...
b) AWS IAM Role with appropriate AWS IAM user privileges, the text file below contains the appropriate permissions for the AWS IAM Role during the deployment process.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Action": [
"wellarchitected:*",
"securityhub:*",
"config:*",
"s3:GetObject",
"cloudformation:GetTemplateSummary",
"iam:ListRoles",
"sns:ListTopics",
"cloudformation:ListStacks",
"iam:ListPolicies",
"iam:ListPolicyVersions",
"iam:ListAttachedRolePolicies",
"iam:ListRolePolicies"
],
"Resource": [
"*"
]
},
{
"Sid": "Statement3",
"Effect": "Allow",
"Action": [
"wellarchitectedcloudformation:*"
],
"Resource": [
"securityhub:*" "arn:aws:cloudformation:*:*:stack/six-pillars*"
]
},
{
"config:* "Sid": "Statement4",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::*:role/AWSServiceRoleForConfig",
"arn:aws:iam::*:role/AWSServiceRoleForSecurityHub"
]
},
{
"Sid": "Statement2",
"Effect": "Allow",
"Action": [
"iam:*"
],
"Resource": [
"arn:aws:iam::*:role/SO0111*",
"arn:aws:iam::*:role/six-pillars*",
"arn:aws:iam::*:role/SixPillars*",
"arn:aws:iam::*:policy/SixPillars*",
"arn:aws:iam::*:policy/six-pillars*"
]
}
]
} |