|
258 | 258 | } |
259 | 259 | }, |
260 | 260 | "S3CrudPolicy": { |
261 | | - "Description": "Gives CRUD permissions to objects in the S3 Bucket", |
| 261 | + "Description": "Gives read permissions to objects in the S3 Bucket", |
262 | 262 | "Parameters": { |
263 | 263 | "BucketName": { |
264 | 264 | "Description": "Name of the Bucket" |
|
711 | 711 | } |
712 | 712 | ] |
713 | 713 | } |
| 714 | + }, |
| 715 | + "PollyFullAccessPolicy": { |
| 716 | + "Description": "Gives full access permissions to Polly lexicon resources", |
| 717 | + "Parameters": { |
| 718 | + "LexiconName": { |
| 719 | + "Description": "Name of the Lexicon" |
| 720 | + } |
| 721 | + }, |
| 722 | + "Definition": { |
| 723 | + "Statement": [ |
| 724 | + { |
| 725 | + "Effect": "Allow", |
| 726 | + "Action": [ |
| 727 | + "polly:GetLexicon", |
| 728 | + "polly:DeleteLexicon" |
| 729 | + ], |
| 730 | + "Resource": [ |
| 731 | + { |
| 732 | + "Fn::Sub": [ |
| 733 | + "arn:${AWS::Partition}:polly:${AWS::Region}:${AWS::AccountId}:lexicon/${lexiconName}", |
| 734 | + { |
| 735 | + "lexiconName": { |
| 736 | + "Ref": "LexiconName" |
| 737 | + } |
| 738 | + } |
| 739 | + ] |
| 740 | + } |
| 741 | + ] |
| 742 | + }, |
| 743 | + { |
| 744 | + "Effect": "Allow", |
| 745 | + "Action": [ |
| 746 | + "polly:DescribeVoices", |
| 747 | + "polly:ListLexicons", |
| 748 | + "polly:PutLexicon", |
| 749 | + "polly:SynthesizeSpeech" |
| 750 | + ], |
| 751 | + "Resource": [ |
| 752 | + { |
| 753 | + "Fn::Sub": "arn:${AWS::Partition}:polly:${AWS::Region}:${AWS::AccountId}:lexicon/*" |
| 754 | + } |
| 755 | + ] |
| 756 | + } |
| 757 | + ] |
| 758 | + } |
| 759 | + }, |
| 760 | + "S3FullAccessPolicy": { |
| 761 | + "Description": "Gives full access permissions to objects in the S3 Bucket", |
| 762 | + "Parameters": { |
| 763 | + "BucketName": { |
| 764 | + "Description": "Name of the Bucket" |
| 765 | + } |
| 766 | + }, |
| 767 | + "Definition": { |
| 768 | + "Statement": [ |
| 769 | + { |
| 770 | + "Effect": "Allow", |
| 771 | + "Action": [ |
| 772 | + "s3:GetObject", |
| 773 | + "s3:GetObjectAcl", |
| 774 | + "s3:GetObjectVersion", |
| 775 | + "s3:PutObject", |
| 776 | + "s3:PutObjectAcl", |
| 777 | + "s3:DeleteObject" |
| 778 | + ], |
| 779 | + "Resource": [ |
| 780 | + { |
| 781 | + "Fn::Sub": [ |
| 782 | + "arn:${AWS::Partition}:s3:::${bucketName}/*", |
| 783 | + { |
| 784 | + "bucketName": { |
| 785 | + "Ref": "BucketName" |
| 786 | + } |
| 787 | + } |
| 788 | + ] |
| 789 | + } |
| 790 | + ] |
| 791 | + }, |
| 792 | + { |
| 793 | + "Effect": "Allow", |
| 794 | + "Action": [ |
| 795 | + "s3:ListBucket", |
| 796 | + "s3:GetBucketLocation", |
| 797 | + "s3:GetLifecycleConfiguration", |
| 798 | + "s3:PutLifecycleConfiguration" |
| 799 | + ], |
| 800 | + "Resource": [ |
| 801 | + { |
| 802 | + "Fn::Sub": [ |
| 803 | + "arn:${AWS::Partition}:s3:::${bucketName}", |
| 804 | + { |
| 805 | + "bucketName": { |
| 806 | + "Ref": "BucketName" |
| 807 | + } |
| 808 | + } |
| 809 | + ] |
| 810 | + } |
| 811 | + ] |
| 812 | + } |
| 813 | + ] |
| 814 | + } |
| 815 | + }, |
| 816 | + "CodePipelineLambdaExecutionPolicy": { |
| 817 | + "Description": "Gives permission for a Lambda function invoked by AWS CodePipeline to report back status of the job", |
| 818 | + "Parameters": {}, |
| 819 | + "Definition": { |
| 820 | + "Statement": [ |
| 821 | + { |
| 822 | + "Effect": "Allow", |
| 823 | + "Action": [ |
| 824 | + "codepipeline:PutJobSuccessResult", |
| 825 | + "codepipeline:PutJobFailureResult" |
| 826 | + ], |
| 827 | + "Resource": [ |
| 828 | + { |
| 829 | + "Fn::Sub": "arn:${AWS::Partition}:codepipeline:${AWS::Region}:${AWS::AccountId}:*" |
| 830 | + } |
| 831 | + ] |
| 832 | + } |
| 833 | + ] |
| 834 | + } |
| 835 | + }, |
| 836 | + "ServerlessRepoReadWriteAccessPolicy": { |
| 837 | + "Description": "Gives access permissions to create and list applications in the AWS Serverless Application Repository service", |
| 838 | + "Parameters": {}, |
| 839 | + "Definition": { |
| 840 | + "Statement": [ |
| 841 | + { |
| 842 | + "Effect": "Allow", |
| 843 | + "Action": [ |
| 844 | + "serverlessrepo:CreateApplication", |
| 845 | + "serverlessrepo:CreateApplicationVersion", |
| 846 | + "serverlessrepo:GetApplication", |
| 847 | + "serverlessrepo:ListApplications", |
| 848 | + "serverlessrepo:ListApplicationVersions" |
| 849 | + ], |
| 850 | + "Resource": [ |
| 851 | + { |
| 852 | + "Fn::Sub": "arn:${AWS::Partition}:serverlessrepo:${AWS::Region}:${AWS::AccountId}:applications/*" |
| 853 | + } |
| 854 | + ] |
| 855 | + } |
| 856 | + ] |
| 857 | + } |
| 858 | + }, |
| 859 | + "EC2CopyImagePolicy": { |
| 860 | + "Description": "Gives permission top copy EC2 Images", |
| 861 | + "Parameters": { |
| 862 | + "ImageId": { |
| 863 | + "Description": "The id of the image" |
| 864 | + } |
| 865 | + }, |
| 866 | + "Definition": { |
| 867 | + "Statement": [ |
| 868 | + { |
| 869 | + "Effect": "Allow", |
| 870 | + "Action": [ |
| 871 | + "ec2:CopyImage" |
| 872 | + ], |
| 873 | + "Resource": { |
| 874 | + "Fn::Sub": [ |
| 875 | + "arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:image/${imageId}", |
| 876 | + { |
| 877 | + "imageId": { |
| 878 | + "Ref": "ImageId" |
| 879 | + } |
| 880 | + } |
| 881 | + ] |
| 882 | + } |
| 883 | + } |
| 884 | + ] |
| 885 | + } |
714 | 886 | } |
715 | 887 | } |
716 | 888 | } |
0 commit comments