Time-based access control

Summary of the IAM Policy Document

The IAM policy document outlined specifies a set of permissions that allow certain actions to be performed on various AWS services. These actions include describing, listing, getting statuses, tagging, and looking up events across services like ACM, CloudTrail, CloudWatch, Config, Detective, EC2, GuardDuty, IAM, Inspector, KMS, S3, Secrets Manager, SecurityHub, and Trusted Advisor.

• Effect: Allow - This policy allows the actions specified.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                    "acm:Describe*",
                    "acm:List*",
                    "cloudtrail:Describe*",
                    "cloudtrail:Get*",
                    "cloudtrail:GetTrailStatus",
                    "cloudtrail:ListTags",
                    "cloudtrail:LookupEvents",
                    "cloudwatch:Describe*",
                    "cloudwatch:ListTagsForResource",
                    "config:BatchGetAggregateResourceConfig",
                    "config:BatchGetResourceConfig",
                    "config:Deliver*",
                    "config:Describe*",
                    "config:Get*",
                    "config:List*",
                    "detective:GetGraphIngestState",
                    "detective:ListGraphs",
                    "detective:ListMembers",
                    "ec2:Describe*",
                    "ec2:Get*",
                    "guardduty:DescribePublishingDestination",
                    "guardduty:Get*",
                    "guardduty:List*",
                    "iam:GenerateCredentialReport",
                    "iam:GenerateServiceLastAccessedDetails",
                    "iam:Get*",
                    "iam:List*",
                    "inspector:Describe*",
                    "kms:Describe*",
                    "kms:Get*",
                    "kms:List*",
                    "s3:Get*",
                    "s3:List*",
                    "secretsmanager:DescribeSecret",
                    "secretsmanager:GetResourcePolicy",
                    "secretsmanager:List*",
                    "securityhub:Describe*",
                    "securityhub:Get*",
                    "securityhub:List*",
                    "trustedadvisor:Describe*"
            ],
            "Resource": "*",
            "Condition": {
                "DateGreaterThan": {
                    "aws:CurrentTime": "2024-07-26T00:00:00Z"
                },
                "DateLessThan": {
                    "aws:CurrentTime": "2024-07-27T23:59:59Z"
                }
            }
        }
    ]
}