mirror of
https://github.com/trailofbits/algo.git
synced 2025-09-03 10:33:13 +02:00
Created inline policy that limits actions, where supported, to resources tagged with Environment:Algo
This commit is contained in:
spankminister
parent
7bde06309f
commit
8577484a88
1 changed files with 54 additions and 0 deletions
54
library/inlinepolicy.json
Normal file
54
library/inlinepolicy.json
Normal file
|
|
@ -0,0 +1,54 @@
|
|||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:AssociateRouteTable",
|
||||
"ec2:AttachInternetGateway",
|
||||
"ec2:AuthorizeSecurityGroupEgress",
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:CreateSubnet",
|
||||
"ec2:CreateTags",
|
||||
"ec2:CreateVpc",
|
||||
"ec2:CreateSubnet",
|
||||
"ec2:CreateRoute",
|
||||
"ec2:CreateRouteTable",
|
||||
"ec2:CreateInternetGateway",
|
||||
"ec2:CreateSecurityGroup",
|
||||
"ec2:CreateKeyPair",
|
||||
"ec2:DeleteKeyPair",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInstances",
|
||||
"ec2:DescribeImages",
|
||||
"ec2:DescribeKeyPairs",
|
||||
"ec2:DescribeSubnets",
|
||||
"ec2:DescribeTags",
|
||||
"ec2:DescribeRouteTables",
|
||||
"ec2:DescribeSecurityGroups",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DescribeVpcEndpointServices",
|
||||
"ec2:DescribeInternetGateways",
|
||||
"ec2:DescribeVpnGateways",
|
||||
"ec2:ModifyVpcAttribute",
|
||||
"ec2:ImportKeyPair",
|
||||
"ec2:RunInstances"
|
||||
],
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:StartInstances",
|
||||
"ec2:StopInstances",
|
||||
"ec2:TerminateInstances"
|
||||
],
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"ec2:ResourceTag/Environment": "algo"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
Loading…
Add table
Reference in a new issue