You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dlab.apache.org by om...@apache.org on 2019/07/19 13:57:02 UTC
[incubator-dlab] branch DLAB-terraform updated: Changed
endpoint-policy.json similar to ssn. (temporary)
This is an automated email from the ASF dual-hosted git repository.
omartushevskyi pushed a commit to branch DLAB-terraform
in repository https://gitbox.apache.org/repos/asf/incubator-dlab.git
The following commit(s) were added to refs/heads/DLAB-terraform by this push:
new 783bf72 Changed endpoint-policy.json similar to ssn. (temporary)
new 7427d1c Merge pull request #181 from AdamsDisturber/DLAB-terraform
783bf72 is described below
commit 783bf72711b964f74c1eb6a36f6045a5ef1a81d0
Author: AdamsDisturber <ad...@gmail.com>
AuthorDate: Fri Jul 19 16:45:27 2019 +0300
Changed endpoint-policy.json similar to ssn. (temporary)
---
.../aws/endpoint/main/files/endpoint-policy.json | 108 +++++++++++++--------
1 file changed, 68 insertions(+), 40 deletions(-)
diff --git a/infrastructure-provisioning/terraform/aws/endpoint/main/files/endpoint-policy.json b/infrastructure-provisioning/terraform/aws/endpoint/main/files/endpoint-policy.json
index 74e3412..89f28c5 100644
--- a/infrastructure-provisioning/terraform/aws/endpoint/main/files/endpoint-policy.json
+++ b/infrastructure-provisioning/terraform/aws/endpoint/main/files/endpoint-policy.json
@@ -3,90 +3,118 @@
"Statement": [
{
"Action": [
+ "iam:CreateRole",
+ "iam:CreateInstanceProfile",
"iam:CreatePolicy",
"iam:AttachRolePolicy",
+ "iam:AddRoleToInstanceProfile",
"iam:DetachRolePolicy",
+ "iam:DeleteInstanceProfile",
"iam:DeletePolicy",
"iam:DeleteRolePolicy",
+ "iam:DeleteRole",
+ "iam:RemoveRoleFromInstanceProfile",
+ "iam:GetRole",
"iam:GetRolePolicy",
+ "iam:GetInstanceProfile",
"iam:GetPolicy",
"iam:GetUser",
"iam:ListUsers",
"iam:ListAccessKeys",
+ "iam:PassRole",
"iam:ListUserPolicies",
+ "iam:PutRolePolicy",
+ "iam:ListInstanceProfiles",
"iam:ListAttachedRolePolicies",
+ "iam:ListInstanceProfilesForRole",
+ "iam:ListRoles",
"iam:ListPolicies",
"iam:ListRolePolicies",
- "iam:ListRoles",
- "iam:CreateRole",
- "iam:CreateInstanceProfile",
- "iam:PutRolePolicy",
- "iam:AddRoleToInstanceProfile",
- "iam:PassRole",
- "iam:GetInstanceProfile",
- "iam:ListInstanceProfilesForRole",
- "iam:RemoveRoleFromInstanceProfile",
- "iam:DeleteInstanceProfile",
- "iam:ListInstanceProfiles",
- "iam:DeleteRole",
- "iam:GetRole"
+ "iam:TagRole"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
+ "ec2:CreateVpcEndpoint",
+ "ec2:CreateSubnet",
+ "ec2:CreateTags",
+ "ec2:CreateImage",
+ "ec2:CreateRoute",
+ "ec2:DeregisterImage",
+ "ec2:DescribeImages",
+ "ec2:DescribeAddresses",
+ "ec2:AssociateAddress",
+ "ec2:DisassociateAddress",
+ "ec2:AllocateAddress",
+ "ec2:ReleaseAddress",
+ "ec2:CreateRouteTable",
+ "ec2:CreateSecurityGroup",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
+ "ec2:AssociateRouteTable",
"ec2:DeleteRouteTable",
"ec2:DeleteSubnet",
"ec2:DeleteTags",
+ "ec2:DeleteSecurityGroup",
+ "ec2:DeleteSnapshot",
+ "ec2:DescribeRouteTables",
+ "ec2:DescribeSpotInstanceRequests",
+ "ec2:ModifyVpcEndpoint",
+ "ec2:RunInstances",
+ "ec2:StartInstances",
+ "ec2:StopInstances",
+ "ec2:TerminateInstances",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
+ "ec2:DescribeSecurityGroups",
+ "ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:ModifyInstanceAttribute",
+ "ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
- "ec2:DescribeImages",
- "ec2:CreateTags",
- "ec2:DescribeRouteTables",
- "ec2:CreateRouteTable",
- "ec2:AssociateRouteTable",
- "ec2:DescribeVpcEndpoints",
- "ec2:CreateVpcEndpoint",
- "ec2:ModifyVpcEndpoint",
- "ec2:DescribeInstances",
- "ec2:RunInstances",
- "ec2:DescribeAddresses",
- "ec2:AllocateAddress",
- "ec2:AssociateAddress",
- "ec2:DisassociateAddress",
- "ec2:ReleaseAddress",
- "ec2:TerminateInstances",
- "ec2:AuthorizeSecurityGroupIngress",
"ec2:AuthorizeSecurityGroupEgress",
- "ec2:DescribeSecurityGroups",
- "ec2:CreateSecurityGroup",
- "ec2:DeleteSecurityGroup",
- "ec2:RevokeSecurityGroupEgress"
-
+ "ec2:AuthorizeSecurityGroupIngress"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
+ "s3:CreateBucket",
+ "s3:ListAllMyBuckets",
"s3:GetBucketLocation",
+ "s3:GetBucketTagging",
+ "s3:PutBucketTagging",
"s3:PutBucketPolicy",
"s3:GetBucketPolicy",
"s3:DeleteBucket",
"s3:DeleteObject",
"s3:GetObject",
"s3:ListBucket",
- "s3:PutEncryptionConfiguration",
- "s3:ListAllMyBuckets",
- "s3:CreateBucket",
- "s3:PutBucketTagging",
- "s3:GetBucketTagging"
+ "s3:PutObject",
+ "s3:PutEncryptionConfiguration"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "elasticmapreduce:AddTags",
+ "elasticmapreduce:RemoveTags",
+ "elasticmapreduce:DescribeCluster",
+ "elasticmapreduce:ListClusters",
+ "elasticmapreduce:RunJobFlow",
+ "elasticmapreduce:ListInstances",
+ "elasticmapreduce:TerminateJobFlows"
+ ],
+ "Effect": "Allow",
+ "Resource": "*"
+ },
+ {
+ "Action": [
+ "pricing:GetProducts"
],
"Effect": "Allow",
"Resource": "*"
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@dlab.apache.org
For additional commands, e-mail: commits-help@dlab.apache.org