AWS permissions required by CloudPoint
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "EC2AutoScaling",
"Effect": "Allow",
"Action": [
"autoscaling:UpdateAutoScalingGroup",
"autoscaling:AttachInstances"
],
"Resource": [
"*"
]
},
{
"Sid": "KMS",
"Effect": "Allow",
"Action": [
"kms:ListKeys",
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncryptTo",
"kms:DescribeKey",
"kms:ListAliases",
"kms:GenerateDataKey",
"kms:GenerateDataKeyWithoutPlaintext",
"kms:ReEncryptFrom",
"kms:CreateGrant"
],
"Resource": [
"*"
]
},
{
"Sid": "RDSBackup",
"Effect": "Allow",
"Action": [
"rds:DescribeDBSnapshots",
"rds:DescribeDBClusters",
"rds:DescribeDBClusterSnapshots",
"rds:DeleteDBSnapshot",
"rds:CreateDBSnapshot",
"rds:CreateDBClusterSnapshot",
"rds:ModifyDBSnapshotAttribute",
"rds:DescribeDBSubnetGroups",
"rds:DescribeDBInstances",
"rds:CopyDBSnapshot",
"rds:CopyDBClusterSnapshot",
"rds:DescribeDBSnapshotAttributes",
"rds:DeleteDBClusterSnapshot",
"rds:ListTagsForResource",
"rds:AddTagsToResource"
],
"Resource": [
"*"
]
},
{
"Sid": "RDSRecovery",
"Effect": "Allow",
"Action": [
"rds:ModifyDBInstance",
"rds:ModifyDBClusterSnapshotAttribute",
"rds:RestoreDBInstanceFromDBSnapshot",
"rds:ModifyDBCluster",
"rds:RestoreDBClusterFromSnapshot",
"rds:CreateDBInstance",
"rds:RestoreDBClusterToPointInTime",
"rds:CreateDBSecurityGroup",
"rds:CreateDBCluster",
"rds:RestoreDBInstanceToPointInTime",
"rds:DescribeDBClusterParameterGroups"
],
"Resource": [
"*"
]
},
{
"Sid": "EC2Backup",
"Effect": "Allow",
"Action": [
"sts:GetCallerIdentity",
"ec2:CreateSnapshot",
"ec2:DescribeInstances",
"ec2:DescribeInstanceStatus",
"ec2:ModifySnapshotAttribute",
"ec2:CreateImage",
"ec2:CopyImage",
"ec2:CopySnapshot",
"ec2:DescribeSnapshots",
"ec2:DescribeVolumeStatus",
"ec2:DescribeVolumes",
"ec2:RegisterImage",
"ec2:DescribeVolumeAttribute",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DeregisterImage",
"ec2:DeleteSnapshot",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeRegions",
"ec2:ModifyImageAttribute",
"ec2:DescribeAvailabilityZones",
"ec2:ResetSnapshotAttribute",
"ec2:DescribeHosts",
"ec2:DescribeImages",
"ec2:DescribeSecurityGroups"
],
"Resource": [
"*"
]
},
{
"Sid": "EC2Recovery",
"Effect": "Allow",
"Action": [
"ec2:RunInstances",
"ec2:AttachNetworkInterface",
"ec2:DetachVolume",
"ec2:AttachVolume",
"ec2:DeleteTags",
"ec2:CreateTags",
"ec2:StartInstances",
"ec2:StopInstances",
"ec2:CreateVolume",
"ec2:DeleteVolume",
"ec2:DescribeIamInstanceProfileAssociations",
"ec2:AssociateIamInstanceProfile",
"ec2:AssociateAddress",
"secretsmanager:GetResourcePolicy",
"secretsmanager:GetSecretValue",
"secretsmanager:DescribeSecret",
"secretsmanager:RestoreSecret",
"secretsmanager:PutSecretValue",
"secretsmanager:DeleteSecret",
"secretsmanager:UpdateSecret",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress"
],
"Resource": [
"*"
]
},
{
"Sid": "SNS",
"Effect": "Allow",
"Action": [
"sns:Publish",
"sns:GetTopicAttributes"
],
"Resource": [
"arn:aws:sns:*:*:*"
]
}
]
}