From 8577484a88b888947d61c99a7f4182a41b880c2d Mon Sep 17 00:00:00 2001 From: spankminister Date: Fri, 7 Apr 2017 00:31:52 -0400 Subject: [PATCH] Created inline policy that limits actions, where supported, to resources tagged with Environment:Algo --- library/inlinepolicy.json | 54 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 library/inlinepolicy.json diff --git a/library/inlinepolicy.json b/library/inlinepolicy.json new file mode 100644 index 00000000..3f3c4cce --- /dev/null +++ b/library/inlinepolicy.json @@ -0,0 +1,54 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:AssociateRouteTable", + "ec2:AttachInternetGateway", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateSubnet", + "ec2:CreateTags", + "ec2:CreateVpc", + "ec2:CreateSubnet", + "ec2:CreateRoute", + "ec2:CreateRouteTable", + "ec2:CreateInternetGateway", + "ec2:CreateSecurityGroup", + "ec2:CreateKeyPair", + "ec2:DeleteKeyPair", + "ec2:DescribeAvailabilityZones", + "ec2:DescribeInstances", + "ec2:DescribeImages", + "ec2:DescribeKeyPairs", + "ec2:DescribeSubnets", + "ec2:DescribeTags", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeVpcs", + "ec2:DescribeVpcEndpointServices", + "ec2:DescribeInternetGateways", + "ec2:DescribeVpnGateways", + "ec2:ModifyVpcAttribute", + "ec2:ImportKeyPair", + "ec2:RunInstances" + ], + "Resource": "*" + }, + { + "Effect": "Allow", + "Action": [ + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances" + ], + "Resource": "*", + "Condition": { + "StringEquals": { + "ec2:ResourceTag/Environment": "algo" + } + } + } + ] +}