policy.json

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "Backup/CreateBackupPlan",
                "Backup/CreateBackupSelection",
                "Backup/CreateBackupVault",
                "Backup/DescribeBackupVault",
                "Backup/GetBackupPlan",
                "Backup/GetBackupSelection",
                "Backup/ListTags",
                "ec2/AllocateAddress",
                "ec2/AssociateRouteTable",
                "ec2/AttachInternetGateway",
                "ec2/AuthorizeSecurityGroupEgress",
                "ec2/AuthorizeSecurityGroupIngress",
                "ec2/CreateFlowLogs",
                "ec2/CreateInternetGateway",
                "ec2/CreateNatGateway",
                "ec2/CreateRoute",
                "ec2/CreateRouteTable",
                "ec2/CreateSecurityGroup",
                "ec2/CreateSubnet",
                "ec2/CreateTags",
                "ec2/DescribeAccountAttributes",
                "ec2/DescribeAddresses",
                "ec2/DescribeAvailabilityZones",
                "ec2/DescribeFlowLogs",
                "ec2/DescribeImages",
                "ec2/DescribeInstanceAttribute",
                "ec2/DescribeInstanceCreditSpecifications",
                "ec2/DescribeInstances",
                "ec2/DescribeInternetGateways",
                "ec2/DescribeNatGateways",
                "ec2/DescribeNetworkAcls",
                "ec2/DescribeRouteTables",
                "ec2/DescribeSecurityGroups",
                "ec2/DescribeSubnets",
                "ec2/DescribeTags",
                "ec2/DescribeVolumes",
                "ec2/DescribeVpcAttribute",
                "ec2/DescribeVpcClassicLink",
                "ec2/DescribeVpcClassicLinkDnsSupport",
                "ec2/DescribeVpcs",
                "ec2/ModifySubnetAttribute",
                "ec2/RevokeSecurityGroupEgress",
                "ec2/RunInstances",
                "eks/CreateAddon",
                "eks/CreateCluster",
                "eks/CreateNodegroup",
                "eks/DescribeAddon",
                "eks/DescribeCluster",
                "eks/DescribeNodegroup",
                "iam/AddRoleToInstanceProfile",
                "iam/AttachRolePolicy",
                "iam/CreateInstanceProfile",
                "iam/CreateOpenIDConnectProvider",
                "iam/CreatePolicy",
                "iam/CreateRole",
                "iam/GetInstanceProfile",
                "iam/GetOpenIDConnectProvider",
                "iam/GetPolicy",
                "iam/GetPolicyVersion",
                "iam/GetRole",
                "iam/ListAttachedRolePolicies",
                "iam/ListRolePolicies",
                "iam/TagInstanceProfile",
                "kms/CreateAlias",
                "kms/CreateKey",
                "kms/DescribeKey",
                "kms/EnableKeyRotation",
                "kms/GetKeyPolicy",
                "kms/GetKeyRotationStatus",
                "kms/ListAliases",
                "kms/ListResourceTags",
                "logs/CreateLogGroup",
                "logs/DescribeLogGroups",
                "logs/ListTagsLogGroup",
                "logs/PutRetentionPolicy",
                "rds/CreateDBInstance",
                "rds/DescribeDBInstances",
                "rds/DescribeDBSubnetGroups",
                "rds/ListTagsForResource",
                "s3/CreateBucket",
                "s3/GetBucketAccelerateConfiguration",
                "s3/GetBucketAcl",
                "s3/GetBucketCors",
                "s3/GetBucketEncryption",
                "s3/GetBucketLifecycleConfiguration",
                "s3/GetBucketLogging",
                "s3/GetBucketPolicy",
                "s3/GetBucketReplication",
                "s3/GetBucketRequestPayment",
                "s3/GetBucketTagging",
                "s3/GetBucketVersioning",
                "s3/GetBucketWebsite",
                "s3/GetObjectLockConfiguration",
                "s3/GetPublicAccessBlock",
                "s3/HeadBucket",
                "s3/PutBucketAcl",
                "s3/PutBucketEncryption",
                "s3/PutBucketLogging",
                "s3/PutBucketTagging",
                "s3/PutBucketVersioning",
                "s3/PutPublicAccessBlock",
                "secretsmanager/DescribeSecret",
                "secretsmanager/GetResourcePolicy",
                "secretsmanager/GetSecretValue",
                "sts/GetCallerIdentity"

            ],
            "Resource": "*"
        }
    ]
}