ServiceNow CMDB CI relationship sync: faster, more complete →
Turbot Guardrails Hub 
Hub
Mods
AWS
172
Mods
431
Resource Types
6,718
Policies
2,323
Controls
1,637
Quick Actions
528
IAM

IAM Role: AWS/CloudFront/Operator

PermissionGrant
cloudfront:CreateInvalidationOperator
cloudfront:TagResourceOperator
cloudfront:UntagResourceOperator
acm:ListCertificatesMetadata
cloudfront:GetCloudFrontOriginAccessIdentityMetadata
cloudfront:GetCloudFrontOriginAccessIdentityConfigMetadata
cloudfront:GetDistributionMetadata
cloudfront:GetDistributionConfigMetadata
cloudfront:GetFieldLevelEncryptionMetadata
cloudfront:GetFieldLevelEncryptionConfigMetadata
cloudfront:GetFieldLevelEncryptionProfileMetadata
cloudfront:GetFieldLevelEncryptionProfileConfigMetadata
cloudfront:GetInvalidationMetadata
cloudfront:GetPublicKeyMetadata
cloudfront:GetStreamingDistributionMetadata
cloudfront:GetStreamingDistributionConfigMetadata
cloudfront:ListCloudFrontOriginAccessIdentitiesMetadata
cloudfront:ListDistributionsMetadata
cloudfront:ListDistributionsByWebACLIdMetadata
cloudfront:ListFieldLevelEncryptionConfigsMetadata
cloudfront:ListFieldLevelEncryptionProfilesMetadata
cloudfront:ListInvalidationsMetadata
cloudfront:ListPublicKeysMetadata
cloudfront:ListStreamingDistributionsMetadata
cloudfront:ListTagsForResourceMetadata
cloudfront-keyvaluestore:DescribeKeyValueStoreMetadata
cloudfront-keyvaluestore:GetKeyMetadata
cloudfront-keyvaluestore:ListKeysMetadata
elasticloadbalancing:DescribeLoadBalancersMetadata
iam:ListServerCertificatesMetadata
s3:ListAllMyBucketsMetadata