSAccess",
"Effect": "Allow",
"Action": ["sts:GetCallerIdentity", "sts:AssumeRole"],
"Resource": "*"
},
{
"Sid": "SSMAccess",
"Effect": "Allow",
"Action": ["ssm:GetParameter", "ssm:GetParameters", "ssm:PutParameter"],
"Resource": "arn:aws:ssm:*:*:parameter/cdk-bootstrap/*"
},
{
"Sid": "CodeConnectionsAccess",
"Effect": "Allow",
"Action": ["codeconnections:UseConnection", "codeconnections:GetConnection"],
"Resource": "arn:aws:codeconnections:*:*:connection/*"
}
]
}