{ "Version": "2012-10-17", "Statement": [ { "Action": [ "lambda:ListLayerVersions", "lambda:GetLayerVersion", "lambda:PublishLayerVersion" ], "Effect": "Allow", "Resource": "arn:${data_aws_partition_current_partition}:lambda:${aws_region}:${account_id}:layer:${layer_name}:*" }, { "Effect": "Allow", "Resource": [ "*" ], "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents", "events:DisableRule" ] }, { "Action": [ "codebuild:StartBuild", "codebuild:StopBuild", "codebuild:BatchGet*", "codebuild:Get*", "codebuild:List*", "codecommit:GetBranch", "codecommit:GetCommit", "codecommit:GetRepository", "codecommit:ListBranches" ], "Effect": "Allow", "Resource": "*" }, { "Effect": "Allow", "Action": [ "s3:*" ], "Resource": [ "arn:${data_aws_partition_current_partition}:s3:::${s3_bucket_name}", "arn:${data_aws_partition_current_partition}:s3:::${s3_bucket_name}/*" ] }, { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface", "ec2:DescribeDhcpOptions", "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:DescribeVpcs" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterfacePermission" ], "Resource": [ "arn:${data_aws_partition_current_partition}:ec2:${aws_region}:${account_id}:network-interface/*" ] }, { "Effect": "Allow", "Action": [ "ssm:GetParameters", "ssm:GetParameter" ], "Resource": [ "arn:${data_aws_partition_current_partition}:ssm:${aws_region}:${account_id}:parameter/aft/*" ] }, { "Effect": "Allow", "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "${data_aws_kms_alias_aft_key_target_key_arn}" } ] }