You've already forked EjemplosPoliticasAWS
Politicas RDS S3 Lambda
This commit is contained in:
vergman2
15
RDS/permiteAccesoBBDDenAZ.json
Normal file
15
RDS/permiteAccesoBBDDenAZ.json
Normal file
@@ -0,0 +1,15 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": "rds:*",
|
||||
"Resource": ["arn:aws:rds:region:*:*"]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": ["rds:Describe*"],
|
||||
"Resource": ["*"]
|
||||
}
|
||||
]
|
||||
}
|
||||
94
RDS/permitePropietariosEtiquetasAccesoRecursos.json
Normal file
94
RDS/permitePropietariosEtiquetasAccesoRecursos.json
Normal file
@@ -0,0 +1,94 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Action": [
|
||||
"rds:Describe*",
|
||||
"rds:List*"
|
||||
],
|
||||
"Effect": "Allow",
|
||||
"Resource": "*"
|
||||
},
|
||||
{
|
||||
"Action": [
|
||||
"rds:DeleteDBInstance",
|
||||
"rds:RebootDBInstance",
|
||||
"rds:ModifyDBInstance"
|
||||
],
|
||||
"Effect": "Allow",
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEqualsIgnoreCase": {"rds:db-tag/Owner": "${aws:username}"}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Action": [
|
||||
"rds:ModifyOptionGroup",
|
||||
"rds:DeleteOptionGroup"
|
||||
],
|
||||
"Effect": "Allow",
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEqualsIgnoreCase": {"rds:og-tag/Owner": "${aws:username}"}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Action": [
|
||||
"rds:ModifyDBParameterGroup",
|
||||
"rds:ResetDBParameterGroup"
|
||||
],
|
||||
"Effect": "Allow",
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEqualsIgnoreCase": {"rds:pg-tag/Owner": "${aws:username}"}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Action": [
|
||||
"rds:AuthorizeDBSecurityGroupIngress",
|
||||
"rds:RevokeDBSecurityGroupIngress",
|
||||
"rds:DeleteDBSecurityGroup"
|
||||
],
|
||||
"Effect": "Allow",
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEqualsIgnoreCase": {"rds:secgrp-tag/Owner": "${aws:username}"}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Action": [
|
||||
"rds:DeleteDBSnapshot",
|
||||
"rds:RestoreDBInstanceFromDBSnapshot"
|
||||
],
|
||||
"Effect": "Allow",
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEqualsIgnoreCase": {"rds:snapshot-tag/Owner": "${aws:username}"}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Action": [
|
||||
"rds:ModifyDBSubnetGroup",
|
||||
"rds:DeleteDBSubnetGroup"
|
||||
],
|
||||
"Effect": "Allow",
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEqualsIgnoreCase": {"rds:subgrp-tag/Owner": "${aws:username}"}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Action": [
|
||||
"rds:ModifyEventSubscription",
|
||||
"rds:AddSourceIdentifierToSubscription",
|
||||
"rds:RemoveSourceIdentifierFromSubscription",
|
||||
"rds:DeleteEventSubscription"
|
||||
],
|
||||
"Effect": "Allow",
|
||||
"Resource": "*",
|
||||
"Condition": {
|
||||
"StringEqualsIgnoreCase": {"rds:es-tag/Owner": "${aws:username}"}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
24
RDS/permiteRestaurarBBDD.json
Normal file
24
RDS/permiteRestaurarBBDD.json
Normal file
@@ -0,0 +1,24 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"ec2:Describe*",
|
||||
"rds:CreateDBParameterGroup",
|
||||
"rds:CreateDBSnapshot",
|
||||
"rds:DeleteDBSnapshot",
|
||||
"rds:Describe*",
|
||||
"rds:DownloadDBLogFilePortion",
|
||||
"rds:List*",
|
||||
"rds:ModifyDBInstance",
|
||||
"rds:ModifyDBParameterGroup",
|
||||
"rds:ModifyOptionGroup",
|
||||
"rds:RebootDBInstance",
|
||||
"rds:RestoreDBInstanceFromDBSnapshot",
|
||||
"rds:RestoreDBInstanceToPointInTime"
|
||||
],
|
||||
"Resource": "*"
|
||||
}
|
||||
]
|
||||
}
|
||||
Reference in New Issue
Block a user