{
  "Statement": [
    {
      "Action": [
        "access-analyzer:Get*",
        "access-analyzer:List*",
        "autoscaling:Describe*",
        "cloudformation:DescribeStack*",
        "cloudformation:GetTemplate",
        "cloudformation:ListStack*",
        "cloudfront:Get*",
        "cloudfront:List*",
        "cloudwatch:Describe*",
        "config:DeliverConfigSnapshot",
        "config:Describe*",
        "config:Get*",
        "config:ListDiscoveredResources",
        "cur:DescribeReportDefinitions",
        "directconnect:Describe*",
        "dynamodb:ListTables",
        "ec2:Describe*",
        "ec2:GetLaunchTemplateData",
        "ecs:Describe*",
        "ecs:List*",
        "elasticbeanstalk:Describe*",
        "elasticache:Describe*",
        "elasticfilesystem:DescribeFileSystems",
        "elasticloadbalancing:Describe*",
        "elasticmapreduce:DescribeJobFlows",
        "events:Describe*",
        "events:List*",
        "glacier:ListVaults",
        "guardduty:Get*",
        "guardduty:List*",
        "kinesis:Describe*",
        "kinesis:List*",
        "kms:DescribeKey",
        "kms:GetKeyPolicy",
        "kms:GetKeyRotationStatus",
        "kms:ListAliases",
        "kms:ListGrants",
        "kms:ListKeys",
        "kms:ListKeyPolicies",
        "kms:ListResourceTags",
        "lambda:List*",
        "logs:Describe*",
        "rds:Describe*",
        "rds:ListTagsForResource",
        "redshift:Describe*",
        "route53:GetHostedZone",
        "route53:ListHostedZones",
        "route53:ListResourceRecordSets",
        "sdb:DomainMetadata",
        "sdb:ListDomains",
        "securityhub:DescribeHub",
        "sns:ListSubscriptions",
        "sns:ListSubscriptionsByTopic",
        "sns:ListTopics",
        "sns:GetEndpointAttributes",
        "sns:GetSubscriptionAttributes",
        "sns:GetTopicAttributes",
        "s3:ListAllMyBuckets",
        "s3:ListBucket",
        "s3:GetBucketLocation",
        "s3:GetObject",
        "s3:GetBucket*",
        "s3:GetEncryptionConfiguration",
        "s3:GetLifecycleConfiguration",
        "s3:GetObjectAcl",
        "s3:GetObjectVersionAcl",
        "tag:GetResources",
        "tag:GetTagKeys",
        "workspaces:Describe*",
        "workspaces:List*"
      ],
      "Effect": "Allow",
      "Resource": "*",
      "Sid": "EnabledDiscoveryOfVariousAWSServices"
    },
    {
      "Action": [
        "iam:Get*",
        "iam:List*",
        "iam:GenerateCredentialReport"
      ],
      "Effect": "Allow",
      "Resource": "*",
      "Sid": "EnableInsightDiscovery"
    },
    {
      "Action": [
        "cloudtrail:DescribeTrails",
        "cloudtrail:GetEventSelectors",
        "cloudtrail:GetTrailStatus",
        "cloudtrail:ListPublicKeys",
        "cloudtrail:ListTags",
        "cloudtrail:LookupEvents",
        "cloudtrail:StartLogging",
        "cloudtrail:UpdateTrail"
      ],
      "Effect": "Allow",
      "Resource": "*",
      "Sid": "EnableCloudTrailIfAccountDoesntHaveCloudTrailsEnabled"
    },
    {
      "Action": [
        "s3:CreateBucket",
        "s3:PutBucketPolicy",
        "s3:DeleteBucket"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::outcomesbucket-*",
      "Sid": "CreateCloudTrailS3BucketIfCloudTrailsAreBeingSetupByAlertLogic"
    },
    {
      "Action": [
        "sns:CreateTopic",
        "sns:DeleteTopic"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:sns:*:*:outcomestopic",
      "Sid": "CreateCloudTrailsTopicTfOneWasntAlreadySetupForCloudTrails"
    },
    {
      "Action": [
        "sns:AddPermission",
        "sns:GetTopicAttributes",
        "sns:ListTopics",
        "sns:SetTopicAttributes",
        "sns:Subscribe"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:sns:*:*:*",
      "Sid": "MakeSureThatCloudTrailsSnsTopicIsSetupCorrectlyForCloudTrailPublishingAndSqsSubsription"
    },
    {
      "Action": [
        "sqs:CreateQueue",
        "sqs:DeleteQueue",
        "sqs:SetQueueAttributes",
        "sqs:GetQueueAttributes",
        "sqs:ReceiveMessage",
        "sqs:DeleteMessage",
        "sqs:GetQueueUrl"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:sqs:*:*:outcomesbucket*",
      "Sid": "CreateAlertLogicSqsQueueToSubscribeToCloudTrailsSnsTopicNotifications"
    },
    {
      "Action": [
        "sqs:ListQueues"
      ],
      "Effect": "Allow",
      "Resource": "*",
      "Sid": "BeAbleToListSQSForCloudTrail"
    },
    {
      "Action": [
        "ec2:GetConsoleOutput",
        "ec2:GetConsoleScreenShot",
        "ec2:StartInstances",
        "ec2:StopInstances",
        "ec2:TerminateInstances"
      ],
      "Condition": {
        "StringEquals": {
          "ec2:ResourceTag/AlertLogic": "Security"
        }
      },
      "Effect": "Allow",
      "Resource": "arn:aws:ec2:*:*:instance/*",
      "Sid": "EnableAlertLogicApplianceStateManagement"
    },
    {
      "Action": [
        "autoscaling:UpdateAutoScalingGroup"
      ],
      "Condition": {
        "StringEquals": {
          "aws:ResourceTag/AlertLogic": "Security"
        }
      },
      "Effect": "Allow",
      "Resource": "arn:aws:autoscaling:*:*:autoScalingGroup:*:autoScalingGroupName/*",
      "Sid": "EnableAlertLogicAutoScalingGroupManagement"
    },
    {
      "Sid": "EnableAlertLogicLaunchTemplateVersionManagement",
      "Effect": "Allow",
      "Resource": "*",
      "Action": [
        "ec2:ModifyLaunchTemplate",
        "ec2:CreateLaunchTemplateVersion",
        "ec2:DeleteLaunchTemplateVersions"
      ],
      "Condition": {
        "StringEquals": {
          "ec2:ResourceTag/AlertLogic": "Security"
        }
      }
    }
  ],
  "Version": "2012-10-17"
}