Fortinet black logo

Online Help

Reference - Role Policy in CloudFormation

Copy Link
Copy Doc ID e4328cd7-f48b-11eb-97f7-00505692583a:824452

Reference - Role Policy in CloudFormation

There are two sets of roles created in the stack creation through CloudFormation. Here are the policy references associated with the two roles created:

forticwp_container_protection_permission policy

"iam:UpdateAssumeRolePolicy",

"iam:GetPolicyVersion",

"ec2:DescribeInstances",

"eks:DescribeFargateProfile",

"ecr:ListTagsForResource",

"iam:AttachRolePolicy",

"iam:PutRolePolicy",

"ecr:ListImages",

"elasticloadbalancing:DescribeLoadBalancers",

"eks:DescribeNodegroup",

"ecr:DescribeRepositories",

“iam:ListRolePolicies",

"iam:ListPolicies",

"iam:GetRole",

"eks:ListNodegroups",

"cloudformation:ListStacks",

"iam:GetPolicy",

"ecr:DescribeRegistry",

"iam:ListRoles",

"ec2:DescribeSecurityGroups",

"ecr:PutImage",

"cloudformation:DescribeStacks",

"eks:ListFargateProfiles",

"iam:ListPolicyVersions"

"ec2:DescribeVpcs",

"ecr:BatchGetImage",

"ecr:DescribeImages",

"eks:DescribeCluster",

"iam:GetRolePolicy",

"elasticloadbalancing:DescribeListeners",

"autoscaling:DescribeAutoScalingGroups",

"iam:ListAttachedRolePolicies",

"elasticloadbalancing:DescribeTargetHealth",

"ec2:DescribeRouteTables"

forticwp_aws_self_managed_autodeployment policy

"cloudwatch:PutMetricData",

"ds:CreateComputer",

"ds:DescribeDirectories",

"ec2:DescribeInstanceStatus",

"logs:*",

"ssm:DescribeAssociation",

"ssm:GetDeployablePatchSnapshotForInstance",

"ssm:GetDocument",

"ssm:DescribeDocument",

"ssm:GetManifest",

"ssm:GetParameter",

"ssm:GetParameters",

"ssm:ListAssociations",

"ssm:ListInstanceAssociations",

"ssm:PutInventory",

"ssm:PutComplianceItems",

“ssm:PutConfigurePackageResult",

"ssm:UpdateAssociationStatus",

"ssm:UpdateInstanceAssociationStatus",

“ssm:UpdateInstanceInformation",

"ssmmessages:CreateControlChannel",

"ssmmessages:CreateDataChannel",

"ssmmessages:OpenControlChannel",

"ssmmessages:OpenDataChannel",

"ec2messages:AcknowledgeMessage",

"ec2messages:DeleteMessage",

"ec2messages:FailMessage",

"ec2messages:GetEndpoint",

"ec2messages:GetMessages",

"ec2messages:SendReply",

"ssm:GetCommandInvocation",

"ssm:GetConnectionStatus",

"ssm:ListCommandInvocations",

"ssm:ListCommands"

Reference - Role Policy in CloudFormation

There are two sets of roles created in the stack creation through CloudFormation. Here are the policy references associated with the two roles created:

forticwp_container_protection_permission policy

"iam:UpdateAssumeRolePolicy",

"iam:GetPolicyVersion",

"ec2:DescribeInstances",

"eks:DescribeFargateProfile",

"ecr:ListTagsForResource",

"iam:AttachRolePolicy",

"iam:PutRolePolicy",

"ecr:ListImages",

"elasticloadbalancing:DescribeLoadBalancers",

"eks:DescribeNodegroup",

"ecr:DescribeRepositories",

“iam:ListRolePolicies",

"iam:ListPolicies",

"iam:GetRole",

"eks:ListNodegroups",

"cloudformation:ListStacks",

"iam:GetPolicy",

"ecr:DescribeRegistry",

"iam:ListRoles",

"ec2:DescribeSecurityGroups",

"ecr:PutImage",

"cloudformation:DescribeStacks",

"eks:ListFargateProfiles",

"iam:ListPolicyVersions"

"ec2:DescribeVpcs",

"ecr:BatchGetImage",

"ecr:DescribeImages",

"eks:DescribeCluster",

"iam:GetRolePolicy",

"elasticloadbalancing:DescribeListeners",

"autoscaling:DescribeAutoScalingGroups",

"iam:ListAttachedRolePolicies",

"elasticloadbalancing:DescribeTargetHealth",

"ec2:DescribeRouteTables"

forticwp_aws_self_managed_autodeployment policy

"cloudwatch:PutMetricData",

"ds:CreateComputer",

"ds:DescribeDirectories",

"ec2:DescribeInstanceStatus",

"logs:*",

"ssm:DescribeAssociation",

"ssm:GetDeployablePatchSnapshotForInstance",

"ssm:GetDocument",

"ssm:DescribeDocument",

"ssm:GetManifest",

"ssm:GetParameter",

"ssm:GetParameters",

"ssm:ListAssociations",

"ssm:ListInstanceAssociations",

"ssm:PutInventory",

"ssm:PutComplianceItems",

“ssm:PutConfigurePackageResult",

"ssm:UpdateAssociationStatus",

"ssm:UpdateInstanceAssociationStatus",

“ssm:UpdateInstanceInformation",

"ssmmessages:CreateControlChannel",

"ssmmessages:CreateDataChannel",

"ssmmessages:OpenControlChannel",

"ssmmessages:OpenDataChannel",

"ec2messages:AcknowledgeMessage",

"ec2messages:DeleteMessage",

"ec2messages:FailMessage",

"ec2messages:GetEndpoint",

"ec2messages:GetMessages",

"ec2messages:SendReply",

"ssm:GetCommandInvocation",

"ssm:GetConnectionStatus",

"ssm:ListCommandInvocations",

"ssm:ListCommands"