"aws:ResourceTag/Product": "TunnelHub"
"Action": "cognito-identity:*",
"aws:ResourceTag/Product": "TunnelHub"
"Action": "cognito-idp:*",
"aws:ResourceTag/Product": "TunnelHub"
"dynamodb:BatchWriteItem",
"dynamodb:ConditionCheckItem",
"dynamodb:CreateTableReplica",
"dynamodb:DeleteTableReplica",
"dynamodb:DescribeBackup",
"dynamodb:DescribeContinuousBackups",
"dynamodb:DescribeContributorInsights",
"dynamodb:DescribeExport",
"dynamodb:DescribeKinesisStreamingDestination",
"dynamodb:DescribeStream",
"dynamodb:DescribeTable",
"dynamodb:DescribeTableReplicaAutoScaling",
"dynamodb:DescribeTimeToLive",
"dynamodb:DisableKinesisStreamingDestination",
"dynamodb:EnableKinesisStreamingDestination",
"dynamodb:ExportTableToPointInTime",
"dynamodb:GetShardIterator",
"dynamodb:ListTagsOfResource",
"dynamodb:PartiQLInsert",
"dynamodb:PartiQLSelect",
"dynamodb:PartiQLUpdate",
"dynamodb:RestoreTableFromAwsBackup",
"dynamodb:RestoreTableFromBackup",
"dynamodb:RestoreTableToPointInTime",
"dynamodb:StartAwsBackupJob",
"dynamodb:UntagResource",
"dynamodb:UpdateContinuousBackups",
"dynamodb:UpdateContributorInsights",
"dynamodb:UpdateTableReplicaAutoScaling",
"dynamodb:UpdateTimeToLive",
"iam:CreatePolicyVersion",
"iam:DeletePolicyVersion",
"iam:DeleteRolePermissionsBoundary",
"iam:ListPolicyVersions",
"iam:PutRolePermissionsBoundary",
"iam:UpdateAssumeRolePolicy",
"arn:aws:dynamodb:*:{account_id}:table/TunnelHub",
"arn:aws:dynamodb:*:{account_id}:table/TunnelHub/backup/*",
"arn:aws:dynamodb:*:{account_id}:table/TunnelHub/export/*",
"arn:aws:dynamodb:*:{account_id}:table/TunnelHub/index/*",
"arn:aws:dynamodb:*:{account_id}:table/TunnelHub/stream/*",
"arn:aws:iam::{account_id}:policy/TH-*",
"arn:aws:iam::{account_id}:role/TH-*"
"dynamodb:DescribeLimits",
"dynamodb:DescribeReservedCapacity",
"dynamodb:DescribeReservedCapacityOfferings",
"dynamodb:ListContributorInsights",
"dynamodb:PurchaseReservedCapacityOfferings",