IAM: users, roles and policies
IAM Policies
Deserted-Chateau-Test-Lambda-Admin-Access
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"lambda:CreateFunction",
"lambda:UpdateFunctionCode",
"iam:PassRole",
"lambda:InvokeFunction",
"lambda:GetLayerVersion",
"lambda:UpdateFunctionConfiguration",
"lambda:DeleteFunction"
],
"Resource": [
"arn:aws:iam::704509183101:role/Deserted-Chateau-Lambda-Execution-Role",
"arn:aws:lambda:eu-west-3:704509183101:function:Deserted-Chateau-Test-*",
"arn:aws:lambda:eu-west-3:704509183101:layer:*:*"
]
}
]
}Deserted-Chateau-Test-Lambda-Execution-Access
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "logs:PutLogEvents",
"Resource": "arn:aws:logs:*:704509183101:log-group:*:log-stream:*"
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"logs:CreateLogGroup"
],
"Resource": "arn:aws:logs:*:704509183101:log-group:*"
}
]
}Deserted-Chateau-Test-S3-Buckets-Read-Write-Access
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::deserted-chateau-test-public/*",
"arn:aws:s3:::deserted-chateau-test-public",
"arn:aws:s3:::deserted-chateau-test-protected/*",
"arn:aws:s3:::deserted-chateau-test-protected",
"arn:aws:s3:::deserted-chateau-test-subscribed/*",
"arn:aws:s3:::deserted-chateau-test-subscribed",
"arn:aws:s3:::deserted-chateau-test-public-volume/*",
"arn:aws:s3:::deserted-chateau-test-public-volume",
"arn:aws:s3:::deserted-chateau-test-subscribed-volume/*",
"arn:aws:s3:::deserted-chateau-test-subscribed-volume",
"arn:aws:s3:::deserted-chateau-test-user-data-requests/*",
"arn:aws:s3:::deserted-chateau-test-user-data-requests"
]
}
]
}Deserted-Chateau-Test-S3-BunnyCDN-Error-Page-Assets-Read-Access
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::deserted-chateau-test-external-site-assets/*"
]
}
]
}Deserted-Chateau-Test-S3-BunnyCDN-Public-Content-Read-Access
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::deserted-chateau-test-public/*",
"arn:aws:s3:::deserted-chateau-test-public-volume/*"
]
}
]
}Deserted-Chateau-Test-S3-BunnyCDN-Subscribed-Content-Read-Access
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::deserted-chateau-test-subscribed/*",
"arn:aws:s3:::deserted-chateau-test-subscribed-volume/*"
]
}
]
}Deserted-Chateau-Test-SSM-Read-Write-Access
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ssm:PutParameter",
"ssm:DeleteParameter",
"ssm:GetParametersByPath",
"ssm:GetParameters",
"ssm:GetParameter",
"ssm:DeleteParameters"
],
"Resource": "arn:aws:ssm:eu-west-3:704509183101:parameter/Deserted-Chateau/*"
}
]
}Deserted-Chateau-Test-User-Data-Requests-Bucket-Read-Access
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": [
"arn:aws:s3:::deserted-chateau-test-user-data-requests/*"
]
}
]
}IAM Roles
Deserted-Chateau-Test-Lambda-Execution-Role
Deserted-Chateau-Test-EventBridge-Scheduler-Role
IAM Users
Deserted-Chateau-Test-BunnyCDN-User
Create access key: Yes
Deserted-Chateau-Test-Comprehend-User
Create access key: Yes
Deserted-Chateau-Test-Lambda-Admin-User
Create access key: Yes
Deserted-Chateau-Test-S3-Read-Write-User
Create access key: Yes
Deserted-Chateau-Test-SMTP-User
Create access key: Yes
Deserted-Chateau-Test-SSM-User
Create access key: Yes
