Updates AWS managed policies

docs/source/_static/managed-policies/AmazonRDSServiceRolePolicy.json

@@ -49,14 +49,6 @@
       ],
       "Resource": "*"
     },
-    {
-      "Sid": "Sns",
-      "Effect": "Allow",
-      "Action": [
-        "sns:Publish"
-      ],
-      "Resource": "*"
-    },
     {
       "Sid": "CloudWatchLogs",
       "Effect": "Allow",

docs/source/_static/managed-policies/AmazonSageMakerAdmin-ServiceCatalogProductsServiceRolePolicy.json

@@ -2,6 +2,7 @@
   "Version": "2012-10-17",
   "Statement": [
     {
+      "Sid": "AmazonSageMakerServiceCatalogAPIGatewayPermission",
       "Effect": "Allow",
       "Action": [
         "apigateway:GET",
@@ -18,6 +19,7 @@
       }
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogAPIGatewayPostPermission",
       "Effect": "Allow",
       "Action": [
         "apigateway:POST"
@@ -32,6 +34,7 @@
       }
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogAPIGatewayPatchPermission",
       "Effect": "Allow",
       "Action": [
         "apigateway:PATCH"
@@ -41,6 +44,7 @@
       ]
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogCFnMutatePermission",
       "Effect": "Allow",
       "Action": [
         "cloudformation:CreateStack",
@@ -57,6 +61,21 @@
       }
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogCFnTagPermission",
+      "Effect": "Allow",
+      "Action": [
+        "cloudformation:TagResource",
+        "cloudformation:UntagResource"
+      ],
+      "Resource": "arn:aws:cloudformation:*:*:stack/SC-*",
+      "Condition": {
+        "Null": {
+          "aws:ResourceTag/sagemaker:project-name": "false"
+        }
+      }
+    },
+    {
+      "Sid": "AmazonSageMakerServiceCatalogCFnReadPermission",
       "Effect": "Allow",
       "Action": [
         "cloudformation:DescribeStackEvents",
@@ -65,6 +84,7 @@
       "Resource": "arn:aws:cloudformation:*:*:stack/SC-*"
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogCFnTemplatePermission",
       "Effect": "Allow",
       "Action": [
         "cloudformation:GetTemplateSummary",
@@ -73,6 +93,7 @@
       "Resource": "*"
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogCodeBuildPermission",
       "Effect": "Allow",
       "Action": [
         "codebuild:CreateProject",
@@ -84,6 +105,7 @@
       ]
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogCodeCommitPermission",
       "Effect": "Allow",
       "Action": [
         "codecommit:CreateCommit",
@@ -97,13 +119,15 @@
       ]
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogCodeCommitListPermission",
       "Effect": "Allow",
       "Action": [
         "codecommit:ListRepositories"
       ],
       "Resource": "*"
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogCodePipelinePermission",
       "Effect": "Allow",
       "Action": [
         "codepipeline:CreatePipeline",
@@ -119,6 +143,7 @@
       ]
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogCIAMUserPermission",
       "Effect": "Allow",
       "Action": [
         "cognito-idp:CreateUserPool",
@@ -134,6 +159,7 @@
       }
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogCIAMPermission",
       "Effect": "Allow",
       "Action": [
         "cognito-idp:CreateGroup",
@@ -156,6 +182,7 @@
       }
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogECRPermission",
       "Effect": "Allow",
       "Action": [
         "ecr:CreateRepository",
@@ -167,6 +194,7 @@
       ]
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogEventBridgePermission",
       "Effect": "Allow",
       "Action": [
         "events:DescribeRule",
@@ -182,6 +210,7 @@
       ]
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogFirehosePermission",
       "Effect": "Allow",
       "Action": [
         "firehose:CreateDeliveryStream",
@@ -194,6 +223,7 @@
       "Resource": "arn:aws:firehose:*:*:deliverystream/sagemaker-*"
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogGluePermission",
       "Effect": "Allow",
       "Action": [
         "glue:CreateDatabase",
@@ -207,6 +237,7 @@
       ]
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogGlueClassiferPermission",
       "Effect": "Allow",
       "Action": [
         "glue:CreateClassifier",
@@ -222,6 +253,7 @@
       ]
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogGlueWorkflowPermission",
       "Effect": "Allow",
       "Action": [
         "glue:CreateWorkflow"
@@ -231,6 +263,7 @@
       ]
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogGlueJobPermission",
       "Effect": "Allow",
       "Action": [
         "glue:CreateJob"
@@ -240,6 +273,7 @@
       ]
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogGlueCrawlerPermission",
       "Effect": "Allow",
       "Action": [
         "glue:CreateCrawler",
@@ -250,6 +284,7 @@
       ]
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogGlueTriggerPermission",
       "Effect": "Allow",
       "Action": [
         "glue:CreateTrigger",
@@ -260,6 +295,7 @@
       ]
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogPassRolePermission",
       "Effect": "Allow",
       "Action": [
         "iam:PassRole"
@@ -269,6 +305,7 @@
       ]
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogLambdaPermission",
       "Effect": "Allow",
       "Action": [
         "lambda:AddPermission",
@@ -284,6 +321,7 @@
       ]
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogLambdaTagPermission",
       "Effect": "Allow",
       "Action": "lambda:TagResource",
       "Resource": [
@@ -298,6 +336,7 @@
       }
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogLogGroupPermission",
       "Effect": "Allow",
       "Action": [
         "logs:CreateLogGroup",
@@ -314,6 +353,7 @@
       ]
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogS3ReadPermission",
       "Effect": "Allow",
       "Action": "s3:GetObject",
       "Resource": "*",
@@ -324,13 +364,15 @@
       }
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogS3ReadSagemakerResourcePermission",
       "Effect": "Allow",
       "Action": "s3:GetObject",
       "Resource": [
         "arn:aws:s3:::sagemaker-*"
       ]
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogS3MutatePermission",
       "Effect": "Allow",
       "Action": [
         "s3:CreateBucket",
@@ -350,6 +392,7 @@
       "Resource": "arn:aws:s3:::sagemaker-*"
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogSageMakerPermission",
       "Effect": "Allow",
       "Action": [
         "sagemaker:CreateEndpoint",
@@ -374,6 +417,7 @@
       ]
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogSageMakerTagPermission",
       "Effect": "Allow",
       "Action": [
         "sagemaker:AddTags"
@@ -395,6 +439,7 @@
       }
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogSageMakerImagePermission",
       "Effect": "Allow",
       "Action": [
         "sagemaker:CreateImage",
@@ -408,6 +453,7 @@
       ]
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogStepFunctionPermission",
       "Effect": "Allow",
       "Action": [
         "states:CreateStateMachine",
@@ -419,6 +465,7 @@
       ]
     },
     {
+      "Sid": "AmazonSageMakerServiceCatalogCodeStarPermission",
       "Effect": "Allow",
       "Action": "codestar-connections:PassConnection",
       "Resource": "arn:aws:codestar-connections:*:*:connection/*",
@@ -427,6 +474,17 @@
           "codestar-connections:PassedToService": "codepipeline.amazonaws.com"
         }
       }
+    },
+    {
+      "Sid": "AmazonSageMakerServiceCatalogCodeConnectionPermission",
+      "Effect": "Allow",
+      "Action": "codeconnections:PassConnection",
+      "Resource": "arn:aws:codeconnections:*:*:connection/*",
+      "Condition": {
+        "StringEquals": {
+          "codeconnections:PassedToService": "codepipeline.amazonaws.com"
+        }
+      }
     }
   ]
 }