To deploy AUTOMATE LIGHT, AUTOMATE READ ONLY & AUTOMATE+ it is a requirement to be logged into the appropriate AWS account with one of the two methods:
a) AWS IAM Role User with Admin Access
b) AWS IAM Role User with appropriate AWS IAM user privilegespermissions, the text file below contains the appropriate permissions for the AWS IAM Role User during the deployment process.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Action": [
"wellarchitected:*",
"securityhub:*",
"config:*",
"s3:GetObject",
"cloudformation:GetTemplateSummary",
"iam:ListRoles",
"sns:ListTopics",
"cloudformation:ListStacks",
"iam:ListPolicies",
"iam:ListPolicyVersions",
"iam:ListAttachedRolePolicies",
"iam:ListRolePolicies",
"ssm:DescribeAutomationExecutions",
"ssm:GetAutomationExecution",
"logs:DescribeLogGroups"
],
"Resource": [
"*"
]
},
{
"Sid": "Statement3",
"Effect": "Allow",
"Action": [
"cloudformation:*"
],
"Resource": [
"arn:aws:cloudformation:*:*:stack/six-pillars*"
]
},
{
"Sid": "Statement4",
"Effect": "Allow",
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::*:role/AWSServiceRoleForConfig",
"arn:aws:iam::*:role/AWSServiceRoleForSecurityHub"
]
},
{
"Sid": "Statement2",
"Effect": "Allow",
"Action": [
"iam:*"
],
"Resource": [
"arn:aws:iam::*:role/SO0111*",
"arn:aws:iam::*:role/six-pillars*",
"arn:aws:iam::*:role/SixPillars*",
"arn:aws:iam::*:policy/SixPillars*",
"arn:aws:iam::*:policy/six-pillars*"
]
}
]
} |
...