6 år sedan · f900a72227
--- a/policies/bak/FIAM-BOUNDARY-Developer.json
+++ b/policies/bak/FIAM-BOUNDARY-Developer.json
@@ -1,26 +0,0 @@
 
				-{
			
 
				-    "Version": "2012-10-17",
			
 
				-    "Statement": [
			
 
				-        {
			
 
				-            "Sid": "TODOThereIsNoReasonForThisPolicy",
			
 
				-            "Effect": "Allow",
			
 
				-            "Action": "s3:PutObject",
			
 
				-            "Resource": "arn:aws:s3:::*/*"
			
 
				-        },
			
 
				-        {
			
 
				-            "Sid": "TODOThisIsOnlyAPlaceHolder",
			
 
				-            "Effect": "Allow",
			
 
				-            "Action": "s3:ListBucket",
			
 
				-            "Resource": "arn:aws:s3:::*"
			
 
				-        },
			
 
				-        {
			
 
				-            "Sid": "TODO",
			
 
				-            "Effect": "Allow",
			
 
				-            "Action": [
			
 
				-                "s3:ListAllMyBuckets",
			
 
				-                "s3:HeadBucket"
			
 
				-            ],
			
 
				-            "Resource": "*"
			
 
				-        }
			
 
				-    ]
			
 
				-}
			
--- a/policies/bak/FIAM-COMMON-IAM-EC2.json
+++ b/policies/bak/FIAM-COMMON-IAM-EC2.json
@@ -1,16 +0,0 @@
 
				-{
			
 
				-    "Version": "2012-10-17",
			
 
				-    "Statement": [
			
 
				-        {
			
 
				-            "Sid": "InstanceProfiles",
			
 
				-            "Effect": "Allow",
			
 
				-            "Action": [
			
 
				-                "iam:CreateInstanceProfile",
			
 
				-                "iam:DeleteInstanceProfile",
			
 
				-                "iam:AddRoleToInstanceProfile",
			
 
				-                "iam:RemoveRoleFromInstanceProfile"
			
 
				-            ],
			
 
				-            "Resource": "arn:aws:iam::082012130604:instance-profile/${aws:PrincipalTag/IAM:NamePrefix}*"
			
 
				-        }
			
 
				-    ]
			
 
				-}
			
--- a/policies/bak/FIAM-COMMON-IAMBasics.json
+++ b/policies/bak/FIAM-COMMON-IAMBasics.json
@@ -1,47 +0,0 @@
 
				-{
			
 
				-    "Version": "2012-10-17",
			
 
				-    "Statement": [
			
 
				-        {
			
 
				-            "Sid": "RequirePermissionsBoundary",
			
 
				-            "Effect": "Allow",
			
 
				-            "Action": [
			
 
				-                "iam:DetachRolePolicy",
			
 
				-                "iam:CreateRole",
			
 
				-                "iam:AttachRolePolicy"
			
 
				-            ],
			
 
				-            "Resource": "arn:aws:iam::082012130604:role/${aws:PrincipalTag/IAM:NamePrefix}*",
			
 
				-            "Condition": {
			
 
				-                "StringEquals": {
			
 
				-                    "iam:PermissionsBoundary": "arn:aws:iam::082012130604:policy/${aws:PrincipalTag/IAM:PermissionsBoundary}"
			
 
				-                }
			
 
				-            }
			
 
				-        },
			
 
				-        {
			
 
				-            "Sid": "DeleteAppropriatelyNamedRole",
			
 
				-            "Effect": "Allow",
			
 
				-            "Action": "iam:DeleteRole",
			
 
				-            "Resource": "arn:aws:iam::082012130604:role/${aws:PrincipalTag/IAM:NamePrefix}*"
			
 
				-        },
			
 
				-        {
			
 
				-            "Sid": "ModifyAppropriatelyNamedPolicies",
			
 
				-            "Effect": "Allow",
			
 
				-            "Action": [
			
 
				-                "iam:CreatePolicy",
			
 
				-                "iam:DeletePolicy",
			
 
				-                "iam:CreatePolicyVersion",
			
 
				-                "iam:DeletePolicyVersion"
			
 
				-            ],
			
 
				-            "Resource": "arn:aws:iam::082012130604:policy/${aws:PrincipalTag/IAM:NamePrefix}**"
			
 
				-        },
			
 
				-        {
			
 
				-            "Sid": "AdditionalUsefulAccessTODO",
			
 
				-            "Effect": "Allow",
			
 
				-            "Action": [
			
 
				-                "iam:Get*",
			
 
				-                "iam:List*",
			
 
				-                "iam:GenerateServiceLastAccessedDetails"
			
 
				-            ],
			
 
				-            "Resource": "*"
			
 
				-        }
			
 
				-    ]
			
 
				-}
			
--- a/policies/bak/FIAM-COMMON-RestrictRegions.json
+++ b/policies/bak/FIAM-COMMON-RestrictRegions.json
@@ -1,19 +0,0 @@
 
				-{
			
 
				-    "Version": "2012-10-17",
			
 
				-    "Statement": [
			
 
				-        {
			
 
				-            "Effect": "Deny",
			
 
				-            "Action": "*",
			
 
				-            "Resource": "*",
			
 
				-            "Condition": {
			
 
				-                "StringNotEquals": {
			
 
				-                    "aws:RequestedRegion": [
			
 
				-                        "us-east-1",
			
 
				-                        "us-east-2",
			
 
				-                        "us-west-1"
			
 
				-                    ]
			
 
				-                }
			
 
				-            }
			
 
				-        }
			
 
				-    ]
			
 
				-}
			
--- a/policies/bak/FIAM-COMMON-RestrictServices.json
+++ b/policies/bak/FIAM-COMMON-RestrictServices.json
@@ -1,19 +0,0 @@
 
				-{
			
 
				-    "Version": "2012-10-17",
			
 
				-    "Statement": [
			
 
				-        {
			
 
				-            "Effect": "Deny",
			
 
				-            "Action": "*",
			
 
				-            "Resource": "*",
			
 
				-            "Condition": {
			
 
				-                "StringNotEquals": {
			
 
				-                    "aws:RequestedRegion": [
			
 
				-                        "us-east-1",
			
 
				-                        "us-east-2",
			
 
				-                        "us-west-1"
			
 
				-                    ]
			
 
				-                }
			
 
				-            }
			
 
				-        }
			
 
				-    ]
			
 
				-}
			
--- a/policies/bak/FIAM-TESTING-assume_any_fiam_role.json
+++ b/policies/bak/FIAM-TESTING-assume_any_fiam_role.json
@@ -1,11 +0,0 @@
 
				-{
			
 
				-    "Version": "2012-10-17",
			
 
				-    "Statement": [
			
 
				-        {
			
 
				-            "Sid": "VisualEditor0",
			
 
				-            "Effect": "Allow",
			
 
				-            "Action": "sts:AssumeRole",
			
 
				-            "Resource": "arn:aws:iam::082012130604:role/FIAM-*"
			
 
				-        }
			
 
				-    ]
			
 
				-}
			
--- a/policies/tmp.txt
+++ b/policies/tmp.txt
@@ -1 +0,0 @@
 
				-he