AmazonLaunchWizardFullAccessV2
Description: Full access to AWS Launch wizard and other required services.
AmazonLaunchWizardFullAccessV2
is an AWS managed policy.
Using this policy
You can attach AmazonLaunchWizardFullAccessV2
to your users, groups, and roles.
Policy details
-
Type: AWS managed policy
-
Creation time: September 01, 2023, 17:14 UTC
-
Edited time: September 01, 2023, 17:14 UTC
-
ARN:
arn:aws:iam::aws:policy/AmazonLaunchWizardFullAccessV2
Policy version
Policy version: v1 (default)
The policy's default version is the version that defines the permissions for the policy. When a user or role with the policy makes a request to access an AWS resource, AWS checks the default version of the policy to determine whether to allow the request.
JSON policy document
{ "Version" : "2012-10-17", "Statement" : [ { "Sid" : "AppInsightsActions0", "Effect" : "Allow", "Action" : "applicationinsights:*", "Resource" : "*" }, { "Sid" : "ResourceGroupActions0", "Effect" : "Allow", "Action" : "resource-groups:List*", "Resource" : "*" }, { "Sid" : "Route53Actions0", "Effect" : "Allow", "Action" : [ "route53:ChangeResourceRecordSets", "route53:GetChange", "route53:ListResourceRecordSets", "route53:ListHostedZones", "route53:ListHostedZonesByName" ], "Resource" : "*" }, { "Sid" : "S3Actions0", "Effect" : "Allow", "Action" : [ "s3:ListAllMyBuckets", "s3:ListBucket", "s3:GetBucketLocation" ], "Resource" : "*" }, { "Sid" : "KmsActions0", "Effect" : "Allow", "Action" : [ "kms:ListKeys", "kms:ListAliases" ], "Resource" : "*" }, { "Sid" : "CloudWatchActions0", "Effect" : "Allow", "Action" : [ "cloudwatch:List*", "cloudwatch:Get*", "cloudwatch:Describe*" ], "Resource" : "*" }, { "Sid" : "Ec2Actions0", "Effect" : "Allow", "Action" : [ "ec2:CreateInternetGateway", "ec2:CreateNatGateway", "ec2:CreateVpc", "ec2:CreateKeyPair", "ec2:CreateRoute", "ec2:CreateRouteTable", "ec2:CreateSubnet" ], "Resource" : "*" }, { "Sid" : "Ec2Actions1", "Effect" : "Allow", "Action" : [ "ec2:AllocateAddress", "ec2:AllocateHosts", "ec2:AssignPrivateIpAddresses", "ec2:AssociateAddress", "ec2:CreateDhcpOptions", "ec2:CreateEgressOnlyInternetGateway", "ec2:CreateNetworkInterface", "ec2:CreateVolume", "ec2:CreateVpcEndpoint", "ec2:CreateTags", "ec2:DeleteTags", "ec2:RunInstances", "ec2:StartInstances", "ec2:ModifyInstanceAttribute", "ec2:ModifySubnetAttribute", "ec2:ModifyVolumeAttribute", "ec2:ModifyVpcAttribute", "ec2:AssociateDhcpOptions", "ec2:AssociateSubnetCidrBlock", "ec2:AttachInternetGateway", "ec2:AttachNetworkInterface", "ec2:AttachVolume", "ec2:DeleteDhcpOptions", "ec2:DeleteInternetGateway", "ec2:DeleteKeyPair", "ec2:DeleteNatGateway", "ec2:DeleteSecurityGroup", "ec2:DeleteVolume", "ec2:DeleteVpc", "ec2:DetachInternetGateway", "ec2:DetachVolume", "ec2:DeleteSnapshot", "ec2:AssociateRouteTable", "ec2:AssociateVpcCidrBlock", "ec2:DeleteNetworkAcl", "ec2:DeleteNetworkInterface", "ec2:DeleteNetworkInterfacePermission", "ec2:DeleteRoute", "ec2:DeleteRouteTable", "ec2:DeleteSubnet", "ec2:DetachNetworkInterface", "ec2:DisassociateAddress", "ec2:DisassociateVpcCidrBlock", "ec2:GetLaunchTemplateData", "ec2:ModifyNetworkInterfaceAttribute", "ec2:ModifyVolume", "ec2:AuthorizeSecurityGroupEgress", "ec2:GetConsoleOutput", "ec2:GetPasswordData", "ec2:ReleaseAddress", "ec2:ReplaceRoute", "ec2:ReplaceRouteTableAssociation", "ec2:RevokeSecurityGroupEgress", "ec2:RevokeSecurityGroupIngress", "ec2:DisassociateIamInstanceProfile", "ec2:DisassociateRouteTable", "ec2:DisassociateSubnetCidrBlock", "ec2:ModifyInstancePlacement", "ec2:DeletePlacementGroup", "ec2:CreatePlacementGroup", "elasticfilesystem:DeleteFileSystem", "elasticfilesystem:DeleteMountTarget", "ds:AddIpRoutes", "ds:CreateComputer", "ds:CreateMicrosoftAD", "ds:DeleteDirectory", "servicecatalog:AssociateProductWithPortfolio", "cloudformation:GetTemplateSummary", "sts:GetCallerIdentity" ], "Resource" : "*", "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : "launchwizard.amazonaws.com" } } }, { "Sid" : "CloudFormationActions0", "Effect" : "Allow", "Action" : [ "cloudformation:DescribeStack*", "cloudformation:Get*", "cloudformation:ListStacks", "cloudformation:SignalResource", "cloudformation:DeleteStack" ], "Resource" : [ "arn:aws:cloudformation:*:*:stack/LaunchWizard*/*", "arn:aws:cloudformation:*:*:stack/ApplicationInsights*/*" ] }, { "Sid" : "Ec2Actions2", "Effect" : "Allow", "Action" : [ "ec2:StopInstances", "ec2:TerminateInstances" ], "Resource" : "arn:aws:ec2:*:*:instance/*", "Condition" : { "StringLike" : { "ec2:ResourceTag/aws:cloudformation:stack-id" : "arn:aws:cloudformation:*:*:stack/LaunchWizard-*/*" } } }, { "Sid" : "IamActions0", "Effect" : "Allow", "Action" : [ "iam:CreateInstanceProfile", "iam:DeleteInstanceProfile", "iam:RemoveRoleFromInstanceProfile", "iam:AddRoleToInstanceProfile" ], "Resource" : [ "arn:aws:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard*", "arn:aws:iam::*:instance-profile/LaunchWizard*" ] }, { "Sid" : "IamActions1", "Effect" : "Allow", "Action" : [ "iam:PassRole" ], "Resource" : [ "arn:aws:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard", "arn:aws:iam::*:role/service-role/AmazonLambdaRoleForLaunchWizard", "arn:aws:iam::*:instance-profile/LaunchWizard*" ], "Condition" : { "StringEqualsIfExists" : { "iam:PassedToService" : [ "lambda.amazonaws.com", "ec2.amazonaws.com", "ec2.amazonaws.com.cn" ] } } }, { "Sid" : "AutoScalingActions0", "Effect" : "Allow", "Action" : [ "autoscaling:AttachInstances", "autoscaling:CreateAutoScalingGroup", "autoscaling:CreateLaunchConfiguration", "autoscaling:DeleteAutoScalingGroup", "autoscaling:DeleteLaunchConfiguration", "autoscaling:UpdateAutoScalingGroup", "autoscaling:CreateOrUpdateTags", "resource-groups:CreateGroup", "resource-groups:DeleteGroup", "sns:ListSubscriptionsByTopic", "sns:Publish", "ssm:DeleteDocument", "ssm:DeleteParameter*", "ssm:DescribeDocument*", "ssm:GetDocument", "ssm:PutParameter" ], "Resource" : [ "arn:aws:resource-groups:*:*:group/LaunchWizard*", "arn:aws:sns:*:*:*", "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/LaunchWizard*", "arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/LaunchWizard*", "arn:aws:ssm:*:*:parameter/LaunchWizard*", "arn:aws:ssm:*:*:document/LaunchWizard*" ] }, { "Sid" : "SsmActions0", "Effect" : "Allow", "Action" : [ "ssm:GetDocument", "ssm:SendCommand" ], "Resource" : [ "arn:aws:ssm:*::document/AWS-RunShellScript" ] }, { "Sid" : "SsmActions1", "Effect" : "Allow", "Action" : [ "ssm:SendCommand" ], "Resource" : [ "arn:aws:ec2:*:*:instance/*" ], "Condition" : { "StringLike" : { "aws:ResourceTag/aws:cloudformation:stack-id" : "arn:aws:cloudformation:*:*:stack/LaunchWizard-*/*" } } }, { "Sid" : "SsmActions2", "Effect" : "Allow", "Action" : [ "ssm:AddTagsToResource", "ssm:DescribeDocument", "ssm:GetDocument", "ssm:ListTagsForResource", "ssm:RemoveTagsFromResource" ], "Resource" : [ "arn:aws:ssm:*:*:parameter/LaunchWizard*", "arn:aws:ssm:*:*:document/LaunchWizard*" ] }, { "Sid" : "SsmActions3", "Effect" : "Allow", "Action" : [ "autoscaling:Describe*", "cloudformation:DescribeAccountLimits", "cloudformation:DescribeStackDriftDetectionStatus", "cloudformation:List*", "cloudformation:ValidateTemplate", "ds:Describe*", "ds:ListAuthorizedApplications", "ec2:Describe*", "ec2:Get*", "iam:GetRole", "iam:GetRolePolicy", "iam:GetUser", "iam:GetPolicyVersion", "iam:GetPolicy", "iam:List*", "resource-groups:Get*", "resource-groups:List*", "servicequotas:GetServiceQuota", "servicequotas:ListServiceQuotas", "sns:ListSubscriptions", "sns:ListTopics", "ssm:CreateDocument", "ssm:DescribeAutomation*", "ssm:DescribeInstanceInformation", "ssm:DescribeParameters", "ssm:GetAutomationExecution", "ssm:GetCommandInvocation", "ssm:GetParameter*", "ssm:GetConnectionStatus", "ssm:ListCommand*", "ssm:ListDocument*", "ssm:ListInstanceAssociations", "ssm:SendAutomationSignal", "tag:Get*" ], "Resource" : "*" }, { "Sid" : "SsmActions4", "Effect" : "Allow", "Action" : [ "ssm:StartAutomationExecution", "ssm:StopAutomationExecution" ], "Resource" : "arn:aws:ssm:*:*:automation-definition/LaunchWizard-*:*", "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : "launchwizard.amazonaws.com" } } }, { "Sid" : "CloudFormationActions1", "Effect" : "Allow", "Action" : [ "cloudformation:List*", "cloudformation:Describe*" ], "Resource" : "arn:aws:cloudformation:*:*:stack/LaunchWizard*/" }, { "Sid" : "IamActions2", "Effect" : "Allow", "Action" : [ "iam:CreateServiceLinkedRole" ], "Resource" : "*", "Condition" : { "StringEquals" : { "iam:AWSServiceName" : [ "autoscaling.amazonaws.com", "application-insights.amazonaws.com", "events.amazonaws.com", "autoscaling.amazonaws.com.cn", "events.amazonaws.com.cn" ] } } }, { "Sid" : "LaunchWizardActions0", "Effect" : "Allow", "Action" : "launchwizard:*", "Resource" : "*" }, { "Sid" : "SqsActions0", "Effect" : "Allow", "Action" : [ "sqs:TagQueue", "sqs:GetQueueUrl", "sqs:AddPermission", "sqs:ListQueues", "sqs:DeleteQueue", "sqs:GetQueueAttributes", "sqs:ListQueueTags", "sqs:CreateQueue", "sqs:SetQueueAttributes" ], "Resource" : "arn:aws:sqs:*:*:LaunchWizard*" }, { "Sid" : "CloudWatchActions1", "Effect" : "Allow", "Action" : [ "cloudwatch:PutMetricAlarm", "iam:GetInstanceProfile", "cloudwatch:DeleteAlarms", "cloudwatch:DescribeAlarms" ], "Resource" : [ "arn:aws:cloudwatch:*:*:alarm:LaunchWizard*", "arn:aws:iam::*:instance-profile/LaunchWizard*" ] }, { "Sid" : "EfsActions0", "Effect" : "Allow", "Action" : [ "cloudformation:CreateStack", "route53:ListHostedZones", "ec2:CreateSecurityGroup", "ec2:AuthorizeSecurityGroupIngress", "elasticfilesystem:DescribeFileSystems", "elasticfilesystem:CreateFileSystem", "elasticfilesystem:CreateMountTarget", "elasticfilesystem:DescribeMountTargets", "elasticfilesystem:DescribeMountTargetSecurityGroups" ], "Resource" : "*" }, { "Sid" : "S3Actions1", "Effect" : "Allow", "Action" : [ "s3:GetObject", "s3:PutObject" ], "Resource" : [ "arn:aws:s3:::launchwizard*", "arn:aws:s3:::launchwizard*/*", "arn:aws:s3:::aws-sap-data-provider/config.properties" ] }, { "Sid" : "CloudFormationActions2", "Effect" : "Allow", "Action" : "cloudformation:TagResource", "Resource" : "*", "Condition" : { "ForAllValues:StringLike" : { "aws:TagKeys" : "LaunchWizard*" } } }, { "Sid" : "LambdaActions0", "Effect" : "Allow", "Action" : [ "s3:CreateBucket", "s3:PutBucketVersioning", "s3:DeleteBucket", "lambda:CreateFunction", "lambda:DeleteFunction", "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:InvokeFunction" ], "Resource" : [ "arn:aws:lambda:*:*:function:LaunchWizard*", "arn:aws:s3:::launchwizard*" ] }, { "Sid" : "DynamodbActions0", "Effect" : "Allow", "Action" : [ "dynamodb:CreateTable", "dynamodb:DescribeTable", "dynamodb:DeleteTable" ], "Resource" : "arn:aws:dynamodb:*:*:table/LaunchWizard*" }, { "Sid" : "SecretsManagerActions0", "Effect" : "Allow", "Action" : [ "secretsmanager:CreateSecret", "secretsmanager:DeleteSecret", "secretsmanager:TagResource", "secretsmanager:UntagResource", "secretsmanager:PutResourcePolicy", "secretsmanager:DeleteResourcePolicy", "secretsmanager:ListSecretVersionIds", "secretsmanager:GetSecretValue" ], "Resource" : "arn:aws:secretsmanager:*:*:secret:LaunchWizard*" }, { "Sid" : "SecretsManagerActions1", "Effect" : "Allow", "Action" : [ "secretsmanager:GetRandomPassword", "secretsmanager:ListSecrets" ], "Resource" : "*" }, { "Sid" : "SsmActions5", "Effect" : "Allow", "Action" : [ "ssm:CreateOpsMetadata" ], "Resource" : "*" }, { "Sid" : "SsmActions6", "Effect" : "Allow", "Action" : "ssm:DeleteOpsMetadata", "Resource" : "arn:aws:ssm:*:*:opsmetadata/aws/ssm/LaunchWizard*" }, { "Sid" : "SnsActions0", "Effect" : "Allow", "Action" : [ "sns:CreateTopic", "sns:DeleteTopic", "sns:Subscribe", "sns:Unsubscribe" ], "Resource" : "arn:aws:sns:*:*:LaunchWizard*" }, { "Sid" : "FsxActions0", "Effect" : "Allow", "Action" : [ "fsx:UntagResource", "fsx:TagResource", "fsx:DeleteFileSystem", "fsx:ListTagsForResource" ], "Resource" : "*", "Condition" : { "StringLike" : { "aws:ResourceTag/Name" : "LaunchWizard*" } } }, { "Sid" : "FsxActions1", "Effect" : "Allow", "Action" : [ "fsx:CreateFileSystem" ], "Resource" : "*", "Condition" : { "StringLike" : { "aws:RequestTag/Name" : [ "LaunchWizard*" ] } } }, { "Sid" : "FsxActions2", "Effect" : "Allow", "Action" : [ "fsx:DescribeFileSystems" ], "Resource" : "*" }, { "Sid" : "ServiceCatalogActions0", "Effect" : "Allow", "Action" : [ "servicecatalog:CreatePortfolio", "servicecatalog:DescribePortfolio", "servicecatalog:CreateConstraint", "servicecatalog:CreateProduct", "servicecatalog:AssociatePrincipalWithPortfolio", "servicecatalog:CreateProvisioningArtifact", "servicecatalog:TagResource", "servicecatalog:UntagResource" ], "Resource" : [ "arn:aws:servicecatalog:*:*:*/*", "arn:aws:catalog:*:*:*/*" ], "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : "launchwizard.amazonaws.com" } } }, { "Sid" : "SsmActions7", "Effect" : "Allow", "Action" : [ "ssm:CreateAssociation", "ssm:DeleteAssociation" ], "Resource" : [ "arn:aws:ssm:*:*:document/AWS-ConfigureAWSPackage", "arn:aws:ssm:*:*:association/*" ], "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : "launchwizard.amazonaws.com" } } }, { "Sid" : "EfsActions1", "Effect" : "Allow", "Action" : [ "elasticfilesystem:UntagResource", "elasticfilesystem:TagResource" ], "Resource" : "arn:aws:elasticfilesystem:*:*:file-system/*", "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : "launchwizard.amazonaws.com" } } }, { "Sid" : "LogsActions0", "Effect" : "Allow", "Action" : [ "logs:CreateLogStream", "logs:DeleteLogGroup", "logs:DescribeLogStreams", "logs:UntagResource", "logs:TagResource", "logs:CreateLogGroup", "logs:DeleteLogStream", "logs:PutLogEvents", "logs:GetLogEvents", "logs:GetLogDelivery", "logs:GetLogGroupFields", "logs:GetLogRecord", "logs:ListLogDeliveries" ], "Resource" : [ "arn:aws:logs:*:*:log-group:LaunchWizard*", "arn:aws:logs:*:*:log-group:LaunchWizard*:log-stream:*" ], "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : "launchwizard.amazonaws.com" } } }, { "Sid" : "LogsActions1", "Effect" : "Allow", "Action" : "logs:DescribeLogGroups", "Resource" : "*", "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : "launchwizard.amazonaws.com" } } }, { "Sid" : "FsxActions3", "Effect" : "Allow", "Action" : [ "fsx:CreateStorageVirtualMachine", "fsx:CreateVolume" ], "Resource" : "*", "Condition" : { "StringLike" : { "aws:ResourceTag/aws:cloudformation:stack-id" : "arn:aws:cloudformation:*:*:stack/LaunchWizard-*/*" }, "ForAnyValue:StringEquals" : { "aws:CalledVia" : [ "launchwizard.amazonaws.com" ] } } }, { "Sid" : "FsxActions4", "Effect" : "Allow", "Action" : [ "fsx:DescribeStorageVirtualMachines", "fsx:DescribeVolumes" ], "Resource" : "*", "Condition" : { "ForAnyValue:StringEquals" : { "aws:CalledVia" : [ "launchwizard.amazonaws.com" ] } } }, { "Sid" : "FsxActions5", "Effect" : "Allow", "Action" : [ "fsx:DeleteStorageVirtualMachine", "fsx:DeleteVolume" ], "Resource" : [ "arn:aws:fsx:*:*:storage-virtual-machine/*/*", "arn:aws:fsx:*:*:backup/*", "arn:aws:fsx:*:*:volume/*/*" ], "Condition" : { "StringLike" : { "aws:ResourceTag/aws:cloudformation:stack-id" : "arn:aws:cloudformation:*:*:stack/LaunchWizard-*/*" }, "ForAnyValue:StringEquals" : { "aws:CalledVia" : [ "launchwizard.amazonaws.com" ] } } } ] }