924352a051
* Combine testing policies Because of the maximum of 10 policies per group, need to consolidate testing policies as best we can. * Tidy put-account-setting tasks and add permission Using `environment` and `command` rather than `shell` avoids the need for `no_log` and means that people can fix the problem * refactor ecs_cluster test suite move from runme.sh technique to virtualenv use ec2_instance rather than ec2 module to avoid need for boto
83 lines
2.7 KiB
JSON
83 lines
2.7 KiB
JSON
{
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Sid": "AllowRDSModuleTests",
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"rds:DescribeDBInstances",
|
|
"rds:CreateDBInstance",
|
|
"rds:ModifyDBInstance",
|
|
"rds:ListTagsForResource",
|
|
"rds:DeleteDBInstance"
|
|
],
|
|
"Resource": [
|
|
"arn:aws:rds:{{aws_region}}:{{aws_account}}:db:ansible-testing*"
|
|
]
|
|
},
|
|
{
|
|
"Sid": "AllowRDSInstanceManageOwnInstance",
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"rds:CreateDBInstance",
|
|
"rds:ModifyDBInstance",
|
|
"rds:ListTagsForResource",
|
|
"rds:DescribeDBInstances"
|
|
],
|
|
"Resource": [
|
|
"arn:aws:rds:{{aws_region}}:{{aws_account}}:db:rds-*"
|
|
]
|
|
},
|
|
{
|
|
"Sid": "AllowRDSSnapshotManageSnapshots",
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"rds:DescribeDBSnapshots",
|
|
"rds:DescribeDBInstances",
|
|
"rds:DescribeDBSnapshots",
|
|
"rds:DeleteDBInstance",
|
|
"rds:CreateDBSnapshot",
|
|
"rds:DeleteDBSnapshot",
|
|
"rds:RestoreDBInstanceFromDBSnapshot",
|
|
"rds:CreateDBInstanceReadReplica"
|
|
],
|
|
"Resource": [
|
|
"arn:aws:rds:{{aws_region}}:{{aws_account}}:snapshot:snapshot-*",
|
|
"arn:aws:rds:{{aws_region}}:{{aws_account}}:snapshot:rds-*",
|
|
"arn:aws:rds:{{aws_region}}:{{aws_account}}:db:rds-*"
|
|
]
|
|
},
|
|
{
|
|
"Sid": "AllowRDSParameterGroupManagement",
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"rds:DescribeDBParameterGroups",
|
|
"rds:DescribeDBParameters",
|
|
"rds:CreateDBParameterGroup",
|
|
"rds:DeleteDBParameterGroup",
|
|
"rds:ModifyDBParameterGroup",
|
|
"rds:ListTagsForResource",
|
|
"rds:AddTagsToResource",
|
|
"rds:RemoveTagsFromResource"
|
|
],
|
|
"Resource": [
|
|
"arn:aws:rds:{{aws_region}}:{{aws_account}}:pg:*"
|
|
]
|
|
},
|
|
{
|
|
"Sid": "AllowRedshiftManagment",
|
|
"Action": [
|
|
"redshift:CreateCluster",
|
|
"redshift:CreateTags",
|
|
"redshift:DeleteCluster",
|
|
"redshift:DeleteTags",
|
|
"redshift:DescribeClusters",
|
|
"redshift:DescribeTags",
|
|
"redshift:ModifyCluster",
|
|
"redshift:RebootCluster"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": "*"
|
|
}
|
|
]
|
|
}
|