docs/source/_static/managed-policies/Route53RecoveryReadinessServiceRolePolicy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:DescribeReservedCapacity",
"dynamodb:DescribeReservedCapacityOfferings"
],
"Resource": "arn:aws:dynamodb:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"dynamodb:DescribeTable",
"dynamodb:DescribeTimeToLive"
],
"Resource": "arn:aws:dynamodb:*:*:table/*"
},
{
"Effect": "Allow",
"Action": [
"iam:CreateServiceLinkedRole"
],
"Resource": "arn:aws:iam::*:role/aws-service-role/servicequotas.amazonaws.com/AWSServiceRoleForServiceQuotas",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "servicequotas.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"lambda:GetFunctionConcurrency",
"lambda:GetFunctionConfiguration",
"lambda:GetProvisionedConcurrencyConfig",
"lambda:ListProvisionedConcurrencyConfigs",
"lambda:ListAliases",
"lambda:ListVersionsByFunction"
],
"Resource": "arn:aws:lambda:*:*:function:*"
},
{
"Effect": "Allow",
"Action": [
"rds:DescribeDBClusters"
],
"Resource": "arn:aws:rds:*:*:cluster:*"
},
{
"Effect": "Allow",
"Action": [
"rds:DescribeDBInstances"
],
"Resource": "arn:aws:rds:*:*:db:*"
},
{
"Effect": "Allow",
"Action": [
"route53:ListResourceRecordSets"
],
"Resource": "arn:aws:route53:::hostedzone/*"
},
{
"Effect": "Allow",
"Action": [
"route53:GetHealthCheck",
"route53:GetHealthCheckStatus"
],
"Resource": "arn:aws:route53:::healthcheck/*"
},
{
"Effect": "Allow",
"Action": [
"servicequotas:RequestServiceQuotaIncrease"
],
"Resource": "arn:aws:servicequotas:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"sns:GetTopicAttributes",
"sns:ListSubscriptionsByTopic"
],
"Resource": "arn:aws:sns:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl"
],
"Resource": "arn:aws:sqs:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"apigateway:GET",
"application-autoscaling:DescribeScalableTargets",
"application-autoscaling:DescribeScalingPolicies",
"autoscaling:DescribeAccountLimits",
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeLifecycleHooks",
"autoscaling:DescribeLoadBalancers",
"autoscaling:DescribeLoadBalancerTargetGroups",
"autoscaling:DescribeNotificationConfigurations",
"autoscaling:DescribePolicies",
"cloudwatch:GetMetricData",
"cloudwatch:DescribeAlarms",
"dynamodb:DescribeLimits",
"dynamodb:ListGlobalTables",
"dynamodb:ListTables",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeCustomerGateways",
"ec2:DescribeInstances",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes",
"ec2:DescribeVpcs",
"ec2:DescribeVpnConnections",
"ec2:DescribeVpnGateways",
"ec2:GetEbsEncryptionByDefault",
"ec2:GetEbsDefaultKmsKeyId",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"kafka:DescribeCluster",
"kafka:DescribeConfigurationRevision",
"lambda:ListEventSourceMappings",
"lambda:ListFunctions",
"rds:DescribeAccountAttributes",
"route53:GetHostedZone",
"servicequotas:ListAWSDefaultServiceQuotas",
"servicequotas:ListRequestedServiceQuotaChangeHistory",
"servicequotas:ListServiceQuotas",
"servicequotas:ListServices",
"sns:GetEndpointAttributes",
"sns:GetSubscriptionAttributes"
],
"Resource": "*"
}
]
}