{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowDescribeAllEC2", "Effect": "Allow", "Action": [ "ec2:Describe*" ], "Resource": [ "arn:aws:ec2:{{aws_region}}:{{aws_account}}:*" ] }, { "Sid": "MiscPrivilegesNeededByEC2Tests", "Effect": "Allow", "Action": [ "ec2:CreateKeyPair", "ec2:CreateNatGateway", "ec2:DeleteKeyPair", "ec2:ImportKeyPair", "ec2:RunInstances", "ec2:CreateTags", "ec2:TerminateInstances", "ec2:AllocateAddress", "ec2:AssociateAddress", "ec2:DisassociateAddress", "ec2:ReleaseAddress", "ec2:CreateSubnet", "ec2:CreateVpc", "ec2:CreateRouteTable", "ec2:ModifyRouteTable", "ec2:DescribeRouteTable", "ec2:AssociateRouteTable", "ec2:DisassociateRouteTable", "ec2:ModifyVpcAttribute", "ec2:CreateInternetGateway", "ec2:AttachInternetGateway", "ec2:DeleteNatGateway" ], "Resource": [ "arn:aws:ec2:{{aws_region}}:{{aws_account}}:*" ] }, { "Sid": "AllowManageSecurityGroupsForSetup", "Effect": "Allow", "Action": [ "ec2:DescribeSecurityGroups", "ec2:CreateSecurityGroup", "ec2:RevokeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:DeleteSecurityGroup", "ec2:RevokeSecurityGroupIngress" ], "Resource": [ "arn:aws:ec2:{{aws_region}}:{{aws_account}}:security-group/*" ] }, { "Sid": "AllowAutoscaling", "Effect": "Allow", "Action": [ "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeLaunchConfigurations", "autoscaling:CreateLaunchConfiguration", "autoscaling:CreateAutoScalingGroup", "autoscaling:UpdateAutoScalingGroup", "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteLaunchConfiguration" ], "Resource": [ "arn:aws:autoscaling:{{aws_region}}:{{aws_account}}:*" ] }, { "Sid": "AllowReadAllLoadBalancers", "Effect": "Allow", "Action": [ "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:DescribeInstanceHealth" ], "Resource": [ "arn:aws:elasticloadbalancing:{{aws_region}}:{{aws_account}}:loadbalancer/*" ] }, { "Sid": "AllowManagementofOwnLoadBalancers", "Effect": "Allow", "Action": [ "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:CreateLoadBalancer", "elasticloadbalancing:DeleteLoadBalancer", "elasticloadbalancing:ConfigureHealthCheck", "elasticloadbalancing:DescribeLoadBalancerAttributes", "elasticloadbalancing:ModifyLoadBalancerAttributes", "elasticloadbalancing:EnableAvailabilityZonesForLoadBalancer", "elasticloadbalancing:DisableAvailabilityZonesForLoadBalancer", "elasticloadbalancing:DeleteLoadBalancerListeners", "elasticloadbalancing:CreateLoadBalancerListeners", "elasticloadbalancing:RegisterInstancesWithLoadBalancer", "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", "elasticloadbalancing:DescribeInstanceHealth" ], "Resource": [ "arn:aws:elasticloadbalancing:{{aws_region}}:{{aws_account}}:loadbalancer/ansible-testing-*" ] }, { "Sid": "AllowCodeRepositories", "Effect": "Allow", "Action": [ "ecr:DescribeRepositories", "ecr:CreateRepository", "ecr:DescribeRepositories", "ecr:GetRepositoryPolicy", "ecr:DescribeRepositories", "ecr:SetRepositoryPolicy", "ecr:DeleteRepository", "ecr:DeleteRepositoryPolicy", "ecr:DeleteRepositoryPolicy" ], "Resource": [ "arn:aws:ecr:{{aws_region}}:{{aws_account}}:repository/ansible-*" ] }, { "Sid": "AllowOldRDSModule", "Effect": "Allow", "Action": [ "rds:DescribeDBInstances", "rds:CreateDBInstance", "rds:ModifyDBInstance", "rds:DeleteDBInstance" ], "Resource": [ "arn:aws:rds:{{aws_region}}:{{aws_account}}:db:ansible-testing*" ] }, { "Sid": "AllowRDSModuleCompatibilityTests", "Effect": "Allow", "Action": [ "rds:DescribeDBInstances", "rds:CreateDBInstance", "rds:ModifyDBInstance", "rds:ListTagsForResource", "rds:DeleteDBInstance" ], "Resource": [ "arn:aws:rds:{{aws_region}}:{{aws_account}}:db:ansible-testing*" ] }, { "Sid": "AllowRDSInstanceManageOwnInstance", "Effect": "Allow", "Action": [ "rds:CreateDBInstance", "rds:ModifyDBInstance", "rds:ListTagsForResource", "rds:DescribeDBInstances" ], "Resource": [ "arn:aws:rds:{{aws_region}}:{{aws_account}}:db:rds-*" ] }, { "Sid": "AllowRDSSnapshotManageSnapshots", "Effect": "Allow", "Action": [ "rds:DescribeDBSnapshots", "rds:DescribeDBInstances", "rds:DescribeDBSnapshots", "rds:DeleteDBInstance", "rds:CreateDBSnapshot", "rds:DeleteDBSnapshot", "rds:RestoreDBInstanceFromDBSnapshot", "rds:CreateDBInstanceReadReplica" ], "Resource": [ "arn:aws:rds:{{aws_region}}:{{aws_account}}:snapshot:snapshot-*", "arn:aws:rds:{{aws_region}}:{{aws_account}}:snapshot:rds-*", "arn:aws:rds:{{aws_region}}:{{aws_account}}:db:rds-*" ] }, { "Sid": "AlowS3AnsibleTestBuckets", "Action": [ "s3:GetObject", "s3:ListBucket", "s3:PutBucketAcl", "s3:CreateBucket", "s3:PutObject", "s3:PutObjectAcl", "s3:DeleteBucket", "s3:DeleteObject" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::ansible_test_*", "arn:aws:s3:::ansible_test_*/*" ] }, { "Sid": "AllowApiGateway", "Effect": "Allow", "Action": [ "apigateway:*" ], "Resource": [ "arn:aws:apigateway:us-east-1::*" ] }, { "Sid": "AllowGetUserForLambdaCreation", "Effect": "Allow", "Action": [ "iam:GetUser" ], "Resource": [ "arn:aws:iam::459030870916:user/ansible_integration_tests" ] }, { "Sid": "AllowLambdaManagementxxxWildcardDoesntWorkRight", "Effect": "Allow", "Action": [ "lambda:*" ], "Resource": [ "arn:aws:lambda:{{aws_region}}:{{aws_account}}:function:*" ] }, { "Sid": "AllowLambdaRoleManagement", "Effect": "Allow", "Action": [ "iam:PassRole" ], "Resource": [ "arn:aws:iam::459030870916:role/ansible_lambda_role" ] } ] }