To deploy AUTOMATE LIGHT, AUTOMATE READ ONLY & AUTOMATE+ it is a requirement to be logged into the appropriate AWS account with one of the two methods:
...
b) AWS IAM Role with appropriate AWS IAM user privileges, the text file below contains the appropriate permissions for the AWS IAM Role during the deployment process.
| Code Block |
|---|
...
|
...
| |
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement1",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"sns:ListTopics",
"cloudformation:*",
"wellarchitected:*",
"securityhub:*",
"config:*"
],
"Resource": [
"*"
]
},
{
"Sid": "Statement2",
"Effect": "Allow",
"Action": [
"iam:ListRoles",
"iam:GetRole",
"iam:CreateRole",
"iam:PutRolePolicy",
"iam:DeleteRole",
"iam:DeleteRolePolicy",
"iam:DetachRolePolicy",
"iam:GetRolePolicy",
"iam:ListRolePolicies"
],
"Resource": [
"arn:aws:iam::*:role/SO0111*",
"arn:aws:iam::*:role/six-pillars*"
]
}
]
} |