Skip to content

Commit

Permalink
Simplify the policy
Browse files Browse the repository at this point in the history
  • Loading branch information
@hellais
hellais committed Mar 13, 2024
1 parent 1a5a3ab commit 92a43b0
Showing 1 changed file with 53 additions and 160 deletions.
213 changes: 53 additions & 160 deletions tf/modules/oonidevops_github_user/templates/oonidevops_github_policy.json
View file
Original file line number Diff line number Diff line change
@@ -1,162 +1,55 @@
{
"Statement": {
"Effect": "Allow",
"Action": [
"acm:Describe*",
"acm:Get*",
"acm:List*",
"application-autoscaling:Describe*",
"application-autoscaling:ListTagsForResource",
"appmesh:Describe*",
"appmesh:List*",
"autoscaling:Describe*",
"autoscaling:GetPredictiveScalingForecast",
"cloudformation:Describe*",
"cloudformation:Detect*",
"cloudformation:Estimate*",
"cloudformation:Get*",
"cloudformation:List*",
"cloudformation:ValidateTemplate",
"cloudtrail:Describe*",
"cloudtrail:Get*",
"cloudtrail:List*",
"cloudtrail:LookupEvents",
"cloudwatch:Describe*",
"cloudwatch:GenerateQuery",
"cloudwatch:Get*",
"cloudwatch:List*",
"codebuild:BatchGet*",
"codebuild:DescribeCodeCoverages",
"codebuild:DescribeTestCases",
"codebuild:List*",
"codedeploy:BatchGet*",
"codedeploy:Get*",
"codedeploy:List*",
"codepipeline:Get*",
"codepipeline:List*",
"codestar-connections:GetConnection",
"codestar-connections:GetHost",
"codestar-connections:GetRepositoryLink",
"codestar-connections:GetRepositorySyncStatus",
"codestar-connections:GetResourceSyncStatus",
"codestar-connections:GetSyncConfiguration",
"codestar-connections:ListConnections",
"codestar-connections:ListHosts",
"codestar-connections:ListRepositoryLinks",
"codestar-connections:ListRepositorySyncDefinitions",
"codestar-connections:ListSyncConfigurations",
"codestar-connections:ListTagsForResource",
"codestar-notifications:describeNotificationRule",
"codestar-notifications:listEventTypes",
"codestar-notifications:listNotificationRules",
"codestar-notifications:listTagsForResource",
"codestar-notifications:ListTargets",
"dynamodb:BatchGet*",
"dynamodb:Describe*",
"dynamodb:Get*",
"dynamodb:List*",
"dynamodb:PartiQLSelect",
"dynamodb:Query",
"dynamodb:Scan",
"ec2:Describe*",
"ec2:Get*",
"ec2:ListImagesInRecycleBin",
"ec2:ListSnapshotsInRecycleBin",
"ec2:SearchLocalGatewayRoutes",
"ec2:SearchTransitGatewayRoutes",
"ec2messages:Get*",
"ecr-public:BatchCheckLayerAvailability",
"ecr-public:DescribeImages",
"ecr-public:DescribeImageTags",
"ecr-public:DescribeRegistries",
"ecr-public:DescribeRepositories",
"ecr-public:GetAuthorizationToken",
"ecr-public:GetRegistryCatalogData",
"ecr-public:GetRepositoryCatalogData",
"ecr-public:GetRepositoryPolicy",
"ecr-public:ListTagsForResource",
"ecr:BatchCheck*",
"ecr:BatchGet*",
"ecr:Describe*",
"ecr:Get*",
"ecr:List*",
"ecs:Describe*",
"ecs:List*",
"elasticloadbalancing:Describe*",
"logs:Describe*",
"logs:FilterLogEvents",
"logs:Get*",
"logs:ListAnomalies",
"logs:ListLogAnomalyDetectors",
"logs:ListLogDeliveries",
"logs:ListTagsForResource",
"logs:ListTagsLogGroup",
"logs:StartLiveTail",
"logs:StartQuery",
"logs:StopLiveTail",
"logs:StopQuery",
"logs:TestMetricFilter",
"iam:Generate*",
"iam:Get*",
"iam:List*",
"iam:Simulate*",
"rds:Describe*",
"rds:Download*",
"rds:List*",
"route53-recovery-cluster:Get*",
"route53-recovery-cluster:ListRoutingControls",
"route53-recovery-control-config:Describe*",
"route53-recovery-control-config:GetResourcePolicy",
"route53-recovery-control-config:List*",
"route53-recovery-readiness:Get*",
"route53-recovery-readiness:List*",
"route53:Get*",
"route53:List*",
"route53:Test*",
"route53domains:Check*",
"route53domains:Get*",
"route53domains:List*",
"route53domains:View*",
"route53resolver:Get*",
"route53resolver:List*",
"s3:DescribeJob",
"s3:Get*",
"s3:List*",
"secretsmanager:Describe*",
"secretsmanager:GetResourcePolicy",
"secretsmanager:List*",
"servicediscovery:DiscoverInstances",
"servicediscovery:DiscoverInstancesRevision",
"servicediscovery:Get*",
"servicediscovery:List*",
"ssm:Describe*",
"ssm:Get*",
"ssm:List*",
"states:Describe*",
"states:GetExecutionHistory",
"states:List*",
"vpc-lattice:GetAccessLogSubscription",
"vpc-lattice:GetAuthPolicy",
"vpc-lattice:GetListener",
"vpc-lattice:GetResourcePolicy",
"vpc-lattice:GetRule",
"vpc-lattice:GetService",
"vpc-lattice:GetServiceNetwork",
"vpc-lattice:GetServiceNetworkServiceAssociation",
"vpc-lattice:GetServiceNetworkVpcAssociation",
"vpc-lattice:GetTargetGroup",
"vpc-lattice:ListAccessLogSubscriptions",
"vpc-lattice:ListListeners",
"vpc-lattice:ListRules",
"vpc-lattice:ListServiceNetworks",
"vpc-lattice:ListServiceNetworkServiceAssociations",
"vpc-lattice:ListServiceNetworkVpcAssociations",
"vpc-lattice:ListServices",
"vpc-lattice:ListTagsForResource",
"vpc-lattice:ListTargetGroups",
"vpc-lattice:ListTargets"
],
"Resource": ["*"]
},
"Version": "2012-10-17"
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:Describe*",
"s3:GetObject",
"s3:ListBucket",
"iam:GetRole",
"iam:GetPolicy",
"iam:ListRoles",
"iam:ListPolicies",
"rds:Describe*",
"elasticache:Describe*",
"route53:Get*",
"lambda:Get*",
"lambda:List*",
"cloudfront:Get*",
"cloudfront:List*",
"sns:Get*",
"sns:List*",
"sqs:Get*",
"sqs:List*",
"logs:Get*",
"logs:Describe*",
"kinesis:Get*",
"kinesis:List*",
"apigateway:Get*",
"apigateway:List*",
"organizations:List*",
"organizations:Describe*",
"ecs:Describe*",
"ecs:List*",
"ecr:Describe*",
"ecr:Get*",
"events:Describe*",
"events:List*",
"stepfunctions:Describe*",
"stepfunctions:Get*",
"cloudwatch:Get*",
"cloudwatch:List*",
"dynamodb:Describe*",
"dynamodb:Get*",
"dynamodb:List*",
"sagemaker:List*",
"sagemaker:Describe*",
"kms:Describe*",
"kms:Get*",
"kms:List*"
],
"Resource": "*"
}
]
}

0 comments on commit 92a43b0

Please sign in to comment.