Variables to change
us-east-1
123456789012
certgenbucket
Z1111111111111
and Z2222222222222
certgen
{ "Version": "2012-10-17", "Statement": [ { "Sid": "CopyToS3", "Effect": "Allow", "Action": [ "s3:PutObject" ], "Resource": [ "arn:aws:s3:::certgenbucket/*" ] }, { "Sid": "CopyToACM", "Effect": "Allow", "Action": [ "acm:ImportCertificate" ], "Resource": [ "arn:aws:acm:us-east-1:123456789012:certificate/*" ] }, { "Sid": "SendNotification", "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": [ "arn:aws:sns:us-east-1:123456789012:certgen" ] }, { "Sid": "SaveEncryptedPassword", "Effect": "Allow", "Action": [ "ssm:PutParameter" ], "Resource": [ "arn:aws:ssm:us-east-1:123456789012:parameter/certgen/*/p12password" ] }, { "Sid": "Getcloudflaretoken", "Effect": "Allow", "Action": [ "ssm:GetParameter" ], "Resource": [ "arn:aws:ssm:us-east-1:123456789012:parameter/certgen/*/cloudflare" ] }, { "Sid": "DNSValidation", "Effect": "Allow", "Action": [ "route53:ChangeResourceRecordSets" ], "Resource": [ "arn:aws:route53:::hostedzone/Z1111111111111", "arn:aws:route53:::hostedzone/Z2222222222222" ] }, { "Sid": "DNS", "Effect": "Allow", "Action": [ "route53:GetChange" ], "Resource": [ "arn:aws:route53:::change/*" ] }, { "Sid": "LocateACMCertificate", "Effect": "Allow", "Action": [ "acm:ListCertificates" ], "Resource": "*" }, { "Sid": "LocateDNS", "Effect": "Allow", "Action": [ "route53:ListHostedZones" ], "Resource": "*" } ] }