{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:Get*"
],
"Resource": [
"arn:aws:s3:::No data available/*",
"arn:aws:s3:::No data available"
]
},
{
"Effect": "Allow",
"Action": [
"s3:Put*"
],
"Resource": [
"arn:aws:s3:::prod-invoice-update/*",
"arn:aws:s3:::prod-invoice-update"
]
},
{
"Effect": "Allow",
"Action": "ec2:Describe*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "organizations:ListAccounts",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "elasticloadbalancing:Describe*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketVersions",
"s3:GetBucketVersioning",
"s3:GetLifecycleConfiguration",
"s3:GetEncryptionConfiguration",
"s3:ListAllMyBuckets",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"cloudwatch:ListMetrics",
"cloudwatch:GetMetricStatistics",
"cloudwatch:GetMetricData",
"logs:DescribeLogGroups",
"logs:GetQueryResults"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"logs:CreateExportTask",
"logs:StartQuery"
],
"Resource": [
"arn:aws:logs:*:*:log-group:/aws/containerinsights/*/performance",
"arn:aws:logs:*:*:log-group:/aws/containerinsights/*/performance:*",
"arn:aws:logs:*:*:log-group:/aws/containerinsights/*/performance:*:*"
]
},
{
"Effect": "Allow",
"Action": "autoscaling:Describe*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"eks:ListFargateProfiles",
"eks:DescribeNodegroup",
"eks:ListNodegroups",
"eks:DescribeFargateProfile",
"eks:ListTagsForResource",
"eks:ListUpdates",
"eks:DescribeUpdate",
"eks:DescribeCluster",
"eks:ListClusters"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"dynamodb:Describe*",
"dynamodb:List*",
"tag:GetResources",
"rds:DescribeDBInstances",
"rds:DescribeDBClusters",
"rds:ListTagsForResource",
"ecs:DescribeClusters",
"redshift:DescribeClusters",
"es:ListDomainNames",
"es:DescribeElasticsearchDomains",
"elasticache:DescribeCacheClusters",
"kinesis:ListStreams",
"kinesis:DescribeStream",
"kms:ListKeys",
"kms:DescribeKey",
"kms:ListResourceTags",
"cloudTrail:DescribeTrails"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ce:GetRightsizingRecommendation",
"ce:GetReservationUtilization",
"ce:GetSavingsPlansUtilizationDetails",
"ce:GetSavingsPlansUtilization",
"ce:GetSavingsPlansCoverage",
"ce:GetTags",
"ce:GetCostAndUsage",
"aws-portal:ViewBilling"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "logs:DescribeExportTasks",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "s3:Put*",
"Resource": "arn:aws:s3:::prod-k8s-cloudwatch-logs-*"
}
]
}
