chore: update steamhaus_apn_policy to use granular controls instead of deprecated aws-portal:*

54c11428 · Rebecca Brannan · 69562a9c · 54c11428
Commit 54c11428 authored Aug 03, 2023 by Rebecca Brannan
Hide whitespace changes
Inline Side-by-side

Showing with 96 additions and 4 deletions

steamhaus_apn_policy.json steamhaus_apn_policy.json +96 -4

No files found.
--- a/steamhaus_apn_policy.json
+++ b/steamhaus_apn_policy.json
@@ -85,16 +85,108 @@
                "iam:UploadSSHPublicKey",
                "iam:UploadServerCertificate",
                "iam:UploadSigningCertificate",
-                "support:*",
+                "wellarchitected:*",
+                "account:GetAccountInformation",
+                "account:GetAlternateContact",
+                "account:GetChallengeQuestions",
+                "account:GetContactInformation",
+                "account:CloseAccount",
+                "account:DeleteAlternateContact",
+                "account:PutAlternateContact",
+                "account:PutChallengeQuestions",
+                "account:PutContactInformation",
+                "billing:GetContractInformation",
+                "billing:GetIAMAccessPreference",
+                "billing:GetSellerOfRecord",
+                "billing:GetBillingData",
+                "billing:GetBillingDetails",
+                "billing:GetBillingNotifications",
+                "billing:GetBillingPreferences",
+                "billing:GetCredits",
+                "billing:ListBillingViews",
+                "billing:PutContractInformation",
+                "billing:UpdateIAMAccessPreference",
+                "billing:RedeemCredits",
+                "billing:UpdateBillingPreferences",
+                "ce:DescribeNotificationSubscription",
+                "ce:DescribeReport",
+                "ce:GetAnomalies",
+                "ce:GetAnomalyMonitors",
+                "ce:GetAnomalySubscriptions",
+                "ce:GetCostAndUsage",
+                "ce:GetCostAndUsageWithResources",
+                "ce:GetCostCategories",
+                "ce:GetCostForecast",
+                "ce:GetDimensionValues",
+                "ce:GetPreferences",
+                "ce:GetReservationCoverage",
+                "ce:GetReservationPurchaseRecommendation",
+                "ce:GetReservationUtilization",
+                "ce:GetRightsizingRecommendation",
+                "ce:GetSavingsPlansCoverage",
+                "ce:GetSavingsPlansPurchaseRecommendation",
+                "ce:GetSavingsPlansUtilization",
+                "ce:GetSavingsPlansUtilizationDetails",
+                "ce:GetTags",
+                "ce:GetUsageForecast",
+                "ce:ListCostAllocationTags",
+                "ce:ListSavingsPlansPurchaseRecommendationGeneration",
+                "ce:CreateAnomalyMonitor",
+                "ce:CreateAnomalySubscription",
+                "ce:CreateNotificationSubscription",
+                "ce:CreateReport",
+                "ce:DeleteAnomalyMonitor",
+                "ce:DeleteAnomalySubscription",
+                "ce:DeleteNotificationSubscription",
+                "ce:DeleteReport",
+                "ce:ProvideAnomalyFeedback",
+                "ce:StartSavingsPlansPurchaseRecommendationGeneration",
+                "ce:UpdateAnomalyMonitor",
+                "ce:UpdateAnomalySubscription",
+                "ce:UpdateCostAllocationTagsStatus",
+                "ce:UpdateNotificationSubscription",
+                "ce:UpdatePreferences",
+                "consolidatedbilling:GetAccountBillingRole",
+                "consolidatedbilling:ListLinkedAccounts",
+                "cur:GetClassicReport",
+                "cur:GetClassicReportPreferences",
+                "cur:ValidateReportDestination",
+                "cur:GetUsageReport",
+                "cur:PutClassicReportPreferences",
+                "freetier:GetFreeTierAlertPreference",
+                "freetier:GetFreeTierUsage",
+                "freetier:PutFreeTierAlertPreference",
+                "invoicing:GetInvoiceEmailDeliveryPreferences",
+                "invoicing:GetInvoicePDF",
+                "invoicing:ListInvoiceSummaries",
+                "invoicing:PutInvoiceEmailDeliveryPreferences",
+                "payments:GetPaymentInstrument",
+                "payments:GetPaymentStatus",
+                "payments:ListPaymentPreferences",
+                "payments:UpdatePaymentPreferences",
+                "payments:CreatePaymentInstrument",
+                "payments:DeletePaymentInstrument",
+                "payments:MakePayment",
+                "tax:GetTaxInheritance",
+                "tax:GetTaxRegistrationDocument",
+                "tax:ListTaxRegistrations",
+                "tax:BatchPutTaxRegistration",
+                "tax:DeleteTaxRegistration",
+                "tax:PutTaxInheritance",
+                "purchase-orders:GetPurchaseOrder",
+                "purchase-orders:ListPurchaseOrderInvoices",
+                "purchase-orders:ListPurchaseOrders",
+                "purchase-orders:AddPurchaseOrder",
+                "purchase-orders:DeletePurchaseOrder",
                "aws-portal:*"
            ],
            "Effect": "Deny",
            "Resource": "*"
        },
        {
-                "Effect": "Allow",
-                "Action": "*",
-                "Resource": "*"
+            "Effect": "Allow",
+            "Action": "*",
+            "Resource": "*"
        }
    ]
 }
\ No newline at end of file