AWS IAM Role Permission Policy

When you define an Amazon user, you are required to provide a security policy. The following text is an example of a security policy.


{ “Version”: “2012-10-17”, “Statement”: [ { “Action”: [ “ec2:AllocateAddress”, “ec2:AssignPrivateIpAddresses”, “ec2:Associate*”, “ec2:Attach*”, “ec2:AuthorizeSecurityGroup*”, “ec2:Copy*”, “ec2:Create*”, “ec2 DeleteInternetGateway”, “ec2 DeleteNetworkAcl”, “ec2 DeleteNetworkAclEntry”, “ec2 DeleteNetworkInterface”, “ec2 DeletePlacementGroup”, “ec2 DeleteRoute”, “ec2 DeleteRouteTable”, “ec2 DeleteSecurityGroup”, “ec2 DeleteSnapshot”, “ec2 DeleteSubnet”, “ec2 DeleteTags”, “ec2 DeleteVolume”, “ec2 DeleteVpc”, “ec2 DeleteKeypair”, “ec2 Describe*”, “ec2 Detach*”, “ec2 DisassociateAddress”, “ec2 DisassociateRouteTable”, “ec2:EnableVolumeIO”, “ec2:GetConsoleOutput”, “ec2:ModifyImageAttribute”, “ec2:ModifyInstanceAttribute”, “ec2:ModifyNetworkInterfaceAttribute”, “ec2:ModifySnapshotAttribute”, “ec2:ModifyVolumeAttribute”, “ec2:ModifyVpcAttribute”, “ec2:MonitorInstances”, “ec2:ReleaseAddress”, “ec2:ReplaceNetworkAclAssociation”, “ec2:ReplaceNetworkAclEntry”, “ec2:ReplaceRoute”, “ec2:ReplaceRouteTableAssociation”, “ec2:ReportInstanceStatus”, “ec2:ResetImageAttribute”, “ec2:ResetInstanceAttribute”, “ec2:ResetNetworkInterfaceAttribute”, “ec2:ResetSnapshotAttribute”, “ec2:RevokeSecurityGroup*”, “ec2:RunInstances”, “ec2:StartInstances”, “ec2:UnassignPrivateIpAddresses”, “ec2:UnmonitorInstances”, “ec2:ImportKeyPair” ], “Resource”: “”, “Effect”: “Allow”, “Sid”: “Stmt1407961327680” }, { “Action”: [ “iam PassRole” ], “Resource”: “”, “Effect”: “Allow”, “Sid”: “Stmt1407961362664” }, { “Action”: [ “s3:CreateBucket”, “s3:Get*”, “s3:List*” ], “Resource”: “”, “Effect”: “Allow”, “Sid”: “Stmt1407961630932” }, { “Action”: [ “s3 Put”, “s3:Get*”, “s3 DeleteObject*”, “s3 DeleteBucket*” ], “Resource”: “arn:aws:s3:::”, “Effect”: “Allow”, “Sid”: “Stmt1407961734627” }, { “Condition”: { “StringEquals”: { “ec2:ResourceTag/CreatedBy”: “EnterpriseDB” } }, “Action”: [ “ec2:RebootInstances”, “ec2:StopInstances”, “ec2:TerminateInstances” ], “Resource”: “”, “Effect”: “Allow”, “Sid”: “Stmt1407961927870” } ] }