forked from toniblyx/security_monkey_cloudformation
-
Notifications
You must be signed in to change notification settings - Fork 0
/
SecurityMonkeyReadOnly.policy
112 lines (112 loc) · 4.39 KB
/
SecurityMonkeyReadOnly.policy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"acm:describecertificate",
"acm:listcertificates",
"cloudtrail:describetrails",
"cloudtrail:gettrailstatus",
"config:describeconfigrules",
"config:describeconfigurationrecorders",
"directconnect:describeconnections",
"ec2:describeaddresses",
"ec2:describedhcpoptions",
"ec2:describeflowlogs",
"ec2:describeimages",
"ec2:describeinstances",
"ec2:describeinternetgateways",
"ec2:describekeypairs",
"ec2:describenatgateways",
"ec2:describenetworkacls",
"ec2:describenetworkinterfaces",
"ec2:describeregions",
"ec2:describeroutetables",
"ec2:describesecuritygroups",
"ec2:describesnapshots",
"ec2:describesubnets",
"ec2:describetags",
"ec2:describevolumes",
"ec2:describevpcendpoints",
"ec2:describevpcpeeringconnections",
"ec2:describevpcs",
"elasticloadbalancing:describeloadbalancerattributes",
"elasticloadbalancing:describeloadbalancerpolicies",
"elasticloadbalancing:describeloadbalancers",
"es:describeelasticsearchdomainconfig",
"es:listdomainnames",
"iam:getaccesskeylastused",
"iam:getgroup",
"iam:getgrouppolicy",
"iam:getloginprofile",
"iam:getpolicyversion",
"iam:getrole",
"iam:getrolepolicy",
"iam:getservercertificate",
"iam:getuser",
"iam:getuserpolicy",
"iam:listaccesskeys",
"iam:listattachedgrouppolicies",
"iam:listattachedrolepolicies",
"iam:listattacheduserpolicies",
"iam:listentitiesforpolicy",
"iam:listgrouppolicies",
"iam:listgroups",
"iam:listinstanceprofilesforrole",
"iam:listmfadevices",
"iam:listpolicies",
"iam:listrolepolicies",
"iam:listroles",
"iam:listservercertificates",
"iam:listsigningcertificates",
"iam:listuserpolicies",
"iam:listusers",
"kms:describekey",
"kms:getkeypolicy",
"kms:listaliases",
"kms:listgrants",
"kms:listkeypolicies",
"kms:listkeys",
"lambda:listfunctions",
"rds:describedbclusters",
"rds:describedbclustersnapshots",
"rds:describedbinstances",
"rds:describedbsecuritygroups",
"rds:describedbsnapshots",
"rds:describedbsubnetgroups",
"redshift:describeclusters",
"route53:listhostedzones",
"route53:listresourcerecordsets",
"route53domains:listdomains",
"route53domains:getdomaindetail",
"s3:getaccelerateconfiguration",
"s3:getbucketacl",
"s3:getbucketcors",
"s3:getbucketlocation",
"s3:getbucketlogging",
"s3:getbucketnotification",
"s3:getbucketpolicy",
"s3:getbuckettagging",
"s3:getbucketversioning",
"s3:getbucketwebsite",
"s3:getlifecycleconfiguration",
"s3:listallmybuckets",
"s3:getreplicationconfiguration",
"s3:getanalyticsconfiguration",
"s3:getmetricsconfiguration",
"s3:getinventoryconfiguration",
"ses:getidentityverificationattributes",
"ses:listidentities",
"ses:listverifiedemailaddresses",
"ses:sendemail",
"sns:gettopicattributes",
"sns:listsubscriptionsbytopic",
"sns:listtopics",
"sqs:getqueueattributes",
"sqs:listqueues"
],
"Effect": "Allow",
"Resource": "*"
}
]
}