| { |
| "Version": "2012-10-17", |
| "Statement": [ |
| { |
| "Action": [ |
| "iam:CreateRole", |
| "iam:CreateInstanceProfile", |
| "iam:CreatePolicy", |
| "iam:AttachRolePolicy", |
| "iam:AddRoleToInstanceProfile", |
| "iam:DetachRolePolicy", |
| "iam:DeleteInstanceProfile", |
| "iam:DeletePolicy", |
| "iam:DeleteRolePolicy", |
| "iam:DeleteRole", |
| "iam:RemoveRoleFromInstanceProfile", |
| "iam:GetRole", |
| "iam:GetRolePolicy", |
| "iam:GetInstanceProfile", |
| "iam:GetPolicy", |
| "iam:GetUser", |
| "iam:ListUsers", |
| "iam:ListAccessKeys", |
| "iam:PassRole", |
| "iam:ListUserPolicies", |
| "iam:PutRolePolicy", |
| "iam:ListInstanceProfiles", |
| "iam:ListAttachedRolePolicies", |
| "iam:ListInstanceProfilesForRole", |
| "iam:ListRoles", |
| "iam:ListPolicies", |
| "iam:ListRolePolicies", |
| "iam:TagRole" |
| ], |
| "Effect": "Allow", |
| "Resource": "*" |
| }, |
| { |
| "Action": [ |
| "ec2:CreateVpcEndpoint", |
| "ec2:CreateSubnet", |
| "ec2:CreateTags", |
| "ec2:CreateImage", |
| "ec2:CreateRoute", |
| "ec2:DeregisterImage", |
| "ec2:DescribeImages", |
| "ec2:DescribeAddresses", |
| "ec2:AssociateAddress", |
| "ec2:DisassociateAddress", |
| "ec2:AllocateAddress", |
| "ec2:ReleaseAddress", |
| "ec2:CreateRouteTable", |
| "ec2:CreateSecurityGroup", |
| "ec2:AuthorizeSecurityGroupEgress", |
| "ec2:AuthorizeSecurityGroupIngress", |
| "ec2:AssociateRouteTable", |
| "ec2:DeleteRouteTable", |
| "ec2:DeleteSubnet", |
| "ec2:DeleteTags", |
| "ec2:DeleteSecurityGroup", |
| "ec2:DeleteSnapshot", |
| "ec2:DescribeRouteTables", |
| "ec2:DescribeSpotInstanceRequests", |
| "ec2:ModifyVpcEndpoint", |
| "ec2:RunInstances", |
| "ec2:StartInstances", |
| "ec2:StopInstances", |
| "ec2:TerminateInstances", |
| "ec2:DescribeSubnets", |
| "ec2:DescribeVpcs", |
| "ec2:DescribeSecurityGroups", |
| "ec2:DescribeInstances", |
| "ec2:DescribeInstanceStatus", |
| "ec2:ModifyInstanceAttribute", |
| "ec2:RevokeSecurityGroupEgress", |
| "ec2:RevokeSecurityGroupIngress", |
| "ec2:AuthorizeSecurityGroupEgress", |
| "ec2:AuthorizeSecurityGroupIngress" |
| ], |
| "Effect": "Allow", |
| "Resource": "*" |
| }, |
| { |
| "Action": [ |
| "s3:CreateBucket", |
| "s3:ListAllMyBuckets", |
| "s3:GetBucketLocation", |
| "s3:GetBucketTagging", |
| "s3:PutBucketTagging", |
| "s3:PutBucketPolicy", |
| "s3:GetBucketPolicy", |
| "s3:DeleteBucket", |
| "s3:DeleteObject", |
| "s3:GetObject", |
| "s3:ListBucket", |
| "s3:PutObject", |
| "s3:PutEncryptionConfiguration" |
| ], |
| "Effect": "Allow", |
| "Resource": "*" |
| }, |
| { |
| "Action": [ |
| "elasticmapreduce:AddTags", |
| "elasticmapreduce:RemoveTags", |
| "elasticmapreduce:DescribeCluster", |
| "elasticmapreduce:ListClusters", |
| "elasticmapreduce:RunJobFlow", |
| "elasticmapreduce:ListInstances", |
| "elasticmapreduce:TerminateJobFlows" |
| ], |
| "Effect": "Allow", |
| "Resource": "*" |
| }, |
| { |
| "Action": [ |
| "pricing:GetProducts" |
| ], |
| "Effect": "Allow", |
| "Resource": "*" |
| } |
| ] |
| } |