As traduções são geradas por tradução automática. Em caso de conflito entre o conteúdo da tradução e da versão original em inglês, a versão em inglês prevalecerá.
AmazonLaunchWizard_Fullaccess
Descrição: acesso total ao AWS Launch Wizard e a outros serviços necessários.
AmazonLaunchWizard_Fullaccess é uma política gerenciada pelo AWS.
Utilização desta política
Você pode vincular a AmazonLaunchWizard_Fullaccess aos seus usuários, grupos e perfis.
Detalhes desta política
-
Tipo: política gerenciada pela AWS
-
Hora da criação: 06 de agosto de 2020, 17:47 UTC
-
Hora da edição: 22 de fevereiro de 2023, 17:25 UTC
-
ARN:
arn:aws:iam::aws:policy/AmazonLaunchWizard_Fullaccess
Versão da política
Versão da política: v15 (padrão)
A versão padrão da política é aquela que define as permissões desta política. Quando um usuário ou perfil com esta política faz uma solicitação para acessar um atributo da AWS, a AWS verifica a versão padrão da política para determinar se concederá a permissão solicitada.
Documento da política JSON
{
"Version" : "2012-10-17",
"Statement" : [
{
"Effect" : "Allow",
"Action" : "applicationinsights:*",
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : "resource-groups:List*",
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : [
"route53:ChangeResourceRecordSets",
"route53:GetChange",
"route53:ListResourceRecordSets",
"route53:ListHostedZones",
"route53:ListHostedZonesByName"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : [
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : [
"kms:ListKeys",
"kms:ListAliases"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : [
"cloudwatch:List*",
"cloudwatch:Get*",
"cloudwatch:Describe*"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : [
"ec2:CreateInternetGateway",
"ec2:CreateNatGateway",
"ec2:CreateVpc",
"ec2:CreateKeyPair",
"ec2:CreateRoute",
"ec2:CreateRouteTable",
"ec2:CreateSubnet"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : [
"ec2:AllocateAddress",
"ec2:AllocateHosts",
"ec2:AssignPrivateIpAddresses",
"ec2:AssociateAddress",
"ec2:CreateDhcpOptions",
"ec2:CreateEgressOnlyInternetGateway",
"ec2:CreateNetworkInterface",
"ec2:CreateVolume",
"ec2:CreateVpcEndpoint",
"ec2:CreateTags",
"ec2:DeleteTags",
"ec2:RunInstances",
"ec2:StartInstances",
"ec2:ModifyInstanceAttribute",
"ec2:ModifySubnetAttribute",
"ec2:ModifyVolumeAttribute",
"ec2:ModifyVpcAttribute",
"ec2:AssociateDhcpOptions",
"ec2:AssociateSubnetCidrBlock",
"ec2:AttachInternetGateway",
"ec2:AttachNetworkInterface",
"ec2:AttachVolume",
"ec2:DeleteDhcpOptions",
"ec2:DeleteInternetGateway",
"ec2:DeleteKeyPair",
"ec2:DeleteNatGateway",
"ec2:DeleteSecurityGroup",
"ec2:DeleteVolume",
"ec2:DeleteVpc",
"ec2:DetachInternetGateway",
"ec2:DetachVolume",
"ec2:DeleteSnapshot",
"ec2:AssociateRouteTable",
"ec2:AssociateVpcCidrBlock",
"ec2:DeleteNetworkAcl",
"ec2:DeleteNetworkInterface",
"ec2:DeleteNetworkInterfacePermission",
"ec2:DeleteRoute",
"ec2:DeleteRouteTable",
"ec2:DeleteSubnet",
"ec2:DetachNetworkInterface",
"ec2:DisassociateAddress",
"ec2:DisassociateVpcCidrBlock",
"ec2:GetLaunchTemplateData",
"ec2:ModifyNetworkInterfaceAttribute",
"ec2:ModifyVolume",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:GetConsoleOutput",
"ec2:GetPasswordData",
"ec2:ReleaseAddress",
"ec2:ReplaceRoute",
"ec2:ReplaceRouteTableAssociation",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"ec2:DisassociateIamInstanceProfile",
"ec2:DisassociateRouteTable",
"ec2:DisassociateSubnetCidrBlock",
"ec2:ModifyInstancePlacement",
"ec2:DeletePlacementGroup",
"ec2:CreatePlacementGroup",
"elasticfilesystem:DeleteFileSystem",
"elasticfilesystem:DeleteMountTarget",
"ds:AddIpRoutes",
"ds:CreateComputer",
"ds:CreateMicrosoftAD",
"ds:DeleteDirectory",
"servicecatalog:AssociateProductWithPortfolio",
"cloudformation:GetTemplateSummary",
"sts:GetCallerIdentity"
],
"Resource" : "*",
"Condition" : {
"ForAnyValue:StringEquals" : {
"aws:CalledVia" : "launchwizard.amazonaws.com"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"cloudformation:DescribeStack*",
"cloudformation:Get*",
"cloudformation:ListStacks",
"cloudformation:SignalResource",
"cloudformation:DeleteStack"
],
"Resource" : [
"arn:aws:cloudformation:*:*:stack/LaunchWizard*/*",
"arn:aws:cloudformation:*:*:stack/ApplicationInsights*/*"
]
},
{
"Effect" : "Allow",
"Action" : [
"ec2:StopInstances",
"ec2:TerminateInstances"
],
"Resource" : "*",
"Condition" : {
"StringLike" : {
"ec2:ResourceTag/aws:cloudformation:stack-id" : "arn:aws:cloudformation:*:*:stack/LaunchWizard-*/*"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"iam:CreateInstanceProfile",
"iam:DeleteInstanceProfile",
"iam:RemoveRoleFromInstanceProfile",
"iam:AddRoleToInstanceProfile"
],
"Resource" : [
"arn:aws:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard*",
"arn:aws:iam::*:instance-profile/LaunchWizard*"
]
},
{
"Effect" : "Allow",
"Action" : [
"iam:PassRole"
],
"Resource" : [
"arn:aws:iam::*:role/service-role/AmazonEC2RoleForLaunchWizard*",
"arn:aws:iam::*:role/service-role/AmazonLambdaRoleForLaunchWizard*",
"arn:aws:iam::*:instance-profile/LaunchWizard*"
],
"Condition" : {
"StringEqualsIfExists" : {
"iam:PassedToService" : [
"lambda.amazonaws.com",
"ec2.amazonaws.com",
"ec2.amazonaws.com.cn"
]
}
}
},
{
"Effect" : "Allow",
"Action" : [
"autoscaling:AttachInstances",
"autoscaling:CreateAutoScalingGroup",
"autoscaling:CreateLaunchConfiguration",
"autoscaling:DeleteAutoScalingGroup",
"autoscaling:DeleteLaunchConfiguration",
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:CreateOrUpdateTags",
"logs:CreateLogStream",
"logs:DeleteLogGroup",
"logs:DeleteLogStream",
"logs:DescribeLog*",
"logs:PutLogEvents",
"resource-groups:CreateGroup",
"resource-groups:DeleteGroup",
"sns:ListSubscriptionsByTopic",
"sns:Publish",
"ssm:DeleteDocument",
"ssm:DeleteParameter*",
"ssm:DescribeDocument*",
"ssm:GetDocument",
"ssm:PutParameter"
],
"Resource" : [
"arn:aws:resource-groups:*:*:group/LaunchWizard*",
"arn:aws:sns:*:*:*",
"arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/LaunchWizard*",
"arn:aws:autoscaling:*:*:launchConfiguration:*:launchConfigurationName/LaunchWizard*",
"arn:aws:ssm:*:*:parameter/LaunchWizard*",
"arn:aws:ssm:*:*:document/LaunchWizard*",
"arn:aws:logs:*:*:log-group:*:*:*",
"arn:aws:logs:*:*:log-group:LaunchWizard*"
]
},
{
"Effect" : "Allow",
"Action" : [
"ssm:GetDocument",
"ssm:SendCommand"
],
"Resource" : [
"arn:aws:ssm:*::document/AWS-RunShellScript"
]
},
{
"Effect" : "Allow",
"Action" : [
"ssm:SendCommand"
],
"Resource" : [
"arn:aws:ec2:*:*:instance/*"
],
"Condition" : {
"StringLike" : {
"aws:ResourceTag/aws:cloudformation:stack-id" : "arn:aws:cloudformation:*:*:stack/LaunchWizard-*/*"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"logs:DeleteLogStream",
"logs:GetLogEvents",
"logs:PutLogEvents",
"ssm:AddTagsToResource",
"ssm:DescribeDocument",
"ssm:GetDocument",
"ssm:ListTagsForResource",
"ssm:RemoveTagsFromResource"
],
"Resource" : [
"arn:aws:logs:*:*:log-group:*:*:*",
"arn:aws:logs:*:*:log-group:LaunchWizard*",
"arn:aws:ssm:*:*:parameter/LaunchWizard*",
"arn:aws:ssm:*:*:document/LaunchWizard*"
]
},
{
"Effect" : "Allow",
"Action" : [
"autoscaling:Describe*",
"cloudformation:DescribeAccountLimits",
"cloudformation:DescribeStackDriftDetectionStatus",
"cloudformation:List*",
"cloudformation:ValidateTemplate",
"ds:Describe*",
"ds:ListAuthorizedApplications",
"ec2:Describe*",
"ec2:Get*",
"iam:GetRole",
"iam:GetRolePolicy",
"iam:GetUser",
"iam:GetPolicyVersion",
"iam:GetPolicy",
"iam:List*",
"logs:CreateLogGroup",
"logs:GetLogDelivery",
"logs:GetLogRecord",
"logs:ListLogDeliveries",
"resource-groups:Get*",
"resource-groups:List*",
"servicequotas:GetServiceQuota",
"servicequotas:ListServiceQuotas",
"sns:ListSubscriptions",
"sns:ListTopics",
"ssm:CreateDocument",
"ssm:DescribeAutomation*",
"ssm:DescribeInstanceInformation",
"ssm:DescribeParameters",
"ssm:GetAutomationExecution",
"ssm:GetCommandInvocation",
"ssm:GetParameter*",
"ssm:GetConnectionStatus",
"ssm:ListCommand*",
"ssm:ListDocument*",
"ssm:ListInstanceAssociations",
"ssm:SendAutomationSignal",
"tag:Get*"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : [
"ssm:StartAutomationExecution",
"ssm:StopAutomationExecution"
],
"Resource" : "arn:aws:ssm:*:*:automation-definition/LaunchWizard-*:*",
"Condition" : {
"ForAnyValue:StringEquals" : {
"aws:CalledVia" : "launchwizard.amazonaws.com"
}
}
},
{
"Effect" : "Allow",
"Action" : "logs:GetLog*",
"Resource" : [
"arn:aws:logs:*:*:log-group:*:*:*",
"arn:aws:logs:*:*:log-group:LaunchWizard*"
]
},
{
"Effect" : "Allow",
"Action" : [
"cloudformation:List*",
"cloudformation:Describe*"
],
"Resource" : "arn:aws:cloudformation:*:*:stack/LaunchWizard*/"
},
{
"Effect" : "Allow",
"Action" : [
"iam:CreateServiceLinkedRole"
],
"Resource" : "*",
"Condition" : {
"StringEquals" : {
"iam:AWSServiceName" : [
"autoscaling.amazonaws.com",
"application-insights.amazonaws.com",
"events.amazonaws.com",
"autoscaling.amazonaws.com.cn",
"events.amazonaws.com.cn"
]
}
}
},
{
"Effect" : "Allow",
"Action" : "launchwizard:*",
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : [
"sqs:TagQueue",
"sqs:GetQueueUrl",
"sqs:AddPermission",
"sqs:ListQueues",
"sqs:DeleteQueue",
"sqs:GetQueueAttributes",
"sqs:ListQueueTags",
"sqs:CreateQueue",
"sqs:SetQueueAttributes"
],
"Resource" : "arn:aws:sqs:*:*:LaunchWizard*"
},
{
"Effect" : "Allow",
"Action" : [
"cloudwatch:PutMetricAlarm",
"iam:GetInstanceProfile",
"cloudwatch:DeleteAlarms",
"cloudwatch:DescribeAlarms"
],
"Resource" : [
"arn:aws:cloudwatch:*:*:alarm:LaunchWizard*",
"arn:aws:iam::*:instance-profile/LaunchWizard*"
]
},
{
"Effect" : "Allow",
"Action" : [
"cloudformation:CreateStack",
"route53:ListHostedZones",
"ec2:CreateSecurityGroup",
"ec2:AuthorizeSecurityGroupIngress",
"elasticfilesystem:DescribeFileSystems",
"elasticfilesystem:CreateFileSystem",
"elasticfilesystem:CreateMountTarget",
"elasticfilesystem:DescribeMountTargets",
"elasticfilesystem:DescribeMountTargetSecurityGroups"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : [
"s3:GetObject",
"s3:PutObject"
],
"Resource" : [
"arn:aws:s3:::launchwizard*",
"arn:aws:s3:::launchwizard*/*",
"arn:aws:s3:::aws-sap-data-provider/config.properties"
]
},
{
"Effect" : "Allow",
"Action" : "cloudformation:TagResource",
"Resource" : "*",
"Condition" : {
"ForAllValues:StringLike" : {
"aws:TagKeys" : "LaunchWizard*"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"s3:CreateBucket",
"s3:PutBucketVersioning",
"s3:DeleteBucket",
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:GetFunction",
"lambda:GetFunctionConfiguration",
"lambda:InvokeFunction"
],
"Resource" : [
"arn:aws:lambda:*:*:function:LaunchWizard*",
"arn:aws:s3:::launchwizard*"
]
},
{
"Effect" : "Allow",
"Action" : [
"dynamodb:CreateTable",
"dynamodb:DescribeTable",
"dynamodb:DeleteTable"
],
"Resource" : "arn:aws:dynamodb:*:*:table/LaunchWizard*"
},
{
"Effect" : "Allow",
"Action" : [
"secretsmanager:CreateSecret",
"secretsmanager:DeleteSecret",
"secretsmanager:TagResource",
"secretsmanager:UntagResource",
"secretsmanager:PutResourcePolicy",
"secretsmanager:DeleteResourcePolicy",
"secretsmanager:ListSecretVersionIds",
"secretsmanager:GetSecretValue"
],
"Resource" : "arn:aws:secretsmanager:*:*:secret:LaunchWizard*"
},
{
"Effect" : "Allow",
"Action" : [
"secretsmanager:GetRandomPassword",
"secretsmanager:ListSecrets"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : [
"ssm:CreateOpsMetadata"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : "ssm:DeleteOpsMetadata",
"Resource" : "arn:aws:ssm:*:*:opsmetadata/aws/ssm/LaunchWizard*"
},
{
"Effect" : "Allow",
"Action" : [
"sns:CreateTopic",
"sns:DeleteTopic",
"sns:Subscribe",
"sns:Unsubscribe"
],
"Resource" : "arn:aws:sns:*:*:LaunchWizard*"
},
{
"Effect" : "Allow",
"Action" : [
"fsx:UntagResource",
"fsx:TagResource",
"fsx:DeleteFileSystem",
"fsx:ListTagsForResource"
],
"Resource" : "*",
"Condition" : {
"StringLike" : {
"aws:ResourceTag/Name" : "LaunchWizard*"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"fsx:CreateFileSystem"
],
"Resource" : "*",
"Condition" : {
"StringLike" : {
"aws:RequestTag/Name" : [
"LaunchWizard*"
]
}
}
},
{
"Effect" : "Allow",
"Action" : [
"fsx:DescribeFileSystems"
],
"Resource" : "*"
},
{
"Effect" : "Allow",
"Action" : [
"servicecatalog:CreatePortfolio",
"servicecatalog:DescribePortfolio",
"servicecatalog:CreateConstraint",
"servicecatalog:CreateProduct",
"servicecatalog:AssociatePrincipalWithPortfolio",
"servicecatalog:CreateProvisioningArtifact",
"servicecatalog:TagResource",
"servicecatalog:UntagResource"
],
"Resource" : [
"arn:aws:servicecatalog:*:*:*/*",
"arn:aws:catalog:*:*:*/*"
],
"Condition" : {
"ForAnyValue:StringEquals" : {
"aws:CalledVia" : "launchwizard.amazonaws.com"
}
}
},
{
"Sid" : "VisualEditor0",
"Effect" : "Allow",
"Action" : [
"ssm:CreateAssociation",
"ssm:DeleteAssociation"
],
"Resource" : "arn:aws:ssm:*:*:document/AWS-ConfigureAWSPackage",
"Condition" : {
"ForAnyValue:StringEquals" : {
"aws:CalledVia" : "launchwizard.amazonaws.com"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"elasticfilesystem:UntagResource",
"elasticfilesystem:TagResource"
],
"Resource" : "arn:aws:elasticfilesystem:*:*:file-system/*",
"Condition" : {
"ForAnyValue:StringEquals" : {
"aws:CalledVia" : "launchwizard.amazonaws.com"
}
}
},
{
"Effect" : "Allow",
"Action" : [
"logs:TagResource",
"logs:UntagResource"
],
"Resource" : "arn:aws:logs:*:*:log-group:LaunchWizard*",
"Condition" : {
"ForAnyValue:StringEquals" : {
"aws:CalledVia" : "launchwizard.amazonaws.com"
}
}
}
]
}Saiba mais
