ansible/hacking/aws_config/testing_policies/database-policy.json
Will Thames 1ca0c0e7f7 Consolidate IAM policies into fewer, larger policies (#33122)
Due to IAM limits allowing at most 10 policies per group,
need to reduce the number of total policies in use.
2017-11-21 17:15:31 -05:00

68 lines
2.3 KiB
JSON

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowRDSModuleTests",
"Effect": "Allow",
"Action": [
"rds:DescribeDBInstances",
"rds:CreateDBInstance",
"rds:ModifyDBInstance",
"rds:ListTagsForResource",
"rds:DeleteDBInstance"
],
"Resource": [
"arn:aws:rds:{{aws_region}}:{{aws_account}}:db:ansible-testing*"
]
},
{
"Sid": "AllowRDSInstanceManageOwnInstance",
"Effect": "Allow",
"Action": [
"rds:CreateDBInstance",
"rds:ModifyDBInstance",
"rds:ListTagsForResource",
"rds:DescribeDBInstances"
],
"Resource": [
"arn:aws:rds:{{aws_region}}:{{aws_account}}:db:rds-*"
]
},
{
"Sid": "AllowRDSSnapshotManageSnapshots",
"Effect": "Allow",
"Action": [
"rds:DescribeDBSnapshots",
"rds:DescribeDBInstances",
"rds:DescribeDBSnapshots",
"rds:DeleteDBInstance",
"rds:CreateDBSnapshot",
"rds:DeleteDBSnapshot",
"rds:RestoreDBInstanceFromDBSnapshot",
"rds:CreateDBInstanceReadReplica"
],
"Resource": [
"arn:aws:rds:{{aws_region}}:{{aws_account}}:snapshot:snapshot-*",
"arn:aws:rds:{{aws_region}}:{{aws_account}}:snapshot:rds-*",
"arn:aws:rds:{{aws_region}}:{{aws_account}}:db:rds-*"
]
},
{
"Sid": "AllowRDSParameterGroupManagement",
"Effect": "Allow",
"Action": [
"rds:DescribeDBParameterGroups",
"rds:DescribeDBParameters",
"rds:CreateDBParameterGroup",
"rds:DeleteDBParameterGroup",
"rds:ModifyDBParameterGroup",
"rds:ListTagsForResource",
"rds:AddTagsToResource",
"rds:RemoveTagsFromResource"
],
"Resource": [
"arn:aws:rds:{{aws_region}}:{{aws_account}}:pg:*"
]
}
]
}