-
Notifications
You must be signed in to change notification settings - Fork 188
/
iam-report-example.html
58 lines (47 loc) · 202 KB
/
iam-report-example.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta content="IE=edge" http-equiv="X-UA-Compatible">
<meta http-equiv="X-Content-Type-Options" content="nosniff"/>
<meta content="width=device-width,initial-scale=1.0" name="viewport">
<title>Cloudsplaining report</title>
<!-- Load required Bootstrap and BootstrapVue CSS -->
<!--Bootstrap theme-->
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css"
integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous">
<link type="text/css" rel="stylesheet"
href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap-vue/2.16.0/bootstrap-vue.min.css"
crossorigin="anonymous"/>
<script src="https://cdnjs.cloudflare.com/ajax/libs/vue/2.6.12/vue.min.js" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap-vue/2.16.0/bootstrap-vue.min.js"
crossorigin="anonymous"></script>
<!-- JQuery-->
<script src="https://code.jquery.com/jquery-3.3.1.min.js"></script>
</head>
<body>
<div id="app"></div>
<!-- built files will be auto injected -->
<script>
var isLocalExample = false;
var account_id;
var account_name;
var report_generated_time;
var cloudsplaining_version;
account_id = "012345678901";
account_name = "example";
report_generated_time = "2020-10-12";
cloudsplaining_version = "0.2.2";
var iam_data = {"groups": {"admin": {"arn": "arn:aws:iam::012345678901:group/admin", "name": "admin", "create_date": "2017-05-15 17:33:36+00:00", "id": "admin", "inline_policies": {"ffd2b5250e18691dbd9f0fb8b36640ec574867835837f17d39f859c3193fb3f2": "InlinePolicyForAdminGroup"}, "path": "/", "customer_managed_policies": {"NotYourPolicy": "NotYourPolicy"}, "aws_managed_policies": {"ANPAI6E2CYYMI4XI7AA5K": "AWSLambdaFullAccess"}, "is_excluded": false}, "biden": {"arn": "arn:aws:iam::012345678901:group/biden", "name": "biden", "create_date": "2017-05-15 17:33:36+00:00", "id": "biden", "inline_policies": {"e8bca32ff7d1f7990d71c64d95a04b7caa5aad5791f06f69db59653228c6853d": "InlinePolicyForBidenGroup"}, "path": "/", "customer_managed_policies": {"InsecurePolicy": "InsecurePolicy", "NotYourPolicy": "NotYourPolicy"}, "aws_managed_policies": {"ANPAI3R4QMOG6Q5A4VWVG": "AmazonRDSFullAccess"}, "is_excluded": false}}, "users": {"obama": {"arn": "arn:aws:iam::012345678901:user/obama", "create_date": "2019-12-18 19:10:08+00:00", "id": "obama", "name": "obama", "inline_policies": {}, "groups": {"admin": {"arn": "arn:aws:iam::012345678901:group/admin", "name": "admin", "create_date": "2017-05-15 17:33:36+00:00", "id": "admin", "inline_policies": {"ffd2b5250e18691dbd9f0fb8b36640ec574867835837f17d39f859c3193fb3f2": "InlinePolicyForAdminGroup"}, "path": "/", "customer_managed_policies": {"NotYourPolicy": "NotYourPolicy"}, "aws_managed_policies": {"ANPAI6E2CYYMI4XI7AA5K": "AWSLambdaFullAccess"}, "is_excluded": false}}, "path": "/", "customer_managed_policies": {"InsecurePolicy": "InsecurePolicy", "NotYourPolicy": "NotYourPolicy"}, "aws_managed_policies": {"ANPAIFIR6V6BVTRAHWINE": "AmazonS3FullAccess", "ANPAI3VAJF5ZCRZ7MCQE6": "AmazonEC2FullAccess", "ANPAIQNUJTQYDRJPC3BNK": "AWSCloudTrailFullAccess", "ANPAI4VCZ3XPIZLQ5NZV2": "AWSCodeCommitFullAccess", "ANPAI6E2CYYMI4XI7AA5K": "AWSLambdaFullAccess", "ANPAIKEABORKUXN6DEAZU": "CloudWatchFullAccess"}, "is_excluded": false}, "ASIAZZUSERZZPLACEHOLDER": {"arn": "arn:aws:iam::012345678901:user/userwithlotsofpermissions", "create_date": "2019-12-18 19:10:08+00:00", "id": "ASIAZZUSERZZPLACEHOLDER", "name": "userwithlotsofpermissions", "inline_policies": {"354d81e1788639707f707738fb4c630cb7c5d23614cc467ff9a469a670049e3f": "InsecureUserPolicy"}, "groups": {"admin": {"arn": "arn:aws:iam::012345678901:group/admin", "name": "admin", "create_date": "2017-05-15 17:33:36+00:00", "id": "admin", "inline_policies": {"ffd2b5250e18691dbd9f0fb8b36640ec574867835837f17d39f859c3193fb3f2": "InlinePolicyForAdminGroup"}, "path": "/", "customer_managed_policies": {"NotYourPolicy": "NotYourPolicy"}, "aws_managed_policies": {"ANPAI6E2CYYMI4XI7AA5K": "AWSLambdaFullAccess"}, "is_excluded": false}}, "path": "/", "customer_managed_policies": {"NotYourPolicy": "NotYourPolicy"}, "aws_managed_policies": {"ANPAI3R4QMOG6Q5A4VWVG": "AmazonRDSFullAccess", "ANPAJ2P4NXCHAT7NDPNR4": "AmazonSESFullAccess", "ANPAI7XKCFMBPM3QQRRVQ": "IAMFullAccess", "ANPAIKEABORKUXN6DEAZU": "CloudWatchFullAccess", "ANPAJNPP7PPPPMJRV2SA4": "AWSKeyManagementServicePowerUser", "ANPAIZTJ4DXE7G6AGAE6M": "AmazonS3ReadOnlyAccess"}, "is_excluded": false}}, "roles": {"MyRole": {"arn": "arn:aws:iam::012345678901:role/MyRole", "assume_role_policy": {"PolicyDocument": {"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Principal": {"Service": "lambda.amazonaws.com"}, "Action": "sts:AssumeRole"}]}}, "create_date": "2019-08-16 17:27:59+00:00", "id": "MyRole", "name": "MyRole", "inline_policies": {"0568550cb147d2434f6c04641e921f18fe1b7b1fd0b5af5acf514d33d204faca": "EC2-IAM-example"}, "instance_profiles": [], "instances_count": 0, "path": "/", "customer_managed_policies": {}, "aws_managed_policies": {"ANPAI6E2CYYMI4XI7AA5K": "AWSLambdaFullAccess", "ANPAIKEABORKUXN6DEAZU": "CloudWatchFullAccess"}, "is_excluded": false}, "MyOtherRole": {"arn": "arn:aws:iam::012345678901:role/MyOtherRole", "assume_role_policy": {"PolicyDocument": {"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Principal": {"Service": "ec2.amazonaws.com"}, "Action": "sts:AssumeRole"}]}}, "create_date": "2019-08-16 17:27:59+00:00", "id": "MyOtherRole", "name": "MyOtherRole", "inline_policies": {"0568550cb147d2434f6c04641e921f18fe1b7b1fd0b5af5acf514d33d204faca": "MyOtherRolePolicy"}, "instance_profiles": [], "instances_count": 0, "path": "/", "customer_managed_policies": {}, "aws_managed_policies": {"ANPAI6E2CYYMI4XI7AA5K": "AWSLambdaFullAccess"}, "is_excluded": false}, "OverprivilegedEC2": {"arn": "arn:aws:iam::012345678901:role/OverprivilegedEC2", "assume_role_policy": {"PolicyDocument": {"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Principal": {"Service": "ec2.amazonaws.com"}, "Action": "sts:AssumeRole"}]}}, "create_date": "2018-08-20 18:48:00+00:00", "id": "OverprivilegedEC2", "name": "OverprivilegedEC2", "inline_policies": {"d09fe3603cd65058b6e2d9817cf37093e83e98318a56ce1e29c8491ac989e57e": "OverprivilegedEC2"}, "instance_profiles": [{"Path": "/", "InstanceProfileName": "OverprivilegedEC2", "InstanceProfileId": "OverprivilegedEC2", "Arn": "arn:aws:iam::012345678901:instance-profile/OverprivilegedEC2", "CreateDate": "2018-08-20 18:48:00+00:00", "Roles": [{"Path": "/", "RoleName": "OverprivilegedEC2", "RoleId": "OverprivilegedEC2", "Arn": "arn:aws:iam::012345678901:role/OverprivilegedEC2", "CreateDate": "2018-08-20 18:48:00+00:00", "AssumeRolePolicyDocument": {"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Principal": {"Service": "ec2.amazonaws.com"}, "Action": "sts:AssumeRole"}]}}]}], "instances_count": 1, "path": "/", "customer_managed_policies": {"InsecurePolicy": "InsecurePolicy", "ExcessivePermissions": "ExcessivePermissions"}, "aws_managed_policies": {}, "is_excluded": false}}, "aws_managed_policies": {"ANPAI4UIINUVGB5SEC57G": {"PolicyName": "AWSCodeCommitPowerUser", "PolicyId": "ANPAI4UIINUVGB5SEC57G", "Arn": "arn:aws:iam::aws:policy/AWSCodeCommitPowerUser", "Path": "/", "DefaultVersionId": "v11", "AttachmentCount": 2, "IsAttachable": true, "CreateDate": "2015-07-09 17:06:49+00:00", "UpdateDate": "2019-12-03 08:15:40+00:00", "PolicyVersionList": [{"CreateDate": "2019-12-03 08:15:40+00:00", "Document": {"Statement": [{"Action": ["codecommit:AssociateApprovalRuleTemplateWithRepository", "codecommit:BatchAssociateApprovalRuleTemplateWithRepositories", "codecommit:BatchDisassociateApprovalRuleTemplateFromRepositories", "codecommit:BatchGet*", "codecommit:BatchDescribe*", "codecommit:Create*", "codecommit:DeleteBranch", "codecommit:DeleteFile", "codecommit:Describe*", "codecommit:DisassociateApprovalRuleTemplateFromRepository", "codecommit:EvaluatePullRequestApprovalRules", "codecommit:Get*", "codecommit:List*", "codecommit:Merge*", "codecommit:OverridePullRequestApprovalRules", "codecommit:Put*", "codecommit:Post*", "codecommit:TagResource", "codecommit:Test*", "codecommit:UntagResource", "codecommit:Update*", "codecommit:GitPull", "codecommit:GitPush"], "Effect": "Allow", "Resource": "*"}, {"Action": ["events:DeleteRule", "events:DescribeRule", "events:DisableRule", "events:EnableRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets", "events:ListTargetsByRule"], "Effect": "Allow", "Resource": "arn:aws:events:*:*:rule/codecommit*", "Sid": "CloudWatchEventsCodeCommitRulesAccess"}, {"Action": ["sns:Subscribe", "sns:Unsubscribe"], "Effect": "Allow", "Resource": "arn:aws:sns:*:*:codecommit*", "Sid": "SNSTopicAndSubscriptionAccess"}, {"Action": ["sns:ListTopics", "sns:ListSubscriptionsByTopic", "sns:GetTopicAttributes"], "Effect": "Allow", "Resource": "*", "Sid": "SNSTopicAndSubscriptionReadAccess"}, {"Action": ["lambda:ListFunctions"], "Effect": "Allow", "Resource": "*", "Sid": "LambdaReadOnlyListAccess"}, {"Action": ["iam:ListUsers"], "Effect": "Allow", "Resource": "*", "Sid": "IAMReadOnlyListAccess"}, {"Action": ["iam:ListAccessKeys", "iam:ListSSHPublicKeys", "iam:ListServiceSpecificCredentials"], "Effect": "Allow", "Resource": "arn:aws:iam::*:user/${aws:username}", "Sid": "IAMReadOnlyConsoleAccess"}, {"Action": ["iam:DeleteSSHPublicKey", "iam:GetSSHPublicKey", "iam:ListSSHPublicKeys", "iam:UpdateSSHPublicKey", "iam:UploadSSHPublicKey"], "Effect": "Allow", "Resource": "arn:aws:iam::*:user/${aws:username}", "Sid": "IAMUserSSHKeys"}, {"Action": ["iam:CreateServiceSpecificCredential", "iam:UpdateServiceSpecificCredential", "iam:DeleteServiceSpecificCredential", "iam:ResetServiceSpecificCredential"], "Effect": "Allow", "Resource": "arn:aws:iam::*:user/${aws:username}", "Sid": "IAMSelfManageServiceSpecificCredentials"}, {"Action": ["codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe"], "Condition": {"StringLike": {"codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*"}}, "Effect": "Allow", "Resource": "*", "Sid": "CodeStarNotificationsReadWriteAccess"}, {"Action": ["codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource", "codestar-notifications:ListEventTypes"], "Effect": "Allow", "Resource": "*", "Sid": "CodeStarNotificationsListAccess"}, {"Action": ["codeguru-reviewer:AssociateRepository", "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codeguru-reviewer:DisassociateRepository"], "Effect": "Allow", "Resource": "*", "Sid": "AmazonCodeGuruReviewerFullAccess"}, {"Action": "iam:CreateServiceLinkedRole", "Condition": {"StringLike": {"iam:AWSServiceName": "codeguru-reviewer.amazonaws.com"}}, "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", "Sid": "AmazonCodeGuruReviewerSLRCreation"}, {"Action": ["events:PutRule", "events:PutTargets", "events:DeleteRule", "events:RemoveTargets"], "Condition": {"StringEquals": {"events:ManagedBy": "codeguru-reviewer.amazonaws.com"}}, "Effect": "Allow", "Resource": "*", "Sid": "CloudWatchEventsManagedRules"}], "Version": "2012-10-17"}, "IsDefaultVersion": true, "VersionId": "v11"}, {"CreateDate": "2019-11-20 17:12:55+00:00", "Document": {"Statement": [{"Action": ["codecommit:AssociateApprovalRuleTemplateWithRepository", "codecommit:BatchAssociateApprovalRuleTemplateWithRepositories", "codecommit:BatchDisassociateApprovalRuleTemplateFromRepositories", "codecommit:BatchGet*", "codecommit:BatchDescribe*", "codecommit:Create*", "codecommit:DeleteBranch", "codecommit:DeleteFile", "codecommit:Describe*", "codecommit:DisassociateApprovalRuleTemplateFromRepository", "codecommit:EvaluatePullRequestApprovalRules", "codecommit:Get*", "codecommit:List*", "codecommit:Merge*", "codecommit:OverridePullRequestApprovalRules", "codecommit:Put*", "codecommit:Post*", "codecommit:TagResource", "codecommit:Test*", "codecommit:UntagResource", "codecommit:Update*", "codecommit:GitPull", "codecommit:GitPush"], "Effect": "Allow", "Resource": "*"}, {"Action": ["events:DeleteRule", "events:DescribeRule", "events:DisableRule", "events:EnableRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets", "events:ListTargetsByRule"], "Effect": "Allow", "Resource": "arn:aws:events:*:*:rule/codecommit*", "Sid": "CloudWatchEventsCodeCommitRulesAccess"}, {"Action": ["sns:Subscribe", "sns:Unsubscribe"], "Effect": "Allow", "Resource": "arn:aws:sns:*:*:codecommit*", "Sid": "SNSTopicAndSubscriptionAccess"}, {"Action": ["sns:ListTopics", "sns:ListSubscriptionsByTopic", "sns:GetTopicAttributes"], "Effect": "Allow", "Resource": "*", "Sid": "SNSTopicAndSubscriptionReadAccess"}, {"Action": ["lambda:ListFunctions"], "Effect": "Allow", "Resource": "*", "Sid": "LambdaReadOnlyListAccess"}, {"Action": ["iam:ListUsers"], "Effect": "Allow", "Resource": "*", "Sid": "IAMReadOnlyListAccess"}, {"Action": ["iam:ListAccessKeys", "iam:ListSSHPublicKeys", "iam:ListServiceSpecificCredentials"], "Effect": "Allow", "Resource": "arn:aws:iam::*:user/${aws:username}", "Sid": "IAMReadOnlyConsoleAccess"}, {"Action": ["iam:DeleteSSHPublicKey", "iam:GetSSHPublicKey", "iam:ListSSHPublicKeys", "iam:UpdateSSHPublicKey", "iam:UploadSSHPublicKey"], "Effect": "Allow", "Resource": "arn:aws:iam::*:user/${aws:username}", "Sid": "IAMUserSSHKeys"}, {"Action": ["iam:CreateServiceSpecificCredential", "iam:UpdateServiceSpecificCredential", "iam:DeleteServiceSpecificCredential", "iam:ResetServiceSpecificCredential"], "Effect": "Allow", "Resource": "arn:aws:iam::*:user/${aws:username}", "Sid": "IAMSelfManageServiceSpecificCredentials"}, {"Action": ["codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe"], "Condition": {"StringLike": {"codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*"}}, "Effect": "Allow", "Resource": "*", "Sid": "CodeStarNotificationsReadWriteAccess"}, {"Action": ["codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource", "codestar-notifications:ListEventTypes"], "Effect": "Allow", "Resource": "*", "Sid": "CodeStarNotificationsListAccess"}], "Version": "2012-10-17"}, "IsDefaultVersion": false, "VersionId": "v10"}], "PrivilegeEscalation": [], "DataExfiltration": [], "ResourceExposure": [], "ServiceWildcard": [], "CredentialsExposure": [], "InfrastructureModification": ["codecommit:AssociateApprovalRuleTemplateWithRepository", "codecommit:BatchAssociateApprovalRuleTemplateWithRepositories", "codecommit:BatchDisassociateApprovalRuleTemplateFromRepositories", "codecommit:CreateBranch", "codecommit:CreateCommit", "codecommit:CreatePullRequest", "codecommit:CreatePullRequestApprovalRule", "codecommit:CreateRepository", "codecommit:CreateUnreferencedMergeCommit", "codecommit:DeleteBranch", "codecommit:DeleteFile", "codecommit:DisassociateApprovalRuleTemplateFromRepository", "codecommit:GitPush", "codecommit:MergeBranchesByFastForward", "codecommit:MergeBranchesBySquash", "codecommit:MergeBranchesByThreeWay", "codecommit:MergePullRequestByFastForward", "codecommit:MergePullRequestBySquash", "codecommit:MergePullRequestByThreeWay", "codecommit:OverridePullRequestApprovalRules", "codecommit:PostCommentForComparedCommit", "codecommit:PostCommentForPullRequest", "codecommit:PostCommentReply", "codecommit:PutCommentReaction", "codecommit:PutFile", "codecommit:PutRepositoryTriggers", "codecommit:TagResource", "codecommit:TestRepositoryTriggers", "codecommit:UntagResource", "codecommit:UpdateComment", "codecommit:UpdateDefaultBranch", "codecommit:UpdatePullRequestApprovalRuleContent", "codecommit:UpdatePullRequestApprovalState", "codecommit:UpdatePullRequestDescription", "codecommit:UpdatePullRequestStatus", "codecommit:UpdatePullRequestTitle", "codecommit:UpdateRepositoryDescription", "codecommit:UpdateRepositoryName", "codestar-notifications:CreateNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe", "codestar-notifications:UpdateNotificationRule", "codeguru-reviewer:AssociateRepository", "codeguru-reviewer:DisassociateRepository", "events:DeleteRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets"], "is_excluded": false}, "ANPAI3R4QMOG6Q5A4VWVG": {"PolicyName": "AmazonRDSFullAccess", "PolicyId": "ANPAI3R4QMOG6Q5A4VWVG", "Arn": "arn:aws:iam::aws:policy/AmazonRDSFullAccess", "Path": "/", "DefaultVersionId": "v6", "AttachmentCount": 1, "IsAttachable": true, "CreateDate": "2015-02-06 18:40:52+00:00", "UpdateDate": "2018-04-09 17:42:48+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Action": ["rds:*", "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeregisterScalableTarget", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "application-autoscaling:PutScalingPolicy", "application-autoscaling:RegisterScalableTarget", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStatistics", "cloudwatch:PutMetricAlarm", "cloudwatch:DeleteAlarms", "ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones", "ec2:DescribeInternetGateways", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcs", "sns:ListSubscriptions", "sns:ListTopics", "sns:Publish", "logs:DescribeLogStreams", "logs:GetLogEvents"], "Effect": "Allow", "Resource": "*"}, {"Action": "pi:*", "Effect": "Allow", "Resource": "arn:aws:pi:*:*:metrics/rds/*"}, {"Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "*", "Condition": {"StringLike": {"iam:AWSServiceName": ["rds.amazonaws.com", "rds.application-autoscaling.amazonaws.com"]}}}]}, "VersionId": "v6", "IsDefaultVersion": true, "CreateDate": "2018-04-09 17:42:48+00:00"}], "PrivilegeEscalation": [], "DataExfiltration": [], "ResourceExposure": ["rds:AuthorizeDBSecurityGroupIngress", "iam:CreateServiceLinkedRole"], "ServiceWildcard": ["pi", "rds"], "CredentialsExposure": [], "InfrastructureModification": ["cloudwatch:DeleteAlarms", "cloudwatch:PutMetricAlarm", "rds:AddRoleToDBCluster", "rds:AddRoleToDBInstance", "rds:AddSourceIdentifierToSubscription", "rds:AddTagsToResource", "rds:ApplyPendingMaintenanceAction", "rds:AuthorizeDBSecurityGroupIngress", "rds:BacktrackDBCluster", "rds:CopyDBClusterParameterGroup", "rds:CopyDBClusterSnapshot", "rds:CopyDBParameterGroup", "rds:CopyDBSnapshot", "rds:CopyOptionGroup", "rds:CreateDBCluster", "rds:CreateDBClusterEndpoint", "rds:CreateDBClusterParameterGroup", "rds:CreateDBClusterSnapshot", "rds:CreateDBInstance", "rds:CreateDBInstanceReadReplica", "rds:CreateDBParameterGroup", "rds:CreateDBSecurityGroup", "rds:CreateDBSnapshot", "rds:CreateDBSubnetGroup", "rds:CreateEventSubscription", "rds:CreateGlobalCluster", "rds:CreateOptionGroup", "rds:DeleteDBCluster", "rds:DeleteDBClusterEndpoint", "rds:DeleteDBClusterParameterGroup", "rds:DeleteDBClusterSnapshot", "rds:DeleteDBInstance", "rds:DeleteDBParameterGroup", "rds:DeleteDBProxy", "rds:DeleteDBSecurityGroup", "rds:DeleteDBSnapshot", "rds:DeleteDBSubnetGroup", "rds:DeleteEventSubscription", "rds:DeleteGlobalCluster", "rds:DeleteOptionGroup", "rds:DeregisterDBProxyTargets", "rds:FailoverDBCluster", "rds:ModifyCurrentDBClusterCapacity", "rds:ModifyDBCluster", "rds:ModifyDBClusterEndpoint", "rds:ModifyDBClusterParameterGroup", "rds:ModifyDBClusterSnapshotAttribute", "rds:ModifyDBInstance", "rds:ModifyDBParameterGroup", "rds:ModifyDBProxy", "rds:ModifyDBProxyTargetGroup", "rds:ModifyDBSnapshot", "rds:ModifyDBSnapshotAttribute", "rds:ModifyDBSubnetGroup", "rds:ModifyEventSubscription", "rds:ModifyGlobalCluster", "rds:ModifyOptionGroup", "rds:PromoteReadReplica", "rds:PromoteReadReplicaDBCluster", "rds:PurchaseReservedDBInstancesOffering", "rds:RebootDBInstance", "rds:RegisterDBProxyTargets", "rds:RemoveFromGlobalCluster", "rds:RemoveRoleFromDBCluster", "rds:RemoveRoleFromDBInstance", "rds:RemoveSourceIdentifierFromSubscription", "rds:RemoveTagsFromResource", "rds:ResetDBClusterParameterGroup", "rds:ResetDBParameterGroup", "rds:RestoreDBClusterFromS3", "rds:RestoreDBClusterFromSnapshot", "rds:RestoreDBClusterToPointInTime", "rds:RestoreDBInstanceFromDBSnapshot", "rds:RestoreDBInstanceFromS3", "rds:RestoreDBInstanceToPointInTime", "rds:RevokeDBSecurityGroupIngress", "rds:StartActivityStream", "rds:StartDBCluster", "rds:StartDBInstance", "rds:StopActivityStream", "rds:StopDBCluster", "rds:StopDBInstance", "sns:Publish", "iam:CreateServiceLinkedRole"], "is_excluded": false}, "ANPAI3VAJF5ZCRZ7MCQE6": {"PolicyName": "AmazonEC2FullAccess", "PolicyId": "ANPAI3VAJF5ZCRZ7MCQE6", "Arn": "arn:aws:iam::aws:policy/AmazonEC2FullAccess", "Path": "/", "DefaultVersionId": "v5", "AttachmentCount": 3, "IsAttachable": true, "CreateDate": "2015-02-06 18:40:15+00:00", "UpdateDate": "2018-11-27 02:16:56+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Action": "ec2:*", "Effect": "Allow", "Resource": "*"}, {"Effect": "Allow", "Action": "elasticloadbalancing:*", "Resource": "*"}, {"Effect": "Allow", "Action": "cloudwatch:*", "Resource": "*"}, {"Effect": "Allow", "Action": "autoscaling:*", "Resource": "*"}, {"Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "*", "Condition": {"StringEquals": {"iam:AWSServiceName": ["autoscaling.amazonaws.com", "ec2scheduled.amazonaws.com", "elasticloadbalancing.amazonaws.com", "spot.amazonaws.com", "spotfleet.amazonaws.com", "transitgateway.amazonaws.com"]}}}]}, "VersionId": "v5", "IsDefaultVersion": true, "CreateDate": "2018-11-27 02:16:56+00:00"}], "PrivilegeEscalation": [], "DataExfiltration": [], "ResourceExposure": ["ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterfacePermission", "ec2:ModifySnapshotAttribute", "ec2:ModifyVpcEndpointServicePermissions", "ec2:ResetSnapshotAttribute", "iam:CreateServiceLinkedRole"], "ServiceWildcard": ["autoscaling", "cloudwatch", "ec2", "elasticloadbalancing"], "CredentialsExposure": [], "InfrastructureModification": ["ec2:AcceptTransitGatewayPeeringAttachment", "ec2:AcceptTransitGatewayVpcAttachment", "ec2:AcceptVpcEndpointConnections", "ec2:AcceptVpcPeeringConnection", "ec2:AllocateHosts", "ec2:ApplySecurityGroupsToClientVpnTargetNetwork", "ec2:AssociateClientVpnTargetNetwork", "ec2:AssociateIamInstanceProfile", "ec2:AssociateTransitGatewayMulticastDomain", "ec2:AssociateTransitGatewayRouteTable", "ec2:AttachClassicLinkVpc", "ec2:AttachVolume", "ec2:AuthorizeClientVpnIngress", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CancelCapacityReservation", "ec2:CopySnapshot", "ec2:CreateCapacityReservation", "ec2:CreateCarrierGateway", "ec2:CreateClientVpnEndpoint", "ec2:CreateClientVpnRoute", "ec2:CreateDhcpOptions", "ec2:CreateEgressOnlyInternetGateway", "ec2:CreateFleet", "ec2:CreateFlowLogs", "ec2:CreateFpgaImage", "ec2:CreateInstanceExportTask", "ec2:CreateInternetGateway", "ec2:CreateKeyPair", "ec2:CreateLaunchTemplate", "ec2:CreateLaunchTemplateVersion", "ec2:CreateLocalGatewayRoute", "ec2:CreateLocalGatewayRouteTableVpcAssociation", "ec2:CreateManagedPrefixList", "ec2:CreateNatGateway", "ec2:CreateNetworkAcl", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:CreatePlacementGroup", "ec2:CreateRoute", "ec2:CreateSecurityGroup", "ec2:CreateSnapshot", "ec2:CreateSnapshots", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateTrafficMirrorFilter", "ec2:CreateTrafficMirrorFilterRule", "ec2:CreateTrafficMirrorSession", "ec2:CreateTrafficMirrorTarget", "ec2:CreateTransitGateway", "ec2:CreateTransitGatewayMulticastDomain", "ec2:CreateTransitGatewayPeeringAttachment", "ec2:CreateTransitGatewayPrefixListReference", "ec2:CreateTransitGatewayRoute", "ec2:CreateTransitGatewayRouteTable", "ec2:CreateTransitGatewayVpcAttachment", "ec2:CreateVolume", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:CreateVpcEndpointServiceConfiguration", "ec2:CreateVpcPeeringConnection", "ec2:CreateVpnConnection", "ec2:DeleteCarrierGateway", "ec2:DeleteClientVpnEndpoint", "ec2:DeleteClientVpnRoute", "ec2:DeleteCustomerGateway", "ec2:DeleteDhcpOptions", "ec2:DeleteFlowLogs", "ec2:DeleteInternetGateway", "ec2:DeleteLaunchTemplate", "ec2:DeleteLaunchTemplateVersions", "ec2:DeleteLocalGatewayRoute", "ec2:DeleteLocalGatewayRouteTableVpcAssociation", "ec2:DeleteManagedPrefixList", "ec2:DeleteNetworkAcl", "ec2:DeleteNetworkAclEntry", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DeleteSecurityGroup", "ec2:DeleteSnapshot", "ec2:DeleteTags", "ec2:DeleteTrafficMirrorFilter", "ec2:DeleteTrafficMirrorFilterRule", "ec2:DeleteTrafficMirrorSession", "ec2:DeleteTrafficMirrorTarget", "ec2:DeleteTransitGateway", "ec2:DeleteTransitGatewayMulticastDomain", "ec2:DeleteTransitGatewayPeeringAttachment", "ec2:DeleteTransitGatewayPrefixListReference", "ec2:DeleteTransitGatewayRoute", "ec2:DeleteTransitGatewayRouteTable", "ec2:DeleteTransitGatewayVpcAttachment", "ec2:DeleteVolume", "ec2:DeleteVpcEndpointServiceConfigurations", "ec2:DeleteVpcEndpoints", "ec2:DeleteVpcPeeringConnection", "ec2:DeregisterTransitGatewayMulticastGroupMembers", "ec2:DeregisterTransitGatewayMulticastGroupSources", "ec2:DetachClassicLinkVpc", "ec2:DetachVolume", "ec2:DisableFastSnapshotRestores", "ec2:DisableTransitGatewayRouteTablePropagation", "ec2:DisableVpcClassicLink", "ec2:DisassociateClientVpnTargetNetwork", "ec2:DisassociateIamInstanceProfile", "ec2:DisassociateTransitGatewayMulticastDomain", "ec2:DisassociateTransitGatewayRouteTable", "ec2:EnableFastSnapshotRestores", "ec2:EnableTransitGatewayRouteTablePropagation", "ec2:EnableVpcClassicLink", "ec2:ImportClientVpnClientCertificateRevocationList", "ec2:ModifyCapacityReservation", "ec2:ModifyClientVpnEndpoint", "ec2:ModifyInstanceCreditSpecification", "ec2:ModifyInstanceEventStartTime", "ec2:ModifyLaunchTemplate", "ec2:ModifyManagedPrefixList", "ec2:ModifySnapshotAttribute", "ec2:ModifyTrafficMirrorFilterNetworkServices", "ec2:ModifyTrafficMirrorFilterRule", "ec2:ModifyTrafficMirrorSession", "ec2:ModifyTransitGateway", "ec2:ModifyTransitGatewayPrefixListReference", "ec2:ModifyTransitGatewayVpcAttachment", "ec2:ModifyVpcEndpoint", "ec2:ModifyVpcEndpointServiceConfiguration", "ec2:ModifyVpcEndpointServicePermissions", "ec2:ModifyVpnConnection", "ec2:ModifyVpnTunnelOptions", "ec2:RebootInstances", "ec2:RegisterTransitGatewayMulticastGroupMembers", "ec2:RegisterTransitGatewayMulticastGroupSources", "ec2:RejectTransitGatewayPeeringAttachment", "ec2:RejectTransitGatewayVpcAttachment", "ec2:RejectVpcEndpointConnections", "ec2:RejectVpcPeeringConnection", "ec2:ReplaceIamInstanceProfileAssociation", "ec2:ReplaceRoute", "ec2:ReplaceTransitGatewayRoute", "ec2:RestoreManagedPrefixListVersion", "ec2:RevokeClientVpnIngress", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:RunInstances", "ec2:SendDiagnosticInterrupt", "ec2:StartInstances", "ec2:StartVpcEndpointServicePrivateDnsVerification", "ec2:StopInstances", "ec2:TerminateClientVpnConnections", "ec2:TerminateInstances", "ec2:UpdateSecurityGroupRuleDescriptionsEgress", "ec2:UpdateSecurityGroupRuleDescriptionsIngress", "elasticloadbalancing:AddListenerCertificates", "elasticloadbalancing:AddTags", "elasticloadbalancing:CreateListener", "elasticloadbalancing:CreateLoadBalancer", "elasticloadbalancing:CreateRule", "elasticloadbalancing:CreateTargetGroup", "elasticloadbalancing:DeleteListener", "elasticloadbalancing:DeleteLoadBalancer", "elasticloadbalancing:DeleteRule", "elasticloadbalancing:DeleteTargetGroup", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:ModifyListener", "elasticloadbalancing:ModifyLoadBalancerAttributes", "elasticloadbalancing:ModifyRule", "elasticloadbalancing:ModifyTargetGroup", "elasticloadbalancing:ModifyTargetGroupAttributes", "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:RemoveListenerCertificates", "elasticloadbalancing:RemoveTags", "elasticloadbalancing:SetIpAddressType", "elasticloadbalancing:SetRulePriorities", "elasticloadbalancing:SetSecurityGroups", "elasticloadbalancing:SetSubnets", "cloudwatch:DeleteAlarms", "cloudwatch:DeleteDashboards", "cloudwatch:DeleteInsightRules", "cloudwatch:DisableAlarmActions", "cloudwatch:DisableInsightRules", "cloudwatch:EnableAlarmActions", "cloudwatch:EnableInsightRules", "cloudwatch:PutDashboard", "cloudwatch:PutInsightRule", "cloudwatch:PutMetricAlarm", "cloudwatch:SetAlarmState", "cloudwatch:TagResource", "cloudwatch:UntagResource", "autoscaling:AttachInstances", "autoscaling:AttachLoadBalancerTargetGroups", "autoscaling:AttachLoadBalancers", "autoscaling:BatchDeleteScheduledAction", "autoscaling:BatchPutScheduledUpdateGroupAction", "autoscaling:CancelInstanceRefresh", "autoscaling:CompleteLifecycleAction", "autoscaling:CreateAutoScalingGroup", "autoscaling:CreateLaunchConfiguration", "autoscaling:CreateOrUpdateTags", "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteLaunchConfiguration", "autoscaling:DeleteLifecycleHook", "autoscaling:DeleteNotificationConfiguration", "autoscaling:DeletePolicy", "autoscaling:DeleteScheduledAction", "autoscaling:DeleteTags", "autoscaling:DetachInstances", "autoscaling:DetachLoadBalancerTargetGroups", "autoscaling:DetachLoadBalancers", "autoscaling:DisableMetricsCollection", "autoscaling:EnableMetricsCollection", "autoscaling:EnterStandby", "autoscaling:ExecutePolicy", "autoscaling:ExitStandby", "autoscaling:PutLifecycleHook", "autoscaling:PutNotificationConfiguration", "autoscaling:PutScalingPolicy", "autoscaling:PutScheduledUpdateGroupAction", "autoscaling:RecordLifecycleActionHeartbeat", "autoscaling:ResumeProcesses", "autoscaling:SetDesiredCapacity", "autoscaling:SetInstanceHealth", "autoscaling:SetInstanceProtection", "autoscaling:StartInstanceRefresh", "autoscaling:SuspendProcesses", "autoscaling:TerminateInstanceInAutoScalingGroup", "autoscaling:UpdateAutoScalingGroup", "iam:CreateServiceLinkedRole"], "is_excluded": false}, "ANPAI4VCZ3XPIZLQ5NZV2": {"PolicyName": "AWSCodeCommitFullAccess", "PolicyId": "ANPAI4VCZ3XPIZLQ5NZV2", "Arn": "arn:aws:iam::aws:policy/AWSCodeCommitFullAccess", "Path": "/", "DefaultVersionId": "v7", "AttachmentCount": 1, "IsAttachable": true, "CreateDate": "2015-07-09 17:02:19+00:00", "UpdateDate": "2020-03-26 16:23:20+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": ["codecommit:*"], "Resource": "*"}, {"Sid": "CloudWatchEventsCodeCommitRulesAccess", "Effect": "Allow", "Action": ["events:DeleteRule", "events:DescribeRule", "events:DisableRule", "events:EnableRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets", "events:ListTargetsByRule"], "Resource": "arn:aws:events:*:*:rule/codecommit*"}, {"Sid": "SNSTopicAndSubscriptionAccess", "Effect": "Allow", "Action": ["sns:CreateTopic", "sns:DeleteTopic", "sns:Subscribe", "sns:Unsubscribe", "sns:SetTopicAttributes"], "Resource": "arn:aws:sns:*:*:codecommit*"}, {"Sid": "SNSTopicAndSubscriptionReadAccess", "Effect": "Allow", "Action": ["sns:ListTopics", "sns:ListSubscriptionsByTopic", "sns:GetTopicAttributes"], "Resource": "*"}, {"Sid": "LambdaReadOnlyListAccess", "Effect": "Allow", "Action": ["lambda:ListFunctions"], "Resource": "*"}, {"Sid": "IAMReadOnlyListAccess", "Effect": "Allow", "Action": ["iam:ListUsers"], "Resource": "*"}, {"Sid": "IAMReadOnlyConsoleAccess", "Effect": "Allow", "Action": ["iam:ListAccessKeys", "iam:ListSSHPublicKeys", "iam:ListServiceSpecificCredentials"], "Resource": "arn:aws:iam::*:user/${aws:username}"}, {"Sid": "IAMUserSSHKeys", "Effect": "Allow", "Action": ["iam:DeleteSSHPublicKey", "iam:GetSSHPublicKey", "iam:ListSSHPublicKeys", "iam:UpdateSSHPublicKey", "iam:UploadSSHPublicKey"], "Resource": "arn:aws:iam::*:user/${aws:username}"}, {"Sid": "IAMSelfManageServiceSpecificCredentials", "Effect": "Allow", "Action": ["iam:CreateServiceSpecificCredential", "iam:UpdateServiceSpecificCredential", "iam:DeleteServiceSpecificCredential", "iam:ResetServiceSpecificCredential"], "Resource": "arn:aws:iam::*:user/${aws:username}"}, {"Sid": "CodeStarNotificationsReadWriteAccess", "Effect": "Allow", "Action": ["codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:DeleteNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe"], "Resource": "*", "Condition": {"StringLike": {"codestar-notifications:NotificationsForResource": "arn:aws:codecommit:*"}}}, {"Sid": "CodeStarNotificationsListAccess", "Effect": "Allow", "Action": ["codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource", "codestar-notifications:ListEventTypes"], "Resource": "*"}, {"Sid": "CodeStarNotificationsSNSTopicCreateAccess", "Effect": "Allow", "Action": ["sns:CreateTopic", "sns:SetTopicAttributes"], "Resource": "arn:aws:sns:*:*:codestar-notifications*"}, {"Sid": "AmazonCodeGuruReviewerFullAccess", "Effect": "Allow", "Action": ["codeguru-reviewer:AssociateRepository", "codeguru-reviewer:DescribeRepositoryAssociation", "codeguru-reviewer:ListRepositoryAssociations", "codeguru-reviewer:DisassociateRepository"], "Resource": "*"}, {"Sid": "AmazonCodeGuruReviewerSLRCreation", "Action": "iam:CreateServiceLinkedRole", "Effect": "Allow", "Resource": "arn:aws:iam::*:role/aws-service-role/codeguru-reviewer.amazonaws.com/AWSServiceRoleForAmazonCodeGuruReviewer", "Condition": {"StringLike": {"iam:AWSServiceName": "codeguru-reviewer.amazonaws.com"}}}, {"Sid": "CloudWatchEventsManagedRules", "Effect": "Allow", "Action": ["events:PutRule", "events:PutTargets", "events:DeleteRule", "events:RemoveTargets"], "Resource": "*", "Condition": {"StringEquals": {"events:ManagedBy": "codeguru-reviewer.amazonaws.com"}}}, {"Sid": "CodeStarNotificationsChatbotAccess", "Effect": "Allow", "Action": ["chatbot:DescribeSlackChannelConfigurations"], "Resource": "*"}]}, "VersionId": "v7", "IsDefaultVersion": true, "CreateDate": "2020-03-26 16:23:20+00:00"}], "PrivilegeEscalation": [], "DataExfiltration": [], "ResourceExposure": [], "ServiceWildcard": ["codecommit"], "CredentialsExposure": [], "InfrastructureModification": ["codecommit:AssociateApprovalRuleTemplateWithRepository", "codecommit:BatchAssociateApprovalRuleTemplateWithRepositories", "codecommit:BatchDisassociateApprovalRuleTemplateFromRepositories", "codecommit:CreateBranch", "codecommit:CreateCommit", "codecommit:CreatePullRequest", "codecommit:CreatePullRequestApprovalRule", "codecommit:CreateRepository", "codecommit:CreateUnreferencedMergeCommit", "codecommit:DeleteBranch", "codecommit:DeleteCommentContent", "codecommit:DeleteFile", "codecommit:DeletePullRequestApprovalRule", "codecommit:DeleteRepository", "codecommit:DisassociateApprovalRuleTemplateFromRepository", "codecommit:GitPush", "codecommit:MergeBranchesByFastForward", "codecommit:MergeBranchesBySquash", "codecommit:MergeBranchesByThreeWay", "codecommit:MergePullRequestByFastForward", "codecommit:MergePullRequestBySquash", "codecommit:MergePullRequestByThreeWay", "codecommit:OverridePullRequestApprovalRules", "codecommit:PostCommentForComparedCommit", "codecommit:PostCommentForPullRequest", "codecommit:PostCommentReply", "codecommit:PutCommentReaction", "codecommit:PutFile", "codecommit:PutRepositoryTriggers", "codecommit:TagResource", "codecommit:TestRepositoryTriggers", "codecommit:UntagResource", "codecommit:UpdateComment", "codecommit:UpdateDefaultBranch", "codecommit:UpdatePullRequestApprovalRuleContent", "codecommit:UpdatePullRequestApprovalState", "codecommit:UpdatePullRequestDescription", "codecommit:UpdatePullRequestStatus", "codecommit:UpdatePullRequestTitle", "codecommit:UpdateRepositoryDescription", "codecommit:UpdateRepositoryName", "codecommit:UploadArchive", "codestar-notifications:CreateNotificationRule", "codestar-notifications:DeleteNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe", "codestar-notifications:UpdateNotificationRule", "codeguru-reviewer:AssociateRepository", "codeguru-reviewer:DisassociateRepository", "events:DeleteRule", "events:PutRule", "events:PutTargets", "events:RemoveTargets"], "is_excluded": false}, "ANPAI65L554VRJ33ECQS6": {"PolicyName": "AmazonSQSFullAccess", "PolicyId": "ANPAI65L554VRJ33ECQS6", "Arn": "arn:aws:iam::aws:policy/AmazonSQSFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 1, "IsAttachable": true, "CreateDate": "2015-02-06 18:41:07+00:00", "UpdateDate": "2015-02-06 18:41:07+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Action": ["sqs:*"], "Effect": "Allow", "Resource": "*"}]}, "VersionId": "v1", "IsDefaultVersion": true, "CreateDate": "2015-02-06 18:41:07+00:00"}], "PrivilegeEscalation": [], "DataExfiltration": [], "ResourceExposure": ["sqs:AddPermission", "sqs:CreateQueue", "sqs:RemovePermission", "sqs:SetQueueAttributes"], "ServiceWildcard": ["sqs"], "CredentialsExposure": [], "InfrastructureModification": ["sqs:AddPermission", "sqs:ChangeMessageVisibility", "sqs:ChangeMessageVisibilityBatch", "sqs:CreateQueue", "sqs:DeleteMessage", "sqs:DeleteMessageBatch", "sqs:DeleteQueue", "sqs:PurgeQueue", "sqs:RemovePermission", "sqs:SendMessage", "sqs:SendMessageBatch", "sqs:SetQueueAttributes", "sqs:TagQueue", "sqs:UntagQueue"], "is_excluded": false}, "ANPAI6E2CYYMI4XI7AA5K": {"PolicyName": "AWSLambdaFullAccess", "PolicyId": "ANPAI6E2CYYMI4XI7AA5K", "Arn": "arn:aws:iam::aws:policy/AWSLambdaFullAccess", "Path": "/", "DefaultVersionId": "v8", "AttachmentCount": 1, "IsAttachable": true, "CreateDate": "2015-02-06 18:40:45+00:00", "UpdateDate": "2017-11-27 23:22:38+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": ["cloudformation:DescribeChangeSet", "cloudformation:DescribeStackResources", "cloudformation:DescribeStacks", "cloudformation:GetTemplate", "cloudformation:ListStackResources", "cloudwatch:*", "cognito-identity:ListIdentityPools", "cognito-sync:GetCognitoEvents", "cognito-sync:SetCognitoEvents", "dynamodb:*", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "events:*", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole", "iam:GetRolePolicy", "iam:ListAttachedRolePolicies", "iam:ListRolePolicies", "iam:ListRoles", "iam:PassRole", "iot:AttachPrincipalPolicy", "iot:AttachThingPrincipal", "iot:CreateKeysAndCertificate", "iot:CreatePolicy", "iot:CreateThing", "iot:CreateTopicRule", "iot:DescribeEndpoint", "iot:GetTopicRule", "iot:ListPolicies", "iot:ListThings", "iot:ListTopicRules", "iot:ReplaceTopicRule", "kinesis:DescribeStream", "kinesis:ListStreams", "kinesis:PutRecord", "kms:ListAliases", "lambda:*", "logs:*", "s3:*", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "sns:Publish", "sns:Subscribe", "sns:Unsubscribe", "sqs:ListQueues", "sqs:SendMessage", "tag:GetResources", "xray:PutTelemetryRecords", "xray:PutTraceSegments"], "Resource": "*"}]}, "VersionId": "v8", "IsDefaultVersion": true, "CreateDate": "2017-11-27 23:22:38+00:00"}], "PrivilegeEscalation": [{"type": "PassExistingRoleToNewLambdaThenInvoke", "actions": ["iam:passrole", "lambda:createfunction", "lambda:invokefunction"]}, {"type": "PassExistingRoleToNewLambdaThenTriggerWithNewDynamo", "actions": ["iam:passrole", "lambda:createfunction", "lambda:createeventsourcemapping", "dynamodb:createtable", "dynamodb:putitem"]}, {"type": "PassExistingRoleToNewLambdaThenTriggerWithExistingDynamo", "actions": ["iam:passrole", "lambda:createfunction", "lambda:createeventsourcemapping"]}, {"type": "EditExistingLambdaFunctionWithRole", "actions": ["lambda:updatefunctioncode"]}], "DataExfiltration": ["s3:GetObject"], "ResourceExposure": ["iam:PassRole", "iot:AttachPrincipalPolicy", "lambda:AddLayerVersionPermission", "lambda:AddPermission", "lambda:DisableReplication", "lambda:EnableReplication", "lambda:RemoveLayerVersionPermission", "lambda:RemovePermission", "logs:DeleteResourcePolicy", "logs:PutResourcePolicy", "s3:BypassGovernanceRetention", "s3:DeleteAccessPointPolicy", "s3:DeleteBucketPolicy", "s3:ObjectOwnerOverrideToBucketOwner", "s3:PutAccessPointPolicy", "s3:PutAccountPublicAccessBlock", "s3:PutBucketAcl", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", "s3:PutObjectAcl", "s3:PutObjectVersionAcl"], "ServiceWildcard": ["cloudwatch", "dynamodb", "events", "lambda", "logs", "s3"], "CredentialsExposure": [], "InfrastructureModification": ["cloudwatch:DeleteAlarms", "cloudwatch:DeleteDashboards", "cloudwatch:DeleteInsightRules", "cloudwatch:DisableAlarmActions", "cloudwatch:DisableInsightRules", "cloudwatch:EnableAlarmActions", "cloudwatch:EnableInsightRules", "cloudwatch:PutDashboard", "cloudwatch:PutInsightRule", "cloudwatch:PutMetricAlarm", "cloudwatch:SetAlarmState", "cloudwatch:TagResource", "cloudwatch:UntagResource", "cognito-sync:SetCognitoEvents", "dynamodb:BatchWriteItem", "dynamodb:CreateBackup", "dynamodb:CreateGlobalTable", "dynamodb:CreateTable", "dynamodb:CreateTableReplica", "dynamodb:DeleteBackup", "dynamodb:DeleteItem", "dynamodb:DeleteTable", "dynamodb:DeleteTableReplica", "dynamodb:PutItem", "dynamodb:RestoreTableFromBackup", "dynamodb:RestoreTableToPointInTime", "dynamodb:TagResource", "dynamodb:UntagResource", "dynamodb:UpdateContinuousBackups", "dynamodb:UpdateContributorInsights", "dynamodb:UpdateGlobalTable", "dynamodb:UpdateGlobalTableSettings", "dynamodb:UpdateItem", "dynamodb:UpdateTable", "dynamodb:UpdateTableReplicaAutoScaling", "dynamodb:UpdateTimeToLive", "events:ActivateEventSource", "events:CreateEventBus", "events:CreatePartnerEventSource", "events:DeactivateEventSource", "events:DeleteEventBus", "events:DeletePartnerEventSource", "events:DeleteRule", "events:DisableRule", "events:EnableRule", "events:PutEvents", "events:PutRule", "events:PutTargets", "events:RemoveTargets", "events:TagResource", "events:UntagResource", "iam:PassRole", "iot:AttachPrincipalPolicy", "iot:CreateThing", "iot:CreateTopicRule", "iot:ReplaceTopicRule", "kinesis:PutRecord", "lambda:AddLayerVersionPermission", "lambda:AddPermission", "lambda:CreateAlias", "lambda:CreateFunction", "lambda:DeleteAlias", "lambda:DeleteEventSourceMapping", "lambda:DeleteFunction", "lambda:DeleteFunctionConcurrency", "lambda:DeleteFunctionEventInvokeConfig", "lambda:DeleteLayerVersion", "lambda:DeleteProvisionedConcurrencyConfig", "lambda:DisableReplication", "lambda:EnableReplication", "lambda:InvokeAsync", "lambda:InvokeFunction", "lambda:PublishLayerVersion", "lambda:PublishVersion", "lambda:PutFunctionConcurrency", "lambda:PutFunctionEventInvokeConfig", "lambda:PutProvisionedConcurrencyConfig", "lambda:RemoveLayerVersionPermission", "lambda:RemovePermission", "lambda:TagResource", "lambda:UntagResource", "lambda:UpdateAlias", "lambda:UpdateEventSourceMapping", "lambda:UpdateFunctionCode", "lambda:UpdateFunctionConfiguration", "lambda:UpdateFunctionEventInvokeConfig", "logs:AssociateKmsKey", "logs:CreateExportTask", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DeleteLogGroup", "logs:DeleteLogStream", "logs:DeleteMetricFilter", "logs:DeleteRetentionPolicy", "logs:DeleteSubscriptionFilter", "logs:DisassociateKmsKey", "logs:PutLogEvents", "logs:PutMetricFilter", "logs:PutRetentionPolicy", "logs:PutSubscriptionFilter", "logs:TagLogGroup", "logs:UntagLogGroup", "s3:AbortMultipartUpload", "s3:BypassGovernanceRetention", "s3:CreateAccessPoint", "s3:CreateBucket", "s3:DeleteAccessPoint", "s3:DeleteAccessPointPolicy", "s3:DeleteBucket", "s3:DeleteBucketPolicy", "s3:DeleteBucketWebsite", "s3:DeleteJobTagging", "s3:DeleteObject", "s3:DeleteObjectTagging", "s3:DeleteObjectVersion", "s3:DeleteObjectVersionTagging", "s3:GetObject", "s3:ObjectOwnerOverrideToBucketOwner", "s3:PutAccelerateConfiguration", "s3:PutAccessPointPolicy", "s3:PutAnalyticsConfiguration", "s3:PutBucketAcl", "s3:PutBucketCORS", "s3:PutBucketLogging", "s3:PutBucketNotification", "s3:PutBucketObjectLockConfiguration", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", "s3:PutBucketRequestPayment", "s3:PutBucketTagging", "s3:PutBucketVersioning", "s3:PutBucketWebsite", "s3:PutEncryptionConfiguration", "s3:PutInventoryConfiguration", "s3:PutJobTagging", "s3:PutLifecycleConfiguration", "s3:PutMetricsConfiguration", "s3:PutObject", "s3:PutObjectAcl", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", "s3:PutObjectVersionAcl", "s3:PutObjectVersionTagging", "s3:PutReplicationConfiguration", "s3:ReplicateDelete", "s3:ReplicateObject", "s3:ReplicateTags", "s3:RestoreObject", "s3:UpdateJobPriority", "s3:UpdateJobStatus", "sns:Publish", "sns:Subscribe", "sqs:SendMessage"], "is_excluded": false}, "ANPAI7XKCFMBPM3QQRRVQ": {"PolicyName": "IAMFullAccess", "PolicyId": "ANPAI7XKCFMBPM3QQRRVQ", "Arn": "arn:aws:iam::aws:policy/IAMFullAccess", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 1, "IsAttachable": true, "CreateDate": "2015-02-06 18:40:38+00:00", "UpdateDate": "2019-06-21 19:40:00+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": ["iam:*", "organizations:DescribeAccount", "organizations:DescribeOrganization", "organizations:DescribeOrganizationalUnit", "organizations:DescribePolicy", "organizations:ListChildren", "organizations:ListParents", "organizations:ListPoliciesForTarget", "organizations:ListRoots", "organizations:ListPolicies", "organizations:ListTargetsForPolicy"], "Resource": "*"}]}, "VersionId": "v2", "IsDefaultVersion": true, "CreateDate": "2019-06-21 19:40:00+00:00"}], "PrivilegeEscalation": [{"type": "CreateAccessKey", "actions": ["iam:createaccesskey"]}, {"type": "CreateLoginProfile", "actions": ["iam:createloginprofile"]}, {"type": "UpdateLoginProfile", "actions": ["iam:updateloginprofile"]}, {"type": "CreateNewPolicyVersion", "actions": ["iam:createpolicyversion"]}, {"type": "SetExistingDefaultPolicyVersion", "actions": ["iam:setdefaultpolicyversion"]}, {"type": "AttachUserPolicy", "actions": ["iam:attachuserpolicy"]}, {"type": "AttachGroupPolicy", "actions": ["iam:attachgrouppolicy"]}, {"type": "PutUserPolicy", "actions": ["iam:putuserpolicy"]}, {"type": "PutGroupPolicy", "actions": ["iam:putgrouppolicy"]}, {"type": "AddUserToGroup", "actions": ["iam:addusertogroup"]}], "DataExfiltration": [], "ResourceExposure": ["iam:AddClientIDToOpenIDConnectProvider", "iam:AddRoleToInstanceProfile", "iam:AddUserToGroup", "iam:AttachGroupPolicy", "iam:AttachRolePolicy", "iam:AttachUserPolicy", "iam:ChangePassword", "iam:CreateAccessKey", "iam:CreateAccountAlias", "iam:CreateGroup", "iam:CreateInstanceProfile", "iam:CreateLoginProfile", "iam:CreateOpenIDConnectProvider", "iam:CreatePolicy", "iam:CreatePolicyVersion", "iam:CreateRole", "iam:CreateSAMLProvider", "iam:CreateServiceLinkedRole", "iam:CreateServiceSpecificCredential", "iam:CreateUser", "iam:CreateVirtualMFADevice", "iam:DeactivateMFADevice", "iam:DeleteAccessKey", "iam:DeleteAccountAlias", "iam:DeleteAccountPasswordPolicy", "iam:DeleteGroup", "iam:DeleteGroupPolicy", "iam:DeleteInstanceProfile", "iam:DeleteLoginProfile", "iam:DeleteOpenIDConnectProvider", "iam:DeletePolicy", "iam:DeletePolicyVersion", "iam:DeleteRole", "iam:DeleteRolePermissionsBoundary", "iam:DeleteRolePolicy", "iam:DeleteSAMLProvider", "iam:DeleteSSHPublicKey", "iam:DeleteServerCertificate", "iam:DeleteServiceLinkedRole", "iam:DeleteServiceSpecificCredential", "iam:DeleteSigningCertificate", "iam:DeleteUser", "iam:DeleteUserPermissionsBoundary", "iam:DeleteUserPolicy", "iam:DeleteVirtualMFADevice", "iam:DetachGroupPolicy", "iam:DetachRolePolicy", "iam:DetachUserPolicy", "iam:EnableMFADevice", "iam:PassRole", "iam:PutGroupPolicy", "iam:PutRolePermissionsBoundary", "iam:PutRolePolicy", "iam:PutUserPermissionsBoundary", "iam:PutUserPolicy", "iam:RemoveClientIDFromOpenIDConnectProvider", "iam:RemoveRoleFromInstanceProfile", "iam:RemoveUserFromGroup", "iam:ResetServiceSpecificCredential", "iam:ResyncMFADevice", "iam:SetDefaultPolicyVersion", "iam:SetSecurityTokenServicePreferences", "iam:UpdateAccessKey", "iam:UpdateAccountPasswordPolicy", "iam:UpdateAssumeRolePolicy", "iam:UpdateGroup", "iam:UpdateLoginProfile", "iam:UpdateOpenIDConnectProviderThumbprint", "iam:UpdateRole", "iam:UpdateRoleDescription", "iam:UpdateSAMLProvider", "iam:UpdateSSHPublicKey", "iam:UpdateServerCertificate", "iam:UpdateServiceSpecificCredential", "iam:UpdateSigningCertificate", "iam:UpdateUser", "iam:UploadSSHPublicKey", "iam:UploadServerCertificate", "iam:UploadSigningCertificate"], "ServiceWildcard": ["iam"], "CredentialsExposure": ["iam:CreateAccessKey", "iam:CreateLoginProfile", "iam:CreateServiceSpecificCredential", "iam:ResetServiceSpecificCredential", "iam:UpdateAccessKey"], "InfrastructureModification": ["iam:AddClientIDToOpenIDConnectProvider", "iam:AddRoleToInstanceProfile", "iam:AddUserToGroup", "iam:AttachGroupPolicy", "iam:AttachRolePolicy", "iam:AttachUserPolicy", "iam:ChangePassword", "iam:CreateAccessKey", "iam:CreateGroup", "iam:CreateInstanceProfile", "iam:CreateLoginProfile", "iam:CreateOpenIDConnectProvider", "iam:CreatePolicy", "iam:CreatePolicyVersion", "iam:CreateRole", "iam:CreateSAMLProvider", "iam:CreateServiceLinkedRole", "iam:CreateServiceSpecificCredential", "iam:CreateUser", "iam:CreateVirtualMFADevice", "iam:DeactivateMFADevice", "iam:DeleteAccessKey", "iam:DeleteGroup", "iam:DeleteGroupPolicy", "iam:DeleteInstanceProfile", "iam:DeleteLoginProfile", "iam:DeleteOpenIDConnectProvider", "iam:DeletePolicy", "iam:DeletePolicyVersion", "iam:DeleteRole", "iam:DeleteRolePermissionsBoundary", "iam:DeleteRolePolicy", "iam:DeleteSAMLProvider", "iam:DeleteSSHPublicKey", "iam:DeleteServerCertificate", "iam:DeleteServiceLinkedRole", "iam:DeleteServiceSpecificCredential", "iam:DeleteSigningCertificate", "iam:DeleteUser", "iam:DeleteUserPermissionsBoundary", "iam:DeleteUserPolicy", "iam:DeleteVirtualMFADevice", "iam:DetachGroupPolicy", "iam:DetachRolePolicy", "iam:DetachUserPolicy", "iam:EnableMFADevice", "iam:PassRole", "iam:PutGroupPolicy", "iam:PutRolePermissionsBoundary", "iam:PutRolePolicy", "iam:PutUserPermissionsBoundary", "iam:PutUserPolicy", "iam:RemoveClientIDFromOpenIDConnectProvider", "iam:RemoveRoleFromInstanceProfile", "iam:RemoveUserFromGroup", "iam:ResetServiceSpecificCredential", "iam:ResyncMFADevice", "iam:SetDefaultPolicyVersion", "iam:TagRole", "iam:TagUser", "iam:UntagRole", "iam:UntagUser", "iam:UpdateAccessKey", "iam:UpdateAssumeRolePolicy", "iam:UpdateGroup", "iam:UpdateLoginProfile", "iam:UpdateOpenIDConnectProviderThumbprint", "iam:UpdateRole", "iam:UpdateRoleDescription", "iam:UpdateSAMLProvider", "iam:UpdateSSHPublicKey", "iam:UpdateServerCertificate", "iam:UpdateServiceSpecificCredential", "iam:UpdateSigningCertificate", "iam:UpdateUser", "iam:UploadSSHPublicKey", "iam:UploadServerCertificate", "iam:UploadSigningCertificate"], "is_excluded": false}, "ANPAIFIR6V6BVTRAHWINE": {"PolicyName": "AmazonS3FullAccess", "PolicyId": "ANPAIFIR6V6BVTRAHWINE", "Arn": "arn:aws:iam::aws:policy/AmazonS3FullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 1, "IsAttachable": true, "CreateDate": "2015-02-06 18:40:58+00:00", "UpdateDate": "2015-02-06 18:40:58+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": "s3:*", "Resource": "*"}]}, "VersionId": "v1", "IsDefaultVersion": true, "CreateDate": "2015-02-06 18:40:58+00:00"}], "PrivilegeEscalation": [], "DataExfiltration": ["s3:GetObject"], "ResourceExposure": ["s3:BypassGovernanceRetention", "s3:DeleteAccessPointPolicy", "s3:DeleteBucketPolicy", "s3:ObjectOwnerOverrideToBucketOwner", "s3:PutAccessPointPolicy", "s3:PutAccountPublicAccessBlock", "s3:PutBucketAcl", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", "s3:PutObjectAcl", "s3:PutObjectVersionAcl"], "ServiceWildcard": ["s3"], "CredentialsExposure": [], "InfrastructureModification": ["s3:AbortMultipartUpload", "s3:BypassGovernanceRetention", "s3:CreateAccessPoint", "s3:CreateBucket", "s3:DeleteAccessPoint", "s3:DeleteAccessPointPolicy", "s3:DeleteBucket", "s3:DeleteBucketPolicy", "s3:DeleteBucketWebsite", "s3:DeleteJobTagging", "s3:DeleteObject", "s3:DeleteObjectTagging", "s3:DeleteObjectVersion", "s3:DeleteObjectVersionTagging", "s3:GetObject", "s3:ObjectOwnerOverrideToBucketOwner", "s3:PutAccelerateConfiguration", "s3:PutAccessPointPolicy", "s3:PutAnalyticsConfiguration", "s3:PutBucketAcl", "s3:PutBucketCORS", "s3:PutBucketLogging", "s3:PutBucketNotification", "s3:PutBucketObjectLockConfiguration", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", "s3:PutBucketRequestPayment", "s3:PutBucketTagging", "s3:PutBucketVersioning", "s3:PutBucketWebsite", "s3:PutEncryptionConfiguration", "s3:PutInventoryConfiguration", "s3:PutJobTagging", "s3:PutLifecycleConfiguration", "s3:PutMetricsConfiguration", "s3:PutObject", "s3:PutObjectAcl", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", "s3:PutObjectVersionAcl", "s3:PutObjectVersionTagging", "s3:PutReplicationConfiguration", "s3:ReplicateDelete", "s3:ReplicateObject", "s3:ReplicateTags", "s3:RestoreObject", "s3:UpdateJobPriority", "s3:UpdateJobStatus"], "is_excluded": false}, "ANPAIICZJNOJN36GTG6CM": {"PolicyName": "AmazonVPCReadOnlyAccess", "PolicyId": "ANPAIICZJNOJN36GTG6CM", "Arn": "arn:aws:iam::aws:policy/AmazonVPCReadOnlyAccess", "Path": "/", "DefaultVersionId": "v6", "AttachmentCount": 1, "IsAttachable": true, "CreateDate": "2015-02-06 18:41:17+00:00", "UpdateDate": "2018-03-07 18:34:42+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": ["ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeClassicLinkInstances", "ec2:DescribeCustomerGateways", "ec2:DescribeDhcpOptions", "ec2:DescribeEgressOnlyInternetGateways", "ec2:DescribeFlowLogs", "ec2:DescribeInternetGateways", "ec2:DescribeMovingAddresses", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfacePermissions", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroupReferences", "ec2:DescribeSecurityGroups", "ec2:DescribeStaleSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcClassicLink", "ec2:DescribeVpcClassicLinkDnsSupport", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcEndpointConnectionNotifications", "ec2:DescribeVpcEndpointConnections", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeVpcEndpointServicePermissions", "ec2:DescribeVpcEndpointServices", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways"], "Resource": "*"}]}, "VersionId": "v6", "IsDefaultVersion": true, "CreateDate": "2018-03-07 18:34:42+00:00"}], "PrivilegeEscalation": [], "DataExfiltration": [], "ResourceExposure": [], "ServiceWildcard": [], "CredentialsExposure": [], "InfrastructureModification": [], "is_excluded": false}, "ANPAIKEABORKUXN6DEAZU": {"PolicyName": "CloudWatchFullAccess", "PolicyId": "ANPAIKEABORKUXN6DEAZU", "Arn": "arn:aws:iam::aws:policy/CloudWatchFullAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 1, "IsAttachable": true, "CreateDate": "2015-02-06 18:40:00+00:00", "UpdateDate": "2018-08-09 19:10:43+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Action": ["autoscaling:Describe*", "cloudwatch:*", "logs:*", "sns:*", "iam:GetPolicy", "iam:GetPolicyVersion", "iam:GetRole"], "Effect": "Allow", "Resource": "*"}, {"Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/events.amazonaws.com/AWSServiceRoleForCloudWatchEvents*", "Condition": {"StringLike": {"iam:AWSServiceName": "events.amazonaws.com"}}}]}, "VersionId": "v3", "IsDefaultVersion": true, "CreateDate": "2018-08-09 19:10:43+00:00"}], "PrivilegeEscalation": [], "DataExfiltration": [], "ResourceExposure": ["logs:DeleteResourcePolicy", "logs:PutResourcePolicy", "sns:AddPermission", "sns:CreateTopic", "sns:RemovePermission", "sns:SetTopicAttributes"], "ServiceWildcard": ["cloudwatch", "logs", "sns"], "CredentialsExposure": [], "InfrastructureModification": ["cloudwatch:DeleteAlarms", "cloudwatch:DeleteDashboards", "cloudwatch:DeleteInsightRules", "cloudwatch:DisableAlarmActions", "cloudwatch:DisableInsightRules", "cloudwatch:EnableAlarmActions", "cloudwatch:EnableInsightRules", "cloudwatch:PutDashboard", "cloudwatch:PutInsightRule", "cloudwatch:PutMetricAlarm", "cloudwatch:SetAlarmState", "cloudwatch:TagResource", "cloudwatch:UntagResource", "logs:AssociateKmsKey", "logs:CreateExportTask", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DeleteLogGroup", "logs:DeleteLogStream", "logs:DeleteMetricFilter", "logs:DeleteRetentionPolicy", "logs:DeleteSubscriptionFilter", "logs:DisassociateKmsKey", "logs:PutLogEvents", "logs:PutMetricFilter", "logs:PutRetentionPolicy", "logs:PutSubscriptionFilter", "logs:TagLogGroup", "logs:UntagLogGroup", "sns:AddPermission", "sns:ConfirmSubscription", "sns:CreateTopic", "sns:DeleteTopic", "sns:Publish", "sns:RemovePermission", "sns:SetTopicAttributes", "sns:Subscribe", "sns:TagResource", "sns:UntagResource"], "is_excluded": false}, "ANPAINAW5ANUWTH3R4ANI": {"PolicyName": "AWSDirectoryServiceFullAccess", "PolicyId": "ANPAINAW5ANUWTH3R4ANI", "Arn": "arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 1, "IsAttachable": true, "CreateDate": "2015-02-06 18:41:11+00:00", "UpdateDate": "2019-02-05 20:29:43+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Action": ["ds:*", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:DeleteNetworkInterface", "ec2:DeleteSecurityGroup", "ec2:DescribeNetworkInterfaces", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:DescribeSecurityGroups", "sns:GetTopicAttributes", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "iam:ListRoles", "organizations:ListAccountsForParent", "organizations:ListRoots", "organizations:ListAccounts", "organizations:DescribeOrganization", "organizations:DescribeAccount", "organizations:ListOrganizationalUnitsForParent", "organizations:ListAWSServiceAccessForOrganization"], "Effect": "Allow", "Resource": "*"}, {"Action": ["sns:CreateTopic", "sns:DeleteTopic", "sns:SetTopicAttributes", "sns:Subscribe", "sns:Unsubscribe"], "Effect": "Allow", "Resource": "arn:aws:sns:*:*:DirectoryMonitoring*"}, {"Action": ["organizations:EnableAWSServiceAccess", "organizations:DisableAWSServiceAccess"], "Effect": "Allow", "Resource": "*", "Condition": {"ForAllValues:StringLike": {"organizations:ServicePrincipal": ["ds.amazonaws.com"]}}}, {"Action": ["ec2:CreateTags", "ec2:DeleteTags"], "Effect": "Allow", "Resource": ["arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*:*:security-group/*"]}]}, "VersionId": "v4", "IsDefaultVersion": true, "CreateDate": "2019-02-05 20:29:43+00:00"}], "PrivilegeEscalation": [], "DataExfiltration": [], "ResourceExposure": ["ds:CreateConditionalForwarder", "ds:CreateDirectory", "ds:CreateMicrosoftAD", "ds:CreateTrust", "ds:ShareDirectory"], "ServiceWildcard": ["ds"], "CredentialsExposure": [], "InfrastructureModification": ["ds:AcceptSharedDirectory", "ds:AddIpRoutes", "ds:AddTagsToResource", "ds:AuthorizeApplication", "ds:CancelSchemaExtension", "ds:CreateAlias", "ds:CreateComputer", "ds:CreateConditionalForwarder", "ds:CreateLogSubscription", "ds:CreateSnapshot", "ds:CreateTrust", "ds:DeleteConditionalForwarder", "ds:DeleteDirectory", "ds:DeleteLogSubscription", "ds:DeleteSnapshot", "ds:DeleteTrust", "ds:DeregisterCertificate", "ds:DeregisterEventTopic", "ds:DisableLDAPS", "ds:DisableRadius", "ds:DisableSso", "ds:EnableLDAPS", "ds:EnableRadius", "ds:EnableSso", "ds:RegisterCertificate", "ds:RegisterEventTopic", "ds:RejectSharedDirectory", "ds:RemoveIpRoutes", "ds:RemoveTagsFromResource", "ds:ResetUserPassword", "ds:RestoreFromSnapshot", "ds:ShareDirectory", "ds:StartSchemaExtension", "ds:UnauthorizeApplication", "ds:UnshareDirectory", "ds:UpdateConditionalForwarder", "ds:UpdateNumberOfDomainControllers", "ds:UpdateRadius", "ds:UpdateTrust", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateNetworkInterface", "ec2:CreateSecurityGroup", "ec2:DeleteSecurityGroup", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress"], "is_excluded": false}, "ANPAIONKN3TJZUKXCHXWC": {"PolicyName": "AWSCodeDeployFullAccess", "PolicyId": "ANPAIONKN3TJZUKXCHXWC", "Arn": "arn:aws:iam::aws:policy/AWSCodeDeployFullAccess", "Path": "/", "DefaultVersionId": "v3", "AttachmentCount": 1, "IsAttachable": true, "CreateDate": "2015-05-19 18:13:23+00:00", "UpdateDate": "2020-04-02 16:14:47+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Action": "codedeploy:*", "Effect": "Allow", "Resource": "*"}, {"Sid": "CodeStarNotificationsReadWriteAccess", "Effect": "Allow", "Action": ["codestar-notifications:CreateNotificationRule", "codestar-notifications:DescribeNotificationRule", "codestar-notifications:UpdateNotificationRule", "codestar-notifications:DeleteNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe"], "Resource": "*", "Condition": {"StringLike": {"codestar-notifications:NotificationsForResource": "arn:aws:codedeploy:*"}}}, {"Sid": "CodeStarNotificationsListAccess", "Effect": "Allow", "Action": ["codestar-notifications:ListNotificationRules", "codestar-notifications:ListTargets", "codestar-notifications:ListTagsforResource", "codestar-notifications:ListEventTypes"], "Resource": "*"}, {"Sid": "CodeStarNotificationsSNSTopicCreateAccess", "Effect": "Allow", "Action": ["sns:CreateTopic", "sns:SetTopicAttributes"], "Resource": "arn:aws:sns:*:*:codestar-notifications*"}, {"Sid": "CodeStarNotificationsChatbotAccess", "Effect": "Allow", "Action": ["chatbot:DescribeSlackChannelConfigurations"], "Resource": "*"}, {"Sid": "SNSTopicListAccess", "Effect": "Allow", "Action": ["sns:ListTopics"], "Resource": "*"}]}, "VersionId": "v3", "IsDefaultVersion": true, "CreateDate": "2020-04-02 16:14:47+00:00"}], "PrivilegeEscalation": [], "DataExfiltration": [], "ResourceExposure": [], "ServiceWildcard": ["codedeploy"], "CredentialsExposure": [], "InfrastructureModification": ["codedeploy:AddTagsToOnPremisesInstances", "codedeploy:CreateApplication", "codedeploy:CreateDeployment", "codedeploy:CreateDeploymentConfig", "codedeploy:CreateDeploymentGroup", "codedeploy:DeleteApplication", "codedeploy:DeleteDeploymentConfig", "codedeploy:DeleteDeploymentGroup", "codedeploy:DeregisterOnPremisesInstance", "codedeploy:RegisterApplicationRevision", "codedeploy:RegisterOnPremisesInstance", "codedeploy:RemoveTagsFromOnPremisesInstances", "codedeploy:TagResource", "codedeploy:UntagResource", "codedeploy:UpdateApplication", "codedeploy:UpdateDeploymentGroup", "codestar-notifications:CreateNotificationRule", "codestar-notifications:DeleteNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:Unsubscribe", "codestar-notifications:UpdateNotificationRule"], "is_excluded": false}, "ANPAIQNUJTQYDRJPC3BNK": {"PolicyName": "AWSCloudTrailFullAccess", "PolicyId": "ANPAIQNUJTQYDRJPC3BNK", "Arn": "arn:aws:iam::aws:policy/AWSCloudTrailFullAccess", "Path": "/", "DefaultVersionId": "v8", "AttachmentCount": 1, "IsAttachable": true, "CreateDate": "2015-02-06 18:39:58+00:00", "UpdateDate": "2019-09-12 23:08:46+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": ["sns:AddPermission", "sns:CreateTopic", "sns:DeleteTopic", "sns:ListTopics", "sns:SetTopicAttributes", "sns:GetTopicAttributes"], "Resource": "*"}, {"Effect": "Allow", "Action": ["s3:CreateBucket", "s3:DeleteBucket", "s3:ListAllMyBuckets", "s3:PutBucketPolicy", "s3:ListBucket", "s3:GetObject", "s3:GetBucketLocation", "s3:GetBucketPolicy"], "Resource": "*"}, {"Effect": "Allow", "Action": "cloudtrail:*", "Resource": "*"}, {"Effect": "Allow", "Action": ["logs:CreateLogGroup"], "Resource": "*"}, {"Effect": "Allow", "Action": ["iam:ListRoles", "iam:GetRolePolicy", "iam:GetUser"], "Resource": "*"}, {"Effect": "Allow", "Action": ["iam:PassRole"], "Resource": "*", "Condition": {"StringEquals": {"iam:PassedToService": "cloudtrail.amazonaws.com"}}}, {"Effect": "Allow", "Action": ["kms:ListKeys", "kms:ListAliases"], "Resource": "*"}, {"Effect": "Allow", "Action": ["lambda:ListFunctions"], "Resource": "*"}]}, "VersionId": "v8", "IsDefaultVersion": true, "CreateDate": "2019-09-12 23:08:46+00:00"}], "PrivilegeEscalation": [], "DataExfiltration": ["s3:GetObject"], "ResourceExposure": ["sns:AddPermission", "sns:CreateTopic", "sns:SetTopicAttributes", "s3:PutBucketPolicy", "iam:PassRole"], "ServiceWildcard": ["cloudtrail"], "CredentialsExposure": [], "InfrastructureModification": ["sns:AddPermission", "sns:CreateTopic", "sns:DeleteTopic", "sns:SetTopicAttributes", "s3:CreateBucket", "s3:DeleteBucket", "s3:GetObject", "s3:PutBucketPolicy", "cloudtrail:AddTags", "cloudtrail:CreateTrail", "cloudtrail:DeleteTrail", "cloudtrail:PutEventSelectors", "cloudtrail:PutInsightSelectors", "cloudtrail:RemoveTags", "cloudtrail:StartLogging", "cloudtrail:StopLogging", "cloudtrail:UpdateTrail", "logs:CreateLogGroup", "iam:PassRole"], "is_excluded": false}, "ANPAIX2T3QCXHR2OGGCTO": {"PolicyName": "SecurityAudit", "PolicyId": "ANPAIX2T3QCXHR2OGGCTO", "Arn": "arn:aws:iam::aws:policy/SecurityAudit", "Path": "/", "DefaultVersionId": "v32", "AttachmentCount": 2, "IsAttachable": true, "CreateDate": "2015-02-06 18:41:01+00:00", "UpdateDate": "2020-02-25 16:08:50+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Resource": "*", "Action": ["access-analyzer:GetAnalyzedResource", "access-analyzer:GetAnalyzer", "access-analyzer:GetArchiveRule", "access-analyzer:GetFinding", "access-analyzer:ListAnalyzedResources", "access-analyzer:ListAnalyzers", "access-analyzer:ListArchiveRules", "access-analyzer:ListFindings", "access-analyzer:ListTagsForResource", "acm:Describe*", "acm:List*", "application-autoscaling:Describe*", "appmesh:Describe*", "appmesh:List*", "appsync:List*", "athena:GetWorkGroup", "athena:List*", "autoscaling:Describe*", "batch:DescribeComputeEnvironments", "batch:DescribeJobDefinitions", "chime:List*", "cloud9:Describe*", "cloud9:ListEnvironments", "clouddirectory:ListDirectories", "cloudformation:DescribeStack*", "cloudformation:GetTemplate", "cloudformation:ListStack*", "cloudformation:GetStackPolicy", "cloudfront:Get*", "cloudfront:List*", "cloudhsm:ListHapgs", "cloudhsm:ListHsms", "cloudhsm:ListLunaClients", "cloudsearch:DescribeDomains", "cloudsearch:DescribeServiceAccessPolicies", "cloudtrail:DescribeTrails", "cloudtrail:GetEventSelectors", "cloudtrail:GetTrailStatus", "cloudtrail:ListTags", "cloudtrail:LookupEvents", "cloudwatch:Describe*", "codebuild:ListProjects", "codecommit:BatchGetRepositories", "codecommit:GetBranch", "codecommit:GetObjectIdentifier", "codecommit:GetRepository", "codecommit:List*", "codedeploy:Batch*", "codedeploy:Get*", "codedeploy:List*", "codepipeline:ListPipelines", "codestar:Describe*", "codestar:List*", "cognito-identity:ListIdentityPools", "cognito-idp:ListUserPools", "cognito-sync:Describe*", "cognito-sync:List*", "comprehend:Describe*", "comprehend:List*", "config:BatchGetAggregateResourceConfig", "config:BatchGetResourceConfig", "config:Deliver*", "config:Describe*", "config:Get*", "config:List*", "datapipeline:DescribeObjects", "datapipeline:DescribePipelines", "datapipeline:EvaluateExpression", "datapipeline:GetPipelineDefinition", "datapipeline:ListPipelines", "datapipeline:QueryObjects", "datapipeline:ValidatePipelineDefinition", "datasync:Describe*", "datasync:List*", "dax:Describe*", "dax:ListTags", "directconnect:Describe*", "dms:Describe*", "dms:ListTagsForResource", "ds:DescribeDirectories", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeGlobalTable", "dynamodb:DescribeTable", "dynamodb:DescribeTimeToLive", "dynamodb:ListBackups", "dynamodb:ListGlobalTables", "dynamodb:ListStreams", "dynamodb:ListTables", "ec2:Describe*", "ecr:DescribeRepositories", "ecr:GetRepositoryPolicy", "ecs:Describe*", "ecs:List*", "eks:DescribeCluster", "eks:ListClusters", "elasticache:Describe*", "elasticbeanstalk:Describe*", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:DescribeMountTargetSecurityGroups", "elasticfilesystem:DescribeMountTargets", "elasticloadbalancing:Describe*", "elasticmapreduce:Describe*", "elasticmapreduce:ListClusters", "elasticmapreduce:ListInstances", "es:Describe*", "es:ListDomainNames", "events:Describe*", "events:List*", "firehose:Describe*", "firehose:List*", "fms:ListComplianceStatus", "fms:ListPolicies", "fsx:Describe*", "fsx:List*", "gamelift:ListBuilds", "gamelift:ListFleets", "glacier:DescribeVault", "glacier:GetVaultAccessPolicy", "glacier:ListVaults", "globalaccelerator:Describe*", "globalaccelerator:List*", "greengrass:List*", "guardduty:Get*", "guardduty:List*", "iam:GenerateCredentialReport", "iam:GenerateServiceLastAccessedDetails", "iam:Get*", "iam:List*", "iam:SimulateCustomPolicy", "iam:SimulatePrincipalPolicy", "inspector:Describe*", "inspector:Get*", "inspector:List*", "inspector:Preview*", "iot:Describe*", "iot:GetPolicy", "iot:GetPolicyVersion", "iot:List*", "kinesis:DescribeStream", "kinesis:ListStreams", "kinesis:ListTagsForStream", "kinesisanalytics:ListApplications", "kms:Describe*", "kms:Get*", "kms:List*", "lambda:GetAccountSettings", "lambda:GetFunctionConfiguration", "lambda:GetLayerVersionPolicy", "lambda:GetPolicy", "lambda:List*", "license-manager:List*", "lightsail:GetInstances", "lightsail:GetLoadBalancers", "logs:Describe*", "logs:ListTagsLogGroup", "machinelearning:DescribeMLModels", "mediaconnect:Describe*", "mediaconnect:List*", "mediastore:GetContainerPolicy", "mediastore:ListContainers", "opsworks:DescribeStacks", "opsworks-cm:DescribeServers", "organizations:List*", "organizations:Describe*", "quicksight:Describe*", "quicksight:List*", "ram:List*", "rds:Describe*", "rds:DownloadDBLogFilePortion", "rds:ListTagsForResource", "redshift:Describe*", "rekognition:Describe*", "rekognition:List*", "robomaker:Describe*", "robomaker:List*", "route53:Get*", "route53:List*", "route53domains:GetDomainDetail", "route53domains:GetOperationDetail", "route53domains:ListDomains", "route53domains:ListOperations", "route53domains:ListTagsForDomain", "route53resolver:List*", "route53resolver:Get*", "s3:GetAccelerateConfiguration", "s3:GetAccessPoint", "s3:GetAccessPointPolicy", "s3:GetAccessPointPolicyStatus", "s3:GetAccountPublicAccessBlock", "s3:GetAnalyticsConfiguration", "s3:GetBucket*", "s3:GetEncryptionConfiguration", "s3:GetInventoryConfiguration", "s3:GetLifecycleConfiguration", "s3:GetMetricsConfiguration", "s3:GetObjectAcl", "s3:GetObjectVersionAcl", "s3:GetReplicationConfiguration", "s3:ListAccessPoints", "s3:ListAllMyBuckets", "sagemaker:Describe*", "sagemaker:List*", "sdb:DomainMetadata", "sdb:ListDomains", "secretsmanager:GetResourcePolicy", "secretsmanager:ListSecrets", "secretsmanager:ListSecretVersionIds", "securityhub:Describe*", "securityhub:Get*", "securityhub:List*", "serverlessrepo:GetApplicationPolicy", "serverlessrepo:List*", "ses:GetIdentityDkimAttributes", "ses:GetIdentityPolicies", "ses:GetIdentityVerificationAttributes", "ses:ListIdentities", "ses:ListIdentityPolicies", "ses:ListVerifiedEmailAddresses", "shield:Describe*", "shield:List*", "snowball:ListClusters", "snowball:ListJobs", "sns:GetTopicAttributes", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "sqs:GetQueueAttributes", "sqs:ListDeadLetterSourceQueues", "sqs:ListQueues", "sqs:ListQueueTags", "ssm:Describe*", "ssm:GetAutomationExecution", "ssm:ListDocuments", "sso:DescribePermissionsPolicies", "sso:List*", "states:ListStateMachines", "storagegateway:DescribeBandwidthRateLimit", "storagegateway:DescribeCache", "storagegateway:DescribeCachediSCSIVolumes", "storagegateway:DescribeGatewayInformation", "storagegateway:DescribeMaintenanceStartTime", "storagegateway:DescribeNFSFileShares", "storagegateway:DescribeSnapshotSchedule", "storagegateway:DescribeStorediSCSIVolumes", "storagegateway:DescribeTapeArchives", "storagegateway:DescribeTapeRecoveryPoints", "storagegateway:DescribeTapes", "storagegateway:DescribeUploadBuffer", "storagegateway:DescribeVTLDevices", "storagegateway:DescribeWorkingStorage", "storagegateway:List*", "tag:GetResources", "tag:GetTagKeys", "transfer:Describe*", "transfer:List*", "translate:List*", "trustedadvisor:Describe*", "waf:ListWebACLs", "waf-regional:ListWebACLs", "workspaces:Describe*"]}, {"Effect": "Allow", "Action": ["apigateway:GET"], "Resource": ["arn:aws:apigateway:*::/apis", "arn:aws:apigateway:*::/apis/*/stages", "arn:aws:apigateway:*::/apis/*/stages/*", "arn:aws:apigateway:*::/apis/*/routes", "arn:aws:apigateway:*::/restapis", "arn:aws:apigateway:*::/restapis/*/authorizers", "arn:aws:apigateway:*::/restapis/*/authorizers/*", "arn:aws:apigateway:*::/restapis/*/documentation/versions", "arn:aws:apigateway:*::/restapis/*/resources", "arn:aws:apigateway:*::/restapis/*/resources/*", "arn:aws:apigateway:*::/restapis/*/resources/*/methods/*", "arn:aws:apigateway:*::/restapis/*/stages", "arn:aws:apigateway:*::/restapis/*/stages/*", "arn:aws:apigateway:*::/vpclinks"]}]}, "VersionId": "v32", "IsDefaultVersion": true, "CreateDate": "2020-02-25 16:08:50+00:00"}], "PrivilegeEscalation": [], "DataExfiltration": [], "ResourceExposure": [], "ServiceWildcard": [], "CredentialsExposure": [], "InfrastructureModification": [], "is_excluded": false}, "ANPAIZTJ4DXE7G6AGAE6M": {"PolicyName": "AmazonS3ReadOnlyAccess", "PolicyId": "ANPAIZTJ4DXE7G6AGAE6M", "Arn": "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 1, "IsAttachable": true, "CreateDate": "2015-02-06 18:40:59+00:00", "UpdateDate": "2015-02-06 18:40:59+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": ["s3:Get*", "s3:List*"], "Resource": "*"}]}, "VersionId": "v1", "IsDefaultVersion": true, "CreateDate": "2015-02-06 18:40:59+00:00"}], "PrivilegeEscalation": [], "DataExfiltration": ["s3:GetObject"], "ResourceExposure": [], "ServiceWildcard": [], "CredentialsExposure": [], "InfrastructureModification": ["s3:GetObject"], "is_excluded": false}, "ANPAJ2P4NXCHAT7NDPNR4": {"PolicyName": "AmazonSESFullAccess", "PolicyId": "ANPAJ2P4NXCHAT7NDPNR4", "Arn": "arn:aws:iam::aws:policy/AmazonSESFullAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 1, "IsAttachable": true, "CreateDate": "2015-02-06 18:41:02+00:00", "UpdateDate": "2015-02-06 18:41:02+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": ["ses:*"], "Resource": "*"}]}, "VersionId": "v1", "IsDefaultVersion": true, "CreateDate": "2015-02-06 18:41:02+00:00"}], "PrivilegeEscalation": [], "DataExfiltration": [], "ResourceExposure": [], "ServiceWildcard": ["ses"], "CredentialsExposure": [], "InfrastructureModification": ["ses:SendBulkTemplatedEmail", "ses:SendCustomVerificationEmail", "ses:SendEmail", "ses:SendRawEmail", "ses:SendTemplatedEmail"], "is_excluded": false}, "ANPAJBWPGNOVKZD3JI2P2": {"PolicyName": "AmazonVPCFullAccess", "PolicyId": "ANPAJBWPGNOVKZD3JI2P2", "Arn": "arn:aws:iam::aws:policy/AmazonVPCFullAccess", "Path": "/", "DefaultVersionId": "v7", "AttachmentCount": 2, "IsAttachable": true, "CreateDate": "2015-02-06 18:41:16+00:00", "UpdateDate": "2018-03-15 18:30:25+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": ["ec2:AcceptVpcPeeringConnection", "ec2:AcceptVpcEndpointConnections", "ec2:AllocateAddress", "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AssociateAddress", "ec2:AssociateDhcpOptions", "ec2:AssociateRouteTable", "ec2:AssociateSubnetCidrBlock", "ec2:AssociateVpcCidrBlock", "ec2:AttachClassicLinkVpc", "ec2:AttachInternetGateway", "ec2:AttachNetworkInterface", "ec2:AttachVpnGateway", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateCustomerGateway", "ec2:CreateDefaultSubnet", "ec2:CreateDefaultVpc", "ec2:CreateDhcpOptions", "ec2:CreateEgressOnlyInternetGateway", "ec2:CreateFlowLogs", "ec2:CreateInternetGateway", "ec2:CreateNatGateway", "ec2:CreateNetworkAcl", "ec2:CreateNetworkAcl", "ec2:CreateNetworkAclEntry", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:CreateVpcEndpointConnectionNotification", "ec2:CreateVpcEndpointServiceConfiguration", "ec2:CreateVpcPeeringConnection", "ec2:CreateVpnConnection", "ec2:CreateVpnConnectionRoute", "ec2:CreateVpnGateway", "ec2:DeleteCustomerGateway", "ec2:DeleteDhcpOptions", "ec2:DeleteEgressOnlyInternetGateway", "ec2:DeleteFlowLogs", "ec2:DeleteInternetGateway", "ec2:DeleteNatGateway", "ec2:DeleteNetworkAcl", "ec2:DeleteNetworkAclEntry", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DeleteSecurityGroup", "ec2:DeleteSubnet", "ec2:DeleteTags", "ec2:DeleteVpc", "ec2:DeleteVpcEndpoints", "ec2:DeleteVpcEndpointConnectionNotifications", "ec2:DeleteVpcEndpointServiceConfigurations", "ec2:DeleteVpcPeeringConnection", "ec2:DeleteVpnConnection", "ec2:DeleteVpnConnectionRoute", "ec2:DeleteVpnGateway", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", "ec2:DescribeClassicLinkInstances", "ec2:DescribeCustomerGateways", "ec2:DescribeDhcpOptions", "ec2:DescribeEgressOnlyInternetGateways", "ec2:DescribeFlowLogs", "ec2:DescribeInstances", "ec2:DescribeInternetGateways", "ec2:DescribeKeyPairs", "ec2:DescribeMovingAddresses", "ec2:DescribeNatGateways", "ec2:DescribeNetworkAcls", "ec2:DescribeNetworkInterfaceAttribute", "ec2:DescribeNetworkInterfacePermissions", "ec2:DescribeNetworkInterfaces", "ec2:DescribePrefixLists", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroupReferences", "ec2:DescribeSecurityGroups", "ec2:DescribeStaleSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeTags", "ec2:DescribeVpcAttribute", "ec2:DescribeVpcClassicLink", "ec2:DescribeVpcClassicLinkDnsSupport", "ec2:DescribeVpcEndpointConnectionNotifications", "ec2:DescribeVpcEndpointConnections", "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcEndpointServiceConfigurations", "ec2:DescribeVpcEndpointServicePermissions", "ec2:DescribeVpcEndpointServices", "ec2:DescribeVpcPeeringConnections", "ec2:DescribeVpcs", "ec2:DescribeVpnConnections", "ec2:DescribeVpnGateways", "ec2:DetachClassicLinkVpc", "ec2:DetachInternetGateway", "ec2:DetachNetworkInterface", "ec2:DetachVpnGateway", "ec2:DisableVgwRoutePropagation", "ec2:DisableVpcClassicLink", "ec2:DisableVpcClassicLinkDnsSupport", "ec2:DisassociateAddress", "ec2:DisassociateRouteTable", "ec2:DisassociateSubnetCidrBlock", "ec2:DisassociateVpcCidrBlock", "ec2:EnableVgwRoutePropagation", "ec2:EnableVpcClassicLink", "ec2:EnableVpcClassicLinkDnsSupport", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifySubnetAttribute", "ec2:ModifyVpcAttribute", "ec2:ModifyVpcEndpoint", "ec2:ModifyVpcEndpointConnectionNotification", "ec2:ModifyVpcEndpointServiceConfiguration", "ec2:ModifyVpcEndpointServicePermissions", "ec2:ModifyVpcPeeringConnectionOptions", "ec2:ModifyVpcTenancy", "ec2:MoveAddressToVpc", "ec2:RejectVpcEndpointConnections", "ec2:RejectVpcPeeringConnection", "ec2:ReleaseAddress", "ec2:ReplaceNetworkAclAssociation", "ec2:ReplaceNetworkAclEntry", "ec2:ReplaceRoute", "ec2:ReplaceRouteTableAssociation", "ec2:ResetNetworkInterfaceAttribute", "ec2:RestoreAddressToClassic", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:UnassignIpv6Addresses", "ec2:UnassignPrivateIpAddresses", "ec2:UpdateSecurityGroupRuleDescriptionsEgress", "ec2:UpdateSecurityGroupRuleDescriptionsIngress"], "Resource": "*"}]}, "VersionId": "v7", "IsDefaultVersion": true, "CreateDate": "2018-03-15 18:30:25+00:00"}], "PrivilegeEscalation": [], "DataExfiltration": [], "ResourceExposure": ["ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterfacePermission", "ec2:ModifyVpcEndpointServicePermissions"], "ServiceWildcard": [], "CredentialsExposure": [], "InfrastructureModification": ["ec2:AcceptVpcEndpointConnections", "ec2:AcceptVpcPeeringConnection", "ec2:AttachClassicLinkVpc", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CreateDhcpOptions", "ec2:CreateEgressOnlyInternetGateway", "ec2:CreateFlowLogs", "ec2:CreateInternetGateway", "ec2:CreateNatGateway", "ec2:CreateNetworkAcl", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:CreateRoute", "ec2:CreateSecurityGroup", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:CreateVpcEndpointServiceConfiguration", "ec2:CreateVpcPeeringConnection", "ec2:CreateVpnConnection", "ec2:DeleteCustomerGateway", "ec2:DeleteDhcpOptions", "ec2:DeleteFlowLogs", "ec2:DeleteInternetGateway", "ec2:DeleteNetworkAcl", "ec2:DeleteNetworkAclEntry", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DeleteSecurityGroup", "ec2:DeleteTags", "ec2:DeleteVpcEndpointServiceConfigurations", "ec2:DeleteVpcEndpoints", "ec2:DeleteVpcPeeringConnection", "ec2:DetachClassicLinkVpc", "ec2:DisableVpcClassicLink", "ec2:EnableVpcClassicLink", "ec2:ModifyVpcEndpoint", "ec2:ModifyVpcEndpointServiceConfiguration", "ec2:ModifyVpcEndpointServicePermissions", "ec2:RejectVpcEndpointConnections", "ec2:RejectVpcPeeringConnection", "ec2:ReplaceRoute", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:UpdateSecurityGroupRuleDescriptionsEgress", "ec2:UpdateSecurityGroupRuleDescriptionsIngress"], "is_excluded": false}, "ANPAJKSO7NDY4T57MWDSQ": {"PolicyName": "IAMReadOnlyAccess", "PolicyId": "ANPAJKSO7NDY4T57MWDSQ", "Arn": "arn:aws:iam::aws:policy/IAMReadOnlyAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 1, "IsAttachable": true, "CreateDate": "2015-02-06 18:40:39+00:00", "UpdateDate": "2018-01-25 19:11:27+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": ["iam:GenerateCredentialReport", "iam:GenerateServiceLastAccessedDetails", "iam:Get*", "iam:List*", "iam:SimulateCustomPolicy", "iam:SimulatePrincipalPolicy"], "Resource": "*"}]}, "VersionId": "v4", "IsDefaultVersion": true, "CreateDate": "2018-01-25 19:11:27+00:00"}], "PrivilegeEscalation": [], "DataExfiltration": [], "ResourceExposure": [], "ServiceWildcard": [], "CredentialsExposure": [], "InfrastructureModification": [], "is_excluded": false}, "ANPAJLIB4VSBVO47ZSBB6": {"PolicyName": "AWSAccountUsageReportAccess", "PolicyId": "ANPAJLIB4VSBVO47ZSBB6", "Arn": "arn:aws:iam::aws:policy/AWSAccountUsageReportAccess", "Path": "/", "DefaultVersionId": "v1", "AttachmentCount": 1, "IsAttachable": true, "CreateDate": "2015-02-06 18:41:19+00:00", "UpdateDate": "2015-02-06 18:41:19+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": ["aws-portal:ViewUsage"], "Resource": "*"}]}, "VersionId": "v1", "IsDefaultVersion": true, "CreateDate": "2015-02-06 18:41:19+00:00"}], "PrivilegeEscalation": [], "DataExfiltration": [], "ResourceExposure": [], "ServiceWildcard": [], "CredentialsExposure": [], "InfrastructureModification": [], "is_excluded": false}, "ANPAJNPP7PPPPMJRV2SA4": {"PolicyName": "AWSKeyManagementServicePowerUser", "PolicyId": "ANPAJNPP7PPPPMJRV2SA4", "Arn": "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser", "Path": "/", "DefaultVersionId": "v2", "AttachmentCount": 1, "IsAttachable": true, "CreateDate": "2015-02-06 18:40:40+00:00", "UpdateDate": "2017-03-07 00:55:11+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": ["kms:CreateAlias", "kms:CreateKey", "kms:DeleteAlias", "kms:Describe*", "kms:GenerateRandom", "kms:Get*", "kms:List*", "kms:TagResource", "kms:UntagResource", "iam:ListGroups", "iam:ListRoles", "iam:ListUsers"], "Resource": "*"}]}, "VersionId": "v2", "IsDefaultVersion": true, "CreateDate": "2017-03-07 00:55:11+00:00"}], "PrivilegeEscalation": [], "DataExfiltration": [], "ResourceExposure": [], "ServiceWildcard": [], "CredentialsExposure": [], "InfrastructureModification": ["kms:CreateAlias", "kms:DeleteAlias", "kms:TagResource", "kms:UntagResource"], "is_excluded": false}, "ANPAJWVDLG5RPST6PHQ3A": {"PolicyName": "AmazonRoute53FullAccess", "PolicyId": "ANPAJWVDLG5RPST6PHQ3A", "Arn": "arn:aws:iam::aws:policy/AmazonRoute53FullAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 1, "IsAttachable": true, "CreateDate": "2015-02-06 18:40:54+00:00", "UpdateDate": "2018-12-20 21:42:00+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "Action": ["route53:*", "route53domains:*", "cloudfront:ListDistributions", "elasticloadbalancing:DescribeLoadBalancers", "elasticbeanstalk:DescribeEnvironments", "s3:ListBucket", "s3:GetBucketLocation", "s3:GetBucketWebsite", "ec2:DescribeVpcs", "ec2:DescribeVpcEndpoints", "ec2:DescribeRegions", "sns:ListTopics", "sns:ListSubscriptionsByTopic", "cloudwatch:DescribeAlarms", "cloudwatch:GetMetricStatistics"], "Resource": "*"}, {"Effect": "Allow", "Action": "apigateway:GET", "Resource": "arn:aws:apigateway:*::/domainnames"}]}, "VersionId": "v4", "IsDefaultVersion": true, "CreateDate": "2018-12-20 21:42:00+00:00"}], "PrivilegeEscalation": [], "DataExfiltration": [], "ResourceExposure": [], "ServiceWildcard": ["route53", "route53domains"], "CredentialsExposure": [], "InfrastructureModification": ["route53:AssociateVPCWithHostedZone", "route53:ChangeResourceRecordSets", "route53:ChangeTagsForResource", "route53:CreateQueryLoggingConfig", "route53:CreateTrafficPolicyInstance", "route53:CreateTrafficPolicyVersion", "route53:CreateVPCAssociationAuthorization", "route53:DeleteHealthCheck", "route53:DeleteHostedZone", "route53:DeleteQueryLoggingConfig", "route53:DeleteReusableDelegationSet", "route53:DeleteTrafficPolicy", "route53:DeleteTrafficPolicyInstance", "route53:DeleteVPCAssociationAuthorization", "route53:UpdateHealthCheck", "route53:UpdateHostedZoneComment", "route53:UpdateTrafficPolicyComment", "route53:UpdateTrafficPolicyInstance"], "is_excluded": false}, "ANPAJYRXTHIB4FOVS3ZXS": {"PolicyName": "PowerUserAccess", "PolicyId": "ANPAJYRXTHIB4FOVS3ZXS", "Arn": "arn:aws:iam::aws:policy/PowerUserAccess", "Path": "/", "DefaultVersionId": "v4", "AttachmentCount": 1, "IsAttachable": true, "CreateDate": "2015-02-06 18:39:47+00:00", "UpdateDate": "2019-03-20 22:19:03+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Effect": "Allow", "NotAction": ["iam:*", "organizations:*", "account:*"], "Resource": "*"}, {"Effect": "Allow", "Action": ["iam:CreateServiceLinkedRole", "iam:DeleteServiceLinkedRole", "iam:ListRoles", "organizations:DescribeOrganization", "account:ListRegions"], "Resource": "*"}]}, "VersionId": "v4", "IsDefaultVersion": true, "CreateDate": "2019-03-20 22:19:03+00:00"}], "PrivilegeEscalation": [{"type": "UpdateExistingGlueDevEndpoint", "actions": ["glue:updatedevendpoint"]}, {"type": "EditExistingLambdaFunctionWithRole", "actions": ["lambda:updatefunctioncode"]}], "DataExfiltration": ["s3:GetObject", "ssm:GetParameter", "ssm:GetParameters", "ssm:GetParametersByPath", "secretsmanager:GetSecretValue"], "ResourceExposure": ["acm-pca:CreatePermission", "acm-pca:DeletePermission", "acm-pca:DeletePolicy", "acm-pca:PutPolicy", "apigateway:UpdateRestApiPolicy", "backup:DeleteBackupVaultAccessPolicy", "backup:PutBackupVaultAccessPolicy", "chime:DeleteVoiceConnectorTerminationCredentials", "chime:PutVoiceConnectorTerminationCredentials", "cloudformation:SetStackPolicy", "cloudsearch:UpdateServiceAccessPolicies", "codeartifact:DeleteDomainPermissionsPolicy", "codeartifact:DeleteRepositoryPermissionsPolicy", "codebuild:DeleteResourcePolicy", "codebuild:DeleteSourceCredentials", "codebuild:ImportSourceCredentials", "codebuild:PutResourcePolicy", "codeguru-profiler:PutPermission", "codeguru-profiler:RemovePermission", "codestar:AssociateTeamMember", "codestar:CreateProject", "codestar:DeleteProject", "codestar:DisassociateTeamMember", "codestar:UpdateTeamMember", "cognito-identity:CreateIdentityPool", "cognito-identity:DeleteIdentities", "cognito-identity:DeleteIdentityPool", "cognito-identity:GetId", "cognito-identity:MergeDeveloperIdentities", "cognito-identity:SetIdentityPoolRoles", "cognito-identity:UnlinkDeveloperIdentity", "cognito-identity:UnlinkIdentity", "cognito-identity:UpdateIdentityPool", "deeplens:AssociateServiceRoleToAccount", "ds:CreateConditionalForwarder", "ds:CreateDirectory", "ds:CreateMicrosoftAD", "ds:CreateTrust", "ds:ShareDirectory", "ec2:CreateNetworkInterfacePermission", "ec2:DeleteNetworkInterfacePermission", "ec2:ModifySnapshotAttribute", "ec2:ModifyVpcEndpointServicePermissions", "ec2:ResetSnapshotAttribute", "ecr:DeleteRepositoryPolicy", "ecr:SetRepositoryPolicy", "elasticfilesystem:DeleteFileSystemPolicy", "elasticfilesystem:PutFileSystemPolicy", "elasticmapreduce:PutBlockPublicAccessConfiguration", "es:CreateElasticsearchDomain", "es:UpdateElasticsearchDomainConfig", "glacier:AbortVaultLock", "glacier:CompleteVaultLock", "glacier:DeleteVaultAccessPolicy", "glacier:InitiateVaultLock", "glacier:SetDataRetrievalPolicy", "glacier:SetVaultAccessPolicy", "glue:DeleteResourcePolicy", "glue:PutResourcePolicy", "greengrass:AssociateServiceRoleToAccount", "health:DisableHealthServiceAccessForOrganization", "health:EnableHealthServiceAccessForOrganization", "imagebuilder:PutComponentPolicy", "imagebuilder:PutImagePolicy", "imagebuilder:PutImageRecipePolicy", "iot:AttachPolicy", "iot:AttachPrincipalPolicy", "iot:DetachPolicy", "iot:DetachPrincipalPolicy", "iot:SetDefaultAuthorizer", "iot:SetDefaultPolicyVersion", "iotsitewise:CreateAccessPolicy", "iotsitewise:DeleteAccessPolicy", "iotsitewise:UpdateAccessPolicy", "kms:CreateGrant", "kms:PutKeyPolicy", "kms:RetireGrant", "kms:RevokeGrant", "lakeformation:BatchGrantPermissions", "lakeformation:BatchRevokePermissions", "lakeformation:GrantPermissions", "lakeformation:PutDataLakeSettings", "lakeformation:RevokePermissions", "lambda:AddLayerVersionPermission", "lambda:AddPermission", "lambda:DisableReplication", "lambda:EnableReplication", "lambda:RemoveLayerVersionPermission", "lambda:RemovePermission", "license-manager:UpdateServiceSettings", "lightsail:GetRelationalDatabaseMasterUserPassword", "logs:DeleteResourcePolicy", "logs:PutResourcePolicy", "mediapackage:RotateIngestEndpointCredentials", "mediastore:DeleteContainerPolicy", "mediastore:PutContainerPolicy", "opsworks:SetPermission", "opsworks:UpdateUserProfile", "quicksight:CreateAdmin", "quicksight:CreateGroup", "quicksight:CreateGroupMembership", "quicksight:CreateIAMPolicyAssignment", "quicksight:CreateUser", "quicksight:DeleteGroup", "quicksight:DeleteGroupMembership", "quicksight:DeleteIAMPolicyAssignment", "quicksight:DeleteUser", "quicksight:DeleteUserByPrincipalId", "quicksight:RegisterUser", "quicksight:UpdateDashboardPermissions", "quicksight:UpdateGroup", "quicksight:UpdateIAMPolicyAssignment", "quicksight:UpdateTemplatePermissions", "quicksight:UpdateUser", "ram:AcceptResourceShareInvitation", "ram:AssociateResourceShare", "ram:CreateResourceShare", "ram:DeleteResourceShare", "ram:DisassociateResourceShare", "ram:EnableSharingWithAwsOrganization", "ram:RejectResourceShareInvitation", "ram:UpdateResourceShare", "rds-db:connect", "rds:AuthorizeDBSecurityGroupIngress", "redshift:AuthorizeSnapshotAccess", "redshift:CreateClusterUser", "redshift:CreateSnapshotCopyGrant", "redshift:JoinGroup", "redshift:ModifyClusterIamRoles", "redshift:RevokeSnapshotAccess", "route53resolver:PutResolverRulePolicy", "s3:BypassGovernanceRetention", "s3:DeleteAccessPointPolicy", "s3:DeleteBucketPolicy", "s3:ObjectOwnerOverrideToBucketOwner", "s3:PutAccessPointPolicy", "s3:PutAccountPublicAccessBlock", "s3:PutBucketAcl", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", "s3:PutObjectAcl", "s3:PutObjectVersionAcl", "secretsmanager:DeleteResourcePolicy", "secretsmanager:PutResourcePolicy", "secretsmanager:ValidateResourcePolicy", "servicecatalog:CreatePortfolioShare", "servicecatalog:DeletePortfolioShare", "sns:AddPermission", "sns:CreateTopic", "sns:RemovePermission", "sns:SetTopicAttributes", "sqs:AddPermission", "sqs:CreateQueue", "sqs:RemovePermission", "sqs:SetQueueAttributes", "ssm:ModifyDocumentPermission", "sso-directory:AddMemberToGroup", "sso-directory:CreateAlias", "sso-directory:CreateGroup", "sso-directory:CreateUser", "sso-directory:DeleteGroup", "sso-directory:DeleteUser", "sso-directory:DisableUser", "sso-directory:EnableUser", "sso-directory:RemoveMemberFromGroup", "sso-directory:UpdateGroup", "sso-directory:UpdatePassword", "sso-directory:UpdateUser", "sso-directory:VerifyEmail", "sso:AssociateDirectory", "sso:AssociateProfile", "sso:CreateApplicationInstance", "sso:CreateApplicationInstanceCertificate", "sso:CreatePermissionSet", "sso:CreateProfile", "sso:CreateTrust", "sso:DeleteApplicationInstance", "sso:DeleteApplicationInstanceCertificate", "sso:DeletePermissionSet", "sso:DeletePermissionsPolicy", "sso:DeleteProfile", "sso:DisassociateDirectory", "sso:DisassociateProfile", "sso:ImportApplicationInstanceServiceProviderMetadata", "sso:PutPermissionsPolicy", "sso:StartSSO", "sso:UpdateApplicationInstanceActiveCertificate", "sso:UpdateApplicationInstanceDisplayData", "sso:UpdateApplicationInstanceResponseConfiguration", "sso:UpdateApplicationInstanceResponseSchemaConfiguration", "sso:UpdateApplicationInstanceSecurityConfiguration", "sso:UpdateApplicationInstanceServiceProviderConfiguration", "sso:UpdateApplicationInstanceStatus", "sso:UpdateDirectoryAssociation", "sso:UpdatePermissionSet", "sso:UpdateProfile", "sso:UpdateSSOConfiguration", "sso:UpdateTrust", "storagegateway:DeleteChapCredentials", "storagegateway:SetLocalConsolePassword", "storagegateway:SetSMBGuestPassword", "storagegateway:UpdateChapCredentials", "waf-regional:DeletePermissionPolicy", "waf-regional:PutPermissionPolicy", "waf:DeletePermissionPolicy", "waf:PutPermissionPolicy", "wafv2:CreateWebACL", "wafv2:DeletePermissionPolicy", "wafv2:DeleteWebACL", "wafv2:PutPermissionPolicy", "wafv2:UpdateWebACL", "worklink:UpdateDevicePolicyConfiguration", "workmail:ResetPassword", "workmail:ResetUserPassword", "xray:PutEncryptionConfig", "iam:CreateServiceLinkedRole", "iam:DeleteServiceLinkedRole"], "ServiceWildcard": [], "CredentialsExposure": ["chime:CreateApiKey", "codepipeline:PollForJobs", "cognito-identity:GetOpenIdToken", "cognito-identity:GetOpenIdTokenForDeveloperIdentity", "cognito-identity:GetCredentialsForIdentity", "connect:GetFederationToken", "connect:GetFederationTokens", "ecr:GetAuthorizationToken", "gamelift:RequestUploadCredentials", "lightsail:GetInstanceAccessDetails", "lightsail:GetRelationalDatabaseMasterUserPassword", "rds-db:connect", "redshift:GetClusterCredentials", "mediapackage:RotateIngestEndpointCredentials", "sts:AssumeRole", "sts:AssumeRoleWithSAML", "sts:AssumeRoleWithWebIdentity", "sts:GetFederationToken", "sts:GetSessionToken"], "InfrastructureModification": ["a4b:AssociateContactWithAddressBook", "a4b:AssociateDeviceWithRoom", "a4b:AssociateSkillGroupWithRoom", "a4b:AssociateSkillWithSkillGroup", "a4b:CreateRoom", "a4b:CreateUser", "a4b:DeleteAddressBook", "a4b:DeleteBusinessReportSchedule", "a4b:DeleteConferenceProvider", "a4b:DeleteContact", "a4b:DeleteDevice", "a4b:DeleteProfile", "a4b:DeleteRoom", "a4b:DeleteRoomSkillParameter", "a4b:DeleteSkillAuthorization", "a4b:DeleteSkillGroup", "a4b:DeleteUser", "a4b:DisassociateContactFromAddressBook", "a4b:DisassociateDeviceFromRoom", "a4b:DisassociateSkillFromSkillGroup", "a4b:DisassociateSkillFromUsers", "a4b:DisassociateSkillGroupFromRoom", "a4b:ForgetSmartHomeAppliances", "a4b:PutRoomSkillParameter", "a4b:PutSkillAuthorization", "a4b:RevokeInvitation", "a4b:SendInvitation", "a4b:TagResource", "a4b:UntagResource", "a4b:UpdateAddressBook", "a4b:UpdateBusinessReportSchedule", "a4b:UpdateConferenceProvider", "a4b:UpdateContact", "a4b:UpdateDevice", "a4b:UpdateProfile", "a4b:UpdateRoom", "a4b:UpdateSkillGroup", "access-analyzer:CreateAnalyzer", "access-analyzer:CreateArchiveRule", "access-analyzer:DeleteAnalyzer", "access-analyzer:DeleteArchiveRule", "access-analyzer:TagResource", "access-analyzer:UntagResource", "access-analyzer:UpdateArchiveRule", "acm-pca:CreateCertificateAuthorityAuditReport", "acm-pca:CreatePermission", "acm-pca:DeleteCertificateAuthority", "acm-pca:DeletePermission", "acm-pca:DeletePolicy", "acm-pca:ImportCertificateAuthorityCertificate", "acm-pca:IssueCertificate", "acm-pca:PutPolicy", "acm-pca:RestoreCertificateAuthority", "acm-pca:RevokeCertificate", "acm-pca:TagCertificateAuthority", "acm-pca:UntagCertificateAuthority", "acm-pca:UpdateCertificateAuthority", "acm:AddTagsToCertificate", "acm:DeleteCertificate", "acm:ImportCertificate", "acm:RemoveTagsFromCertificate", "acm:RenewCertificate", "acm:ResendValidationEmail", "acm:UpdateCertificateOptions", "amplify:CreateApp", "amplify:CreateBackendEnvironment", "amplify:CreateBranch", "amplify:CreateDeployment", "amplify:CreateDomainAssociation", "amplify:CreateWebHook", "amplify:DeleteApp", "amplify:DeleteBackendEnvironment", "amplify:DeleteBranch", "amplify:DeleteDomainAssociation", "amplify:DeleteJob", "amplify:DeleteWebHook", "amplify:GenerateAccessLogs", "amplify:StartDeployment", "amplify:StartJob", "amplify:StopJob", "amplify:TagResource", "amplify:UntagResource", "amplify:UpdateApp", "amplify:UpdateBranch", "amplify:UpdateDomainAssociation", "amplify:UpdateWebHook", "apigateway:DELETE", "apigateway:PATCH", "apigateway:POST", "apigateway:PUT", "apigateway:SetWebACL", "apigateway:UpdateRestApiPolicy", "appconfig:CreateApplication", "appconfig:CreateConfigurationProfile", "appconfig:CreateDeploymentStrategy", "appconfig:CreateEnvironment", "appconfig:CreateHostedConfigurationVersion", "appconfig:DeleteApplication", "appconfig:DeleteConfigurationProfile", "appconfig:DeleteDeploymentStrategy", "appconfig:DeleteEnvironment", "appconfig:DeleteHostedConfigurationVersion", "appconfig:StartDeployment", "appconfig:StopDeployment", "appconfig:TagResource", "appconfig:UntagResource", "appconfig:UpdateApplication", "appconfig:UpdateConfigurationProfile", "appconfig:UpdateDeploymentStrategy", "appconfig:UpdateEnvironment", "appconfig:ValidateConfiguration", "appflow:DeleteConnectorProfile", "appflow:DeleteFlow", "appflow:RunFlow", "appflow:StartFlow", "appflow:StopFlow", "appflow:TagResource", "appflow:UntagResource", "appflow:UpdateConnectorProfile", "appflow:UpdateFlow", "appmesh-preview:CreateGatewayRoute", "appmesh-preview:CreateMesh", "appmesh-preview:CreateRoute", "appmesh-preview:CreateVirtualGateway", "appmesh-preview:CreateVirtualNode", "appmesh-preview:CreateVirtualRouter", "appmesh-preview:CreateVirtualService", "appmesh-preview:DeleteGatewayRoute", "appmesh-preview:DeleteMesh", "appmesh-preview:DeleteRoute", "appmesh-preview:DeleteVirtualGateway", "appmesh-preview:DeleteVirtualNode", "appmesh-preview:DeleteVirtualRouter", "appmesh-preview:DeleteVirtualService", "appmesh-preview:UpdateGatewayRoute", "appmesh-preview:UpdateMesh", "appmesh-preview:UpdateRoute", "appmesh-preview:UpdateVirtualGateway", "appmesh-preview:UpdateVirtualNode", "appmesh-preview:UpdateVirtualRouter", "appmesh-preview:UpdateVirtualService", "appmesh:CreateGatewayRoute", "appmesh:CreateMesh", "appmesh:CreateRoute", "appmesh:CreateVirtualGateway", "appmesh:CreateVirtualNode", "appmesh:CreateVirtualRouter", "appmesh:CreateVirtualService", "appmesh:DeleteGatewayRoute", "appmesh:DeleteMesh", "appmesh:DeleteRoute", "appmesh:DeleteVirtualGateway", "appmesh:DeleteVirtualNode", "appmesh:DeleteVirtualRouter", "appmesh:DeleteVirtualService", "appmesh:TagResource", "appmesh:UntagResource", "appmesh:UpdateGatewayRoute", "appmesh:UpdateMesh", "appmesh:UpdateRoute", "appmesh:UpdateVirtualGateway", "appmesh:UpdateVirtualNode", "appmesh:UpdateVirtualRouter", "appmesh:UpdateVirtualService", "appstream:AssociateFleet", "appstream:BatchAssociateUserStack", "appstream:BatchDisassociateUserStack", "appstream:CopyImage", "appstream:CreateFleet", "appstream:CreateImageBuilder", "appstream:CreateImageBuilderStreamingURL", "appstream:CreateStack", "appstream:CreateStreamingURL", "appstream:DeleteFleet", "appstream:DeleteImage", "appstream:DeleteImageBuilder", "appstream:DeleteImagePermissions", "appstream:DeleteStack", "appstream:DisassociateFleet", "appstream:StartFleet", "appstream:StartImageBuilder", "appstream:StopFleet", "appstream:StopImageBuilder", "appstream:Stream", "appstream:TagResource", "appstream:UntagResource", "appstream:UpdateFleet", "appstream:UpdateImagePermissions", "appstream:UpdateStack", "appsync:DeleteGraphqlApi", "appsync:GraphQL", "appsync:TagResource", "appsync:UntagResource", "appsync:UpdateGraphqlApi", "artifact:AcceptAgreement", "artifact:TerminateAgreement", "athena:CreateDataCatalog", "athena:CreateNamedQuery", "athena:CreateWorkGroup", "athena:DeleteDataCatalog", "athena:DeleteNamedQuery", "athena:DeleteWorkGroup", "athena:StartQueryExecution", "athena:StopQueryExecution", "athena:TagResource", "athena:UntagResource", "athena:UpdateDataCatalog", "athena:UpdateWorkGroup", "autoscaling:AttachInstances", "autoscaling:AttachLoadBalancerTargetGroups", "autoscaling:AttachLoadBalancers", "autoscaling:BatchDeleteScheduledAction", "autoscaling:BatchPutScheduledUpdateGroupAction", "autoscaling:CancelInstanceRefresh", "autoscaling:CompleteLifecycleAction", "autoscaling:CreateAutoScalingGroup", "autoscaling:CreateLaunchConfiguration", "autoscaling:CreateOrUpdateTags", "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteLaunchConfiguration", "autoscaling:DeleteLifecycleHook", "autoscaling:DeleteNotificationConfiguration", "autoscaling:DeletePolicy", "autoscaling:DeleteScheduledAction", "autoscaling:DeleteTags", "autoscaling:DetachInstances", "autoscaling:DetachLoadBalancerTargetGroups", "autoscaling:DetachLoadBalancers", "autoscaling:DisableMetricsCollection", "autoscaling:EnableMetricsCollection", "autoscaling:EnterStandby", "autoscaling:ExecutePolicy", "autoscaling:ExitStandby", "autoscaling:PutLifecycleHook", "autoscaling:PutNotificationConfiguration", "autoscaling:PutScalingPolicy", "autoscaling:PutScheduledUpdateGroupAction", "autoscaling:RecordLifecycleActionHeartbeat", "autoscaling:ResumeProcesses", "autoscaling:SetDesiredCapacity", "autoscaling:SetInstanceHealth", "autoscaling:SetInstanceProtection", "autoscaling:StartInstanceRefresh", "autoscaling:SuspendProcesses", "autoscaling:TerminateInstanceInAutoScalingGroup", "autoscaling:UpdateAutoScalingGroup", "backup:CreateBackupPlan", "backup:CreateBackupSelection", "backup:CreateBackupVault", "backup:DeleteBackupPlan", "backup:DeleteBackupSelection", "backup:DeleteBackupVault", "backup:DeleteBackupVaultAccessPolicy", "backup:DeleteBackupVaultNotifications", "backup:DeleteRecoveryPoint", "backup:PutBackupVaultAccessPolicy", "backup:PutBackupVaultNotifications", "backup:StartBackupJob", "backup:StartCopyJob", "backup:StartRestoreJob", "backup:TagResource", "backup:UntagResource", "backup:UpdateBackupPlan", "backup:UpdateRecoveryPointLifecycle", "batch:CreateComputeEnvironment", "batch:CreateJobQueue", "batch:DeleteComputeEnvironment", "batch:DeleteJobQueue", "batch:DeregisterJobDefinition", "batch:RegisterJobDefinition", "batch:SubmitJob", "batch:UpdateComputeEnvironment", "batch:UpdateJobQueue", "budgets:ModifyBudget", "cassandra:Alter", "cassandra:Create", "cassandra:Drop", "cassandra:Modify", "cassandra:TagResource", "cassandra:UntagResource", "chime:BatchCreateAttendee", "chime:CreateAttendee", "chime:DeleteAttendee", "chime:DeleteMeeting", "chime:TagAttendee", "chime:TagMeeting", "chime:TagResource", "chime:UntagAttendee", "chime:UntagMeeting", "chime:UntagResource", "cloud9:CreateEnvironmentMembership", "cloud9:DeleteEnvironment", "cloud9:DeleteEnvironmentMembership", "cloud9:TagResource", "cloud9:UntagResource", "cloud9:UpdateEnvironment", "cloud9:UpdateEnvironmentMembership", "clouddirectory:AddFacetToObject", "clouddirectory:ApplySchema", "clouddirectory:AttachObject", "clouddirectory:AttachPolicy", "clouddirectory:AttachToIndex", "clouddirectory:AttachTypedLink", "clouddirectory:BatchWrite", "clouddirectory:CreateDirectory", "clouddirectory:CreateFacet", "clouddirectory:CreateIndex", "clouddirectory:CreateObject", "clouddirectory:CreateTypedLinkFacet", "clouddirectory:DeleteDirectory", "clouddirectory:DeleteFacet", "clouddirectory:DeleteObject", "clouddirectory:DeleteSchema", "clouddirectory:DeleteTypedLinkFacet", "clouddirectory:DetachFromIndex", "clouddirectory:DetachObject", "clouddirectory:DetachPolicy", "clouddirectory:DetachTypedLink", "clouddirectory:DisableDirectory", "clouddirectory:EnableDirectory", "clouddirectory:PublishSchema", "clouddirectory:RemoveFacetFromObject", "clouddirectory:TagResource", "clouddirectory:UntagResource", "clouddirectory:UpdateFacet", "clouddirectory:UpdateLinkAttributes", "clouddirectory:UpdateObjectAttributes", "clouddirectory:UpdateSchema", "clouddirectory:UpdateTypedLinkFacet", "cloudformation:CancelUpdateStack", "cloudformation:ContinueUpdateRollback", "cloudformation:CreateChangeSet", "cloudformation:CreateStack", "cloudformation:CreateStackInstances", "cloudformation:DeleteChangeSet", "cloudformation:DeleteStack", "cloudformation:DeleteStackInstances", "cloudformation:DeleteStackSet", "cloudformation:ExecuteChangeSet", "cloudformation:SetStackPolicy", "cloudformation:SignalResource", "cloudformation:StopStackSetOperation", "cloudformation:TagResource", "cloudformation:UntagResource", "cloudformation:UpdateStack", "cloudformation:UpdateStackInstances", "cloudformation:UpdateStackSet", "cloudformation:UpdateTerminationProtection", "cloudfront:CreateCloudFrontOriginAccessIdentity", "cloudfront:CreateDistribution", "cloudfront:CreateDistributionWithTags", "cloudfront:CreateInvalidation", "cloudfront:CreateStreamingDistribution", "cloudfront:CreateStreamingDistributionWithTags", "cloudfront:DeleteCloudFrontOriginAccessIdentity", "cloudfront:DeleteDistribution", "cloudfront:DeleteStreamingDistribution", "cloudfront:TagResource", "cloudfront:UntagResource", "cloudfront:UpdateCloudFrontOriginAccessIdentity", "cloudfront:UpdateDistribution", "cloudfront:UpdateStreamingDistribution", "cloudhsm:CopyBackupToRegion", "cloudhsm:CreateCluster", "cloudhsm:CreateHsm", "cloudhsm:DeleteBackup", "cloudhsm:DeleteCluster", "cloudhsm:InitializeCluster", "cloudhsm:RestoreBackup", "cloudhsm:TagResource", "cloudhsm:UntagResource", "cloudsearch:AddTags", "cloudsearch:BuildSuggesters", "cloudsearch:CreateDomain", "cloudsearch:DefineAnalysisScheme", "cloudsearch:DefineExpression", "cloudsearch:DefineIndexField", "cloudsearch:DefineSuggester", "cloudsearch:DeleteAnalysisScheme", "cloudsearch:DeleteDomain", "cloudsearch:DeleteExpression", "cloudsearch:DeleteIndexField", "cloudsearch:DeleteSuggester", "cloudsearch:IndexDocuments", "cloudsearch:RemoveTags", "cloudsearch:UpdateAvailabilityOptions", "cloudsearch:UpdateDomainEndpointOptions", "cloudsearch:UpdateScalingParameters", "cloudsearch:UpdateServiceAccessPolicies", "cloudsearch:document", "cloudtrail:AddTags", "cloudtrail:CreateTrail", "cloudtrail:DeleteTrail", "cloudtrail:PutEventSelectors", "cloudtrail:PutInsightSelectors", "cloudtrail:RemoveTags", "cloudtrail:StartLogging", "cloudtrail:StopLogging", "cloudtrail:UpdateTrail", "cloudwatch:DeleteAlarms", "cloudwatch:DeleteDashboards", "cloudwatch:DeleteInsightRules", "cloudwatch:DisableAlarmActions", "cloudwatch:DisableInsightRules", "cloudwatch:EnableAlarmActions", "cloudwatch:EnableInsightRules", "cloudwatch:PutDashboard", "cloudwatch:PutInsightRule", "cloudwatch:PutMetricAlarm", "cloudwatch:SetAlarmState", "cloudwatch:TagResource", "cloudwatch:UntagResource", "codeartifact:AssociateExternalConnection", "codeartifact:AssociateWithDownstreamRepository", "codeartifact:CopyPackageVersions", "codeartifact:CreateDomain", "codeartifact:CreateRepository", "codeartifact:DeleteDomain", "codeartifact:DeleteDomainPermissionsPolicy", "codeartifact:DeletePackageVersions", "codeartifact:DeleteRepository", "codeartifact:DeleteRepositoryPermissionsPolicy", "codeartifact:DisassociateExternalConnection", "codeartifact:DisposePackageVersions", "codeartifact:PublishPackageVersion", "codeartifact:PutDomainPermissionsPolicy", "codeartifact:PutPackageMetadata", "codeartifact:PutRepositoryPermissionsPolicy", "codeartifact:UpdatePackageVersionsStatus", "codeartifact:UpdateRepository", "codebuild:BatchDeleteBuilds", "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", "codebuild:CreateProject", "codebuild:CreateReport", "codebuild:CreateReportGroup", "codebuild:CreateWebhook", "codebuild:DeleteBuildBatch", "codebuild:DeleteProject", "codebuild:DeleteReport", "codebuild:DeleteReportGroup", "codebuild:DeleteResourcePolicy", "codebuild:DeleteWebhook", "codebuild:InvalidateProjectCache", "codebuild:PutResourcePolicy", "codebuild:RetryBuild", "codebuild:RetryBuildBatch", "codebuild:StartBuild", "codebuild:StartBuildBatch", "codebuild:StopBuild", "codebuild:StopBuildBatch", "codebuild:UpdateProject", "codebuild:UpdateReport", "codebuild:UpdateReportGroup", "codebuild:UpdateWebhook", "codecommit:AssociateApprovalRuleTemplateWithRepository", "codecommit:BatchAssociateApprovalRuleTemplateWithRepositories", "codecommit:BatchDisassociateApprovalRuleTemplateFromRepositories", "codecommit:CreateBranch", "codecommit:CreateCommit", "codecommit:CreatePullRequest", "codecommit:CreatePullRequestApprovalRule", "codecommit:CreateRepository", "codecommit:CreateUnreferencedMergeCommit", "codecommit:DeleteBranch", "codecommit:DeleteCommentContent", "codecommit:DeleteFile", "codecommit:DeletePullRequestApprovalRule", "codecommit:DeleteRepository", "codecommit:DisassociateApprovalRuleTemplateFromRepository", "codecommit:GitPush", "codecommit:MergeBranchesByFastForward", "codecommit:MergeBranchesBySquash", "codecommit:MergeBranchesByThreeWay", "codecommit:MergePullRequestByFastForward", "codecommit:MergePullRequestBySquash", "codecommit:MergePullRequestByThreeWay", "codecommit:OverridePullRequestApprovalRules", "codecommit:PostCommentForComparedCommit", "codecommit:PostCommentForPullRequest", "codecommit:PostCommentReply", "codecommit:PutCommentReaction", "codecommit:PutFile", "codecommit:PutRepositoryTriggers", "codecommit:TagResource", "codecommit:TestRepositoryTriggers", "codecommit:UntagResource", "codecommit:UpdateComment", "codecommit:UpdateDefaultBranch", "codecommit:UpdatePullRequestApprovalRuleContent", "codecommit:UpdatePullRequestApprovalState", "codecommit:UpdatePullRequestDescription", "codecommit:UpdatePullRequestStatus", "codecommit:UpdatePullRequestTitle", "codecommit:UpdateRepositoryDescription", "codecommit:UpdateRepositoryName", "codecommit:UploadArchive", "codedeploy:AddTagsToOnPremisesInstances", "codedeploy:CreateApplication", "codedeploy:CreateDeployment", "codedeploy:CreateDeploymentConfig", "codedeploy:CreateDeploymentGroup", "codedeploy:DeleteApplication", "codedeploy:DeleteDeploymentConfig", "codedeploy:DeleteDeploymentGroup", "codedeploy:DeregisterOnPremisesInstance", "codedeploy:RegisterApplicationRevision", "codedeploy:RegisterOnPremisesInstance", "codedeploy:RemoveTagsFromOnPremisesInstances", "codedeploy:TagResource", "codedeploy:UntagResource", "codedeploy:UpdateApplication", "codedeploy:UpdateDeploymentGroup", "codeguru-profiler:AddNotificationChannels", "codeguru-profiler:ConfigureAgent", "codeguru-profiler:DeleteProfilingGroup", "codeguru-profiler:ListTagsForResource", "codeguru-profiler:PostAgentProfile", "codeguru-profiler:PutPermission", "codeguru-profiler:RemoveNotificationChannel", "codeguru-profiler:RemovePermission", "codeguru-profiler:SubmitFeedback", "codeguru-profiler:TagResource", "codeguru-profiler:UntagResource", "codeguru-profiler:UpdateProfilingGroup", "codeguru-reviewer:AssociateRepository", "codeguru-reviewer:DisassociateRepository", "codeguru-reviewer:PutRecommendationFeedback", "codepipeline:CreateCustomActionType", "codepipeline:CreatePipeline", "codepipeline:DeleteCustomActionType", "codepipeline:DeletePipeline", "codepipeline:DeleteWebhook", "codepipeline:DeregisterWebhookWithThirdParty", "codepipeline:DisableStageTransition", "codepipeline:EnableStageTransition", "codepipeline:PollForJobs", "codepipeline:PutActionRevision", "codepipeline:PutApprovalResult", "codepipeline:PutWebhook", "codepipeline:RegisterWebhookWithThirdParty", "codepipeline:RetryStageExecution", "codepipeline:StartPipelineExecution", "codepipeline:StopPipelineExecution", "codepipeline:TagResource", "codepipeline:UntagResource", "codepipeline:UpdatePipeline", "codestar-connections:DeleteConnection", "codestar-connections:TagResource", "codestar-connections:UntagResource", "codestar-connections:UpdateConnectionInstallation", "codestar-notifications:CreateNotificationRule", "codestar-notifications:DeleteNotificationRule", "codestar-notifications:Subscribe", "codestar-notifications:TagResource", "codestar-notifications:Unsubscribe", "codestar-notifications:UntagResource", "codestar-notifications:UpdateNotificationRule", "codestar:AssociateTeamMember", "codestar:CreateUserProfile", "codestar:DeleteExtendedAccess", "codestar:DeleteProject", "codestar:DeleteUserProfile", "codestar:DisassociateTeamMember", "codestar:PutExtendedAccess", "codestar:TagProject", "codestar:UntagProject", "codestar:UpdateProject", "codestar:UpdateTeamMember", "codestar:UpdateUserProfile", "cognito-identity:DeleteIdentityPool", "cognito-identity:MergeDeveloperIdentities", "cognito-identity:TagResource", "cognito-identity:UnlinkDeveloperIdentity", "cognito-identity:UntagResource", "cognito-identity:UpdateIdentityPool", "cognito-idp:AddCustomAttributes", "cognito-idp:AdminAddUserToGroup", "cognito-idp:AdminConfirmSignUp", "cognito-idp:AdminCreateUser", "cognito-idp:AdminDeleteUser", "cognito-idp:AdminDeleteUserAttributes", "cognito-idp:AdminDisableProviderForUser", "cognito-idp:AdminDisableUser", "cognito-idp:AdminEnableUser", "cognito-idp:AdminForgetDevice", "cognito-idp:AdminInitiateAuth", "cognito-idp:AdminLinkProviderForUser", "cognito-idp:AdminRemoveUserFromGroup", "cognito-idp:AdminResetUserPassword", "cognito-idp:AdminRespondToAuthChallenge", "cognito-idp:AdminSetUserMFAPreference", "cognito-idp:AdminSetUserPassword", "cognito-idp:AdminSetUserSettings", "cognito-idp:AdminUpdateAuthEventFeedback", "cognito-idp:AdminUpdateDeviceStatus", "cognito-idp:AdminUpdateUserAttributes", "cognito-idp:AdminUserGlobalSignOut", "cognito-idp:CreateGroup", "cognito-idp:CreateIdentityProvider", "cognito-idp:CreateResourceServer", "cognito-idp:CreateUserImportJob", "cognito-idp:CreateUserPoolClient", "cognito-idp:CreateUserPoolDomain", "cognito-idp:DeleteGroup", "cognito-idp:DeleteIdentityProvider", "cognito-idp:DeleteResourceServer", "cognito-idp:DeleteUserPool", "cognito-idp:DeleteUserPoolClient", "cognito-idp:DeleteUserPoolDomain", "cognito-idp:SetRiskConfiguration", "cognito-idp:SetUICustomization", "cognito-idp:SetUserPoolMfaConfig", "cognito-idp:StartUserImportJob", "cognito-idp:StopUserImportJob", "cognito-idp:TagResource", "cognito-idp:UntagResource", "cognito-idp:UpdateAuthEventFeedback", "cognito-idp:UpdateGroup", "cognito-idp:UpdateIdentityProvider", "cognito-idp:UpdateResourceServer", "cognito-idp:UpdateUserPool", "cognito-idp:UpdateUserPoolClient", "cognito-idp:UpdateUserPoolDomain", "cognito-sync:BulkPublish", "cognito-sync:DeleteDataset", "cognito-sync:RegisterDevice", "cognito-sync:SetCognitoEvents", "cognito-sync:SetDatasetConfiguration", "cognito-sync:SetIdentityPoolConfiguration", "cognito-sync:SubscribeToDataset", "cognito-sync:UnsubscribeFromDataset", "cognito-sync:UpdateRecords", "comprehend:CreateEndpoint", "comprehend:DeleteDocumentClassifier", "comprehend:DeleteEndpoint", "comprehend:DeleteEntityRecognizer", "comprehend:StartDocumentClassificationJob", "comprehend:StartEntitiesDetectionJob", "comprehend:StopTrainingDocumentClassifier", "comprehend:StopTrainingEntityRecognizer", "comprehend:TagResource", "comprehend:UntagResource", "comprehend:UpdateEndpoint", "config:DeleteAggregationAuthorization", "config:DeleteConfigRule", "config:DeleteConfigurationAggregator", "config:DeleteEvaluationResults", "config:DeleteRemediationConfiguration", "config:PutAggregationAuthorization", "config:PutConfigRule", "config:PutConfigurationAggregator", "config:PutRemediationConfigurations", "config:StartConfigRulesEvaluation", "config:StartRemediationExecution", "config:TagResource", "config:UntagResource", "connect:AssociateRoutingProfileQueues", "connect:CreateContactFlow", "connect:CreateRoutingProfile", "connect:CreateUser", "connect:DeleteUser", "connect:DestroyInstance", "connect:DisassociateRoutingProfileQueues", "connect:GetFederationTokens", "connect:ModifyInstance", "connect:ResumeContactRecording", "connect:StartChatContact", "connect:StartContactRecording", "connect:StartOutboundVoiceContact", "connect:StopContact", "connect:StopContactRecording", "connect:SuspendContactRecording", "connect:TagResource", "connect:UntagResource", "connect:UpdateContactAttributes", "connect:UpdateContactFlowContent", "connect:UpdateContactFlowName", "connect:UpdateRoutingProfileConcurrency", "connect:UpdateRoutingProfileDefaultOutboundQueue", "connect:UpdateRoutingProfileName", "connect:UpdateRoutingProfileQueues", "connect:UpdateUserHierarchy", "connect:UpdateUserIdentityInfo", "connect:UpdateUserPhoneConfig", "connect:UpdateUserRoutingProfile", "connect:UpdateUserSecurityProfiles", "cur:DeleteReportDefinition", "cur:ModifyReportDefinition", "cur:PutReportDefinition", "dataexchange:CancelJob", "dataexchange:CreateJob", "dataexchange:DeleteAsset", "dataexchange:DeleteDataSet", "dataexchange:DeleteRevision", "dataexchange:GetJob", "dataexchange:StartJob", "dataexchange:TagResource", "dataexchange:UntagResource", "dataexchange:UpdateAsset", "dataexchange:UpdateDataSet", "dataexchange:UpdateRevision", "datasync:CancelTaskExecution", "datasync:DeleteAgent", "datasync:DeleteLocation", "datasync:DeleteTask", "datasync:StartTaskExecution", "datasync:TagResource", "datasync:UntagResource", "datasync:UpdateAgent", "datasync:UpdateTask", "dax:BatchWriteItem", "dax:CreateCluster", "dax:DecreaseReplicationFactor", "dax:DeleteCluster", "dax:DeleteItem", "dax:IncreaseReplicationFactor", "dax:PutItem", "dax:RebootNode", "dax:TagResource", "dax:UntagResource", "dax:UpdateCluster", "dax:UpdateItem", "deepcomposer:CreateAudio", "deepcomposer:DeleteComposition", "deepcomposer:DeleteModel", "deepcomposer:TagResource", "deepcomposer:UntagResource", "deepcomposer:UpdateComposition", "deepcomposer:UpdateModel", "deeplens:DeleteModel", "deeplens:DeleteProject", "deeplens:DeployProject", "deeplens:DeregisterDevice", "deeplens:RemoveProject", "deeplens:UpdateProject", "deepracer:CloneReinforcementLearningModel", "deepracer:CreateLeaderboardSubmission", "deepracer:CreateReinforcementLearningModel", "deepracer:DeleteModel", "deepracer:StartEvaluation", "deepracer:StopEvaluation", "deepracer:StopTrainingReinforcementLearningModel", "detective:AcceptInvitation", "detective:CreateMembers", "detective:DeleteGraph", "detective:DeleteMembers", "detective:DisassociateMembership", "detective:RejectInvitation", "detective:StartMonitoringMember", "devicefarm:CreateDevicePool", "devicefarm:CreateNetworkProfile", "devicefarm:CreateRemoteAccessSession", "devicefarm:CreateTestGridUrl", "devicefarm:CreateUpload", "devicefarm:DeleteDevicePool", "devicefarm:DeleteInstanceProfile", "devicefarm:DeleteNetworkProfile", "devicefarm:DeleteProject", "devicefarm:DeleteRemoteAccessSession", "devicefarm:DeleteRun", "devicefarm:DeleteTestGridProject", "devicefarm:DeleteUpload", "devicefarm:DeleteVPCEConfiguration", "devicefarm:InstallToRemoteAccessSession", "devicefarm:ScheduleRun", "devicefarm:StopJob", "devicefarm:StopRemoteAccessSession", "devicefarm:StopRun", "devicefarm:TagResource", "devicefarm:UntagResource", "devicefarm:UpdateDeviceInstance", "devicefarm:UpdateDevicePool", "devicefarm:UpdateInstanceProfile", "devicefarm:UpdateNetworkProfile", "devicefarm:UpdateProject", "devicefarm:UpdateTestGridProject", "devicefarm:UpdateUpload", "devicefarm:UpdateVPCEConfiguration", "directconnect:AcceptDirectConnectGatewayAssociationProposal", "directconnect:AllocateConnectionOnInterconnect", "directconnect:AllocateHostedConnection", "directconnect:AllocatePrivateVirtualInterface", "directconnect:AllocatePublicVirtualInterface", "directconnect:AllocateTransitVirtualInterface", "directconnect:AssociateConnectionWithLag", "directconnect:AssociateHostedConnection", "directconnect:AssociateVirtualInterface", "directconnect:ConfirmConnection", "directconnect:ConfirmPrivateVirtualInterface", "directconnect:ConfirmPublicVirtualInterface", "directconnect:ConfirmTransitVirtualInterface", "directconnect:CreateBGPPeer", "directconnect:CreateConnection", "directconnect:CreateDirectConnectGatewayAssociation", "directconnect:CreateDirectConnectGatewayAssociationProposal", "directconnect:CreateInterconnect", "directconnect:CreateLag", "directconnect:CreatePrivateVirtualInterface", "directconnect:CreatePublicVirtualInterface", "directconnect:CreateTransitVirtualInterface", "directconnect:DeleteBGPPeer", "directconnect:DeleteConnection", "directconnect:DeleteDirectConnectGateway", "directconnect:DeleteDirectConnectGatewayAssociation", "directconnect:DeleteInterconnect", "directconnect:DeleteLag", "directconnect:DeleteVirtualInterface", "directconnect:DisassociateConnectionFromLag", "directconnect:StartBgpFailoverTest", "directconnect:StopBgpFailoverTest", "directconnect:TagResource", "directconnect:UntagResource", "directconnect:UpdateLag", "directconnect:UpdateVirtualInterfaceAttributes", "dlm:DeleteLifecyclePolicy", "dlm:TagResource", "dlm:UntagResource", "dlm:UpdateLifecyclePolicy", "dms:AddTagsToResource", "dms:ApplyPendingMaintenanceAction", "dms:CreateReplicationTask", "dms:DeleteCertificate", "dms:DeleteEndpoint", "dms:DeleteEventSubscription", "dms:DeleteReplicationInstance", "dms:DeleteReplicationSubnetGroup", "dms:DeleteReplicationTask", "dms:ModifyEndpoint", "dms:ModifyReplicationInstance", "dms:ModifyReplicationTask", "dms:RebootReplicationInstance", "dms:RefreshSchemas", "dms:ReloadTables", "dms:RemoveTagsFromResource", "dms:StartReplicationTask", "dms:StartReplicationTaskAssessment", "dms:StopReplicationTask", "ds:AcceptSharedDirectory", "ds:AddIpRoutes", "ds:AddTagsToResource", "ds:AuthorizeApplication", "ds:CancelSchemaExtension", "ds:CreateAlias", "ds:CreateComputer", "ds:CreateConditionalForwarder", "ds:CreateLogSubscription", "ds:CreateSnapshot", "ds:CreateTrust", "ds:DeleteConditionalForwarder", "ds:DeleteDirectory", "ds:DeleteLogSubscription", "ds:DeleteSnapshot", "ds:DeleteTrust", "ds:DeregisterCertificate", "ds:DeregisterEventTopic", "ds:DisableLDAPS", "ds:DisableRadius", "ds:DisableSso", "ds:EnableLDAPS", "ds:EnableRadius", "ds:EnableSso", "ds:RegisterCertificate", "ds:RegisterEventTopic", "ds:RejectSharedDirectory", "ds:RemoveIpRoutes", "ds:RemoveTagsFromResource", "ds:ResetUserPassword", "ds:RestoreFromSnapshot", "ds:ShareDirectory", "ds:StartSchemaExtension", "ds:UnauthorizeApplication", "ds:UnshareDirectory", "ds:UpdateConditionalForwarder", "ds:UpdateNumberOfDomainControllers", "ds:UpdateRadius", "ds:UpdateTrust", "dynamodb:BatchWriteItem", "dynamodb:CreateBackup", "dynamodb:CreateGlobalTable", "dynamodb:CreateTable", "dynamodb:CreateTableReplica", "dynamodb:DeleteBackup", "dynamodb:DeleteItem", "dynamodb:DeleteTable", "dynamodb:DeleteTableReplica", "dynamodb:PutItem", "dynamodb:RestoreTableFromBackup", "dynamodb:RestoreTableToPointInTime", "dynamodb:TagResource", "dynamodb:UntagResource", "dynamodb:UpdateContinuousBackups", "dynamodb:UpdateContributorInsights", "dynamodb:UpdateGlobalTable", "dynamodb:UpdateGlobalTableSettings", "dynamodb:UpdateItem", "dynamodb:UpdateTable", "dynamodb:UpdateTableReplicaAutoScaling", "dynamodb:UpdateTimeToLive", "ebs:CompleteSnapshot", "ebs:PutSnapshotBlock", "ebs:StartSnapshot", "ec2-instance-connect:SendSSHPublicKey", "ec2:AcceptTransitGatewayPeeringAttachment", "ec2:AcceptTransitGatewayVpcAttachment", "ec2:AcceptVpcEndpointConnections", "ec2:AcceptVpcPeeringConnection", "ec2:AllocateHosts", "ec2:ApplySecurityGroupsToClientVpnTargetNetwork", "ec2:AssociateClientVpnTargetNetwork", "ec2:AssociateIamInstanceProfile", "ec2:AssociateTransitGatewayMulticastDomain", "ec2:AssociateTransitGatewayRouteTable", "ec2:AttachClassicLinkVpc", "ec2:AttachVolume", "ec2:AuthorizeClientVpnIngress", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:CancelCapacityReservation", "ec2:CopySnapshot", "ec2:CreateCapacityReservation", "ec2:CreateCarrierGateway", "ec2:CreateClientVpnEndpoint", "ec2:CreateClientVpnRoute", "ec2:CreateDhcpOptions", "ec2:CreateEgressOnlyInternetGateway", "ec2:CreateFleet", "ec2:CreateFlowLogs", "ec2:CreateFpgaImage", "ec2:CreateInstanceExportTask", "ec2:CreateInternetGateway", "ec2:CreateKeyPair", "ec2:CreateLaunchTemplate", "ec2:CreateLaunchTemplateVersion", "ec2:CreateLocalGatewayRoute", "ec2:CreateLocalGatewayRouteTableVpcAssociation", "ec2:CreateManagedPrefixList", "ec2:CreateNatGateway", "ec2:CreateNetworkAcl", "ec2:CreateNetworkInterface", "ec2:CreateNetworkInterfacePermission", "ec2:CreatePlacementGroup", "ec2:CreateRoute", "ec2:CreateSecurityGroup", "ec2:CreateSnapshot", "ec2:CreateSnapshots", "ec2:CreateSubnet", "ec2:CreateTags", "ec2:CreateTrafficMirrorFilter", "ec2:CreateTrafficMirrorFilterRule", "ec2:CreateTrafficMirrorSession", "ec2:CreateTrafficMirrorTarget", "ec2:CreateTransitGateway", "ec2:CreateTransitGatewayMulticastDomain", "ec2:CreateTransitGatewayPeeringAttachment", "ec2:CreateTransitGatewayPrefixListReference", "ec2:CreateTransitGatewayRoute", "ec2:CreateTransitGatewayRouteTable", "ec2:CreateTransitGatewayVpcAttachment", "ec2:CreateVolume", "ec2:CreateVpc", "ec2:CreateVpcEndpoint", "ec2:CreateVpcEndpointServiceConfiguration", "ec2:CreateVpcPeeringConnection", "ec2:CreateVpnConnection", "ec2:DeleteCarrierGateway", "ec2:DeleteClientVpnEndpoint", "ec2:DeleteClientVpnRoute", "ec2:DeleteCustomerGateway", "ec2:DeleteDhcpOptions", "ec2:DeleteFlowLogs", "ec2:DeleteInternetGateway", "ec2:DeleteLaunchTemplate", "ec2:DeleteLaunchTemplateVersions", "ec2:DeleteLocalGatewayRoute", "ec2:DeleteLocalGatewayRouteTableVpcAssociation", "ec2:DeleteManagedPrefixList", "ec2:DeleteNetworkAcl", "ec2:DeleteNetworkAclEntry", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DeleteSecurityGroup", "ec2:DeleteSnapshot", "ec2:DeleteTags", "ec2:DeleteTrafficMirrorFilter", "ec2:DeleteTrafficMirrorFilterRule", "ec2:DeleteTrafficMirrorSession", "ec2:DeleteTrafficMirrorTarget", "ec2:DeleteTransitGateway", "ec2:DeleteTransitGatewayMulticastDomain", "ec2:DeleteTransitGatewayPeeringAttachment", "ec2:DeleteTransitGatewayPrefixListReference", "ec2:DeleteTransitGatewayRoute", "ec2:DeleteTransitGatewayRouteTable", "ec2:DeleteTransitGatewayVpcAttachment", "ec2:DeleteVolume", "ec2:DeleteVpcEndpointServiceConfigurations", "ec2:DeleteVpcEndpoints", "ec2:DeleteVpcPeeringConnection", "ec2:DeregisterTransitGatewayMulticastGroupMembers", "ec2:DeregisterTransitGatewayMulticastGroupSources", "ec2:DetachClassicLinkVpc", "ec2:DetachVolume", "ec2:DisableFastSnapshotRestores", "ec2:DisableTransitGatewayRouteTablePropagation", "ec2:DisableVpcClassicLink", "ec2:DisassociateClientVpnTargetNetwork", "ec2:DisassociateIamInstanceProfile", "ec2:DisassociateTransitGatewayMulticastDomain", "ec2:DisassociateTransitGatewayRouteTable", "ec2:EnableFastSnapshotRestores", "ec2:EnableTransitGatewayRouteTablePropagation", "ec2:EnableVpcClassicLink", "ec2:ImportClientVpnClientCertificateRevocationList", "ec2:ModifyCapacityReservation", "ec2:ModifyClientVpnEndpoint", "ec2:ModifyInstanceCreditSpecification", "ec2:ModifyInstanceEventStartTime", "ec2:ModifyLaunchTemplate", "ec2:ModifyManagedPrefixList", "ec2:ModifySnapshotAttribute", "ec2:ModifyTrafficMirrorFilterNetworkServices", "ec2:ModifyTrafficMirrorFilterRule", "ec2:ModifyTrafficMirrorSession", "ec2:ModifyTransitGateway", "ec2:ModifyTransitGatewayPrefixListReference", "ec2:ModifyTransitGatewayVpcAttachment", "ec2:ModifyVpcEndpoint", "ec2:ModifyVpcEndpointServiceConfiguration", "ec2:ModifyVpcEndpointServicePermissions", "ec2:ModifyVpnConnection", "ec2:ModifyVpnTunnelOptions", "ec2:RebootInstances", "ec2:RegisterTransitGatewayMulticastGroupMembers", "ec2:RegisterTransitGatewayMulticastGroupSources", "ec2:RejectTransitGatewayPeeringAttachment", "ec2:RejectTransitGatewayVpcAttachment", "ec2:RejectVpcEndpointConnections", "ec2:RejectVpcPeeringConnection", "ec2:ReplaceIamInstanceProfileAssociation", "ec2:ReplaceRoute", "ec2:ReplaceTransitGatewayRoute", "ec2:RestoreManagedPrefixListVersion", "ec2:RevokeClientVpnIngress", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:RunInstances", "ec2:SendDiagnosticInterrupt", "ec2:StartInstances", "ec2:StartVpcEndpointServicePrivateDnsVerification", "ec2:StopInstances", "ec2:TerminateClientVpnConnections", "ec2:TerminateInstances", "ec2:UpdateSecurityGroupRuleDescriptionsEgress", "ec2:UpdateSecurityGroupRuleDescriptionsIngress", "ecr:BatchDeleteImage", "ecr:CompleteLayerUpload", "ecr:CreateRepository", "ecr:DeleteLifecyclePolicy", "ecr:DeleteRepository", "ecr:DeleteRepositoryPolicy", "ecr:InitiateLayerUpload", "ecr:PutImage", "ecr:PutImageScanningConfiguration", "ecr:PutImageTagMutability", "ecr:PutLifecyclePolicy", "ecr:SetRepositoryPolicy", "ecr:StartImageScan", "ecr:StartLifecyclePolicyPreview", "ecr:TagResource", "ecr:UntagResource", "ecr:UploadLayerPart", "ecs:CreateService", "ecs:DeleteAttributes", "ecs:DeleteCapacityProvider", "ecs:DeleteCluster", "ecs:DeleteService", "ecs:DeleteTaskSet", "ecs:DeregisterContainerInstance", "ecs:Poll", "ecs:PutAttributes", "ecs:PutClusterCapacityProviders", "ecs:RegisterContainerInstance", "ecs:RunTask", "ecs:StartTask", "ecs:StartTelemetrySession", "ecs:StopTask", "ecs:SubmitAttachmentStateChanges", "ecs:SubmitContainerStateChange", "ecs:SubmitTaskStateChange", "ecs:TagResource", "ecs:UntagResource", "ecs:UpdateClusterSettings", "ecs:UpdateContainerAgent", "ecs:UpdateContainerInstancesState", "ecs:UpdateService", "ecs:UpdateServicePrimaryTaskSet", "ecs:UpdateTaskSet", "eks:CreateFargateProfile", "eks:CreateNodegroup", "eks:DeleteCluster", "eks:DeleteFargateProfile", "eks:DeleteNodegroup", "eks:TagResource", "eks:UntagResource", "eks:UpdateClusterConfig", "eks:UpdateClusterVersion", "eks:UpdateNodegroupConfig", "eks:UpdateNodegroupVersion", "elastic-inference:Connect", "elasticache:AddTagsToResource", "elasticache:AuthorizeCacheSecurityGroupIngress", "elasticache:BatchApplyUpdateAction", "elasticache:BatchStopUpdateAction", "elasticache:CompleteMigration", "elasticache:CopySnapshot", "elasticache:CreateCacheCluster", "elasticache:CreateCacheParameterGroup", "elasticache:CreateCacheSecurityGroup", "elasticache:CreateCacheSubnetGroup", "elasticache:CreateGlobalReplicationGroup", "elasticache:CreateReplicationGroup", "elasticache:CreateSnapshot", "elasticache:DecreaseNodeGroupsInGlobalReplicationGroup", "elasticache:DecreaseReplicaCount", "elasticache:DeleteCacheCluster", "elasticache:DeleteCacheParameterGroup", "elasticache:DeleteCacheSecurityGroup", "elasticache:DeleteCacheSubnetGroup", "elasticache:DeleteGlobalReplicationGroup", "elasticache:DeleteReplicationGroup", "elasticache:DeleteSnapshot", "elasticache:DisassociateGlobalReplicationGroup", "elasticache:FailoverGlobalReplicationGroup", "elasticache:IncreaseNodeGroupsInGlobalReplicationGroup", "elasticache:IncreaseReplicaCount", "elasticache:ModifyCacheCluster", "elasticache:ModifyCacheParameterGroup", "elasticache:ModifyCacheSubnetGroup", "elasticache:ModifyGlobalReplicationGroup", "elasticache:ModifyReplicationGroup", "elasticache:ModifyReplicationGroupShardConfiguration", "elasticache:PurchaseReservedCacheNodesOffering", "elasticache:RebalanceSlotsInGlobalReplicationGroup", "elasticache:RebootCacheCluster", "elasticache:RemoveTagsFromResource", "elasticache:ResetCacheParameterGroup", "elasticache:RevokeCacheSecurityGroupIngress", "elasticache:StartMigration", "elasticache:TestFailover", "elasticbeanstalk:AbortEnvironmentUpdate", "elasticbeanstalk:AddTags", "elasticbeanstalk:ApplyEnvironmentManagedAction", "elasticbeanstalk:AssociateEnvironmentOperationsRole", "elasticbeanstalk:ComposeEnvironments", "elasticbeanstalk:CreateApplication", "elasticbeanstalk:CreateApplicationVersion", "elasticbeanstalk:CreateConfigurationTemplate", "elasticbeanstalk:CreateEnvironment", "elasticbeanstalk:CreatePlatformVersion", "elasticbeanstalk:DeleteApplication", "elasticbeanstalk:DeleteApplicationVersion", "elasticbeanstalk:DeleteConfigurationTemplate", "elasticbeanstalk:DeleteEnvironmentConfiguration", "elasticbeanstalk:DeletePlatformVersion", "elasticbeanstalk:DisassociateEnvironmentOperationsRole", "elasticbeanstalk:PutInstanceStatistics", "elasticbeanstalk:RebuildEnvironment", "elasticbeanstalk:RemoveTags", "elasticbeanstalk:RestartAppServer", "elasticbeanstalk:SwapEnvironmentCNAMEs", "elasticbeanstalk:TerminateEnvironment", "elasticbeanstalk:UpdateApplication", "elasticbeanstalk:UpdateApplicationResourceLifecycle", "elasticbeanstalk:UpdateApplicationVersion", "elasticbeanstalk:UpdateConfigurationTemplate", "elasticbeanstalk:UpdateEnvironment", "elasticfilesystem:Backup", "elasticfilesystem:ClientRootAccess", "elasticfilesystem:ClientWrite", "elasticfilesystem:CreateAccessPoint", "elasticfilesystem:CreateMountTarget", "elasticfilesystem:CreateTags", "elasticfilesystem:DeleteAccessPoint", "elasticfilesystem:DeleteFileSystem", "elasticfilesystem:DeleteFileSystemPolicy", "elasticfilesystem:DeleteMountTarget", "elasticfilesystem:DeleteTags", "elasticfilesystem:ModifyMountTargetSecurityGroups", "elasticfilesystem:PutBackupPolicy", "elasticfilesystem:PutFileSystemPolicy", "elasticfilesystem:PutLifecycleConfiguration", "elasticfilesystem:Restore", "elasticfilesystem:UpdateFileSystem", "elasticloadbalancing:AddListenerCertificates", "elasticloadbalancing:AddTags", "elasticloadbalancing:CreateListener", "elasticloadbalancing:CreateLoadBalancer", "elasticloadbalancing:CreateRule", "elasticloadbalancing:CreateTargetGroup", "elasticloadbalancing:DeleteListener", "elasticloadbalancing:DeleteLoadBalancer", "elasticloadbalancing:DeleteRule", "elasticloadbalancing:DeleteTargetGroup", "elasticloadbalancing:DeregisterTargets", "elasticloadbalancing:ModifyListener", "elasticloadbalancing:ModifyLoadBalancerAttributes", "elasticloadbalancing:ModifyRule", "elasticloadbalancing:ModifyTargetGroup", "elasticloadbalancing:ModifyTargetGroupAttributes", "elasticloadbalancing:RegisterTargets", "elasticloadbalancing:RemoveListenerCertificates", "elasticloadbalancing:RemoveTags", "elasticloadbalancing:SetIpAddressType", "elasticloadbalancing:SetRulePriorities", "elasticloadbalancing:SetSecurityGroups", "elasticloadbalancing:SetSubnets", "elasticmapreduce:AddInstanceFleet", "elasticmapreduce:AddInstanceGroups", "elasticmapreduce:AddJobFlowSteps", "elasticmapreduce:AddTags", "elasticmapreduce:CancelSteps", "elasticmapreduce:CreateEditor", "elasticmapreduce:DeleteEditor", "elasticmapreduce:ModifyCluster", "elasticmapreduce:ModifyInstanceFleet", "elasticmapreduce:ModifyInstanceGroups", "elasticmapreduce:OpenEditorInConsole", "elasticmapreduce:PutAutoScalingPolicy", "elasticmapreduce:PutManagedScalingPolicy", "elasticmapreduce:RemoveAutoScalingPolicy", "elasticmapreduce:RemoveManagedScalingPolicy", "elasticmapreduce:RemoveTags", "elasticmapreduce:SetTerminationProtection", "elasticmapreduce:StartEditor", "elasticmapreduce:StopEditor", "elasticmapreduce:TerminateJobFlows", "elastictranscoder:CancelJob", "elastictranscoder:CreateJob", "elastictranscoder:CreatePipeline", "elastictranscoder:CreatePreset", "elastictranscoder:DeletePipeline", "elastictranscoder:DeletePreset", "elastictranscoder:UpdatePipeline", "elastictranscoder:UpdatePipelineNotifications", "elastictranscoder:UpdatePipelineStatus", "elemental-activations:TagResource", "elemental-activations:UntagResource", "elemental-appliances-software:CreateQuote", "elemental-appliances-software:TagResource", "elemental-appliances-software:UntagResource", "elemental-appliances-software:UpdateQuote", "es:AddTags", "es:CreateElasticsearchDomain", "es:CreateOutboundCrossClusterSearchConnection", "es:DeleteElasticsearchDomain", "es:ESHttpDelete", "es:ESHttpPatch", "es:ESHttpPost", "es:ESHttpPut", "es:RemoveTags", "es:UpdateElasticsearchDomainConfig", "es:UpgradeElasticsearchDomain", "events:ActivateEventSource", "events:CreateEventBus", "events:CreatePartnerEventSource", "events:DeactivateEventSource", "events:DeleteEventBus", "events:DeletePartnerEventSource", "events:DeleteRule", "events:DisableRule", "events:EnableRule", "events:PutEvents", "events:PutRule", "events:PutTargets", "events:RemoveTargets", "events:TagResource", "events:UntagResource", "execute-api:InvalidateCache", "execute-api:Invoke", "execute-api:ManageConnections", "firehose:CreateDeliveryStream", "firehose:DeleteDeliveryStream", "firehose:PutRecord", "firehose:PutRecordBatch", "firehose:StartDeliveryStreamEncryption", "firehose:StopDeliveryStreamEncryption", "firehose:TagDeliveryStream", "firehose:UntagDeliveryStream", "firehose:UpdateDestination", "fms:DeleteAppsList", "fms:DeletePolicy", "fms:DeleteProtocolsList", "fms:PutAppsList", "fms:PutPolicy", "fms:PutProtocolsList", "fms:TagResource", "fms:UntagResource", "forecast:CreateDataset", "forecast:CreateDatasetGroup", "forecast:CreateDatasetImportJob", "forecast:CreateForecast", "forecast:CreateForecastExportJob", "forecast:CreatePredictor", "forecast:DeleteDataset", "forecast:DeleteDatasetGroup", "forecast:DeleteDatasetImportJob", "forecast:DeleteForecast", "forecast:DeleteForecastExportJob", "forecast:DeletePredictor", "forecast:TagResource", "forecast:UntagResource", "forecast:UpdateDatasetGroup", "frauddetector:CreateDetectorVersion", "frauddetector:CreateModel", "frauddetector:CreateModelVersion", "frauddetector:CreateRule", "frauddetector:DeleteDetector", "frauddetector:DeleteDetectorVersion", "frauddetector:DeleteRule", "frauddetector:PutDetector", "frauddetector:PutEntityType", "frauddetector:PutEventType", "frauddetector:PutExternalModel", "frauddetector:PutLabel", "frauddetector:PutOutcome", "frauddetector:TagResource", "frauddetector:UntagResource", "frauddetector:UpdateDetectorVersion", "frauddetector:UpdateDetectorVersionMetadata", "frauddetector:UpdateDetectorVersionStatus", "frauddetector:UpdateModel", "frauddetector:UpdateModelVersion", "frauddetector:UpdateRuleMetadata", "frauddetector:UpdateRuleVersion", "frauddetector:UpdateVariable", "freertos:CreateSoftwareConfiguration", "freertos:DeleteSoftwareConfiguration", "freertos:UpdateSoftwareConfiguration", "fsx:CancelDataRepositoryTask", "fsx:CreateBackup", "fsx:CreateDataRepositoryTask", "fsx:CreateFileSystem", "fsx:CreateFileSystemFromBackup", "fsx:DeleteBackup", "fsx:DeleteFileSystem", "fsx:TagResource", "fsx:UntagResource", "fsx:UpdateFileSystem", "gamelift:ClaimGameServer", "gamelift:DeleteAlias", "gamelift:DeleteBuild", "gamelift:DeleteFleet", "gamelift:DeleteGameServerGroup", "gamelift:DeleteGameSessionQueue", "gamelift:DeleteMatchmakingConfiguration", "gamelift:DeleteMatchmakingRuleSet", "gamelift:DeleteScalingPolicy", "gamelift:DeleteScript", "gamelift:DeregisterGameServer", "gamelift:PutScalingPolicy", "gamelift:RegisterGameServer", "gamelift:ResumeGameServerGroup", "gamelift:StartFleetActions", "gamelift:StartGameSessionPlacement", "gamelift:StopFleetActions", "gamelift:SuspendGameServerGroup", "gamelift:TagResource", "gamelift:UntagResource", "gamelift:UpdateAlias", "gamelift:UpdateBuild", "gamelift:UpdateFleetAttributes", "gamelift:UpdateFleetCapacity", "gamelift:UpdateFleetPortSettings", "gamelift:UpdateGameServer", "gamelift:UpdateGameServerGroup", "gamelift:UpdateGameSessionQueue", "gamelift:UpdateMatchmakingConfiguration", "gamelift:UpdateRuntimeConfiguration", "gamelift:UpdateScript", "glacier:AbortMultipartUpload", "glacier:AbortVaultLock", "glacier:AddTagsToVault", "glacier:CompleteMultipartUpload", "glacier:CompleteVaultLock", "glacier:CreateVault", "glacier:DeleteArchive", "glacier:DeleteVault", "glacier:DeleteVaultAccessPolicy", "glacier:DeleteVaultNotifications", "glacier:InitiateJob", "glacier:InitiateMultipartUpload", "glacier:InitiateVaultLock", "glacier:RemoveTagsFromVault", "glacier:SetVaultAccessPolicy", "glacier:SetVaultNotifications", "glacier:UploadArchive", "glacier:UploadMultipartPart", "globalaccelerator:CreateEndpointGroup", "globalaccelerator:CreateListener", "globalaccelerator:DeleteAccelerator", "globalaccelerator:DeleteEndpointGroup", "globalaccelerator:DeleteListener", "globalaccelerator:TagResource", "globalaccelerator:UntagResource", "globalaccelerator:UpdateAccelerator", "globalaccelerator:UpdateAcceleratorAttributes", "globalaccelerator:UpdateEndpointGroup", "globalaccelerator:UpdateListener", "glue:BatchCreatePartition", "glue:BatchDeleteConnection", "glue:BatchDeletePartition", "glue:BatchDeleteTable", "glue:CancelMLTaskRun", "glue:CreateConnection", "glue:CreateDatabase", "glue:CreatePartition", "glue:CreateTable", "glue:CreateUserDefinedFunction", "glue:DeleteConnection", "glue:DeleteDatabase", "glue:DeleteMLTransform", "glue:DeletePartition", "glue:DeleteResourcePolicy", "glue:DeleteTable", "glue:DeleteUserDefinedFunction", "glue:ImportCatalogToGlue", "glue:PutResourcePolicy", "glue:StartExportLabelsTaskRun", "glue:StartImportLabelsTaskRun", "glue:StartMLEvaluationTaskRun", "glue:StartMLLabelingSetGenerationTaskRun", "glue:TagResource", "glue:UntagResource", "glue:UpdateConnection", "glue:UpdateDatabase", "glue:UpdateMLTransform", "glue:UpdatePartition", "glue:UpdateTable", "glue:UpdateUserDefinedFunction", "glue:UseMLTransforms", "greengrass:AssociateRoleToGroup", "greengrass:CreateConnectorDefinitionVersion", "greengrass:CreateCoreDefinitionVersion", "greengrass:CreateDeployment", "greengrass:CreateDeviceDefinitionVersion", "greengrass:CreateFunctionDefinitionVersion", "greengrass:CreateGroupCertificateAuthority", "greengrass:CreateGroupVersion", "greengrass:CreateLoggerDefinitionVersion", "greengrass:CreateResourceDefinitionVersion", "greengrass:CreateSubscriptionDefinitionVersion", "greengrass:DeleteConnectorDefinition", "greengrass:DeleteCoreDefinition", "greengrass:DeleteDeviceDefinition", "greengrass:DeleteFunctionDefinition", "greengrass:DeleteGroup", "greengrass:DeleteLoggerDefinition", "greengrass:DeleteResourceDefinition", "greengrass:DeleteSubscriptionDefinition", "greengrass:DisassociateRoleFromGroup", "greengrass:ResetDeployments", "greengrass:StopBulkDeployment", "greengrass:TagResource", "greengrass:UntagResource", "greengrass:UpdateConnectivityInfo", "greengrass:UpdateConnectorDefinition", "greengrass:UpdateCoreDefinition", "greengrass:UpdateDeviceDefinition", "greengrass:UpdateFunctionDefinition", "greengrass:UpdateGroup", "greengrass:UpdateGroupCertificateConfiguration", "greengrass:UpdateLoggerDefinition", "greengrass:UpdateResourceDefinition", "greengrass:UpdateSubscriptionDefinition", "groundstation:CancelContact", "groundstation:DeleteConfig", "groundstation:DeleteDataflowEndpointGroup", "groundstation:DeleteMissionProfile", "groundstation:TagResource", "groundstation:UntagResource", "groundstation:UpdateConfig", "groundstation:UpdateMissionProfile", "guardduty:AcceptInvitation", "guardduty:ArchiveFindings", "guardduty:CreateFilter", "guardduty:CreateIPSet", "guardduty:CreateMembers", "guardduty:CreatePublishingDestination", "guardduty:CreateSampleFindings", "guardduty:CreateThreatIntelSet", "guardduty:DeleteDetector", "guardduty:DeleteFilter", "guardduty:DeleteIPSet", "guardduty:DeleteMembers", "guardduty:DeletePublishingDestination", "guardduty:DeleteThreatIntelSet", "guardduty:DisassociateFromMasterAccount", "guardduty:DisassociateMembers", "guardduty:InviteMembers", "guardduty:StartMonitoringMembers", "guardduty:StopMonitoringMembers", "guardduty:TagResource", "guardduty:UnarchiveFindings", "guardduty:UntagResource", "guardduty:UpdateDetector", "guardduty:UpdateFilter", "guardduty:UpdateFindingsFeedback", "guardduty:UpdateIPSet", "guardduty:UpdateOrganizationConfiguration", "guardduty:UpdatePublishingDestination", "guardduty:UpdateThreatIntelSet", "honeycode:InvokeScreenAutomation", "imagebuilder:CancelImageCreation", "imagebuilder:CreateComponent", "imagebuilder:CreateDistributionConfiguration", "imagebuilder:CreateImage", "imagebuilder:CreateImagePipeline", "imagebuilder:CreateImageRecipe", "imagebuilder:CreateInfrastructureConfiguration", "imagebuilder:DeleteComponent", "imagebuilder:DeleteDistributionConfiguration", "imagebuilder:DeleteImage", "imagebuilder:DeleteImagePipeline", "imagebuilder:DeleteImageRecipe", "imagebuilder:DeleteInfrastructureConfiguration", "imagebuilder:PutComponentPolicy", "imagebuilder:PutImagePolicy", "imagebuilder:PutImageRecipePolicy", "imagebuilder:StartImagePipelineExecution", "imagebuilder:TagResource", "imagebuilder:UntagResource", "imagebuilder:UpdateDistributionConfiguration", "imagebuilder:UpdateImagePipeline", "imagebuilder:UpdateInfrastructureConfiguration", "iot1click:AssociateDeviceWithPlacement", "iot1click:CreatePlacement", "iot1click:CreateProject", "iot1click:DeletePlacement", "iot1click:DeleteProject", "iot1click:DisassociateDeviceFromPlacement", "iot1click:InvokeDeviceMethod", "iot1click:TagResource", "iot1click:UntagResource", "iot1click:UpdateDeviceState", "iot1click:UpdatePlacement", "iot1click:UpdateProject", "iot:AddThingToBillingGroup", "iot:AddThingToThingGroup", "iot:AssociateTargetsWithJob", "iot:AttachPolicy", "iot:AttachPrincipalPolicy", "iot:AttachSecurityProfile", "iot:CancelJob", "iot:CancelJobExecution", "iot:CloseTunnel", "iot:Connect", "iot:CreateAuthorizer", "iot:CreateBillingGroup", "iot:CreateDimension", "iot:CreateDynamicThingGroup", "iot:CreateJob", "iot:CreateMitigationAction", "iot:CreateOTAUpdate", "iot:CreatePolicyVersion", "iot:CreateProvisioningClaim", "iot:CreateProvisioningTemplate", "iot:CreateProvisioningTemplateVersion", "iot:CreateRoleAlias", "iot:CreateScheduledAudit", "iot:CreateSecurityProfile", "iot:CreateStream", "iot:CreateThing", "iot:CreateThingGroup", "iot:CreateThingType", "iot:CreateTopicRule", "iot:DeleteAuthorizer", "iot:DeleteBillingGroup", "iot:DeleteCACertificate", "iot:DeleteCertificate", "iot:DeleteDimension", "iot:DeleteDomainConfiguration", "iot:DeleteDynamicThingGroup", "iot:DeleteJob", "iot:DeleteJobExecution", "iot:DeleteMitigationAction", "iot:DeleteOTAUpdate", "iot:DeletePolicy", "iot:DeletePolicyVersion", "iot:DeleteProvisioningTemplate", "iot:DeleteProvisioningTemplateVersion", "iot:DeleteRoleAlias", "iot:DeleteScheduledAudit", "iot:DeleteSecurityProfile", "iot:DeleteStream", "iot:DeleteThing", "iot:DeleteThingGroup", "iot:DeleteThingShadow", "iot:DeleteThingType", "iot:DeleteTopicRule", "iot:DeprecateThingType", "iot:DetachPolicy", "iot:DetachPrincipalPolicy", "iot:DetachSecurityProfile", "iot:DisableTopicRule", "iot:EnableTopicRule", "iot:Publish", "iot:Receive", "iot:RejectCertificateTransfer", "iot:RemoveThingFromBillingGroup", "iot:RemoveThingFromThingGroup", "iot:ReplaceTopicRule", "iot:SetDefaultAuthorizer", "iot:SetDefaultPolicyVersion", "iot:StartNextPendingJobExecution", "iot:Subscribe", "iot:TagResource", "iot:TransferCertificate", "iot:UntagResource", "iot:UpdateAuthorizer", "iot:UpdateBillingGroup", "iot:UpdateCACertificate", "iot:UpdateCertificate", "iot:UpdateDimension", "iot:UpdateDomainConfiguration", "iot:UpdateDynamicThingGroup", "iot:UpdateJob", "iot:UpdateJobExecution", "iot:UpdateMitigationAction", "iot:UpdateProvisioningTemplate", "iot:UpdateRoleAlias", "iot:UpdateScheduledAudit", "iot:UpdateSecurityProfile", "iot:UpdateStream", "iot:UpdateThing", "iot:UpdateThingGroup", "iot:UpdateThingGroupsForThing", "iot:UpdateThingShadow", "iotanalytics:BatchPutMessage", "iotanalytics:CancelPipelineReprocessing", "iotanalytics:CreateChannel", "iotanalytics:CreateDataset", "iotanalytics:CreateDatasetContent", "iotanalytics:CreateDatastore", "iotanalytics:CreatePipeline", "iotanalytics:DeleteChannel", "iotanalytics:DeleteDataset", "iotanalytics:DeleteDatasetContent", "iotanalytics:DeleteDatastore", "iotanalytics:DeletePipeline", "iotanalytics:StartPipelineReprocessing", "iotanalytics:TagResource", "iotanalytics:UntagResource", "iotanalytics:UpdateChannel", "iotanalytics:UpdateDataset", "iotanalytics:UpdateDatastore", "iotanalytics:UpdatePipeline", "iotevents:BatchPutMessage", "iotevents:BatchUpdateDetector", "iotevents:CreateDetectorModel", "iotevents:CreateInput", "iotevents:DeleteDetectorModel", "iotevents:DeleteInput", "iotevents:TagResource", "iotevents:UntagResource", "iotevents:UpdateDetectorModel", "iotevents:UpdateInput", "iotevents:UpdateInputRouting", "iotsitewise:AssociateAssets", "iotsitewise:BatchAssociateProjectAssets", "iotsitewise:BatchDisassociateProjectAssets", "iotsitewise:BatchPutAssetPropertyValue", "iotsitewise:CreateAccessPolicy", "iotsitewise:CreateAsset", "iotsitewise:CreateDashboard", "iotsitewise:CreateProject", "iotsitewise:DeleteAccessPolicy", "iotsitewise:DeleteAsset", "iotsitewise:DeleteAssetModel", "iotsitewise:DeleteDashboard", "iotsitewise:DeleteGateway", "iotsitewise:DeletePortal", "iotsitewise:DeleteProject", "iotsitewise:DisassociateAssets", "iotsitewise:TagResource", "iotsitewise:UntagResource", "iotsitewise:UpdateAccessPolicy", "iotsitewise:UpdateAsset", "iotsitewise:UpdateAssetModel", "iotsitewise:UpdateAssetProperty", "iotsitewise:UpdateDashboard", "iotsitewise:UpdateGateway", "iotsitewise:UpdateGatewayCapabilityConfiguration", "iotsitewise:UpdatePortal", "iotsitewise:UpdateProject", "iotthingsgraph:DeleteFlowTemplate", "iotthingsgraph:DeleteSystemInstance", "iotthingsgraph:DeleteSystemTemplate", "iotthingsgraph:DeploySystemInstance", "iotthingsgraph:DeprecateFlowTemplate", "iotthingsgraph:DeprecateSystemTemplate", "iotthingsgraph:TagResource", "iotthingsgraph:UndeploySystemInstance", "iotthingsgraph:UntagResource", "iotthingsgraph:UpdateFlowTemplate", "iotthingsgraph:UpdateSystemTemplate", "ivs:CreateChannel", "ivs:CreateStreamKey", "ivs:DeleteChannel", "ivs:DeletePlaybackKeyPair", "ivs:DeleteStreamKey", "ivs:ImportPlaybackKeyPair", "ivs:ListTagsForResource", "ivs:PutMetadata", "ivs:StopStream", "ivs:TagResource", "ivs:UntagResource", "ivs:UpdateChannel", "kafka:TagResource", "kafka:UntagResource", "kendra:BatchDeleteDocument", "kendra:BatchPutDocument", "kendra:CreateDataSource", "kendra:CreateFaq", "kendra:DeleteDataSource", "kendra:DeleteFaq", "kendra:DeleteIndex", "kendra:StartDataSourceSyncJob", "kendra:StopDataSourceSyncJob", "kendra:SubmitFeedback", "kendra:TagResource", "kendra:UntagResource", "kendra:UpdateDataSource", "kendra:UpdateIndex", "kinesis:AddTagsToStream", "kinesis:CreateStream", "kinesis:DecreaseStreamRetentionPeriod", "kinesis:DeleteStream", "kinesis:DeregisterStreamConsumer", "kinesis:IncreaseStreamRetentionPeriod", "kinesis:MergeShards", "kinesis:PutRecord", "kinesis:PutRecords", "kinesis:RegisterStreamConsumer", "kinesis:RemoveTagsFromStream", "kinesis:SplitShard", "kinesis:StartStreamEncryption", "kinesis:StopStreamEncryption", "kinesisanalytics:AddApplicationCloudWatchLoggingOption", "kinesisanalytics:AddApplicationInput", "kinesisanalytics:AddApplicationInputProcessingConfiguration", "kinesisanalytics:AddApplicationOutput", "kinesisanalytics:AddApplicationReferenceDataSource", "kinesisanalytics:AddApplicationVpcConfiguration", "kinesisanalytics:CreateApplicationSnapshot", "kinesisanalytics:DeleteApplication", "kinesisanalytics:DeleteApplicationCloudWatchLoggingOption", "kinesisanalytics:DeleteApplicationInputProcessingConfiguration", "kinesisanalytics:DeleteApplicationOutput", "kinesisanalytics:DeleteApplicationReferenceDataSource", "kinesisanalytics:DeleteApplicationSnapshot", "kinesisanalytics:DeleteApplicationVpcConfiguration", "kinesisanalytics:StartApplication", "kinesisanalytics:StopApplication", "kinesisanalytics:TagResource", "kinesisanalytics:UntagResource", "kinesisanalytics:UpdateApplication", "kinesisvideo:ConnectAsMaster", "kinesisvideo:ConnectAsViewer", "kinesisvideo:CreateSignalingChannel", "kinesisvideo:CreateStream", "kinesisvideo:DeleteSignalingChannel", "kinesisvideo:DeleteStream", "kinesisvideo:PutMedia", "kinesisvideo:SendAlexaOfferToMaster", "kinesisvideo:TagResource", "kinesisvideo:TagStream", "kinesisvideo:UntagResource", "kinesisvideo:UntagStream", "kinesisvideo:UpdateDataRetention", "kinesisvideo:UpdateSignalingChannel", "kinesisvideo:UpdateStream", "kms:CancelKeyDeletion", "kms:CreateAlias", "kms:CreateGrant", "kms:Decrypt", "kms:DeleteAlias", "kms:DeleteImportedKeyMaterial", "kms:DisableKey", "kms:DisableKeyRotation", "kms:EnableKey", "kms:EnableKeyRotation", "kms:Encrypt", "kms:GenerateDataKey", "kms:GenerateDataKeyPair", "kms:GenerateDataKeyPairWithoutPlaintext", "kms:GenerateDataKeyWithoutPlaintext", "kms:ImportKeyMaterial", "kms:PutKeyPolicy", "kms:ReEncryptFrom", "kms:ReEncryptTo", "kms:RetireGrant", "kms:RevokeGrant", "kms:ScheduleKeyDeletion", "kms:Sign", "kms:TagResource", "kms:UntagResource", "kms:UpdateAlias", "kms:UpdateKeyDescription", "kms:Verify", "lambda:AddLayerVersionPermission", "lambda:AddPermission", "lambda:CreateAlias", "lambda:CreateFunction", "lambda:DeleteAlias", "lambda:DeleteEventSourceMapping", "lambda:DeleteFunction", "lambda:DeleteFunctionConcurrency", "lambda:DeleteFunctionEventInvokeConfig", "lambda:DeleteLayerVersion", "lambda:DeleteProvisionedConcurrencyConfig", "lambda:DisableReplication", "lambda:EnableReplication", "lambda:InvokeAsync", "lambda:InvokeFunction", "lambda:PublishLayerVersion", "lambda:PublishVersion", "lambda:PutFunctionConcurrency", "lambda:PutFunctionEventInvokeConfig", "lambda:PutProvisionedConcurrencyConfig", "lambda:RemoveLayerVersionPermission", "lambda:RemovePermission", "lambda:TagResource", "lambda:UntagResource", "lambda:UpdateAlias", "lambda:UpdateEventSourceMapping", "lambda:UpdateFunctionCode", "lambda:UpdateFunctionConfiguration", "lambda:UpdateFunctionEventInvokeConfig", "lex:CreateBotVersion", "lex:CreateIntentVersion", "lex:CreateSlotTypeVersion", "lex:DeleteBot", "lex:DeleteBotAlias", "lex:DeleteBotChannelAssociation", "lex:DeleteBotVersion", "lex:DeleteIntent", "lex:DeleteIntentVersion", "lex:DeleteSession", "lex:DeleteSlotType", "lex:DeleteSlotTypeVersion", "lex:DeleteUtterances", "lex:PostContent", "lex:PostText", "lex:PutBot", "lex:PutBotAlias", "lex:PutIntent", "lex:PutSession", "lex:PutSlotType", "lex:TagResource", "lex:UntagResource", "license-manager:DeleteLicenseConfiguration", "license-manager:TagResource", "license-manager:UntagResource", "license-manager:UpdateLicenseConfiguration", "license-manager:UpdateLicenseSpecificationsForResource", "lightsail:AllocateStaticIp", "lightsail:AttachDisk", "lightsail:AttachInstancesToLoadBalancer", "lightsail:AttachLoadBalancerTlsCertificate", "lightsail:AttachStaticIp", "lightsail:CloseInstancePublicPorts", "lightsail:CreateCloudFormationStack", "lightsail:CreateDisk", "lightsail:CreateDiskFromSnapshot", "lightsail:CreateDiskSnapshot", "lightsail:CreateDomain", "lightsail:CreateDomainEntry", "lightsail:CreateInstanceSnapshot", "lightsail:CreateInstances", "lightsail:CreateInstancesFromSnapshot", "lightsail:CreateKeyPair", "lightsail:CreateLoadBalancer", "lightsail:CreateLoadBalancerTlsCertificate", "lightsail:CreateRelationalDatabase", "lightsail:CreateRelationalDatabaseFromSnapshot", "lightsail:CreateRelationalDatabaseSnapshot", "lightsail:DeleteDisk", "lightsail:DeleteDiskSnapshot", "lightsail:DeleteDomain", "lightsail:DeleteDomainEntry", "lightsail:DeleteInstance", "lightsail:DeleteInstanceSnapshot", "lightsail:DeleteKeyPair", "lightsail:DeleteKnownHostKeys", "lightsail:DeleteLoadBalancer", "lightsail:DeleteLoadBalancerTlsCertificate", "lightsail:DeleteRelationalDatabase", "lightsail:DeleteRelationalDatabaseSnapshot", "lightsail:DetachDisk", "lightsail:DetachInstancesFromLoadBalancer", "lightsail:DetachStaticIp", "lightsail:DownloadDefaultKeyPair", "lightsail:GetInstanceAccessDetails", "lightsail:ImportKeyPair", "lightsail:OpenInstancePublicPorts", "lightsail:PutInstancePublicPorts", "lightsail:RebootInstance", "lightsail:RebootRelationalDatabase", "lightsail:ReleaseStaticIp", "lightsail:StartInstance", "lightsail:StartRelationalDatabase", "lightsail:StopInstance", "lightsail:StopRelationalDatabase", "lightsail:TagResource", "lightsail:UntagResource", "lightsail:UpdateDomainEntry", "lightsail:UpdateLoadBalancerAttribute", "lightsail:UpdateRelationalDatabase", "logs:AssociateKmsKey", "logs:CreateExportTask", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DeleteLogGroup", "logs:DeleteLogStream", "logs:DeleteMetricFilter", "logs:DeleteRetentionPolicy", "logs:DeleteSubscriptionFilter", "logs:DisassociateKmsKey", "logs:PutLogEvents", "logs:PutMetricFilter", "logs:PutRetentionPolicy", "logs:PutSubscriptionFilter", "logs:TagLogGroup", "logs:UntagLogGroup", "machinelearning:AddTags", "machinelearning:CreateBatchPrediction", "machinelearning:CreateDataSourceFromRDS", "machinelearning:CreateDataSourceFromRedshift", "machinelearning:CreateDataSourceFromS3", "machinelearning:CreateEvaluation", "machinelearning:CreateMLModel", "machinelearning:CreateRealtimeEndpoint", "machinelearning:DeleteBatchPrediction", "machinelearning:DeleteDataSource", "machinelearning:DeleteEvaluation", "machinelearning:DeleteMLModel", "machinelearning:DeleteRealtimeEndpoint", "machinelearning:DeleteTags", "machinelearning:Predict", "machinelearning:UpdateBatchPrediction", "machinelearning:UpdateDataSource", "machinelearning:UpdateEvaluation", "machinelearning:UpdateMLModel", "macie2:CreateClassificationJob", "macie2:CreateCustomDataIdentifier", "macie2:CreateFindingsFilter", "macie2:CreateMember", "macie2:DeleteCustomDataIdentifier", "macie2:DeleteFindingsFilter", "macie2:DeleteMember", "macie2:DisassociateMember", "macie2:UpdateClassificationJob", "macie2:UpdateFindingsFilter", "managedblockchain:CreateMember", "managedblockchain:CreateNode", "managedblockchain:CreateProposal", "managedblockchain:DeleteMember", "managedblockchain:DeleteNode", "managedblockchain:RejectInvitation", "managedblockchain:UpdateMember", "managedblockchain:UpdateNode", "managedblockchain:VoteOnProposal", "mediaconvert:CancelJob", "mediaconvert:CreateJob", "mediaconvert:CreateJobTemplate", "mediaconvert:DeleteJobTemplate", "mediaconvert:DeletePreset", "mediaconvert:DeleteQueue", "mediaconvert:TagResource", "mediaconvert:UntagResource", "mediaconvert:UpdateJobTemplate", "mediaconvert:UpdatePreset", "mediaconvert:UpdateQueue", "medialive:BatchUpdateSchedule", "medialive:CreateChannel", "medialive:CreateInput", "medialive:CreateInputSecurityGroup", "medialive:CreateMultiplex", "medialive:CreateTags", "medialive:DeleteChannel", "medialive:DeleteInput", "medialive:DeleteInputSecurityGroup", "medialive:DeleteMultiplex", "medialive:DeleteReservation", "medialive:DeleteTags", "medialive:PurchaseOffering", "medialive:StartChannel", "medialive:StartMultiplex", "medialive:StopChannel", "medialive:StopMultiplex", "medialive:UpdateChannel", "medialive:UpdateChannelClass", "medialive:UpdateInput", "medialive:UpdateInputDevice", "medialive:UpdateInputSecurityGroup", "medialive:UpdateMultiplex", "medialive:UpdateReservation", "mediapackage-vod:DeleteAsset", "mediapackage-vod:DeletePackagingConfiguration", "mediapackage-vod:DeletePackagingGroup", "mediapackage-vod:TagResource", "mediapackage-vod:UntagResource", "mediapackage:DeleteChannel", "mediapackage:DeleteOriginEndpoint", "mediapackage:RotateIngestEndpointCredentials", "mediapackage:TagResource", "mediapackage:UntagResource", "mediapackage:UpdateChannel", "mediapackage:UpdateOriginEndpoint", "mediatailor:DeletePlaybackConfiguration", "mediatailor:PutPlaybackConfiguration", "mgh:AssociateCreatedArtifact", "mgh:AssociateDiscoveredResource", "mgh:CreateProgressUpdateStream", "mgh:DeleteProgressUpdateStream", "mgh:DisassociateCreatedArtifact", "mgh:DisassociateDiscoveredResource", "mgh:ImportMigrationTask", "mgh:NotifyMigrationTaskState", "mgh:PutResourceAttributes", "mobilehub:DeleteProject", "mobilehub:GenerateProjectParameters", "mobilehub:SynchronizeProject", "mobilehub:UpdateProject", "mobiletargeting:CreateCampaign", "mobiletargeting:CreateExportJob", "mobiletargeting:CreateImportJob", "mobiletargeting:CreateJourney", "mobiletargeting:CreateSegment", "mobiletargeting:DeleteAdmChannel", "mobiletargeting:DeleteApnsChannel", "mobiletargeting:DeleteApnsSandboxChannel", "mobiletargeting:DeleteApnsVoipChannel", "mobiletargeting:DeleteApnsVoipSandboxChannel", "mobiletargeting:DeleteApp", "mobiletargeting:DeleteBaiduChannel", "mobiletargeting:DeleteCampaign", "mobiletargeting:DeleteEmailChannel", "mobiletargeting:DeleteEmailTemplate", "mobiletargeting:DeleteEndpoint", "mobiletargeting:DeleteEventStream", "mobiletargeting:DeleteGcmChannel", "mobiletargeting:DeleteJourney", "mobiletargeting:DeletePushTemplate", "mobiletargeting:DeleteRecommenderConfiguration", "mobiletargeting:DeleteSegment", "mobiletargeting:DeleteSmsChannel", "mobiletargeting:DeleteSmsTemplate", "mobiletargeting:DeleteUserEndpoints", "mobiletargeting:DeleteVoiceChannel", "mobiletargeting:DeleteVoiceTemplate", "mobiletargeting:PutEventStream", "mobiletargeting:PutEvents", "mobiletargeting:RemoveAttributes", "mobiletargeting:SendMessages", "mobiletargeting:SendUsersMessages", "mobiletargeting:TagResource", "mobiletargeting:UntagResource", "mobiletargeting:UpdateAdmChannel", "mobiletargeting:UpdateApnsChannel", "mobiletargeting:UpdateApnsSandboxChannel", "mobiletargeting:UpdateApnsVoipChannel", "mobiletargeting:UpdateApnsVoipSandboxChannel", "mobiletargeting:UpdateApplicationSettings", "mobiletargeting:UpdateBaiduChannel", "mobiletargeting:UpdateCampaign", "mobiletargeting:UpdateEmailChannel", "mobiletargeting:UpdateEmailTemplate", "mobiletargeting:UpdateEndpoint", "mobiletargeting:UpdateEndpointsBatch", "mobiletargeting:UpdateGcmChannel", "mobiletargeting:UpdateJourney", "mobiletargeting:UpdateJourneyState", "mobiletargeting:UpdatePushTemplate", "mobiletargeting:UpdateRecommenderConfiguration", "mobiletargeting:UpdateSegment", "mobiletargeting:UpdateSmsChannel", "mobiletargeting:UpdateSmsTemplate", "mobiletargeting:UpdateTemplateActiveVersion", "mobiletargeting:UpdateVoiceChannel", "mobiletargeting:UpdateVoiceTemplate", "mq:CreateTags", "mq:CreateUser", "mq:DeleteBroker", "mq:DeleteTags", "mq:DeleteUser", "mq:RebootBroker", "mq:UpdateBroker", "mq:UpdateConfiguration", "mq:UpdateUser", "neptune-db:connect", "networkmanager:AssociateCustomerGateway", "networkmanager:AssociateLink", "networkmanager:CreateDevice", "networkmanager:CreateLink", "networkmanager:CreateSite", "networkmanager:DeleteDevice", "networkmanager:DeleteGlobalNetwork", "networkmanager:DeleteLink", "networkmanager:DeleteSite", "networkmanager:DeregisterTransitGateway", "networkmanager:DisassociateCustomerGateway", "networkmanager:DisassociateLink", "networkmanager:RegisterTransitGateway", "networkmanager:TagResource", "networkmanager:UntagResource", "networkmanager:UpdateDevice", "networkmanager:UpdateGlobalNetwork", "networkmanager:UpdateLink", "networkmanager:UpdateSite", "opsworks:AssignInstance", "opsworks:AssignVolume", "opsworks:AssociateElasticIp", "opsworks:AttachElasticLoadBalancer", "opsworks:CloneStack", "opsworks:CreateApp", "opsworks:CreateDeployment", "opsworks:CreateInstance", "opsworks:CreateLayer", "opsworks:DeleteApp", "opsworks:DeleteInstance", "opsworks:DeleteLayer", "opsworks:DeleteStack", "opsworks:DeregisterEcsCluster", "opsworks:DeregisterElasticIp", "opsworks:DeregisterInstance", "opsworks:DeregisterRdsDbInstance", "opsworks:DeregisterVolume", "opsworks:DetachElasticLoadBalancer", "opsworks:DisassociateElasticIp", "opsworks:GrantAccess", "opsworks:RebootInstance", "opsworks:RegisterEcsCluster", "opsworks:RegisterElasticIp", "opsworks:RegisterInstance", "opsworks:RegisterRdsDbInstance", "opsworks:RegisterVolume", "opsworks:SetLoadBasedAutoScaling", "opsworks:SetPermission", "opsworks:SetTimeBasedAutoScaling", "opsworks:StartInstance", "opsworks:StartStack", "opsworks:StopInstance", "opsworks:StopStack", "opsworks:TagResource", "opsworks:UnassignInstance", "opsworks:UnassignVolume", "opsworks:UntagResource", "opsworks:UpdateApp", "opsworks:UpdateElasticIp", "opsworks:UpdateInstance", "opsworks:UpdateLayer", "opsworks:UpdateRdsDbInstance", "opsworks:UpdateStack", "opsworks:UpdateVolume", "personalize:CreateBatchInferenceJob", "personalize:CreateCampaign", "personalize:CreateDataset", "personalize:CreateDatasetGroup", "personalize:CreateDatasetImportJob", "personalize:CreateEventTracker", "personalize:CreateFilter", "personalize:CreateSchema", "personalize:CreateSolution", "personalize:CreateSolutionVersion", "personalize:DeleteCampaign", "personalize:DeleteDataset", "personalize:DeleteDatasetGroup", "personalize:DeleteEventTracker", "personalize:DeleteFilter", "personalize:DeleteSchema", "personalize:DeleteSolution", "personalize:GetPersonalizedRanking", "personalize:PutEvents", "personalize:UpdateCampaign", "polly:DeleteLexicon", "polly:StartSpeechSynthesisTask", "qldb:CancelJournalKinesisStream", "qldb:CreateLedger", "qldb:DeleteLedger", "qldb:ExecuteStatement", "qldb:ExportJournalToS3", "qldb:InsertSampleData", "qldb:SendCommand", "qldb:ShowCatalog", "qldb:StreamJournalToKinesis", "qldb:TagResource", "qldb:UntagResource", "qldb:UpdateLedger", "quicksight:CreateAdmin", "quicksight:CreateDashboard", "quicksight:CreateGroup", "quicksight:CreateGroupMembership", "quicksight:CreateIAMPolicyAssignment", "quicksight:CreateReader", "quicksight:CreateTemplate", "quicksight:CreateTemplateAlias", "quicksight:CreateTheme", "quicksight:CreateThemeAlias", "quicksight:CreateUser", "quicksight:DeleteDashboard", "quicksight:DeleteGroup", "quicksight:DeleteGroupMembership", "quicksight:DeleteIAMPolicyAssignment", "quicksight:DeleteTemplate", "quicksight:DeleteTemplateAlias", "quicksight:DeleteTheme", "quicksight:DeleteThemeAlias", "quicksight:DeleteUser", "quicksight:DeleteUserByPrincipalId", "quicksight:RegisterUser", "quicksight:TagResource", "quicksight:UntagResource", "quicksight:UpdateDashboard", "quicksight:UpdateDashboardPermissions", "quicksight:UpdateDashboardPublishedVersion", "quicksight:UpdateGroup", "quicksight:UpdateIAMPolicyAssignment", "quicksight:UpdateTemplate", "quicksight:UpdateTemplateAlias", "quicksight:UpdateTemplatePermissions", "quicksight:UpdateTheme", "quicksight:UpdateThemeAlias", "quicksight:UpdateThemePermissions", "quicksight:UpdateUser", "ram:AcceptResourceShareInvitation", "ram:AssociateResourceShare", "ram:AssociateResourceSharePermission", "ram:DeleteResourceShare", "ram:DisassociateResourceShare", "ram:DisassociateResourceSharePermission", "ram:RejectResourceShareInvitation", "ram:TagResource", "ram:UntagResource", "ram:UpdateResourceShare", "rds-db:connect", "rds:AddRoleToDBCluster", "rds:AddRoleToDBInstance", "rds:AddSourceIdentifierToSubscription", "rds:AddTagsToResource", "rds:ApplyPendingMaintenanceAction", "rds:AuthorizeDBSecurityGroupIngress", "rds:BacktrackDBCluster", "rds:CopyDBClusterParameterGroup", "rds:CopyDBClusterSnapshot", "rds:CopyDBParameterGroup", "rds:CopyDBSnapshot", "rds:CopyOptionGroup", "rds:CreateDBCluster", "rds:CreateDBClusterEndpoint", "rds:CreateDBClusterParameterGroup", "rds:CreateDBClusterSnapshot", "rds:CreateDBInstance", "rds:CreateDBInstanceReadReplica", "rds:CreateDBParameterGroup", "rds:CreateDBSecurityGroup", "rds:CreateDBSnapshot", "rds:CreateDBSubnetGroup", "rds:CreateEventSubscription", "rds:CreateGlobalCluster", "rds:CreateOptionGroup", "rds:DeleteDBCluster", "rds:DeleteDBClusterEndpoint", "rds:DeleteDBClusterParameterGroup", "rds:DeleteDBClusterSnapshot", "rds:DeleteDBInstance", "rds:DeleteDBParameterGroup", "rds:DeleteDBProxy", "rds:DeleteDBSecurityGroup", "rds:DeleteDBSnapshot", "rds:DeleteDBSubnetGroup", "rds:DeleteEventSubscription", "rds:DeleteGlobalCluster", "rds:DeleteOptionGroup", "rds:DeregisterDBProxyTargets", "rds:FailoverDBCluster", "rds:ModifyCurrentDBClusterCapacity", "rds:ModifyDBCluster", "rds:ModifyDBClusterEndpoint", "rds:ModifyDBClusterParameterGroup", "rds:ModifyDBClusterSnapshotAttribute", "rds:ModifyDBInstance", "rds:ModifyDBParameterGroup", "rds:ModifyDBProxy", "rds:ModifyDBProxyTargetGroup", "rds:ModifyDBSnapshot", "rds:ModifyDBSnapshotAttribute", "rds:ModifyDBSubnetGroup", "rds:ModifyEventSubscription", "rds:ModifyGlobalCluster", "rds:ModifyOptionGroup", "rds:PromoteReadReplica", "rds:PromoteReadReplicaDBCluster", "rds:PurchaseReservedDBInstancesOffering", "rds:RebootDBInstance", "rds:RegisterDBProxyTargets", "rds:RemoveFromGlobalCluster", "rds:RemoveRoleFromDBCluster", "rds:RemoveRoleFromDBInstance", "rds:RemoveSourceIdentifierFromSubscription", "rds:RemoveTagsFromResource", "rds:ResetDBClusterParameterGroup", "rds:ResetDBParameterGroup", "rds:RestoreDBClusterFromS3", "rds:RestoreDBClusterFromSnapshot", "rds:RestoreDBClusterToPointInTime", "rds:RestoreDBInstanceFromDBSnapshot", "rds:RestoreDBInstanceFromS3", "rds:RestoreDBInstanceToPointInTime", "rds:RevokeDBSecurityGroupIngress", "rds:StartActivityStream", "rds:StartDBCluster", "rds:StartDBInstance", "rds:StopActivityStream", "rds:StopDBCluster", "rds:StopDBInstance", "redshift:AuthorizeClusterSecurityGroupIngress", "redshift:AuthorizeSnapshotAccess", "redshift:BatchDeleteClusterSnapshots", "redshift:BatchModifyClusterSnapshots", "redshift:CancelResize", "redshift:CopyClusterSnapshot", "redshift:CreateCluster", "redshift:CreateClusterParameterGroup", "redshift:CreateClusterSecurityGroup", "redshift:CreateClusterSnapshot", "redshift:CreateClusterSubnetGroup", "redshift:CreateClusterUser", "redshift:CreateEventSubscription", "redshift:CreateHsmClientCertificate", "redshift:CreateHsmConfiguration", "redshift:CreateSnapshotCopyGrant", "redshift:CreateSnapshotSchedule", "redshift:CreateTags", "redshift:DeleteCluster", "redshift:DeleteClusterParameterGroup", "redshift:DeleteClusterSecurityGroup", "redshift:DeleteClusterSnapshot", "redshift:DeleteClusterSubnetGroup", "redshift:DeleteEventSubscription", "redshift:DeleteHsmClientCertificate", "redshift:DeleteHsmConfiguration", "redshift:DeleteSnapshotCopyGrant", "redshift:DeleteSnapshotSchedule", "redshift:DeleteTags", "redshift:DisableLogging", "redshift:DisableSnapshotCopy", "redshift:EnableLogging", "redshift:EnableSnapshotCopy", "redshift:GetClusterCredentials", "redshift:JoinGroup", "redshift:ModifyCluster", "redshift:ModifyClusterDbRevision", "redshift:ModifyClusterIamRoles", "redshift:ModifyClusterParameterGroup", "redshift:ModifyClusterSnapshot", "redshift:ModifyClusterSnapshotSchedule", "redshift:ModifyClusterSubnetGroup", "redshift:ModifyEventSubscription", "redshift:ModifySnapshotCopyRetentionPeriod", "redshift:ModifySnapshotSchedule", "redshift:PauseCluster", "redshift:RebootCluster", "redshift:ResetClusterParameterGroup", "redshift:ResizeCluster", "redshift:RestoreFromClusterSnapshot", "redshift:RestoreTableFromClusterSnapshot", "redshift:ResumeCluster", "redshift:RevokeClusterSecurityGroupIngress", "redshift:RevokeSnapshotAccess", "redshift:RotateEncryptionKey", "rekognition:CreateCollection", "rekognition:CreateProject", "rekognition:CreateProjectVersion", "rekognition:CreateStreamProcessor", "rekognition:DeleteCollection", "rekognition:DeleteFaces", "rekognition:DeleteProject", "rekognition:DeleteProjectVersion", "rekognition:DeleteStreamProcessor", "rekognition:IndexFaces", "rekognition:StartFaceSearch", "rekognition:StartProjectVersion", "rekognition:StartStreamProcessor", "rekognition:StopProjectVersion", "rekognition:StopStreamProcessor", "resource-groups:DeleteGroup", "resource-groups:Tag", "resource-groups:Untag", "resource-groups:UpdateGroup", "resource-groups:UpdateGroupQuery", "robomaker:CancelDeploymentJob", "robomaker:CancelSimulationJob", "robomaker:CancelSimulationJobBatch", "robomaker:CreateRobotApplicationVersion", "robomaker:CreateSimulationApplicationVersion", "robomaker:DeleteFleet", "robomaker:DeleteRobot", "robomaker:DeleteRobotApplication", "robomaker:DeleteSimulationApplication", "robomaker:DeregisterRobot", "robomaker:RegisterRobot", "robomaker:RestartSimulationJob", "robomaker:SyncDeploymentJob", "robomaker:TagResource", "robomaker:UntagResource", "robomaker:UpdateRobotApplication", "robomaker:UpdateSimulationApplication", "route53:AssociateVPCWithHostedZone", "route53:ChangeResourceRecordSets", "route53:ChangeTagsForResource", "route53:CreateQueryLoggingConfig", "route53:CreateTrafficPolicyInstance", "route53:CreateTrafficPolicyVersion", "route53:CreateVPCAssociationAuthorization", "route53:DeleteHealthCheck", "route53:DeleteHostedZone", "route53:DeleteQueryLoggingConfig", "route53:DeleteReusableDelegationSet", "route53:DeleteTrafficPolicy", "route53:DeleteTrafficPolicyInstance", "route53:DeleteVPCAssociationAuthorization", "route53:UpdateHealthCheck", "route53:UpdateHostedZoneComment", "route53:UpdateTrafficPolicyComment", "route53:UpdateTrafficPolicyInstance", "route53resolver:AssociateResolverEndpointIpAddress", "route53resolver:AssociateResolverQueryLogConfig", "route53resolver:AssociateResolverRule", "route53resolver:CreateResolverEndpoint", "route53resolver:CreateResolverQueryLogConfig", "route53resolver:CreateResolverRule", "route53resolver:DeleteResolverEndpoint", "route53resolver:DeleteResolverQueryLogConfig", "route53resolver:DeleteResolverRule", "route53resolver:DisassociateResolverEndpointIpAddress", "route53resolver:DisassociateResolverQueryLogConfig", "route53resolver:DisassociateResolverRule", "route53resolver:PutResolverQueryLogConfigPolicy", "route53resolver:PutResolverRulePolicy", "route53resolver:TagResource", "route53resolver:UntagResource", "route53resolver:UpdateResolverEndpoint", "route53resolver:UpdateResolverRule", "s3:AbortMultipartUpload", "s3:BypassGovernanceRetention", "s3:CreateAccessPoint", "s3:CreateBucket", "s3:DeleteAccessPoint", "s3:DeleteAccessPointPolicy", "s3:DeleteBucket", "s3:DeleteBucketPolicy", "s3:DeleteBucketWebsite", "s3:DeleteJobTagging", "s3:DeleteObject", "s3:DeleteObjectTagging", "s3:DeleteObjectVersion", "s3:DeleteObjectVersionTagging", "s3:GetObject", "s3:ObjectOwnerOverrideToBucketOwner", "s3:PutAccelerateConfiguration", "s3:PutAccessPointPolicy", "s3:PutAnalyticsConfiguration", "s3:PutBucketAcl", "s3:PutBucketCORS", "s3:PutBucketLogging", "s3:PutBucketNotification", "s3:PutBucketObjectLockConfiguration", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", "s3:PutBucketRequestPayment", "s3:PutBucketTagging", "s3:PutBucketVersioning", "s3:PutBucketWebsite", "s3:PutEncryptionConfiguration", "s3:PutInventoryConfiguration", "s3:PutJobTagging", "s3:PutLifecycleConfiguration", "s3:PutMetricsConfiguration", "s3:PutObject", "s3:PutObjectAcl", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", "s3:PutObjectVersionAcl", "s3:PutObjectVersionTagging", "s3:PutReplicationConfiguration", "s3:ReplicateDelete", "s3:ReplicateObject", "s3:ReplicateTags", "s3:RestoreObject", "s3:UpdateJobPriority", "s3:UpdateJobStatus", "sagemaker:AddTags", "sagemaker:AssociateTrialComponent", "sagemaker:BatchPutMetrics", "sagemaker:CreateAlgorithm", "sagemaker:CreateApp", "sagemaker:CreateAutoMLJob", "sagemaker:CreateCodeRepository", "sagemaker:CreateCompilationJob", "sagemaker:CreateDomain", "sagemaker:CreateEndpoint", "sagemaker:CreateEndpointConfig", "sagemaker:CreateExperiment", "sagemaker:CreateFlowDefinition", "sagemaker:CreateHumanTaskUi", "sagemaker:CreateHyperParameterTuningJob", "sagemaker:CreateLabelingJob", "sagemaker:CreateModel", "sagemaker:CreateModelPackage", "sagemaker:CreateMonitoringSchedule", "sagemaker:CreateNotebookInstance", "sagemaker:CreateNotebookInstanceLifecycleConfig", "sagemaker:CreatePresignedDomainUrl", "sagemaker:CreatePresignedNotebookInstanceUrl", "sagemaker:CreateProcessingJob", "sagemaker:CreateTrainingJob", "sagemaker:CreateTransformJob", "sagemaker:CreateTrial", "sagemaker:CreateTrialComponent", "sagemaker:CreateUserProfile", "sagemaker:CreateWorkforce", "sagemaker:CreateWorkteam", "sagemaker:DeleteAlgorithm", "sagemaker:DeleteApp", "sagemaker:DeleteCodeRepository", "sagemaker:DeleteDomain", "sagemaker:DeleteEndpoint", "sagemaker:DeleteEndpointConfig", "sagemaker:DeleteExperiment", "sagemaker:DeleteFlowDefinition", "sagemaker:DeleteHumanLoop", "sagemaker:DeleteModel", "sagemaker:DeleteModelPackage", "sagemaker:DeleteMonitoringSchedule", "sagemaker:DeleteNotebookInstance", "sagemaker:DeleteNotebookInstanceLifecycleConfig", "sagemaker:DeleteTags", "sagemaker:DeleteTrial", "sagemaker:DeleteTrialComponent", "sagemaker:DeleteUserProfile", "sagemaker:DeleteWorkforce", "sagemaker:DeleteWorkteam", "sagemaker:DisassociateTrialComponent", "sagemaker:StartHumanLoop", "sagemaker:StartMonitoringSchedule", "sagemaker:StartNotebookInstance", "sagemaker:StopAutoMLJob", "sagemaker:StopCompilationJob", "sagemaker:StopHumanLoop", "sagemaker:StopHyperParameterTuningJob", "sagemaker:StopLabelingJob", "sagemaker:StopMonitoringSchedule", "sagemaker:StopNotebookInstance", "sagemaker:StopProcessingJob", "sagemaker:StopTrainingJob", "sagemaker:StopTransformJob", "sagemaker:UpdateCodeRepository", "sagemaker:UpdateDomain", "sagemaker:UpdateEndpoint", "sagemaker:UpdateEndpointWeightsAndCapacities", "sagemaker:UpdateExperiment", "sagemaker:UpdateMonitoringSchedule", "sagemaker:UpdateNotebookInstance", "sagemaker:UpdateNotebookInstanceLifecycleConfig", "sagemaker:UpdateTrial", "sagemaker:UpdateTrialComponent", "sagemaker:UpdateUserProfile", "sagemaker:UpdateWorkforce", "sagemaker:UpdateWorkteam", "savingsplans:DeleteQueuedSavingsPlan", "savingsplans:TagResource", "savingsplans:UntagResource", "schemas:CreateDiscoverer", "schemas:CreateRegistry", "schemas:CreateSchema", "schemas:DeleteDiscoverer", "schemas:DeleteRegistry", "schemas:DeleteResourcePolicy", "schemas:DeleteSchema", "schemas:DeleteSchemaVersion", "schemas:PutCodeBinding", "schemas:PutResourcePolicy", "schemas:StartDiscoverer", "schemas:StopDiscoverer", "schemas:TagResource", "schemas:UntagResource", "schemas:UpdateDiscoverer", "schemas:UpdateRegistry", "schemas:UpdateSchema", "sdb:BatchDeleteAttributes", "sdb:BatchPutAttributes", "sdb:CreateDomain", "sdb:DeleteAttributes", "sdb:DeleteDomain", "sdb:PutAttributes", "secretsmanager:CancelRotateSecret", "secretsmanager:DeleteResourcePolicy", "secretsmanager:DeleteSecret", "secretsmanager:GetSecretValue", "secretsmanager:PutResourcePolicy", "secretsmanager:PutSecretValue", "secretsmanager:RestoreSecret", "secretsmanager:RotateSecret", "secretsmanager:TagResource", "secretsmanager:UntagResource", "secretsmanager:UpdateSecret", "secretsmanager:UpdateSecretVersionStage", "secretsmanager:ValidateResourcePolicy", "securityhub:AcceptInvitation", "securityhub:BatchDisableStandards", "securityhub:BatchEnableStandards", "securityhub:BatchImportFindings", "securityhub:BatchUpdateFindings", "securityhub:CreateActionTarget", "securityhub:CreateInsight", "securityhub:CreateMembers", "securityhub:DeclineInvitations", "securityhub:DeleteActionTarget", "securityhub:DeleteInsight", "securityhub:DeleteInvitations", "securityhub:DeleteMembers", "securityhub:DisableImportFindingsForProduct", "securityhub:DisableSecurityHub", "securityhub:DisassociateFromMasterAccount", "securityhub:DisassociateMembers", "securityhub:EnableImportFindingsForProduct", "securityhub:EnableSecurityHub", "securityhub:InviteMembers", "securityhub:TagResource", "securityhub:UntagResource", "securityhub:UpdateActionTarget", "securityhub:UpdateFindings", "securityhub:UpdateInsight", "securityhub:UpdateSecurityHubConfiguration", "securityhub:UpdateStandardsControl", "serverlessrepo:CreateApplicationVersion", "serverlessrepo:CreateCloudFormationChangeSet", "serverlessrepo:CreateCloudFormationTemplate", "serverlessrepo:DeleteApplication", "serverlessrepo:PutApplicationPolicy", "serverlessrepo:UnshareApplication", "serverlessrepo:UpdateApplication", "servicecatalog:AcceptPortfolioShare", "servicecatalog:AssociatePrincipalWithPortfolio", "servicecatalog:AssociateServiceActionWithProvisioningArtifact", "servicecatalog:AssociateTagOptionWithResource", "servicecatalog:CreateConstraint", "servicecatalog:CreatePortfolio", "servicecatalog:CreatePortfolioShare", "servicecatalog:CreateProduct", "servicecatalog:CreateProvisioningArtifact", "servicecatalog:DeletePortfolio", "servicecatalog:DeletePortfolioShare", "servicecatalog:DeleteProduct", "servicecatalog:DeleteProvisioningArtifact", "servicecatalog:DisassociatePrincipalFromPortfolio", "servicecatalog:DisassociateServiceActionFromProvisioningArtifact", "servicecatalog:DisassociateTagOptionFromResource", "servicecatalog:ProvisionProduct", "servicecatalog:RejectPortfolioShare", "servicecatalog:UpdatePortfolio", "servicecatalog:UpdateProduct", "servicecatalog:UpdateProvisioningArtifact", "servicediscovery:CreateService", "servicediscovery:DeleteNamespace", "servicediscovery:DeleteService", "servicediscovery:DeregisterInstance", "servicediscovery:RegisterInstance", "servicediscovery:UpdateService", "servicequotas:PutServiceQuotaIncreaseRequestIntoTemplate", "servicequotas:RequestServiceQuotaIncrease", "ses:SendBulkTemplatedEmail", "ses:SendCustomVerificationEmail", "ses:SendEmail", "ses:SendRawEmail", "ses:SendTemplatedEmail", "shield:CreateProtection", "shield:DeleteProtection", "signer:CancelSigningProfile", "signer:StartSigningJob", "signer:TagResource", "signer:UntagResource", "sns:AddPermission", "sns:ConfirmSubscription", "sns:CreateTopic", "sns:DeleteTopic", "sns:Publish", "sns:RemovePermission", "sns:SetTopicAttributes", "sns:Subscribe", "sns:TagResource", "sns:UntagResource", "sqs:AddPermission", "sqs:ChangeMessageVisibility", "sqs:ChangeMessageVisibilityBatch", "sqs:CreateQueue", "sqs:DeleteMessage", "sqs:DeleteMessageBatch", "sqs:DeleteQueue", "sqs:PurgeQueue", "sqs:RemovePermission", "sqs:SendMessage", "sqs:SendMessageBatch", "sqs:SetQueueAttributes", "sqs:TagQueue", "sqs:UntagQueue", "ssm:AddTagsToResource", "ssm:CreateAssociation", "ssm:CreateAssociationBatch", "ssm:CreateDocument", "ssm:CreateResourceDataSync", "ssm:DeleteAssociation", "ssm:DeleteDocument", "ssm:DeleteMaintenanceWindow", "ssm:DeleteParameter", "ssm:DeleteParameters", "ssm:DeletePatchBaseline", "ssm:DeleteResourceDataSync", "ssm:DeregisterManagedInstance", "ssm:DeregisterPatchBaselineForPatchGroup", "ssm:DeregisterTargetFromMaintenanceWindow", "ssm:DeregisterTaskFromMaintenanceWindow", "ssm:GetParameter", "ssm:GetParameters", "ssm:GetParametersByPath", "ssm:LabelParameterVersion", "ssm:ModifyDocumentPermission", "ssm:PutComplianceItems", "ssm:PutParameter", "ssm:RegisterDefaultPatchBaseline", "ssm:RegisterPatchBaselineForPatchGroup", "ssm:RegisterTargetWithMaintenanceWindow", "ssm:RegisterTaskWithMaintenanceWindow", "ssm:RemoveTagsFromResource", "ssm:ResetServiceSetting", "ssm:ResumeSession", "ssm:SendCommand", "ssm:StartAssociationsOnce", "ssm:StartAutomationExecution", "ssm:StartSession", "ssm:TerminateSession", "ssm:UpdateAssociation", "ssm:UpdateAssociationStatus", "ssm:UpdateDocument", "ssm:UpdateDocumentDefaultVersion", "ssm:UpdateInstanceAssociationStatus", "ssm:UpdateMaintenanceWindow", "ssm:UpdateMaintenanceWindowTarget", "ssm:UpdateMaintenanceWindowTask", "ssm:UpdateManagedInstanceRole", "ssm:UpdatePatchBaseline", "ssm:UpdateResourceDataSync", "ssm:UpdateServiceSetting", "sso:AttachManagedPolicyToPermissionSet", "sso:CreateAccountAssignment", "sso:CreatePermissionSet", "sso:DeleteAccountAssignment", "sso:DeleteInlinePolicyFromPermissionSet", "sso:DeletePermissionSet", "sso:DetachManagedPolicyFromPermissionSet", "sso:ProvisionPermissionSet", "sso:PutInlinePolicyToPermissionSet", "sso:TagResource", "sso:UntagResource", "sso:UpdatePermissionSet", "states:CreateActivity", "states:CreateStateMachine", "states:DeleteActivity", "states:DeleteStateMachine", "states:GetActivityTask", "states:StartExecution", "states:StopExecution", "states:TagResource", "states:UntagResource", "states:UpdateStateMachine", "storagegateway:AddCache", "storagegateway:AddTagsToResource", "storagegateway:AddUploadBuffer", "storagegateway:AddWorkingStorage", "storagegateway:AttachVolume", "storagegateway:CancelArchival", "storagegateway:CancelRetrieval", "storagegateway:CreateCachediSCSIVolume", "storagegateway:CreateNFSFileShare", "storagegateway:CreateSMBFileShare", "storagegateway:CreateSnapshot", "storagegateway:CreateSnapshotFromVolumeRecoveryPoint", "storagegateway:CreateStorediSCSIVolume", "storagegateway:CreateTapeWithBarcode", "storagegateway:CreateTapes", "storagegateway:DeleteBandwidthRateLimit", "storagegateway:DeleteChapCredentials", "storagegateway:DeleteFileShare", "storagegateway:DeleteGateway", "storagegateway:DeleteSnapshotSchedule", "storagegateway:DeleteTape", "storagegateway:DeleteVolume", "storagegateway:DetachVolume", "storagegateway:DisableGateway", "storagegateway:JoinDomain", "storagegateway:NotifyWhenUploaded", "storagegateway:RefreshCache", "storagegateway:RemoveTagsFromResource", "storagegateway:ResetCache", "storagegateway:RetrieveTapeArchive", "storagegateway:RetrieveTapeRecoveryPoint", "storagegateway:SetLocalConsolePassword", "storagegateway:SetSMBGuestPassword", "storagegateway:ShutdownGateway", "storagegateway:StartGateway", "storagegateway:UpdateBandwidthRateLimit", "storagegateway:UpdateChapCredentials", "storagegateway:UpdateGatewayInformation", "storagegateway:UpdateGatewaySoftwareNow", "storagegateway:UpdateMaintenanceStartTime", "storagegateway:UpdateNFSFileShare", "storagegateway:UpdateSMBFileShare", "storagegateway:UpdateSnapshotSchedule", "storagegateway:UpdateVTLDeviceType", "sts:AssumeRole", "sts:AssumeRoleWithSAML", "sts:AssumeRoleWithWebIdentity", "sts:TagSession", "swf:CancelTimer", "swf:CancelWorkflowExecution", "swf:CompleteWorkflowExecution", "swf:ContinueAsNewWorkflowExecution", "swf:DeprecateActivityType", "swf:DeprecateDomain", "swf:DeprecateWorkflowType", "swf:FailWorkflowExecution", "swf:PollForActivityTask", "swf:PollForDecisionTask", "swf:RecordActivityTaskHeartbeat", "swf:RecordMarker", "swf:RegisterActivityType", "swf:RegisterWorkflowType", "swf:RequestCancelActivityTask", "swf:RequestCancelExternalWorkflowExecution", "swf:RequestCancelWorkflowExecution", "swf:RespondActivityTaskCanceled", "swf:RespondActivityTaskCompleted", "swf:RespondActivityTaskFailed", "swf:RespondDecisionTaskCompleted", "swf:ScheduleActivityTask", "swf:SignalExternalWorkflowExecution", "swf:SignalWorkflowExecution", "swf:StartChildWorkflowExecution", "swf:StartTimer", "swf:StartWorkflowExecution", "swf:TagResource", "swf:TerminateWorkflowExecution", "swf:UntagResource", "synthetics:DeleteCanary", "synthetics:StartCanary", "synthetics:StopCanary", "synthetics:TagResource", "synthetics:UntagResource", "synthetics:UpdateCanary", "transfer:CreateUser", "transfer:DeleteServer", "transfer:DeleteSshPublicKey", "transfer:DeleteUser", "transfer:ImportSshPublicKey", "transfer:StartServer", "transfer:StopServer", "transfer:TagResource", "transfer:UntagResource", "transfer:UpdateServer", "transfer:UpdateUser", "trustedadvisor:ExcludeCheckItems", "trustedadvisor:IncludeCheckItems", "trustedadvisor:RefreshCheck", "waf-regional:AssociateWebACL", "waf-regional:CreateByteMatchSet", "waf-regional:CreateGeoMatchSet", "waf-regional:CreateIPSet", "waf-regional:CreateRateBasedRule", "waf-regional:CreateRegexMatchSet", "waf-regional:CreateRegexPatternSet", "waf-regional:CreateRule", "waf-regional:CreateRuleGroup", "waf-regional:CreateSizeConstraintSet", "waf-regional:CreateSqlInjectionMatchSet", "waf-regional:CreateWebACL", "waf-regional:CreateWebACLMigrationStack", "waf-regional:CreateXssMatchSet", "waf-regional:DeleteByteMatchSet", "waf-regional:DeleteGeoMatchSet", "waf-regional:DeleteIPSet", "waf-regional:DeleteLoggingConfiguration", "waf-regional:DeletePermissionPolicy", "waf-regional:DeleteRateBasedRule", "waf-regional:DeleteRegexMatchSet", "waf-regional:DeleteRegexPatternSet", "waf-regional:DeleteRule", "waf-regional:DeleteRuleGroup", "waf-regional:DeleteSizeConstraintSet", "waf-regional:DeleteSqlInjectionMatchSet", "waf-regional:DeleteWebACL", "waf-regional:DeleteXssMatchSet", "waf-regional:DisassociateWebACL", "waf-regional:PutLoggingConfiguration", "waf-regional:PutPermissionPolicy", "waf-regional:TagResource", "waf-regional:UntagResource", "waf-regional:UpdateByteMatchSet", "waf-regional:UpdateGeoMatchSet", "waf-regional:UpdateIPSet", "waf-regional:UpdateRateBasedRule", "waf-regional:UpdateRegexMatchSet", "waf-regional:UpdateRegexPatternSet", "waf-regional:UpdateRule", "waf-regional:UpdateRuleGroup", "waf-regional:UpdateSizeConstraintSet", "waf-regional:UpdateSqlInjectionMatchSet", "waf-regional:UpdateWebACL", "waf-regional:UpdateXssMatchSet", "waf:CreateByteMatchSet", "waf:CreateGeoMatchSet", "waf:CreateIPSet", "waf:CreateRateBasedRule", "waf:CreateRegexMatchSet", "waf:CreateRegexPatternSet", "waf:CreateRule", "waf:CreateRuleGroup", "waf:CreateSizeConstraintSet", "waf:CreateSqlInjectionMatchSet", "waf:CreateWebACL", "waf:CreateWebACLMigrationStack", "waf:CreateXssMatchSet", "waf:DeleteByteMatchSet", "waf:DeleteGeoMatchSet", "waf:DeleteIPSet", "waf:DeleteLoggingConfiguration", "waf:DeletePermissionPolicy", "waf:DeleteRateBasedRule", "waf:DeleteRegexMatchSet", "waf:DeleteRegexPatternSet", "waf:DeleteRule", "waf:DeleteRuleGroup", "waf:DeleteSizeConstraintSet", "waf:DeleteSqlInjectionMatchSet", "waf:DeleteWebACL", "waf:DeleteXssMatchSet", "waf:PutLoggingConfiguration", "waf:PutPermissionPolicy", "waf:TagResource", "waf:UntagResource", "waf:UpdateByteMatchSet", "waf:UpdateGeoMatchSet", "waf:UpdateIPSet", "waf:UpdateRateBasedRule", "waf:UpdateRegexMatchSet", "waf:UpdateRegexPatternSet", "waf:UpdateRule", "waf:UpdateRuleGroup", "waf:UpdateSizeConstraintSet", "waf:UpdateSqlInjectionMatchSet", "waf:UpdateWebACL", "waf:UpdateXssMatchSet", "wafv2:AssociateWebACL", "wafv2:CreateIPSet", "wafv2:CreateRegexPatternSet", "wafv2:CreateRuleGroup", "wafv2:CreateWebACL", "wafv2:DeleteFirewallManagerRuleGroups", "wafv2:DeleteIPSet", "wafv2:DeleteLoggingConfiguration", "wafv2:DeletePermissionPolicy", "wafv2:DeleteRegexPatternSet", "wafv2:DeleteRuleGroup", "wafv2:DeleteWebACL", "wafv2:DisassociateFirewallManager", "wafv2:DisassociateWebACL", "wafv2:PutFirewallManagerRuleGroups", "wafv2:PutLoggingConfiguration", "wafv2:PutPermissionPolicy", "wafv2:TagResource", "wafv2:UntagResource", "wafv2:UpdateIPSet", "wafv2:UpdateRegexPatternSet", "wafv2:UpdateRuleGroup", "wafv2:UpdateWebACL", "wellarchitected:CreateWorkloadShare", "wellarchitected:DeleteWorkload", "worklink:AssociateDomain", "worklink:AssociateWebsiteAuthorizationProvider", "worklink:AssociateWebsiteCertificateAuthority", "worklink:DeleteFleet", "worklink:DisassociateDomain", "worklink:DisassociateWebsiteAuthorizationProvider", "worklink:DisassociateWebsiteCertificateAuthority", "worklink:RestoreDomainAccess", "worklink:RevokeDomainAccess", "worklink:SignOutUser", "worklink:TagResource", "worklink:UntagResource", "worklink:UpdateAuditStreamConfiguration", "worklink:UpdateCompanyNetworkConfiguration", "worklink:UpdateDevicePolicyConfiguration", "worklink:UpdateDomainMetadata", "worklink:UpdateFleetMetadata", "worklink:UpdateIdentityProviderConfiguration", "workmail:AddMembersToGroup", "workmail:AssociateDelegateToResource", "workmail:AssociateMemberToGroup", "workmail:CreateAlias", "workmail:CreateGroup", "workmail:CreateInboundMailFlowRule", "workmail:CreateMailDomain", "workmail:CreateMailUser", "workmail:CreateOutboundMailFlowRule", "workmail:CreateResource", "workmail:CreateSmtpGateway", "workmail:CreateUser", "workmail:DeleteAccessControlRule", "workmail:DeleteAlias", "workmail:DeleteGroup", "workmail:DeleteInboundMailFlowRule", "workmail:DeleteMailDomain", "workmail:DeleteMailboxPermissions", "workmail:DeleteMobileDevice", "workmail:DeleteOrganization", "workmail:DeleteOutboundMailFlowRule", "workmail:DeleteResource", "workmail:DeleteRetentionPolicy", "workmail:DeleteSmtpGateway", "workmail:DeleteUser", "workmail:DeregisterFromWorkMail", "workmail:DisableMailGroups", "workmail:DisableMailUsers", "workmail:DisassociateDelegateFromResource", "workmail:DisassociateMemberFromGroup", "workmail:EnableMailDomain", "workmail:EnableMailGroups", "workmail:EnableMailUsers", "workmail:PutAccessControlRule", "workmail:PutMailboxPermissions", "workmail:PutRetentionPolicy", "workmail:RegisterToWorkMail", "workmail:RemoveMembersFromGroup", "workmail:ResetPassword", "workmail:ResetUserPassword", "workmail:SetAdmin", "workmail:SetDefaultMailDomain", "workmail:SetJournalingRules", "workmail:SetMailGroupDetails", "workmail:SetMailUserDetails", "workmail:SetMobilePolicyDetails", "workmail:TagResource", "workmail:TestInboundMailFlowRules", "workmail:TestOutboundMailFlowRules", "workmail:UntagResource", "workmail:UpdateInboundMailFlowRule", "workmail:UpdateMailboxQuota", "workmail:UpdateOutboundMailFlowRule", "workmail:UpdatePrimaryEmailAddress", "workmail:UpdateResource", "workmail:UpdateSmtpGateway", "workmail:WipeMobileDevice", "workspaces:AuthorizeIpRules", "workspaces:CreateWorkspaces", "workspaces:DeleteIpGroup", "workspaces:ModifyClientProperties", "workspaces:ModifyWorkspaceProperties", "workspaces:ModifyWorkspaceState", "workspaces:RebootWorkspaces", "workspaces:RebuildWorkspaces", "workspaces:RevokeIpRules", "workspaces:StartWorkspaces", "workspaces:StopWorkspaces", "workspaces:TerminateWorkspaces", "workspaces:UpdateRulesOfIpGroup", "xray:CreateGroup", "xray:CreateSamplingRule", "xray:DeleteGroup", "xray:DeleteSamplingRule", "xray:TagResource", "xray:UntagResource", "xray:UpdateGroup", "xray:UpdateSamplingRule", "iam:CreateServiceLinkedRole", "iam:DeleteServiceLinkedRole"], "is_excluded": false}}, "customer_managed_policies": {"NotYourPolicy": {"PolicyName": "NotYourPolicy", "PolicyId": "NotYourPolicy", "Arn": "arn:aws:iam::012345678901:policy/NotYourPolicy", "Path": "/", "DefaultVersionId": "v9", "AttachmentCount": 1, "IsAttachable": true, "CreateDate": "2020-01-29 21:24:20+00:00", "UpdateDate": "2020-01-29 23:23:12+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Sid": "VisualEditor0", "Effect": "Allow", "Action": ["s3:PutObject", "s3:PutObjectAcl"], "Resource": ["arn:aws:s3:::mybucket/*", "arn:aws:s3:::mybucket"]}]}, "VersionId": "v9", "IsDefaultVersion": true, "CreateDate": "2020-01-29 23:23:12+00:00"}], "PrivilegeEscalation": [], "DataExfiltration": [], "ResourceExposure": [], "ServiceWildcard": [], "CredentialsExposure": [], "InfrastructureModification": [], "is_excluded": false}, "InsecurePolicy": {"PolicyName": "InsecurePolicy", "PolicyId": "InsecurePolicy", "Arn": "arn:aws:iam::012345678901:policy/InsecurePolicy", "Path": "/", "DefaultVersionId": "v9", "AttachmentCount": 1, "IsAttachable": true, "CreateDate": "2020-01-29 21:24:20+00:00", "UpdateDate": "2020-01-29 23:23:12+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Sid": "VisualEditor0", "Effect": "Allow", "Action": ["s3:PutObject", "s3:PutObjectAcl"], "Resource": ["*"]}]}, "VersionId": "v9", "IsDefaultVersion": true, "CreateDate": "2020-01-29 23:23:12+00:00"}], "PrivilegeEscalation": [], "DataExfiltration": [], "ResourceExposure": ["s3:PutObjectAcl"], "ServiceWildcard": [], "CredentialsExposure": [], "InfrastructureModification": ["s3:PutObject", "s3:PutObjectAcl"], "is_excluded": false}, "ExcessivePermissions": {"PolicyName": "ExcessivePermissions", "PolicyId": "ExcessivePermissions", "Arn": "arn:aws:iam::012345678901:policy/ExcessivePermissions", "Path": "/", "DefaultVersionId": "v9", "AttachmentCount": 1, "IsAttachable": true, "CreateDate": "2020-01-29 21:24:20+00:00", "UpdateDate": "2020-01-29 23:23:12+00:00", "PolicyVersionList": [{"Document": {"Version": "2012-10-17", "Statement": [{"Sid": "VisualEditor0", "Effect": "Allow", "Action": ["s3:*", "secretsmanager:*", "lambda:*"], "Resource": ["*"]}]}, "VersionId": "v9", "IsDefaultVersion": true, "CreateDate": "2020-01-29 23:23:12+00:00"}], "PrivilegeEscalation": [{"type": "EditExistingLambdaFunctionWithRole", "actions": ["lambda:updatefunctioncode"]}], "DataExfiltration": ["s3:GetObject", "secretsmanager:GetSecretValue"], "ResourceExposure": ["lambda:AddLayerVersionPermission", "lambda:AddPermission", "lambda:DisableReplication", "lambda:EnableReplication", "lambda:RemoveLayerVersionPermission", "lambda:RemovePermission", "s3:BypassGovernanceRetention", "s3:DeleteAccessPointPolicy", "s3:DeleteBucketPolicy", "s3:ObjectOwnerOverrideToBucketOwner", "s3:PutAccessPointPolicy", "s3:PutAccountPublicAccessBlock", "s3:PutBucketAcl", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", "s3:PutObjectAcl", "s3:PutObjectVersionAcl", "secretsmanager:DeleteResourcePolicy", "secretsmanager:PutResourcePolicy", "secretsmanager:ValidateResourcePolicy"], "ServiceWildcard": ["lambda", "s3", "secretsmanager"], "CredentialsExposure": [], "InfrastructureModification": ["lambda:AddLayerVersionPermission", "lambda:AddPermission", "lambda:CreateAlias", "lambda:CreateFunction", "lambda:DeleteAlias", "lambda:DeleteEventSourceMapping", "lambda:DeleteFunction", "lambda:DeleteFunctionConcurrency", "lambda:DeleteFunctionEventInvokeConfig", "lambda:DeleteLayerVersion", "lambda:DeleteProvisionedConcurrencyConfig", "lambda:DisableReplication", "lambda:EnableReplication", "lambda:InvokeAsync", "lambda:InvokeFunction", "lambda:PublishLayerVersion", "lambda:PublishVersion", "lambda:PutFunctionConcurrency", "lambda:PutFunctionEventInvokeConfig", "lambda:PutProvisionedConcurrencyConfig", "lambda:RemoveLayerVersionPermission", "lambda:RemovePermission", "lambda:TagResource", "lambda:UntagResource", "lambda:UpdateAlias", "lambda:UpdateEventSourceMapping", "lambda:UpdateFunctionCode", "lambda:UpdateFunctionConfiguration", "lambda:UpdateFunctionEventInvokeConfig", "s3:AbortMultipartUpload", "s3:BypassGovernanceRetention", "s3:CreateAccessPoint", "s3:CreateBucket", "s3:DeleteAccessPoint", "s3:DeleteAccessPointPolicy", "s3:DeleteBucket", "s3:DeleteBucketPolicy", "s3:DeleteBucketWebsite", "s3:DeleteJobTagging", "s3:DeleteObject", "s3:DeleteObjectTagging", "s3:DeleteObjectVersion", "s3:DeleteObjectVersionTagging", "s3:GetObject", "s3:ObjectOwnerOverrideToBucketOwner", "s3:PutAccelerateConfiguration", "s3:PutAccessPointPolicy", "s3:PutAnalyticsConfiguration", "s3:PutBucketAcl", "s3:PutBucketCORS", "s3:PutBucketLogging", "s3:PutBucketNotification", "s3:PutBucketObjectLockConfiguration", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", "s3:PutBucketRequestPayment", "s3:PutBucketTagging", "s3:PutBucketVersioning", "s3:PutBucketWebsite", "s3:PutEncryptionConfiguration", "s3:PutInventoryConfiguration", "s3:PutJobTagging", "s3:PutLifecycleConfiguration", "s3:PutMetricsConfiguration", "s3:PutObject", "s3:PutObjectAcl", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", "s3:PutObjectVersionAcl", "s3:PutObjectVersionTagging", "s3:PutReplicationConfiguration", "s3:ReplicateDelete", "s3:ReplicateObject", "s3:ReplicateTags", "s3:RestoreObject", "s3:UpdateJobPriority", "s3:UpdateJobStatus", "secretsmanager:CancelRotateSecret", "secretsmanager:DeleteResourcePolicy", "secretsmanager:DeleteSecret", "secretsmanager:GetSecretValue", "secretsmanager:PutResourcePolicy", "secretsmanager:PutSecretValue", "secretsmanager:RestoreSecret", "secretsmanager:RotateSecret", "secretsmanager:TagResource", "secretsmanager:UntagResource", "secretsmanager:UpdateSecret", "secretsmanager:UpdateSecretVersionStage", "secretsmanager:ValidateResourcePolicy"], "is_excluded": false}}, "inline_policies": {"ffd2b5250e18691dbd9f0fb8b36640ec574867835837f17d39f859c3193fb3f2": {"PolicyName": "InlinePolicyForAdminGroup", "PolicyId": "ffd2b5250e18691dbd9f0fb8b36640ec574867835837f17d39f859c3193fb3f2", "PolicyDocument": {"Version": "2012-10-17", "Statement": [{"Sid": "VisualEditor0", "Effect": "Allow", "Action": ["s3:*"], "Resource": "*"}]}, "PrivilegeEscalation": [], "DataExfiltration": ["s3:GetObject"], "ResourceExposure": ["s3:BypassGovernanceRetention", "s3:DeleteAccessPointPolicy", "s3:DeleteBucketPolicy", "s3:ObjectOwnerOverrideToBucketOwner", "s3:PutAccessPointPolicy", "s3:PutAccountPublicAccessBlock", "s3:PutBucketAcl", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", "s3:PutObjectAcl", "s3:PutObjectVersionAcl"], "ServiceWildcard": ["s3"], "CredentialsExposure": [], "InfrastructureModification": ["s3:AbortMultipartUpload", "s3:BypassGovernanceRetention", "s3:CreateAccessPoint", "s3:CreateBucket", "s3:DeleteAccessPoint", "s3:DeleteAccessPointPolicy", "s3:DeleteBucket", "s3:DeleteBucketPolicy", "s3:DeleteBucketWebsite", "s3:DeleteJobTagging", "s3:DeleteObject", "s3:DeleteObjectTagging", "s3:DeleteObjectVersion", "s3:DeleteObjectVersionTagging", "s3:GetObject", "s3:ObjectOwnerOverrideToBucketOwner", "s3:PutAccelerateConfiguration", "s3:PutAccessPointPolicy", "s3:PutAnalyticsConfiguration", "s3:PutBucketAcl", "s3:PutBucketCORS", "s3:PutBucketLogging", "s3:PutBucketNotification", "s3:PutBucketObjectLockConfiguration", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", "s3:PutBucketRequestPayment", "s3:PutBucketTagging", "s3:PutBucketVersioning", "s3:PutBucketWebsite", "s3:PutEncryptionConfiguration", "s3:PutInventoryConfiguration", "s3:PutJobTagging", "s3:PutLifecycleConfiguration", "s3:PutMetricsConfiguration", "s3:PutObject", "s3:PutObjectAcl", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", "s3:PutObjectVersionAcl", "s3:PutObjectVersionTagging", "s3:PutReplicationConfiguration", "s3:ReplicateDelete", "s3:ReplicateObject", "s3:ReplicateTags", "s3:RestoreObject", "s3:UpdateJobPriority", "s3:UpdateJobStatus"], "is_excluded": false}, "e8bca32ff7d1f7990d71c64d95a04b7caa5aad5791f06f69db59653228c6853d": {"PolicyName": "InlinePolicyForBidenGroup", "PolicyId": "e8bca32ff7d1f7990d71c64d95a04b7caa5aad5791f06f69db59653228c6853d", "PolicyDocument": {"Version": "2012-10-17", "Statement": [{"Sid": "VisualEditor0", "Effect": "Allow", "Action": ["s3:GetObject", "s3:PutObjectAcl"], "Resource": "*"}]}, "PrivilegeEscalation": [], "DataExfiltration": ["s3:GetObject"], "ResourceExposure": ["s3:PutObjectAcl"], "ServiceWildcard": [], "CredentialsExposure": [], "InfrastructureModification": ["s3:GetObject", "s3:PutObjectAcl"], "is_excluded": false}, "0568550cb147d2434f6c04641e921f18fe1b7b1fd0b5af5acf514d33d204faca": {"PolicyName": "EC2-IAM-example", "PolicyId": "0568550cb147d2434f6c04641e921f18fe1b7b1fd0b5af5acf514d33d204faca", "PolicyDocument": {"Version": "2012-10-17", "Statement": [{"Sid": "VisualEditor0", "Effect": "Allow", "Action": ["iam:CreateInstanceProfile", "iam:ListInstanceProfilesForRole", "iam:PassRole", "ec2:DescribeIamInstanceProfileAssociations", "iam:GetInstanceProfile", "ec2:DisassociateIamInstanceProfile", "ec2:AssociateIamInstanceProfile", "iam:AddRoleToInstanceProfile"], "Resource": "*"}]}, "PrivilegeEscalation": [], "DataExfiltration": [], "ResourceExposure": ["iam:AddRoleToInstanceProfile", "iam:CreateInstanceProfile", "iam:PassRole"], "ServiceWildcard": [], "CredentialsExposure": [], "InfrastructureModification": ["ec2:AssociateIamInstanceProfile", "ec2:DisassociateIamInstanceProfile", "iam:AddRoleToInstanceProfile", "iam:CreateInstanceProfile", "iam:PassRole"], "is_excluded": false}, "d09fe3603cd65058b6e2d9817cf37093e83e98318a56ce1e29c8491ac989e57e": {"PolicyName": "OverprivilegedEC2", "PolicyId": "d09fe3603cd65058b6e2d9817cf37093e83e98318a56ce1e29c8491ac989e57e", "PolicyDocument": {"Version": "2012-10-17", "Statement": [{"Sid": "VisualEditor0", "Effect": "Allow", "Action": ["secretsmanager:GetSecretValue", "s3:GetObject", "iam:CreateAccessKey"], "Resource": "*"}]}, "PrivilegeEscalation": [{"type": "CreateAccessKey", "actions": ["iam:createaccesskey"]}], "DataExfiltration": ["s3:GetObject", "secretsmanager:GetSecretValue"], "ResourceExposure": ["iam:CreateAccessKey"], "ServiceWildcard": [], "CredentialsExposure": ["iam:CreateAccessKey"], "InfrastructureModification": ["iam:CreateAccessKey", "s3:GetObject", "secretsmanager:GetSecretValue"], "is_excluded": false}, "354d81e1788639707f707738fb4c630cb7c5d23614cc467ff9a469a670049e3f": {"PolicyName": "InsecureUserPolicy", "PolicyId": "354d81e1788639707f707738fb4c630cb7c5d23614cc467ff9a469a670049e3f", "PolicyDocument": {"Version": "2012-10-17", "Statement": [{"Sid": "VisualEditor0", "Effect": "Allow", "Action": ["s3:PutObject", "s3:PutObjectAcl", "s3:GetObject"], "Resource": ["*"]}]}, "PrivilegeEscalation": [], "DataExfiltration": ["s3:GetObject"], "ResourceExposure": ["s3:PutObjectAcl"], "ServiceWildcard": [], "CredentialsExposure": [], "InfrastructureModification": ["s3:GetObject", "s3:PutObject", "s3:PutObjectAcl"], "is_excluded": false}}, "exclusions": {"policies": ["AWSServiceRoleFor*", "*ServiceRolePolicy", "*ServiceLinkedRolePolicy", "AdministratorAccess", "service-role*", "aws-service-role*", "/service-role*", "/aws-service-role*", "MyRole"], "roles": ["service-role*", "aws-service-role*"], "users": [""], "groups": [""], "include-actions": ["s3:GetObject", "ssm:GetParameter", "ssm:GetParameters", "ssm:GetParametersByPath", "secretsmanager:GetSecretValue", "rds:CopyDBSnapshot", "rds:CreateDBSnapshot"], "exclude-actions": [""]}}
console.log(account_id);
console.log(isLocalExample);
console.log(`iam data keys: ${Object.keys(iam_data)}`);
</script>
<script type="text/javascript" src="https://cdn.jsdelivr.net/gh/salesforce/[email protected]/cloudsplaining/output/dist/js/chunk-vendors.js"></script>
<script type="text/javascript" src="https://cdn.jsdelivr.net/gh/salesforce/[email protected]/cloudsplaining/output/dist/js/index.js"></script>
</body>
<!-- Bootstrap-->
<script src="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js"
integrity="sha384-wfSDF2E50Y2D1uUdj0O3uMBJnjuUD4Ih7YwaYd1iqfktj0Uod8GCExl3Og8ifwB6"
crossorigin="anonymous"></script>
</html>