PROVISION-AWS-IAM
SUMMARY:
An ansible role that can be used for configuring an IAM role
Required list structure example:
iam:
- name: ManagedInstanceRoleforSSM
type: role
trust_policy:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- ssm:DescribeAssociation
- ssm:GetDeployablePatchSnapshotForInstance
- ssm:GetDocument
- ssm:DescribeDocument
- ssm:GetManifest
- ssm:GetParameters
- ssm:ListAssociations
- ssm:ListInstanceAssociations
- ssm:PutInventory
- ssm:PutComplianceItems
- ssm:PutConfigurePackageResult
- ssm:UpdateAssociationStatus
- ssm:UpdateInstanceAssociationStatus
- ssm:UpdateInstanceInformation
Resource: "*"
- Effect: Allow
Action:
- ssmmessages:CreateControlChannel
- ssmmessages:CreateDataChannel
- ssmmessages:OpenControlChannel
- ssmmessages:OpenDataChannel
Resource: "*"
- Effect: Allow
Action:
- ec2messages:AcknowledgeMessage
- ec2messages:DeleteMessage
- ec2messages:FailMessage
- ec2messages:GetEndpoint
- ec2messages:GetMessages
- ec2messages:SendReply
Resource: "*"
- Effect: Allow
Action:
- cloudwatch:PutMetricData
Resource: "*"
- Effect: Allow
Action:
- ec2:DescribeInstanceStatus
Resource: "*"
- Effect: Allow
Action:
- ds:CreateComputer
- ds:DescribeDirectories
Resource: "*"
- Effect: Allow
Action:
- logs:CreateLogGroup
- logs:CreateLogStream
- logs:DescribeLogGroups
- logs:DescribeLogStreams
- logs:PutLogEvents
Resource: "*"
- Effect: Allow
Action:
- s3:GetBucketLocation
- s3:PutObject
- s3:GetObject
- s3:GetEncryptionConfiguration
- s3:AbortMultipartUpload
- s3:ListMultipartUploadParts
- s3:ListBucket
- s3:ListBucketMultipartUploads
Resource: "*"