{
    "Version": "2012-10-17",
    "Statement": [{
        "Sid": "EnabledDiscoveryOfVariousAWSServices",
        "Effect": "Allow",
        "Action": [
            "autoscaling:Describe*",
            "directconnect:Describe*",
            "elasticloadbalancing:Describe*",
            "ec2:Describe*",
            "rds:Describe*",
            "rds:ListTagsForResource",
            "s3:ListAllMyBuckets",
            "s3:ListBucket",
            "s3:GetBucketLocation",
            "s3:GetBucket*",
            "s3:GetObjectAcl",
            "s3:GetObjectVersionAcl"
        ],
        "Resource": "*"
    }, {
        "Sid": "DescribeCloudTrail",
        "Effect": "Allow",
        "Action": [
            "cloudtrail:DescribeTrails",
            "cloudtrail:GetTrailStatus"
        ],
        "Resource": "*"
    }, {
        "Sid": "BeAbleToValidateOurRoleAndDiscoverIAM",
        "Effect": "Allow",
        "Action": [
            "iam:List*",
            "iam:Get*"
        ],
        "Resource": "*"
    }, {
        "Sid": "MakeSureThatCloudTrailsSnsTopicIsSetupCorrectlyForCloudTrailPublishingAndSqsSubsription",
        "Effect": "Allow",
        "Action": [
            "sns:AddPermission",
            "sns:SetTopicAttributes",
            "sns:GetTopicAttributes",
            "sns:Subscribe"
        ],
        "Resource": "CLOUDTRAIL_SNS_TOPIC_ARN"
    }, {
        "Sid": "MakeSureThatCloudTrailsSnsTopicCanBeListed",
        "Effect": "Allow",
        "Action": [
            "sns:ListTopics"
        ],
        "Resource": "arn:aws:sns:*:*:*"
    }, {
        "Sid": "CreateAlertLogicSqsQueueToSubscribeToCloudTrailsSnsTopicNotifications",
        "Effect": "Allow",
        "Action": [
            "sqs:CreateQueue",
            "sqs:DeleteQueue",
            "sqs:SetQueueAttributes",
            "sqs:GetQueueAttributes",
            "sqs:ListQueues",
            "sqs:ReceiveMessage",
            "sqs:DeleteMessage",
            "sqs:GetQueueUrl"
        ],
        "Resource": "arn:aws:sqs:*:*:outcomesbucket*"
    }]
}