File tree Expand file tree Collapse file tree 4 files changed +12
-21
lines changed Expand file tree Collapse file tree 4 files changed +12
-21
lines changed Original file line number Diff line number Diff line change @@ -34,7 +34,6 @@ Statement:
3434 - wafv2:DeleteFirewallManagerRuleGroups
3535 - wafv2:DisassociateFirewallManager
3636 - wafv2:UpdateIPSet
37- - wafv2:TagResource
3837 Resource :
3938 - ' arn:aws:wafv2:{{ aws_region }}:{{ aws_account_id }}:*'
4039
@@ -110,6 +109,9 @@ Statement:
110109 - waf:UpdateSqlInjectionMatchSet
111110 - waf:UpdateWebACL
112111 - waf:UpdateXssMatchSet
112+ - wafv2:ListTagsForResource
113+ - wafv2:TagResource
114+ - wafv2:UntagResource
113115 Resource : " *"
114116 Condition :
115117 StringEquals :
Original file line number Diff line number Diff line change @@ -114,13 +114,6 @@ Statement:
114114 - elasticloadbalancing:ModifyTargetGroupAttributes
115115 - elasticloadbalancing:ModifyRule
116116 - elasticloadbalancing:SetIpAddressType
117- - ecs:Describe*
118- - ecs:List*
119- - ecs:TagResource
120- - ecs:UntagResource
121- - ecs:PutAccountSetting
122- - ecs:RegisterTaskDefinition
123- - ecs:DeregisterTaskDefinition
124117 Resource :
125118 - " *"
126119
@@ -131,19 +124,10 @@ Statement:
131124 - ec2:CreateVolume
132125 - elasticloadbalancing:CreateLoadBalancer
133126 - elasticloadbalancing:CreateRule
134- - ecs:RunTask
135- - ecs:StartTask
136- - ecs:StopTask
137- - ecs:DeleteCluster
138- - ecs:CreateService
139- - ecs:DeleteService
140- - ecs:UpdateService
141- - ecs:UpdateCluster
142127 Resource :
143128 - ' arn:aws:ec2:{{ aws_region }}:{{ aws_account_id }}:volume/*'
144129 - ' arn:aws:elasticloadbalancing:{{ aws_region }}:{{ aws_account_id }}:*'
145130 - ' arn:aws:autoscaling:{{ aws_region }}:{{ aws_account_id }}:autoScalingGroup*'
146- - ' arn:aws:ecs:{{ aws_region }}:{{ aws_account_id }}:*'
147131
148132 - Sid : AllowGlobalResourceRestrictedActionsWhichIncurNoFees
149133 Effect : Allow
Original file line number Diff line number Diff line change @@ -21,11 +21,14 @@ Statement:
2121 - Sid : AllowGlobalResourceRestrictedActionsWhichIncurNoFees
2222 Effect : Allow
2323 Action :
24+ - dms:AddTagsToResource
2425 - dms:CreateReplicationSubnetGroup
2526 - dms:DeleteEndpoint
26- - dms:ModifyEndpoint
2727 - dms:DeleteReplicationSubnetGroup
28+ - dms:ListTagsForResource
29+ - dms:ModifyEndpoint
2830 - dms:ModifyReplicationSubnetGroup
31+ - dms:RemoveTagsFromResource
2932 - dynamodb:CreateTable
3033 - dynamodb:DeleteItem
3134 - dynamodb:DeleteTable
@@ -105,7 +108,9 @@ Statement:
105108 - rds:RestoreDBClusterFromSnapshot
106109 - rds:RestoreDBClusterFromS3
107110 - rds:PromoteReadReplicaDBCluster
111+ - rds:CopyDBClusterSnapshot
108112 Resource :
113+ - ' arn:aws:dms:{{ aws_region }}:{{ aws_account_id }}:endpoint:*'
109114 - ' arn:aws:dms:{{ aws_region }}:{{ aws_account_id }}:subgrp:*'
110115 - ' arn:aws:dynamodb:{{ aws_region }}:{{ aws_account_id }}:table/*'
111116 - ' arn:aws:elasticache:{{ aws_region }}:{{ aws_account_id }}:cluster:*'
Original file line number Diff line number Diff line change @@ -116,13 +116,13 @@ Statement:
116116 StringLike :
117117 lambda:FunctionArn :
118118 - arn:aws:lambda:{{ aws_region }}:{{ aws_account_id }}:function:*
119-
119+
120120 - Sid : AllowGlobalUnrestrictedResourceActionsWhichIncurFees
121121 Effect : Allow
122122 Action :
123123 - ecs:CreateCluster
124124 Resource : " *"
125-
125+
126126 - Sid : AllowGlobalUnrestrictedResourceActionsWhichIncurNoFees
127127 Effect : Allow
128128 Action :
@@ -135,7 +135,7 @@ Statement:
135135 - ecs:DeregisterTaskDefinition
136136 Resource :
137137 - " *"
138-
138+
139139 - Sid : AllowGlobalRestrictedResourceActionsWhichIncurFees
140140 Effect : Allow
141141 Action :
You can’t perform that action at this time.
0 commit comments