{ "Version": "2012-10-17", "Statement": [ { "Sid": "EnabledDiscoveryOfVariousAWSServices", "Effect": "Allow", "Action": [ "autoscaling:Describe*", "directconnect:Describe*", "elasticloadbalancing:Describe*", "ec2:Describe*", "rds:Describe*", "rds:ListTagsForResource", "s3:ListAllMyBuckets", "s3:ListBucket", "s3:GetBucketLocation", "s3:GetObject", "s3:GetBucket*", "s3:GetObjectAcl", "s3:GetObjectVersionAcl" ], "Resource": "*" }, { "Sid": "EnableCloudTrailIfAccountDoesntHaveCloudTrailsEnabled", "Effect": "Allow", "Action": [ "cloudtrail:*" ], "Resource": "*" }, { "Sid": "CreateCloudTrailS3BucketIfCloudTrailsAreBeingSetupByAlertLogic", "Effect": "Allow", "Action": [ "s3:CreateBucket", "s3:PutBucketPolicy", "s3:DeleteBucket" ], "Resource": "arn:aws:s3:::outcomesbucket-*" }, { "Sid": "CreateCloudTrailsTopicTfOneWasntAlreadySetupForCloudTrails", "Effect": "Allow", "Action": [ "sns:CreateTopic", "sns:DeleteTopic" ], "Resource": "arn:aws:sns:*:*:outcomestopic" }, { "Sid": "MakeSureThatCloudTrailsSnsTopicIsSetupCorrectlyForCloudTrailPublishingAndSqsSubsription", "Effect": "Allow", "Action": [ "sns:addpermission", "sns:gettopicattributes", "sns:listtopics", "sns:settopicattributes", "sns:subscribe" ], "Resource": "arn:aws:sns:*:*:*" }, { "Sid": "BeAbleToValidateOurRoleAndDiscoverIAM", "Effect": "Allow", "Action": [ "iam:List*", "iam:Get*" ], "Resource": "*" }, { "Sid": "CreateAlertLogicSqsQueueToSubscribeToCloudTrailsSnsTopicNotifications", "Effect": "Allow", "Action": [ "sqs:CreateQueue", "sqs:DeleteQueue", "sqs:SetQueueAttributes", "sqs:GetQueueAttributes", "sqs:ListQueues", "sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:GetQueueUrl" ], "Resource": "arn:aws:sqs:*:*:outcomesbucket*" } ] }