-
Notifications
You must be signed in to change notification settings - Fork 2
/
engineering.yaml
40 lines (40 loc) · 1.19 KB
/
engineering.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
template_type: NOQ::AWS::IAM::Group
template_schema_url: https://docs.iambic.org/reference/schemas/aws_iam_group_template
identifier: engineering
properties:
group_name: engineering
inline_policies:
- policy_name: base_permissions
statement:
- action:
- ec2:Describe*
- iam:*
- identitystore:*
- organizations:describe*
- organizations:list*
- secretsmanager:CreateSecret
- sso:*
effect: Allow
resource:
- '*'
version: '2012-10-17'
- included_accounts:
- iambic_test_org_account
policy_name: organization_access
statement:
- action:
- sts:AssumeRole
- sts:TagSession
effect: Allow
resource: '*'
- included_accounts:
- iambic_test_org_account
policy_name: read_iambic_secrets
statement:
- action:
- secretsmanager:GetSecretValue
effect: Allow
resource:
- arn:aws:secretsmanager:us-east-1:{{var.account_id}}:secret:iambic-config-secrets-test-2-vfiRX8
managed_policies:
- policy_arn: arn:aws:iam::aws:policy/ReadOnlyAccess