{ "Version": "2012-10-17", "Statement": [ { "Action": [ "account:Get*", "appstream:Describe*", "appstream:List*", "backup:List*", "backup:Get*", "bedrock:List*", "bedrock:Get*", "cloudtrail:GetInsightSelectors", "codeartifact:List*", "codebuild:BatchGet*", "codebuild:ListReportGroups", "cognito-idp:GetUserPoolMfaConfig", "dlm:Get*", "drs:Describe*", "ds:Get*", "ds:Describe*", "ds:List*", "dynamodb:GetResourcePolicy", "ec2:GetEbsEncryptionByDefault", "ec2:GetSnapshotBlockPublicAccessState", "ec2:GetInstanceMetadataDefaults", "ecr:Describe*", "ecr:GetRegistryScanningConfiguration", "elasticfilesystem:DescribeBackupPolicy", "glue:GetConnections", "glue:GetSecurityConfiguration*", "glue:SearchTables", "glue:GetMLTransforms", "lambda:GetFunction*", "logs:FilterLogEvents", "lightsail:GetRelationalDatabases", "macie2:GetMacieSession", "macie2:GetAutomatedDiscoveryConfiguration", "rolesanywhere:ListTagsForResource", "rolesanywhere:ListTrustAnchors", "s3:GetAccountPublicAccessBlock", "s3:GetObjectAcl", "s3:ListBucket", "shield:DescribeProtection", "shield:GetSubscriptionState", "securityhub:BatchImportFindings", "securityhub:GetFindings", "servicecatalog:Describe*", "servicecatalog:List*", "ssm:GetDocument", "ssm-incidents:List*", "states:ListTagsForResource", "support:Describe*", "tag:GetTagKeys", "wellarchitected:List*" ], "Resource": "*", "Effect": "Allow", "Sid": "AllowMoreReadOnly" }, { "Effect": "Allow", "Action": [ "apigateway:GET" ], "Resource": [ "arn:*:apigateway:*::/restapis/*", "arn:*:apigateway:*::/apis/*", "arn:*:apigateway:*::/domainnames", "arn:*:apigateway:*::/domainnames/*" ], "Sid": "AllowAPIGatewayReadOnly" } ] }