42 lines
1.5 KiB
YAML
42 lines
1.5 KiB
YAML
AWSTemplateFormatVersion: '2010-09-09'
|
|
Description: CloudFormation Write-Only Managed Policy for Deployment Operations
|
|
|
|
Resources:
|
|
CloudFormationWritePolicy:
|
|
Type: AWS::IAM::ManagedPolicy
|
|
Properties:
|
|
ManagedPolicyName: CloudFormationWrite
|
|
Description: Minimal CloudFormation write permissions for deployment operations. Intended for use via AssumeRole, not attached to Permission Sets.
|
|
PolicyDocument:
|
|
Version: '2012-10-17'
|
|
Statement:
|
|
- Effect: Allow
|
|
Action:
|
|
- cloudformation:CreateStack
|
|
- cloudformation:UpdateStack
|
|
- cloudformation:DeleteStack
|
|
- cloudformation:CreateUploadBucket
|
|
- cloudformation:CreateChangeSet
|
|
- cloudformation:ExecuteChangeSet
|
|
- cloudformation:DescribeStacks
|
|
- cloudformation:DescribeStackEvents
|
|
- cloudformation:DescribeChangeSet
|
|
- cloudformation:ListStacks
|
|
- cloudformation:ListChangeSets
|
|
- cloudformation:DetectStackDrift
|
|
- cloudformation:DetectStackResourceDrift
|
|
- cloudformation:DescribeStackDriftDetectionStatus
|
|
- cloudformation:ImportStacksToStackSet
|
|
- cloudformation:ContinueUpdateRollback
|
|
Resource: "*"
|
|
|
|
- Effect: Allow
|
|
Action:
|
|
- tag:TagResources
|
|
- tag:UntagResources
|
|
Resource: "*"
|
|
|
|
- Effect: Allow
|
|
Action:
|
|
- s3:PutObject
|
|
Resource: "*"
|