forked from wallix/awless-templates
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathawless_readwrite_group.aws
18 lines (16 loc) · 1.29 KB
/
awless_readwrite_group.aws
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# Here we define a group that allow users in that group to use the `awless` CLI in write mode.
#
# Create the group:
create group name=AwlessReadWritePermissionsGroup
# Attach corresponding AWS policies (set of permissions) on group related to the `awless` services:
attach policy arn=arn:aws:iam::aws:policy/AmazonEC2FullAccess group=AwlessReadWritePermissionsGroup
attach policy arn=arn:aws:iam::aws:policy/AmazonS3FullAccess group=AwlessReadWritePermissionsGroup
attach policy arn=arn:aws:iam::aws:policy/AmazonSNSFullAccess group=AwlessReadWritePermissionsGroup
attach policy arn=arn:aws:iam::aws:policy/AmazonSQSFullAccess group=AwlessReadWritePermissionsGroup
attach policy arn=arn:aws:iam::aws:policy/AmazonVPCFullAccess group=AwlessReadWritePermissionsGroup
attach policy arn=arn:aws:iam::aws:policy/AutoScalingFullAccess group=AwlessReadWritePermissionsGroup
attach policy arn=arn:aws:iam::aws:policy/AmazonRDSFullAccess group=AwlessReadWritePermissionsGroup
attach policy arn=arn:aws:iam::aws:policy/AmazonRoute53FullAccess group=AwlessReadWritePermissionsGroup
attach policy arn=arn:aws:iam::aws:policy/AWSLambdaFullAccess group=AwlessReadWritePermissionsGroup
# Note that we keep the IAM access readonly
attach policy arn=arn:aws:iam::aws:policy/IAMReadOnlyAccess group=AwlessReadWritePermissionsGroup