Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Update permissions for network resource tagging

...

Code Block
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "BplmS3TaggingWkspStorageCostPolicy",
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketTagging",
                "s3:PutBucketTagging"
            ],
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Sid": "BplmNatGatewayTaggingPolicy",
            "Effect": "Allow",
            "Action": [
                "ec2:DeleteTags",
                "ec2:CreateTags"
            ],
            "Resource": [
              "arn:aws:ec2:*:<Databricks_Wksp_AWS_Account_Id>:natgateway/*",
              "arn:aws:ec2:*:<Databricks_Wksp_AWS_Account_Id>:natgateway/*",
              "arn:aws:ec2:*:<Databricks_Wksp_AWS_Account_Id>:vpc/*",
              "arn:aws:ec2:*:<Databricks_Wksp_AWS_Account_Id>:internet-gateway/*",
              "arn:aws:ec2:*:<Databricks_Wksp_AWS_Account_Id>:elastic-ip/*",
              "arn:aws:ec2:*:<Databricks_Wksp_AWS_Account_Id>:route-table/*",
              "arn:aws:ec2:*:<Databricks_Wksp_AWS_Account_Id>:vpc-endpoint/*"
            ]
        },
        {
            "Sid": "BplmNatGatewayVpcsTaggingPolicy",
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeVpcs",
                "ec2:DescribeNatGateways",
                "ec2:DescribeVpcEndpoints",
                "ec2:DescribeAddresses",
                "ec2:DescribeInternetGateways",
                "ec2:DescribeRouteTables"
            ],
            "Resource": "*"
        }
    ]
}

...