The Policy required is:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:AuthorizeSecurityGroupEgress",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DeleteSecurityGroup",
"ec2:DeleteTags",
"ec2:DescribeAccountAttributes",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:RevokeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress"
],
"Resource": [
"*"
]
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"elasticache:AddTagsToResource",
"elasticache:CreateCacheParameterGroup",
"elasticache:CreateCacheSubnetGroup",
"elasticache:CreateReplicationGroup",
"elasticache:DeleteCacheParameterGroup",
"elasticache:DeleteCacheSubnetGroup",
"elasticache:DeleteReplicationGroup",
"elasticache:DescribeCacheParameterGroups",
"elasticache:DescribeCacheParameters",
"elasticache:DescribeCacheSubnetGroups",
"elasticache:DescribeReplicationGroups",
"elasticache:ListTagsForResource",
"elasticache:ModifyCacheParameterGroup",
"elasticache:ModifyCacheSubnetGroup",
"elasticache:ModifyReplicationGroup",
"elasticache:RemoveTagsFromResource"
],
"Resource": [
"*"
]
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": [
"secretsmanager:CreateSecret",
"secretsmanager:DeleteSecret",
"secretsmanager:DescribeSecret",
"secretsmanager:GetResourcePolicy",
"secretsmanager:TagResource",
"secretsmanager:UntagResource"
],
"Resource": [
"*"
]
}
]
}