docs/security/assets-old/aws-secure-deep-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudfront:createDistribution",
"cloudfront:deleteDistribution",
"cloudfront:getDistribution",
"cloudfront:getDistributionConfig",
"cloudfront:listDistributions",
"cloudfront:updateDistribution",
"cloudfront:TagResource",
"cognito-identity:createIdentityPool",
"cognito-identity:deleteIdentityPool",
"cognito-identity:listIdentityPools",
"cognito-identity:setIdentityPoolRoles",
"cognito-identity:updateIdentityPool",
"cognito-idp:CreateUserPool",
"cognito-idp:CreateUserPoolClient",
"cognito-idp:ListUserPools",
"cognito-idp:DeleteUserPool",
"cognito-idp:UpdateUserPool",
"dynamodb:describeTable",
"dynamodb:createTable",
"dynamodb:deleteTable",
"dynamodb:listTables",
"dynamodb:waitFor",
"elasticache:createCacheCluster",
"elasticache:describeCacheClusters",
"iam:createRole",
"iam:deleteRole",
"iam:deleteRolePolicy",
"iam:detachRolePolicy",
"iam:getUser",
"iam:getRole",
"iam:listAttachedRolePolicies",
"iam:listRolePolicies",
"iam:listRoles",
"iam:passRole",
"iam:putRolePolicy",
"iam:simulatePrincipalPolicy",
"iam:addClientIDToOpenIDConnectProvider",
"iam:createOpenIDConnectProvider",
"iam:deleteOpenIDConnectProvider",
"iam:getOpenIDConnectProvider",
"iam:listOpenIDConnectProviders",
"iam:addClientIDToOpenIDConnectProvider",
"iam:removeClientIDFromOpenIDConnectProvider",
"iam:UpdateAssumeRolePolicy",
"iam:UpdateRolePermissions",
"lambda:invokeFunction",
"lambda:createFunction",
"lambda:deleteFunction",
"lambda:listFunctions",
"lambda:updateFunctionCode",
"lambda:addPermission",
"s3:*",
"sqs:*",
"logs:*",
"cloudsearch:*",
"apigateway:*",
"acm:*",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface",
"es:*",
"events:*",
"kinesis:*"
],
"Resource": "*"
}
]
}