{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "acm:DescribeCertificate",
                "apigateway:GET",
                "ec2:DescribeLaunchTemplates",
                "eks:DescribeCluster",
                "eks:ListClusters",
                "elasticfilesystem:DescribeMountTargetSecurityGroups",
                "elasticfilesystem:DescribeMountTargets",
                "elasticmapreduce:DescribeCluster",
                "elasticmapreduce:DescribeSecurityConfiguration",
                "events:DescribeRule",
                "fms:ListComplianceStatus",
                "fms:ListPolicies",
                "guardduty:ListDetectors",
                "guardduty:ListFindings",
                "guardduty:ListIPSets",
                "guardduty:ListInvitations",
                "guardduty:ListMembers",
                "guardduty:ListThreatIntelSets",
                "iam:GetSSHPublicKey",
                "inspector:DescribeAssessmentRuns",
                "inspector:DescribeAssessmentTargets",
                "inspector:DescribeAssessmentTemplates",
                "inspector:DescribeCrossAccountAccessRole",
                "inspector:DescribeFindings",
                "inspector:DescribeResourceGroups",
                "inspector:DescribeRulesPackages",
                "iot:DescribeAuthorizer",
                "iot:DescribeCACertificate",
                "iot:DescribeCertificate",
                "iot:DescribeDefaultAuthorizer",
                "iot:GetPolicy",
                "iot:GetPolicyVersion",
                "lambda:GetFunctionConfiguration",
                "lightsail:GetInstances",
                "lightsail:GetLoadBalancers",
                "opsworks:DescribeStacks",
                "organizations:DescribeAccount",
                "organizations:DescribeCreateAccountStatus",
                "organizations:DescribeHandshake",
                "organizations:DescribeOrganization",
                "organizations:DescribeOrganizationalUnit",
                "organizations:DescribePolicy",
                "organizations:ListAWSServiceAccessForOrganization",
                "shield:DescribeAttack",
                "shield:DescribeProtection",
                "shield:DescribeSubscription",
                "sso:DescribePermissionsPolicies",
                "sso:ListApplicationInstanceCertificates",
                "sso:ListApplicationInstances",
                "sso:ListApplicationTemplates",
                "sso:ListApplications",
                "sso:ListDirectoryAssociations",
                "sso:ListPermissionSets",
                "sso:ListProfileAssociations",
                "sso:ListProfiles"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}