{
  "Version": "2012-10-17",
  "Statement": [{
      "Sid": "EnabledDiscoveryOfVariousAWSServices",
      "Effect": "Allow",
      "Action": [
        "autoscaling:Describe*",
        "cloudformation:DescribeStack*",
        "cloudformation:GetTemplate",
        "cloudformation:ListStack*",
        "cloudfront:Get*",
        "cloudfront:List*",
        "cloudtrail:DescribeTrails",
        "cloudtrail:GetTrailStatus",
        "cloudtrail:ListTags",
        "cloudtrail:LookupEvents",
        "cloudwatch:Describe*",
        "config:DeliverConfigSnapshot",
        "config:Describe*",
        "config:Get*",
        "config:ListDiscoveredResources",
        "cur:DescribeReportDefinitions",
        "directconnect:Describe*",
        "dynamodb:ListTables",
        "ec2:Describe*",
        "elasticbeanstalk:Describe*",
        "elasticache:Describe*",
        "elasticloadbalancing:Describe*",
        "elasticmapreduce:DescribeJobFlows",
        "events:Describe*",
        "events:List*",
        "glacier:ListVaults",
        "guardduty:Get*",
        "guardduty:List*",
        "kinesis:Describe*",
        "kinesis:List*",
        "kms:DescribeKey",
        "kms:GetKeyPolicy",
        "kms:GetKeyRotationStatus",
        "kms:ListAliases",
        "kms:ListGrants",
        "kms:ListKeys",
        "kms:ListKeyPolicies",
        "kms:ListResourceTags",
        "lambda:List*",
        "logs:Describe*",
        "rds:Describe*",
        "rds:DownloadDBLogFilePortion",
        "rds:ListTagsForResource",
        "redshift:Describe*",
        "route53:GetHostedZone",
        "route53:ListHostedZones",
        "route53:ListResourceRecordSets",
        "sdb:DomainMetadata",
        "sdb:ListDomains",
        "sns:ListSubscriptions",
        "sns:ListSubscriptionsByTopic",
        "sns:ListTopics",
        "sns:GetEndpointAttributes",
        "sns:GetSubscriptionAttributes",
        "sns:GetTopicAttributes",
        "s3:ListAllMyBuckets",
        "s3:ListBucket",
        "s3:GetBucketLocation",
        "s3:GetBucket*",
        "s3:GetLifecycleConfiguration",
        "s3:GetObjectAcl",
        "s3:GetObjectVersionAcl",
        "tag:GetResources",
        "tag:GetTagKeys"
      ],
      "Resource": "*"
    },
    {
      "Sid": "AllowReadCloudtrailBucket",
      "Effect": "Allow",
      "Action": [
        "s3:GetObject"
      ],
      "Resource": "arn:aws:s3:::CLOUDTRAIL_S3_BUCKET_NAME*"
    },
    {
      "Sid": "EnableInsightDiscovery",
      "Effect": "Allow",
      "Action": [
        "iam:Get*",
        "iam:List*",
        "iam:ListRoles",
        "iam:GetRolePolicy",
        "iam:GetAccountSummary",
        "iam:GenerateCredentialReport"
      ],
      "Resource": "*"
    },
    {
      "Sid": "EnableCloudTrailIfAccountDoesntHaveCloudTrailsEnabled",
      "Effect": "Allow",
      "Action": [
        "cloudtrail:*"
      ],
      "Resource": "*"
    },
    {
      "Sid": "CreateCloudTrailS3BucketIfCloudTrailsAreBeingSetupByAlertLogic",
      "Effect": "Allow",
      "Action": [
        "s3:CreateBucket",
        "s3:PutBucketPolicy",
        "s3:DeleteBucket"
      ],
      "Resource": "arn:aws:s3:::outcomesbucket-*"
    },
    {
      "Sid": "CreateCloudTrailsTopicTfOneWasntAlreadySetupForCloudTrails",
      "Effect": "Allow",
      "Action": [
        "sns:CreateTopic",
        "sns:DeleteTopic"
      ],
      "Resource": "arn:aws:sns:*:*:outcomestopic"
    },
    {
      "Sid": "MakeSureThatCloudTrailsSnsTopicIsSetupCorrectlyForCloudTrailPublishingAndSqsSubsription",
      "Effect": "Allow",
      "Action": [
        "sns:addpermission",
        "sns:gettopicattributes",
        "sns:listtopics",
        "sns:settopicattributes",
        "sns:subscribe"
      ],
      "Resource": "arn:aws:sns:*:*:*"
    },
    {
      "Sid": "CreateAlertLogicSqsQueueToSubscribeToCloudTrailsSnsTopicNotifications",
      "Effect": "Allow",
      "Action": [
        "sqs:CreateQueue",
        "sqs:DeleteQueue",
        "sqs:SetQueueAttributes",
        "sqs:GetQueueAttributes",
        "sqs:ListQueues",
        "sqs:ReceiveMessage",
        "sqs:DeleteMessage",
        "sqs:GetQueueUrl"
      ],
      "Resource": "arn:aws:sqs:*:*:outcomesbucket*"
    },
    {
      "Sid": "EnableAlertLogicSecurityInfrastructureDeployment",
      "Effect": "Allow",
      "Action": [
        "ec2:CreateTags",
        "ec2:CreateSubnet",
        "ec2:CreateInternetGateway",
        "ec2:AttachInternetGateway",
        "ec2:CreateRouteTable",
        "ec2:CreateRoute",
        "ec2:AssociateRouteTable",
        "ec2:CreateSecurityGroup",
        "ec2:CreateKeyPair",
        "ec2:ImportKeyPair",
        "ec2:CreateNetworkAclEntry"
      ],
      "Resource": "*"
    },
    {
      "Sid": "ModifyNetworkSettingsToEnableNetworkVisibilityFromAlertLogicSecurityAppliance",
      "Effect": "Allow",
      "Action": [
        "ec2:AuthorizeSecurityGroupIngress",
        "ec2:AuthorizeSecurityGroupEgress",
        "ec2:RevokeSecurityGroupIngress",
        "ec2:RevokeSecurityGroupEgress",
        "ec2:DeleteSecurityGroup",
        "ec2:DeleteNetworkAclEntry",
        "ec2:DeleteRouteTable"
      ],
      "Resource": [
        "arn:aws:ec2:*:*:security-group/*",
        "arn:aws:ec2:*:*:route-table/*",
        "arn:aws:ec2:*:*:network-acl/*"
      ],
      "Condition": {
        "StringEquals": {
          "ec2:ResourceTag/AlertLogic": "Security"
        }
      }
    },
    {
      "Sid": "DeleteSecuritySubnet",
      "Effect": "Allow",
      "Action": [
        "ec2:DeleteSubnet"
      ],
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "ec2:ResourceTag/AlertLogic": "Security"
        }
      }
    },
    {
      "Sid": "EnabledLaunchingAlertLogicSecurityAppliancesInAlertLogicSubnet",
      "Effect": "Allow",
      "Action": [
        "ec2:RunInstances"
      ],
      "Resource": "arn:aws:ec2:*:*:subnet/*",
      "Condition": {
        "StringEquals": {
          "ec2:ResourceTag/AlertLogic": "Security"
        }
      }
    },
    {
      "Sid": "EnabledLaunchingAlertLogicSecurityAppliancesFromAlertLogicAmi",
      "Effect": "Allow",
      "Action": [
        "ec2:RunInstances"
      ],
      "Resource": "arn:aws:ec2:*::image/ami-*",
      "Condition": {
        "StringEquals": {
          "ec2:Owner": "733251395267"
        }
      }
    },
    {
      "Sid": "EnsureThatAlertLogicApplianceCanCreateNecessaryResources",
      "Effect": "Allow",
      "Action": [
        "ec2:RunInstances"
      ],
      "Resource": [
        "arn:aws:ec2:*:*:instance/*",
        "arn:aws:ec2:*:*:volume/*",
        "arn:aws:ec2:*:*:network-interface/*",
        "arn:aws:ec2:*:*:key-pair/*",
        "arn:aws:ec2:*:*:security-group/*"
      ]
    },
    {
      "Sid": "EnabletAlertLogicApplianceStateManagement",
      "Effect": "Allow",
      "Action": [
        "ec2:TerminateInstances",
        "ec2:StartInstances",
        "ec2:StopInstances"
      ],
      "Resource": "arn:aws:ec2:*:*:instance/*",
      "Condition": {
        "StringEquals": {
          "ec2:ResourceTag/AlertLogic": "Security"
        }
      }
    },
    {
      "Sid": "EnableAlertLogicLaunchConfiguration",
      "Effect": "Allow",
      "Action": [
        "autoscaling:CreateLaunchConfiguration"
      ],
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "autoscaling:InstanceType": [
            "m3.medium",
            "c4.large"
          ]
        }
      }
    },
    {
      "Sid": "DisableAlertLogicLaunchConfiguration",
      "Effect": "Allow",
      "Action": [
        "autoscaling:DeleteLaunchConfiguration"
      ],
      "Resource": "*"
    },
    {
      "Sid": "EnableAlertLogicAutoScalingGroup",
      "Effect": "Allow",
      "Action": [
        "autoscaling:CreateAutoScalingGroup"
      ],
      "Resource": "*",
      "Condition": {
        "StringLike": {
          "autoscaling:LaunchConfigurationName": "Alert Logic Security Launch Configuration*"
        }
      }
    },
    {
      "Sid": "DisableAlertLogicAutoScalingGroup",
      "Effect": "Allow",
      "Action": [
        "autoscaling:DeleteAutoScalingGroup"
      ],
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "autoscaling:ResourceTag/AlertLogic": "Security"
        }
      }
    }
  ]
}