{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"iam:CreateInstanceProfile",
"iam:DeleteInstanceProfile",
"rds:AddTagsToResource",
"iam:GetInstanceProfile",
"iam:RemoveRoleFromInstanceProfile",
"rds:DeleteTenantDatabase",
"iam:AddRoleToInstanceProfile",
"rds:CreateDBInstance",
"rds:DescribeDBInstances",
"rds:RemoveTagsFromResource",
"rds:CreateTenantDatabase",
"iam:TagInstanceProfile",
"rds:DeleteDBInstance"
],
"Resource": [
"arn:aws:iam::$ACCOUNT_ID:instance-profile/*",
"arn:aws:rds:$REGION:$ACCOUNT_ID:db:$CLUSTER_NAME*"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"rds:AddTagsToResource",
"rds:DeleteDBSubnetGroup",
"rds:DescribeDBSubnetGroups",
"iam:DeleteOpenIDConnectProvider",
"iam:GetOpenIDConnectProvider",
"rds:CreateDBSubnetGroup",
"rds:ListTagsForResource",
"rds:RemoveTagsFromResource",
"iam:TagOpenIDConnectProvider",
"iam:CreateOpenIDConnectProvider",
"rds:CreateDBInstance",
"rds:DeleteDBInstance"
],
"Resource": [
"arn:aws:rds:$REGION:$ACCOUNT_ID:subgrp:$CLUSTER_NAME*",
"arn:aws:iam::$ACCOUNT_ID:oidc-provider/*"
]
},
{
"Sid": "VisualEditor9",
"Effect": "Allow",
"Action": [
"rds:DescribeDBInstances"
],
"Resource": [
"arn:aws:rds:$REGION:$ACCOUNT_ID:db:*"
]
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": [
"iam:CreatePolicy",
"iam:GetPolicyVersion",
"iam:GetPolicy",
"iam:ListPolicyVersions",
"iam:DeletePolicy",
"iam:TagPolicy"
],
"Resource": [
"arn:aws:iam::$ACCOUNT_ID:policy/tfy-*",
"arn:aws:iam::$ACCOUNT_ID:policy/truefoundry-*",
"arn:aws:iam::$ACCOUNT_ID:policy/AmazonEKS_Karpenter_Controller_Policy*",
"arn:aws:iam::$ACCOUNT_ID:policy/AmazonEKS_CNI_Policy*",
"arn:aws:iam::$ACCOUNT_ID:policy/AmazonEKS_AWS_Load_Balancer_Controller*",
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess"
]
},
{
"Sid": "VisualEditor3",
"Effect": "Allow",
"Action": [
"iam:ListPolicies",
"elasticfilesystem:*",
"iam:GetRole",
"s3:ListAllMyBuckets",
"kms:*",
"ec2:*",
"s3:ListBucket",
"route53:AssociateVPCWithHostedZone",
"sts:GetCallerIdentity",
"eks:*"
],
"Resource": "*"
},
{
"Sid": "VisualEditor4",
"Effect": "Allow",
"Action": "dynamodb:*",
"Resource": "arn:aws:dynamodb:$REGION:$ACCOUNT_ID:table/$CLUSTER_NAME*"
},
{
"Sid": "VisualEditor5",
"Effect": "Allow",
"Action": "iam:*",
"Resource": [
"arn:aws:iam::$ACCOUNT_ID:role/$CLUSTER_NAME*",
"arn:aws:iam::$ACCOUNT_ID:role/$CLUSTER_NAME*"
]
},
{
"Sid": "VisualEditor6",
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::$CLUSTER_NAME*/*",
"arn:aws:s3:::$CLUSTER_NAME*/*",
"arn:aws:s3:::$CLUSTER_NAME*",
"arn:aws:s3:::$CLUSTER_NAME*",
"arn:aws:s3:::$CLUSTER_NAME*",
"arn:aws:s3:::$CLUSTER_NAME*/*"
]
},
{
"Sid": "VisualEditor7",
"Effect": "Allow",
"Action": "events:*",
"Resource": "arn:aws:events:$REGION:$ACCOUNT_ID:rule/$CLUSTER_NAME*"
},
{
"Sid": "VisualEditor8",
"Effect": "Allow",
"Action": "sqs:*",
"Resource": "arn:aws:sqs:$REGION:$ACCOUNT_ID:$CLUSTER_NAME*"
}
]
}
