{"AWSTemplateFormatVersion":"2010-09-09","Description":"CloudAware IAM Role Stack Template","Metadata":{"AWS::CloudFormation::Interface":{"ParameterGroups":[{"Label":{"default":"Access"},"Parameters":["AccessRoleArn","AccessRoleName","AccessExternalId"]},{"Label":{"default":"Policies"},"Parameters":["PolicyCloudTrailStatus","PolicyBillingStatus","PolicyCloudAwareMonitoringStatus","PolicyBackupsStatus","PolicyTaggingStatus","PolicyInstanceSchedulerStatus","PolicyConfluxStatus"]},{"Label":{"default":"Parameters"},"Parameters":["S3BackupDestinationBucket"]}],"ParameterLabels":{"AccessRoleArn":{"default":"CloudAware Role ARN"},"AccessRoleName":{"default":"CloudAware Role Name"},"AccessExternalId":{"default":"External ID"},"S3BackupDestinationBucket":{"default":"S3 Backup Destination Bucket Name"},"PolicyCloudTrailStatus":{"default":"CloudTrail"},"PolicyBillingStatus":{"default":"Billing"},"PolicyCloudAwareMonitoringStatus":{"default":"CloudAware Monitoring"},"PolicyBackupsStatus":{"default":"Backups"},"PolicyTaggingStatus":{"default":"Tagging"},"PolicyInstanceSchedulerStatus":{"default":"Instance Scheduler"},"PolicyConfluxStatus":{"default":"Conflux"}}}},"Parameters":{"AccessRoleArn":{"Type":"String","Default":"CloudAware.aws","MinLength":"1","AllowedValues":["CloudAware.aws","CloudAware.aws-us-gov"],"Description":"CloudAware trusted role ARN"},"AccessRoleName":{"Type":"String","Default":"auto-generate","Description":"Role name inside this account"},"AccessExternalId":{"Type":"String"},"S3BackupDestinationBucket":{"Type":"String"},"PolicyCloudTrailStatus":{"Type":"String","Default":"Not Available","MinLength":"1","AllowedValues":["Not Available"]},"PolicyBillingStatus":{"Type":"String","Default":"Not Available","MinLength":"1","AllowedValues":["Not Available"]},"PolicyCloudAwareMonitoringStatus":{"Type":"String","Default":"Disabled","MinLength":"1","AllowedValues":["Enabled","Disabled"]},"PolicyBackupsStatus":{"Type":"String","Default":"Disabled","MinLength":"1","AllowedValues":["Enabled","Disabled"]},"PolicyTaggingStatus":{"Type":"String","Default":"Disabled","MinLength":"1","AllowedValues":["Enabled","Disabled"]},"PolicyInstanceSchedulerStatus":{"Type":"String","Default":"Disabled","MinLength":"1","AllowedValues":["Enabled","Disabled"]},"PolicyConfluxStatus":{"Type":"String","Default":"Not Available","MinLength":"1","AllowedValues":["Not Available"]}},"Conditions":{"AccessRoleNameProvided":{"Fn::Not":[{"Fn::Equals":[{"Ref":"AccessRoleName"},"auto-generate"]}]},"PartitionAws":{"Fn::Equals":[{"Ref":"AWS::Partition"},"aws"]},"PartitionAwsUsGov":{"Fn::Equals":[{"Ref":"AWS::Partition"},"aws-us-gov"]},"PartitionAwsCn":{"Fn::Equals":[{"Ref":"AWS::Partition"},"aws-cn"]},"PolicyCloudTrailEnabled":{"Fn::Equals":[{"Ref":"PolicyCloudTrailStatus"},"Enabled"]},"PolicyBillingEnabled":{"Fn::Equals":[{"Ref":"PolicyBillingStatus"},"Enabled"]},"PolicyCloudAwareMonitoringEnabled":{"Fn::Equals":[{"Ref":"PolicyCloudAwareMonitoringStatus"},"Enabled"]},"PolicyBackupsEnabled":{"Fn::Equals":[{"Ref":"PolicyBackupsStatus"},"Enabled"]},"PolicyTaggingEnabled":{"Fn::Equals":[{"Ref":"PolicyTaggingStatus"},"Enabled"]},"PolicyInstanceSchedulerEnabled":{"Fn::Equals":[{"Ref":"PolicyInstanceSchedulerStatus"},"Enabled"]},"PolicyConfluxEnabled":{"Fn::Equals":[{"Ref":"PolicyConfluxStatus"},"Enabled"]}},"Mappings":{"AccessRoleArnMap":{"CloudAware.aws":{"Arn":"arn:aws:iam::814021343637:user/ca-collector"},"CloudAware.aws-us-gov":{"Arn":"arn:aws-us-gov:iam::321683528484:user/cloudaware-collector"}}},"Resources":{"CloudAwareIamRole":{"Type":"AWS::IAM::Role","Properties":{"RoleName":{"Fn::If":["AccessRoleNameProvided",{"Ref":"AccessRoleName"},{"Ref":"AWS::NoValue"}]},"AssumeRolePolicyDocument":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"AWS":{"Fn::FindInMap":["AccessRoleArnMap",{"Ref":"AccessRoleArn"},"Arn"]}},"Condition":{"StringEquals":{"sts:ExternalId":{"Ref":"AccessExternalId"}}},"Action":"sts:AssumeRole"}]}}},"CollectorPolicy1":{"Type":"AWS::IAM::ManagedPolicy","Properties":{"ManagedPolicyName":"CloudAwareCollectorPolicy1","Roles":[{"Ref":"CloudAwareIamRole"}],"PolicyDocument":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["ec2:Des*","ec2:GetA*","ec2:GetC*","ec2:GetD*","ec2:GetE*","ec2:GetFlowLogsIntegrationTemplate","ec2:GetGroupsForCapacityReservation","ec2:GetHostReservationPurchasePreview","ec2:GetI*","ec2:GetLaunchTemplateData","ec2:GetM*","ec2:GetN*","ec2:GetR*","ec2:GetS*","ec2:GetT*","ec2:GetV*","ec2:Li*","rds:Des*","rds:ListTagsForResource","iam:GenerateCredentialReport","iam:Get*","iam:L*","s3:Des*","s3:GetA*","s3:GetB*","s3:GetEncryptionConfiguration","s3:GetI*","s3:GetJobTagging","s3:GetLifecycleConfiguration","s3:GetM*","s3:GetObjectA*","s3:GetObjectLegalHold","s3:GetObjectRetention","s3:GetObjectTagging","s3:GetObjectVersionA*","s3:GetObjectVersionForReplication","s3:GetObjectVersionTagging","s3:GetReplicationConfiguration","s3:GetS*","s3:L*","sqs:G*","sqs:L*","cloudfront:Des*","cloudfront:G*","cloudfront:L*","elasticmapreduce:Des*","elasticmapreduce:GetAutoTerminationPolicy","elasticmapreduce:GetBlockPublicAccessConfiguration","elasticmapreduce:GetManagedScalingPolicy","elasticmapreduce:GetStudioSessionMapping","elasticmapreduce:Lis*","elasticmapreduce:ViewEventsFromAllClustersInConsole","elasticloadbalancing:Des*","elasticloadbalancing:G*","snowball:D*","snowball:GetJobManifest","snowball:GetS*","snowball:L*","sns:G*","sns:L*","cloudformation:Des*","cloudformation:G*","cloudformation:L*","route53:G*","route53:L*","elasticbeanstalk:Des*","elasticbeanstalk:L*","cloudwatch:B*","cloudwatch:Des*","cloudwatch:Get*","cloudwatch:Lis*","autoscaling:Des*","autoscaling:GetPredictiveScalingForecast","ses:BatchGetMetricData","ses:Des*","ses:G*","ses:L*","sts:GetAccessKeyInfo","sts:GetCallerIdentity","sts:GetServiceBearerToken","dynamodb:Des*","dynamodb:G*","dynamodb:L*","dynamodb:ReadDataForReplication","glacier:Des*","glacier:G*","glacier:L*","redshift:Des*","redshift:GetIdentityCenterAuthToken","redshift:GetR*","redshift:L*","redshift:V*","cloudtrail:Des*","cloudtrail:Get*","cloudtrail:L*","kinesis:Des*","kinesis:G*","kinesis:L*","kinesisanalytics:Des*","kinesisanalytics:GetApplicationState","kinesisanalytics:L*","kinesisvideo:Des*","kinesisvideo:G*","kinesisvideo:L*","ecs:Des*","ecs:GetTaskProtection","ecs:L*","lambda:G*","lambda:L*","machinelearning:Des*","machinelearning:G*","kms:Des*","kms:Get*","kms:L*","elasticache:Des*","elasticache:L*","iot:Des*","iot:G*","iot:L*","storagegateway:DescribeAvailabilityMonitorTest","storagegateway:DescribeB*","storagegateway:DescribeCa*","storagegateway:DescribeFileSystemAssociations","storagegateway:DescribeGatewayInformation","storagegateway:DescribeMaintenanceStartTime","storagegateway:DescribeNFSFileShares","storagegateway:DescribeS*","storagegateway:DescribeT*","storagegateway:DescribeUploadBuffer","storagegateway:DescribeVTLDevices","storagegateway:DescribeWorkingStorage","storagegateway:L*","workspaces:Des*","workspaces:G*","workspaces:L*","support:*","opsworks:Des*","opsworks:GetHostnameSuggestion","opsworks:ListTags","glue:BatchGetBlueprints","glue:BatchGetC*","glue:BatchGetDevEndpoints","glue:BatchGetJobs","glue:BatchGetPartition","glue:BatchGetT*","glue:BatchGetWorkflows","glue:DescribeI*","glue:GetB*","glue:GetC*","glue:GetDashboardUrl","glue:GetDataCatalogEncryptionSettings","glue:GetDataQ*","glue:GetDatab*","glue:GetDataflowGraph","glue:GetDe*","glue:GetEntityRecords","glue:GetG*","glue:GetI*","glue:GetJ*","glue:GetM*","glue:GetP*","glue:GetRegistry","glue:GetRes*","glue:GetSc*","glue:GetSe*","glue:GetStatement","glue:GetT*","glue:GetU*","glue:GetW*","glue:ListBlueprints","glue:ListColumnStatisticsTaskRuns","glue:ListCr*","glue:ListCustomEntityTypes","glue:ListD*","glue:ListIntegrationResourceProperties","glue:ListJ*","glue:ListMLTransforms","glue:ListRegistries","glue:ListS*","glue:ListT*","glue:ListUsageProfiles","glue:ListWorkflows","application-autoscaling:Des*","application-autoscaling:GetPredictiveScalingForecast","application-autoscaling:ListTagsForResource","apigateway:G*","apigateway:L*","clouddirectory:G*","clouddirectory:L*","pricing:*","organizations:Des*","organizations:Li*","elasticfilesystem:Des*","elasticfilesystem:ListTagsForResource","ecr:BatchG*","ecr:Des*","ecr:GetAccountSetting","ecr:GetDownloadUrlForLayer","ecr:GetImageCopyStatus","ecr:GetL*","ecr:GetR*","ecr:GetSigningConfiguration","ecr:L*","comprehend:Des*","comprehend:L*","mobileanalytics:G*","dms:Des*","dms:GetTargetSelectionRules","dms:L*","ssm:Des*","ssm:GetA*","ssm:GetC*","ssm:GetD*","ssm:GetExecutionPreview","ssm:GetI*","ssm:GetM*","ssm:GetO*","ssm:GetPat*","ssm:GetResourcePolicies","ssm:GetServiceSetting","ssm:Li*","sso:Des*","sso:G*","sso:L*","mgh:Des*","mgh:G*","mgh:L*","artifact:G*","artifact:L*","transcribe:DescribeLanguageModel","transcribe:G*","transcribe:L*","devicefarm:G*","devicefarm:L*","guardduty:Des*","guardduty:G*","guardduty:L*","events:Des*","events:L*","lex:Des*","lex:Get*","lex:L*","ram:G*","ram:L*","signer:DescribeSigningJob","signer:G*","signer:L*","mediaconnect:Des*","mediaconnect:Ge*","mediaconnect:L*","sagemaker:BatchG*","sagemaker:Des*","sagemaker:G*","sagemaker:L*","resource-groups:Ge*","resource-groups:L*","globalaccelerator:Des*","globalaccelerator:L*","serverlessrepo:G*","serverlessrepo:L*","sdb:G*","sdb:L*","mediapackage:Des*","mediapackage:L*","kafka:Des*","kafka:G*","kafka:L*","sms-voice:Des*","sms-voice:G*","sms-voice:L*","athena:B*","athena:GetC*","athena:GetD*","athena:GetE*","athena:GetN*","athena:GetPreparedStatement","athena:GetQ*","athena:GetResourceDashboard","athena:GetSessionStatus","athena:GetT*","athena:GetWorkGroup","athena:L*","aws-marketplace:Des*","aws-marketplace:G*","aws-marketplace:L*","aws-marketplace:ViewSubscriptions","mobiletargeting:G*","mobiletargeting:L*"],"Resource":["*"]}]}}},"CollectorPolicy2":{"Type":"AWS::IAM::ManagedPolicy","Properties":{"ManagedPolicyName":"CloudAwareCollectorPolicy2","Roles":[{"Ref":"CloudAwareIamRole"}],"PolicyDocument":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["autoscaling-plans:Des*","autoscaling-plans:GetScalingPlanResourceForecastData","cur:DescribeReportDefinitions","cur:G*","cur:ListTagsForResource","shield:Des*","shield:G*","shield:L*","secretsmanager:DescribeSecret","secretsmanager:GetR*","secretsmanager:L*","route53domains:G*","route53domains:L*","route53domains:ViewBilling","fsx:Des*","fsx:ListTagsForResource","amplify:Get*","amplify:L*","freertos:Des*","freertos:G*","freertos:L*","medialive:Des*","medialive:G*","medialive:L*","cloudhsm:Des*","cloudhsm:GetResourcePolicy","cloudhsm:ListTags","codedeploy:B*","codedeploy:G*","codedeploy:L*","route53resolver:G*","route53resolver:L*","importexport:G*","importexport:ListJobs","workmail:Des*","workmail:G*","workmail:L*","datapipeline:Des*","datapipeline:G*","datapipeline:ListPipelines","sms:Get*","sms:ListApps","codebuild:BatchG*","codebuild:Des*","codebuild:G*","codebuild:L*","iotanalytics:Des*","iotanalytics:GetDatasetContent","iotanalytics:L*","connect:BatchG*","connect:Des*","connect:GetAttachedFile","connect:GetC*","connect:GetEffectiveHoursOfOperations","connect:GetFlowAssociation","connect:GetM*","connect:GetPromptFile","connect:GetT*","connect:ListA*","connect:ListBots","connect:ListC*","connect:ListD*","connect:ListE*","connect:ListFlowAssociations","connect:ListH*","connect:ListI*","connect:ListL*","connect:ListNotifications","connect:ListP*","connect:ListQ*","connect:ListR*","connect:ListSecurityP*","connect:ListT*","connect:ListU*","connect:ListV*","connect:ListW*","ce:Des*","ce:G*","ce:L*","health:De*","gamelift:Des*","gamelift:GetComputeAccess","gamelift:GetPlayerConnectionDetails","gamelift:L*","opsworks-cm:Des*","opsworks-cm:ListTagsForResource","sso-directory:Des*","sso-directory:G*","sso-directory:ListE*","sso-directory:ListG*","sso-directory:ListM*","sso-directory:ListProvisioningTenants","sso-directory:ListUsers","discovery:Des*","discovery:G*","discovery:L*","codecommit:BatchG*","codecommit:Des*","codecommit:Ge*","codecommit:L*","trustedadvisor:Des*","trustedadvisor:Get*","trustedadvisor:L*","cognito-idp:DescribeIdentityProvider","cognito-idp:DescribeM*","cognito-idp:DescribeR*","cognito-idp:DescribeTerms","cognito-idp:DescribeUserImportJob","cognito-idp:DescribeUserPool","cognito-idp:DescribeUserPoolDomain","cognito-idp:GetCSVHeader","cognito-idp:GetDevice","cognito-idp:GetGroup","cognito-idp:GetIdentityProviderByIdentifier","cognito-idp:GetLogDeliveryConfiguration","cognito-idp:GetSigningCertificate","cognito-idp:GetUICustomization","cognito-idp:GetUser","cognito-idp:GetUserPoolMfaConfig","cognito-idp:GetWebACLForResource","cognito-idp:L*","config:B*","config:Des*","config:G*","config:L*","swf:CountClosedWorkflowExecutions","swf:CountOpenWorkflowExecutions","swf:Des*","swf:GetWorkflowExecutionHistory","swf:L*","appsync:Ge*","appsync:ListApis","appsync:ListChannelNamespaces","appsync:ListD*","appsync:ListFunctions","appsync:ListGraphqlApis","appsync:ListR*","appsync:ListSourceApiAssociations","appsync:ListT*","acm:DescribeCertificate","acm:G*","acm:L*","xray:B*","xray:G*","xray:Lis*","eks:Des*","eks:L*","fms:G*","fms:L*","translate:DescribeTextTranslationJob","translate:G*","translate:L*","ds:Des*","ds:G*","ds:L*","waf-regional:GetByteMatchSet","waf-regional:GetChangeTokenStatus","waf-regional:GetGeoMatchSet","waf-regional:GetIPSet","waf-regional:GetLoggingConfiguration","waf-regional:GetPermissionPolicy","waf-regional:GetR*","waf-regional:GetS*","waf-regional:GetW*","waf-regional:GetXssMatchSet","waf-regional:L*","dax:Des*","dax:GetItem","dax:ListTags","tag:DescribeReportCreation","tag:G*","tag:ListRequiredTags","logs:Des*","logs:G*","logs:Lis*","chime:Des*","chime:G*","chime:Li*","firehose:DescribeDeliveryStream","firehose:L*","servicecatalog:Des*","servicecatalog:G*","servicecatalog:L*","servicecatalog:Se*","mechanicalturk:G*","mechanicalturk:L*","mq:Des*","mq:L*","batch:Des*","batch:GetJobQueueSnapshot","batch:L*","iotevents:Des*","iotevents:GetDetectorModelAnalysisResults","iotevents:L*","es:Des*","es:G*","es:L*","cloud9:Des*","cloud9:G*","cloud9:L*","transfer:Des*","transfer:L*","budgets:Des*","budgets:ListTagsForResource","budgets:ViewBudget","textract:G*","textract:L*","groundtruthlabeling:DescribeConsoleJob","groundtruthlabeling:Get*","groundtruthlabeling:L*","cognito-identity:Des*","cognito-identity:GetIde*","cognito-identity:GetPrincipalTagAttributeMap","cognito-identity:L*","mediastore:Des*","mediastore:G*","mediastore:L*","polly:DescribeVoices","polly:G*","polly:L*","license-manager:G*","license-manager:L*","a4b:G*","a4b:L*","acm-pca:Des*","acm-pca:G*","acm-pca:L*","iot1click:Des*","iot1click:G*","iot1click:L*","states:Des*","states:GetExecutionHistory","states:L*","codepipeline:G*","codepipeline:L*","securityhub:BatchG*","securityhub:Des*","securityhub:G*","securityhub:L*","ec2messages:G*"],"Resource":["*"]}]}}},"CollectorPolicy3":{"Type":"AWS::IAM::ManagedPolicy","Properties":{"ManagedPolicyName":"CloudAwareCollectorPolicy3","Roles":[{"Ref":"CloudAwareIamRole"}],"PolicyDocument":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["greengrass:DescribeComponent","greengrass:G*","greengrass:L*","servicediscovery:G*","servicediscovery:L*","workdocs:Des*","workdocs:G*","aws-marketplace-management:G*","aws-marketplace-management:v*","comprehendmedical:Des*","comprehendmedical:L*","rekognition:Des*","rekognition:G*","rekognition:L*","waf:GetByteMatchSet","waf:GetChangeTokenStatus","waf:GetGeoMatchSet","waf:GetIPSet","waf:GetLoggingConfiguration","waf:GetPermissionPolicy","waf:GetR*","waf:GetS*","waf:GetWebACL","waf:GetXssMatchSet","waf:L*","appstream:Des*","appstream:GetExportImageTask","appstream:L*","quicksight:BatchGetPreferences","quicksight:DescribeA*","quicksight:DescribeB*","quicksight:DescribeC*","quicksight:DescribeDas*","quicksight:DescribeDataSet","quicksight:DescribeDataSetRefreshProperties","quicksight:DescribeDataSource","quicksight:DescribeDefaultQBusinessApplication","quicksight:DescribeE*","quicksight:DescribeF*","quicksight:DescribeG*","quicksight:DescribeI*","quicksight:DescribeKeyRegistration","quicksight:DescribeNamespace","quicksight:DescribeQ*","quicksight:DescribeR*","quicksight:DescribeSelfUpgradeConfiguration","quicksight:DescribeTe*","quicksight:DescribeTh*","quicksight:DescribeTopic","quicksight:DescribeTopicR*","quicksight:DescribeUser","quicksight:DescribeVPCConnection","quicksight:Get*","quicksight:L*","dlm:G*","dlm:ListTagsForResource","wellarchitected:G*","wellarchitected:L*","mediaconvert:DescribeEndpoints","mediaconvert:G*","mediaconvert:L*","inspector:Des*","inspector:G*","inspector:L*","lightsail:GetA*","lightsail:GetBlueprints","lightsail:GetBucketBundles","lightsail:GetBucketMetricData","lightsail:GetBuckets","lightsail:GetBundles","lightsail:GetC*","lightsail:GetD*","lightsail:GetExportSnapshotRecords","lightsail:GetInstance","lightsail:GetInstanceMetricData","lightsail:GetInstancePortStates","lightsail:GetInstanceS*","lightsail:GetInstances","lightsail:GetL*","lightsail:GetO*","lightsail:GetRegions","lightsail:GetRelationalDatabase","lightsail:GetRelationalDatabaseB*","lightsail:GetRelationalDatabaseEvents","lightsail:GetRelationalDatabaseL*","lightsail:GetRelationalDatabaseMetricData","lightsail:GetRelationalDatabaseParameters","lightsail:GetRelationalDatabaseS*","lightsail:GetRelationalDatabases","lightsail:GetS*","robomaker:Des*","robomaker:GetWorldTemplateBody","robomaker:L*","codestar:Des*","codestar:GetExtendedAccess","codestar:L*","cognito-sync:Des*","cognito-sync:G*","cognito-sync:L*","cloudsearch:Des*","cloudsearch:L*","directconnect:Des*","directconnect:ListVirtualInterfaceTestHistory","neptune-db:G*","neptune-db:L*","neptune-db:ReadDataViaQuery","elastictranscoder:L*","elastictranscoder:R*","pi:DescribeDimensionKeys","pi:G*","pi:L*","activate:G*","backup:Des*","backup:G*","backup:ListB*","backup:ListC*","backup:ListFrameworks","backup:ListIndexedRecoveryPoints","backup:ListLegalHolds","backup:ListP*","backup:ListR*","backup:ListS*","backup:ListT*","worklink:Des*","worklink:L*","datasync:Des*","datasync:L*","iotsitewise:BatchG*","iotsitewise:Des*","iotsitewise:G*","iotsitewise:L*","mediatailor:Des*","mediatailor:G*","mediatailor:L*","account:G*","account:ListRegions","appmesh:Des*","appmesh:GetMeshPolicy","appmesh:L*","managedblockchain:Ge*","managedblockchain:L*","groundstation:Des*","groundstation:G*","groundstation:L*","personalize:Des*","personalize:G*","personalize:L*","applicationinsights:Des*","applicationinsights:Lis*","servicequotas:G*","servicequotas:L*","chatbot:Des*","chatbot:GetAccountPreferences","chatbot:GetCustomAction","chatbot:GetMicrosoftTeamsChannelConfiguration","chatbot:L*","qldb:Des*","qldb:G*","qldb:L*","mediapackage-vod:Des*","mediapackage-vod:L*","lakeformation:Des*","lakeformation:GetDataCellsFilter","lakeformation:GetDataL*","lakeformation:GetEffectivePermissionsForPath","lakeformation:GetL*","lakeformation:GetQ*","lakeformation:GetResourceLFTags","lakeformation:GetT*","lakeformation:GetW*","lakeformation:L*","forecast:Des*","forecast:G*","forecast:L*","dbqms:Des*","dbqms:GetQueryString","workmailmessageflow:GetRawMessageContent","deepracer:G*","deepracer:L*","codestar-notifications:DescribeNotificationRule","codestar-notifications:L*","savingsplans:Des*","savingsplans:ListTagsForResource","dataexchange:G*","dataexchange:L*","launchwizard:Des*","launchwizard:G*","launchwizard:L*","appmesh-preview:Des*","appmesh-preview:GetMeshPolicy","appmesh-preview:L*","synthetics:Des*","synthetics:G*","synthetics:L*","schemas:Des*","schemas:G*","schemas:L*","access-analyzer:Get*","access-analyzer:L*","imagebuilder:G*","imagebuilder:L*","cassandra:G*","cassandra:ListStreams","networkmanager:DescribeGlobalNetworks","networkmanager:G*","networkmanager:L*","kendra:BatchGetDocumentStatus","kendra:Des*","kendra:G*","kendra:L*","compute-optimizer:DescribeRecommendationExportJobs","compute-optimizer:G*","frauddetector:BatchGetVariable","frauddetector:Des*","frauddetector:G*","frauddetector:L*","detective:B*","detective:DescribeOrganizationConfiguration","detective:G*","detective:L*","outposts:G*","outposts:L*","ebs:GetSnapshotBlock","ebs:L*","wafv2:Des*","wafv2:Get*","wafv2:L*","codeguru-reviewer:De*","codeguru-reviewer:GetMetricsData","codeguru-reviewer:L*","codeguru-profiler:BatchGetFrameMetricData","codeguru-profiler:DescribeProfilingGroup","codeguru-profiler:G*","codeguru-profiler:L*","appconfig:G*","appconfig:L*","awsconnector:GetConnectorHealth","deepcomposer:G*","deepcomposer:L*","codeguru:GetCodeGuruFreeTrialSummary","iq-permission:GetPermissionRequest","iq-permission:ListPermissionRequests","iq:G*","iq:Lis*","appflow:Des*","appflow:L*"],"Resource":["*"]}]}}},"CollectorPolicy4":{"Type":"AWS::IAM::ManagedPolicy","Properties":{"ManagedPolicyName":"CloudAwareCollectorPolicy4","Roles":[{"Ref":"CloudAwareIamRole"}],"PolicyDocument":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["purchase-orders:G*","purchase-orders:L*","codestar-connections:G*","codestar-connections:L*","macie2:BatchGetCustomDataIdentifiers","macie2:Des*","macie2:G*","macie2:L*","resource-explorer:*","codeartifact:Des*","codeartifact:GetAssociatedPackageGroup","codeartifact:GetDomainPermissionsPolicy","codeartifact:GetP*","codeartifact:GetR*","codeartifact:L*","codeartifact:ReadFromRepository","honeycode:Des*","honeycode:GetScreenData","honeycode:ListDomains","honeycode:ListGroups","honeycode:ListTab*","honeycode:ListTe*","ivs:BatchG*","ivs:G*","ivs:L*","identitystore:Des*","identitystore:G*","identitystore:L*","elemental-appliances-software:G*","elemental-appliances-software:ListQuotes","elemental-activations:Get*","braket:G*","braket:ListTagsForResource","redshift-data:D*","redshift-data:G*","redshift-data:L*","timestream:Des*","timestream:G*","timestream:L*","s3-outposts:G*","s3-outposts:L*","databrew:Des*","databrew:L*","network-firewall:Des*","network-firewall:GetAnalysisReportResults","network-firewall:L*","elemental-support-cases:G*","elemental-support-cases:ListTagsForCase","airflow:GetEnvironment","airflow:L*","amplifybackend:Get*","amplifybackend:L*","proton:G*","proton:L*","profile:B*","profile:G*","profile:L*","devops-guru:Des*","devops-guru:G*","devops-guru:L*","ecr-public:Des*","ecr-public:GetR*","ecr-public:ListTagsForResource","panorama:Des*","panorama:GetWebSocketURL","panorama:L*","lookoutvision:Des*","lookoutvision:L*","monitron:G*","monitron:ListProjectUserAssociations","monitron:ListProjects","monitron:ListTagsForResource","monitron:ListUserAccessRoleAssociations","auditmanager:G*","auditmanager:L*","emr-containers:Des*","emr-containers:L*","iotfleethub:DescribeApplication","iotfleethub:L*","aps:Des*","aps:G*","aps:L*","iotwireless:G*","iotwireless:L*","cloudshell:DescribeEnvironments","cloudshell:GetEnvironmentStatus","iotdeviceadvisor:G*","iotdeviceadvisor:L*","geo:BatchGetDevicePosition","geo:Des*","geo:G*","geo:L*","grafana:Des*","grafana:L*","app-integrations:G*","app-integrations:L*","lookoutequipment:Des*","lookoutequipment:L*","tiros:G*","lookoutmetrics:Des*","lookoutmetrics:G*","lookoutmetrics:L*","fis:G*","fis:L*","s3-object-lambda:G*","s3-object-lambda:L*","healthlake:Des*","healthlake:Get*","healthlake:L*","healthlake:ReadResource","mgn:Des*","mgn:G*","mgn:L*","ssm-incidents:BatchGetIncidentFindings","ssm-incidents:G*","ssm-incidents:L*","controltower:Des*","controltower:G*","controltower:L*","nimble:G*","nimble:L*","kafka-cluster:Des*","kafka-cluster:ReadData","ssm-contacts:Des*","ssm-contacts:G*","ssm-contacts:L*","application-cost-profiler:GetReportDefinition","application-cost-profiler:ListReportDefinitions","apprunner:Des*","apprunner:L*","bugbust:G*","bugbust:L*","route53-recovery-readiness:G*","route53-recovery-readiness:L*","route53-recovery-cluster:GetRoutingControlState","route53-recovery-cluster:ListRoutingControls","route53-recovery-control-config:Des*","route53-recovery-control-config:GetResourcePolicy","route53-recovery-control-config:L*","snow-device-management:D*","snow-device-management:L*","memorydb:Des*","memorydb:L*","sqlworkbench:BatchGetNotebookCell","sqlworkbench:Get*","sqlworkbench:L*","connect-campaigns:DescribeCampaign","connect-campaigns:G*","connect-campaigns:L*","voiceid:Des*","voiceid:L*","wisdom:G*","wisdom:L*","migrationhub-strategy:G*","migrationhub-strategy:L*","finspace:G*","finspace:Li*","kafkaconnect:Des*","kafkaconnect:L*","resiliencehub:Des*","resiliencehub:L*","inspector2:BatchG*","inspector2:DescribeOrganizationConfiguration","inspector2:G*","inspector2:L*","drs:Des*","drs:G*","drs:L*","ssm-guiconnect:G*","ssm-guiconnect:ListConnections","backup-gateway:G*","backup-gateway:L*","evidently:G*","evidently:L*","refactor-spaces:G*","refactor-spaces:L*","rum:BatchGetRumMetricDefinitions","rum:G*","rum:L*","rbin:GetRule","rbin:Li*","iotfleetwise:Get*","iotfleetwise:L*","workspaces-web:G*","workspaces-web:L*","iottwinmaker:G*","iottwinmaker:L*","serviceextract:GetConfig","amplifyuibuilder:G*","amplifyuibuilder:L*","codedeploy-commands-secure:GetDeploymentSpecification","sustainability:*","rhelkb:GetRhelURL","tax:G*","tax:L*","billingconductor:GetBillingGroupCostReport","billingconductor:L*","identity-sync:G*","identity-sync:ListSyncFilters","migrationhub-orchestrator:G*","migrationhub-orchestrator:L*","iotjobsdata:DescribeJobExecution","iotjobsdata:GetPendingJobExecutions","ivschat:G*","ivschat:L*","emr-serverless:G*","emr-serverless:L*","m2:G*","m2:L*","rolesanywhere:G*","rolesanywhere:L*","redshift-serverless:DescribeOneTimeCredit","redshift-serverless:GetCustomDomainAssociation","redshift-serverless:GetEndpointAccess","redshift-serverless:GetIdentityCenterAuthToken","redshift-serverless:GetManagedWorkgroup","redshift-serverless:GetNamespace","redshift-serverless:GetR*","redshift-serverless:GetS*","redshift-serverless:GetT*","redshift-serverless:GetUsageLimit","redshift-serverless:GetWorkgroup","redshift-serverless:L*","vendor-insights:G*","vendor-insights:L*","license-manager-user-subscriptions:L*","private-networks:G*","private-networks:L*","cases:BatchG*","cases:G*","cases:L*","billing:GetB*","billing:GetC*","billing:GetIAMAccessPreference","billing:GetSellerOfRecord","billing:L*","supportplans:G*","supportplans:ListSupportPlanModifiers","supportapp:DescribeSlackChannels","supportapp:G*","supportapp:L*","identitystore-auth:BatchGetSession","identitystore-auth:ListSessions","a2c:G*","resource-explorer-2:BatchGetView","resource-explorer-2:G*","resource-explorer-2:L*","scheduler:G*","scheduler:L*","ssm-sap:GetApplication","ssm-sap:GetC*","ssm-sap:GetDatabase","ssm-sap:GetOperation","ssm-sap:L*","wickr:G*","wickr:L*"],"Resource":["*"]}]}}},"CollectorPolicy5":{"Type":"AWS::IAM::ManagedPolicy","Properties":{"ManagedPolicyName":"CloudAwareCollectorPolicy5","Roles":[{"Ref":"CloudAwareIamRole"}],"PolicyDocument":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["oam:G*","oam:L*","internetmonitor:G*","internetmonitor:Lis*","arc-zonal-shift:G*","arc-zonal-shift:L*","securitylake:G*","securitylake:L*","aoss:B*","aoss:G*","aoss:L*","simspaceweaver:Des*","simspaceweaver:L*","omics:G*","omics:L*","docdb-elastic:G*","docdb-elastic:L*","sagemaker-geospatial:G*","sagemaker-geospatial:L*","vpc-lattice:G*","vpc-lattice:L*","pipes:DescribePipe","pipes:L*","codewhisperer:GetCustomization","codewhisperer:L*","license-manager-linux-subscriptions:G*","license-manager-linux-subscriptions:L*","codecatalyst:G*","codecatalyst:L*","invoicing:BatchGetInvoiceProfile","invoicing:G*","invoicing:L*","payments:G*","payments:L*","kendra-ranking:DescribeRescoreExecutionPlan","kendra-ranking:L*","freetier:G*","freetier:ListAccountActivities","consolidatedbilling:*","cleanrooms:B*","cleanrooms:G*","cleanrooms:L*","finspace-api:GetProgrammaticAccessCredentials","scn:DescribeInstance","scn:G*","scn:L*","tnb:G*","tnb:L*","codeguru-security:BatchGetFindings","codeguru-security:G*","codeguru-security:L*","datazone:BatchG*","datazone:GetA*","datazone:GetC*","datazone:GetD*","datazone:GetE*","datazone:GetFormType","datazone:GetG*","datazone:GetJobRun","datazone:GetL*","datazone:GetMetadataGenerationRun","datazone:GetN*","datazone:GetP*","datazone:GetRule","datazone:GetS*","datazone:GetTimeSeriesDataPoint","datazone:GetU*","datazone:L*","notifications-contacts:GetEmailContact","notifications-contacts:L*","consoleapp:*","notifications:G*","notifications:L*","osis:G*","osis:L*","customer-verification:G*","mediapackagev2:G*","mediapackagev2:L*","verifiedpermissions:G*","verifiedpermissions:L*","payment-cryptography:Get*","payment-cryptography:L*","appfabric:G*","appfabric:L*","bedrock:Get*","bedrock:L*","medical-imaging:G*","medical-imaging:L*","entityresolution:Get*","entityresolution:L*","managedblockchain-query:*","mapcredits:*","pca-connector-ad:G*","pca-connector-ad:L*","application-transformation:G*","cloudfront-keyvaluestore:DescribeKeyValueStore","cloudfront-keyvaluestore:GetKey","cloudfront-keyvaluestore:ListKeys","bcm-data-exports:G*","bcm-data-exports:L*","cost-optimization-hub:G*","cost-optimization-hub:L*","thinclient:G*","thinclient:L*","b2bi:Get*","b2bi:L*","ts:G*","ts:L*","repostspace:G*","repostspace:L*","networkmanager-chat:L*","one:G*","one:L*","q:Get*","q:L*","qbusiness:G*","qbusiness:L*","s3express:G*","s3express:L*","cleanrooms-ml:G*","cleanrooms-ml:L*","neptune-graph:G*","neptune-graph:L*","neptune-graph:ReadDataViaQuery","networkmonitor:G*","networkmonitor:L*","timestream-influxdb:G*","timestream-influxdb:L*","codeconnections:G*","codeconnections:L*","deadline:BatchGetJobEntity","deadline:G*","deadline:L*","controlcatalog:*","route53profiles:G*","route53profiles:L*","signin:ListTrustedIdentityPropagationApplicationsForConsole","qapps:DescribeQAppPermissions","qapps:G*","qapps:L*","user-subscriptions:L*","application-signals:BatchGetServiceLevelObjectiveBudgetReport","application-signals:G*","application-signals:Lis*","pca-connector-scep:G*","pca-connector-scep:L*","apptest:G*","apptest:L*","sagemaker-mlflow:G*","sagemaker-mlflow:Li*","ssm-quicksetup:G*","ssm-quicksetup:L*","appstudio:G*","pcs:G*","pcs:L*","ds-data:Des*","ds-data:L*","social-messaging:GetL*","social-messaging:GetWhatsAppMessageTemplate","social-messaging:L*","geo-maps:*","geo-places:GetPlace","opensearch:G*","opensearch:ListAutoOptimizeJobs","partnercentral:G*","partnercentral:L*","bcm-pricing-calculator:G*","bcm-pricing-calculator:ListB*","bcm-pricing-calculator:ListW*","observabilityadmin:G*","observabilityadmin:L*","security-ir:BatchGetMemberAccountDetails","security-ir:GetCase","security-ir:GetCaseAttachmentDownloadUrl","security-ir:GetMembership","security-ir:L*","networkflowmonitor:G*","networkflowmonitor:L*","aiops:Get*","aiops:L*","dsql:G*","dsql:L*","s3tables:G*","s3tables:L*","backup-search:G*","backup-search:L*","qdeveloper:ListTagsForResource","iotmanagedintegrations:G*","iotmanagedintegrations:L*","gameliftstreams:G*","gameliftstreams:L*","transform:G*","transform:L*","workspaces-instances:GetWorkspaceInstance","workspaces-instances:L*","evs:G*","evs:L*","support-console:DescribeDynamicHelp","support-console:G*","mpa:G*","mpa:L*","odb:G*","odb:L*","network-security-director:G*","network-security-director:L*","s3vectors:G*","s3vectors:L*","bedrock-agentcore:GetA*","bedrock-agentcore:GetB*","bedrock-agentcore:GetC*","bedrock-agentcore:GetE*","bedrock-agentcore:GetG*","bedrock-agentcore:GetM*","bedrock-agentcore:GetO*","bedrock-agentcore:GetP*","bedrock-agentcore:GetR*","bedrock-agentcore:GetTokenVault","bedrock-agentcore:GetWorkloadIdentity","bedrock-agentcore:L*","arc-region-switch:GetP*","arc-region-switch:L*","awsbillingconsole-deprecated:V*","diode:Des*","diode:GetAccountMappingPin","diode:ListAccountMappings","diode:ListT*","diode-messaging:G*","diode-messaging:L*","bcm-recommended-actions:ListRecommendedActions","uxc:G*","uxc:ListServices","bcm-dashboards:G*","bcm-dashboards:L*","action-recommendations:ListRecommendedActions","rtbfabric:G*","rtbfabric:L*","airflow-serverless:G*","airflow-serverless:L*","pricingplanmanager:GetSubscription","pricingplanmanager:ListSubscriptions","route53globalresolver:G*","route53globalresolver:ListA*","route53globalresolver:ListDNSViews","route53globalresolver:ListF*","route53globalresolver:ListGlobalResolvers","route53globalresolver:ListHostedZoneAssociations","route53globalresolver:ListManagedFirewallDomainLists","transform-custom:G*","transform-custom:L*","aidevops:G*","aidevops:L*","securityagent:BatchG*","securityagent:DescribeFindings","securityagent:G*","securityagent:L*","bedrock-mantle:G*","bedrock-mantle:L*","aco-automation:G*","aco-automation:L*","nova-act:G*","nova-act:L*","elemental-inference:G*","elemental-inference:L*","health-agent:G*","health-agent:L*","interconnect:DescribeConnectionProposal","interconnect:G*","interconnect:L*","aws-external-anthropic:G*","aws-external-anthropic:L*","s3files:G*","s3files:L*"],"Resource":["*"]}]}}},"CloudTrailPolicy":{"Type":"AWS::IAM::Policy","Condition":"PolicyCloudTrailEnabled","Properties":{"PolicyName":"CloudTrailPolicy","Roles":[{"Ref":"CloudAwareIamRole"}],"PolicyDocument":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["cloudtrail:DescribeTrails","cloudtrail:GetTrailStatus","cloudtrail:LookupEvents","kms:ListAliases","s3:GetBucketLocation","s3:ListAllMyBuckets"],"Resource":["*"]},{"Effect":"Allow","Action":["s3:ListBucket"],"Resource":{"Fn::If":["PartitionAws",["arn:aws:s3:::YOUR-CLOUDTRAIL-BUCKET"],{"Fn::If":["PartitionAwsUsGov",["arn:aws-us-gov:s3:::YOUR-CLOUDTRAIL-BUCKET"],{"Fn::If":["PartitionAwsCn",["arn:aws-cn:s3:::YOUR-CLOUDTRAIL-BUCKET"],{"Ref":"AWS::NoValue"}]}]}]}},{"Effect":"Allow","Action":["s3:GetObject"],"Resource":{"Fn::If":["PartitionAws",["arn:aws:s3:::YOUR-CLOUDTRAIL-BUCKET/LOG-PREFIX/*"],{"Fn::If":["PartitionAwsUsGov",["arn:aws-us-gov:s3:::YOUR-CLOUDTRAIL-BUCKET/LOG-PREFIX/*"],{"Fn::If":["PartitionAwsCn",["arn:aws-cn:s3:::YOUR-CLOUDTRAIL-BUCKET/LOG-PREFIX/*"],{"Ref":"AWS::NoValue"}]}]}]}}]}}},"BillingPolicy":{"Type":"AWS::IAM::Policy","Condition":"PolicyBillingEnabled","Properties":{"PolicyName":"BillingPolicy","Roles":[{"Ref":"CloudAwareIamRole"}],"PolicyDocument":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["s3:GetBucketLocation","s3:ListAllMyBuckets"],"Resource":["arn:aws:s3:::*"]},{"Effect":"Allow","Action":["s3:ListBucket"],"Resource":["arn:aws:s3:::YOUR-BILLING-BUCKET"]},{"Effect":"Allow","Action":["s3:GetObject"],"Resource":["arn:aws:s3:::YOUR-BILLING-BUCKET/*"]}]}}},"CloudAwareMonitoringPolicy":{"Type":"AWS::IAM::Policy","Condition":"PolicyCloudAwareMonitoringEnabled","Properties":{"PolicyName":"CloudAwareMonitoringPolicy","Roles":[{"Ref":"CloudAwareIamRole"}],"PolicyDocument":{"Version":"2012-10-17","Statement":[{"Sid":"CaMonitoring","Effect":"Allow","Action":["ec2:DescribeInstances","cloudwatch:List*","cloudwatch:Get*"],"Resource":["*"]}]}}},"BackupsPolicy":{"Type":"AWS::IAM::Policy","Condition":"PolicyBackupsEnabled","Properties":{"PolicyName":"BackupsPolicy","Roles":[{"Ref":"CloudAwareIamRole"}],"PolicyDocument":{"Version":"2012-10-17","Statement":[{"Sid":"Ec2Backup","Effect":"Allow","Action":["ec2:DescribeInstances","ec2:DescribeImages","ec2:CreateImage","ec2:DeregisterImage","ec2:CopyImage","ec2:DescribeSnapshots","ec2:DeleteSnapshot","ec2:CreateTags","ec2:DeleteTags"],"Resource":["*"]},{"Sid":"RdsBackup","Effect":"Allow","Action":["rds:DescribeDBInstances","rds:DescribeDBSnapshots","rds:CreateDBSnapshot","rds:DeleteDBSnapshot","rds:ListTagsForResource","rds:AddTagsToResource","rds:RemoveTagsFromResource","rds:CreateDBClusterSnapshot","rds:DeleteDBClusterSnapshot","rds:DescribeDBClusterSnapshots"],"Resource":["*"]},{"Sid":"S3Backup","Effect":"Allow","Action":["s3:ListAllMyBuckets","s3:ListBucket","s3:GetBucketLocation","s3:GetBucketTagging","s3:PutBucketTagging"],"Resource":["*"]},{"Sid":"S3BackupWrite","Effect":"Allow","Action":["s3:PutObject","s3:DeleteObject"],"Resource":{"Fn::Join":["",["arn:",{"Ref":"AWS::Partition"},":s3:::",{"Ref":"S3BackupDestinationBucket"},"/*"]]}}]}}},"TaggingPolicy1":{"Type":"AWS::IAM::Policy","Condition":"PolicyTaggingEnabled","Properties":{"PolicyName":"TaggingPolicy1","Roles":[{"Ref":"CloudAwareIamRole"}],"PolicyDocument":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["ec2:CreateTags","ec2:DeleteTags","rds:AddTagsToResource","rds:RemoveTagsFromResource","iam:Tag*","iam:Untag*","s3:DeleteJobTagging","s3:DeleteObjectTagging","s3:DeleteObjectVersionTagging","s3:DeleteStorageLensConfigurationTagging","s3:PutBucketTagging","s3:PutJobTagging","s3:PutObjectTagging","s3:PutObjectVersionTagging","s3:PutStorageLensConfigurationTagging","s3:ReplicateTags","s3:TagResource","s3:UntagResource","sqs:TagQueue","sqs:UntagQueue","cloudfront:TagResource","cloudfront:UntagResource","elasticmapreduce:AddTags","elasticmapreduce:RemoveTags","elasticloadbalancing:AddTags","elasticloadbalancing:RemoveTags","sns:TagResource","sns:UntagResource","route53:ChangeTagsForResource","cloudwatch:TagResource","cloudwatch:UntagResource","autoscaling:CreateOrUpdateTags","autoscaling:DeleteTags","dynamodb:TagResource","dynamodb:UntagResource","redshift:CreateTags","redshift:DeleteTags","cloudtrail:AddTags","cloudtrail:RemoveTags","kinesis:AddTagsToStream","kinesis:RemoveTagsFromStream","kinesis:TagResource","kinesis:UntagResource","ecs:TagResource","ecs:UntagResource","lambda:TagResource","lambda:UntagResource","kms:TagResource","kms:UntagResource","elasticache:AddTagsToResource","elasticache:RemoveTagsFromResource","workspaces:CreateTags","workspaces:DeleteTags","opsworks:TagResource","opsworks:UntagResource","glue:TagResource","glue:UntagResource","organizations:TagResource","organizations:UntagResource","elasticfilesystem:CreateTags","elasticfilesystem:DeleteTags","elasticfilesystem:TagResource","elasticfilesystem:UntagResource","ecr:TagResource","ecr:UntagResource","dms:AddTagsToResource","dms:RemoveTagsFromResource","ssm:AddTagsToResource","ssm:RemoveTagsFromResource","transcribe:TagResource","transcribe:UntagResource","guardduty:TagResource","guardduty:UntagResource","events:TagResource","events:UntagResource","ram:TagResource","ram:UntagResource","sagemaker:AddTags","sagemaker:DeleteTags","kafka:TagResource","kafka:UntagResource","athena:TagResource","athena:UntagResource","shield:TagResource","shield:UntagResource","secretsmanager:TagResource","secretsmanager:UntagResource","route53domains:DeleteTagsForDomain","route53domains:UpdateTagsForDomain","fsx:TagResource","fsx:UntagResource","cloudhsm:TagResource","cloudhsm:UntagResource","codedeploy:AddTagsToOnPremisesInstances","codedeploy:RemoveTagsFromOnPremisesInstances","codedeploy:TagResource","codedeploy:UntagResource","datapipeline:AddTags","datapipeline:RemoveTags","cognito-idp:TagResource","cognito-idp:UntagResource","swf:TagResource","swf:UntagResource","acm:AddTagsToCertificate","acm:RemoveTagsFromCertificate","xray:TagResource","xray:UntagResource","eks:TagResource","eks:UntagResource","fms:TagResource","fms:UntagResource","ds:AddTagsToResource","ds:RemoveTagsFromResource","dax:TagResource","dax:UntagResource","logs:Tag*","logs:Untag*","firehose:TagDeliveryStream","firehose:UntagDeliveryStream","mq:CreateTags","mq:DeleteTags","es:AddTags","es:RemoveTags","cognito-identity:TagResource","cognito-identity:UntagResource","codepipeline:TagResource","codepipeline:UntagResource","servicediscovery:TagResource","servicediscovery:UntagResource","waf:TagResource","waf:UntagResource","appstream:TagResource","appstream:UntagResource","quicksight:TagResource","quicksight:UntagResource","wellarchitected:TagResource","wellarchitected:UntagResource","mediaconvert:TagResource","mediaconvert:UntagResource","directconnect:TagResource","directconnect:UntagResource","backup:TagResource","backup:UntagResource","appmesh:TagResource","appmesh:UntagResource","savingsplans:TagResource","savingsplans:UntagResource","access-analyzer:TagResource","access-analyzer:UntagResource","kendra:TagResource","kendra:UntagResource","wafv2:TagResource","wafv2:UntagResource","profile:TagResource","profile:UntagResource","bedrock:TagResource","bedrock:UntagResource","workspaces-instances:TagResource","workspaces-instances:UntagResource"],"Resource":["*"]}]}}},"InstanceSchedulerPolicy":{"Type":"AWS::IAM::Policy","Condition":"PolicyInstanceSchedulerEnabled","Properties":{"PolicyName":"InstanceSchedulerPolicy","Roles":[{"Ref":"CloudAwareIamRole"}],"PolicyDocument":{"Version":"2012-10-17","Statement":[{"Sid":"CaInstanceScheduler","Effect":"Allow","Action":["ec2:DescribeInstances","ec2:StartInstances","ec2:StopInstances","rds:DescribeDBInstances","rds:ListTagsForResource","rds:StartDBInstance","rds:StopDBInstance"],"Resource":["*"]}]}}},"ConfluxPolicy":{"Type":"AWS::IAM::Policy","Condition":"PolicyConfluxEnabled","Properties":{"PolicyName":"ConfluxPolicy","Roles":[{"Ref":"CloudAwareIamRole"}],"PolicyDocument":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["config:Describe*","config:List*","elasticloadbalancing:Describe*","firehose:Describe*","firehose:List*","cloudfront:Describe*","cloudfront:List*","cloudwatch:Describe*","cloudwatch:List*","logs:GetLogEvents","logs:FilterLogEvents","cloudtrail:Describe*","cloudtrail:List*","cloudtrail:GetTrailStatus","eks:Describe*","eks:List*","s3:GetBucketLocation","s3:ListAllMyBuckets","rds:Describe*","rds:DownloadDBLogFilePortion","rds:DownloadCompleteDBLogFile"],"Resource":["*"]},{"Effect":"Allow","Action":["s3:ListBucket"],"Resource":{"Fn::If":["PartitionAws",["arn:aws:s3:::YOUR-BUCKET"],{"Fn::If":["PartitionAwsUsGov",["arn:aws-us-gov:s3:::YOUR-BUCKET"],{"Fn::If":["PartitionAwsCn",["arn:aws-cn:s3:::YOUR-BUCKET"],{"Ref":"AWS::NoValue"}]}]}]}},{"Effect":"Allow","Action":["s3:GetObject"],"Resource":{"Fn::If":["PartitionAws",["arn:aws:s3:::YOUR-BUCKET/*"],{"Fn::If":["PartitionAwsUsGov",["arn:aws-us-gov:s3:::YOUR-BUCKET/*"],{"Fn::If":["PartitionAwsCn",["arn:aws-cn:s3:::YOUR-BUCKET/*"],{"Ref":"AWS::NoValue"}]}]}]}}]}}}},"Outputs":{"IamRoleArn":{"Value":{"Fn::GetAtt":["CloudAwareIamRole","Arn"]}}}}