{
  "Statement": [
    {
      "Action": [
        "ec2:DescribeInstances",
        "ec2:DescribeRegions"
      ],
      "Effect": "Allow",
      "Resource": [
        "*"
      ]
    },
    {
      "Action": "autoscaling:DescribeAutoScalingInstances",
      "Effect": "Allow",
      "Resource": [
        "*"
      ]
    },
    {
      "Action": [
        "s3:Get*"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::kops-tests/iam-builder-test.k8s.local/addons/*",
        "arn:aws:s3:::kops-tests/iam-builder-test.k8s.local/cluster.spec",
        "arn:aws:s3:::kops-tests/iam-builder-test.k8s.local/config",
        "arn:aws:s3:::kops-tests/iam-builder-test.k8s.local/igconfig/node/*",
        "arn:aws:s3:::kops-tests/iam-builder-test.k8s.local/instancegroup/*",
        "arn:aws:s3:::kops-tests/iam-builder-test.k8s.local/pki/issued/*",
        "arn:aws:s3:::kops-tests/iam-builder-test.k8s.local/pki/private/kube-proxy/*",
        "arn:aws:s3:::kops-tests/iam-builder-test.k8s.local/pki/private/kubelet/*",
        "arn:aws:s3:::kops-tests/iam-builder-test.k8s.local/pki/ssh/*",
        "arn:aws:s3:::kops-tests/iam-builder-test.k8s.local/secrets/dockerconfig"
      ]
    },
    {
      "Action": [
        "s3:GetBucketLocation",
        "s3:GetEncryptionConfiguration",
        "s3:ListBucket",
        "s3:ListBucketVersions"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::kops-tests"
      ]
    },
    {
      "Action": [
        "ecr:GetAuthorizationToken",
        "ecr:BatchCheckLayerAvailability",
        "ecr:GetDownloadUrlForLayer",
        "ecr:GetRepositoryPolicy",
        "ecr:DescribeRepositories",
        "ecr:ListImages",
        "ecr:BatchGetImage"
      ],
      "Effect": "Allow",
      "Resource": [
        "*"
      ]
    }
  ],
  "Version": "2012-10-17"
}