Skip to content

Instantly share code, notes, and snippets.

@sd031

sd031/gist:638f8617461b909107da1894e439128e

Created May 9, 2025 23:43
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save sd031/638f8617461b909107da1894e439128e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save sd031/638f8617461b909107da1894e439128e to your computer and use it in GitHub Desktop.
Download ZIP
OpenOpsReadAccess
Raw
gistfile1.txt
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CoreReadAccess",
"Effect": "Allow",
"Action": [
"ec2:DescribeRegions",
"sts:GetCallerIdentity",
"organizations:DescribeAccount",
"organizations:DescribeOrganization",
"organizations:ListAccounts"
],
"Resource": "*"
},
{
"Sid": "CloudWatchReadAccess",
"Effect": "Allow",
"Action": [
"application-autoscaling:DescribeScalingPolicies",
"autoscaling:Describe*",
"cloudwatch:BatchGet*",
"cloudwatch:Describe*",
"cloudwatch:GenerateQuery",
"cloudwatch:Get*",
"cloudwatch:List*",
"logs:Get*",
"logs:List*",
"logs:StartQuery",
"logs:StopQuery",
"logs:Describe*",
"logs:TestMetricFilter",
"logs:FilterLogEvents",
"oam:ListSinks",
"sns:Get*",
"sns:List*",
"rum:BatchGet*",
"rum:Get*",
"rum:List*",
"synthetics:Describe*",
"synthetics:Get*",
"synthetics:List*",
"xray:BatchGet*",
"xray:Get*"
],
"Resource": "*"
},
{
"Sid": "OptimizationHubReadAccess",
"Effect": "Allow",
"Action": [
"compute-optimizer:Get*",
"compute-optimizer:Describe*",
"cost-optimization-hub:Get*",
"cost-optimization-hub:List*",
"trustedadvisor:Describe*",
"trustedadvisor:Get*",
"trustedadvisor:List*"
],
"Resource": "*"
},
{
"Sid": "CostExplorerReadAccess",
"Effect": "Allow",
"Action": [
"ce:Describe*",
"ce:Get*",
"ce:List*"
],
"Resource": "*"
},
{
"Sid": "EbsVolumesReadAccess",
"Effect": "Allow",
"Action": [
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeVolumeAttribute",
"ec2:DescribeVolumeStatus",
"ec2:DescribeReplaceRootVolumeTasks",
"ec2:DescribeSnapshots",
"ec2:DescribeSnapshotTierStatus"
],
"Resource": "*"
},
{
"Sid": "EcsReadAccess",
"Effect": "Allow",
"Action": [
"ecs:DescribeClusters",
"ecs:ListClusters",
"ecs:ListContainerInstances",
"ecs:ListServices",
"ecs:ListTagsForResource",
"ecs:ListTaskDefinitions",
"ecs:ListTasks"
],
"Resource": "*"
},
{
"Sid": "Ec2InstancesReadAccess",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstanceStatus",
"ec2:GetLaunchTemplateData"
],
"Resource": "*"
},
{
"Sid": "LambdaReadAccess",
"Effect": "Allow",
"Action": [
"lambda:Get*",
"lambda:List*"
],
"Resource": "*"
},
{
"Sid": "LoadBalancersReadAccess",
"Effect": "Allow",
"Action": [
"elasticloadbalancing:Describe*"
],
"Resource": "*"
},
{
"Sid": "NatGatewaysReadAccess",
"Effect": "Allow",
"Action": [
"ec2:DescribeNatGateways"
],
"Resource": "*"
},
{
"Sid": "RdsClustersReadAccess",
"Effect": "Allow",
"Action": [
"rds:Describe*",
"rds:List*"
],
"Resource": "*"
},
{
"Sid": "S3ReadAccess",
"Effect": "Allow",
"Action": [
"s3:GetBucket*",
"s3:GetLifecycleConfiguration",
"s3:List*"
],
"Resource": "*"
},
{
"Sid": "MqReadAccess",
"Effect": "Allow",
"Action": [
"mq:Describe*",
"mq:List*"
],
"Resource": "*"
},
{
"Sid": "ReservationsAndSavingPlansReadAccess",
"Effect": "Allow",
"Action": [
"ec2:DescribeReserved*",
"elasticache:DescribeReserved*",
"redshift:DescribeReserved*",
"rds:DescribeReserved*",
"savingsplans:Describe*"
],
"Resource": "*"
},
{
"Sid": "CloudTrailReadAccess",
"Effect": "Allow",
"Action": [
"cloudtrail:CancelQuery",
"cloudtrail:Describe*",
"cloudtrail:Get*",
"cloudtrail:LookupEvents",
"cloudtrail:StartQuery",
"config:DescribeConfigurationRecorderStatus"
],
"Resource": "*"
},
{
"Sid": "CloudFormationReadAccess",
"Effect": "Allow",
"Action": [
"cloudformation:Describe*",
"cloudformation:Get*",
"cloudformation:List*"
],
"Resource": "*"
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment