d2569a3f7d
* Improve iam_group exception handling Use AnsibleAWSModule for iam_group and handle BotoCoreErrors as well as ClientErrors. Use fail_json_aws to improve error messages * Add minimal iam_group test suite Update some of the read-only IAM permissions (this is not sufficient to run the test suite but it gets further than it did until it tries to add a (non-existent) user) * Clean up after tests
36 lines
1 KiB
JSON
36 lines
1 KiB
JSON
{
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Action": [
|
|
"iam:GetGroup",
|
|
"iam:GetInstanceProfile",
|
|
"iam:GetPolicy",
|
|
"iam:GetPolicyVersion",
|
|
"iam:GetRole",
|
|
"iam:GetRolePolicy",
|
|
"iam:GetUser",
|
|
"iam:ListAttachedGroupPolicies",
|
|
"iam:ListAttachedRolePolicies",
|
|
"iam:ListAttachedUserPolicies",
|
|
"iam:ListGroups",
|
|
"iam:ListInstanceProfiles",
|
|
"iam:ListInstanceProfilesForRole",
|
|
"iam:ListPolicies",
|
|
"iam:ListRoles",
|
|
"iam:ListRolePolicies",
|
|
"iam:ListUsers",
|
|
"iam:ListAccountAliases"
|
|
],
|
|
"Resource": "*",
|
|
"Effect": "Allow",
|
|
"Sid": "AllowReadOnlyIAMUse"
|
|
},
|
|
{
|
|
"Sid": "AllowWAFusage",
|
|
"Action": "waf:*",
|
|
"Effect": "Allow",
|
|
"Resource": "*"
|
|
}
|
|
]
|
|
}
|