To enable Cloudforms to connect to the AWS provider you need to following policies:
- AmazonEC2FullAccess
- AWSConfigUserAccess
- IAMReadOnlyAccess
- IAMUserSSHKeys
- AWSCloudFormationReadOnlyAccess
As well as two custom policies
CFMESNS
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sns:*"
],
"Resource": "arn:aws:sns:us-east-1:${AWS-ACCT_ID}:AWSConfig_topic"
}
]
}
CFMESQS
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sqs:*"
],
"Resource": "arn:aws:sqs:us-east-1:${AWS-ACCT_ID}:manageiq-awsconfig-queue*"
}
]
}