[AWS] Restricted Elastic Beanstalk deployment policy: Part 2

{ “Version”: “2012-10-17”, “Statement”: [ { “Sid”: “EC2EnvironmentInstances”, “Effect”: “Allow”, “Action”: [ “ec2:*” ], “Resource”: [ “arn:aws:ec2:AWS_REGION:AWS_ACCOUNT:instance/*” ], “Condition”: { “StringEquals”: { “ec2:ResourceTag/elasticbeanstalk:environment-name”: [ “ENVIRONMENT_NAME” ] } } } ] }

[AWS] Restricted Elastic Beanstalk deployment policy: Part 1

{ “Version”: “2012-10-17”, “Statement”: [ { “Sid”: “ElasticBeanstalkEnvironmentPermissions”, “Effect”: “Allow”, “Action”: [ “elasticbeanstalk:*” ], “Resource”: [ “arn:aws:elasticbeanstalk:AWS_REGION:AWS_ACCOUNT:environment/APPLICATION_NAME/*” ] }, { “Sid”: “ElasticBeanstalkGlobalPermissions”, “Effect”: “Allow”, “Action”: [ “elasticbeanstalk:DescribeConfigurationOptions”, “elasticbeanstalk:DescribeEnvironmentManagedActions”, “elasticbeanstalk:DescribeEnvironmentHealth”, “elasticbeanstalk:DescribeInstancesHealth”, “elasticbeanstalk:DescribeConfigurationSettings”, “elasticbeanstalk:ListAvailableSolutionStacks”, “elasticbeanstalk:ValidateConfigurationSettings”, “elasticbeanstalk:CheckDNSAvailability”, “elasticbeanstalk:CreateStorageLocation” ], “Resource”: [ “*” ] }, { “Sid”: “ElasticBeanstalkApplicationVersionPermissions”, “Effect”: “Allow”, “Action”: [ “elasticbeanstalk:*” ], “Resource”: [ “arn:aws:elasticbeanstalk:AWS_REGION:AWS_ACCOUNT:applicationversion/APPLICATION_NAME/*” ] }, […]

[AWS] IAM Policy to allow users change passwords and do user management of their own account

{ “Version”: “2012-10-17”, “Statement”: [ { “Effect”: “Allow”, “Action”: [ “iam:*LoginProfile”, “iam:*AccessKey*”, “iam:ListServiceSpecificCredentials”, “iam:ListGroupsForUser”, “iam:ListAttachedUserPolicies”, “iam:ListUserPolicies”, “iam:*SSHPublicKey*”, “iam:ChangePassword” ], “Resource”: “arn:aws:iam::AWS_ACCOUNT:user/${aws:username}” }, { “Effect”: “Allow”, “Action”: [ “iam:ListAccount*”, “iam:GetAccountSummary”, “iam:GetAccountPasswordPolicy”, “iam:ListUsers” ], “Resource”: “arn:aws:iam::AWS_ACCOUNT:user/*” } ] }