Config Integration - Additional IAM Policy

This policy contains the permissions needed to integrate AWS Config with Ylastic.

If you are using the Ylastic Administrator user, you do NOT need this additional policy. This policy is only required if you are using the Ylastic Read only user.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "config:DeliverConfigSnapshot",
        "config:DescribeConfigurationRecorders",
        "config:DescribeDeliveryChannelStatus",
        "config:DescribeDeliveryChannels",
        "config:GetResourceConfigHistory",
        "config:GetResources",
        "config:ListDiscoveredResources",
        "config:PutConfigurationRecorder",
        "config:PutDeliveryChannel",
        "config:StopConfigurationRecorder",
        "config:DeleteDeliveryChannel",
        "config:StartConfigurationRecorder",
        "iam:AttachRolePolicy",
        "iam:CreateRole",
        "iam:PassRole",
        "iam:PutRolePolicy",
        "s3:GetBucketLocation",
        "s3:GetObject",
        "s3:ListBucket",
        "s3:ListObjects",
        "s3:PutBucketPolicy",
        "sns:AddPermission",
        "sns:ConfirmSubscription",
        "sns:CreateTopic",
        "sns:DeleteTopic",
        "sns:ListSubscriptions",
        "sns:ListTopics",
        "sns:Subscribe",
        "sns:Unsubscribe",
        "sts:DecodeAuthorizationMessage"
      ],
      "Resource": "*"
    }
  ]
}