docs: scope down recommended inline policy (#48) (#415)

aws · Sep 28, 2023 · 17825d0 · 17825d0
1 parent 19e2299
commit 17825d0
Showing 1 changed file with 20 additions and 1 deletion.
diff --git a/examples/recommended-inline-policy.json b/examples/recommended-inline-policy.json
@@ -5,12 +5,31 @@
             "Effect": "Allow",
             "Action": [
                 "vpc-lattice:*",
-                "iam:CreateServiceLinkedRole",
                 "ec2:DescribeVpcs",
                 "ec2:DescribeSubnets",
                 "ec2:DescribeTags"
             ],
             "Resource": "*"
+        },
+        {
+            "Effect" : "Allow",
+            "Action" : "iam:CreateServiceLinkedRole",
+            "Resource" : "arn:aws:iam::*:role/aws-service-role/vpc-lattice.amazonaws.com/AWSServiceRoleForVpcLattice",
+            "Condition" : {
+                "StringLike" : {
+                    "iam:AWSServiceName" : "vpc-lattice.amazonaws.com"
+                }
+            }
+        },
+        {
+            "Effect" : "Allow",
+            "Action" : "iam:CreateServiceLinkedRole",
+            "Resource" : "arn:aws:iam::*:role/aws-service-role/delivery.logs.amazonaws.com/AWSServiceRoleForLogDelivery",
+            "Condition" : {
+                "StringLike" : {
+                    "iam:AWSServiceName" : "delivery.logs.amazonaws.com"
+                }
+            }
         }
     ]
 }