{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"cloudformation:DescribeStackEvents",
"cloudformation:DeleteStack",
"cloudformation:CreateChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:ExecuteChangeSet",
"cloudformation:DescribeStacks"
],
"Resource": "arn:aws:cloudformation:{region}:{aws_id}:stack/*/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "{source_ip}"
}
}
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"ecr:SetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:DeleteRepository"
],
"Resource": "arn:aws:ecr:{region}:{aws_id}:repository/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "{source_ip}"
}
}
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": ["ecr:CreateRepository","ecr:DescribeRegistry"],
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "{source_ip}"
}
}
},
{
"Sid": "VisualEditor3",
"Effect": "Allow",
"Action": [
"iam:GetRole",
"iam:DetachRolePolicy",
"iam:DeleteRolePolicy",
"iam:CreateRole",
"iam:DeleteRole",
"iam:AttachRolePolicy",
"iam:PutRolePolicy"
],
"Resource": "arn:aws:iam::{aws_id}:role/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "{source_ip}"
}
}
},
{
"Sid": "VisualEditor4",
"Effect": "Allow",
"Action": [
"s3:PutEncryptionConfiguration",
"s3:PutBucketPublicAccessBlock",
"s3:PutBucketPolicy",
"s3:CreateBucket",
"s3:DeleteBucketPolicy",
"s3:PutBucketVersioning"
],
"Resource": "arn:aws:s3:::*"
},
{
"Sid": "VisualEditor5",
"Effect": "Allow",
"Action": [
"ssm:PutParameter",
"ssm:DeleteParameter",
"ssm:GetParameters",
"ssm:GetParameter"
],
"Resource": "arn:aws:ssm:{region}:{aws_id}:parameter/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "{source_ip}"
}
}
}
]
}