To deploy AUTOMATE LIGHT, AUTOMATE READ ONLY & AUTOMATE+ it is a requirement to be logged into the appropriate AWS account with either.one of the two methods:
a) AWS IAM Role with Admin Access
b) An AWS IAM Role with appropriate AWS IAM user privledgesprivileges, the text file below contains the appropriate permissions for the AWS IAM Role during the deployment process.
| Code Block |
|---|
...
|
...
| |
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"sns:ListTopics",
"cloudformation:*",
"wellarchitected:*",
"securityhub:*",
"config:*"
],
"Resource": [
"*"
]
},
{
"Sid": "Statement2",
"Effect": "Allow",
"Action": [
"iam:ListRoles",
"iam:GetRole",
"iam:CreateRole",
"iam:PutRolePolicy",
"iam:DeleteRole",
"iam:DeleteRolePolicy",
"iam:DetachRolePolicy",
"iam:GetRolePolicy",
"iam:ListRolePolicies"
],
"Resource": [
"arn:aws:iam::*:role/SO0111*",
"arn:aws:iam::*:role/six-pillars*"
]
}
]
} |