{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "ServicePermissions0",
			"Effect": "Allow",
			"Action": [
				"autoscaling:DescribeAutoScalingGroups",
				"autoscaling:DescribeLaunchConfigurations",
				"autoscaling:DescribeNotificationConfigurations",
				"cloudfront:GetDistribution",
				"cloudfront:ListDistributions",
				"cloudtrail:DescribeTrails",
				"cloudtrail:GetEventSelectors",
				"cloudtrail:GetTrailStatus",
				"cloudtrail:ListTags",
				"cloudtrail:LookupEvents",
				"cloudwatch:DescribeAlarms",
				"codebuild:BatchGetProjects",
				"codebuild:ListProjects",
				"config:DescribeComplianceByConfigRule",
				"config:DescribeConfigRules",
				"config:DescribeConfigurationRecorders",
				"config:DescribeConfigurationRecorderStatus",
				"config:DescribeDeliveryChannels",
				"config:GetComplianceDetailsByConfigRule",
				"config:GetDiscoveredResourceCounts",
				"dax:DescribeClusters",
				"dynamodb:DescribeContinuousBackups",
				"dynamodb:DescribeTable",
				"dynamodb:ListBackups",
				"dynamodb:ListTables",
				"dynamodb:ListTagsOfResource",
				"ec2:DescribeAccountAttributes",
				"ec2:DescribeAddresses",
				"ec2:DescribeAvailabilityZones",
				"ec2:DescribeCustomerGateways",
				"ec2:DescribeDhcpOptions",
				"ec2:DescribeEgressOnlyInternetGateways",
				"ec2:DescribeImages",
				"ec2:DescribeInstances",
				"ec2:DescribeInstanceStatus",
				"ec2:DescribeInternetGateways",
				"ec2:DescribeFlowLogs",
				"ec2:DescribeKeyPairs",
				"ec2:DescribeLaunchTemplates",
				"ec2:DescribeManagedPrefixLists",
				"ec2:DescribeNatGateways",
				"ec2:DescribeNetworkAcls",
				"ec2:DescribeNetworkInterfaces",
				"ec2:DescribeRegions",
				"ec2:DescribeRouteTables",
				"ec2:DescribeSecurityGroupRules",
				"ec2:DescribeSecurityGroups",
				"ec2:DescribeSnapshotAttribute",
				"ec2:DescribeSnapshots",
				"ec2:DescribeSubnets",
				"ec2:DescribeVolumes",
				"ec2:DescribeVpcEndpoints",
				"ec2:DescribeVpcEndpointServicePermissions",
				"ec2:DescribeVpcEndpointServices",
				"ec2:DescribeVpcPeeringConnections",
				"ec2:DescribeVpcs",
				"ec2:DescribeVpnConnections",
				"ec2:DescribeVpnGateways",
				"ec2:GetEbsEncryptionByDefault",
				"ec2:GetManagedPrefixListEntries",
				"elasticache:DescribeCacheClusters",
				"elasticache:DescribeCacheSubnetGroups",
				"elasticache:DescribeReplicationGroups",
				"elasticache:DescribeReservedCacheNodes",
				"elasticache:DescribeSnapshots",
				"elasticache:ListTagsForResource",
				"elasticbeanstalk:DescribeApplications",
				"elasticbeanstalk:DescribeConfigurationSettings",
				"elasticbeanstalk:DescribeEnvironments",
				"elasticfilesystem:DescribeBackupPolicy",
				"elasticfilesystem:DescribeFileSystems",
				"elasticloadbalancing:DescribeListeners",
				"elasticloadbalancing:DescribeLoadBalancerAttributes",
				"elasticloadbalancing:DescribeLoadBalancerPolicies",
				"elasticloadbalancing:DescribeLoadBalancers",
				"elasticloadbalancing:DescribeTags",
				"elasticloadbalancing:DescribeTargetGroupAttributes",
				"elasticloadbalancing:DescribeTargetGroups",
				"elasticloadbalancing:DescribeTargetHealth",
				"iam:GenerateCredentialReport",
				"iam:GetAccountPasswordPolicy",
				"iam:GetCredentialReport",
				"iam:GetGroup",
				"iam:GetGroupPolicy",
				"iam:GetPolicyVersion",
				"iam:GetRole",
				"iam:GetRolePolicy",
				"iam:GetUserPolicy",
				"iam:ListAttachedGroupPolicies",
				"iam:ListAttachedRolePolicies",
				"iam:ListAttachedUserPolicies",
				"iam:ListGroupPolicies",
				"iam:ListGroups",
				"iam:ListPolicies",
				"iam:ListRolePolicies",
				"iam:ListRoles",
				"iam:ListRoleTags",
				"iam:ListServerCertificates",
				"iam:ListSSHPublicKeys",
				"iam:ListUserPolicies",
				"iam:ListUsers",
				"iam:ListUserTags",
				"iam:ListVirtualMFADevices",
				"kms:DescribeKey",
				"kms:GetKeyPolicy",
				"kms:GetKeyRotationStatus",
				"kms:ListAliases",
				"kms:ListGrants",
				"kms:ListKeys",
				"kms:ListResourceTags",
				"lambda:GetPolicy",
				"lambda:ListFunctions",
				"lambda:ListFunctionUrlConfigs",
				"lambda:ListTags",
				"logs:DescribeLogGroups",
				"logs:DescribeLogStreams",
				"logs:GetLogEvents",
				"logs:Unmask",
				"logs:DescribeMetricFilters",
				"memorydb:DescribeClusters",
				"memorydb:DescribeSubnetGroups",
				"rds:DescribeDBClusterParameterGroups",
				"rds:DescribeDBClusterParameters",
				"rds:DescribeDBClusters",
				"rds:DescribeDBEngineVersions",
				"rds:DescribeDBInstances",
				"rds:DescribeDBParameterGroups",
				"rds:DescribeDBParameters",
				"rds:DescribeDBSnapshotAttributes",
				"rds:DescribeDBSnapshots",
				"rds:DescribeEventSubscriptions",
				"route53:ListHostedZones",
				"route53:ListResourceRecordSets",
				"route53domains:GetDomainDetail",
				"route53domains:ListDomains",
				"s3:GetAccelerateConfiguration",
				"s3:GetAccountPublicAccessBlock",
				"s3:GetBucketAcl",
				"s3:GetBucketLocation",
				"s3:GetBucketLogging",
				"s3:GetBucketObjectLockConfiguration",
				"s3:GetBucketOwnershipControls",
				"s3:GetBucketPolicy",
				"s3:GetBucketPolicyStatus",
				"s3:GetBucketPublicAccessBlock",
				"s3:GetBucketTagging",
				"s3:GetBucketVersioning",
				"s3:GetBucketWebsite",
				"s3:GetEncryptionConfiguration",
				"s3:GetLifecycleConfiguration",
				"s3:GetObject",
				"s3:GetObjectAcl",
				"s3:GetObjectVersion",
				"s3:GetObjectVersionAcl",
				"s3:ListAllMyBuckets",
				"s3:ListBucket",
				"sns:GetTopicAttributes",
				"sns:ListSubscriptions",
				"sns:ListTagsForResource",
				"sns:ListTopics",
				"sqs:GetQueueAttributes",
				"sqs:ListQueues",
				"waf-regional:ListResourcesForWebACL",
				"waf-regional:ListWebACLs",
				"waf:ListWebACLs",
				"wafv2:GetWebACL",
				"wafv2:ListResourcesForWebACL",
				"wafv2:ListWebACLs"
			],
			"Resource": "*"
		}
	]
}