{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "acm:describe*",
        "acm:list*",
        "apigateway:get*",
        "apigatewayv2:get*",
        "application-autoscaling:describe*",
        "appmesh:describe*",
        "appmesh:list*",
        "appsync:list*",
        "athena:list*",
        "autoscaling:describe*",
        "aws-marketplace:viewsubscriptions",
        "batch:describecomputeenvironments",
        "batch:describejobdefinitions",
        "batch:listjobs",
        "chime:list*",
        "cloud9:describe*",
        "cloud9:listenvironments",
        "clouddirectory:listappliedschemaarns",
        "clouddirectory:listdevelopmentschemaarns",
        "clouddirectory:listdirectories",
        "clouddirectory:listpublishedschemaarns",
        "cloudformation:describestack*",
        "cloudformation:getstackpolicy",
        "cloudformation:gettemplate",
        "cloudformation:list*",
        "cloudfront:get*",
        "cloudfront:list*",
        "cloudhsm:listavailablezones",
        "cloudhsm:listhapgs",
        "cloudhsm:listhsms",
        "cloudhsm:listlunaclients",
        "cloudsearch:describedomains",
        "cloudsearch:describeserviceaccesspolicies",
        "cloudsearch:list*",
        "cloudtrail:describetrails",
        "cloudtrail:geteventselectors",
        "cloudtrail:gettrailstatus",
        "cloudtrail:listtags",
        "cloudtrail:lookupevents",
        "cloudwatch:describe*",
        "cloudwatch:get*",
        "cloudwatch:list*",
        "codebuild:listbuilds*",
        "codebuild:listprojects",
        "codecommit:batchgetrepositories",
        "codecommit:getbranch",
        "codecommit:getobjectidentifier",
        "codecommit:getrepository",
        "codecommit:list*",
        "codedeploy:batch*",
        "codedeploy:get*",
        "codedeploy:list*",
        "codepipeline:listpipelines",
        "codestar:describe*",
        "codestar:list*",
        "codestar:verify*",
        "cognito-identity:listidentities",
        "cognito-identity:listidentitypools",
        "cognito-idp:list*",
        "cognito-idp:listuserpools",
        "cognito-sync:describe*",
        "cognito-sync:list*",
        "cognito-sync:listdatasets",
        "comprehend:describe*",
        "comprehend:list*",
        "config:batchgetaggregateresourceconfig",
        "config:batchgetresourceconfig",
        "config:deliver*",
        "config:describe*",
        "config:get*",
        "config:list*",
        "connect:list*",
        "datapipeline:describeobjects",
        "datapipeline:describepipelines",
        "datapipeline:evaluateexpression",
        "datapipeline:getaccountlimits",
        "datapipeline:getpipelinedefinition",
        "datapipeline:listpipelines",
        "datapipeline:queryobjects",
        "datapipeline:validatepipelinedefinition",
        "datasync:describe*",
        "datasync:list*",
        "dax:describe*",
        "dax:describeclusters",
        "dax:describedefaultparameters",
        "dax:describeevents",
        "dax:describeparametergroups",
        "dax:describeparameters",
        "dax:describesubnetgroups",
        "dax:describetable",
        "dax:listtables",
        "dax:listtags",
        "devicefarm:list*",
        "directconnect:describe*",
        "discovery:list*",
        "dms:describe*",
        "dms:list*",
        "dms:listtagsforresource",
        "ds:describedirectories",
        "dynamodb:describebackup",
        "dynamodb:describecontinuousbackups",
        "dynamodb:describeglobaltable",
        "dynamodb:describeglobaltablesettings",
        "dynamodb:describelimits",
        "dynamodb:describereservedcapacity",
        "dynamodb:describereservedcapacityofferings",
        "dynamodb:describestream",
        "dynamodb:describetable",
        "dynamodb:describetimetolive",
        "dynamodb:listbackups",
        "dynamodb:listglobaltables",
        "dynamodb:liststreams",
        "dynamodb:listtables",
        "dynamodb:listtagsofresource",
        "ec2:describe*",
        "ec2:get*",
        "ecr:describe*",
        "ecr:getrepositorypolicy",
        "ecr:listimages",
        "ecs:describe*",
        "ecs:list*",
        "eks:describecluster",
        "eks:listclusters",
        "elasticache:describe*",
        "elasticbeanstalk:describe*",
        "elasticbeanstalk:listavailablesolutionstacks",
        "elasticfilesystem:describefilesystems",
        "elasticfilesystem:describemounttargets",
        "elasticfilesystem:describemounttargetsecuritygroups",
        "elasticloadbalancing:describe*",
        "elasticmapreduce:describe*",
        "elasticmapreduce:list*",
        "elastictranscoder:list*",
        "es:describe*",
        "es:listdomainnames",
        "events:describe*",
        "events:list*",
        "firehose:describe*",
        "firehose:list*",
        "fms:listcompliancestatus",
        "fms:listpolicies",
        "fsx:describe*",
        "fsx:list*",
        "gamelift:list*",
        "glacier:describevault",
        "glacier:getvaultaccesspolicy",
        "glacier:list*",
        "globalaccelerator:describe*",
        "globalaccelerator:list*",
        "greengrass:list*",
        "guardduty:get*",
        "guardduty:list*",
        "iam:generatecredentialreport",
        "iam:generateservicelastaccesseddetails",
        "iam:get*",
        "iam:list*",
        "iam:simulatecustompolicy",
        "iam:simulateprincipalpolicy",
        "importexport:listjobs",
        "inspector:describe*",
        "inspector:get*",
        "inspector:list*",
        "inspector:preview*",
        "iot:describe*",
        "iot:getpolicy",
        "iot:getpolicyversion",
        "iot:list*",
        "kinesis:describestream",
        "kinesis:liststreams",
        "kinesis:listtagsforstream",
        "kinesisanalytics:listapplications",
        "kms:describe*",
        "kms:get*",
        "kms:list*",
        "lambda:getaccountsettings",
        "lambda:getfunctionconfiguration",
        "lambda:getlayerversionpolicy",
        "lambda:getpolicy",
        "lambda:list*",
        "lex:getbotaliases",
        "lex:getbotchannelassociations",
        "lex:getbots",
        "lex:getbotversions",
        "lex:getintents",
        "lex:getintentversions",
        "lex:getslottypes",
        "lex:getslottypeversions",
        "lex:getutterancesview",
        "license-manager:list*",
        "lightsail:getblueprints",
        "lightsail:getbundles",
        "lightsail:getinstances",
        "lightsail:getinstancesnapshots",
        "lightsail:getkeypair",
        "lightsail:getloadbalancers",
        "lightsail:getregions",
        "lightsail:getstaticips",
        "lightsail:isvpcpeered",
        "logs:describe*",
        "logs:listtagsloggroup",
        "machinelearning:describe*",
        "mediaconnect:describe*",
        "mediaconnect:list*",
        "mediastore:getcontainerpolicy",
        "mediastore:listcontainers",
        "mobilehub:listavailablefeatures",
        "mobilehub:listavailableregions",
        "mobilehub:listprojects",
        "mobiletargeting:getapplicationsettings",
        "mobiletargeting:getcampaigns",
        "mobiletargeting:getimportjobs",
        "mobiletargeting:getsegments",
        "opsworks-cm:describe*",
        "opsworks-cm:describeservers",
        "opsworks:describe*",
        "opsworks:describestacks",
        "organizations:describe*",
        "organizations:list*",
        "polly:describe*",
        "polly:list*",
        "quicksight:describe*",
        "quicksight:list*",
        "ram:list*",
        "rds:describe*",
        "rds:downloaddblogfileportion",
        "rds:listtagsforresource",
        "redshift:describe*",
        "redshift:viewqueriesinconsole",
        "rekognition:describe*",
        "rekognition:list*",
        "robomaker:describe*",
        "robomaker:list*",
        "route53:get*",
        "route53:list*",
        "route53domains:getdomaindetail",
        "route53domains:getoperationdetail",
        "route53domains:list*",
        "route53resolver:get*",
        "route53resolver:list*",
        "s3:getaccelerateconfiguration",
        "s3:getaccountpublicaccessblock",
        "s3:getanalyticsconfiguration",
        "s3:getbucket*",
        "s3:getencryptionconfiguration",
        "s3:getinventoryconfiguration",
        "s3:getlifecycleconfiguration",
        "s3:getmetricsconfiguration",
        "s3:getobjectacl",
        "s3:getobjectversionacl",
        "s3:getreplicationconfiguration",
        "s3:listallmybuckets",
        "s3:listbucket",
        "sagemaker:describe*",
        "sagemaker:list*",
        "sdb:domainmetadata",
        "sdb:list*",
        "secretsmanager:getresourcepolicy",
        "secretsmanager:listsecrets",
        "secretsmanager:listsecretversionids",
        "securityhub:describe*",
        "securityhub:get*",
        "securityhub:list*",
        "serverlessrepo:getapplicationpolicy",
        "serverlessrepo:list*",
        "servicecatalog:list*",
        "ses:getidentitydkimattributes",
        "ses:getidentitypolicies",
        "ses:getidentityverificationattributes",
        "ses:list*",
        "ses:sendemail",
        "shield:describe*",
        "shield:list*",
        "snowball:listclusters",
        "snowball:listjobs",
        "sns:gettopicattributes",
        "sns:list*",
        "sqs:getqueueattributes",
        "sqs:listdeadlettersourcequeues",
        "sqs:listqueues",
        "sqs:listqueuetags",
        "ssm:describe*",
        "ssm:getautomationexecution",
        "ssm:listassociations",
        "ssm:listdocuments",
        "sso:describepermissionspolicies",
        "sso:list*",
        "states:listactivities",
        "states:liststatemachines",
        "storagegateway:describebandwidthratelimit",
        "storagegateway:describecache",
        "storagegateway:describecachediscsivolumes",
        "storagegateway:describegatewayinformation",
        "storagegateway:describemaintenancestarttime",
        "storagegateway:describenfsfileshares",
        "storagegateway:describesnapshotschedule",
        "storagegateway:describestorediscsivolumes",
        "storagegateway:describetapearchives",
        "storagegateway:describetaperecoverypoints",
        "storagegateway:describetapes",
        "storagegateway:describeuploadbuffer",
        "storagegateway:describevtldevices",
        "storagegateway:describeworkingstorage",
        "storagegateway:list*",
        "support:describe*",
        "swf:list*",
        "tag:getresources",
        "tag:gettagkeys",
        "transfer:describe*",
        "transfer:list*",
        "translate:list*",
        "trustedadvisor:describe*",
        "waf-regional:list*",
        "waf-regional:listwebacls",
        "waf:list*",
        "workdocs:describeavailabledirectories",
        "workdocs:describeinstances",
        "workmail:describe*",
        "workspaces:describe*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}