Permissions

The AWS CIS v3.0.0 - Section 2 - Storage policy pack requires 16 permissions:

• ec2:CreateSnapshot
• ec2:DeleteVolume
• ec2:DetachVolume
• ec2:DisableEbsEncryptionByDefault
• ec2:EnableEbsEncryptionByDefault
• ec2:ModifyEbsDefaultKmsKeyId
• ec2:StopInstances
• ec2:TerminateInstances
• elasticfilesystem:DeleteFileSystem
• elasticfilesystem:DeleteMountTarget
• rds:DeleteDBInstance
• rds:ModifyDBInstance
• rds:StopDBInstance
• s3:DeleteBucketPolicy
• s3:PutBucketPolicy
• s3:PutBucketPublicAccessBlock