diff options
Diffstat (limited to 'hacking/aws_config/testing-iam-policy.json.j2')
| -rw-r--r-- | hacking/aws_config/testing-iam-policy.json.j2 | 246 |
1 files changed, 0 insertions, 246 deletions
diff --git a/hacking/aws_config/testing-iam-policy.json.j2 b/hacking/aws_config/testing-iam-policy.json.j2 deleted file mode 100644 index d5534a41e8..0000000000 --- a/hacking/aws_config/testing-iam-policy.json.j2 +++ /dev/null @@ -1,246 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AllowDescribeAllEC2", - "Effect": "Allow", - "Action": [ - "ec2:Describe*" - ], - "Resource": [ - "arn:aws:ec2:{{aws_region}}:{{aws_account}}:*" - ] - }, - { - "Sid": "MiscPrivilegesNeededByEC2Tests", - "Effect": "Allow", - "Action": [ - "ec2:CreateKeyPair", - "ec2:CreateNatGateway", - "ec2:DeleteKeyPair", - "ec2:ImportKeyPair", - "ec2:RunInstances", - "ec2:CreateTags", - "ec2:TerminateInstances", - "ec2:AllocateAddress", - "ec2:AssociateAddress", - "ec2:DisassociateAddress", - "ec2:ReleaseAddress", - "ec2:CreateSubnet", - "ec2:CreateVpc", - "ec2:CreateRouteTable", - "ec2:ModifyRouteTable", - "ec2:DescribeRouteTable", - "ec2:AssociateRouteTable", - "ec2:DisassociateRouteTable", - "ec2:ModifyVpcAttribute", - "ec2:CreateInternetGateway", - "ec2:AttachInternetGateway", - "ec2:DeleteNatGateway" - ], - "Resource": [ - "arn:aws:ec2:{{aws_region}}:{{aws_account}}:*" - ] - }, - { - "Sid": "AllowManageSecurityGroupsForSetup", - "Effect": "Allow", - "Action": [ - "ec2:DescribeSecurityGroups", - "ec2:CreateSecurityGroup", - "ec2:RevokeSecurityGroupEgress", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:DeleteSecurityGroup", - "ec2:RevokeSecurityGroupIngress" - ], - "Resource": [ - "arn:aws:ec2:{{aws_region}}:{{aws_account}}:security-group/*" - ] - }, - { - "Sid": "AllowAutoscaling", - "Effect": "Allow", - "Action": [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:CreateLaunchConfiguration", - "autoscaling:CreateAutoScalingGroup", - "autoscaling:UpdateAutoScalingGroup", - "autoscaling:DeleteAutoScalingGroup", - "autoscaling:DeleteLaunchConfiguration" - ], - "Resource": [ - "arn:aws:autoscaling:{{aws_region}}:{{aws_account}}:*" - ] - }, - { - "Sid": "AllowReadAllLoadBalancers", - "Effect": "Allow", - "Action": [ - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeInstanceHealth" - ], - "Resource": [ - "arn:aws:elasticloadbalancing:{{aws_region}}:{{aws_account}}:loadbalancer/*" - ] - }, - { - "Sid": "AllowManagementofOwnLoadBalancers", - "Effect": "Allow", - "Action": [ - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:ConfigureHealthCheck", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:ModifyLoadBalancerAttributes", - "elasticloadbalancing:EnableAvailabilityZonesForLoadBalancer", - "elasticloadbalancing:DisableAvailabilityZonesForLoadBalancer", - "elasticloadbalancing:DeleteLoadBalancerListeners", - "elasticloadbalancing:CreateLoadBalancerListeners", - "elasticloadbalancing:RegisterInstancesWithLoadBalancer", - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", - "elasticloadbalancing:DescribeInstanceHealth" - ], - "Resource": [ - "arn:aws:elasticloadbalancing:{{aws_region}}:{{aws_account}}:loadbalancer/ansible-testing-*" - ] - }, - { - "Sid": "AllowCodeRepositories", - "Effect": "Allow", - "Action": [ - "ecr:DescribeRepositories", - "ecr:CreateRepository", - "ecr:DescribeRepositories", - "ecr:GetRepositoryPolicy", - "ecr:DescribeRepositories", - "ecr:SetRepositoryPolicy", - "ecr:DeleteRepository", - "ecr:DeleteRepositoryPolicy", - "ecr:DeleteRepositoryPolicy" - ], - "Resource": [ - "arn:aws:ecr:{{aws_region}}:{{aws_account}}:repository/ansible-*" - ] - }, - { - "Sid": "AllowOldRDSModule", - "Effect": "Allow", - "Action": [ - "rds:DescribeDBInstances", - "rds:CreateDBInstance", - "rds:ModifyDBInstance", - "rds:DeleteDBInstance" - ], - "Resource": [ - "arn:aws:rds:{{aws_region}}:{{aws_account}}:db:ansible-testing*" - ] - }, - { - "Sid": "AllowRDSModuleCompatibilityTests", - "Effect": "Allow", - "Action": [ - "rds:DescribeDBInstances", - "rds:CreateDBInstance", - "rds:ModifyDBInstance", - "rds:ListTagsForResource", - "rds:DeleteDBInstance" - ], - "Resource": [ - "arn:aws:rds:{{aws_region}}:{{aws_account}}:db:ansible-testing*" - ] - }, - { - "Sid": "AllowRDSInstanceManageOwnInstance", - "Effect": "Allow", - "Action": [ - "rds:CreateDBInstance", - "rds:ModifyDBInstance", - "rds:ListTagsForResource", - "rds:DescribeDBInstances" - ], - "Resource": [ - "arn:aws:rds:{{aws_region}}:{{aws_account}}:db:rds-*" - ] - }, - { - "Sid": "AllowRDSSnapshotManageSnapshots", - "Effect": "Allow", - "Action": [ - "rds:DescribeDBSnapshots", - "rds:DescribeDBInstances", - "rds:DescribeDBSnapshots", - "rds:DeleteDBInstance", - "rds:CreateDBSnapshot", - "rds:DeleteDBSnapshot", - "rds:RestoreDBInstanceFromDBSnapshot", - "rds:CreateDBInstanceReadReplica" - ], - "Resource": [ - "arn:aws:rds:{{aws_region}}:{{aws_account}}:snapshot:snapshot-*", - "arn:aws:rds:{{aws_region}}:{{aws_account}}:snapshot:rds-*", - "arn:aws:rds:{{aws_region}}:{{aws_account}}:db:rds-*" - ] - }, - { - "Sid": "AlowS3AnsibleTestBuckets", - "Action": [ - "s3:GetObject", - "s3:ListBucket", - "s3:PutBucketAcl", - "s3:CreateBucket", - "s3:PutObject", - "s3:PutObjectAcl", - "s3:DeleteBucket", - "s3:DeleteObject" - ], - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::ansible_test_*", - "arn:aws:s3:::ansible_test_*/*" - ] - }, - { - "Sid": "AllowApiGateway", - "Effect": "Allow", - "Action": [ - "apigateway:*" - ], - "Resource": [ - "arn:aws:apigateway:us-east-1::*" - ] - }, - { - "Sid": "AllowGetUserForLambdaCreation", - "Effect": "Allow", - "Action": [ - "iam:GetUser" - ], - "Resource": [ - "arn:aws:iam::459030870916:user/ansible_integration_tests" - ] - }, - { - "Sid": "AllowLambdaManagementxxxWildcardDoesntWorkRight", - "Effect": "Allow", - "Action": [ - "lambda:*" - ], - "Resource": [ - "arn:aws:lambda:{{aws_region}}:{{aws_account}}:function:*" - ] - }, - { - "Sid": "AllowLambdaRoleManagement", - "Effect": "Allow", - "Action": [ - "iam:PassRole" - ], - "Resource": [ - "arn:aws:iam::459030870916:role/ansible_lambda_role" - ] - } - ] -} |